pyth-network
diff --git a/‎target_chains/ethereum/contracts/contracts/libraries/MerkleTree.sol‎
Lines changed: 134 additions & 0 deletions b/‎target_chains/ethereum/contracts/contracts/libraries/MerkleTree.sol‎
Lines changed: 134 additions & 0 deletions
diff --git a/‎target_chains/ethereum/contracts/contracts/pyth/PythAccumulator.sol‎
Lines changed: 13 additions & 55 deletions b/‎target_chains/ethereum/contracts/contracts/pyth/PythAccumulator.sol‎
Lines changed: 13 additions & 55 deletions
diff --git a/‎target_chains/ethereum/contracts/forge-test/Pyth.WormholeMerkleAccumulator.t.sol‎
Lines changed: 121 additions & 0 deletions b/‎target_chains/ethereum/contracts/forge-test/Pyth.WormholeMerkleAccumulator.t.sol‎
Lines changed: 121 additions & 0 deletions
@@ -0,0 +1,134 @@
+// SPDX-License-Identifier: Apache 2
+
+pragma solidity ^0.8.0;
+
+import "./external/UnsafeBytesLib.sol";
+
+/**
+ * @dev This library provides methods to construct and verify Merkle Tree proofs efficiently.
+ *
+ */
+
+library MerkleTree {
+    uint8 constant MERKLE_LEAF_PREFIX = 0;
+    uint8 constant MERKLE_NODE_PREFIX = 1;
+
+    function hash(bytes memory input) internal pure returns (bytes20) {
+        return bytes20(keccak256(input));
+    }
+
+    function leafHash(bytes memory data) internal pure returns (bytes20) {
+        return hash(abi.encodePacked(MERKLE_LEAF_PREFIX, data));
+    }
+
+    function nodeHash(
+        bytes20 childA,
+        bytes20 childB
+    ) internal pure returns (bytes20) {
+        if (childA > childB) {
+            (childA, childB) = (childB, childA);
+        }
+        return hash(abi.encodePacked(MERKLE_NODE_PREFIX, childA, childB));
+    }
+
+    /// @notice Verify Merkle Tree proof for given leaf data.
+    /// @dev This method does not perform any check on the boundry of the
+    /// `encodedProof` and `proofOffset` parameters. It is the caller's
+    /// responsibility to ensure that the `encodedProof` is long enough to
+    /// contain the proof and the `proofOffset` is not out of bound.
+    function verify(
+        bytes memory encodedProof,
+        uint proofOffset,
+        bytes20 root,
+        bytes memory leafData
+    ) internal pure returns (bool valid, uint endOffset) {
+        unchecked {
+            bytes20 currentDigest = MerkleTree.leafHash(leafData);
+
+            uint8 proofSize = UnsafeBytesLib.toUint8(encodedProof, proofOffset);
+            proofOffset += 1;
+
+            for (uint i = 0; i < proofSize; i++) {
+                bytes20 siblingDigest = bytes20(
+                    UnsafeBytesLib.toAddress(encodedProof, proofOffset)
+                );
+                proofOffset += 20;
+
+                currentDigest = MerkleTree.nodeHash(
+                    currentDigest,
+                    siblingDigest
+                );
+            }
+
+            valid = currentDigest == root;
+            endOffset = proofOffset;
+        }
+    }
+
+    /// @notice Construct Merkle Tree proofs for given list of messages.
+    /// @dev This function is only used for testing purposes and is not efficient
+    /// for production use-cases.
+    ///
+    /// This method creates a merkle tree with leaf size of (2^depth) with the
+    /// messages as leafs (in the same given order) and returns the root digest
+    /// and the proofs for each message. If the number of messages is not a power
+    /// of 2, the tree is padded with empty messages.
+    function constructProofs(
+        bytes[] memory messages,
+        uint8 depth
+    ) internal pure returns (bytes20 root, bytes[] memory proofs) {
+        require((1 << depth) >= messages.length, "depth too small");
+
+        bytes20[] memory tree = new bytes20[]((1 << (depth + 1)));
+
+        // The tree is structured as follows:
+        // 1
+        // 2 3
+        // 4 5 6 7
+        // ...
+        // In this structure the parent of node x is x//2 and the children
+        // of node x are x*2 and x*2 + 1. Also, the sibling of the node x
+        // is x^1. The root is at index 1 and index 0 is not used.
+
+        // Filling the leaf hashes
+        for (uint i = 0; i < (1 << depth); i++) {
+            if (i < messages.length) {
+                tree[(1 << depth) + i] = leafHash(messages[i]);
+            } else {
+                tree[(1 << depth) + i] = leafHash("");
+            }
+        }
+
+        // Filling the node hashes from bottom to top
+        for (uint k = depth; k > 0; k--) {
+            uint level = k - 1;
+            uint levelNumNodes = (1 << level);
+            for (uint i = 0; i < levelNumNodes; i++) {
+                uint id = (1 << level) + i;
+                tree[id] = nodeHash(tree[id * 2], tree[id * 2 + 1]);
+            }
+        }
+
+        root = tree[1];
+
+        proofs = new bytes[](messages.length);
+
+        for (uint i = 0; i < messages.length; i++) {
+            proofs[i] = abi.encodePacked(depth);
+
+            // This loop iterates through the leaf and its parents
+            // and keeps adding the sibling of the current node to the proof.
+
+            uint idx = (1 << depth) + i;
+            for (uint k = depth; k > 0; k--) {
+                proofs[i] = abi.encodePacked(
+                    proofs[i],
+                    tree[idx ^ 1] // Sibling of this node
+                );
+
+                // Jump to parent
+                idx /= 2;
+            }
+        }
+    }
+}
@@ -11,6 +11,8 @@ import "./PythGetters.sol";
 import "./PythSetters.sol";
 import "./PythInternalStructs.sol";
 
