fix: fix msg_sender direct call exploit

[MirandaWood]

Fixes exploit as first written here #7190. Essentially, a user calling a contract directly (bypassing the account contract) could impersonate any chosen address. This PR adds a check in the private init kernel to prevent setting the msg_sender. Commits are:

• 7c08eab -> 35ed54b - shows exploit working in token_contract test - apologies for the format fails (taken exactly from Lasse's PR test: add test to showcase kernel exploit #7190, slight change to allow for direct call)
• 4072ae3 -> b7f5987 - shows fix to exploit and edits above test to expect a fail (=> a pass on token_contract means exploit is fixed)
• 85da5a9 - removes test code from token_contract

[github-actions]

Changes to circuit sizes

Generated at commit: f351f021f46777801efa86ea92c0f63f45283b25, compared to commit: 9bcbb6c2e8a84a9462430f7a110fd6c2548e75ae

🧾 Summary (100% most significant diffs)

Program	ACIR opcodes (+/-)	%	Circuit size (+/-)	%
private_kernel_inner	+1,069 ❌	+2.36%	+994,119 ❌	+1529.44%
private_kernel_init	+629 ❌	+2.41%	+338,002 ❌	+746.77%
private_kernel_reset_small	+3,729 ❌	+6.23%	+661,078 ❌	+369.50%
private_kernel_tail_to_public	+381,780 ❌	+612.94%	+1,192,851 ❌	+240.25%
private_kernel_reset_medium	+6,937 ❌	+10.40%	+676,776 ❌	+235.92%
private_kernel_reset_big	+13,353 ❌	+16.61%	+708,172 ❌	+140.79%
public_kernel_app_logic	+619 ❌	+0.26%	+806,705 ❌	+137.37%
private_kernel_tail	+540 ❌	+2.58%	+645,409 ❌	+105.64%
private_kernel_reset	+26,185 ❌	+24.32%	+770,964 ❌	+82.43%
public_kernel_tail	+5,835 ❌	+0.60%	-244,457 ✅	-5.24%
public_kernel_teardown	-547 ✅	-0.23%	-250,800 ✅	-15.25%
public_kernel_setup	-660 ✅	-0.36%	-250,888 ✅	-15.87%
rollup_base	-508 ✅	-0.15%	-695,984 ✅	-18.51%
rollup_root	-1,813 ✅	-44.43%	-2,231,910 ✅	-70.98%
rollup_merge	-1,273 ✅	-47.11%	-1,489,445 ✅	-71.19%
parity_root	-2,567 ✅	-54.05%	-3,038,917 ✅	-72.84%
private_kernel_empty	-857 ✅	-48.15%	-770,103 ✅	-73.92%

---

Full diff report 👇

Program	ACIR opcodes (+/-)	%	Circuit size (+/-)	%
private_kernel_inner	46,434 (+1,069)	+2.36%	1,059,118 (+994,119)	+1529.44%
private_kernel_init	26,719 (+629)	+2.41%	383,264 (+338,002)	+746.77%
private_kernel_reset_small	63,618 (+3,729)	+6.23%	839,990 (+661,078)	+369.50%
private_kernel_tail_to_public	444,067 (+381,780)	+612.94%	1,689,353 (+1,192,851)	+240.25%
private_kernel_reset_medium	73,653 (+6,937)	+10.40%	963,647 (+676,776)	+235.92%
private_kernel_reset_big	93,722 (+13,353)	+16.61%	1,211,168 (+708,172)	+140.79%
public_kernel_app_logic	241,213 (+619)	+0.26%	1,393,960 (+806,705)	+137.37%
private_kernel_tail	21,468 (+540)	+2.58%	1,256,333 (+645,409)	+105.64%
private_kernel_reset	133,858 (+26,185)	+24.32%	1,706,208 (+770,964)	+82.43%
public_kernel_tail	971,161 (+5,835)	+0.60%	4,418,594 (-244,457)	-5.24%
public_kernel_teardown	241,409 (-547)	-0.23%	1,394,199 (-250,800)	-15.25%
public_kernel_setup	182,877 (-660)	-0.36%	1,330,281 (-250,888)	-15.87%
rollup_base	339,265 (-508)	-0.15%	3,065,074 (-695,984)	-18.51%
rollup_root	2,268 (-1,813)	-44.43%	912,731 (-2,231,910)	-70.98%
rollup_merge	1,429 (-1,273)	-47.11%	602,715 (-1,489,445)	-71.19%
parity_root	2,182 (-2,567)	-54.05%	1,132,877 (-3,038,917)	-72.84%
private_kernel_empty	923 (-857)	-48.15%	271,656 (-770,103)	-73.92%

