From f34d87ae4ca8fcf35a3a2dec02b419797ef6027d Mon Sep 17 00:00:00 2001
From: Ethen <ethen@eigenlabs.org>
Date: Fri, 10 Jan 2025 04:36:12 +0700
Subject: [PATCH] fix(sigmap-EDAP-01): Missing nil Checks On Parameters Of
 Incoming Requests (#231)

* fix(sigmap-EDAP-01): Missing nil Checks On Parameters Of Incoming Requests

* fix(sigmap-EDAP-01): Missing nil Checks On Parameters Of Incoming Requests - check all nil fields and use proto accessors for referencing cert fields
---
 store/generated_key/eigenda/eigenda.go | 16 ++++++++++++---
 verify/certificate.go                  | 27 ++++++++++++++++++++++++++
 2 files changed, 40 insertions(+), 3 deletions(-)

diff --git a/store/generated_key/eigenda/eigenda.go b/store/generated_key/eigenda/eigenda.go
index b67ce1d2..9ff5c9bb 100644
--- a/store/generated_key/eigenda/eigenda.go
+++ b/store/generated_key/eigenda/eigenda.go
@@ -59,7 +59,12 @@ func (e Store) Get(ctx context.Context, key []byte) ([]byte, error) {
 		return nil, fmt.Errorf("failed to decode DA cert to RLP format: %w", err)
 	}
 
-	decodedBlob, err := e.client.GetBlob(ctx, cert.BlobVerificationProof.BatchMetadata.BatchHeaderHash, cert.BlobVerificationProof.BlobIndex)
+	err = cert.NoNilFields()
+	if err != nil {
+		return nil, fmt.Errorf("failed to verify DA cert: %w", err)
+	}
+
+	decodedBlob, err := e.client.GetBlob(ctx, cert.BlobVerificationProof.GetBatchMetadata().GetBatchHeaderHash(), cert.BlobVerificationProof.GetBlobIndex())
 	if err != nil {
 		return nil, fmt.Errorf("EigenDA client failed to retrieve decoded blob: %w", err)
 	}
@@ -119,7 +124,12 @@ func (e Store) Put(ctx context.Context, value []byte) ([]byte, error) {
 	}
 	cert := (*verify.Certificate)(blobInfo)
 
-	err = e.verifier.VerifyCommitment(cert.BlobHeader.Commitment, encodedBlob)
+	err = cert.NoNilFields()
+	if err != nil {
+		return nil, fmt.Errorf("failed to verify DA cert: %w", err)
+	}
+
+	err = e.verifier.VerifyCommitment(cert.BlobHeader.GetCommitment(), encodedBlob)
 	if err != nil {
 		return nil, fmt.Errorf("failed to verify commitment: %w", err)
 	}
@@ -158,7 +168,7 @@ func (e Store) Verify(ctx context.Context, key []byte, value []byte) error {
 	}
 
 	// verify kzg data commitment
-	err = e.verifier.VerifyCommitment(cert.BlobHeader.Commitment, encodedBlob)
+	err = e.verifier.VerifyCommitment(cert.BlobHeader.GetCommitment(), encodedBlob)
 	if err != nil {
 		return fmt.Errorf("failed to verify commitment: %w", err)
 	}
diff --git a/verify/certificate.go b/verify/certificate.go
index 9defd894..88259252 100644
--- a/verify/certificate.go
+++ b/verify/certificate.go
@@ -1,6 +1,7 @@
 package verify
 
 import (
+	"fmt"
 	"math/big"
 
 	"github.com/Layr-Labs/eigenda/api/grpc/disperser"
@@ -29,6 +30,32 @@ type BlobHeader struct {
 
 type Certificate disperser.BlobInfo
 
+// NoNilFields ... checks if any referenced fields in the certificate
+// are nil and returns an error if so
+func (c *Certificate) NoNilFields() error {
+	if c.BlobVerificationProof == nil {
+		return fmt.Errorf("BlobVerificationProof is nil")
+	}
+
+	if c.BlobVerificationProof.BatchMetadata == nil {
+		return fmt.Errorf("BlobVerificationProof.BatchMetadata is nil")
+	}
+
+	if c.BlobVerificationProof.BatchMetadata.BatchHeader == nil {
+		return fmt.Errorf("BlobVerificationProof.BatchMetadata.BatchHeader is nil")
+	}
+
+	if c.BlobHeader == nil {
+		return fmt.Errorf("BlobHeader is nil")
+	}
+
+	if c.BlobHeader.Commitment == nil {
+		return fmt.Errorf("BlobHeader.Commitment is nil")
+	}
+
+	return nil
+}
+
 func (c *Certificate) BlobIndex() uint32 {
 	return c.BlobVerificationProof.BlobIndex
 }