Avoid overflow on empty multiproof (#4564)

frangio · web-flow · commit a503ba1a0a1a · 2023-09-04T10:17:03.000+02:00
diff --git a/.changeset/large-humans-remain.md b/.changeset/large-humans-remain.md
@@ -0,0 +1,5 @@
+---
+'openzeppelin-solidity': patch
+---
+
+`MerkleProof`: Use custom error to report invalid multiproof instead of reverting with overflow panic.
diff --git a/contracts/utils/cryptography/MerkleProof.sol b/contracts/utils/cryptography/MerkleProof.sol
@@ -118,7 +118,7 @@ library MerkleProof {
         uint256 totalHashes = proofFlags.length;
 
         // Check proof validity.
-        if (leavesLen + proofLen - 1 != totalHashes) {
+        if (leavesLen + proofLen != totalHashes + 1) {
             revert MerkleProofInvalidMultiproof();
         }
 
@@ -174,7 +174,7 @@ library MerkleProof {
         uint256 totalHashes = proofFlags.length;
 
         // Check proof validity.
-        if (leavesLen + proofLen - 1 != totalHashes) {
+        if (leavesLen + proofLen != totalHashes + 1) {
             revert MerkleProofInvalidMultiproof();
         }
 

-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +'openzeppelin-solidity': patch
 +---
++
 +`MerkleProof`: Use custom error to report invalid multiproof instead of reverting with overflow panic.
Original file line number	Diff line number	Diff line change
`@@ -118,7 +118,7 @@ library MerkleProof {`
`118`	`118`	`uint256 totalHashes = proofFlags.length;`
`119`	`119`
`120`	`120`	`// Check proof validity.`
`121`		`- if (leavesLen + proofLen - 1 != totalHashes) {`
	`121`	`+ if (leavesLen + proofLen != totalHashes + 1) {`
`122`	`122`	`revert MerkleProofInvalidMultiproof();`
`123`	`123`	`}`
`124`	`124`
`@@ -174,7 +174,7 @@ library MerkleProof {`
`174`	`174`	`uint256 totalHashes = proofFlags.length;`
`175`	`175`
`176`	`176`	`// Check proof validity.`
`177`		`- if (leavesLen + proofLen - 1 != totalHashes) {`
	`177`	`+ if (leavesLen + proofLen != totalHashes + 1) {`
`178`	`178`	`revert MerkleProofInvalidMultiproof();`
`179`	`179`	`}`
`180`	`180`