fix: validate root format in empty-range proof path of VerifyNamespace#324
Open
evan-forbes wants to merge 1 commit into
Open
fix: validate root format in empty-range proof path of VerifyNamespace#324evan-forbes wants to merge 1 commit into
evan-forbes wants to merge 1 commit into
Conversation
Proof.VerifyNamespace panics with "slice bounds out of range" on an empty-range proof when the supplied root is shorter than 2*nID.Size(). The empty-range path sliced the root via MinNamespace/MaxNamespace without first validating its format, unlike the non-empty path which validates the root via nth.ValidateNodeFormat in VerifyLeafHashes. Validate the root with nth.ValidateNodeFormat at the top of isValidEmptyRangeProof so a malformed/short root returns a verification failure instead of panicking. Adds a regression test. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a validation check for the root format in isValidEmptyRangeProof to prevent a potential panic caused by slice bounds errors when the root is too short. Additionally, a regression test was added to ensure that empty range proofs with short roots are handled correctly without panicking. I have no feedback to provide.
rach-id
approved these changes
May 28, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Proof.VerifyNamespacepanics (slice bounds out of range) on an empty-range proof with a root shorter than2*nID.Size(), because the empty-range path slices the root without validating its format; this fix validates the root first and returns a verification failure instead.This is strictly hardening: the only in-tree production caller (celestia-node's
RowNamespaceData.Verify) is doubly guarded (it rejects empty proofs and derives the root from the validated DAH, not from the peer), so production accessibility is very limited; fixing because it is cheap and correct.🤖 Generated with Claude Code