diff --git a/aztec/src/context/private_context.nr b/aztec/src/context/private_context.nr index d5b4de0..48d0df3 100644 --- a/aztec/src/context/private_context.nr +++ b/aztec/src/context/private_context.nr @@ -268,8 +268,8 @@ impl PrivateContext { // validate that we siloed secret key corresponds to correct siloing of the master secret key that hashes // to `pk_m_hash`. - /// Safety: Kernels verify that the key validation request is valid and below we verify that a request - /// for the correct public key has been received. + // Safety: Kernels verify that the key validation request is valid and below we verify that a request + // for the correct public key has been received. let request = unsafe { get_key_validation_request(pk_m_hash, key_index) }; assert_eq(request.pk_m.hash(), pk_m_hash, "Obtained invalid key validation request"); @@ -391,11 +391,11 @@ impl PrivateContext { let mut is_static_call = is_static_call | self.inputs.call_context.is_static_call; let start_side_effect_counter = self.side_effect_counter; - /// Safety: The oracle simulates the private call and returns the value of the side effects counter after - /// execution of the call (which means that end_side_effect_counter - start_side_effect_counter is - /// the number of side effects that took place), along with the hash of the return values. We validate these - /// by requesting a private kernel iteration in which the return values are constrained to hash - /// to `returns_hash` and the side effects counter to increment from start to end. + // Safety: The oracle simulates the private call and returns the value of the side effects counter after + // execution of the call (which means that end_side_effect_counter - start_side_effect_counter is + // the number of side effects that took place), along with the hash of the return values. We validate these + // by requesting a private kernel iteration in which the return values are constrained to hash + // to `returns_hash` and the side effects counter to increment from start to end. let (end_side_effect_counter, returns_hash) = unsafe { call_private_function_internal( contract_address, @@ -494,12 +494,12 @@ impl PrivateContext { let counter = self.next_counter(); let mut is_static_call = is_static_call | self.inputs.call_context.is_static_call; - /// Safety: TODO(https://github.com/AztecProtocol/aztec-packages/issues/8985): Fix this. - /// WARNING: This is insecure and should be temporary! - /// The oracle hashes the arguments and returns a new args_hash. - /// new_args = [selector, ...old_args], so as to make it suitable to call the public dispatch function. - /// We don't validate or compute it in the circuit because a) it's harder to do with slices, and - /// b) this is only temporary. + // Safety: TODO(https://github.com/AztecProtocol/aztec-packages/issues/8985): Fix this. + // WARNING: This is insecure and should be temporary! + // The oracle hashes the arguments and returns a new args_hash. + // new_args = [selector, ...old_args], so as to make it suitable to call the public dispatch function. + // We don't validate or compute it in the circuit because a) it's harder to do with slices, and + // b) this is only temporary. let args_hash = unsafe { enqueue_public_function_call_internal( contract_address, @@ -550,12 +550,12 @@ impl PrivateContext { let counter = self.next_counter(); let mut is_static_call = is_static_call | self.inputs.call_context.is_static_call; - /// Safety: TODO(https://github.com/AztecProtocol/aztec-packages/issues/8985): Fix this. - /// WARNING: This is insecure and should be temporary! - /// The oracle hashes the arguments and returns a new args_hash. - /// new_args = [selector, ...old_args], so as to make it suitable to call the public dispatch function. - /// We don't validate or compute it in the circuit because a) it's harder to do with slices, and - /// b) this is only temporary. + // Safety: TODO(https://github.com/AztecProtocol/aztec-packages/issues/8985): Fix this. + // WARNING: