npm - @devtion/backend - Versions diffs - 0.0.0-3df1645 → 0.0.0-477457c - Mend

@devtion/backend 0.0.0-3df1645 → 0.0.0-477457c

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (50) hide show

package/src/functions/circuit.ts CHANGED Viewed

@@ -40,6 +40,8 @@ import {
 } from "@devtion/actions"
 import { zKey } from "snarkjs"
 import { CommandInvocationStatus, SSMClient } from "@aws-sdk/client-ssm"
+import { EC2Client } from "@aws-sdk/client-ec2"
+import { HttpsError } from "firebase-functions/v2/https"
 import { FinalizeCircuitData, VerifyContributionData } from "../types/index"
 import { LogLevel } from "../types/enums"
 import { COMMON_ERRORS, logAndThrowError, makeError, printLog, SPECIFIC_ERRORS } from "../lib/errors"
@@ -57,8 +59,6 @@ import {
     sleep,
     uploadFileToBucket
 } from "../lib/utils"
-import { EC2Client } from "@aws-sdk/client-ec2"
-import { HttpsError } from "firebase-functions/v2/https"
 dotenv.config()
@@ -115,7 +115,7 @@ const coordinate = async (
     if (isSingleParticipantCoordination) {
         // Scenario (A).
         if (emptyWaitingQueue) {
-            printLog(`Coordinate - executing scenario A - emptyWaitingQueue`, LogLevel.DEBUG)
+            printLog(`Coordinate - executing scenario A - emptyWaitingQueue`, LogLevel.INFO)
             // Update.
             newCurrentContributorId = participant.id
@@ -127,7 +127,7 @@ const coordinate = async (
         else if (participantResumingAfterTimeoutExpiration) {
             printLog(
                 `Coordinate - executing scenario A - single - participantResumingAfterTimeoutExpiration`,
-                LogLevel.DEBUG
+                LogLevel.INFO
             )
             newParticipantStatus = ParticipantStatus.CONTRIBUTING
@@ -136,7 +136,7 @@ const coordinate = async (
         }
         // Scenario (B).
         else if (participantIsNotCurrentContributor) {
-            printLog(`Coordinate - executing scenario B - single - participantIsNotCurrentContributor`, LogLevel.DEBUG)
+            printLog(`Coordinate - executing scenario B - single - participantIsNotCurrentContributor`, LogLevel.INFO)
             newCurrentContributorId = currentContributor
             newParticipantStatus = ParticipantStatus.WAITING
@@ -160,7 +160,7 @@ const coordinate = async (
     } else if (participantIsCurrentContributor && participantCompletedOneOrAllContributions && !!ceremonyId) {
         printLog(
             `Coordinate - executing scenario C - multi - participantIsCurrentContributor && participantCompletedOneOrAllContributions`,
-            LogLevel.DEBUG
+            LogLevel.INFO
         )
         newParticipantStatus = ParticipantStatus.CONTRIBUTING
@@ -190,7 +190,7 @@ const coordinate = async (
             printLog(
                 `Participant ${newCurrentContributorId} is the new current contributor for circuit ${circuit.id}`,
-                LogLevel.DEBUG
+                LogLevel.INFO
             )
         }
     }
@@ -276,8 +276,8 @@ const waitForVMCommandExecution = (ssm: SSMClient, vmInstanceId: string, command
                 // if it errors out, let's just log it as a warning so the coordinator is aware
                 try {
                     await stopEC2Instance(ec2, vmInstanceId)
-                } catch (error: any) {
-                    printLog(`Error while stopping VM instance ${vmInstanceId} - Error ${error}`, LogLevel.WARN)
+                } catch (stopError: any) {
+                    printLog(`Error while stopping VM instance ${vmInstanceId} - Error ${stopError}`, LogLevel.WARN)
                 }
                 if (!error.toString().includes(commandId)) logAndThrowError(COMMON_ERRORS.CM_INVALID_COMMAND_EXECUTION)
@@ -312,7 +312,7 @@ const waitForVMCommandExecution = (ssm: SSMClient, vmInstanceId: string, command
 export const coordinateCeremonyParticipant = functionsV1
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB"
     })
     .firestore.document(
         `${commonTerms.collections.ceremonies.name}/{ceremonyId}/${commonTerms.collections.participants.name}/{participantId}`
@@ -346,10 +346,10 @@ export const coordinateCeremonyParticipant = functionsV1
             contributionStep: changedContributionStep
         } = changedParticipant.data()!
