Update merkle tree verification to use abi encode (not packed)

Universal-Page · Nov 15, 2023 · 202fdd3 · 202fdd3
1 parent 0856717
commit 202fdd3
Show file tree

Hide file tree

Showing 11 changed files with 29 additions and 28 deletions.
diff --git a/artifacts/bytecode/assets/lsp7/DigitalAssetDrop.bin b/artifacts/bytecode/assets/lsp7/DigitalAssetDrop.bin
@@ -1 +1 @@
-0x60a060405234801561001057600080fd5b50604051610cea380380610cea83398101604081905261002f916101a6565b600180556001600160a01b03831661007e5760405162461bcd60e51b815260206004820152600d60248201526c6173736574206973207a65726f60981b60448201526064015b60405180910390fd5b60008290036100be5760405162461bcd60e51b815260206004820152600c60248201526b726f6f74206973207a65726f60a01b6044820152606401610075565b6001600160a01b0381166101045760405162461bcd60e51b815260206004820152600d60248201526c6f776e6572206973207a65726f60981b6044820152606401610075565b6001600160a01b03831660805261011a82600255565b6101238161012b565b5050506101e9565b6000546001600160a01b0382811691161461018e57600080546001600160a01b038381166001600160a01b0319831681178455604051919092169283917f8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e09190a3505b50565b6001600160a01b038116811461018e57600080fd5b6000806000606084860312156101bb57600080fd5b83516101c681610191565b6020850151604086015191945092506101de81610191565b809150509250925092565b608051610ad2610218600039600081816087015281816102610152818161035e01526104570152610ad26000f3fe608060405234801561001057600080fd5b506004361061007d5760003560e01c80639e34070f1161005b5780639e34070f146100e1578063c8edd8ab14610104578063f05c55ac14610117578063f2fde38b1461012a57600080fd5b806338d52e0f14610082578063715018a6146100c65780638da5cb5b146100d0575b600080fd5b6100a97f000000000000000000000000000000000000000000000000000000000000000081565b6040516001600160a01b0390911681526020015b60405180910390f35b6100ce61013d565b005b6000546001600160a01b03166100a9565b6100f46100ef3660046108a0565b610151565b60405190151581526020016100bd565b6100ce6101123660046108d5565b610162565b6100ce610125366004610969565b6102cd565b6100ce610138366004610969565b6104c0565b61014561054d565b61014f60006105b6565b565b600061015c82610633565b92915050565b61016a610674565b6101dc858580806020026020016040519081016040528093929190818152602001838360200280828437600092019190915250506040516bffffffffffffffffffffffff193360601b1660208201526034810186905287925060540190506040516020818303038152906040526106cd565b816001600160a01b0316837f4ec90e965519d92681267467f775ada5bd214aa92c0dc93d90a5e880ce9ed0268360405161021891815260200190565b60405180910390a3604051633b06cddd60e11b81523060048201526001600160a01b0383811660248301526044820183905260006064830181905260a0608484015260a48301527f0000000000000000000000000000000000000000000000000000000000000000169063760d9bba9060c401600060405180830381600087803b1580156102a557600080fd5b505af11580156102b9573d6000803e3d6000fd5b505050506102c660018055565b5050505050565b6102d561054d565b6102dd610674565b6001600160a01b03811661032d576040517f1a3b45fd0000000000000000000000000000000000000000000000000000000081526001600160a01b03821660048201526024015b60405180910390fd5b6040517f70a082310000000000000000000000000000000000000000000000000000000081523060048201526000907f00000000000000000000000000000000000000000000000000000000000000006001600160a01b0316906370a0823190602401602060405180830381865afa1580156103ad573d6000803e3d6000fd5b505050506040513d601f19601f820116820180604052508101906103d19190610984565b9050816001600160a01b03167feb44e1b23fad598a86840f12d9ab99216d186e1eeebb5ef8e3b3d152ba7cbc7e