[BUG] MerklePatriciaProofVerifier contains a critical severity vulnerability #772
Description
The MerklePatriciaProofVerifier contract of this repository contains a critical severity vulnerability, do not use this in production.
About
When transitioning from one node to the next, the library fails to verify whether the next node was actually provided in the proof. See MerklePatriciaProofVerifier.sol#L148-L152.
This a critical bug that allow proving exclusion of a key which is included.
Thorough breakdown: https://www.chainsecurity.com/blog/when-empty-means-valid-exploiting-mpt-proof-verification-for-an-alternative-truth