Skip to content

Add Math.modExp and a Panic library #3298

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 60 commits into from
Feb 2, 2024
Merged

Add Math.modExp and a Panic library #3298

Show file tree
Hide file tree
Changes from 49 commits
Commits
Show all changes
60 commits
Select commit Hold shift + click to select a range
91e39eb
Added Wrapper Library for ModularExponentiation along with tests.
mw2000 Mar 27, 2022
712a0f3
Fixed linting issues.
mw2000 Mar 27, 2022
77f33ea
Added function to Math.sol and migrated tests.
mw2000 Apr 9, 2022
4683f26
Merge branch 'master' into modular-exponentiation-precompile-wrapper-…
mw2000 Dec 23, 2022
7489ce4
Merge remote-tracking branch 'origin/master' into modular-exponentiat…
mw2000 Jun 8, 2023
d576641
Added tests
mw2000 Jun 9, 2023
0d78d29
Fixed lint
mw2000 Jun 9, 2023
5d99ed8
Added changeset
mw2000 Jun 9, 2023
acb16f2
Merge branch 'master' into modular-exponentiation-precompile-wrapper-…
mw2000 Jun 9, 2023
d7e81cf
Fixed codespell error
mw2000 Jun 9, 2023
85187dd
Fixed function calling in tests
mw2000 Jun 10, 2023
d458765
Merge branch 'master' into modular-exponentiation-precompile-wrapper-…
mw2000 Jun 11, 2023
01badeb
Update contracts/utils/math/Math.sol
Amxx Jun 12, 2023
a1c1439
Added a restriction to e
mw2000 Jun 25, 2023
d81d69d
Merge branch 'modular-exponentiation-precompile-wrapper-#1985' of htt…
mw2000 Jun 25, 2023
6e8cced
Merge branch 'master' into modular-exponentiation-precompile-wrapper-…
mw2000 Jun 25, 2023
fd7b8de
All args should be non-zero
mw2000 Jun 25, 2023
26a036e
Seperating the e and m != 0 out
mw2000 Jun 25, 2023
4ba0a29
Fixed test when m = 1
mw2000 Nov 8, 2023
988c950
Merge branch 'master' into modular-exponentiation-precompile-wrapper-…
mw2000 Nov 8, 2023
c08ac50
Added last bracket.
mw2000 Nov 8, 2023
98f7994
Fixed lint issues
mw2000 Nov 8, 2023
f634aab
Merge branch 'master' into modular-exponentiation-precompile-wrapper-…
mw2000 Dec 24, 2023
66a0c1f
Added custom errors + tests for it
mw2000 Dec 24, 2023
eecd818
Added comments for errors
mw2000 Dec 24, 2023
1583160
Added a not to be reverted for custom error
mw2000 Dec 24, 2023
19ead8e
Merge branch 'master' into modular-exponentiation-precompile-wrapper-…
Amxx Jan 25, 2024
8cf355f
better fuzzing for modexp
Amxx Jan 25, 2024
113e85e
cleanup tests
Amxx Jan 25, 2024
4e1cf0d
Update .changeset/shiny-poets-whisper.md
Amxx Jan 25, 2024
6d7c154
return 0 instead of reverting in case of error
Amxx Jan 25, 2024
84b285d
fallback to revert
Amxx Jan 25, 2024
9e73f46
simplification
Amxx Jan 25, 2024
76c9afa
cleanup
Amxx Jan 25, 2024
1ff0776
Refactor fuzz test
ernestognw Jan 29, 2024
f84b1b6
Lint
ernestognw Jan 29, 2024
fe32a38
mulDiv fuzzing with no external
Amxx Jan 29, 2024
4accc2e
modExp in assembly to avoid memory leaks
Amxx Jan 31, 2024
cfd80e9
optimise and mark as memory-safe
Amxx Jan 31, 2024
526d6b9
add note about using Ferma's little theorem to compute inverse in big…
Amxx Jan 31, 2024
3718090
Add utils/Panic.sol library
Amxx Feb 1, 2024
cd2f2e9
add missing files
Amxx Feb 1, 2024
104002e
fix lint
Amxx Feb 1, 2024
d149ea6
mark constants as internal
Amxx Feb 1, 2024
05aa60e
slither disable
Amxx Feb 1, 2024
f352681
add unit testing for Panic
Amxx Feb 1, 2024
32ea4bb
Update test/utils/Panic.test.js
Amxx Feb 1, 2024
2e962c8
fix lint
Amxx Feb 1, 2024
275c959
Update Panic.sol
Amxx Feb 1, 2024
24cd52a
Implement tryMod
ernestognw Feb 2, 2024
50374a1
Implement review suggestions
ernestognw Feb 2, 2024
ee91836
fix tryModExp behavior and test
Amxx Feb 2, 2024
d13e52d
better vm.expectRevert check
Amxx Feb 2, 2024
969e259
use stdErrors for forge-std
Amxx Feb 2, 2024
e64c3f9
remove unecessary import
Amxx Feb 2, 2024
06220be
add a mock to force import libraries
Amxx Feb 2, 2024
9137bae
rename panic codes following libsolutil
Amxx Feb 2, 2024
81e8ba0
fix lint
Amxx Feb 2, 2024
2b72050
Merge branch 'master' into modular-exponentiation-precompile-wrapper-…
Amxx Feb 2, 2024
2fc20d4
Nits
ernestognw Feb 2, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions .changeset/shiny-poets-whisper.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
'openzeppelin-solidity': minor
---

