That new release contains an important change which prevents a
potential DDoS.
* Lightprotocol/light-poseidon#32
Invoking `from_bytes_be` function light-poseidon 0.1.1 inverts all
the inputs before performing a check whether their length exceeds
the modulus of the prime field. Therefore, it was prone to an
attack, where a mailicious user could submit long byte slices just
to DDoS the validator, being stuck on inverting large byte sequences.
The update and mentioned change fixes the same issue as #33363 aims
to address.
The new release contains also few other less important changes like:
* Lightprotocol/light-poseidon#37
* Lightprotocol/light-poseidon#38
* Lightprotocol/light-poseidon#39
It is a pretty standard set of traits to implement on most types. Both `Pubkey`
and `LoadedAddresses` contained within the `AccountKeys` already implement them.
Doing the same for `AccountKeys` could simplify unit tests and/or some common
value manipulation logic.
* fix stake deactivation in the same epoch after redelegation bug
add tests
refactor common code into fn
avoid early return
add feature gate for the new stake redelegate behavior
move stake tests out of cli
add stake-program-test crate
reimplemnt stake test with program-test
remove stake-program-test crate
reviews
add setup.rs
remove clippy
reveiws
* reviews
* review comments
---------
Co-authored-by: HaoranYi <haoran.yi@solana.com>
* solana-program - altbn128: add g1 & g2 compression
still fixing tests for point of infinity
feat: proof compression syscall working
add rust test to ci
remove prints
added c test
added sycall pricing
* fixed ci checks
* refactored altbn128 and compression
* Processors to compile and send LoaderV4 CLI commands
* suppress unused code warning
* clippy fixes
* redeploy program using source buffer
* unify deploy and redeploy to a single function
* clippy fixes
* fixes after testing the CLI frontend
* Adds a module `address_lookup_table` to the SDK.
* Adds a module `address_lookup_table::instruction` to the SDK.
* Adds a module `address_lookup_table::error` to the SDK.
* Adds a module `address_lookup_table::state` to the SDK.
* Moves AddressLookupTable into SDK as well.
* Moves AddressLookupTableAccount into address_lookup_table.
* Adds deprecation messages.
* Disentangles dependencies across cargo files.
* Fix a typo & phrasing of `bpf_loader_upgradeable` docs
Originally, I was just going to fix the typo, replacing 'the' with
'that.' But I thought that the sentence was phrased awkwardly anyway, so
I tried to correct that as well.
* Fix second typo
Co-authored-by: ripatel-fd <ripatel+git@jumptrading.com>
---------
Co-authored-by: ripatel-fd <ripatel+git@jumptrading.com>
* allow pedantic invalid cast lint
* allow lint with false-positive triggered by `test-case` crate
* nightly `fmt` correction
* adapt to rust layout changes
* remove dubious test
* Use transmute instead of pointer cast and de/ref when check_aligned is false.
* Renames clippy::integer_arithmetic to clippy::arithmetic_side_effects.
* bump rust nightly to 2023-08-25
* Upgrades Rust to 1.72.0
---------
Co-authored-by: Trent Nelson <trent@solana.com>
* Moves initialization and growth of program accounts
from "write" to "truncate" instruction in loader-v4.
* Removes the parameter payer account from the truncate instruction.
Computing Poseidon[0] hashes is too expensive to be done in a Solana
program in one transaction. Poseidon is a zero-knowlege proof friendly
hash function, used by the majority of ZK-based projects, including the
ones built on top of Solana.
This change introduces the `sol_poseidon` syscall which takes 2D byte
slice as an input and then calculates a Poseidon hash using a BN254
curve and the following Poseidon parameters:
* x^5 S-boxes
* width - 2 ≤ t ≤ 13
* inputs - 1 ≤ n ≤ 12
* 8 full rounds and partial rounds depending on t: [56, 57, 56, 60, 60,
63, 64, 63, 60, 66, 60, 65]
Computation of Poseidon hashes is done with the light-poseidon[1]
crate, which is audited[2] and compatible with Circom[3] (BN254 curve,
the same parameters and constants).
Proposed compute costs depend on number of inputs and are based on
light-poseidon benchmarks[4].
[0] https://www.poseidon-hash.info/
[1] https://crates.io/crates/light-poseidon
[2] https://github.com/Lightprotocol/light-poseidon/blob/main/assets/audit.pdf
[3] https://docs.circom.io/
[4] https://github.com/Lightprotocol/light-poseidon/tree/main#performance
* dereplicode address alignment check
* Uses `checked_div` and `checked_rem` in built-in loaders.
* Uses `checked_div` and `checked_rem`.
* sdk: replace sub() with saturating_sub()
* eliminate `String` "arithmetic"
* allow arithmetic side-effects in tests and benches and on types we don't control
---------
Co-authored-by: Trent Nelson <trent@solana.com>
* sdk: Add concurrent support for rand 0.7 and 0.8
* Update rand, rand_chacha, and getrandom versions
* Run command to replace `gen_range`
Run `git grep -l gen_range | xargs sed -i'' -e 's/gen_range(\(\S*\), /gen_range(\1../'
* sdk: Fix users of older `gen_range`
* Replace `hash::new_rand` with `hash::new_with_thread_rng`
Run:
```
git grep -l hash::new_rand | xargs sed -i'' -e 's/hash::new_rand([^)]*/hash::new_with_thread_rng(/'
```
* perf: Use `Keypair::new()` instead of `generate`
* Use older rand version in zk-token-sdk
* program-runtime: Inline random key generation
* bloom: Fix clippy warnings in tests
* streamer: Scope rng usage correctly
* perf: Fix clippy warning
* accounts-db: Map to char to generate a random string
* Remove `from_secret_key_bytes`, it's just `keypair_from_seed`
* ledger: Generate keypairs by hand
* ed25519-tests: Use new rand
* runtime: Use new rand in all tests
* gossip: Clean up clippy and inline keypair generators
* core: Inline keypair generation for tests
* Push sbf lockfile change
* sdk: Sort dependencies correctly
* Remove `hash::new_with_thread_rng`, use `Hash::new_unique()`
* Use Keypair::new where chacha isn't used
* sdk: Fix build by marking rand 0.7 optional
* Hardcode secret key length, add static assertion
* Unify `getrandom` crate usage to fix linking errors
* bloom: Fix tests that require a random hash
* Remove some dependencies, try to unify others
* Remove unnecessary uses of rand and rand_core
* Update lockfiles
* Add back some dependencies to reduce rebuilds
* Increase max rebuilds from 14 to 15
* frozen-abi: Remove `getrandom`
* Bump rebuilds to 17
* Remove getrandom from zk-token-proof
* stake: pub use config constants for api backwards compatibility
* Add deprecate
Co-authored-by: Trent Nelson <trent.a.b.nelson@gmail.com>
---------
Co-authored-by: Trent Nelson <trent.a.b.nelson@gmail.com>
* stake: deprecate on chain warmup/cooldown rate and config
* Pr feedback: Deprecate since 1.16.7
Co-authored-by: Jon Cinque <me@jonc.dev>
---------
Co-authored-by: Jon Cinque <me@jonc.dev>
Nick Frostbutter
Justin Starry
GoodDaisy
norwnd
Jon Cinque
Brooks
Andrew Fitzgerald
vadorovsky
Kevin Heavey
Dmitri Makarov
Joe C
Illia Bobyr
Brennan
ch9xy
HaoranYi
ananas-block
Trent Nelson
Pankaj Garg
Christian Kamm
bji
Alexander Meißner
Alessandro Decina
Proph3t
Ryo Onodera
steviez
Ashwin Sekar
Yihau Chen
dependabot[bot]