check nullifierSessionID on request creation

iden3 · Jan 10, 2025 · ffe4e6e · ffe4e6e
1 parent 188bb13
commit ffe4e6e
Show file tree

Hide file tree

Showing 10 changed files with 79 additions and 12 deletions.
diff --git a/contracts/interfaces/IRequestValidator.sol b/contracts/interfaces/IRequestValidator.sol
@@ -21,10 +21,12 @@ interface IRequestValidator {
      * @dev RequestParams. Information about request params from request query data.
      * @param groupID Group ID of the request query params
      * @param verifierID Verifier ID of the request query params
+     * @param nullifierSessionID NullifierSessionID of the request query params
      */
     struct RequestParams {
         uint256 groupID;
         uint256 verifierID;
+        uint256 nullifierSessionID;
     }
 
     /**
@@ -51,7 +53,7 @@ interface IRequestValidator {
     /**
      * @dev Get the request params of the request query data.
      * @param params Request query data of the credential to verify.
-     * @return Group ID of the request query data.
+     * @return RequestParams of the request query data.
      */
     function getRequestParams(bytes calldata params) external view returns (RequestParams memory);
 }
diff --git a/contracts/test-helpers/RequestValidatorAuthV2Stub.sol b/contracts/test-helpers/RequestValidatorAuthV2Stub.sol
@@ -36,6 +36,6 @@ contract RequestValidatorAuthV2Stub is IRequestValidator, ERC165 {
     function getRequestParams(
         bytes calldata
     ) external pure override returns (IRequestValidator.RequestParams memory) {
-        return IRequestValidator.RequestParams({groupID: 0, verifierID: 0});
+        return IRequestValidator.RequestParams({groupID: 0, verifierID: 0, nullifierSessionID: 0});
     }
 }
diff --git a/contracts/test-helpers/RequestValidatorV2Stub.sol b/contracts/test-helpers/RequestValidatorV2Stub.sol
@@ -38,6 +38,6 @@ contract RequestValidatorV2Stub is IRequestValidator, ERC165 {
     function getRequestParams(
         bytes calldata
     ) external pure override returns (IRequestValidator.RequestParams memory) {
-        return IRequestValidator.RequestParams({groupID: 0, verifierID: 0});
+        return IRequestValidator.RequestParams({groupID: 0, verifierID: 0, nullifierSessionID: 0});
     }
 }
diff --git a/contracts/test-helpers/RequestValidatorV3Stub.sol b/contracts/test-helpers/RequestValidatorV3Stub.sol
@@ -63,7 +63,8 @@ contract RequestValidatorV3Stub is IRequestValidator, ERC165 {
         return
             IRequestValidator.RequestParams({
                 groupID: credAtomicQuery.groupID,
-                verifierID: credAtomicQuery.verifierID
+                verifierID: credAtomicQuery.verifierID,
+                nullifierSessionID: credAtomicQuery.nullifierSessionID
             });
     }
 }
diff --git a/contracts/test-helpers/RequestValidatorV3_2Stub.sol b/contracts/test-helpers/RequestValidatorV3_2Stub.sol
@@ -63,7 +63,8 @@ contract RequestValidatorV3_2Stub is IRequestValidator, ERC165 {
         return
             IRequestValidator.RequestParams({
                 groupID: credAtomicQuery.groupID,
-                verifierID: credAtomicQuery.verifierID
+                verifierID: credAtomicQuery.verifierID,
+                nullifierSessionID: credAtomicQuery.nullifierSessionID
             });
     }
 }
diff --git a/contracts/validators/AuthV2Validator.sol b/contracts/validators/AuthV2Validator.sol
@@ -68,7 +68,7 @@ contract AuthV2Validator is CredentialAtomicQueryValidatorBase {
     function getRequestParams(
         bytes calldata
     ) external pure override returns (IRequestValidator.RequestParams memory) {
-        return IRequestValidator.RequestParams({groupID: 0, verifierID: 0});
+        return IRequestValidator.RequestParams({groupID: 0, verifierID: 0, nullifierSessionID: 0});
     }
 
     /**

diff --git a/contracts/validators/CredentialAtomicQueryV2ValidatorBase.sol b/contracts/validators/CredentialAtomicQueryV2ValidatorBase.sol
@@ -85,7 +85,7 @@ abstract contract CredentialAtomicQueryV2ValidatorBase is CredentialAtomicQueryV
     function getRequestParams(
         bytes calldata
     ) external pure override returns (IRequestValidator.RequestParams memory) {
-        return IRequestValidator.RequestParams({groupID: 0, verifierID: 0});
+        return IRequestValidator.RequestParams({groupID: 0, verifierID: 0, nullifierSessionID: 0});
     }
 
     /**

diff --git a/contracts/validators/CredentialAtomicQueryV3Validator.sol b/contracts/validators/CredentialAtomicQueryV3Validator.sol
@@ -7,6 +7,8 @@ import {GenesisUtils} from "../lib/GenesisUtils.sol";
 import {IRequestValidator} from "../interfaces/IRequestValidator.sol";
 import {IState} from "../interfaces/IState.sol";
 
