Skip to content

fix(zktrie): add max recursion depth limit to countLeaves#286

Merged
curryxbo merged 1 commit intofeat/zktrie2mptfrom
fix/zktrie-countleaves-depth-limit
Feb 9, 2026
Merged

fix(zktrie): add max recursion depth limit to countLeaves#286
curryxbo merged 1 commit intofeat/zktrie2mptfrom
fix/zktrie-countleaves-depth-limit

Conversation

@curryxbo
Copy link
Copy Markdown
Contributor

@curryxbo curryxbo commented Feb 9, 2026

Add maxZkTrieDepth (256) constant and depth check in countLeaves function to prevent potential stack overflow, node crashes, and DoS attacks.

The theoretical maximum depth of zkTrie is 256, so this limit ensures safe recursion while covering all valid use cases.

1. Purpose or design rationale of this PR

...

2. PR title

Your PR title must follow conventional commits (as we are doing squash merge for each PR), so it must start with one of the following types:

  • build: Changes that affect the build system or external dependencies (example scopes: yarn, eslint, typescript)
  • ci: Changes to our CI configuration files and scripts (example scopes: vercel, github, cypress)
  • docs: Documentation-only changes
  • feat: A new feature
  • fix: A bug fix
  • perf: A code change that improves performance
  • refactor: A code change that doesn't fix a bug, or add a feature, or improves performance
  • style: Changes that do not affect the meaning of the code (white-space, formatting, missing semi-colons, etc)
  • test: Adding missing tests or correcting existing tests

3. Deployment tag versioning

Has the version in params/version.go been updated?

  • This PR doesn't involve a new deployment, git tag, docker image tag, and it doesn't affect traces
  • Yes

4. Breaking change label

Does this PR have the breaking-change label?

  • This PR is not a breaking change
  • Yes

fix(zktrie): add max recursion depth limit to countLeaves
efda8bb 
Add maxZkTrieDepth (256) constant and depth check in countLeaves function
to prevent potential stack overflow, node crashes, and DoS attacks.

The theoretical maximum depth of zkTrie is 256, so this limit ensures
safe recursion while covering all valid use cases.
@curryxbo curryxbo requested a review from a team as a code owner February 9, 2026 08:19
@curryxbo curryxbo requested review from twcctop and removed request for a team February 9, 2026 08:19
@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented Feb 9, 2026

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch fix/zktrie-countleaves-depth-limit

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@curryxbo curryxbo force-pushed the fix/zktrie-countleaves-depth-limit branch from 1f36467 to efda8bb Compare February 9, 2026 08:20
@curryxbo curryxbo merged commit a721fbc into feat/zktrie2mpt Feb 9, 2026
1 check passed
@curryxbo curryxbo deleted the fix/zktrie-countleaves-depth-limit branch February 9, 2026 08:38
panos-xyz added a commit that referenced this pull request Feb 11, 2026
@panos-xyz @curryxbo
feat: change zktrie to mpt (#257)
48d562b 
* feat: change zktrie to mpt

* fix: add diskroot mapping for consensus api new L2 block

* fix: fixed alttxfee stroage trace in mpt mode

* refactor: remove useless block trace struct fields

* refactor: retain executionResults in blocktrace but remove structlog

* fix: fixed ci code scanning alerts

* feat: add eth_config with morph extension

* feat: add mptForkTime override flag

* fix: fixed getblockTrace stateroot mismatch

* Update AssembleL2Block (#259)

* update AssembleL2BlockParams


---------

Co-authored-by: corey <corey.zhang@bitget.com>

* feat:Add migration-checker (#271)

* update AssembleL2BlockParams

* update ec clent

* add migration-checker

* add gen preimages

* clean changes

* optimize“

* update readme“

* clean readme“

* clean trie changes

---------

Co-authored-by: corey <corey.zhang@bitget.com>

* limit AssembleL2Block (#285)

* limit AssembleL2Block

* fmt

---------

Co-authored-by: corey <corey.zhang@bitget.com>

* fix(zktrie): add max recursion depth limit to countLeaves (#286)

Add maxZkTrieDepth (256) constant and depth check in countLeaves function
to prevent potential stack overflow, node crashes, and DoS attacks.

The theoretical maximum depth of zkTrie is 256, so this limit ensures
safe recursion while covering all valid use cases.

Co-authored-by: corey <corey.zhang@bitget.com>

* Add Progress bar (#280)

* add progress bar

* clean default value

* fix

---------

Co-authored-by: corey <corey.zhang@bitget.com>

---------

Co-authored-by: corey <coreyx1992@gmail.com>
Co-authored-by: corey <corey.zhang@bitget.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@twcctop twcctop Awaiting requested review from twcctop twcctop was automatically assigned from morph-l2/security

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@curryxbo