Audit-changes (#638)

Co-authored-by: dcbuilder.eth <dcbuilder@protonmail.com>

Readme.md

@@ -31,14 +31,16 @@ Sequencer has 6 API routes.
 2. `/inclusionProof` - Takes the identity commitment hash, and checks for any errors that might have occurred in the insert identity steps.
     Then leaf index is fetched from the database, corresponding to the identity hash provided, and then the we check if the identity is
     indeed in the tree. The inclusion proof is then returned to the API caller.
-3. `/verifySemaphoreProof` - This call takes root, signal hash, nullifier hash, external nullifier hash and a proof.
+3. `/deleteIdentity` - Takes an identity commitment hash, ensures that it exists and hasn't been deleted yet. This identity is then scheduled for deletion.
+4. `/recoverIdentity` - Takes two identity commitment hashes. The first must exist and will be scheduled for deletion and the other will be inserted as a replacement after the first identity has been deleted and a set amount of time (depends on configuration parameters) has passed.
+5. `/verifySemaphoreProof` - This call takes root, signal hash, nullifier hash, external nullifier hash and a proof.
     The proving key is fetched based on the depth index, and verification key as well.
     The list of prime fields is created based on request input mentioned before, and then we proceed to verify the proof.
     Sequencer uses groth16 zk-SNARK implementation.
     The API call returns the proof as response.
-4.  `/addBatchSize` - Adds a prover with specific batch size to a list of provers.
-5.  `/removeBatchSize` - Removes the prover based on batch size.
-6.  `/listBatchSizes` - Lists all provers that are added to the Sequencer.
+6.  `/addBatchSize` - Adds a prover with specific batch size to a list of provers.
+7.  `/removeBatchSize` - Removes the prover based on batch size.
+8.  `/listBatchSizes` - Lists all provers that are added to the Sequencer.
 
 
 

src/app.rs

@@ -16,8 +16,8 @@ use crate::contracts::{IdentityManager, SharedIdentityManager};
 use crate::database::{self, Database};
 use crate::ethereum::{self, Ethereum};
 use crate::identity_tree::{
-    CanonicalTreeBuilder, Hash, InclusionProof, RootItem, Status, TreeState, TreeUpdate,
-    TreeVersionReadOps,
+    CanonicalTreeBuilder, Hash, InclusionProof, ProcessedStatus, RootItem, Status, TreeState,
+    TreeUpdate, TreeVersionReadOps, UnprocessedStatus,
 };
 use crate::prover::map::initialize_prover_maps;
 use crate::prover::{self, ProverConfiguration, ProverType, Provers};
@@ -34,8 +34,8 @@ pub struct InclusionProofResponse(InclusionProof);
 impl InclusionProofResponse {
     #[must_use]
     pub fn hide_processed_status(mut self) -> Self {
-        self.0.status = if self.0.status == Status::Processed {
-            Status::Pending
+        self.0.status = if self.0.status == Status::Processed(ProcessedStatus::Processed) {
+            Status::Processed(ProcessedStatus::Pending)
         } else {
             self.0.status
         };
@@ -53,9 +53,12 @@ impl From<InclusionProof> for InclusionProofResponse {
 impl ToResponseCode for InclusionProofResponse {
     fn to_response_code(&self) -> StatusCode {
         match self.0.status {
-            Status::Failed => StatusCode::BAD_REQUEST,
-            Status::New | Status::Pending => StatusCode::ACCEPTED,
-            Status::Mined | Status::Processed => StatusCode::OK,
+            Status::Unprocessed(UnprocessedStatus::Failed) => StatusCode::BAD_REQUEST,
+            Status::Unprocessed(UnprocessedStatus::New)
+            | Status::Processed(ProcessedStatus::Pending) => StatusCode::ACCEPTED,
+            Status::Processed(ProcessedStatus::Mined | ProcessedStatus::Processed) => {
+                StatusCode::OK
+            }
         }
     }
 }
@@ -83,8 +86,8 @@ pub struct VerifySemaphoreProofResponse(RootItem);
 impl VerifySemaphoreProofResponse {
     #[must_use]
     pub fn hide_processed_status(mut self) -> Self {
-        self.0.status = if self.0.status == Status::Processed {
-            Status::Pending
+        self.0.status = if self.0.status == ProcessedStatus::Processed {
+            ProcessedStatus::Pending
         } else {
             self.0.status
         };
@@ -251,7 +254,9 @@ impl App {
         initial_root_hash: Hash,
         mmap_file_path: String,
     ) -> AnyhowResult<TreeState> {
-        let mut mined_items = database.get_commitments_by_status(Status::Mined).await?;
+        let mut mined_items = database
+            .get_commitments_by_status(ProcessedStatus::Mined)
+            .await?;
         mined_items.sort_by_key(|item| item.leaf_index);
 
         if let Some(tree_state) = Self::get_cached_tree_state(
@@ -347,7 +352,10 @@ impl App {
 
         let (mined, mut processed_builder) = mined_builder.seal();
 
