Merge branch 'main' into dark-pool

Author: olehmisar

apps/interface/src/lib/components/SendForm.svelte

@@ -2,6 +2,7 @@
   import { lib } from "$lib";
   import { requestRollup } from "$lib/utils";
   import { sdk } from "@repo/contracts/sdk";
+  import { TokenAmount } from "@repo/contracts/sdk/RollupService";
   import { Ui } from "@repo/ui";
   import { utils } from "@repo/utils";
   import { assert } from "ts-essentials";
@@ -38,7 +39,10 @@
       secretKey,
       fromNote: note,
       to,
-      amount: BigInt(amount.quotient.toString()),
+      amount: await TokenAmount.from({
+        token: amount.currency.address,
+        amount: BigInt(amount.quotient.toString()),
+      }),
     });
     await requestRollup();
   }

apps/interface/src/lib/index.ts

@@ -38,10 +38,10 @@ const contract = PoolERC20__factory.connect(
 const coreSdk = sdk.createCoreSdk(contract);
 const trees = new sdk.RemoteTreesService(route("POST /api/trees"));
 const interfaceSdk = sdk.createInterfaceSdk(coreSdk, trees, {
-  shield: import("@repo/contracts/noir/target/shield.json"),
-  unshield: import("@repo/contracts/noir/target/unshield.json"),
-  join: import("@repo/contracts/noir/target/join.json"),
-  transfer: import("@repo/contracts/noir/target/transfer.json"),
+  shield: import("@repo/contracts/noir/target/erc20_shield.json"),
+  unshield: import("@repo/contracts/noir/target/erc20_unshield.json"),
+  join: import("@repo/contracts/noir/target/erc20_join.json"),
+  transfer: import("@repo/contracts/noir/target/erc20_transfer.json"),
 });
 const reown = new ReownService(contract);
 const evm = new EvmAccountService();

packages/contracts/.gitignore

@@ -20,3 +20,7 @@ node_modules
 .DS_Store
 
 Prover.toml
+
+data
+configs
+bn254_g*.dat

packages/contracts/contracts/PoolERC20.sol

@@ -46,11 +46,11 @@ contract PoolERC20 is PoolGeneric {
     ) external {
         token.safeTransferFrom(msg.sender, address(this), amount);
 
-        PublicInputs.Type memory pi = PublicInputs.create(2 + 2 + 1);
+        PublicInputs.Type memory pi = PublicInputs.create(1 + 2 + 1);
         pi.push(getNoteHashTree().root);
-        pi.push(getNullifierTree().root);
         pi.push(address(token));
         pi.pushUint256Limbs(amount);
+        // TODO(security): ensure noteHash does not already exist in the noteHashTree. If it exists, the tx will never be rolled up and the money will be lost.
         pi.push(note.noteHash);
         require(
             _poolErc20Storage().shieldVerifier.verify(proof, pi.finish()),
@@ -73,6 +73,9 @@ contract PoolERC20 is PoolGeneric {
         bytes32 nullifier,
         NoteInput calldata changeNote
     ) external {
+        // TODO(security): bring back unshield. It was removed because nullifiers are no longer checked on tx level. Only when the tx is rolled up.
+        require(false, "not implemented");
+
         PublicInputs.Type memory pi = PublicInputs.create(6 + 1);
         // params
         pi.push(getNoteHashTree().root);
@@ -106,10 +109,9 @@ contract PoolERC20 is PoolGeneric {
         NoteInput calldata joinNote
     ) external {
         PublicInputs.Type memory pi = PublicInputs.create(
-            2 + MAX_NOTES_TO_JOIN + 1
+            1 + MAX_NOTES_TO_JOIN + 1
         );
         pi.push(getNoteHashTree().root);
-        pi.push(getNullifierTree().root);
         pi.push(joinNote.noteHash);
         for (uint256 i = 0; i < MAX_NOTES_TO_JOIN; i++) {
             pi.push(nullifiers[i]);
@@ -136,9 +138,8 @@ contract PoolERC20 is PoolGeneric {
         NoteInput calldata changeNote,
         NoteInput calldata toNote
     ) external {
-        PublicInputs.Type memory pi = PublicInputs.create(5);
+        PublicInputs.Type memory pi = PublicInputs.create(4);
         pi.push(getNoteHashTree().root);
-        pi.push(getNullifierTree().root);
         pi.push(changeNote.noteHash);
         pi.push(toNote.noteHash);
         pi.push(nullifier);
@@ -163,9 +164,8 @@ contract PoolERC20 is PoolGeneric {
         NoteInput[4] calldata notes,
         bytes32[2] calldata nullifiers
     ) external {
-        PublicInputs.Type memory pi = PublicInputs.create(8);
+        PublicInputs.Type memory pi = PublicInputs.create(1 + 6);
         pi.push(getNoteHashTree().root);
-        pi.push(getNullifierTree().root);
         pi.push(notes[0].noteHash);
         pi.push(notes[1].noteHash);
         pi.push(notes[2].noteHash);

packages/contracts/contracts/PoolGeneric.sol

@@ -9,15 +9,9 @@ uint32 constant MAX_NOTES_PER_ROLLUP = 64;
 // Note: keep in sync with other languages
 uint32 constant MAX_NULLIFIERS_PER_ROLLUP = 64;
 
