Handles inputs to proof verification shorter than 64 hex characters for nullifier_hash, merkle_root, external_nullifier, and signal_hash.
As these are all outputs of a hash function, there's no guarantee that the output is above a certain value, and we shouldn't expect to receive hex strings pre-padded.
This issue was identified during testing of an unrelated Android bug, where the merkle_root was valid, but only 63 hex characters long.
For the above-named inputs, this PR slices off 0x from the string, pads the hex string with 0 up to 64 characters, and adds the 0x back, then attempts to parse the hex string as a uint256.
penryn-lgtm-bot[bot]
commented
5 months ago
Handles inputs to proof verification shorter than 64 hex characters for
nullifier_hash,merkle_root,external_nullifier, andsignal_hash.As these are all outputs of a hash function, there's no guarantee that the output is above a certain value, and we shouldn't expect to receive hex strings pre-padded.
This issue was identified during testing of an unrelated Android bug, where the
merkle_rootwas valid, but only 63 hex characters long.For the above-named inputs, this PR slices off
0xfrom the string, pads the hex string with0up to 64 characters, and adds the0xback, then attempts to parse the hex string as auint256.