fix: reject unchallenged response chunks

Zk2u · Zk2u · commit 0a02a35b97f1 · 2026-04-09T15:09:52.000+01:00
diff --git a/crates/cac/protocol/src/evaluator/stf.rs b/crates/cac/protocol/src/evaluator/stf.rs
@@ -6,7 +6,7 @@ use mosaic_cac_types::{
     ChallengeResponseMsgChunk, ChallengeResponseMsgHeader, CommitMsgChunk, CommitMsgHeader,
     CompletedSignatures, DepositAdaptors, DepositId, GarblingTableCommitment, HeapArray, Index,
     OpenedGarblingTableCommitments, PubKey, ReservedSetupInputShares, Seed, SetupInputs,
-    TableTransferReceiptMsg, TableTransferRequestMsg, WideLabelWirePolynomialCommitments,
+    TableTransferReceiptMsg, WideLabelWirePolynomialCommitments,
     WideLabelZerothPolynomialCoefficients, WithdrawalAdaptors, WithdrawalAdaptorsChunk,
     WithdrawalInputs, state_machine::evaluator::*,
 };
@@ -582,7 +582,7 @@ async fn handle_commit_msg_header<S: StateMut>(
     match &mut state.step {
         Step::WaitingForCommit { header, chunks, .. } => {
             if *header {
-                warn!("evaluator received duplicate commit header, ack and ignore");
+                debug!("evaluator received duplicate commit header, ack and ignore");
                 return Ok(());
             }
 
@@ -637,7 +637,7 @@ async fn handle_commit_msg_header<S: StateMut>(
             post_handle_commit_msg(state, artifact_store, actions).await
         }
         step if step.phase() > StepPhase::WaitingForCommit => {
-            warn!("evaluator received commit header after completion, ack and ignore");
+            debug!("evaluator received commit header after completion, ack and ignore");
             Ok(())
         }
         _ => Err(SMError::UnexpectedInput),
@@ -659,7 +659,7 @@ async fn handle_commit_msg_chunk<S: StateMut>(
                 }
                 Some(true) => {
                     // already seen chunk
-                    warn!(%chunk_idx, "evaluator received duplicate commit chunk, ack and ignore");
+                    debug!(%chunk_idx, "evaluator received duplicate commit chunk, ack and ignore");
                     return Ok(());
                 }
                 None => {
@@ -699,7 +699,7 @@ async fn handle_commit_msg_chunk<S: StateMut>(
             post_handle_commit_msg(root_state, state, actions).await
         }
         step if step.phase() > StepPhase::WaitingForCommit => {
-            warn!("evaluator received commit chunk after completion, ack and ignore");
+            debug!("evaluator received commit chunk after completion, ack and ignore");
             Ok(())
         }
         _ => Err(SMError::UnexpectedInput),
@@ -744,7 +744,7 @@ async fn handle_recv_challenge_response_header<S: StateMut>(
             remaining_chunks,
         } => {
             if *header {
-                warn!("evaluator received duplicate challenge response header, ack and ignore");
+                debug!("evaluator received duplicate challenge response header, ack and ignore");
                 return Ok(());
             }
 
