Harden discriminant and proof bounds validation#331
Open
Conversation
Replace assert-style input assumptions with explicit runtime checks in verifier, vdf client parsing, and BQFC serialization paths, and add regression coverage for oversized discriminant and serialization inputs. Made-with: Cursor
Member
Author
|
@cursor review |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Allow ReadIteration to accept a 00 size header and return 0 so session loops process stop inline instead of throwing and falling through exception handling. Made-with: Cursor
Member
Author
|
Cursor didn't find anything when run again. I pushed the tools to make sure these didn't hit performance, and logically they do not. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
vdf_clientsession parsing for iteration header/body and stop ACK handling with deterministic error returns on malformed network dataBQFC_MAX_D_BITSand addDiscriminantBoundsRegressionTestcoverage for oversized discriminant/serialization inputsTest plan
cmake -S src -B build-security-check -DBUILD_PYTHON=OFF -DBUILD_CHIAVDFC=OFF -DBUILD_VDF_CLIENT=OFF -DBUILD_VDF_BENCH=OFF -DBUILD_VDF_TESTS=ON -DBUILD_HW_TOOLS=OFFcmake --build build-security-check --target regression_unit_tests regression_io_testsctest --test-dir build-security-check --output-on-failure -R '^regression\.'vdf_bench square 250000, 5 runs baseline vs patched): median delta ~ -0.1%vdf_bench square_asm 250000, 5 runs baseline vs patched): median delta 0.0%Made with Cursor
Note
Medium Risk
Touches proof verification and quadratic-form serialization boundaries; incorrect bounds could cause valid proofs to be rejected or trigger new error paths, but changes are primarily defensive input validation.
Overview
Hardens bounds checking for discriminants and form serialization.
bqfc_*routines now reject invalidd_bits/oversized forms at runtime (replacingassertassumptions), withbqfc_exportreturning errors on insufficient buffers andbqfc_serialize/bqfc_get_compr_sizevalidating sizes againstBQFC_MAX_D_BITS/BQFC_FORM_SIZE.Tightens verifier and discriminant-size validation. The verifier now enforces
disc_size_bitsand discriminant bit-length ranges before processing proofs,CreateDiscriminantaligns its max toBQFC_MAX_D_BITS, and new regression tests cover oversized discriminant bits plus BQFC serialize/deserialize rejection.Improves network input parsing in
vdf_client. Iteration header/body parsing now validates decimal digits, length, anduint64_toverflow, and STOP ACK handling now throws on malformed responses instead of relying onassert.Written by Cursor Bugbot for commit 01b75c3. This will update automatically on new commits. Configure here.