svalbard
svalbard copied to clipboard
transmissions11
Bump dirs from 3.0.1 to 3.0.2
Bumps dirs from 3.0.1 to 3.0.2.
Commits
- See full diff in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebasewill rebase this PR -
@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it -
@dependabot mergewill merge this PR after your CI passes on it -
@dependabot squash and mergewill squash and merge this PR after your CI passes on it -
@dependabot cancel mergewill cancel a previously requested merge and block automerging -
@dependabot reopenwill reopen this PR if it is closed -
@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) -
@dependabot use these labelswill set the current labels as the default for future PRs for this repo and language -
@dependabot use these reviewerswill set the current reviewers as the default for future PRs for this repo and language -
@dependabot use these assigneeswill set the current assignees as the default for future PRs for this repo and language -
@dependabot use this milestonewill set the current milestone as the default for future PRs for this repo and language -
@dependabot badge mewill comment on this PR with code to add a "Dependabot enabled" badge to your readme
Additionally, you can set the following in your Dependabot dashboard:
- Update frequency (including time of day and day of week)
- Pull request limits (per update run and/or open at any time)
- Out-of-range updates (receive only lockfile updates, if desired)
- Security updates (receive only security updates, if desired)
![dependabot-preview[bot] avatar](https://avatars.githubusercontent.com/in/2141?v=4 "Published by a pub.dev verified publisher"){kind=small}
Let's marinate a while first.
I think the JS and TS codes from merkletreejs, which is used in OpenZeppelin may have some unhandled edge cases for when the tree is small.
// Tests modified and added under (https://github.com/OpenZeppelin/openzeppelin-contracts/blob/master/test/utils/cryptography/MerkleProof.test.js)
// OZ `package.json` updated to use the latest merkletreejs.
it('test multiProof for a tree with height = 1 (only one node, the root)', async function () {
const inputLeafs = ['a'].map(keccak256).sort(Buffer.compare);
const merkleTree = new MerkleTree(inputLeafs, keccak256, { sort: true });
const root = merkleTree.getRoot();
const leafs = ['a'].map(keccak256).sort(Buffer.compare);
const proof = merkleTree.getMultiProof(leafs);
const flags = merkleTree.getProofFlags(leafs, proof);
const indices = merkleTree.getProofIndices(leafs, proof);
console.log({ root, leafs, proof, flags });
// New method in v0.2.31 of merkletreejs. Able to return true as expected. :)
console.log(merkleTree.verifyMultiProof(root, indices, leafs, inputLeafs.length, proof));
// Older method in merkletreejs. Throws exception, but should return true. :(
try {
console.log(merkleTree.verifyMultiProofWithFlags(root, leafs, proof, flags));
} catch (e) { console.log(e); }
// Smart Contract's original method (used in OZ).
// Throws exception, when it should return true. :(
try {
expect(await this.merkleProof.multiProofVerify(root, leafs, proof, flags)).to.equal(true);
} catch (e) { console.log(e); }
});
it('test multiProof for a tree with only height = 2', async function () {
const inputLeafs = ['a', 'b'].map(keccak256).sort(Buffer.compare);
const merkleTree = new MerkleTree(inputLeafs, keccak256, { sort: true });
const root = merkleTree.getRoot();
const leafs = ['a', 'b'].map(keccak256).sort(Buffer.compare);
const proof = merkleTree.getMultiProof(leafs);
const flags = merkleTree.getProofFlags(leafs, proof);
const indices = merkleTree.getProofIndices(leafs, proof);
console.log({ root, leafs, proof, flags });
// New method in v0.2.31 of merkletreejs. Returns false, which is incorrect. :(
console.log(merkleTree.verifyMultiProof(root, indices, leafs, inputLeafs.length, proof));
// Older method in merkletreejs. Returns true, which is correct. :)
console.log(merkleTree.verifyMultiProofWithFlags(root, leafs, proof, flags));
// Returns true as expected. :)
expect(await this.merkleProof.multiProofVerify(root, leafs, proof, flags)).to.equal(true);
});
I've written code and tests in this PR so that it can correctly handle these cases.
@miguelmota
Bad CI!
Failed tests:
[FAIL. Counterexample: calldata=0x94a508f10000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000c000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000, args=[true, true, false, true, true, [false]]] testMultiProofVerifyEmpty(bool,bool,bool,bool,bool,bool[]) (runs: 1513, μ: 36734, ~: 37585)
https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3446
Ok, changed the case for one node to return true, for:
MerkleProof.verifyMultiProof(
[root] /* proof */,
root /* root */,
[] /* leafs */,
[] /* flags */
)
Since the empty set [] is always contained in any tree.