Bring V2 up to date

CHANGELOG.md

@@ -17,6 +17,14 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
 
 ## [Unreleased](https://github.com/o1-labs/o1js/compare/d6abf1d97...HEAD)
 
+### Deprecated
+
+- `this.sender.getAndRequireSignature()` / `getUnconstrained()` deprecated in favor of `V2` versions due to a vulnerability https://github.com/o1-labs/o1js/pull/1799
+
+### Fixes
+
+- Fix behavior of `Int64.modV2()` when the input is negative and the remainder should be 0 https://github.com/o1-labs/o1js/pull/1797
+
 ## [1.6.0](https://github.com/o1-labs/o1js/compare/1ad7333e9e...d6abf1d97) - 2024-07-23
 
 ### Added

run-ci-live-tests.sh

@@ -15,6 +15,8 @@ echo ""
 
 ./run src/examples/zkapps/hello-world/run-live.ts --bundle | add_prefix "HELLO_WORLD" &
 HELLO_WORLD_PROC=$!
+./run src/examples/zkapps/reducer/run-live.ts --bundle | add_prefix "REDUCER" &
+REDUCER_FLOW_PROC=$!
 ./run src/examples/zkapps/dex/run-live.ts --bundle | add_prefix "DEX" &
 DEX_PROC=$!
 ./run src/examples/fetch-live.ts --bundle | add_prefix "FETCH" &
@@ -52,6 +54,13 @@ if [ $? -ne 0 ]; then
   echo ""
   FAILURE=1
 fi
+wait $REDUCER_FLOW_PROC
+if [ $? -ne 0 ]; then
+  echo ""
+  echo "REDUCER_FLOW test failed."
+  echo ""
+  FAILURE=1
+fi
 
 # Exit with failure if any process failed
 if [ $FAILURE -ne 0 ]; then

run-ci-tests.sh

@@ -14,8 +14,7 @@ case $TEST_TYPE in
 
 "Reducer integration tests")
   echo "Running reducer integration tests"
-  ./run src/examples/zkapps/reducer/actions-as-merkle-list.ts --bundle
-  ./run src/examples/zkapps/reducer/actions-as-merkle-list-iterator.ts --bundle
+  ./run src/examples/zkapps/reducer/run.ts --bundle
   ;;
 
 "Voting integration tests")

src/examples/utils/network-configuration.ts

@@ -0,0 +1,9 @@
+export {
+    DEFAULT_LIGHTNET_CONFIG
+}
+
+const DEFAULT_LIGHTNET_CONFIG = {
+    mina: 'http://localhost:8080/graphql',
+    archive: 'http://localhost:8282',
+    lightnetAccountManager: 'http://localhost:8181',
+}

src/examples/utils/random-accounts.ts

@@ -0,0 +1,23 @@
+import { PrivateKey, PublicKey } from 'o1js';
+
+export {
+  randomAccounts
+}
+
+/**
+ * Predefined accounts keys, labeled by the input strings. Useful for testing/debugging with consistent keys.
+ */
+function randomAccounts<K extends string>(
+  ...names: [K, ...K[]]
+): { keys: Record<K, PrivateKey>; addresses: Record<K, PublicKey> } {
+  let base58Keys = Array(names.length)
+    .fill('')
+    .map(() => PrivateKey.random().toBase58());
+  let keys = Object.fromEntries(
+    names.map((name, idx) => [name, PrivateKey.fromBase58(base58Keys[idx])])
+  ) as Record<K, PrivateKey>;
+  let addresses = Object.fromEntries(
+    names.map((name) => [name, keys[name].toPublicKey()])
+  ) as Record<K, PublicKey>;
+  return { keys, addresses };
+}

