sha

Author: 0xClandestine

foundry.toml

@@ -80,6 +80,9 @@
     no_match_path = "script/**/*.sol"
     fs_permissions = [{ access = "read-write", path = "./"}]
 
+    # If enabled, allows internal expectRevert calls to be used in tests.
+    allow_internal_expect_revert = true
+
 [profile.default.fmt]
     # Single-line vs multi-line statement blocks
     single_line_statement_blocks = "preserve"  # Options: "single", "multi", "preserve"

lib/forge-std

@@ -6,41 +6,46 @@ import "src/contracts/libraries/Merkle.sol";
 import "src/test/utils/Murky.sol";
 
 abstract contract MerkleBaseTest is Test, MurkyBase {
-    bool usingSha; // Whether to use Keccak or Sha256 for tree + proof generation.
     bytes32[] leaves; // The contents of the merkle tree (unsorted).
     bytes32 root; // The root of the merkle tree.
     bytes[] proofs; // The proofs for each leaf in the tree.
 
+    function setUp() public {
+        leaves = _genLeaves(vm.randomBool() ? 9 : 10);
+        proofs = _genProofs(leaves);
+        root = _genRoot(leaves);
+    }
+
     /// -----------------------------------------------------------------------
     /// Keccak + Sha256 Tests
     /// -----------------------------------------------------------------------
 
     /// @notice Verifies that (Murky's) proofs are compatible with our implementation.
     function testFuzz_verifyInclusion_ValidProof(uint) public {
-        checkAllProofs(true);
+        _checkAllProofs(true);
     }
 
     /// @notice Verifies that an empty proof(s) is invalid.
     function testFuzz_verifyInclusion_EmptyProofs(uint) public {
         proofs = new bytes[](proofs.length);
-        checkAllProofs(false);
+        _checkAllProofs(false);
     }
 
     /// @notice Verifies valid proofs cannot be used to prove invalid leaves.
     function testFuzz_verifyInclusion_WrongProofs(uint) public {
         bytes memory proof0 = proofs[0];
         bytes memory proof1 = proofs[1];
         (proofs[0], proofs[1]) = (proof1, proof0);
-        checkSingleProof(false, 0);
-        checkSingleProof(false, 1);
+        _checkSingleProof(false, 0);
+        _checkSingleProof(false, 1);
     }
 
     /// @notice Verifies that a valid proof with excess data appended is invalid.
     function testFuzz_verifyInclusion_ExcessProofLength(uint) public {
         unchecked {
             proofs[0] = abi.encodePacked(proofs[0], vm.randomBytes(vm.randomUint(1, 10) * 32));
         }
-        checkSingleProof(false, 0);
+        _checkSingleProof(false, 0);
     }
 
     /// @notice Verifies that a valid proof with a manipulated word is invalid.
@@ -53,35 +58,54 @@ abstract contract MerkleBaseTest is Test, MurkyBase {
             mstore(m, manipulated)
         }
         proofs[0] = proof;
-        checkSingleProof(false, 0);
+        _checkSingleProof(false, 0);
     }
 
     /// -----------------------------------------------------------------------
     /// Assertions
     /// -----------------------------------------------------------------------
 
     /// @dev Checks that all proofs are valid for their respective leaves.
-    function checkAllProofs(bool status) internal virtual {
+    function _checkAllProofs(bool status) internal virtual {
         function (bytes memory proof, bytes32 root, bytes32 leaf, uint256 index) returns (bool) verifyInclusion =
-            usingSha ? Merkle.verifyInclusionSha256 : Merkle.verifyInclusionKeccak;
+            usingSha() ? Merkle.verifyInclusionSha256 : Merkle.verifyInclusionKeccak;
         for (uint i = 0; i < leaves.length; ++i) {
-            assertEq(verifyInclusion(proofs[i], root, leaves[i], i), status);
+            if (proofs[i].length == 0) {
+                vm.expectRevert(Merkle.InvalidProofLength.selector);
+                verifyInclusion(proofs[i], root, leaves[i], i);
+            } else {
+                assertEq(verifyInclusion(proofs[i], root, leaves[i], i), status);
+            }
         }
     }
 
     /// @dev Checks that a single proof is valid for its respective leaf.
-    function checkSingleProof(bool status, uint index) internal virtual {
-        function (bytes memory proof, bytes32 root, bytes32 leaf, uint256 index) returns (bool) verifyInclusion =
-            usingSha ? Merkle.verifyInclusionSha256 : Merkle.verifyInclusionKeccak;
-        assertEq(verifyInclusion(proofs[index], root, leaves[index], index), status);
+    function _checkSingleProof(bool status, uint index) internal virtual {
+        function (bytes memory proof, bytes32 root, bytes32 leaf, uint256 index) view returns (bool) verifyInclusion =
+            usingSha() ? Merkle.verifyInclusionSha256 : Merkle.verifyInclusionKeccak;
+        if (proofs[index].length == 0) {
+            vm.expectRevert(Merkle.InvalidProofLength.selector);
+            verifyInclusion(proofs[index], root, leaves[index], index);
+        } else {
+            assertEq(verifyInclusion(proofs[index], root, leaves[index], index), status);
+        }
     }
 
     /// -----------------------------------------------------------------------
     /// Helpers
     /// -----------------------------------------------------------------------
 
