-
Notifications
You must be signed in to change notification settings - Fork 295
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Private refunds #7226
feat: Private refunds #7226
Conversation
2f72957
to
b1586b3
Compare
Benchmark resultsMetrics with a significant change:
Detailed resultsAll benchmarks are run on txs on the This benchmark source data is available in JSON format on S3 here. Proof generationEach column represents the number of threads used in proof generation.
L2 block published to L1Each column represents the number of txs on an L2 block published to L1.
L2 chain processingEach column represents the number of blocks on the L2 chain where each block has 8 txs.
Circuits statsStats on running time and I/O sizes collected for every kernel circuit run across all benchmarks.
Stats on running time collected for app circuits
AVM SimulationTime to simulate various public functions in the AVM.
Public DB AccessTime to access various public DBs.
Tree insertion statsThe duration to insert a fixed batch of leaves into each tree type.
MiscellaneousTransaction sizes based on how many contract classes are registered in the tx.
Transaction size based on fee payment method | Metric | | |
b1586b3
to
0a59a2e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome PR @just-mitch!! Left a bunch of comments, but none that cannot be addressed in a subsequent PR.
Main thing I'd like to discuss about the overall design is whether we can decouple partial notes from fee refunds. In other words: having the token contract expose primitives "setup partial note" and "complete partial note" (the latter accepting a value as opposed to using the tx fee), and have the FPC orchestrate the whole thing. Seems like we'd need a new note type PartialTokenNoteAwaitingToBeCompleted
to be set during "setup partial note" and to be consumed in "complete", so the caller can't just supply any values they wish, right?
use dep::aztec::context::interface::PublicContextInterface; | ||
|
||
pub fn calculate_fee<TPublicContext>(_context: TPublicContext) -> U128 where TPublicContext: PublicContextInterface { | ||
U128::from_integer(1) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why not use context.transaction_fee
here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah this is dead code. Not called. I will remove it.
// convince the FPC we are not cheating | ||
context.push_new_nullifier(nonce, 0); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure I understood: why does this convince the FPC we are not cheating?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also: should we mix the nonce with the msg.sender before emitting it as a nullifier? I'm worried a user could abuse it to invalidate another user's txs.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Suppose user chooses nonce of 42, and the amount due to the FPC is 100.
Then if user chooses a nonce of 42 again, then it will create a duplicate note if the amount due to the FPC is the same.
For that reason I think we ought not mix the nonce with the msg.sender, since we would want the other user's tx to be invalidated for the same reason.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Got it. Still, it feels risky to have a nullifier purely controlled by the caller. What if we mixed msg_sender
with the nonce both for this nullifier and for the nonce we pass onto the token contract?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we could do that, but from the protocol perspective, the nullifier will be siloed to this contract instance, so no risk there, and from the FPC's perspective, it wants to do absolutely as little as possible.
That said, I also have a somewhat icky feeling about this. Can you think of any attack or exploit that could come from it? It would be helpful to understand if this type of pattern is "safe" generally, even if it feels risky.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah duh yes snooping the mempool would do it. Nice one! So I think then we don't need to mix in the sender, but we do need to encrypt the nonce when we emit it.
In this PR I just fixed the privacy leak which Lasse and Santiago spotted by introducing the second randomness value (computed by hashing the first one) and emitting as unencrypted log only the second value which should reliably prevent the front-running attack (basically the same solution as what Mitch described in the edit).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Suppose user chooses nonce of 42, and the amount due to the FPC is 100.
Then if user chooses a nonce of 42 again, then it will create a duplicate note if the amount due to the FPC is the same.
For that reason I think we ought not mix the nonce with the msg.sender, since we would want the other user's tx to be invalidated for the same reason.
Do I understand this correctly that this is only a problem because we do not yet inject nonces to public note hashes (issue here)? If we had the nonces there I think there should be no issue with duplicate notes.
If this is the case I would prioritize finishing tackling that issue.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@benesjan I think that the original issue raised by Palla has already been fixed by emitting the hash of the user's randomness as the unencrypted log. But I think that if we injected nonces into public notes, we might be able to get away with not pushing the nullifier of the user's randomness (since that was originally done to convince the FPC that its note would have a unique preimage/image). Thought I'm not sure in that case how the FPC/user recover the nonce that gets injected?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Cool cool.
I am just working on storage slot as point PR and with that we'll be able to fix the remaining vulnerabilities (#7323 and #7324). Once that is done the note hash will be siloed to user address by the contract. At that point the severity of the attack of re-using randomness (assuming we remove pushing the nullifier) drops from an attacker potentially preventing someone else from spending their notes (by emitting the same note and then spending it) to a user potentially losing money if they are stupid and use the same randomness twice.
We should protect users against stupidity so it makes sense to prioritize tackling public note hash nonce.
Once we have that implemented we can safely drop emitting the nullifier. This is super nice because we want to hyper-optimize these functions since it's a cost which I assume will be part of all the txs.
Will take a note to do that once all the pieces are in place.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just nuked the nullifier in this PR as it's no longer needed.
|
||
#[aztec(private)] | ||
fn fund_transaction_privately(amount: Field, asset: AztecAddress, nonce: Field) { | ||
assert(asset == storage.other_asset.read_private()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why pass the asset
as an argument at all?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The thinking here is the same as the existing FPC- this FPC could be used with a whitelist of supported underlying tokens.
// Definitely not right, in that the teardown should always be last. | ||
// But useful for executing flows. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd push for fixing this ASAP since it's a very unexpected behaviour for a dev testing via the txe.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah agreed. I don't know enough about the TXE design to know how this ought to be done, since it needs to have an understanding of the TX lifecycle.
