fix(host-contracts): upgrade FHEVMExecutor to v0.2.0 (#2144)

* fix: reject scalar div/rem values that truncate to zero

* fix: make executor hotfix upgrade-safe

* test: cover scalar div rem truncation across widths

* chore: bump executor minor version for hotfix upgrades

* chore(host-contracts): refresh executor rust bindings

Author: Eikix

host-contracts/contracts/FHEVMExecutor.sol

@@ -122,7 +122,7 @@ contract FHEVMExecutor is UUPSUpgradeableEmptyProxy, FHEEvents, ACLOwnable {
     uint256 private constant MAJOR_VERSION = 0;
 
     /// @notice Minor version of the contract.
-    uint256 private constant MINOR_VERSION = 1;
+    uint256 private constant MINOR_VERSION = 2;
 
     /// @notice Patch version of the contract.
     uint256 private constant PATCH_VERSION = 0;
@@ -138,7 +138,7 @@ contract FHEVMExecutor is UUPSUpgradeableEmptyProxy, FHEEvents, ACLOwnable {
 
     /// Constant used for making sure the version number used in the `reinitializer` modifier is
     /// identical between `initializeFromEmptyProxy` and the `reinitializeVX` method
-    uint64 private constant REINITIALIZER_VERSION = 2;
+    uint64 private constant REINITIALIZER_VERSION = 3;
 
     /// keccak256(abi.encode(uint256(keccak256("fhevm.storage.FHEVMExecutor")) - 1)) & ~bytes32(uint256(0xff))
     bytes32 private constant FHEVMExecutorStorageLocation =
@@ -161,7 +161,7 @@ contract FHEVMExecutor is UUPSUpgradeableEmptyProxy, FHEEvents, ACLOwnable {
      */
     /// @custom:oz-upgrades-unsafe-allow missing-initializer-call
     /// @custom:oz-upgrades-validate-as-initializer
-    // function reinitializeV2() public virtual reinitializer(REINITIALIZER_VERSION) {}
+    function reinitializeV2() public virtual reinitializer(REINITIALIZER_VERSION) {}
 
     /**
      * @notice              Computes FHEAdd operation.
@@ -229,13 +229,13 @@ contract FHEVMExecutor is UUPSUpgradeableEmptyProxy, FHEEvents, ACLOwnable {
      */
     function fheDiv(bytes32 lhs, bytes32 rhs, bytes1 scalarByte) public virtual returns (bytes32 result) {
         if (scalarByte != 0x01) revert IsNotScalar(); /// @dev we know scalarByte is either 0x01 or 0x00 because we check it is boolean inside _binaryOp
-        if (rhs == 0) revert DivisionByZero();
         uint256 supportedTypes = (1 << uint8(FheType.Uint8)) +
             (1 << uint8(FheType.Uint16)) +
             (1 << uint8(FheType.Uint32)) +
             (1 << uint8(FheType.Uint64)) +
             (1 << uint8(FheType.Uint128));
         FheType lhsType = _verifyAndReturnType(lhs, supportedTypes);
+        if (_isScalarZeroForType(rhs, lhsType)) revert DivisionByZero();
         result = _binaryOp(Operators.fheDiv, lhs, rhs, scalarByte, lhsType);
         hcuLimit.checkHCUForFheDiv(lhsType, scalarByte, lhs, rhs, result);
         emit FheDiv(msg.sender, lhs, rhs, scalarByte, result);
@@ -250,13 +250,13 @@ contract FHEVMExecutor is UUPSUpgradeableEmptyProxy, FHEEvents, ACLOwnable {
      */
     function fheRem(bytes32 lhs, bytes32 rhs, bytes1 scalarByte) public virtual returns (bytes32 result) {
         if (scalarByte != 0x01) revert IsNotScalar(); /// @dev we know scalarByte is either 0x01 or 0x00 because we check it is boolean inside _binaryOp
-        if (rhs == 0) revert DivisionByZero();
         uint256 supportedTypes = (1 << uint8(FheType.Uint8)) +
             (1 << uint8(FheType.Uint16)) +
             (1 << uint8(FheType.Uint32)) +
             (1 << uint8(FheType.Uint64)) +
             (1 << uint8(FheType.Uint128));
         FheType lhsType = _verifyAndReturnType(lhs, supportedTypes);
+        if (_isScalarZeroForType(rhs, lhsType)) revert DivisionByZero();
         result = _binaryOp(Operators.fheRem, lhs, rhs, scalarByte, lhsType);
         hcuLimit.checkHCUForFheRem(lhsType, scalarByte, lhs, rhs, result);
         emit FheRem(msg.sender, lhs, rhs, scalarByte, result);
@@ -810,6 +810,18 @@ contract FHEVMExecutor is UUPSUpgradeableEmptyProxy, FHEEvents, ACLOwnable {
         if ((1 << uint8(typeCt)) & supportedTypes == 0) revert UnsupportedType();
     }
 