`Math`: Add `modExp` function that exposes the `EIP-198` precompile.
5 changes: 5 additions & 0 deletions .changeset/silver-swans-promise.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
'openzeppelin-solidity': minor
---

`Panic`: Add a library for reverting with panic codes.
28 changes: 28 additions & 0 deletions contracts/utils/Panic.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
// SPDX-License-Identifier: MIT

pragma solidity ^0.8.20;

/**
* @dev Helper library for emitting standardized panic codes.
*/
// slither-disable-next-line unused-state
library Panic {
uint256 internal constant ASSERTION_ERROR = 0x1;
uint256 internal constant ARITHMETIC_UNDER_OR_OVERFLOW = 0x11;
uint256 internal constant DIVISION_BY_ZERO = 0x12;
uint256 internal constant ENUM_CONVERSION_OUT_OF_BOUNDS = 0x21;
uint256 internal constant INCORRECTLY_ENCODED_STORAGE_BYTE_ARRAY = 0x22;
uint256 internal constant POP_ON_EMPTY_ARRAY = 0x31;
uint256 internal constant ARRAY_ACCESS_OUT_OF_BOUNDS = 0x32;
uint256 internal constant TOO_MUCH_MEMORY_ALLOCATED = 0x41;
uint256 internal constant ZERO_INITIALIZED_VARIABLE = 0x51;
Copy link
Member

@ernestognw ernestognw Feb 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's document these, as their meaning might not be obvious to users using the library without knowing these are already defined by Solidity.

Also, let's consider the original names given in the Solidity repo.

