chore: add poseidon hash input error for non 32 bytes inputs

Cargo.toml

@@ -252,7 +252,7 @@ light-merkle-tree-metadata = { path = "program-libs/merkle-tree-metadata", versi
 aligned-sized = { path = "program-libs/aligned-sized", version = "1.1.0" }
 light-bloom-filter = { path = "program-libs/bloom-filter", version = "0.6.0" }
 light-bounded-vec = { version = "2.0.1" }
-light-poseidon = { version = "0.3.0" }
+light-poseidon = { version = "0.4.0" }
 light-test-utils = { path = "program-tests/utils", version = "1.2.1" }
 light-indexed-array = { path = "program-libs/indexed-array", version = "0.3.0" }
 light-array-map = { path = "program-libs/array-map", version = "0.2.0" }

program-libs/compressed-account/src/compressed_account.rs

@@ -411,18 +411,27 @@ mod tests {
         };
         let merkle_tree_pubkey = Pubkey::new_unique();
         let leaf_index: u32 = 1;
+
+        // Precompute padded 32-byte arrays matching the hash implementation
+        let mut leaf_index_bytes = [0u8; 32];
+        leaf_index_bytes[28..].copy_from_slice(&leaf_index.to_le_bytes());
+        let mut lamports_bytes = [0u8; 32];
+        lamports_bytes[24..].copy_from_slice(&lamports.to_le_bytes());
+        lamports_bytes[23] = 1;
+        let mut discriminator_bytes = [0u8; 32];
+        discriminator_bytes[24..].copy_from_slice(&data.discriminator);
+        discriminator_bytes[23] = 2;
+
         let hash = compressed_account
             .hash(&merkle_tree_pubkey, &leaf_index, false)
             .unwrap();
         let hash_manual = Poseidon::hashv(&[
             hash_to_bn254_field_size_be(&owner.to_bytes()).as_slice(),
-            leaf_index.to_le_bytes().as_slice(),
+            &leaf_index_bytes,
             hash_to_bn254_field_size_be(&merkle_tree_pubkey.to_bytes()).as_slice(),
-            [&[1u8], lamports.to_le_bytes().as_slice()]
-                .concat()
-                .as_slice(),
+            &lamports_bytes,
             address.as_slice(),
-            [&[2u8], data.discriminator.as_slice()].concat().as_slice(),
+            &discriminator_bytes,
             &data.data_hash,
         ])
         .unwrap();
@@ -442,11 +451,9 @@ mod tests {
 
         let hash_manual = Poseidon::hashv(&[
             hash_to_bn254_field_size_be(&owner.to_bytes()).as_slice(),
-            leaf_index.to_le_bytes().as_slice(),
+            &leaf_index_bytes,
             hash_to_bn254_field_size_be(&merkle_tree_pubkey.to_bytes()).as_slice(),
-            [&[1u8], lamports.to_le_bytes().as_slice()]
-                .concat()
-                .as_slice(),
+            &lamports_bytes,
             address.as_slice(),
         ])
         .unwrap();
@@ -465,12 +472,10 @@ mod tests {
             .unwrap();
         let hash_manual = Poseidon::hashv(&[
             hash_to_bn254_field_size_be(&owner.to_bytes()).as_slice(),
-            leaf_index.to_le_bytes().as_slice(),
+            &leaf_index_bytes,
             hash_to_bn254_field_size_be(&merkle_tree_pubkey.to_bytes()).as_slice(),
-            [&[1u8], lamports.to_le_bytes().as_slice()]
-                .concat()
-                .as_slice(),
-            [&[2u8], data.discriminator.as_slice()].concat().as_slice(),
+            &lamports_bytes,
+            &discriminator_bytes,
             &data.data_hash,
         ])
         .unwrap();
@@ -490,9 +495,9 @@ mod tests {
             .unwrap();
         let hash_manual = Poseidon::hashv(&[
             hash_to_bn254_field_size_be(&owner.to_bytes()).as_slice(),
-            leaf_index.to_le_bytes().as_slice(),
+            &leaf_index_bytes,
             hash_to_bn254_field_size_be(&merkle_tree_pubkey.to_bytes()).as_slice(),
-            [&[2u8], data.discriminator.as_slice()].concat().as_slice(),
+            &discriminator_bytes,
             &data.data_hash,
         ])
         .unwrap();
@@ -513,11 +518,9 @@ mod tests {
             .unwrap();
         let hash_manual = Poseidon::hashv(&[
             hash_to_bn254_field_size_be(&owner.to_bytes()).as_slice(),
-            leaf_index.to_le_bytes().as_slice(),
+            &leaf_index_bytes,
             hash_to_bn254_field_size_be(&merkle_tree_pubkey.to_bytes()).as_slice(),
-            [&[1u8], lamports.to_le_bytes().as_slice()]
-                .concat()
-                .as_slice(),
+            &lamports_bytes,
         ])
         .unwrap();
         assert_eq!(no_address_no_data_hash, hash_manual);
@@ -538,7 +541,7 @@ mod tests {
             .unwrap();
         let hash_manual = Poseidon::hashv(&[
             hash_to_bn254_field_size_be(&owner.to_bytes()).as_slice(),
-            leaf_index.to_le_bytes().as_slice(),
+            &leaf_index_bytes,
             hash_to_bn254_field_size_be(&merkle_tree_pubkey.to_bytes()).as_slice(),
         ])
         .unwrap();
@@ -752,8 +755,11 @@ mod tests {
                     Some(CompressedAccountData {
                         discriminator: rng.gen(),
                         data: Vec::new(), // not used in hash
-                        data_hash: Poseidon::hash(rng.gen::<u64>().to_be_bytes().as_slice())
-                            .unwrap(),
+                        data_hash: {
+                            let mut random_bytes = [0u8; 32];
+                            random_bytes[24..].copy_from_slice(&rng.gen::<u64>().to_be_bytes());
+                            Poseidon::hash(&random_bytes).unwrap()
+                        },
                     })
                 } else {
                     None

