Rotation keys not cleaned up on participant removal. #3
Description
Project version
0.0.0
What happened?
When participants are removed via _removeParticipants(), their rotation keys remain in the Cartesian Merkle Tree and the cumulativeRotationKey is not updated to subtract the corresponding rotation key. This allows removed participants to potentially use stale rotation keys in edge cases or causes incorrect encryption key computation for future proposals.
Minimal reproduction steps
if you Initialize multisig with participants A, B, C\n2. Execute proposal to remove participant A\n3. Observe that A's rotation key remains in CMT and cumulativeRotationKey\n4. On next proposal, encryption key computation uses stale rotation key data.