fix overflow

2019-08-01 00:33:12 -07:00 · 2019-08-01 00:33:12 -07:00 · 791875ddc5
parent 787d1cc5d0
commit 791875ddc5
3 changed files with 41 additions and 6 deletions
--- a/package-lock.json
+++ b/package-lock.json
@ -6403,8 +6403,8 @@
      }
    },
    "snarkjs": {
-      "version": "git+https://github.com/iden3/snarkjs.git#5fe2bd4642ec567c75ad5ac3f73687999c412e73",
-      "from": "git+https://github.com/iden3/snarkjs.git#5fe2bd4642ec567c75ad5ac3f73687999c412e73",
+      "version": "git+https://github.com/iden3/snarkjs.git#c428706ef69930e378c31199ff8d66ee13fada85",
+      "from": "git+https://github.com/iden3/snarkjs.git#c428706ef69930e378c31199ff8d66ee13fada85",
      "requires": {
        "big-integer": "^1.6.43",
        "chai": "^4.2.0",
--- a/package.json
+++ b/package.json
@ -27,10 +27,10 @@
    "circom": "0.0.30",
    "circomlib": "^0.0.10",
    "dotenv": "^8.0.0",
-    "express": "^4.17.1",
    "eslint": "^6.0.1",
+    "express": "^4.17.1",
    "ganache-cli": "^6.4.5",
-    "snarkjs": "git+https://github.com/iden3/snarkjs.git#5fe2bd4642ec567c75ad5ac3f73687999c412e73",
+    "snarkjs": "git+https://github.com/iden3/snarkjs.git#c428706ef69930e378c31199ff8d66ee13fada85",
    "truffle": "^5.0.27",
    "truffle-artifactor": "^4.0.23",
    "truffle-contract": "^4.0.24",
--- a/test/Mixer.test.js
+++ b/test/Mixer.test.js
@ -220,10 +220,16 @@ contract('Mixer', accounts => {
    })

    it('should prevent double spend', async () => {
+
      const deposit = generateDeposit()
      await tree.insert(deposit.commitment)
      await mixer.deposit(toBN(deposit.commitment.toString()), { value, from: sender })

+      const deposit2 = generateDeposit()
+      await tree.insert(deposit2.commitment)
+      await mixer.deposit(toBN(deposit2.commitment.toString()), { value, from: sender })
+
+
      const { root, path_elements, path_index } = await tree.path(0)

      const input = stringifyBigInts({
@ -236,14 +242,44 @@ contract('Mixer', accounts => {
        pathElements: path_elements,
        pathIndex: path_index,
      })
-
      const proof = await websnarkUtils.genWitnessAndProve(groth16, input, circuit, proving_key)
      const { pi_a, pi_b, pi_c, publicSignals } = websnarkUtils.toSolidityInput(proof)
+      // publicSignals[1] ='0x' + toBN(publicSignals[1]).add(toBN('21888242871839275222246405745257275088548364400416034343698204186575808495617')).toString('hex')
      await mixer.withdraw(pi_a, pi_b, pi_c, publicSignals, { from: relayer }).should.be.fulfilled
      const error = await mixer.withdraw(pi_a, pi_b, pi_c, publicSignals, { from: relayer }).should.be.rejected
      error.reason.should.be.equal('The note has been already spent')
    })

+    it('should prevent double spend with overflow', async () => {
+
+      const deposit = generateDeposit()
+      await tree.insert(deposit.commitment)
+      await mixer.deposit(toBN(deposit.commitment.toString()), { value, from: sender })
+
+      const deposit2 = generateDeposit()
+      await tree.insert(deposit2.commitment)
+      await mixer.deposit(toBN(deposit2.commitment.toString()), { value, from: sender })
+
+
+      const { root, path_elements, path_index } = await tree.path(0)
+
+      const input = stringifyBigInts({
+        root,
+        nullifierHash: pedersenHash(deposit.nullifier.leInt2Buff(32)),
+        nullifier: deposit.nullifier,
+        receiver,
+        fee,
+        secret: deposit.secret,
+        pathElements: path_elements,
+        pathIndex: path_index,
+      })
+      const proof = await websnarkUtils.genWitnessAndProve(groth16, input, circuit, proving_key)
+      const { pi_a, pi_b, pi_c, publicSignals } = websnarkUtils.toSolidityInput(proof)
+      publicSignals[1] ='0x' + toBN(publicSignals[1]).add(toBN('21888242871839275222246405745257275088548364400416034343698204186575808495617')).toString('hex')
+      const error = await mixer.withdraw(pi_a, pi_b, pi_c, publicSignals, { from: relayer }).should.be.rejected
+      error.reason.should.be.equal('verifier-gte-snark-scalar-field')
+    })
+
    it('fee should be less or equal transfer value', async () => {
      const deposit = generateDeposit()
      await tree.insert(deposit.commitment)
@ -312,7 +348,6 @@ contract('Mixer', accounts => {
        pathElements: path_elements,
        pathIndex: path_index,
      })
-
      const proof = await websnarkUtils.genWitnessAndProve(groth16, input, circuit, proving_key)
      let { pi_a, pi_b, pi_c, publicSignals } = websnarkUtils.toSolidityInput(proof)
      const originalPublicSignals = publicSignals.slice()