Zondax · neithanmo · Nov 20, 2024 · Nov 13, 2024 · Nov 13, 2024 · Nov 14, 2024
diff --git a/.clang-format b/.clang-format
@@ -0,0 +1,10 @@
+BasedOnStyle: Google
+IndentWidth: 4
+ColumnLimit: 125
+DerivePointerAlignment: false
+PointerAlignment: Right
+AllowShortFunctionsOnASingleLine: None
+AlignConsecutiveMacros:
+  Enabled: true
+  AcrossEmptyLines: true
+  AcrossComments: false
diff --git a/.clang-tidy b/.clang-tidy
@@ -0,0 +1,23 @@
+Checks: "-*,
+  clang-diagnostic-*,
+  clang-analyzer-*,
+  cppcoreguidelines-init-variables,
+  google-runtime-int,
+  google-readability-avoid-underscore-in-googletest-name,
+  misc-*,
+  performance-*,
+  portability-*,
+  readability-*,
+  -misc-no-recursion,
+  -readability-function-cognitive-complexity
+  -readability-magic-numbers"
+WarningsAsErrors: "*"
+CheckOptions:
+  - key: readability-identifier-length.MinimumVariableNameLength
+    value: 2
+  - key: readability-identifier-length.MinimumParameterNameLength
+    value: 2
+  - key: readability-identifier-length.MinimumLoopCounterNameLength
+    value: 1
+  - key: readability-magic-numbers.IgnorePowersOf2IntegerValues
+    value: true
diff --git a/.github/workflows/check_version.yml b/.github/workflows/check_version.yml
@@ -7,7 +7,7 @@ on:
       - main
       - develop
       - master # for safety reasons
-      - dev  # for safety reasons
+      # - dev  # for safety reasons
 
 jobs:
   configure:

diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -2,27 +2,34 @@ name: Lint and format 💅
 
 on:
   workflow_dispatch:
-  # push:
-  # pull_request:
-  #   branches:
-  #     - main
-  #     - develop
+  push:
+  pull_request:
+    branches:
+      - main
+      - develop
+      - master # for safety reasons
+      - dev # for safety reasons
 
 jobs:
   lint:
-    runs-on: ubuntu-latest
+    runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }}
     container: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder-legacy:latest
     steps:
       - uses: actions/checkout@v4
         with:
           submodules: recursive
       - name: Add missing deps
+        env:
+          DEBIAN_FRONTEND: noninteractive
         run: |
-          DEBIAN_FRONTEND=noninteractive
           apt-get update
           apt-get install -y bear sudo
       - name: Generate compilation database
         run: bear -- make -j BOLOS_SDK="$NANOSP_SDK"
+      - name: Setup python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
       - name: Lint and format 💅
         uses: cpp-linter/cpp-linter-action@v2
         id: linter

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -57,6 +57,10 @@ jobs:
         run: |
           cd ./app/rust
           cargo clippy --all-targets --features "clippy"
+      - name: cargo fmt
+        run: |
+          cd ./app/rust
+          cargo fmt
 