This is insecure and should be temporary! + // The oracle hashes the arguments and returns a new args_hash. + // new_args = [selector, ...old_args], so as to make it suitable to call the public dispatch function. + // We don't validate or compute it in the circuit because a) it's harder to do with slices, and + // b) this is only temporary. let args_hash = unsafe { set_public_teardown_function_call_internal( contract_address, diff --git a/aztec/src/context/public_context.nr b/aztec/src/context/public_context.nr index 54402ea..2e8431a 100644 --- a/aztec/src/context/public_context.nr +++ b/aztec/src/context/public_context.nr @@ -21,22 +21,22 @@ impl PublicContext { where T: Serialize, { - /// Safety: AVM opcodes are constrained by the AVM itself + // Safety: AVM opcodes are constrained by the AVM itself unsafe { emit_public_log(Serialize::serialize(log).as_slice()) }; } pub fn note_hash_exists(_self: Self, note_hash: Field, leaf_index: Field) -> bool { - /// Safety: AVM opcodes are constrained by the AVM itself + // Safety: AVM opcodes are constrained by the AVM itself unsafe { note_hash_exists(note_hash, leaf_index) } == 1 } pub fn l1_to_l2_msg_exists(_self: Self, msg_hash: Field, msg_leaf_index: Field) -> bool { - /// Safety: AVM opcodes are constrained by the AVM itself + // Safety: AVM opcodes are constrained by the AVM itself unsafe { l1_to_l2_msg_exists(msg_hash, msg_leaf_index) } == 1 } pub fn nullifier_exists(_self: Self, unsiloed_nullifier: Field, address: AztecAddress) -> bool { - /// Safety: AVM opcodes are constrained by the AVM itself + // Safety: AVM opcodes are constrained by the AVM itself unsafe { nullifier_exists(unsiloed_nullifier, address.to_field()) } == 1 } @@ -73,7 +73,7 @@ impl PublicContext { } pub fn message_portal(_self: &mut Self, recipient: EthAddress, content: Field) { - /// Safety: AVM opcodes are constrained by the AVM itself + // Safety: AVM opcodes are constrained by the AVM itself unsafe { send_l2_to_l1_msg(recipient, content) }; } @@ -114,29 +114,29 @@ impl PublicContext { } pub fn push_note_hash(_self: &mut Self, note_hash: Field) { - /// Safety: AVM opcodes are constrained by the AVM itself + // Safety: AVM opcodes are constrained by the AVM itself unsafe { emit_note_hash(note_hash) }; } pub fn push_nullifier(_self: &mut Self, nullifier: Field) { - /// Safety: AVM opcodes are constrained by the AVM itself + // Safety: AVM opcodes are constrained by the AVM itself unsafe { emit_nullifier(nullifier) }; } pub fn this_address(_self: Self) -> AztecAddress { - /// Safety: AVM opcodes are constrained by the AVM itself + // Safety: AVM opcodes are constrained by the AVM itself unsafe { address() } } pub fn msg_sender(_self: Self) -> AztecAddress { - /// Safety: AVM opcodes are constrained by the AVM itself + // Safety: AVM opcodes are constrained by the AVM itself unsafe { sender() } } pub fn selector(_self: Self) -> FunctionSelector { // The selector is the first element of the calldata when calling a public function through dispatch. - /// Safety: AVM opcodes are constrained by the AVM itself + // Safety: AVM opcodes are constrained by the AVM itself let raw_selector: [Field; 1] = unsafe { calldata_copy(0, 1) }; FunctionSelector::from_field(raw_selector[0]) } @@ -148,70 +148,70 @@ impl PublicContext { self.args_hash.unwrap_unchecked() } pub fn transaction_fee(_self: Self) -> Field { - /// Safety: AVM opcodes are constrained by the AVM itself + // Safety: AVM opcodes are constrained by the AVM itself unsafe { transaction_fee() } } pub fn chain_id(_self: Self) -> Field { - /// Safety: AVM opcodes are constrained by the AVM itself + // Safety: AVM opcodes are constrained by the AVM itself unsafe { chain_id() } } pub fn version(_self: Self) -> Field { - /// Safety: AVM opcodes are constrained by the AVM itself + // Safety: AVM opcodes are constrained by the AVM itself unsafe { version() } } pub fn block_number(_self: Self) -> Field { - /// Safety: AVM opcodes are constrained by the AVM itself + // Safety: AVM opcodes are constrained by the AVM itself unsafe { block_number() } } pub fn timestamp(_self: Self) -> u64 { - /// Safety: AVM opcodes are constrained by the AVM itself + // Safety: AVM opcodes are constrained by the AVM itself unsafe { timestamp() } } pub fn fee_per_l2_gas(_self: Self) -> Field { - /// Safety: AVM opcodes are constrained by the AVM itself + // Safety: AVM opcodes are constrained by the AVM itself unsafe { fee_per_l2_gas() } } pub fn fee_per_da_gas(_self: Self) -> Field { - /// Safety: AVM opcodes are constrained by the AVM itself + // Safety: AVM opcodes are constrained by the AVM itself unsafe { fee_per_da_gas() } } pub fn l2_gas_left(_self: Self) -> Field { - /// Safety: AVM opcodes are constrained by the AVM itself + // Safety: AVM opcodes are constrained by the AVM itself unsafe { l2_gas_left() } } pub fn da_gas_left(_self: Self) -> Field { - /// Safety: AVM opcodes are constrained by the AVM itself + // Safety: AVM opcodes are constrained by the AVM itself unsafe { da_gas_left() } } pub fn is_static_call(_self: Self) -> bool { - /// Safety: AVM opcodes are constrained by the AVM itself + // Safety: AVM opcodes are constrained by the AVM itself unsafe { is_static_call() } == 1 } pub fn raw_storage_read(_self: Self, storage_slot: Field) -> [Field; N] { let mut out = [0; N]; for i in 0..N { - /// Safety: AVM opcodes are constrained by the AVM itself + // Safety: AVM opcodes are constrained by the AVM itself out[i] = unsafe { storage_read(storage_slot + i as Field) }; } out @@ -226,7 +226,7 @@ impl PublicContext { pub fn raw_storage_write(_self: Self, storage_slot: Field, values: [Field; N]) { for i in 0..N { - /// Safety: AVM opcodes are constrained by the AVM itself + // Safety: AVM opcodes are constrained by the AVM itself unsafe { storage_write(storage_slot + i as Field, values[i]) }; } } diff --git a/aztec/src/context/returns_hash.nr b/aztec/src/context/returns_hash.nr index 79cee30..916ab6d 100644 --- a/aztec/src/context/returns_hash.nr +++ b/aztec/src/context/returns_hash.nr @@ -24,7 +24,7 @@ impl ReturnsHash { where T: Deserialize, { - /// Safety: We verify that the value returned by `load` is the preimage of `hash`, fully constraining it. + // Safety: We verify that the value returned by `load` is the preimage of `hash`, fully constraining it. let preimage: [Field; N] = unsafe { execution_cache::load(self.hash) }; assert_eq(self.hash, hash_args_array(preimage)); diff --git a/aztec/src/encrypted_logs/log_assembly_strategies/default_aes128/note.nr b/aztec/src/encrypted_logs/log_assembly_strategies/default_aes128/note.nr index 9f5579a..50842bd 100644 --- a/aztec/src/encrypted_logs/log_assembly_strategies/default_aes128/note.nr +++ b/aztec/src/encrypted_logs/log_assembly_strategies/default_aes128/note.nr @@ -344,8 +344,8 @@ where let mut log_bytes_padding_to_mult_31 = get_arr_of_size__log_bytes_padding__from_PT::<(N * 32) + 64>(); - /// Safety: this randomness won't be constrained to be random. It's in the - /// interest of the executor of this fn to encrypt with random bytes. + // Safety: this randomness won't be constrained to be random. It's in the + // interest of the executor of this fn to encrypt with random bytes. log_bytes_padding_to_mult_31 = unsafe { get_random_bytes() }; let mut log_bytes = get_arr_of_size__log_bytes__from_PT::<(N * 32) + 64>(); @@ -406,7 +406,7 @@ where offset += log_bytes_as_fields.len(); for i in offset..PRIVATE_LOG_SIZE_IN_FIELDS { - /// Safety: randomness cannot be constrained. + // Safety: randomness cannot be constrained. final_log[i] = unsafe { random() }; } diff --git a/aztec/src/history/note_inclusion.nr b/aztec/src/history/note_inclusion.nr index f951264..010a979 100644 --- a/aztec/src/history/note_inclusion.nr +++ b/aztec/src/history/note_inclusion.nr @@ -19,7 +19,7 @@ impl ProveNoteInclusion for BlockHeader { { let note_hash = compute_note_hash_for_nullify(note, storage_slot); - /// Safety: The witness is only used as a "magical value" that makes