Summary
agglayer-interop-grpc-types gRPC v1 compat decode for multisig currently computes entry.index + 1 when sizing the signer vector.
If entry.index == u32::MAX, this overflows and panics in debug/test builds instead of returning a typed validation error.
Agglayer currently needs a local precheck only to avoid that panic before delegating to interop conversion.
Location
crates/agglayer-interop-grpc-types/src/compat/v1/aggchain_data/v1_to_types.rs
Current Behavior
The code computes:
let required_len = signatures
.iter()
.map(|entry| entry.index + 1)
.max()
.unwrap_or(0);This can panic on u32::MAX + 1.
Expected Behavior
- Use
checked_add(1) or equivalent safe arithmetic.
- Return a typed
Error::invalid_data("Multisig ECDSA signer index overflow") instead of panicking.
Why It Matters
Once this is fixed, Agglayer can rely on interop multisig conversion directly without keeping a local overflow prevalidation step.
Acceptance Criteria
- No panic on
entry.index == u32::MAX
- Decode returns a typed invalid-data error
- Add a regression test covering the overflow case
Summary
agglayer-interop-grpc-typesgRPC v1 compat decode for multisig currently computesentry.index + 1when sizing the signer vector.If
entry.index == u32::MAX, this overflows and panics in debug/test builds instead of returning a typed validation error.Agglayer currently needs a local precheck only to avoid that panic before delegating to interop conversion.
Location
crates/agglayer-interop-grpc-types/src/compat/v1/aggchain_data/v1_to_types.rsCurrent Behavior
The code computes:
This can panic on
u32::MAX + 1.Expected Behavior
checked_add(1)or equivalent safe arithmetic.Error::invalid_data("Multisig ECDSA signer index overflow")instead of panicking.Why It Matters
Once this is fixed, Agglayer can rely on interop multisig conversion directly without keeping a local overflow prevalidation step.
Acceptance Criteria
entry.index == u32::MAX