Skip to content
This repository has been archived by the owner on Jan 22, 2025. It is now read-only.

[zk-token-sdk] Fix transfer with fee edge case error #34314

Merged
merged 3 commits into from
Dec 6, 2023
Merged

[zk-token-sdk] Fix transfer with fee edge case error #34314

merged 3 commits into from
Dec 6, 2023

Conversation

samkim-crypto
Copy link
Contributor

@samkim-crypto samkim-crypto commented Dec 5, 2023
edited
Loading

Problem

In the way the transfer with fee proof is currently calculated, it is possible for transfer fee to be greater than the transfer amount. This stems from some edge cases that were missed in the way range proof is used.

  1. We call the difference of transfer_fee * 10_000 - transfer_amount * fee_basis_point the delta_fee. If the fee is calculated correctly, then the delta_fee must be in the range 0 <= delta_fee < 10_000. We use range proof to check this. However, since range proof only works for ranges of power-of-two, we require the prover to generate two range proofs: (i) 0 <= delta_fee < 16_384 (16384 = 2^14) and (ii) 0 <= 10_000 - delta_fee < 16_384. However, if delta_fee = 10_000, then both conditions (i) and (ii) are satisfied. What we really want for condition (ii) is 0 <= 9_999 - delta_fee < 16_384.
  2. If the calculated fee is less than the max fee parameter, then the fee sigma proof enforces the transfer fee to be less than or equal to the transfer amount. However, if the max fee parameter is greater than the transfer amount, then the fee sigma proof is insufficient to certify that the fee is at most the transfer amount.

#33526

Summary of Changes

  1. Fixed the off-by-one error
  2. Added an additional range proof to certify that the transfer fee is at most the transfer amount. Specifically, in the batched range proof condition, I added the condition transfer_amount - transfer_fee is a positive 64-bit number. Since the range proofs are batched, this additional condition does not increase the cost or size of the range proof itself.
  3. Removed unchecked arithmetic.

Fixes #

@samkim-crypto samkim-crypto added the work in progress This isn't quite right yet label Dec 5, 2023
@codecov Codecov
Copy link

codecov bot commented Dec 5, 2023
edited
Loading

Codecov Report

Merging #34314 (94e0ca9) into master (d451675) will decrease coverage by 0.1%.
Report is 15 commits behind head on master.
The diff coverage is 100.0%.

Additional details and impacted files 
@@            Coverage Diff            @@
##           master   #34314     +/-   ##
=========================================
- Coverage    81.9%    81.9%   -0.1%     
=========================================
  Files         819      819             
  Lines      220228   220234      +6     
=========================================
- Hits       180535   180510     -25     
- Misses      39693    39724     +31

@samkim-crypto samkim-crypto removed the work in progress This isn't quite right yet label Dec 6, 2023
joncinque
joncinque approved these changes Dec 6, 2023
View reviewed changes
Copy link
Contributor

@joncinque joncinque left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great, and thanks for all the explanation!

@samkim-crypto samkim-crypto merged commit d21e7ed into solana-labs:master Dec 6, 2023
@willhickey willhickey mentioned this pull request Mar 28, 2024
Closed
@joncinque joncinque mentioned this pull request Oct 11, 2024
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@joncinque joncinque joncinque approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@samkim-crypto @joncinque