Skip to content

BM-1644: [V-BND-VUL-004] Validate request within the assessor #1165

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 8 commits into from
Oct 9, 2025
+82 −53
Merged

BM-1644: [V-BND-VUL-004] Validate request within the assessor #1165

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
b253710
reuse signing_hash
capossele Sep 24, 2025
f030bc0
validate request on assessor
capossele Sep 24, 2025
541109a
fix assessor test
capossele Sep 24, 2025
660b192
fix boundless-cli test
capossele Sep 24, 2025
20f1674
fix aggregator tests
capossele Sep 24, 2025
3894ec4
improve eval
capossele Sep 29, 2025
b6664b7
add predicate data length check
capossele Sep 30, 2025
cbc31ad
Merge branch 'main' into angelo/V-BND-VUL-004
capossele Oct 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions crates/assessor/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -195,7 +195,7 @@ mod tests {
ProofRequest::new(
RequestId::new(signer, id),
Requirements::new(Predicate::prefix_match(Digest::from_bytes(image_id.0), prefix)),
"test",
"http://test.null",
RequestInput { inputType: RequestInputType::Url, data: Default::default() },
Offer {
minPrice: U256::from(1),
Expand All @@ -213,7 +213,7 @@ mod tests {
ProofRequest::new(
RequestId::new(signer, id),
Requirements::new(Predicate::claim_digest_match(claim_digest)),
"test",
"http://test.null",
RequestInput { inputType: RequestInputType::Url, data: Default::default() },
Offer {
minPrice: U256::from(1),
Expand Down
8 changes: 6 additions & 2 deletions crates/boundless-cli/src/lib.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -389,7 +389,7 @@ fn is_dev_mode() -> bool {
mod tests {
use super::*;
use alloy::{
primitives::{FixedBytes, Signature},
primitives::{FixedBytes, Signature, U256},
signers::local::PrivateKeySigner,
};
use boundless_market::contracts::{
Expand All @@ -412,7 +412,11 @@ mod tests {
}),
format!("file://{ECHO_PATH}"),
RequestInput::builder().write_slice(&[1, 2, 3, 4]).build_inline().unwrap(),
Offer::default(),
Offer::default()
.with_timeout(60)
.with_lock_timeout(30)
.with_max_price(U256::from(1000))
.with_ramp_up_start(10),
);

let signature = request.sign_request(signer, Address::ZERO, 1).await.unwrap();
Expand Down
6 changes: 2 additions & 4 deletions crates/boundless-market/src/contracts/mod.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -492,8 +492,7 @@ impl ProofRequest {
contract_addr: Address,
chain_id: u64,
) -> Result<Signature, RequestError> {
let domain = eip712_domain(contract_addr, chain_id);
let hash = self.eip712_signing_hash(&domain.alloy_struct());
let hash = self.signing_hash(contract_addr, chain_id)?;
Ok(signer.sign_hash(&hash).await?)
}

Expand All @@ -517,8 +516,7 @@ impl ProofRequest {
chain_id: u64,
) -> Result<(), RequestError> {
let sig = Signature::try_from(signature.as_ref())?;
let domain = eip712_domain(contract_addr, chain_id);
let hash = self.eip712_signing_hash(&domain.alloy_struct());
let hash = self.signing_hash(contract_addr, chain_id)?;
let addr = sig.recover_address_from_prehash(&hash)?;
if addr == self.client_address() {
Ok(())
Expand Down
9 changes: 3 additions & 6 deletions crates/boundless-market/src/order_stream_client.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@ use alloy::{
signers::{Error as SignerErr, Signer},
};
use alloy_primitives::B256;
use alloy_sol_types::SolStruct;
use anyhow::{Context, Result};
use async_stream::stream;
use chrono::{DateTime, Utc};
Expand All @@ -35,7 +34,7 @@ use tokio_tungstenite::{
};
use utoipa::ToSchema;

use crate::contracts::{eip712_domain, ProofRequest, RequestError};
use crate::contracts::{ProofRequest, RequestError};

/// Order stream submission API path.
pub const ORDER_SUBMISSION_PATH: &str = "/api/v1/submit_order";
Expand Down Expand Up @@ -135,8 +134,7 @@ impl Order {
/// Validate the Order
pub fn validate(&self, market_address: Address, chain_id: u64) -> Result<(), OrderError> {
self.request.validate()?;
let domain = eip712_domain(market_address, chain_id);
let hash = self.request.eip712_signing_hash(&domain.alloy_struct());
let hash = self.request.signing_hash(market_address, chain_id)?;
if hash != self.request_digest {
return Err(OrderError::RequestError(RequestError::DigestMismatch));
}
Expand Down Expand Up @@ -224,8 +222,7 @@ impl OrderStreamClient {
let url = self.base_url.join(ORDER_SUBMISSION_PATH)?;
let signature =
request.sign_request(signer, self.boundless_market_address, self.chain_id).await?;
let domain = eip712_domain(self.boundless_market_address, self.chain_id);
let request_digest = request.eip712_signing_hash(&domain.alloy_struct());
let request_digest = request.signing_hash(self.boundless_market_address, self.chain_id)?;
let order = Order { request: request.clone(), request_digest, signature };
order.validate(self.boundless_market_address, self.chain_id)?;
let order_json = serde_json::to_value(&order)?;
Expand Down
4 changes: 2 additions & 2 deletions crates/broker/src/aggregator.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1211,7 +1211,7 @@ mod tests {
minPrice: U256::from(min_price),
maxPrice: U256::from(250000000000000000u64),
rampUpStart: now_timestamp(),
timeout: 50,
timeout: 100,
lockTimeout: 100,
rampUpPeriod: 1,
lockCollateral: U256::from(10),
Expand Down Expand Up @@ -1331,7 +1331,7 @@ mod tests {
minPrice: U256::from(min_price),
maxPrice: U256::from(250000000000000000u64),
rampUpStart: now_timestamp(),
timeout: 50,
timeout: 100,
lockTimeout: 100,
rampUpPeriod: 1,
lockCollateral: U256::from(10),
Expand Down
1 change: 1 addition & 0 deletions crates/guest/assessor/assessor-guest/src/main.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,7 @@ fn main() {
// by this guest. This check is not strictly needed, but reduces the chance of accidentally
// failing to enforce a constraint.
RequestId::try_from(fill.request.id).unwrap();
fill.request.validate().expect("request is not valid");

// ECDSA signatures are always checked here.
// Smart contract signatures (via EIP-1271) are checked on-chain either when a request is locked,
Expand Down
6 changes: 2 additions & 4 deletions crates/order-stream/src/order_db.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -272,10 +272,9 @@ mod tests {
use alloy::{
primitives::{Bytes, U256},
signers::local::LocalSigner,
sol_types::SolStruct,
};
use boundless_market::contracts::{
eip712_domain, Offer, Predicate, ProofRequest, RequestInput, RequestInputType, Requirements,
Offer, Predicate, ProofRequest, RequestInput, RequestInputType, Requirements,
};
use futures_util::StreamExt;
use risc0_zkvm::sha::Digest;
Expand Down Expand Up @@ -305,8 +304,7 @@ mod tests {
},
};
let signature = req.sign_request(&signer, Address::ZERO, 31337).await.unwrap();
let domain = eip712_domain(Address::ZERO, 31337);
let request_digest = req.eip712_signing_hash(&domain.alloy_struct());
let request_digest = req.signing_hash(Address::ZERO, 31337).unwrap();

Order::new(req, request_digest, signature)
}
Expand Down
Loading