Add an ability to transit root with signature in Replicator (#36)

* Added an ability to transit root with signature in RegistrationSMTReplicator

* Prepared for publishing

* Resolved review comments

Author: KyrylR

CHANGELOG.md

@@ -1,5 +1,9 @@
 # Changelog
 
+## [0.3.1]
+
+* Enhanced `RegistrationSMTReplicator` with signature-based root transition.
+
 ## [0.3.0]
 
 * Added `RegistrationSMTReplicator` contract and `AQueryProofExecutor` abstract contract to accommodate integration with Rarime. 

README.md

@@ -52,6 +52,8 @@ Afterwards, you will be able to use the application by calling the `Registration
 > [!NOTE]
 > This is experimental, state of the art software. Behold and use at your own risk.
 
+Here you will find a guide for the on-chain integration with the SDK, which is provided as a part of the NPM package: [Guide: Setting up on-chain user verification with ZK Passport](https://docs.rarimo.com/zk-passport/guide-on-chain-verification/)
+
 ## License
 
 The smart contracts are released under the MIT License.

contracts/mock/sdk/ProofBuilderTest.sol

@@ -17,10 +17,10 @@ contract ProofBuilderTest is AQueryProofExecutor {
     }
 
     function _buildPublicSignals(
-        bytes32 registrationRoot_,
-        uint256 currentDate_,
-        bytes memory userPayload_
-    ) public override returns (uint256) {
+        bytes32,
+        uint256,
+        bytes memory
+    ) public pure override returns (uint256) {
         return 0;
     }
 
@@ -48,7 +48,7 @@ contract ProofBuilderTest is AQueryProofExecutor {
         }
     }
 
-    function testEquivalencePart1_NewBuilder() external view {
+    function testEquivalencePart1_NewBuilder() external pure {
         uint256 nullifier = 1;
         uint256 selector = 2;
 
@@ -61,7 +61,7 @@ contract ProofBuilderTest is AQueryProofExecutor {
         _compareArrays(originalPubSignals, libPubSignals);
     }
 
-    function testEquivalencePart2_Name() external view {
+    function testEquivalencePart2_Name() external pure {
         uint256 nullifier = 1;
         uint256 selector = 2;
         uint256 name_ = 3;
@@ -82,7 +82,7 @@ contract ProofBuilderTest is AQueryProofExecutor {
         _compareArrays(originalPubSignals, libPubSignals);
     }
 
-    function testEquivalencePart3_NationalityCitizenshipSex() external view {
+    function testEquivalencePart3_NationalityCitizenshipSex() external pure {
         uint256 nullifier = 1;
         uint256 selector = 2;
         uint256 nationality_ = 5;
@@ -106,7 +106,7 @@ contract ProofBuilderTest is AQueryProofExecutor {
         _compareArrays(originalPubSignals, libPubSignals);
     }
 
-    function testEquivalencePart4_Event() external view {
+    function testEquivalencePart4_Event() external pure {
         uint256 nullifier = 1;
         uint256 selector = 2;
         uint256 eventId_ = 9;
@@ -160,7 +160,7 @@ contract ProofBuilderTest is AQueryProofExecutor {
         _compareArrays(originalPubSignals, libPubSignals);
     }
 
-    function testEquivalencePart7_TimestampBounds() external view {
+    function testEquivalencePart7_TimestampBounds() external pure {
         uint256 nullifier = 1;
         uint256 selector = 2;
         uint256 timestampLowerbound_ = 14;
@@ -184,7 +184,7 @@ contract ProofBuilderTest is AQueryProofExecutor {
         _compareArrays(originalPubSignals, libPubSignals);
     }
 
-    function testEquivalencePart8_IdentityCounterBounds() external view {
+    function testEquivalencePart8_IdentityCounterBounds() external pure {
         uint256 nullifier = 1;
         uint256 selector = 2;
         uint256 identityCounterLowerbound_ = 16;
@@ -208,7 +208,7 @@ contract ProofBuilderTest is AQueryProofExecutor {
         _compareArrays(originalPubSignals, libPubSignals);
     }
 
-    function testEquivalencePart9_BirthDateBounds() external view {
+    function testEquivalencePart9_BirthDateBounds() external pure {
         uint256 nullifier = 1;
         uint256 selector = 2;
         uint256 birthDateLowerbound_ = 18;
@@ -232,7 +232,7 @@ contract ProofBuilderTest is AQueryProofExecutor {
         _compareArrays(originalPubSignals, libPubSignals);
     }
 
