@btc-vision/btc-runtime 1.9.0 → 1.9.2

package/runtime/storage/arrays/StoredPackedArray.ts

@@ -1,4 +1,9 @@
-import { bigEndianAdd, GET_EMPTY_BUFFER, readLengthAndStartIndex, writeLengthAndStartIndex, } from '../../math/bytes';
+import {
+    bigEndianAdd,
+    GET_EMPTY_BUFFER,
+    readLengthAndStartIndex,
+    writeLengthAndStartIndex,
+} from '../../math/bytes';
 import { Blockchain } from '../../env';
 import { Revert } from '../../types/Revert';
 import { encodePointer } from '../../math/abi';
@@ -87,7 +92,8 @@ export abstract class StoredPackedArray<T> {
     @operator('[]')
     public get(index: u32): T {
         // max length used on purpose to prevent unbounded usage
-        if (index > this.MAX_LENGTH) {
+        // we allow index to be equal to MAX_LENGTH because, we allow it on the set as well.
+        if (index >= this.MAX_LENGTH) {
             throw new Revert('get: out of range');
         }
 
@@ -104,7 +110,7 @@ export abstract class StoredPackedArray<T> {
 
     @inline
     public get_physical(index: u32): T {
-        if (index > this.MAX_LENGTH) {
+        if (index >= this.MAX_LENGTH) {
             throw new Revert('get: index exceeds MAX_LENGTH (packed array)');
         }
 
@@ -121,7 +127,7 @@ export abstract class StoredPackedArray<T> {
     @inline
     @operator('[]=')
     public set(index: u32, value: T): void {
-        if (index > this.MAX_LENGTH) {
+        if (index >= this.MAX_LENGTH) {
             throw new Revert('set: index exceeds MAX_LENGTH (packed array)');
         }
 
@@ -143,7 +149,7 @@ export abstract class StoredPackedArray<T> {
 
     @inline
     public set_physical(index: u32, value: T): void {
-        if (index > this.MAX_LENGTH) {
+        if (index >= this.MAX_LENGTH) {
             throw new Revert('set: index exceeds MAX_LENGTH (packed array)');
         }
 
@@ -298,6 +304,10 @@ export abstract class StoredPackedArray<T> {
      */
     @inline
     public delete_physical(index: u32): void {
+        if (index >= this.MAX_LENGTH) {
+            throw new Revert('delete: index exceeds MAX_LENGTH (packed array)');
+        }
+
         const cap = this.getSlotCapacity();
         const slotIndex = index / cap;
         const subIndex = <u32>(index % cap);
@@ -368,6 +378,10 @@ export abstract class StoredPackedArray<T> {
 
     @inline
     public setStartingIndex(index: u32): void {
+        if (index >= this.MAX_LENGTH) {
+            throw new Revert('setStartingIndex: out of range');
+        }
+
         this._startIndex = index;
         this._isChangedStartIndex = true;
     }

package/runtime/types/SafeMath.ts

@@ -54,13 +54,38 @@ export class SafeMath {
     }
 
     // Computes (a * b) % modulus with full precision
-    public static mulmod(a: u256, b: u256, modulus: u256): u256 {
+    /*public static mulmod(a: u256, b: u256, modulus: u256): u256 {
         if (u256.eq(modulus, u256.Zero)) throw new Revert('SafeMath: modulo by zero');
 
         const mul = SafeMath.mul(a, b);
         return SafeMath.mod(mul, modulus);
+    }*/ // CAN OVERFLOW!
+
+    public static mulmod(a: u256, b: u256, modulus: u256): u256 {
+        if (u256.eq(modulus, u256.Zero)) throw new Revert('SafeMath: modulo by zero');
+
+        // Keep invariants: 0 <= a,b < modulus
+        a = SafeMath.mod(a, modulus);
+        b = SafeMath.mod(b, modulus);
+        if (a.isZero() || b.isZero()) return u256.Zero;
+
+        let res = u256.Zero;
+
+        // LSB-first ladder: at most 256 iterations; all steps keep values < modulus.
+        while (!b.isZero()) {
+            if (u256.ne(u256.and(b, u256.One), u256.Zero)) {
+                res = SafeMath.addModNoCarry(res, a, modulus); // res = (res + a) % m, no overflow
+            }
+            b = u256.shr(b, 1);
+            if (!b.isZero()) {
+                a = SafeMath.doubleModNoCarry(a, modulus); // a = (2a) % m, no overflow
+            }
+        }
+        return res;
     }
 
