zkevm-rom 0.0.1-security → 6.0.1

package/main/opcodes/crypto.zkasm

@@ -0,0 +1,96 @@
+/**
+ * @link [https://www.evm.codes/#20?fork=berlin]
+ * @zk-counters
+ *  - dynamic steps: 400 + 100 * length
+ *  - dynamic keccaks: f(length)
+ * @process-opcode
+ *  - stack input: [offset, size]
+ *  - stack output: [hash]
+ */
+opSHA3:
+    ; checks zk-counters
+    %MAX_CNT_STEPS - STEP - 400 :JMPN(outOfCountersStep)
+
+    ; check stack underflow
+    SP - 2          :JMPN(stackUnderflow)
+
+    ; check out-of-gas
+    GAS - %KECCAK_GAS => GAS :JMPN(outOfGas)
+    SP - 1 => SP
+    $ => E          :MLOAD(SP--); [offset => E]
+    $ => C          :MLOAD(SP) ; [size => C]
+
+    ; store lastMemOffset for memory expansion gas cost
+    E               :MSTORE(lastMemOffset)
+    ; store lastMemLength for memory expansion gas cost
+    ; compute memory expansion gas cost
+    C               :MSTORE(lastMemLength), CALL(saveMem); in: [lastMemOffset, lastMemLength]
+    ; check out-of-gas, dynamic
+    ;${6*((C+31)/32)}
+    C+31 => A
+    ;(C+31)/32
+    A               :MSTORE(arithA)
+    32              :MSTORE(arithB), CALL(divARITH); in: [arithA, arithB] out: [arithRes1: arithA/arithB, arithRes2: arithA%arithB]
+    $ => A          :MLOAD(arithRes1)
+    ; Mul operation with Arith
+    ; 6*((C+31)/32)
+    6               :MSTORE(arithA)
+    A               :MSTORE(arithB), CALL(mulARITH); in: [arithA, arithB] out: [arithRes1: arithA*arithB]
+    $ => A          :MLOAD(arithRes1)
+    GAS - A => GAS  :JMPN(outOfGas)  ; dynamic_gas = 6 * minimum_word_size + memory_expansion_cost
+
+    ; check keccak counters
+    C + 1           :MSTORE(arithA)
+    136             :MSTORE(arithB), CALL(divARITH); in: [arithA, arithB] out: [arithRes1: arithA/arithB, arithRes2: arithA%arithB]
+    $ => B          :MLOAD(arithRes1)
+    $ => A          :MLOAD(cntKeccakPreProcess)
+    ; checks keccak counters
+    %MAX_CNT_KECCAK_F - CNT_KECCAK_F - A - 1 - B :JMPN(outOfCountersKeccak)
+
+    ; new hash id
+    $ => B           :MLOAD(lastHashKIdUsed)
+    B + 1 => B       :MSTORE(lastHashKIdUsed)
+    ; set bytes to hash at D
+    32 => D
+    ; A new hash with position 0 is started
+    0 => HASHPOS
+
+opSHA3Loop:
+    ; checks zk-counters
+    %MAX_CNT_STEPS - STEP - 100 :JMPN(outOfCountersStep)
+
+    C               :JMPZ(opSHA3End)
+    C - 32          :JMPN(opSHA3Final)
+    ; load next 32 bytes from memory
+                    :CALL(MLOAD32); in: [E: offset] out: [A: value, E: new offset]
+    ; save new offset at B
+    E => B
+    ; get current hash pointer
+    $ => E          :MLOAD(lastHashKIdUsed)
+    ; append A to hash pointer E
+    A               :HASHK(E)
+    ; restore new offset at E
+    B => E
+    C - 32 => C     :JMP(opSHA3Loop)
+
+opSHA3Final:
+    ; load next C bytes from memory
+                    :CALL(MLOADX); in: [E: offset, C: length] out: [A: value, E: new offset]
+    ; set #bytes to right shift
+    32 - C => D     :CALL(SHRarith); in: [A: value, D: #bytes to right shift] out: [A: shifted result]
+    ; get current hash pointer
+    $ => E          :MLOAD(lastHashKIdUsed)
+    ; set remaining bytes length to hash at D
+    C => D
