sui_verifier_latest/
global_storage_access_verifier.rs1use crate::verification_failure;
5use move_binary_format::file_format::{Bytecode, CompiledModule};
6use sui_types::error::ExecutionError;
7
8pub fn verify_module(module: &CompiledModule) -> Result<(), ExecutionError> {
9 verify_global_storage_access(module)
10}
11
12fn verify_global_storage_access(module: &CompiledModule) -> Result<(), ExecutionError> {
15 for func_def in &module.function_defs {
16 if func_def.code.is_none() {
17 continue;
18 }
19 let code = &func_def.code.as_ref().unwrap().code;
20 let mut invalid_bytecode = vec![];
21 for bytecode in code {
22 match bytecode {
23 Bytecode::MoveFromDeprecated(_)
24 | Bytecode::MoveFromGenericDeprecated(_)
25 | Bytecode::MoveToDeprecated(_)
26 | Bytecode::MoveToGenericDeprecated(_)
27 | Bytecode::ImmBorrowGlobalDeprecated(_)
28 | Bytecode::MutBorrowGlobalDeprecated(_)
29 | Bytecode::ImmBorrowGlobalGenericDeprecated(_)
30 | Bytecode::MutBorrowGlobalGenericDeprecated(_)
31 | Bytecode::ExistsDeprecated(_)
32 | Bytecode::ExistsGenericDeprecated(_) => {
33 invalid_bytecode.push(bytecode);
34 }
35 Bytecode::Pop
36 | Bytecode::Ret
37 | Bytecode::BrTrue(_)
38 | Bytecode::BrFalse(_)
39 | Bytecode::Branch(_)
40 | Bytecode::LdU8(_)
41 | Bytecode::LdU16(_)
42 | Bytecode::LdU32(_)
43 | Bytecode::LdU64(_)
44 | Bytecode::LdU128(_)
45 | Bytecode::LdU256(_)
46 | Bytecode::CastU8
47 | Bytecode::CastU16
48 | Bytecode::CastU32
49 | Bytecode::CastU64
50 | Bytecode::CastU128
51 | Bytecode::CastU256
52 | Bytecode::LdConst(_)
53 | Bytecode::LdTrue
54 | Bytecode::LdFalse
55 | Bytecode::CopyLoc(_)
56 | Bytecode::MoveLoc(_)
57 | Bytecode::StLoc(_)
58 | Bytecode::Call(_)
59 | Bytecode::CallGeneric(_)
60 | Bytecode::Pack(_)
61 | Bytecode::PackGeneric(_)
62 | Bytecode::Unpack(_)
63 | Bytecode::UnpackGeneric(_)
64 | Bytecode::ReadRef
65 | Bytecode::WriteRef
66 | Bytecode::FreezeRef
67 | Bytecode::MutBorrowLoc(_)
68 | Bytecode::ImmBorrowLoc(_)
69 | Bytecode::MutBorrowField(_)
70 | Bytecode::MutBorrowFieldGeneric(_)
71 | Bytecode::ImmBorrowField(_)
72 | Bytecode::ImmBorrowFieldGeneric(_)
73 | Bytecode::Add
74 | Bytecode::Sub
75 | Bytecode::Mul
76 | Bytecode::Mod
77 | Bytecode::Div
78 | Bytecode::BitOr
79 | Bytecode::BitAnd
80 | Bytecode::Xor
81 | Bytecode::Shl
82 | Bytecode::Shr
83 | Bytecode::Or
84 | Bytecode::And
85 | Bytecode::Not
86 | Bytecode::Eq
87 | Bytecode::Neq
88 | Bytecode::Lt
89 | Bytecode::Gt
90 | Bytecode::Le
91 | Bytecode::Ge
92 | Bytecode::Abort
93 | Bytecode::Nop
94 | Bytecode::VecPack(_, _)
95 | Bytecode::VecLen(_)
96 | Bytecode::VecImmBorrow(_)
97 | Bytecode::VecMutBorrow(_)
98 | Bytecode::VecPushBack(_)
99 | Bytecode::VecPopBack(_)
100 | Bytecode::VecUnpack(_, _)
101 | Bytecode::VecSwap(_)
102 | Bytecode::PackVariant(_)
103 | Bytecode::PackVariantGeneric(_)
104 | Bytecode::UnpackVariant(_)
105 | Bytecode::UnpackVariantImmRef(_)
106 | Bytecode::UnpackVariantMutRef(_)
107 | Bytecode::UnpackVariantGeneric(_)
108 | Bytecode::UnpackVariantGenericImmRef(_)
109 | Bytecode::UnpackVariantGenericMutRef(_)
110 | Bytecode::VariantSwitch(_) => {}
111 }
112 }
113 if !invalid_bytecode.is_empty() {
114 return Err(verification_failure(format!(
115 "Access to Move global storage is not allowed. Found in function {}: {:?}",
116 module.identifier_at(module.function_handle_at(func_def.function).name),
117 invalid_bytecode,
118 )));
119 }
120 }
121 Ok(())
122}