// `3` is the storage slot of the balances | ||
context.push_new_note_hash(pedersen_hash([3, note_hashes[0]], GENERATOR_INDEX__INNER_NOTE_HASH)); | ||
context.push_new_note_hash(pedersen_hash([3, note_hashes[1]], GENERATOR_INDEX__INNER_NOTE_HASH)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
FYI I think you can do sth like PrivateToken::storage().balances.slot
to avoid hardcoding the slot
); | ||
let token_contract = env.deploy("@aztec/noir-contracts.js/PrivateToken").with_public_initializer(initializer_call_interface); | ||
let token_contract_address = token_contract.to_address(); | ||
env.advance_block_by(6); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this for getting the pubkeys into the registry?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Was any change from the original needed?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes. Original maintains
map: Map<AztecAddress, PrivateSet<T, Context>, Context>
this has
map: PrivateSet<T, Context>
The reason is that if we were to use Map<AztecAddress, ...>
the address would get mixed in when computing the storage slots for notes. So back in PrivateToken::complete_refund
we would need the aztec address of the note recipient in order to correctly emit the note hash.
So the functions below are slightly different to compensate for that, and we have to do funky things with to_unconstrained
below. I owe @nventuro an issue documenting this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good to know. Still, it seems that it should be fine for all practical purposes, right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes I think so.
// allow the FPC to reconstruct their fee note | ||
context.emit_unencrypted_log(nonce); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
FYI Lasse is removing this method from context
given it's a privacy footgun.
@LHerskind seeing as it is needed in more than one place, should we instead keep it but rename it to something like "dangerously_privacy_leaking_emit_unencrypted_log" to be clear about its implications?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lol at dangerously...
We could also emit it as encrypted, but since the FPC is paying for this, and I don't think they care if nonce is revealed, they would prefer it to be unencrypted.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Name's inspired by React's https://legacy.reactjs.org/docs/dom-elements.html#dangerouslysetinnerhtml
let sponsored_user_point = multi_scalar_mul( | ||
[G1, G1, G1], | ||
[EmbeddedCurveScalar { | ||
lo: sponsored_user_lo, | ||
hi: sponsored_user_hi | ||
}, | ||
EmbeddedCurveScalar { | ||
lo: funded_amount_lo, | ||
hi: funded_amount_hi | ||
}, | ||
EmbeddedCurveScalar { | ||
lo: refund_nonce_lo, | ||
hi: refund_nonce_hi | ||
}] | ||
); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could this lead to a privacy leak? Let's assume we have an FPC that's used for a specific set of apps (eg swaps), that have a well-known gas cost, so the set of possible funded_amount
s is known. The refund_nonce
is known as well since it's emitted unencrypted by the FPC. So an attacker could brute-force user npk_m
s fetched from the keys registry to try and recompute this sponsored_user_point
(which is visible as part of the public call) and thus detect the tx sender.
Could we patch this by adding another value used for randomness that does not get publicly broadcasted?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes! @LHerskind had the same suggestion on the thread in show-and-tell. Alice supplies a nonce that gets emitted as a nullifier for the FPC and another that gets used for herself.
d633099
to
cd35cd7
Compare
🤖 I have created a release *beep* *boop* --- <details><summary>aztec-package: 0.45.0</summary> ## [0.45.0](aztec-package-v0.44.0...aztec-package-v0.45.0) (2024-07-02) ### Bug Fixes * Devnet deployment issues ([#7197](#7197)) ([9cf4904](9cf4904)) </details> <details><summary>barretenberg.js: 0.45.0</summary> ## [0.45.0](barretenberg.js-v0.44.0...barretenberg.js-v0.45.0) (2024-07-02) ### Miscellaneous * **barretenberg.js:** Synchronize aztec-packages versions </details> <details><summary>aztec-packages: 0.45.0</summary> ## [0.45.0](aztec-packages-v0.44.0...aztec-packages-v0.45.0) (2024-07-02) ### ⚠ BREAKING CHANGES * error on too large integer value (noir-lang/noir#5371) * rename struct-specific TypeDefinition -> StructDefinition (noir-lang/noir#5356) * extend storage read oracle to receive address and block number ([#7243](#7243)) * split storage access oracles ([#7237](#7237)) * remove `dep::` prefix (noir-lang/noir#4946) ### Features * `mod.nr` entrypoint (noir-lang/noir#5039) ([bb5cbab](bb5cbab)) * `static_assert` builtin (noir-lang/noir#5342) ([eb9e9f6](eb9e9f6)) * Add `map`, `fold`, `reduce`, `any`, and `all` for slices (noir-lang/noir#5331) ([f2abb4e](f2abb4e)) * Add `set` and `set_unchecked` methods to `Vec` and `BoundedVec` (noir-lang/noir#5241) ([ed815a3](ed815a3)) * Add BoundedVec::map (noir-lang/noir#5250) ([ed815a3](ed815a3)) * Add fuzzer for Noir programs (noir-lang/noir#5251) ([ed815a3](ed815a3)) * Add new lenses for encryted notes ([#7238](#7238)) ([c07cf2c](c07cf2c)) * Add outgoing keys support to getEvents ([#7239](#7239)) ([77c304e](77c304e)) * Add support for wildcard types (noir-lang/noir#5275) ([ed815a3](ed815a3)) * **avm:** Calldata gadget preliminaries ([#7227](#7227)) ([79e8588](79e8588)) * Build simple dictionary from inspecting ACIR program (noir-lang/noir#5264) ([ed815a3](ed815a3)) * Constant Honk proof sizes ([#6954](#6954)) ([17c8d3a](17c8d3a)) * Disable nargo color output if stderr is tty (noir-lang/noir#5346) ([eb9e9f6](eb9e9f6)) * **docs:** Macros explainer ([#7172](#7172)) ([bb2ebfc](bb2ebfc)) * Error on too large integer value (noir-lang/noir#5371) ([bb5cbab](bb5cbab)) * Example of private token transfer event ([#7242](#7242)) ([99ce26f](99ce26f)) * **experimental:** Implement macro calls & splicing into `Expr` values (noir-lang/noir#5203) ([ed815a3](ed815a3)) * Extend storage read oracle to receive address and block number ([#7243](#7243)) ([153b201](153b201)) * **frontend:** Explicit numeric generics and type kinds (noir-lang/noir#5155) ([f2abb4e](f2abb4e)) * **frontend:** Where clause on impl (noir-lang/noir#5320) ([f2abb4e](f2abb4e)) * Function selector opcode in AVM ([#7244](#7244)) ([dde47e9](dde47e9)) * Implement comptime support for `array_len` builtin (noir-lang/noir#5272) ([ed815a3](ed815a3)) * Implement comptime support for `as_slice` builtin (noir-lang/noir#5276) ([ed815a3](ed815a3)) * Insert trait impls into the program from type annotations (noir-lang/noir#5327) ([f2abb4e](f2abb4e)) * Let `should_fail_with` check that the failure reason contains the expected message (noir-lang/noir#5319) ([f2abb4e](f2abb4e)) * Make macros operate on token streams instead of AST nodes (noir-lang/noir#5301) ([ed815a3](ed815a3)) * Private refunds ([#7226](#7226)) ([6fafff6](6fafff6)) * Remove `dep::` prefix (noir-lang/noir#4946) ([ed815a3](ed815a3)) * Remove event selector in logs from public context ([#7192](#7192)) ([646d45a](646d45a)) * Rename struct-specific TypeDefinition -> StructDefinition (noir-lang/noir#5356) ([bb5cbab](bb5cbab)) * Run `comptime` code from annotations on a type definition (noir-lang/noir#5256) ([ed815a3](ed815a3)) * Split storage access oracles ([#7237](#7237)) ([51f7d65](51f7d65)) * **stdlib:** Update stdlib to use explicit numeric generics (noir-lang/noir#5306) ([f2abb4e](f2abb4e)) * Store shared mutable hash ([#7169](#7169)) ([868606e](868606e)) * Sync from aztec-packages (noir-lang/noir#5242) ([ed815a3](ed815a3)) * Sync from aztec-packages (noir-lang/noir#5340) ([f2abb4e](f2abb4e)) * Sync from aztec-packages (noir-lang/noir#5347) ([eb9e9f6](eb9e9f6)) * Sync from aztec-packages (noir-lang/noir#5377) ([bb5cbab](bb5cbab)) * Unconstrained variants for event emission ([#7251](#7251)) ([6d093e3](6d093e3)) * Unify unencrypted log emission and decoding ([#7232](#7232)) ([354dba2](354dba2)) * Update rebuild script ([#7225](#7225)) ([af59247](af59247)) * Use runtime loops for brillig array initialization (noir-lang/noir#5243) ([f2abb4e](f2abb4e)) * Wonky rollups ([#7189](#7189)) ([1de3746](1de3746)) ### Bug Fixes * Add more thorough check for whether a type is valid when passing it from constrained code to unconstrained code (noir-lang/noir#5009) ([ed815a3](ed815a3)) * Add support for nested arrays returned by oracles (noir-lang/noir#5132) ([ed815a3](ed815a3)) * Address compiler warnings coming from stdlib (noir-lang/noir#5351) ([eb9e9f6](eb9e9f6)) * Avoid duplicating constant arrays (noir-lang/noir#5287) ([ed815a3](ed815a3)) * Avoid panic in type system (noir-lang/noir#5332) ([f2abb4e](f2abb4e)) * Avoid unnecessarily splitting expressions with multiplication terms with a shared term (noir-lang/noir#5291) ([ed815a3](ed815a3)) * Benchmark prover e2e test with proving ([#7175](#7175)) ([431c14c](431c14c)) * Devnet deployment issues ([#7197](#7197)) ([9cf4904](9cf4904)) * Disable `if` optimization (noir-lang/noir#5240) ([ed815a3](ed815a3)) * **docs:** Historical reference library updates ([#7166](#7166)) ([b3409c4](b3409c4)) * Don't benchmark the "prove" command as it doesn't exist anymore (noir-lang/noir#5323) ([f2abb4e](f2abb4e)) * Don't lazily elaborate functions (noir-lang/noir#5282) ([ed815a3](ed815a3)) * **elaborator:** Fix duplicate methods error (noir-lang/noir#5225) ([ed815a3](ed815a3)) * **elaborator:** Fix regression introduced by lazy-global changes (noir-lang/noir#5223) ([ed815a3](ed815a3)) * Error when a local function is called in a comptime context (noir-lang/noir#5334) ([f2abb4e](f2abb4e)) * Fix authwit package ([#7204](#7204)) ([98ccd41](98ccd41)) * Fix incorrect return type being applied to stdlib functions `modulus_be_bytes()`, `modulus_be_bits()`, etc. (noir-lang/noir#5278) ([ed815a3](ed815a3)) * Fix tokenization of unquoted types in macros (noir-lang/noir#5326) ([f2abb4e](f2abb4e)) * Fix usage of `#[abi(tag)]` attribute with elaborator (noir-lang/noir#5298) ([f2abb4e](f2abb4e)) * Handle struct with nested arrays in oracle return values (noir-lang/noir#5244) ([ed815a3](ed815a3)) * Ignore calls to `Intrinsic::AsWitness` during brillig codegen (noir-lang/noir#5350) ([eb9e9f6](eb9e9f6)) * Implement generic functions in the interpreter (noir-lang/noir#5330) ([f2abb4e](f2abb4e)) * **nargo_fmt:** Account for spaces before the generic list of a function (noir-lang/noir#5303) ([ed815a3](ed815a3)) * Replace panic in monomorphization with an error (noir-lang/noir#5305) ([ed815a3](ed815a3)) * Reran pil->cpp codegen & encode_and_encrypt_event_with_randomness fix ([#7247](#7247)) ([fa15a45](fa15a45)) * Runtime brillig bigint id assignment (noir-lang/noir#5369) ([bb5cbab](bb5cbab)) * Skip emission of brillig calls which will never be executed (noir-lang/noir#5314) ([ed815a3](ed815a3)) * TS LSP being slow ([#7181](#7181)) ([e934e87](e934e87)) * Update `in_contract` flag before handling function metadata in elaborator (noir-lang/noir#5292) ([ed815a3](ed815a3)) * Use proper serialization in `AbiValue` (noir-lang/noir#5270) ([ed815a3](ed815a3)) ### Miscellaneous * `static_assert` error message fix and split into is-dynamic and is-false (noir-lang/noir#5353) ([eb9e9f6](eb9e9f6)) * Add back Pedersen blackbox functions (revert PR 5221) (noir-lang/noir#5318) ([ed815a3](ed815a3)) * Add log_hash as input in log emission in private context ([#7249](#7249)) ([8b3dfe9](8b3dfe9)) * Add no predicate to poseidon2 (noir-lang/noir#5252) ([ed815a3](ed815a3)) * Add no-predicate to hash implementations (noir-lang/noir#5253) ([ed815a3](ed815a3)) * Add property tests for ABI encoding (noir-lang/noir#5216) ([ed815a3](ed815a3)) * Address TODO in `compat.nr` (noir-lang/noir#5339) ([f2abb4e](f2abb4e)) * **avm-transpiler:** Better error messages ([#7217](#7217)) ([27051ad](27051ad)) * **avm:** Remove trailing minus zero in codegen ([#7185](#7185)) ([f3c8166](f3c8166)) * Avoid building contracts when producing gates report ([#7136](#7136)) ([25507e6](25507e6)) * Bump `bb` to 0.43.0 (noir-lang/noir#5321) ([f2abb4e](f2abb4e)) * Bundle SSA Evaluator Options (noir-lang/noir#5317) ([ed815a3](ed815a3)) * **ci:** Trigger a noir sync every morning at 8am ([#7280](#7280)) ([412c016](412c016)) * Copy across typo PR script from aztec-packages (noir-lang/noir#5235) ([ed815a3](ed815a3)) * Create separate crate just for noir artifacts (noir-lang/noir#5162) ([ed815a3](ed815a3)) * **docs:** Fixing trailing slash issue (noir-lang/noir#5233) ([ed815a3](ed815a3)) * Fix examples (noir-lang/noir#5357) ([eb9e9f6](eb9e9f6)) * Fix migration notes ([#7279](#7279)) ([51d93eb](51d93eb)) * Fix negative tests in AVM circuit for context input lookups ([#7261](#7261)) ([ad2f654](ad2f654)) * Fixing all relative paths (noir-lang/noir#5220) ([ed815a3](ed815a3)) * Generate PIL constants from via constants gen ([#7258](#7258)) ([244ef7e](244ef7e)) * Gets rid of unencrypted emit in private_context ([#7236](#7236)) ([3e6d88e](3e6d88e)) * Improve authwit comments/docs ([#7180](#7180)) ([051ab9e](051ab9e)) * Misc cleanup in simulator ([#7203](#7203)) ([eb00830](eb00830)) * Optimize the elaborator (noir-lang/noir#5230) ([ed815a3](ed815a3)) * Parse macros (noir-lang/noir#5229) ([ed815a3](ed815a3)) * Pedersen commitment in Noir (noir-lang/noir#5221) ([ed815a3](ed815a3)) * Pedersen hash in Noir (noir-lang/noir#5217) ([ed815a3](ed815a3)) * Private tail circuits ([#7148](#7148)) ([9e67e7d](9e67e7d)) * Pull out change to expression splitting from sync PR ([#7215](#7215)) ([b4f50a5](b4f50a5)) * Pull out foreign call nested array changes ([#7216](#7216)) ([1faaaf5](1faaaf5)) * Pull out noir-lang/noir[#5120](#5120) ([#7205](#7205)) ([c5dc094](c5dc094)) * Pull out pedersen generator builtin from sync PR ([#7210](#7210)) ([412f02e](412f02e)) * Pull out SSA changes from sync PR ([#7209](#7209)) ([141e137](141e137)) * Push code related to ABI gen into `noirc_driver` (noir-lang/noir#5218) ([ed815a3](ed815a3)) * Redo typo PR by dropbigfish (noir-lang/noir#5234) ([ed815a3](ed815a3)) * Refactor test case generation in build.rs (noir-lang/noir#5280) ([ed815a3](ed815a3)) * Release Noir(0.31.0) (noir-lang/noir#5166) ([ed815a3](ed815a3)) * Remove `is_unconstrained_fn` field from elaborator (noir-lang/noir#5335) ([f2abb4e](f2abb4e)) * Remove 4738 ref ([#7254](#7254)) ([97d997c](97d997c)) * Remove a log file ([#7201](#7201)) ([83bb218](83bb218)) * Remove commented code ([#7231](#7231)) ([2740d60](2740d60)) * Remove panic for unimplemented trait dispatch (noir-lang/noir#5329) ([f2abb4e](f2abb4e)) * Replace `is_bn254` implementation to not rely on truncation of literals (noir-lang/noir#5247) ([ed815a3](ed815a3)) * Replace `regression_5202` with more manageably sized program (noir-lang/noir#5345) ([eb9e9f6](eb9e9f6)) * Replace cached `in_contract` with `in_contract()` method (noir-lang/noir#5324) ([f2abb4e](f2abb4e)) * Replace logical operators with bitwise in `DebugToString` (noir-lang/noir#5236) ([ed815a3](ed815a3)) * Replace relative paths to noir-protocol-circuits ([e83b07b](e83b07b)) * Replace relative paths to noir-protocol-circuits ([eca8587](eca8587)) * Replace relative paths to noir-protocol-circuits ([b9ddf43](b9ddf43)) * Replace relative paths to noir-protocol-circuits ([6f817e8](6f817e8)) * Replace relative paths to noir-protocol-circuits ([f9bf0a4](f9bf0a4)) * Replicate noir-lang/noir[#4946](#4946) ([#7202](#7202)) ([b5c07d8](b5c07d8)) * Simplify compilation flow to write to file immediately (noir-lang/noir#5265) ([ed815a3](ed815a3)) * Split off fuzzer, abi changes and `noirc_artifacts` from sync ([#7208](#7208)) ([255d752](255d752)) * Thread generics through ACIR/brillig gen (noir-lang/noir#5120) ([ed815a3](ed815a3)) * Use `push_err` more in elaborator (noir-lang/noir#5336) ([f2abb4e](f2abb4e)) * Use options.limit as upper limit for note-getter loop ([#7253](#7253)) ([8ff669b](8ff669b)) * Use prefix op_ for every instruction in avm_trace.hpp ([#7214](#7214)) ([7ed7558](7ed7558)) * Use the elaborator by default (noir-lang/noir#5246) ([ed815a3](ed815a3)) </details> <details><summary>barretenberg: 0.45.0</summary> ## [0.45.0](barretenberg-v0.44.0...barretenberg-v0.45.0) (2024-07-02) ### Features * **avm:** Calldata gadget preliminaries ([#7227](#7227)) ([79e8588](79e8588)) * Constant Honk proof sizes ([#6954](#6954)) ([17c8d3a](17c8d3a)) * Function selector opcode in AVM ([#7244](#7244)) ([dde47e9](dde47e9)) * Update rebuild script ([#7225](#7225)) ([af59247](af59247)) ### Bug Fixes * Benchmark prover e2e test with proving ([#7175](#7175)) ([431c14c](431c14c)) * Reran pil->cpp codegen & encode_and_encrypt_event_with_randomness fix ([#7247](#7247)) ([fa15a45](fa15a45)) ### Miscellaneous * **avm:** Remove trailing minus zero in codegen ([#7185](#7185)) ([f3c8166](f3c8166)) * Fix negative tests in AVM circuit for context input lookups ([#7261](#7261)) ([ad2f654](ad2f654)) * Generate PIL constants from via constants gen ([#7258](#7258)) ([244ef7e](244ef7e)) * Use prefix op_ for every instruction in avm_trace.hpp ([#7214](#7214)) ([7ed7558](7ed7558)) </details> --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).
