From c82a7e6d53aa9b07a674840e7a21bdbe805b03f4 Mon Sep 17 00:00:00 2001 From: Yi Sun Date: Thu, 5 Sep 2024 11:04:44 -0400 Subject: [PATCH] chore: add security disclaimer --- README.md | 45 +++++++++++++++++++++++++-------------------- 1 file changed, 25 insertions(+), 20 deletions(-) diff --git a/README.md b/README.md index db3ad26..fdb98c9 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,16 @@ # Batch WorldID proof verification with Axiom + This repo implements batch verification of [WorldID](https://worldcoin.org/world-id) proofs to enable cheaper batch claims of WLD grants. It is implemented via two components: + - ZK circuits for batch WorldID proof verification using Axiom's ZK circuit libraries. - Smart contracts implementing WLD grant claims based on batch-verified WorldID proof results. In what follows, we describe two different flows for WLD grants using this integration. +**Note:** The work in this repo has not been audited and should not be deployed in production prior to additional security review. + ## Worldcoin Grant Protocol We implement two versions of WLD grants based on batch verification of WorldID proofs. @@ -26,12 +30,13 @@ The V1 grant contract supports at most `MAX_NUM_CLAIMS` at once, and receives as - vkeyHash - the Keccak hash of the flattened Groth16 vkey - numClaims - the number of claims, which should satisfy 1 <= numClaims <= MAX_NUM_CLAIMS - root - the WorldID root the proofs are relative to -- grantIds_i for i = 1, ..., MAX_NUM_CLAIMS +- grantIds_i for i = 1, ..., MAX_NUM_CLAIMS - receivers_i for i = 1, ..., MAX_NUM_CLAIMS - nullifierHashes_i for i = 1, ..., MAX_NUM_CLAIMS ``` The ZK proof verifies in ZK that: + 1. For `0 <= idx < numClaims`, there are valid WorldID proofs corresponding to `(root, claimedNullifierHashes[idx], receivers[idx], grantIds[idx])` with the given Groth16 `vkeyHash`. The V1 grants contract then: @@ -94,13 +99,13 @@ We deployed Grant Protocol V1 on Sepolia for different claim sizes and made samp In these benchmarks, onchain costs include L1 and L2 gas. Our onchain cost estimates assume an L2 gas cost of 0.06 gwei, L1 blob base fee of 1wei, and \$3000 ETH. Our offchain cost estimates are conservative benchmarks based on on-demand AWS compute instances (`m6a.4xlarge`). -| # Claims | Sepolia Address | Fulfill Tx | L2 Gas/Claim | Proof Gas/Claim | Calldata/Claim | Onchain \$/Claim | Offchain \$/Claim | -| -------- | ---------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------- | ------------ | --------------- | -------------- | ----------------- | ------------------ | -| 16 | [0x3689d27A428543100E7CeB663F55616cdE896F07](https://sepolia.etherscan.io/address/0x3689d27A428543100E7CeB663F55616cdE896F07) | [Fulfill Tx](https://sepolia.etherscan.io/tx/0xe2ac0e66a91765656e8b88d21479b03506fe246ae7d2d8ccc8ad7ce2b9f626f2) | 75K | 23K | 232 | \$0.0139 | \$0.0208 | -| 32 | [0xF2EF0b7300BF2B0F0a7a310BABde640b3E74997B](https://sepolia.etherscan.io/address/0xF2EF0b7300BF2B0F0a7a310BABde640b3E74997B) | [Fulfill Tx](https://sepolia.etherscan.io/tx/0x80ccfd91b6121f5471f74c1f90dc10f3364478703be25c56f10683bcb8f4a163) | 64K | 11K | 164 | \$0.0118 | \$0.0181 | -| 64 | [0xe515583983388956147277Ec7a4347964D77bFbc](https://sepolia.etherscan.io/address/0xe515583983388956147277Ec7a4347964D77bFbc) | [Fulfill