   build_ledger:
     needs: configure
@@ -264,3 +268,84 @@ jobs:
           tag_name: ${{ steps.flex.outputs.tag_name }}
           draft: false
           prerelease: false
+
+  fuzzing:
+    name: fuzzing
+    runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }}
+    container:
+      image: rust:latest
+    steps:
+      - uses: actions/checkout@v3
+
+      # Install only the additional dependencies needed for honggfuzz
+      - name: Install system dependencies
+        run: |
+          apt-get update && apt-get install -y \
+            binutils-dev \
+            libunwind-dev \
+            libblocksruntime-dev \
+            liblzma-dev
+
+      - name: Install honggfuzz
+        run: cargo install honggfuzz
+
+      - name: Generate corpus
+        run: |
+          cd app/hfuzz-parser/corpus
+          cargo run
+
+      # Different fuzzing durations based on trigger
+      - name: Quick fuzz (PR)
+        if: github.event_name == 'push'
+        run: |
+          cd app/hfuzz-parser
+          timeout --preserve-status 5m cargo hfuzz run transaction ../hfuzz_corpus/
+
+      - name: Medium fuzz (main)
+        if: github.event_name == 'pull_request'
+        run: |
+          cd app/hfuzz-parser
+          timeout --preserve-status 15m cargo hfuzz run transaction ../hfuzz_corpus/
+
+      - name: Extended fuzz (weekly)
+        if: github.event_name == 'schedule'
+        run: |
+          cd app/hfuzz-parser
+          timeout --preserve-status 30m cargo hfuzz run transaction ../hfuzz_corpus/
+
+      - name: Check for crashes
+        run: |
+          if ls app/hfuzz-parser/hfuzz_workspace/transaction/SIGABRT.PC.* 1> /dev/null 2>&1; then
+            echo "::error::Crashes found during fuzzing!"
+            exit 1
+          fi
+
+      - name: Upload crash artifacts
+        if: failure()
+        uses: actions/upload-artifact@v3
+        with:
+          name: crash-reports
+          path: |
+            app/hfuzz-parser/hfuzz_workspace/transaction/SIGABRT.PC.*
+            app/hfuzz-parser/hfuzz_workspace/transaction/HONGGFUZZ.REPORT.TXT
+            app/hfuzz-parser/hfuzz_workspace/transaction/input/
+
+      - name: Cache corpus
+        uses: actions/cache@v3
+        with:
+          path: app/hfuzz_corpus
+          key: ${{ runner.os }}-fuzz-corpus-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-fuzz-corpus-
+
+      - name: Notify on failure
+        if: failure()
+        uses: actions/github-script@v6
+        with:
+          script: |
+            github.rest.issues.create({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              title: 'Fuzzing found crashes',
+              body: 'Fuzzing job failed. Check the artifacts in the workflow run.'
+            })
diff --git a/.gitignore b/.gitignore
@@ -90,5 +90,6 @@ app/output/*.sha256
 app/pkg/*
 
 app/rust/.cargo/.package-cache-mutate
+app/hfuzz_corpus
 
 
diff --git a/Makefile b/Makefile
@@ -45,7 +45,8 @@ prod:
 	make PRODUCTION_BUILD=1
 
 rust_fuzz:
-	cd app/hfuzz-parser/ && cargo hfuzz run transaction
+	cd app/hfuzz-parser/corpus/ && cargo run
+	cd app/hfuzz-parser/ && cargo hfuzz run transaction app/hfuzz_corpus
 
 
 
