Zellic - Audit Reports

Component: SP1ICS07Tendermint

Function: `updateClient`

The function verifies the public values via the SP1 verifier and updates the client and the consensus state.

Inputs

updateMsg
- Control: Arbitrary.
- Constraints: Must be a valid update — otherwise, the SP1 verifier will revert.
- Impact: Updates the client and consensus state.

Branches and code coverage

Intended branches

The state should be updated as per the result of the _checkUpdateResult call.

Negative behavior

The vkey should be equal to UPDATE_CLIENT_PROGRAM_VKEY.

The time should be in the correct range.

The chainId, trustLevel, trustingPeriod, and unbondingPeriod of the public client state should match that of the stored client state.

The trusted consensus-state hash of the output should match the stored consensus-state hash.

The SP1 proof should be valid.

Function call analysis

VERIFIER.verifyProof
- What is controllable? proof.vKey, proof.publicValues, and proof.proof.
- If the return value is controllable, how is it used and how can it go wrong? N/A.
- What happens if it reverts, reenters, or does other unusual control flow? If this reverts, the entire transaction would revert — no reentrancy scenarios.

Function: `verifyMembership`

The function verifies the public values via the SP1 verifier and verifies that the requested path/value is present in the output paths/values.

Inputs

msg_
- Control: Arbitrary.
- Constraints: Must be a valid membership proof — otherwise, the SP1 verifier will revert.
- Impact: Returns the timestamp of the trusted consensus state if the requested path/value is found in the output.

Branches and code coverage

Intended branches

If the proof type is IMembershipMsgs.MembershipProofType.SP1MembershipProof, it returns the timestamp of the trusted consensus state if the requested path and value are found in the output.

If the proof type is IMembershipMsgs.MembershipProofType.SP1MembershipAndUpdateClientProof, it first updates the consensus and client state, then verifies the membership proof, and finally returns the timestamp of the trusted consensus state that was updated.

Negative behavior

Membership proof value and key should be present in the kvPairs of the output.

msg_.value should not be empty.

The vkey should be equal to MEMBERSHIP_PROGRAM_VKEY if the proof type is IMembershipMsgs.MembershipProofType.SP1MembershipProof and UPDATE_CLIENT_AND_MEMBERSHIP_PROGRAM_VKEY if the proof type is IMembershipMsgs.MembershipProofType.SP1MembershipAndUpdateClientProof.

The trusted consensus state hash of the output should match the stored consensus state hash.

The SP1 proof should be valid.

Function call analysis

VERIFIER.verifyProof
- What is controllable? proof.vKey, proof.publicValues, and proof.proof.
- If the return value is controllable, how is it used and how can it go wrong? N/A.
- What happens if it reverts, reenters, or does other unusual control flow? If this reverts, the entire transaction would revert — no reentrancy scenarios.

Function: `verifyNonMembership`

The function verifies the public values via the SP1 verifier and verifies that the requested path and empty value are present in the output paths/values.

Inputs

msg_
- Control: Arbitrary.
- Constraints: Must be a valid nonmembership proof — otherwise, the SP1 verifier will revert.
- Impact: Returns the timestamp of the trusted consensus state if the requested path and empty values are found in the output.

Branches and code coverage

Intended branches

If the proof type is IMembershipMsgs.MembershipProofType.SP1MembershipProof, it returns the timestamp of the trusted consensus state if the requested path and empty value are found in the output.

If the proof type is IMembershipMsgs.MembershipProofType.SP1MembershipAndUpdateClientProof, it first updates the consensus and client state, then verifies the nonmembership proof, and finally returns the timestamp of the trusted consensus state that was updated.

Negative behavior

The membership-proof empty value and key should be present in the kvPairs of the output.

The trusted consensus-state hash of the output should match the stored consensus-state hash.

The SP1 proof should be valid.

Function call analysis

VERIFIER.verifyProof
- What is controllable? proof.vKey, proof.publicValues, and proof.proof.
- If the return value is controllable, how is it used and how can it go wrong? N/A.
- What happens if it reverts, reenters, or does other unusual control flow? If this reverts, the entire transaction would revert — no reentrancy scenarios.

Function: `misbehaviour`

The function verifies the public values via the SP1 verifier, verifies the misbehavior output, and finally updates the frozen state.

Inputs

misbehaviourMsg
- Control: Arbitrary.
- Constraints: Must be a valid misbehavior SP1 proof — otherwise, the SP1 verifier will revert.
- Impact: Sets the isFrozen state to true.

Branches and code coverage

Intended branches

If the proof is valid, it updates the isFrozen state to true.

Negative behavior

The vkey should be equal to MISBEHAVIOUR_PROGRAM_VKEY.

It should make sure that the trusted consensus state from header1 and header2 is known.

The SP1 proof should be valid.

Function call analysis

VERIFIER.verifyProof
- What is controllable? proof.vKey, proof.publicValues, and proof.proof.
- If the return value is controllable, how is it used and how can it go wrong? N/A.
- What happens if it reverts, reenters, or does other unusual control flow? If this reverts, the entire transaction would revert — no reentrancy scenarios.

Component: SP1ICS07Tendermint

Function: updateClient

Inputs

Branches and code coverage

Function call analysis

Function: verifyMembership

Inputs

Branches and code coverage

Function call analysis

Function: verifyNonMembership

Inputs

Branches and code coverage

Function call analysis

Function: misbehaviour

Inputs

Branches and code coverage

Function call analysis

Function: `updateClient`

Function: `verifyMembership`

Function: `verifyNonMembership`

Function: `misbehaviour`