lack of validation of the proof length in _verify_proof
function
The _verify_proof
function does not validate the length of the proof array. If the proof array is empty, the function will still compute a hash and compare it to the merkle_root.
This can lead to false positives where an empty proof is accepted as valid for certain leaves.
An attacker could submit an empty proof and potentially claim tokens they are not entitled to, depending on the structure of the Merkle tree.
Manual analysis
Add a check to reject empty proofs
The contest is live. Earn rewards by submitting a finding.
This is your time to appeal against judgements on your submissions.
Appeals are being carefully reviewed by our judges.