Merge pull request #111 from anoma/feature/mock-proofs-for-testing

feat: mock ProtocolAdapter and add example library

Author: heueristik

contracts/script/DeployRiscZeroVerifierRouterMock.s.sol

@@ -0,0 +1,29 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.30;
+
+import {RiscZeroVerifierRouter} from "@risc0-ethereum/RiscZeroVerifierRouter.sol";
+import {RiscZeroMockVerifier} from "@risc0-ethereum/test/RiscZeroMockVerifier.sol";
+
+import {Script} from "forge-std/Script.sol";
+
+bytes4 constant _MOCK_VERIFIER_SELECTOR = bytes4(0xFFFFFFFF);
+
+contract DeployRiscZeroVerifierRouterMock is Script {
+    RiscZeroVerifierRouter internal _router;
+    RiscZeroMockVerifier internal _verifier;
+
+    function run() public returns (RiscZeroVerifierRouter router, RiscZeroMockVerifier verifier) {
+        (, address _defaultSender,) = vm.readCallers();
+
+        vm.startBroadcast();
+
+        verifier = new RiscZeroMockVerifier(_MOCK_VERIFIER_SELECTOR);
+        _verifier = verifier;
+
+        router = new RiscZeroVerifierRouter({admin: _defaultSender});
+        router.addVerifier({selector: _MOCK_VERIFIER_SELECTOR, verifier: _verifier});
+        _router = router;
+
+        vm.stopBroadcast();
+    }
+}

contracts/src/ProtocolAdapter.sol

@@ -191,12 +191,7 @@ contract ProtocolAdapter is IProtocolAdapter, ReentrancyGuardTransient, Commitme
                         actionTreeTags[(2 * j) + 1] = cm;
                     }
 
-                    // slither-disable-next-line calls-loop
-                    _TRUSTED_RISC_ZERO_VERIFIER_ROUTER.verify({
-                        seal: complianceVerifierInput.proof,
-                        imageId: Compliance._VERIFYING_KEY,
-                        journalDigest: complianceVerifierInput.instance.toJournalDigest()
-                    });
+                    _verifyComplianceProof(complianceVerifierInput);
 
                     // Check the logic ref consistency
                     {
@@ -221,12 +216,13 @@ contract ProtocolAdapter is IProtocolAdapter, ReentrancyGuardTransient, Commitme
                     }
 
                     // Compute transaction delta
-                    transactionDelta = transactionDelta.add(
-                        [
+                    transactionDelta = _addUnitDelta({
+                        transactionDelta: transactionDelta,
+                        unitDelta: [
                             uint256(complianceVerifierInput.instance.unitDeltaX),
                             uint256(complianceVerifierInput.instance.unitDeltaY)
                         ]
-                    );
+                    });
                 }
             }
 
@@ -242,28 +238,57 @@ contract ProtocolAdapter is IProtocolAdapter, ReentrancyGuardTransient, Commitme
                         revert RootMismatch({expected: computedActionTreeRoot, actual: input.instance.actionTreeRoot});
                     }
 
-                    // Check the compliance proof
-                    // slither-disable-next-line calls-loop
-                    _TRUSTED_RISC_ZERO_VERIFIER_ROUTER.verify({
-                        seal: input.proof,
-                        imageId: input.verifyingKey,
-                        journalDigest: input.instance.toJournalDigest()
-                    });
+                    // Check the logic proof
+                    _verifyLogicProof(input);
                 }
             }
         }
 
         // Check whether the transaction is empty
         if (nActions != 0) {
             // Check the delta proof
-            Delta.verify({
-                proof: transaction.deltaProof,
-                instance: transactionDelta,
-                verifyingKey: Delta.computeVerifyingKey(tags)
-            });
+
+            _verifyDeltaProof({proof: transaction.deltaProof, transactionDelta: transactionDelta, tags: tags});
         }
     }
 
