From 71e6092a295e7c2adbc5d964ba0abc1747629175 Mon Sep 17 00:00:00 2001
From: parazyd <parazyd@dyne.org>
Date: Mon, 17 Jul 2023 17:37:41 +0200
Subject: [PATCH] contract/consensus: Separate client API into functions which
 allow more control.

---
 .../consensus/src/client/genesis_stake_v1.rs  | 30 ++++++++++++-------
 .../consensus/src/client/proposal_v1.rs       | 16 ++++++++--
 src/contract/consensus/src/client/stake_v1.rs |  7 ++++-
 .../src/client/unstake_request_v1.rs          | 11 ++++++-
 .../consensus/src/client/unstake_v1.rs        | 11 ++++++-
 5 files changed, 60 insertions(+), 15 deletions(-)

diff --git a/src/contract/consensus/src/client/genesis_stake_v1.rs b/src/contract/consensus/src/client/genesis_stake_v1.rs
index 9ffecb9dc..52934dc1f 100644
--- a/src/contract/consensus/src/client/genesis_stake_v1.rs
+++ b/src/contract/consensus/src/client/genesis_stake_v1.rs
@@ -60,6 +60,26 @@ pub struct ConsensusGenesisStakeCallBuilder {
 
 impl ConsensusGenesisStakeCallBuilder {
     pub fn build(&self) -> Result<ConsensusGenesisStakeCallDebris> {
+        // We just create the pedersen commitment blinds here. We simply
+        // enforce that the clear input and the anon output have the same
+        // commitments.
+        let value_blind = pallas::Scalar::random(&mut OsRng);
+        let token_blind = pallas::Scalar::random(&mut OsRng);
+        let reward_blind = pallas::Scalar::random(&mut OsRng);
+
+        // FIXME: The coin's serial number here is arbitrary, and allows grinding attacks.
+        let serial = pallas::Base::random(&mut OsRng);
+
+        self.build_with_params(value_blind, token_blind, reward_blind, serial)
+    }
+
+    pub fn build_with_params(
+        &self,
+        value_blind: pallas::Scalar,
+        token_blind: pallas::Scalar,
+        reward_blind: pallas::Scalar,
+        serial: pallas::Base,
+    ) -> Result<ConsensusGenesisStakeCallDebris> {
         debug!("Building Consensus::GenesisStakeV1 contract call");
         let value = self.amount;
         assert!(value != 0);
@@ -71,16 +91,6 @@ impl ConsensusGenesisStakeCallBuilder {
         // With genesis, our epoch is 0.
         let epoch = 0;
 
-        // We just create the pedersen commitment blinds here. We simply
-        // enforce that the clear input and the anon output have the same
-        // commitments.
-        let value_blind = pallas::Scalar::random(&mut OsRng);
-        let token_blind = pallas::Scalar::random(&mut OsRng);
-        let reward_blind = pallas::Scalar::random(&mut OsRng);
-
-        // FIXME: The coin's serial number here is arbitrary, and allows grinding attacks.
-        let serial = pallas::Base::random(&mut OsRng);
-
         // Parameters for the clear input
         let c_input = ClearInput {
             value,
diff --git a/src/contract/consensus/src/client/proposal_v1.rs b/src/contract/consensus/src/client/proposal_v1.rs
index 0fdac0969..dfcae43af 100644
--- a/src/contract/consensus/src/client/proposal_v1.rs
+++ b/src/contract/consensus/src/client/proposal_v1.rs
@@ -129,6 +129,17 @@ pub struct ConsensusProposalCallBuilder {
 
 impl ConsensusProposalCallBuilder {
     pub fn build(&self) -> Result<ConsensusProposalCallDebris> {
+        let input_value_blind = pallas::Scalar::random(&mut OsRng);
+        let output_reward_blind = pallas::Scalar::random(&mut OsRng);
+
+        self.build_with_params(input_value_blind, output_reward_blind)
+    }
+
+    pub fn build_with_params(
+        &self,
+        input_value_blind: pallas::Scalar,
+        output_reward_blind: pallas::Scalar,
+    ) -> Result<ConsensusProposalCallDebris> {
         info!("Building Consensus::ProposalBurnV1 contract call");
         assert!(self.owncoin.note.value != 0);
 
@@ -140,11 +151,10 @@ impl ConsensusProposalCallBuilder {
             merkle_path,
             secret: self.owncoin.secret,
             note: self.owncoin.note.clone(),
-            value_blind: pallas::Scalar::random(&mut OsRng),
+            value_blind: input_value_blind,
         };
 
         debug!("Building Consensus::ProposalV1 anonymous output");
-        let output_reward_blind = pallas::Scalar::random(&mut OsRng);
         let output_value_blind = input.value_blind + output_reward_blind;
 
