Fix verify proof function in aristo proof module (#3562)

* Fix verify proof function in aristo proof module and update tests to use. Remove usages of eth/trie in tests.

* Return error when proof is empty and add aristo proof test.

Author: bhartnett

execution_chain/db/aristo/aristo_desc/desc_error.nim

@@ -87,6 +87,7 @@ type
     PartChnLeafPathMismatch
     PartChnNodeConvError
     PartTrkEmptyPath
+    PartTrkEmptyProof
     PartTrkFollowUpKeyMismatch
     PartTrkGarbledNode
     PartTrkLeafPfxMismatch

execution_chain/db/aristo/aristo_proof.nim

@@ -94,6 +94,8 @@ proc trackRlpNodes(
   ## Verify rlp-encoded node chain created by `chainRlpNodes()`.
   if path.len == 0:
     return err(PartTrkEmptyPath)
+  if chain.len() == 0:
+    return err(PartTrkEmptyProof)
 
   # Verify key against rlp-node
   let digest = chain[0].digestTo(HashKey)
@@ -127,7 +129,11 @@ proc trackRlpNodes(
 
   let nextKey = HashKey.fromBytes(link).valueOr:
     return err(PartTrkLinkExpected)
-  chain.toOpenArray(1,chain.len-1).trackRlpNodes(nextKey, path.slice nChewOff)
+
+  if chain.len() > 1:
+    chain.toOpenArray(1, chain.len() - 1).trackRlpNodes(nextKey, path.slice nChewOff)
+  else:
+    err(PartTrkLinkExpected)
 
 proc makeProof(
     db: AristoTxRef;

execution_chain/db/core_db/base.nim

@@ -130,7 +130,7 @@ proc stateBlockNumber*(db: CoreDbTxRef): BlockNumber =
 
   rc.BlockNumber
 
-proc verify*(
+proc verifyProof*(
     db: CoreDbRef;
     proof: openArray[seq[byte]];
     root: Hash32;
@@ -221,21 +221,6 @@ proc hasKey*(kvt: CoreDbTxRef; key: openArray[byte]): bool =
 
 # ----------- accounts ---------------
 
-proc proof*(
-    acc: CoreDbTxRef;
-    accPath: Hash32;
-      ): CoreDbRc[(seq[seq[byte]],bool)] =
-  ## On the accounts MPT, collect the nodes along the `accPath` interpreted as
-  ## path. Return these path nodes as a chain of rlp-encoded blobs followed
-  ## by a bool value which is `true` if the `key` path exists in the database,
-  ## and `false` otherwise. In the latter case, the chain of rlp-encoded blobs
-  ## are the nodes proving that the `key` path does not exist.
-  ##
-  let rc = acc.aTx.makeAccountProof(accPath).valueOr:
-    return err(error.toError("", ProofCreate))
-
-  ok(rc)
-
 proc fetch*(
     acc: CoreDbTxRef;
     accPath: Hash32;
@@ -307,6 +292,21 @@ proc getStateRoot*(acc: CoreDbTxRef): CoreDbRc[Hash32] =
 
   ok(rc)
 
+proc proof*(
+    acc: CoreDbTxRef;
+    accPath: Hash32;
+      ): CoreDbRc[(seq[seq[byte]],bool)] =
+  ## On the accounts MPT, collect the nodes along the `accPath` interpreted as
+  ## path. Return these path nodes as a chain of rlp-encoded blobs followed
+  ## by a bool value which is `true` if the `key` path exists in the database,
+  ## and `false` otherwise. In the latter case, the chain of rlp-encoded blobs
+  ## are the nodes proving that the `key` path does not exist.
+  ##
+  let rc = acc.aTx.makeAccountProof(accPath).valueOr:
+    return err(error.toError("", ProofCreate))
+
+  ok(rc)
+
 proc multiProof*(
     acc: CoreDbTxRef;
     paths: Table[Hash32, seq[Hash32]];

