Skip to content

fix(host-contracts): bump ACL reinitializer version#2107

Merged
mergify[bot] merged 3 commits intomainfrom
malatrax/fix/bump-host-contract-acl-version-simple-acl
Mar 13, 2026
Merged

fix(host-contracts): bump ACL reinitializer version#2107
mergify[bot] merged 3 commits intomainfrom
malatrax/fix/bump-host-contract-acl-version-simple-acl

Conversation

@zmalatrax
Copy link
Copy Markdown
Contributor

@zmalatrax zmalatrax commented Mar 13, 2026
edited
Loading

Following #1904 the ACL.sol host-contract was modified but the upgrade version was not, when it must have.

Fix this issue flagged by jat, bumping reinitializer version.

Someone modified ACL.sol contract in this huge commit yesterday https://github.com/zama-ai/fhevm/commit/803f1048727eabf6d8b3df618203e3c7dda77890#diff-342c378b72fda8ec0e0e240388d[…]0e2753ebae955933659cf704af896818 removing those 3 lines of code (and a lot of comments):
if (expirationDate < block.timestamp + 1 hours) {
revert ExpirationDateBeforeOneHour();
}
But doing so without bumping the reinitializer version (and the MINOR) is a big issue, because future upgrade would revert. This is problematic. I don't know who did this modification so I am posting here and in other channel (commit was authored by 4 different ppl). Please let me know if you want a quick review next time on host contracts.
NOTE: ExpirationDateBeforeOneHour custom error should also be removed...

Summary of what is missing:
1/ bump REINITIALIZER_VERSIONto 4. (the critical part).
2/ bump MINOR_VERSION to 3.
3/ remove ExpirationDateBeforeOneHour custom error.
4/ update CI to catch similar issues in the future.

After further discussion, we chose to refactor the removal of the ExpirationDateBeforeOneHour to a weaker check, that enforces expirationDate > block.timestamp in delegateForUserDecryption:

if (expirationDate <= block.timestamp) {
  revert ExpirationDateInThePast();
}

Added back the two tests testing the revert on ExpirationDateInThePast

@zmalatrax zmalatrax requested a review from a team as a code owner March 13, 2026 08:20
@cla-bot cla-bot bot added the cla-signed label Mar 13, 2026
@mergify
Copy link
Copy Markdown

mergify bot commented Mar 13, 2026
edited
Loading

🧪 CI Insights

Here's what we observed from your CI run for a0b1ed7.

🟢 All jobs passed!

But CI Insights is watching 👀

@mergify
Copy link
Copy Markdown

mergify bot commented Mar 13, 2026

🧪 CI Insights

Here's what we observed from your CI run for 09dcd3f.

❌ Job Failures

Pipeline Job Health on main Retries 🔍 CI Insights 📄 Logs
common-pull-request common-pull-request/lint (bpr) Unknown 0 View View

@zmalatrax zmalatrax force-pushed the malatrax/fix/bump-host-contract-acl-version-simple-acl branch from 09dcd3f to 9295ab2 Compare March 13, 2026 08:31
@zmalatrax zmalatrax changed the title fix(host-contract): bump ACL reinitializer version fix(host-contracts): bump ACL reinitializer version Mar 13, 2026
@zmalatrax zmalatrax force-pushed the malatrax/fix/bump-host-contract-acl-version-simple-acl branch 2 times, most recently from 3b62c54 to a7984cb Compare March 13, 2026 09:30
@zmalatrax zmalatrax force-pushed the malatrax/fix/bump-host-contract-acl-version-simple-acl branch from a7984cb to 46da6ae Compare March 13, 2026 10:02
@Eikix Eikix mentioned this pull request Mar 13, 2026
Closed
6 tasks
jatZama
jatZama approved these changes Mar 13, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@jatZama jatZama left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Excellent, thanks.

@zmalatrax
Copy link
Copy Markdown
Contributor Author

zmalatrax commented Mar 13, 2026

@mergify queue

@mergify
Copy link
Copy Markdown

mergify bot commented Mar 13, 2026
edited
Loading

Merge Queue Status

This pull request spent 2 hours 28 minutes 12 seconds in the queue, including 1 hour 54 minutes 44 seconds running CI.

Required conditions to merge

mergify bot added a commit that referenced this pull request Mar 13, 2026
@mergify
Merge of #2107
8e31d28
This was referenced Mar 13, 2026
Closed
Merged
@mergify mergify bot merged commit 3c50a65 into main Mar 13, 2026
63 checks passed
@mergify mergify bot deleted the malatrax/fix/bump-host-contract-acl-version-simple-acl branch March 13, 2026 14:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jatZama jatZama jatZama approved these changes

Assignees

No one assigned

Labels

cla-signed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@zmalatrax @jatZama