Enable program checksums in the deployment

Author: d0cd

ledger/store/src/transaction/deployment.rs

@@ -525,6 +525,9 @@ pub trait DeploymentStorage<N: Network>: Clone + Send + Sync {
             None => bail!("Failed to get the deployed program '{program_id}' (edition {edition})"),
         };
 
+        // Compute the program checksum.
+        let program_checksum = program.checksum().ok();
+
         // Initialize a vector for the verifying keys and certificates.
         let mut verifying_keys = Vec::with_capacity(program.functions().len());
 
@@ -545,7 +548,7 @@ pub trait DeploymentStorage<N: Network>: Clone + Send + Sync {
         }
 
         // Return the deployment.
-        Ok(Some(Deployment::new(edition, program, verifying_keys, None)?))
+        Ok(Some(Deployment::new(edition, program, verifying_keys, program_checksum)?))
     }
 
     /// Returns the fee for the given `transaction ID`.

synthesizer/process/src/stack/deploy.rs

@@ -52,7 +52,7 @@ impl<N: Network> Stack<N> {
 
         // Return the deployment.
         // Note that the checksum is **intentionally** left as `None`. It should be added in `VM::deploy`.
-        Deployment::new(*self.program_edition, self.program.clone(), verifying_keys, None)
+        Deployment::new(*self.program_edition, self.program.clone(), verifying_keys, Some(self.program_checksum))
     }
 
     /// Checks each function in the program on the given verifying key and certificate.

synthesizer/src/vm/deploy.rs

@@ -35,7 +35,8 @@ impl<N: Network, C: ConsensusStorage<N>> VM<N, C> {
         let deployment = self.deploy_raw(program, rng)?;
         // Ensure the transaction is not empty.
         ensure!(!deployment.program().functions().is_empty(), "Attempted to create an empty transaction deployment");
-        // TODO (@d0cd). Set the checksum in the deployment. Use similar logic to how the correct execution cost is computed in VM::execute
+        // TODO (@d0cd). Unset the checksum in the deployment if the block height is less than the migration height.
+        //   Use similar logic to how the correct execution cost is computed in VM::execute
         // Compute the deployment ID.
         let deployment_id = deployment.to_deployment_id()?;
         // Construct the owner.

synthesizer/src/vm/mod.rs

@@ -1074,7 +1074,7 @@ function a:
             // Note: `deployment_transaction_ids` is sorted lexicographically by transaction ID, so the order may change if we update internal methods.
             assert_eq!(
                 deployment_transaction_ids,
-                vec![deployment_4.id(), deployment_3.id(), deployment_2.id(), deployment_1.id()],
+                vec![deployment_3.id(), deployment_1.id(), deployment_4.id(), deployment_2.id()],
                 "Update me if serialization has changed"
             );
         }
@@ -1460,8 +1460,13 @@ function do:
         let fee = vm.execute_fee_authorization(fee_authorization, None, rng).unwrap();
 
         // Create a new deployment transaction with the overreported verifying keys.
-        let adjusted_deployment =
-            Deployment::new(deployment.edition(), deployment.program().clone(), vks_with_overreport, None).unwrap();
+        let adjusted_deployment = Deployment::new(
+            deployment.edition(),
+            deployment.program().clone(),
+            vks_with_overreport,
+            deployment.program_checksum().cloned(),
+        )
+        .unwrap();
         let adjusted_transaction = Transaction::from_deployment(program_owner, adjusted_deployment, fee).unwrap();
 
         // Verify the deployment transaction. It should error when certificate checking for constraint count mismatch.
@@ -1515,8 +1520,13 @@ function do:
         }
 
         // Create a new deployment transaction with the underreported verifying keys.
-        let adjusted_deployment =
-            Deployment::new(deployment.edition(), deployment.program().clone(), vks_with_underreport, None).unwrap();
+        let adjusted_deployment = Deployment::new(
+            deployment.edition(),
+            deployment.program().clone(),
+            vks_with_underreport,
+            deployment.program_checksum().cloned(),
+        )
+        .unwrap();
         let deployment_id = adjusted_deployment.to_deployment_id().unwrap();
         let adjusted_transaction =
             Transaction::Deploy(txid, deployment_id, program_owner, Box::new(adjusted_deployment), fee);
@@ -1590,8 +1600,13 @@ function do:
         }
 
         // Create a new deployment transaction with the underreported verifying keys.
-        let adjusted_deployment =
-            Deployment::new(deployment.edition(), deployment.program().clone(), vks_with_underreport, None).unwrap();
+        let adjusted_deployment = Deployment::new(
+            deployment.edition(),
+            deployment.program().clone(),
+            vks_with_underreport,
+            deployment.program_checksum().cloned(),
+        )
+        .unwrap();
         let deployment_id = adjusted_deployment.to_deployment_id().unwrap();
         let adjusted_transaction =
             Transaction::Deploy(txid, deployment_id, program_owner, Box::new(adjusted_deployment), fee);

synthesizer/src/vm/verify.rs

@@ -151,6 +151,7 @@ impl<N: Network, C: ConsensusStorage<N>> VM<N, C> {
                 ensure!(owner.verify(*deployment_id), "Invalid owner signature for deployment transaction '{id}'");
                 // Verify the program checksum, if it exists.
                 // TODO (@d0cd): Add requirement for the program checksum after migration height. Use similar logic to how the execution fee is checked.
+                //   Before the migration, the checksum should be `None`.
                 if let Some(given_checksum) = deployment.program_checksum() {
                     let expected_checksum = deployment.program().checksum()?;
                     ensure!(

synthesizer/tests/expectations/vm/execute_and_finalize/test_rand.out

@@ -25,7 +25,7 @@ outputs:
   execute:
     test_rand.aleo/rand_chacha_check:
       outputs:
-      - '{"type":"future","id":"818878742790741579153893179075772445872751227433677932822653185952935999557field","value":"{\n  program_id: test_rand.aleo,\n  function_name: rand_chacha_check,\n  arguments: [\n    1field,\n    true\n  ]\n}"}'
+      - '{"type":"future","id":"3094980085105288375234060174899683221046711858965162333618502474712664334238field","value":"{\n  program_id: test_rand.aleo,\n  function_name: rand_chacha_check,\n  arguments: [\n    2field,\n    true\n  ]\n}"}'
   speculate: the execution was accepted
   add_next_block: succeeded.
 additional:

synthesizer/tests/tests/vm/execute_and_finalize/test_rand.aleo

@@ -12,7 +12,7 @@ cases:
     inputs: [0field, false]
   - program: test_rand.aleo
     function: rand_chacha_check
-    inputs: [1field, true]
+    inputs: [2field, true]
 */
 
 program test_rand.aleo;