r4bbit
2e3f775a0d
chore: formally verify request state changes
...
This commit adds CVL rule that formally verifies the state changes of
any given request in relation to the functions of the contract that can
cause them.
Closes #128
2024-08-12 15:26:59 +02:00
Adam Uhlíř
fe8da1013d
docs: proofs comments ( #118 )
...
Co-authored-by: Eric <5089238+emizzle@users.noreply.github.com>
Co-authored-by: markspanbroek <mark@spanbroek.net>
2024-08-08 09:35:35 +00:00
r4bbit
e62ebf6b0e
fix: ensure requestStorage() reverts if maxSlotloss > slots ( #140 )
2024-08-05 10:58:51 +02:00
r4bbit
688a8ed929
Set up certora and implement first rules ( #122 )
...
Co-authored-by: 0xb337r007 <0xe4e5@proton.me>
Co-authored-by: Adam Uhlíř <adam@uhlir.dev>
2024-07-24 18:50:18 +02:00
Adam Uhlíř
57e8cd5013
feat: expiry specified as duration ( #99 )
2024-05-06 15:13:32 +02:00
Mark Spanbroek
53999c74d3
Provide all gas to precompiles
...
Rationale: subtracting 2000 from the provided gas seems
arbitrary, and doesn't provide any benefits. Whether
verify() fails with an out-of-gas error, or returns
'false', in both cases the proof is not verified.
Co-Authored-By: Balazs Komuves <bkomuves@gmail.com>
2024-03-13 15:25:59 +01:00
Mark Spanbroek
84eba26f76
Document that group elements are checked by precompiles
...
Co-Authored-By: Balazs Komuves <bkomuves@gmail.com>
2024-03-13 15:25:59 +01:00
Mark Spanbroek
c55b34fc76
uint -> uint256
...
Co-Authored-By: Balazs Komuves <bkomuves@gmail.com>
2024-03-13 15:25:59 +01:00
Mark Spanbroek
3b6f7b8ec7
Rename _Q -> _R
...
Using 'r' for the size of the scalar field is
standard practice.
Co-Authored-By: Balazs Komuves <bkomuves@gmail.com>
2024-03-13 15:25:59 +01:00
Mark Spanbroek
ab1b91fe49
Return false when incorrect amount of public inputs
2024-03-13 15:25:59 +01:00
Mark Spanbroek
bd489c7f9a
Groth16Verifier implements its interface
2024-03-13 15:25:59 +01:00
Mark Spanbroek
f9637f192b
Rename: vkX -> combination
2024-03-13 15:25:59 +01:00
Mark Spanbroek
a4ce10f4de
One less addition
2024-03-13 15:25:59 +01:00
Mark Spanbroek
df58f2d3db
Formatting
2024-03-13 15:25:59 +01:00
Mark Spanbroek
576254423e
Return false when public inputs are invalid
2024-03-13 15:25:59 +01:00
Mark Spanbroek
d38e0f5954
make functions private
2024-03-13 15:25:59 +01:00
Mark Spanbroek
b676b245d6
Improve argument names
2024-03-13 15:25:59 +01:00
Mark Spanbroek
235f11a863
Primes are named as in EIP-197
2024-03-13 15:25:59 +01:00
Mark Spanbroek
a4777bade5
Reordering, formatting
2024-03-13 15:25:59 +01:00
Mark Spanbroek
c7687c5b83
Remove library
2024-03-13 15:25:59 +01:00
Mark Spanbroek
3840e2bf92
Remove unnecessary if-statement
2024-03-13 15:25:59 +01:00
Mark Spanbroek
949909fd98
Simpify pairing check
2024-03-13 15:25:59 +01:00
Mark Spanbroek
601ed18455
Verifier returns false when one of the operations fails
2024-03-13 15:25:59 +01:00
Mark Spanbroek
c495770679
Pairing check returns boolean success and outcome
2024-03-13 15:25:59 +01:00
Mark Spanbroek
a97a598b0e
Add and multiply return bool success
2024-03-13 15:25:59 +01:00
Mark Spanbroek
111ed0826c
Rename addition -> add, scalarMul -> multiply
2024-03-13 15:25:59 +01:00
Mark Spanbroek
91388096c1
Fix: size in bytes of input and output were too high
2024-03-13 15:25:59 +01:00
Mark Spanbroek
80dfa41e32
Remove calls to invalid()
...
Gas estimation seems to work just fine without them?
2024-03-13 15:25:59 +01:00
Mark Spanbroek
f413f1ea64
Represent elements from field F_{p^2} as `real + i * imag`
...
Reason: Circom and Ethereum EIP-197 both represent these
elements as arrays of two elements, but they do it in
reverse order of each other. This change makes it explicit
which number is the real part, and which number is the
imaginary part.
2024-02-21 10:42:41 +01:00
Mark Spanbroek
6c9f797f40
Explicit getters for token and config
...
Implicit getters have slightly different semantics when
it comes to ABI encoding their results.
2024-02-06 12:27:40 +01:00
Mark Spanbroek
ec803adb3d
Test verifier accepts any proof, except all 0 values
2024-01-31 15:45:01 +01:00
Adam Uhlíř
331bc56e8f
feat: zkey hash in marketplace config ( #81 )
2024-01-30 06:36:27 +01:00
Mark Spanbroek
903cdf3541
Refactor verifier contract: formatting
2024-01-25 13:08:10 +01:00
Mark Spanbroek
70b22b241f
Refactor verifier contract: remove unnecessary conversions
2024-01-25 13:08:10 +01:00
Mark Spanbroek
65655e3646
Refactor verifier contract: Formatting
2024-01-25 13:08:10 +01:00
Mark Spanbroek
676f4fc85e
Refactor verifier contract: use structs from Groth16.sol
2024-01-25 13:08:10 +01:00
Mark Spanbroek
dc0c2b7956
Refactor verifier contract: remove dead code
2024-01-25 13:08:10 +01:00
Mark Spanbroek
90c821fb61
Refactor verifier contract: remove unnecessary conversions
2024-01-25 13:08:10 +01:00
Mark Spanbroek
a066b6a007
Refactor verifier contract: fix linter warnings
2024-01-25 13:08:10 +01:00
Mark Spanbroek
6baf80d6f4
Refactor verifier contract: remove preprocessing
2024-01-25 13:08:10 +01:00
Mark Spanbroek
c0ca508a6b
Refactor verifier contract: public input as dynamic array
2024-01-25 13:08:10 +01:00
Mark Spanbroek
39a2d56a63
Refactor verifier contract: verification key as parameter
2024-01-25 13:08:10 +01:00
Mark Spanbroek
f2869ff94f
Refactor verifier contract: X -> x, Y -> y
2024-01-25 13:08:10 +01:00
Mark Spanbroek
d30dff1781
Refactor verifier contract: set verifying key in constructor
2024-01-25 13:08:10 +01:00
Mark Spanbroek
ef32ad9c1b
Refactor verifier contract: fix typo
2024-01-25 13:08:10 +01:00
Mark Spanbroek
296447724a
Refactor verifier contract: extract constants
2024-01-25 13:08:10 +01:00
Mark Spanbroek
b2509e4257
Refactor verifier contract: formatting
2024-01-25 13:08:10 +01:00
Mark Spanbroek
f3e2186ec2
Update solidity to 0.8.23
2024-01-25 13:08:10 +01:00
Mark Spanbroek
33614ee218
Calculate public inputs for ZK proof verificition
2024-01-25 13:08:10 +01:00
Mark Spanbroek
1b3b258ccc
Conversion between little and big endian
2024-01-25 13:08:10 +01:00