chore: use Arrays#replace from OpenZeppelin v5.6.0-rc.0

[ernestognw]

Description

Follow up to #22, but now using new OpenZeppelin's Array.replace. We observe increased gas costs given that the utility in 5.6 sanitizes the inputs. It's fine if you consider the current implementation is better.

Gas diff

diff --git a/.gas-snapshot b/.gas-snapshot
index 9ff059d..fde150e 100644
--- a/.gas-snapshot
+++ b/.gas-snapshot
@@ -1,13 +1,13 @@
 ConstructorTest:test_setsCorrectValues() (gas: 1282532)
-DeployedAccountTest:test_HasCorrectEnsNode() (gas: 3336315)
-DeployedAccountTest:test_HasCorrectOperator() (gas: 3336419)
-DeployedAccountTest:test_HasCorrectOwner() (gas: 3336479)
+DeployedAccountTest:test_HasCorrectEnsNode() (gas: 3339380)
+DeployedAccountTest:test_HasCorrectOperator() (gas: 3339484)
+DeployedAccountTest:test_HasCorrectOwner() (gas: 3339544)
 DkimRegistryAddressTest:test_ReturnsCorrectAddress() (gas: 14091)
 DkimRegistryAddressTest:test_callsVerifierDkimRegistryAddress() (gas: 13384)
 DkimRegistryAddressTest:test_returnsCorrectAddress() (gas: 13151)
-DkimRegistryAddressTest:test_returnsCorrectAddress() (gas: 2668271)
-DkimRegistryAddressTest:test_returnsCorrectAddress() (gas: 2803036)
-DkimRegistryAddressTest:test_returnsCorrectAddress() (gas: 705335)
+DkimRegistryAddressTest:test_returnsCorrectAddress() (gas: 2688523)
+DkimRegistryAddressTest:test_returnsCorrectAddress() (gas: 2823288)
+DkimRegistryAddressTest:test_returnsCorrectAddress() (gas: 727391)
 EncodeTest:test_ReturnsCorrectEncodedData() (gas: 1767048)
 EncodeTest:test_callsVerifierEncode() (gas: 14732)
 EncodeTest:test_correctlyEncodesAndDecodesCommand() (gas: 579323)
@@ -17,24 +17,24 @@ EncodeTest:test_correctlyEncodesAndDecodesCommand() (gas: 709161)
 EncodeTest:test_encodeExtractsTargetFromCommandTemplate() (gas: 681734)
 EncodeTest:test_returnsCorrectData() (gas: 14789)
 EntrypointTest:test_CanReceiveEthBeforeDeployment() (gas: 11590)
-EntrypointTest:test_DeploysAccountAndWithdrawsEth() (gas: 3386075)
+EntrypointTest:test_DeploysAccountAndWithdrawsEth() (gas: 3389140)
 EntrypointTest:test_NormalizesUppercaseHandleToLowercase() (gas: 1244315)
 EntrypointTest:test_RevertsWhen_InvalidDkimKey() (gas: 1046523)
-EntrypointTest:test_RevertsWhen_InvalidProof() (gas: 1024221121)
-EntrypointTest:test_RevertsWhen_NullifierReused() (gas: 3432343)
+EntrypointTest:test_RevertsWhen_InvalidProof() (gas: 1024221169)
+EntrypointTest:test_RevertsWhen_NullifierReused() (gas: 3435408)
 EntrypointTest:test_RevertsWhen_VerifierReturnsFalse() (gas: 1032901)
-EntrypointTest:test_SecondClaimWithDifferentNullifierWorks() (gas: 4402479)
-EntrypointTest:test_SupportsMultipleHandles() (gas: 4576907)
-EntrypointTest:test_WorksWithZeroBalance() (gas: 3342287)
+EntrypointTest:test_SecondClaimWithDifferentNullifierWorks() (gas: 4405544)
+EntrypointTest:test_SupportsMultipleHandles() (gas: 4579972)
+EntrypointTest:test_WorksWithZeroBalance() (gas: 3345352)
 ExtractEmailPartsTest:test_complexEmail() (gas: 36565)
 ExtractEmailPartsTest:test_emailWithMultipleDots() (gas: 25388)
 ExtractEmailPartsTest:test_emailWithSubdomain() (gas: 26378)
 ExtractEmailPartsTest:test_simpleEmail() (gas: 21556)
-GetAccountTest:test_ReturnsAddressAfterDeployment() (gas: 3336515)
+GetAccountTest:test_ReturnsAddressAfterDeployment() (gas: 3339580)
 GetAccountTest:test_ReturnsZeroBeforeDeployment() (gas: 10967)
