Closed NoahMarconi closed 6 years ago
Keep in mind that there needs to be great care taken in how a leaf hash is computed, or the height must be specified. The concern is a poorly chosen leaf format would result in me being able to provider an intermediate node as a leaf.
In the general case, imagine the poorly chosen leaf format keccak(bytes32:tokenId, bytes32:owner)
; I am purposefully making a weird choice of the owner being a bytes32 to demonstrate the issue, I will come up with a better example at some point :).
If this tree had a height of 10, the expected input would be a merkle proof of length 10, and I could redeem (tokenId, owner) and all would be happy. However, if I submit only the last 9 elements of the Merkle proof and pass in keccak256(tokenId, owner)
as the token ID and merkleProof[9]
as the redeemer, it would still validate; I would have assigned ownership of token ID keccak(token, id)
to the merkleProof[9]
.
Ugh. It's hard to explain without a whiteboard. :p
Does that make sense though? I am planning to put an EIP together on Merkle Air-Drops, I should include a bit explaining (concisely) the importance of how to choose the Merkle Tree leaves...
In that case I'll close this for now. If after the EIP is submitted I still see value in decoupling the functionality I can always open a new issue.
The hashing is quite specific to AirDrops however the need to verify a Merkle proof is a general need.
I can implement. Is there a way to make the
hash
function signature generic enough to handle a variety of leaf data structures?