From c5629843be27490e71c1df504fcf740299d1956c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Iv=C3=A1n=20Litteri?= <ilitteri@fi.uba.ar>
Date: Mon, 6 Nov 2023 18:31:31 -0300
Subject: [PATCH] Validate curve point evaluation output

Not infinity
---
 precompiles/P256VERIFY.yul      |  4 ++++
 tests/tests/p256verify_tests.rs | 16 +++++++++++++++-
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/precompiles/P256VERIFY.yul b/precompiles/P256VERIFY.yul
index c75be803..c650a35e 100644
--- a/precompiles/P256VERIFY.yul
+++ b/precompiles/P256VERIFY.yul
@@ -604,6 +604,10 @@ object "P256VERIFY" {
             let t1 := outOfMontgomeryForm(montgomeryMul(r, s1, N(), N_PRIME()), N(), N_PRIME())
 
             let xr, yr, zr := shamirLinearCombination(x, y, z, t0, t1)
+            if iszero(zr) {
+                mstore(0, 0)
+                return(0, 32)
+            }
 
             // As we only need xr in affine form, we can skip transforming the `y` coordinate.
             let z_inv := montgomeryModularInverse(zr, P(), R2_MOD_P())
diff --git a/tests/tests/p256verify_tests.rs b/tests/tests/p256verify_tests.rs
index d6e093a4..738fe728 100644
--- a/tests/tests/p256verify_tests.rs
+++ b/tests/tests/p256verify_tests.rs
@@ -46,7 +46,7 @@ async fn p256verify_valid_signature_two() {
 }
 
 #[tokio::test]
-async fn p256verify_invalid_signature() {
+async fn p256verify_invalid_signature_one() {
     let era_response = era_call(
         P256VERIFTY_PRECOMPILE_ADDRESS,
         None,
@@ -147,3 +147,17 @@ async fn p256verify_public_key_not_in_curve() {
 
     assert_eq!(era_response, EXECUTION_REVERTED)
 }
+
+#[tokio::test]
+async fn p256verify_invalid_signature_two() {
+    let era_response = era_call(
+        P256VERIFTY_PRECOMPILE_ADDRESS,
+        None,
+        Some(Bytes::from(hex::decode("5ad83880e16658d7521d4e878521defaf6b43dec1dbd69e514c09ab8f1f2ffe25ad83880e16658d7521d4e878521defaf6b43dec1dbd69e514c09ab8f1f2ffe2871c518be8c56e7f5c901933fdab317efafc588b3e04d19d9a27b29aad8d9e696b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296b01cbd1c01e58065711814b583f061e9d431cca994cea1313449bf97c840ae0a").unwrap())),
+    )
+    .await
+    .unwrap();
+    let (era_output, gas_used) = parse_call_result(&era_response);
+    write_p256verify_gas_result(gas_used);
+    assert_eq!(era_output, Bytes::from(RESPONSE_INVALID))
+}