LiskArchive/lisk-db

Panic due to lack of proof's bitmap's length validation

Closed this issue 2 years ago · 0 comments

shuse2 commented 2 years ago

Expected behavior

It should have validation to avoid the panic. Also, add fuzz test to avoid unintended panic in the functions

Actual behavior

In https://github.com/LiskHQ/lisk-db/blob/main/src/sparse_merkle_tree/smt.rs#LL1369C70-L1369C83, if the query.pair.0 is shorter than the binary_bitmap length, it panics.

Steps to reproduce

Add very long bitmap in the proof

Which version(s) does this affect? (Environment, OS, etc...)

0.3.5-