Skip to content

🐛 Option issue#21 #35

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
LesterEvSe wants to merge 3 commits into
base: main
Choose a base branch
from
Open

🐛 Option issue#21 #35

LesterEvSe wants to merge 3 commits into from

Conversation

@LesterEvSe
Copy link
Collaborator

@LesterEvSe LesterEvSe commented Dec 25, 2025
edited
Loading

This PR previously removed changes that limited the number of inputs and outputs due to their inflexibility.

@LesterEvSe LesterEvSe self-assigned this Dec 25, 2025
@LesterEvSe LesterEvSe added the bug Something isn't working label Dec 25, 2025
@LesterEvSe LesterEvSe linked an issue Dec 25, 2025 that may be closed by this pull request
Options contract funding path lets reissuance tokens escape contract #21
Open
@apoelstra
Copy link

apoelstra commented Dec 25, 2025

3db6ee9 adds a unit test but also weakens the code (I guess because the unit test would be impossible otherwise, and actually the contract is secure?)

For e2621fe see my comments on #21 -- I think (though I didn't try) that you can significantly simplify this code. Having said this, I'm still confused as to why we are working with confidential assets at all. The contract code should have a detailed comment explaining this.

609873b is a merge commit (and a merge commit with nontrivial changes in it).

@LesterEvSe LesterEvSe force-pushed the fix/contracts-options branch 4 times, most recently from 29893cc to ef23dfe Compare December 26, 2025 15:07
@LesterEvSe
Copy link
Collaborator Author

LesterEvSe commented Dec 26, 2025
edited
Loading

3db6ee9 adds a unit test but also weakens the code (I guess because the unit test would be impossible otherwise, and actually the contract is secure?)

Yes, you understood correctly. The reason is described in this comment. This removes the hard coding.

For e2621fe see my comments on #21 -- I think (though I didn't try) that you can significantly simplify this code. Having said this, I'm still confused as to why we are working with confidential assets at all. The contract code should have a detailed comment explaining this.

Okay, after reading roconnor's and your comments, I made some improvements to the code. I also added an explanation of why confidential assets are needed and referred to roconnor's explanation here.

@apoelstra
Copy link

apoelstra commented Dec 29, 2025

In 8166922:

Please change the commit message to remove "feat:" (tests are not features) and to explain that you're crippling the contract by removing the previous mitigation, which was inflexible.

In 6c101e4:

I don't understand how this works. You don't read any data from the input or its issuance. You just take witness data and assert it equal to the output.

@LesterEvSe LesterEvSe force-pushed the fix/contracts-options branch 2 times, most recently from 10f65c3 to d086e50 Compare January 5, 2026 11:09
@apoelstra
Copy link

apoelstra commented Jan 5, 2026

In 84626ad:

Sorry to keep harping on this, but the commit message really needs to be clearer that it's taking a previously (maybe) secure contract and making it insecure. And that this commit includes a unit test demonstrating the new insecurity, and that it will be patched in a later commit.

In 53ca26f:

This commit significantly rewrites the test introduced in the previous commit. Can you squash the test changes down? It should be that the commit which fixes the security hole simply inverts a test condition, from asserting success to asserting failure.

In d086e50:

This comment looks good to me. Thanks.

@LesterEvSe LesterEvSe force-pushed the fix/contracts-options branch 2 times, most recently from 299e37d to 4e22c7d Compare January 6, 2026 13:27
@LesterEvSe
Copy link
Collaborator Author

LesterEvSe commented Jan 6, 2026

In 84626ad:

Sorry to keep harping on this, but the commit message really needs to be clearer that it's taking a previously (maybe) secure contract and making it insecure. And that this commit includes a unit test demonstrating the new insecurity, and that it will be patched in a later commit.

Okay, not a problem. I will bear these comments in mind in future to help me avoid making the same mistakes. Thank you for the review!

@LesterEvSe
remove: previous restrictions on the number of entries in option.simf…
2ac5cb4 
… due to inflexibility. The next commit will include vulnerability tests and their fixes.
@LesterEvSe LesterEvSe force-pushed the fix/contracts-options branch 8 times, most recently from 11eaa47 to 0b72c2f Compare January 8, 2026 11:35
@LesterEvSe LesterEvSe force-pushed the fix/contracts-options branch from 0b72c2f to 2a7a5fe Compare January 8, 2026 11:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@KyrylR KyrylR Awaiting requested review from KyrylR KyrylR is a code owner

@imaginator imaginator Awaiting requested review from imaginator

At least 1 approving review is required to merge this pull request.

Assignees

@LesterEvSe LesterEvSe

Labels

bug Something isn't working

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Options contract funding path lets reissuance tokens escape contract

2 participants

@LesterEvSe @apoelstra