From 8a21449cfcdda935301133afa13f7a36b08cb7f4 Mon Sep 17 00:00:00 2001
From: parazyd <parazyd@dyne.org>
Date: Mon, 12 Jun 2023 14:50:44 +0200
Subject: [PATCH] contract/money: Constrain spend_hook in ZK when burning
 coins.

---
 src/contract/money/proof/burn_v1.zk              | 3 +++
 src/contract/money/src/client/stake_v1.rs        | 2 +-
 src/contract/money/src/client/transfer_v1.rs     | 2 +-
 src/contract/money/src/entrypoint/stake_v1.rs    | 1 +
 src/contract/money/src/entrypoint/transfer_v1.rs | 1 +
 5 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/contract/money/proof/burn_v1.zk b/src/contract/money/proof/burn_v1.zk
index 1afda3d87..253a98971 100644
--- a/src/contract/money/proof/burn_v1.zk
+++ b/src/contract/money/proof/burn_v1.zk
@@ -79,6 +79,9 @@ circuit "Burn_V1" {
 	user_data_enc = poseidon_hash(user_data, user_data_blind);
 	constrain_instance(user_data_enc);
 
+	# Reveal spend_hook
+	constrain_instance(spend_hook);
+
 	# Finally, we derive a public key for the signature and
 	# constrain its coordinates:
 	signature_public = ec_mul_base(signature_secret, NULLIFIER_K);
diff --git a/src/contract/money/src/client/stake_v1.rs b/src/contract/money/src/client/stake_v1.rs
index 25dbeb049..71bab83bf 100644
--- a/src/contract/money/src/client/stake_v1.rs
+++ b/src/contract/money/src/client/stake_v1.rs
@@ -72,8 +72,8 @@ impl MoneyStakeBurnRevealed {
             *tokcom_coords.x(),
             *tokcom_coords.y(),
             self.merkle_root.inner(),
-            // TODO: Why is spend hook in the struct but not here?
             self.user_data_enc,
+            pallas::Base::ZERO, // We force spend_hook==0 here
             *sigpub_coords.x(),
             *sigpub_coords.y(),
         ]
diff --git a/src/contract/money/src/client/transfer_v1.rs b/src/contract/money/src/client/transfer_v1.rs
index a8d05ef99..7bc21e58d 100644
--- a/src/contract/money/src/client/transfer_v1.rs
+++ b/src/contract/money/src/client/transfer_v1.rs
@@ -96,8 +96,8 @@ impl TransferBurnRevealed {
             *tokcom_coords.x(),
             *tokcom_coords.y(),
             self.merkle_root.inner(),
-            // TODO: Why is spend hook in the struct but not here?
             self.user_data_enc,
+            self.spend_hook,
             *sigpub_coords.x(),
             *sigpub_coords.y(),
         ]
diff --git a/src/contract/money/src/entrypoint/stake_v1.rs b/src/contract/money/src/entrypoint/stake_v1.rs
index 57c27b71c..eb3d9c6ff 100644
--- a/src/contract/money/src/entrypoint/stake_v1.rs
+++ b/src/contract/money/src/entrypoint/stake_v1.rs
@@ -70,6 +70,7 @@ pub(crate) fn money_stake_get_metadata_v1(
             *token_coords.y(),
             input.merkle_root.inner(),
             input.user_data_enc,
+            pallas::Base::ZERO, // We enforce spend_hook==0
             sig_x,
             sig_y,
         ],
diff --git a/src/contract/money/src/entrypoint/transfer_v1.rs b/src/contract/money/src/entrypoint/transfer_v1.rs
index 09eeeb105..ad693ac9f 100644
--- a/src/contract/money/src/entrypoint/transfer_v1.rs
+++ b/src/contract/money/src/entrypoint/transfer_v1.rs
@@ -76,6 +76,7 @@ pub(crate) fn money_transfer_get_metadata_v1(
                 *token_coords.y(),
                 input.merkle_root.inner(),
                 input.user_data_enc,
+                input.spend_hook,
                 sig_x,
                 sig_y,
             ],