Bump version to 0.34.0
and finilized the CHANGELOG.md
#488
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Release v0.34.0
This release contains fixes for critical issues that we found before the audit. Mainly, these changes pertain to the Sparse Merkle Tree (SMT) and related code. The SMT API was extended to provide more flexibility and to allow users to select the most appropriate method their performance needs. Where possible, sequential SMT updates were replaced with constructors that take in a complete data set.
Added
#476: The
fuel_vm::Call
supportsFrom<[u8; Self::LEN]>
andInto<[u8; Self::LEN]>
.#484: The
sparse::in_memory::MerkleTree
got new methodsfrom_set
,root_from_set
, andnodes_from_set
methods. These methods allow a more optimal way to build and calculate the SMT when you know all leaves. TheContract::initial_state_root
is much faster now (by ~15 times).Removed
CheckedMemRange
is replaced by theMemoryRange
.Changed
#477: The
PanicReason::UnknownPanicReason
is0x00
. ThePanicReason
now implementsFrom<u8>
instead ofTryFrom<u8>
and can't return an error anymore.#478: The
memcopy
method is updated and returnsMemoryWriteOverlap
instead ofMemoryOverflow
.Fixed
#482: This PR address a security issue where updates to a Sparse Merkle Tree could deliberately overwrite existing leaves by setting the leaf key to the hash of an existing leaf or node. This is done by removing the insertion of the leaf using the leaf key.
#484: Fixed bug with not-working
CreateMetadata
.Breaking
#473: CFS and CFSI were not validating
that the new
$sp
value isn't below$ssp
, allowing write access to non-ownedmemory. This is now fixed, and attempting to set an incorrect
$sp
value panics.#485: This PR addresses a security
issue where the user may manipulate the structure of the Sparse Merkle Tree.
SMT expects hashed storage key wrapped into a
MerkleTreeKey
structure.The change is breaking because it changes the
state_root
generated by the SMTand may change the
ContractId
if theCreate
transaction has non-emptyStoargeSlot
s.All changes:
sparse::MerkleTree::from_set
function to calculate state root by @xgreenx in Use a newsparse::MerkleTree::from_set
function to calculate state root #484SparseMerkleTree
to acceptMerkleStorageKey
by @xgreenx in Changed the API of theSparseMerkleTree
to acceptMerkleStorageKey
#485