8260405161040e91815260200190565b60405180910390a2604051633b06cddd60e11b81523060048201526001600160a01b038381166024830152604482018390526001606483015260a06084830152600060a48301527f0000000000000000000000000000000000000000000000000000000000000000169063760d9bba9060c401600060405180830381600087803b15801561049b57600080fd5b505af11580156104af573d6000803e3d6000fd5b50505050506104bd60018055565b50565b6104c861054d565b6001600160a01b0381166105445760405162461bcd60e51b815260206004820152602660248201527f4f776e61626c653a206e6577206f776e657220697320746865207a65726f206160448201527f64647265737300000000000000000000000000000000000000000000000000006064820152608401610324565b6104bd816105b6565b336105606000546001600160a01b031690565b6001600160a01b03161461014f5760405162461bcd60e51b815260206004820181905260248201527f4f776e61626c653a2063616c6c6572206973206e6f7420746865206f776e65726044820152606401610324565b6000546001600160a01b038281169116146104bd57600080546001600160a01b038381167fffffffffffffffffffffffff0000000000000000000000000000000000000000831681178455604051919092169283917f8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e09190a35050565b600080610642610100846109b3565b90506000610652610100856109c7565b60009283526003602052604090922054600190921b9182169091149392505050565b6002600154036106c65760405162461bcd60e51b815260206004820152601f60248201527f5265656e7472616e637947756172643a207265656e7472616e742063616c6c006044820152606401610324565b6002600155565b600254610706576040517f5058901600000000000000000000000000000000000000000000000000000000815260040160405180910390fd5b61070f82610633565b1561074a5781816040517f331e2c3f0000000000000000000000000000000000000000000000000000000081526004016103249291906109ff565b6000828260405160200161075f929190610a39565b60405160208183030381529060405280519060200120905061078484600254836107cd565b6107be5782826040517f4a0e7b130000000000000000000000000000000000000000000000000000000081526004016103249291906109ff565b6107c7836107e3565b50505050565b6000826107da8584610821565b14949350505050565b60006107f1610100836109b3565b90506000610801610100846109c7565b6000928352600360205260409092208054600190931b9092179091555050565b600081815b8451811015610866576108528286838151811061084557610845610a5f565b602002602001015161086e565b91508061085e81610a75565b915050610826565b509392505050565b600081831061088a576000828152602084905260409020610899565b60008381526020839052604090205b9392505050565b6000602082840312156108b257600080fd5b5035919050565b80356001600160a01b03811681146108d057600080fd5b919050565b6000806000806000608086880312156108ed57600080fd5b853567ffffffffffffffff8082111561090557600080fd5b818801915088601f83011261091957600080fd5b81358181111561092857600080fd5b8960208260051b850101111561093d57600080fd5b602092830197509550508601359250610958604087016108b9565b949793965091946060013592915050565b60006020828403121561097b57600080fd5b610899826108b9565b60006020828403121561099657600080fd5b5051919050565b634e487b7160e01b600052601260045260246000fd5b6000826109c2576109c261099d565b500490565b6000826109d6576109d661099d565b500690565b60005b838110156109f65781810151838201526020016109de565b50506000910152565b8281526040602082015260008251806040840152610a248160608501602087016109db565b601f01601f1916919091016060019392505050565b82815260008251610a518160208501602087016109db565b919091016020019392505050565b634e487b7160e01b600052603260045260246000fd5b600060018201610a9557634e487b7160e01b600052601160045260246000fd5b506001019056fea26469706673582212209d128bf85bf3b239811da376bcd8a119d306d85d58448803ac80d5577837263664736f6c63430008110033
