consensus-specs icon indicating copy to clipboard operation
consensus-specs copied to clipboard
verified publisher icon ethereum

No tests for SSZ union type

Open michaelsproul opened this issue 1 month ago • 7 comments

Ligthouse's SSZ impl was recently found to have a bug in its decoding of invalid Union types:

  • https://github.com/sigp/ethereum_ssz/issues/64

TL;DR we would decode 0x00......: Union[T...] as None, ignoring any trailing bytes after the 0x00 selector.

Fortunately this does not cause a consensus failure as Union is currently unused in Ethereum consensus.

However, I still think it would be prudent for the spec to add some tests exercising the Union code paths. Writing new tests in ssz_generic might be the simplest.

michaelsproul avatar Dec 01 '25 00:12 michaelsproul

The same issue was reported by the same bug-hunter against remerkleable:

  • https://github.com/protolambda/remerkleable/issues/28

(I have not validated this bug however)

michaelsproul avatar Dec 01 '25 01:12 michaelsproul

Hey @michaelsproul. Great findings from UCSB! Yes, we should definitely add tests for this.

jtraglia avatar Dec 01 '25 02:12 jtraglia

I threw copilot at it and it seemed to do OK:

  • https://github.com/michaelsproul/consensus-specs/pull/1

But I am not well-versed in the test generators, so will leave it up to you. Obvs feel free to take anything/nothing from that PR.

michaelsproul avatar Dec 01 '25 02:12 michaelsproul

I threw copilot at it and it seemed to do OK:

Oh cool. This does look pretty good. I'll leave it up to @leolara but yes, we might steal some of this 😄

jtraglia avatar Dec 01 '25 04:12 jtraglia

an alternative would be to remove Union entirely 🙈

wemeetagain avatar Dec 01 '25 13:12 wemeetagain

an alternative would be to remove Union entirely 🙈

well

  • https://github.com/ethereum/consensus-specs/pull/3906

tersec avatar Dec 01 '25 14:12 tersec

RIP, Lighthouse uses them internally in our database types 💀

michaelsproul avatar Dec 02 '25 00:12 michaelsproul