Suggested change
uint256 internal constant ASSERTION_ERROR = 0x1;
uint256 internal constant ARITHMETIC_UNDER_OR_OVERFLOW = 0x11;
uint256 internal constant DIVISION_BY_ZERO = 0x12;
uint256 internal constant ENUM_CONVERSION_OUT_OF_BOUNDS = 0x21;
uint256 internal constant INCORRECTLY_ENCODED_STORAGE_BYTE_ARRAY = 0x22;
uint256 internal constant POP_ON_EMPTY_ARRAY = 0x31;
uint256 internal constant ARRAY_ACCESS_OUT_OF_BOUNDS = 0x32;
uint256 internal constant TOO_MUCH_MEMORY_ALLOCATED = 0x41;
uint256 internal constant ZERO_INITIALIZED_VARIABLE = 0x51;
/// @dev Called `assert` with an argument that evaluates to `false`.
uint256 internal constant ASSERT = 0x1;
/// @dev An arithmetic operation resulted in underflow or overflow.
uint256 internal constant UNDER_OVERFLOW = 0x11;
/// @dev Division or modulo operation by 0 (i.e. `x / 0` or `x % 0`).
uint256 internal constant DIVISION_BY_ZERO = 0x12;
/// @dev A number greater than 255 or negative was wrapped in an `enum`.
uint256 internal constant ENUM_CONVERSION_ERROR = 0x21;
/// ???
uint256 internal constant STORAGE_ENCODING_ERROR = 0x22;
/// @dev Attempted to `pop` an element out of an empty array.
uint256 internal constant EMPTY_ARRAY_POP = 0x31;
/// @dev Attempted to access an out-of-bound index at an empty array
/// (i.e. `x[i]` where `i >= x.length` or `i < 0`).
uint256 internal constant ARRAY_OUT_OF_BOUNDS = 0x32;
/// @dev If you allocate too much memory or create an array that is too large.
uint256 internal constant RESOURCE_ERROR = 0x41;
/// @dev Called an uninitialized internal function pointer.
uint256 internal constant INVALID_INTERNAL_FUNCTION = 0x51;

Note I don't know how to trigger the 0x22 code. Also, I couldn't find what "too large" means in code 0x41

Copy link
Collaborator

@Amxx Amxx Feb 2, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I used the name for hardhat helpers, which is handy for testing. I'm open to using Solidity's names, but then testing will be a bit more confusing.


function panic(uint256 code) internal pure {
Copy link
Member

@ernestognw ernestognw Feb 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right now anyone can call Panic.code(0xff) when 0xff is not in the "official" list (I'm not sure what "official" even means in this context).

I'm not sure how frequently Solidity adds (or changes) the panic codes, but imagine the following situation:

  • We release this Panic library
  • Some protocol start using Panic.code(0x420)
  • Solidity releases a new panic code in 0.9.0 using the same code (0x420)

Wouldn't it be bad that the same revert code has different meanings?

Copy link
Member

@ernestognw ernestognw Feb 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Alternatively we can generate this library procedurally wth the codes, such that users can do:

Panic.ASSERTION_ERROR();

Copy link
Collaborator

@Amxx Amxx Feb 2, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not too worried about users emitting random panic code ... but I'm not fundamentally opposed to making panic(uint256) private and having functions like

function TooMuchMemoryAllocated() internal pure { _panic(0x41); }

We would have to make them CamelCase though.

Copy link
Collaborator

@Amxx Amxx Feb 2, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The thing, if new panic code are ever added, the current version would allow users to use them without us having to do a release.
I'm also thinking, what if some L2 whant to use specific panic codes for some crosschain stuff. We won't want to add them to the library, but users will want to emit them.

Copy link
Member

@ernestognw ernestognw Feb 2, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We would have to make them CamelCase though.

Agree with this syntax.

The thing, if new panic code are ever added, the current version would allow users to use them without us having to do a release.

Right, good point. If the goal is to provide a workaround then I would be fine if we release the panic(uint256) function, although I'd suggest naming it _panic(uint256) and making it internal instead.

I know this is kind of the same thing but I feel the design of the library API is more friendly if we keep each panic code function and also the custom _panic for the following reasons:

  • The developers will have defined functions out of the box without the need to check the internal constants.
  • When using functions in editors like VSCode, the NatSpec shows up. Developers will have each panic code explained in their IDEs (I think this doesn't happen with the constants)
  • I realized it doesn't make sense for a protocol to rely on external contracts returning a panic code, it's easily exploitable and not 100% reliable anyway. It's worth keeping it but underscoring _panic helps signaling that the function is not intended for direct access but as a fallback for custom use cases.

Would you agree with this?

Copy link
Collaborator

@Amxx Amxx Feb 2, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The linter rules are not ok with that, and I think we should follow them:

  • Constant must be SNAKE_CASE
  • Library internal functions should not have leading underscore

The developers will have defined functions out of the box without the need to check the internal constants.