the merkle proof below pass. Hence it's safe. + // Safety: The witness is only used as a "magical value" that makes the merkle proof below pass. Hence it's safe. let witness = unsafe { get_note_hash_membership_witness(self.global_variables.block_number as u32, note_hash) }; diff --git a/aztec/src/history/nullifier_inclusion.nr b/aztec/src/history/nullifier_inclusion.nr index a7e1a1a..2cee88f 100644 --- a/aztec/src/history/nullifier_inclusion.nr +++ b/aztec/src/history/nullifier_inclusion.nr @@ -14,7 +14,7 @@ trait ProveNullifierInclusion { impl ProveNullifierInclusion for BlockHeader { fn prove_nullifier_inclusion(self, nullifier: Field) { // 1) Get the membership witness of the nullifier - /// Safety: The witness is only used as a "magical value" that makes the proof below pass. Hence it's safe. + // Safety: The witness is only used as a "magical value" that makes the proof below pass. Hence it's safe. let witness = unsafe { get_nullifier_membership_witness(self.global_variables.block_number as u32, nullifier) }; diff --git a/aztec/src/history/nullifier_non_inclusion.nr b/aztec/src/history/nullifier_non_inclusion.nr index 1f444aa..76a9b6d 100644 --- a/aztec/src/history/nullifier_non_inclusion.nr +++ b/aztec/src/history/nullifier_non_inclusion.nr @@ -16,7 +16,7 @@ trait ProveNullifierNonInclusion { impl ProveNullifierNonInclusion for BlockHeader { fn prove_nullifier_non_inclusion(self, nullifier: Field) { // 1) Get the membership witness of a low nullifier of the nullifier - /// Safety: The witness is only used as a "magical value" that makes the proof below pass. Hence it's safe. + // Safety: The witness is only used as a "magical value" that makes the proof below pass. Hence it's safe. let witness = unsafe { get_low_nullifier_membership_witness( self.global_variables.block_number as u32, diff --git a/aztec/src/history/public_storage.nr b/aztec/src/history/public_storage.nr index 0f88b46..e6e7946 100644 --- a/aztec/src/history/public_storage.nr +++ b/aztec/src/history/public_storage.nr @@ -27,7 +27,7 @@ impl PublicStorageHistoricalRead for BlockHeader { ); // 2) Get the membership witness for the tree index. - /// Safety: The witness is only used as a "magical value" that makes the proof below pass. Hence it's safe. + // Safety: The witness is only used as a "magical value" that makes the proof below pass. Hence it's safe. let witness = unsafe { get_public_data_witness( self.global_variables.block_number as u32, diff --git a/aztec/src/keys/getters/mod.nr b/aztec/src/keys/getters/mod.nr index 5430aac..4b03ca7 100644 --- a/aztec/src/keys/getters/mod.nr +++ b/aztec/src/keys/getters/mod.nr @@ -24,7 +24,7 @@ pub unconstrained fn get_ovsk_app(ovpk_m_hash: Field) -> Field { // keys at once since the constraints for reading them all are actually fewer than if we read them one at a time - any // read keys that are not required by the caller can simply be discarded. pub fn get_public_keys(account: AztecAddress) -> PublicKeys { - /// Safety: Public keys are constrained by showing their inclusion in the address's preimage. + // Safety: Public keys are constrained by showing their inclusion in the address's preimage. let (public_keys, partial_address) = unsafe { get_public_keys_and_partial_address(account) }; assert_eq( account, diff --git a/aztec/src/messaging.nr b/aztec/src/messaging.nr index bf6be44..50bfee3 100644 --- a/aztec/src/messaging.nr +++ b/aztec/src/messaging.nr @@ -31,7 +31,7 @@ pub fn process_l1_to_l2_message( // We prove that `message_hash` is in the tree by showing the derivation of the tree root, using a merkle path we // get from an oracle. - /// Safety: The witness is only used as a "magical value" that makes the merkle proof below pass. Hence it's safe. + // Safety: The witness is only used as a "magical value" that makes the merkle proof below pass. Hence it's safe. let (_leaf_index, sibling_path) = unsafe { get_l1_to_l2_membership_witness(contract_address, message_hash, secret) }; diff --git a/aztec/src/note/note_getter/mod.nr