core/vm, crypto/bn256: fix bn256 use and pairing corner case

core/vm/contracts.go

@@ -307,8 +307,9 @@ func (c *bn256Add) Run(input []byte) ([]byte, error) {
 	if err != nil {
 		return nil, err
 	}
-	x.Add(x, y)
-	return x.Marshal(), nil
+	res := new(bn256.G1)
+	res.Add(x, y)
+	return res.Marshal(), nil
 }
 
 // bn256ScalarMul implements a native elliptic curve scalar multiplication.
@@ -324,8 +325,9 @@ func (c *bn256ScalarMul) Run(input []byte) ([]byte, error) {
 	if err != nil {
 		return nil, err
 	}
-	p.ScalarMult(p, new(big.Int).SetBytes(getData(input, 64, 32)))
-	return p.Marshal(), nil
+	res := new(bn256.G1)
+	res.ScalarMult(p, new(big.Int).SetBytes(getData(input, 64, 32)))
+	return res.Marshal(), nil
 }
 
 var (
@@ -370,8 +372,7 @@ func (c *bn256Pairing) Run(input []byte) ([]byte, error) {
 		ts = append(ts, t)
 	}
 	// Execute the pairing checks and return the results
-	ok := bn256.PairingCheck(cs, ts)
-	if ok {
+	if bn256.PairingCheck(cs, ts) {
 		return true32Byte, nil
 	}
 	return false32Byte, nil

crypto/bn256/bn256.go

@@ -379,16 +379,22 @@ func Pair(g1 *G1, g2 *G2) *GT {
 	return &GT{optimalAte(g2.p, g1.p, new(bnPool))}
 }
 
+// PairingCheck calculates the Optimal Ate pairing for a set of points.
 func PairingCheck(a []*G1, b []*G2) bool {
 	pool := new(bnPool)
-	e := newGFp12(pool)
-	e.SetOne()
+
+	acc := newGFp12(pool)
+	acc.SetOne()
+
 	for i := 0; i < len(a); i++ {
-		new_e := miller(b[i].p, a[i].p, pool)
-		e.Mul(e, new_e, pool)
+		if a[i].p.IsInfinity() || b[i].p.IsInfinity() {
+			continue
 		}
-	ret := finalExponentiation(e, pool)
-	e.Put(pool)
+		acc.Mul(acc, miller(b[i].p, a[i].p, pool), pool)
+	}
+	ret := finalExponentiation(acc, pool)
+	acc.Put(pool)
+
 	return ret.IsOne()
 }
 

crypto/bn256/optate.go

@@ -393,6 +393,5 @@ func optimalAte(a *twistPoint, b *curvePoint, pool *bnPool) *gfP12 {
 	if a.IsInfinity() || b.IsInfinity() {
 		ret.SetOne()
 	}
-
 	return ret
 }