Merge pull request #9 from 0xPolygonID/fix/fix-genesis-state

vmidyllic · web-flow · commit 1b31462cc7dd · 2023-10-06T23:28:29.000+03:00
Fixed behaviour for genesis revocation state
diff --git a/contracts/validators/CredentialAtomicQueryMTPValidator.sol b/contracts/validators/CredentialAtomicQueryMTPValidator.sol
@@ -5,14 +5,17 @@ import {OwnableUpgradeable} from "@openzeppelin/contracts-upgradeable/access/Own
 import {GenesisUtils} from "@iden3/contracts/lib/GenesisUtils.sol";
 import {ICircuitValidator} from "@iden3/contracts/interfaces/ICircuitValidator.sol";
 import {IVerifier} from "@iden3/contracts/interfaces/IVerifier.sol";
-import {IState} from "@iden3/contracts/interfaces/IState.sol";
+import {StateV2} from "@iden3/contracts/state/StateV2.sol";
 
-contract CredentialAtomicQueryMTPValidator is OwnableUpgradeable, ICircuitValidator {
+contract CredentialAtomicQueryMTPValidator is
+    OwnableUpgradeable,
+    ICircuitValidator
+{
     string constant CIRCUIT_ID = "credentialAtomicQueryMTPV2OnChain";
     uint256 constant CHALLENGE_INDEX = 4;
 
     IVerifier public verifier;
-    IState public state;
+    StateV2 public state;
 
     uint256 public revocationStateExpirationTime;
     uint256 public proofGenerationExpirationTime;
@@ -24,15 +27,22 @@ contract CredentialAtomicQueryMTPValidator is OwnableUpgradeable, ICircuitValida
         revocationStateExpirationTime = 1 hours;
         proofGenerationExpirationTime = 1 hours;
         verifier = IVerifier(_verifierContractAddr);
-        state = IState(_stateContractAddr);
+        state = StateV2(_stateContractAddr);
         __Ownable_init();
     }
 
-    function setRevocationStateExpirationTime(uint256 expirationTime) public onlyOwner {
+    function setRevocationStateExpirationTime(uint256 expirationTime)
+        public
+        onlyOwner
+    {
         revocationStateExpirationTime = expirationTime;
     }
 
-    function setProofGenerationExpirationTime(uint256 expirationTime) public virtual onlyOwner {
+    function setProofGenerationExpirationTime(uint256 expirationTime)
+        public
+        virtual
+        onlyOwner
+    {
         proofGenerationExpirationTime = expirationTime;
     }
 
@@ -52,9 +62,15 @@ contract CredentialAtomicQueryMTPValidator is OwnableUpgradeable, ICircuitValida
         uint256 queryHash
     ) external view returns (bool r) {
         // verify that zkp is valid
-        require(verifier.verifyProof(a, b, c, inputs), "MTP proof is not valid");
+        require(
+            verifier.verifyProof(a, b, c, inputs),
+            "MTP proof is not valid"
+        );
 
-        require(inputs[2] == queryHash, "query hash does not match the requested one");
+        require(
+            inputs[2] == queryHash,
+            "query hash does not match the requested one"
+        );
 
         // verify user states
         uint256 gistRoot = inputs[5];
@@ -63,58 +79,77 @@ contract CredentialAtomicQueryMTPValidator is OwnableUpgradeable, ICircuitValida
         uint256 issuerClaimNonRevState = inputs[9];
         uint256 proofGenerationTimestamp = inputs[10];
 
-        IState.GistRootInfo memory rootInfo = state.getGISTRootInfo(gistRoot);
+        StateV2.GistRootInfo memory rootInfo = state.getGISTRootInfo(gistRoot);
 
-        require(rootInfo.root == gistRoot, "Gist root state isn't in state contract");
+        require(
+            rootInfo.root == gistRoot,
+            "Gist root state isn't in state contract"
+        );
 