program-libs/hasher/src/poseidon.rs

@@ -108,11 +108,11 @@ impl Hasher for Poseidon {
             use crate::HASH_BYTES;
             // TODO: reenable once LightHasher refactor is merged
             // solana_program::msg!("remove len check onchain.");
-            // for val in vals {
-            //     if val.len() != 32 {
-            //         return Err(HasherError::InvalidInputLength(val.len()));
-            //     }
-            // }
+            for val in _vals {
+                if val.len() != 32 {
+                    return Err(HasherError::InvalidInputLength(val.len(), 32));
+                }
+            }
             let mut hash_result = [0; HASH_BYTES];
             let result = unsafe {
                 crate::syscalls::sol_poseidon(

program-libs/indexed-merkle-tree/src/array.rs

@@ -557,11 +557,13 @@ mod test {
             indexed_array.find_element(&nullifier1),
             Some(&bundle1.new_element),
         );
+        let mut next_index_bytes = [0u8; 32];
+        next_index_bytes[24..].copy_from_slice(&0_usize.to_be_bytes());
         let expected_hash = Poseidon::hashv(&[
             bigint_to_be_bytes_array::<32>(&nullifier1)
                 .unwrap()
                 .as_ref(),
-            0_usize.to_be_bytes().as_ref(),
+            &next_index_bytes,
             bigint_to_be_bytes_array::<32>(&(0.to_biguint().unwrap()))
                 .unwrap()
                 .as_ref(),
@@ -627,11 +629,13 @@ mod test {
             indexed_array.find_element(&nullifier2),
             Some(&bundle2.new_element),
         );
+        let mut next_index_bytes = [0u8; 32];
+        next_index_bytes[24..].copy_from_slice(&1_usize.to_be_bytes());
         let expected_hash = Poseidon::hashv(&[
             bigint_to_be_bytes_array::<32>(&nullifier2)
                 .unwrap()
                 .as_ref(),
-            1_usize.to_be_bytes().as_ref(),
+            &next_index_bytes,
             bigint_to_be_bytes_array::<32>(&(30.to_biguint().unwrap()))
                 .unwrap()
                 .as_ref(),
@@ -707,11 +711,13 @@ mod test {
             indexed_array.find_element(&nullifier3),
             Some(&bundle3.new_element),
         );
+        let mut next_index_bytes = [0u8; 32];
+        next_index_bytes[24..].copy_from_slice(&1_usize.to_be_bytes());
         let expected_hash = Poseidon::hashv(&[
             bigint_to_be_bytes_array::<32>(&nullifier3)
                 .unwrap()
                 .as_ref(),
-            1_usize.to_be_bytes().as_ref(),
+            &next_index_bytes,
             bigint_to_be_bytes_array::<32>(&(30.to_biguint().unwrap()))
                 .unwrap()
                 .as_ref(),
@@ -802,11 +808,13 @@ mod test {
             indexed_array.find_element(&nullifier4),
             Some(&bundle4.new_element),
         );
+        let mut next_index_bytes = [0u8; 32];
+        next_index_bytes[24..].copy_from_slice(&0_usize.to_be_bytes());
         let expected_hash = Poseidon::hashv(&[
             bigint_to_be_bytes_array::<32>(&nullifier4)
                 .unwrap()
                 .as_ref(),
-            0_usize.to_be_bytes().as_ref(),
+            &next_index_bytes,
             bigint_to_be_bytes_array::<32>(&(0.to_biguint().unwrap()))
                 .unwrap()
                 .as_ref(),

