From c8e1530bbc75e50e742a48cd5bccc529e5a5ca33 Mon Sep 17 00:00:00 2001 From: ctrlc03 <93448202+ctrlc03@users.noreply.github.com> Date: Thu, 16 May 2024 16:58:55 +0100 Subject: [PATCH] docs(smart contracts): update smart contracts docs and separate in pages --- .../developers-references/integrating.md | 2 +- .../smart-contracts/AccQueue.md | 17 + .../smart-contracts/Gatekeepers.md | 25 + .../smart-contracts/MACI.md | 149 ++++++ .../smart-contracts/MessageProcessor.md | 9 + .../smart-contracts/Params.md | 34 ++ .../smart-contracts/Poll.md | 96 ++++ .../smart-contracts/PollFactory.md | 48 ++ .../smart-contracts/Tally.md | 41 ++ .../smart-contracts/VkRegistry.md | 53 +++ .../smart-contracts/VoiceCreditProxy.md | 14 + .../smart-contracts/_category_.json | 2 +- .../smart-contracts/contracts.md | 426 ------------------ .../version-v2.0_alpha/overview/overview.md | 2 +- .../quick-start/troubleshooting.md | 2 +- .../quick-start/workflow.md | 2 +- 16 files changed, 491 insertions(+), 431 deletions(-) create mode 100644 website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/AccQueue.md create mode 100644 website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/Gatekeepers.md create mode 100644 website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/MACI.md create mode 100644 website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/MessageProcessor.md create mode 100644 website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/Params.md create mode 100644 website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/Poll.md create mode 100644 website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/PollFactory.md create mode 100644 website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/Tally.md create mode 100644 website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/VkRegistry.md create mode 100644 website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/VoiceCreditProxy.md delete mode 100644 website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/contracts.md diff --git a/website/versioned_docs/version-v2.0_alpha/developers-references/integrating.md b/website/versioned_docs/version-v2.0_alpha/developers-references/integrating.md index 1f30cb6f0e..08fd250827 100644 --- a/website/versioned_docs/version-v2.0_alpha/developers-references/integrating.md +++ b/website/versioned_docs/version-v2.0_alpha/developers-references/integrating.md @@ -194,7 +194,7 @@ The network options are: **_localhost, sepolia, and optimism-sepolia_**, and the ## MACI Contract -The MACI contract is the core of the protocol. Contracts can inherit from MACI and thus expose the signup and topup functions. As with standalone MACI, one would need to deploy a [sign up gatekeeper](/docs/developers-references/smart-contracts/contracts#signupgatekeeper) as well as the [voice credit proxy](/docs/developers-references/smart-contracts/contracts#voicecreditproxy). +The MACI contract is the core of the protocol. Contracts can inherit from MACI and thus expose the signup and topup functions. As with standalone MACI, one would need to deploy a [sign up gatekeeper](/docs/developers-references/smart-contracts/Gatekeepers) as well as the [voice credit proxy](/docs/developers-references/smart-contracts/VoiceCreditProxy). As an example, within the quadratic funding infrastructure project, the QFI contract inherits from MACI and allows sign up via the contribute function. diff --git a/website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/AccQueue.md b/website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/AccQueue.md new file mode 100644 index 0000000000..f789ed58a8 --- /dev/null +++ b/website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/AccQueue.md @@ -0,0 +1,17 @@ +--- +title: AccQueue Smart Contract +description: AccQueue smart contract +sidebar_label: AccQueue +sidebar_position: 1 +--- + +The AccQueue contract represents a Merkle Tree where each leaf insertion only updates a subtree. To obtain the main tree root, the subtrees must be merged together by the contract owner. This requires at least two operations, a `mergeSubRoots` and a `merge`. + +The contract can be initialized to work as a traditional Merkle Tree (2 leaves per node) or a Quinary Tree (5 leaves per node). This can be achieved by passing either two or five as parameter to the constructor (`_hashLength`). Any other values should not be accepted. + +Below are presented the most important functions of the smart contract: + +- `enqueue` - Allows to add a leaf to the queue for the current subtree. Only one parameter is accepted and that is the leaf to insert. +- `insertSubTree` - Admin only function which allows to insert a full subtree (batch enqueue) +- `mergeSubRoots` - Allows the contract owner to merge all of the subtrees to form the shortest possible tree. The argument `_numSrQueueOps` can be used to perform the operation in multiple transactions (as this might trigger the block gas limit). +- `merge` - Allows the contract admin to form a main tree with the desired depth. The depth must fit all of the leaves. diff --git a/website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/Gatekeepers.md b/website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/Gatekeepers.md new file mode 100644 index 0000000000..df7aa98204 --- /dev/null +++ b/website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/Gatekeepers.md @@ -0,0 +1,25 @@ +--- +title: Gatekeepers Smart Contract +description: Gatekeepers smart contract +sidebar_label: Gatekeepers +sidebar_position: 6 +--- + +MACI requires a signup gatekeeper to ensure that only designed users register. It is up to MACI's deployer how they wish to allow sign-ups, therefore they can implement their own GateKeeper. The repository comes with different options: + +- `FreeForAllSignUpGatekeeper` - This allows anyone to signup on MACI. +- `SignUpTokenGatekeeper` - This makes use of a ERC721 token to gatekeep the signup function. +- `EASGatekeeper` - This allows gatekeeping signups to only users who have a specific EAS attestation. +- `HatsGatekeeper` - This allows gatekeeping signups to only users who have