While the repeated hashing of nodes looks very correct, I cannot see anywhere that the client can verify what the actual value that was included in the proof.
The last Lemma will have the node_hash of the LeafNode. However, there is no check in Proof.verify to check that proof.Value has any relationship to the Lemma that was Valid.
I don't see a reason I cannot construct a valid proof for some data in the tree, then change the Value and present it to you as a valid proof of some fake data.
While the repeated hashing of nodes looks very correct, I cannot see anywhere that the client can verify what the actual value that was included in the proof.
The last Lemma will have the node_hash of the LeafNode. However, there is no check in Proof.verify to check that
proof.Valuehas any relationship to the Lemma that was Valid.I don't see a reason I cannot construct a valid proof for some data in the tree, then change the Value and present it to you as a valid proof of some fake data.