Tx](https://sepolia.etherscan.io/tx/0x69b7c8fc5d09e9c989960a271105b7adf0d291174b669042732342c98a2fcde2) | 58K | 6K | 130 | \$0.0107 | \$0.0170 | -| 128 | [0x0cd9558c9f3BB010F8A0ec3Fd301178e1fc925F8](https://sepolia.etherscan.io/address/0x0cd9558c9f3BB010F8A0ec3Fd301178e1fc925F8) | [Fulfill Tx](https://sepolia.etherscan.io/tx/0xc3af5876a5482edb2e348d0aa84546cf983afd6f1393954c4ce4dbc44b357e93) | 56K | 3K | 113 | \$0.0103 | \$0.0158 | -| 256 | [0xa5fac0910068B7a570B0De0c2411A4185A3c3b03](https://sepolia.etherscan.io/address/0xa5fac0910068B7a570B0De0c2411A4185A3c3b03) | [Fulfill Tx](https://sepolia.etherscan.io/tx/0x70927cab3b7bed3f01958261cdcb27ef5e495394e5989ce8c4eb8d9ed1c19ebd) | 54K | 1.4K | 105 | \$0.0100 | \$0.0156 | +| # Claims | Sepolia Address | Fulfill Tx | L2 Gas/Claim | Proof Gas/Claim | Calldata/Claim | Onchain \$/Claim | Offchain \$/Claim | +| -------- | ----------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | ------------ | --------------- | -------------- | ---------------- | ----------------- | +| 16 | [0x3689d27A428543100E7CeB663F55616cdE896F07](https://sepolia.etherscan.io/address/0x3689d27A428543100E7CeB663F55616cdE896F07) | [Fulfill Tx](https://sepolia.etherscan.io/tx/0xe2ac0e66a91765656e8b88d21479b03506fe246ae7d2d8ccc8ad7ce2b9f626f2) | 75K | 23K | 232 | \$0.0139 | \$0.0208 | +| 32 | [0xF2EF0b7300BF2B0F0a7a310BABde640b3E74997B](https://sepolia.etherscan.io/address/0xF2EF0b7300BF2B0F0a7a310BABde640b3E74997B) | [Fulfill Tx](https://sepolia.etherscan.io/tx/0x80ccfd91b6121f5471f74c1f90dc10f3364478703be25c56f10683bcb8f4a163) | 64K | 11K | 164 | \$0.0118 | \$0.0181 | +| 64 | [0xe515583983388956147277Ec7a4347964D77bFbc](https://sepolia.etherscan.io/address/0xe515583983388956147277Ec7a4347964D77bFbc) | [Fulfill Tx](https://sepolia.etherscan.io/tx/0x69b7c8fc5d09e9c989960a271105b7adf0d291174b669042732342c98a2fcde2) | 58K | 6K | 130 | \$0.0107 | \$0.0170 | +| 128 | [0x0cd9558c9f3BB010F8A0ec3Fd301178e1fc925F8](https://sepolia.etherscan.io/address/0x0cd9558c9f3BB010F8A0ec3Fd301178e1fc925F8) | [Fulfill Tx](https://sepolia.etherscan.io/tx/0xc3af5876a5482edb2e348d0aa84546cf983afd6f1393954c4ce4dbc44b357e93) | 56K | 3K | 113 | \$0.0103 | \$0.0158 | +| 256 | [0xa5fac0910068B7a570B0De0c2411A4185A3c3b03](https://sepolia.etherscan.io/address/0xa5fac0910068B7a570B0De0c2411A4185A3c3b03) | [Fulfill Tx](https://sepolia.etherscan.io/tx/0x70927cab3b7bed3f01958261cdcb27ef5e495394e5989ce8c4eb8d9ed1c19ebd) | 54K | 1.4K | 105 | \$0.0100 | \$0.0156 | ### WLD Grant Protocol V2 @@ -108,13 +113,13 @@ We deployed Grant Protocol V2 on Sepolia for different sizes and made sample ful In these benchmarks, onchain costs include L1 and L2 gas. Our onchain cost estimates assume an L2 gas cost of 0.06 gwei, L1 blob base fee of 1wei, and \$3000 ETH. Our offchain cost estimates are conservative benchmarks based on on-demand AWS compute instances (`m6a.4xlarge`). -| # Claims | Sepolia Address | Fulfill/Claim Tx | L2 Gas/Claim | Proof Gas/Claim | Calldata/Claim | Onchain \$/Claim | Offchain \$/Claim | -| -------- | ---------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------- | ------------ | --------------- | -------------- | ----------------- | --------------- | -| 16 | [0x0725a6d62f7d9eC34197c57Bbc34B6657e251bf9](https://sepolia.etherscan.io/address/0x0725a6d62f7d9eC34197c57Bbc34B6657e251bf9) | [Fulfill](https://sepolia.etherscan.io/tx/0x72ddab5605dfbc0277719f3920fff9ba3440a4cde0753451af85beb2b45e545f) [Claim](https://sepolia.etherscan.io/tx/0x6b04354dd7e48a32771390a481f460bfad023f0476ff397e979a810c6611c9c6) | 113K | 23K | 482 | \$0.0212 | \$0.0207 | -| 32 | [0xDbef001fF19867075F02bB6Ee3D490235885AABA](https://sepolia.etherscan.io/address/0xDbef001fF19867075F02bB6Ee3D490235885AABA) | [Fulfill](https://sepolia.etherscan.io/tx/0x3e95143a9a3e590da7817067a5901a525e4c67163f062c0a29e880996f4224d5) [Claim](https://sepolia.etherscan.io/tx/0x9d46d4b4d3310f43e3117d95aa22ea3a0cdf86e90b66f4545527f1d127eee1cb) | 103K | 11K | 451 | \$0.0193 | \$0.0225 | -| 64 | [0x15C11FA9f87819020ec63997e7f1FcDeb71E2420](https://sepolia.etherscan.io/address/0x15C11FA9f87819020ec63997e7f1FcDeb71E2420) | [Fulfill](https://sepolia.etherscan.io/tx/0x9363144513e4071cd542bc00bb5d9f777fe214a342ddc7d55a4eab57798ab03c) [Claim](https://sepolia.etherscan.io/tx/0x4ed1ef65afbd75e44b07655fb98aabf6c8a446b7d774a267423ba444bf0e9e39) | 98K | 6K | 452 | \$0.0185 | \$0.0218 | -| 128 | [0xE43aB117477b9976fE02198299D933fdaC80E319](https://sepolia.etherscan.io/address/0xE43aB117477b9976fE02198299D933fdaC80E319) | [Fulfill](https://sepolia.etherscan.io/tx/0xfe918e2ab6adc86e2ccc3c7ba4f92c822766327cda3bc0de6269f674d3967a3a) [Claim](https://sepolia.etherscan.io/tx/0x1f999dc716bedc93c9cfc117ae09928d9771e7f57614565e5d7d2739ac664fc2) | 96K | 3K | 468 | \$0.0182 | \$0.0217 | -| 8192 | [0x708151E55a73bf359A1E0cC87Ff7D88c87Db9859](https://sepolia.etherscan.io/address/0x708151E55a73bf359A1E0cC87Ff7D88c87Db9859) | [Fulfill](https://sepolia.etherscan.io/tx/0x752e89c1bc1788306aa70a5582415a9f91c76d2a0ef8b46c4ef68ab9700744de) [Claim](https://sepolia.etherscan.io/tx/0xf9c1ac7f899f2a5d3553d4e677aa91cdc805377ed649fd249191dbd3c9d6315f) | 97K | 0.04K | 644 | \$0.0188 | \$0.214 | +| # Claims | Sepolia Address | Fulfill/Claim Tx | L2 Gas/Claim | Proof Gas/Claim | Calldata/Claim | Onchain \$/Claim | Offchain \$/Claim | +| -------- | ----------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | --------------- | -------------- | ---------------- | ----------------- | +| 16 | [0x0725a6d62f7d9eC34197c57Bbc34B6657e251bf9](https://sepolia.etherscan.io/address/0x0725a6d62f7d9eC34197c57Bbc34B6657e251bf9) | [Fulfill](https://sepolia.etherscan.io/tx/0x72ddab5605dfbc0277719f3920fff9ba3440a4cde0753451af85beb2b45e545f) [Claim](https://sepolia.etherscan.io/tx/0x6b04354dd7e48a32771390a481f460bfad023f0476ff397e979a810c6611c9c6) | 113K | 23K | 482 | \$0.0212 | \$0.0207 | +| 32 | [0xDbef001fF19867075F02bB6Ee3D490235885AABA](https://sepolia.etherscan.io/address/0xDbef001fF19867075F02bB6Ee3D490235885AABA) | [Fulfill](https://sepolia.etherscan.io/tx/0x3e95143a9a3e590da7817067a5901a525e4c67163f062c0a29e880996f4224d5) [Claim](https://sepolia.etherscan.io/tx/0x9d46d4b4d3310f43e3117d95aa22ea3a0cdf86e90b66f4545527f1d127eee1cb) | 103K | 11K | 451 | \$0.0193 | \$0.0225 | +| 64 | [0x15C11FA9f87819020ec63997e7f1FcDeb71E2420](https://sepolia.etherscan.io/address/0x15C11FA9f87819020ec63997e7f1FcDeb71E2420) | [Fulfill](https://sepolia.etherscan.io/tx/0x9363144513e4071cd542bc00bb5d9f777fe214a342ddc7d55a4eab57798ab03c) [Claim](https://sepolia.etherscan.io/tx/0x4ed1ef65afbd75e44b07655fb98aabf6c8a446b7d774a267423ba444bf0e9e39) | 