Refactor backend by following internal audit comments #173
Conversation
sifnoc
requested review from
enricobottazzi and
alxkzmn
and removed request for
enricobottazzi
| # Build the verifier contracts | ||
| echo "1. Building verifier contracts" | ||
| cd ../zk_prover | ||
| cargo run --example gen_inclusion_verifier |
There was a problem hiding this comment.
Can you have it run on release mode?
backend/README.md
Outdated
| @@ -48,7 +48,27 @@ SIGNATURE_VERIFICATION_MESSAGE="Summa proof of solvency for CryptoExchange" carg | |||
|
|
|||
| ### Generating Verifiers for Backend | |||
There was a problem hiding this comment.
A few things here:
- Here the script is not only generating new Verifiers but the new Summa contract which takes also the new verifiers in the constructors
- The README should also explain that by default the backend is working with a Summa contract based on certain parameters. You might want to generate a new one if and only if you want to work with different parameters and a different ptau file!
There was a problem hiding this comment.
Good point! That's missing in here. I will update for that.
| utils::keccak256, | ||
| use std::{ | ||
| error::Error, | ||
| fs::{remove_file, File}, |
| @@ -97,12 +114,16 @@ If executed successfully, you'll see: | |||
|
|
|||
| ### 2. Submit Proof of Solvency | |||
|
|
|||
| This step is crucial for two primary reasons: first, to validate the root hash of the Merkle Sum Tree (`mst_root`); and second, to ensure that the assets held by the CEX exceed their liabilities, as confirmed through the proof verification on the Summa contract. | |||
| The CEX must submit this proof of solvency to the Summa contract. Currently, it's a mandatory requirement to provide this proof before generating the inclusion proof for each user in the current round. | |||
| This step is also crucial for two primary reasons: | |||
There was a problem hiding this comment.
Leaving the comment here because I can't do otherwise. For section "### 4. Verify Proof of Inclusion" can you please specify that in production this can be performed independently by a user using an interface such as Etherscan?
There was a problem hiding this comment.
I understand your point. Are you suggesting that we emphasize to the CEX that the user can independently verify their proof using a public interface like Etherscan?
sifnoc
force-pushed
the
audit-backend-updates
branch
from
7313ce3 to
fda1e0b
Compare
Well, I found that the method |
|
@alxkzmn Now the Signer accept |
|
Awesome! |
* chore: add audit comments (#168) * Refactor backend by following internal audit comments (#173) * feat: create bash script for updating verifier interface files in backend * fix: error propagation with try operator; remove unnecessaries * refactor: changed data type in 'MstInclusionProof' * fix: generate solvency verifier contract * chore: remove left over * chore: update README * fix: remove left over; assert term * fix: update README; small fixes * feat: Signer accepts address or file path for init * Refactor contract according to V1 consolidation spec (#169) * Refactor smart contract * Update smart contract module readme --------- Co-authored-by: JinHwan <[email protected]>
* chore: add audit comments (#168) * Refactor backend by following internal audit comments (#173) * feat: create bash script for updating verifier interface files in backend * fix: error propagation with try operator; remove unnecessaries * refactor: changed data type in 'MstInclusionProof' * fix: generate solvency verifier contract * chore: remove left over * chore: update README * fix: remove left over; assert term * fix: update README; small fixes * feat: Signer accepts address or file path for init * feat: added mutex lock to signer; used it as ref * fix: mutex deadlock in signer * chore: minor updates * feat: `Tree` trait * fix: move `verify_proof` logic to `Tree` trait * feat: added method implementation to `Tree` trait and moved outside of utils * refactor: signer spawn provider internally; updated comments * fix: round now use Tree trait * refactor: Round needs MST and Assets instead of csv files path * fix: rollback applying csv_parser for AddressOwnership and Assets in Snapshot * fix: Solvency::init fn accept type that has Tree trait * fix: updates for summa solvency contract v1.1 * chore: rename `compute_leaves` api * fix: Rounds accept 'Tree' trait object * chore: removed and updated comments * chore: removed env variables 'SIGNATURE_VERIFICATION_MESSAGE' --------- Co-authored-by: JinHwan <[email protected]> Co-authored-by: sifnoc <[email protected]>
Updates:
address_hashesMstInclusionProofstructget_deployment_addressptaufile.timestampasu64