@devtion/actions 0.0.0-9c50f66 → 0.0.0-9d46256

package/dist/index.mjs

@@ -1,6 +1,6 @@
 /**
  * @module @p0tion/actions
- * @version 1.0.5
+ * @version 1.2.8
  * @file A set of actions and helpers for CLI commands
  * @copyright Ethereum Foundation 2022
  * @license MIT
@@ -15,10 +15,8 @@ import { onSnapshot, query, collection, getDocs, doc, getDoc, where, Timestamp,
 import { zKey, groth16 } from 'snarkjs';
 import crypto from 'crypto';
 import blake from 'blakejs';
-import { utils } from 'ffjavascript';
 import winston from 'winston';
-import { S3Client, HeadObjectCommand, GetObjectCommand } from '@aws-sdk/client-s3';
-import { pipeline, Readable } from 'stream';
+import { pipeline } from 'stream';
 import { promisify } from 'util';
 import { initializeApp } from 'firebase/app';
 import { signInWithCredential, initializeAuth, getAuth } from 'firebase/auth';
@@ -28,10 +26,10 @@ import { EC2Client, RunInstancesCommand, DescribeInstanceStatusCommand, StartIns
 import { SSMClient, SendCommandCommand, GetCommandInvocationCommand } from '@aws-sdk/client-ssm';
 import dotenv from 'dotenv';
 
-// Main part for the Hermez Phase 1 Trusted Setup URLs to download PoT files.
-const potFileDownloadMainUrl = `https://hermez.s3-eu-west-1.amazonaws.com/`;
-// Main part for the Hermez Phase 1 Trusted Setup PoT files to be downloaded.
-const potFilenameTemplate = `powersOfTau28_hez_final_`;
+// Main part for the PPoT Phase 1 Trusted Setup URLs to download PoT files.
+const potFileDownloadMainUrl = `https://pse-trusted-setup-ppot.s3.eu-central-1.amazonaws.com/pot28_0080/`;
+// Main part for the PPoT Phase 1 Trusted Setup PoT files to be downloaded.
+const potFilenameTemplate = `ppot_0080_`;
 // The genesis zKey index.
 const genesisZkeyIndex = `00000`;
 // The number of exponential iterations to be executed by SnarkJS when finalizing the ceremony.
@@ -48,6 +46,8 @@ const verifierSmartContractAcronym = "verifier";
 const ec2InstanceTag = "p0tionec2instance";
 // The name of the VM startup script file.
 const vmBootstrapScriptFilename = "bootstrap.sh";
+// Match hash output by snarkjs in transcript log
+const contribHashRegex = /Contribution.+Hash.+\s+.+\s+.+\s+.+\s+.+\s*/;
 /**
  * Define the supported VM configuration types.
  * @dev the VM configurations can be retrieved at https://aws.amazon.com/ec2/instance-types/
@@ -105,112 +105,116 @@ const vmConfigurationTypes = {
  */
 const powersOfTauFiles = [
     {
-        ref: "https://hermez.s3-eu-west-1.amazonaws.com/powersOfTau28_hez_final_01.ptau",
+        ref: "https://pse-trusted-setup-ppot.s3.eu-central-1.amazonaws.com/pot28_0080/ppot_0080_01.ptau",
         size: 0.000084
     },
     {
-        ref: "https://hermez.s3-eu-west-1.amazonaws.com/powersOfTau28_hez_final_02.ptau",
+        ref: "https://pse-trusted-setup-ppot.s3.eu-central-1.amazonaws.com/pot28_0080/ppot_0080_02.ptau",
         size: 0.000086
     },
     {
-        ref: "https://hermez.s3-eu-west-1.amazonaws.com/powersOfTau28_hez_final_03.ptau",
+        ref: "https://pse-trusted-setup-ppot.s3.eu-central-1.amazonaws.com/pot28_0080/ppot_0080_03.ptau",
         size: 0.000091
     },
     {
-        ref: "https://hermez.s3-eu-west-1.amazonaws.com/powersOfTau28_hez_final_04.ptau",
+        ref: "https://pse-trusted-setup-ppot.s3.eu-central-1.amazonaws.com/pot28_0080/ppot_0080_04.ptau",
         size: 0.0001
     },
     {
-        ref: "https://hermez.s3-eu-west-1.amazonaws.com/powersOfTau28_hez_final_05.ptau",
+        ref: "https://pse-trusted-setup-ppot.s3.eu-central-1.amazonaws.com/pot28_0080/ppot_0080_05.ptau",
         size: 0.000117
     },
     {
-        ref: "https://hermez.s3-eu-west-1.amazonaws.com/powersOfTau28_hez_final_06.ptau",
+        ref: "https://pse-trusted-setup-ppot.s3.eu-central-1.amazonaws.com/pot28_0080/ppot_0080_06.ptau",
         size: 0.000153
     },
     {
-        ref: "https://hermez.s3-eu-west-1.amazonaws.com/powersOfTau28_hez_final_07.ptau",
+        ref: "https://pse-trusted-setup-ppot.s3.eu-central-1.amazonaws.com/pot28_0080/ppot_0080_07.ptau",
         size: 0.000225
     },
     {
-        ref: "https://hermez.s3-eu-west-1.amazonaws.com/powersOfTau28_hez_final_08.ptau",
+        ref: "https://pse-trusted-setup-ppot.s3.eu-central-1.amazonaws.com/pot28_0080/ppot_0080_08.ptau",
         size: 0.0004
     },
     {
-        ref: "https://hermez.s3-eu-west-1.amazonaws.com/powersOfTau28_hez_final_09.ptau",
+        ref: "https://pse-trusted-setup-ppot.s3.eu-central-1.amazonaws.com/pot28_0080/ppot_0080_09.ptau",
         size: 0.000658
     },
     {
-        ref: "https://hermez.s3-eu-west-1.amazonaws.com/powersOfTau28_hez_final_10.ptau",
+        ref: "https://pse-trusted-setup-ppot.s3.eu-central-1.amazonaws.com/pot28_0080/ppot_0080_10.ptau",
         size: 0.0013
     },
     {
-        ref: "https://hermez.s3-eu-west-1.amazonaws.com/powersOfTau28_hez_final_11.ptau",
+        ref: "https://pse-trusted-setup-ppot.s3.eu-central-1.amazonaws.com/pot28_0080/ppot_0080_11.ptau",
         size: 0.0023
     },
     {
-        ref: "https://hermez.s3-eu-west-1.amazonaws.com/powersOfTau28_hez_final_12.ptau",
+        ref: "https://pse-trusted-setup-ppot.s3.eu-central-1.amazonaws.com/pot28_0080/ppot_0080_12.ptau",
         size: 0.0046
     },
     {
-        ref: "https://hermez.s3-eu-west-1.amazonaws.com/powersOfTau28_hez_final_13.ptau",
+        ref: "https://pse-trusted-setup-ppot.s3.eu-central-1.amazonaws.com/pot28_0080/ppot_0080_13.ptau",
         size: 0.0091
     },
     {
-        ref: "https://hermez.s3-eu-west-1.amazonaws.com/powersOfTau28_hez_final_14.ptau",
+        ref: "https://pse-trusted-setup-ppot.s3.eu-central-1.amazonaws.com/pot28_0080/ppot_0080_14.ptau",
         size: 0.0181
     },
     {
-        ref: "https://hermez.s3-eu-west-1.amazonaws.com/powersOfTau28_hez_final_15.ptau",
+        ref: "https://pse-trusted-setup-ppot.s3.eu-central-1.amazonaws.com/pot28_0080/ppot_0080_15.ptau",
         size: 0.0361
     },
     {
-        ref: "https://hermez.s3-eu-west-1.amazonaws.com/powersOfTau28_hez_final_16.ptau",
+        ref: "https://pse-trusted-setup-ppot.s3.eu-central-1.amazonaws.com/pot28_0080/ppot_0080_16.ptau",
         size: 0.0721
     },
     {
