fix: harden runtime safety fallout

Author: sergeytimoshin

forester/src/forester_status.rs

@@ -670,8 +670,8 @@ fn parse_tree_status(
             let fullness = next_index as f64 / capacity as f64 * 100.0;
 
             let (queue_len, queue_cap) = queue_account
-                .map(|acc| {
-                    match unsafe { parse_hash_set_from_bytes::<QueueAccount>(&acc.data) } {
+                .map(
+                    |acc| match unsafe { parse_hash_set_from_bytes::<QueueAccount>(&acc.data) } {
                         Ok(hs) => {
                             let len = hs
                                 .iter()
@@ -684,8 +684,8 @@ fn parse_tree_status(
                             warn!(?error, "Failed to parse StateV1 queue hash set");
                             (None, None)
                         }
-                    }
-                })
+                    },
+                )
                 .unwrap_or((None, None));
 
             (
@@ -727,8 +727,8 @@ fn parse_tree_status(
             let fullness = next_index as f64 / capacity as f64 * 100.0;
 
             let (queue_len, queue_cap) = queue_account
-                .map(|acc| {
-                    match unsafe { parse_hash_set_from_bytes::<QueueAccount>(&acc.data) } {
+                .map(
+                    |acc| match unsafe { parse_hash_set_from_bytes::<QueueAccount>(&acc.data) } {
                         Ok(hs) => {
                             let len = hs
                                 .iter()
@@ -741,8 +741,8 @@ fn parse_tree_status(
                             warn!(?error, "Failed to parse AddressV1 queue hash set");
                             (None, None)
                         }
-                    }
-                })
+                    },
+                )
                 .unwrap_or((None, None));
 
             (

forester/src/processor/v2/proof_worker.rs

@@ -164,7 +164,9 @@ impl ProofClients {
     }
 }
 
-pub fn spawn_proof_workers(config: &ProverConfig) -> crate::Result<async_channel::Sender<ProofJob>> {
+pub fn spawn_proof_workers(
+    config: &ProverConfig,
+) -> crate::Result<async_channel::Sender<ProofJob>> {
     let (job_tx, job_rx) = async_channel::bounded::<ProofJob>(256);
     let clients = Arc::new(ProofClients::new(config)?);
     tokio::spawn(async move { run_proof_pipeline(job_rx, clients).await });

program-tests/utils/src/mock_batched_forester.rs

@@ -209,9 +209,7 @@ impl<const HEIGHT: usize> MockBatchedForester<HEIGHT> {
             &[],
         )?;
         let proof_client = ProofClient::local()?;
-        let proof_result = proof_client
-            .generate_batch_update_proof(inputs)
-            .await?;
+        let proof_result = proof_client.generate_batch_update_proof(inputs).await?;
         let new_root = self.merkle_tree.root();
         let proof = CompressedProof {
             a: proof_result.0.proof.a,

prover/client/src/proof.rs

@@ -12,6 +12,9 @@ use solana_bn254::compression::prelude::{
     convert_endianness,
 };
 
+pub type CompressedProofBytes = ([u8; 32], [u8; 64], [u8; 32]);
+pub type UncompressedProofBytes = ([u8; 64], [u8; 128], [u8; 64]);
+
 #[derive(Debug, Clone, Copy)]
 pub struct ProofCompressed {
     pub a: [u8; 32],
@@ -71,9 +74,8 @@ pub fn deserialize_hex_string_to_be_bytes(hex_str: &str) -> Result<[u8; 32], Pro
         .strip_prefix("0x")
         .or_else(|| hex_str.strip_prefix("0X"))
         .unwrap_or(hex_str);
-    let big_uint = num_bigint::BigUint::from_str_radix(trimmed_str, 16).map_err(|error| {
-        ProverClientError::InvalidHexString(format!("{hex_str}: {error}"))
-    })?;
+    let big_uint = num_bigint::BigUint::from_str_radix(trimmed_str, 16)
+        .map_err(|error| ProverClientError::InvalidHexString(format!("{hex_str}: {error}")))?;
     let big_uint_bytes = big_uint.to_bytes_be();
     if big_uint_bytes.len() > 32 {
         return Err(ProverClientError::InvalidHexString(format!(
@@ -95,7 +97,7 @@ pub fn compress_proof(
     proof_a: &[u8; 64],
     proof_b: &[u8; 128],
     proof_c: &[u8; 64],
-) -> Result<([u8; 32], [u8; 64], [u8; 32]), ProverClientError> {
+) -> Result<CompressedProofBytes, ProverClientError> {
     let proof_a = alt_bn128_g1_compress(proof_a)?;
     let proof_b = alt_bn128_g2_compress(proof_b)?;
     let proof_c = alt_bn128_g1_compress(proof_c)?;
@@ -104,7 +106,7 @@ pub fn compress_proof(
 