+0x60a060405234801561001057600080fd5b50604051610cc7380380610cc783398101604081905261002f916101a6565b600180556001600160a01b03831661007e5760405162461bcd60e51b815260206004820152600d60248201526c6173736574206973207a65726f60981b60448201526064015b60405180910390fd5b60008290036100be5760405162461bcd60e51b815260206004820152600c60248201526b726f6f74206973207a65726f60a01b6044820152606401610075565b6001600160a01b0381166101045760405162461bcd60e51b815260206004820152600d60248201526c6f776e6572206973207a65726f60981b6044820152606401610075565b6001600160a01b03831660805261011a82600255565b6101238161012b565b5050506101e9565b6000546001600160a01b0382811691161461018e57600080546001600160a01b038381166001600160a01b0319831681178455604051919092169283917f8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e09190a3505b50565b6001600160a01b038116811461018e57600080fd5b6000806000606084860312156101bb57600080fd5b83516101c681610191565b6020850151604086015191945092506101de81610191565b809150509250925092565b608051610aaf6102186000396000818160870152818161024f0152818161034c01526104450152610aaf6000f3fe608060405234801561001057600080fd5b506004361061007d5760003560e01c80639e34070f1161005b5780639e34070f146100e1578063c8edd8ab14610104578063f05c55ac14610117578063f2fde38b1461012a57600080fd5b806338d52e0f14610082578063715018a6146100c65780638da5cb5b146100d0575b600080fd5b6100a97f000000000000000000000000000000000000000000000000000000000000000081565b6040516001600160a01b0390911681526020015b60405180910390f35b6100ce61013d565b005b6000546001600160a01b03166100a9565b6100f46100ef3660046108ab565b610151565b60405190151581526020016100bd565b6100ce6101123660046108e0565b610162565b6100ce610125366004610974565b6102bb565b6100ce610138366004610974565b6104ae565b61014561053b565b61014f60006105a4565b565b600061015c82610621565b92915050565b61016a610662565b6101ca858580806020026020016040519081016040528093929190818152602001838360200280828437600092019190915250506040805133602082015290810186905287925060600190506040516020818303038152906040526106bb565b816001600160a01b0316837f4ec90e965519d92681267467f775ada5bd214aa92c0dc93d90a5e880ce9ed0268360405161020691815260200190565b60405180910390a3604051633b06cddd60e11b81523060048201526001600160a01b0383811660248301526044820183905260006064830181905260a0608484015260a48301527f0000000000000000000000000000000000000000000000000000000000000000169063760d9bba9060c401600060405180830381600087803b15801561029357600080fd5b505af11580156102a7573d6000803e3d6000fd5b505050506102b460018055565b5050505050565b6102c361053b565b6102cb610662565b6001600160a01b03811661031b576040517f1a3b45fd0000000000000000000000000000000000000000000000000000000081526001600160a01b03821660048201526024015b60405180910390fd5b6040517f70a082310000000000000000000000000000000000000000000000000000000081523060048201526000907f00000000000000000000000000000000000000000000000000000000000000006001600160a01b0316906370a0823190602401602060405180830381865afa15801561039b573d6000803e3d6000fd5b505050506040513d601f19601f820116820180604052508101906103bf919061098f565b9050816001600160a01b03167feb44e1b23fad598a86840f12d9ab99216d186e1eeebb5ef8e3b3d152ba7cbc7e826040516103fc91815260200190565b60405180910390a2604051633b06cddd60e11b81523060048201526001600160a01b038381166024830152604482018390526001606483015260a06084830152600060a48301527f0000000000000000000000000000000000000000000000000000000000000000169063760d9bba9060c401600060405180830381600087803b15801561048957600080fd5b505af115801561049d573d6000803e3d6000fd5b50505050506104ab60018055565b50565b6104b661053b565