Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and
privacy statement. We’ll occasionally send you account related emails.
Already on GitHub?
to your account
process_deposit accepts deposits with an invalid merkle proof as valid
depth=DEPOSIT_CONTRACT_TREE_DEPTH + 1
Discovered via beacon-fuzz (initial testing of deposit fuzzer).
Triggering case: nim-deposit-crash-5d4907f2962783d3806b93bfe1a5f4c808b1c3bf with the following beacon_states
Or the pre-processed input deposit_preprocessed_invalid_merkle.ssz can be directly passed to the nimbus harness nfuzz_deposit
The text was updated successfully, but these errors were encountered:
Interesting, we have a case to cover an invalid merkle branch in the consensus tests here -- https://github.com/ethereum/eth2.0-specs/blob/7b76808a1c28dc44d449dee7619e301130066959/tests/core/pyspec/eth2spec/test/phase_0/block_processing/test_process_deposit.py#L228-L240
I'll see if I can figure out what the difference between this case is and why it's not adequately covered in our vectors
Sorry, something went wrong.
Feel free to re-open if this doesn't fix things.
No branches or pull requests