-        ref: "https://hermez.s3-eu-west-1.amazonaws.com/powersOfTau28_hez_final_17.ptau",
+        ref: "https://pse-trusted-setup-ppot.s3.eu-central-1.amazonaws.com/pot28_0080/ppot_0080_17.ptau",
         size: 0.144
     },
     {
-        ref: "https://hermez.s3-eu-west-1.amazonaws.com/powersOfTau28_hez_final_18.ptau",
+        ref: "https://pse-trusted-setup-ppot.s3.eu-central-1.amazonaws.com/pot28_0080/ppot_0080_18.ptau",
         size: 0.288
     },
     {
-        ref: "https://hermez.s3-eu-west-1.amazonaws.com/powersOfTau28_hez_final_19.ptau",
+        ref: "https://pse-trusted-setup-ppot.s3.eu-central-1.amazonaws.com/pot28_0080/ppot_0080_19.ptau",
         size: 0.576
     },
     {
-        ref: "https://hermez.s3-eu-west-1.amazonaws.com/powersOfTau28_hez_final_20.ptau",
+        ref: "https://pse-trusted-setup-ppot.s3.eu-central-1.amazonaws.com/pot28_0080/ppot_0080_20.ptau",
         size: 1.1
     },
     {
-        ref: "https://hermez.s3-eu-west-1.amazonaws.com/powersOfTau28_hez_final_21.ptau",
+        ref: "https://pse-trusted-setup-ppot.s3.eu-central-1.amazonaws.com/pot28_0080/ppot_0080_21.ptau",
         size: 2.3
     },
     {
-        ref: "https://hermez.s3-eu-west-1.amazonaws.com/powersOfTau28_hez_final_22.ptau",
+        ref: "https://pse-trusted-setup-ppot.s3.eu-central-1.amazonaws.com/pot28_0080/ppot_0080_22.ptau",
         size: 4.5
     },
     {
-        ref: "https://hermez.s3-eu-west-1.amazonaws.com/powersOfTau28_hez_final_23.ptau",
+        ref: "https://pse-trusted-setup-ppot.s3.eu-central-1.amazonaws.com/pot28_0080/ppot_0080_23.ptau",
         size: 9.0
     },
     {
-        ref: "https://hermez.s3-eu-west-1.amazonaws.com/powersOfTau28_hez_final_24.ptau",
+        ref: "https://pse-trusted-setup-ppot.s3.eu-central-1.amazonaws.com/pot28_0080/ppot_0080_24.ptau",
         size: 18.0
     },
     {
-        ref: "https://hermez.s3-eu-west-1.amazonaws.com/powersOfTau28_hez_final_25.ptau",
+        ref: "https://pse-trusted-setup-ppot.s3.eu-central-1.amazonaws.com/pot28_0080/ppot_0080_25.ptau",
         size: 36.0
     },
     {
-        ref: "https://hermez.s3-eu-west-1.amazonaws.com/powersOfTau28_hez_final_26.ptau",
+        ref: "https://pse-trusted-setup-ppot.s3.eu-central-1.amazonaws.com/pot28_0080/ppot_0080_26.ptau",
         size: 72.0
     },
     {
-        ref: "https://hermez.s3-eu-west-1.amazonaws.com/powersOfTau28_hez_final_27.ptau",
+        ref: "https://pse-trusted-setup-ppot.s3.eu-central-1.amazonaws.com/pot28_0080/ppot_0080_27.ptau",
         size: 144.0
+    },
+    {
+        ref: "https://pse-trusted-setup-ppot.s3.eu-central-1.amazonaws.com/pot28_0080/ppot_0080_final.ptau",
+        size: 288.0
     }
 ];
 /**
@@ -341,6 +345,8 @@ const commonTerms = {
         finalizeCeremony: "finalizeCeremony",
         downloadCircuitArtifacts: "downloadCircuitArtifacts",
         transferObject: "transferObject",
+        bandadaValidateProof: "bandadaValidateProof",
+        checkNonceOfSIWEAddress: "checkNonceOfSIWEAddress"
     }
 };
 
@@ -691,19 +697,23 @@ const getChunksAndPreSignedUrls = async (cloudFunctions, bucketName, objectKey,
  * @param cloudFunctions <Functions> - the Firebase Cloud Functions service instance.
  * @param ceremonyId <string> - the unique identifier of the ceremony.
  * @param alreadyUploadedChunks Array<ETagWithPartNumber> - the temporary information about the already uploaded chunks.
+ * @param logger <GenericBar> - an optional logger to show progress.
  * @returns <Promise<Array<ETagWithPartNumber>>> - the completed (uploaded) chunks information.
  */
-const uploadParts = async (chunksWithUrls, contentType, cloudFunctions, ceremonyId, alreadyUploadedChunks) => {
+const uploadParts = async (chunksWithUrls, contentType, cloudFunctions, ceremonyId, alreadyUploadedChunks, logger) => {
     // Keep track of uploaded chunks.
     const uploadedChunks = alreadyUploadedChunks || [];
+    // if we were passed a logger, start it
+    if (logger)
+        logger.start(chunksWithUrls.length, 0);
     // Loop through remaining chunks.
     for (let i = alreadyUploadedChunks ? alreadyUploadedChunks.length : 0; i < chunksWithUrls.length; i += 1) {
         // Consume the pre-signed url to upload the chunk.
         // @ts-ignore
         const response = await fetch(chunksWithUrls[i].preSignedUrl, {
             retryOptions: {
-                retryInitialDelay: 500,
-                socketTimeout: 60000,
+                retryInitialDelay: 500, // 500 ms.
+                socketTimeout: 60000, // 60 seconds.
                 retryMaxDuration: 300000 // 5 minutes.
             },
             method: "PUT",
@@ -727,6 +737,9 @@ const uploadParts = async (chunksWithUrls, contentType, cloudFunctions, ceremony
         // nb. this must be done only when contributing (not finalizing).
         if (!!ceremonyId && !!cloudFunctions)
             await temporaryStoreCurrentContributionUploadedChunkData(cloudFunctions, ceremonyId, chunk);
+        // increment the count on the logger
+        if (logger)
+            logger.increment();
     }
     return uploadedChunks;
 };
@@ -747,8 +760,9 @@ const uploadParts = async (chunksWithUrls, contentType, cloudFunctions, ceremony
  * @param configStreamChunkSize <number> - size of each chunk into which the artifact is going to be splitted (nb. will be converted in MB).
  * @param [ceremonyId] <string> - the unique identifier of the ceremony (used as a double-edge sword - as identifier and as a check if current contributor is the coordinator finalizing the ceremony).
  * @param [temporaryDataToResumeMultiPartUpload] <TemporaryParticipantContributionData> - the temporary information necessary to resume an already started multi-part upload.
+ * @param logger <GenericBar> - an optional logger to show progress.
  */
-const multiPartUpload = async (cloudFunctions, bucketName, objectKey, localFilePath, configStreamChunkSize, ceremonyId, temporaryDataToResumeMultiPartUpload) => {
+const multiPartUpload = async (cloudFunctions, bucketName, objectKey, localFilePath, configStreamChunkSize, ceremonyId, temporaryDataToResumeMultiPartUpload, logger) => {
     // The unique identifier of the multi-part upload.
     let multiPartUploadId = "";
     // The list of already uploaded chunks.
