Skip to content

Commit

Permalink
Add section for Sapphire gas padding
Browse files Browse the repository at this point in the history
  • Loading branch information
aefhm committed Nov 7, 2023
1 parent b69a5ac commit c02b1fb
Showing 1 changed file with 41 additions and 4 deletions.
45 changes: 41 additions & 4 deletions docs/dapp/sapphire/security.md
Original file line number Diff line number Diff line change
Expand Up @@ -36,8 +36,9 @@ You can also trace a particular transaction, once you know its hash.
npx hardhat trace --hash 0xTransactionHash
```

For both [gas] usage and confidentiality, non-unique data sizes are
recommended. E.g. 64-byte value will still be distinct from a 128-byte value.
For both [gas] usage and confidentiality purposes, we recommend using
non-unique data size. E.g. 64-byte value will still be distinct from a
128-byte value.

:::caution Inference based on access patterns

Expand All @@ -48,7 +49,7 @@ transaction.

## Order of Operations

With regards to errors, gas usage patterns not only can reveal the code path
When handling errors, gas usage patterns not only can reveal the code path
taken, but sometimes the balance of a user as well (in the case of a diligent
attacker using binary search).

Expand All @@ -73,5 +74,41 @@ function transferFrom(address who, address to, uint amount)
}
```

## Gas Padding

To prevent leaking information about a particular transaction, Sapphire
provides a [precompile] for dApp developers to pad the amount of gas used
in a transaction.

```solidity
contract GasExample {
bytes32 tmp;
function constantMath(bool doMath, uint128 padGasAmount) external {
if (doMath) {
bytes32 x;
for (uint256 i = 0; i < 100; i++) {
x = keccak256(abi.encodePacked(x, tmp));
}
tmp = x;
}
Sapphire.padGas(padGasAmount);
}
}
```

Both contract calls below should use the same amount of gas. Sapphire also
provides the precompile to return the gas [used] by the current transaction.

```typescript
await contract.constantMath(true, 100000);
await contract.constantMath(false, 100000);
```

[gas]: https://docs.soliditylang.org/en/latest/internals/layout_in_storage.html
[hardhat-tracer]: https://www.npmjs.com/package/hardhat-tracer
[hardhat-tracer]: https://www.npmjs.com/package/hardhat-tracer
[precompile]: https://github.com/oasisprotocol/sapphire-paratime/blob/08b5fa24783ea576207dacde20ff4d20a1c7dded/contracts/contracts/Sapphire.sol#L28-L29
[used]: https://github.com/oasisprotocol/sapphire-paratime/blob/08b5fa24783ea576207dacde20ff4d20a1c7dded/contracts/contracts/Sapphire.sol#L26-L27

0 comments on commit c02b1fb

Please sign in to comment.