File tree Expand file tree Collapse file tree
modules/ismp/state-machines/evm/src Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -298,7 +298,16 @@ pub fn verify_evm_kv_proofs(
298298 ( addr, slot_arr)
299299 } ;
300300
301- let key = storage_key_for ( proof. height . id . state_id , & addr. 0 , slot) ;
301+ // Ethermint-style Tendermint EVM stores expose EVM storage under IAVL keys of the form
302+ // `prefix || address || keccak256(slot)` (see `verify_non_membership`,
303+ // `DefaultEvmKeys::storage_key`, and the prover's `abci_query_key` docs). The GET `keys`
304+ // carry the raw 32-byte storage slot, so it must be keccak256-hashed before being folded
305+ // into the IAVL key — exactly as the membership and non-membership paths already do.
306+ // Without this, the key resolves to one that never exists in the tree, so a valid ICS23
307+ // non-existence proof for the unhashed key falsely reports a present slot as absent
308+ // (returns `None`), which can release source escrow for an order that was actually filled.
309+ let hashed_slot = ICS23HostFunctions :: keccak256 ( & slot) . 0 ;
310+ let key = storage_key_for ( proof. height . id . state_id , & addr. 0 , hashed_slot) ;
302311
303312 let commitment_proof = CommitmentProofBytes :: try_from ( ev. proof . clone ( ) )
304313 . map_err ( |e| TendermintEvmError :: InvalidCommitmentProof ( e. to_string ( ) ) ) ?;
You can’t perform that action at this time.
0 commit comments