-        printLog(`Coordinate participant ${exParticipant.id} for ceremony ${ceremonyId}`, LogLevel.DEBUG)
+        printLog(`Coordinate participant ${exParticipant.id} for ceremony ${ceremonyId}`, LogLevel.INFO)
         printLog(
             `Participant status: ${prevStatus} => ${changedStatus} - Participant contribution step: ${prevContributionStep} => ${changedContributionStep}`,
-            LogLevel.DEBUG
+            LogLevel.INFO
         )
         // Define pre-conditions.
@@ -370,8 +370,8 @@ export const coordinateCeremonyParticipant = functionsV1
         const participantCompletedContribution =
             prevContributionProgress === changedContributionProgress &&
-            prevStatus === ParticipantStatus.CONTRIBUTING &&
-            prevContributionStep === ParticipantContributionStep.VERIFYING &&
+            (prevStatus === ParticipantStatus.CONTRIBUTING ||
+                prevContributionStep === ParticipantContributionStep.VERIFYING) &&
             changedStatus === ParticipantStatus.CONTRIBUTED &&
             changedContributionStep === ParticipantContributionStep.COMPLETED
@@ -384,7 +384,7 @@ export const coordinateCeremonyParticipant = functionsV1
             // Step (2.A).
             printLog(
                 `Participant is ready for first contribution (${participantReadyForFirstContribution}) or for the next contribution (${participantReadyForNextContribution}) or is resuming after a timeout expiration (${participantResumingContributionAfterTimeout})`,
-                LogLevel.DEBUG
+                LogLevel.INFO
             )
             // Get the circuit.
@@ -398,7 +398,7 @@ export const coordinateCeremonyParticipant = functionsV1
             // Step (2.B).
             printLog(
                 `Participant completed a contribution (${participantCompletedContribution}) or every contribution for each circuit (${participantCompletedEveryCircuitContribution})`,
-                LogLevel.DEBUG
+                LogLevel.INFO
             )
             // Get the circuit.
@@ -428,10 +428,9 @@ const checkIfVMRunning = async (ec2: EC2Client, vmInstanceId: string, attempts =
     if (!isVMRunning) {
         printLog(`VM not running, ${attempts - 1} attempts remaining. Retrying in 1 minute...`, LogLevel.DEBUG)
-        return await checkIfVMRunning(ec2, vmInstanceId, attempts - 1)
-    } else {
-        return true
+        return checkIfVMRunning(ec2, vmInstanceId, attempts - 1)
     }
+    return true
 }
 /**
@@ -461,417 +460,448 @@ const checkIfVMRunning = async (ec2: EC2Client, vmInstanceId: string, attempts =
  * 2) Send all updates atomically to the Firestore database.
  */
 export const verifycontribution = functionsV2.https.onCall(
-    { memory: "16GiB", timeoutSeconds: 3600, region: "europe-west1" },
+    { memory: "32GiB", timeoutSeconds: 3600, region: "europe-west1", cpu: 8 },
     async (request: functionsV2.https.CallableRequest<VerifyContributionData>): Promise<any> => {
-        if (!request.auth || (!request.auth.token.participant && !request.auth.token.coordinator))
-            logAndThrowError(SPECIFIC_ERRORS.SE_AUTH_NO_CURRENT_AUTH_USER)
-        if (
-            !request.data.ceremonyId ||
-            !request.data.circuitId ||
-            !request.data.contributorOrCoordinatorIdentifier ||
-            !request.data.bucketName
-        )
-            logAndThrowError(COMMON_ERRORS.CM_MISSING_OR_WRONG_INPUT_DATA)
-        if (
-            !process.env.CUSTOM_CONTRIBUTION_VERIFICATION_SOFTWARE_NAME ||
-            !process.env.CUSTOM_CONTRIBUTION_VERIFICATION_SOFTWARE_VERSION ||
-            !process.env.CUSTOM_CONTRIBUTION_VERIFICATION_SOFTWARE_COMMIT_HASH
-        )
-            logAndThrowError(COMMON_ERRORS.CM_WRONG_CONFIGURATION)
-        // Step (0).
