Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Underflow in generate_seed for GENESIS_EPOCH #1017

Closed
mkalinin opened this issue May 1, 2019 · 5 comments
Closed

Underflow in generate_seed for GENESIS_EPOCH #1017

mkalinin opened this issue May 1, 2019 · 5 comments

Comments

@mkalinin
Copy link
Collaborator

mkalinin commented May 1, 2019

Issue

Encountered in v0.6.0.

With epoch = 0 (GENESIS_EPOCH) generate_seed passes epoch = GENESIS_EPOCH - 1 value to get_randao_mix:

...
    return hash(
        get_randao_mix(state, epoch - MIN_SEED_LOOKAHEAD) +
...

With epoch = -1 get_randao_mix throws an assertion error as condition
epoch <= get_current_epoch(state) gets violated.
@JustinDrake
Copy link
Collaborator

With epoch = -1 get_randao_mix throws an assertion error as condition
epoch <= get_current_epoch(state) gets violated.

epoch <= get_current_epoch(state) corresponds to -1 <= 0 which is not violated. Still, we shouldn't underflow.

@djrtwo I remember you saying that in Python we can do some magic to the minus operator - so that if a - b is ever negative we assert False. That will allow the executable spec to automatically find those nasties, especially when fuzz testing comes along.

@djrtwo
Copy link
Contributor

djrtwo commented May 1, 2019

epoch <= get_current_epoch(state) corresponds to -1 <= 0 which is not violated. Still, we shouldn't underflow.

violated when it's actually uints instead of python's int type. Anything less than 0 is an underflow and will likely be an issue in strongly typed languages.

@djrtwo I remember you saying that in Python we can do some magic to the minus operator - so that if a - b is ever negative we assert False

yes, it is possible to monkeypatch the - operator. Might be useful in this case.

nice find @mkalinin, I think it likely appropriate to put a min of genesis_epoch on that call to get_randao_mix.

The actual assert in get_randao_mix is going to underflow as well with get_current_epoch(state) - LATEST_RANDAO_MIXES_LENGTH.

I'll clean up these two and another function in a PR now

@djrtwo
Copy link
Contributor

djrtwo commented May 2, 2019

addressed in #1027

@mkalinin
Copy link
Collaborator Author

mkalinin commented May 2, 2019

yes, it is possible to monkeypatch the - operator. Might be useful in this case.

I like this idea. Should be useful for all uint64 operators that can turn into either an overflow or underflow and would help to discover such cases across the spec on the early stage. Cause, I bet spec tests passed well in spite of this bug as by behaviour uint64 is a signed type.

@JustinDrake JustinDrake mentioned this issue May 2, 2019
Closed
djrtwo added a commit that referenced this issue May 3, 2019
@djrtwo
Merge pull request #1027 from ethereum/fix-underflows
8942fac 
Fix underflows from #1017
@JustinDrake
Copy link
Collaborator

Fixed in #1027 and created a new issue for monkey-patching the minus operator.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@JustinDrake @djrtwo @mkalinin