fix(ctb): PreimageOracle off-by-one (#9035)

* Fix `PreimageOracle` off-by-one bug * fix mips oracle bin

fix(ctb): PreimageOracle off-by-one (#9035)
* Fix `PreimageOracle` off-by-one bug * fix mips oracle bin
6585b7c6 · clabby · GitHub · a06cae81 · 6585b7c6 · 6585b7c6
Commit 6585b7c6 authored Jan 17, 2024 by clabby Committed by GitHub Jan 17, 2024
8 changed files
--- a/cannon/mipsevm/open_mips_tests/test/bin/oracle.bin
+++ b/cannon/mipsevm/open_mips_tests/test/bin/oracle.bin
--- a/cannon/mipsevm/open_mips_tests/test/oracle.asm
+++ b/cannon/mipsevm/open_mips_tests/test/oracle.asm
@@ -69,10 +69,6 @@ $readloop:
  addiu $t0, $t0, -1
  bnez $t0, $readloop
  nop
-# reading the pre-image stream at EOF should have no effect
-  li $a1, 0x31000008
-  li $v0, 4003
-  syscall

 # length at 0x31000000. We also check that the lower 32 bits are zero
  lui $s1, 0x3100

--- a/op-bindings/bindings/alphabetvm.go
+++ b/op-bindings/bindings/alphabetvm.go
--- a/op-bindings/bindings/preimageoracle.go
+++ b/op-bindings/bindings/preimageoracle.go
--- a/op-bindings/bindings/preimageoracle_more.go
+++ b/op-bindings/bindings/preimageoracle_more.go
--- a/packages/contracts-bedrock/slither-report.json
+++ b/packages/contracts-bedrock/slither-report.json
@@ -1099,7 +1099,7 @@
    "description": "PreimageOracle.challengeFirstLPP(address,uint256,PreimageOracle.Leaf,bytes32[]).stateMatrix (src/cannon/PreimageOracle.sol#390) is a local variable never initialized\n",
    "type": "variable",
    "name": "stateMatrix",
-    "start": 17901,
+    "start": 17910,
    "length": 40,
    "filename_relative": "src/cannon/PreimageOracle.sol"
  },

--- a/packages/contracts-bedrock/src/cannon/PreimageOracle.sol
+++ b/packages/contracts-bedrock/src/cannon/PreimageOracle.sol
@@ -151,8 +151,8 @@ contract PreimageOracle is IPreimageOracle {
            // len(sig) + len(partOffset) + len(preimage offset) = 4 + 32 + 32 = 0x44
            size := calldataload(0x44)

-            // revert if part offset > size+8 (i.e. parts must be within bounds)
-            if gt(_partOffset, add(size, 8)) {
+            // revert if part offset >= size+8 (i.e. parts must be within bounds)
+            if iszero(lt(_partOffset, add(size, 8))) {
                // Store "PartOffsetOOB()"
                mstore(0, 0xfe254987)
                // Revert with "PartOffsetOOB()"

--- a/packages/contracts-bedrock/test/cannon/PreimageOracle.t.sol
+++ b/packages/contracts-bedrock/test/cannon/PreimageOracle.t.sol
@@ -139,6 +139,15 @@ contract PreimageOracle_Test is Test {
        assertTrue(ok);
    }

+    /// @notice Tests that adding a global keccak256 pre-image at the part boundary reverts.
+    function test_loadKeccak256PreimagePart_partBoundary_reverts() public {
+        bytes memory preimage = hex"deadbeef";
+        uint256 offset = preimage.length + 8;
+
+        vm.expectRevert(PartOffsetOOB.selector);
+        oracle.loadKeccak256PreimagePart(offset, preimage);
+    }
+
    /// @notice Tests that a pre-image cannot be set with an out-of-bounds offset.
    function test_loadLocalData_outOfBoundsOffset_reverts() public {
        bytes32 preimage = bytes32(uint256(0xdeadbeef));