@@ -789,7 +789,7 @@ async fn handle_recv_challenge_response_header<S: StateMut>(
             post_handle_challenge_response(root_state, state, actions).await
         }
         step if step.phase() > StepPhase::WaitingForChallengeResponse => {
-            warn!("evaluator received challenge response header after completion, ack and ignore");
+            debug!("evaluator received challenge response header after completion, ack and ignore");
             Ok(())
         }
         _ => Err(SMError::UnexpectedInput),
@@ -807,6 +807,18 @@ async fn handle_recv_challenge_response_msg<S: StateMut>(
             header,
             remaining_chunks,
         } => {
+            let challenge_idxs = state
+                .get_challenge_indices()
+                .await
+                .require("expected challenge indices")?;
+
+            if !challenge_idxs
+                .iter()
+                .any(|idx| idx.get() == response_msg_chunk.circuit_index as usize)
+            {
+                return Err(SMError::InvalidInputData);
+            }
+
             let chunk_idx = (response_msg_chunk.circuit_index as usize)
                 .checked_sub(1)
                 .unwrap();
@@ -815,8 +827,11 @@ async fn handle_recv_challenge_response_msg<S: StateMut>(
                     // expected chunk
                 }
                 Some(false) => {
-                    // already seen chunk
-                    warn!(%chunk_idx, "evaluator received duplicate commit chunk, ack and ignore");
+                    // already seen expected chunk
+                    debug!(
+                        %chunk_idx,
+                        "evaluator received duplicate challenge response chunk, ack and ignore"
+                    );
                     return Ok(());
                 }
                 None => {
@@ -847,7 +862,7 @@ async fn handle_recv_challenge_response_msg<S: StateMut>(
             post_handle_challenge_response(root_state, state, actions).await
         }
         step if step.phase() > StepPhase::WaitingForChallengeResponse => {
-            warn!("evaluator received challenge response chunk after completion, ack and ignore");
+            debug!("evaluator received challenge response chunk after completion, ack and ignore");
             Ok(())
         }
         _ => Err(SMError::UnexpectedInput),
diff --git a/crates/cac/protocol/src/evaluator/tests.rs b/crates/cac/protocol/src/evaluator/tests.rs
@@ -396,6 +396,10 @@ async fn duplicate_challenge_response_chunk_is_ack_and_ignore() {
     // Mark first challenge index's chunk as already received.
     let first_challenge_idx = challenge_indices[0].get() - 1;
     remaining[first_challenge_idx] = false;
+    state
+        .put_challenge_indices(&challenge_indices)
+        .await
+        .unwrap();
     state
         .put_root_state(&EvaluatorState {
             config: None,
@@ -422,6 +426,41 @@ async fn duplicate_challenge_response_chunk_is_ack_and_ignore() {
     assert!(actions.is_empty(), "should produce no actions");
 }
 