b/aztec/src/note/note_getter/mod.nr index 973276f..d4aac0d 100644 --- a/aztec/src/note/note_getter/mod.nr +++ b/aztec/src/note/note_getter/mod.nr @@ -88,8 +88,8 @@ pub fn get_note( where Note: NoteInterface + NullifiableNote, { - /// Safety: Constraining that we got a valid note from the oracle is fairly straightforward: all we need to do - /// is check that the metadata is correct, and that the note exists. + // Safety: Constraining that we got a valid note from the oracle is fairly straightforward: all we need to do + // is check that the metadata is correct, and that the note exists. let note = unsafe { get_note_internal(storage_slot) }; check_note_header(*context, note); @@ -107,7 +107,7 @@ pub fn get_notes( where Note: NoteInterface + NullifiableNote + Eq, { - /// Safety: The notes are constrained below. + // Safety: The notes are constrained below. let opt_notes = unsafe { get_notes_internal(storage_slot, options) }; // We apply the constraints in a separate function instead of inlining them here to make it easier to test that diff --git a/aztec/src/oracle/block_header.nr b/aztec/src/oracle/block_header.nr index dbb7bbc..75f2614 100644 --- a/aztec/src/oracle/block_header.nr +++ b/aztec/src/oracle/block_header.nr @@ -35,7 +35,7 @@ pub fn get_block_header_at(block_number: u32, context: PrivateContext) -> BlockH ); // 3) Get the header hint of a given block from an oracle - /// Safety: The header is constrained to be in the archive tree below. + // Safety: The header is constrained to be in the archive tree below. let header = unsafe { get_block_header_at_internal(block_number) }; // 4) We make sure that the header hint we received from the oracle exists in the state tree and is the actual header @@ -62,7 +62,7 @@ fn constrain_get_block_header_at_internal( let block_hash = header_hint.hash(); // 2) Get the membership witness of the block in the archive tree - /// Safety: The witness is only used as a "magical value" that makes the merkle proof below pass. Hence it's safe. + // Safety: The witness is only used as a "magical value" that makes the merkle proof below pass. Hence it's safe. let witness = unsafe { get_archive_membership_witness(last_archive_block_number, block_hash) }; // 3) Check that the block is in the archive (i.e. the witness is valid) diff --git a/aztec/src/oracle/enqueue_public_function_call.nr b/aztec/src/oracle/enqueue_public_function_call.nr index 62a73c9..ca28ee6 100644 --- a/aztec/src/oracle/enqueue_public_function_call.nr +++ b/aztec/src/oracle/enqueue_public_function_call.nr @@ -51,8 +51,8 @@ pub unconstrained fn set_public_teardown_function_call_internal( } pub fn notify_set_min_revertible_side_effect_counter(counter: u32) { - /// Safety: This oracle call returns nothing: we only call it for its side effects. It is therefore always safe - /// to call. + // Safety: This oracle call returns nothing: we only call it for its side effects. It is therefore always safe + // to call. unsafe { notify_set_min_revertible_side_effect_counter_oracle_wrapper(counter) }; } diff --git a/aztec/src/oracle/execution_cache.nr b/aztec/src/oracle/execution_cache.nr index f85ca12..84a3c41 100644 --- a/aztec/src/oracle/execution_cache.nr +++ b/aztec/src/oracle/execution_cache.nr @@ -1,7 +1,7 @@ /// Stores values represented as slice in execution cache to be later obtained by its hash. pub fn store(values: [Field]) { - /// Safety: This oracle call returns nothing: we only call it for its side effects. It is therefore always safe - /// to call. When loading the values, however, the caller must check that the values are indeed the preimage. + // Safety: This oracle call returns nothing: we only call it for its side effects. It is therefore always safe + // to call. When loading the values, however, the caller must check that the values are indeed the preimage. unsafe { store_in_execution_cache_oracle_wrapper(values) }; } diff --git a/aztec/src/oracle/get_contract_instance.nr b/aztec/src/oracle/get_contract_instance.nr