feat: core types + arithmetic security hardening#20
Open
almogdepaz wants to merge 2 commits intomainfrom
Open
Conversation
almogdepaz
force-pushed
the
pr/01-core-types
branch
from
d21ae96 to
dcb3fca
Compare
New types and fields: - Add MintData, GenesisSpend types to clvm_zk_core/types.rs - Add ProofType::Mint = 3 variant to structures.rs; included in is_submittable() - CoinMode enum (Execute | Spend | Mint) replaces serial_commitment_data/mint_data Options Security: compile-time mutual exclusion (spend vs mint): - CoinMode::Spend + CoinMode::Mint are now separate variants, not two Option fields - Spend+Mint combination is a compile error, not a runtime panic Security: enforce_ring_balance explicit Mint rejection (F-01): - CoinMode::Mint arm returns Err(...) rather than falling through with input=0 - Prevents future Mint inputs from bypassing balance enforcement Security: host-side guards before zkVM guests (F-02): - risc0/src/lib.rs + sp1/src/lib.rs: reject CoinMode::Mint with clean Err before submitting to prover — avoids opaque guest panic and DoS of proof queue Security: tail_source doc warning (F-03): - Removed #[serde(default)] from tail_source; doc explicitly warns that enforcement must require Some(_) for delta-negative CAT spends, not treat None as safe default Security: leaf_index arch-safe serialization: - leaf_index: usize → u64 in SerialCommitmentData, GenesisSpend (Borsh wire format) - TakerCoinData.leaf_index: usize → u64 in both settlement guests + settlement.rs local structs (F-07: previously missed in the migration) - All verify_merkle_proof callsites: leaf_index as usize → try_from().expect() (F-05) replaces silent truncation with legible abort message Security: arithmetic hardening: - enforce_ring_balance: + → checked_add; CoinMode::Execute arm explicit - modular_pow: zero-modulus guard; doc comment; two unit tests (F-06) All 144 mock + 31 clvm_zk_core tests pass.
almogdepaz
force-pushed
the
pr/01-core-types
branch
from
dcb3fca to
a939127
Compare
- Add tail_params field to Input type for passing args to TAIL programs - Plumb tail_source + tail_params through ClvmZkProver, Spender, and all backends - Guests (risc0, sp1) and mock backend now compile tail_source, verify its hash matches the committed tail_hash, then execute it — prevents TAIL substitution attacks - Update docs/comments on tail_source/tail_hash semantics - Add test_cat_tail_enforcement.rs covering hash-mismatch and authorization rejection - Add PLAN.md, VEIL_DIFFERENTIAL_REVIEW_2026-03-15.md, .audit/ findings, run_examples.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Part 1 of 7 in the PR breakdown of
stealth_addresses_new→main.clvm_zk_core/types.rs):MintData,GenesisSpend; new optional fieldstail_sourceandmint_dataonInput(both defaultNone— zero impact on existing paths)src/protocol/structures.rs):ProofType::Mint = 3clvm_zk_core/lib.rs):enforce_ring_balance:+→checked_add(...).expect(...)to panic on overflow instead of silent wrappingmodular_pow: early return onmodulus == 0to avoid division-by-zeromint_data: None, tail_source: Noneadded to allInputstruct literals in risc0/sp1 backends andsrc/lib.rstest_settlement_api.rsmatch arm updated for newProofType::MintvariantTest plan
cargo check --no-default-features --features mock,testing— cleancargo test-mock— 144 tests pass, 0 failuresInputstruct literals in risc0/sp1 guests remain untouched (guest changes are PR 5)