+#[tokio::test]
+async fn unchallenged_in_range_challenge_response_chunk_is_invalid() {
+    let mut state = StoredEvaluatorState::default();
+    let challenge_indices = ChallengeIndices::new(|i| Index::new((i * 2) + 1).unwrap());
+    let remaining = get_remaining_challenge_response_chunks(&challenge_indices);
+    state
+        .put_challenge_indices(&challenge_indices)
+        .await
+        .unwrap();
+    state
+        .put_root_state(&EvaluatorState {
+            config: None,
+            step: Step::WaitingForChallengeResponse {
+                header: false,
+                remaining_chunks: remaining,
+            },
+        })
+        .await
+        .unwrap();
+
+    let mut actions = Vec::new();
+    let result = handle_event(
+        &mut state,
+        Input::RecvChallengeResponseMsgChunk(dummy_challenge_response_chunk(2)),
+        &mut actions,
+    )
+    .await;
+
+    assert!(
+        matches!(result, Err(crate::error::SMError::InvalidInputData)),
+        "unchallenged in-range chunk must be rejected, got: {result:?}"
+    );
+    assert!(actions.is_empty(), "should produce no actions");
+}
+
 #[tokio::test]
 async fn challenge_response_chunk_after_verifying_is_ack_and_ignore() {
     let mut state = StoredEvaluatorState::default();
diff --git a/crates/cac/protocol/src/garbler/stf.rs b/crates/cac/protocol/src/garbler/stf.rs
@@ -143,7 +143,7 @@ pub(crate) async fn handle_event<S: StateMut>(
             }
             // ack on all steps after WaitingForChallenge
             step if step.phase() > StepPhase::WaitingForChallenge => {
-                warn!("garbler received challenge after completion, ack and ignore");
+                debug!("garbler received challenge after completion, ack and ignore");
                 return Ok(());
             }
             _ => return Err(SMError::unexpected_input()),
@@ -175,7 +175,7 @@ pub(crate) async fn handle_event<S: StateMut>(
                 emit(actions, Action::TransferGarblingTable(*seed));
             }
             step if step.phase() > StepPhase::TransferringGarblingTables => {
-                warn!("garbler received table transfer request after completion, ack and ignore");
+                debug!("garbler received table transfer request after completion, ack and ignore");
                 return Ok(());
             }
             _ => return Err(SMError::unexpected_input()),
@@ -212,7 +212,7 @@ pub(crate) async fn handle_event<S: StateMut>(
                 }
             }
             step if step.phase() > StepPhase::TransferringGarblingTables => {
-                warn!("garbler received table transfer receipt after completion, ack and ignore");
+                debug!("garbler received table transfer receipt after completion, ack and ignore");
                 return Ok(());
             }
             _ => return Err(SMError::unexpected_input()),
@@ -400,7 +400,7 @@ pub(crate) async fn handle_action_result<S: StateMut>(
                     }
                 }
                 step if step.phase() > StepPhase::SendingCommit => {
-                    warn!("garbler received commit header ack after completion, ignore");
+                    debug!("garbler received commit header ack after completion, ignore");
                 }
                 _ => return Err(SMError::unexpected_input()),
             }
@@ -434,7 +434,7 @@ pub(crate) async fn handle_action_result<S: StateMut>(
                     }
                 }
                 step if step.phase() > StepPhase::SendingCommit => {
-                    warn!("garbler received commit chunk ack after completion, ignore");
+                    debug!("garbler received commit chunk ack after completion, ignore");
                 }
                 _ => return Err(SMError::unexpected_input()),
             }
@@ -525,7 +525,7 @@ pub(crate) async fn handle_action_result<S: StateMut>(
                     // Informational only. We mark a table as transferred once we get corresponding
                     // [`TableTransferReceiptMsg`](mosaic_cac_types::TableTransferReceiptMsg) from
                     // evaluator.
-                    info!(%commitment, "garbling table transferred")
+                    debug!(%commitment, "garbling table transferred")
                 }
                 _ => return Err(SMError::unexpected_input()),
             }
@@ -784,14 +784,14 @@ async fn handle_recv_deposit_adaptor_msg_chunk<S: StateMut>(
                 let DepositStep::WaitingForAdaptors { chunks } = &mut deposit_state.step else {
                     // WaitingForAdaptors is first step of deposit state machine. All other steps
                     // are after it.
-                    warn!("garbler received adaptor chunk after completion, ack and ignore");
+                    debug!("garbler received adaptor chunk after completion, ack and ignore");
                     return Ok(());
                 };
 
                 let chunk_idx = adaptor_msg_chunk.chunk_index as usize;
 
                 if chunks[chunk_idx] {
-                    warn!("garbler received duplicate adaptor chunk, ack and ignore");
+                    debug!("garbler received duplicate adaptor chunk, ack and ignore");
                     return Ok(());
                 }
 
@@ -824,7 +824,7 @@ async fn handle_recv_deposit_adaptor_msg_chunk<S: StateMut>(
             }
         }
         step if step.phase() > StepPhase::SetupComplete => {
-            warn!("garbler received adaptor chunk after completion, ack and ignore");
+            debug!("garbler received adaptor chunk after completion, ack and ignore");
             return Ok(());
         }
 

Original file line number	Diff line number	Diff line change
`@@ -143,7 +143,7 @@ pub(crate) async fn handle_event<S: StateMut>(`
`143`	`143`	`}`
`144`	`144`	`// ack on all steps after WaitingForChallenge`
`145`	`145`	`step if step.phase() > StepPhase::WaitingForChallenge => {`
`146`		`- warn!("garbler received challenge after completion, ack and ignore");`
	`146`	`+ debug!("garbler received challenge after completion, ack and ignore");`
`147`	`147`	`return Ok(());`
`148`	`148`	`}`
`149`	`149`	`_ => return Err(SMError::unexpected_input()),`
`@@ -175,7 +175,7 @@ pub(crate) async fn handle_event<S: StateMut>(`
`175`	`175`	`emit(actions, Action::TransferGarblingTable(*seed));`
`176`	`176`	`}`
`177`	`177`	`step if step.phase() > StepPhase::TransferringGarblingTables => {`
`178`		`- warn!("garbler received table transfer request after completion, ack and ignore");`
	`178`	`+ debug!("garbler received table transfer request after completion, ack and ignore");`
`179`	`179`	`return Ok(());`
`180`	`180`	`}`
`181`	`181`	`_ => return Err(SMError::unexpected_input()),`
`@@ -212,7 +212,7 @@ pub(crate) async fn handle_event<S: StateMut>(`
`212`	`212`	`}`
`213`	`213`	`}`
`214`	`214`	`step if step.phase() > StepPhase::TransferringGarblingTables => {`
`215`		`- warn!("garbler received table transfer receipt after completion, ack and ignore");`
	`215`	`+ debug!("garbler received table transfer receipt after completion, ack and ignore");`
`216`	`216`	`return Ok(());`
`217`	`217`	`}`
`218`	`218`	`_ => return Err(SMError::unexpected_input()),`
`@@ -400,7 +400,7 @@ pub(crate) async fn handle_action_result<S: StateMut>(`
`400`	`400`	`}`
`401`	`401`	`}`
`402`	`402`	`step if step.phase() > StepPhase::SendingCommit => {`
`403`		`- warn!("garbler received commit header ack after completion, ignore");`
	`403`	`+ debug!("garbler received commit header ack after completion, ignore");`
`404`	`404`	`}`
`405`	`405`	`_ => return Err(SMError::unexpected_input()),`
`406`	`406`	`}`
`@@ -434,7 +434,7 @@ pub(crate) async fn handle_action_result<S: StateMut>(`
`434`	`434`	`}`
`435`	`435`	`}`
`436`	`436`	`step if step.phase() > StepPhase::SendingCommit => {`
`437`		`- warn!("garbler received commit chunk ack after completion, ignore");`
	`437`	`+ debug!("garbler received commit chunk ack after completion, ignore");`
`438`	`438`	`}`
`439`	`439`	`_ => return Err(SMError::unexpected_input()),`
`440`	`440`	`}`
`@@ -525,7 +525,7 @@ pub(crate) async fn handle_action_result<S: StateMut>(`
`525`	`525`	`// Informational only. We mark a table as transferred once we get corresponding`
`526`	`526`	// [`TableTransferReceiptMsg`](mosaic_cac_types::TableTransferReceiptMsg) from
`527`	`527`	`// evaluator.`
`528`		`- info!(%commitment, "garbling table transferred")`
	`528`	`+ debug!(%commitment, "garbling table transferred")`
`529`	`529`	`}`
`530`	`530`	`_ => return Err(SMError::unexpected_input()),`
`531`	`531`	`}`
`@@ -784,14 +784,14 @@ async fn handle_recv_deposit_adaptor_msg_chunk<S: StateMut>(`
`784`	`784`	`let DepositStep::WaitingForAdaptors { chunks } = &mut deposit_state.step else {`
`785`	`785`	`// WaitingForAdaptors is first step of deposit state machine. All other steps`
`786`	`786`	`// are after it.`
`787`		`- warn!("garbler received adaptor chunk after completion, ack and ignore");`
	`787`	`+ debug!("garbler received adaptor chunk after completion, ack and ignore");`
`788`	`788`	`return Ok(());`
`789`	`789`	`};`
`790`	`790`
`791`	`791`	`let chunk_idx = adaptor_msg_chunk.chunk_index as usize;`
`792`	`792`
`793`	`793`	`if chunks[chunk_idx] {`
`794`		`- warn!("garbler received duplicate adaptor chunk, ack and ignore");`
	`794`	`+ debug!("garbler received duplicate adaptor chunk, ack and ignore");`
`795`	`795`	`return Ok(());`
`796`	`796`	`}`
`797`	`797`
`@@ -824,7 +824,7 @@ async fn handle_recv_deposit_adaptor_msg_chunk<S: StateMut>(`
`824`	`824`	`}`
`825`	`825`	`}`
`826`	`826`	`step if step.phase() > StepPhase::SetupComplete => {`
`827`		`- warn!("garbler received adaptor chunk after completion, ack and ignore");`
	`827`	`+ debug!("garbler received adaptor chunk after completion, ack and ignore");`
`828`	`828`	`return Ok(());`
`829`	`829`	`}`
`830`	`830`