@@ -772,7 +786,7 @@ const multiPartUpload = async (cloudFunctions, bucketName, objectKey, localFileP
     const chunksWithUrlsZkey = await getChunksAndPreSignedUrls(cloudFunctions, bucketName, objectKey, localFilePath, multiPartUploadId, configStreamChunkSize, ceremonyId);
     // Step (2).
     const partNumbersAndETagsZkey = await uploadParts(chunksWithUrlsZkey, mime.lookup(localFilePath), // content-type.
-    cloudFunctions, ceremonyId, alreadyUploadedChunks);
+    cloudFunctions, ceremonyId, alreadyUploadedChunks, logger);
     // Step (3).
     await completeMultiPartUpload(cloudFunctions, bucketName, objectKey, multiPartUploadId, partNumbersAndETagsZkey, ceremonyId);
 };
@@ -996,6 +1010,17 @@ const getClosedCeremonies = async (firestoreDatabase) => {
     ]);
     return fromQueryToFirebaseDocumentInfo(closedCeremoniesQuerySnap.docs);
 };
+/**
+ * Query all ceremonies
+ * @notice get all ceremonies from the database.
+ * @dev this is a helper for the CLI ceremony methods.
+ * @param firestoreDatabase <Firestore> - the Firestore service instance associated to the current Firebase application.
+ * @returns <Promise<Array<FirebaseDocumentInfo>>> - the list of all ceremonies.
+ */
+const getAllCeremonies = async (firestoreDatabase) => {
+    const ceremoniesQuerySnap = await queryCollection(firestoreDatabase, commonTerms.collections.ceremonies.name, []);
+    return fromQueryToFirebaseDocumentInfo(ceremoniesQuerySnap.docs);
+};
 
 /**
  * @hidden
@@ -1044,207 +1069,22 @@ const compareHashes = async (path1, path2) => {
 };
 
 /**
- * Parse and validate that the ceremony configuration is correct
- * @notice this does not upload any files to storage
- * @param path <string> - the path to the configuration file
- * @param cleanup <boolean> - whether to delete the r1cs file after parsing
- * @returns any - the data to pass to the cloud function for setup and the circuit artifacts
+ * Return a string with double digits if the provided input is one digit only.
+ * @param in <number> - the input number to be converted.
+ * @returns <string> - the two digits stringified number derived from the conversion.
  */
-const parseCeremonyFile = async (path, cleanup = false) => {
-    // check that the path exists
-    if (!fs.existsSync(path))
-        throw new Error("The provided path to the configuration file does not exist. Please provide an absolute path and try again.");
-    try {
-        // read the data
-        const data = JSON.parse(fs.readFileSync(path).toString());
-        // verify that the data is correct
-        if (data['timeoutMechanismType'] !== "DYNAMIC" /* CeremonyTimeoutType.DYNAMIC */ && data['timeoutMechanismType'] !== "FIXED" /* CeremonyTimeoutType.FIXED */)
-            throw new Error("Invalid timeout type. Please choose between DYNAMIC and FIXED.");
-        // validate that we have at least 1 circuit input data
-        if (!data.circuits || data.circuits.length === 0)
-            throw new Error("You need to provide the data for at least 1 circuit.");
-        // validate that the end date is in the future
-        let endDate;
-        let startDate;
-        try {
-            endDate = new Date(data.endDate);
-            startDate = new Date(data.startDate);
-        }
-        catch (error) {
-            throw new Error("The dates should follow this format: 2023-07-04T00:00:00.");
-        }
-        if (endDate <= startDate)
-            throw new Error("The end date should be greater than the start date.");
-        const currentDate = new Date();
-        if (endDate <= currentDate || startDate <= currentDate)
-            throw new Error("The start and end dates should be in the future.");
-        // validate penalty
-        if (data.penalty <= 0)
-            throw new Error("The penalty should be greater than zero.");
-        const circuits = [];
-        const urlPattern = /(https?:\/\/[^\s]+)/g;
-        const commitHashPattern = /^[a-f0-9]{40}$/i;
-        const circuitArtifacts = [];
-        for (let i = 0; i < data.circuits.length; i++) {
-            const circuitData = data.circuits[i];
-            const artifacts = circuitData.artifacts;
-            circuitArtifacts.push({
-                artifacts: artifacts
-            });
-            const r1csPath = artifacts.r1csStoragePath;
-            const wasmPath = artifacts.wasmStoragePath;
-            // where we storing the r1cs downloaded
-            const localR1csPath = `./${circuitData.name}.r1cs`;
-            // check that the artifacts exist in S3
-            // we don't need any privileges to download this
-            // just the correct region
-            const s3 = new S3Client({ region: artifacts.region });
-            try {
-                await s3.send(new HeadObjectCommand({
-                    Bucket: artifacts.bucket,
-                    Key: r1csPath
-                }));
-            }
-            catch (error) {
-                throw new Error(`The r1cs file (${r1csPath}) seems to not exist. Please ensure this is correct and that the object is publicly available.`);
-            }
-            try {
-                await s3.send(new HeadObjectCommand({
-                    Bucket: artifacts.bucket,
-                    Key: wasmPath
-                }));
-            }
-            catch (error) {
-                throw new Error(`The wasm file (${wasmPath}) seems to not exist. Please ensure this is correct and that the object is publicly available.`);
-            }
-            // download the r1cs to extract the metadata
-            const command = new GetObjectCommand({ Bucket: artifacts.bucket, Key: artifacts.r1csStoragePath });
-            const response = await s3.send(command);
-            const streamPipeline = promisify(pipeline);
-            if (response.$metadata.httpStatusCode !== 200)
-                throw new Error("There was an error while trying to download the r1cs file. Please check that the file has the correct permissions (public) set.");
-            if (response.Body instanceof Readable)
-                await streamPipeline(response.Body, fs.createWriteStream(localR1csPath));
-            // extract the metadata from the r1cs
-            const metadata = getR1CSInfo(localR1csPath);
-            // validate that the circuit hash and template links are valid
-            const template = circuitData.template;
-            const URLMatch = template.source.match(urlPattern);
-            if (!URLMatch || URLMatch.length === 0 || URLMatch.length > 1)
-                throw new Error("You should provide the URL to the circuits templates on GitHub.");
-            const hashMatch = template.commitHash.match(commitHashPattern);
-            if (!hashMatch || hashMatch.length === 0 || hashMatch.length > 1)
-                throw new Error("You should provide a valid commit hash of the circuit templates.");
-            // calculate the hash of the r1cs file
-            const r1csBlake2bHash = await blake512FromPath(localR1csPath);
-            const circuitPrefix = extractPrefix(circuitData.name);
-            // filenames
-            const doubleDigitsPowers = convertToDoubleDigits(metadata.pot);
-            const r1csCompleteFilename = `${circuitData.name}.r1cs`;
-            const wasmCompleteFilename = `${circuitData.name}.wasm`;
-            const smallestPowersOfTauCompleteFilenameForCircuit = `${potFilenameTemplate}${doubleDigitsPowers}.ptau`;
-            const firstZkeyCompleteFilename = `${circuitPrefix}_${genesisZkeyIndex}.zkey`;
-            // storage paths 
-            const r1csStorageFilePath = getR1csStorageFilePath(circuitPrefix, r1csCompleteFilename);
-            const wasmStorageFilePath = getWasmStorageFilePath(circuitPrefix, wasmCompleteFilename);
-            const potStorageFilePath = getPotStorageFilePath(smallestPowersOfTauCompleteFilenameForCircuit);
-            const zkeyStorageFilePath = getZkeyStorageFilePath(circuitPrefix, firstZkeyCompleteFilename);