tests/all_tests.nim

@@ -22,6 +22,7 @@ import
     test_forkid,
     test_genesis,
     test_getproof_json,
+    test_aristo_proof,
     test_jwt_auth,
     test_kvt,
     test_ledger,

tests/proof_helpers.nim

@@ -0,0 +1,56 @@
+# Nimbus
+# Copyright (c) 2018-2025 Status Research & Development GmbH
+# Licensed under either of
+#  * Apache License, version 2.0, ([LICENSE-APACHE](LICENSE-APACHE) or http://www.apache.org/licenses/LICENSE-2.0)
+#  * MIT license ([LICENSE-MIT](LICENSE-MIT) or http://opensource.org/licenses/MIT)
+# at your option. This file may not be copied, modified, or distributed except according to those terms.
+
+import
+  stew/byteutils,
+  eth/rlp,
+  eth/common/keys,
+  web3/eth_api,
+  ../execution_chain/db/aristo/aristo_proof
+
+template toHash32*(hash: untyped): Hash32 =
+  fromHex(Hash32, hash.toHex())
+
+proc verifyAccountLeafExists*(trustedStateRoot: Hash32, res: ProofResponse): bool =
+  let
+    accPath = keccak256(res.address.data)
+    value = rlp.encode(Account(
+        nonce: res.nonce.uint64,
+        balance: res.balance,
+        storageRoot: res.storageHash.toHash32(),
+        codeHash: res.codeHash.toHash32()))
+
+  let accLeaf = verifyProof(seq[seq[byte]](res.accountProof), trustedStateRoot, accPath).expect("valid proof")
+  accLeaf.isSome() and accLeaf.get() == value
+
+proc verifyAccountLeafMissing*(trustedStateRoot: Hash32, res: ProofResponse): bool =
+  let
+    accPath = keccak256(res.address.data)
+    value = rlp.encode(Account(
+        nonce: res.nonce.uint64,
+        balance: res.balance,
+        storageRoot: res.storageHash.toHash32(),
+        codeHash: res.codeHash.toHash32()))
+
+  let accLeaf = verifyProof(seq[seq[byte]](res.accountProof), trustedStateRoot, accPath).expect("valid proof")
+  accLeaf.isNone()
+
+proc verifySlotLeafExists*(trustedStorageRoot: Hash32, slot: StorageProof): bool =
+  let
+    slotPath = keccak256(toBytesBE(slot.key))
+    value = rlp.encode(slot.value)
+
+  let slotLeaf = verifyProof(seq[seq[byte]](slot.proof), trustedStorageRoot, slotPath).expect("valid proof")
+  slotLeaf.isSome() and slotLeaf.get() == value
+
+proc verifySlotLeafMissing*(trustedStorageRoot: Hash32, slot: StorageProof): bool =
+  let
+    slotPath = keccak256(toBytesBE(slot.key))
+    value = rlp.encode(slot.value)
+
+  let slotLeaf = verifyProof(seq[seq[byte]](slot.proof), trustedStorageRoot, slotPath).expect("valid proof")
+  slotLeaf.isNone()

