123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110(* The MIT License (MIT)
*
* Copyright (c) 2019-2020 Nomadic Labs <contact@nomadic-labs.com>
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in all
* copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE. *)(* Check that each nullifier is not already present in the state and add it.
Important to avoid spending the same input twice in a transaction. *)letreccheck_and_update_nullifiersctxtstateinputs=matchinputswith|[]->return(ctxt,Somestate)|input::inputs->(Sapling_storage.nullifiers_memctxtstateSapling.UTXO.(input.nf)>>=?function|(ctxt,true)->return(ctxt,None)|(ctxt,false)->letstate=Sapling_storage.nullifiers_addstateSapling.UTXO.(input.nf)incheck_and_update_nullifiersctxtstateinputs)letverify_update:Raw_context.t->Sapling_storage.state->Sapling_repr.transaction->string->(Raw_context.t*(Int64.t*Sapling_storage.state)option)tzresultLwt.t=functxtstatetransactionkey->(* Check the transaction *)(* To avoid overflowing the balance, the number of inputs and outputs must be
bounded.
Ciphertexts' memo_size must match the state's memo_size.
These constraints are already enforced at the encoding level. *)assert(Compare.Int.(List.compare_length_withtransaction.inputs5208<=0));assert(Compare.Int.(List.compare_length_withtransaction.outputs2019<=0));letpass=List.for_all(funoutput->Compare.Int.(Sapling.Ciphertext.get_memo_sizeSapling.UTXO.(output.ciphertext)=state.memo_size))transaction.outputsinifnotpassthenreturn(ctxt,None)else(* Check the root is a recent state *)Sapling_storage.root_memctxtstatetransaction.root>>=?funpass->ifnotpassthenreturn(ctxt,None)elsecheck_and_update_nullifiersctxtstatetransaction.inputs>|=?function|(ctxt,None)->(ctxt,None)|(ctxt,Somestate)->Sapling.Verification.with_verification_ctx(funvctx->letpass=(* Check all the output ZK proofs *)List.for_all(funoutput->Sapling.Verification.check_outputvctxoutput)transaction.outputsinifnotpassthen(ctxt,None)elseletpass=(* Check all the input Zk proofs and signatures *)List.for_all(funinput->Sapling.Verification.check_spendvctxinputtransaction.rootkey)transaction.inputsinifnotpassthen(ctxt,None)elseletpass=(* Check the signature and balance of the whole transaction *)Sapling.Verification.final_checkvctxtransactionkeyinifnotpassthen(ctxt,None)else(* update tree *)letlist_to_add=List.map(funoutput->Sapling.UTXO.(output.cm,output.ciphertext))transaction.outputsinletstate=Sapling_storage.addstatelist_to_addin(ctxt,Some(transaction.balance,state)))