-            const files = {
-                potFilename: smallestPowersOfTauCompleteFilenameForCircuit,
-                r1csFilename: r1csCompleteFilename,
-                wasmFilename: wasmCompleteFilename,
-                initialZkeyFilename: firstZkeyCompleteFilename,
-                potStoragePath: potStorageFilePath,
-                r1csStoragePath: r1csStorageFilePath,
-                wasmStoragePath: wasmStorageFilePath,
-                initialZkeyStoragePath: zkeyStorageFilePath,
-                r1csBlake2bHash: r1csBlake2bHash
-            };
-            // validate that the compiler hash is a valid hash 
-            const compiler = circuitData.compiler;
-            const compilerHashMatch = compiler.commitHash.match(commitHashPattern);
-            if (!compilerHashMatch || compilerHashMatch.length === 0 || compilerHashMatch.length > 1)
-                throw new Error("You should provide a valid commit hash of the circuit compiler.");
-            // validate that the verification options are valid
-            const verification = circuitData.verification;
-            if (verification.cfOrVm !== "CF" && verification.cfOrVm !== "VM")
-                throw new Error("Please enter a valid verification mechanism: either CF or VM");
-            // @todo VM parameters verification
-            // if (verification['cfOrVM'] === "VM") {}
-            // check that the timeout is provided for the correct configuration
-            let dynamicThreshold;
-            let fixedTimeWindow;
-            let circuit = {};
-            if (data.timeoutMechanismType === "DYNAMIC" /* CeremonyTimeoutType.DYNAMIC */) {
-                if (circuitData.dynamicThreshold <= 0)
-                    throw new Error("The dynamic threshold should be > 0.");
-                dynamicThreshold = circuitData.dynamicThreshold;
-                // the Circuit data for the ceremony setup
-                circuit = {
-                    name: circuitData.name,
-                    description: circuitData.description,
-                    prefix: circuitPrefix,
-                    sequencePosition: i + 1,
-                    metadata: metadata,
-                    files: files,
-                    template: template,
-                    compiler: compiler,
-                    verification: verification,
-                    dynamicThreshold: dynamicThreshold,
-                    avgTimings: {
-                        contributionComputation: 0,
-                        fullContribution: 0,
-                        verifyCloudFunction: 0
-                    },
-                };
-            }
-            if (data.timeoutMechanismType === "FIXED" /* CeremonyTimeoutType.FIXED */) {
-                if (circuitData.fixedTimeWindow <= 0)
-                    throw new Error("The fixed time window threshold should be > 0.");
-                fixedTimeWindow = circuitData.fixedTimeWindow;
-                // the Circuit data for the ceremony setup
-                circuit = {
-                    name: circuitData.name,
-                    description: circuitData.description,
-                    prefix: circuitPrefix,
-                    sequencePosition: i + 1,
-                    metadata: metadata,
-                    files: files,
-                    template: template,
-                    compiler: compiler,
-                    verification: verification,
-                    fixedTimeWindow: fixedTimeWindow,
-                    avgTimings: {
-                        contributionComputation: 0,
-                        fullContribution: 0,
-                        verifyCloudFunction: 0
-                    },
-                };
-            }
-            circuits.push(circuit);
-            // remove the local r1cs download (if used for verifying the config only vs setup)
-            if (cleanup)
-                fs.unlinkSync(localR1csPath);
-        }
-        const setupData = {
-            ceremonyInputData: {
-                title: data.title,
-                description: data.description,
-                startDate: startDate.valueOf(),
-                endDate: endDate.valueOf(),
-                timeoutMechanismType: data.timeoutMechanismType,
-                penalty: data.penalty
-            },
-            ceremonyPrefix: extractPrefix(data.title),
-            circuits: circuits,
-            circuitArtifacts: circuitArtifacts
-        };
-        return setupData;
-    }
-    catch (error) {
-        throw new Error(`Error while parsing up the ceremony setup file. ${error.message}`);
-    }
-};
+const convertToDoubleDigits = (amount) => (amount < 10 ? `0${amount}` : amount.toString());
+/**
+ * Extract a prefix consisting of alphanumeric and underscore characters from a string with arbitrary characters.
+ * @dev replaces all special symbols and whitespaces with an underscore char ('_'). Convert all uppercase chars to lowercase.
+ * @notice example: str = 'Multiplier-2!2.4.zkey'; output prefix = 'multiplier_2_2_4.zkey'.
+ * NB. Prefix extraction is a key process that conditions the name of the ceremony artifacts, download/upload from/to storage, collections paths.
+ * @param str <string> - the arbitrary string from which to extract the prefix.
+ * @returns <string> - the resulting prefix.
+ */
+const extractPrefix = (str) => 
+// eslint-disable-next-line no-useless-escape
+str.replace(/[`\s~!@#$%^&*()|+\-=?;:'",.<>\{\}\[\]\\\/]/gi, "-").toLowerCase();
 /**
  * Extract data from a R1CS metadata file generated with a custom file-based logger.
  * @notice useful for extracting metadata circuits contained in the generated file using a logger
@@ -1301,17 +1141,6 @@ const formatZkeyIndex = (progress) => {
  * @returns <number> - the amount of powers.
  */
 const extractPoTFromFilename = (potCompleteFilename) => Number(potCompleteFilename.split("_").pop()?.split(".").at(0));
-/**
- * Extract a prefix consisting of alphanumeric and underscore characters from a string with arbitrary characters.
- * @dev replaces all special symbols and whitespaces with an underscore char ('_'). Convert all uppercase chars to lowercase.
- * @notice example: str = 'Multiplier-2!2.4.zkey'; output prefix = 'multiplier_2_2_4.zkey'.
- * NB. Prefix extraction is a key process that conditions the name of the ceremony artifacts, download/upload from/to storage, collections paths.
- * @param str <string> - the arbitrary string from which to extract the prefix.
- * @returns <string> - the resulting prefix.
- */
-const extractPrefix = (str) => 
-// eslint-disable-next-line no-useless-escape
-str.replace(/[`\s~!@#$%^&*()|+\-=?;:'",.<>\{\}\[\]\\\/]/gi, "-").toLowerCase();
 /**
  * Automate the generation of an entropy for a contribution.
  * @dev Took inspiration from here https://github.com/glamperd/setup-mpc-ui/blob/master/client/src/state/Compute.tsx#L112.
@@ -1378,7 +1207,9 @@ const getContributionsValidityForContributor = async (firestoreDatabase, circuit
  * @param isFinalizing <boolean> - true when the coordinator is finalizing the ceremony, otherwise false.
  * @returns <string> - the public attestation preamble.
  */
-const getPublicAttestationPreambleForContributor = (contributorIdentifier, ceremonyName, isFinalizing) => `Hey, I'm ${contributorIdentifier} and I have ${isFinalizing ? "finalized" : "contributed to"} the ${ceremonyName} MPC Phase2 Trusted Setup ceremony.\nThe following are my contribution signatures:`;
+const getPublicAttestationPreambleForContributor = (contributorIdentifier, ceremonyName, isFinalizing) => `Hey, I'm ${contributorIdentifier} and I have ${isFinalizing ? "finalized" : "contributed to"} the ${ceremonyName}${ceremonyName.toLowerCase().includes("trusted setup") || ceremonyName.toLowerCase().includes("ceremony")
+    ? "."
+    : " MPC Phase2 Trusted Setup ceremony."}\nThe following are my contribution signatures:`;
 /**
  * Check and prepare public attestation for the contributor made only of its valid contributions.