index 6c117ab..b8fc829 100644 --- a/aztec/src/oracle/get_contract_instance.nr +++ b/aztec/src/oracle/get_contract_instance.nr @@ -18,8 +18,8 @@ unconstrained fn get_contract_instance_internal( // NOTE: this is for use in private only pub fn get_contract_instance(address: AztecAddress) -> ContractInstance { - /// Safety: The to_address function combines all values in the instance object to produce an address, - /// so by checking that we get the expected address we validate the entire struct. + // Safety: The to_address function combines all values in the instance object to produce an address, + // so by checking that we get the expected address we validate the entire struct. let instance = unsafe { ContractInstance::deserialize(get_contract_instance_internal(address)) }; assert_eq(instance.to_address(), address); @@ -59,7 +59,7 @@ pub unconstrained fn get_contract_instance_initialization_hash_internal_avm( } pub fn get_contract_instance_deployer_avm(address: AztecAddress) -> Option { - /// Safety: AVM opcodes are constrained by the AVM itself + // Safety: AVM opcodes are constrained by the AVM itself let (member, exists) = unsafe { get_contract_instance_deployer_internal_avm(address) }; if exists { Option::some(AztecAddress::from_field(member)) @@ -68,7 +68,7 @@ pub fn get_contract_instance_deployer_avm(address: AztecAddress) -> Option Option { - /// Safety: AVM opcodes are constrained by the AVM itself + // Safety: AVM opcodes are constrained by the AVM itself let (member, exists) = unsafe { get_contract_instance_class_id_internal_avm(address) }; if exists { Option::some(ContractClassId::from_field(member)) @@ -77,7 +77,7 @@ pub fn get_contract_instance_class_id_avm(address: AztecAddress) -> Option Option { - /// Safety: AVM opcodes are constrained by the AVM itself + // Safety: AVM opcodes are constrained by the AVM itself let (member, exists) = unsafe { get_contract_instance_initialization_hash_internal_avm(address) }; if exists { diff --git a/aztec/src/oracle/notes.nr b/aztec/src/oracle/notes.nr index 9270173..2f6af6e 100644 --- a/aztec/src/oracle/notes.nr +++ b/aztec/src/oracle/notes.nr @@ -14,8 +14,8 @@ pub fn notify_created_note( note_hash: Field, counter: u32, ) { - /// Safety: This oracle call returns nothing: we only call it for its side effects. It is therefore always safe - /// to call. + // Safety: This oracle call returns nothing: we only call it for its side effects. It is therefore always safe + // to call. unsafe { notify_created_note_oracle_wrapper( storage_slot, @@ -31,8 +31,8 @@ pub fn notify_created_note( /// the same transaction. This note should only be removed to the non-volatile database if its nullifier is found in an /// actual block. pub fn notify_nullified_note(nullifier: Field, note_hash: Field, counter: u32) { - /// Safety: This oracle call returns nothing: we only call it for its side effects. It is therefore always safe - /// to call. + // Safety: This oracle call returns nothing: we only call it for its side effects. It is therefore always safe + // to call. unsafe { notify_nullified_note_oracle_wrapper(nullifier, note_hash, counter) }; } @@ -249,8 +249,8 @@ unconstrained fn get_indexed_tagging_secret_as_sender_oracle( /// otherwise e.g. a reverting transaction can cause the sender to accidentally skip indices and later produce notes /// that are not found by the recipient. pub fn increment_app_tagging_secret_index_as_sender(sender: AztecAddress, recipient: AztecAddress) { - /// Safety: This oracle call returns nothing: we only call it for its side effects. It is therefore always safe - /// to call. + // Safety: This oracle call returns nothing: we only call it for its side effects. It is therefore always safe + // to call. unsafe { increment_app_tagging_secret_index_as_sender_wrapper(sender, recipient); } @@ -272,8 +272,8 @@ unconstrained fn increment_app_tagging_secret_index_as_sender_oracle( /// Finds new notes that may have been sent to all registered accounts in PXE in the