From 05f10c98a8965a548e0de153337aab4b221403ef Mon Sep 17 00:00:00 2001
From: Thomas Piellard <thomas.piellard@consensys.net>
Date: Fri, 30 Jun 2023 12:52:42 +0200
Subject: [PATCH 1/2] feat: [PLONK_AUDIT_4-4] fixes #741

---
 backend/plonk/bn254/solidity.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/backend/plonk/bn254/solidity.go b/backend/plonk/bn254/solidity.go
index 512d1f6539..834ab3c3ad 100644
--- a/backend/plonk/bn254/solidity.go
+++ b/backend/plonk/bn254/solidity.go
@@ -741,8 +741,8 @@ contract PlonkVerifier {
         mstore(add(mPtr, 0x140), g2_srs_1_y_0)
         mstore(add(mPtr, 0x160), g2_srs_1_y_1)
         let l_success := staticcall(sub(gas(), 2000),8,mPtr,0x180,0x00,0x20)
-        // l_success := true
-        mstore(add(state, state_success), and(l_success,mload(add(state, state_success))))
+        let res_pairing := mload(0x00)
+        mstore(add(state, state_success), and(l_success,eq(res_pairing,0x1)))
       }
 
       // Fold the opening proofs at ζ:

From cf4d5ef1dba917e540c424afd9ee13ba39e7c881 Mon Sep 17 00:00:00 2001
From: Thomas Piellard <thomas.piellard@consensys.net>
Date: Tue, 4 Jul 2023 22:19:55 +0200
Subject: [PATCH 2/2] fix: fixed pairing check (wait for 4-5 to check
 staticcall using dedicated function)

---
 backend/plonk/bn254/solidity.go | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/backend/plonk/bn254/solidity.go b/backend/plonk/bn254/solidity.go
index 834ab3c3ad..a97dc4ef82 100644
--- a/backend/plonk/bn254/solidity.go
+++ b/backend/plonk/bn254/solidity.go
@@ -740,9 +740,23 @@ contract PlonkVerifier {
         mstore(add(mPtr, 0x120), g2_srs_1_x_1)
         mstore(add(mPtr, 0x140), g2_srs_1_y_0)
         mstore(add(mPtr, 0x160), g2_srs_1_y_1)
+        check_pairing_kzg(mPtr)
+      }
+
+      // check_pairing_kzg checks the result of the final pairing product of the batched
+      // kzg verification. The purpose of this function is too avoid exhausting the stack
+      // in the function batch_verify_multi_points.
+      // mPtr: pointer storing the tuple of pairs
+      function check_pairing_kzg(mPtr) {
+
+        let state := mload(0x40)
+
+        // TODO test the staticcall using the method from audit_4-5
         let l_success := staticcall(sub(gas(), 2000),8,mPtr,0x180,0x00,0x20)
         let res_pairing := mload(0x00)
-        mstore(add(state, state_success), and(l_success,eq(res_pairing,0x1)))
+        let s_success := mload(add(state, state_success))
+        res_pairing := and(and(res_pairing, l_success), s_success)
+        mstore(add(state, state_success), res_pairing)
       }
 
       // Fold the opening proofs at ζ: