Coinbase

Coinbase: AggregateVerifier

Cantina Security Report

Organization

@coinbase

Engagement Type

Cantina Reviews

Period

-

Repositories

GitHubbase/contracts

Researchers

0xicingdeath

rvierdiiev

Findings

Informational

1 findings

1 fixed

0 acknowledged

Informational1 finding

  1. Document offsets, size, and expected structs

    State

    Fixed

    https://github.com/base/contracts/pull/251/changes/f6cebdd9e83263c24de4b0c38cb3d4ecb94a2ab6

    Severity

    Severity: Informational

    Submitted by

    0xicingdeath

    Description

    The initializeWithData function highlights the expected proof values, including selector, creator, root claim, extradata, intermediate roots, and cwia bytes. In practice, the contract stores all the above, without the selector, hence all offsets are shifted 4 bytes to the left.

    For documentation purposes, we would recommend adding a section in the contract that highlights the data offset, size, and item being stored. This helps with double checking that the getters are retrieving the correct bytes of correct size.

    image.png

    Recommendation

    Consider adding the above in in-code documentation in a comment or in external documentation

    Coinbase

    CWIA data offset added as per recommendations in attached PR.