-        // 2. Issuer state must be registered in state contracts or be genesis
-        bool isIssuerStateGenesis = GenesisUtils.isGenesisState(issuerId, issuerClaimIdenState);
+        // Issuer issuance state must be registered in state contracts or be genesis
+        bool isIssuerStateGenesis = GenesisUtils.isGenesisState(
+            issuerId,
+            issuerClaimIdenState
+        );
 
         if (!isIssuerStateGenesis) {
-            IState.StateInfo memory issuerStateInfo = state.getStateInfoByIdAndState(
-               issuerId, issuerClaimIdenState
+            StateV2.StateInfo memory issuerStateInfo = state
+                .getStateInfoByIdAndState(issuerId, issuerClaimIdenState);
+            require(
+                issuerId == issuerStateInfo.id,
+                "Issuer state doesn't exist in state contract"
             );
-            require(issuerId == issuerStateInfo.id, "Issuer state doesn't exist in state contract");
         }
 
-        IState.StateInfo memory issuerClaimNonRevStateInfo = state.getStateInfoById(issuerId);
+        // check if identity transited any state in contract
+        bool idExists = state.idExists(issuerId);
 
-        if (issuerClaimNonRevStateInfo.state == 0) {
+        // if identity didn't transit any state it must be genesis
+        if (!idExists) {
+            bool isIssuerRevocationStateGenesis = GenesisUtils.isGenesisState(
+                issuerId,
+                issuerClaimNonRevState
+            );
             require(
-                GenesisUtils.isGenesisState(issuerId, issuerClaimNonRevState),
-                "Non-Revocation state isn't in state contract and not genesis"
+                isIssuerRevocationStateGenesis,
+                "Issuer revocation state doesn't exist in state contract and is not genesis "
             );
         } else {
-            // The non-empty state is returned, and it's not equal to the state that the user has provided.
-            if (issuerClaimNonRevStateInfo.state != issuerClaimNonRevState) {
+            StateV2.StateInfo memory issuerLatestStateInfo = state
+                .getStateInfoById(issuerId);
+            if (issuerLatestStateInfo.state != issuerClaimNonRevState) {
                 // Get  the time of the latest state and compare it to the transition time of state provided by the user.
-                IState.StateInfo memory issuerClaimNonRevLatestStateInfo = state
-                    .getStateInfoByIdAndState(issuerId,issuerClaimNonRevState);
+                StateV2.StateInfo memory issuerClaimNonRevStateInfo = state
+                    .getStateInfoByIdAndState(issuerId, issuerClaimNonRevState);
 
                 if (
-                    issuerClaimNonRevLatestStateInfo.id == 0 ||
-                    issuerClaimNonRevLatestStateInfo.id != issuerId
+                    issuerClaimNonRevStateInfo.id == 0 ||
+                    issuerClaimNonRevStateInfo.id != issuerId
                 ) {
                     revert("state in transition info contains invalid id");
                 }
 
-                if (issuerClaimNonRevLatestStateInfo.replacedAtTimestamp == 0) {
-                    revert("Non-Latest state doesn't contain replacement information");
+                if (issuerClaimNonRevStateInfo.replacedAtTimestamp == 0) {
+                    revert(
+                        "Non-Latest state doesn't contain replacement information"
+                    );
                 }
 
