Skip to content

fix!: sstore allowed injection of malicious write rows #19470

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
dbanks12 merged 3 commits into from
Jan 12, 2026
Merged

fix!: sstore allowed injection of malicious write rows #19470

dbanks12 merged 3 commits into from
Jan 12, 2026

Conversation

@dbanks12
Copy link
Contributor

@dbanks12 dbanks12 commented Jan 9, 2026
edited
Loading

this would have allowed arbitrary public data write injections

This PR adds a constraint-level test and an integration test to confirm the fix

@dbanks12 Graphite App
Copy link
Contributor Author

dbanks12 commented Jan 9, 2026

This stack of pull requests is managed by Graphite. Learn more about stacking.

@dbanks12 dbanks12 force-pushed the db/sstore-exploit branch 2 times, most recently from c38996f to 36770d3 Compare January 9, 2026 19:54
@dbanks12 dbanks12 changed the title fix!: sstore allowed injection of erroneous write rows fix!: sstore allowed injection of malicious write rows Jan 9, 2026
@dbanks12 dbanks12 marked this pull request as ready for review January 9, 2026 19:54
@dbanks12 dbanks12 requested review from sirasistant and removed request for IlyasRidhuan, Maddiaa0, fcarreiro and jeanmon January 9, 2026 19:54
sirasistant
sirasistant reviewed Jan 12, 2026
View reviewed changes
@dbanks12 dbanks12 requested a review from sirasistant January 12, 2026 15:23
@dbanks12 dbanks12 merged commit b25da2e into merge-train/avm Jan 12, 2026
9 checks passed
@dbanks12 dbanks12 deleted the db/sstore-exploit branch January 12, 2026 15:54
@AztecBot AztecBot mentioned this pull request Jan 12, 2026
Merged
github-merge-queue bot pushed a commit that referenced this pull request Jan 12, 2026
@fcarreiro
feat: merge-train/avm (#19496)
b7c8acf 
BEGIN_COMMIT_OVERRIDE
feat(avm security): add static check for isolated/unused columns
(#19489)
feat(avm): use noop calldata hasher in fast sim (#19495)
chore(avm): rename indirect -> addressing mode (#19491)
chore(avm): small cursor optimizations
chore(avm):! rename indirect -> addressing mode (PIL) (#19493)
fix(avm): constraint when unwinding empty call stack (#19485)
feat(avm): Fuzz debug log and refactor env getter (#19494)
fix!: ecc add predicate completeness bug (#19471)
chore(avm): callstackmetadatacollector clarifications (#19490)
chore: sanity assert in execution for bytecode id (#19486)
fix!: sstore allowed injection of malicious write rows (#19470)
fix!: defensive ghost row constraints in bc_hashing pil (#19481)
fix(avm): fix execution::mov for mac? (#19507)
chore(avm)!: resolve execution TODOs (#19501)
fix!: multiple traces had ghost row injection vulnerabilities (#19480)
fix(avm): defensively copy MemoryValues (#19512)
feat: align TS and BB log levels (#19518)
END_COMMIT_OVERRIDE
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sirasistant sirasistant sirasistant approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dbanks12 @sirasistant