simple-tornado issues

withdraw is hackable!

1

I think my version is hackable because the publicSignal root in parameters of verifyProof may be different from the root in parameters of withdraw. ``` solidity function withdraw( uint256[2] memory...

johnson86tw

Mock

What exactly are the solidity "Mock" contracts inside of contracts/Mock? Thanks so much for your help!

TalDerei

compileHasher.js

3

What does this file do? And thanks for building this repo!

TalDerei

license

1

Is that software open for re-use? There's no license!

TalDerei

What if roots achieve ROOT_HISTORY_SIZE and rewrite roots[0]?

1

When roots[] achieve ROOT_HISTORY_SIZE and rewrite roots[0], does it means if there is a deposit in the original roots[0] had not been withdraw, it may be locked in the contract...

johnson86tw

nullifier is equal to hash of secret

1

- people can check isSpent() with commiment to know that the deposit is spent.

johnson86tw

cli.ts

- building a command-line tool for contract running on the hardhat network.

johnson86tw

simple-tornado
simple-tornado copied to clipboard

Metadata

withdraw is hackable!

Mock

compileHasher.js

license

What if roots achieve ROOT_HISTORY_SIZE and rewrite roots[0]?

nullifier is equal to hash of secret

cli.ts

← Metadata

Owner

Metadata

simple-tornado simple-tornado copied to clipboard

Metadata

withdraw is hackable!

Mock

compileHasher.js

license

What if roots achieve ROOT_HISTORY_SIZE and rewrite roots[0]?

nullifier is equal to hash of secret

cli.ts

← Metadata

Owner

Metadata

simple-tornado
simple-tornado copied to clipboard