a specific Hat. +- `GitcoinPassportGatekeeper` - This allows gatekeeping signups to only users who have a specific Gitcoin Passport score. + +An abstract contract to inherit from is also provided, with two function signatures as shown below: + +```ts +abstract contract SignUpGatekeeper { + function setMaciInstance(MACI _maci) public virtual {} + function register(address _user, bytes memory _data) public virtual {} +} +``` + +The MACI contract will need to call the `SignUpGatekeeper.register` function inside the `MACI.signUp` function. diff --git a/website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/MACI.md b/website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/MACI.md new file mode 100644 index 0000000000..2367067a7f --- /dev/null +++ b/website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/MACI.md @@ -0,0 +1,149 @@ +--- +title: MACI Smart Contract +description: MACI main smart contract +sidebar_label: MACI +sidebar_position: 1 +--- + +`MACI.sol` is the core contract of the project, as it provides the base layer for user signups and Polls to be created. + +The constructor shown below accepts several arguments: + +- `PollFactory` address +- `MessageProcessorFactory` address +- `TallyFactory` address +- `SignUpGatekeeper` address +- `InitialVoiceCreditProxy` address +- The depth of the state tree + +```javascript +constructor( + IPollFactory _pollFactory, + IMessageProcessorFactory _messageProcessorFactory, + ITallyFactory _tallyFactory, + SignUpGatekeeper _signUpGatekeeper, + InitialVoiceCreditProxy _initialVoiceCreditProxy, + uint8 _stateTreeDepth +) payable { + // initialize and insert the blank leaf + InternalLazyIMT._init(lazyIMTData, _stateTreeDepth); + InternalLazyIMT._insert(lazyIMTData, BLANK_STATE_LEAF_HASH); + + pollFactory = _pollFactory; + messageProcessorFactory = _messageProcessorFactory; + tallyFactory = _tallyFactory; + signUpGatekeeper = _signUpGatekeeper; + initialVoiceCreditProxy = _initialVoiceCreditProxy; + stateTreeDepth = _stateTreeDepth; + + // Verify linked poseidon libraries + if (hash2([uint256(1), uint256(1)]) == 0) revert PoseidonHashLibrariesNotLinked(); +} + +``` + +Upon deployment, the contract will initialize the state tree, and insert the blank leaf hash. + +After this, all of the parameters will be stored to state, and then the contract will perform a simple sanity check to ensure that the Poseidon hash libraries were linked successfully. + +## SignUp + +Next, we have the `signUp` function, which allows users to `signUp`, as long as they pass the conditions set in the `SignUpGatekeeper` contract. This contract can use any mean necessary to gatekeep access to MACI's polls. For instance, only wallets with a specific ERC721 token can be allowed to sign up. + +This function does the following: + +- checks that the maximum number of signups has not been reached. Given a tree depth of 10, this will be $2 ** 10 - 1$. +- checks that the provided public key is a valid baby-jubjub point +- registers the user using the sign up gatekeeper contract. It is important that whichever gatekeeper is used, this reverts if a user tries to sign up twice or the conditions are not met (i.e returning false is not enough) +- calls the voice credit proxy to retrieve the number of allocated voice credits allocated to this voter +- hashes the voice credits alongside the user's MACI public key and the current time +- insert this hashed data into the state tree. + +```javascript +function signUp( + PubKey memory _pubKey, + bytes memory _signUpGatekeeperData, + bytes memory _initialVoiceCreditProxyData +) public virtual { + // ensure we do not have more signups than what the circuits support + if (lazyIMTData.numberOfLeaves >= uint256(TREE_ARITY) ** uint256(stateTreeDepth)) revert TooManySignups(); + + // ensure that the public key is on the baby jubjub curve + if (!CurveBabyJubJub.isOnCurve(_pubKey.x, _pubKey.y)) { + revert InvalidPubKey(); + } + + // Register the user via the sign-up gatekeeper. This function should + // throw if the user has already registered or if ineligible to do so. + signUpGatekeeper.register(msg.sender, _signUpGatekeeperData); + + // Get the user's voice credit balance. + uint256 voiceCreditBalance = initialVoiceCreditProxy.getVoiceCredits(msg.sender, _initialVoiceCreditProxyData); + + uint256 timestamp = block.timestamp; + + // Create a state leaf and insert it into the tree. + uint256 stateLeaf = hashStateLeaf(StateLeaf(_pubKey, voiceCreditBalance, timestamp)); + InternalLazyIMT._insert(lazyIMTData, stateLeaf); + + emit SignUp(lazyIMTData.numberOfLeaves - 1, _pubKey.x, _pubKey.y, voiceCreditBalance, timestamp); +} +``` + +## DeployPoll + +Once everything has been setup, polls can be deployed using the `deployPoll` function. Polls can be deployed concurrently, as each deployment has its own separate set of contracts and state. + +```javascript +function deployPoll( + uint256 _duration, + TreeDepths memory _treeDepths, + PubKey memory _coordinatorPubKey, + address _verifier, + address _vkRegistry, + Mode _mode + ) public virtual returns (PollContracts memory pollAddr) { + // cache the poll to a local variable so we can increment it + uint256 pollId = nextPollId; + + // Increment the poll ID for the next poll + // 2 ** 256 polls available + unchecked { + nextPollId++; + } + + // check coordinator key is a valid point on the curve + if (!CurveBabyJubJub.isOnCurve(_coordinatorPubKey.x, _coordinatorPubKey.y)) { + revert InvalidPubKey(); + } + + MaxValues memory maxValues = MaxValues({ + maxMessages: uint256(MESSAGE_TREE_ARITY) ** _treeDepths.messageTreeDepth, + maxVoteOptions: uint256(MESSAGE_TREE_ARITY) ** _treeDepths.voteOptionTreeDepth + }); + + // the owner of the message processor and tally contract will be the msg.sender + address _msgSender = msg.sender; + + address p = pollFactory.deploy(_duration, maxValues, _treeDepths, _coordinatorPubKey, address(this)); + + address mp = messageProcessorFactory.deploy(_verifier, _vkRegistry, p, _msgSender, _mode); + address tally = tallyFactory.deploy(_verifier, _vkRegistry, p, mp, _msgSender, _mode); + + polls[pollId] = p; + + // store