-// Note: keep in sync with other languages
-uint256 constant NOTE_HASH_OR_NULLIFIER_STATE_NOT_EXISTS = 0;
-// Note: keep in sync with other languages
-uint256 constant NOTE_HASH_OR_NULLIFIER_STATE_PENDING = 1;
-// Note: keep in sync with other languages
-uint256 constant NOTE_HASH_OR_NULLIFIER_STATE_ROLLED_UP = 2;
-
 struct PendingTx {
     bool rolledUp;
+    // TODO(perf): store a hash of the noteHashes and nullifiers and check when rolling up
     Fr[] noteHashes;
     Fr[] nullifiers;
 }
@@ -32,10 +26,8 @@ contract PoolGeneric {
         IVerifier rollupVerifier;
         PendingTx[] allPendingTxs;
         AppendOnlyTreeSnapshot noteHashTree;
-        mapping(Fr => uint256) noteHashState; // TODO(perf): nuke this
         uint256 noteHashBatchIndex;
         AppendOnlyTreeSnapshot nullifierTree;
-        mapping(Fr => uint256) nullifierState; // TODO(perf): nuke this
         uint256 nullifierBatchIndex;
     }
 
@@ -47,14 +39,12 @@ contract PoolGeneric {
         uint256 indexed index,
         Fr[MAX_NOTES_PER_ROLLUP] noteHashes
     );
-    error NoteHashExists(Fr noteHash);
 
     // TODO(perf): use dynamic array to save on gas costs
     event Nullifiers(
         uint256 indexed index,
         Fr[MAX_NULLIFIERS_PER_ROLLUP] nullifiers
     );
-    error NullifierExists(Fr nullifier);
 
     constructor(IVerifier rollupVerifier_) {
         _poolGenericStorage().rollupVerifier = rollupVerifier_;
@@ -147,20 +137,12 @@ contract PoolGeneric {
         );
         _poolGenericStorage().noteHashTree = newNoteHashTree;
         _poolGenericStorage().nullifierTree = newNullifierTree;
-        // TODO(perf): remove this disgusting gas waste
-        for (uint256 i = 0; i < pendingNoteHashes.length; i++) {
-            _poolGenericStorage().noteHashState[
-                    pendingNoteHashes[i]
-                ] = NOTE_HASH_OR_NULLIFIER_STATE_ROLLED_UP;
-        }
-        // TODO(perf): remove this disgusting gas waste
-        for (uint256 i = 0; i < pendingNullifiers.length; i++) {
-            _poolGenericStorage().nullifierState[
-                    pendingNullifiers[i]
-                ] = NOTE_HASH_OR_NULLIFIER_STATE_ROLLED_UP;
-        }
     }
 
+    /**
+     * @dev REQUIREMENT: noteHashes do not exist in the noteHashTree and nullifiers do not exist in the nullifierTree.
+     * If they do, the tx will never be rolled up.
+     */
     function _PoolGeneric_addPendingTx(
         NoteInput[] memory noteInputs,
         bytes32[] memory nullifiers
@@ -178,28 +160,12 @@ contract PoolGeneric {
 
         for (uint256 i = 0; i < noteInputs.length; i++) {
             Fr noteHash = FrLib.tryFrom(noteInputs[i].noteHash);
-            require(
-                _poolGenericStorage().noteHashState[noteHash] ==
-                    NOTE_HASH_OR_NULLIFIER_STATE_NOT_EXISTS,
-                NoteHashExists(noteHash)
-            );
-            _poolGenericStorage().noteHashState[
-                    noteHash
-                ] = NOTE_HASH_OR_NULLIFIER_STATE_PENDING;
             // TODO(perf): this is a waste of gas
             pendingTx.noteHashes.push(noteHash);
         }
 
         for (uint256 i = 0; i < nullifiers.length; i++) {
             Fr nullifier = FrLib.tryFrom(nullifiers[i]);
-            require(
-                _poolGenericStorage().nullifierState[nullifier] ==
-                    NOTE_HASH_OR_NULLIFIER_STATE_NOT_EXISTS,
-                NullifierExists(nullifier)
-            );
-            _poolGenericStorage().nullifierState[
-                    nullifier
-                ] = NOTE_HASH_OR_NULLIFIER_STATE_PENDING;
             // TODO(perf): this is a waste of gas
             pendingTx.nullifiers.push(nullifier);
         }
@@ -227,14 +193,6 @@ contract PoolGeneric {
         return _poolGenericStorage().nullifierTree;
     }
 
