fix: enforce runtime constructor guard on KMSVerifier and InputVerifier#438
Closed
fix: enforce runtime constructor guard on KMSVerifier and InputVerifier#438
Conversation
…er (#435) TypeScript `private constructor` is a compile-time guard only. In the bundled JS output, consumers can freely call `new KMSVerifier(...)` with unvalidated data, bypassing `loadFromChain()` validation. When `verifyingContract` is null, the WASM layer crashes with a cryptic "addressnull" error. Add a static private Symbol guard that both constructors check at runtime. Since the Symbol is inaccessible outside the class, direct construction always throws with an actionable message directing consumers to `loadFromChain()` / `createInstance()`. Closes #435 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes #435
KMSVerifierandInputVerifierconstructors, enforcing that instances can only be created throughloadFromChain()(and by extensioncreateInstance())private constructoris compile-time only — in the bundled JS, consumers like@zama-fhe/sdkcan callnew KMSVerifier({...})directly, bypassing allloadFromChain()validationverifyingContractis null (e.g. from a broken RPC response in aworker_threadscontext), the unvalidated value propagates through the closure chain to the WASM layer, which crashes with a cryptic"addressnull"error#constructorGuardSymbol is inaccessible outside the class even at JS runtime, so direct construction now throws with an actionable messageTest plan
tsc --noEmitpassesnew KMSVerifier({...})throws at runtime in a consumer context (e.g.@zama-fhe/sdkworker)createInstance()still works end-to-end inworker_threads🤖 Generated with Claude Code