Issue with isAllowed Check Failing for Function Parameter

El-hacen_Diallo · September 8, 2024, 8:11am

Hello,

In my class Test, I’ve written two contract functions, f1() and isF2(). However, I am encountering a problem where the parameter var1 in the isF2() function is causing a failure when calling the function due to an authorization issue.

Here is a simplified version of the code I’m working with:

contract Test {
    
    function f1() public returns (bool) {
        euint16 var1 = _fa(_to);
        TFHE.allowTransient(var1 , msg.sender);
        TFHE.allow(var1 , address(this));
        
        require(
            TFHE.isAllowed(var1 , address(this)),
            "The caller is not authorized to access this encrypted element." // is okay
        );
        
        ebool isTested = isF2(var1);
        TFHE.allowTransient(isTested, msg.sender);
        
        return isTested;
    }
    
    function isF2(euint16 var1) public returns (ebool) {
        require(
            TFHE.isAllowed(var1, address(this)),
            "isF2: The caller is not authorized to access this encrypted element." // not okay
        );
        ....
    }
}

When calling isF2(var1) from within f1(), the require statement inside isF2() fails, meaning that the caller does not have the necessary permission (is not allowed) to access the encrypted element (var1).

Error: "isF2: The caller is not authorized to access this encrypted element."

Why is the parameter var1 failing the requirement in isF2() even though access has been granted in f1.

How can I modify the code so that the var1 parameter is allowed in isF2() without failing the authorization check ?

El-hacen_Diallo · September 8, 2024, 11:24am

A ready to test example:

// SPDX-License-Identifier: GPL-3.0

pragma solidity ^0.8.17;

import "fhevm/lib/TFHE.sol";

contract Test {

    // Placeholder function to simulate '_fa' functionality
    function _fa(address _to) internal returns (euint16) {
        //test on address
        euint16 code = TFHE.asEuint16(20);
        TFHE.allow(code, address(this)); // just in case
        return code;
    }

    // Main function that uses `_fa` and calls `isF2`
    function f1(address _to) public returns (ebool)  {
        // Call `_fa` to get an encrypted value
        euint16 var1 = _fa(_to);

        // Grant temporary permissions for `var1` to the caller and the contract
        TFHE.allowTransient(var1, msg.sender);
        TFHE.allow(var1, address(this));

        // Ensure that the contract is allowed to access the encrypted element
        require(
            TFHE.isAllowed(var1, address(this)),
            "The caller is not authorized to access this encrypted element."
        );

        // Call `isF2` to further check or process the value
        ebool isTested = isF2(var1);
        TFHE.allowTransient(isTested, msg.sender);
        TFHE.allow(isTested, address(this));

        return isTested;
    }

    // Function that checks permissions for `var1`
    function isF2(euint16 var1) public returns (ebool) {
        // Ensure that the contract is allowed to access the encrypted element in `isF2`
        require(
            TFHE.isAllowed(var1, address(this)),
            "isF2: The caller is not authorized to access this encrypted element."
        );

        // Mock processing and return an `ebool` (for example purposes)
        ebool result = TFHE.asEbool(true); // Assume it passes the check
        TFHE.allow(result, address(this));

        return result;
    }
}

clement · September 8, 2024, 12:57pm

I have tested your contract provided in reply and it worked on the devnet.
Which version of fhevm are you using and on which network did you test?