the addresses in a struct so they can be returned + pollAddr = PollContracts({ poll: p, messageProcessor: mp, tally: tally }); + + emit DeployPoll(pollId, _coordinatorPubKey.x, _coordinatorPubKey.y, pollAddr); + } +``` + +Polls require the following information: + +- `duration`: the duration of the poll +- `treeDepths`: the depth of the state tree, message tree, and vote option tree +- `coordinatorPubKey`: the public key of the poll's coordinator +- `verifier`: the address of the zk-SNARK verifier contract +- `vkRegistry`: the address of the vk registry contract +- `mode`: the mode of the poll, to set whether it supports quadratic voting or non quadratic voting diff --git a/website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/MessageProcessor.md b/website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/MessageProcessor.md new file mode 100644 index 0000000000..0a59df3d36 --- /dev/null +++ b/website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/MessageProcessor.md @@ -0,0 +1,9 @@ +--- +title: MessageProcessor Smart Contract +description: MessageProcessor smart contract +sidebar_label: MessageProcessor +sidebar_position: 4 +--- + +This contract is used to prepare parameters for the zk-SNARK circuits as well as for verifying proofs. It should be deployed alongside a `Poll` and ownership assigned to the coordinator. +It will process messages in batches, and after all batches have been processed, the `sbCommitment` can then be used for the `Tally` contract verification steps. diff --git a/website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/Params.md b/website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/Params.md new file mode 100644 index 0000000000..965ac48655 --- /dev/null +++ b/website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/Params.md @@ -0,0 +1,34 @@ +--- +title: Params Smart Contract +description: Params smart contract +sidebar_label: Params +sidebar_position: 9 +--- + +A contract holding three structs: + +```c +/// @notice A struct holding the depths of the merkle trees +struct TreeDepths { + uint8 intStateTreeDepth; + uint8 messageTreeSubDepth; + uint8 messageTreeDepth; + uint8 voteOptionTreeDepth; +} + +/// @notice A struct holding the max values for the poll +struct MaxValues { + uint256 maxMessages; + uint256 maxVoteOptions; +} + +/// @notice A struct holding the external contracts +/// that are to be passed to a Poll contract on +/// deployment +struct ExtContracts { + IMACI maci; + AccQueue messageAq; +} +``` + +Struct parameters are used to avoid stack too deep errors in the other contracts. diff --git a/website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/Poll.md b/website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/Poll.md new file mode 100644 index 0000000000..6fb7088ce3 --- /dev/null +++ b/website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/Poll.md @@ -0,0 +1,96 @@ +--- +title: Poll Smart Contract +description: MACI Poll Contract +sidebar_label: Poll +sidebar_position: 2 +--- + +This contract allows users to submit their votes. + +The main functions of the contract are as follows: + +- `publishMessage` - This function allows anyone to publish a message, and it accepts the message object as well as an ephemeral public key. This key together with the coordinator public key will be used to generate a shared ECDH key that will encrypt the message. + Before saving the message, the function will check that the voting deadline has not passed, as well as the max number of messages was not reached. +- `publisMessageBatch` - This function allows to submit a batch of messages, and it accepts an array of messages with their corresponding public keys used in the encryption step. It will call the `publishMessage` function for each message in the array. + +## PublishMessage + +The `publishMessage` function looks as follows: + +```js +function publishMessage(Message memory _message, PubKey calldata _encPubKey) public virtual isWithinVotingDeadline { + // we check that we do not exceed the max number of messages + if (numMessages >= maxValues.maxMessages) revert TooManyMessages(); + + // check if the public key is on the curve + if (!CurveBabyJubJub.isOnCurve(_encPubKey.x, _encPubKey.y)) { + revert InvalidPubKey(); + } + + // cannot realistically overflow + unchecked { + numMessages++; + } + + uint256 messageLeaf = hashMessageAndEncPubKey(_message, _encPubKey); + extContracts.messageAq.enqueue(messageLeaf); + + emit PublishMessage(_message, _encPubKey); +} +``` + +## MergeMaciState + +After a Poll's voting period ends, the coordinator's job is to store the main state root, as well as some more information on the Poll contract using `mergeMaciState`: + +```js +function mergeMaciState() public isAfterVotingDeadline { + // This function can only be called once per Poll after the voting + // deadline + if (stateMerged) revert StateAlreadyMerged(); + + // set merged to true so it cannot be called again + stateMerged = true; + + mergedStateRoot = extContracts.maci.getStateTreeRoot(); + + // Set currentSbCommitment + uint256[3] memory sb; + sb[0] = mergedStateRoot; + sb[1] = emptyBallotRoots[treeDepths.voteOptionTreeDepth - 1]; + sb[2] = uint256(0); + + currentSbCommitment = hash3(sb); + + // get number of signups and cache in a var for later use + uint256 _numSignups = extContracts.maci.numSignUps(); + numSignups = _numSignups; + + // dynamically determine the actual depth of the state tree + uint8 depth = 1; + while (uint40(2) ** uint40(depth) < _numSignups) { + depth++; + } + + actualStateTreeDepth = depth; + + emit MergeMaciState(mergedStateRoot, numSignups); + } +``` + +The function will store the state root from the MACI contract, create a commitment by hashing this merkle root, an empty ballot root stored in the `emptyBallotRoots` mapping, and a zero as salt. The commitment will be stored in the `currentSbCommitment` variable. Finally, it will store the total number of signups, and calculate the actual depth of the state tree. This information will be used when processing messages and tally to ensure proof validity. + +The `emptyBallotRoots` mapping is used to store the empty ballot roots for each vote option tree depth. For instance, if the vote option tree depth is 5, a build script will generate the following values (this assumes that the state tree depth is 10): + +```javascript +emptyBallotRoots[0] = uint256(16015576667038038422103932363190100635991292382181099511410843174865570503661); +emptyBallotRoots[1] = uint256(166510078825589460025300915201657086611944528317298994959376081297530246971); +emptyBallotRoots[2] = uint256(10057734083972610459557695472359628128485394923403014377687504571662791937025); +emptyBallotRoots[3] = uint256(4904828619307091008204672239231377290495002626534171783829482835985709082773); +emptyBallotRoots[4] = uint256(18694062287284245784028624966421731916526814537891066525886866373016385890569); +``` + +At the same time, the coordinator can merge the message accumulator queue and generate its merkle root. This is achieved by calling the following functions: + +- `mergeMessageAqSubRoots` - merges the Poll's messages tree subroot +- `mergeMessageAq` - merges the Poll's messages tree diff --git a/website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/PollFactory.md b/website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/PollFactory.md new file mode 100644 index 0000000000..e1db5c48fa --- /dev/null +++ b/website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/PollFactory.md @@ -0,0 +1,48 @@ +--- +title: Poll Factory Smart Contract +description: Poll Factory smart contract +sidebar_label: PollFactory +sidebar_position: 3 +--- + +`PollFactory` is a smart contract that is used to deploy new Polls. This is used by MACI inside the `deployPoll` function. + +```ts +function deploy( + _duration, + MaxValues calldata _maxValues, + TreeDepths calldata _treeDepths, + PubKey calldata _coordinatorPubKey, + address _maci +) public virtual returns (address pollAddr) { + /// @notice Validate _maxValues + /// maxVoteOptions must be less than 2 ** 50 due to circuit limitations; + /// it will be packed as a 50-bit value along with other values as one + /// of the inputs (aka packedVal) + if (_maxValues.maxVoteOptions >= (2 ** 50)) { + revert InvalidMaxValues(); + } + + /// @notice deploy a new AccQueue contract to store messages + AccQueue messageAq = new AccQueueQuinaryMaci(_treeDepths.messageTreeSubDepth); + + /// @notice the smart contracts that a Poll would interact with + ExtContracts memory extContracts = ExtContracts({ maci: IMACI(_maci), messageAq: messageAq }); + + // deploy the poll + Poll poll = new Poll(_duration, _maxValues, _treeDepths, _coordinatorPubKey, extContracts); + + // Make the Poll contract own the messageAq contract, so only it can + // run enqueue/merge + messageAq.transferOwnership(address(poll)); + + // init Poll + poll.init(); + + pollAddr = address(poll); + } +``` + +Upon deployment, the following will happen: + +- ownership of the `messageAq` contract is transferred to the deployed poll contract diff --git a/website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/Tally.md b/website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/Tally.md new file mode 100644 index 0000000000..12ed38ff02 --- /dev/null +++ b/website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/Tally.md @@ -0,0 +1,41 @@ +--- +title: Tally Smart Contract +description: Tally smart contract +sidebar_label: Tally +sidebar_position: 5 +--- + +The `Tally` contract is used by the coordinator to submit commitments to the tally results via the `tallyVotes` function. This is done in batches and the final commitment can be used by the users to verify the validity of the results. + +This contract should be deployed alongside a `Poll` and ownership assigned to the coordinator. + +The constructor accepts the following parameters: + +```ts + constructor( + address _verifier, + address _vkRegistry, + address _poll, + address _mp, + address _tallyOwner, + Mode _mode + ) payable Ownable(_tallyOwner) { + verifier = IVerifier(_verifier); + vkRegistry = IVkRegistry(_vkRegistry); + poll = IPoll(_poll); + messageProcessor = IMessageProcessor(_mp); + mode = _mode; + } +``` + +- `verifier` - The address of the verifier contract +- `vkRegistry` - The address of the vkRegistry contract +- `poll` - The address of the poll contract +- `messageProcessor` - The address of the messageProcessor contract +- `mode` - The mode of the tally contract - depending on this, the commitments will be processed differently, and it must equal the Poll mode (quadratic vs non quadratic voting) + +Users can use the verification functions to verify the Tally results. These are as follows: + +- `verifySpentVoiceCredits` - Verifies the spent voice credits +- `verifyPerVOSpentVoiceCredits` - Verifies the spent voice credits per vote option +- `verifyTallyResult` - Verifies the tally result diff --git a/website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/VkRegistry.md b/website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/VkRegistry.md new file mode 100644 index 0000000000..498d3f682c --- /dev/null +++ b/website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/VkRegistry.md @@ -0,0 +1,53 @@ +--- +title: VkRegistry Smart Contract +description: VkRegistry smart contract +sidebar_label: VkRegistry +sidebar_position: 8 +--- + +The VkRegistry is a contract that holds the verifying keys for the zk-SNARK circuits. It holds two different sets of keys: + +- `processVks` - The keys for the processMessages circuit +- `tallyVks` - The keys for the tallyVotes circuit + +Each circuit will have a signature which is its compile-time constants represented as a uint256. + +Please note that each Verifying Key should be set with the corresponding mode. Available modes are quadratic voting and non quadratic voting. + +The contract owner can set them using the `setVerifyingKeysBatch` function: + +```ts + function setVerifyingKeysBatch( + uint256 _stateTreeDepth, + uint256 _intStateTreeDepth, + uint256 _messageTreeDepth, + uint256 _voteOptionTreeDepth, + uint256 _messageBatchSize, + Mode[] calldata _modes, + VerifyingKey[] calldata _processVks, + VerifyingKey[] calldata _tallyVks + ) public onlyOwner { + if (_modes.length != _processVks.length || _modes.length != _tallyVks.length) { + revert InvalidKeysParams(); + } + + uint256 length = _modes.length; + + for (uint256 index = 0; index < length; ) { + setVerifyingKeys( + _stateTreeDepth, + _intStateTreeDepth, + _messageTreeDepth, + _voteOptionTreeDepth, + _messageBatchSize, + _modes[index], + _processVks[index], + _tallyVks[index] + ); + + unchecked { + index++; + } + } + } +``` diff --git a/website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/VoiceCreditProxy.md b/website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/VoiceCreditProxy.md new file mode 100644 index 0000000000..cb7869cd56 --- /dev/null +++ b/website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/VoiceCreditProxy.md @@ -0,0 +1,14 @@ +--- +title: Voice Credits Proxy Smart Contract +description: Voice Credits Proxy smart contract +sidebar_label: VoiceCreditsProxy +sidebar_position: 7 +--- + +The VoiceCreditProxy contract is used to assign voice credits to users. Whichever implementation should the MACI deployers use, this must implement a view function that returns the balance for a user, such as the one below: + +```javascript +function getVoiceCredits(address _user, bytes memory _data) public virtual view returns (uint256) {} +``` + +The repository comes with a simple implementation called `ConstantInitialVoiceCreditProxy` which assigns a fixed amount of voice credits to each user. diff --git a/website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/_category_.json b/website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/_category_.json index 30bb3d3f7c..1c527db2f6 100644 --- a/website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/_category_.json +++ b/website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/_category_.json @@ -3,6 +3,6 @@ "position": 1, "link": { "type": "generated-index", - "description": "MACI's smart contracts documentation." + "description": "MACI is composed of multiple smart contracts, which together with the zk-SNARK circuits, can be used to carry out on-chain voting. The main contracts are presented and explained below. Please also find autogenerated solidity documentation with solidity-docs." } } diff --git a/website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/contracts.md b/website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/contracts.md deleted file mode 100644 index 6c2fef2230..0000000000 --- a/website/versioned_docs/version-v2.0_alpha/developers-references/smart-contracts/contracts.md +++ /dev/null @@ -1,426 +0,0 @@ ---- -title: MACI Smart Contracts -description: MACI is composed of multiple smart contracts, which together with the zk-SNARK circuits, can be used to carry out on-chain voting -sidebar_label: Smart Contracts -sidebar_position: 1 ---- - -# Smart Contracts - -MACI is composed of multiple smart contracts, which together with the zk-SNARK circuits, can be used to carry out on-chain voting. - -The main contracts are presented and explained below. - -## MACI.sol - -`MACI.sol` is the core contract of the project, as it provides the base layer for user signups and Polls to be created. - -The constructor shown below accepts several arguments: - -- `PollFactory` address -- `MessageProcessorFactory` address -- `TallyFactory` address -- `SignUpGatekeeper` address -- `InitialVoiceCreditProxy` address -- `TopupCredit` address -- The depth of the state tree - -```javascript -constructor( - IPollFactory _pollFactory, - IMessageProcessorFactory _messageProcessorFactory, - ITallyFactory _tallyFactory, - SignUpGatekeeper _signUpGatekeeper, - InitialVoiceCreditProxy _initialVoiceCreditProxy, - TopupCredit _topupCredit, - uint8 _stateTreeDepth -) payable { - // Deploy the state AccQueue - stateAq = new AccQueueQuinaryBlankSl(STATE_TREE_SUBDEPTH); - stateAq.enqueue(BLANK_STATE_LEAF_HASH); - - // because we add a blank leaf we need to count one signup - // so we don't allow max + 1 - unchecked { - numSignUps++; - } - - pollFactory = _pollFactory; - messageProcessorFactory = _messageProcessorFactory; - tallyFactory = _tallyFactory; - topupCredit = _topupCredit; - signUpGatekeeper = _signUpGatekeeper; - initialVoiceCreditProxy = _initialVoiceCreditProxy; - stateTreeDepth = _stateTreeDepth; - - // Verify linked poseidon libraries - if (hash2([uint256(1), uint256(1)]) == 0) revert PoseidonHashLibrariesNotLinked(); -} - -``` - -Upon deployment, the contract will deploy a new `AccQueueQuinaryBlankSl` contract using the `STATE_TREE_SUBDEPTH`. By default, this is defined as `uint8 internal constant STATE_TREE_SUBDEPTH = 2;`. - -Should this be changed, it will be necessary to amend the `contracts/ts/genEmptyBallotRootsContract.ts` file to reflect the change. The first action on this deployed contract, is to enqueue (add) an empty hash (defined as `6769006970205099520508948723718471724660867171122235270773600567925038008762`). - -After this, the contracts will be stored to state, and then the contract will perform a simple sanity check to ensure that the Poseidon hash libraries were linked successfully. - -Next, we have the `signUp` function, which allows users to `signUp`, as long as they pass the conditions set in the `SignUpGatekeeper` contract. This contract can use any mean necessary to gatekeep access to MACI's polls. For instance, only wallets with a specific ERC721 token can be allowed to sign up. - -This function does the following: - -- checks that the maximum number of signups has not been reached. As of now, this will be $5 ** 10 - 1$ due to circuit limitations. -- ensure the subtrees have not been merged already, to prevent a DoS on the coordinator full tree merge -- checks that the provided public key is a valid baby-jubjub point -- increases signups counter -- registers the user using the sign up gatekeeper contract. It is important that whichever gatekeeper is used, this reverts if a user tries to sign up twice or the conditions are not met (i.e returning false is not enough) -- calls the voice credit proxy to retrieve the number of allocated voice credits allocated to this