123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108(*****************************************************************************)(* *)(* Open Source License *)(* Copyright (c) 2019-2020 Nomadic Labs <contact@nomadic-labs.com> *)(* *)(* Permission is hereby granted, free of charge, to any person obtaining a *)(* copy of this software and associated documentation files (the "Software"),*)(* to deal in the Software without restriction, including without limitation *)(* the rights to use, copy, modify, merge, publish, distribute, sublicense, *)(* and/or sell copies of the Software, and to permit persons to whom the *)(* Software is furnished to do so, subject to the following conditions: *)(* *)(* The above copyright notice and this permission notice shall be included *)(* in all copies or substantial portions of the Software. *)(* *)(* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR*)(* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, *)(* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL *)(* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER*)(* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING *)(* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER *)(* DEALINGS IN THE SOFTWARE. *)(* *)(*****************************************************************************)(* Check that each nullifier is not already present in the state and add it.
Important to avoid spending the same input twice in a transaction. *)letreccheck_and_update_nullifiersctxtstateinputs=matchinputswith|[]->return(ctxt,Somestate)|input::inputs->(Sapling_storage.nullifiers_memctxtstateSapling.UTXO.(input.nf)>>=?function|(ctxt,true)->return(ctxt,None)|(ctxt,false)->letstate=Sapling_storage.nullifiers_addstateSapling.UTXO.(input.nf)incheck_and_update_nullifiersctxtstateinputs)letverify_update:Raw_context.t->Sapling_storage.state->Sapling_repr.transaction->string->(Raw_context.t*(Int64.t*Sapling_storage.state)option)tzresultLwt.t=functxtstatetransactionkey->(* Check the transaction *)(* To avoid overflowing the balance, the number of inputs and outputs must be
bounded.
Ciphertexts' memo_size must match the state's memo_size.
These constraints are already enforced at the encoding level. *)assert(Compare.Int.(List.compare_length_withtransaction.inputs5208<=0));assert(Compare.Int.(List.compare_length_withtransaction.outputs2019<=0));letpass=List.for_all(funoutput->Compare.Int.(Sapling.Ciphertext.get_memo_sizeSapling.UTXO.(output.ciphertext)=state.memo_size))transaction.outputsinifnotpassthenreturn(ctxt,None)else(* Check the root is a recent state *)Sapling_storage.root_memctxtstatetransaction.root>>=?funpass->ifnotpassthenreturn(ctxt,None)elsecheck_and_update_nullifiersctxtstatetransaction.inputs>|=?function|(ctxt,None)->(ctxt,None)|(ctxt,Somestate)->Sapling.Verification.with_verification_ctx(funvctx->letpass=(* Check all the output ZK proofs *)List.for_all(funoutput->Sapling.Verification.check_outputvctxoutput)transaction.outputsinifnotpassthen(ctxt,None)elseletpass=(* Check all the input Zk proofs and signatures *)List.for_all(funinput->Sapling.Verification.check_spendvctxinputtransaction.rootkey)transaction.inputsinifnotpassthen(ctxt,None)elseletpass=(* Check the signature and balance of the whole transaction *)Sapling.Verification.final_checkvctxtransactionkeyinifnotpassthen(ctxt,None)else(* update tree *)letlist_to_add=List.map(funoutput->Sapling.UTXO.(output.cm,output.ciphertext))transaction.outputsinletstate=Sapling_storage.addstatelist_to_addin(ctxt,Some(transaction.balance,state)))