diff --git a/app/FUZZING.md b/app/FUZZING.md
@@ -35,6 +35,13 @@ cargo hfuzz run-debug transaction hfuzz_workspace/*/*.fuzz
 
 ```
 
-This will deploy a gdb console with a backtrace with the first crash
+To opt to use _gdb_ instead of `lldb`, you can configure it before running the debugger with:
+
+```bash
+export HFUZZ_DEBUGGER="rust-gdb"
+
+```
+
+This will deploy a **gdb** console with a backtrace with the first crash
 
 _note_: There could be more than one _.fuzz_ file.
diff --git a/app/hfuzz-parser/Cargo.lock b/app/hfuzz-parser/Cargo.lock
diff --git a/app/hfuzz-parser/corpus/Cargo.lock b/app/hfuzz-parser/corpus/Cargo.lock
diff --git a/app/hfuzz-parser/corpus/Cargo.toml b/app/hfuzz-parser/corpus/Cargo.toml
@@ -0,0 +1,7 @@
+[package]
+name = "corpus-generator"
+version = "0.1.0"
+edition = "2021"
+
+[dependencies]
+hex = "0.4.3"
diff --git a/app/hfuzz-parser/corpus/src/main.rs b/app/hfuzz-parser/corpus/src/main.rs
@@ -0,0 +1,46 @@
+use hex::decode;
+use std::fs;
+
+fn generate_corpus() -> Result<(), std::io::Error> {
+    let corpus_dir = "../../hfuzz_corpus";
+    fs::create_dir_all(corpus_dir)?;
+
+    // Contract call with 20 args
+    let contract_call = "0000000001040097432af9a5c04675136b8c2badfbfe9bf17fa804000000000000003500000000000003e800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003020000000300021697432af9a5c04675136b8c2badfbfe9bf17fa8040100000000000000640003167c5f674a8fd08efa61dd9b11121e046dd2c892730a756e6976322d636f72650500000000000000010103167c5f674a8fd08efa61dd9b11121e046dd2c892730a756e6976322d636f7265167c5f674a8fd08efa61dd9b11121e046dd2c892730b76656c61722d746f6b656e0576656c6172030000000000000b3f02167c5f674a8fd08efa61dd9b11121e046dd2c8927311706174682d6170706c795f76315f325f30056170706c79000000180b000000010c0000000601610d0000000175016206167c5f674a8fd08efa61dd9b11121e046dd2c892730976656c61722d73747801630100000000000000000000000000000015016406167c5f674a8fd08efa61dd9b11121e046dd2c892730477737478016506167c5f674a8fd08efa61dd9b11121e046dd2c892730b76656c61722d746f6b656e01660401000000000000000000000000000000640a06167c5f674a8fd08efa61dd9b11121e046dd2c8927304777374780a06167c5f674a8fd08efa61dd9b11121e046dd2c892730b76656c61722d746f6b656e0909090a06167c5f674a8fd08efa61dd9b11121e046dd2c8927312756e6976322d73686172652d6665652d746f09090909090909090909090909090909";
+
+    // Swap transaction
+    let swap = "000000000104009ef3889fd070159edcd8ef88a0ec87cea1592c83000000000000000000000000000f42400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000302000000060002169ef3889fd070159edcd8ef88a0ec87cea1592c830100000000000027100003167c5f674a8fd08efa61dd9b11121e046dd2c892730a756e6976322d636f72650300000000000000000103167c5f674a8fd08efa61dd9b11121e046dd2c892730a756e6976322d636f7265168c5e2f8d25627d6edebeb6d10fa3300f5acc8441086c6f6e67636f696e086c6f6e67636f696e0300000000000000000103167c5f674a8fd08efa61dd9b11121e046dd2c892730a756e6976322d636f7265168c5e2f8d25627d6edebeb6d10fa3300f5acc8441086c6f6e67636f696e086c6f6e67636f696e0300000000000000000102169ef3889fd070159edcd8ef88a0ec87cea1592c83168c5e2f8d25627d6edebeb6d10fa3300f5acc8441086c6f6e67636f696e086c6f6e67636f696e030000000000000000010316402da2c079e5d31d58b9cfc7286d1b1eb2f7834e0f616d6d2d7661756c742d76322d303116402da2c079e5d31d58b9cfc7286d1b1eb2f7834e0a746f6b656e2d616c657804616c65780300000000011c908a02162ec1a2dc2904ebc8b408598116c75e42c51afa2617726f757465722d76656c61722d616c65782d762d312d320d737761702d68656c7065722d6100000007010000000000000000000000000000271001000000000000000000000000011c908a040c00000002016106167c5f674a8fd08efa61dd9b11121e046dd2c892730477737478016206168c5e2f8d25627d6edebeb6d10fa3300f5acc8441086c6f6e67636f696e06167c5f674a8fd08efa61dd9b11121e046dd2c8927312756e6976322d73686172652d6665652d746f0c0000000201610616402da2c079e5d31d58b9cfc7286d1b1eb2f7834e0b746f6b656e2d776c6f6e6701620616402da2c079e5d31d58b9cfc7286d1b1eb2f7834e0a746f6b656e2d616c65780c0000000101610100000000000000000000000005f5e100";