 HandleResolverTest:testInitialization() (gas: 17489)
 HandleResolverTest:testResolveAddr() (gas: 31275)
-HandleResolverTest:testResolveAddrWithRegistrar() (gas: 8962435)
+HandleResolverTest:testResolveAddrWithRegistrar() (gas: 8982673)
 HandleResolverTest:testResolveTextDescription() (gas: 29254)
 HandleResolverTest:testResolveTextUnknownKey() (gas: 29385)
 HandleResolverTest:testResolveTextUrl() (gas: 31106)
@@ -43,30 +43,30 @@ HandleResolverTest:testSupportsInterface() (gas: 13271)
 HandleResolverTest:testUpgrade() (gas: 1383412)
 HandleResolverTest:testUpgradeOnlyOwner() (gas: 1361566)
 IsNullifierUsedTest:test_ReturnsFalseByDefault() (gas: 10897)
-IsNullifierUsedTest:test_ReturnsTrueAfterClaim() (gas: 3335260)
-IsValidTest:test_returnsFalseForInvalidCommand() (gas: 1325695)
-IsValidTest:test_returnsFalseForInvalidCommand() (gas: 1332329)
-IsValidTest:test_returnsFalseForInvalidEmailParts() (gas: 1325425)
+IsNullifierUsedTest:test_ReturnsTrueAfterClaim() (gas: 3338325)
+IsValidTest:test_returnsFalseForInvalidCommand() (gas: 1328760)
+IsValidTest:test_returnsFalseForInvalidCommand() (gas: 1335409)
+IsValidTest:test_returnsFalseForInvalidEmailParts() (gas: 1328490)
 IsValidTest:test_returnsFalseForInvalidProof() (gas: 41441)
 IsValidTest:test_returnsFalseForInvalidProof() (gas: 43236)
-IsValidTest:test_returnsFalseForWrongENSName() (gas: 2291219)
-IsValidTest:test_returnsFalseForWrongENSName() (gas: 2384994)
-IsValidTest:test_returnsFalseForWrongHandle() (gas: 2277954)
-IsValidTest:test_returnsFalseForWrongHandle() (gas: 2384973)
-IsValidTest:test_returnsTrueForValidCommand() (gas: 1332347)
-IsValidTest:test_returnsTrueForValidCommand() (gas: 1386193)
-IsValidTest:test_returnsTrueForValidCommand() (gas: 2291198)
-IsValidTest:test_returnsTrueForValidCommand() (gas: 2384983)
-IsValidTest:test_revertsWhen_InvalidProof() (gas: 1040438500)
-IsValidTest:test_revertsWhen_InvalidProof() (gas: 1040439555)
-LinkEmailEntrypointTest:test_entrypoint_correctlyEncodesAndValidatesCommand() (gas: 1968008)
-LinkEmailEntrypointTest:test_entrypoint_revertsWhenNullifierIsUsed() (gas: 1950490)
-LinkEmailEntrypointTest:test_verifyTextRecord_returnsFalseWhenTextRecordIsIncorrect() (gas: 1955497)
-LinkEmailEntrypointTest:test_verifyTextRecord_returnsTrueWhenTextRecordIsCorrect() (gas: 1955649)
-LinkHandleVerifierTest:test_entrypoint_correctlyEncodesAndValidatesCommand() (gas: 2780601)
-LinkHandleVerifierTest:test_entrypoint_revertsWhenNullifierIsUsed() (gas: 2770115)
-LinkHandleVerifierTest:test_verifyTextRecord_returnsFalseWhenTextRecordIsIncorrect() (gas: 2767845)
-LinkHandleVerifierTest:test_verifyTextRecord_returnsTrueWhenTextRecordIsCorrect() (gas: 2767997)
+IsValidTest:test_returnsFalseForWrongENSName() (gas: 2294284)
+IsValidTest:test_returnsFalseForWrongENSName() (gas: 2388059)
+IsValidTest:test_returnsFalseForWrongHandle() (gas: 2281019)
+IsValidTest:test_returnsFalseForWrongHandle() (gas: 2388038)
+IsValidTest:test_returnsTrueForValidCommand() (gas: 1335427)
+IsValidTest:test_returnsTrueForValidCommand() (gas: 1389258)
+IsValidTest:test_returnsTrueForValidCommand() (gas: 2294263)
+IsValidTest:test_returnsTrueForValidCommand() (gas: 2388048)
+IsValidTest:test_revertsWhen_InvalidProof() (gas: 1040438548)
+IsValidTest:test_revertsWhen_InvalidProof() (gas: 1040439602)
+LinkEmailEntrypointTest:test_entrypoint_correctlyEncodesAndValidatesCommand() (gas: 1971088)
