GitBross Home Explore Help
Register Sign In
sol_Bo8des9o
/
openzeppelin-contracts
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Make explicit the validity of the empty set in MerkleProof.sol (#5142)

Ernesto García 1 year ago
parent
24a641d9c9
commit
bcd4beb5e7
2 changed files with 20 additions and 0 deletions
Split View Show Diff Stats
  1. 16 0
      contracts/utils/cryptography/MerkleProof.sol
  2. 4 0
      scripts/generate/templates/MerkleProof.js

+ 16 - 0
contracts/utils/cryptography/MerkleProof.sol
View File 

@@ -168,6 +168,10 @@ library MerkleProof {
 
      * This version handles multiproofs in memory with the default hashing function.
 
      *
 
      * CAUTION: Not all Merkle trees admit multiproofs. See {processMultiProof} for details.
 
+     *
 
+     * NOTE: The _empty set_ (i.e. the case where `proof.length == 0 && leaves.length == 0`) is considered a noop,
 
+     * and therefore a valid multiproof (i.e. it returns `true`). Consider disallowing this case if you're not
 
+     * validating the leaves elsewhere.
 
      */
 
     function multiProofVerify(
 
         bytes32[] memory proof,
 
@@ -247,6 +251,10 @@ library MerkleProof {
 
      * This version handles multiproofs in memory with a custom hashing function.
 
      *
 
      * CAUTION: Not all Merkle trees admit multiproofs. See {processMultiProof} for details.
 
+     *
 
+     * NOTE: The _empty set_ (i.e. the case where `proof.length == 0 && leaves.length == 0`) is considered a noop,
 
+     * and therefore a valid multiproof (i.e. it returns `true`). Consider disallowing this case if you're not
 
+     * validating the leaves elsewhere.
 
      */
 
     function multiProofVerify(
 
         bytes32[] memory proof,
 
@@ -328,6 +336,10 @@ library MerkleProof {
 
      * This version handles multiproofs in calldata with the default hashing function.
 
      *
 
      * CAUTION: Not all Merkle trees admit multiproofs. See {processMultiProof} for details.
 
+     *
 
+     * NOTE: The _empty set_ (i.e. the case where `proof.length == 0 && leaves.length == 0`) is considered a noop,
 
+     * and therefore a valid multiproof (i.e. it returns `true`). Consider disallowing this case if you're not
 
+     * validating the leaves elsewhere.
 
      */
 
     function multiProofVerifyCalldata(
 
         bytes32[] calldata proof,
 
@@ -407,6 +419,10 @@ library MerkleProof {
 
      * This version handles multiproofs in calldata with a custom hashing function.
 
      *
 
      * CAUTION: Not all Merkle trees admit multiproofs. See {processMultiProof} for details.
 
+     *
 
+     * NOTE: The _empty set_ (i.e. the case where `proof.length == 0 && leaves.length == 0`) is considered a noop,
 
+     * and therefore a valid multiproof (i.e. it returns `true`). Consider disallowing this case if you're not
 
+     * validating the leaves elsewhere.
 
      */
 
     function multiProofVerifyCalldata(
 
         bytes32[] calldata proof,

+ 4 - 0
scripts/generate/templates/MerkleProof.js
View File 

@@ -88,6 +88,10 @@ const templateMultiProof = ({ suffix, location, visibility, hash }) => `\
 
  * This version handles multiproofs in ${location} with ${hash ? 'a custom' : 'the default'} hashing function.
 
  *
 
  * CAUTION: Not all Merkle trees admit multiproofs. See {processMultiProof} for details.
 
+ *
 
+ * NOTE: The _empty set_ (i.e. the case where \`proof.length == 0 && leaves.length == 0\`) is considered a noop,
 
+ * and therefore a valid multiproof (i.e. it returns \`true\`). Consider disallowing this case if you're not
 
+ * validating the leaves elsewhere.
 
  */
 
 function multiProofVerify${suffix}(${formatArgsMultiline(
 
   `bytes32[] ${location} proof`,