+    function _isScalarZeroForType(bytes32 scalar, FheType scalarType) internal pure virtual returns (bool) {
+        uint256 scalarUint = uint256(scalar);
+
+        if (scalarType == FheType.Uint8) return uint8(scalarUint) == 0;
+        if (scalarType == FheType.Uint16) return uint16(scalarUint) == 0;
+        if (scalarType == FheType.Uint32) return uint32(scalarUint) == 0;
+        if (scalarType == FheType.Uint64) return uint64(scalarUint) == 0;
+        if (scalarType == FheType.Uint128) return uint128(scalarUint) == 0;
+
+        revert UnsupportedType();
+    }
+
     function _unaryOp(Operators op, bytes32 ct) internal virtual returns (bytes32 result) {
         if (!acl.isAllowed(ct, msg.sender)) revert ACLNotAllowed(ct, msg.sender);
         result = keccak256(abi.encodePacked(op, ct, acl, block.chainid));

host-contracts/rust_bindings/src/fhevm_executor.rs

@@ -35,7 +35,7 @@ contract TestHostContractsDeployerTestUtils is HostContractsDeployerTestUtils {
 
         assertEq(address(fhevmExecutorProxy), fhevmExecutorAdd, "FHEVMExecutor proxy address mismatch");
         assertNotEq(fhevmExecutorImplementation, address(0), "Implementation not deployed");
-        assertEq(fhevmExecutorProxy.getVersion(), "FHEVMExecutor v0.1.0", "Version mismatch");
+        assertEq(fhevmExecutorProxy.getVersion(), "FHEVMExecutor v0.2.0", "Version mismatch");
         assertEq(
             _readImplementationSlot(fhevmExecutorAdd),
             fhevmExecutorImplementation,

host-contracts/test/fhevm-foundry/TestHostContractsDeployerTestUtils.t.sol

@@ -368,7 +368,7 @@ contract FHEVMExecutorTest is SupportedTypesConstants, Test {
         assertEq(fhevmExecutor.getInputVerifierAddress(), inputVerifierAdd);
         assertEq(fhevmExecutor.getACLAddress(), aclAdd);
         assertEq(fhevmExecutor.getHCULimitAddress(), hcuLimitAdd);
-        assertEq(fhevmExecutor.getVersion(), string(abi.encodePacked("FHEVMExecutor v0.1.0")));
+        assertEq(fhevmExecutor.getVersion(), string(abi.encodePacked("FHEVMExecutor v0.2.0")));
     }
 
     /// @dev This function exists for the test below to call it externally.
@@ -491,10 +491,9 @@ contract FHEVMExecutorTest is SupportedTypesConstants, Test {
         bytes1 scalarByte = bytes1(0x01);
 
         bytes32 lhs = _generateMockHandle(FheType(fheType));
-        bytes32 rhs = _generateMockHandle(FheType(fheType));
+        bytes32 rhs = bytes32(uint256(2));
 
         _approveHandleInACL(lhs, sender);
-        _approveHandleInACL(rhs, sender);
 
         bytes32 expectedResult = _computeExpectedResultBinaryOp(
             FHEVMExecutor.Operators.fheDiv,
@@ -520,10 +519,9 @@ contract FHEVMExecutorTest is SupportedTypesConstants, Test {
         bytes1 scalarByte = bytes1(0x01);
 
         bytes32 lhs = _generateMockHandle(FheType(fheType));
-        bytes32 rhs = _generateMockHandle(FheType(fheType));
+        bytes32 rhs = bytes32(uint256(2));
 
