dark-pool against main (do not merge)

README.md

@@ -1,8 +1,16 @@
-<img align="right" width="150" height="150" top="100" src="https://github.com/user-attachments/assets/c80982e6-103e-45b0-8bd1-b6c38c5debe5">
+<img align="right" width="150" height="150" top="100" src="https://i.ibb.co/4ZFHPTNc/411361781-c80982e6-103e-45b0-8bd1-b6c38c5debe5-Large.jpg">
 
 # Mezcal
 
-Mezcal (Nahuatl: mexcalli) - agave booze.
+Mezcal (Nahuatl: mexcalli - agave booze) - on-chain dark pool implementation using [Noir](https://noir-lang.org) and [Taceo coNoir](https://taceo.io). Hides EVERYTHING about orders and traders(tokens, amounts and addresses of traders are completely hidden). Trades settled on an EVM chain using a very simplified version of [Aztec Protocol](https://aztec.network). The tradeoff is O(N^2) order matching engine.
+
+The code is highly experimental. The core code is located in `packages/contracts`.
+
+## Install coSnarks
+
+```sh
+cargo install --git https://github.com/TaceoLabs/co-snarks co-noir --rev 1b2db005ee550c028af824b3ec4e811d6e8a3705
+```
 
 ## TODO
 
@@ -21,22 +29,3 @@ Mezcal (Nahuatl: mexcalli) - agave booze.
 - [ ] deploy as proxy
 - [ ] test contracts with larger token amounts
 - [ ] TODO(security): parse inputs to circuits instead of assuming they are correct. Same applies to types returned from `unconstrained` functions. <https://github.com/noir-lang/noir/issues/7181> <https://github.com/noir-lang/noir/issues/4218>
-
-### Backend
-
-- [x] prove using native bb
-- [ ] persist merkle trees
-- [ ] return pending tree roots
-
-### UI
-
-- [x] shield
-- [x] transfer
-- [ ] join (maybe behind the scenes, multicall)
-- [ ] unshield
-
-### compliance
-
-- [ ] unshield only mode
-- [ ] set shield limit to 10 USDC
-- [ ] disclaimer that the rollup is not audited

packages/contracts/contracts/PoolERC20.sol

@@ -20,19 +20,22 @@ contract PoolERC20 is PoolGeneric {
         IVerifier unshieldVerifier;
         IVerifier joinVerifier;
         IVerifier transferVerifier;
+        IVerifier swapVerifier;
     }
 
     constructor(
         IVerifier shieldVerifier,
         IVerifier unshieldVerifier,
         IVerifier joinVerifier,
         IVerifier transferVerifier,
+        IVerifier swapVerifier,
         IVerifier rollupVerifier
     ) PoolGeneric(rollupVerifier) {
         _poolErc20Storage().shieldVerifier = shieldVerifier;
         _poolErc20Storage().unshieldVerifier = unshieldVerifier;
         _poolErc20Storage().joinVerifier = joinVerifier;
         _poolErc20Storage().transferVerifier = transferVerifier;
+        _poolErc20Storage().swapVerifier = swapVerifier;
     }
 
     function shield(
@@ -43,7 +46,7 @@ contract PoolERC20 is PoolGeneric {
     ) external {
         token.safeTransferFrom(msg.sender, address(this), amount);
 
-        PublicInputs.Type memory pi = PublicInputs.create(1 + 2 + U256_LIMBS);
+        PublicInputs.Type memory pi = PublicInputs.create(1 + 2 + 1);
         pi.push(getNoteHashTree().root);
         pi.push(address(token));
         pi.pushUint256Limbs(amount);
@@ -73,7 +76,7 @@ contract PoolERC20 is PoolGeneric {
         // TODO(security): bring back unshield. It was removed because nullifiers are no longer checked on tx level. Only when the tx is rolled up.
         require(false, "not implemented");
 
-        PublicInputs.Type memory pi = PublicInputs.create(6 + U256_LIMBS);
+        PublicInputs.Type memory pi = PublicInputs.create(6 + 1);
         // params
         pi.push(getNoteHashTree().root);
         pi.push(getNullifierTree().root);
@@ -155,6 +158,39 @@ contract PoolERC20 is PoolGeneric {
         }
     }
 