 pub fn proof_from_json_struct(
     json: GnarkProofJson,
-) -> Result<([u8; 64], [u8; 128], [u8; 64]), ProverClientError> {
+) -> Result<UncompressedProofBytes, ProverClientError> {
     let proof_a_x = deserialize_hex_string_to_be_bytes(json.ar.first().ok_or_else(|| {
         ProverClientError::InvalidProofData("missing proof A x coordinate".to_string())
     })?)?;
@@ -117,37 +119,24 @@ pub fn proof_from_json_struct(
         .map_err(|_| ProverClientError::InvalidProofData("invalid proof A length".to_string()))?;
     let proof_a = negate_g1(&proof_a)?;
     let proof_b_x_0 = deserialize_hex_string_to_be_bytes(
-        json.bs
-            .first()
-            .and_then(|row| row.first())
-            .ok_or_else(|| {
-                ProverClientError::InvalidProofData("missing proof B x0 coordinate".to_string())
-            })?,
+        json.bs.first().and_then(|row| row.first()).ok_or_else(|| {
+            ProverClientError::InvalidProofData("missing proof B x0 coordinate".to_string())
+        })?,
     )?;
     let proof_b_x_1 = deserialize_hex_string_to_be_bytes(
-        json.bs
-            .first()
-            .and_then(|row| row.get(1))
-            .ok_or_else(|| {
-                ProverClientError::InvalidProofData("missing proof B x1 coordinate".to_string())
-            })?,
+        json.bs.first().and_then(|row| row.get(1)).ok_or_else(|| {
+            ProverClientError::InvalidProofData("missing proof B x1 coordinate".to_string())
+        })?,
     )?;
     let proof_b_y_0 = deserialize_hex_string_to_be_bytes(
-        json.bs
-            .get(1)
-            .and_then(|row| row.first())
-            .ok_or_else(|| {
-                ProverClientError::InvalidProofData("missing proof B y0 coordinate".to_string())
-            })?,
-    )?;
-    let proof_b_y_1 = deserialize_hex_string_to_be_bytes(
-        json.bs
-            .get(1)
-            .and_then(|row| row.get(1))
-            .ok_or_else(|| {
-                ProverClientError::InvalidProofData("missing proof B y1 coordinate".to_string())
-            })?,
+        json.bs.get(1).and_then(|row| row.first()).ok_or_else(|| {
+            ProverClientError::InvalidProofData("missing proof B y0 coordinate".to_string())
+        })?,
     )?;
+    let proof_b_y_1 =
+        deserialize_hex_string_to_be_bytes(json.bs.get(1).and_then(|row| row.get(1)).ok_or_else(
+            || ProverClientError::InvalidProofData("missing proof B y1 coordinate".to_string()),
+        )?)?;
     let proof_b: [u8; 128] = [proof_b_x_0, proof_b_x_1, proof_b_y_0, proof_b_y_1]
         .concat()
         .try_into()

prover/client/tests/batch_address_append.rs

@@ -38,40 +38,39 @@ async fn prove_batch_address_append() {
         IndexedMerkleTree::<Poseidon, usize>::new(DEFAULT_BATCH_ADDRESS_TREE_HEIGHT as usize, 0)
             .unwrap();
 
