Omniscia Euler Audit

MerkleProof Code Style Findings

MerkleProof Code Style Findings

MPF-01C: Code Version Discrepancy

Description:

The linked comment indicates that the code of the dependency was copied from the OpenZeppelin contracts at version v4.4.1, however, the code highlighted did not exist in that version.

Example:

contracts/vendor/MerkleProof.sol
30/**
31 * @dev Returns the rebuilt hash obtained by traversing a Merklee tree up
32 * from `leaf` using `proof`. A `proof` is valid if and only if the rebuilt
33 * hash matches the root of the tree. When processing the proof, the pairs
34 * of leafs & pre-images are assumed to be sorted.
35 *
36 * _Available since v4.4._
37 */
38function processProof(bytes32[] memory proof, bytes32 leaf) internal pure returns (bytes32) {
39    bytes32 computedHash = leaf;
40    for (uint256 i = 0; i < proof.length; i++) {
41        bytes32 proofElement = proof[i];
42        if (computedHash <= proofElement) {
43            // Hash(current computed hash + current element of the proof)
44            computedHash = _efficientHash(computedHash, proofElement);
45        } else {
46            // Hash(current element of the proof + current computed hash)
47            computedHash = _efficientHash(proofElement, computedHash);
48        }
49    }
50    return computedHash;
51}
52

53function _efficientHash(bytes32 a, bytes32 b) private pure returns (bytes32 value) {
54    assembly {
55        mstore(0x00, a)
56        mstore(0x20, b)
57        value := keccak256(0x00, 0x40)
58    }
59}

Recommendation:

We advise the proper version to be indicated by the file as the updated code exists in v4.5.0.

Alleviation:

The comment was updated to indicate the correct version the contract was copied from.

Prev

EulStakes.sol (ESS-C)

Next

Finding Types

On this page