src/examples/zkapps/dex/dex-with-actions.ts

@@ -2,11 +2,11 @@
  * This DEX implementation differs from ./dex.ts in two ways:
  * - More minimal & realistic; stuff designed only for testing protocol features was removed
  * - Uses an async pattern with actions that lets users claim funds later and reduces account updates
- * 
- * Warning: The reducer API in o1js is currently not safe to use in production applications. The `reduce()` 
- * method breaks if more than the hard-coded number (default: 32) of actions are pending. Work is actively 
+ *
+ * Warning: The reducer API in o1js is currently not safe to use in production applications. The `reduce()`
+ * method breaks if more than the hard-coded number (default: 32) of actions are pending. Work is actively
  * in progress to mitigate this limitation.
- */ 
+ */
 import {
   Account,
   AccountUpdate,
@@ -86,7 +86,7 @@ class Dex extends TokenContract {
   @method async createAccount() {
     this.internal.mint({
       // unconstrained because we don't care which account is created
-      address: this.sender.getUnconstrained(),
+      address: this.sender.getUnconstrainedV2(),
       amount: UInt64.from(0),
     });
   }
@@ -104,7 +104,7 @@ class Dex extends TokenContract {
   @method.returns(UInt64)
   async supplyLiquidityBase(dx: UInt64, dy: UInt64) {
     // unconstrained because `transfer()` requires sender signature anyway
-    let user = this.sender.getUnconstrained();
+    let user = this.sender.getUnconstrainedV2();
     let tokenX = new TrivialCoin(this.tokenX);
     let tokenY = new TrivialCoin(this.tokenY);
 
@@ -175,7 +175,7 @@ class Dex extends TokenContract {
    * contracts pay you tokens when reducing the action.
    */
   @method async redeemInitialize(dl: UInt64) {
-    let sender = this.sender.getUnconstrained(); // unconstrained because `burn()` requires sender signature anyway
+    let sender = this.sender.getUnconstrainedV2(); // unconstrained because `burn()` requires sender signature anyway
     this.reducer.dispatch(new RedeemAction({ address: sender, dl }));
     this.internal.burn({ address: sender, amount: dl });
     // TODO: preconditioning on the state here ruins concurrent interactions,
@@ -209,7 +209,7 @@ class Dex extends TokenContract {
    * the called methods which requires proof authorization.
    */
   async swapX(dx: UInt64) {
-    let user = this.sender.getUnconstrained(); // unconstrained because `swap()` requires sender signature anyway
+    let user = this.sender.getUnconstrainedV2(); // unconstrained because `swap()` requires sender signature anyway
     let tokenY = new TrivialCoin(this.tokenY);
     let dexY = new DexTokenHolder(this.address, tokenY.deriveTokenId());
     let dy = await dexY.swap(user, dx, this.tokenX);
@@ -228,7 +228,7 @@ class Dex extends TokenContract {
    * the called methods which requires proof authorization.
    */
   async swapY(dy: UInt64) {
-    let user = this.sender.getUnconstrained(); // unconstrained because `swap()` requires sender signature anyway
+    let user = this.sender.getUnconstrainedV2(); // unconstrained because `swap()` requires sender signature anyway
     let tokenX = new TrivialCoin(this.tokenX);
     let dexX = new DexTokenHolder(this.address, tokenX.deriveTokenId());
     let dx = await dexX.swap(user, dy, this.tokenY);

src/examples/zkapps/dex/dex.ts

@@ -20,7 +20,7 @@ import {
 
 export { TokenContract, addresses, createDex, keys, randomAccounts, tokenIds };
 
-class UInt64x2 extends Struct([UInt64, UInt64]) {}
+class UInt64x2 extends Struct({ values: [UInt64, UInt64] }) {}
 
 function createDex({
   lockedLiquiditySlots,
@@ -56,7 +56,7 @@ function createDex({
      */
     @method.returns(UInt64)
     async supplyLiquidityBase(dx: UInt64, dy: UInt64) {
-      let user = this.sender.getUnconstrained(); // unconstrained because transfer() requires the signature anyway
+      let user = this.sender.getUnconstrainedV2(); // unconstrained because transfer() requires the signature anyway
       let tokenX = new TokenContract(this.tokenX);
       let tokenY = new TokenContract(this.tokenY);
 