+
+    // Versioned smart contract
+    let versioned_contract = "8080000000040060dbb32efe0c56e1d418c020f4cb71c556b6a60d0000000000000000000000000000000a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000301000000000602107468656e2d677265656e2d6d61636177000004cf3b3b2068656c6c6f2d776f726c6420636f6e74726163740a0a28646566696e652d636f6e7374616e742073656e6465722027535a324a365a593438475631455a35563256355242394d5036365357383650594b4b51394836445052290a28646566696e652d636f6e7374616e7420726563697069656e742027534d324a365a593438475631455a35563256355242394d5036365357383650594b4b51565838583047290a0a28646566696e652d66756e6769626c652d746f6b656e206e6f76656c2d746f6b656e2d3139290a2866742d6d696e743f206e6f76656c2d746f6b656e2d3139207531322073656e646572290a2866742d7472616e736665723f206e6f76656c2d746f6b656e2d31392075322073656e64657220726563697069656e74290a0a28646566696e652d6e6f6e2d66756e6769626c652d746f6b656e2068656c6c6f2d6e66742075696e74290a0a286e66742d6d696e743f2068656c6c6f2d6e66742075312073656e646572290a286e66742d6d696e743f2068656c6c6f2d6e66742075322073656e646572290a286e66742d7472616e736665723f2068656c6c6f2d6e66742075312073656e64657220726563697069656e74290a0a28646566696e652d7075626c69632028746573742d656d69742d6576656e74290a202028626567696e0a20202020287072696e7420224576656e74212048656c6c6f20776f726c64220a20202020286f6b207531290a2020290a290a0a28626567696e2028746573742d656d69742d6576656e7429290a0a28646566696e652d7075626c69632028746573742d6576656e742d7479706573290a202028626567696e0a2020202028756e777261702d70616e6963202866742d6d696e743f206e6f76656c2d746f6b656e2d313920753320726563697069656e7429290a2020202028756e777261702d70616e696320286e66742d6d696e743f2068656c6c6f2d6e667420753220726563697069656e7429290a2020202028756e777261702d70616e696320287374782d7472616e736665723f207536302074782d73656e6465722027535a324a365a593438475631455a35563256355242394d5036365357383650594b4b5139483644505229290a2020202028756e777261702d70616e696320287374782d6275726e3f207532302074782d73656e64657229290a20202020286f6b207531290a2020290a290a0a28646566696e652d6d61702073746f7265207b206b65793a20286275666620333229207d207b2076616c75653a20286275666620333229207d290a0a28646566696e652d7075626c696320286765742d76616c756520286b65792028627566662033322929290a202028626567696e0a20202020286d6174636820286d61702d6765743f2073746f7265207b206b65793a206b6579207d290a202020202020656e74727920286f6b20286765742076616c756520656e74727929290a202020202020286572722030290a20202020290a2020290a290a0a28646566696e652d7075626c696320287365742d76616c756520286b65792028627566662033322929202876616c75652028627566662033322929290a202028626567696e0a20202020286d61702d7365742073746f7265207b206b65793a206b6579207d207b2076616c75653a2076616c7565207d290a20202020286f6b207531290a2020290a290a"; // truncated for brevity
+
+    // With 7 post conditions
+    let multi_post_conditions = "808000000004002d89de56fd4db19741957831926e9ba96cf04158000000000000000300000000000000000001b019126ffa434bd7c816b3e1daa3163e322aae6cde06585d22d46286570e4a491eecc2dcd214a42eae62584ddbe8a96382ff1f34edb4ecedeab0a6b6b1e07d2003020000000701031a2d89de56fd4db19741957831926e9ba96cf041580b68656c6c6f2d776f726c641a2d89de56fd4db19741957831926e9ba96cf041580b68656c6c6f2d776f726c640a737461636b61726f6f73010000000000000064000103000000000000007c01031a2d89de56fd4db19741957831926e9ba96cf041580b68656c6c6f2d776f726c641a2d89de56fd4db19741957831926e9ba96cf041580b68656c6c6f2d776f726c640a737461636b61726f6f7303000000000000006400010300000000000000f701031a2d89de56fd4db19741957831926e9ba96cf041580b68656c6c6f2d776f726c641a2d89de56fd4db19741957831926e9ba96cf041580b68656c6c6f2d776f726c640a737461636b61726f6f73050000000000000064000103000000000000017202031a2d89de56fd4db19741957831926e9ba96cf041580b68656c6c6f2d776f726c641a2d89de56fd4db19741957831926e9ba96cf041580b68656c6c6f2d776f726c64056e616d657302000000040000006410021a2d89de56fd4db19741957831926e9ba96cf041580b68656c6c6f2d776f726c640f73656e642d737461636b61726f6f7300000001051a3b471808467d33eec688b7a7a75f06aad921ba6e";