🤖 I have created a release *beep* *boop* --- <details><summary>aztec-package: 0.45.0</summary> ## [0.45.0](AztecProtocol/aztec-packages@aztec-package-v0.44.0...aztec-package-v0.45.0) (2024-07-02) ### Bug Fixes * Devnet deployment issues ([#7197](AztecProtocol/aztec-packages#7197)) ([9cf4904](AztecProtocol/aztec-packages@9cf4904)) </details> <details><summary>barretenberg.js: 0.45.0</summary> ## [0.45.0](AztecProtocol/aztec-packages@barretenberg.js-v0.44.0...barretenberg.js-v0.45.0) (2024-07-02) ### Miscellaneous * **barretenberg.js:** Synchronize aztec-packages versions </details> <details><summary>aztec-packages: 0.45.0</summary> ## [0.45.0](AztecProtocol/aztec-packages@aztec-packages-v0.44.0...aztec-packages-v0.45.0) (2024-07-02) ### ⚠ BREAKING CHANGES * error on too large integer value (noir-lang/noir#5371) * rename struct-specific TypeDefinition -> StructDefinition (noir-lang/noir#5356) * extend storage read oracle to receive address and block number ([#7243](AztecProtocol/aztec-packages#7243)) * split storage access oracles ([#7237](AztecProtocol/aztec-packages#7237)) * remove `dep::` prefix (noir-lang/noir#4946) ### Features * `mod.nr` entrypoint (noir-lang/noir#5039) ([bb5cbab](AztecProtocol/aztec-packages@bb5cbab)) * `static_assert` builtin (noir-lang/noir#5342) ([eb9e9f6](AztecProtocol/aztec-packages@eb9e9f6)) * Add `map`, `fold`, `reduce`, `any`, and `all` for slices (noir-lang/noir#5331) ([f2abb4e](AztecProtocol/aztec-packages@f2abb4e)) * Add `set` and `set_unchecked` methods to `Vec` and `BoundedVec` (noir-lang/noir#5241) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * Add BoundedVec::map (noir-lang/noir#5250) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * Add fuzzer for Noir programs (noir-lang/noir#5251) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * Add new lenses for encryted notes ([#7238](AztecProtocol/aztec-packages#7238)) ([c07cf2c](AztecProtocol/aztec-packages@c07cf2c)) * Add outgoing keys support to getEvents ([#7239](AztecProtocol/aztec-packages#7239)) ([77c304e](AztecProtocol/aztec-packages@77c304e)) * Add support for wildcard types (noir-lang/noir#5275) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * **avm:** Calldata gadget preliminaries ([#7227](AztecProtocol/aztec-packages#7227)) ([79e8588](AztecProtocol/aztec-packages@79e8588)) * Build simple dictionary from inspecting ACIR program (noir-lang/noir#5264) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * Constant Honk proof sizes ([#6954](AztecProtocol/aztec-packages#6954)) ([17c8d3a](AztecProtocol/aztec-packages@17c8d3a)) * Disable nargo color output if stderr is tty (noir-lang/noir#5346) ([eb9e9f6](AztecProtocol/aztec-packages@eb9e9f6)) * **docs:** Macros explainer ([#7172](AztecProtocol/aztec-packages#7172)) ([bb2ebfc](AztecProtocol/aztec-packages@bb2ebfc)) * Error on too large integer value (noir-lang/noir#5371) ([bb5cbab](AztecProtocol/aztec-packages@bb5cbab)) * Example of private token transfer event ([#7242](AztecProtocol/aztec-packages#7242)) ([99ce26f](AztecProtocol/aztec-packages@99ce26f)) * **experimental:** Implement macro calls & splicing into `Expr` values (noir-lang/noir#5203) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * Extend storage read oracle to receive address and block number ([#7243](AztecProtocol/aztec-packages#7243)) ([153b201](AztecProtocol/aztec-packages@153b201)) * **frontend:** Explicit numeric generics and type kinds (noir-lang/noir#5155) ([f2abb4e](AztecProtocol/aztec-packages@f2abb4e)) * **frontend:** Where clause on impl (noir-lang/noir#5320) ([f2abb4e](AztecProtocol/aztec-packages@f2abb4e)) * Function selector opcode in AVM ([#7244](AztecProtocol/aztec-packages#7244)) ([dde47e9](AztecProtocol/aztec-packages@dde47e9)) * Implement comptime support for `array_len` builtin (noir-lang/noir#5272) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * Implement comptime support for `as_slice` builtin (noir-lang/noir#5276) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * Insert trait impls into the program from type annotations (noir-lang/noir#5327) ([f2abb4e](AztecProtocol/aztec-packages@f2abb4e)) * Let `should_fail_with` check that the failure reason contains the expected message (noir-lang/noir#5319) ([f2abb4e](AztecProtocol/aztec-packages@f2abb4e)) * Make macros operate on token streams instead of AST nodes (noir-lang/noir#5301) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * Private refunds ([#7226](AztecProtocol/aztec-packages#7226)) ([6fafff6](AztecProtocol/aztec-packages@6fafff6)) * Remove `dep::` prefix (noir-lang/noir#4946) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * Remove event selector in logs from public context ([#7192](AztecProtocol/aztec-packages#7192)) ([646d45a](AztecProtocol/aztec-packages@646d45a)) * Rename struct-specific TypeDefinition -> StructDefinition (noir-lang/noir#5356) ([bb5cbab](AztecProtocol/aztec-packages@bb5cbab)) * Run `comptime` code from annotations on a type definition (noir-lang/noir#5256) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * Split storage access oracles ([#7237](AztecProtocol/aztec-packages#7237)) ([51f7d65](AztecProtocol/aztec-packages@51f7d65)) * **stdlib:** Update stdlib to use explicit numeric generics (noir-lang/noir#5306) ([f2abb4e](AztecProtocol/aztec-packages@f2abb4e)) * Store shared mutable hash ([#7169](AztecProtocol/aztec-packages#7169)) ([868606e](AztecProtocol/aztec-packages@868606e)) * Sync from aztec-packages (noir-lang/noir#5242) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * Sync from aztec-packages (noir-lang/noir#5340) ([f2abb4e](AztecProtocol/aztec-packages@f2abb4e)) * Sync from aztec-packages (noir-lang/noir#5347) ([eb9e9f6](AztecProtocol/aztec-packages@eb9e9f6)) * Sync from aztec-packages (noir-lang/noir#5377) ([bb5cbab](AztecProtocol/aztec-packages@bb5cbab)) * Unconstrained variants for event emission ([#7251](AztecProtocol/aztec-packages#7251)) ([6d093e3](AztecProtocol/aztec-packages@6d093e3)) * Unify unencrypted log emission and decoding ([#7232](AztecProtocol/aztec-packages#7232)) ([354dba2](AztecProtocol/aztec-packages@354dba2)) * Update rebuild script ([#7225](AztecProtocol/aztec-packages#7225)) ([af59247](AztecProtocol/aztec-packages@af59247)) * Use runtime loops for brillig array initialization (noir-lang/noir#5243) ([f2abb4e](AztecProtocol/aztec-packages@f2abb4e)) * Wonky rollups ([#7189](AztecProtocol/aztec-packages#7189)) ([1de3746](AztecProtocol/aztec-packages@1de3746)) ### Bug Fixes * Add more thorough check for whether a type is valid when passing it from constrained code to unconstrained code (noir-lang/noir#5009) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * Add support for nested arrays returned by oracles (noir-lang/noir#5132) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * Address compiler warnings coming from stdlib (noir-lang/noir#5351) ([eb9e9f6](AztecProtocol/aztec-packages@eb9e9f6)) * Avoid duplicating constant arrays (noir-lang/noir#5287) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * Avoid panic in type system (noir-lang/noir#5332) ([f2abb4e](AztecProtocol/aztec-packages@f2abb4e)) * Avoid unnecessarily splitting expressions with multiplication terms with a shared term (noir-lang/noir#5291) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * Benchmark prover e2e test with proving ([#7175](AztecProtocol/aztec-packages#7175)) ([431c14c](AztecProtocol/aztec-packages@431c14c)) * Devnet deployment issues ([#7197](AztecProtocol/aztec-packages#7197)) ([9cf4904](AztecProtocol/aztec-packages@9cf4904)) * Disable `if` optimization (noir-lang/noir#5240) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * **docs:** Historical reference library updates ([#7166](AztecProtocol/aztec-packages#7166)) ([b3409c4](AztecProtocol/aztec-packages@b3409c4)) * Don't benchmark the "prove" command as it doesn't exist anymore (noir-lang/noir#5323) ([f2abb4e](AztecProtocol/aztec-packages@f2abb4e)) * Don't lazily elaborate functions (noir-lang/noir#5282) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * **elaborator:** Fix duplicate methods error (noir-lang/noir#5225) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * **elaborator:** Fix regression introduced by lazy-global changes (noir-lang/noir#5223) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * Error when a local function is called in a comptime context (noir-lang/noir#5334) ([f2abb4e](AztecProtocol/aztec-packages@f2abb4e)) * Fix authwit package ([#7204](AztecProtocol/aztec-packages#7204)) ([98ccd41](AztecProtocol/aztec-packages@98ccd41)) * Fix incorrect return type being applied to stdlib functions `modulus_be_bytes()`, `modulus_be_bits()`, etc. (noir-lang/noir#5278) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * Fix tokenization of unquoted types in macros (noir-lang/noir#5326) ([f2abb4e](AztecProtocol/aztec-packages@f2abb4e)) * Fix usage of `#[abi(tag)]` attribute with elaborator (noir-lang/noir#5298) ([f2abb4e](AztecProtocol/aztec-packages@f2abb4e)) * Handle struct with nested arrays in oracle return values (noir-lang/noir#5244) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * Ignore calls to `Intrinsic::AsWitness` during brillig codegen (noir-lang/noir#5350) ([eb9e9f6](AztecProtocol/aztec-packages@eb9e9f6)) * Implement generic functions in the interpreter (noir-lang/noir#5330) ([f2abb4e](AztecProtocol/aztec-packages@f2abb4e)) * **nargo_fmt:** Account for spaces before the generic list of a function (noir-lang/noir#5303) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * Replace panic in monomorphization with an error (noir-lang/noir#5305) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * Reran pil->cpp codegen & encode_and_encrypt_event_with_randomness fix ([#7247](AztecProtocol/aztec-packages#7247)) ([fa15a45](AztecProtocol/aztec-packages@fa15a45)) * Runtime brillig bigint id assignment (noir-lang/noir#5369) ([bb5cbab](AztecProtocol/aztec-packages@bb5cbab)) * Skip emission of brillig calls which will never be executed (noir-lang/noir#5314) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * TS LSP being slow ([#7181](AztecProtocol/aztec-packages#7181)) ([e934e87](AztecProtocol/aztec-packages@e934e87)) * Update `in_contract` flag before handling function metadata in elaborator (noir-lang/noir#5292) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * Use proper serialization in `AbiValue` (noir-lang/noir#5270) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) ### Miscellaneous * `static_assert` error message fix and split into is-dynamic and is-false (noir-lang/noir#5353) ([eb9e9f6](AztecProtocol/aztec-packages@eb9e9f6)) * Add back Pedersen blackbox functions (revert PR 5221) (noir-lang/noir#5318) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * Add log_hash as input in log emission in private context ([#7249](AztecProtocol/aztec-packages#7249)) ([8b3dfe9](AztecProtocol/aztec-packages@8b3dfe9)) * Add no predicate to poseidon2 (noir-lang/noir#5252) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * Add no-predicate to hash implementations (noir-lang/noir#5253) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * Add property tests for ABI encoding (noir-lang/noir#5216) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * Address TODO in `compat.nr` (noir-lang/noir#5339) ([f2abb4e](AztecProtocol/aztec-packages@f2abb4e)) * **avm-transpiler:** Better error messages ([#7217](AztecProtocol/aztec-packages#7217)) ([27051ad](AztecProtocol/aztec-packages@27051ad)) * **avm:** Remove trailing minus zero in codegen ([#7185](AztecProtocol/aztec-packages#7185)) ([f3c8166](AztecProtocol/aztec-packages@f3c8166)) * Avoid building contracts when producing gates report ([#7136](AztecProtocol/aztec-packages#7136)) ([25507e6](AztecProtocol/aztec-packages@25507e6)) * Bump `bb` to 0.43.0 (noir-lang/noir#5321) ([f2abb4e](AztecProtocol/aztec-packages@f2abb4e)) * Bundle SSA Evaluator Options (noir-lang/noir#5317) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * **ci:** Trigger a noir sync every morning at 8am ([#7280](AztecProtocol/aztec-packages#7280)) ([412c016](AztecProtocol/aztec-packages@412c016)) * Copy across typo PR script from aztec-packages (noir-lang/noir#5235) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * Create separate crate just for noir artifacts (noir-lang/noir#5162) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * **docs:** Fixing trailing slash issue (noir-lang/noir#5233) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * Fix examples (noir-lang/noir#5357) ([eb9e9f6](AztecProtocol/aztec-packages@eb9e9f6)) * Fix migration notes ([#7279](AztecProtocol/aztec-packages#7279)) ([51d93eb](AztecProtocol/aztec-packages@51d93eb)) * Fix negative tests in AVM circuit for context input lookups ([#7261](AztecProtocol/aztec-packages#7261)) ([ad2f654](AztecProtocol/aztec-packages@ad2f654)) * Fixing all relative paths (noir-lang/noir#5220) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * Generate PIL constants from via constants gen ([#7258](AztecProtocol/aztec-packages#7258)) ([244ef7e](AztecProtocol/aztec-packages@244ef7e)) * Gets rid of unencrypted emit in private_context ([#7236](AztecProtocol/aztec-packages#7236)) ([3e6d88e](AztecProtocol/aztec-packages@3e6d88e)) * Improve authwit comments/docs ([#7180](AztecProtocol/aztec-packages#7180)) ([051ab9e](AztecProtocol/aztec-packages@051ab9e)) * Misc cleanup in simulator ([#7203](AztecProtocol/aztec-packages#7203)) ([eb00830](AztecProtocol/aztec-packages@eb00830)) * Optimize the elaborator (noir-lang/noir#5230) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * Parse macros (noir-lang/noir#5229) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * Pedersen commitment in Noir (noir-lang/noir#5221) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * Pedersen hash in Noir (noir-lang/noir#5217) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * Private tail circuits ([#7148](AztecProtocol/aztec-packages#7148)) ([9e67e7d](AztecProtocol/aztec-packages@9e67e7d)) * Pull out change to expression splitting from sync PR ([#7215](AztecProtocol/aztec-packages#7215)) ([b4f50a5](AztecProtocol/aztec-packages@b4f50a5)) * Pull out foreign call nested array changes ([#7216](AztecProtocol/aztec-packages#7216)) ([1faaaf5](AztecProtocol/aztec-packages@1faaaf5)) * Pull out noir-lang/noir[#5120](AztecProtocol/aztec-packages#5120) ([#7205](AztecProtocol/aztec-packages#7205)) ([c5dc094](AztecProtocol/aztec-packages@c5dc094)) * Pull out pedersen generator builtin from sync PR ([#7210](AztecProtocol/aztec-packages#7210)) ([412f02e](AztecProtocol/aztec-packages@412f02e)) * Pull out SSA changes from sync PR ([#7209](AztecProtocol/aztec-packages#7209)) ([141e137](AztecProtocol/aztec-packages@141e137)) * Push code related to ABI gen into `noirc_driver` (noir-lang/noir#5218) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * Redo typo PR by dropbigfish (noir-lang/noir#5234) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * Refactor test case generation in build.rs (noir-lang/noir#5280) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * Release Noir(0.31.0) (noir-lang/noir#5166) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * Remove `is_unconstrained_fn` field from elaborator (noir-lang/noir#5335) ([f2abb4e](AztecProtocol/aztec-packages@f2abb4e)) * Remove 4738 ref ([#7254](AztecProtocol/aztec-packages#7254)) ([97d997c](AztecProtocol/aztec-packages@97d997c)) * Remove a log file ([#7201](AztecProtocol/aztec-packages#7201)) ([83bb218](AztecProtocol/aztec-packages@83bb218)) * Remove commented code ([#7231](AztecProtocol/aztec-packages#7231)) ([2740d60](AztecProtocol/aztec-packages@2740d60)) * Remove panic for unimplemented trait dispatch (noir-lang/noir#5329) ([f2abb4e](AztecProtocol/aztec-packages@f2abb4e)) * Replace `is_bn254` implementation to not rely on truncation of literals (noir-lang/noir#5247) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * Replace `regression_5202` with more manageably sized program (noir-lang/noir#5345) ([eb9e9f6](AztecProtocol/aztec-packages@eb9e9f6)) * Replace cached `in_contract` with `in_contract()` method (noir-lang/noir#5324) ([f2abb4e](AztecProtocol/aztec-packages@f2abb4e)) * Replace logical operators with bitwise in `DebugToString` (noir-lang/noir#5236) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * Replace relative paths to noir-protocol-circuits ([e83b07b](AztecProtocol/aztec-packages@e83b07b)) * Replace