From 0a4fa7acbac32cc612a58a2d704165c503941320 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philippe=20Laferri=C3=A8re?= <plafer@protonmail.com>
Date: Thu, 1 Feb 2024 17:20:42 -0500
Subject: [PATCH] `mpverify`: don't panic when verification fails (#1230)

* Replace `panic!()` with `Err()`

* fix
---
 processor/src/errors.rs                | 10 ++++++++++
 processor/src/operations/crypto_ops.rs | 12 +++++++++---
 2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/processor/src/errors.rs b/processor/src/errors.rs
index 410a0abea2..2109756f3e 100644
--- a/processor/src/errors.rs
+++ b/processor/src/errors.rs
@@ -50,6 +50,11 @@ pub enum ExecutionError {
         value: Felt,
     },
     MemoryAddressOutOfBounds(u64),
+    MerklePathVerificationFailed {
+        value: Word,
+        index: Felt,
+        root: Digest,
+    },
     MerkleStoreMergeFailed(MerkleError),
     MerkleStoreLookupFailed(MerkleError),
     MerkleStoreUpdateFailed(MerkleError),
@@ -146,6 +151,11 @@ impl Display for ExecutionError {
             MemoryAddressOutOfBounds(addr) => {
                 write!(f, "Memory address cannot exceed 2^32 but was {addr}")
             }
+            MerklePathVerificationFailed { value, index, root } => {
+                let value = to_hex(Felt::elements_as_bytes(value))?;
+                let root = to_hex(&root.as_bytes())?;
+                write!(f, "Merkle path verification failed for value {value} at index {index}, in the Merkle tree with root {root}")
+            }
             MerkleStoreLookupFailed(reason) => {
                 write!(f, "Advice provider Merkle store backend lookup failed: {reason}")
             }
diff --git a/processor/src/operations/crypto_ops.rs b/processor/src/operations/crypto_ops.rs
index fc4a329d4d..bfb9e98e06 100644
--- a/processor/src/operations/crypto_ops.rs
+++ b/processor/src/operations/crypto_ops.rs
@@ -84,9 +84,15 @@ where
         // helper registers.
         self.decoder.set_user_op_helpers(Operation::MpVerify, &[addr]);
 
-        // Asserting the computed root of the Merkle path from the advice provider is consistent with
-        // the input root.
-        assert_eq!(root, computed_root, "inconsistent Merkle tree root");
+        if root != computed_root {
+            // If the hasher chiplet doesn't compute the same root (using the same path),
+            // then it means that `node` is not the value currently in the tree at `index`
+            return Err(ExecutionError::MerklePathVerificationFailed {
+                value: node,
+                index,
+                root: root.into(),
+            });
+        }
 
         // The same state is copied over to the next clock cycle with no changes.
         self.stack.copy_state(0);