+    /// @dev Efficiently pads the length of leaves to the next power of 2 by appending zeros.
+    function _padLeaves(bytes32[] memory leaves) internal view virtual returns (bytes32[] memory paddedLeaves) {
+        uint numLeaves = _roundUpPow2(leaves.length);
+        paddedLeaves = new bytes32[](numLeaves);
+        for (uint i = 0; i < leaves.length; ++i) {
+            paddedLeaves[i] = leaves[i];
+        }
+    }
+
     /// @dev Effeciently generates a random list of leaves without iterative hashing.
-    function getLeaves(uint numLeaves) internal view virtual returns (bytes32[] memory leaves) {
+    function _genLeaves(uint numLeaves) internal view virtual returns (bytes32[] memory leaves) {
         bytes memory _leavesAsBytes = vm.randomBytes(numLeaves * 32);
         /// @solidity memory-safe-assembly
         assembly {
@@ -91,23 +115,26 @@ abstract contract MerkleBaseTest is Test, MurkyBase {
     }
 
     /// @dev Generates proofs for each leaf in the tree.
-    ///         Intended to be overridden by the below child contracts.
-    function getProofs(bytes32[] memory leaves) public view virtual returns (bytes[] memory proofs);
-}
+    function _genProofs(bytes32[] memory leaves) internal view virtual returns (bytes[] memory proofs) {
+        uint numLeaves = _roundUpPow2(leaves.length);
+        bytes32[] memory paddedLeaves = _padLeaves(leaves);
+        proofs = new bytes[](leaves.length);
+        for (uint i = 0; i < leaves.length; ++i) {
+            proofs[i] = abi.encodePacked(getProof(paddedLeaves, i));
+        }
+    }
 
-contract MerkleKeccakTest is MerkleBaseTest, MerkleKeccak {
-    function setUp() public {
-        usingSha = false;
-        leaves = getLeaves(vm.randomBool() ? 9 : 10);
-        root = Merkle.merkleizeKeccak(leaves);
-        proofs = getProofs(leaves);
+    /// @dev Computes the merkle root using the appropriate hash function
+    function _genRoot(bytes32[] memory leaves) internal view virtual returns (bytes32) {
+        function (bytes32[] memory leaves) view returns (bytes32) merkleize = usingSha() ? Merkle.merkleizeSha256 : Merkle.merkleizeKeccak;
+        if (usingSha()) leaves = _padLeaves(leaves);
+        return merkleize(leaves);
     }
 
-    function nextPowerOf2(uint v) internal pure returns (uint) {
+    /// @dev Rounds up to the next power of 2.
+    ///      https://graphics.stanford.edu/~seander/bithacks.html#RoundUpPowerOf2
+    function _roundUpPow2(uint v) internal pure returns (uint) {
         unchecked {
-            // Round up to the next power of 2 using the method described here:
-            // https://graphics.stanford.edu/~seander/bithacks.html#RoundUpPowerOf2
-            if (v == 0) return 0;
             v -= 1;
             v |= v >> 1;
             v |= v >> 2;
@@ -121,18 +148,17 @@ contract MerkleKeccakTest is MerkleBaseTest, MerkleKeccak {
         }
     }
 
-    function getProofs(bytes32[] memory leaves) public view virtual override returns (bytes[] memory proofs) {
-        // Merkle.merkleizeKeccak pads to next power of 2, so we need to match that.
-        uint numLeaves = nextPowerOf2(leaves.length);
-        bytes32[] memory paddedLeaves = new bytes32[](numLeaves);
-        for (uint i = 0; i < leaves.length; ++i) {
-            // TODO: Point leaves to paddedLeaves using assembly to avoid loop.
-            paddedLeaves[i] = leaves[i];
-        }
+    function usingSha() internal view virtual returns (bool);
+}
 
-        proofs = new bytes[](leaves.length);
-        for (uint i = 0; i < leaves.length; ++i) {
-            proofs[i] = abi.encodePacked(getProof(paddedLeaves, i));
-        }
+contract MerkleKeccakTest is MerkleBaseTest, MerkleKeccak {
+    function usingSha() internal view virtual override returns (bool) {
+        return false;
+    }
+}
+
+contract MerkleShaTest is MerkleBaseTest, MerkleSha {
+    function usingSha() internal view virtual override returns (bool) {
+        return true;
     }
 }

src/test/unit/libraries/Merkle.t.sol

@@ -179,17 +179,11 @@ contract MerkleSha is MurkyBase {
 
     function hashLeafPairs(bytes32 left, bytes32 right) public view override returns (bytes32 _hash) {
         assembly {
-            switch lt(left, right)
-            case 0 {
-                mstore(0x0, right)
-                mstore(0x20, left)
-            }
-            default {
-                mstore(0x0, left)
-                mstore(0x20, right)
-            }
-            _hash := mload(iszero(staticcall(gas(), SHA256_PRECOMPILE, 0x0, 0x40, 0x0, 0x20)))
-            if iszero(returndatasize()) { invalid() }
+            mstore(0x0, left)
+            mstore(0x20, right)
+            let success := staticcall(gas(), SHA256_PRECOMPILE, 0x0, 0x40, 0x0, 0x20)
+            if iszero(success) { revert(0, 0) }
+            _hash := mload(0x0)
         }
     }
 }