-    function testEquivalencePart10_ExpirationDateBounds() external view {
+    function testEquivalencePart10_ExpirationDateBounds() external pure {
         uint256 nullifier = 1;
         uint256 selector = 2;
         uint256 expirationDateLowerbound_ = 20;
@@ -256,7 +256,7 @@ contract ProofBuilderTest is AQueryProofExecutor {
         _compareArrays(originalPubSignals, libPubSignals);
     }
 
-    function testEquivalencePart11_CitizenshipMask() external view {
+    function testEquivalencePart11_CitizenshipMask() external pure {
         uint256 nullifier = 1;
         uint256 selector = 2;
         uint256 citizenshipMask_ = 22;

contracts/mock/verifiers/VerifierMock.sol

@@ -3,11 +3,11 @@ pragma solidity ^0.8.21;
 
 contract VerifierMock {
     function verifyProof(
-        uint256[2] calldata pA_,
-        uint256[2][2] calldata pB_,
-        uint256[2] calldata pC_,
-        uint256[4] calldata pubSignals_
-    ) public view returns (bool) {
+        uint256[2] calldata,
+        uint256[2][2] calldata,
+        uint256[2] calldata,
+        uint256[4] calldata
+    ) public pure returns (bool) {
         return true;
     }
 }

contracts/sdk/RegistrationSMTReplicator.sol

@@ -1,8 +1,10 @@
 // SPDX-License-Identifier: MIT
 pragma solidity ^0.8.22;
 
+import {ECDSA} from "@openzeppelin/contracts/utils/cryptography/ECDSA.sol";
 import {ERC1967Utils} from "@openzeppelin/contracts/proxy/ERC1967/ERC1967Utils.sol";
 import {EnumerableSet} from "@openzeppelin/contracts/utils/structs/EnumerableSet.sol";
+import {MessageHashUtils} from "@openzeppelin/contracts/utils/cryptography/MessageHashUtils.sol";
 import {UUPSUpgradeable} from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol";
 
 import {SetHelper} from "@solarity/solidity-lib/libs/arrays/SetHelper.sol";
@@ -23,6 +25,9 @@ contract RegistrationSMTReplicator is IPoseidonSMT, AMultiOwnable, UUPSUpgradeab
     using EnumerableSet for EnumerableSet.AddressSet;
 
     uint256 public constant ROOT_VALIDITY = 1 hours;
+    string public constant REGISTRATION_ROOT_PREFIX = "Rarimo root";
+
+    address public sourceSMT;
 
     bytes32 public latestRoot;
     uint256 public latestTimestamp;
@@ -40,9 +45,14 @@ contract RegistrationSMTReplicator is IPoseidonSMT, AMultiOwnable, UUPSUpgradeab
 
     error NotAnOracle(address sender);
 
-    function __RegistrationSMTReplicator_init(address[] memory oracles_) external initializer {
+    function __RegistrationSMTReplicator_init(
+        address[] memory oracles_,
+        address sourceSMT_
+    ) external initializer {
         __AMultiOwnable_init();
 
+        sourceSMT = sourceSMT_;
+
         _oracles.add(oracles_);
     }
 
@@ -60,6 +70,13 @@ contract RegistrationSMTReplicator is IPoseidonSMT, AMultiOwnable, UUPSUpgradeab
         _oracles.remove(oracles_);
     }
 
+    /*
+     * @notice Updates the source SMT address.
+     */
+    function setSourceSMT(address newSourceSMT_) external onlyOwner {
+        sourceSMT = newSourceSMT_;
+    }
+
     /*
      * @notice Transitions the root of the Registration SMT.
      * @param newRoot_ The new root to be set.
@@ -76,6 +93,40 @@ contract RegistrationSMTReplicator is IPoseidonSMT, AMultiOwnable, UUPSUpgradeab
         _updateRoot(newRoot_, transitionTimestamp_);
     }
 
+    /*
+     * @notice Transitions the root of the Registration SMT with signature verification.
+     * @param newRoot_ The new root to be set.
+     * @param transitionTimestamp_ The timestamp of the transition.
+     * @param signature_ The signature from the sourceSMT verifying the root transition.
+     */
+    function transitionRootWithSignature(
+        bytes32 newRoot_,
+        uint256 transitionTimestamp_,
+        bytes memory signature_
+    ) external virtual {
+        if (_roots[newRoot_] != 0) {
+            return;
+        }
+
+        bytes32 messageHash_ = keccak256(
+            abi.encodePacked(
+                REGISTRATION_ROOT_PREFIX,
+                sourceSMT,
+                address(this),
+                newRoot_,
+                transitionTimestamp_
+            )
+        );
+
+        address signer_ = ECDSA.recover(
+            MessageHashUtils.toEthSignedMessageHash(messageHash_),
+            signature_
+        );
+        require(isOracle(signer_), NotAnOracle(signer_));
+
+        _updateRoot(newRoot_, transitionTimestamp_);
+    }
+
     /*
      * @notice Checks if the root is valid.
      * The root is valid if it is the latest transited root or if it was transitioned within the ROOT_VALIDITY period.

