chore: add security disclaimer (#45)

axiom-crypto · Sep 5, 2024 · 12ae85a · 12ae85a
1 parent e4d0c20
commit 12ae85a
Showing 1 changed file with 25 additions and 20 deletions.
diff --git a/README.md b/README.md
@@ -1,12 +1,16 @@
 # Batch WorldID proof verification with Axiom
+
 This repo implements batch verification of [WorldID](https://worldcoin.org/world-id) proofs to enable cheaper batch claims of WLD grants.
 
 It is implemented via two components:
+
 - ZK circuits for batch WorldID proof verification using Axiom's ZK circuit libraries.
 - Smart contracts implementing WLD grant claims based on batch-verified WorldID proof results.
 
 In what follows, we describe two different flows for WLD grants using this integration.
 
+**Note:** The work in this repo has not been audited and should not be deployed in production prior to additional security review.
+
 ## Worldcoin Grant Protocol
 
 We implement two versions of WLD grants based on batch verification of WorldID proofs.
@@ -26,12 +30,13 @@ The V1 grant contract supports at most `MAX_NUM_CLAIMS` at once, and receives as
 - vkeyHash - the Keccak hash of the flattened Groth16 vkey
 - numClaims - the number of claims, which should satisfy 1 <= numClaims <= MAX_NUM_CLAIMS
 - root - the WorldID root the proofs are relative to
-- grantIds_i for i = 1, ..., MAX_NUM_CLAIMS 
+- grantIds_i for i = 1, ..., MAX_NUM_CLAIMS
 - receivers_i for i = 1, ..., MAX_NUM_CLAIMS
 - nullifierHashes_i for i = 1, ..., MAX_NUM_CLAIMS
 ```
 
 The ZK proof verifies in ZK that:
+
 1. For `0 <= idx < numClaims`, there are valid WorldID proofs corresponding to `(root, claimedNullifierHashes[idx], receivers[idx], grantIds[idx])` with the given Groth16 `vkeyHash`.
 
 The V1 grants contract then:
@@ -94,39 +99,39 @@ We deployed Grant Protocol V1 on Sepolia for different claim sizes and made samp
 
 In these benchmarks, onchain costs include L1 and L2 gas. Our onchain cost estimates assume an L2 gas cost of 0.06 gwei, L1 blob base fee of 1wei, and \$3000 ETH. Our offchain cost estimates are conservative benchmarks based on on-demand AWS compute instances (`m6a.4xlarge`).
 
-| # Claims | Sepolia Address                                                                                                               | Fulfill Tx                                                                                  | L2 Gas/Claim | Proof Gas/Claim | Calldata/Claim | Onchain \$/Claim | Offchain \$/Claim |
-| -------- |  ---------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------- | ------------ | --------------- | -------------- | ----------------- | ------------------ |
-| 16       | [0x3689d27A428543100E7CeB663F55616cdE896F07](https://sepolia.etherscan.io/address/0x3689d27A428543100E7CeB663F55616cdE896F07) | [Fulfill Tx](https://sepolia.etherscan.io/tx/0xe2ac0e66a91765656e8b88d21479b03506fe246ae7d2d8ccc8ad7ce2b9f626f2) | 75K          | 23K             | 232            | \$0.0139         | \$0.0208        |
-| 32       | [0xF2EF0b7300BF2B0F0a7a310BABde640b3E74997B](https://sepolia.etherscan.io/address/0xF2EF0b7300BF2B0F0a7a310BABde640b3E74997B) | [Fulfill Tx](https://sepolia.etherscan.io/tx/0x80ccfd91b6121f5471f74c1f90dc10f3364478703be25c56f10683bcb8f4a163) | 64K          | 11K             | 164            | \$0.0118          | \$0.0181           |
-| 64       | [0xe515583983388956147277Ec7a4347964D77bFbc](https://sepolia.etherscan.io/address/0xe515583983388956147277Ec7a4347964D77bFbc) | [Fulfill Tx](https://sepolia.etherscan.io/tx/0x69b7c8fc5d09e9c989960a271105b7adf0d291174b669042732342c98a2fcde2) | 58K          | 6K              | 130            | \$0.0107          | \$0.0170           |