+
+    // With fungible post conditions
+    let fungible_post_conditions = "808000000004003b471808467d33eec688b7a7a75f06aad921ba6e000000000000000100000000000000000000134ab418c3422c600bfeffb1a322b78edab12961fdea48f34cbbb4eae42a4a53401bf2a0d680e819028276cfa13c672a8031ddd17b46fda70a037fefb20e9e9203020000000101021a3b471808467d33eec688b7a7a75f06aad921ba6e1a2d89de56fd4db19741957831926e9ba96cf041580b68656c6c6f2d776f726c640a737461636b61726f6f73030000000000000064021a2d89de56fd4db19741957831926e9ba96cf041580b68656c6c6f2d776f726c6414757365722d73656e642d737461636b61726f6f7300000001051a2d89de56fd4db19741957831926e9ba96cf04158";
+
+    // Token transfer
+    let token_transfer = "8080000000040156da933238491425e460d335d3af8e04fd3e59970000000000000000000000000000000000000001020164b3d6fc5f1ac5093343f4b48dcfda73d85dbfccec276418e71fc928acc412fc62525e67103bee36df5e7ed07b73b668a27ab3703ce2d018a98a161c46bdcac2000203020000000000051abaa6de6c1badf30afa816e2c66db3125034facab00000000002625a06d756c746973696720747800000000000000000000000000000000000000000000006f7a42ccdce26688916ef6c182001fd1c703941c1224a9845ee54db9918acf67000164b3d6fc5f1ac5093343f4b48dcfda73d85dbfccec276418e71fc928acc412fc62525e67103bee36df5e7ed07b73b668a27ab3703ce2d018a98a161c46bdcac2";
+
+    // Write each transaction type to a separate file
+    let transactions = [
+        ("contract_call", contract_call),
+        ("swap", swap),
+        ("versioned_contract", versioned_contract),
+        ("multi_post_conditions", multi_post_conditions),
+        ("fungible_post_conditions", fungible_post_conditions),
+        ("token_transfer", token_transfer),
+    ];
+
+    for (name, hex_str) in transactions {
+        let bytes = decode(hex_str).expect("Invalid hex string");
+        fs::write(format!("{}/{}_{}", corpus_dir, name, bytes.len()), bytes)?;
+    }
+
+    Ok(())
+}
+
+fn main() {
+    generate_corpus().expect("Failed to generate corpus");
+}
diff --git a/app/rust/Cargo.toml b/app/rust/Cargo.toml
@@ -41,15 +41,6 @@ serde = { version = "1.0", features = ["derive"] }
 sha2 = { version = "0.9.1" }
 base64 = { version = "0.13.0" }
 
-
-[target.'cfg(fuzzing)'.dependencies]
-no-std-compat = { version = "0.4.1", features = ["std"] }
-sha2 = { version = "0.9.1" }
-hex = { version = "0.4" }
-serde-json-core = { version = "0.4.0", features = ["std"] }
-serde = { version = "1.0", features = ["derive"] }
-base64 = { version = "0.13.0" }
-
 [profile.release]
 lto = false
 codegen-units = 1

diff --git a/app/rust/native/Cargo.toml b/app/rust/native/Cargo.toml
@@ -21,6 +21,7 @@ hex = { version = "0.4", default-features = false }
 serde = { version = "1.0", default-features = false, features = ["derive"] }
 serde-json-core = { version = "0.4.0", features = ["std"] }
 nom = { version = "7.1.2", default-features = false }
+lexical-core = { version = "0.7", features = ["libm"] }
 
 
 [dependencies.arrayvec]
@@ -39,11 +40,13 @@ base64 = { version = "0.13.0" }
 
 
 [target.'cfg(fuzzing)'.dependencies]
-sha2 = { version = "0.9.1" }
 no-std-compat = { version = "0.4.1", features = ["std"] }
+sha2 = { version = "0.9.1" }
 hex = { version = "0.4" }
+serde-json-core = { version = "0.4.0", features = ["std"] }
 serde = { version = "1.0", features = ["derive"] }
 base64 = { version = "0.13.0" }
+lexical-core = { version = "0.7", features = ["libm"] }
 
 [profile.release]
 lto = false