@@ -155,10 +155,14 @@ function createDex({
      */
     async redeemLiquidity(dl: UInt64) {
       // call the token X holder inside a token X-approved callback
-      let sender = this.sender.getUnconstrained(); // unconstrained because redeemLiquidity() requires the signature anyway
+      let sender = this.sender.getUnconstrainedV2(); // unconstrained because redeemLiquidity() requires the signature anyway
       let tokenX = new TokenContract(this.tokenX);
       let dexX = new DexTokenHolder(this.address, tokenX.deriveTokenId());
-      let dxdy = await dexX.redeemLiquidity(sender, dl, this.tokenY);
+      let { values: dxdy } = await dexX.redeemLiquidity(
+        sender,
+        dl,
+        this.tokenY
+      );
       let dx = dxdy[0];
       await tokenX.transfer(dexX.self, sender, dx);
       return dxdy;
@@ -173,7 +177,7 @@ function createDex({
      */
     @method.returns(UInt64)
     async swapX(dx: UInt64) {
-      let sender = this.sender.getUnconstrained(); // unconstrained because swap() requires the signature anyway
+      let sender = this.sender.getUnconstrainedV2(); // unconstrained because swap() requires the signature anyway
       let tokenY = new TokenContract(this.tokenY);
       let dexY = new DexTokenHolder(this.address, tokenY.deriveTokenId());
       let dy = await dexY.swap(sender, dx, this.tokenX);
@@ -190,7 +194,7 @@ function createDex({
      */
     @method.returns(UInt64)
     async swapY(dy: UInt64) {
-      let sender = this.sender.getUnconstrained(); // unconstrained because swap() requires the signature anyway
+      let sender = this.sender.getUnconstrainedV2(); // unconstrained because swap() requires the signature anyway
       let tokenX = new TokenContract(this.tokenX);
       let dexX = new DexTokenHolder(this.address, tokenX.deriveTokenId());
       let dx = await dexX.swap(sender, dy, this.tokenY);
@@ -229,7 +233,7 @@ function createDex({
 
     @method.returns(UInt64)
     async swapX(dx: UInt64) {
-      let sender = this.sender.getUnconstrained(); // unconstrained because swap() requires the signature anyway
+      let sender = this.sender.getUnconstrainedV2(); // unconstrained because swap() requires the signature anyway
       let tokenY = new TokenContract(this.tokenY);
       let dexY = new ModifiedDexTokenHolder(
         this.address,
@@ -264,7 +268,7 @@ function createDex({
       this.self.body.mayUseToken = AccountUpdate.MayUseToken.ParentsOwnToken;
 
       // return l, dy so callers don't have to walk their child account updates to get it
-      return [l, dy];
+      return { values: [l, dy] };
     }
 
     // more complicated circuit, where we trigger the Y(other)-lqXY trade in our child account updates and then add the X(our) part
@@ -277,9 +281,9 @@ function createDex({
       // first call the Y token holder, approved by the Y token contract; this makes sure we get dl, the user's lqXY
       let tokenY = new TokenContract(otherTokenAddress);
       let dexY = new DexTokenHolder(this.address, tokenY.deriveTokenId());
-      let result = await dexY.redeemLiquidityPartial(user, dl);
-      let l = result[0];
-      let dy = result[1];
+      let { values } = await dexY.redeemLiquidityPartial(user, dl);
+      let l = values[0];
+      let dy = values[1];
       await tokenY.transfer(dexY.self, user, dy);
 
       // in return for dl, we give back dx, the X token part
@@ -289,7 +293,7 @@ function createDex({
       // just subtract the balance, user gets their part one level higher
       this.balance.subInPlace(dx);
 
-      return [dx, dy];
+      return { values: [dx, dy] };
     }
 
     // this works for both directions (in our case where both tokens use the same contract)

src/examples/zkapps/escrow/token-escrow.ts

@@ -29,7 +29,7 @@ class TokenEscrow extends SmartContract {
    */
   @method async withdraw(amount: UInt64) {
     // only the admin can withdraw
-    this.sender.getAndRequireSignature().assertEquals(admin);
+    this.sender.getAndRequireSignatureV2().assertEquals(admin);
 