+    // (x + y) % m without ever computing a potentially-overflowing x + y.
+
     @unsafe
     @operator('%')
     public static mod(a: u256, b: u256): u256 {
@@ -73,38 +98,89 @@ export class SafeMath {
         return SafeMath.sub(a, product);
     }
 
+    // (2x) % m without overflow.
+
     public static modInverse(k: u256, p: u256): u256 {
-        let s = u256.Zero;
-        let old_s = u256.One;
-        let r = p;
-        let old_r = k;
+        // Input validation
+        if (p.isZero() || u256.eq(p, u256.One)) {
+            throw new Revert('SafeMath: modulus must be > 1');
+        }
+
+        if (k.isZero()) {
+            throw new Revert('SafeMath: no inverse for zero');
+        }
+
+        let s: u256 = u256.Zero;
+        let old_s: u256 = u256.One;
+        let s_negative: boolean = false;
+        let old_s_negative: boolean = false;
+        let r: u256 = p.clone();
+        let old_r: u256 = k.clone();
 
         while (!r.isZero()) {
             const quotient = SafeMath.div(old_r, r);
 
-            // --- Update r ---
-            {
-                // old_r - (quotient * r)
-                const tmp = r;
-                r = u256.sub(old_r, u256.mul(quotient, r)); // unchecked subtract
-                old_r = tmp;
+            // Update r (always remains positive)
+            const tmp_r = r.clone();
+            r = SafeMath.sub(old_r, SafeMath.mul(quotient, r));
+            old_r = tmp_r;
+
+            // Update s with correct sign tracking
+            const tmp_s = s.clone();
+            const tmp_s_negative = s_negative;
+            const product = SafeMath.mul(quotient, s);
+
+            // Compute: old_s - (quotient * s)
+            // Taking into account the signs of old_s and s
+
+            if (!old_s_negative && !s_negative) {
+                // (+old_s) - (+product)
+                if (u256.ge(old_s, product)) {
+                    s = SafeMath.sub(old_s, product);
+                    s_negative = false;
+                } else {
+                    s = SafeMath.sub(product, old_s);
+                    s_negative = true;
+                }
+            } else if (old_s_negative && s_negative) {
+                // (-old_s) - (-product) = -old_s + product
+                if (u256.ge(product, old_s)) {
+                    s = SafeMath.sub(product, old_s);
+                    s_negative = false;
+                } else {
+                    s = SafeMath.sub(old_s, product);
+                    s_negative = true;
+                }
+            } else if (!old_s_negative && s_negative) {
+                // (+old_s) - (-product) = old_s + product
+                s = SafeMath.add(old_s, product);
+                s_negative = false;
+            } else {
+                // old_s_negative && !s_negative
+                // (-old_s) - (+product) = -(old_s + product)
+                s = SafeMath.add(old_s, product);
+                s_negative = true;
             }
 
-            // --- Update s ---
-            {
-                // old_s - (quotient * s)
-                const tmp = s;
-                s = u256.sub(old_s, u256.mul(quotient, s)); // unchecked subtract
-                old_s = tmp;
-            }
+            old_s = tmp_s;
+            old_s_negative = tmp_s_negative;
         }
 
-        // At this point, `old_r` is the gcd(k, p). If gcd != 1 => no inverse
-        // (in a prime field p, gcd=1 if k != 0).
-        // We could enforce this by checking `old_r == 1` but we'll leave it to the caller.
+        // Check if inverse exists (gcd must be 1)
+        if (!u256.eq(old_r, u256.One)) {
+            throw new Revert('SafeMath: no modular inverse exists');
+        }
+
+        // Reduce modulo p, handling negative values
+        if (old_s_negative) {
+            // For negative values: result = p - (|old_s| mod p)
+            const mod_result = SafeMath.mod(old_s, p);
+            if (mod_result.isZero()) {
+                return u256.Zero;
+            }
+            return SafeMath.sub(p, mod_result);
+        }
 
-        // The extended Euclidean algorithm says `old_s` is the inverse (possibly negative),
-        // so we reduce mod p
         return SafeMath.mod(old_s, p);
     }
 
@@ -126,31 +202,23 @@ export class SafeMath {
     }
 
     public static mul(a: u256, b: u256): u256 {
-        if (a === SafeMath.ZERO || b === SafeMath.ZERO) {
-            return SafeMath.ZERO;
-        }
+        if (a.isZero() || b.isZero()) return u256.Zero;
 
-        const c: u256 = u256.mul(a, b);
-        const d: u256 = SafeMath.div(c, a);
+        const c = u256.mul(a, b);
+        const d = SafeMath.div(c, a);
 