+    /// @notice An internal function verifying a RISC0 compliance proof.
+    /// @param input The verifier input of the compliance proof.
+    /// @dev This function is virtual to allow for it to be overridden, e.g., to use mock proofs with a mock verifier.
+    function _verifyComplianceProof(Compliance.VerifierInput calldata input) internal view virtual {
+        // slither-disable-next-line calls-loop
+        _TRUSTED_RISC_ZERO_VERIFIER_ROUTER.verify({
+            seal: input.proof,
+            imageId: Compliance._VERIFYING_KEY,
+            journalDigest: input.instance.toJournalDigest()
+        });
+    }
+
+    /// @notice An internal function verifying a RISC0 logic proof.
+    /// @param input The verifier input of the logic proof.
+    /// @dev This function is virtual to allow for it to be overridden, e.g., to mock proofs with a mock verifier.
+    function _verifyLogicProof(Logic.VerifierInput calldata input) internal view virtual {
+        // slither-disable-next-line calls-loop
+        _TRUSTED_RISC_ZERO_VERIFIER_ROUTER.verify({
+            seal: input.proof,
+            imageId: input.verifyingKey,
+            journalDigest: input.instance.toJournalDigest()
+        });
+    }
+
+    /// @notice An internal function verifying a delta proof.
+    /// @param proof The delta proof.
+    /// @param transactionDelta The transaction delta.
+    /// @param tags The tags being part of the transaction in the order of appearance in the compliance units.
+    /// @dev This function is virtual to allow for it to be overridden, e.g., to mock proofs.
+    function _verifyDeltaProof(bytes calldata proof, uint256[2] memory transactionDelta, bytes32[] memory tags)
+        internal
+        view
+        virtual
+    {
+        Delta.verify({proof: proof, instance: transactionDelta, verifyingKey: Delta.computeVerifyingKey(tags)});
+    }
+
     /// @notice Verifies the forwarder calls of a given action.
     /// @param action The action to verify the forwarder calls for.
     function _verifyForwarderCalls(Action calldata action) internal view {
@@ -299,4 +324,18 @@ contract ProtocolAdapter is IProtocolAdapter, ReentrancyGuardTransient, Commitme
             }
         }
     }
+
+    /// @notice An internal function adding a unit delta to the transactionDelta.
+    /// @param transactionDelta The transaction delta.
+    /// @param unitDelta The unit delta to add.
+    /// @return sum The sum of the transaction delta and the unit delta.
+    /// @dev This function is virtual to allow for it to be overridden, e.g., to mock delta proofs.
+    function _addUnitDelta(uint256[2] memory transactionDelta, uint256[2] memory unitDelta)
+        internal
+        pure
+        virtual
+        returns (uint256[2] memory sum)
+    {
+        sum = transactionDelta.add(unitDelta);
+    }
 }

contracts/src/libs/ComputableComponents.sol

@@ -15,6 +15,13 @@ library ComputableComponents {
         cm = sha256(abi.encode(resource));
     }
 
+    /// @notice Computes the resource commitment.
+    /// @param resource The resource object.
+    /// @return cm The computed commitment.
+    function commitment_(Resource memory resource) internal pure returns (bytes32 cm) {
+        cm = sha256(abi.encode(resource));
+    }
+
     /// @notice Computes the resource nullifier given a nullifier key.
     /// @param resource The resource object.
     /// @param nullifierKey The nullifier key.
@@ -24,6 +31,15 @@ library ComputableComponents {
         nf = sha256(abi.encode(resource, nullifierKey));
     }
 
+    /// @notice Computes the resource nullifier given a nullifier key.
+    /// @param resource The resource object.
+    /// @param nullifierKey The nullifier key.
+    /// @return nf The computed nullifier.
+    /// @dev This methods does not check that the nullifier key commitment matches the nullifier key.
+    function nullifier_(Resource memory resource, bytes32 nullifierKey) internal pure returns (bytes32 nf) {
+        nf = sha256(abi.encode(resource, nullifierKey));
+    }
+
     /// @notice Computes the resource kind.
     /// @param resource The resource object.
     /// @return k The computed kind.

