From 72f03cc6345c851f5035b8d8eac172d478c5e9da Mon Sep 17 00:00:00 2001
From: h5law <53987565+h5law@users.noreply.github.com>
Date: Fri, 22 Dec 2023 12:02:27 +0000
Subject: [PATCH 1/5] chore add NB commet to clarify usage

---
 docs/SMT.md | 38 ++++++++++++++++++++++----------------
 1 file changed, 22 insertions(+), 16 deletions(-)

diff --git a/docs/SMT.md b/docs/SMT.md
index 106b4fa..f108bb6 100644
--- a/docs/SMT.md
+++ b/docs/SMT.md
@@ -4,26 +4,26 @@
 
 - [Overview](#overview)
 - [Implementation](#implementation)
-  - [Inner Nodes](#inner-nodes)
-  - [Extension Nodes](#extension-nodes)
-  - [Leaf Nodes](#leaf-nodes)
-  - [Lazy Nodes](#lazy-nodes)
-  - [Lazy Loading](#lazy-loading)
-  - [Visualisations](#visualisations)
-    - [General Trie Structure](#general-trie-structure)
-    - [Lazy Nodes](#lazy-nodes-1)
+  * [Inner Nodes](#inner-nodes)
+  * [Extension Nodes](#extension-nodes)
+  * [Leaf Nodes](#leaf-nodes)
+  * [Lazy Nodes](#lazy-nodes)
+  * [Lazy Loading](#lazy-loading)
+  * [Visualisations](#visualisations)
+    + [General Trie Structure](#general-trie-structure)
+    + [Lazy Nodes](#lazy-nodes-1)
 - [Paths](#paths)
-  - [Visualisation](#visualisation)
+  * [Visualisation](#visualisation)
 - [Values](#values)
-  - [Nil values](#nil-values)
+  * [Nil values](#nil-values)
 - [Hashers & Digests](#hashers--digests)
 - [Proofs](#proofs)
-  - [Verification](#verification)
-  - [Closest Proof](#closest-proof)
-  - [Compression](#compression)
-  - [Serialisation](#serialisation)
+  * [Verification](#verification)
+  * [Closest Proof](#closest-proof)
+  * [Compression](#compression)
+  * [Serialisation](#serialisation)
 - [Database](#database)
-  - [Data Loss](#data-loss)
+  * [Data Loss](#data-loss)
 - [Sparse Merkle Sum Trie](#sparse-merkle-sum-trie)
 - [Example](#example)
 
@@ -378,10 +378,16 @@ This backstepping process allows the traversal to continue until it reaches a
 sentinel leaf that has the longest common prefix and most bits in common with
 the provided hash, up to the depth of the leaf found.
 
-This method guarentees a proof of inclusion in all cases and can be verified by
+This method guarantees a proof of inclusion in all cases and can be verified by
 using the `VerifyClosestProof` function which requires the proof and root hash
 of the trie.
 
+NB: If the hash provided to the `ClosestProof` function is known prior to the
+tree being filled and closed there is the possibility of placing a leaf where
+the hash will lead. If used **as intended** the hash provided should **not** be
+known prior to calling the method and the tree should not be updateable after
+the fact.
+
 ### Compression
 
 Both proof types have compression and decompression functions available to

From 908fa6bcf84e099991aa374d4a2305b6651c59b2 Mon Sep 17 00:00:00 2001
From: h5law <53987565+h5law@users.noreply.github.com>
Date: Fri, 22 Dec 2023 15:07:20 +0000
Subject: [PATCH 2/5] chore: clarify comment

---
 docs/SMT.md | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/docs/SMT.md b/docs/SMT.md
index f108bb6..034fcfe 100644
--- a/docs/SMT.md
+++ b/docs/SMT.md
@@ -386,7 +386,12 @@ NB: If the hash provided to the `ClosestProof` function is known prior to the
 tree being filled and closed there is the possibility of placing a leaf where
 the hash will lead. If used **as intended** the hash provided should **not** be
 known prior to calling the method and the tree should not be updateable after
-the fact.
+the fact. If the hash were known prior to closing the tree and not inserting
+into it anymore a leaf could be inserted into the tree in such a way that it
+would always be produced from the `ClosestProof` method (as it is deterministic).
+When used as a pseudo-random challenge this is a vulnerability and if used in
+this manner care should be taken when and how the hash used in the proof is
+decided upon and when it is provided to the caller of the method.
 
 ### Compression
 

From 35fbc5463e9a933d8e183cf5aee59a938b5a7b44 Mon Sep 17 00:00:00 2001
From: h5law <53987565+h5law@users.noreply.github.com>
Date: Fri, 22 Dec 2023 16:10:11 +0000
Subject: [PATCH 3/5] chore: address comment

---
 docs/SMT.md | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/docs/SMT.md b/docs/SMT.md
index 034fcfe..d69016b 100644
--- a/docs/SMT.md
+++ b/docs/SMT.md
@@ -384,14 +384,15 @@ of the trie.
 
