tornado-core/contracts/Mixer.sol
2019-08-01 09:58:34 -07:00

92 lines
3.4 KiB
Solidity

pragma solidity ^0.5.8;
import "./MerkleTreeWithHistory.sol";
contract IVerifier {
function verifyProof(uint256[2] memory a, uint256[2][2] memory b, uint256[2] memory c, uint256[4] memory input) public returns(bool);
}
contract Mixer is MerkleTreeWithHistory {
uint256 public transferValue;
bool public isDepositsEnabled = true;
address public pauseAccount;
mapping(uint256 => bool) public nullifierHashes;
// we store all commitments just to prevent accidental deposits with the same commitment
mapping(uint256 => bool) public commitments;
IVerifier verifier;
event Deposit(uint256 indexed commitment, uint256 leafIndex, uint256 timestamp);
event Withdraw(address to, uint256 nullifierHash, uint256 fee);
/**
@dev The constructor
@param _verifier the address of SNARK verifier for this contract
@param _transferValue the value for all deposits in this contract in wei
*/
constructor(
address _verifier,
uint256 _transferValue,
uint8 _merkleTreeHeight,
uint256 _emptyElement,
address _pauseAccount
) MerkleTreeWithHistory(_merkleTreeHeight, _emptyElement) public {
verifier = IVerifier(_verifier);
transferValue = _transferValue;
pauseAccount = _pauseAccount;
}
/**
@dev Deposit funds into mixer. The caller must send value equal to `transferValue` of this mixer.
@param commitment the note commitment, which is PedersenHash(nullifier + secret)
*/
function deposit(uint256 commitment) public payable {
require(isDepositsEnabled, "deposits disabled");
require(msg.value == transferValue, "Please send `transferValue` ETH along with transaction");
require(!commitments[commitment], "The commitment has been submitted");
_insert(commitment);
commitments[commitment] = true;
emit Deposit(commitment, next_index - 1, block.timestamp);
}
/**
@dev Withdraw deposit from the mixer. `a`, `b`, and `c` are zkSNARK proof data, and input is an array of circuit public inputs
`input` array consists of:
- merkle root of all deposits in the mixer
- hash of unique deposit nullifier to prevent double spends
- the receiver of funds
- optional fee that goes to the transaction sender (usually a relay)
*/
function withdraw(uint256[2] memory a, uint256[2][2] memory b, uint256[2] memory c, uint256[4] memory input) public {
uint256 root = input[0];
uint256 nullifierHash = input[1];
address payable receiver = address(input[2]);
uint256 fee = input[3];
require(fee < transferValue, "Fee exceeds transfer value");
require(!nullifierHashes[nullifierHash], "The note has been already spent");
require(isKnownRoot(root), "Cannot find your merkle root"); // Make sure to use a recent one
require(verifier.verifyProof(a, b, c, input), "Invalid withdraw proof");
nullifierHashes[nullifierHash] = true;
receiver.transfer(transferValue - fee);
if (fee > 0) {
msg.sender.transfer(fee);
}
emit Withdraw(receiver, nullifierHash, fee);
}
function toggleDeposits() external {
require(msg.sender == pauseAccount, "unauthorized");
isDepositsEnabled = !isDepositsEnabled;
}
function setPauseAccount(address _newAccount) external {
require(msg.sender == pauseAccount, "unauthorized");
pauseAccount = _newAccount;
}
function isSpent(uint256 nullifier) public view returns(bool) {
return nullifierHashes[nullifier];
}
}