fix: address finding on odd lengths

iajoiner · iajoiner · commit 42ba572b0c21 · 2025-04-21T16:40:33.000-04:00
diff --git a/solidity/src/base/Errors.sol b/solidity/src/base/Errors.sol
@@ -8,6 +8,9 @@ uint32 constant ERR_INVALID_EC_ADD_INPUTS = 0x765bcba0;
 uint32 constant ERR_INVALID_EC_MUL_INPUTS = 0xe32c7472;
 /// @dev Error code for when ECPAIRING inputs are invalid.
 uint32 constant ERR_INVALID_EC_PAIRING_INPUTS = 0x4385b511;
+/// @dev Error code for commitment array having odd length which is impossible
+/// since each commitment is 2 elements.
+uint32 constant ERR_COMMITMENT_ARRAY_ODD_LENGTH = 0x88acadef;
 /// @dev Error code for when the size of a sumcheck proof is incorrect.
 uint32 constant ERR_INVALID_SUMCHECK_PROOF_SIZE = 0x3f889a17;
 /// @dev Error code for when the evaluation of a round in a sumcheck proof does not match the expected value.
@@ -58,6 +61,9 @@ library Errors {
     error InvalidECMulInputs();
     /// @notice Error thrown when the inputs to the ECPAIRING precompile are invalid.
     error InvalidECPairingInputs();
+    /// @notice Error code for commitment array having odd length which is impossible
+    /// since each commitment is 2 elements.
+    error CommitmentArrayOddLength();
     /// @notice Error thrown when the size of a sumcheck proof is incorrect.
     error InvalidSumcheckProofSize();
     /// @notice Error thrown when the evaluation of a round in a sumcheck proof does not match the expected value.
diff --git a/solidity/src/verifier/Verifier.pre.sol b/solidity/src/verifier/Verifier.pre.sol
@@ -519,7 +519,10 @@ library Verifier {
                 verify_result_evaluations(result_ptr, evaluation_point_ptr, evaluations_ptr)
             }
 
-            mstore(__commitments, div(mload(__commitments), 2))
+            // Revert if the commitments array has an odd length
+            let commitments_len := mload(__commitments)
+            if mod(commitments_len, 2) { err(ERR_COMMITMENT_ARRAY_ODD_LENGTH) }
+            mstore(__commitments, div(commitments_len, 2))
             verify_query(__result.offset, __plan.offset, __proof.offset, __tableLengths, __commitments)
         }
     }
diff --git a/solidity/test/base/Errors.t.sol b/solidity/test/base/Errors.t.sol
@@ -27,6 +27,13 @@ contract ErrorsTest is Test {
         Errors.__err(ERR_INVALID_EC_PAIRING_INPUTS);
     }
 
+    /// forge-config: default.allow_internal_expect_revert = true
+    function testErrorCommitmentArrayOddLength() public {
+        assert(Errors.CommitmentArrayOddLength.selector == bytes4(ERR_COMMITMENT_ARRAY_ODD_LENGTH));
+        vm.expectRevert(Errors.CommitmentArrayOddLength.selector);
+        Errors.__err(ERR_COMMITMENT_ARRAY_ODD_LENGTH);
+    }
+
     /// forge-config: default.allow_internal_expect_revert = true
     function testErrorInvalidSumcheckProofSize() public {
         assert(Errors.InvalidSumcheckProofSize.selector == bytes4(ERR_INVALID_SUMCHECK_PROOF_SIZE));
diff --git a/solidity/test/verifier/Verifier.t.pre.sol b/solidity/test/verifier/Verifier.t.pre.sol
@@ -4,6 +4,7 @@ pragma solidity ^0.8.28;
 
 import {Test} from "forge-std/Test.sol";
 import "../../src/base/Constants.sol";
+import {Errors} from "../../src/base/Errors.sol";
 import {Verifier} from "../../src/verifier/Verifier.pre.sol";
 
 contract VerifierTest is Test {

Original file line number	Diff line number	Diff line change
`@@ -519,7 +519,10 @@ library Verifier {`
`519`	`519`	`verify_result_evaluations(result_ptr, evaluation_point_ptr, evaluations_ptr)`
`520`	`520`	`}`
`521`	`521`
`522`		`- mstore(__commitments, div(mload(__commitments), 2))`
	`522`	`+ // Revert if the commitments array has an odd length`
	`523`	`+ let commitments_len := mload(__commitments)`
	`524`	`+ if mod(commitments_len, 2) { err(ERR_COMMITMENT_ARRAY_ODD_LENGTH) }`
	`525`	`+ mstore(__commitments, div(commitments_len, 2))`
`523`	`526`	`verify_query(__result.offset, __plan.offset, __proof.offset, __tableLengths, __commitments)`
`524`	`527`	`}`
`525`	`528`	`}`