+    ; append A to hash pointer E
+    A               :HASHK(E)
+
+opSHA3End:
+    ; get current hash pointer
+    $ => E          :MLOAD(lastHashKIdUsed)
+    ; append A to hash pointer E
+    HASHPOS         :HASHKLEN(E)
+    ; compute hash
+    $ => A          :HASHKDIGEST(E)
+    ; store hash
+    A               :MSTORE(SP++), JMP(readCode); [hash(A) => SP]

package/main/opcodes/flow-control.zkasm

@@ -0,0 +1,126 @@
+
+/**
+ * @link [https://www.evm.codes/#56?fork=berlin]
+ * @zk-counters
+ *  - 100 steps
+ *  - 2 binary
+ * @process-opcode
+ *  - stack input: [counter]
+ *  - stack output: none
+ */
+opJUMP:
+    ; checks zk-counters
+    %MAX_CNT_STEPS - STEP - 100 :JMPN(outOfCountersStep)
+    %MAX_CNT_BINARY - CNT_BINARY - 2 :JMPN(outOfCountersBinary)
+
+    ; check stack underflow
+    SP - 1 => SP                    :JMPN(stackUnderflow)
+
+    ; check out-of-gas
+    GAS - %GAS_MID_STEP => GAS      :JMPN(outOfGas)
+
+    ; Check PC is a JUMPDEST
+    $ => A                         :MLOAD(SP), JMP(checkJumpDest); [counter => PC]
+/**
+ * @link [https://www.evm.codes/#57?fork=berlin]
+ * @zk-counters
+ *  - 100 steps
+ *  - 2 binary
+ * @process-opcode
+ *  - stack input: [counter, value]
+ *  - stack output: none
+ */
+opJUMPI:
+    ; checks zk-counters
+    %MAX_CNT_STEPS - STEP - 100 :JMPN(outOfCountersStep)
+    %MAX_CNT_BINARY - CNT_BINARY - 2 :JMPN(outOfCountersBinary)
+    ; check out-of-gas
+    GAS - %GAS_SLOW_STEP => GAS                 :JMPN(outOfGas)
+    SP - 2 => SP                    :JMPN(stackUnderflow)
+    $ => B                          :MLOAD(SP); [value => B]
+    0 => A
+    $                               :EQ, JMPC(readCode)
+    ; Check PC is a JUMPDEST
+    $ => A                          :MLOAD(SP+1), JMP(checkJumpDest); [counter => PC]
+
+checkJumpDest:
+    ; if it is a deploy we have to check the data from the calldata (not the bytecode)
+    $ => B                          :MLOAD(isCreateContract), JMPNZ(checkJumpDestDeployment)
+    $ => B                          :MLOAD(bytecodeLength)
+    $                               :LT,JMPNC(invalidJump)
+    A => B
+    B => PC
+    B => HASHPOS
+    ; get hashP address pointer where contract bytecode is stored
+    $ => E                          :MLOAD(contractHashId)
+    $ => A                          :HASHP1(E)
+    ; check if is a jumpDest (0x5B)
+    A - 0x5B                        :JMPZ(readCode, invalidJump)
+
+checkJumpDestDeployment:
+    ; check enough bytes to read in calldata
+    $ => B                          :MLOAD(txCalldataLen)
+    $                               :LT,JMPNC(invalidJump)
+    ; check jumpDest from calldata
+    $ => B                          :MLOAD(isCreate), JMPNZ(checkJumpDestDeploymentCreate)
+    ; get position where data starts in the tx
+    $ => HASHPOS                    :MLOAD(dataStarts)
+    ; add PC to data starts to point the bytes to read for the jumpdest
+    A => PC
+    HASHPOS + PC => HASHPOS
+    ; get memory pointer for hashing
+    $ => E                          :MLOAD(batchHashDataId)
+    ; set number of bytes to hashK
+    $ => A                          :HASHK1(E)
+    ; check if is a jumpDest (0x5B)