+LinkEmailEntrypointTest:test_entrypoint_revertsWhenNullifierIsUsed() (gas: 1953570)
+LinkEmailEntrypointTest:test_verifyTextRecord_returnsFalseWhenTextRecordIsIncorrect() (gas: 1958577)
+LinkEmailEntrypointTest:test_verifyTextRecord_returnsTrueWhenTextRecordIsCorrect() (gas: 1958729)
+LinkHandleVerifierTest:test_entrypoint_correctlyEncodesAndValidatesCommand() (gas: 2783666)
+LinkHandleVerifierTest:test_entrypoint_revertsWhenNullifierIsUsed() (gas: 2773180)
+LinkHandleVerifierTest:test_verifyTextRecord_returnsFalseWhenTextRecordIsIncorrect() (gas: 2770910)
+LinkHandleVerifierTest:test_verifyTextRecord_returnsTrueWhenTextRecordIsCorrect() (gas: 2771062)
 MinimalAccountExecuteTest:test_Execute_RevertsWhenCallFails() (gas: 72755)
 MinimalAccountExecuteTest:test_Execute_RevertsWhenCalledByNonOperator() (gas: 20569)
 MinimalAccountExecuteTest:test_Execute_RevertsWhenCalledByOwner() (gas: 21440)
@@ -82,22 +82,22 @@ OZAccountSetECDSASignerTest:test_SetECDSASigner_SucceedsWhenCalledByOwner() (gas
 PackHeaderHashTest:test_correctlyPacks() (gas: 9961)
 PackHeaderHashTest:test_correctlyPacks_max() (gas: 9962)
 PackHeaderHashTest:test_correctlyPacks_zero() (gas: 9938)
-PackPublicInputsTest:test_correctlyPacksPublicInputsForClaimEnsCommand() (gas: 736249)
-PackPublicInputsTest:test_correctlyPacksPublicInputsForClaimHandleCommand() (gas: 372719)
-PackPublicInputsTest:test_correctlyPacksPublicInputsForLinkEmailCommand() (gas: 733503)
-PackPublicInputsTest:test_correctlyPacksPublicInputsForLinkHandleCommand() (gas: 332153)
+PackPublicInputsTest:test_correctlyPacksPublicInputsForClaimEnsCommand() (gas: 738494)
+PackPublicInputsTest:test_correctlyPacksPublicInputsForClaimHandleCommand() (gas: 375784)
+PackPublicInputsTest:test_correctlyPacksPublicInputsForLinkEmailCommand() (gas: 735748)
+PackPublicInputsTest:test_correctlyPacksPublicInputsForLinkHandleCommand() (gas: 335218)
 PredictAddressTest:test_DifferentNodesGiveDifferentAddresses() (gas: 10105)
 PredictAddressTest:test_ReturnsConsistentAddress() (gas: 10739)
-ProveAndClaimTest:test_passesForValidCommand() (gas: 1586107)
-ProveAndClaimTest:test_revertsWhen_doubleUseOfNullifier() (gas: 1588258)
-ProveAndClaimTest:test_revertsWhen_invalidCommand() (gas: 1360098)
+ProveAndClaimTest:test_passesForValidCommand() (gas: 1589172)
+ProveAndClaimTest:test_revertsWhen_doubleUseOfNullifier() (gas: 1591323)
+ProveAndClaimTest:test_revertsWhen_invalidCommand() (gas: 1363163)
 ResolverRegistrarIntegrationTest:test_ResolverAddressMatchesForMultipleHandles() (gas: 1042221)
-ResolverRegistrarIntegrationTest:test_ResolverReturnsDeployedAddressAfterClaim() (gas: 3405589)
+ResolverRegistrarIntegrationTest:test_ResolverReturnsDeployedAddressAfterClaim() (gas: 3408654)
 ResolverRegistrarIntegrationTest:test_ResolverReturnsPredictedAddressBeforeClaim() (gas: 43666)
 ResolverRegistrarIntegrationTest:test_ResolverRevertsWhenRegistrarNotSet() (gas: 1511420)
 ResolverRegistrarIntegrationTest:test_ResolverUpdatesWhenRegistrarChanged() (gas: 1563682)
 SetRecordTest:test_revertsWhen_nonOwner() (gas: 18682)
-SetRecordTest:test_setsRecordCorrectlyIfOwner() (gas: 1597436)
+SetRecordTest:test_setsRecordCorrectlyIfOwner() (gas: 1600501)
 UnpackHeaderHashTest:test_correctlyUnpacks() (gas: 9665)
 UnpackHeaderHashTest:test_correctlyUnpacks_max() (gas: 9621)
 UnpackHeaderHashTest:test_correctlyUnpacks_zero() (gas: 9619)

