Revision - 16eec8a - Dexter DFS compat: assert that `to` and `owner` args are always [...] - origin: https://gitlab.com/nomadic-labs/mi-cho-coq

visit type:

https://gitlab.com/nomadic-labs/mi-cho-coq

08 June 2021, 12:39:06 UTC

Code
Branches (270)
Releases (1)
Visits

Revision 16eec8a79400c3b5987e733fd4b440d212fee5e7 authored by Raphaël Cauderlier on 06 February 2021, 22:05:50 UTC, committed by Arvid Jakobsson on 02 March 2021, 18:13:44 UTC

Dexter DFS compat: assert that `to` and `owner` args are always implicit accounts

In order to reduce the attack surface of Dexter in the presence of
both BFS and DFS calls, we add assertions that guarantee that:

- Dexter is not called by a smart-contract so no BFS operations can be
injected before the operations emitted by Dexter. This is checked
by (SOURCE = SENDER) which can never hold in internal transactions.

- uncontrolled addresses (the `to` and `owner` parameters) are
prevented to do any call (DFS or BFS) by requesting them to be
implicit accounts. There is unfortunately no instruction in Michelson
to check that an address is implicit (see
https://gitlab.com/nomadic-labs/tezos/-/merge_requests/93) but we know
that the transaction source is always implicit (since Babylon) so we
use the over approximation (to = SOURCE) and (owner = SOURCE).