+    A - 0x5B                        :JMPZ(readCode, invalidJump)
+
+checkJumpDestDeploymentCreate:
+    ; get bytes from previous context memory
+    $ => CTX                        :MLOAD(originCTX)
+    ; get offset call position
+    $ => E                          :MLOAD(argsOffsetCall)
+    ; increase current program counter (PC) to offset for getting pushed bytes to read
+    A => PC
+    E + PC => E
+    ; set bytes to read from memory at C
+    1 => C                          :CALL(MLOADX); in: [E: offset, C: length] out: [A: value, E: new offset]
+    $ => CTX                        :MLOAD(currentCTX)
+    ; check if is a jumpDest (0x5B)
+    0x5b00000000000000000000000000000000000000000000000000000000000000n => B
+    $                               :EQ, JMPC(readCode, invalidJump)
+
+/**
+ * @link [https://www.evm.codes/#58?fork=berlin]
+ * @zk-counters
+ *  - 20 steps
+ * @process-opcode
+ *  - stack input: none
+ *  - stack output: [PC]
+ */
+opPC:
+    ; checks zk-counters
+    %MAX_CNT_STEPS - STEP - 20 :JMPN(outOfCountersStep)
+
+    ; check out-of-gas
+    GAS - %GAS_QUICK_STEP => GAS      :JMPN(outOfGas)
+    ; store current PC
+    PC - 1              :MSTORE(SP++); [PC => SP]
+    ; check stack overflow
+    %MAX_STACK_SIZE - SP           :JMPN(stackOverflow, readCode)
+
+
+/**
+ * @link [https://www.evm.codes/#5B?fork=berlin]
+ * @zk-counters
+ *  - 10 steps
+ * @process-opcode
+ *  - stack input: none
+ *  - stack output: none
+ */
+opJUMPDEST:
+    ; checks zk-counters
+    %MAX_CNT_STEPS - STEP - 10 :JMPN(outOfCountersStep)
+
+    ; check out-of-gas
+    GAS - %JUMP_DEST_GAS => GAS  :JMPN(outOfGas, readCode)

package/main/opcodes/logs.zkasm

@@ -0,0 +1,193 @@
+/**
+ * @link [https://www.evm.codes/#a0?fork=berlin]
+ * @zk-counters
+ *  - 100 steps
+ *  - 1 binary
+ * @process-opcode
+ *  - stack input: [offset, size, topic]
+ *  - stack output: none
+ */
+ VAR GLOBAL opLogAux
+ VAR GLOBAL logNextHashPIdAux
+opLOG0:
+    ; checks zk-counters
+    %MAX_CNT_STEPS - STEP - 100 :JMPN(outOfCountersStep)
+    %MAX_CNT_BINARY - CNT_BINARY - 1 :JMPN(outOfCountersBinary)
+    ; check stack underflow
+    SP - 2              :JMPN(stackUnderflow)
+
+    ; check out-of-gas
+    ; gas_cost = %LOG_GAS + %LOG_GAS * num_topics + 8 * data_size + mem_expansion_cost
+    GAS - %LOG_GAS => GAS    :JMPN(outOfGas)
+
+    ; check is static
+    $ => A              :MLOAD(isStaticCall), JMPNZ(invalidStaticTx)
+
+    SP - 1 => SP
+    $ => E              :MLOAD(SP--) ; [offset => E]
+    $ => C              :MLOAD(SP)   ; [size => C]
+    ; store lastMemOffset for memory expansion gas cost
+    E                   :MSTORE(lastMemOffset)
+    ; store lastMemLength for memory expansion gas cost
+    C                   :MSTORE(lastMemLength), CALL(saveMem); in: [lastMemOffset, lastMemLength]
+    ; store number of topics
+    0                   :MSTORE(numTopics)
+    ; calculate data size gas cost => lastMemLength * 8
+    %LOG_DATA_GAS       :MSTORE(arithA)
+    C                   :MSTORE(arithB), CALL(mulARITH); in: [arithA, arithB] out: [arithRes1: arithA*arithB]
+    $ => B              :MLOAD(arithRes1)
+    GAS => A
+    ; check out-of-gas
+    $                   :LT,JMPC(outOfGas)