contracts/test/ProtocolAdapterMock.t.sol

@@ -0,0 +1,124 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.30;
+
+import {RiscZeroVerifierRouter} from "@risc0-ethereum/RiscZeroVerifierRouter.sol";
+import {RiscZeroMockVerifier} from "@risc0-ethereum/test/RiscZeroMockVerifier.sol";
+
+import {Test} from "forge-std/Test.sol";
+
+import {DeployRiscZeroVerifierRouterMock} from "../script/DeployRiscZeroVerifierRouterMock.s.sol";
+
+import {TagLookup} from "../src/libs/TagLookup.sol";
+import {CommitmentAccumulator} from "../src/state/CommitmentAccumulator.sol";
+import {NullifierSet} from "../src/state/NullifierSet.sol";
+import {Transaction} from "../src/Types.sol";
+
+import {ExampleGen} from "./mocks/ExampleGen.sol";
+import {ProtocolAdapterMock} from "./mocks/ProtocolAdapter.m.sol";
+
+contract ProtocolAdapterMockTest is Test {
+    using ExampleGen for RiscZeroMockVerifier;
+    using ExampleGen for Transaction;
+
+    RiscZeroVerifierRouter internal _mockRouter;
+    RiscZeroMockVerifier internal _mockVerifier;
+    ProtocolAdapterMock internal _mockPa;
+
+    function setUp() public {
+        (_mockRouter, _mockVerifier) = (new DeployRiscZeroVerifierRouterMock()).run();
+
+        _mockPa = new ProtocolAdapterMock(_mockRouter, 32, 4);
+    }
+
+    function test_execute_1_txn_with_1_action_and_0_cus() public {
+        ExampleGen.ActionConfig[] memory configs = ExampleGen.generateActionConfigs({nActions: 1, nCUs: 0});
+
+        (Transaction memory txn,) = _mockVerifier.transaction(0, configs);
+        _mockPa.execute(txn);
+    }
+
+    function test_execute_1_txn_with_2_action_with_1_and_0_cus() public {
+        ExampleGen.ActionConfig[] memory configs = new ExampleGen.ActionConfig[](2);
+        configs[0] = ExampleGen.ActionConfig({nCUs: 1});
+        configs[1] = ExampleGen.ActionConfig({nCUs: 0});
+
+        (Transaction memory txn,) = _mockVerifier.transaction(0, configs);
+        _mockPa.execute(txn);
+    }
+
+    function test_execute_1_txn_with_n_actions_and_n_cus(uint8 nActions, uint8 nCUs) public {
+        ExampleGen.ActionConfig[] memory configs = ExampleGen.generateActionConfigs({
+            nActions: uint8(bound(nActions, 0, 5)),
+            nCUs: uint8(bound(nCUs, 0, 2 ** (_mockPa.actionTreeDepth() - 1)))
+        });
+
+        (Transaction memory txn,) = _mockVerifier.transaction(0, configs);
+        _mockPa.execute(txn);
+    }
+
+    function test_execute_2_txns_with_n_actions_and_n_cus(uint8 nActions, uint8 nCUs) public {
+        ExampleGen.ActionConfig[] memory configs = ExampleGen.generateActionConfigs({
+            nActions: uint8(bound(nActions, 0, 5)),
+            nCUs: uint8(bound(nCUs, 0, 2 ** (_mockPa.actionTreeDepth() - 1)))
+        });
+
+        (Transaction memory txn, uint256 updatedNonce) = _mockVerifier.transaction({nonce: 0, configs: configs});
+        _mockPa.execute(txn);
+
+        (txn,) = _mockVerifier.transaction(updatedNonce, configs);
+        _mockPa.execute(txn);
+    }
+
+    function test_verify_reverts_on_pre_existing_nullifier() public {
+        ExampleGen.ActionConfig[] memory configs = ExampleGen.generateActionConfigs({nActions: 1, nCUs: 1});
+
+        (Transaction memory tx1, uint256 updatedNonce) = _mockVerifier.transaction({nonce: 0, configs: configs});
+        bytes32 preExistingNf = tx1.actions[0].complianceVerifierInputs[0].instance.consumed.nullifier;
+        _mockPa.execute(tx1);
+
+        (Transaction memory tx2,) = _mockVerifier.transaction({nonce: updatedNonce, configs: configs});
+        tx2.actions[0].complianceVerifierInputs[0].instance.consumed.nullifier = preExistingNf;
+        vm.expectRevert(
+            abi.encodeWithSelector(NullifierSet.PreExistingNullifier.selector, preExistingNf), address(_mockPa)
+        );
+        _mockPa.verify(tx2);
+    }
+
+    function test_verify_reverts_on_pre_existing_commitment() public {
+        ExampleGen.ActionConfig[] memory configs = ExampleGen.generateActionConfigs({nActions: 1, nCUs: 1});
+
+        (Transaction memory tx1, uint256 updatedNonce) = _mockVerifier.transaction({nonce: 0, configs: configs});
+        bytes32 preExistingCm = tx1.actions[0].complianceVerifierInputs[0].instance.created.commitment;
+        _mockPa.execute(tx1);
+
+        (Transaction memory tx2,) = _mockVerifier.transaction({nonce: updatedNonce, configs: configs});
+        tx2.actions[0].complianceVerifierInputs[0].instance.created.commitment = preExistingCm;
+        vm.expectRevert(
+            abi.encodeWithSelector(CommitmentAccumulator.PreExistingCommitment.selector, preExistingCm),
+            address(_mockPa)
+        );
+        _mockPa.verify(tx2);
+    }
+
+    function test_verify_reverts_on_duplicated_nullifier() public {
+        ExampleGen.ActionConfig[] memory configs = ExampleGen.generateActionConfigs({nActions: 1, nCUs: 2});
+
+        (Transaction memory txn,) = _mockVerifier.transaction({nonce: 0, configs: configs});
+        bytes32 duplicatedNf = txn.actions[0].complianceVerifierInputs[0].instance.consumed.nullifier;
+        txn.actions[0].complianceVerifierInputs[1].instance.consumed.nullifier = duplicatedNf;
+
+        vm.expectRevert(abi.encodeWithSelector(TagLookup.NullifierDuplicated.selector, duplicatedNf), address(_mockPa));
+        _mockPa.verify(txn);
+    }
+
+    function test_verify_reverts_on_duplicated_commitment() public {
+        ExampleGen.ActionConfig[] memory configs = ExampleGen.generateActionConfigs({nActions: 1, nCUs: 2});
+
+        (Transaction memory txn,) = _mockVerifier.transaction({nonce: 0, configs: configs});
+        bytes32 duplicatedCm = txn.actions[0].complianceVerifierInputs[0].instance.created.commitment;
+        txn.actions[0].complianceVerifierInputs[1].instance.created.commitment = duplicatedCm;
+
+        vm.expectRevert(abi.encodeWithSelector(TagLookup.CommitmentDuplicated.selector, duplicatedCm), address(_mockPa));
+        _mockPa.verify(txn);
+    }
+}