Skip to content

fix(pxe): verify private event commitment matches content#22638

Merged
nchamo merged 1 commit intomerge-train/fairiesfrom
fix/pxe-verify-event-commitment
Apr 20, 2026
Merged

fix(pxe): verify private event commitment matches content#22638
nchamo merged 1 commit intomerge-train/fairiesfrom
fix/pxe-verify-event-commitment

Conversation

@nchamo
Copy link
Copy Markdown
Contributor

@nchamo nchamo commented Apr 17, 2026
edited
Loading

Problem

EventService.validateAndStoreEvent received content, randomness, selector, and eventCommitment as independent inputs. It verified that siloNullifier(contractAddress, eventCommitment) was present in the tx's nullifiers, but never recomputed the commitment from (randomness, selector, content). Unconstrained PXE-side contract code (e.g. a custom message handler, or a utility function that enqueues validation requests and then calls validate_and_store_enqueued_notes_and_events in the same call frame) could therefore bind arbitrary content to a legitimate tx nullifier, causing PXE to surface fabricated event data through getPrivateEvents.

The built-in private-event path already derives the commitment from content right before enqueueing (see process_private_event_msg in aztec-nr/aztec/src/messages/discovery/private_events.nr), so the happy path was safe. The gap was in contract-authored paths.

Fix

  • Add computePrivateEventCommitment to stdlib, mirroring compute_private_serialized_event_commitment on the Noir side.
  • validateAndStoreEvent recomputes the commitment and warns + skips on mismatch.

Fixes AztecProtocol/aztec-claude#164

@nchamo nchamo self-assigned this Apr 17, 2026
@nchamo nchamo requested a review from mverzilli April 17, 2026 14:37
mverzilli
mverzilli approved these changes Apr 20, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@mverzilli mverzilli left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice catch!

@nchamo nchamo merged commit 9d8134f into merge-train/fairies Apr 20, 2026
27 checks passed
@nchamo nchamo deleted the fix/pxe-verify-event-commitment branch April 20, 2026 15:11
@AztecBot AztecBot mentioned this pull request Apr 20, 2026
Merged
AztecBot pushed a commit that referenced this pull request Apr 20, 2026
@nchamo
fix(pxe): verify private event commitment matches content (#22638)
1d7b242
@AztecBot AztecBot mentioned this pull request Apr 20, 2026
Merged
@AztecBot
Copy link
Copy Markdown
Collaborator

AztecBot commented Apr 20, 2026

✅ Successfully backported to backport-to-v4-next-staging #22666.

Thunkar added a commit that referenced this pull request Apr 20, 2026
@Thunkar
chore: Accumulated backports to v4-next (#22666)
30ce825 
BEGIN_COMMIT_OVERRIDE
fix(abi): add missing ABI validation in argument encoder (backport
#22529) (#22608)
fix(pxe): verify private event commitment matches content (#22638)
feat!: kv-store on SQLite-wasm over OPFS (backport #22666)
END_COMMIT_OVERRIDE
dipkakwani pushed a commit to dipkakwani/aztec-packages that referenced this pull request Apr 22, 2026
@AztecBot
feat: merge-train/fairies (AztecProtocol#22664)
0f01edb 
BEGIN_COMMIT_OVERRIDE
feat!: kv-store on SQLite-wasm over OPFS (AztecProtocol#22658)
fix(pxe): verify private event commitment matches content (AztecProtocol#22638)
fix(pxe): propagate calldata count from nested private oracles (AztecProtocol#22642)
END_COMMIT_OVERRIDE
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mverzilli mverzilli mverzilli approved these changes

Assignees

@nchamo nchamo

Labels

backport-to-v4-next

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@nchamo @AztecBot @mverzilli