diff --git a/contracts/Rln.sol b/contracts/Rln.sol index 3069914..7683b93 100644 --- a/contracts/Rln.sol +++ b/contracts/Rln.sol @@ -5,9 +5,6 @@ pragma solidity 0.8.15; import {IPoseidonHasher} from "./PoseidonHasher.sol"; import {IVerifier} from "./IVerifier.sol"; -import "forge-std/console.sol"; - - /// The tree is full error FullTree(); @@ -77,12 +74,7 @@ contract RLN { /// @param index The index of the member in the set event MemberWithdrawn(uint256 idCommitment, uint256 index); - constructor( - uint256 membershipDeposit, - uint256 depth, - address _poseidonHasher, - address _verifier - ) { + constructor(uint256 membershipDeposit, uint256 depth, address _poseidonHasher, address _verifier) { MEMBERSHIP_DEPOSIT = membershipDeposit; DEPTH = depth; SET_SIZE = 1 << depth; @@ -93,8 +85,9 @@ contract RLN { /// Allows a user to register as a member /// @param idCommitment The idCommitment of the member function register(uint256 idCommitment) external payable { - if (msg.value != MEMBERSHIP_DEPOSIT) + if (msg.value != MEMBERSHIP_DEPOSIT) { revert InsufficientDeposit(MEMBERSHIP_DEPOSIT, msg.value); + } _register(idCommitment, msg.value); } @@ -123,16 +116,19 @@ contract RLN { /// @param idCommitment The idCommitment of the member /// @param receiver The address to receive the funds function _slash(uint256 idCommitment, address payable receiver, uint256[8] calldata proof) internal { - if (receiver == address(this) || receiver == address(0)) + if (receiver == address(this) || receiver == address(0)) { revert InvalidReceiverAddress(receiver); + } if (members[idCommitment] == 0) revert MemberNotRegistered(idCommitment); // check if member is registered - if (stakedAmounts[idCommitment] == 0) + if (stakedAmounts[idCommitment] == 0) { revert MemberHasNoStake(idCommitment); + } - if(!_verifyProof(idCommitment, receiver, proof)) + if (!_verifyProof(idCommitment, receiver, proof)) { revert InvalidProof(); + } uint256 amountToTransfer = stakedAmounts[idCommitment]; @@ -152,8 +148,9 @@ contract RLN { uint256 amount = withdrawalBalance[msg.sender]; if (amount == 0) revert InsufficientWithdrawalBalance(); - if (amount > address(this).balance) + if (amount > address(this).balance) { revert InsufficientContractBalance(); + } withdrawalBalance[msg.sender] = 0; diff --git a/docs/index.md b/docs/index.md index f00e70e..6767c96 100644 --- a/docs/index.md +++ b/docs/index.md @@ -1,169 +1,5 @@ # Solidity API -## Pairing - -### G1Point - -```solidity -struct G1Point { - uint256 X; - uint256 Y; -} -``` - -### G2Point - -```solidity -struct G2Point { - uint256[2] X; - uint256[2] Y; -} -``` - -### P1 - -```solidity -function P1() internal pure returns (struct Pairing.G1Point) -``` - -#### Return Values - -| Name | Type | Description | -| ---- | ---------------------- | ------------------- | -| [0] | struct Pairing.G1Point | the generator of G1 | - -### P2 - -```solidity -function P2() internal pure returns (struct Pairing.G2Point) -``` - -#### Return Values - -| Name | Type | Description | -| ---- | ---------------------- | ------------------- | -| [0] | struct Pairing.G2Point | the generator of G2 | - -### negate - -```solidity -function negate(struct Pairing.G1Point p) internal pure returns (struct Pairing.G1Point r) -``` - -#### Return Values - -| Name | Type | Description | -| ---- | ---------------------- | -------------------------------------------------------------- | -| r | struct Pairing.G1Point | the negation of p, i.e. p.addition(p.negate()) should be zero. | - -### addition - -```solidity -function addition(struct Pairing.G1Point p1, struct Pairing.G1Point p2) internal view returns (struct Pairing.G1Point r) -``` - -#### Return Values - -| Name | Type | Description | -| ---- | ---------------------- | --------------------------- | -| r | struct Pairing.G1Point | the sum of two points of G1 | - -### scalar_mul - -```solidity -function scalar_mul(struct Pairing.G1Point p, uint256 s) internal view returns (struct Pairing.G1Point r) -``` - -#### Return Values - -| Name | Type | Description | -| ---- | ---------------------- | --------------------------------------------------------------------------------------------------------------------------- | -| r | struct Pairing.G1Point | the product of a point on G1 and a scalar, i.e. p == p.scalar_mul(1) and p.addition(p) == p.scalar_mul(2) for all points p. | - -### pairing - -```solidity -function pairing(struct Pairing.G1Point[] p1, struct Pairing.G2Point[] p2) internal view returns (bool) -``` - -#### Return Values - -| Name | Type | Description | -| ---- | ---- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| [0] | bool | the result of computing the pairing check e(p1[0], p2[0]) _ .... _ e(p1[n], p2[n]) == 1 For example pairing([P1(), P1().negate()], [P2(), P2()]) should return true. | - -### pairingProd2 - -```solidity -function pairingProd2(struct Pairing.G1Point a1, struct Pairing.G2Point a2, struct Pairing.G1Point b1, struct Pairing.G2Point b2) internal view returns (bool) -``` - -Convenience method for a pairing check for two pairs. - -### pairingProd3 - -```solidity -function pairingProd3(struct Pairing.G1Point a1, struct Pairing.G2Point a2, struct Pairing.G1Point b1, struct Pairing.G2Point b2, struct Pairing.G1Point c1, struct Pairing.G2Point c2) internal view returns (bool) -``` - -Convenience method for a pairing check for three pairs. - -### pairingProd4 - -```solidity -function pairingProd4(struct Pairing.G1Point a1, struct Pairing.G2Point a2, struct Pairing.G1Point b1, struct Pairing.G2Point b2, struct Pairing.G1Point c1, struct Pairing.G2Point c2, struct Pairing.G1Point d1, struct Pairing.G2Point d2) internal view returns (bool) -``` - -Convenience method for a pairing check for four pairs. - -## Verifier - -### VerifyingKey - -```solidity -struct VerifyingKey { - struct Pairing.G1Point alfa1; - struct Pairing.G2Point beta2; - struct Pairing.G2Point gamma2; - struct Pairing.G2Point delta2; - struct Pairing.G1Point[] IC; -} -``` - -### Proof - -```solidity -struct Proof { - struct Pairing.G1Point A; - struct Pairing.G2Point B; - struct Pairing.G1Point C; -} -``` - -### verifyingKey - -```solidity -function verifyingKey() internal pure returns (struct Verifier.VerifyingKey vk) -``` - -### verify - -```solidity -function verify(uint256[] input, struct Verifier.Proof proof) internal view returns (uint256) -``` - -### verifyProof - -```solidity -function verifyProof(uint256[2] a, uint256[2][2] b, uint256[2] c, uint256[2] input) public view returns (bool r) -``` - -#### Return Values - -| Name | Type | Description | -| ---- | ---- | --------------------------- | -| r | bool | bool true if proof is valid | - ## IVerifier ### verifyProof @@ -1291,3 +1127,167 @@ function _verifyProof(uint256 idCommitment, address receiver, uint256[8] proof) ``` _Groth16 proof verification_ + +## Pairing + +### G1Point + +```solidity +struct G1Point { + uint256 X; + uint256 Y; +} +``` + +### G2Point + +```solidity +struct G2Point { + uint256[2] X; + uint256[2] Y; +} +``` + +### P1 + +```solidity +function P1() internal pure returns (struct Pairing.G1Point) +``` + +#### Return Values + +| Name | Type | Description | +| ---- | ---------------------- | ------------------- | +| [0] | struct Pairing.G1Point | the generator of G1 | + +### P2 + +```solidity +function P2() internal pure returns (struct Pairing.G2Point) +``` + +#### Return