+    GAS - B => GAS      :JMP(initLogLoop)
+opLOG1:
+
+    %MAX_CNT_STEPS - STEP - 100 :JMPN(outOfCountersStep)
+    %MAX_CNT_BINARY - CNT_BINARY - 1 :JMPN(outOfCountersBinary)
+    SP - 3              :JMPN(stackUnderflow)
+    GAS - %LOG_GAS - %LOG_TOPIC_GAS => GAS    :JMPN(outOfGas)
+    $ => A              :MLOAD(isStaticCall), JMPNZ(invalidStaticTx)
+    SP - 1 => SP
+    $ => E              :MLOAD(SP--)
+    $ => C              :MLOAD(SP)
+    E                   :MSTORE(lastMemOffset)
+    C                   :MSTORE(lastMemLength), CALL(saveMem)
+    1                   :MSTORE(numTopics)
+    %LOG_DATA_GAS       :MSTORE(arithA)
+    C                   :MSTORE(arithB), CALL(mulARITH)
+    $ => B              :MLOAD(arithRes1)
+    GAS => A
+    ; check out-of-gas
+    $                   :LT,JMPC(outOfGas)
+    GAS - B => GAS      :JMP(initLogLoop)
+
+opLOG2:
+
+    %MAX_CNT_STEPS - STEP - 100 :JMPN(outOfCountersStep)
+    %MAX_CNT_BINARY - CNT_BINARY - 1 :JMPN(outOfCountersBinary)
+    SP - 4              :JMPN(stackUnderflow)
+    GAS - %LOG_GAS - %LOG_TOPIC_GAS*2 => GAS    :JMPN(outOfGas)
+    $ => A              :MLOAD(isStaticCall), JMPNZ(invalidStaticTx)
+    SP - 1 => SP
+    $ => E              :MLOAD(SP--)
+    $ => C              :MLOAD(SP)
+    E                   :MSTORE(lastMemOffset)
+    C                   :MSTORE(lastMemLength), CALL(saveMem)
+    2                   :MSTORE(numTopics)
+    %LOG_DATA_GAS       :MSTORE(arithA)
+    C                   :MSTORE(arithB), CALL(mulARITH)
+    $ => B              :MLOAD(arithRes1)
+    GAS => A
+    ; check out-of-gas
+    $                   :LT,JMPC(outOfGas)
+    GAS - B => GAS      :JMP(initLogLoop)
+
+opLOG3:
+
+    %MAX_CNT_STEPS - STEP - 100 :JMPN(outOfCountersStep)
+    %MAX_CNT_BINARY - CNT_BINARY - 1 :JMPN(outOfCountersBinary)
+    SP - 5              :JMPN(stackUnderflow)
+    GAS - %LOG_GAS - %LOG_TOPIC_GAS*3 => GAS    :JMPN(outOfGas)
+    $ => A              :MLOAD(isStaticCall), JMPNZ(invalidStaticTx)
+    SP - 1 => SP
+    $ => E              :MLOAD(SP--)
+    $ => C              :MLOAD(SP)
+    E                   :MSTORE(lastMemOffset)
+    C                   :MSTORE(lastMemLength), CALL(saveMem)
+    3                   :MSTORE(numTopics)
+    %LOG_DATA_GAS       :MSTORE(arithA)
+    C                   :MSTORE(arithB), CALL(mulARITH)
+    $ => B              :MLOAD(arithRes1)
+    GAS => A
+    ; check out-of-gas
+    $                   :LT,JMPC(outOfGas)
+    GAS - B => GAS      :JMP(initLogLoop)
+
+opLOG4:
+
+    %MAX_CNT_STEPS - STEP - 100 :JMPN(outOfCountersStep)
+    %MAX_CNT_BINARY - CNT_BINARY - 1 :JMPN(outOfCountersBinary)
+    SP - 6              :JMPN(stackUnderflow)
+    GAS - %LOG_GAS - %LOG_TOPIC_GAS*4 => GAS    :JMPN(outOfGas)
+    $ => A              :MLOAD(isStaticCall), JMPNZ(invalidStaticTx)
+    SP - 1 => SP
+    $ => E              :MLOAD(SP--)
+    $ => C              :MLOAD(SP)
+    E                   :MSTORE(lastMemOffset)
+    C                   :MSTORE(lastMemLength), CALL(saveMem)
+    4                   :MSTORE(numTopics)
+    %LOG_DATA_GAS       :MSTORE(arithA)
+    C                   :MSTORE(arithB), CALL(mulARITH)
