[contract-deploy] Ensure there are no private functions with duplicate selectors

[spalladino]

We want to ensure there are no two private functions in the same contract with the same selector. However, it's unclear where we can verify this. A malicious user could register a class with a function tree that contains duplicates, and we have no way to catch it. We could reject this at the pxe, so that when it receives a contract artifact, it checks for duplicates. Note that, if we allow a dapp to register partial artifacts (ie not all private functions) it may still be possible for an attacker to squeeze in duplicate selectors. In Mike's words:

check during class registration that there are no diplicate function selectors for private functions. Otherwise the acir for one function selector could be confused with the acir for another function selector, and that could be bad.

[nventuro]

Note that, if we allow a dapp to register partial artifacts (ie not all private functions) it may still be possible for an attacker to squeeze in duplicate selectors

What is the usecase for partial registration? How could you trust something you've only seen part of?

[spalladino]

True, I don't see any real use case for that.

[sklppy88]

After discussion with @nventuro and @spalladino, it seems like we will want this check in three places.

1. We will want to the noir compilation for contracts to fail if duplicate selectors are detected
2. The contract class registerer should fail when trying to register a contract with duplicate selectors
3. PXE should throw an error when trying to register a contract with duplicate selectors

With this in mind, I have made three sub-issues for this issue.

[benesjan]

Would the participants in this issue agree with this?

[spalladino]

Yup, I'm fine not checking this in the registerer! I'm also fine removing the feature of broadcasting on-chain private function bytecode at this point, we should have better mechanisms for that.