NoBey/openzeppelin-contracts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Process and verify merkle proofs (and multiproof) with custom hash function (#4887)

Browse Source 
Co-authored-by: ernestognw <ernestognw@gmail.com>
This commit is contained in:
Hadrien Croubois
2024-07-15 18:08:58 +02:00
committed by GitHub
parent 4b33d326fa
commit b73bcb231f
10 changed files with 779 additions and 269 deletions
Download Patch File Download Diff File Expand all files Collapse all files

364
test/utils/cryptography/MerkleProof.test.js
View File

@ -1,173 +1,213 @@
const { ethers } = require('hardhat');
const { expect } = require('chai');
const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers');
const { StandardMerkleTree } = require('@openzeppelin/merkle-tree');
const { PANIC_CODES } = require('@nomicfoundation/hardhat-chai-matchers/panic');
const { SimpleMerkleTree } = require('@openzeppelin/merkle-tree');
const toElements = str => str.split('').map(e => [e]);
const hashPair = (a, b) => ethers.keccak256(Buffer.concat([a, b].sort(Buffer.compare)));
async function fixture() {
const mock = await ethers.deployContract('$MerkleProof');
return { mock };
}
// generate bytes32 leaves from a string
const toLeaves = (str, separator = '') => str.split(separator).map(e => ethers.keccak256(ethers.toUtf8Bytes(e)));
// internal node hashes
const concatSorted = (...elements) => Buffer.concat(elements.map(ethers.getBytes).sort(Buffer.compare));
const defaultHash = (a, b) => ethers.keccak256(concatSorted(a, b));
const customHash = (a, b) => ethers.sha256(concatSorted(a, b));
describe('MerkleProof', function () {
beforeEach(async function () {
Object.assign(this, await loadFixture(fixture));
});
for (const { title, contractName, nodeHash } of [
{ title: 'default hash', contractName: '$MerkleProof', nodeHash: defaultHash },
{ title: 'custom hash', contractName: '$MerkleProofCustomHashMock', nodeHash: customHash },
]) {
describe(title, function () {
// stateless: no need for a fixture, just use before
before(async function () {
this.mock = await ethers.deployContract(contractName);
this.makeTree = str => SimpleMerkleTree.of(toLeaves(str), { nodeHash });
});
describe('verify', function () {
it('returns true for a valid Merkle proof', async function () {
const merkleTree = StandardMerkleTree.of(
toElements('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='),
['string'],
);
describe('verify', function () {
it('returns true for a valid Merkle proof', async function () {
const merkleTree = this.makeTree('ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=');
const root = merkleTree.root;
const hash = merkleTree.leafHash(['A']);
const proof = merkleTree.getProof(['A']);
const root = merkleTree.root;
const hash = merkleTree.at(0);
const proof = merkleTree.getProof(0);
expect(await this.mock.$verify(proof, root, hash)).to.be.true;
expect(await this.mock.$verifyCalldata(proof, root, hash)).to.be.true;
expect(await this.mock.$processProof(proof, hash)).to.equal(root);
expect(await this.mock.$processProofCalldata(proof, hash)).to.equal(root);
expect(await this.mock.$verify(proof, root, hash)).to.be.true;
expect(await this.mock.$verifyCalldata(proof, root, hash)).to.be.true;
// For demonstration, it is also possible to create valid proofs for certain 64-byte values *not* in elements:
const noSuchLeaf = hashPair(
ethers.toBeArray(merkleTree.leafHash(['A'])),
ethers.toBeArray(merkleTree.leafHash(['B'])),
);
expect(await this.mock.$verify(proof.slice(1), root, noSuchLeaf)).to.be.true;
expect(await this.mock.$verifyCalldata(proof.slice(1), root, noSuchLeaf)).to.be.true;
// For demonstration, it is also possible to create valid proofs for certain 64-byte values *not* in elements:
const noSuchLeaf = nodeHash(hash, proof.at(0));
expect(await this.mock.$processProof(proof.slice(1), noSuchLeaf)).to.equal(root);
expect(await this.mock.$processProofCalldata(proof.slice(1), noSuchLeaf)).to.equal(root);
expect(await this.mock.$verify(proof.slice(1), root, noSuchLeaf)).to.be.true;
expect(await this.mock.$verifyCalldata(proof.slice(1), root, noSuchLeaf)).to.be.true;
});
it('returns false for an invalid Merkle proof', async function () {