  * @param firestoreDatabase <Firestore> - the Firestore service instance associated to the current Firebase application.
@@ -1449,6 +1280,41 @@ const readBytesFromFile = (localFilePath, offset, length, position) => {
     // Return the read bytes.
     return buffer;
 };
+/**
+ * Given a buffer in little endian format, convert it to bigint
+ * @param buffer
+ * @returns
+ */
+function leBufferToBigint(buffer) {
+    return BigInt(`0x${buffer.reverse().toString("hex")}`);
+}
+/**
+ * Given an input containing string values, convert them
+ * to bigint
+ * @param input - The input to convert
+ * @returns the input with string values converted to bigint
+ */
+const unstringifyBigInts = (input) => {
+    if (typeof input === "string" && /^[0-9]+$/.test(input)) {
+        return BigInt(input);
+    }
+    if (typeof input === "string" && /^0x[0-9a-fA-F]+$/.test(input)) {
+        return BigInt(input);
+    }
+    if (Array.isArray(input)) {
+        return input.map(unstringifyBigInts);
+    }
+    if (input === null) {
+        return null;
+    }
+    if (typeof input === "object") {
+        return Object.entries(input).reduce((acc, [key, value]) => {
+            acc[key] = unstringifyBigInts(value);
+            return acc;
+        }, {});
+    }
+    return input;
+};
 /**
  * Return the info about the R1CS file.ù
  * @dev this method was built taking inspiration from
@@ -1509,17 +1375,17 @@ const getR1CSInfo = (localR1CSFilePath) => {
     let constraints = 0;
     try {
         // Get 'number of section' (jump magic r1cs and version1 data).
-        const numberOfSections = utils.leBuff2int(readBytesFromFile(localR1CSFilePath, 0, 4, 8));
+        const numberOfSections = leBufferToBigint(readBytesFromFile(localR1CSFilePath, 0, 4, 8));
         // Jump to first section.
         pointer = 12;
         // For each section
         for (let i = 0; i < numberOfSections; i++) {
             // Read section type.
-            const sectionType = utils.leBuff2int(readBytesFromFile(localR1CSFilePath, 0, 4, pointer));
+            const sectionType = leBufferToBigint(readBytesFromFile(localR1CSFilePath, 0, 4, pointer));
             // Jump to section size.
             pointer += 4;
             // Read section size
-            const sectionSize = Number(utils.leBuff2int(readBytesFromFile(localR1CSFilePath, 0, 8, pointer)));
+            const sectionSize = Number(leBufferToBigint(readBytesFromFile(localR1CSFilePath, 0, 8, pointer)));
             // If at header section (0x00000001 : Header Section).
             if (sectionType === BigInt(1)) {
                 // Read info from header section.
@@ -1551,22 +1417,22 @@ const getR1CSInfo = (localR1CSFilePath) => {
                  */
                 pointer += sectionSize - 20;
                 // Read R1CS info.
-                wires = Number(utils.leBuff2int(readBytesFromFile(localR1CSFilePath, 0, 4, pointer)));
+                wires = Number(leBufferToBigint(readBytesFromFile(localR1CSFilePath, 0, 4, pointer)));
                 pointer += 4;
-                publicOutputs = Number(utils.leBuff2int(readBytesFromFile(localR1CSFilePath, 0, 4, pointer)));
+                publicOutputs = Number(leBufferToBigint(readBytesFromFile(localR1CSFilePath, 0, 4, pointer)));
                 pointer += 4;
-                publicInputs = Number(utils.leBuff2int(readBytesFromFile(localR1CSFilePath, 0, 4, pointer)));
+                publicInputs = Number(leBufferToBigint(readBytesFromFile(localR1CSFilePath, 0, 4, pointer)));
                 pointer += 4;
-                privateInputs = Number(utils.leBuff2int(readBytesFromFile(localR1CSFilePath, 0, 4, pointer)));
+                privateInputs = Number(leBufferToBigint(readBytesFromFile(localR1CSFilePath, 0, 4, pointer)));
                 pointer += 4;
-                labels = Number(utils.leBuff2int(readBytesFromFile(localR1CSFilePath, 0, 8, pointer)));
+                labels = Number(leBufferToBigint(readBytesFromFile(localR1CSFilePath, 0, 8, pointer)));
                 pointer += 8;
-                constraints = Number(utils.leBuff2int(readBytesFromFile(localR1CSFilePath, 0, 4, pointer)));
+                constraints = Number(leBufferToBigint(readBytesFromFile(localR1CSFilePath, 0, 4, pointer)));
             }
             pointer += 8 + Number(sectionSize);
         }
         return {
-            curve: "bn-128",
+            curve: "bn-128", /// @note currently default to bn-128 as we support only Groth16 proving system.
             wires,
             constraints,
             privateInputs,
@@ -1581,11 +1447,212 @@ const getR1CSInfo = (localR1CSFilePath) => {
     }
 };
 /**
- * Return a string with double digits if the provided input is one digit only.
- * @param in <number> - the input number to be converted.
- * @returns <string> - the two digits stringified number derived from the conversion.
+ * Parse and validate that the ceremony configuration is correct
+ * @notice this does not upload any files to storage
+ * @param path <string> - the path to the configuration file
+ * @param cleanup <boolean> - whether to delete the r1cs file after parsing
+ * @returns any - the data to pass to the cloud function for setup and the circuit artifacts
  */
-const convertToDoubleDigits = (amount) => (amount < 10 ? `0${amount}` : amount.toString());
+const parseCeremonyFile = async (path, cleanup = false) => {
+    // check that the path exists
+    if (!fs.existsSync(path))
+        throw new Error("The provided path to the configuration file does not exist. Please provide an absolute path and try again.");
+    try {
+        // read the data
+        const data = JSON.parse(fs.readFileSync(path).toString());
+        // verify that the data is correct
+        if (data.timeoutMechanismType !== "DYNAMIC" /* CeremonyTimeoutType.DYNAMIC */ &&
+            data.timeoutMechanismType !== "FIXED" /* CeremonyTimeoutType.FIXED */)
+            throw new Error("Invalid timeout type. Please choose between DYNAMIC and FIXED.");
+        // validate that we have at least 1 circuit input data
+        if (!data.circuits || data.circuits.length === 0)
+            throw new Error("You need to provide the data for at least 1 circuit.");
+        // validate that the end date is in the future
+        let endDate;
+        let startDate;
+        try {
+            endDate = new Date(data.endDate);
+            startDate = new Date(data.startDate);
+        }
+        catch (error) {
+            throw new Error("The dates should follow this format: 2023-07-04T00:00:00.");
+        }
+        if (endDate <= startDate)
+            throw new Error("The end date should be greater than the start date.");
+        const currentDate = new Date();
+        if (endDate <= currentDate || startDate <= currentDate)
+            throw new Error("The start and end dates should be in the future.");
+        // validate penalty
+        if (data.penalty <= 0)
+            throw new Error("The penalty should be greater than zero.");
+        const circuits = [];
+        const urlPattern = /(https?:\/\/[^\s]+)/g;
+        const commitHashPattern = /^[a-f0-9]{40}$/i;
+        const circuitArtifacts = [];
+        for (let i = 0; i < data.circuits.length; i++) {
+            const circuitData = data.circuits[i];
+            const { artifacts } = circuitData;
+            circuitArtifacts.push({
+                artifacts
+            });
+            // where we storing the r1cs downloaded
+            const localR1csPath = `./${circuitData.name}.r1cs`;
+            // where we storing the wasm downloaded
+            const localWasmPath = `./${circuitData.name}.wasm`;
+            // download the r1cs to extract the metadata
+            const streamPipeline = promisify(pipeline);
+            // Check if r1cs file already exists
+            let r1csExists = false;
+            if (fs.existsSync(localR1csPath)) {
+                console.log(`Found existing r1cs file for circuit ${circuitData.name}. Skipping download.`);
+                r1csExists = true;
+            }
+            if (!r1csExists) {
+                // Make the call to download r1cs.