-| 128      | [0x0cd9558c9f3BB010F8A0ec3Fd301178e1fc925F8](https://sepolia.etherscan.io/address/0x0cd9558c9f3BB010F8A0ec3Fd301178e1fc925F8) | [Fulfill Tx](https://sepolia.etherscan.io/tx/0xc3af5876a5482edb2e348d0aa84546cf983afd6f1393954c4ce4dbc44b357e93) | 56K          | 3K              | 113            | \$0.0103          | \$0.0158           |
-| 256      | [0xa5fac0910068B7a570B0De0c2411A4185A3c3b03](https://sepolia.etherscan.io/address/0xa5fac0910068B7a570B0De0c2411A4185A3c3b03) | [Fulfill Tx](https://sepolia.etherscan.io/tx/0x70927cab3b7bed3f01958261cdcb27ef5e495394e5989ce8c4eb8d9ed1c19ebd) | 54K          | 1.4K            | 105            | \$0.0100          | \$0.0156           |
+| # Claims | Sepolia Address                                                                                                               | Fulfill Tx                                                                                                       | L2 Gas/Claim | Proof Gas/Claim | Calldata/Claim | Onchain \$/Claim | Offchain \$/Claim |
+| -------- | ----------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | ------------ | --------------- | -------------- | ---------------- | ----------------- |
+| 16       | [0x3689d27A428543100E7CeB663F55616cdE896F07](https://sepolia.etherscan.io/address/0x3689d27A428543100E7CeB663F55616cdE896F07) | [Fulfill Tx](https://sepolia.etherscan.io/tx/0xe2ac0e66a91765656e8b88d21479b03506fe246ae7d2d8ccc8ad7ce2b9f626f2) | 75K          | 23K             | 232            | \$0.0139         | \$0.0208          |
+| 32       | [0xF2EF0b7300BF2B0F0a7a310BABde640b3E74997B](https://sepolia.etherscan.io/address/0xF2EF0b7300BF2B0F0a7a310BABde640b3E74997B) | [Fulfill Tx](https://sepolia.etherscan.io/tx/0x80ccfd91b6121f5471f74c1f90dc10f3364478703be25c56f10683bcb8f4a163) | 64K          | 11K             | 164            | \$0.0118         | \$0.0181          |
+| 64       | [0xe515583983388956147277Ec7a4347964D77bFbc](https://sepolia.etherscan.io/address/0xe515583983388956147277Ec7a4347964D77bFbc) | [Fulfill Tx](https://sepolia.etherscan.io/tx/0x69b7c8fc5d09e9c989960a271105b7adf0d291174b669042732342c98a2fcde2) | 58K          | 6K              | 130            | \$0.0107         | \$0.0170          |
+| 128      | [0x0cd9558c9f3BB010F8A0ec3Fd301178e1fc925F8](https://sepolia.etherscan.io/address/0x0cd9558c9f3BB010F8A0ec3Fd301178e1fc925F8) | [Fulfill Tx](https://sepolia.etherscan.io/tx/0xc3af5876a5482edb2e348d0aa84546cf983afd6f1393954c4ce4dbc44b357e93) | 56K          | 3K              | 113            | \$0.0103         | \$0.0158          |
+| 256      | [0xa5fac0910068B7a570B0De0c2411A4185A3c3b03](https://sepolia.etherscan.io/address/0xa5fac0910068B7a570B0De0c2411A4185A3c3b03) | [Fulfill Tx](https://sepolia.etherscan.io/tx/0x70927cab3b7bed3f01958261cdcb27ef5e495394e5989ce8c4eb8d9ed1c19ebd) | 54K          | 1.4K            | 105            | \$0.0100         | \$0.0156          |
 
 ### WLD Grant Protocol V2
 
 We deployed Grant Protocol V2 on Sepolia for different sizes and made sample fulfill and claim transactions. We measured gas usage, calldata usage and off-chain costs, shown in the table below. We also show gas attributed to proof verification, which excludes gas used for WLD token transfers and other business logic.
 
 In these benchmarks, onchain costs include L1 and L2 gas. Our onchain cost estimates assume an L2 gas cost of 0.06 gwei, L1 blob base fee of 1wei, and \$3000 ETH. Our offchain cost estimates are conservative benchmarks based on on-demand AWS compute instances (`m6a.4xlarge`).
