From 72be5c5d7fb30cd983670871ed2df82fd7469420 Mon Sep 17 00:00:00 2001
From: Serhat Dolmaci <srhtsrht17@gmail.com>
Date: Thu, 18 Jun 2026 23:46:27 +0300
Subject: [PATCH] fix _loadVerified assembly offsets

_loadVerified was reading fields from wrong byte offsets in the packed
certificate metadata. abi.encodePacked lays out the fields as:

  ca(1) || notAfter(8) || maxPathLen(8) || subjectHash(32) || pubKey(48)

But the assembly code was reading from offset 0x1 for ca (should be
0x0), 0x9 for notAfter (should be 0x1), 0x11 for maxPathLen (should
be 0x9), and 0x31 for subjectHash (should be 0x11). Only pubKey was
correct since it uses slice().

The warm cache path reads cert metadata with these wrong offsets, so
every cached cert would get garbage values for ca, notAfter, maxPathLen
and subjectHash.
---
 src/CertManager.sol | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/CertManager.sol b/src/CertManager.sol
index 1a5c0e2..e31ee42 100644
--- a/src/CertManager.sol
+++ b/src/CertManager.sol
@@ -518,10 +518,10 @@ contract CertManager is ICertManager {
         int64 maxPathLen;
         bytes32 subjectHash;
         assembly {
-            ca := mload(add(packed, 0x1))
-            notAfter := mload(add(packed, 0x9))
-            maxPathLen := mload(add(packed, 0x11))
-            subjectHash := mload(add(packed, 0x31))
+            ca := byte(0, mload(packed))
+            notAfter := shr(192, mload(add(packed, 0x01)))
+            maxPathLen := shr(192, mload(add(packed, 0x09)))
+            subjectHash := mload(add(packed, 0x11))
         }
         bytes memory pubKey = packed.slice(0x31, packed.length - 0x31);
         return VerifiedCert({