+                const responseR1CS = await fetch(artifacts.r1csStoragePath);
+                // Handle errors.
+                if (!responseR1CS.ok && responseR1CS.status !== 200)
+                    throw new Error(`There was an error while trying to download the r1cs file for circuit ${circuitData.name}. Please check that the file has the correct permissions (public) set.`);
+                // Write the file locally
+                await streamPipeline(responseR1CS.body, createWriteStream(localR1csPath));
+                console.log(`Downloaded r1cs file for circuit ${circuitData.name}.`);
+            }
+            // extract the metadata from the r1cs
+            const metadata = getR1CSInfo(localR1csPath);
+            // Check if wasm file already exists
+            let wasmExists = false;
+            if (fs.existsSync(localWasmPath)) {
+                console.log(`Found existing wasm file for circuit ${circuitData.name}. Skipping download.`);
+                wasmExists = true;
+            }
+            if (!wasmExists) {
+                // download wasm if it's not available
+                const responseWASM = await fetch(artifacts.wasmStoragePath);
+                if (!responseWASM.ok && responseWASM.status !== 200)
+                    throw new Error(`There was an error while trying to download the WASM file for circuit ${circuitData.name}. Please check that the file has the correct permissions (public) set.`);
+                await streamPipeline(responseWASM.body, createWriteStream(localWasmPath));
+                console.log(`Downloaded wasm file for circuit ${circuitData.name}.`);
+            }
+            // validate that the circuit hash and template links are valid
+            const { template } = circuitData;
+            const URLMatch = template.source.match(urlPattern);
+            if (!URLMatch || URLMatch.length === 0 || URLMatch.length > 1)
+                throw new Error("You should provide the URL to the circuits templates on GitHub.");
+            const hashMatch = template.commitHash.match(commitHashPattern);
+            if (!hashMatch || hashMatch.length === 0 || hashMatch.length > 1)
+                throw new Error("You should provide a valid commit hash of the circuit templates.");
+            // calculate the hash of the r1cs file
+            const r1csBlake2bHash = await blake512FromPath(localR1csPath);
+            const circuitPrefix = extractPrefix(circuitData.name);
+            // filenames
+            const doubleDigitsPowers = convertToDoubleDigits(metadata.pot);
+            const r1csCompleteFilename = `${circuitData.name}.r1cs`;
+            const wasmCompleteFilename = `${circuitData.name}.wasm`;
+            const smallestPowersOfTauCompleteFilenameForCircuit = `${potFilenameTemplate}${doubleDigitsPowers}.ptau`;
+            const firstZkeyCompleteFilename = `${circuitPrefix}_${genesisZkeyIndex}.zkey`;
+            // storage paths
+            const r1csStorageFilePath = getR1csStorageFilePath(circuitPrefix, r1csCompleteFilename);
+            const wasmStorageFilePath = getWasmStorageFilePath(circuitPrefix, wasmCompleteFilename);
+            const potStorageFilePath = getPotStorageFilePath(smallestPowersOfTauCompleteFilenameForCircuit);
+            const zkeyStorageFilePath = getZkeyStorageFilePath(circuitPrefix, firstZkeyCompleteFilename);
+            const files = {
+                potFilename: smallestPowersOfTauCompleteFilenameForCircuit,
+                r1csFilename: r1csCompleteFilename,
+                wasmFilename: wasmCompleteFilename,
+                initialZkeyFilename: firstZkeyCompleteFilename,
+                potStoragePath: potStorageFilePath,
+                r1csStoragePath: r1csStorageFilePath,
+                wasmStoragePath: wasmStorageFilePath,
+                initialZkeyStoragePath: zkeyStorageFilePath,
+                r1csBlake2bHash
+            };
+            // validate that the compiler hash is a valid hash
+            const { compiler } = circuitData;
+            const compilerHashMatch = compiler.commitHash.match(commitHashPattern);
+            if (!compilerHashMatch || compilerHashMatch.length === 0 || compilerHashMatch.length > 1)
+                throw new Error("You should provide a valid commit hash of the circuit compiler.");
+            // validate that the verification options are valid
+            const { verification } = circuitData;
+            if (verification.cfOrVm !== "CF" && verification.cfOrVm !== "VM")
+                throw new Error("Please enter a valid verification mechanism: either CF or VM");
+            // @todo VM parameters verification
+            // if (verification['cfOrVM'] === "VM") {}
+            // check that the timeout is provided for the correct configuration
+            let dynamicThreshold;
+            let fixedTimeWindow;
+            let circuit = {};
+            if (data.timeoutMechanismType === "DYNAMIC" /* CeremonyTimeoutType.DYNAMIC */) {
+                if (circuitData.dynamicThreshold <= 0)
+                    throw new Error("The dynamic threshold should be > 0.");
+                dynamicThreshold = circuitData.dynamicThreshold;
+                // the Circuit data for the ceremony setup
+                circuit = {
+                    name: circuitData.name,
+                    description: circuitData.description,
+                    prefix: circuitPrefix,
+                    sequencePosition: i + 1,
+                    metadata,
+                    files,
+                    template,
+                    compiler,
+                    verification,
+                    dynamicThreshold,
+                    avgTimings: {
+                        contributionComputation: 0,
+                        fullContribution: 0,
+                        verifyCloudFunction: 0
+                    }
+                };
+            }
+            if (data.timeoutMechanismType === "FIXED" /* CeremonyTimeoutType.FIXED */) {
+                if (circuitData.fixedTimeWindow <= 0)
+                    throw new Error("The fixed time window threshold should be > 0.");
+                fixedTimeWindow = circuitData.fixedTimeWindow;
+                // the Circuit data for the ceremony setup
+                circuit = {
+                    name: circuitData.name,
+                    description: circuitData.description,
+                    prefix: circuitPrefix,
+                    sequencePosition: i + 1,
+                    metadata,
+                    files,
+                    template,
+                    compiler,
+                    verification,
+                    fixedTimeWindow,
+                    avgTimings: {
+                        contributionComputation: 0,
+                        fullContribution: 0,
+                        verifyCloudFunction: 0
+                    }
+                };
+            }
+            circuits.push(circuit);
+            // remove the local r1cs and wasm downloads (if used for verifying the config only vs setup)
+            if (cleanup) {
+                fs.unlinkSync(localR1csPath);
+                fs.unlinkSync(localWasmPath);
+            }
+        }
+        const setupData = {
+            ceremonyInputData: {
+                title: data.title,
+                description: data.description,
+                startDate: startDate.valueOf(),
+                endDate: endDate.valueOf(),
+                timeoutMechanismType: data.timeoutMechanismType,
+                penalty: data.penalty
+            },
+            ceremonyPrefix: extractPrefix(data.title),
+            circuits,
+            circuitArtifacts
+        };
+        return setupData;
+    }
+    catch (error) {
+        throw new Error(`Error while parsing up the ceremony setup file. ${error.message}`);
+    }
+};
 
 /**
  * Verify that a zKey is valid
@@ -1834,7 +1901,7 @@ const getFirestoreDatabase = (app) => getFirestore(app);
  * @param app <FirebaseApp> - the Firebase application.