relative paths to noir-protocol-circuits ([eca8587](AztecProtocol/aztec-packages@eca8587)) * Replace relative paths to noir-protocol-circuits ([b9ddf43](AztecProtocol/aztec-packages@b9ddf43)) * Replace relative paths to noir-protocol-circuits ([6f817e8](AztecProtocol/aztec-packages@6f817e8)) * Replace relative paths to noir-protocol-circuits ([f9bf0a4](AztecProtocol/aztec-packages@f9bf0a4)) * Replicate noir-lang/noir[#4946](AztecProtocol/aztec-packages#4946) ([#7202](AztecProtocol/aztec-packages#7202)) ([b5c07d8](AztecProtocol/aztec-packages@b5c07d8)) * Simplify compilation flow to write to file immediately (noir-lang/noir#5265) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * Split off fuzzer, abi changes and `noirc_artifacts` from sync ([#7208](AztecProtocol/aztec-packages#7208)) ([255d752](AztecProtocol/aztec-packages@255d752)) * Thread generics through ACIR/brillig gen (noir-lang/noir#5120) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) * Use `push_err` more in elaborator (noir-lang/noir#5336) ([f2abb4e](AztecProtocol/aztec-packages@f2abb4e)) * Use options.limit as upper limit for note-getter loop ([#7253](AztecProtocol/aztec-packages#7253)) ([8ff669b](AztecProtocol/aztec-packages@8ff669b)) * Use prefix op_ for every instruction in avm_trace.hpp ([#7214](AztecProtocol/aztec-packages#7214)) ([7ed7558](AztecProtocol/aztec-packages@7ed7558)) * Use the elaborator by default (noir-lang/noir#5246) ([ed815a3](AztecProtocol/aztec-packages@ed815a3)) </details> <details><summary>barretenberg: 0.45.0</summary> ## [0.45.0](AztecProtocol/aztec-packages@barretenberg-v0.44.0...barretenberg-v0.45.0) (2024-07-02) ### Features * **avm:** Calldata gadget preliminaries ([#7227](AztecProtocol/aztec-packages#7227)) ([79e8588](AztecProtocol/aztec-packages@79e8588)) * Constant Honk proof sizes ([#6954](AztecProtocol/aztec-packages#6954)) ([17c8d3a](AztecProtocol/aztec-packages@17c8d3a)) * Function selector opcode in AVM ([#7244](AztecProtocol/aztec-packages#7244)) ([dde47e9](AztecProtocol/aztec-packages@dde47e9)) * Update rebuild script ([#7225](AztecProtocol/aztec-packages#7225)) ([af59247](AztecProtocol/aztec-packages@af59247)) ### Bug Fixes * Benchmark prover e2e test with proving ([#7175](AztecProtocol/aztec-packages#7175)) ([431c14c](AztecProtocol/aztec-packages@431c14c)) * Reran pil->cpp codegen & encode_and_encrypt_event_with_randomness fix ([#7247](AztecProtocol/aztec-packages#7247)) ([fa15a45](AztecProtocol/aztec-packages@fa15a45)) ### Miscellaneous * **avm:** Remove trailing minus zero in codegen ([#7185](AztecProtocol/aztec-packages#7185)) ([f3c8166](AztecProtocol/aztec-packages@f3c8166)) * Fix negative tests in AVM circuit for context input lookups ([#7261](AztecProtocol/aztec-packages#7261)) ([ad2f654](AztecProtocol/aztec-packages@ad2f654)) * Generate PIL constants from via constants gen ([#7258](AztecProtocol/aztec-packages#7258)) ([244ef7e](AztecProtocol/aztec-packages@244ef7e)) * Use prefix op_ for every instruction in avm_trace.hpp ([#7214](AztecProtocol/aztec-packages#7214)) ([7ed7558](AztecProtocol/aztec-packages@7ed7558)) </details> --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).
), | ||
); | ||
|
||
await expectMapping(t.gasBalances, [privateFPC.address], [InitialPrivateFPCGas - tx.transactionFee!]); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I might be retarded but I feel like functions like expectMapping and then having complex types like export type BalancesFn = ReturnType<typeof getBalancesFn>;
in tests just makes it all hard to read.
Also not following the convention of using first capital letter for classes and not for variables in InitialPrivateFPCGas
doesn't help.
it('can do private payments and refunds', async () => { | ||
const bobKeyHash = t.bobWallet.getCompleteAddress().publicKeys.masterNullifierPublicKey.hash(); | ||
const rebateNonce = new Fr(42); | ||
const tx = await privateToken.methods |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we submit this tx just to get the tx fee? And if yes is it because we have a guarantee of the fee being constant between txs?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe it is submitted so we can test the refund flow. If we didn't submit it, the public execution that creates the refund wouldn't run.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh, got it. Will add a comment there. Thank you 🙏
This PR creates a new token contract and fee payment contract that support private refunds.
I.e. Alice pays Bob in private notes, and receives refunds in private notes within the same transaction.
This is a massive improvement over the existing PrivateFeePaymentMethod which uses an un/shield flow, which puts Alice in a never-ending loop of refunding refunds.
Note I suspect we will want to:
but the exact way forward there is not clear to me yet.
This PR also shows off some of the ugly things we need to do to get this working, like:
This PR also fixes two bugs:
This PR also has the TXE charge nominal TX fees, and basic support for a teardown function.
Side note, see https://hackmd.io/NUfIc2LJRlqL0-myhij3KQ for a cost analysis (in terms of TXEffects byte size) for different fee payment methods.
In conclusion
I vote to merge the PR roughly as is and start the discussion on how to clean the stuff up that we hate, but if someone has strong negative reactions, I'm definitely open to hearing which parts we want to tease out into individual PRs.