improve validation of risc0 verifier info

bluele · bluele · commit 3b9aaced0030 · 2025-03-27T18:53:55.000+09:00
Signed-off-by: Jun Kimura &lt;jun.kimura@datachain.jp&gt;
diff --git a/contracts/ILCPClientErrors.sol b/contracts/ILCPClientErrors.sol
@@ -68,7 +68,7 @@ interface ILCPClientErrors {
     error LCPClientZKDCAPInvalidNextTcbEvaluationDataNumberInfo();
     error LCPClientZKDCAPInvalidVerifierInfos();
     error LCPClientZKDCAPInvalidVerifierInfoLength();
-    error LCPClientZKDCAPInvalidVerifierInfoZKVMType();
+    error LCPClientZKDCAPInvalidVerifierInfoRisc0Header();
     error LCPClientZKDCAPUnsupportedZKVMType();
     error LCPClientZKDCAPRisc0ImageIdNotSet();
     error LCPClientZKDCAPUnexpectedIntelRootCAHash();
diff --git a/contracts/LCPClientZKDCAPBase.sol b/contracts/LCPClientZKDCAPBase.sol
@@ -264,6 +264,7 @@ abstract contract LCPClientZKDCAPBase is LCPClientBase {
         // The format is as follows:
         // - First byte (0): zkVM type identifier.
         // - Remaining bytes (1–N): zkVM-specific data.
+        // - N must be greater than or equal to 32.
         //
         // Currently, only RISC Zero zkVM (type=1) is supported, with the following format:
         //
@@ -273,12 +274,16 @@ abstract contract LCPClientZKDCAPBase is LCPClientBase {
         // | 1–31    | Reserved (set as zero)      |
         // | 32–63   | Image ID                    |
         uint256 vlen = verifierInfo.length;
-        if (vlen == 0) {
+        if (vlen < 32) {
             revert LCPClientZKDCAPInvalidVerifierInfoLength();
         }
         // Currently, the client only supports RISC Zero zkVM
-        if (uint8(verifierInfo[0]) != ZKVM_TYPE_RISC_ZERO) {
-            revert LCPClientZKDCAPInvalidVerifierInfoZKVMType();
+        bytes32 header;
+        assembly {
+            header := mload(add(verifierInfo, 32))
+        }
+        if (header != bytes32(bytes1(ZKVM_TYPE_RISC_ZERO))) {
+            revert LCPClientZKDCAPInvalidVerifierInfoRisc0Header();
         }
         // risc0 verifier info should be 64 bytes
         if (vlen != 64) {
diff --git a/test/LCPClientZKDCAPTest.t.sol b/test/LCPClientZKDCAPTest.t.sol
@@ -376,6 +376,43 @@ contract LCPClientZKDCAPTest is BasicTest {
         lc.zkDCAPRegisterEnclaveKey(clientId, msgData);
     }
 
+    function testRegisterEnclaveKeyInvalidRisc0Header() public {
+        string memory clientId = "lcp-zkdcap";
+        TestLCPClientZKDCAPExtended lc = new TestLCPClientZKDCAPExtended(
+            address(this), false, ZKDCAPTestHelper.dummyIntelRootCACert(), address(new NopRiscZeroVerifier())
+        );
+        {
+            IbcLightclientsLcpV1ClientState.Data memory clientState = defaultClientState();
+            clientState.zkdcap_verifier_infos[0][0] = 0x00;
+            bytes memory clientStateBytes = LCPProtoMarshaler.marshal(clientState);
+            bytes memory consensusStateBytes = LCPProtoMarshaler.marshal(defaultConsensusState());
+            vm.expectRevert(
+                abi.encodeWithSelector(ILCPClientErrors.LCPClientZKDCAPInvalidVerifierInfoRisc0Header.selector)
+            );
+            lc.initializeClient(clientId, clientStateBytes, consensusStateBytes);
+        }
+        {
+            IbcLightclientsLcpV1ClientState.Data memory clientState = defaultClientState();
+            clientState.zkdcap_verifier_infos[0][0] = 0x02;
+            bytes memory clientStateBytes = LCPProtoMarshaler.marshal(clientState);
+            bytes memory consensusStateBytes = LCPProtoMarshaler.marshal(defaultConsensusState());
+            vm.expectRevert(
+                abi.encodeWithSelector(ILCPClientErrors.LCPClientZKDCAPInvalidVerifierInfoRisc0Header.selector)
+            );
+            lc.initializeClient(clientId, clientStateBytes, consensusStateBytes);
+        }
+        {
+            IbcLightclientsLcpV1ClientState.Data memory clientState = defaultClientState();
+            clientState.zkdcap_verifier_infos[0][1] = 0x01;
+            bytes memory clientStateBytes = LCPProtoMarshaler.marshal(clientState);
+            bytes memory consensusStateBytes = LCPProtoMarshaler.marshal(defaultConsensusState());
+            vm.expectRevert(
+                abi.encodeWithSelector(ILCPClientErrors.LCPClientZKDCAPInvalidVerifierInfoRisc0Header.selector)
+            );
+            lc.initializeClient(clientId, clientStateBytes, consensusStateBytes);
+        }
+    }
+
     function testRegisterEnclaveKeyEnclaveDebugMismatch() public {
         string memory clientId = "lcp-zkdcap";
         // developmentMode=false but output.enclaveDebugEnabled is set to true
