function _verifyCallData(
bytes32 currentManageRoot,
bytes32[] calldata manageProof,
address decoderAndSanitizer,
address target,
uint256 value,
bytes calldata targetData
) internal view {
// Step 1: Extract and sanitize security-relevant parameters
bytes memory packedArgumentAddresses = abi.decode(
decoderAndSanitizer.functionStaticCall(targetData),
(bytes)
);
// Step 2: Verify against merkle tree
if (!_verifyManageProof(
currentManageRoot,
manageProof,
target,
decoderAndSanitizer,
value,
bytes4(targetData),
packedArgumentAddresses
)) {
revert IManagerWithMerkleVerification
.IManagerWithMerkleVerification__FailedToVerifyManageProof(
target, targetData, value
);
}
}
function _verifyManageProof(
bytes32 root,
bytes32[] calldata proof,
address target,
address decoderAndSanitizer,
uint256 value,
bytes4 selector,
bytes memory packedArgumentAddresses
) internal pure returns (bool) {
bool valueNonZero = value > 0;
bytes32 leaf = keccak256(abi.encodePacked(
decoderAndSanitizer,
target,
valueNonZero,
selector,
packedArgumentAddresses
));
return MerkleProofLib.verify(proof, root, leaf);
}