         _approveHandleInACL(lhs, sender);
-        _approveHandleInACL(rhs, sender);
 
         bytes32 expectedResult = _computeExpectedResultBinaryOp(
             FHEVMExecutor.Operators.fheRem,
@@ -1745,6 +1743,68 @@ contract FHEVMExecutorTest is SupportedTypesConstants, Test {
         fhevmExecutor.fheRem(lhs, rhs, 0x01);
     }
 
+    function _expectScalarDivRevertsWhenScalarTruncatesToZero(FheType fheType, uint256 rhsValue) internal {
+        bytes32 lhs = _generateMockHandle(fheType);
+        bytes32 rhs = bytes32(rhsValue);
+        address account = address(123);
+        _approveHandleInACL(lhs, account);
+
+        vm.expectRevert(FHEVMExecutor.DivisionByZero.selector);
+        vm.prank(account);
+        fhevmExecutor.fheDiv(lhs, rhs, 0x01);
+    }
+
+    function _expectScalarRemRevertsWhenScalarTruncatesToZero(FheType fheType, uint256 rhsValue) internal {
+        bytes32 lhs = _generateMockHandle(fheType);
+        bytes32 rhs = bytes32(rhsValue);
+        address account = address(123);
+        _approveHandleInACL(lhs, account);
+
+        vm.expectRevert(FHEVMExecutor.DivisionByZero.selector);
+        vm.prank(account);
+        fhevmExecutor.fheRem(lhs, rhs, 0x01);
+    }
+
+    function test_RevertsIfFheDivUint8ScalarTruncatesToZero() public {
+        _expectScalarDivRevertsWhenScalarTruncatesToZero(FheType.Uint8, 1 << 8);
+    }
+
+    function test_RevertsIfFheDivUint16ScalarTruncatesToZero() public {
+        _expectScalarDivRevertsWhenScalarTruncatesToZero(FheType.Uint16, 1 << 16);
+    }
+
+    function test_RevertsIfFheDivUint32ScalarTruncatesToZero() public {
+        _expectScalarDivRevertsWhenScalarTruncatesToZero(FheType.Uint32, 1 << 32);
+    }
+
+    function test_RevertsIfFheDivUint64ScalarTruncatesToZero() public {
+        _expectScalarDivRevertsWhenScalarTruncatesToZero(FheType.Uint64, 1 << 64);
+    }
+
+    function test_RevertsIfFheDivUint128ScalarTruncatesToZero() public {
+        _expectScalarDivRevertsWhenScalarTruncatesToZero(FheType.Uint128, 1 << 128);
+    }
+
+    function test_RevertsIfFheRemUint8ScalarTruncatesToZero() public {
+        _expectScalarRemRevertsWhenScalarTruncatesToZero(FheType.Uint8, 1 << 8);
+    }
+
+    function test_RevertsIfFheRemUint16ScalarTruncatesToZero() public {
+        _expectScalarRemRevertsWhenScalarTruncatesToZero(FheType.Uint16, 1 << 16);
+    }
+
+    function test_RevertsIfFheRemUint32ScalarTruncatesToZero() public {
+        _expectScalarRemRevertsWhenScalarTruncatesToZero(FheType.Uint32, 1 << 32);
+    }
+
+    function test_RevertsIfFheRemUint64ScalarTruncatesToZero() public {
+        _expectScalarRemRevertsWhenScalarTruncatesToZero(FheType.Uint64, 1 << 64);
+    }
+
+    function test_RevertsIfFheRemUint128ScalarTruncatesToZero() public {
+        _expectScalarRemRevertsWhenScalarTruncatesToZero(FheType.Uint128, 1 << 128);
+    }
+
     function test_RevertsIfFheDivRHSIsNotScalar() public {
         bytes32 lhs = _generateMockHandle(FheType.Uint16);
         bytes32 rhs = _generateMockHandle(FheType.Uint16);

host-contracts/test/fhevmExecutor/fhevmExecutor.t.sol

@@ -69,7 +69,7 @@ describe('Upgrades', function () {
       call: { fn: 'initializeFromEmptyProxy' },
     });
     await executor.waitForDeployment();
-    expect(await executor.getVersion()).to.equal('FHEVMExecutor v0.1.0');
+    expect(await executor.getVersion()).to.equal('FHEVMExecutor v0.2.0');
     const executor2 = await upgrades.upgradeProxy(executor, executorFactoryUpgraded);
     await executor2.waitForDeployment();
     expect(await executor2.getVersion()).to.equal('FHEVMExecutor v0.4.0');