+import "../libraries/MerkleTree.sol";
+
 abstract contract PythAccumulator is PythGetters, PythSetters, AbstractPyth {
     uint32 constant ACCUMULATOR_MAGIC = 0x504e4155; // Stands for PNAU (Pyth Network Accumulator Update)
     uint32 constant ACCUMULATOR_WORMHOLE_MAGIC = 0x41555756; // Stands for AUWV (Accumulator Update Wormhole Verficiation)
@@ -83,11 +85,6 @@ abstract contract PythAccumulator is PythGetters, PythSetters, AbstractPyth {
                 offset += trailingHeaderSize;
             }
 
-            // This value is only used as the check below which currently
-            // never reverts
-            // uint8 minorVersion = UnsafeBytesLib.toUint18(accumulatorUpdate, offset);
-            offset += 1;
-
             UpdateType updateType = UpdateType(
                 UnsafeBytesLib.toUint8(accumulatorUpdate, offset)
             );
@@ -156,7 +153,7 @@ abstract contract PythAccumulator is PythGetters, PythSetters, AbstractPyth {
                     digest = bytes20(
                         UnsafeBytesLib.toAddress(encodedPayload, payloadoffset)
                     );
-                    payloadoffset += 32;
+                    payloadoffset += 20;
 
                     // TODO: Do we need to be strict about the size of the payload? How it can evolve?
                     if (payloadoffset != encodedPayload.length)
@@ -179,15 +176,8 @@ abstract contract PythAccumulator is PythGetters, PythSetters, AbstractPyth {
         }
     }
 
-    uint8 constant MERKLE_LEAF_PREFIX = 0;
-    uint8 constant MERKLE_NODE_PREFIX = 1;
-
-    function merkleHash(bytes memory input) private pure returns (bytes20) {
-        return bytes20(keccak256(input));
-    }
-
     function verifyAndUpdatePriceFeedFromMerkleProof(
-        bytes32 digest,
+        bytes20 digest,
         bytes memory encoded,
         uint offset
     ) private returns (uint endOffset) {
@@ -202,48 +192,16 @@ abstract contract PythAccumulator is PythGetters, PythSetters, AbstractPyth {
             );
             offset += messageSize;
 
-            {
-                bytes20 currentDigest = merkleHash(
-                    abi.encodePacked(MERKLE_LEAF_PREFIX, encodedMessage)
-                );
-
-                uint8 proofSize = UnsafeBytesLib.toUint8(encoded, offset);
-                offset += 1;
-
-                for (uint i = 0; i < proofSize; i++) {
-                    uint8 isSiblingRight = UnsafeBytesLib.toUint8(
-                        encoded,
-                        offset
-                    );
-                    offset += 1;
-
-                    bytes32 siblingDigest = UnsafeBytesLib.toBytes32(
-                        encoded,
-                        offset
-                    );
-                    offset += 32;
-
-                    if (isSiblingRight == 0) {
-                        currentDigest = merkleHash(
-                            abi.encodePacked(
-                                MERKLE_NODE_PREFIX,
-                                siblingDigest,
-                                currentDigest
-                            )
-                        );
-                    } else {
-                        currentDigest = merkleHash(
-                            abi.encodePacked(
-                                MERKLE_NODE_PREFIX,
-                                currentDigest,
-                                siblingDigest
-                            )
-                        );
-                    }
-                }
+            bool valid;
+            (valid, offset) = MerkleTree.verify(
+                encoded,
+                offset,
+                digest,
+                encodedMessage
+            );
 
-                if (currentDigest != digest)
-                    revert PythErrors.InvalidUpdateData();
+            if (!valid) {
+                revert PythErrors.InvalidUpdateData();
             }
 
             parseAndProcessMessage(encodedMessage);
 