b6001600160a01b0381166105325760405162461bcd60e51b815260206004820152602660248201527f4f776e61626c653a206e6577206f776e657220697320746865207a65726f206160448201527f64647265737300000000000000000000000000000000000000000000000000006064820152608401610312565b6104ab816105a4565b3361054e6000546001600160a01b031690565b6001600160a01b03161461014f5760405162461bcd60e51b815260206004820181905260248201527f4f776e61626c653a2063616c6c6572206973206e6f7420746865206f776e65726044820152606401610312565b6000546001600160a01b038281169116146104ab57600080546001600160a01b038381167fffffffffffffffffffffffff0000000000000000000000000000000000000000831681178455604051919092169283917f8be0079c531659141344cd1fd0a4f28419497f9722a3daafe3b4186f6b6457e09190a35050565b600080610630610100846109be565b90506000610640610100856109d2565b60009283526003602052604090922054600190921b9182169091149392505050565b6002600154036106b45760405162461bcd60e51b815260206004820152601f60248201527f5265656e7472616e637947756172643a207265656e7472616e742063616c6c006044820152606401610312565b6002600155565b6002546106f4576040517f5058901600000000000000000000000000000000000000000000000000000000815260040160405180910390fd5b6106fd82610621565b156107385781816040517f331e2c3f0000000000000000000000000000000000000000000000000000000081526004016103129291906109e6565b6000828260405160200161074d9291906109e6565b60408051601f198184030181528282528051602091820120908301520160405160208183030381529060405280519060200120905061078f84600254836107d8565b6107c95782826040517f4a0e7b130000000000000000000000000000000000000000000000000000000081526004016103129291906109e6565b6107d2836107ee565b50505050565b6000826107e5858461082c565b14949350505050565b60006107fc610100836109be565b9050600061080c610100846109d2565b6000928352600360205260409092208054600190931b9092179091555050565b600081815b84518110156108715761085d8286838151811061085057610850610a3c565b6020026020010151610879565b91508061086981610a52565b915050610831565b509392505050565b60008183106108955760008281526020849052604090206108a4565b60008381526020839052604090205b9392505050565b6000602082840312156108bd57600080fd5b5035919050565b80356001600160a01b03811681146108db57600080fd5b919050565b6000806000806000608086880312156108f857600080fd5b853567ffffffffffffffff8082111561091057600080fd5b818801915088601f83011261092457600080fd5b81358181111561093357600080fd5b8960208260051b850101111561094857600080fd5b602092830197509550508601359250610963604087016108c4565b949793965091946060013592915050565b60006020828403121561098657600080fd5b6108a4826108c4565b6000602082840312156109a157600080fd5b5051919050565b634e487b7160e01b600052601260045260246000fd5b6000826109cd576109cd6109a8565b500490565b6000826109e1576109e16109a8565b500690565b82815260006020604081840152835180604085015260005b81811015610a1a578581018301518582016060015282016109fe565b506000606082860101526060601f19601f830116850101925050509392505050565b634e487b7160e01b600052603260045260246000fd5b600060018201610a7257634e487b7160e01b600052601160045260246000fd5b506001019056fea264697066735822122017d6fb2ad4dcade26a12168d82d26895d257d57ff8aee93f5aef6f0824d9f1d264736f6c63430008110033
diff --git a/artifacts/bytecode/drops/LSP7DropsDigitalAsset.bin b/artifacts/bytecode/drops/LSP7DropsDigitalAsset.bin
diff --git a/artifacts/bytecode/drops/LSP8DropsDigitalAsset.bin b/artifacts/bytecode/drops/LSP8DropsDigitalAsset.bin
diff --git a/src/assets/lsp7/DigitalAssetDrop.sol b/src/assets/lsp7/DigitalAssetDrop.sol
@@ -29,7 +29,7 @@ contract DigitalAssetDrop is OwnableUnset, ReentrancyGuard, IndexedDrop {
     }
 
