Skip to content

fix: AI audit based protocol contract fixes #20328

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
benesjan wants to merge 1 commit into
base: next
Choose a base branch
from
Open

fix: AI audit based protocol contract fixes #20328

benesjan wants to merge 1 commit into from
+2 −2

Conversation

@benesjan
Copy link
Contributor

@benesjan benesjan commented Feb 10, 2026
edited
Loading

In this PR I address AI audit findings @Rumata888 sent me. I needed to do changes only based on finding 1) (as described below) but I would need to do changes based on findings 3) and 4) as well if we were not already dropping the relevant functions in #20248. So overall I would say the AI review was quite valuable.

Summary of the AI audit findings

  1. Medium
    • Contract: AuthRegistry helper (aztec-nr/aztec/src/authwit/auth.nr)
    • Issue: set_reject_all helper passes wrong args; cannot disable reject_all
  2. Low-Medium
    • Contract: ContractInstanceRegistry
    • Issue: 10-minute minimum upgrade delay may be insufficient
  3. Low
    • Contract: ContractClassRegistry
    • Issue: Broadcast functions don't verify class existence
  4. Low
    • Contract: ContractClassRegistry
    • Issue: Broadcast functions don't verify bytecode
  5. Info
    • Contract: AuthRegistry
    • Issue: No expiry on public authwits
  6. Info
    • Contract: ContractClassRegistry
    • Issue: No revocation mechanism
  7. Info
    • Contract: FeeJuice
    • Issue: Tight coupling with protocol circuit storage layout

My fixes

  1. This one was real and was not caught as the helper was unused. Fixed in aa71930
  2. As the floor value that seems fine - decided to not do any changes here.
  3. Now irrelevant as the functions are getting dropped in feat: Remove the broadcast functions from ContractClassRegistry #20248
  4. Now irrelevant as the functions are getting dropped in feat: Remove the broadcast functions from ContractClassRegistry #20248
  5. Spoke with Lasse here and doesen't make sense to add expiry directly to AuthRegistry as we can always add an expiry to the signed payload and check that it the contract we are authorizing actions for. That is ultimately a better design as it doesn't add cost to all the pub authwits (if this was implemented directly in the AuthRegistry we would add AVM opcodes to all the flows as we would need to pack "boolean" and "expiry" into 1 storage slot).
  6. It being impossible to "un-publish" a contract class is a conscious design decision.
  7. This is considered fine as we are the maintainers of protocol contracts and there is no practical way around it.

@benesjan Graphite App
Copy link
Contributor Author

benesjan commented Feb 10, 2026

This stack of pull requests is managed by Graphite. Learn more about stacking.

@benesjan benesjan force-pushed the 02-10-fix_ai_audit_based_protocol_contract_fixes branch from aa71930 to 99ed692 Compare February 10, 2026 09:52
@benesjan benesjan marked this pull request as ready for review February 10, 2026 09:52
@AztecBot
Copy link
Collaborator

AztecBot commented Feb 10, 2026

⚠️ Docs Examples Validation Failed

Compile (Noir contracts)

�[38;2;188;109;208m---�[0m �[38;2;95;167;241m�[1mCompiling example contracts�[0m �[38;2;188;109;208m---�[0m
Compiling contracts (bb-hash: 8e49ed0a9246fc48)...
contracts/nft_bridge	compile contracts/nft_bridge examples
contracts/recursive_verification_contract	compile contracts/recursive_verification_contract examples
contracts/bob_token_contract	compile contracts/bob_token_contract examples
contracts/counter_contract	compile contracts/counter_contract examples
contracts/nft	compile contracts/nft examples
contracts/bob_token_contract	Cache download of contract-f64d85cf6115fba4.tar.gz failed.
contracts/counter_contract	Cache download of contract-8290a27bea8c47a8.tar.gz failed.
contracts/nft_bridge	Cache download of contract-f2168bf3b13a749b.tar.gz failed.
contracts/nft_bridge	Waiting for lock on git dependencies cache...
contracts/nft	Cache download of contract-d4eb8c6e3e87a1cf.tar.gz failed.
contracts/recursive_verification_contract	Cache download of contract-da7292b3d35c195e.tar.gz failed.
contracts/counter_contract	error: `dep::aztec` path is deprecated
contracts/counter_contract	  ┌─ examples/contracts/counter_contract/src/main.nr:2:5
contracts/counter_contract	  │
contracts/counter_contract	2 │ use dep::aztec::macros::aztec;
contracts/counter_contract	  │     --- Please use `::aztec` instead
contracts/counter_contract	  │
contracts/counter_contract	
contracts/counter_contract	Aborting due to 1 previous error
parallel: This job failed:
compile contracts/counter_contract examples
Seq	Host	Starttime	JobRuntime	Send	Receive	Exitval	Signal	Command
1	:	1770717573.238	     1.685	0	329	1	0	compile contracts/counter_contract examples