 
-| # Claims | Sepolia Address                                                                                                               | Fulfill/Claim Tx                                                                                  | L2 Gas/Claim | Proof Gas/Claim | Calldata/Claim | Onchain \$/Claim | Offchain \$/Claim |
-| -------- |  ---------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------- | ------------ | --------------- | -------------- | ----------------- | --------------- |
-| 16       | [0x0725a6d62f7d9eC34197c57Bbc34B6657e251bf9](https://sepolia.etherscan.io/address/0x0725a6d62f7d9eC34197c57Bbc34B6657e251bf9) | [Fulfill](https://sepolia.etherscan.io/tx/0x72ddab5605dfbc0277719f3920fff9ba3440a4cde0753451af85beb2b45e545f) [Claim](https://sepolia.etherscan.io/tx/0x6b04354dd7e48a32771390a481f460bfad023f0476ff397e979a810c6611c9c6) | 113K         | 23K             | 482            | \$0.0212          | \$0.0207        |
-| 32       | [0xDbef001fF19867075F02bB6Ee3D490235885AABA](https://sepolia.etherscan.io/address/0xDbef001fF19867075F02bB6Ee3D490235885AABA) | [Fulfill](https://sepolia.etherscan.io/tx/0x3e95143a9a3e590da7817067a5901a525e4c67163f062c0a29e880996f4224d5) [Claim](https://sepolia.etherscan.io/tx/0x9d46d4b4d3310f43e3117d95aa22ea3a0cdf86e90b66f4545527f1d127eee1cb) | 103K         | 11K             | 451            | \$0.0193          | \$0.0225        |
-| 64       | [0x15C11FA9f87819020ec63997e7f1FcDeb71E2420](https://sepolia.etherscan.io/address/0x15C11FA9f87819020ec63997e7f1FcDeb71E2420) | [Fulfill](https://sepolia.etherscan.io/tx/0x9363144513e4071cd542bc00bb5d9f777fe214a342ddc7d55a4eab57798ab03c) [Claim](https://sepolia.etherscan.io/tx/0x4ed1ef65afbd75e44b07655fb98aabf6c8a446b7d774a267423ba444bf0e9e39) | 98K          | 6K              | 452            | \$0.0185          | \$0.0218        |
-| 128       | [0xE43aB117477b9976fE02198299D933fdaC80E319](https://sepolia.etherscan.io/address/0xE43aB117477b9976fE02198299D933fdaC80E319) | [Fulfill](https://sepolia.etherscan.io/tx/0xfe918e2ab6adc86e2ccc3c7ba4f92c822766327cda3bc0de6269f674d3967a3a) [Claim](https://sepolia.etherscan.io/tx/0x1f999dc716bedc93c9cfc117ae09928d9771e7f57614565e5d7d2739ac664fc2) | 96K          | 3K              | 468            | \$0.0182          | \$0.0217        |
-| 8192      | [0x708151E55a73bf359A1E0cC87Ff7D88c87Db9859](https://sepolia.etherscan.io/address/0x708151E55a73bf359A1E0cC87Ff7D88c87Db9859) | [Fulfill](https://sepolia.etherscan.io/tx/0x752e89c1bc1788306aa70a5582415a9f91c76d2a0ef8b46c4ef68ab9700744de) [Claim](https://sepolia.etherscan.io/tx/0xf9c1ac7f899f2a5d3553d4e677aa91cdc805377ed649fd249191dbd3c9d6315f) | 97K          | 0.04K            | 644            | \$0.0188          | \$0.214         |
+| # Claims | Sepolia Address                                                                                                               | Fulfill/Claim Tx                                                                                                                                                                                                          | L2 Gas/Claim | Proof Gas/Claim | Calldata/Claim | Onchain \$/Claim | Offchain \$/Claim |
+| -------- | ----------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | --------------- | -------------- | ---------------- | ----------------- |
+| 16       | [0x0725a6d62f7d9eC34197c57Bbc34B6657e251bf9](https://sepolia.etherscan.io/address/0x0725a6d62f7d9eC34197c57Bbc34B6657e251bf9) | [Fulfill](https://sepolia.etherscan.io/tx/0x72ddab5605dfbc0277719f3920fff9ba3440a4cde0753451af85beb2b45e545f) [Claim](https://sepolia.etherscan.io/tx/0x6b04354dd7e48a32771390a481f460bfad023f0476ff397e979a810c6611c9c6) | 113K         | 23K             | 482            | \$0.0212         | \$0.0207          |
+| 32       | [0xDbef001fF19867075F02bB6Ee3D490235885AABA](https://sepolia.etherscan.io/address/0xDbef001fF19867075F02bB6Ee3D490235885AABA) | [Fulfill](https://sepolia.etherscan.io/tx/0x3e95143a9a3e590da7817067a5901a525e4c67163f062c0a29e880996f4224d5) [Claim](https://sepolia.etherscan.io/tx/0x9d46d4b4d3310f43e3117d95aa22ea3a0cdf86e90b66f4545527f1d127eee1cb) | 103K         | 11K             | 451            | \$0.0193         | \$0.0225          |
