fix: fix wrong ordering on compute outher authwit hash

AztecProtocol · Mar 20, 2024 · 1731453 · 1731453
1 parent 4e07619
commit 1731453
Show file tree

Hide file tree

Showing 3 changed files with 50 additions and 7 deletions.
diff --git a/yarn-project/aztec.js/src/wallet/index.ts b/yarn-project/aztec.js/src/wallet/index.ts
@@ -1,5 +1,4 @@
 import { PXE } from '@aztec/circuit-types';
-import { Fr } from '@aztec/circuits.js';
 import { AztecAddress } from '@aztec/foundation/aztec-address';
 
 import { AccountContract } from '../account/contract.js';

diff --git a/yarn-project/end-to-end/src/e2e_authwit.test.ts b/yarn-project/end-to-end/src/e2e_authwit.test.ts
@@ -29,7 +29,7 @@ describe('e2e_authwit_tests', () => {
     describe('arbitrary data', () => {
       it('happy path', async () => {
         const innerHash = computeInnerAuthWitHash([Fr.fromString('0xdead')]);
-        const outerHash = computeOuterAuthWitHash(wallets[1].getAddress(), innerHash, chainId, version);
+        const outerHash = computeOuterAuthWitHash(wallets[1].getAddress(), chainId, version, innerHash);
 
         const witness = await wallets[0].createAuthWit(outerHash);
         await wallets[1].addAuthWitness(witness);
@@ -58,7 +58,7 @@ describe('e2e_authwit_tests', () => {
       describe('failure case', () => {
         it('cancel before usage', async () => {
           const innerHash = computeInnerAuthWitHash([Fr.fromString('0xdead'), Fr.fromString('0xbeef')]);
-          const outerHash = computeOuterAuthWitHash(wallets[1].getAddress(), innerHash, chainId, version);
+          const outerHash = computeOuterAuthWitHash(wallets[1].getAddress(), chainId, version, innerHash);
 
           expect(await wallets[0].lookupValidity(wallets[0].getAddress(), outerHash)).toEqual({
             isValidInPrivate: false,
@@ -130,7 +130,51 @@ describe('e2e_authwit_tests', () => {
             isValidInPublic: false,
           });
 
-          // The transaction should be dropped because of a cancelled authwit (duplicate nullifier)
+          // The transaction should be dropped because of the invalid chain id
+          await expect(txCancelledAuthwit.wait()).rejects.toThrow('Transaction ');
+        });
+
+        it('invalid chain id', async () => {
+          const invalidVersion = Fr.random();
+
+          const innerHash = computeInnerAuthWitHash([Fr.fromString('0xdead'), Fr.fromString('0xbeef')]);
+          const outerHash = computeOuterAuthWitHash(wallets[1].getAddress(), chainId, invalidVersion, innerHash);
+          const outerCorrectHash = computeOuterAuthWitHash(wallets[1].getAddress(), chainId, version, innerHash);
+
+          expect(await wallets[0].lookupValidity(wallets[0].getAddress(), outerHash)).toEqual({
+            isValidInPrivate: false,
+            isValidInPublic: false,
+          });
+
+          expect(await wallets[0].lookupValidity(wallets[0].getAddress(), outerCorrectHash)).toEqual({
+            isValidInPrivate: false,
+            isValidInPublic: false,
+          });
+
+          const witness = await wallets[0].createAuthWit(outerHash);
+          await wallets[1].addAuthWitness(witness);
+          expect(await wallets[0].lookupValidity(wallets[0].getAddress(), outerHash)).toEqual({
+            isValidInPrivate: true,
+            isValidInPublic: false,
+          });
+          expect(await wallets[0].lookupValidity(wallets[0].getAddress(), outerCorrectHash)).toEqual({
+            isValidInPrivate: false,
+            isValidInPublic: false,
+          });
+
+          const c = await SchnorrAccountContract.at(wallets[0].getAddress(), wallets[0]);
+          const txCancelledAuthwit = c.withWallet(wallets[1]).methods.spend_private_authwit(innerHash).send();
+
+          expect(await wallets[0].lookupValidity(wallets[0].getAddress(), outerHash)).toEqual({
+            isValidInPrivate: true,
+            isValidInPublic: false,
+          });
+          expect(await wallets[0].lookupValidity(wallets[0].getAddress(), outerCorrectHash)).toEqual({
+            isValidInPrivate: false,
+            isValidInPublic: false,
+          });
+
+          // The transaction should be dropped because of the invalid version
           await expect(txCancelledAuthwit.wait()).rejects.toThrow('Transaction ');
         });
       });
@@ -141,7 +185,7 @@ describe('e2e_authwit_tests', () => {
     describe('arbitrary data', () => {
       it('happy path', async () => {
         const innerHash = computeInnerAuthWitHash([Fr.fromString('0xdead'), Fr.fromString('0x01')]);
-        const outerHash = computeOuterAuthWitHash(wallets[1].getAddress(), innerHash, chainId, version);
+        const outerHash = computeOuterAuthWitHash(wallets[1].getAddress(), chainId, version, innerHash);
 
         expect(await wallets[0].lookupValidity(wallets[0].getAddress(), outerHash)).toEqual({
           isValidInPrivate: false,
@@ -167,7 +211,7 @@ describe('e2e_authwit_tests', () => {
       describe('failure case', () => {
         it('cancel before usage', async () => {
           const innerHash = computeInnerAuthWitHash([Fr.fromString('0xdead'), Fr.fromString('0x02')]);
-          const outerHash = computeOuterAuthWitHash(wallets[1].getAddress(), innerHash, chainId, version);
+          const outerHash = computeOuterAuthWitHash(wallets[1].getAddress(), chainId, version, innerHash);
 
           expect(await wallets[0].lookupValidity(wallets[0].getAddress(), outerHash)).toEqual({
             isValidInPrivate: false,

diff --git a/yarn-project/entrypoints/src/dapp_entrypoint.ts b/yarn-project/entrypoints/src/dapp_entrypoint.ts
@@ -34,9 +34,9 @@ export class DefaultDappEntrypoint implements EntrypointInterface {
     const innerHash = computeInnerAuthWitHash([Fr.ZERO, functionData.selector.toField(), entrypointPackedArgs.hash]);
     const outerHash = computeOuterAuthWitHash(
       this.dappEntrypointAddress,
-      innerHash,
       new Fr(this.chainId),
       new Fr(this.version),
+      innerHash,
     );
 
     const authWitness = await this.userAuthWitnessProvider.createAuthWit(outerHash);