-    function noteHashState(bytes32 noteHash) external view returns (uint256) {
-        return _poolGenericStorage().noteHashState[FrLib.tryFrom(noteHash)];
-    }
-
-    function nullifierState(bytes32 nullifier) external view returns (uint256) {
-        return _poolGenericStorage().nullifierState[FrLib.tryFrom(nullifier)];
-    }
-
     function _poolGenericStorage()
         private
         pure

packages/contracts/noir/.gitignore

@@ -1,4 +1 @@
 target
-data
-configs
-bn254_g*.dat

packages/contracts/noir/common/src/lib.nr

@@ -104,5 +104,4 @@ impl std::cmp::Ord for TokenAmount {
 
 pub struct TreeRoots {
     pub note_hash_root: Field,
-    pub nullifier_root: Field,
 }

packages/contracts/noir/common/src/owned_note.nr

@@ -38,13 +38,6 @@ where
             context.tree_roots().note_hash_root,
         );
         let nullifier = compute_nullifier_of_owned_note(self.note, secret_key);
-        // TODO(perf): optimize consume by checking nullifiers only during rollup
-        merkle_tree::assert_check_non_membership(
-            nullifier,
-            self.nullifier_low_leaf_preimage,
-            self.nullifier_low_leaf_membership_witness,
-            context.tree_roots().nullifier_root,
-        );
         context.push_nullifier(nullifier);
     }
 }

packages/contracts/noir/erc20_unshield/src/main.nr

@@ -12,6 +12,9 @@ fn main(
 ) -> pub common::Result<1, 1> {
     let mut context = common::Context::from(tree_roots);
 
+    // disabled because nullifiers are no longer checked on tx level
+    panic(f"not implemented");
+
     erc20::Token::burn(
         &mut context,
         from_secret_key,

packages/contracts/sdk/NativeUltraPlonkBackend.ts renamed to packages/contracts/sdk/NativeUltraHonkBackend.ts

@@ -1,9 +1,11 @@
+import type { ProofData } from "@aztec/bb.js";
 import type { CompiledCircuit } from "@noir-lang/noir_js";
 import { spawn } from "node:child_process";
 import fs from "node:fs";
 import path from "node:path";
+import { decodeNativeHonkProof } from "./utils.js";
 
-export class NativeUltraPlonkBackend {
+export class NativeUltraHonkBackend {
   constructor(
     readonly bbPath: string,
     readonly circuit: CompiledCircuit,
@@ -30,7 +32,7 @@ export class NativeUltraPlonkBackend {
     fs.writeFileSync(circuitJsonPath, JSON.stringify(this.circuit));
     fs.writeFileSync(witnessOutputPath, witness);
     const args = [
-      "prove", // ultraplonk
+      "prove_ultra_keccak_honk",
       "-b",
       circuitJsonPath,
       "-w",
@@ -48,15 +50,17 @@ export class NativeUltraPlonkBackend {
       console.error(`stderr: ${data}`);
     });
 
-    return await new Promise<{ proof: Uint8Array }>((resolve, reject) => {
+    return await new Promise<ProofData>((resolve, reject) => {
       bbProcess.on("close", (code: number) => {
         if (code !== 0) {
           reject(new Error(`Process exited with code ${code}`));
           return;
         }
 
-        const proof = fs.readFileSync(proofOutputPath);
-        resolve(splitUltraPlonkProof(proof));
+        const proofData = decodeNativeHonkProof(
+          fs.readFileSync(proofOutputPath),
+        );
+        resolve(proofData);
       });
 
       bbProcess.on("error", (err) => {
@@ -89,36 +93,3 @@ export class NativeUltraPlonkBackend {
     return targetDir;
   }
 }
-
-async function splitUltraPlonkProof(proofData: Uint8Array) {
-  const proof = proofData.slice(-2144);
-  const publicInputsFlat = proofData.slice(0, proofData.length - 2144);
-  const publicInputs = deflattenFields(publicInputsFlat);
-  return { proof, publicInputs };
-}
-
-export function deflattenFields(flattenedFields: Uint8Array): string[] {
-  const publicInputSize = 32;
-  const chunkedFlattenedPublicInputs: Uint8Array[] = [];
-
-  for (let i = 0; i < flattenedFields.length; i += publicInputSize) {
-    const publicInput = flattenedFields.slice(i, i + publicInputSize);
-    chunkedFlattenedPublicInputs.push(publicInput);
-  }
-
-  return chunkedFlattenedPublicInputs.map(uint8ArrayToHex);
-}
-
-function uint8ArrayToHex(buffer: Uint8Array): string {
-  const hex: string[] = [];
-
-  buffer.forEach(function (i) {
-    let h = i.toString(16);
-    if (h.length % 2) {
-      h = "0" + h;
-    }
-    hex.push(h);
-  });
-
-  return "0x" + hex.join("");
-}