refactor: improve verification checks

chainwayxyz · Mar 9, 2025 · 46eb40b · 46eb40b
1 parent f072807
commit 46eb40b
Show file tree

Hide file tree

Showing 5 changed files with 29 additions and 14 deletions.
diff --git a/bridge-circuit-host/src/bridge_circuit_host.rs b/bridge-circuit-host/src/bridge_circuit_host.rs
@@ -36,7 +36,16 @@ pub fn prove_bridge_circuit(
     let header_chain_proof_output_serialized =
         borsh::to_vec(&bridge_circuit_input.hcp).expect("Could not serialize header chain output");
 
-    // Sanity check for number of watchtowers
+    if bridge_circuit_input.lcp.lc_journal != bridge_circuit_host_params.lcp_receipt.journal.bytes {
+        panic!("Light client proof output mismatch");
+    }
+
+    // if bridge_circuit_host_params.lcp_receipt.verify(LC_IMAGE_ID).is_err()
+    // {
+    //     panic!("Light client proof receipt verification failed");
+    // }
+
+    // Check for number of watchtowers
     if bridge_circuit_input.winternitz_details.len()
         != bridge_circuit_host_params.num_of_watchtowers as usize
     {
@@ -50,7 +59,7 @@ pub fn prove_bridge_circuit(
         panic!("Header chain proof output mismatch");
     }
 
-    // sanity check for headerchain receipt
+    // Check for headerchain receipt
     if bridge_circuit_host_params
         .headerchain_receipt
         .verify(HEADER_CHAIN_METHOD_ID)
@@ -59,6 +68,17 @@ pub fn prove_bridge_circuit(
         panic!("Header chain receipt verification failed");
     }
 
+    // SPV verification
+    if !bridge_circuit_input.payout_spv.verify(
+        bridge_circuit_input
+            .hcp
+            .chain_state
+            .block_hashes_mmr
+            .clone(),
+    ) {
+        panic!("SPV verification failed");
+    }
+
     let public_inputs: SuccinctBridgeCircuitPublicInputs =
         public_inputs(bridge_circuit_input.clone());
     let journal_hash = public_inputs.journal_hash();
@@ -316,13 +336,11 @@ mod tests {
             header_chain_circuit_output: block_header_circuit_output.clone(),
         };
 
-        println!("PROVING WORK ONLY CIRCUIT");
         let work_only_groth16_proof_receipt: Receipt =
             prove_work_only(headerchain_receipt.clone(), &work_only_circuit_input);
 
         let g16_proof_receipt: &risc0_zkvm::Groth16Receipt<risc0_zkvm::ReceiptClaim> =
             work_only_groth16_proof_receipt.inner.groth16().unwrap();
-        println!("G16 PROOF RECEIPT: {:?}", g16_proof_receipt);
 
         let seal =
             CircuitGroth16Proof::from_seal(g16_proof_receipt.seal.as_slice().try_into().unwrap());
@@ -398,8 +416,6 @@ mod tests {
             }
         }
 
-        println!("Done with the normal bridge circuit guest stuff");
-
         let (ark_groth16_proof, output_scalar_bytes_trimmed, bridge_circuit_bitvm_inputs) =
             prove_bridge_circuit(bridge_circuit_host_params, TEST_BRIDGE_CIRCUIT_ELF);
 
@@ -409,7 +425,6 @@ mod tests {
             output_scalar_bytes_trimmed,
             g16_pi_calculated_outside[0..31]
         );
-        println!("ARK GROTH16 PROOF");
         assert!(bridge_circuit_bitvm_inputs.verify_bridge_circuit(ark_groth16_proof));
     }
 }
diff --git a/circuits-lib/src/bridge_circuit/mod.rs b/circuits-lib/src/bridge_circuit/mod.rs
@@ -56,7 +56,10 @@ pub fn convert_to_groth16_and_verify(message: &[u8], pre_state: &[u8; 32]) -> bo
 pub fn bridge_circuit(guest: &impl ZkvmGuest, work_only_image_id: [u8; 32]) {
     let input: BridgeCircuitInput = guest.read_from_host();
     assert_eq!(HEADER_CHAIN_METHOD_ID, input.hcp.method_id);
+
+    // Verify the HCP
     guest.verify(input.hcp.method_id, &input.hcp);
+
     let mut watchtower_flags: Vec<bool> = vec![];
     let mut wt_messages_with_idxs: Vec<(usize, Vec<u8>)> = vec![];
 
@@ -121,9 +124,7 @@ pub fn bridge_circuit(guest: &impl ZkvmGuest, work_only_image_id: [u8; 32]) {
     // MMR WILL BE FETCHED FROM LC PROOF WHEN IT IS READY - THIS IS JUST FOR PROOF OF CONCEPT
     let mmr = input.hcp.chain_state.block_hashes_mmr;
 
-    let spv_verification_res = input.payout_spv.verify(mmr);
-
-    if !spv_verification_res {
+    if !input.payout_spv.verify(mmr) {
         panic!("Invalid SPV proof");
     }
 
@@ -164,7 +165,8 @@ pub fn bridge_circuit(guest: &impl ZkvmGuest, work_only_image_id: [u8; 32]) {
 
     let deposit_constant: [u8; 32] = Sha256::digest(&pre_deposit_constant).into();
     let mut challenge_sending_watchtowers: [u8; 20] = [0u8; 20];
-    // Convert bools to bit flags
+
+    // Convert bools to bit flags (Actually no need for bools we can directly use the bit flags, but for clarity)
     for (i, &flag) in watchtower_flags.iter().enumerate() {
         if flag {
             challenge_sending_watchtowers[i / 8] |= 1 << (i % 8);

diff --git a/circuits-lib/src/bridge_circuit/storage_proof.rs b/circuits-lib/src/bridge_circuit/storage_proof.rs
@@ -27,9 +27,7 @@ pub fn verify_storage_proofs(storage_proof: &StorageProof, state_root: [u8; 32])
     let storage_key: alloy_primitives::Uint<256, 4> =
         storage_address + U256::from(storage_proof.index * 2);
 
-    let mut concantenated: [u8; 64] = [0; 64];
-    concantenated[..32].copy_from_slice(&storage_proof.txid_hex);
-    concantenated[32..].copy_from_slice(&DEPOSIT_MAPPING_STORAGE_INDEX);
+    let concantenated = [storage_proof.txid_hex, DEPOSIT_MAPPING_STORAGE_INDEX].concat();
 
     let mut keccak = Keccak256::new();
     keccak.update(concantenated);

diff --git a/risc0-circuits/elfs/prod-testnet4-bridge-circuit-guest b/risc0-circuits/elfs/prod-testnet4-bridge-circuit-guest
diff --git a/risc0-circuits/elfs/test-testnet4-bridge-circuit-guest b/risc0-circuits/elfs/test-testnet4-bridge-circuit-guest