TypeScript validation

(truncated)...
connection	✓ @aztec/accounts: 27 .d.ts files
aztecjs_authwit	✓ @aztec/aztec.js: 77 .d.ts files
aztecjs_advanced	✓ @aztec/aztec.js: 77 .d.ts files
aztecjs_getting_started	✓ @aztec/noir-contracts.js: 33 .d.ts files
aztecjs_connection	✓ @aztec/test-wallet: 8 .d.ts files
aztecjs_authwit	✓ @aztec/accounts: 27 .d.ts files
aztecjs_advanced	✓ @aztec/accounts: 27 .d.ts files
aztecjs_connection	✓ @aztec/noir-contracts.js: 33 .d.ts files
aztecjs_authwit	✓ @aztec/test-wallet: 8 .d.ts files
aztecjs_advanced	✓ @aztec/test-wallet: 8 .d.ts files
aztecjs_connection	✓ @aztec/stdlib: 477 .d.ts files
aztecjs_authwit	✓ @aztec/noir-contracts.js: 33 .d.ts files
aztecjs_advanced	✓ @aztec/noir-contracts.js: 33 .d.ts files
aztecjs_advanced	✓ @aztec/ethereum: 85 .d.ts files
aztecjs_advanced	✓ @aztec/stdlib: 477 .d.ts files
aztecjs_getting_started	Type checking 'aztecjs_getting_started'...
aztecjs_connection	Type checking 'aztecjs_connection'...
aztecjs_authwit	Type checking 'aztecjs_authwit'...
aztecjs_advanced	Type checking 'aztecjs_advanced'...
aztecjs_getting_started	✓ 'aztecjs_getting_started' validated successfully
aztecjs_getting_started	Cleaning up temporary files for 'aztecjs_getting_started'...
aztecjs_testing	validate_project aztecjs_testing
aztecjs_testing	�[38;2;188;109;208m---�[0m �[38;2;95;167;241m�[1mValidating aztecjs_testing�[0m �[38;2;188;109;208m---�[0m
aztecjs_testing	No custom contracts for 'aztecjs_testing', skipping codegen...
aztecjs_testing	Setting up yarn for 'aztecjs_testing'...
aztecjs_connection	✓ 'aztecjs_connection' validated successfully
aztecjs_connection	Cleaning up temporary files for 'aztecjs_connection'...
bob_token_contract	validate_project bob_token_contract
bob_token_contract	ERROR: Artifact not found for 'bob_token_contract': /home/aztec-dev/aztec-packages/docs/target/bob_token_contract-BobToken.json
parallel: This job failed:
validate_project bob_token_contract
Seq	Host	Starttime	JobRuntime	Send	Receive	Exitval	Signal	Command
4	:	1770717577.584	     4.889	0	1939	0	0	validate_project aztecjs_getting_started
3	:	1770717577.581	     5.069	0	1999	0	0	validate_project aztecjs_connection
6	:	1770717582.655	     0.033	0	164	1	0	validate_project bob_token_contract
ERROR: Some project(s) failed validation

Action required: Please fix the docs examples or update them to match the current API.

cc @AztecProtocol/devrel

@AztecBot
Copy link
Collaborator

AztecBot commented Feb 10, 2026

Flakey Tests

🤖 says: This CI run detected 2 tests that failed, but were tolerated due to a .test_patterns.yml entry.

\033FLAKED\033 (8;;http://ci.aztec-labs.com/ec628cbc6606ab2d�ec628cbc6606ab2d8;;�): yarn-project/scripts/run_test.sh p2p/src/client/test/p2p_client.integration_message_propagation.test.ts (55s) (code: 1) group:e2e-p2p-epoch-flakes
\033FLAKED\033 (8;;http://ci.aztec-labs.com/9e23ea482d5668cf�9e23ea482d5668cf8;;�): ./boxes/scripts/run_test.sh react chromium (605s) (code: 124)

@benesjan benesjan mentioned this pull request Feb 10, 2026
Merged
@benesjan
Copy link
Contributor Author

benesjan commented Feb 10, 2026

BTW tackled the new Noir compiler warnings in #20329

@benesjan benesjan requested a review from Thunkar February 10, 2026 10:35
@benesjan benesjan enabled auto-merge February 10, 2026 10:36
github-merge-queue bot pushed a commit that referenced this pull request Feb 10, 2026
@benesjan
fix: getting rid of noir compiler warnings (#20329)
c378ee4 
Having "dep::" in imports is now [throwing Noir compiler
warnings](#20328 (comment))
so I am dropping the remaining occurrences
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Thunkar Thunkar Awaiting requested review from Thunkar

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@benesjan @AztecBot