     function claim(bytes32[] calldata proof, uint256 index, address recipient, uint256 amount) external nonReentrant {
-        _claim(proof, index, abi.encodePacked(msg.sender, amount));
+        _claim(proof, index, abi.encode(msg.sender, amount));
         emit Claimed(index, recipient, amount);
         asset.transfer(address(this), recipient, amount, false, "");
     }

diff --git a/src/common/IndexedDrop.sol b/src/common/IndexedDrop.sol
@@ -43,7 +43,7 @@ abstract contract IndexedDrop {
         if (_isClaimed(index)) {
             revert AlreadyClaimed(index, data);
         }
-        bytes32 leaf = keccak256(abi.encodePacked(index, data));
+        bytes32 leaf = keccak256(bytes.concat(keccak256(abi.encode(index, data))));
         if (!MerkleProof.verify(proof, _root, leaf)) {
             revert InvalidClaim(index, data);
         }

diff --git a/src/drops/DropsDigitalAsset.sol b/src/drops/DropsDigitalAsset.sol
@@ -115,7 +115,7 @@ abstract contract DropsDigitalAsset is OwnableUnset, ReentrancyGuard, IndexedDro
         bytes32 r,
         bytes32 s
     ) external payable whenActivate nonReentrant {
-        _claim(proof, index, abi.encodePacked(msg.sender));
+        _claim(proof, index, abi.encode(msg.sender));
         _mintSigned(recipient, amount, v, r, s);
     }
 

diff --git a/test/assets/lsp7/DigitalAssetDrop.t.sol b/test/assets/lsp7/DigitalAssetDrop.t.sol
@@ -32,8 +32,8 @@ contract DigitalAssetDropTest is Test {
         (UniversalProfile bob,) = deployProfile();
 
         bytes32[] memory data = new bytes32[](2);
-        data[0] = keccak256(abi.encodePacked(uint256(0), alice, uint256(3)));
-        data[1] = keccak256(abi.encodePacked(uint256(1), bob, uint256(5)));
+        data[0] = keccak256(bytes.concat(keccak256(abi.encode(uint256(0), abi.encode(alice, uint256(3))))));
+        data[1] = keccak256(bytes.concat(keccak256(abi.encode(uint256(1), abi.encode(bob, uint256(5))))));
 
         DigitalAssetDrop drop = new DigitalAssetDrop(asset, merkle.getRoot(data), dropOwner);
         asset.mint(address(drop), 8, true, "");
@@ -61,8 +61,8 @@ contract DigitalAssetDropTest is Test {
         (UniversalProfile bob,) = deployProfile();
 
         bytes32[] memory data = new bytes32[](2);
-        data[0] = keccak256(abi.encodePacked(uint256(0), alice, uint256(3)));
-        data[1] = keccak256(abi.encodePacked(uint256(1), alice, uint256(5)));
+        data[0] = keccak256(bytes.concat(keccak256(abi.encode(uint256(0), abi.encode(alice, uint256(3))))));
+        data[1] = keccak256(bytes.concat(keccak256(abi.encode(uint256(1), abi.encode(alice, uint256(5))))));
 
         DigitalAssetDrop drop = new DigitalAssetDrop(asset, merkle.getRoot(data), dropOwner);
         asset.mint(address(drop), 8, true, "");
@@ -91,8 +91,8 @@ contract DigitalAssetDropTest is Test {
         (UniversalProfile bob,) = deployProfile();
 
         bytes32[] memory data = new bytes32[](2);
-        data[0] = keccak256(abi.encodePacked(uint256(0), alice, uint256(3)));
-        data[1] = keccak256(abi.encodePacked(uint256(1), bob, uint256(5)));
+        data[0] = keccak256(bytes.concat(keccak256(abi.encode(uint256(0), abi.encode(alice, uint256(3))))));
+        data[1] = keccak256(bytes.concat(keccak256(abi.encode(uint256(1), abi.encode(bob, uint256(5))))));
 
         DigitalAssetDrop drop = new DigitalAssetDrop(asset, merkle.getRoot(data), dropOwner);
         asset.mint(address(drop), 8, true, "");
@@ -109,8 +109,8 @@ contract DigitalAssetDropTest is Test {
 
     function test_Revert_DisposeIfNotOwner() public {
         bytes32[] memory data = new bytes32[](2);
-        data[0] = keccak256(abi.encodePacked(uint256(0), address(1), uint256(3)));
-        data[1] = keccak256(abi.encodePacked(uint256(1), address(1), uint256(5)));
+        data[0] = keccak256(bytes.concat(keccak256(abi.encode(uint256(0), abi.encode(address(1), uint256(3))))));
+        data[1] = keccak256(bytes.concat(keccak256(abi.encode(uint256(1), abi.encode(address(1), uint256(5))))));
 
