shuffle utxos and remove reentrancy guard

contracts/TornadoPool.sol

@@ -13,15 +13,13 @@
 pragma solidity ^0.6.0;
 pragma experimental ABIEncoderV2;
 
-import "@openzeppelin/contracts/utils/ReentrancyGuard.sol"; // todo: maybe remove?
-
 interface IVerifier {
   function verifyProof(bytes memory _proof, uint256[10] memory _input) external view returns (bool);
 
   function verifyProof(bytes memory _proof, uint256[24] memory _input) external view returns (bool);
 }
 
-contract TornadoPool is ReentrancyGuard {
+contract TornadoPool {
   uint256 public constant FIELD_SIZE = 21888242871839275222246405745257275088548364400416034343698204186575808495617;
   uint256 public constant MAX_EXT_AMOUNT = 2**248 - 1;
 
@@ -67,7 +65,7 @@ contract TornadoPool is ReentrancyGuard {
     uint256 _fee,
     ExtData calldata _extData,
     bytes32 _extDataHash
-  ) external payable nonReentrant {
+  ) external payable {
     require(currentRoot == _root, "Invalid merkle root");
     for (uint256 i = 0; i < _inputNullifiers.length; i++) {
       require(!isSpent(_inputNullifiers[i]), "Input is already spent");

src/index.js

@@ -2,7 +2,7 @@
 const MerkleTree = require('fixed-merkle-tree')
 const { ethers } = require('hardhat')
 const { BigNumber } = ethers
-const { toFixedHex, poseidonHash2, getExtDataHash, FIELD_SIZE } = require('./utils')
+const { toFixedHex, poseidonHash2, getExtDataHash, FIELD_SIZE, shuffle } = require('./utils')
 const Utxo = require('./utxo')
 
 const { prove } = require('./prover')
@@ -12,15 +12,13 @@ async function buildMerkleTree({ tornadoPool }) {
   const filter = tornadoPool.filters.NewCommitment()
   const events = await tornadoPool.queryFilter(filter, 0)
 
-  const leaves = events
+  const leaves = events.sort((a, b) => a.args.index - b.args.index).map((e) => toFixedHex(e.args.commitment))
-    .sort((a, b) => a.args.index - b.args.index) // todo sort by event date
-    .map((e) => toFixedHex(e.args.commitment))
-  // console.log('leaves', leaves)
   return new MerkleTree(MERKLE_TREE_HEIGHT, leaves, { hashFunction: poseidonHash2 })
 }
 
 async function getProof({ inputs, outputs, tree, extAmount, fee, recipient, relayer }) {
-  // todo shuffle inputs and outputs
+  inputs = shuffle(inputs)
+  outputs = shuffle(outputs)
 
   let inputMerklePathIndices = []
   let inputMerklePathElements = []

src/utils.js

@@ -49,6 +49,22 @@ const toBuffer = (value, length) =>
     'hex',
   )
 
+function shuffle(array) {
+  let currentIndex = array.length
+  let randomIndex
+
+  // While there remain elements to shuffle...
+  while (0 !== currentIndex) {
+    // Pick a remaining element...
+    randomIndex = Math.floor(Math.random() * currentIndex)
+    currentIndex--
+
+    // And swap it with the current element.
+    ;[array[currentIndex], array[randomIndex]] = [array[randomIndex], array[currentIndex]]
+  }
+
+  return array
+}
 async function takeSnapshot() {
   return await ethers.provider.send('evm_snapshot', [])
 }
@@ -67,4 +83,5 @@ module.exports = {
   getExtDataHash,
   takeSnapshot,
   revertSnapshot,
+  shuffle,
 }