+| 64       | [0x15C11FA9f87819020ec63997e7f1FcDeb71E2420](https://sepolia.etherscan.io/address/0x15C11FA9f87819020ec63997e7f1FcDeb71E2420) | [Fulfill](https://sepolia.etherscan.io/tx/0x9363144513e4071cd542bc00bb5d9f777fe214a342ddc7d55a4eab57798ab03c) [Claim](https://sepolia.etherscan.io/tx/0x4ed1ef65afbd75e44b07655fb98aabf6c8a446b7d774a267423ba444bf0e9e39) | 98K          | 6K              | 452            | \$0.0185         | \$0.0218          |
+| 128      | [0xE43aB117477b9976fE02198299D933fdaC80E319](https://sepolia.etherscan.io/address/0xE43aB117477b9976fE02198299D933fdaC80E319) | [Fulfill](https://sepolia.etherscan.io/tx/0xfe918e2ab6adc86e2ccc3c7ba4f92c822766327cda3bc0de6269f674d3967a3a) [Claim](https://sepolia.etherscan.io/tx/0x1f999dc716bedc93c9cfc117ae09928d9771e7f57614565e5d7d2739ac664fc2) | 96K          | 3K              | 468            | \$0.0182         | \$0.0217          |
+| 8192     | [0x708151E55a73bf359A1E0cC87Ff7D88c87Db9859](https://sepolia.etherscan.io/address/0x708151E55a73bf359A1E0cC87Ff7D88c87Db9859) | [Fulfill](https://sepolia.etherscan.io/tx/0x752e89c1bc1788306aa70a5582415a9f91c76d2a0ef8b46c4ef68ab9700744de) [Claim](https://sepolia.etherscan.io/tx/0xf9c1ac7f899f2a5d3553d4e677aa91cdc805377ed649fd249191dbd3c9d6315f) | 97K          | 0.04K           | 644            | \$0.0188         | \$0.214           |
 
 For a given batch size, V2 consumes more gas than V1 per claim due to the additional claim transaction. As the batch size increases, the calldata per claim mostly decreases, reaching its minimum when the batch size is 32. After that the calldata per claim starts to increase due to increased calldata usage from the claim transaction.
 
 ### External Contracts for Testing
 
 We deployed the following other contracts to mock different aspects of the Worldcoin system on Sepolia and run the integration into Axiom.
 
-| Name              | Sepolia Address                                                                                                               | Description                                                                                                                                                                           |
-| ----------------- | ----------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| WLDMock           | [0xe93D97b0Bd30bD61a9D02B0A471DbB329D5d1fd8](https://sepolia.etherscan.io/address/0xe93D97b0Bd30bD61a9D02B0A471DbB329D5d1fd8) | An ERC20 contract which mocks the WLD contract                                                                                                                                        |
-| RootValidatorMock | [0x9c06c3F1deecb530857127009EBE7d112ecd0E3F](https://sepolia.etherscan.io/address/0x9c06c3F1deecb530857127009EBE7d112ecd0E3F) | A contract which implements the `IRootValidator` interface and never reverts on the the `requireValidRoot` call                                                                       |
-| GrantMock         | [0x5d1F6aDfff773A2146f1f3c947Ddad1945103DaC](https://sepolia.etherscan.io/address/0x5d1F6aDfff773A2146f1f3c947Ddad1945103DaC) | A contract which implements the `IGrant` interface and nver reverts on the `checkValidity` call                                                                                       |
+| Name              | Sepolia Address                                                                                                               | Description                                                                                                     |
+| ----------------- | ----------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------- |
+| WLDMock           | [0xe93D97b0Bd30bD61a9D02B0A471DbB329D5d1fd8](https://sepolia.etherscan.io/address/0xe93D97b0Bd30bD61a9D02B0A471DbB329D5d1fd8) | An ERC20 contract which mocks the WLD contract                                                                  |
+| RootValidatorMock | [0x9c06c3F1deecb530857127009EBE7d112ecd0E3F](https://sepolia.etherscan.io/address/0x9c06c3F1deecb530857127009EBE7d112ecd0E3F) | A contract which implements the `IRootValidator` interface and never reverts on the the `requireValidRoot` call |
+| GrantMock         | [0x5d1F6aDfff773A2146f1f3c947Ddad1945103DaC](https://sepolia.etherscan.io/address/0x5d1F6aDfff773A2146f1f3c947Ddad1945103DaC) | A contract which implements the `IGrant` interface and nver reverts on the `checkValidity` call                 |
 
 ## Development and Testing