Summary by CodeRabbit

• Chores

  • Updated OpenZeppelin contracts to pre-release versions 5.6.0-rc.0

• Refactor

  • Optimized verification logic implementation

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Note

Other AI code review bot(s) detected

CodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review.

📝 Walkthrough

Walkthrough

Updated OpenZeppelin contract dependencies to 5.6.0-rc.0 and refactored two verifier contracts to replace in-place memory copy operations (_copyTo helper) with direct field replacement (fields.replace), eliminating the private helper function while maintaining functional equivalence.

Changes

Cohort / File(s)	Summary
Dependency Update package.json	Updated @openzeppelin/contracts and @openzeppelin/contracts-upgradeable from 5.5.0 to 5.6.0-rc.0
Verifier Refactoring src/verifiers/EmailAuthVerifier.sol, src/verifiers/HandleVerifier.sol	Replaced in-place memory copy calls using _copyTo helper with direct fields.replace calls for populating public input fields (DOMAIN_NAME, MASKED_COMMAND, EMAIL_ADDRESS, HEADER_HASH, COMMAND, HANDLE, SENDER_DOMAIN). Removed _copyTo helper function from EmailAuthVerifier. Packing logic and field offsets remain unchanged.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 We hop with glee, refactoring with care,
Swapping _copyTo for fields so fair,
Direct replacements, cleaner and bright,
OpenZeppelin bumped to the rc height,
The verifiers now dance in simpler delight! ✨

Pre-merge checks

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: updating to use the Arrays#replace utility from OpenZeppelin v5.6.0-rc.0, which is reflected in both the dependency updates and the refactoring of packing logic across multiple verifier files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

src/verifiers/HandleVerifier.sol (1)

148-153: Remove unused _copyTo function.

The _copyTo helper function is no longer used after migrating to fields.replace(). This is dead code that should be removed to improve maintainability.

🔎 Proposed removal

-    function _copyTo(bytes32[] memory fields, uint256 offset, bytes32[] memory data) private pure {
-        // solhint-disable-next-line no-inline-assembly
-        assembly ("memory-safe") {
-            mcopy(add(add(0x20, fields), mul(offset, 0x20)), add(0x20, data), mul(mload(data), 0x20))
-        }
-    }

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 823bf6d and 9ab7bdb.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (8)

• package.json
• src/verifiers/EmailAuthVerifier.sol
• src/verifiers/HandleVerifier.sol
• src/verifiers/LinkEmailCommandVerifier.sol
• src/verifiers/ProveAndClaimCommandVerifier.sol
• test/fixtures/handleCommand/HonkVerifier.sol
• test/src/verifiers/ClaimHandleCommandVerifier/Encode.t.sol
• test/src/verifiers/LinkHandleCommandVerifier/Encode.t.sol

