From 9b32346ebd5f0b6b22103fd0ef6d336869d7ddd7 Mon Sep 17 00:00:00 2001
From: Alexander Shcherbakov <alexander.sherbakov@dsr-corporation.com>
Date: Fri, 28 Jan 2022 00:30:19 +0300
Subject: [PATCH] light: Fix absence proof verification by light client (#7639)

- use the full key path to pass to the VerifyAbsence function
---
 CHANGELOG_PENDING.md |  2 ++
 light/rpc/client.go  | 23 ++++++++++++-----------
 2 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/CHANGELOG_PENDING.md b/CHANGELOG_PENDING.md
index 6073ec802..8dccb8dd3 100644
--- a/CHANGELOG_PENDING.md
+++ b/CHANGELOG_PENDING.md
@@ -70,3 +70,5 @@ Special thanks to external contributors on this release:
 ### BUG FIXES
 
 - fix: assignment copies lock value in `BitArray.UnmarshalJSON()` (@lklimek)
+- [light] \#7640 Light Client: fix absence proof verification (@ashcherbakov)
+- [light] \#7641 Light Client: fix querying against the latest height (@ashcherbakov)
diff --git a/light/rpc/client.go b/light/rpc/client.go
index 51dd6e3c0..79158f452 100644
--- a/light/rpc/client.go
+++ b/light/rpc/client.go
@@ -196,24 +196,25 @@ func (c *Client) ABCIQueryWithOptions(ctx context.Context, path string, data tmb
 	}
 
 	// Validate the value proof against the trusted header.
-	if resp.Value != nil {
-		// 1) build a Merkle key path from path and resp.Key
-		if c.keyPathFn == nil {
-			return nil, errors.New("please configure Client with KeyPathFn option")
-		}
 
-		kp, err := c.keyPathFn(path, resp.Key)
-		if err != nil {
-			return nil, fmt.Errorf("can't build merkle key path: %w", err)
-		}
+	// build a Merkle key path from path and resp.Key
+	if c.keyPathFn == nil {
+		return nil, errors.New("please configure Client with KeyPathFn option")
+	}
 
-		// 2) verify value
+	kp, err := c.keyPathFn(path, resp.Key)
+	if err != nil {
+		return nil, fmt.Errorf("can't build merkle key path: %w", err)
+	}
+
+	// verify value
+	if resp.Value != nil {
 		err = c.prt.VerifyValue(resp.ProofOps, l.AppHash, kp.String(), resp.Value)
 		if err != nil {
 			return nil, fmt.Errorf("verify value proof: %w", err)
 		}
 	} else { // OR validate the absence proof against the trusted header.
-		err = c.prt.VerifyAbsence(resp.ProofOps, l.AppHash, string(resp.Key))
+		err = c.prt.VerifyAbsence(resp.ProofOps, l.AppHash, kp.String())
 		if err != nil {
 			return nil, fmt.Errorf("verify absence proof: %w", err)
 		}