         DigitalAssetDrop drop = new DigitalAssetDrop(asset, merkle.getRoot(data), dropOwner);
 

diff --git a/test/common/AssetDropMock.sol b/test/common/AssetDropMock.sol
@@ -17,6 +17,6 @@ contract AssetDropMock is IndexedDrop {
     }
 
     function claim(bytes32[] memory proof, uint256 index, address recipient, uint256 amount) external {
-        _claim(proof, index, abi.encodePacked(recipient, amount));
+        _claim(proof, index, abi.encode(recipient, amount));
     }
 }
diff --git a/test/common/IndexedDrop.t.sol b/test/common/IndexedDrop.t.sol
@@ -17,9 +17,9 @@ contract IndexedDropTest is Test {
 
     function testFuzz_Claim(address alice, address bob, uint256 amount1, uint256 amount2, uint256 amount3) public {
         bytes32[] memory data = new bytes32[](3);
-        data[0] = keccak256(abi.encodePacked(uint256(0), alice, amount1));
-        data[1] = keccak256(abi.encodePacked(uint256(1), alice, amount2));
-        data[2] = keccak256(abi.encodePacked(uint256(2), bob, amount3));
+        data[0] = keccak256(bytes.concat(keccak256(abi.encode(uint256(0), abi.encode(alice, amount1)))));
+        data[1] = keccak256(bytes.concat(keccak256(abi.encode(uint256(1), abi.encode(alice, amount2)))));
+        data[2] = keccak256(bytes.concat(keccak256(abi.encode(uint256(2), abi.encode(bob, amount3)))));
         drop.setup(merkle.getRoot(data));
 
         drop.claim(merkle.getProof(data, 0), 0, alice, amount1);
@@ -34,16 +34,16 @@ contract IndexedDropTest is Test {
         address alice = vm.addr(1);
 
         bytes32[] memory data = new bytes32[](2);
-        data[0] = keccak256(abi.encodePacked(uint256(0), alice, uint256(1 ether)));
-        data[1] = keccak256(abi.encodePacked(uint256(1), alice, uint256(1.5 ether)));
+        data[0] = keccak256(bytes.concat(keccak256(abi.encode(uint256(0), abi.encode(alice, uint256(1 ether))))));
+        data[1] = keccak256(bytes.concat(keccak256(abi.encode(uint256(1), abi.encode(alice, uint256(1.5 ether))))));
         drop.setup(merkle.getRoot(data));
 
         drop.claim(merkle.getProof(data, 0), 0, alice, 1 ether);
         assertTrue(drop.isClaimed(0));
 
         bytes32[] memory proof = merkle.getProof(data, 0);
         vm.expectRevert(
-            abi.encodeWithSelector(IndexedDrop.AlreadyClaimed.selector, 0, abi.encodePacked(alice, uint256(1 ether)))
+            abi.encodeWithSelector(IndexedDrop.AlreadyClaimed.selector, 0, abi.encode(alice, uint256(1 ether)))
         );
         drop.claim(proof, 0, alice, 1 ether);
     }
@@ -52,13 +52,14 @@ contract IndexedDropTest is Test {
         address alice = vm.addr(1);
 
         bytes32[] memory data = new bytes32[](2);
-        data[0] = keccak256(abi.encodePacked(uint256(0), alice, uint256(1 ether)));
-        data[1] = keccak256(abi.encodePacked(uint256(1), alice, uint256(1.5 ether)));
+        data[0] = keccak256(bytes.concat(keccak256(abi.encodePacked(uint256(0), abi.encode(alice, uint256(1 ether))))));
+        data[1] =
+            keccak256(bytes.concat(keccak256(abi.encodePacked(uint256(1), abi.encode(alice, uint256(1.5 ether))))));
         drop.setup(merkle.getRoot(data));
 
         bytes32[] memory proof = merkle.getProof(data, 0);
         vm.expectRevert(
-            abi.encodeWithSelector(IndexedDrop.InvalidClaim.selector, 0, abi.encodePacked(alice, uint256(2 ether)))
+            abi.encodeWithSelector(IndexedDrop.InvalidClaim.selector, 0, abi.encode(alice, uint256(2 ether)))
         );
         drop.claim(proof, 0, alice, 2 ether);
     }