Skip to content

perf: use calldata for proof #58

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: feature/rlp
Choose a base branch
from
Draft

perf: use calldata for proof #58

wants to merge 1 commit into from

Conversation

@0xClandestine
Copy link

@0xClandestine 0xClandestine commented Jul 26, 2025

Fixes #????

Likely doesn't follow style guidelines, but I wanted to better communicate the idea. Proofs are always provided by a caller as calldata, thus we should use calldata to avoid memory expansion. Proving an account alone with optimisms SecureMerkleTrie implementation is over 400k gas for reference.

PR Checklist

  • Tests
  • Documentation
  • Changeset entry (run npx changeset add)

@changeset-bot
Copy link

changeset-bot bot commented Jul 26, 2025

⚠️ No Changeset found

Latest commit: 175348c

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@0xClandestine
Copy link
Author

0xClandestine commented Jul 26, 2025
edited
Loading

@ernestognw OpenZeppelin#5680

0xClandestine
0xClandestine commented Jul 26, 2025
View reviewed changes
contracts/utils/cryptography/TrieProof.sol
Comment on lines +249 to +254
function _hashCalldata(uint256 offset, uint256 length) private pure returns (bytes32 hash) {
assembly ("memory-safe") {
calldatacopy(mload(0x40), offset, length)
hash := keccak256(mload(0x40), length)
}
}
Copy link
Author

@0xClandestine 0xClandestine Jul 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rather than adjusting the free memory pointer at the end we allow previous proofs (in memory) to be overwritten. Avoiding unnecessary memory expansion.

0xClandestine
0xClandestine commented Jul 26, 2025
View reviewed changes
contracts/utils/cryptography/TrieProof.sol
Comment on lines +259 to +264
function _calldataOffsetAndLength(bytes calldata proof) private pure returns (uint256 offset, uint256 length) {
assembly ("memory-safe") {
offset := proof.offset
length := proof.length
}
}
Copy link
Author

@0xClandestine 0xClandestine Jul 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

High level Solidity doesn't allow us to do this for whatever reason...

0xClandestine
0xClandestine commented Jul 26, 2025
View reviewed changes
contracts/utils/cryptography/TrieProof.sol
Comment on lines -145 to +150
if (keyIndex == 0 && !string(bytes.concat(keccak256(node.encoded))).equal(string(nodeId)))
return ProofError.INVALID_ROOT_HASH; // Root node must match root hash
if (node.encoded.length >= 32 && !string(bytes.concat(keccak256(node.encoded))).equal(string(nodeId)))
return ProofError.INVALID_LARGE_INTERNAL_HASH; // Large nodes are stored as hashes
if (!string(node.encoded).equal(string(nodeId))) return ProofError.INVALID_INTERNAL_NODE_HASH; // Small nodes must match directly
bytes32 nodeHash = _hashCalldata(node.offset, node.length);
bool nodeHashMatches = string(bytes.concat(nodeHash)).equal(string(nodeId));
if (keyIndex == 0 && !nodeHashMatches) return ProofError.INVALID_ROOT_HASH; // Root node must match root hash
if (node.length >= 32 && !nodeHashMatches) return ProofError.INVALID_LARGE_INTERNAL_HASH; // Large nodes are stored as hashes
if (!(nodeHash == keccak256(nodeId))) return ProofError.INVALID_INTERNAL_NODE_HASH; // Small nodes must match directly
Copy link
Author

@0xClandestine 0xClandestine Jul 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using a variable avoids subsequent branches from expanding memory further.

Copy link
Author

@0xClandestine 0xClandestine Jul 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also I think my updated L150 is functionally equivalent just avoids loading the proof into memory again.

0xClandestine
0xClandestine commented Jul 27, 2025
View reviewed changes
contracts/utils/cryptography/TrieProof.sol
Comment on lines +44 to +45
uint256 offset; // Raw RLP encoded node calldata offset
uint256 length; // Raw RLP encoded node calldata length
Copy link
Author

@0xClandestine 0xClandestine Jul 27, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually makes more sense to simply store the proof elements index.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@0xClandestine