+error VerifierIDNotSet();
+
 /**
  * @dev CredentialAtomicQueryV3 validator
  */
@@ -154,10 +156,14 @@ contract CredentialAtomicQueryV3Validator is CredentialAtomicQueryValidatorBase
             params,
             (CredentialAtomicQueryV3)
         );
+
+        if (credAtomicQuery.verifierID == 0) revert VerifierIDNotSet();
+
         return
             IRequestValidator.RequestParams({
                 groupID: credAtomicQuery.groupID,
-                verifierID: credAtomicQuery.verifierID
+                verifierID: credAtomicQuery.verifierID,
+                nullifierSessionID: credAtomicQuery.nullifierSessionID
             });
     }
 

diff --git a/contracts/verifiers/Verifier.sol b/contracts/verifiers/Verifier.sol
@@ -25,6 +25,7 @@ error UserIDNotLinkedToAddress(uint256 userID, address userAddress);
 error UserNotAuthenticated();
 error MetadataNotSupportedYet();
 error GroupMustHaveAtLeastTwoRequests(uint256 groupID);
+error NullifierSessionIDAlreadyExists(uint256 nullifierSessionID);
 
 abstract contract Verifier is IVerifier, ContextUpgradeable {
     /// @dev Key to retrieve the linkID from the proof storage
@@ -62,6 +63,7 @@ abstract contract Verifier is IVerifier, ContextUpgradeable {
         // Information about auth types and validators
         string[] _authTypes;
         mapping(string authType => AuthTypeData) _authMethods;
+        mapping(uint256 nullifierSessionID => uint256 requestId) _nullifierSessionIDs;
     }
 
     // solhint-disable-next-line
@@ -240,9 +242,10 @@ abstract contract Verifier is IVerifier, ContextUpgradeable {
         uint256[] memory newGroupsGroupID = new uint256[](requests.length);
         uint256[] memory newGroupsRequestCount = new uint256[](requests.length);
 
-        // 1. Check first that groupIds don't exist and keep the number of requests per group
+        // 1. Check first that groupIds don't exist and keep the number of requests per group.
         for (uint256 i = 0; i < requests.length; i++) {
             uint256 groupID = requests[i].validator.getRequestParams(requests[i].params).groupID;
+
 
             if (groupID != 0) {
                 if (groupIdExists(groupID)) {
@@ -267,8 +270,16 @@ abstract contract Verifier is IVerifier, ContextUpgradeable {
 
         _checkGroupsRequestsCount(newGroupsGroupID, newGroupsRequestCount, newGroupsCount);
 
-        // 2. Set requests checking groups
+        // 2. Set requests checking groups and nullifierSessionID uniqueness
         for (uint256 i = 0; i < requests.length; i++) {
+            uint256 nullifierSessionID = requests[i].validator.getRequestParams(requests[i].params).nullifierSessionID;
+            if (nullifierSessionID != 0) {
+                if (s._nullifierSessionIDs[nullifierSessionID] != 0) {
+                    revert NullifierSessionIDAlreadyExists(nullifierSessionID);
+                }
+                s._nullifierSessionIDs[nullifierSessionID] = requests[i].requestId;
+            }
+
             uint256 groupID = requests[i].validator.getRequestParams(requests[i].params).groupID;
 
             // request without group

diff --git a/test/verifier/universal-verifier.v3.test.ts b/test/verifier/universal-verifier.v3.test.ts
@@ -370,6 +370,15 @@ describe("Universal Verifier V3 validator", function () {
     query2.groupID = 4;
     const requestId = 36;
     const params = packV3ValidatorParams(query2);
+
+    const query3 = {
+      ...query,
+    };
+    query3.nullifierSessionID = "3";
+    query3.groupID = 4;
+    const requestId2 = 46;
+    const params2 = packV3ValidatorParams(query3);
+
     await verifier.setRequests([
       {
         requestId: requestId,
@@ -378,10 +387,10 @@ describe("Universal Verifier V3 validator", function () {
         params: params,
       },
       {
-        requestId: requestId + 10,
+        requestId: requestId2,
         metadata: "metadata",
         validator: await v3Validator.getAddress(),
-        params: params,
+        params: params2,
       },
     ]);
 
@@ -513,4 +522,41 @@ describe("Universal Verifier V3 validator", function () {
       ),
     ).to.be.rejectedWith("Generated proof is outdated");
   });
+
+  it("Test set request fails with NullifierSessionID already exists", async () => {
+    const query2 = {
+      ...query,
+    };
+    query2.groupID = 0;
+    query2.nullifierSessionID = "1";
+    const requestId = 38;
+    const params = packV3ValidatorParams(query2);
+    await verifier.setRequests([
+      {
+        requestId: requestId,
+        metadata: "metadata",
+        validator: await v3Validator.getAddress(),
+        params: params,
+      },
+    ]);
+
+    const query3 = {
+      ...query,
+    };
+    query3.groupID = 0;
+    query3.nullifierSessionID = "1";
+    const requestId2 = 39;
+    const params2 = packV3ValidatorParams(query3);
+
+    await expect(
+      verifier.setRequests([
+        {
+          requestId: requestId2,
+          metadata: "metadata",
+          validator: await v3Validator.getAddress(),
+          params: params2,
+        },
+      ]),
+    ).to.be.rejectedWith(`NullifierSessionIDAlreadyExists(${query2.nullifierSessionID})`);
+  });
 });