voter -- hashes the voice credits alongside the user's MACI public key and the current time -- enqueues this hashed data into the `stateAq` contract - -```javascript -function signUp( - PubKey memory _pubKey, - bytes memory _signUpGatekeeperData, - bytes memory _initialVoiceCreditProxyData -) public virtual { - // prevent new signups until we merge the roots (possible DoS) - if (subtreesMerged) revert SignupTemporaryBlocked(); - - // ensure we do not have more signups than what the circuits support - if (numSignUps >= uint256(TREE_ARITY) ** uint256(stateTreeDepth)) revert TooManySignups(); - - if (_pubKey.x >= SNARK_SCALAR_FIELD || _pubKey.y >= SNARK_SCALAR_FIELD) { - revert MaciPubKeyLargerThanSnarkFieldSize(); - } - - // Increment the number of signups - // cannot overflow with realistic STATE_TREE_DEPTH - // values as numSignUps < 5 ** STATE_TREE_DEPTH -1 - unchecked { - numSignUps++; - } - - // Register the user via the sign-up gatekeeper. This function should - // throw if the user has already registered or if ineligible to do so. - signUpGatekeeper.register(msg.sender, _signUpGatekeeperData); - - // Get the user's voice credit balance. - uint256 voiceCreditBalance = initialVoiceCreditProxy.getVoiceCredits(msg.sender, _initialVoiceCreditProxyData); - - uint256 timestamp = block.timestamp; - // Create a state leaf and enqueue it. - uint256 stateLeaf = hashStateLeaf(StateLeaf(_pubKey, voiceCreditBalance, timestamp)); - uint256 stateIndex = stateAq.enqueue(stateLeaf); - - emit SignUp(stateIndex, _pubKey.x, _pubKey.y, voiceCreditBalance, timestamp); -} -``` - -Once everything has been setup, polls can be deployed using the `deployPoll` function. It should be noted that currently, after the first poll is deployed, in order to deploy a new one, the state tree must have been merged (and this can be triggered by Poll contracts using `Poll.mergeMaciStateAqSubRoots` and `Poll.mergeMaciStateAq`) - -```javascript -function deployPoll( - uint256 _duration, - TreeDepths memory _treeDepths, - PubKey memory _coordinatorPubKey, - address _verifier, - address _vkRegistry, - bool useSubsidy -) public virtual onlyOwner returns (PollContracts memory pollAddr) { - // cache the poll to a local variable so we can increment it - uint256 pollId = nextPollId; - - // Increment the poll ID for the next poll - // 2 ** 256 polls available - unchecked { - nextPollId++; - } - - if (pollId > 0) { - if (!stateAq.treeMerged()) revert PreviousPollNotCompleted(pollId); - } - - MaxValues memory maxValues = MaxValues({ - maxMessages: uint256(TREE_ARITY) ** _treeDepths.messageTreeDepth, - maxVoteOptions: uint256(TREE_ARITY) ** _treeDepths.voteOptionTreeDepth - }); - - address _owner = owner(); - - address p = pollFactory.deploy( - _duration, - maxValues, - _treeDepths, - _coordinatorPubKey, - address(this), - topupCredit, - _owner - ); - - address mp = messageProcessorFactory.deploy(_verifier, _vkRegistry, p, _owner); - address tally = tallyFactory.deploy(_verifier, _vkRegistry, p, mp, _owner); - - polls[pollId] = p; - - // store the addresses in a struct so they can be returned - pollAddr = PollContracts({ poll: p, messageProcessor: mp, tally: tally }); - - emit DeployPoll(pollId, _coordinatorPubKey.x, _coordinatorPubKey.y, pollAddr); -} -``` - -## Poll.sol - -This contract allows users to submit their votes. - -The main functions of the contract are as follows: - -- `topup` - This function accepts two parameters, a `stateIndex`, and an `amount`. It can only be called before the voting deadline. - After checking whether the deadline has passed or not, it will validate that the contract has not reached the maximum number of messages, if the checks passes, it will increase the number of messages by 1. - It will then try to transfer the amount of `topUpCredit` tokens. - Finally, it will create a new Message object that will be hashed and enqueued in the `messageAq` contract. This messageAq contract is reserved for this one poll only and will only contain its messages. -- `publishMessage` - This function allows anyone to publish a message, and it accepts the message object as well as an ephemeral public key. This key together with the coordinator public key will be used to generate a shared ECDH key that will encrypt the message. - Before saving the message, the function will check that the voting deadline has not passed, as well as the max number of messages was not reached. -- `publisMessageBatch` - This function allows to submit a batch of messages, and it accepts an array of messages with their corresponding public keys used in the encryption step. It will call the `publishMessage` function for each message in the array. - -The `mergeMaciStateAqSubRoots` function can be called by the contract admin after the voting deadline and looks like the following: - -```javascript -function mergeMaciStateAqSubRoots(uint256 _numSrQueueOps, uint256 _pollId) public onlyOwner isAfterVotingDeadline { - // This function cannot be called after the stateAq was merged - if (stateAqMerged) revert StateAqAlreadyMerged(); - - // merge subroots - extContracts.maci.mergeStateAqSubRoots(_numSrQueueOps, _pollId); - - emit MergeMaciStateAqSubRoots(_numSrQueueOps); -} -``` - -If the subtrees have not been merged on the MACI contract's `stateAq`, then it will merge it by calling `mergeStateAqSubroots`. It accepts two parameters: - -- `_numSrQueueOps` - the number of operations required -- `_pollId` - the id of the poll - -After merging the subroots, a coordinator's job is to merge the main state root, using `mergeMaciStateAq`: - -```javascript -function mergeMaciStateAq(uint256 _pollId) public onlyOwner isAfterVotingDeadline { - // This function can only be called once per Poll after the voting - // deadline - if (stateAqMerged) revert StateAqAlreadyMerged(); - - // set merged to true so it cannot be called again - stateAqMerged = true; - - // the subtrees must have been merged first - if (!extContracts.maci.stateAq().subTreesMerged()) revert StateAqSubtreesNeedMerge(); - - mergedStateRoot = extContracts.maci.mergeStateAq(_pollId); - - // Set currentSbCommitment - uint256[3] memory