current contract and makes them available /// for later querying via the `get_notes` oracle. pub fn sync_notes() { - /// Safety: This oracle call returns nothing: we only call it for its side effects. It is therefore always safe - /// to call. + // Safety: This oracle call returns nothing: we only call it for its side effects. It is therefore always safe + // to call. unsafe { sync_notes_oracle_wrapper(); } diff --git a/aztec/src/state_vars/private_mutable.nr b/aztec/src/state_vars/private_mutable.nr index 32219c1..70976d0 100644 --- a/aztec/src/state_vars/private_mutable.nr +++ b/aztec/src/state_vars/private_mutable.nr @@ -84,17 +84,17 @@ where // docs:end:replace pub fn initialize_or_replace(self, note: &mut Note) -> NoteEmission { - /// Safety: `check_nullifier_exists` is an unconstrained function - we can constrain a true value - /// by providing an inclusion proof of the nullifier, but cannot constrain a false value since - /// a non-inclusion proof would only be valid if done in public. - /// Ultimately, this is not an issue given that we'll either: - /// - initialize the state variable, which would fail if it was already initialized due to the duplicate - /// nullifier, or - /// - replace the current value, which would fail if it was not initialized since we wouldn't be able - /// to produce an inclusion proof for the current note - /// This means that an honest oracle will assist the prover to produce a valid proof, while a malicious - /// oracle (i.e. one that returns an incorrect value for is_initialized) will simply fail to produce - /// a proof. + // Safety: `check_nullifier_exists` is an unconstrained function - we can constrain a true value + // by providing an inclusion proof of the nullifier, but cannot constrain a false value since + // a non-inclusion proof would only be valid if done in public. + // Ultimately, this is not an issue given that we'll either: + // - initialize the state variable, which would fail if it was already initialized due to the duplicate + // nullifier, or + // - replace the current value, which would fail if it was not initialized since we wouldn't be able + // to produce an inclusion proof for the current note + // This means that an honest oracle will assist the prover to produce a valid proof, while a malicious + // oracle (i.e. one that returns an incorrect value for is_initialized) will simply fail to produce + // a proof. let is_initialized = unsafe { check_nullifier_exists(self.compute_initialization_nullifier()) }; diff --git a/aztec/src/utils/array/collapse.nr b/aztec/src/utils/array/collapse.nr index 0aa54da..0ca9de4 100644 --- a/aztec/src/utils/array/collapse.nr +++ b/aztec/src/utils/array/collapse.nr @@ -15,7 +15,7 @@ where // Instead, we use an unconstrained function to produce the final collapsed array, along with some hints, and then // verify that the input and collapsed arrays are equivalent. - /// Safety: The hints are verified by the `verify_collapse_hints` function. + // Safety: The hints are verified by the `verify_collapse_hints` function. let (collapsed, collapsed_to_input_index_mapping) = unsafe { get_collapse_hints(input) }; verify_collapse_hints(input, collapsed, collapsed_to_input_index_mapping); collapsed diff --git a/aztec/src/utils/bytes.nr b/aztec/src/utils/bytes.nr index 02d1764..7e4c229 100644 --- a/aztec/src/utils/bytes.nr +++ b/aztec/src/utils/bytes.nr @@ -242,8 +242,8 @@ unconstrained fn get_chunks_of_random_bits(input: [Field; N]) -> [Field; N] { - /// Safety: we can't constrain whether or not the returned bits are actually random; - /// we can only rely on it being in the caller's best interest. + // Safety: we can't constrain whether or not the returned bits are actually random; + // we can only rely on it being in the caller's best interest. let chunks_of_random_bits = unsafe { get_chunks_of_random_bits::<((N + 30) / 31), 6>() }; let mut fields = input; // We push the random bits to the "big end" of each field diff --git a/aztec/src/utils/field.nr