-    let collect_non_inclusion_data =
-        |tree: &IndexedMerkleTree<Poseidon, usize>, values: &[BigUint]| {
-            let mut low_element_values = Vec::with_capacity(values.len());
-            let mut low_element_indices = Vec::with_capacity(values.len());
-            let mut low_element_next_indices = Vec::with_capacity(values.len());
-            let mut low_element_next_values = Vec::with_capacity(values.len());
-            let mut low_element_proofs: Vec<
-                [[u8; 32]; DEFAULT_BATCH_ADDRESS_TREE_HEIGHT as usize],
-            > = Vec::with_capacity(values.len());
-
-            for new_element_value in values {
-                let non_inclusion_proof = tree.get_non_inclusion_proof(new_element_value).unwrap();
-
-                low_element_values.push(non_inclusion_proof.leaf_lower_range_value);
-                low_element_indices.push(non_inclusion_proof.leaf_index);
-                low_element_next_indices.push(non_inclusion_proof.next_index);
-                low_element_next_values.push(non_inclusion_proof.leaf_higher_range_value);
-                low_element_proofs.push(
-                    non_inclusion_proof
-                        .merkle_proof
-                        .as_slice()
-                        .try_into()
-                        .unwrap(),
-                );
-            }
-
-            (
-                low_element_values,
-                low_element_indices,
-                low_element_next_indices,
-                low_element_next_values,
-                low_element_proofs,
-            )
-        };
+    let collect_non_inclusion_data = |tree: &IndexedMerkleTree<Poseidon, usize>,
+                                      values: &[BigUint]| {
+        let mut low_element_values = Vec::with_capacity(values.len());
+        let mut low_element_indices = Vec::with_capacity(values.len());
+        let mut low_element_next_indices = Vec::with_capacity(values.len());
+        let mut low_element_next_values = Vec::with_capacity(values.len());
+        let mut low_element_proofs: Vec<[[u8; 32]; DEFAULT_BATCH_ADDRESS_TREE_HEIGHT as usize]> =
+            Vec::with_capacity(values.len());
+
+        for new_element_value in values {
+            let non_inclusion_proof = tree.get_non_inclusion_proof(new_element_value).unwrap();
+
+            low_element_values.push(non_inclusion_proof.leaf_lower_range_value);
+            low_element_indices.push(non_inclusion_proof.leaf_index);
+            low_element_next_indices.push(non_inclusion_proof.next_index);
+            low_element_next_values.push(non_inclusion_proof.leaf_higher_range_value);
+            low_element_proofs.push(
+                non_inclusion_proof
+                    .merkle_proof
+                    .as_slice()
+                    .try_into()
+                    .unwrap(),
+            );
+        }
+
+        (
+            low_element_values,
+            low_element_indices,
+            low_element_next_indices,
+            low_element_next_values,
+            low_element_proofs,
+        )
+    };
 
     let initial_start_index = relayer_merkle_tree.merkle_tree.rightmost_index;
     let initial_root = relayer_merkle_tree.root();

sdk-libs/client/src/local_test_validator.rs

@@ -110,10 +110,7 @@ pub async fn spawn_validator(config: LightValidatorConfig) {
                 .stderr(Stdio::inherit())
                 .spawn()
                 .expect("Failed to start server process");
-            let status = child
-                .wait()
-                .await
-                .expect("Failed to wait for CLI process");
+            let status = child.wait().await.expect("Failed to wait for CLI process");
             assert!(status.success(), "CLI exited with error: {}", status);
         } else {
             let _child = Command::new("sh")

sdk-tests/sdk-anchor-test/programs/sdk-anchor-test/tests/read_only.rs

@@ -127,7 +127,9 @@ async fn create_compressed_account(
         )
         .await?
         .value;
-    let packed_accounts = rpc_result.pack_tree_infos(&mut remaining_accounts);
+    let packed_accounts = rpc_result
+        .pack_tree_infos(&mut remaining_accounts)
+        .map_err(|error| RpcError::CustomError(format!("Failed to pack tree infos: {error}")))?;
 
     let output_tree_index = rpc
         .get_random_state_tree_info()
@@ -178,6 +180,7 @@ async fn read_sha256_light_system_cpi(
 
     let packed_tree_accounts = rpc_result
         .pack_tree_infos(&mut remaining_accounts)
+        .map_err(|error| RpcError::CustomError(format!("Failed to pack tree infos: {error}")))?
         .state_trees
         .unwrap();
 
@@ -231,6 +234,7 @@ async fn read_sha256_lowlevel(
 
     let packed_tree_accounts = rpc_result
         .pack_tree_infos(&mut remaining_accounts)
+        .map_err(|error| RpcError::CustomError(format!("Failed to pack tree infos: {error}")))?
         .state_trees
         .unwrap();
 
@@ -289,7 +293,9 @@ async fn create_compressed_account_poseidon(
         )
         .await?
         .value;
-    let packed_accounts = rpc_result.pack_tree_infos(&mut remaining_accounts);
+    let packed_accounts = rpc_result
+        .pack_tree_infos(&mut remaining_accounts)
+        .map_err(|error| RpcError::CustomError(format!("Failed to pack tree infos: {error}")))?;
 
     let output_tree_index = rpc
         .get_random_state_tree_info()
@@ -340,6 +346,7 @@ async fn read_poseidon_light_system_cpi(
 
     let packed_tree_accounts = rpc_result
         .pack_tree_infos(&mut remaining_accounts)
+        .map_err(|error| RpcError::CustomError(format!("Failed to pack tree infos: {error}")))?
         .state_trees
         .unwrap();
 