1 parent 027833e

Files
Changes

Branches
Releases

HEAD
refs/heads/51-verify-dexter-2-dexter-fa1-2lqt-dexter-1-5
refs/heads/Julien@adding_contracts
refs/heads/arvid@ci-build-refactor-cache
refs/heads/arvid@ci-rethinking
refs/heads/arvid@cpmm-verification
refs/heads/arvid@cpmm2-verification
refs/heads/arvid@dexter-lemmas-and-refactorings
refs/heads/arvid@dexter-verification-parsing-test
refs/heads/arvid@dexter-verification-stringfix
refs/heads/arvid@dexter-verification-updates-20200928-coq8.08
refs/heads/arvid@dexter_fa12lqt-verification__addLiquidity
refs/heads/arvid@dexter_fa12lqt-verification__removeLiquidity
refs/heads/arvid@fragment_typer_and_ott_typing
refs/heads/arvid@guillaume-claret@dexter_fa12lqt-verification
refs/heads/arvid@guillaume-claret@dexter_fa12lqt-verification-bis
refs/heads/arvid@opaque-tez-experiments
refs/heads/arvid@rafoo@simplify-eval_precond-rebased
refs/heads/arvid@re-organize-contracts_coq
refs/heads/backport-opam-package-changes-from-upstream
refs/heads/bb@dexter-verification
refs/heads/chain-modelisation-guestbook
refs/heads/colin-dexter_fa12lqt-verification
refs/heads/contract_spend
refs/heads/dev
refs/heads/dexter-dfs-compat
refs/heads/dexter-fa2-verification-hackish
refs/heads/dexter-verification
refs/heads/dexter-verification-approve
refs/heads/dexter-verification-cleanup-lemmas
refs/heads/dexter-verification-rebase
refs/heads/dexter_fa12lqt-verification
refs/heads/entrypoints
refs/heads/guillaume-claret-add-entrypoint-to-self
refs/heads/guillaume-claret-full-eval-function
refs/heads/guillaume-claret-gadts-without-annotations
refs/heads/guillaume-claret-integrate-coq-of-ocaml-output
refs/heads/guillaume-claret-semantics-injection
refs/heads/guillaume-claret@dexter_fa12lqt-verification
refs/heads/guillaume-claret@dexter_fa12lqt-verification-benchmark-token-to-token
refs/heads/guillaume-claret@dexter_fa12lqt-verification-experiments
refs/heads/guillaume-claret@dexter_fa12lqt-verification-string-eqb
refs/heads/improve_multisig
refs/heads/internship_report
refs/heads/intership_presentation
refs/heads/julien@entrypoint_notations
refs/heads/julien@gasoline_inconsistent_universe
refs/heads/julien@mutually_calling_contracts
refs/heads/kristina-fa12-verification-rebase
refs/heads/kristina@fa12-verification-rebase
refs/heads/kristina@fa2
refs/heads/manager-contract-do-entry
refs/heads/master
refs/heads/merge-contract
refs/heads/merge-contract_multithreaded_simpl
refs/heads/merge_with_shared_storage
refs/heads/michelson_fragment
refs/heads/miguelito
refs/heads/old_merge_with_shared_storage
refs/heads/old_merge_with_shared_storage_WIP
refs/heads/old_merge_with_shared_storage_use
refs/heads/old_resiliable_contract_
refs/heads/proto-proposal
refs/heads/rafoo@concert_integration
refs/heads/rafoo@dexter_fa12lqt-verification
refs/heads/rafoo@dexter_perf_experiment
refs/heads/rafoo@map_extra_lemmas
refs/heads/rafoo@mutez_opacity
refs/heads/rafoo@primitives
refs/heads/rafoo@semantics-projections
refs/heads/rafoo@slides_inria_day
refs/heads/rafoo@talk_nl_seminar
refs/heads/rafoo@tpbc
refs/heads/rafoo@transparent_set_remove
refs/heads/rafoo@tzt
refs/heads/raphael@precond_iter
refs/heads/raphael@tuto
refs/heads/return2sender
refs/heads/self_in_origination
refs/heads/specialised-multisig
refs/heads/stateful
refs/heads/yrg@cpmm2-economic-properties
refs/heads/yrg@cpmm2-new-version
refs/heads/yrg@dexter_fa12lqt-verification-XtzToToken
refs/heads/yrg@dexter_fa12lqt-verification-set-manager
refs/heads/yrg@dexter_fa12lqt-verification-tokenToXtz
refs/heads/yrg@dexter_fa12lqt-verification-update-spec
refs/heads/yrg@make-mutez-more-readable
refs/heads/yrg@optimize-micheline-lexer
refs/heads/yrg@optimize-micheline-lexical-analysis
refs/heads/yrg@refactor-make-mutez-more-readable
refs/heads/yrg@verify-vesting
refs/heads/yrg@wip-cpmm2-economic-properties
refs/heads/zhenlei@cancellable_contract
refs/heads/zhenlei@internship_report
refs/heads/zhenlei@merge_shared_tree
refs/merge-requests/1/head
refs/merge-requests/100/head
refs/merge-requests/100/merge
refs/merge-requests/101/head
refs/merge-requests/102/head
refs/merge-requests/102/merge
refs/merge-requests/103/head
refs/merge-requests/103/merge
refs/merge-requests/104/head
refs/merge-requests/104/merge
refs/merge-requests/105/head
refs/merge-requests/105/merge
refs/merge-requests/106/head
refs/merge-requests/106/merge
refs/merge-requests/107/head
refs/merge-requests/107/merge
refs/merge-requests/108/head
refs/merge-requests/108/merge
refs/merge-requests/109/head
