[Resolved] Avoid writing to instance storage from __check_auth until p25

[dmkozh]

Upd: The issue has been resolved in protocol 25 and this announcement can be safely ignored.

We have identified an issue in the Soroban host implementation that causes instance storage changes in __check_auth function to not be committed under very specific circumstances.

Due to this issue, the recommendation for the custom account developers is to avoid modifying instance storage in __check_auth until the fix is rolled out in protocol 25.

More specifically, if a smart contract account function modifies the instance storage and that function requires auth from the smart account itself and __check_auth function modifies the instance storage as well, then the instance storage changes from __check_auth call won't be committed to the ledger. To the best of our understanding, there is no contract on-chain that has been affected by the issue. Moreover, only 2 contracts have been modifying the instance storage in __check_auth, and even for these 2 contracts there is seemingly no code path that would satisfy all the conditions.

This seems like a really rare use case that most of the developers won't encounter. Also, testing the contract in any test environment (including the local quickstart deployments) triggers the issue, so it's hopefully hard enough to deploy a vulnerable contract to the mainnet without noticing the issue (as long as some testing has been done).

Please feel free to ask any questions or raise any concerns in this discussion.

[dmkozh]

The issue has been resolved in protocol 25 and this announcement can be safely ignored.