const correctMerkleTree = this.makeTree('abc');
const otherMerkleTree = this.makeTree('def');
const root = correctMerkleTree.root;
const hash = correctMerkleTree.at(0);
const proof = otherMerkleTree.getProof(0);
expect(await this.mock.$processProof(proof, hash)).to.not.equal(root);
expect(await this.mock.$processProofCalldata(proof, hash)).to.not.equal(root);
expect(await this.mock.$verify(proof, root, hash)).to.be.false;
expect(await this.mock.$verifyCalldata(proof, root, hash)).to.be.false;
});
it('returns false for a Merkle proof of invalid length', async function () {
const merkleTree = this.makeTree('abc');
const root = merkleTree.root;
const hash = merkleTree.at(0);
const proof = merkleTree.getProof(0);
const badProof = proof.slice(0, -1);
expect(await this.mock.$processProof(badProof, hash)).to.not.equal(root);
expect(await this.mock.$processProofCalldata(badProof, hash)).to.not.equal(root);
expect(await this.mock.$verify(badProof, root, hash)).to.be.false;
expect(await this.mock.$verifyCalldata(badProof, root, hash)).to.be.false;
});
});
describe('multiProofVerify', function () {
it('returns true for a valid Merkle multi proof', async function () {
const merkleTree = this.makeTree('abcdef');
const root = merkleTree.root;
const { proof, proofFlags, leaves } = merkleTree.getMultiProof(toLeaves('bdf'));
const hashes = leaves.map(e => merkleTree.leafHash(e));
expect(await this.mock.$processMultiProof(proof, proofFlags, hashes)).to.equal(root);
expect(await this.mock.$processMultiProofCalldata(proof, proofFlags, hashes)).to.equal(root);
expect(await this.mock.$multiProofVerify(proof, proofFlags, root, hashes)).to.be.true;
expect(await this.mock.$multiProofVerifyCalldata(proof, proofFlags, root, hashes)).to.be.true;
});
it('returns false for an invalid Merkle multi proof', async function () {
const merkleTree = this.makeTree('abcdef');
const otherMerkleTree = this.makeTree('ghi');
const root = merkleTree.root;
const { proof, proofFlags, leaves } = otherMerkleTree.getMultiProof(toLeaves('ghi'));
const hashes = leaves.map(e => merkleTree.leafHash(e));
expect(await this.mock.$processMultiProof(proof, proofFlags, hashes)).to.not.equal(root);
expect(await this.mock.$processMultiProofCalldata(proof, proofFlags, hashes)).to.not.equal(root);
expect(await this.mock.$multiProofVerify(proof, proofFlags, root, hashes)).to.be.false;
expect(await this.mock.$multiProofVerifyCalldata(proof, proofFlags, root, hashes)).to.be.false;
});
it('revert with invalid multi proof #1', async function () {
const merkleTree = this.makeTree('abcd');
const root = merkleTree.root;
const hashA = merkleTree.at(0);
const hashB = merkleTree.at(1);
const hashCD = nodeHash(merkleTree.at(2), merkleTree.at(3));
const hashE = ethers.randomBytes(32); // incorrect (not part of the tree)
const fill = ethers.randomBytes(32);
await expect(
this.mock.$processMultiProof([hashB, fill, hashCD], [false, false, false], [hashA, hashE]),
).to.be.revertedWithCustomError(this.mock, 'MerkleProofInvalidMultiproof');
await expect(
this.mock.$processMultiProofCalldata([hashB, fill, hashCD], [false, false, false], [hashA, hashE]),
).to.be.revertedWithCustomError(this.mock, 'MerkleProofInvalidMultiproof');
await expect(
this.mock.$multiProofVerify([hashB, fill, hashCD], [false, false, false], root, [hashA, hashE]),
).to.be.revertedWithCustomError(this.mock, 'MerkleProofInvalidMultiproof');
await expect(
this.mock.$multiProofVerifyCalldata([hashB, fill, hashCD], [false, false, false], root, [hashA, hashE]),
).to.be.revertedWithCustomError(this.mock, 'MerkleProofInvalidMultiproof');
});
it('revert with invalid multi proof #2', async function () {
const merkleTree = this.makeTree('abcd');
const root = merkleTree.root;
const hashA = merkleTree.at(0);
const hashB = merkleTree.at(1);
const hashCD = nodeHash(merkleTree.at(2), merkleTree.at(3));
const hashE = ethers.randomBytes(32); // incorrect (not part of the tree)
const fill = ethers.randomBytes(32);
await expect(
this.mock.$processMultiProof([hashB, fill, hashCD], [false, false, false, false], [hashE, hashA]),
).to.be.revertedWithPanic(PANIC_CODES.ARRAY_ACCESS_OUT_OF_BOUNDS);
await expect(
