add bounds check for proofs

node/consensus/data/data_clock_consensus_engine.go

@@ -618,17 +618,24 @@ func (e *DataClockConsensusEngine) Start() <-chan error {
 				if trie.Contains(peerProvingKeyAddress) {
 					e.logger.Info("creating data shard ring proof", zap.Int("ring", i))
 					outputs := e.PerformTimeProof(frame, frame.Difficulty)
-					if outputs == nil {
+					if outputs == nil || len(outputs) < 3 {
 						e.logger.Error("could not successfully build proof, reattempting")
 						break
 					}
 					modulo := len(outputs)
-					proofTree, payload, output := tries.PackOutputIntoPayloadAndProof(
+					proofTree, payload, output, err := tries.PackOutputIntoPayloadAndProof(
 						outputs,
 						modulo,
 						frame,
 						previousTree,
 					)
+					if err != nil {
+						e.logger.Error(
+							"could not successfully pack proof, reattempting",
+							zap.Error(err),
+						)
+						break
+					}
 					previousTree = proofTree
 
 					sig, err := e.pubSub.SignMessage(

node/tries/proof_leaf.go

@@ -31,7 +31,7 @@ func PackOutputIntoPayloadAndProof(
 	modulo int,
 	frame *protobufs.ClockFrame,
 	previousTree *mt.MerkleTree,
-) (*mt.MerkleTree, []byte, [][]byte) {
+) (*mt.MerkleTree, []byte, [][]byte, error) {
 	tree, err := mt.New(
 		&mt.Config{
 			HashFunc: func(data []byte) ([]byte, error) {
@@ -44,7 +44,7 @@ func PackOutputIntoPayloadAndProof(
 		outputs,
 	)
 	if err != nil {
-		panic(err)
+		return nil, nil, nil, errors.Wrap(err, "pack output into payload and proof")
 	}
 
 	payload := []byte("mint")
@@ -79,7 +79,7 @@ func PackOutputIntoPayloadAndProof(
 		payload = append(payload, previousTree.Leaves[int(pick)]...)
 		output = append(output, previousTree.Leaves[int(pick)])
 	}
-	return tree, payload, output
+	return tree, payload, output, nil
 }
 
 func UnpackAndVerifyOutput(