sb; - sb[0] = mergedStateRoot; - sb[1] = emptyBallotRoots[treeDepths.voteOptionTreeDepth - 1]; - sb[2] = uint256(0); - - currentSbCommitment = hash3(sb); - - numSignups = extContracts.maci.numSignUps(); - emit MergeMaciStateAq(mergedStateRoot, numSignups); -} -``` - -This function only accepts one parameter, and can be called by the owner only, after the voting deadline. The parameter is the pollId for which we want to perform the operation. This function can only be called once per poll, and it will check that the sub trees have been merged on MACI's AccQueue contract. Finally it will merge the whole AccQueue to generate the state root, and store the current commitment comprised of: - -the Poseidon hash of the merkle root, an empty ballot root stored in the emptyBallotRoots mapping (shown below), and a zero. - -```javascript -emptyBallotRoots[0] = uint256(6579820437991406069687396372962263845395426835385368878767605633903648955255); -emptyBallotRoots[1] = uint256(9105453741665960449792281626882014222103501499246287334255160659262747058842); -emptyBallotRoots[2] = uint256(14830222164980158319423900821611648302565544940504586015002280367515043751869); -emptyBallotRoots[3] = uint256(12031563002271722465187541954825013132282571927669361737331626664787916495335); -emptyBallotRoots[4] = uint256(5204612805325639173251450278876337947880680931527922506745154187077640790699); -``` - -It will also store the number of signups at this current block, as well as the merkle root of the state tree. - -Now, the coordinator can also perform similar operations to merge the message tree. - -- `mergeMessageAqSubRoots` - merges the Poll's messages tree subroot -- `mergeMessageAq` - merges the Poll's messages tree - -## PollFactory.sol - -`PollFactory` is a smart contract that is used to deploy new Polls. This is used by MACI inside the `deployPoll` function. - -```ts -function deploy( - uint256 _duration, - MaxValues calldata _maxValues, - TreeDepths calldata _treeDepths, - PubKey calldata _coordinatorPubKey, - address _maci, - TopupCredit _topupCredit, - address _pollOwner -) public virtual returns (address pollAddr) { - /// @notice Validate _maxValues - /// maxVoteOptions must be less than 2 ** 50 due to circuit limitations; - /// it will be packed as a 50-bit value along with other values as one - /// of the inputs (aka packedVal) - if (_maxValues.maxVoteOptions >= (2 ** 50)) { - revert InvalidMaxValues(); - } - - /// @notice deploy a new AccQueue contract to store messages - AccQueue messageAq = new AccQueueQuinaryMaci(_treeDepths.messageTreeSubDepth); - - /// @notice the smart contracts that a Poll would interact with - ExtContracts memory extContracts = ExtContracts({ - maci: IMACI(_maci), - messageAq: messageAq, - topupCredit: _topupCredit - }); - - // deploy the poll - Poll poll = new Poll(_duration, _maxValues, _treeDepths, _coordinatorPubKey, extContracts); - - // Make the Poll contract own the messageAq contract, so only it can - // run enqueue/merge - messageAq.transferOwnership(address(poll)); - - // init Poll - poll.init(); - - poll.transferOwnership(_pollOwner); - - pollAddr = address(poll); -} -``` - -Upon deployment, the following will happen: - -- ownership of the `messageAq` contract is transferred to the deployed poll contract -- ownership of the new `Poll` contract is transferred to the poll owner, which in `MACI` is set as the owner of `MACI`. - -## MessageProcessor - -This contract is used to prepare parameters for the zk-SNARK circuits as well as for verifying proofs. It should be deployed alongside `MACI` and ownership assigned to the coordinator. -It will process messages in batches, and after all batches have been processed, the `sbCommitment` can then be used for the `Tally` and `Subsidy` contracts. - -## Tally - -:::info -The `Tally` contract is present also in a non quadratic voting fashion, and is slightly smaller due to not having the `verifyPerVOSpentVoiceCredits` function. This is not required because with normal (non quadratic) voting, each vote by a user is not the square root of the voice credits spent. -::: - -The `Tally` contract is used by the coordinator to submit commitments to the tally results via the `tallyVotes` function. This is done in batches and the final commitment can be used by the users to verify the validity of the results. - -Below are the functions which users can use to verify the results: - -- `verifySpentVoiceCredits` -- `verifyPerVOSpentVoiceCredits` -- `verifyTallyResult` - -## SignUpToken (optional) - -This contract can be used by the `SignUpGateKeeper` to determine whether a user is allowed to register. The default contract provided with MACI is a simple ERC721 token. Coordinators can use this contract to mint a token for each of the participants in the voting process, and gatekeep access to a round by using a `SignUpTokenGatekeeper` contract. - -## SignUpGatekeeper - -MACI requires a signup gatekeeper to ensure that only designed users register. It is up to MACI's deployer how they wish to allow sign-ups, therefore they can implement their own GateKeeper. The repository comes with different options: - -- `FreeForAllSignUpGatekeeper` - This allows anyone to signup on MACI. -- `SignUpTokenGatekeeper` - This makes use of a ERC721 token to gatekeep the signup function. -- `EASGatekeeper` - This allows gatekeeping signups to only users who have a specific EAS attestation. - -An abstract contract to inherit from is also provided, with two function signatures as shown below: - -```ts -abstract contract SignUpGatekeeper { - function setMaciInstance(MACI _maci) public virtual {} - function register(address _user, bytes memory _data) public virtual {} -} -``` - -The MACI contract will need to call the `SignUpGatekeeper.register` function inside the `MACI.signUp` function. - -## VoiceCreditProxy - -The VoiceCreditProxy contract is used to assign voice credits to users. Whichever implementation should the MACI deployers use, this must implement a view function that returns the balance for a user, such as the one below: - -```javascript -function getVoiceCredits(address _user, bytes