@@ -0,0 +1,121 @@
+// SPDX-License-Identifier: Apache 2
+
+pragma solidity ^0.8.0;
+
+import "@openzeppelin/contracts/proxy/ERC1967/ERC1967Proxy.sol";
+import "forge-std/Test.sol";
+
+import "@pythnetwork/pyth-sdk-solidity/IPyth.sol";
+import "@pythnetwork/pyth-sdk-solidity/PythErrors.sol";
+import "@pythnetwork/pyth-sdk-solidity/PythStructs.sol";
+import "./utils/WormholeTestUtils.t.sol";
+import "./utils/PythTestUtils.t.sol";
+import "./utils/RandTestUtils.t.sol";
+
+contract PythWormholeMerkleAccumulatorTest is
+    Test,
+    WormholeTestUtils,
+    PythTestUtils,
+    RandTestUtils
+{
+    IPyth public pyth;
+
+    function setUp() public {
+        pyth = IPyth(setUpPyth(setUpWormhole(1)));
+    }
+
+    function generateRandomPriceFeedMessage(
+        uint numPriceFeeds
+    ) internal returns (PriceFeedMessage[] memory priceFeedMessages) {
+        priceFeedMessages = new PriceFeedMessage[](numPriceFeeds);
+        for (uint i = 0; i < numPriceFeeds; i++) {
+            priceFeedMessages[i] = PriceFeedMessage({
+                priceId: getRandBytes32(),
+                price: getRandInt64(),
+                conf: getRandUint64(),
+                expo: getRandInt32(),
+                publishTime: getRandUint64(),
+                emaPrice: getRandInt64(),
+                emaConf: getRandUint64()
+            });
+        }
+    }
+
+    function createWormholeMerkleUpdateData(
+        PriceFeedMessage[] memory priceFeedMessages
+    ) internal returns (bytes[] memory updateData, uint updateFee) {
+        updateData = new bytes[](1);
+
+        uint8 depth = 0;
+        while ((1 << depth) < priceFeedMessages.length) {
+            depth++;
+        }
+
+        depth += getRandUint8() % 3;
+
+        updateData[0] = generateWhMerkleUpdate(priceFeedMessages, depth, 1);
+
+        updateFee = pyth.getUpdateFee(updateData);
+    }
+
+    /// Testing update price feeds method using wormhole merkle update type.
+    function testUpdatePriceFeedWithWormholeMerkleWorks(uint seed) public {
+        setRandSeed(seed);
+
+        PriceFeedMessage[]
+            memory priceFeedMessages = generateRandomPriceFeedMessage(
+                (getRandUint() % 10) + 1
+            );
+        (
+            bytes[] memory updateData,
+            uint updateFee
+        ) = createWormholeMerkleUpdateData(priceFeedMessages);
+
+        pyth.updatePriceFeeds{value: updateFee}(updateData);
+
+        for (uint i = 0; i < priceFeedMessages.length; i++) {
+            PythStructs.Price memory aggregatePrice = pyth.getPriceUnsafe(
+                priceFeedMessages[i].priceId
+            );
+            assertEq(aggregatePrice.price, priceFeedMessages[i].price);
+            assertEq(aggregatePrice.conf, priceFeedMessages[i].conf);
+            assertEq(aggregatePrice.expo, priceFeedMessages[i].expo);
+            assertEq(
+                aggregatePrice.publishTime,
+                priceFeedMessages[i].publishTime
+            );
+
+            PythStructs.Price memory emaPrice = pyth.getEmaPriceUnsafe(
+                priceFeedMessages[i].priceId
+            );
+            assertEq(emaPrice.price, priceFeedMessages[i].emaPrice);
+            assertEq(emaPrice.conf, priceFeedMessages[i].emaConf);
+            assertEq(emaPrice.expo, priceFeedMessages[i].expo);
+            assertEq(emaPrice.publishTime, priceFeedMessages[i].publishTime);
+        }
+    }
+
+    function testUpdatePriceFeedWithWormholeMerkleWorksOnMultiUpdate() public {}
+
+    function testUpdatePriceFeedWithWormholeMerkleIgnoresOutOfOrderUpdate()
+        public
+    {}
+
+    function testUpdatePriceFeedWithWormholeMerkleRevertsOnWrongVAA() public {}
+
+    function testUpdatePriceFeedWithWormholeMerkleRevertsOnWrongVAASource()
+        public
+    {}
+
+    function testUpdatePriceFeedWithWormholeMerkleRevertsOnWrongProof()
+        public
+    {}
+
+    function testUpdatePriceFeedWithWormholeMerkleRevertsOnWrongHeader()
+        public
+    {}
+
+    function testUpdatePriceFeedWithWormholeMerkleRevertsIfUpdateFeeIsNotPaid()
+        public
+    {}
+}