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "@rarimo/passport-contracts",
-  "version": "0.3.0",
+  "version": "0.3.1",
   "license": "MIT",
   "author": "Zero Block Global Foundation",
   "readme": "README.md",

package.json

@@ -15,18 +15,20 @@ describe("RegistrationSMTReplicator", () => {
   let ORACLE1: SignerWithAddress;
   let ORACLE2: SignerWithAddress;
   let OTHER: SignerWithAddress;
+  let SOURCE_SMT: SignerWithAddress;
 
   let replicator: RegistrationSMTReplicator;
+  const REGISTRATION_ROOT_PREFIX = "Rarimo root";
 
   before("setup", async () => {
-    [OWNER, ORACLE1, ORACLE2, OTHER] = await ethers.getSigners();
+    [OWNER, ORACLE1, ORACLE2, OTHER, SOURCE_SMT] = await ethers.getSigners();
 
     const implementation = await ethers.deployContract("RegistrationSMTReplicator");
 
     const proxy = await ethers.deployContract("ERC1967Proxy", [await implementation.getAddress(), "0x"]);
     replicator = await ethers.getContractAt("RegistrationSMTReplicator", await proxy.getAddress());
 
-    await replicator.__RegistrationSMTReplicator_init([ORACLE1]);
+    await replicator.__RegistrationSMTReplicator_init([ORACLE1.address], SOURCE_SMT.address);
 
     await reverter.snapshot();
   });
@@ -39,13 +41,13 @@ describe("RegistrationSMTReplicator", () => {
 
       expect(await replicator.isOracle(ORACLE1.address)).to.be.true;
       expect(await replicator.getOracles()).to.deep.equal([ORACLE1.address]);
+      expect(await replicator.sourceSMT()).to.equal(SOURCE_SMT.address);
     });
 
     it("should revert if trying to initialize twice", async () => {
-      await expect(replicator.__RegistrationSMTReplicator_init([OTHER.address])).to.be.revertedWithCustomError(
-        replicator,
-        "InvalidInitialization",
-      );
+      await expect(
+        replicator.__RegistrationSMTReplicator_init([OTHER.address], OTHER.address),
+      ).to.be.revertedWithCustomError(replicator, "InvalidInitialization");
     });
   });
 
@@ -149,6 +151,46 @@ describe("RegistrationSMTReplicator", () => {
     });
   });
 
+  describe("transitionRoot() with signature", () => {
+    it("should transition root with valid signature from oracle", async () => {
+      const randomRoot = ethers.hexlify(ethers.randomBytes(32));
+      const currentTime = await time.latest();
+
+      const messageHash = ethers.keccak256(
+        ethers.solidityPacked(
+          ["string", "address", "address", "bytes32", "uint256"],
+          [REGISTRATION_ROOT_PREFIX, SOURCE_SMT.address, await replicator.getAddress(), randomRoot, currentTime],
+        ),
+      );
+
+      const signature = await ORACLE1.signMessage(ethers.getBytes(messageHash));
+
+      await replicator.transitionRootWithSignature(randomRoot, currentTime, signature);
+
+      expect(await replicator.latestRoot()).to.equal(randomRoot);
+      expect(await replicator.latestTimestamp()).to.equal(currentTime);
+      expect(await replicator.isRootValid(randomRoot)).to.be.true;
+    });
+
+    it("should revert when signature is from non-oracle", async () => {
+      const randomRoot = ethers.hexlify(ethers.randomBytes(32));
+      const currentTime = await time.latest();
+
+      const messageHash = ethers.keccak256(
+        ethers.solidityPacked(
+          ["string", "address", "address", "bytes32", "uint256"],
+          [REGISTRATION_ROOT_PREFIX, SOURCE_SMT.address, await replicator.getAddress(), randomRoot, currentTime],
+        ),
+      );
+
+      const signature = await OTHER.signMessage(ethers.getBytes(messageHash));
+
+      await expect(
+        replicator.transitionRootWithSignature(randomRoot, currentTime, signature),
+      ).to.be.revertedWithCustomError(replicator, "NotAnOracle");
+    });
+  });
+
   describe("Upgradability", () => {
     it("should allow owner to upgrade", async () => {
       const newImplementation = await ethers.deployContract("RegistrationSMTReplicator");