Skip to content

Wire UnlinkPool deposit body#63

Merged
Th0rgal merged 1 commit into
mainfrom
codex/unlink-pool-deposit-body
May 14, 2026
Merged

Wire UnlinkPool deposit body#63
Th0rgal merged 1 commit into
mainfrom
codex/unlink-pool-deposit-body

Conversation

@Th0rgal
Copy link
Copy Markdown
Member

@Th0rgal Th0rgal commented May 14, 2026
edited by cursor Bot
Loading

Summary

  • add the UnlinkPool deposit body with source-shaped Note[]/Ciphertext[] validation and Deposited event emission
  • add a benchmark-local ECM for keccak256(abi.encode(notes, ciphertexts)) so the deposit witness shape matches Solidity
  • keep Permit2 routed through the assumed linked external boundary and update the case manifest notes now that deposit is wired

Verification

  • git diff --check
  • lake build Benchmark.Cases.UnlinkXyz.Pool.Compile

Note

Medium Risk
Adds a full deposit execution path including calldata validation, witness hashing, external Permit2 transfer call, and state updates/events; mistakes could break deposits or balance accounting. Risk is mitigated by explicit checks, but it touches critical value-transfer flow and hashing layout assumptions.

Overview
Wires the UnlinkPool.deposit entry point end-to-end, including Note[]/Ciphertext[] length checks, per-note field validation, leaf hashing/collection, leaf insertion, and emitting the source-shaped Deposited event payload.

Introduces a benchmark-local ECM (abiEncodeTwoStaticArraysModule) to compute keccak256(abi.encode(notes, ciphertexts)) so the deposit EIP-712 witness matches Solidity, and adds Permit2 structs plus a new linked external permitWitnessTransferFrom call with balance-delta checks.

Updates the case manifest narrative to reflect that deposit is now wired while keeping Permit2 and LazyIMT insertion as assumed boundaries.

Reviewed by Cursor Bugbot for commit 92a55ad. Bugbot is set up for automated code reviews on this repo. Configure here.

@Th0rgal Th0rgal merged commit d2b9229 into main May 14, 2026
3 checks passed
@Th0rgal Th0rgal deleted the codex/unlink-pool-deposit-body branch May 14, 2026 22:20
cursor[bot]
cursor Bot reviewed May 14, 2026
View reviewed changes
Copy link
Copy Markdown

@cursor cursor Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit 92a55ad. Configure here.

Comment thread Benchmark/Cases/UnlinkXyz/Pool/Contract.lean
requireError ((amount != 0) &&
(amount <=
100000000000000000000000000000000000000000000000000000000000000000000))
PoolInvalidNoteAmount()
Copy link
Copy Markdown

@cursor cursor Bot May 14, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Amount validation uses wrong constant value

High Severity

The validateNoteFields amount upper bound is 10^68 (a 69-digit number), but Specs.lean defines PoolConstants.MAX_NOTE_VALUE as 2^120 - 1 (= 1329227995784915872903807060280344575, a 37-digit number) with the comment "Output note values are circuit-bounded to 120 bits." The literal used here is approximately 2^226, making the validation roughly 10^32 times more permissive than the source contract's circuit-bounded limit.

Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit 92a55ad. Configure here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Th0rgal