GitBross Home Explore Help
Register Sign In
sol_Bo8des9o
/
openzeppelin-contracts
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Check proof length multiple of 32. Use keccak256 instead of sha3

Yondon Fu 8 years ago
parent
bc3db5d4c1
commit
863ad48a81
2 changed files with 25 additions and 5 deletions
Split View Show Diff Stats
  1. 5 2
      contracts/MerkleProof.sol
  2. 20 3
      test/MerkleProof.js

+ 5 - 2
contracts/MerkleProof.sol
View File 

@@ -14,6 +14,9 @@ library MerkleProof {
 
    * @param _leaf Leaf of Merkle tree
 
    */
 
   function verifyProof(bytes _proof, bytes32 _root, bytes32 _leaf) constant returns (bool) {
 
+    // Check if proof length is a multiple of 32
 
+    if (_proof.length % 32 != 0) return false;
 
+
 
     bytes32 proofElement;
 
     bytes32 computedHash = _leaf;
 
 
@@ -25,10 +28,10 @@ library MerkleProof {
 
 
       if (computedHash < proofElement) {
 
         // Hash(current computed hash + current element of the proof)
 
-        computedHash = sha3(computedHash, proofElement);
 
+        computedHash = keccak256(computedHash, proofElement);
 
       } else {
 
         // Hash(current element of the proof + current computed hash)
 
-        computedHash = sha3(proofElement, computedHash);
 
+        computedHash = keccak256(proofElement, computedHash);
 
       }
 
     }

+ 20 - 3
test/MerkleProof.js
View File 

@@ -26,18 +26,35 @@ contract('MerkleProof', function(accounts) {
 
     });
 
 
     it("should return false for an invalid Merkle proof", async function() {
 
+      const correctElements = ["a", "b", "c"].map(el => sha3(el));
 
+      const correctMerkleTree = new MerkleTree(correctElements);
 
+
 
+      const correctRoot = correctMerkleTree.getHexRoot();
 
+
 
+      const correctLeaf = correctMerkleTree.bufToHex(correctElements[0]);
 
+
 
+      const badElements = ["d", "e", "f"].map(el => sha3(el))
 
+      const badMerkleTree = new MerkleTree(badElements)
 
+
 
+      const badProof = badMerkleTree.getHexProof(badElements[0])
 
+
 
+      const result = await merkleProof.verifyProof(badProof, correctRoot, correctLeaf);
 
+      assert.isNotOk(result, "verifyProof did not return false for an invalid proof");
 
+    });
 
+
 
+    it("should return false for a Merkle proof of invalid length", async function() {
 
       const elements = ["a", "b", "c"].map(el => sha3(el));
 
       const merkleTree = new MerkleTree(elements);
 
 
       const root = merkleTree.getHexRoot();
 
 
       const proof = merkleTree.getHexProof(elements[0]);
 
-      const badProof = proof.slice(0, proof.length - 32);
 
+      const badProof = proof.slice(0, proof.length - 5);
 
 
       const leaf = merkleTree.bufToHex(elements[0]);
 
 
       const result = await merkleProof.verifyProof(badProof, root, leaf);
 
-      assert.isNotOk(result, "verifyProof did not return false for an invalid proof");
 
-    });
 
+      assert.isNotOk(result, "verifyProof did not return false for proof of invalid length");
 
+    })
 
   });
 
 });