Skip to content

fix!: undo bad fix#20987

Merged
LHerskind merged 1 commit intonextfrom
lh/undo-tally-fix
Mar 1, 2026
Merged

fix!: undo bad fix#20987
LHerskind merged 1 commit intonextfrom
lh/undo-tally-fix

Conversation

@LHerskind
Copy link
Contributor

@LHerskind LHerskind commented Mar 1, 2026

In b7605403131 a fix was applied to avoid a revert when slashing quorum was reached for empty committees. This was something that was quite unlikely, but as the fix seemed easy we applied it. In doing so, we did not validate the new use of input values properly (missing input validation anyone?). Anyway, then r0bert from Spearbit had a look because he was reviewing some faintly related code, and realized that the new part could be used to bypass a slash by convincing the execution that it was empty.

To avoid this issue, we are essentially undoing the fix (no longer skip), but keep the test slightly altered to showcase that this is now intended behaviour.

The code is current not deployed anywhere

Copy link
Contributor Author

This stack of pull requests is managed by Graphite. Learn more about stacking.

@LHerskind LHerskind marked this pull request as ready for review March 1, 2026 11:44
@LHerskind LHerskind added this pull request to the merge queue Mar 1, 2026
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Mar 1, 2026
@LHerskind LHerskind added this pull request to the merge queue Mar 1, 2026
Merged via the queue into next with commit 8e01e5c Mar 1, 2026
38 of 40 checks passed
@LHerskind LHerskind deleted the lh/undo-tally-fix branch March 1, 2026 18:42
AztecBot pushed a commit that referenced this pull request Mar 1, 2026
In b7605403131 a fix was applied to avoid a revert when slashing quorum was reached for empty committees. This was something that was quite unlikely, but as the fix seemed easy we applied it. In doing so, we did not validate the new use of input values properly (missing input validation anyone?). Anyway, then r0bert from Spearbit had a look because he was reviewing some faintly related code, and realized that the new part could be used to bypass a slash by convincing the execution that it was empty.

To avoid this issue, we are essentially undoing the fix (no longer skip), but keep the test slightly altered to showcase that this is now intended behaviour.

The code is current not deployed anywhere
@AztecBot
Copy link
Collaborator

AztecBot commented Mar 1, 2026

✅ Successfully backported to backport-to-v4-staging #20980.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants