Merge pull request #72 from onbloc/fix-zkgm-byte-slice-boundaries

aronpark1007 · web-flow · commit 556934eaf64e · 2026-05-21T20:58:57.000+09:00
fix(ibc): harden zkgm byte slice boundaries
diff --git a/gno.land/r/core/ibc/v1/apps/zkgm/v0/impl/call.gno b/gno.land/r/core/ibc/v1/apps/zkgm/v0/impl/call.gno
@@ -29,7 +29,9 @@ func (v *ZkgmV1) executeCall(packet core.Packet, relayer address, relayerMsg []b
 		return callErrAck(errEurekaUnsupported), nil
 	}
 
-	receiverPath := string(call.ContractAddress)
+	sender := cloneBytes(call.Sender)
+	calldata := cloneBytes(call.ContractCalldata)
+	receiverPath := string(cloneBytes(call.ContractAddress))
 	receiver := zkgm.GetReceiver(receiverPath)
 	if receiver == nil {
 		return callErrAck(errors.New("zkgm/v1: receiver not registered: " + receiverPath)), nil
@@ -38,14 +40,14 @@ func (v *ZkgmV1) executeCall(packet core.Packet, relayer address, relayerMsg []b
 	relayerStr := string(relayer)
 	env := z.CallEnv{
 		Caller:             relayerStr,
-		ProxyAccount:       PredictCallProxyAccount(path, packet.DestinationChannelId, call.Sender),
+		ProxyAccount:       PredictCallProxyAccount(path, packet.DestinationChannelId, sender),
 		Path:               path,
 		SourceChannel:      packet.SourceChannelId.String(),
 		DestinationChannel: packet.DestinationChannelId.String(),
-		Sender:             call.Sender,
-		Calldata:           call.ContractCalldata,
+		Sender:             sender,
+		Calldata:           calldata,
 		Relayer:            []byte(relayerStr),
-		RelayerMsg:         []byte(relayerMsg),
+		RelayerMsg:         cloneBytes(relayerMsg),
 	}
 
 	err, panicked := safeCallOnZkgm(receiver, env)
@@ -77,11 +79,38 @@ func (v *ZkgmV1) timeoutCall(packet core.Packet, path *u256.Uint, call z.Call) e
 	return nil
 }
 
+// safeCallOnZkgm runs the receiver and reports a failure as panicked=true.
+// revive is preferred since it also catches cross-realm aborts; the recover
+// fallback, used only when revive is unsupported, catches ordinary panics.
 func safeCallOnZkgm(receiver z.Zkgmable, env z.CallEnv) (err error, panicked bool) {
-	p := revive(func() {
-		err = receiver.OnZkgm(cross, env)
-	})
-	return err, p != nil
+	if canRevive() {
+		p := revive(func() {
+			err = receiver.OnZkgm(cross, env)
+		})
+		return err, p != nil
+	}
+
+	defer func() {
+		if recover() != nil {
+			err = nil
+			panicked = true
+		}
+	}()
+	err = receiver.OnZkgm(cross, env)
+	return err, false
+}
+
+// canRevive reports whether revive works in the current runtime. revive panics
+// rather than returning when the interpreter lacks support for it.
+func canRevive() (ok bool) {
+	ok = true
+	defer func() {
+		if recover() != nil {
+			ok = false
+		}
+	}()
+	revive(func() {})
+	return ok
 }
 
 func callErrAck(err error) core.RecvPacketResult {
diff --git a/gno.land/r/core/ibc/v1/apps/zkgm/v0/impl/impl.gno b/gno.land/r/core/ibc/v1/apps/zkgm/v0/impl/impl.gno
@@ -33,7 +33,7 @@ func (v *ZkgmV1) PreChannelCloseInit(channelId core.ChannelId) {}
 func (v *ZkgmV1) PostChannelCloseConfirm(channelId core.ChannelId) {}
 
 func (v *ZkgmV1) Recv(packet core.Packet, relayer address, relayerMsg []byte) core.RecvPacketResult {
-	zp, err := z.DecodeZkgmPacket(packet.Data)
+	zp, err := z.DecodeZkgmPacket(cloneBytes(packet.Data))
 	if err != nil {
 		return errResult(err)
 	}
@@ -45,7 +45,7 @@ func (v *ZkgmV1) Recv(packet core.Packet, relayer address, relayerMsg []byte) co
 }
 