b/aztec/src/utils/field.nr index d9d451b..125c5ff 100644 --- a/aztec/src/utils/field.nr +++ b/aztec/src/utils/field.nr @@ -84,9 +84,9 @@ pub unconstrained fn __sqrt(x: Field) -> (bool, Field) { // Returns (false, 0) if there is no square root. // Returns (true, sqrt) if there is a square root. pub fn sqrt(x: Field) -> Option { - /// Safety: if the hint returns the square root of x, then we simply square it - /// check the result equals x. If x is not square, we return a value that - /// enables us to prove that fact (see the `else` clause below). + // Safety: if the hint returns the square root of x, then we simply square it + // check the result equals x. If x is not square, we return a value that + // enables us to prove that fact (see the `else` clause below). let (is_sq, maybe_sqrt) = unsafe { __sqrt(x) }; if is_sq { diff --git a/aztec/src/utils/with_hash.nr b/aztec/src/utils/with_hash.nr index c9c9bf9..dd63d3c 100644 --- a/aztec/src/utils/with_hash.nr +++ b/aztec/src/utils/with_hash.nr @@ -62,7 +62,7 @@ where // get an oracle to provide us the values, and instead we prove inclusion of their hash, which is both a much // smaller proof (a single slot), and also independent of the size of T (except in that we need to pack and hash T). let hint = WithHash::new( - /// Safety: We verify that a hash of the hint/packed data matches the stored hash. + // Safety: We verify that a hash of the hint/packed data matches the stored hash. unsafe { oracle::storage::storage_read(address, storage_slot, historical_block_number) }, diff --git a/uint-note/src/uint_note.nr b/uint-note/src/uint_note.nr index 7abfc3d..6445e79 100644 --- a/uint-note/src/uint_note.nr +++ b/uint-note/src/uint_note.nr @@ -61,10 +61,10 @@ impl Eq for UintNote { impl UintNote { pub fn new(value: U128, owner: AztecAddress) -> Self { - /// Safety: We use the randomness to preserve the privacy of the note recipient by preventing brute-forcing, - /// so a malicious sender could use non-random values to make the note less private. But they already know - /// the full note pre-image anyway, and so the recipient already trusts them to not disclose this - /// information. We can therefore assume that the sender will cooperate in the random value generation. + // Safety: We use the randomness to preserve the privacy of the note recipient by preventing brute-forcing, + // so a malicious sender could use non-random values to make the note less private. But they already know + // the full note pre-image anyway, and so the recipient already trusts them to not disclose this + // information. We can therefore assume that the sender will cooperate in the random value generation. let randomness = unsafe { random() }; Self { value, owner, randomness, header: NoteHeader::empty() } } diff --git a/value-note/src/value_note.nr b/value-note/src/value_note.nr index afd952c..2d24d51 100644 --- a/value-note/src/value_note.nr +++ b/value-note/src/value_note.nr @@ -57,10 +57,10 @@ impl NullifiableNote for ValueNote { impl ValueNote { pub fn new(value: Field, owner: AztecAddress) -> Self { - /// Safety: We use the randomness to preserve the privacy of the note recipient by preventing brute-forcing, - /// so a malicious sender could use non-random values to make the note less private. But they already know - /// the full note pre-image anyway, and so the recipient already trusts them to not disclose this - /// information. We can therefore assume that the sender will cooperate in the random value generation. + // Safety: We use the randomness to preserve the privacy of the note recipient by preventing brute-forcing, + // so a malicious sender could use non-random values to make the note less private. But they already know + // the full note pre-image anyway, and so the recipient already trusts them to not disclose this + // information. We can therefore assume that the sender will cooperate in the random value generation. let randomness = unsafe { random() }; let header = NoteHeader::empty();