this.mock.$processMultiProofCalldata([hashB, fill, hashCD], [false, false, false, false], [hashE, hashA]),
).to.be.revertedWithPanic(PANIC_CODES.ARRAY_ACCESS_OUT_OF_BOUNDS);
await expect(
this.mock.$multiProofVerify([hashB, fill, hashCD], [false, false, false, false], root, [hashE, hashA]),
).to.be.revertedWithPanic(PANIC_CODES.ARRAY_ACCESS_OUT_OF_BOUNDS);
await expect(
this.mock.$multiProofVerifyCalldata([hashB, fill, hashCD], [false, false, false, false], root, [
hashE,
hashA,
]),
).to.be.revertedWithPanic(PANIC_CODES.ARRAY_ACCESS_OUT_OF_BOUNDS);
});
it('limit case: works for tree containing a single leaf', async function () {
const merkleTree = this.makeTree('a');
const root = merkleTree.root;
const { proof, proofFlags, leaves } = merkleTree.getMultiProof(toLeaves('a'));
const hashes = leaves.map(e => merkleTree.leafHash(e));
expect(await this.mock.$processMultiProof(proof, proofFlags, hashes)).to.equal(root);
expect(await this.mock.$processMultiProofCalldata(proof, proofFlags, hashes)).to.equal(root);
expect(await this.mock.$multiProofVerify(proof, proofFlags, root, hashes)).to.be.true;
expect(await this.mock.$multiProofVerifyCalldata(proof, proofFlags, root, hashes)).to.be.true;
});
it('limit case: can prove empty leaves', async function () {
const merkleTree = this.makeTree('abcd');
const root = merkleTree.root;
expect(await this.mock.$processMultiProof([root], [], [])).to.equal(root);
expect(await this.mock.$processMultiProofCalldata([root], [], [])).to.equal(root);
expect(await this.mock.$multiProofVerify([root], [], root, [])).to.be.true;
expect(await this.mock.$multiProofVerifyCalldata([root], [], root, [])).to.be.true;
});
it('reverts processing manipulated proofs with a zero-value node at depth 1', async function () {
// Create a merkle tree that contains a zero leaf at depth 1
const leave = ethers.id('real leaf');
const root = nodeHash(leave, ethers.ZeroHash);
// Now we can pass any **malicious** fake leaves as valid!
const maliciousLeaves = ['malicious', 'leaves'].map(ethers.id).map(ethers.toBeArray).sort(Buffer.compare);
const maliciousProof = [leave, leave];
const maliciousProofFlags = [true, true, false];
await expect(
this.mock.$processMultiProof(maliciousProof, maliciousProofFlags, maliciousLeaves),
).to.be.revertedWithCustomError(this.mock, 'MerkleProofInvalidMultiproof');
await expect(
this.mock.$processMultiProofCalldata(maliciousProof, maliciousProofFlags, maliciousLeaves),
).to.be.revertedWithCustomError(this.mock, 'MerkleProofInvalidMultiproof');
await expect(
this.mock.$multiProofVerify(maliciousProof, maliciousProofFlags, root, maliciousLeaves),
).to.be.revertedWithCustomError(this.mock, 'MerkleProofInvalidMultiproof');
await expect(
this.mock.$multiProofVerifyCalldata(maliciousProof, maliciousProofFlags, root, maliciousLeaves),
).to.be.revertedWithCustomError(this.mock, 'MerkleProofInvalidMultiproof');
});
});
});
it('returns false for an invalid Merkle proof', async function () {
const correctMerkleTree = StandardMerkleTree.of(toElements('abc'), ['string']);
const otherMerkleTree = StandardMerkleTree.of(toElements('def'), ['string']);
const root = correctMerkleTree.root;
const hash = correctMerkleTree.leafHash(['a']);
const proof = otherMerkleTree.getProof(['d']);
expect(await this.mock.$verify(proof, root, hash)).to.be.false;
expect(await this.mock.$verifyCalldata(proof, root, hash)).to.be.false;
});
it('returns false for a Merkle proof of invalid length', async function () {
const merkleTree = StandardMerkleTree.of(toElements('abc'), ['string']);
const root = merkleTree.root;
const hash = merkleTree.leafHash(['a']);
const proof = merkleTree.getProof(['a']);
const badProof = proof.slice(0, -1);
expect(await this.mock.$verify(badProof, root, hash)).to.be.false;
expect(await this.mock.$verifyCalldata(badProof, root, hash)).to.be.false;
});
});
describe('multiProofVerify', function () {
it('returns true for a valid Merkle multi proof', async function () {
const merkleTree = StandardMerkleTree.of(toElements('abcdef'), ['string']);
const root = merkleTree.root;
const { proof, proofFlags, leaves } = merkleTree.getMultiProof(toElements('bdf'));
const hashes = leaves.map(e => merkleTree.leafHash(e));