  * @returns <Functions> - the Cloud Functions associated to the application.
  */
-const getFirebaseFunctions = (app) => getFunctions(app, 'europe-west1');
+const getFirebaseFunctions = (app) => getFunctions(app, "europe-west1");
 /**
  * Retrieve the configuration variables for the AWS services (S3, EC2).
  * @returns <AWSVariables> - the values of the AWS services configuration variables.
@@ -1843,14 +1910,14 @@ const getAWSVariables = () => {
     if (!process.env.AWS_ACCESS_KEY_ID ||
         !process.env.AWS_SECRET_ACCESS_KEY ||
         !process.env.AWS_REGION ||
-        !process.env.AWS_ROLE_ARN ||
+        !process.env.AWS_INSTANCE_PROFILE_ARN ||
         !process.env.AWS_AMI_ID)
         throw new Error("Could not retrieve the AWS environment variables. Please, verify your environment configuration and retry");
     return {
         accessKeyId: process.env.AWS_ACCESS_KEY_ID,
         secretAccessKey: process.env.AWS_SECRET_ACCESS_KEY,
         region: process.env.AWS_REGION || "us-east-1",
-        roleArn: process.env.AWS_ROLE_ARN,
+        instanceProfileArn: process.env.AWS_INSTANCE_PROFILE_ARN,
         amiId: process.env.AWS_AMI_ID
     };
 };
@@ -1931,11 +1998,11 @@ const p256 = (proofPart) => {
  */
 const formatSolidityCalldata = (circuitInput, _proof) => {
     try {
-        const proof = utils.unstringifyBigInts(_proof);
+        const proof = unstringifyBigInts(_proof);
         // format the public inputs to the circuit
         const formattedCircuitInput = [];
         for (const cInput of circuitInput) {
-            formattedCircuitInput.push(p256(utils.unstringifyBigInts(cInput)));
+            formattedCircuitInput.push(p256(unstringifyBigInts(cInput)));
         }
         // construct calldata
         const calldata = {
@@ -2103,7 +2170,8 @@ const getGitHubStats = async (user) => {
         following: jsonData.following,
         followers: jsonData.followers,
         publicRepos: jsonData.public_repos,
-        avatarUrl: jsonData.avatar_url
+        avatarUrl: jsonData.avatar_url,
+        age: jsonData.created_at
     };
     return data;
 };
@@ -2115,20 +2183,21 @@ const getGitHubStats = async (user) => {
  * @param minimumAmountOfPublicRepos <number> The minimum amount of public repos the user should have
  * @returns <any> Return the avatar URL of the user if the user is reputable, false otherwise
  */
-const githubReputation = async (userLogin, minimumAmountOfFollowing, minimumAmountOfFollowers, minimumAmountOfPublicRepos) => {
+const githubReputation = async (userLogin, minimumAmountOfFollowing, minimumAmountOfFollowers, minimumAmountOfPublicRepos, minimumAge) => {
     if (!process.env.GITHUB_ACCESS_TOKEN)
         throw new Error("The GitHub access token is missing. Please insert a valid token to be used for anti-sybil checks on user registation, and then try again.");
-    const { following, followers, publicRepos, avatarUrl } = await getGitHubStats(userLogin);
+    const { following, followers, publicRepos, avatarUrl, age } = await getGitHubStats(userLogin);
     if (following < minimumAmountOfFollowing ||
         publicRepos < minimumAmountOfPublicRepos ||
-        followers < minimumAmountOfFollowers)
+        followers < minimumAmountOfFollowers ||
+        new Date(age) > new Date(Date.now() - minimumAge))
         return {
             reputable: false,
             avatarUrl: ""
         };
     return {
         reputable: true,
-        avatarUrl: avatarUrl
+        avatarUrl
     };
 };
 
@@ -2315,8 +2384,8 @@ const createSSMClient = async () => {
  * @returns <Array<string>> - the list of startup commands to be executed.
  */
 const vmBootstrapCommand = (bucketName) => [
-    "#!/bin/bash",
-    `aws s3 cp s3://${bucketName}/${vmBootstrapScriptFilename} ${vmBootstrapScriptFilename}`,
+    "#!/bin/bash", // shabang.
+    `aws s3 cp s3://${bucketName}/${vmBootstrapScriptFilename} ${vmBootstrapScriptFilename}`, // copy file from S3 bucket to VM.
     `chmod +x ${vmBootstrapScriptFilename} && bash ${vmBootstrapScriptFilename}` // grant permission and execute.
 ];
 /**
@@ -2337,8 +2406,13 @@ const vmDependenciesAndCacheArtifactsCommand = (zKeyPath, potPath, snsTopic, reg
     // eslint-disable-next-line no-template-curly-in-string
     "touch ${MARKER_FILE}",
     "sudo yum update -y",
-    "curl -sL https://rpm.nodesource.com/setup_16.x | sudo bash - ",
-    "sudo yum install -y nodejs",
+    "curl -O https://nodejs.org/dist/v16.13.0/node-v16.13.0-linux-x64.tar.xz",
+    "tar -xf node-v16.13.0-linux-x64.tar.xz",
+    "mv node-v16.13.0-linux-x64 nodejs",
+    "sudo mv nodejs /opt/",
+    "echo 'export NODEJS_HOME=/opt/nodejs' >> /etc/profile",
+    "echo 'export PATH=$NODEJS_HOME/bin:$PATH' >> /etc/profile",
+    "source /etc/profile",
     "npm install -g snarkjs",
     `aws s3 cp s3://${zKeyPath} /var/tmp/genesisZkey.zkey`,
     `aws s3 cp s3://${potPath} /var/tmp/pot.ptau`,
@@ -2357,6 +2431,7 @@ const vmDependenciesAndCacheArtifactsCommand = (zKeyPath, potPath, snsTopic, reg
  * @returns Array<string> - the list of commands for contribution verification.
  */
 const vmContributionVerificationCommand = (bucketName, lastZkeyStoragePath, verificationTranscriptStoragePathAndFilename) => [
+    `source /etc/profile`,
     `aws s3 cp s3://${bucketName}/${lastZkeyStoragePath} /var/tmp/lastZKey.zkey > /var/tmp/log.txt`,
     `snarkjs zkvi /var/tmp/genesisZkey.zkey /var/tmp/pot.ptau /var/tmp/lastZKey.zkey > /var/tmp/verification_transcript.log`,
     `aws s3 cp /var/tmp/verification_transcript.log s3://${bucketName}/${verificationTranscriptStoragePathAndFilename} &>/dev/null`,
@@ -2383,8 +2458,9 @@ const computeDiskSizeForVM = (zKeySizeInBytes, pot) => Math.ceil(2 * convertByte
  */
 const createEC2Instance = async (ec2, commands, instanceType, volumeSize, diskType) => {
     // Get the AWS variables.
-    const { amiId, roleArn } = getAWSVariables();
+    const { amiId, instanceProfileArn } = getAWSVariables();
     // Parametrize the VM EC2 instance.
+    console.log("\nLAUNCHING AWS EC2 INSTANCE\n");
     const params = {
         ImageId: amiId,
         InstanceType: instanceType,
@@ -2392,7 +2468,7 @@ const createEC2Instance = async (ec2, commands, instanceType, volumeSize, diskTy
         MinCount: 1,
         // nb. to find this: iam -> roles -> role_name.
         IamInstanceProfile: {
-            Arn: roleArn
+            Arn: instanceProfileArn
         },
         // nb. for running commands at the startup.
