From f04ff2b6fdb43375f72bf5c88b2f5a5be0083640 Mon Sep 17 00:00:00 2001
From: Alexey <peretsmobil@gmail.com>
Date: Tue, 14 Apr 2020 12:22:15 +0300
Subject: [PATCH 1/4] update infura keys

---
 truffle-config.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/truffle-config.js b/truffle-config.js
index 47a0f87..04451ba 100644
--- a/truffle-config.js
+++ b/truffle-config.js
@@ -43,7 +43,7 @@ module.exports = {
     // Useful for deploying to a public network.
     // NB: It's important to wrap the provider as a function.
     kovan: {
-      provider: () => new HDWalletProvider(process.env.PRIVATE_KEY, 'https://kovan.infura.io/v3/c7463beadf2144e68646ff049917b716'),
+      provider: () => new HDWalletProvider(process.env.PRIVATE_KEY, 'https://kovan.infura.io/v3/97c8bf358b9942a9853fab1ba93dc5b3'),
       network_id: 42,
       gas: 6000000,
       gasPrice: utils.toWei('1', 'gwei'),
@@ -52,7 +52,7 @@ module.exports = {
       skipDryRun: true
     },
     rinkeby: {
-      provider: () => new HDWalletProvider(process.env.PRIVATE_KEY, 'https://rinkeby.infura.io/v3/c7463beadf2144e68646ff049917b716'),
+      provider: () => new HDWalletProvider(process.env.PRIVATE_KEY, 'https://rinkeby.infura.io/v3/97c8bf358b9942a9853fab1ba93dc5b3'),
       network_id: 4,
       gas: 6000000,
       gasPrice: utils.toWei('1', 'gwei'),

From 2d9677831a3609d1df7b91ef4c673d02c3a02c8e Mon Sep 17 00:00:00 2001
From: Alexey <peretsmobil@gmail.com>
Date: Wed, 15 Apr 2020 16:14:05 +0300
Subject: [PATCH 2/4] fix cli

---
 cli.js | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/cli.js b/cli.js
index 838864a..d6599ac 100755
--- a/cli.js
+++ b/cli.js
@@ -388,10 +388,6 @@ async function init({ rpc, noteNetId, currency = 'dai', amount = '100' }) {
     PRIVATE_KEY = process.env.PRIVATE_KEY
     erc20ContractJson = require('./build/contracts/ERC20Mock.json')
     erc20tornadoJson = require('./build/contracts/ERC20Tornado.json')
-    const account = web3.eth.accounts.privateKeyToAccount('0x' + PRIVATE_KEY)
-    web3.eth.accounts.wallet.add('0x' + PRIVATE_KEY)
-    web3.eth.defaultAccount = account.address
-    senderAccount = account.address
   }
   // groth16 initialises a lot of Promises that will never be resolved, that's why we need to use process.exit to terminate the CLI
   groth16 = await buildGroth16()
@@ -406,6 +402,16 @@ async function init({ rpc, noteNetId, currency = 'dai', amount = '100' }) {
     tokenAddress = currency !== 'eth' ? erc20ContractJson.networks[netId].address : null
     senderAccount = (await web3.eth.getAccounts())[0]
   } else {
+    try {
+      const account = web3.eth.accounts.privateKeyToAccount('0x' + PRIVATE_KEY)
+      web3.eth.accounts.wallet.add('0x' + PRIVATE_KEY)
+      // eslint-disable-next-line require-atomic-updates
+      web3.eth.defaultAccount = account.address
+      senderAccount = account.address
+    } catch(e) {
+      console.error('Please provide PRIVATE_KEY in .env file')
+      process.exit(1)
+    }
     try{
       tornadoAddress = config.deployments[`netId${netId}`][currency].instanceAddress[amount]
       if (!tornadoAddress) {

From d4e6031982dbff255fbe5563a19237e12d59c55c Mon Sep 17 00:00:00 2001
From: poma <semenov.roma@gmail.com>
Date: Fri, 17 Apr 2020 21:54:27 +0300
Subject: [PATCH 3/4] fix cli

---
 .travis.yml | 2 +-
 cli.js      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 7facdba..1fb7b35 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -11,4 +11,4 @@ install:
 script:
   - npm run test
   - npm run eslint
-  - ./cli.js test
+  - node cli.js test
diff --git a/cli.js b/cli.js
index d6599ac..89a65e3 100755
--- a/cli.js
+++ b/cli.js
@@ -1,4 +1,4 @@
-#!/usr/bin/env NODE_OPTIONS=--no-warnings node
+#!/usr/bin/env node
 // Temporary demo client
 // Works both in browser and node.js
 

From a533ad9ffb62163a42d4fa9a09984c5dd4e5c41d Mon Sep 17 00:00:00 2001
From: Alexey <peretsmobil@gmail.com>
Date: Tue, 28 Apr 2020 10:36:48 +0300
Subject: [PATCH 4/4] Add explicit constrains for recepient, relayer and fee

---
 circuits/withdraw.circom | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/circuits/withdraw.circom b/circuits/withdraw.circom
index bed8cd6..54c3838 100644
--- a/circuits/withdraw.circom
+++ b/circuits/withdraw.circom
@@ -50,6 +50,18 @@ template Withdraw(levels) {
         tree.pathElements[i] <== pathElements[i];
         tree.pathIndices[i] <== pathIndices[i];
     }
+
+    // Add hidden signals to make sure that tampering with recipient or fee will invalidate the snark proof
+    // Most likely it is not required, but it's better to stay on the safe side and it only takes 2 constraints
+    // Squares are used to prevent optimizer from removing those constraints
+    signal recipientSquare;
+    signal feeSquare;
+    signal relayerSquare;
+    signal refundSquare;
+    recipientSquare <== recipient * recipient;
+    feeSquare <== fee * fee;
+    relayerSquare <== relayer * relayer;
+    refundSquare <== refund * refund;
 }
 
 component main = Withdraw(20);