NoBey/openzeppelin-contracts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Avoid overflow on empty multiproof (#4564)

Browse Source
This commit is contained in:
Francisco
2023-09-04 05:17:03 -03:00
committed by GitHub
parent c0545f741b
commit a503ba1a0a
2 changed files with 7 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.changeset/large-humans-remain.md Normal file
View File

@ -0,0 +1,5 @@
---
'openzeppelin-solidity': patch
---
`MerkleProof`: Use custom error to report invalid multiproof instead of reverting with overflow panic.

4
contracts/utils/cryptography/MerkleProof.sol
View File

@ -118,7 +118,7 @@ library MerkleProof {
uint256 totalHashes = proofFlags.length;
// Check proof validity.
if (leavesLen + proofLen - 1 != totalHashes) {
if (leavesLen + proofLen != totalHashes + 1) {
revert MerkleProofInvalidMultiproof();
}
@ -174,7 +174,7 @@ library MerkleProof {
uint256 totalHashes = proofFlags.length;
// Check proof validity.
if (leavesLen + proofLen - 1 != totalHashes) {
if (leavesLen + proofLen != totalHashes + 1) {
revert MerkleProofInvalidMultiproof();
}