expect(await this.mock.$multiProofVerify(proof, proofFlags, root, hashes)).to.be.true;
expect(await this.mock.$multiProofVerifyCalldata(proof, proofFlags, root, hashes)).to.be.true;
});
it('returns false for an invalid Merkle multi proof', async function () {
const merkleTree = StandardMerkleTree.of(toElements('abcdef'), ['string']);
const otherMerkleTree = StandardMerkleTree.of(toElements('ghi'), ['string']);
const root = merkleTree.root;
const { proof, proofFlags, leaves } = otherMerkleTree.getMultiProof(toElements('ghi'));
const hashes = leaves.map(e => merkleTree.leafHash(e));
expect(await this.mock.$multiProofVerify(proof, proofFlags, root, hashes)).to.be.false;
expect(await this.mock.$multiProofVerifyCalldata(proof, proofFlags, root, hashes)).to.be.false;
});
it('revert with invalid multi proof #1', async function () {
const merkleTree = StandardMerkleTree.of(toElements('abcd'), ['string']);
const root = merkleTree.root;
const hashA = merkleTree.leafHash(['a']);
const hashB = merkleTree.leafHash(['b']);
const hashCD = hashPair(
ethers.toBeArray(merkleTree.leafHash(['c'])),
ethers.toBeArray(merkleTree.leafHash(['d'])),
);
const hashE = merkleTree.leafHash(['e']); // incorrect (not part of the tree)
const fill = ethers.randomBytes(32);
await expect(
this.mock.$multiProofVerify([hashB, fill, hashCD], [false, false, false], root, [hashA, hashE]),
).to.be.revertedWithCustomError(this.mock, 'MerkleProofInvalidMultiproof');
await expect(
this.mock.$multiProofVerifyCalldata([hashB, fill, hashCD], [false, false, false], root, [hashA, hashE]),
).to.be.revertedWithCustomError(this.mock, 'MerkleProofInvalidMultiproof');
});
it('revert with invalid multi proof #2', async function () {
const merkleTree = StandardMerkleTree.of(toElements('abcd'), ['string']);
const root = merkleTree.root;
const hashA = merkleTree.leafHash(['a']);
const hashB = merkleTree.leafHash(['b']);
const hashCD = hashPair(
ethers.toBeArray(merkleTree.leafHash(['c'])),
ethers.toBeArray(merkleTree.leafHash(['d'])),
);
const hashE = merkleTree.leafHash(['e']); // incorrect (not part of the tree)
const fill = ethers.randomBytes(32);
await expect(
this.mock.$multiProofVerify([hashB, fill, hashCD], [false, false, false, false], root, [hashE, hashA]),
).to.be.revertedWithPanic(0x32);
await expect(
this.mock.$multiProofVerifyCalldata([hashB, fill, hashCD], [false, false, false, false], root, [hashE, hashA]),
).to.be.revertedWithPanic(0x32);
});
it('limit case: works for tree containing a single leaf', async function () {
const merkleTree = StandardMerkleTree.of(toElements('a'), ['string']);
const root = merkleTree.root;
const { proof, proofFlags, leaves } = merkleTree.getMultiProof(toElements('a'));
const hashes = leaves.map(e => merkleTree.leafHash(e));
expect(await this.mock.$multiProofVerify(proof, proofFlags, root, hashes)).to.be.true;
expect(await this.mock.$multiProofVerifyCalldata(proof, proofFlags, root, hashes)).to.be.true;
});
it('limit case: can prove empty leaves', async function () {
const merkleTree = StandardMerkleTree.of(toElements('abcd'), ['string']);
const root = merkleTree.root;
expect(await this.mock.$multiProofVerify([root], [], root, [])).to.be.true;
expect(await this.mock.$multiProofVerifyCalldata([root], [], root, [])).to.be.true;
});
it('reverts processing manipulated proofs with a zero-value node at depth 1', async function () {
// Create a merkle tree that contains a zero leaf at depth 1
const leave = ethers.id('real leaf');
const root = hashPair(ethers.toBeArray(leave), Buffer.alloc(32, 0));
// Now we can pass any **malicious** fake leaves as valid!
const maliciousLeaves = ['malicious', 'leaves'].map(ethers.id).map(ethers.toBeArray).sort(Buffer.compare);
const maliciousProof = [leave, leave];
const maliciousProofFlags = [true, true, false];
await expect(
this.mock.$multiProofVerify(maliciousProof, maliciousProofFlags, root, maliciousLeaves),
).to.be.revertedWithCustomError(this.mock, 'MerkleProofInvalidMultiproof');
await expect(
this.mock.$multiProofVerifyCalldata(maliciousProof, maliciousProofFlags, root, maliciousLeaves),
).to.be.revertedWithCustomError(this.mock, 'MerkleProofInvalidMultiproof');
});
});
}
});