         // The output's secret key is derived from the old secret key
@@ -256,6 +266,8 @@ fn create_proposal_proof(
     let shifted_target =
         slot.sigma1 * value_pallas + slot.sigma2 * value_pallas * value_pallas + HEADSTART;
     // TODO: this check is true, while the proof can be created and is valid, when it shouldn't
+    log::error!("Y: {:?}", y);
+    log::error!("TARGET: {:?}", shifted_target);
     if y >= shifted_target {
         info!("1) What");
         //return Err(CoinIsNotSlotProducer)
diff --git a/src/contract/consensus/src/client/stake_v1.rs b/src/contract/consensus/src/client/stake_v1.rs
index 77a87e62e..198c3419d 100644
--- a/src/contract/consensus/src/client/stake_v1.rs
+++ b/src/contract/consensus/src/client/stake_v1.rs
@@ -60,12 +60,17 @@ pub struct ConsensusStakeCallBuilder {
 
 impl ConsensusStakeCallBuilder {
     pub fn build(&self) -> Result<ConsensusStakeCallDebris> {
+        let serial = pallas::Base::random(&mut OsRng);
+
+        self.build_with_params(serial)
+    }
+
+    pub fn build_with_params(&self, serial: pallas::Base) -> Result<ConsensusStakeCallDebris> {
         debug!("Building Consensus::StakeV1 contract call");
         assert!(self.coin.note.value != 0);
         assert!(self.coin.note.token_id == *DARK_TOKEN_ID);
 
         debug!("Building anonymous output");
-        let serial = pallas::Base::random(&mut OsRng);
         let public_key = PublicKey::from_secret(self.coin.secret);
 
         let output = ConsensusMintOutputInfo {
diff --git a/src/contract/consensus/src/client/unstake_request_v1.rs b/src/contract/consensus/src/client/unstake_request_v1.rs
index 4fffb951b..8c543c129 100644
--- a/src/contract/consensus/src/client/unstake_request_v1.rs
+++ b/src/contract/consensus/src/client/unstake_request_v1.rs
@@ -75,6 +75,15 @@ pub struct ConsensusUnstakeRequestCallBuilder {
 
 impl ConsensusUnstakeRequestCallBuilder {
     pub fn build(&self) -> Result<ConsensusUnstakeRequestCallDebris> {
+        let input_value_blind = pallas::Scalar::random(&mut OsRng);
+
+        self.build_with_params(input_value_blind)
+    }
+
+    pub fn build_with_params(
+        &self,
+        input_value_blind: pallas::Scalar,
+    ) -> Result<ConsensusUnstakeRequestCallDebris> {
         info!("Building Consensus::UnstakeRequestV1 contract call");
         assert!(self.owncoin.note.value != 0);
 
@@ -86,7 +95,7 @@ impl ConsensusUnstakeRequestCallBuilder {
             merkle_path,
             secret: self.owncoin.secret,
             note: self.owncoin.note.clone(),
-            value_blind: pallas::Scalar::random(&mut OsRng),
+            value_blind: input_value_blind,
         };
 
         debug!("Building Consensus::UnstakeRequestV1 anonymous output");
diff --git a/src/contract/consensus/src/client/unstake_v1.rs b/src/contract/consensus/src/client/unstake_v1.rs
index f7eac226a..55fe6833f 100644
--- a/src/contract/consensus/src/client/unstake_v1.rs
+++ b/src/contract/consensus/src/client/unstake_v1.rs
@@ -61,6 +61,15 @@ pub struct ConsensusUnstakeCallBuilder {
 
 impl ConsensusUnstakeCallBuilder {
     pub fn build(&self) -> Result<ConsensusUnstakeCallDebris> {
+        let input_value_blind = pallas::Scalar::random(&mut OsRng);
+
+        self.build_with_params(input_value_blind)
+    }
+
+    pub fn build_with_params(
+        &self,
+        input_value_blind: pallas::Scalar,
+    ) -> Result<ConsensusUnstakeCallDebris> {
         info!("Building Consensus::UnstakeV1 contract call");
         assert!(self.owncoin.note.value != 0);
 
@@ -72,7 +81,7 @@ impl ConsensusUnstakeCallBuilder {
             merkle_path,
             secret: self.owncoin.secret,
             note: self.owncoin.note.clone(),
-            value_blind: pallas::Scalar::random(&mut OsRng),
+            value_blind: input_value_blind,
         };
 
         info!("Building Consensus::UnstakeV1 Burn ZK proof");