 NB: If the hash provided to the `ClosestProof` function is known prior to the
 tree being filled and closed there is the possibility of placing a leaf where
-the hash will lead. If used **as intended** the hash provided should **not** be
-known prior to calling the method and the tree should not be updateable after
-the fact. If the hash were known prior to closing the tree and not inserting
-into it anymore a leaf could be inserted into the tree in such a way that it
-would always be produced from the `ClosestProof` method (as it is deterministic).
-When used as a pseudo-random challenge this is a vulnerability and if used in
-this manner care should be taken when and how the hash used in the proof is
-decided upon and when it is provided to the caller of the method.
+the hash will lead. If used **as intended**, the hash provided should **not** be
+known prior to calling the method; therefore, the tree should not be updateable
+after the fact. If the hash were known by the caller of the method, after the
+last update but prior to closing the trie a leaf could be inserted into the tree
+in such a way that it would always be produced from the `ClosestProof` method
+(as it is deterministic). When used as a pseudo-random challenge this is a
+vulnerability and, if used in this manner, care should be taken around how the
+hash used in the proof is decided upon and when it is provided to the caller of
+the method.
 
 ### Compression
 

From dfc11e54d8463e51d148997c87a49286fff7a272 Mon Sep 17 00:00:00 2001
From: h5law <53987565+h5law@users.noreply.github.com>
Date: Fri, 22 Dec 2023 16:44:36 +0000
Subject: [PATCH 4/5] chore: expand on comment

---
 docs/SMT.md | 28 +++++++++++++++++-----------
 1 file changed, 17 insertions(+), 11 deletions(-)

diff --git a/docs/SMT.md b/docs/SMT.md
index d69016b..9481629 100644
--- a/docs/SMT.md
+++ b/docs/SMT.md
@@ -382,17 +382,23 @@ This method guarantees a proof of inclusion in all cases and can be verified by
 using the `VerifyClosestProof` function which requires the proof and root hash
 of the trie.
 
-NB: If the hash provided to the `ClosestProof` function is known prior to the
-tree being filled and closed there is the possibility of placing a leaf where
-the hash will lead. If used **as intended**, the hash provided should **not** be
-known prior to calling the method; therefore, the tree should not be updateable
-after the fact. If the hash were known by the caller of the method, after the
-last update but prior to closing the trie a leaf could be inserted into the tree
-in such a way that it would always be produced from the `ClosestProof` method
-(as it is deterministic). When used as a pseudo-random challenge this is a
-vulnerability and, if used in this manner, care should be taken around how the
-hash used in the proof is decided upon and when it is provided to the caller of
-the method.
+As the `ClosestProof` method takes a hash as input it is possible to place a
+leaf in the trie according to the hash's path if it is known. Depending on
+the use case of this function this may expose a vulnerability. _It is not
+intendend to be used as a general purpose proof mechanism_. Given two parties:
+the prover and the verifier, the verifier should supply the prover with a hash
+after the trie has been "closed" and is no longer being updated. The prover
+will then generate a `ClosestProof` for a leaf using the corresponding method.
+The verifier can subsequently verify that proof for its validity. If however,
+the prover were to know the hash prior to "closing" the trie, they could place
+a leaf where the method would always guarantee it existence. This form of attack
+can only happen due to the method's deterministic behaviour and the prover
+knowing the hash before they have "closed" the trie. The intended use of this
+method is that the verifier gives the hash only after the prover has closed their
+trie and submitted the closed trie's root hash. This enables the verifier to
+verify the integrity of the proof (if the trie was changed the root hash would
+be different) and also guarantees the pseudo-random proof of inclusion was not
+a maliciously placed leaf.
 
 ### Compression
 

From 4a984b126fba99e07fbe5cd350215b98bd7ea99f Mon Sep 17 00:00:00 2001
From: h5law <53987565+h5law@users.noreply.github.com>
Date: Fri, 22 Dec 2023 16:47:29 +0000
Subject: [PATCH 5/5] chore: grammar

---
 docs/SMT.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/SMT.md b/docs/SMT.md
index 9481629..06ad9e2 100644
--- a/docs/SMT.md
+++ b/docs/SMT.md
@@ -382,8 +382,8 @@ This method guarantees a proof of inclusion in all cases and can be verified by
 using the `VerifyClosestProof` function which requires the proof and root hash
 of the trie.
 
-As the `ClosestProof` method takes a hash as input it is possible to place a
-leaf in the trie according to the hash's path if it is known. Depending on
+Since the `ClosestProof` method takes a hash as input, it is possible to place a
+leaf in the trie according to the hash's path, if it is known. Depending on
 the use case of this function this may expose a vulnerability. _It is not
 intendend to be used as a general purpose proof mechanism_. Given two parties:
 the prover and the verifier, the verifier should supply the prover with a hash