                 if (
-                    block.timestamp - issuerClaimNonRevLatestStateInfo.replacedAtTimestamp >
+                    block.timestamp -
+                        issuerClaimNonRevStateInfo.replacedAtTimestamp >
                     revocationStateExpirationTime
                 ) {
                     revert("Non-Revocation state of Issuer expired");
                 }
-
-                if (block.timestamp - proofGenerationTimestamp > proofGenerationExpirationTime) {
-                    revert("Generated proof is outdated");
-                }
             }
         }
-
+        if (
+            block.timestamp - proofGenerationTimestamp >
+            proofGenerationExpirationTime
+        ) {
+            revert("Generated proof is outdated");
+        }
         return (true);
     }
-}
+}
diff --git a/contracts/validators/CredentialAtomicQuerySigValidator.sol b/contracts/validators/CredentialAtomicQuerySigValidator.sol
@@ -5,14 +5,17 @@ import {OwnableUpgradeable} from "@openzeppelin/contracts-upgradeable/access/Own
 import {GenesisUtils} from "@iden3/contracts/lib/GenesisUtils.sol";
 import {ICircuitValidator} from "@iden3/contracts/interfaces/ICircuitValidator.sol";
 import {IVerifier} from "@iden3/contracts/interfaces/IVerifier.sol";
-import {IState} from "@iden3/contracts/interfaces/IState.sol";
+import {StateV2} from "@iden3/contracts/state/StateV2.sol";
 
-contract CredentialAtomicQuerySigValidator is OwnableUpgradeable, ICircuitValidator {
+contract CredentialAtomicQuerySigValidator is
+    OwnableUpgradeable,
+    ICircuitValidator
+{
     string constant CIRCUIT_ID = "credentialAtomicQuerySigV2OnChain";
     uint256 constant CHALLENGE_INDEX = 5;
 
     IVerifier public verifier;
-    IState public state;
+    StateV2 public state;
 
     uint256 public revocationStateExpirationTime;
     uint256 public proofGenerationExpirationTime;
@@ -24,15 +27,22 @@ contract CredentialAtomicQuerySigValidator is OwnableUpgradeable, ICircuitValida
         revocationStateExpirationTime = 1 hours;
         proofGenerationExpirationTime = 1 hours;
         verifier = IVerifier(_verifierContractAddr);
-        state = IState(_stateContractAddr);
+        state = StateV2(_stateContractAddr);
         __Ownable_init();
     }
 
-    function setRevocationStateExpirationTime(uint256 expirationTime) public onlyOwner {
+    function setRevocationStateExpirationTime(uint256 expirationTime)
+        public
+        onlyOwner
+    {
         revocationStateExpirationTime = expirationTime;
     }
 
-    function setProofGenerationExpirationTime(uint256 expirationTime) public virtual onlyOwner {
+    function setProofGenerationExpirationTime(uint256 expirationTime)
+        public
+        virtual
+        onlyOwner
+    {
         proofGenerationExpirationTime = expirationTime;
     }
 
@@ -52,67 +62,92 @@ contract CredentialAtomicQuerySigValidator is OwnableUpgradeable, ICircuitValida
         uint256 queryHash
     ) external view returns (bool r) {
         // verify that zkp is valid
-        require(verifier.verifyProof(a, b, c, inputs), "atomic query signature proof is not valid");
-        require(inputs[2] == queryHash, "query hash does not match the requested one");
+        require(
+            verifier.verifyProof(a, b, c, inputs),
+            "atomic query signature proof is not valid"
+        );
+        require(
+            inputs[2] == queryHash,
+            "query hash does not match the requested one"
+        );
 
         uint256 issuerClaimAuthState = inputs[3];
         uint256 gistRoot = inputs[6];
         uint256 issuerId = inputs[7];
         uint256 issuerClaimNonRevState = inputs[9];
         uint256 proofGenerationTimestamp = inputs[10];
 
-        IState.GistRootInfo memory rootInfo = state.getGISTRootInfo(gistRoot);
+        StateV2.GistRootInfo memory rootInfo = state.getGISTRootInfo(gistRoot);
 
-        require(rootInfo.root == gistRoot, "Gist root state isn't in state contract");
+        require(
+            rootInfo.root == gistRoot,
+            "Gist root state isn't in state contract"
+        );
 