program-libs/indexed-merkle-tree/tests/tests.rs

@@ -639,18 +639,30 @@ pub fn functional_non_inclusion_test() {
     assert_eq!(
         leaf_0,
         Poseidon::hashv(&[
-            &0_u32.to_biguint().unwrap().to_bytes_be(),
-            &1_u32.to_biguint().unwrap().to_bytes_be(),
-            &30_u32.to_biguint().unwrap().to_bytes_be()
+            bigint_to_be_bytes_array::<32>(&0_u32.to_biguint().unwrap())
+                .unwrap()
+                .as_ref(),
+            bigint_to_be_bytes_array::<32>(&1_u32.to_biguint().unwrap())
+                .unwrap()
+                .as_ref(),
+            bigint_to_be_bytes_array::<32>(&30_u32.to_biguint().unwrap())
+                .unwrap()
+                .as_ref(),
         ])
         .unwrap()
     );
     assert_eq!(
         leaf_1,
         Poseidon::hashv(&[
-            &30_u32.to_biguint().unwrap().to_bytes_be(),
-            &0_u32.to_biguint().unwrap().to_bytes_be(),
-            &0_u32.to_biguint().unwrap().to_bytes_be()
+            bigint_to_be_bytes_array::<32>(&30_u32.to_biguint().unwrap())
+                .unwrap()
+                .as_ref(),
+            bigint_to_be_bytes_array::<32>(&0_u32.to_biguint().unwrap())
+                .unwrap()
+                .as_ref(),
+            bigint_to_be_bytes_array::<32>(&0_u32.to_biguint().unwrap())
+                .unwrap()
+                .as_ref(),
         ])
         .unwrap()
     );

program-tests/batched-merkle-tree-test/tests/merkle_tree.rs

@@ -61,9 +61,10 @@ pub fn assert_nullifier_queue_insert(
 ) -> Result<(), BatchedMerkleTreeError> {
     let mut leaf_hash_chain_insert_values = vec![];
     for (insert_value, leaf_index) in bloom_filter_insert_values.iter().zip(leaf_indices.iter()) {
+        let mut leaf_index_bytes = [0u8; 32];
+        leaf_index_bytes[24..].copy_from_slice(&leaf_index.to_be_bytes());
         let nullifier =
-            Poseidon::hashv(&[insert_value.as_slice(), &leaf_index.to_be_bytes(), &tx_hash])
-                .unwrap();
+            Poseidon::hashv(&[insert_value.as_slice(), &leaf_index_bytes, &tx_hash]).unwrap();
         leaf_hash_chain_insert_values.push(nullifier);
     }
     assert_input_queue_insert(

program-tests/create-address-test-program/src/create_pda.rs

@@ -134,7 +134,9 @@ impl light_hasher::DataHasher for RegisteredUser {
     fn hash<H: light_hasher::Hasher>(&self) -> std::result::Result<[u8; 32], HasherError> {
         let truncated_user_pubkey = hash_to_bn254_field_size_be(&self.user_pubkey.to_bytes());
 
-        H::hashv(&[truncated_user_pubkey.as_slice(), self.data.as_slice()])
+        let mut data_bytes = [0u8; 32];
+        data_bytes[1..].copy_from_slice(&self.data);
+        H::hashv(&[truncated_user_pubkey.as_slice(), &data_bytes])
     }
 }
 

program-tests/system-cpi-test/src/create_pda.rs

@@ -541,7 +541,9 @@ pub struct RegisteredUser {
 impl light_hasher::DataHasher for RegisteredUser {
     fn hash<H: light_hasher::Hasher>(&self) -> std::result::Result<[u8; 32], HasherError> {
         let truncated_user_pubkey = hash_to_bn254_field_size_be(&self.user_pubkey.to_bytes());
-        H::hashv(&[truncated_user_pubkey.as_slice(), self.data.as_slice()])
+        let mut data_bytes = [0u8; 32];
+        data_bytes[1..].copy_from_slice(&self.data);
+        H::hashv(&[truncated_user_pubkey.as_slice(), &data_bytes])
     }
 }
 

