High risk: malleability of proofOfResidency

[nanaknihal]

The proof should have some way of defending against malleability-related attacks, such as including the prover's address in the proof.

This should be fixed before the production version!

Steps to fix:

1. Make sure Hub's proof function not only checks merkle root but also checks malleability. We could let the proof designers check for malleability in the verifier contract instead of enforcing this at the Hub level, making the protocol a little more flexible. However, I don't see a clear use for that. And if we can forget to check for malleability now, a third-party proof designer may forget to check it later, when it is more mission-critical. Thus, it would be slightly advisable to check it at the Hub contract, to put security over flexibility. But if a use case of that is found, it would be worth revisiting this
2. Implement appropriate tests for step 1 (or even do this step first)
3. Re-upload the proving and verifying keys to S3

[nanaknihal]

Update: msg.sender can be a contract, and msgSender is too much added complexity to implement for V1. However, it is very much on the roadmap to avoid linkability of ID-related data (i.e., can send transactions from proxy accounts so nobody can triangulate you based many proofs you've done from one address). So, for now, checking msg.sender will be done by the individual Verifier contracts

[nanaknihal]

Fixed in commit 2f65111, but not closing until there is a more rigorous audit of malleability to ensure that our one added malleability constraint is sufficient to prevent attacks