refs/merge-requests/109/merge
refs/merge-requests/11/head
refs/merge-requests/11/merge
refs/merge-requests/110/head
refs/merge-requests/110/merge
refs/merge-requests/111/head
refs/merge-requests/111/merge
refs/merge-requests/112/head
refs/merge-requests/112/merge
refs/merge-requests/113/head
refs/merge-requests/113/merge
refs/merge-requests/114/head
refs/merge-requests/114/merge
refs/merge-requests/115/head
refs/merge-requests/115/merge
refs/merge-requests/116/head
refs/merge-requests/116/merge
refs/merge-requests/117/head
refs/merge-requests/117/merge
refs/merge-requests/118/head
refs/merge-requests/118/merge
refs/merge-requests/119/head
refs/merge-requests/119/merge
refs/merge-requests/12/head
refs/merge-requests/120/head
refs/merge-requests/120/merge
refs/merge-requests/121/head
refs/merge-requests/121/merge
refs/merge-requests/122/head
refs/merge-requests/122/merge
refs/merge-requests/123/head
refs/merge-requests/123/merge
refs/merge-requests/124/head
refs/merge-requests/124/merge
refs/merge-requests/125/head
refs/merge-requests/125/merge
refs/merge-requests/126/head
refs/merge-requests/126/merge
refs/merge-requests/127/head
refs/merge-requests/127/merge
refs/merge-requests/128/head
refs/merge-requests/128/merge
refs/merge-requests/129/head
refs/merge-requests/129/merge
refs/merge-requests/13/head
refs/merge-requests/130/head
refs/merge-requests/130/merge
refs/merge-requests/131/head
refs/merge-requests/131/merge
refs/merge-requests/132/head
refs/merge-requests/132/merge
refs/merge-requests/15/head
refs/merge-requests/16/head
refs/merge-requests/17/head
refs/merge-requests/18/head
refs/merge-requests/19/head
refs/merge-requests/2/head
refs/merge-requests/21/head
refs/merge-requests/22/head
refs/merge-requests/23/head
refs/merge-requests/25/head
refs/merge-requests/26/head
refs/merge-requests/27/head
refs/merge-requests/27/merge
refs/merge-requests/28/head
refs/merge-requests/28/merge
refs/merge-requests/3/head
refs/merge-requests/32/head
refs/merge-requests/32/merge
refs/merge-requests/33/head
refs/merge-requests/35/head
refs/merge-requests/35/merge
refs/merge-requests/4/head
refs/merge-requests/40/head
refs/merge-requests/40/merge
refs/merge-requests/43/head
refs/merge-requests/43/merge
refs/merge-requests/45/head
refs/merge-requests/45/merge
refs/merge-requests/47/head
refs/merge-requests/47/merge
refs/merge-requests/49/head
refs/merge-requests/49/merge
refs/merge-requests/50/head
refs/merge-requests/50/merge
refs/merge-requests/52/head
refs/merge-requests/52/merge
refs/merge-requests/54/head
refs/merge-requests/54/merge
refs/merge-requests/55/head
refs/merge-requests/55/merge
refs/merge-requests/57/head
refs/merge-requests/57/merge
refs/merge-requests/58/head
refs/merge-requests/58/merge
refs/merge-requests/59/head
refs/merge-requests/59/merge
refs/merge-requests/6/head
refs/merge-requests/6/merge
refs/merge-requests/60/head
refs/merge-requests/60/merge
refs/merge-requests/61/head
refs/merge-requests/61/merge
refs/merge-requests/62/head
refs/merge-requests/62/merge
refs/merge-requests/63/head
refs/merge-requests/63/merge
refs/merge-requests/64/head
refs/merge-requests/64/merge
refs/merge-requests/65/head
refs/merge-requests/65/merge
refs/merge-requests/66/head
refs/merge-requests/66/merge
refs/merge-requests/67/head
refs/merge-requests/67/merge
refs/merge-requests/68/head
refs/merge-requests/68/merge
refs/merge-requests/69/head
refs/merge-requests/69/merge
refs/merge-requests/70/head
refs/merge-requests/70/merge
refs/merge-requests/71/head
refs/merge-requests/71/merge
refs/merge-requests/72/head
refs/merge-requests/72/merge
refs/merge-requests/74/head
refs/merge-requests/74/merge
refs/merge-requests/75/head
refs/merge-requests/75/merge
refs/merge-requests/78/head
refs/merge-requests/78/merge
refs/merge-requests/79/head
refs/merge-requests/79/merge
refs/merge-requests/8/head
refs/merge-requests/82/head
refs/merge-requests/82/merge
refs/merge-requests/9/head
refs/merge-requests/90/head
refs/merge-requests/90/merge
refs/merge-requests/92/head
refs/merge-requests/92/merge
refs/merge-requests/93/head
refs/merge-requests/93/merge
refs/merge-requests/94/head
refs/merge-requests/94/merge
refs/merge-requests/95/head
refs/merge-requests/95/merge
refs/merge-requests/96/head
refs/merge-requests/96/merge
refs/merge-requests/97/head
refs/merge-requests/97/merge
refs/merge-requests/98/head
refs/merge-requests/98/merge
refs/merge-requests/99/head
refs/merge-requests/99/merge
refs/tags/ISOLA2020
16eec8a79400c3b5987e733fd4b440d212fee5e7