Values + +| Name | Type | Description | +| ---- | ---------------------- | ------------------- | +| [0] | struct Pairing.G2Point | the generator of G2 | + +### negate + +```solidity +function negate(struct Pairing.G1Point p) internal pure returns (struct Pairing.G1Point r) +``` + +#### Return Values + +| Name | Type | Description | +| ---- | ---------------------- | -------------------------------------------------------------- | +| r | struct Pairing.G1Point | the negation of p, i.e. p.addition(p.negate()) should be zero. | + +### addition + +```solidity +function addition(struct Pairing.G1Point p1, struct Pairing.G1Point p2) internal view returns (struct Pairing.G1Point r) +``` + +#### Return Values + +| Name | Type | Description | +| ---- | ---------------------- | --------------------------- | +| r | struct Pairing.G1Point | the sum of two points of G1 | + +### scalar_mul + +```solidity +function scalar_mul(struct Pairing.G1Point p, uint256 s) internal view returns (struct Pairing.G1Point r) +``` + +#### Return Values + +| Name | Type | Description | +| ---- | ---------------------- | --------------------------------------------------------------------------------------------------------------------------- | +| r | struct Pairing.G1Point | the product of a point on G1 and a scalar, i.e. p == p.scalar_mul(1) and p.addition(p) == p.scalar_mul(2) for all points p. | + +### pairing + +```solidity +function pairing(struct Pairing.G1Point[] p1, struct Pairing.G2Point[] p2) internal view returns (bool) +``` + +#### Return Values + +| Name | Type | Description | +| ---- | ---- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [0] | bool | the result of computing the pairing check e(p1[0], p2[0]) _ .... _ e(p1[n], p2[n]) == 1 For example pairing([P1(), P1().negate()], [P2(), P2()]) should return true. | + +### pairingProd2 + +```solidity +function pairingProd2(struct Pairing.G1Point a1, struct Pairing.G2Point a2, struct Pairing.G1Point b1, struct Pairing.G2Point b2) internal view returns (bool) +``` + +Convenience method for a pairing check for two pairs. + +### pairingProd3 + +```solidity +function pairingProd3(struct Pairing.G1Point a1, struct Pairing.G2Point a2, struct Pairing.G1Point b1, struct Pairing.G2Point b2, struct Pairing.G1Point c1, struct Pairing.G2Point c2) internal view returns (bool) +``` + +Convenience method for a pairing check for three pairs. + +### pairingProd4 + +```solidity +function pairingProd4(struct Pairing.G1Point a1, struct Pairing.G2Point a2, struct Pairing.G1Point b1, struct Pairing.G2Point b2, struct Pairing.G1Point c1, struct Pairing.G2Point c2, struct Pairing.G1Point d1, struct Pairing.G2Point d2) internal view returns (bool) +``` + +Convenience method for a pairing check for four pairs. + +## Verifier + +### VerifyingKey + +```solidity +struct VerifyingKey { + struct Pairing.G1Point alfa1; + struct Pairing.G2Point beta2; + struct Pairing.G2Point gamma2; + struct Pairing.G2Point delta2; + struct Pairing.G1Point[] IC; +} +``` + +### Proof + +```solidity +struct Proof { + struct Pairing.G1Point A; + struct Pairing.G2Point B; + struct Pairing.G1Point C; +} +``` + +### verifyingKey + +```solidity +function verifyingKey() internal pure returns (struct Verifier.VerifyingKey vk) +``` + +### verify + +```solidity +function verify(uint256[] input, struct Verifier.Proof proof) internal view returns (uint256) +``` + +### verifyProof + +```solidity +function verifyProof(uint256[2] a, uint256[2][2] b, uint256[2] c, uint256[2] input) public view returns (bool r) +``` + +#### Return Values + +| Name | Type | Description | +| ---- | ---- | --------------------------- | +| r | bool | bool true if proof is valid |