mirror of https://github.com/tornadocash/tornado-core.git synced 2024-06-28 16:57:44 +02:00

Tornado cash. Non-custodial private transactions on Ethereum.

Go to file

Roman Storm 42c65b54d5 Merge pull request #5 from peppersec/add_pause add pauseDeposits		2019-08-01 10:00:07 -07:00
circuits	prevent nullifier griefing	2019-07-23 06:23:24 +03:00
contracts	add pause account setter	2019-08-01 09:58:34 -07:00
lib	fix a bug	2019-07-23 00:19:50 +03:00
migrations	add pauseDeposits	2019-08-01 01:41:22 -07:00
test	fix hardcoded fee in tests	2019-08-01 12:58:57 +03:00
.editorconfig	Move contracts to repository root	2019-07-12 12:53:44 +03:00
.env.example	remove PAUSEACCOUNT from .env	2019-08-01 11:55:18 +03:00
.eslintrc.json	styling final	2019-07-16 23:49:45 +03:00
.gitattributes	add dummy test	2019-07-10 19:58:21 +03:00
.gitignore	add pauseDeposits	2019-08-01 01:41:22 -07:00
.nvmrc	fix tests	2019-07-23 13:00:45 -07:00
.solhint.json	add pauseDeposits	2019-08-01 01:41:22 -07:00
.travis.yml	fix test, silence ganache in travis	2019-07-19 15:06:06 +03:00
cli.js	Merge branch 'master' of github.com:poma/mixer-huyixer	2019-08-01 16:46:46 +03:00
index.html	readme	2019-07-17 14:12:57 +03:00
LICENSE	Create LICENSE	2019-07-17 14:14:07 +03:00
mixer.png	readme	2019-07-17 14:12:57 +03:00
package-lock.json	update websnark	2019-08-01 12:35:44 +03:00
package.json	update websnark	2019-08-01 12:35:44 +03:00
README.md	Update README.md	2019-07-25 21:30:50 +03:00
truffle-config.js	add pauseDeposits	2019-08-01 01:41:22 -07:00

Tornado mixer

Specs

Cryptographic tools used by mixer (zkSNARKS, Pedersen commitment, MiMC hash) are not yet extensively audited by cryptographic experts and may be vulnerable
- Note: we use MiMC hash only for merkle tree, so even if a preimage attack on MiMC is discovered, it will not allow to deanonymize users. To drain funds attacker needs to be able to generate arbitrary hash collisions, which is a pretty strong assumption.
Relayer is frontrunnable. When relayer submits a transaction someone can see it in tx pool and frontrun it with higher gas price to get the fee and drain relayer funds.
- Workaround: we can set high gas price so that (almost) all fee is used on gas. The relayer will not receive profit this way, but this approach is acceptable until we develop more sophisticated system that prevents frontrunning
Bugs in contract. Even though we have an extensive experience in smart contract security audits, we can still make mistakes. An external audit is needed to reduce probablility of bugs
Nullifier griefing. when you submit a withdraw transaction you reveal the nullifier for your note. If someone manages to make a deposit with the same nullifier and withdraw it while your transaction is still in tx pool, your note will be considered spent since it has the same nullifier and it will prevent you from withdrawing your funds
- Fixed by sending nullifier hash instead of plain nullifier

npm i
cp .env.example .env
npm run build:circuit - may take 10 minutes or more
npm run build:contract
npm run browserify
npx ganache-cli
npm run test - optionally run tests. It may fail for the first time, just run one more time.
npm run migrate:dev
./cli.js deposit
./cli.js withdraw <note from previous step> <destination eth address>
./cli.js balance <destination eth address>
vi .env - add your Kovan private key to deploy contracts
npm run migrate
npx http-server - serve current dir, you can use any other http server
Open localhost:8080

Special thanks to @barryWhiteHat and @kobigurk for valuable input, and to @jbaylina for awesome Circom & Websnark framework