@@ -393,6 +400,7 @@ async fn read_poseidon_lowlevel(
 
     let packed_tree_accounts = rpc_result
         .pack_tree_infos(&mut remaining_accounts)
+        .map_err(|error| RpcError::CustomError(format!("Failed to pack tree infos: {error}")))?
         .state_trees
         .unwrap();
 

sdk-tests/sdk-anchor-test/programs/sdk-anchor-test/tests/test.rs

@@ -171,7 +171,9 @@ async fn create_compressed_account(
         )
         .await?
         .value;
-    let packed_accounts = rpc_result.pack_tree_infos(&mut remaining_accounts);
+    let packed_accounts = rpc_result
+        .pack_tree_infos(&mut remaining_accounts)
+        .map_err(|error| RpcError::CustomError(format!("Failed to pack tree infos: {error}")))?;
 
     let output_tree_index = rpc
         .get_random_state_tree_info()
@@ -223,6 +225,7 @@ async fn update_compressed_account(
 
     let packed_tree_accounts = rpc_result
         .pack_tree_infos(&mut remaining_accounts)
+        .map_err(|error| RpcError::CustomError(format!("Failed to pack tree infos: {error}")))?
         .state_trees
         .unwrap();
 
@@ -277,6 +280,7 @@ async fn close_compressed_account(
 
     let packed_tree_accounts = rpc_result
         .pack_tree_infos(&mut remaining_accounts)
+        .map_err(|error| RpcError::CustomError(format!("Failed to pack tree infos: {error}")))?
         .state_trees
         .unwrap();
 
@@ -340,6 +344,7 @@ async fn reinit_closed_account(
 
     let packed_tree_accounts = rpc_result
         .pack_tree_infos(&mut remaining_accounts)
+        .map_err(|error| RpcError::CustomError(format!("Failed to pack tree infos: {error}")))?
         .state_trees
         .unwrap();
 
@@ -388,6 +393,7 @@ async fn close_compressed_account_permanent(
 
     let packed_tree_accounts = rpc_result
         .pack_tree_infos(&mut remaining_accounts)
+        .map_err(|error| RpcError::CustomError(format!("Failed to pack tree infos: {error}")))?
         .state_trees
         .unwrap();
 

sdk-tests/sdk-native-test/tests/test.rs

@@ -103,7 +103,10 @@ pub async fn create_pda(
         .value;
 
     let output_merkle_tree_index = accounts.insert_or_get(*merkle_tree_pubkey);
-    let packed_address_tree_info = rpc_result.pack_tree_infos(&mut accounts).address_trees[0];
+    let packed_address_tree_info = rpc_result
+        .pack_tree_infos(&mut accounts)
+        .map_err(|error| RpcError::CustomError(format!("Failed to pack tree infos: {error}")))?
+        .address_trees[0];
     let (accounts, system_accounts_offset, tree_accounts_offset) = accounts.to_account_metas();
 
     let instruction_data = CreatePdaInstructionData {
@@ -147,6 +150,7 @@ pub async fn update_pda(
 
     let packed_accounts = rpc_result
         .pack_tree_infos(&mut accounts)
+        .map_err(|error| RpcError::CustomError(format!("Failed to pack tree infos: {error}")))?
         .state_trees
         .unwrap();
 

sdk-tests/sdk-pinocchio-v1-test/tests/test.rs

@@ -101,7 +101,10 @@ pub async fn create_pda(
         .value;
 
     let output_merkle_tree_index = accounts.insert_or_get(*merkle_tree_pubkey);
-    let packed_address_tree_info = rpc_result.pack_tree_infos(&mut accounts).address_trees[0];
+    let packed_address_tree_info = rpc_result
+        .pack_tree_infos(&mut accounts)
+        .map_err(|error| RpcError::CustomError(format!("Failed to pack tree infos: {error}")))?
+        .address_trees[0];
     let (accounts, system_accounts_offset, tree_accounts_offset) = accounts.to_account_metas();
     let instruction_data = CreatePdaInstructionData {
         proof: rpc_result.proof,
@@ -145,6 +148,7 @@ pub async fn update_pda(
 
     let packed_accounts = rpc_result
         .pack_tree_infos(&mut accounts)
+        .map_err(|error| RpcError::CustomError(format!("Failed to pack tree infos: {error}")))?
         .state_trees
         .unwrap();