Skip to content

Commit 5c7f28b

Browse files
committed
fix: remove redundant to/memo from DecryptionData
The `to` and `memo` fields in `DecryptionData` were redundant: the on-chain `ZoneInbox` already decrypts the ciphertext via AES-256-GCM and can derive these values directly from the plaintext. Remove them from the struct and use the decrypted values on-chain instead of comparing against sequencer-supplied duplicates. Saves 52 bytes of calldata per encrypted deposit (20-byte address + 32-byte memo). Closes #357 Made-with: Cursor
1 parent 7750a4b commit 5c7f28b

13 files changed

Lines changed: 577 additions & 122 deletions

File tree

crates/primitives/src/abi.rs

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -378,12 +378,11 @@ macro_rules! define_abi {
378378
}
379379

380380
/// Decryption data provided by the sequencer for encrypted deposits.
381+
/// The decrypted (to, memo) are derived on-chain from the AES-GCM decryption.
381382
#[derive(Debug)]
382383
struct DecryptionData {
383384
bytes32 sharedSecret;
384385
uint8 sharedSecretYParity;
385-
address to;
386-
bytes32 memo;
387386
ChaumPedersenProof cpProof;
388387
}
389388

crates/tempo-zone/src/builder.rs

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -690,8 +690,6 @@ mod tests {
690690
decryptions: vec![abi::DecryptionData {
691691
sharedSecret: B256::ZERO,
692692
sharedSecretYParity: 0x02,
693-
to: sender,
694-
memo: B256::ZERO,
695693
cpProof: abi::ChaumPedersenProof {
696694
s: B256::ZERO,
697695
c: B256::ZERO,

crates/tempo-zone/src/l1.rs

Lines changed: 5 additions & 40 deletions
Original file line numberDiff line numberDiff line change
@@ -1124,7 +1124,7 @@ impl L1BlockDeposits {
11241124
self,
11251125
sequencer_key: &k256::SecretKey,
11261126
portal_address: Address,
1127-
policy_provider: &crate::l1_state::PolicyProvider,
1127+
_policy_provider: &crate::l1_state::PolicyProvider,
11281128
) -> eyre::Result<PreparedL1Block> {
11291129
use crate::precompiles::ecies;
11301130

@@ -1190,46 +1190,15 @@ impl L1BlockDeposits {
11901190
recipient = %dec.to,
11911191
token = %d.token,
11921192
amount = %d.amount,
1193-
"Decrypted encrypted deposit, checking policy"
1193+
"Decrypted encrypted deposit"
11941194
);
11951195

1196-
// Check TIP-403 policy via the provider (cache-first, RPC fallback).
1197-
// Errors are propagated so the engine retries rather than allowing
1198-
// unauthorized deposits through.
1199-
let authorized = policy_provider
1200-
.is_authorized_async(
1201-
d.token,
1202-
dec.to,
1203-
l1_block_number,
1204-
crate::l1_state::AuthRole::MintRecipient,
1205-
)
1206-
.await?;
1207-
1208-
let recipient = if authorized {
1209-
debug!(
1210-
target: "zone::engine",
1211-
recipient = %dec.to,
1212-
token = %d.token,
1213-
"Policy authorized encrypted deposit recipient"
1214-
);
1215-
dec.to
1216-
} else {
1217-
warn!(
1218-
target: "zone::engine",
1219-
sender = %d.sender,
1220-
recipient = %dec.to,
1221-
token = %d.token,
1222-
amount = %d.amount,
1223-
"Encrypted deposit recipient unauthorized, redirecting to sender"
1224-
);
1225-
d.sender
1226-
};
1227-
1196+
// TIP-403 policy enforcement happens on-chain: ZoneInbox
1197+
// wraps the mint in try/catch and falls back to crediting
1198+
// the depositor if the recipient is unauthorized.
12281199
let decryption = abi::DecryptionData {
12291200
sharedSecret: dec.proof.shared_secret,
12301201
sharedSecretYParity: dec.proof.shared_secret_y_parity,
1231-
to: recipient,
1232-
memo: dec.memo,
12331202
cpProof: abi::ChaumPedersenProof {
12341203
s: dec.proof.cp_proof_s,
12351204
c: dec.proof.cp_proof_c,
@@ -1257,8 +1226,6 @@ impl L1BlockDeposits {
12571226
let decryption = abi::DecryptionData {
12581227
sharedSecret: proof.shared_secret,
12591228
sharedSecretYParity: proof.shared_secret_y_parity,
1260-
to: d.sender,
1261-
memo: B256::ZERO,
12621229
cpProof: abi::ChaumPedersenProof {
12631230
s: proof.cp_proof_s,
12641231
c: proof.cp_proof_c,
@@ -1278,8 +1245,6 @@ impl L1BlockDeposits {
12781245
let decryption = abi::DecryptionData {
12791246
sharedSecret: B256::ZERO,
12801247
sharedSecretYParity: 0x02,
1281-
to: d.sender,
1282-
memo: B256::ZERO,
12831248
cpProof: abi::ChaumPedersenProof {
12841249
s: B256::ZERO,
12851250
c: B256::ZERO,

crates/tempo-zone/tests/advance_tempo.rs

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -38,8 +38,6 @@ sol! {
3838
struct DecryptionData {
3939
bytes32 sharedSecret;
4040
uint8 sharedSecretYParity;
41-
address to;
42-
bytes32 memo;
4341
ChaumPedersenProof cpProof;
4442
}
4543
}

crates/tempo-zone/tests/assets/zone-test-genesis.json

Lines changed: 139 additions & 1 deletion
Large diffs are not rendered by default.

0 commit comments

Comments
 (0)