+    // TODO: move to a separate contract
+    function swap(
+        bytes calldata proof,
+        NoteInput[4] calldata notes,
+        bytes32[2] calldata nullifiers
+    ) external {
+        PublicInputs.Type memory pi = PublicInputs.create(1 + 6);
+        pi.push(getNoteHashTree().root);
+        pi.push(notes[0].noteHash);
+        pi.push(notes[1].noteHash);
+        pi.push(notes[2].noteHash);
+        pi.push(notes[3].noteHash);
+        pi.push(nullifiers[0]);
+        pi.push(nullifiers[1]);
+        require(
+            _poolErc20Storage().swapVerifier.verify(proof, pi.finish()),
+            "Invalid swap proof"
+        );
+
+        {
+            NoteInput[] memory noteInputs = new NoteInput[](4);
+            noteInputs[0] = notes[0];
+            noteInputs[1] = notes[1];
+            noteInputs[2] = notes[2];
+            noteInputs[3] = notes[3];
+            bytes32[] memory nullifiersDyn = new bytes32[](nullifiers.length);
+            for (uint256 i = 0; i < nullifiers.length; i++) {
+                nullifiersDyn[i] = nullifiers[i];
+            }
+            _PoolGeneric_addPendingTx(noteInputs, nullifiersDyn);
+        }
+    }
+
     function _poolErc20Storage()
         private
         pure

packages/contracts/contracts/Utils.sol

@@ -89,10 +89,11 @@ library PublicInputs {
         Type memory publicInputs,
         uint256 value
     ) internal pure {
-        uint256[U256_LIMBS] memory limbs = toNoirU256(value);
-        for (uint256 i = 0; i < limbs.length; i++) {
-            push(publicInputs, limbs[i]);
-        }
+        push(publicInputs, value);
+        // uint256[U256_LIMBS] memory limbs = toNoirU256(value);
+        // for (uint256 i = 0; i < limbs.length; i++) {
+        //     push(publicInputs, limbs[i]);
+        // }
     }
 
     function finish(

packages/contracts/deploy/00_deploy.ts

@@ -34,6 +34,10 @@ const deploy: DeployFunction = async ({
     "Erc20TransferVerifier",
     "erc20_transfer",
   );
+  const swapVerifier = await deployVerifier(
+    "LobRouterSwapVerifier",
+    "lob_router_swap",
+  );
   const rollupVerifier = await deployVerifier("RollupVerifier", "rollup");
 
   const pool = await typedDeployments.deploy("PoolERC20", {
@@ -44,6 +48,7 @@ const deploy: DeployFunction = async ({
       unshieldVerifier.address,
       joinVerifier.address,
       transferVerifier.address,
+      swapVerifier.address,
       rollupVerifier.address,
     ],
   });

packages/contracts/noir/Nargo.toml

@@ -5,6 +5,8 @@ members = [
   "erc20_unshield",
   "erc20_join",
   "erc20_transfer",
+  "lob_router",
+  "lob_router_swap",
   "rollup",
   "common",
 ]

packages/contracts/noir/common/Nargo.toml

@@ -5,5 +5,4 @@ authors = ["Oleh Misarosh <[email protected]>"]
 
 [dependencies]
 protocol_types = { git = "https://github.com/AztecProtocol/aztec-packages/", tag = "v0.86.0", directory = "noir-projects/noir-protocol-circuits/crates/types" }
-bignum = { tag = "v0.7.3", git = "https://github.com/noir-lang/noir-bignum/" }
 nodash = { tag = "v0.41.2", git = "https://github.com/olehmisar/nodash/" }

packages/contracts/noir/common/src/erc20_note.nr

@@ -33,13 +33,13 @@ impl Erc20Note {
     }
 }
 
-impl crate::Serialize<6> for Erc20Note {
-    fn serialize(self) -> [Field; 6] {
+impl crate::Serialize<4> for Erc20Note {
+    fn serialize(self) -> [Field; 4] {
         self
             .owner
             .serialize()
             .concat(self.amount.token.serialize())
-            .concat(self.amount.amount.limbs.map(|x| x.into()))
+            .concat([self.amount.amount.to_integer()])
             .concat([self.randomness])
     }
 }

packages/contracts/noir/common/src/lib.nr

@@ -1,7 +1,7 @@
-use bignum::BigNum;
 use protocol_types::hash::poseidon2_hash_with_separator;
 
 mod context;
+mod uint253;
 mod erc20_note;
 pub(crate) mod note;
 mod owned_note;
@@ -46,7 +46,7 @@ pub global GENERATOR_INDEX__NOTE_HASH: Field = 3;
 // Note: keep in sync with other languages
 pub global U256_LIMBS: u32 = 3;
 
-pub type U256 = bignum::U256;
+pub type U256 = uint253::U253;
 
 /// User address within the rollup
 #[derive(Eq, Serialize)]
@@ -96,6 +96,13 @@ impl std::ops::Sub for TokenAmount {
     }
 }
 
+impl std::cmp::Ord for TokenAmount {
+    fn cmp(self, other: Self) -> std::cmp::Ordering {
+        self._check(other);
+        self.amount.cmp(other.amount)
+    }
+}
+
 pub struct TreeRoots {
     pub note_hash_root: Field,
 }