fix: validate contract artifact schema in CLI deploy/call path (A-836)#23921
Merged
PhilWindle merged 1 commit intoJun 8, 2026
Conversation
The CLI loaded contract artifacts via loadContractArtifact, which only runs the shallow isContractArtifact shape check on already-processed artifacts (parameter ABIs, types, storage layout, etc. were never validated). A malformed artifact passed to the CLI therefore surfaced as an opaque error later during deployment instead of a clear schema-validation failure. Add loadContractArtifactWithValidation, which runs the full ContractArtifactSchema over an already-processed artifact before returning it (raw nargo output is already validated via generateContractArtifact). The returned object is unchanged from loadContractArtifact; the schema parse is used purely for validation. Scoped to the CLI to avoid validating at the many module-load call sites of loadContractArtifact.
fcarreiro
approved these changes
Jun 8, 2026
PhilWindle
deleted the
phil/a-836-audit-188-cli-deploy-command-doesnt-validate-contract
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes A-836 (Audit #188).
Problem
The CLI loaded contract artifacts via
loadContractArtifact(getContractArtifactincli/src/utils/aztec.ts). For an already-processed artifact,loadContractArtifactonly runs the shallowisContractArtifactheuristic — its own JSDoc notes "The check is not exhaustive". It checksname/functions/nonDispatchPublicFunctionsshape but never validates parameter ABIs, types, storage layout, outputs, etc. (Raw nargo output is already fully validated, since it flows throughgenerateContractArtifact→ContractArtifactSchema.parse.)A malformed-but-superficially-shaped artifact therefore bypassed schema validation and surfaced as an opaque error later during deployment/arg-encoding rather than a clear validation failure.
Fix
Add
loadContractArtifactWithValidationin stdlib: it runs the fullContractArtifactSchemaover an already-processed artifact before returning, and otherwise defers toloadContractArtifact(raw nargo stays validated as before). The returned object is identical toloadContractArtifact's — the schema parse is used purely as a validation gate. The CLI'sgetContractArtifactnow uses it.Scoped deliberately to the CLI (the audit's concern).
loadContractArtifactis called at 100+ module-load sites with wire-form JSON; adding a stricter schema gate to all of them would have a large blast radius and risk rejecting legacy artifacts, so the unguarded function is left unchanged.Test
Added
loadContractArtifactWithValidationtests incontract_artifact.test.ts: a valid already-processed artifact (wire form) loads, and one whosefunctionTypeis a non-enum string — which still passes the shallowisContractArtifactcheck — is rejected. The rejection test fails without the schema gate and passes with it.Note
Severity is MEDIUM in the finding, but as the artifact is local input the deployer supplies (not an untrusted network boundary) and downstream code still throws on bad input, the practical impact is closer to LOW (a clearer error message, earlier).