tornado-core/README.md

## Testing truffle
1. `npm i`
2. `npm run build:circuit`
2. `npx truffle compile`
3. `npx truffle test` - it may fail for the first time, just run one more time.

## Testing js
1. `npm i`
2. `npm run build:circuit`
3. `cd scripts`
4. `node test_snark.js`

## Deploy
1. `npx truffle migrate --network kovan --reset`

## Requirements
1. `node v11.15.0`
2. `npm install -g npx`

# Specs:
- Deposit gas cost: deposit 903472
- Withdraw gas cost: 727821
- Circuit constraints: 22617
- Circuit proving time: 8965ms
- Serverless, executed entirely in the browser

# Security risks:
* Cryptographic tools used by mixer (zkSNARKS, Pedersen commitment, MiMC hash) are not yet extensively audited by cryptographic experts and may be vulnerable
	* Note: we use MiMC hash only for merkle tree, so even if a preimage attack on MiMC is discovered, it will not allow to deanonymize users or drain mixer funds
* Relayer is frontrunnable. When relayer submits a transaction someone can see it in tx pool and frontrun it with higher gas price to get the fee and drain relayer funds.
	* Workaround: we can set high gas price so that (almost) all fee is used on gas. The relayer will not receive profit this way, but this approach is acceptable until we develop more sophisticated system that prevents frontrunning
* Bugs in contract. Even though we have an extensive experience in smart contract security audits, we can still make mistakes. An external audit is needed to reduce probablility of bugs
* Nullifier griefing - ...TODO...
update readme 2019-07-12 23:56:17 +02:00			`## Testing truffle`
Move contracts to repository root 2019-07-12 11:53:44 +02:00			1. `npm i`
update readme 2019-07-12 23:56:17 +02:00			2. `npm run build:circuit`
Move contracts to repository root 2019-07-12 11:53:44 +02:00			2. `npx truffle compile`
			3. `npx truffle test` - it may fail for the first time, just run one more time.

update readme 2019-07-12 23:56:17 +02:00			`## Testing js`
			1. `npm i`
			2. `npm run build:circuit`
			3. `cd scripts`
			4. `node test_snark.js`

mixer deploy WIP 2019-07-12 17:04:45 +02:00			`## Deploy`
			1. `npx truffle migrate --network kovan --reset`
Move contracts to repository root 2019-07-12 11:53:44 +02:00
tests 2019-07-12 21:11:37 +02:00			`## Requirements`
			1. `node v11.15.0`
update readme 2019-07-12 23:56:17 +02:00			2. `npm install -g npx`
tests 2019-07-12 21:11:37 +02:00
readme 2019-07-13 00:38:25 +02:00			`# Specs:`
			`- Deposit gas cost: deposit 903472`
			`- Withdraw gas cost: 727821`
			`- Circuit constraints: 22617`
			`- Circuit proving time: 8965ms`
			`- Serverless, executed entirely in the browser`

			`# Security risks:`
			`* Cryptographic tools used by mixer (zkSNARKS, Pedersen commitment, MiMC hash) are not yet extensively audited by cryptographic experts and may be vulnerable`
			`* Note: we use MiMC hash only for merkle tree, so even if a preimage attack on MiMC is discovered, it will not allow to deanonymize users or drain mixer funds`
			`* Relayer is frontrunnable. When relayer submits a transaction someone can see it in tx pool and frontrun it with higher gas price to get the fee and drain relayer funds.`
			`* Workaround: we can set high gas price so that (almost) all fee is used on gas. The relayer will not receive profit this way, but this approach is acceptable until we develop more sophisticated system that prevents frontrunning`
			`* Bugs in contract. Even though we have an extensive experience in smart contract security audits, we can still make mistakes. An external audit is needed to reduce probablility of bugs`
readme 2019-07-13 00:40:08 +02:00			`* Nullifier griefing - ...TODO...`
Move contracts to repository root 2019-07-12 11:53:44 +02:00