+    $ => B              :MLOAD(arithRes1)
+    GAS => A
+    ; check out-of-gas
+    $                   :LT,JMPC(outOfGas)
+    GAS - B => GAS      :JMP(initLogLoop)
+
+initLogLoop:
+    ; check poseidon counters
+    ; 56 is the value used by the prover to increment poseidon counters depending on the hash length
+    C                                                       :MSTORE(arithA)
+    56                                                      :MSTORE(arithB), CALL(divARITH); in: [arithA, arithB] out: [arithRes1: arithA/arithB, arithRes2: arithA%arithB]
+    $ => B                                                  :MLOAD(arithRes1)
+    ; We count B and also the number of topics, as max is 4 topics of 32 bytes each 32*4/56 = 2.2 -> 3
+    %MAX_CNT_POSEIDON_G - CNT_POSEIDON_G - 4 - B            :JMPN(outOfCountersPoseidon)
+    %MAX_CNT_PADDING_PG - CNT_PADDING_PG - 4 - B      :JMPN(outOfCountersPadding)
+    0 => HASHPOS
+    32 => D
+    $ => B                                                  :MLOAD(currentLogIndex)
+    $ => A          :MLOAD(nextHashPId)
+    ; Update nextHashPId
+    A + 1           :MSTORE(nextHashPId)
+    ; store nextHashPId to aux variable
+    A               :MSTORE(logNextHashPIdAux)
+
+logLoop:
+    ; checks zk-counters
+    %MAX_CNT_STEPS - STEP - 100 :JMPN(outOfCountersStep)
+    C               :JMPZ(opSaveTopicsInit)
+    ; load next 32 bytes
+    C - 32          :JMPN(opLogFinal)
+                    :CALL(MLOAD32); in: [E: offset] out: [A: value]
+    E               :MSTORE(opLogAux)
+    $ => E          :MLOAD(logNextHashPIdAux)
+    A               :HASHP(E)
+    $ => E          :MLOAD(opLogAux)
+    $${storeLog(B, 0, A)} ; storeLog(indexLog, isTopic, bytesToStore)
+    C - 32 => C     :JMP(logLoop)
+
+opLogFinal:
+    ; load last C bytes
+                    :CALL(MLOADX); in: [E: offset, C: length] out: [A: value, E: new offset]
+    $${storeLog(B, 0, A)}; storeLog(indexLog, isTopic, bytesToStore)
+    32 - C => D     :CALL(SHRarith); in: [A: value, D: #bytes to right shift] out: [A: shifted result]
+    C => D
+    $ => E          :MLOAD(logNextHashPIdAux)
+    A               :HASHP(E)
+                    :JMP(opSaveTopicsInit) ; instruction added to allow executing $$ function
+
+opSaveTopicsInit:
+    ; save topics
+    $ => A          :MLOAD(numTopics)
+    $ => E          :MLOAD(logNextHashPIdAux)
+    32 => D
+
+opSaveTopicsLoop:
+    ; checks zk-counters
+    %MAX_CNT_STEPS - STEP - 100 :JMPN(outOfCountersStep)
+
+    A                           :JMPZ(finishSaveTopics)
+    ; check stack underflow
+    SP - 1 => SP
+    ; check out-of-gas
+    $ => C                      :MLOAD(SP)   ; [topic => C]
+    C                           :HASHP(E)
+    $${storeLog(B, 1, C)}     ; storeLog(indexLog, isTopic, bytesToStore)
+    A - 1 =>  A                 :JMP(opSaveTopicsLoop)
+
+finishSaveTopics:
+    %MAX_CNT_BINARY - CNT_BINARY - 1 :JMPN(outOfCountersBinary)
+    ; Compute hash of the log
+    HASHPOS                     :HASHPLEN(E)
+    $ => D                      :HASHPDIGEST(E), CALL(fillBlockInfoTreeWithLog); in: [D: linearPoseidon(log_data + log_topics)]
+                                :JMP(readCode)