relayhub protection

contracts/ETHMixer.sol

@@ -34,9 +34,12 @@ contract ETHMixer is GSNMixer {
     require(msg.value == mixDenomination, "Please send `mixDenomination` ETH along with transaction");
   }
 
-  event Debug(uint actualCharge, bytes context, address recipient);
   // this func is called by RelayerHub right after calling a target func
   function postRelayedCall(bytes memory context, bool /*success*/, uint actualCharge, bytes32 /*preRetVal*/) public onlyHub {
+    // this require allows to protect againt malicious relay hub that can drain the mixer
+    require(couldBeWithdrawn, "could be called only after withdrawViaRelayer");
+    couldBeWithdrawn = false;
+
     IRelayHub relayHub = IRelayHub(getHubAddr());
     address payable recipient;
     uint256 nullifierHash;
@@ -44,10 +47,10 @@ contract ETHMixer is GSNMixer {
       recipient := mload(add(context, 32))
       nullifierHash := mload(add(context, 64))
     }
-    emit Debug(actualCharge, context, recipient);
 
     recipient.transfer(mixDenomination - actualCharge);
     relayHub.depositFor.value(actualCharge)(address(this));
+
     emit Withdraw(recipient, nullifierHash, tx.origin, actualCharge);
   }
 }

contracts/GSNMixer.sol

@@ -14,6 +14,7 @@ contract GSNMixer is Mixer, GSNRecipient {
   ) Mixer(_verifier, _mixDenomination, _merkleTreeHeight, _emptyElement, _operator) public {
   }
 
+  bool couldBeWithdrawn;
   modifier onlyHub() {
     require(msg.sender == getHubAddr(), "only relay hub");
     _;
@@ -27,7 +28,7 @@ contract GSNMixer is Mixer, GSNRecipient {
     require(isKnownRoot(root), "Cannot find your merkle root"); // Make sure to use a recent one
     require(verifier.verifyProof(a, b, c, input), "Invalid withdraw proof");
     nullifierHashes[nullifierHash] = true;
-
+    couldBeWithdrawn = true;
     // we will process withdraw in postRelayedCall func
   }