[AztecBot]

Benchmark results

Metrics with a significant change:

• avm_simulation_time_ms (Token:mint_public): 58.1 (-84%)
• app_circuit_proving_time_in_ms (AuthRegistry:set_authorized (avm)): 1,396 (-18%)
• app_circuit_proving_time_in_ms (FPC:pay_refund (avm)): 25,659 (+33%)
• protocol_circuit_proving_time_in_ms (base-rollup): 91,866 (+17%)
• protocol_circuit_proving_time_in_ms (root-parity): 42,284 (+24%)
• protocol_circuit_proving_time_in_ms (public-kernel-setup): 44,807 (+22%)
• protocol_circuit_proving_time_in_ms (public-kernel-app-logic): 46,243 (+24%)
• protocol_circuit_proving_time_in_ms (public-kernel-teardown): 43,727 (+18%)
• protocol_circuit_proving_time_in_ms (public-kernel-tail): 187,355 (+18%)
• protocol_circuit_proving_time_in_ms (root-rollup): 22,862 (+16%)

Detailed results

All benchmarks are run on txs on the Benchmarking contract on the repository. Each tx consists of a batch call to create_note and increment_balance, which guarantees that each tx has a private call, a nested private call, a public call, and a nested public call, as well as an emitted private note, an unencrypted log, and public storage read and write.

This benchmark source data is available in JSON format on S3 here.

Proof generation

Each column represents the number of threads used in proof generation.

Metric	1 threads	4 threads	16 threads	32 threads	64 threads
proof_construction_time_sha256_ms	5,481 (-4%)	1,486 (-4%)	669 (-5%)	717 (-3%)	732 (-4%)
proof_construction_time_sha256_30_ms	11,048 (-6%)	2,960 (-6%)	1,299 (-8%)	1,349 (-5%)	1,393 (-5%)
proof_construction_time_sha256_100_ms	41,883 (-4%)	11,375 (-4%)	5,412 (-1%)	5,418 (+1%)	5,104 (-5%)
proof_construction_time_poseidon_hash_ms	75.0 (-4%)	34.0	34.0	57.0 (-3%)	91.0 (+5%)
proof_construction_time_poseidon_hash_30_ms	1,451 (-4%)	407 (-2%)	195 (-2%)	214 (-2%)	259 (-3%)
proof_construction_time_poseidon_hash_100_ms	5,373 (-4%)	1,472 (-3%)	651 (-5%)	697 (-2%)	710 (-5%)

L2 block published to L1

Each column represents the number of txs on an L2 block published to L1.

Metric	4 txs	8 txs	16 txs
l1_rollup_calldata_size_in_bytes	1,412	1,412	1,412
l1_rollup_calldata_gas	9,428	9,464	9,464
l1_rollup_execution_gas	613,456	613,643	613,794
l2_block_processing_time_in_ms	807 (+7%)	1,520 (+7%)	2,909 (+8%)
l2_block_building_time_in_ms	13,485 (+4%)	26,585 (+3%)	51,748 (+3%)
l2_block_rollup_simulation_time_in_ms	13,484 (+4%)	26,584 (+3%)	51,748 (+3%)
l2_block_public_tx_process_time_in_ms	11,358 (+4%)	24,286 (+3%)	49,445 (+3%)

L2 chain processing

Each column represents the number of blocks on the L2 chain where each block has 8 txs.

Metric	3 blocks	5 blocks
node_history_sync_time_in_ms	7,618 (+8%)	10,572 (+6%)
node_database_size_in_bytes	12,435,536	16,216,144
pxe_database_size_in_bytes	16,254	26,813

Circuits stats

Stats on running time and I/O sizes collected for every kernel circuit run across all benchmarks.