memory _data) public virtual view returns (uint256) {} -``` - -The repository comes with a simple implementation called `InitialVoiceCreditProxy` which assigns a fixed amount of voice credits to each user. - -## Hasher - -This contract exposes methods to hash different number of parameters with the Poseidon hash function. - -## VkRegistry - -The VkRegistry is a contract that holds the verifying keys for the zk-SNARK circuits. It holds two different sets of keys: - -- `processVks` - The keys for the processMessages circuit -- `tallyVks` - The keys for the tallyVotes circuit - -Each circuit will have a signature which is its compile-time constants represented as a uint256. - -## Params - -A contract holding three structs: - -```c -/// @notice A struct holding the depths of the merkle trees -struct TreeDepths { - uint8 intStateTreeDepth; - uint8 messageTreeSubDepth; - uint8 messageTreeDepth; - uint8 voteOptionTreeDepth; -} - -/// @notice A struct holding the max values for the poll -struct MaxValues { - uint256 maxMessages; - uint256 maxVoteOptions; -} - -/// @notice A struct holding the external contracts -/// that are to be passed to a Poll contract on -/// deployment -struct ExtContracts { - IMACI maci; - AccQueue messageAq; - TopupCredit topupCredit; -} -``` - -Struct parameters are used to avoid stack too deep errors in the other contracts. - -## AccQueue - -The AccQueue contract represents a Merkle Tree where each leaf insertion only updates a subtree. To obtain the main tree root, the subtrees must be merged together by the contract owner. This requires at least two operations, a `mergeSubRoots` and a `merge`. - -The contract can be initialized to work as a traditional Merkle Tree (2 leaves per node) or a Quinary Tree (5 leaves per node). This can be achieved by passing either two or five as parameter to the constructor (`_hashLength`). Any other values should not be accepted. - -Below are presented the most important functions of the smart contract: - -- `enqueue` - Allows to add a leaf to the queue for the current subtree. Only one parameter is accepted and that is the leaf to insert. -- `insertSubTree` - Admin only function which allows to insert a full subtree (batch enqueue) -- `mergeSubRoots` - Allows the contract owner to merge all of the subtrees to form the shortest possible tree. The argument `_numSrQueueOps` can be used to perform the operation in multiple transactions (as this might trigger the block gas limit). -- `merge` - Allows the contract admin to form a main tree with the desired depth. The depth must fit all of the leaves. - -## EmptyBallotRoots - -This contract contains the roots of Ballot trees of five leaf configurations. - -```javascript -emptyBallotRoots[0] = uint256(6579820437991406069687396372962263845395426835385368878767605633903648955255); -emptyBallotRoots[1] = uint256(9105453741665960449792281626882014222103501499246287334255160659262747058842); -emptyBallotRoots[2] = uint256(14830222164980158319423900821611648302565544940504586015002280367515043751869); -emptyBallotRoots[3] = uint256(12031563002271722465187541954825013132282571927669361737331626664787916495335); -emptyBallotRoots[4] = uint256(5204612805325639173251450278876337947880680931527922506745154187077640790699); -``` diff --git a/website/versioned_docs/version-v2.0_alpha/overview/overview.md b/website/versioned_docs/version-v2.0_alpha/overview/overview.md index 15c33d7de5..180601d61b 100644 --- a/website/versioned_docs/version-v2.0_alpha/overview/overview.md +++ b/website/versioned_docs/version-v2.0_alpha/overview/overview.md @@ -32,7 +32,7 @@ The MACI smart contracts are written in [Solidity](https://soliditylang.org/). Contracts are released through the [`@maci-contracts`](https://www.npmjs.com/package/maci-contracts) NPM package. -[Learn more about MACI contracts](/docs/developers-references/smart-contracts/contracts) +[Learn more about MACI contracts](/docs/category/smart-contracts) ## TypeScript libraries diff --git a/website/versioned_docs/version-v2.0_alpha/quick-start/troubleshooting.md b/website/versioned_docs/version-v2.0_alpha/quick-start/troubleshooting.md index f861bf4e87..d01ba97e4c 100644 --- a/website/versioned_docs/version-v2.0_alpha/quick-start/troubleshooting.md +++ b/website/versioned_docs/version-v2.0_alpha/quick-start/troubleshooting.md @@ -144,7 +144,7 @@ Please remember to pull the latest MACI repo updates(`git fetch origin && git pu ### Verifier contract found the proof invalid -If your log looks like the following, that's because the zkey and wasm files added to the [`VkRegistry` contract](/docs/developers-references/smart-contracts/contracts#vkregistry) are different from what you use to run the **prove** command. Check if you're using the correct zkey and wasm files. +If your log looks like the following, that's because the zkey and wasm files added to the [`VkRegistry` contract](/docs/developers-references/smart-contracts/VkRegistry) are different from what you use to run the **prove** command. Check if you're using the correct zkey and wasm files. ``` Error: The verifier contract found the proof invalid. diff --git a/website/versioned_docs/version-v2.0_alpha/quick-start/workflow.md b/website/versioned_docs/version-v2.0_alpha/quick-start/workflow.md index 98566eeddf..3ba3c4f89f 100644 --- a/website/versioned_docs/version-v2.0_alpha/quick-start/workflow.md +++ b/website/versioned_docs/version-v2.0_alpha/quick-start/workflow.md @@ -65,7 +65,7 @@ Therefore, even if a coordinator is corrupt, they are unable to change a user’ To explain the MACI workflow, let's give a quick overview of the key smart contracts. -See our [smart contract docs](/docs/developers-references/smart-contracts/contracts) or our [contract source code](https://github.com/privacy-scaling-explorations/maci/tree/dev/contracts/contracts) for a more in-depth explanation of all smart contracts. +See our [smart contract docs](/docs/category/smart-contracts) or our [contract source code](https://github.com/privacy-scaling-explorations/maci/tree/dev/contracts/contracts) for a more in-depth explanation of all smart contracts. ### MACI.sol