🧰 Additional context used

🪛 GitHub Actions: CI

package.json

[error] 1-1: Prettier/formatting check failed due to code style issues detected by prettier in the repository.

src/verifiers/EmailAuthVerifier.sol

[error] 157-159: Prettier formatting changes detected in EmailAuthVerifier.sol during 'yarn fmt:check'.

src/verifiers/ProveAndClaimCommandVerifier.sol

[error] 35-40: Prettier formatting changes detected in ProveAndClaimCommandVerifier.sol. Constructor formatting differs from expected style.

src/verifiers/LinkEmailCommandVerifier.sol

[error] 30-35: Prettier formatting changes detected in LinkEmailCommandVerifier.sol. Constructor formatting differs from expected style.

test/src/verifiers/ClaimHandleCommandVerifier/Encode.t.sol

[error] 45-51: Prettier formatting changes detected in Encode.t.sol for ClaimHandleCommandVerifier tests (function _assertEq signature formatting).

test/fixtures/handleCommand/HonkVerifier.sol

[error] 141-141: Prettier formatting changes detected in test fixture HonkVerifier.sol (field order comment formatting).

test/src/verifiers/LinkHandleCommandVerifier/Encode.t.sol

[error] 39-45: Prettier formatting changes detected in Encode.t.sol for LinkHandleCommandVerifier tests (function _assertEq signature formatting).

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Agent

🔇 Additional comments (8)

test/src/verifiers/ClaimHandleCommandVerifier/Encode.t.sol (1)

45-51: Formatting-only change: multiline function signature.

The _assertEq function signature has been reformatted to span multiple lines. No behavioral changes.

test/src/verifiers/LinkHandleCommandVerifier/Encode.t.sol (1)

39-45: Formatting-only change: multiline function signature.

The _assertEq function signature has been reformatted to span multiple lines. No behavioral changes.

test/fixtures/handleCommand/HonkVerifier.sol (1)

141-141: Formatting-only changes: comment and whitespace alignment.

All changes in this file are formatting adjustments (comment alignment, whitespace normalization). No semantic or behavioral changes.

Also applies to: 266-269, 1167-1168, 1287-1288, 1295-1296, 1341-1344, 1371-1372, 1423-1426, 1567-1567

src/verifiers/ProveAndClaimCommandVerifier.sol (1)

35-40: Formatting-only change: multiline constructor declaration.

The constructor has been reformatted to a multiline parameter list. Parameters and base constructor call remain unchanged.

src/verifiers/LinkEmailCommandVerifier.sol (1)

30-35: Formatting-only change: multiline constructor declaration.

The constructor has been reformatted to a multiline parameter list. Parameters and base constructor call remain unchanged.

src/verifiers/EmailAuthVerifier.sol (2)

157-158: Formatting-only change: validation check reformatted.

The field element validation has been reformatted to fewer lines. Logic remains unchanged.

---

185-187: LGTM: Migrated to OpenZeppelin's Arrays.replace utility.

The code now uses fields.replace() from OpenZeppelin v5.6.0-rc.0 instead of the custom _copyTo helper. The offsets and packing logic remain unchanged, preserving the same public inputs layout.

Note: The PR description mentions this change sanitizes inputs but increases gas costs. The gas diff provided shows the impact is acceptable.

Also applies to: 191-193, 195-196, 197-200

src/verifiers/HandleVerifier.sol (1)

103-112: LGTM: Migrated to OpenZeppelin's Arrays.replace utility.

The code now uses fields.replace() from OpenZeppelin v5.6.0-rc.0 for all public input packing operations. The offsets and packing logic remain unchanged.

[Copilot]

Pull request overview

This PR upgrades OpenZeppelin contracts from v5.5.0 to v5.6.0-rc.0 to leverage the new Arrays.replace utility function. The custom _copyTo function in EmailAuthVerifier.sol has been removed and all array splice operations now use OpenZeppelin's standardized Arrays.replace method. While this increases gas costs slightly due to input sanitization in the OpenZeppelin implementation, it improves code maintainability by using well-tested library functions.