         UserData: Buffer.from(commands.join("\n")).toString("base64"),
@@ -2401,7 +2477,7 @@ const createEC2Instance = async (ec2, commands, instanceType, volumeSize, diskTy
                 DeviceName: "/dev/xvda",
                 Ebs: {
                     DeleteOnTermination: true,
-                    VolumeSize: volumeSize,
+                    VolumeSize: volumeSize, // disk size in GB.
                     VolumeType: diskType
                 }
             }
@@ -2418,6 +2494,19 @@ const createEC2Instance = async (ec2, commands, instanceType, volumeSize, diskTy
                     {
                         Key: "Initialized",
                         Value: "false"
+                    },
+                    {
+                        Key: "Project",
+                        Value: "trusted-setup"
+                    }
+                ]
+            },
+            {
+                ResourceType: "volume",
+                Tags: [
+                    {
+                        Key: "Project",
+                        Value: "trusted-setup"
                     }
                 ]
             }
@@ -2587,4 +2676,4 @@ const retrieveCommandStatus = async (ssm, instanceId, commandId) => {
     }
 };
 
-export { CeremonyState, CeremonyTimeoutType, CeremonyType, CircuitContributionVerificationMechanism, DiskTypeForVM, ParticipantContributionStep, ParticipantStatus, RequestType, TestingEnvironment, TimeoutType, autoGenerateEntropy, blake512FromPath, checkAndPrepareCoordinatorForFinalization, checkIfObjectExist, checkIfRunning, checkParticipantForCeremony, commonTerms, compareCeremonyArtifacts, compareHashes, compileContract, completeMultiPartUpload, computeDiskSizeForVM, computeSHA256ToHex, computeSmallestPowersOfTauForCircuit, convertBytesOrKbToGb, convertToDoubleDigits, createCustomLoggerForFile, createEC2Client, createEC2Instance, createS3Bucket, createSSMClient, downloadAllCeremonyArtifacts, downloadCeremonyArtifact, ec2InstanceTag, exportVerifierAndVKey, exportVerifierContract, exportVkey, extractPoTFromFilename, extractPrefix, extractR1CSInfoValueForGivenKey, finalContributionIndex, finalizeCeremony, finalizeCircuit, formatSolidityCalldata, formatZkeyIndex, fromQueryToFirebaseDocumentInfo, generateGROTH16Proof, generateGetObjectPreSignedUrl, generatePreSignedUrlsParts, generateValidContributionsAttestation, generateZkeyFromScratch, genesisZkeyIndex, getAllCollectionDocs, getBucketName, getCeremonyCircuits, getCircuitBySequencePosition, getCircuitContributionsFromContributor, getCircuitsCollectionPath, getClosedCeremonies, getContributionsCollectionPath, getContributionsValidityForContributor, getCurrentActiveParticipantTimeout, getCurrentFirebaseAuthUser, getDocumentById, getOpenedCeremonies, getParticipantsCollectionPath, getPotStorageFilePath, getPublicAttestationPreambleForContributor, getR1CSInfo, getR1csStorageFilePath, getTimeoutsCollectionPath, getTranscriptStorageFilePath, getVerificationKeyStorageFilePath, getVerifierContractStorageFilePath, getWasmStorageFilePath, getZkeyStorageFilePath, githubReputation, initializeFirebaseCoreServices, isCoordinator, multiPartUpload, numExpIterations, p256, parseCeremonyFile, permanentlyStoreCurrentContributionTimeAndHash, potFileDownloadMainUrl, potFilenameTemplate, powersOfTauFiles, progressToNextCircuitForContribution, progressToNextContributionStep, queryCollection, resumeContributionAfterTimeoutExpiration, retrieveCommandOutput, retrieveCommandStatus, runCommandUsingSSM, setupCeremony, signInToFirebaseWithCredentials, solidityVersion, startEC2Instance, stopEC2Instance, temporaryStoreCurrentContributionMultiPartUploadId, temporaryStoreCurrentContributionUploadedChunkData, terminateEC2Instance, toHex, verificationKeyAcronym, verifierSmartContractAcronym, verifyCeremony, verifyContribution, verifyGROTH16Proof, verifyGROTH16ProofOnChain, verifyZKey, vmBootstrapCommand, vmBootstrapScriptFilename, vmConfigurationTypes, vmContributionVerificationCommand, vmDependenciesAndCacheArtifactsCommand };
+export { CeremonyState, CeremonyTimeoutType, CeremonyType, CircuitContributionVerificationMechanism, DiskTypeForVM, ParticipantContributionStep, ParticipantStatus, RequestType, TestingEnvironment, TimeoutType, autoGenerateEntropy, blake512FromPath, checkAndPrepareCoordinatorForFinalization, checkIfObjectExist, checkIfRunning, checkParticipantForCeremony, commonTerms, compareCeremonyArtifacts, compareHashes, compileContract, completeMultiPartUpload, computeDiskSizeForVM, computeSHA256ToHex, computeSmallestPowersOfTauForCircuit, contribHashRegex, convertBytesOrKbToGb, convertToDoubleDigits, createCustomLoggerForFile, createEC2Client, createEC2Instance, createS3Bucket, createSSMClient, downloadAllCeremonyArtifacts, downloadCeremonyArtifact, ec2InstanceTag, exportVerifierAndVKey, exportVerifierContract, exportVkey, extractPoTFromFilename, extractPrefix, extractR1CSInfoValueForGivenKey, finalContributionIndex, finalizeCeremony, finalizeCircuit, formatSolidityCalldata, formatZkeyIndex, fromQueryToFirebaseDocumentInfo, generateGROTH16Proof, generateGetObjectPreSignedUrl, generatePreSignedUrlsParts, generateValidContributionsAttestation, generateZkeyFromScratch, genesisZkeyIndex, getAllCeremonies, getAllCollectionDocs, getBucketName, getCeremonyCircuits, getCircuitBySequencePosition, getCircuitContributionsFromContributor, getCircuitsCollectionPath, getClosedCeremonies, getContributionsCollectionPath, getContributionsValidityForContributor, getCurrentActiveParticipantTimeout, getCurrentFirebaseAuthUser, getDocumentById, getOpenedCeremonies, getParticipantsCollectionPath, getPotStorageFilePath, getPublicAttestationPreambleForContributor, getR1CSInfo, getR1csStorageFilePath, getTimeoutsCollectionPath, getTranscriptStorageFilePath, getVerificationKeyStorageFilePath, getVerifierContractStorageFilePath, getWasmStorageFilePath, getZkeyStorageFilePath, githubReputation, initializeFirebaseCoreServices, isCoordinator, multiPartUpload, numExpIterations, p256, parseCeremonyFile, permanentlyStoreCurrentContributionTimeAndHash, potFileDownloadMainUrl, potFilenameTemplate, powersOfTauFiles, progressToNextCircuitForContribution, progressToNextContributionStep, queryCollection, resumeContributionAfterTimeoutExpiration, retrieveCommandOutput, retrieveCommandStatus, runCommandUsingSSM, setupCeremony, signInToFirebaseWithCredentials, solidityVersion, startEC2Instance, stopEC2Instance, temporaryStoreCurrentContributionMultiPartUploadId, temporaryStoreCurrentContributionUploadedChunkData, terminateEC2Instance, toHex, verificationKeyAcronym, verifierSmartContractAcronym, verifyCeremony, verifyContribution, verifyGROTH16Proof, verifyGROTH16ProofOnChain, verifyZKey, vmBootstrapCommand, vmBootstrapScriptFilename, vmConfigurationTypes, vmContributionVerificationCommand, vmDependenciesAndCacheArtifactsCommand };