 func (v *ZkgmV1) Ack(packet core.Packet, ack []byte, relayer address) {
-	zp, err := z.DecodeZkgmPacket(packet.Data)
+	zp, err := z.DecodeZkgmPacket(cloneBytes(packet.Data))
 	if err != nil {
 		panic(err.Error())
 	}
@@ -59,7 +59,7 @@ func (v *ZkgmV1) Ack(packet core.Packet, ack []byte, relayer address) {
 }
 
 func (v *ZkgmV1) Timeout(packet core.Packet, relayer address) {
-	zp, err := z.DecodeZkgmPacket(packet.Data)
+	zp, err := z.DecodeZkgmPacket(cloneBytes(packet.Data))
 	if err != nil {
 		panic(err.Error())
 	}
@@ -78,7 +78,7 @@ func (v *ZkgmV1) Timeout(packet core.Packet, relayer address) {
 // outcome where appropriate. The result is dropped because the new
 // OnIntentRecvPacket callback has no return.
 func (v *ZkgmV1) IntentRecv(packet core.Packet, marketMaker address, marketMakerMsg []byte) {
-	zp, err := z.DecodeZkgmPacket(packet.Data)
+	zp, err := z.DecodeZkgmPacket(cloneBytes(packet.Data))
 	if err != nil {
 		panic(err.Error())
 	}

Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,7 @@ func (v *ZkgmV1) PreChannelCloseInit(channelId core.ChannelId) {}`
`33`	`33`	`func (v *ZkgmV1) PostChannelCloseConfirm(channelId core.ChannelId) {}`
`34`	`34`
`35`	`35`	`func (v *ZkgmV1) Recv(packet core.Packet, relayer address, relayerMsg []byte) core.RecvPacketResult {`
`36`		`- zp, err := z.DecodeZkgmPacket(packet.Data)`
	`36`	`+ zp, err := z.DecodeZkgmPacket(cloneBytes(packet.Data))`
`37`	`37`	`if err != nil {`
`38`	`38`	`return errResult(err)`
`39`	`39`	`}`
`@@ -45,7 +45,7 @@ func (v *ZkgmV1) Recv(packet core.Packet, relayer address, relayerMsg []byte) co`
`45`	`45`	`}`
`46`	`46`
`47`	`47`	`func (v *ZkgmV1) Ack(packet core.Packet, ack []byte, relayer address) {`
`48`		`- zp, err := z.DecodeZkgmPacket(packet.Data)`
	`48`	`+ zp, err := z.DecodeZkgmPacket(cloneBytes(packet.Data))`
`49`	`49`	`if err != nil {`
`50`	`50`	`panic(err.Error())`
`51`	`51`	`}`
`@@ -59,7 +59,7 @@ func (v *ZkgmV1) Ack(packet core.Packet, ack []byte, relayer address) {`
`59`	`59`	`}`
`60`	`60`
`61`	`61`	`func (v *ZkgmV1) Timeout(packet core.Packet, relayer address) {`
`62`		`- zp, err := z.DecodeZkgmPacket(packet.Data)`
	`62`	`+ zp, err := z.DecodeZkgmPacket(cloneBytes(packet.Data))`
`63`	`63`	`if err != nil {`
`64`	`64`	`panic(err.Error())`
`65`	`65`	`}`
`@@ -78,7 +78,7 @@ func (v *ZkgmV1) Timeout(packet core.Packet, relayer address) {`
`78`	`78`	`// outcome where appropriate. The result is dropped because the new`
`79`	`79`	`// OnIntentRecvPacket callback has no return.`
`80`	`80`	`func (v *ZkgmV1) IntentRecv(packet core.Packet, marketMaker address, marketMakerMsg []byte) {`
`81`		`- zp, err := z.DecodeZkgmPacket(packet.Data)`
	`81`	`+ zp, err := z.DecodeZkgmPacket(cloneBytes(packet.Data))`
`82`	`82`	`if err != nil {`
`83`	`83`	`panic(err.Error())`
`84`	`84`	`}`