Circuit	simulation_time_in_ms	witness_generation_time_in_ms	proving_time_in_ms	input_size_in_bytes	output_size_in_bytes	proof_size_in_bytes	num_public_inputs	size_in_gates
private-kernel-init	113 (+3%)	415 (-3%)	14,610 (+3%)	20,002	55,022	76,256	2,316	524,288
private-kernel-inner	231 (+2%)	759 (-2%)	52,488 (+11%)	82,134	55,022	76,256	2,316	2,097,152
private-kernel-tail	1,064 (-1%)	2,498 (-3%)	48,872 (+10%)	62,409	62,089	14,944	400	2,097,152
base-parity	6.61 (+3%)	892 (-1%)	2,760 (+14%)	160	96.0	2,240	3.00	131,072
root-parity	74.0 (+3%)	76.3 (+15%)	⚠️ 42,284 (+24%)	27,868	96.0	2,752	19.0	2,097,152
base-rollup	4,287 (+2%)	5,070	⚠️ 91,866 (+17%)	172,028	632	3,552	44.0	4,194,304
root-rollup	136 (+5%)	91.0 (+19%)	⚠️ 22,862 (+16%)	25,053	652	3,488	42.0	1,048,576
public-kernel-setup	192	2,441 (+4%)	⚠️ 44,807 (+22%)	103,911	80,310	108,992	3,339	2,097,152
public-kernel-app-logic	151 (+1%)	3,413 (+3%)	⚠️ 46,243 (+24%)	103,911	80,310	108,992	3,339	2,097,152
public-kernel-tail	917 (+2%)	27,906 (+8%)	⚠️ 187,355 (+18%)	400,808	10,046	14,944	400	8,388,608
private-kernel-reset-small	304 (+4%)	1,139 (-5%)	28,222 (-1%)	79,273	55,022	76,256	2,316	1,048,576
public-kernel-teardown	138 (+1%)	3,377	⚠️ 43,727 (+18%)	103,911	80,310	108,992	3,339	2,097,152
merge-rollup	42.4 (+5%)	N/A	N/A	16,094	632	N/A	N/A	N/A
private-kernel-tail-to-public	N/A	8,491 (-3%)	54,842 (+11%)	N/A	N/A	108,992	3,339	2,097,152

Stats on running time collected for app circuits

Function	input_size_in_bytes	output_size_in_bytes	witness_generation_time_in_ms	proof_size_in_bytes	proving_time_in_ms	size_in_gates	num_public_inputs
ContractClassRegisterer:register	1,312	9,344	414 (+5%)	N/A	N/A	N/A	N/A
ContractInstanceDeployer:deploy	1,376	9,344	26.4 (+4%)	N/A	N/A	N/A	N/A
MultiCallEntrypoint:entrypoint	1,888	9,344	698 (+5%)	N/A	N/A	N/A	N/A
GasToken:deploy	1,344	9,344	581 (+1%)	N/A	N/A	N/A	N/A
SchnorrAccount:constructor	1,280	9,344	537 (+6%)	N/A	N/A	N/A	N/A
SchnorrAccount:entrypoint	2,272	9,344	911 (+6%)	16,352	4,913 (-5%)	131,072	444
Token:privately_mint_private_note	1,248	9,344	599 (+1%)	N/A	N/A	N/A	N/A
FPC:fee_entrypoint_public	1,312	9,344	108 (+3%)	16,352	1,780 (-7%)	65,536	444
Token:transfer	1,280	9,344	1,803 (+4%)	16,352	11,797 (+10%)	524,288	444
AuthRegistry:set_authorized (avm)	19,222	N/A	N/A	91,232	⚠️ 1,396 (-18%)	N/A	N/A
FPC:prepare_fee (avm)	26,664	N/A	N/A	91,296	3,096	N/A	N/A
Token:transfer_public (avm)	42,914	N/A	N/A	91,296	4,086 (+7%)	N/A	N/A
AuthRegistry:consume (avm)	33,100	N/A	N/A	91,232	2,955 (-2%)	N/A	N/A
FPC:pay_refund (avm)	36,829	N/A	N/A	91,264	⚠️ 25,659 (+33%)	N/A	N/A
Benchmarking:create_note	1,312	9,344	532 (+9%)	N/A	N/A	N/A	N/A
SchnorrAccount:verify_private_authwit	1,248	9,344	45.2 (+9%)	N/A	N/A	N/A	N/A
Token:unshield	1,344	9,344	1,488 (+6%)	N/A	N/A	N/A	N/A
FPC:fee_entrypoint_private	1,344	9,344	1,931 (+6%)	N/A	N/A	N/A	N/A

AVM Simulation

Time to simulate various public functions in the AVM.