-        if (u256.ne(d, b)) {
-            throw new Revert('SafeMath: multiplication overflow');
-        }
+        if (u256.ne(d, b)) throw new Revert('SafeMath: multiplication overflow');
 
         return c;
     }
 
     public static mul128(a: u128, b: u128): u128 {
-        if (a === u128.Zero || b === u128.Zero) {
-            return u128.Zero;
-        }
+        if (a.isZero() || b.isZero()) return u128.Zero;
 
-        const c: u128 = u128.mul(a, b);
-        const d: u128 = SafeMath.div128(c, a);
+        const c = u128.mul(a, b);
+        const d = SafeMath.div128(c, a);
 
-        if (u128.ne(d, b)) {
-            throw new Revert('SafeMath: multiplication overflow');
-        }
+        if (u128.ne(d, b)) throw new Revert('SafeMath: multiplication overflow');
 
         return c;
     }
@@ -371,66 +439,12 @@ export class SafeMath {
         return u256.xor(a, b);
     }
 
-    public static shr(a: u256, shift: i32): u256 {
-        shift &= 255;
-        if (shift == 0) return a;
-
-        const w = shift >>> 6; // how many full 64-bit words to drop
-        const b = shift & 63; // how many bits to shift within a word
-
-        // Extract the words
-        let lo1 = a.lo1;
-        let lo2 = a.lo2;
-        let hi1 = a.hi1;
-        let hi2 = a.hi2;
-
-        // Shift words down by w words
-        // For w = 1, move lo2->lo1, hi1->lo2, hi2->hi1, and hi2 = 0
-        // For w = 2, move hi1->lo1, hi2->lo2, and zeros in hi1, hi2
-        // For w = 3, move hi2->lo1 and zeros in others
-        // For w >= 4, everything is zero.
-        if (w >= 4) {
-            // Shifting by >= 256 bits zeros out everything
-            return u256.Zero;
-        } else if (w == 3) {
-            lo1 = hi2;
-            lo2 = 0;
-            hi1 = 0;
-            hi2 = 0;
-        } else if (w == 2) {
-            lo1 = hi1;
-            lo2 = hi2;
-            hi1 = 0;
-            hi2 = 0;
-        } else if (w == 1) {
-            lo1 = lo2;
-            lo2 = hi1;
-            hi1 = hi2;
-            hi2 = 0;
-        }
-
-        // Now apply the bit shift b
-        if (b > 0) {
-            // Bring down bits from the higher word
-            const carryLo2 = hi1 << (64 - b);
-            const carryLo1 = lo2 << (64 - b);
-            const carryHi1 = hi2 << (64 - b);
-
-            lo1 = (lo1 >>> b) | carryLo1;
-            lo2 = (lo2 >>> b) | carryLo2;
-            hi1 = (hi1 >>> b) | carryHi1;
-            hi2 = hi2 >>> b;
-        }
-
-        return new u256(lo1, lo2, hi1, hi2);
-    }
-
     /**
      * Increment a u256 value by 1
      * @param value The value to increment
      * @returns The incremented value
      */
-    static inc(value: u256): u256 {
+    public static inc(value: u256): u256 {
         if (u256.eq(value, u256.Max)) {
             throw new Revert('SafeMath: increment overflow');
         }
@@ -451,6 +465,11 @@ export class SafeMath {
         return value.preDec();
     }
 
+    @inline
+    public static shr(value: u256, shift: i32): u256 {
+        return u256.shr(value, shift);
+    }
+
     /**
      * Approximates the binary logarithm (log2) of a u256 integer.
      * @param x - The input value for which to calculate log2(x).
@@ -591,6 +610,18 @@ export class SafeMath {
         return term1 - z2Div + z3Div;
     }
 
+    // Pre: 0 <= x,y < m, m > 0.
+    private static addModNoCarry(x: u256, y: u256, m: u256): u256 {
+        const mMinusY = SafeMath.sub(m, y); // safe since y < m
+        return u256.ge(x, mMinusY) ? SafeMath.sub(x, mMinusY) : SafeMath.add(x, y);
+    }
+
+    // Pre: 0 <= x < m, m > 0.
+    private static doubleModNoCarry(x: u256, m: u256): u256 {
+        const mMinusX = SafeMath.sub(m, x); // safe since x < m
+        return u256.ge(x, mMinusX) ? SafeMath.sub(x, mMinusX) : SafeMath.add(x, x);
+    }
+
     private static bitLength64(value: u64): u32 {
         if (value == 0) return 0;