صفحهٔ اصلی گشت‌و‌گذار راهنما
ورود
bat9go
/
tornado-core
mirrorاز https://github.com/tornadocash/tornado-core
دنبال کردن 1
ستاره دار 0
انشعاب 0
پرونده‌ها مشکلات 0 ویکی

بدون توضیح

درخت: 51b06ed661
شاخه‌ها تگ‌ها
tornado-core
ZIP TAR.GZ
poma 51b06ed661 test cli in travis 5 سال پیش
circuits 1498c3a739 split extra constraints back to 2 5 سال پیش
contracts 7997fe2582 fix bugs (public verifier) 5 سال پیش
lib 754172a5a4 fix a bug 5 سال پیش
migrations e1e989986f skip migrations 5 سال پیش
test 9b4d3bc34e operator role 5 سال پیش
.editorconfig b5b3474165 Move contracts to repository root 5 سال پیش
.env.example 8d50fe1992 remove PAUSEACCOUNT from .env 5 سال پیش
.eslintrc.json b0c896c681 styling final 5 سال پیش
.gitattributes 641c76fa39 add dummy test 5 سال پیش
.gitignore d91435dd00 add pauseDeposits 5 سال پیش
.nvmrc e8fa073caf fix tests 5 سال پیش
.solhint.json d91435dd00 add pauseDeposits 5 سال پیش
.travis.yml 51b06ed661 test cli in travis 5 سال پیش
LICENSE 21a9545b54 Create LICENSE 5 سال پیش
README.md 787d1cc5d0 Update README.md 5 سال پیش
cli.js 11b3c98ea2 fix splitting note in cli 5 سال پیش
index.html 1e8a16f759 readme 5 سال پیش
mixer.png 1e8a16f759 readme 5 سال پیش
package-lock.json 67ebbfbcb4 update snarkjs version 5 سال پیش
package.json 7997fe2582 fix bugs (public verifier) 5 سال پیش
truffle-config.js 7997fe2582 fix bugs (public verifier) 5 سال پیش

README.md

Tornado mixer Build Status

mixer image

Specs

  • Deposit gas cost: deposit 888054
  • Withdraw gas cost: 692133
  • Circuit constraints: 22617
  • Circuit proving time: 6116ms
  • Serverless

Security risks

  • Cryptographic tools used by mixer (zkSNARKS, Pedersen commitment, MiMC hash) are not yet extensively audited by cryptographic experts and may be vulnerable
    • Note: we use MiMC hash only for merkle tree, so even if a preimage attack on MiMC is discovered, it will not allow to deanonymize users. To drain funds attacker needs to be able to generate arbitrary hash collisions, which is a pretty strong assumption.
  • Relayer is frontrunnable. When relayer submits a transaction someone can see it in tx pool and frontrun it with higher gas price to get the fee and drain relayer funds.
    • Workaround: we can set high gas price so that (almost) all fee is used on gas. The relayer will not receive profit this way, but this approach is acceptable until we develop more sophisticated system that prevents frontrunning
  • Bugs in contract. Even though we have an extensive experience in smart contract security audits, we can still make mistakes. An external audit is needed to reduce probablility of bugs
  • Nullifier griefing. when you submit a withdraw transaction you reveal the nullifier for your note. If someone manages to make a deposit with the same nullifier and withdraw it while your transaction is still in tx pool, your note will be considered spent since it has the same nullifier and it will prevent you from withdrawing your funds
    • Fixed by sending nullifier hash instead of plain nullifier

Requirements

  1. node v11.15.0
  2. npm install -g npx

Usage

  1. npm i
  2. cp .env.example .env
  3. npm run build:circuit - may take 10 minutes or more
  4. npm run build:contract
  5. npm run browserify
  6. npx ganache-cli
  7. npm run test - optionally run tests. It may fail for the first time, just run one more time.
  8. npm run migrate:dev
  9. ./cli.js deposit
  10. ./cli.js withdraw <note from previous step> <destination eth address>
  11. ./cli.js balance <destination eth address>
  12. vi .env - add your Kovan private key to deploy contracts
  13. npm run migrate
  14. npx http-server - serve current dir, you can use any other http server
  15. Open localhost:8080

Credits

Special thanks to @barryWhiteHat and @kobigurk for valuable input, and to @jbaylina for awesome Circom & Websnark framework