FMBC_2019

b8c0197
/

History

Cook and download a directory from the Software Heritage Vault

You have requested the cooking of the directory with identifier swh:1:dir:b8c019799fa0e8fc191f9ce737b205520c150a9a into a standard tar.gz archive.

Are you sure you want to continue ?

(Optional) Send download link once it is available to that email address:

Download a directory from the Software Heritage Vault

You have requested the download of the directory with identifier swh:1:dir:b8c019799fa0e8fc191f9ce737b205520c150a9a as a standard tar.gz archive.

Are you sure you want to continue ?

Cook and download a revision from the Software Heritage Vault

You have requested the cooking of the history heading to revision with identifier swh:1:rev:16eec8a79400c3b5987e733fd4b440d212fee5e7 into a bare git archive.

Are you sure you want to continue ?

(Optional) Send download link once it is available to that email address:

Download a revision from the Software Heritage Vault

You have requested the download of the history heading to revision with identifier swh:1:rev:16eec8a79400c3b5987e733fd4b440d212fee5e7 as a bare git archive.

Are you sure you want to continue ?

Invalid Email !

The provided email is not well-formed.

Download link has expired

The requested archive is no longer available for download from the Software Heritage Vault.

Do you want to cook it again ?

Take a new snapshot of a software origin

If the archived software origin currently browsed is not synchronized with its upstream version (for instance when new commits have been issued), you can explicitly request Software Heritage to take a new snapshot of it.

Use the form below to proceed. Once a request has been submitted and accepted, it will be processed as soon as possible. You can then check its processing state by visiting this dedicated page.

Visit type

Origin url

Processing "take a new snapshot" request ...

Permalinks

To reference or cite the objects present in the Software Heritage archive, permalinks based on SoftWare Hash IDentifiers (SWHIDs) must be used.
Select below a type of object currently browsed in order to display its associated SWHID and permalink.

revision
directory
snapshot

swh:1:rev:16eec8a79400c3b5987e733fd4b440d212fee5e7

Add contextual information

Iframe embedding

swh:1:dir:b8c019799fa0e8fc191f9ce737b205520c150a9a

Add contextual information

swh:1:snp:2f08cb74658b563b0774f3a403ea265cf76058c6

Add contextual information

Tip revision: 16eec8a79400c3b5987e733fd4b440d212fee5e7 authored by Raphaël Cauderlier on 06 February 2021, 22:05:50 UTC
Dexter DFS compat: assert that `to` and `owner` args are always implicit accounts

Tip revision: 16eec8a

File	Mode	Size
doc
scripts
src
.gitignore	-rw-r--r--	336 bytes
.gitlab-ci.yml	-rw-r--r--	920 bytes
LICENSE	-rw-r--r--	1.1 KB
Makefile.local	-rw-r--r--	379 bytes
README.org	-rw-r--r--	8.5 KB
_CoqProject	-rw-r--r--	4 bytes
configure	-rwxr-xr-x	1.6 KB
coq-mi-cho-coq.install	-rw-r--r--	73 bytes
coq-mi-cho-coq.opam	-rw-r--r--	1.4 KB

The diff you're trying to view is too large. Only the first 1000 changed files have been loaded.

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...

https://gitlab.com/nomadic-labs/mi-cho-coq

Dexter DFS compat: assert that `to` and `owner` args are always implicit accounts

README.org