I'm not sure that is a good point. When testing panic code with hardhat you do

expect(...).to.be.revertedWithPanic(PANIC_CODE.ARITHMETIC_UNDER_OR_OVERFLOW)

you don't to

expect(...).to.be.revertedWithPanicArithmeticUnderOrOverflow();

Copy link
Collaborator

@Amxx Amxx Feb 2, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the current version is simple and effective. It's targetting advanced users anyway.

Copy link
Member

@ernestognw ernestognw Feb 2, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure that is a good point. When testing panic code with hardhat you do

expect(...).to.be.revertedWithPanic(PANIC_CODE.ARITHMETIC_UNDER_OR_OVERFLOW)

Fair

I think the cureent version is simple and effective. It's targetting advanced users anyway.

We should document the function then. Currently it allows panicking with anything it I think it needs some usage instructions in both the contracts NatSpec and the panic funciton itself

/// @solidity memory-safe-assembly
assembly {
mstore(0x00, shl(0xe0, 0x4e487b71))
mstore(0x04, code)
revert(0x00, 0x24)
}
}
}
41 changes: 34 additions & 7 deletions contracts/utils/math/Math.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,15 +3,12 @@

pragma solidity ^0.8.20;

import {Panic} from "../Panic.sol";

/**
* @dev Standard math utilities missing in the Solidity language.
*/
library Math {
/**
* @dev Muldiv operation overflow.
*/
error MathOverflowedMulDiv();

enum Rounding {
Floor, // Toward negative infinity
Ceil, // Toward positive infinity
Expand Down Expand Up @@ -107,7 +104,7 @@ library Math {
function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {
if (b == 0) {
// Guarantee the same behavior as in a regular Solidity division.
return a / b;
Panic.panic(Panic.DIVISION_BY_ZERO);
}

// The following calculation ensures accurate ceiling division without overflow.
Expand Down Expand Up @@ -149,7 +146,7 @@ library Math {

// Make sure the result is less than 2^256. Also prevents denominator == 0.
if (denominator <= prod1) {
revert MathOverflowedMulDiv();
Panic.panic(denominator == 0 ? Panic.DIVISION_BY_ZERO : Panic.ARITHMETIC_UNDER_OR_OVERFLOW);
}

///////////////////////////////////////////////
Expand Down Expand Up @@ -226,6 +223,9 @@ library Math {
* If n is not a prime, then Z/nZ is not a field, and some elements might not be inversible.
*
* If the input value is not inversible, 0 is returned.
*
* Note: If you know for sure that n is (big) a prime, it may be cheaper to use Ferma's little theorem and get the
* inverse using `Math.modExp(a, n - 2, n)`.
*/
function invMod(uint256 a, uint256 n) internal pure returns (uint256) {
unchecked {
Expand Down Expand Up @@ -275,6 +275,33 @@ library Math {
}
}

/**
* @dev Returns the modular exponentiation of the specified base, exponent and modulus (b ** e % m)
*
* Requirements:
* - modulus can't be zero
* - result should be obtained successfully
*/
function modExp(uint256 b, uint256 e, uint256 m) internal view returns (uint256 result) {
if (m == 0) {
Panic.panic(Panic.DIVISION_BY_ZERO);
}
/// @solidity memory-safe-assembly
assembly {
let ptr := mload(0x40)
mstore(ptr, 0x20)
mstore(add(ptr, 0x20), 0x20)
mstore(add(ptr, 0x40), 0x20)
mstore(add(ptr, 0x60), b)
mstore(add(ptr, 0x80), e)
mstore(add(ptr, 0xa0), m)
if iszero(staticcall(gas(), 0x05, ptr, 0xc0, ptr, 0x20)) {
revert(0, 0)
}
result := mload(ptr)
}
}

