Skip to content

fix(proof): assert derived block matches claim after derivation#2567

Open
mw2000 wants to merge 7 commits intomainfrom
mw2000/op-succinct-fix
Open

fix(proof): assert derived block matches claim after derivation#2567
mw2000 wants to merge 7 commits intomainfrom
mw2000/op-succinct-fix

Conversation

@mw2000
Copy link
Copy Markdown
Contributor

@mw2000 mw2000 commented May 7, 2026

Closes GHSA-5jh4-3p33-85xc. advance_to_target silently downgrades the local target on EndOfSource, allowing an adversary to bind a valid output root to a future block number. Add a postcondition in WitnessExecutor::run() that rejects execution when the derived safe head block number differs from the claimed L2 block number.

Includes a gated exploit-regression integration test (RUN_GHSA_EXPLOIT_REGRESSION=1) reproducing the attack shape.

@vercel
Copy link
Copy Markdown

vercel Bot commented May 7, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment
Project Deployment Actions Updated (UTC)
base Ignored Ignored Preview May 8, 2026 8:53pm

Request Review

@cb-heimdall
Copy link
Copy Markdown
Collaborator

cb-heimdall commented May 7, 2026
edited
Loading

🟡 Heimdall Review Status

Requirement Status More Info
Reviews 🟡 0/1
Denominator calculation
Show calculation
1 if user is bot 0
1 if user is external 0
2 if repo is sensitive 0
From .codeflow.yml 1
Additional review requirements
Show calculation
Max 0
0
From CODEOWNERS 0
Global minimum 0
Max 1
1
1 if commit is unverified 1
Sum 2

@mw2000
Copy link
Copy Markdown
Contributor Author

mw2000 commented May 7, 2026

This is a port of succinctlabs/op-succinct#899

@mw2000 mw2000 enabled auto-merge May 7, 2026 21:32
@mw2000 mw2000 requested a review from 0x00101010 May 8, 2026 04:40
@linear
Copy link
Copy Markdown

linear Bot commented May 8, 2026

CHAIN-4349

@mw2000 mw2000 requested a review from danyalprout May 8, 2026 04:40
jackchuma
jackchuma previously approved these changes May 8, 2026
View reviewed changes
@mw2000 mw2000 added this pull request to the merge queue May 8, 2026
@github-merge-queue github-merge-queue Bot removed this pull request from the merge queue due to failed status checks May 8, 2026
@mw2000 mw2000 added this pull request to the merge queue May 8, 2026
@github-merge-queue github-merge-queue Bot removed this pull request from the merge queue due to failed status checks May 8, 2026
@mw2000 mw2000 added this pull request to the merge queue May 8, 2026
@github-merge-queue github-merge-queue Bot removed this pull request from the merge queue due to failed status checks May 8, 2026
@mw2000 mw2000 added this pull request to the merge queue May 8, 2026
@github-merge-queue github-merge-queue Bot removed this pull request from the merge queue due to failed status checks May 8, 2026
mw2000 added 3 commits May 8, 2026 13:04
@mw2000
fix(proof): assert derived block matches claim after derivation
a76c70e 
Closes GHSA-5jh4-3p33-85xc. advance_to_target silently downgrades the
local target on EndOfSource, allowing an adversary to bind a valid
output root to a future block number. Add a postcondition in
WitnessExecutor::run() that rejects execution when the derived safe
head block number differs from the claimed L2 block number.

Includes a gated exploit-regression integration test
(RUN_GHSA_EXPLOIT_REGRESSION=1) reproducing the attack shape.
@mw2000
clippy fix
30b7edf
@mw2000
chore: updated manifest
06bd6e0
@mw2000 mw2000 force-pushed the mw2000/op-succinct-fix branch from eea1f70 to 06bd6e0 Compare May 8, 2026 20:06
github-actions[bot]
github-actions Bot reviewed May 8, 2026
View reviewed changes
Comment thread crates/proof/succinct/utils/client/src/witness/executor.rs Outdated
github-actions[bot]
github-actions Bot reviewed May 8, 2026
View reviewed changes
Comment thread crates/proof/succinct/scripts/prove/tests/exploit_regression.rs
@mw2000 @cursoragent
fix(proof): unify derived block claim check
b421944 
Co-authored-by: Cursor <cursoragent@cursor.com>
github-actions[bot]
github-actions Bot reviewed May 8, 2026
View reviewed changes
Comment thread crates/proof/succinct/scripts/prove/Cargo.toml Outdated
@cb-heimdall cb-heimdall dismissed jackchuma’s stale review May 8, 2026 20:28

Approved review 4252328856 from jackchuma is now dismissed due to new commit. Re-request for approval.

github-actions[bot]
github-actions Bot reviewed May 8, 2026
View reviewed changes
Comment thread crates/proof/succinct/scripts/prove/tests/exploit_regression.rs Outdated
github-actions[bot]
github-actions Bot reviewed May 8, 2026
View reviewed changes
Comment thread crates/proof/succinct/utils/client/src/witness/executor.rs Outdated
mw2000 and others added 2 commits May 8, 2026 13:52
@mw2000 @cursoragent
test(proof): mark exploit regression as ignored
7b02fd1 
Co-authored-by: Cursor <cursoragent@cursor.com>
@mw2000 @cursoragent
fix(proof): expose derived block claim check
fda8881 
Co-authored-by: Cursor <cursoragent@cursor.com>
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented May 8, 2026

Review Summary

Security fix for GHSA-5jh4-3p33-85xc — the advance_to_target function silently downgrades the derivation target on EndOfSource, allowing a crafted witness to bind a valid output root to a future block number. The postcondition check in WitnessExecutor::run() rejects this by comparing the derived safe-head block number against the claimed block number.

What this PR does

  1. Refactors the existing block-number validation at the end of WitnessExecutor::run() from an inline if block into a named ensure_derived_block_matches_claim function with a structured error message containing parseable labels.
  2. Rebuilds the range ELF (updated hash in manifest.toml) so the embedded guest binary includes the updated error message.
  3. Adds a gated exploit-regression integration test that mutates an honest witness to reproduce the GHSA attack shape, then asserts the postcondition rejects it with the correct error.

Assessment

The fix is correct. The error propagation chain is sound: ensure_derived_block_matches_claim?Err returned from run().unwrap() in run_range_program() → panic in zkVM guest → non-zero exit code → proof rejected.

The regression test is well-constructed: properly gated with #[ignore] + #[cfg(unix)], uses anyhow::bail! for missing env vars, and carefully validates that the postcondition (not some other check) is what rejects the exploit.

No new issues found. The changes are minimal, focused, and correct.

Note on previous bot comments: The 5 inline comments from an earlier review run are all based on a misreading of the diff — they claim the old inline check was preserved alongside the new function, creating dead code. In fact, the diff clearly shows the old check was removed (lines prefixed with -) and replaced by the new ensure_derived_block_matches_claim call. Those comments should be disregarded.

@mw2000 mw2000 requested a review from jackchuma May 8, 2026 22:12
@mw2000
Copy link
Copy Markdown
Contributor Author

mw2000 commented May 8, 2026

The core issue was fixed by #2581. This main value add of this PR now is just the regression test

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

@0x00101010 0x00101010 Awaiting requested review from 0x00101010

@danyalprout danyalprout Awaiting requested review from danyalprout

@jackchuma jackchuma Awaiting requested review from jackchuma

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mw2000 @cb-heimdall @jackchuma