98K | 6K | 452 | \$0.0185 | \$0.0218 | +| 128 | [0xE43aB117477b9976fE02198299D933fdaC80E319](https://sepolia.etherscan.io/address/0xE43aB117477b9976fE02198299D933fdaC80E319) | [Fulfill](https://sepolia.etherscan.io/tx/0xfe918e2ab6adc86e2ccc3c7ba4f92c822766327cda3bc0de6269f674d3967a3a) [Claim](https://sepolia.etherscan.io/tx/0x1f999dc716bedc93c9cfc117ae09928d9771e7f57614565e5d7d2739ac664fc2) | 96K | 3K | 468 | \$0.0182 | \$0.0217 | +| 8192 | [0x708151E55a73bf359A1E0cC87Ff7D88c87Db9859](https://sepolia.etherscan.io/address/0x708151E55a73bf359A1E0cC87Ff7D88c87Db9859) | [Fulfill](https://sepolia.etherscan.io/tx/0x752e89c1bc1788306aa70a5582415a9f91c76d2a0ef8b46c4ef68ab9700744de) [Claim](https://sepolia.etherscan.io/tx/0xf9c1ac7f899f2a5d3553d4e677aa91cdc805377ed649fd249191dbd3c9d6315f) | 97K | 0.04K | 644 | \$0.0188 | \$0.214 | For a given batch size, V2 consumes more gas than V1 per claim due to the additional claim transaction. As the batch size increases, the calldata per claim mostly decreases, reaching its minimum when the batch size is 32. After that the calldata per claim starts to increase due to increased calldata usage from the claim transaction. @@ -122,11 +127,11 @@ For a given batch size, V2 consumes more gas than V1 per claim due to the additi We deployed the following other contracts to mock different aspects of the Worldcoin system on Sepolia and run the integration into Axiom. -| Name | Sepolia Address | Description | -| ----------------- | ----------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| WLDMock | [0xe93D97b0Bd30bD61a9D02B0A471DbB329D5d1fd8](https://sepolia.etherscan.io/address/0xe93D97b0Bd30bD61a9D02B0A471DbB329D5d1fd8) | An ERC20 contract which mocks the WLD contract | -| RootValidatorMock | [0x9c06c3F1deecb530857127009EBE7d112ecd0E3F](https://sepolia.etherscan.io/address/0x9c06c3F1deecb530857127009EBE7d112ecd0E3F) | A contract which implements the `IRootValidator` interface and never reverts on the the `requireValidRoot` call | -| GrantMock | [0x5d1F6aDfff773A2146f1f3c947Ddad1945103DaC](https://sepolia.etherscan.io/address/0x5d1F6aDfff773A2146f1f3c947Ddad1945103DaC) | A contract which implements the `IGrant` interface and nver reverts on the `checkValidity` call | +| Name | Sepolia Address | Description | +| ----------------- | ----------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------- | +| WLDMock | [0xe93D97b0Bd30bD61a9D02B0A471DbB329D5d1fd8](https://sepolia.etherscan.io/address/0xe93D97b0Bd30bD61a9D02B0A471DbB329D5d1fd8) | An ERC20 contract which mocks the WLD contract | +| RootValidatorMock | [0x9c06c3F1deecb530857127009EBE7d112ecd0E3F](https://sepolia.etherscan.io/address/0x9c06c3F1deecb530857127009EBE7d112ecd0E3F) | A contract which implements the `IRootValidator` interface and never reverts on the the `requireValidRoot` call | +| GrantMock | [0x5d1F6aDfff773A2146f1f3c947Ddad1945103DaC](https://sepolia.etherscan.io/address/0x5d1F6aDfff773A2146f1f3c947Ddad1945103DaC) | A contract which implements the `IGrant` interface and nver reverts on the `checkValidity` call | ## Development and Testing