Function	time_ms	bytecode_size_in_bytes
GasToken:_increase_public_balance	80.3 (-1%)	13,790
GasToken:set_portal	14.5 (+17%)	3,339
Token:constructor	105 (-5%)	23,692
FPC:constructor	74.2 (+2%)	13,592
GasToken:mint_public	63.9 (-4%)	10,158
Token:mint_public	⚠️ 58.1 (-84%)	19,034
Token:assert_minter_and_mint	69.8 (+6%)	12,925
AuthRegistry:set_authorized	37.5 (+3%)	7,812
FPC:prepare_fee	109 (+2%)	15,062
Token:transfer_public	38.0 (+28%)	31,218
FPC:pay_refund	140 (+2%)	25,260
Benchmarking:increment_balance	1,368 (+3%)	15,267
Token:_increase_public_balance	17.4 (+8%)	15,006
FPC:pay_refund_with_shielded_rebate	174 (+2%)	26,347

Public DB Access

Time to access various public DBs.

Function	time_ms
get-nullifier-index	0.155 (+5%)

Tree insertion stats

The duration to insert a fixed batch of leaves into each tree type.

Metric	1 leaves	16 leaves	64 leaves	128 leaves	256 leaves	512 leaves	1024 leaves
batch_insert_into_append_only_tree_16_depth_ms	10.9 (+4%)	17.5 (+4%)	N/A	N/A	N/A	N/A	N/A
batch_insert_into_append_only_tree_16_depth_hash_count	16.8	31.7	N/A	N/A	N/A	N/A	N/A
batch_insert_into_append_only_tree_16_depth_hash_ms	0.630 (+5%)	0.540 (+4%)	N/A	N/A	N/A	N/A	N/A
batch_insert_into_append_only_tree_32_depth_ms	N/A	N/A	50.4 (+4%)	80.2 (+6%)	140 (+7%)	264 (+7%)	502 (+7%)
batch_insert_into_append_only_tree_32_depth_hash_count	N/A	N/A	95.9	159	287	543	1,055
batch_insert_into_append_only_tree_32_depth_hash_ms	N/A	N/A	0.516 (+4%)	0.494 (+6%)	0.480 (+7%)	0.478 (+8%)	0.469 (+7%)
batch_insert_into_indexed_tree_20_depth_ms	N/A	N/A	62.2 (+4%)	119 (+6%)	196 (+9%)	384 (+8%)	738 (+7%)
batch_insert_into_indexed_tree_20_depth_hash_count	N/A	N/A	109	207	355	691	1,363
batch_insert_into_indexed_tree_20_depth_hash_ms	N/A	N/A	0.526 (+4%)	0.535 (+7%)	0.516 (+8%)	0.518 (+8%)	0.505 (+7%)
batch_insert_into_indexed_tree_40_depth_ms	N/A	N/A	77.0 (+5%)	N/A	N/A	N/A	N/A
batch_insert_into_indexed_tree_40_depth_hash_count	N/A	N/A	133	N/A	N/A	N/A	N/A
batch_insert_into_indexed_tree_40_depth_hash_ms	N/A	N/A	0.548 (+6%)	N/A	N/A	N/A	N/A

Miscellaneous

Transaction sizes based on how many contract classes are registered in the tx.

Metric	0 registered classes	1 registered classes
tx_size_in_bytes	74,105	667,868

Transaction size based on fee payment method

| Metric | |
| - | |

[Thunkar]

Can you please take a look at txe and also align it with this change (default msg_sender set to Field.MAX). It shouldn't affect the current tests, but just to make sure we respect the protocol rules 😁

[MirandaWood]

NB: This change isn't actually required for the tests to pass (this test doesn't reach the kernels), it's just there to keep in line with Fr.MAX as the new default msg_sender value.

[LeilaWang]

Thanks for fixing this!

[LeilaWang]

Will be nice to create a constant so that it's easier to find where MAX_FIELD is used!

[MirandaWood]

Done! It's called MAX_FIELD_VALUE across the repo

[LeilaWang]

🎉