Skip to content

fix: reject empty proofs with trailing nodes#30

Open
drappi-ai wants to merge 2 commits intozellic-audit-feb-2026from
cdai__fix-207-lenient-empty-proof
Open

fix: reject empty proofs with trailing nodes#30
drappi-ai wants to merge 2 commits intozellic-audit-feb-2026from
cdai__fix-207-lenient-empty-proof

Conversation

@drappi-ai
Copy link

@drappi-ai drappi-ai commented Mar 9, 2026

Summary

  • Empty proofs (or proofs starting with EMPTY_STRING_CODE) were accepted even with trailing junk nodes
  • Added TrailingProofNodes error variant; after accepting the empty node, verify no remaining elements exist

Addresses SeismicSystems/internal#207.

Test plan

  • empty_proof_with_trailing_nodes_is_rejected regression test
  • All existing tests pass

drappi-ai added 2 commits March 9, 2026 15:54
@drappi-ai
test: add test for lenient empty proof handling with trailing nodes
336dd44 
Add a test demonstrating that verify_proof incorrectly accepts proofs
with trailing nodes after an empty node (e.g., [EMPTY, junk...]) when
root == EMPTY_ROOT_HASH and expected_value == None. This test currently
fails, confirming the bug described in SeismicSystems/internal#207.
@drappi-ai
fix: reject empty proofs with trailing nodes
91db654 
After peeking to determine an empty proof case, consume the first
element and verify no remaining elements exist. If trailing nodes
are present, return a new TrailingProofNodes error. This prevents
proofs like [EMPTY, junk...] from being accepted as valid exclusion
proofs.

Fixes SeismicSystems/internal#207
@drappi-ai drappi-ai force-pushed the cdai__fix-207-lenient-empty-proof branch from 747ea56 to 91db654 Compare March 9, 2026 15:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@drappi-ai