tests/test_aristo_proof.nim

@@ -0,0 +1,140 @@
+# proof verification
+# Copyright (c) 2025 Status Research & Development GmbH
+# Licensed and distributed under either of
+#   * MIT license (license terms in the root directory or at https://opensource.org/licenses/MIT).
+#   * Apache v2 license (license terms in the root directory or at https://www.apache.org/licenses/LICENSE-2.0).
+# at your option. This file may not be copied, modified, or distributed except according to those terms.
+
+{.used.}
+
+{.push raises: [].}
+
+import
+  std/sequtils,
+  unittest2,
+  stint,
+  results,
+  stew/byteutils,
+  eth/trie/[hexary, db, trie_defs],
+  ../execution_chain/db/aristo/aristo_proof
+
+proc getKeyBytes(i: int): seq[byte] =
+  @(u256(i).toBytesBE())
+
+suite "Aristo proof verification":
+
+  test "Validate proof for existing value":
+    let numValues = 1000
+
+    var db = newMemoryDB()
+    var trie = initHexaryTrie(db)
+
+    for i in 1..numValues:
+      let
+        key = getKeyBytes(i).keccak256()
+        value = getKeyBytes(i)
+      trie.put(key.data, value)
+
+    for i in 1..numValues:
+      let
+        key = getKeyBytes(i).keccak256()
+        value = getKeyBytes(i)
+        proof = trie.getBranch(key.data)
+        root = trie.rootHash()
+
+      let proofRes = verifyProof(proof, root, key).expect("valid proof")
+      check:
+        proofRes.isSome()
+        proofRes.get() == value
+
+  test "Validate proof for non-existing value":
+    let numValues = 1000
+    var db = newMemoryDB()
+    var trie = initHexaryTrie(db)
+
+    for i in 1..numValues:
+      let
+        key = getKeyBytes(i).keccak256()
+        value = getKeyBytes(i)
+      trie.put(key.data, value)
+
+    let
+      nonExistingKey = toSeq(toBytesBE(u256(numValues + 1))).keccak256()
+      proof = trie.getBranch(nonExistingKey.data)
+      root = trie.rootHash()
+
+    let proofRes = verifyProof(proof, root, nonExistingKey).expect("valid proof")
+    check:
+      proofRes.isNone()
+
+  # The following test cases were copied from the Rust hexary trie implementation.
+  # See here: https://github.com/citahub/cita_trie/blob/master/src/tests/mod.rs#L554
+  test "Validate proof for empty trie":
+    let db = newMemoryDB()
+    var trie = initHexaryTrie(db)
+
+    let
+      proof = trie.getBranch("not-exist".toBytes.keccak256().data)
+      res = verifyProof(proof, trie.rootHash, "not-exist".toBytes.keccak256())
+
+    check:
+      trie.rootHash == keccak256(emptyRlp)
+      proof.len() == 1 # Note that the Rust implementation returns an empty list for this scenario
+      proof == @[emptyRlp]
+      res.isErr()
+
+  test "Validate proof for one element trie":
+    let db = newMemoryDB()
+    var trie = initHexaryTrie(db)
+
+    trie.put("k".toBytes.keccak256().data, "v".toBytes)
+
+    let
+      rootHash = trie.rootHash
+      proof = trie.getBranch("k".toBytes.keccak256().data)
+      res = verifyProof(proof, rootHash, "k".toBytes.keccak256()).expect("valid proof")
+
+    check:
+      proof.len() == 1
+      res.isSome()
+      res.get() == "v".toBytes
+
+  test "Validate proof bytes":
+    let db = newMemoryDB()
+    var trie = initHexaryTrie(db)
+
+    trie.put("doe".toBytes.keccak256().data, "reindeer".toBytes)
+    trie.put("dog".toBytes.keccak256().data, "puppy".toBytes)
+    trie.put("dogglesworth".toBytes.keccak256().data, "cat".toBytes)
+
+    block:
+      let
+        rootHash = trie.rootHash
+        proof = trie.getBranch("doe".toBytes.keccak256().data)
+        res = verifyProof(proof, rootHash, "doe".toBytes.keccak256()).expect("valid proof")
+
+      check:
+        res.isSome()
+        res.get() == "reindeer".toBytes
+
+    block:
+      let
+        rootHash = trie.rootHash
+        proof = trie.getBranch("dogg".toBytes.keccak256().data)
+        res = verifyProof(proof, rootHash, "dogg".toBytes.keccak256()).expect("valid proof")
+
+      check res.isNone()
+
+    block:
+      let
+        proof = newSeq[seq[byte]]()
+        res = verifyProof(proof, trie.rootHash, "doe".toBytes.keccak256())
+
+      check res.isErr()
+
+    block:
+      let
+        proof = @["aaa".toBytes, "ccc".toBytes]
+        res = verifyProof(proof, trie.rootHash, "doe".toBytes.keccak256())
+
+      check res.isErr()

tests/test_getproof_json.nim

@@ -8,48 +8,16 @@
 import
   std/os,
   unittest2,
-  stew/byteutils,
   web3/eth_api,
-  nimcrypto/[keccak, hash],
-  eth/common/[keys, eth_types_rlp],
-  eth/[rlp, trie/hexary_proof_verification],
   ../execution_chain/db/[ledger, core_db],
   ../execution_chain/common/chain_config,
-  ../execution_chain/rpc/server_api
+  ../execution_chain/rpc/server_api,
+  ./proof_helpers
 
 type
   Hash32 = eth_types.Hash32
   Address = primitives.Address
 
-template toHash32(hash: untyped): Hash32 =
-  fromHex(Hash32, hash.toHex())
-
-proc verifyAccountProof(trustedStateRoot: Hash32, res: ProofResponse): MptProofVerificationResult =
-  let
-    key = keccak256(res.address.data)
-    value = rlp.encode(Account(
-        nonce: res.nonce.uint64,
-        balance: res.balance,
-        storageRoot: res.storageHash.toHash32(),
-        codeHash: res.codeHash.toHash32()))
-
-  verifyMptProof(
-    seq[seq[byte]](res.accountProof),
-    trustedStateRoot,
-    key.data,
-    value)
-
-proc verifySlotProof(trustedStorageRoot: Hash32, slot: StorageProof): MptProofVerificationResult =
-  let
-    key = keccak256(toBytesBE(slot.key))
-    value = rlp.encode(slot.value)
-
-  verifyMptProof(
-    seq[seq[byte]](slot.proof),
-    trustedStorageRoot,
-    key.data,
-    value)
-
 proc getGenesisAlloc(filePath: string): GenesisAlloc =
   var cn: NetworkParams
   if not loadNetworkParams(filePath, cn):
@@ -89,14 +57,14 @@ proc checkProofsForExistingLeafs(
       proofResponse.balance == account.balance
       proofResponse.codeHash.toHash32() == accDB.getCodeHash(address)
       proofResponse.storageHash.toHash32() == accDB.getStorageRoot(address)
-      verifyAccountProof(stateRoot, proofResponse).isValid()
+      verifyAccountLeafExists(stateRoot, proofResponse)
       slotProofs.len() == account.storage.len()
 
     for i, slotProof in slotProofs:
       check:
         slotProof.key == slots[i]
         slotProof.value == account.storage[slotProof.key]
-        verifySlotProof(proofResponse.storageHash.toHash32(), slotProof).isValid()
+        verifySlotLeafExists(proofResponse.storageHash.toHash32(), slotProof)
 
 proc checkProofsForMissingLeafs(
     genAccounts: GenesisAlloc,
@@ -106,7 +74,7 @@ proc checkProofsForMissingLeafs(
   let
     missingAddress = Address.fromHex("0x999999cf1046e68e36E1aA2E0E07105eDDD1f08E")
     proofResponse = getProof(accDB, missingAddress, @[])
-  check verifyAccountProof(stateRoot, proofResponse).isMissing()
+  check verifyAccountLeafMissing(stateRoot, proofResponse)
 
   for address, account in genAccounts:
     let
@@ -116,12 +84,19 @@ proc checkProofsForMissingLeafs(
 
     check slotProofs.len() == 1
     if account.storage.len() > 0:
-      check verifySlotProof(proofResponse2.storageHash.toHash32(), slotProofs[0]).isMissing()
-
+      check verifySlotLeafMissing(proofResponse2.storageHash.toHash32(), slotProofs[0])
 
 suite "Get proof json tests":
 
-  let genesisFiles = ["berlin2000.json", "chainid1.json", "chainid7.json", "merge.json", "devnet4.json", "devnet5.json", "holesky.json"]
+  let genesisFiles = [
+    "berlin2000.json",
+    "chainid1.json",
+    "chainid7.json",
+    "merge.json",
+    "devnet4.json",
+    "devnet5.json",
+    "holesky.json"
+  ]
 
   test "Get proofs for existing leafs":
     for file in genesisFiles: