From b10df773abcf1d285e89c09e20eec00f5093b227 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ernesto=20Garc=C3=ADa?= <ernestognw@gmail.com>
Date: Wed, 7 Aug 2024 09:34:02 -0600
Subject: [PATCH] Make explicit the validity of the empty set in
 MerkleProof.sol (#5142)

---
 contracts/utils/cryptography/MerkleProof.sol | 16 ++++++++++++++++
 scripts/generate/templates/MerkleProof.js    |  4 ++++
 2 files changed, 20 insertions(+)

diff --git a/contracts/utils/cryptography/MerkleProof.sol b/contracts/utils/cryptography/MerkleProof.sol
index ab268364fdf..f50752fedac 100644
--- a/contracts/utils/cryptography/MerkleProof.sol
+++ b/contracts/utils/cryptography/MerkleProof.sol
@@ -168,6 +168,10 @@ library MerkleProof {
      * This version handles multiproofs in memory with the default hashing function.
      *
      * CAUTION: Not all Merkle trees admit multiproofs. See {processMultiProof} for details.
+     *
+     * NOTE: The _empty set_ (i.e. the case where `proof.length == 0 && leaves.length == 0`) is considered a noop,
+     * and therefore a valid multiproof (i.e. it returns `true`). Consider disallowing this case if you're not
+     * validating the leaves elsewhere.
      */
     function multiProofVerify(
         bytes32[] memory proof,
@@ -247,6 +251,10 @@ library MerkleProof {
      * This version handles multiproofs in memory with a custom hashing function.
      *
      * CAUTION: Not all Merkle trees admit multiproofs. See {processMultiProof} for details.
+     *
+     * NOTE: The _empty set_ (i.e. the case where `proof.length == 0 && leaves.length == 0`) is considered a noop,
+     * and therefore a valid multiproof (i.e. it returns `true`). Consider disallowing this case if you're not
+     * validating the leaves elsewhere.
      */
     function multiProofVerify(
         bytes32[] memory proof,
@@ -328,6 +336,10 @@ library MerkleProof {
      * This version handles multiproofs in calldata with the default hashing function.
      *
      * CAUTION: Not all Merkle trees admit multiproofs. See {processMultiProof} for details.
+     *
+     * NOTE: The _empty set_ (i.e. the case where `proof.length == 0 && leaves.length == 0`) is considered a noop,
+     * and therefore a valid multiproof (i.e. it returns `true`). Consider disallowing this case if you're not
+     * validating the leaves elsewhere.
      */
     function multiProofVerifyCalldata(
         bytes32[] calldata proof,
@@ -407,6 +419,10 @@ library MerkleProof {
      * This version handles multiproofs in calldata with a custom hashing function.
      *
      * CAUTION: Not all Merkle trees admit multiproofs. See {processMultiProof} for details.
+     *
+     * NOTE: The _empty set_ (i.e. the case where `proof.length == 0 && leaves.length == 0`) is considered a noop,
+     * and therefore a valid multiproof (i.e. it returns `true`). Consider disallowing this case if you're not
+     * validating the leaves elsewhere.
      */
     function multiProofVerifyCalldata(
         bytes32[] calldata proof,
diff --git a/scripts/generate/templates/MerkleProof.js b/scripts/generate/templates/MerkleProof.js
index 45486bef395..7247d1626c2 100644
--- a/scripts/generate/templates/MerkleProof.js
+++ b/scripts/generate/templates/MerkleProof.js
@@ -88,6 +88,10 @@ const templateMultiProof = ({ suffix, location, visibility, hash }) => `\
  * This version handles multiproofs in ${location} with ${hash ? 'a custom' : 'the default'} hashing function.
  *
  * CAUTION: Not all Merkle trees admit multiproofs. See {processMultiProof} for details.
+ *
+ * NOTE: The _empty set_ (i.e. the case where \`proof.length == 0 && leaves.length == 0\`) is considered a noop,
+ * and therefore a valid multiproof (i.e. it returns \`true\`). Consider disallowing this case if you're not
+ * validating the leaves elsewhere.
  */
 function multiProofVerify${suffix}(${formatArgsMultiline(
   `bytes32[] ${location} proof`,