diff --git a/contracts/ETHMixer.sol b/contracts/ETHMixer.sol index 5707f9c..44ebc60 100644 --- a/contracts/ETHMixer.sol +++ b/contracts/ETHMixer.sol @@ -24,8 +24,9 @@ contract ETHMixer is Mixer { } function _processWithdraw(address payable _receiver, address payable _relayer, uint256 _fee, uint256 _refund) internal { + // sanity checks require(msg.value == 0, "Message value is supposed to be zero for ETH mixer"); - require(_refund == 0, "Message value is supposed to be zero for ETH mixer"); + require(_refund == 0, "Refund value is supposed to be zero for ETH mixer"); _receiver.transfer(denomination - _fee); if (_fee > 0) { diff --git a/test/ETHMixer.test.js b/test/ETHMixer.test.js index ef4ff66..2462b23 100644 --- a/test/ETHMixer.test.js +++ b/test/ETHMixer.test.js @@ -404,6 +404,33 @@ contract('ETHMixer', accounts => { // should work with original values await mixer.withdraw(originalProof, originalPublicSignals, { from: relayer }).should.be.fulfilled }) + + it('should reject with non zero refund', async () => { + const deposit = generateDeposit() + await tree.insert(deposit.commitment) + await mixer.deposit(toBN(deposit.commitment.toString()), { value, from: sender }) + + const { root, path_elements, path_index } = await tree.path(0) + + const input = stringifyBigInts({ + nullifierHash: pedersenHash(deposit.nullifier.leInt2Buff(31)), + root, + nullifier: deposit.nullifier, + relayer: operator, + receiver, + fee, + refund: bigInt(1), + secret: deposit.secret, + pathElements: path_elements, + pathIndex: path_index, + }) + + const proofData = await websnarkUtils.genWitnessAndProve(groth16, input, circuit, proving_key) + const { proof, publicSignals } = websnarkUtils.toSolidityInput(proofData) + + const error = await mixer.withdraw(proof, publicSignals, { from: relayer }).should.be.rejected + error.reason.should.be.equal('Refund value is supposed to be zero for ETH mixer') + }) }) describe('#changeOperator', () => {