Key Changes:

• Upgraded OpenZeppelin contracts and contracts-upgradeable to v5.6.0-rc.0
• Replaced custom _copyTo function with Arrays.replace from OpenZeppelin
• Applied consistent code formatting improvements across multiple files

Reviewed changes

Copilot reviewed 8 out of 9 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
package.json	Updated OpenZeppelin dependencies to v5.6.0-rc.0
yarn.lock	Updated dependency lock file to reflect new OpenZeppelin versions
src/verifiers/EmailAuthVerifier.sol	Removed custom _copyTo function and replaced usages with Arrays.replace; reformatted validation logic
src/verifiers/HandleVerifier.sol	Replaced _copyTo calls with Arrays.replace in _packPublicInputs method
src/verifiers/ProveAndClaimCommandVerifier.sol	Reformatted constructor for better readability
src/verifiers/LinkEmailCommandVerifier.sol	Reformatted constructor for better readability
test/src/verifiers/LinkHandleCommandVerifier/Encode.t.sol	Reformatted _assertEq function signature
test/src/verifiers/ClaimHandleCommandVerifier/Encode.t.sol	Reformatted _assertEq function signature
test/fixtures/handleCommand/HonkVerifier.sol	Improved comment formatting and indentation throughout the file

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

Files with missing lines	Coverage Δ
src/verifiers/EmailAuthVerifier.sol	91.89% <100.00%> (-0.42%)	⬇️
src/verifiers/HandleVerifier.sol	84.00% <100.00%> (-8.00%)	⬇️

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

src/verifiers/EmailAuthVerifier.sol (1)

184-204: Review mixing of direct assignment and replace for single-field values.

The function uses direct assignment for some single-field values (lines 189-191, 195) but uses replace for others (line 196: isCodeExist). This inconsistency suggests:

1. CircomUtils.packBool returns a bytes32[] array (requiring replace)
2. Raw values like publicKeyHash can be directly assigned

While this is likely correct, consider documenting why some single-field values require packing/replacement while others don't. This will help future maintainers understand the distinction.

📝 Optional: Add clarifying comment

         fields[ACCOUNT_SALT_OFFSET] = publicInputs.accountSalt;
+        // Note: packBool returns bytes32[] even for single field, hence replace is used
         fields.replace(IS_CODE_EXIST_OFFSET, CircomUtils.packBool(publicInputs.isCodeExist));
+        // Note: packPubKey returns bytes32[17] for the decomposed public key
         fields.replace(MISCELLANEOUS_DATA_OFFSET, EnsUtils.packPubKey(publicInputs.miscellaneousData));

📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9ab7bdb and f69488f.

📒 Files selected for processing (1)

• src/verifiers/EmailAuthVerifier.sol

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: test
• GitHub Check: coverage

🔇 Additional comments (4)

src/verifiers/EmailAuthVerifier.sol (4)

192-194: LGTM: Masked command packing migrated correctly.

The replacement logic for maskedCommand correctly uses the defined offset (12) and the packed array from CircomUtils.packFieldsArray with the appropriate size (605 bytes). The migration maintains functional equivalence with the removed _copyTo helper.

---

198-201: LGTM: Email address packing migrated correctly.

The replacement logic for emailAddress correctly uses the defined offset (51) and packs the final 9 fields of the 60-element public inputs array. The migration maintains the documented structure and functional equivalence.

---

197-197: EnsUtils.packPubKey correctly packs the DKIM public key into 17 bytes32 elements.

The function returns bytes32[] memory with exactly 17 elements (line 77 of src/utils/EnsUtils.sol), matching MISCELLANEOUS_DATA_NUM_FIELDS. The offset at line 197 is correct and the field replacement properly handles the full 17-element array.

---

186-188: No issues found with the Arrays.replace usage.

The migration to OpenZeppelin's Arrays.replace is correct. This method has been available and stable since OpenZeppelin Contracts v5.1 (October 2024), and the code properly uses it to replace array segments at specified offsets. The method is fully tested and used throughout the ecosystem. While v5.6.0-rc.0 is a release candidate, the Arrays.replace functionality itself is not new—it was stabilized in v5.1 and remains unchanged in the RC.