     // withdraw the amount
     let receiverAU = this.send({ to: admin, amount });

src/examples/zkapps/reducer/actions-as-merkle-list-iterator.ts

@@ -4,11 +4,11 @@
  *
  * This is mainly intended as an example for using `Iterator` and `MerkleList`, but it might also be useful as
  * a blueprint for processing actions in a custom and more explicit way.
- * 
- * Warning: The reducer API in o1js is currently not safe to use in production applications. The `reduce()` 
- * method breaks if more than the hard-coded number (default: 32) of actions are pending. Work is actively 
+ *
+ * Warning: The reducer API in o1js is currently not safe to use in production applications. The `reduce()`
+ * method breaks if more than the hard-coded number (default: 32) of actions are pending. Work is actively
  * in progress to mitigate this limitation.
- */ 
+ */
 import {
   Field,
   Mina,
@@ -20,6 +20,8 @@ import {
   assert,
 } from 'o1js';
 
+export { ActionsContract, testLocal };
+
 // constants for our static-sized provable code
 const MAX_UPDATES_WITH_ACTIONS = 100;
 const MAX_ACTIONS_PER_UPDATE = 2;
@@ -81,44 +83,46 @@ class ActionsContract extends SmartContract {
 
 // TESTS
 
-// set up a local blockchain
+async function testLocal() {
+  // set up a local blockchain
 
-let Local = await Mina.LocalBlockchain({ proofsEnabled: false });
-Mina.setActiveInstance(Local);
+  let Local = await Mina.LocalBlockchain({ proofsEnabled: true });
+  Mina.setActiveInstance(Local);
 
-let [sender, contractAddress] = Local.testAccounts;
+  let [sender, contractAddress] = Local.testAccounts.slice(4);
 
-let contract = new ActionsContract(contractAddress);
+  let contract = new ActionsContract(contractAddress);
 
-// deploy the contract
+  // deploy the contract
 
-await ActionsContract.compile();
-console.log(
-  `rows for ${MAX_UPDATES_WITH_ACTIONS} updates with actions`,
-  (await ActionsContract.analyzeMethods()).accumulate.rows
-);
-let deployTx = await Mina.transaction(sender, async () => contract.deploy());
-await deployTx.sign([sender.key, contractAddress.key]).send();
+  await ActionsContract.compile();
+  console.log(
+    `rows for ${MAX_UPDATES_WITH_ACTIONS} updates with actions`,
+    (await ActionsContract.analyzeMethods()).accumulate.rows
+  );
+  let deployTx = await Mina.transaction(sender, async () => contract.deploy());
+  await deployTx.sign([sender.key, contractAddress.key]).send();
 
-// push some actions
+  // push some actions
 
-let dispatchTx = await Mina.transaction(sender, async () => {
-  await contract.increment(Field(1));
-  await contract.increment(Field(3));
-  await contract.increment(Field(5));
-  await contract.increment(Field(9));
-  await contract.twoIncrements(Field(18), Field(19));
-});
-await dispatchTx.prove();
-await dispatchTx.sign([sender.key]).send();
+  let dispatchTx = await Mina.transaction(sender, async () => {
+    await contract.increment(Field(1));
+    await contract.increment(Field(3));
+    await contract.increment(Field(5));
+    await contract.increment(Field(9));
+    await contract.twoIncrements(Field(18), Field(19));
+  });
+  await dispatchTx.prove();
+  await dispatchTx.sign([sender.key]).send();
 
-assert(contract.reducer.getActions().data.get().length === 5);
+  assert(contract.reducer.getActions().data.get().length === 5);
 
-// accumulate actions
+  // accumulate actions
 
-Local.setProofsEnabled(true);
-let accTx = await Mina.transaction(sender, () => contract.accumulate());
-await accTx.prove();
-await accTx.sign([sender.key]).send();
+  Local.setProofsEnabled(true);
+  let accTx = await Mina.transaction(sender, () => contract.accumulate());
+  await accTx.prove();
+  await accTx.sign([sender.key]).send();
 
-assert(contract.counter.get().toBigInt() === 55n);
+  assert(contract.counter.get().toBigInt() === 55n);
+}