-        match database.get_latest_root_by_status(Status::Mined).await? {
+        match database
+            .get_latest_root_by_status(ProcessedStatus::Mined)
+            .await?
+        {
             Some(root) => {
                 if !mined.get_root().eq(&root) {
                     return Ok(None);
@@ -361,7 +369,7 @@ impl App {
         }
 
         let processed_items = database
-            .get_commitments_by_status(Status::Processed)
+            .get_commitments_by_status(ProcessedStatus::Processed)
             .await?;
 
         for processed_item in processed_items {
@@ -370,7 +378,9 @@ impl App {
 
         let (processed, batching_builder) = processed_builder.seal_and_continue();
         let (batching, mut latest_builder) = batching_builder.seal_and_continue();
-        let pending_items = database.get_commitments_by_status(Status::Pending).await?;
+        let pending_items = database
+            .get_commitments_by_status(ProcessedStatus::Pending)
+            .await?;
         for update in pending_items {
             latest_builder.update(&update);
         }
@@ -415,7 +425,7 @@ impl App {
         let (mined, mut processed_builder) = mined_builder.seal();
 
         let processed_items = database
-            .get_commitments_by_status(Status::Processed)
+            .get_commitments_by_status(ProcessedStatus::Processed)
             .await?;
 
         for processed_item in processed_items {
@@ -425,7 +435,9 @@ impl App {
         let (processed, batching_builder) = processed_builder.seal_and_continue();
         let (batching, mut latest_builder) = batching_builder.seal_and_continue();
 
-        let pending_items = database.get_commitments_by_status(Status::Pending).await?;
+        let pending_items = database
+            .get_commitments_by_status(ProcessedStatus::Pending)
+            .await?;
         for update in pending_items {
             latest_builder.update(&update);
         }
@@ -535,12 +547,14 @@ impl App {
         Ok(())
     }
 
-    /// Queues a deletion from the merkle tree.
+    /// Queues a recovery of an identity.
+    ///
+    /// i.e. deletion and reinsertion after a set period of time.
     ///
     /// # Errors
     ///
-    /// Will return `Err` if identity is already queued, not in the tree, or the
-    /// queue malfunctions.
+    /// Will return `Err` if identity is already queued for deletion, not in the
+    /// tree, or the queue malfunctions.
     #[instrument(level = "debug", skip(self))]
     pub async fn recover_identity(
         &self,
@@ -670,9 +684,9 @@ impl App {
             .await?
         {
             return Ok(InclusionProofResponse(InclusionProof {
-                status,
-                root: None,
-                proof: None,
+                status:  status.into(),
+                root:    None,
+                proof:   None,
                 message: Some(error_message),
             }));
         }
@@ -743,17 +757,22 @@ impl App {
 
         match root_state.status {
             // Pending status implies the batching or latest tree
-            Status::Pending if latest_root == root || batching_root == root => return Ok(()),
+            ProcessedStatus::Pending if latest_root == root || batching_root == root => {
+                return Ok(())
+            }
             // Processed status is hidden - this should never happen
-            Status::Processed if processed_root == root => return Ok(()),
+            ProcessedStatus::Processed if processed_root == root => return Ok(()),
             // Processed status is hidden so it could be either processed or mined
-            Status::Mined if processed_root == root || mined_root == root => return Ok(()),
+            ProcessedStatus::Mined if processed_root == root || mined_root == root => return Ok(()),
             _ => (),
         }
 
         let now = chrono::Utc::now();
 
-        let root_age = if matches!(root_state.status, Status::Pending | Status::Processed) {
+        let root_age = if matches!(
+            root_state.status,
+            ProcessedStatus::Pending | ProcessedStatus::Processed
+        ) {
             now - root_state.pending_valid_as_of
         } else {
             let mined_at = root_state