Commit Graph

292 Commits

Author SHA1 Message Date
r4bbit 2e3f775a0d chore: formally verify request state changes
This commit adds CVL rule that formally verifies the state changes of
any given request in relation to the functions of the contract that can
cause them.

Closes #128
2024-08-12 15:26:59 +02:00
Adam Uhlíř fe8da1013d
docs: proofs comments (#118)
Co-authored-by: Eric <5089238+emizzle@users.noreply.github.com>
Co-authored-by: markspanbroek <mark@spanbroek.net>
2024-08-08 09:35:35 +00:00
r4bbit e62ebf6b0e
fix: ensure requestStorage() reverts if maxSlotloss > slots (#140) 2024-08-05 10:58:51 +02:00
r4bbit 688a8ed929
Set up certora and implement first rules (#122)
Co-authored-by: 0xb337r007 <0xe4e5@proton.me>
Co-authored-by: Adam Uhlíř <adam@uhlir.dev>
2024-07-24 18:50:18 +02:00
Adam Uhlíř 57e8cd5013
feat: expiry specified as duration (#99) 2024-05-06 15:13:32 +02:00
Mark Spanbroek 53999c74d3 Provide all gas to precompiles
Rationale: subtracting 2000 from the provided gas seems
arbitrary, and doesn't provide any benefits. Whether
verify() fails with an out-of-gas error, or returns
'false', in both cases the proof is not verified.

Co-Authored-By: Balazs Komuves <bkomuves@gmail.com>
2024-03-13 15:25:59 +01:00
Mark Spanbroek 84eba26f76 Document that group elements are checked by precompiles
Co-Authored-By: Balazs Komuves <bkomuves@gmail.com>
2024-03-13 15:25:59 +01:00
Mark Spanbroek c55b34fc76 uint -> uint256
Co-Authored-By: Balazs Komuves <bkomuves@gmail.com>
2024-03-13 15:25:59 +01:00
Mark Spanbroek 3b6f7b8ec7 Rename _Q -> _R
Using 'r' for the size of the scalar field is
standard practice.

Co-Authored-By: Balazs Komuves <bkomuves@gmail.com>
2024-03-13 15:25:59 +01:00
Mark Spanbroek ab1b91fe49 Return false when incorrect amount of public inputs 2024-03-13 15:25:59 +01:00
Mark Spanbroek bd489c7f9a Groth16Verifier implements its interface 2024-03-13 15:25:59 +01:00
Mark Spanbroek f9637f192b Rename: vkX -> combination 2024-03-13 15:25:59 +01:00
Mark Spanbroek a4ce10f4de One less addition 2024-03-13 15:25:59 +01:00
Mark Spanbroek df58f2d3db Formatting 2024-03-13 15:25:59 +01:00
Mark Spanbroek 576254423e Return false when public inputs are invalid 2024-03-13 15:25:59 +01:00
Mark Spanbroek d38e0f5954 make functions private 2024-03-13 15:25:59 +01:00
Mark Spanbroek b676b245d6 Improve argument names 2024-03-13 15:25:59 +01:00
Mark Spanbroek 235f11a863 Primes are named as in EIP-197 2024-03-13 15:25:59 +01:00
Mark Spanbroek a4777bade5 Reordering, formatting 2024-03-13 15:25:59 +01:00
Mark Spanbroek c7687c5b83 Remove library 2024-03-13 15:25:59 +01:00
Mark Spanbroek 3840e2bf92 Remove unnecessary if-statement 2024-03-13 15:25:59 +01:00
Mark Spanbroek 949909fd98 Simpify pairing check 2024-03-13 15:25:59 +01:00
Mark Spanbroek 601ed18455 Verifier returns false when one of the operations fails 2024-03-13 15:25:59 +01:00
Mark Spanbroek c495770679 Pairing check returns boolean success and outcome 2024-03-13 15:25:59 +01:00
Mark Spanbroek a97a598b0e Add and multiply return bool success 2024-03-13 15:25:59 +01:00
Mark Spanbroek 111ed0826c Rename addition -> add, scalarMul -> multiply 2024-03-13 15:25:59 +01:00
Mark Spanbroek 91388096c1 Fix: size in bytes of input and output were too high 2024-03-13 15:25:59 +01:00
Mark Spanbroek 80dfa41e32 Remove calls to invalid()
Gas estimation seems to work just fine without them?
2024-03-13 15:25:59 +01:00
Mark Spanbroek f413f1ea64 Represent elements from field F_{p^2} as `real + i * imag`
Reason: Circom and Ethereum EIP-197 both represent these
elements as arrays of two elements, but they do it in
reverse order of each other. This change makes it explicit
which number is the real part, and which number is the
imaginary part.
2024-02-21 10:42:41 +01:00
Mark Spanbroek 6c9f797f40 Explicit getters for token and config
Implicit getters have slightly different semantics when
it comes to ABI encoding their results.
2024-02-06 12:27:40 +01:00
Mark Spanbroek ec803adb3d Test verifier accepts any proof, except all 0 values 2024-01-31 15:45:01 +01:00
Adam Uhlíř 331bc56e8f
feat: zkey hash in marketplace config (#81) 2024-01-30 06:36:27 +01:00
Mark Spanbroek 903cdf3541 Refactor verifier contract: formatting 2024-01-25 13:08:10 +01:00
Mark Spanbroek 70b22b241f Refactor verifier contract: remove unnecessary conversions 2024-01-25 13:08:10 +01:00
Mark Spanbroek 65655e3646 Refactor verifier contract: Formatting 2024-01-25 13:08:10 +01:00
Mark Spanbroek 676f4fc85e Refactor verifier contract: use structs from Groth16.sol 2024-01-25 13:08:10 +01:00
Mark Spanbroek dc0c2b7956 Refactor verifier contract: remove dead code 2024-01-25 13:08:10 +01:00
Mark Spanbroek 90c821fb61 Refactor verifier contract: remove unnecessary conversions 2024-01-25 13:08:10 +01:00
Mark Spanbroek a066b6a007 Refactor verifier contract: fix linter warnings 2024-01-25 13:08:10 +01:00
Mark Spanbroek 6baf80d6f4 Refactor verifier contract: remove preprocessing 2024-01-25 13:08:10 +01:00
Mark Spanbroek c0ca508a6b Refactor verifier contract: public input as dynamic array 2024-01-25 13:08:10 +01:00
Mark Spanbroek 39a2d56a63 Refactor verifier contract: verification key as parameter 2024-01-25 13:08:10 +01:00
Mark Spanbroek f2869ff94f Refactor verifier contract: X -> x, Y -> y 2024-01-25 13:08:10 +01:00
Mark Spanbroek d30dff1781 Refactor verifier contract: set verifying key in constructor 2024-01-25 13:08:10 +01:00
Mark Spanbroek ef32ad9c1b Refactor verifier contract: fix typo 2024-01-25 13:08:10 +01:00
Mark Spanbroek 296447724a Refactor verifier contract: extract constants 2024-01-25 13:08:10 +01:00
Mark Spanbroek b2509e4257 Refactor verifier contract: formatting 2024-01-25 13:08:10 +01:00
Mark Spanbroek f3e2186ec2 Update solidity to 0.8.23 2024-01-25 13:08:10 +01:00
Mark Spanbroek 33614ee218 Calculate public inputs for ZK proof verificition 2024-01-25 13:08:10 +01:00
Mark Spanbroek 1b3b258ccc Conversion between little and big endian 2024-01-25 13:08:10 +01:00