/**
* @dev Returns the square root of a number. If the number is not a perfect square, the value is rounded
* towards zero.
Expand Down
4 changes: 2 additions & 2 deletions scripts/generate/templates/Checkpoints.t.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,14 +26,14 @@ function _bound${capitalize(opts.keyTypeName)}(
${opts.keyTypeName} x,
${opts.keyTypeName} min,
${opts.keyTypeName} max
) internal view returns (${opts.keyTypeName}) {
) internal pure returns (${opts.keyTypeName}) {
return SafeCast.to${capitalize(opts.keyTypeName)}(bound(uint256(x), uint256(min), uint256(max)));
}

function _prepareKeys(
${opts.keyTypeName}[] memory keys,
${opts.keyTypeName} maxSpread
) internal view {
) internal pure {
${opts.keyTypeName} lastKey = 0;
for (uint256 i = 0; i < keys.length; ++i) {
${opts.keyTypeName} key = _bound${capitalize(opts.keyTypeName)}(keys[i], lastKey, lastKey + maxSpread);
Expand Down
26 changes: 26 additions & 0 deletions test/utils/Panic.test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
const { ethers } = require('hardhat');
const { expect } = require('chai');
const { loadFixture } = require('@nomicfoundation/hardhat-network-helpers');
const { PANIC_CODES } = require('@nomicfoundation/hardhat-chai-matchers/panic');

async function fixture() {
return { mock: await ethers.deployContract('$Panic') };
}

describe('Panic', function () {
beforeEach(async function () {
Object.assign(this, await loadFixture(fixture));
});

for (const [name, code] of Object.entries(PANIC_CODES)) {
describe(name, function () {
it('exposes panic code as constant', async function () {
expect(await this.mock.getFunction(`$${name}`)()).to.equal(code);
});

it(`throw panic code ${ethers.toBeHex(code)}`, async function () {
await expect(this.mock.$panic(code)).to.be.revertedWithPanic(code);
});
});
}
});
37 changes: 24 additions & 13 deletions test/utils/math/Math.t.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -186,7 +186,7 @@ contract MathTest is Test {
// Full precision for q * d
(uint256 qdHi, uint256 qdLo) = _mulHighLow(q, d);
// Add remainder of x * y / d (computed as rem = (x * y % d))
(uint256 qdRemLo, uint256 c) = _addCarry(qdLo, _mulmod(x, y, d));
(uint256 qdRemLo, uint256 c) = _addCarry(qdLo, mulmod(x, y, d));
uint256 qdRemHi = qdHi + c;

// Full precision check that x * y = q * d + rem
Expand All @@ -201,14 +201,31 @@ contract MathTest is Test {
vm.assume(xyHi >= d);

// we are outside the scope of {testMulDiv}, we expect muldiv to revert
try this.muldiv(x, y, d) returns (uint256) {
fail();
} catch {}
vm.expectRevert();
Math.mulDiv(x, y, d);
}

// External call
function muldiv(uint256 x, uint256 y, uint256 d) external pure returns (uint256) {
return Math.mulDiv(x, y, d);
// MOD EXP
function testModExp(uint256 b, uint256 e, uint256 m) public {
if (m == 0) {
vm.expectRevert(); // panic 0x12
}
uint256 result = Math.modExp(b, e, m);
assertTrue(result < m);
assertEq(result, _nativeModExp(b, e, m));
}

function _nativeModExp(uint256 b, uint256 e, uint256 m) private pure returns (uint256) {
if (m == 1) return 0;
uint256 r = 1;
while (e > 0) {
if (e % 2 > 0) {
r = mulmod(r, b, m);
}
b = mulmod(b, b, m);
e >>= 1;
}
return r;
}

// Helpers
Expand All @@ -217,12 +234,6 @@ contract MathTest is Test {
return Math.Rounding(r);
}

function _mulmod(uint256 x, uint256 y, uint256 z) private pure returns (uint256 r) {
assembly {
r := mulmod(x, y, z)
}
}

function _mulHighLow(uint256 x, uint256 y) private pure returns (uint256 high, uint256 low) {
(uint256 x0, uint256 x1) = (x & type(uint128).max, x >> 128);
(uint256 y0, uint256 y1) = (y & type(uint128).max, y >> 128);
Expand Down
25 changes: 21 additions & 4 deletions test/utils/math/Math.test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -222,7 +222,7 @@ describe('Math', function () {
});
});

