Near-One / rainbow-bridge

🌈🌈🌈 NEAR <> Ethereum Decentralized Bridge
GNU General Public License v3.0
327 stars 100 forks source link

Eth2-to-Near-relay: don't panic on `MerkleProof` verification #815

Open sept-en opened 2 years ago

sept-en commented 2 years ago

ExecutionBlockProof::merkle_root_from_branch contains an assertion statement outside of a test block: assert_eq!(branch.len(), depth, "proof length should equal depth");. This assertion encodes an invariant which should not occur during runtime based on the inputs to the call. However, the relay will panic if this property should ever be broken.

It would be preferable to return an error, providing the same guarantees that the function will not verify invalid data but will not crash the program.

olga24912 commented 2 years ago

It is not a bug. I use this code only in tests.

sept-en commented 2 years ago

@olga24912 this is actually a bug. If the specific part of the code is intended to be used only in tests, it should have been protected with an appropriate feature flag.