fix(settlement): return false on malformed proof in Groth16SettlementVerifier

[iap]

Summary

abi.decode reverts on malformed or short proof bytes. This propagated through MARKSettlementModule._consumeAndValidate as a raw ABI decode error instead of VerificationFailed, since the module expects verifySettlement to return false for invalid proofs — not revert.

Fix

Check proof.length == 672 before decoding. The ABI encoding of (uint256[2], uint256[2][2], uint256[2], uint256[13]) is always exactly 672 bytes (64+128+64+416). Malformed proofs now return false cleanly.

Tests

• testVerifySettlementReturnsFalseForMalformedProof
• testVerifySettlementReturnsFalseForEmptyProof

Scope

contracts/src/settlement, contracts/test/unit/settlement

Verification

forge test --match-contract Groth16SettlementVerifierTest
# 23 passed, 0 failed

Summary by CodeRabbit

Bug Fixes

• Settlement verification now safely and gracefully handles invalid and malformed proof inputs by returning clear rejections instead of causing critical system errors or unexpected failures.

Tests

• Added comprehensive test coverage to validate proper error handling and system behavior for malformed and empty proof input scenarios.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: f5f703a4-fcc3-471e-930f-8f4492e6dd98

📥 Commits

Reviewing files that changed from the base of the PR and between ba6d3df and 713019f.

📒 Files selected for processing (2)

• contracts/src/settlement/verifier/Groth16SettlementVerifier.sol
• contracts/test/unit/settlement/Groth16SettlementVerifier.t.sol

---

Walkthrough

This PR adds an upfront proof length validation to verifySettlement in Groth16SettlementVerifier, checking that the calldata matches the expected 672-byte encoding size and returning false for malformed inputs. Two new test cases validate that both malformed and empty proofs are rejected gracefully without reverting.

Changes

Proof Length Validation

Layer / File(s)	Summary
Proof length validation implementation contracts/src/settlement/verifier/Groth16SettlementVerifier.sol	verifySettlement performs an upfront proof.length check, returning false if calldata does not match the expected 672-byte Groth16 proof+signal encoding size, preventing malformed inputs from reaching abi.decode.
Malformed proof test coverage contracts/test/unit/settlement/Groth16SettlementVerifier.t.sol	Two new test functions validate that verifySettlement returns false instead of reverting when given malformed or empty proof inputs.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• trade/mark#92: Modifies the same Groth16SettlementVerifier contract to handle malformed/invalid Groth16 proof inputs with similar test coverage.
• trade/mark#97: Modifies Groth16SettlementVerifier.sol's verifySettlement proof-decoding and validation flow with related encoding/decoding changes.

Poem

🐰 A proof must fit just right, not short or long,
672 bytes—that's where it belongs!
With guards held high and tests aligned,
No more malformed proofs will break the grind. ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description addresses the problem, fix, and tests, but does not follow the provided template structure with required sections like Scope checkboxes, Risk Review, and Governance.	Restructure the description to match the template: add checkbox sections for Scope (Contracts/Scripts/Workflows/Docs), Verification (forge build/test/slither), Risk Review (access control/upgrade/backward compatibility), and Governance (target branch/CODEOWNER/docs updates).

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: adding a malformed proof check to return false instead of reverting in Groth16SettlementVerifier.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feature/fix-groth16-malformed-proof

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}