describe('muldiv', function () {
describe('mulDiv', function () {
it('divide by 0', async function () {
const a = 1n;
const b = 1n;
Expand All @@ -234,9 +234,8 @@ describe('Math', function () {
const a = 5n;
const b = ethers.MaxUint256;
const c = 2n;
await expect(this.mock.$mulDiv(a, b, c, Rounding.Floor)).to.be.revertedWithCustomError(
this.mock,
'MathOverflowedMulDiv',
await expect(this.mock.$mulDiv(a, b, c, Rounding.Floor)).to.be.revertedWithPanic(
PANIC_CODES.ARITHMETIC_UNDER_OR_OVERFLOW,
);
});

Expand Down Expand Up @@ -336,6 +335,24 @@ describe('Math', function () {
}
});

describe('modExp', function () {
it('is correctly calculating modulus', async function () {
const base = 3n;
const exponent = 200n;
const modulus = 50n;

expect(await this.mock.$modExp(base, exponent, modulus)).to.equal(base ** exponent % modulus);
});

it('is correctly reverting when modulus is zero', async function () {
const base = 3n;
const exponent = 200n;
const modulus = 0n;

await expect(this.mock.$modExp(base, exponent, modulus)).to.be.revertedWithPanic(PANIC_CODES.DIVISION_BY_ZERO);
});
});

describe('sqrt', function () {
it('rounds down', async function () {
for (const rounding of RoundingDown) {
Expand Down
12 changes: 6 additions & 6 deletions test/utils/structs/Checkpoints.t.sol
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,11 +17,11 @@ contract CheckpointsTrace224Test is Test {
Checkpoints.Trace224 internal _ckpts;

// helpers
function _boundUint32(uint32 x, uint32 min, uint32 max) internal view returns (uint32) {
function _boundUint32(uint32 x, uint32 min, uint32 max) internal pure returns (uint32) {
return SafeCast.toUint32(bound(uint256(x), uint256(min), uint256(max)));
}

function _prepareKeys(uint32[] memory keys, uint32 maxSpread) internal view {
function _prepareKeys(uint32[] memory keys, uint32 maxSpread) internal pure {
uint32 lastKey = 0;
for (uint256 i = 0; i < keys.length; ++i) {
uint32 key = _boundUint32(keys[i], lastKey, lastKey + maxSpread);
Expand Down Expand Up @@ -125,11 +125,11 @@ contract CheckpointsTrace208Test is Test {
Checkpoints.Trace208 internal _ckpts;

// helpers
function _boundUint48(uint48 x, uint48 min, uint48 max) internal view returns (uint48) {
function _boundUint48(uint48 x, uint48 min, uint48 max) internal pure returns (uint48) {
return SafeCast.toUint48(bound(uint256(x), uint256(min), uint256(max)));
}

function _prepareKeys(uint48[] memory keys, uint48 maxSpread) internal view {
function _prepareKeys(uint48[] memory keys, uint48 maxSpread) internal pure {
uint48 lastKey = 0;
for (uint256 i = 0; i < keys.length; ++i) {
uint48 key = _boundUint48(keys[i], lastKey, lastKey + maxSpread);
Expand Down Expand Up @@ -233,11 +233,11 @@ contract CheckpointsTrace160Test is Test {
Checkpoints.Trace160 internal _ckpts;

// helpers
function _boundUint96(uint96 x, uint96 min, uint96 max) internal view returns (uint96) {
function _boundUint96(uint96 x, uint96 min, uint96 max) internal pure returns (uint96) {
return SafeCast.toUint96(bound(uint256(x), uint256(min), uint256(max)));
}

function _prepareKeys(uint96[] memory keys, uint96 maxSpread) internal view {
function _prepareKeys(uint96[] memory keys, uint96 maxSpread) internal pure {
uint96 lastKey = 0;
for (uint256 i = 0; i < keys.length; ++i) {
uint96 key = _boundUint96(keys[i], lastKey, lastKey + maxSpread);
Expand Down