program-tests/system-cpi-test/tests/test.rs

@@ -1906,10 +1906,11 @@ pub async fn assert_created_pda<R: Rpc, I: Indexer + TestIndexerExtensions>(
     );
     let truncated_user_pubkey =
         hash_to_bn254_field_size_be(&compressed_escrow_pda_data.user_pubkey.to_bytes());
-
+    let mut data_bytes = [0u8; 32];
+    data_bytes[1..].copy_from_slice(data);
     assert_eq!(
         compressed_escrow_pda_deserialized.data_hash,
-        Poseidon::hashv(&[truncated_user_pubkey.as_slice(), data.as_slice()]).unwrap(),
+        Poseidon::hashv(&[truncated_user_pubkey.as_slice(), &data_bytes]).unwrap(),
     );
 }
 

program-tests/utils/src/mock_batched_forester.rs

@@ -186,7 +186,8 @@ impl<const HEIGHT: usize> MockBatchedForester<HEIGHT> {
                 .iter()
                 .find(|tx_event| tx_event.inputs.contains(leaf))
                 .expect("No event for leaf found.");
-            let index_bytes = index.to_be_bytes();
+            let mut index_bytes = [0u8; 32];
+            index_bytes[24..].copy_from_slice(&(index as u64).to_be_bytes());
             let nullifier = Poseidon::hashv(&[leaf, &index_bytes, &event.tx_hash]).unwrap();
             tx_hashes.push(event.tx_hash);
             nullifiers.push(nullifier);

program-tests/utils/src/test_batch_forester.rs

@@ -269,7 +269,8 @@ pub async fn get_batched_nullify_ix_data<R: Rpc>(
         let proof = bundle.merkle_tree.get_proof_of_leaf(index, true).unwrap();
         merkle_proofs.push(proof.to_vec());
         bundle.input_leaf_indices.remove(0);
-        let index_bytes = index.to_be_bytes();
+        let mut index_bytes = [0u8; 32];
+        index_bytes[24..].copy_from_slice(&(index as u64).to_be_bytes());
         use light_hasher::Hasher;
         let nullifier = Poseidon::hashv(&[&leaf, &index_bytes, &leaf_info.tx_hash]).unwrap();
 

prover/client/src/proof_types/batch_update/proof_inputs.rs

@@ -171,7 +171,8 @@ pub fn get_batch_update_inputs<const HEIGHT: usize>(
         let merkle_proof_array = merkle_proof.try_into().unwrap();
 
         // Use the adjusted index bytes for computing the nullifier.
-        let index_bytes = (*index).to_be_bytes();
+        let mut index_bytes = [0u8; 32];
+        index_bytes[28..].copy_from_slice(&(*index).to_be_bytes());
         let nullifier = Poseidon::hashv(&[leaf, &index_bytes, &tx_hashes[i]]).unwrap();
         let (root, changelog_entry) =
             compute_root_from_merkle_proof(nullifier, &merkle_proof_array, *index);

prover/client/tests/batch_update.rs

@@ -31,9 +31,9 @@ async fn prove_batch_update() {
             old_leaves.push(leaf);
             merkle_tree.append(&leaf).unwrap();
 
-            #[allow(clippy::unnecessary_cast)]
-            let nullifier =
-                Poseidon::hashv(&[&leaf, &(i as usize).to_be_bytes(), &tx_hash]).unwrap();
+            let mut index_bytes = [0u8; 32];
+            index_bytes[28..].copy_from_slice(&(i as u32).to_be_bytes());
+            let nullifier = Poseidon::hashv(&[&leaf, &index_bytes, &tx_hash]).unwrap();
             nullifiers.push(nullifier);
         }
 

xtask/src/zero_indexed_leaf.rs

@@ -1,4 +1,4 @@
-use std::{fs::File, io::prelude::*, mem, path::PathBuf};
+use std::{fs::File, io::prelude::*, path::PathBuf};
 
 use clap::Parser;
 use light_hasher::{Hasher, Keccak, Poseidon, Sha256};
@@ -26,8 +26,7 @@ fn generate_zero_indexed_leaf_for_hasher<H>(opts: Options) -> anyhow::Result<()>
 where
     H: Hasher,
 {
-    let zero_indexed_leaf =
-        H::hashv(&[&[0u8; 32], &[0u8; mem::size_of::<usize>()], &[0u8; 32]]).unwrap();
+    let zero_indexed_leaf = H::hashv(&[&[0u8; 32], &[0u8; 32], &[0u8; 32]]).unwrap();
 
     let code = quote! {
         pub const ZERO_INDEXED_LEAF: [u8; 32] = [ #(#zero_indexed_leaf),* ];