-        // 2. Issuer state must be registered in state contracts or be genesis
-        bool isIssuerStateGenesis = GenesisUtils.isGenesisState(issuerId, issuerClaimAuthState);
+        // Issuer auth claim issuance must be registered in state contracts or be genesis
+        bool isIssuerStateGenesis = GenesisUtils.isGenesisState(
+            issuerId,
+            issuerClaimAuthState
+        );
 
         if (!isIssuerStateGenesis) {
-            IState.StateInfo memory issuerStateInfo = state.getStateInfoByIdAndState(
-                issuerId, issuerClaimAuthState
+            StateV2.StateInfo memory issuerStateInfo = state
+                .getStateInfoByIdAndState(issuerId, issuerClaimAuthState);
+            require(
+                issuerId == issuerStateInfo.id,
+                "Issuer state doesn't exist in state contract"
             );
-            require(issuerId == issuerStateInfo.id, "Issuer state doesn't exist in state contract");
         }
-
-        IState.StateInfo memory issuerClaimNonRevStateInfo = state.getStateInfoById(issuerId);
-
-        if (issuerClaimNonRevStateInfo.state == 0) {
+        // check if identity transited any state in contract
+        bool idExists = state.idExists(issuerId);
+
+        // if identity didn't transit any state it must be genesis
+        if (!idExists) {
+            bool isIssuerRevocationStateGenesis = GenesisUtils.isGenesisState(
+                issuerId,
+                issuerClaimNonRevState
+            );
             require(
-                GenesisUtils.isGenesisState(issuerId, issuerClaimNonRevState),
-                "Non-Revocation state isn't in state contract and not genesis"
+                isIssuerRevocationStateGenesis,
+                "Issuer revocation state doesn't exist in state contract and is not genesis "
             );
         } else {
-            // The non-empty state is returned, and it's not equal to the state that the user has provided.
-            if (issuerClaimNonRevStateInfo.state != issuerClaimNonRevState) {
-                // Get the time of the latest state and compare it to the transition time of state provided by the user.
-                IState.StateInfo memory issuerClaimNonRevLatestStateInfo = state
-                .getStateInfoByIdAndState(issuerId, issuerClaimNonRevState);
+            StateV2.StateInfo memory issuerLatestStateInfo = state
+                .getStateInfoById(issuerId);
+            if (issuerLatestStateInfo.state != issuerClaimNonRevState) {
+                // Get  the time of the latest state and compare it to the transition time of state provided by the user.
+                StateV2.StateInfo memory issuerClaimNonRevStateInfo = state
+                    .getStateInfoByIdAndState(issuerId, issuerClaimNonRevState);
 
                 if (
-                    issuerClaimNonRevLatestStateInfo.id == 0 ||
-                    issuerClaimNonRevLatestStateInfo.id != issuerId
+                    issuerClaimNonRevStateInfo.id == 0 ||
+                    issuerClaimNonRevStateInfo.id != issuerId
                 ) {
                     revert("state in transition info contains invalid id");
                 }
 
-                if (issuerClaimNonRevLatestStateInfo.replacedAtTimestamp == 0) {
-                    revert("Non-Latest state doesn't contain replacement information");
+                if (issuerClaimNonRevStateInfo.replacedAtTimestamp == 0) {
+                    revert(
+                        "Non-Latest state doesn't contain replacement information"
+                    );
                 }
 
                 if (
-                    block.timestamp - issuerClaimNonRevLatestStateInfo.replacedAtTimestamp >
+                    block.timestamp -
+                        issuerClaimNonRevStateInfo.replacedAtTimestamp >
                     revocationStateExpirationTime
                 ) {
                     revert("Non-Revocation state of Issuer expired");
                 }
-                
-                if (block.timestamp - proofGenerationTimestamp > proofGenerationExpirationTime) {
-                    revert("Generated proof is outdated");
-                }
-
             }
         }
+
+        if (
+            block.timestamp - proofGenerationTimestamp >
+            proofGenerationExpirationTime
+        ) {
+            revert("Generated proof is outdated");
+        }
         return (true);
     }
-}
+}