+        try {
+            if (!request.auth || (!request.auth.token.participant && !request.auth.token.coordinator))
+                logAndThrowError(SPECIFIC_ERRORS.SE_AUTH_NO_CURRENT_AUTH_USER)
+            if (
+                !request.data.ceremonyId ||
+                !request.data.circuitId ||
+                !request.data.contributorOrCoordinatorIdentifier ||
+                !request.data.bucketName
+            )
+                logAndThrowError(COMMON_ERRORS.CM_MISSING_OR_WRONG_INPUT_DATA)
-        // Prepare and start timer.
-        const verifyContributionTimer = new Timer({ label: commonTerms.cloudFunctionsNames.verifyContribution })
-        verifyContributionTimer.start()
+            if (
+                !process.env.CUSTOM_CONTRIBUTION_VERIFICATION_SOFTWARE_NAME ||
+                !process.env.CUSTOM_CONTRIBUTION_VERIFICATION_SOFTWARE_VERSION ||
+                !process.env.CUSTOM_CONTRIBUTION_VERIFICATION_SOFTWARE_COMMIT_HASH
+            )
+                logAndThrowError(COMMON_ERRORS.CM_WRONG_CONFIGURATION)
+            const BUCKET_NAME_REGEX = /^[a-z0-9][a-z0-9-]{1,61}[a-z0-9]$/
+            if (!BUCKET_NAME_REGEX.test(request.data.bucketName)) logAndThrowError(SPECIFIC_ERRORS.WRONG_BUCKET_NAME)
+            // Step (0).
+            // Prepare and start timer.
+            const verifyContributionTimer = new Timer({ label: commonTerms.cloudFunctionsNames.verifyContribution })
+            verifyContributionTimer.start()
+            // Get DB.
+            const firestore = admin.firestore()
+            // Prepare batch of txs.
+            const batch = firestore.batch()
+            // Extract data.
+            const { ceremonyId, circuitId, contributorOrCoordinatorIdentifier, bucketName } = request.data
+            const userId = request.auth?.uid
+            // Look for the ceremony, circuit and participant document.
+            const ceremonyDoc = await getDocumentById(commonTerms.collections.ceremonies.name, ceremonyId)
+            const circuitDoc = await getDocumentById(getCircuitsCollectionPath(ceremonyId), circuitId)
+            const participantDoc = await getDocumentById(getParticipantsCollectionPath(ceremonyId), userId!)
+            if (!ceremonyDoc.data() || !circuitDoc.data() || !participantDoc.data())
+                logAndThrowError(COMMON_ERRORS.CM_INEXISTENT_DOCUMENT_DATA)
+            // Extract documents data.
+            const { state } = ceremonyDoc.data()!
+            const { status, contributions, verificationStartedAt, contributionStartedAt } = participantDoc.data()!
+            const { waitingQueue, prefix, avgTimings, verification, files } = circuitDoc.data()!
+            const { completedContributions, failedContributions } = waitingQueue
+            const {
+                contributionComputation: avgContributionComputationTime,
+                fullContribution: avgFullContributionTime,
+                verifyCloudFunction: avgVerifyCloudFunctionTime
+            } = avgTimings
+            const { cfOrVm, vm } = verification
+            // we might not have it if the circuit is not using VM.
+            let vmInstanceId: string = ""
+            if (vm) vmInstanceId = vm.vmInstanceId
-        // Get DB.
-        const firestore = admin.firestore()
-        // Prepare batch of txs.
-        const batch = firestore.batch()
+            // Define pre-conditions.
+            const isFinalizing = state === CeremonyState.CLOSED && request.auth && request.auth.token.coordinator // true only when the coordinator verifies the final contributions.
+            const isContributing = status === ParticipantStatus.CONTRIBUTING
+            const isUsingVM = cfOrVm === CircuitContributionVerificationMechanism.VM && !!vmInstanceId
+            // Prepare state.
+            let isContributionValid = false
+            let verifyCloudFunctionExecutionTime = 0 // time spent while executing the verify contribution cloud function.
+            let verifyCloudFunctionTime = 0 // time spent while executing the core business logic of this cloud function.
+            let fullContributionTime = 0 // time spent while doing non-verification contributions tasks (download, compute, upload).
+            let contributionComputationTime = 0 // time spent while computing the contribution.
+            let lastZkeyBlake2bHash: string = "" // the Blake2B hash of the last zKey.
+            let verificationTranscriptTemporaryLocalPath: string = "" // the local temporary path for the verification transcript.
+            let transcriptBlake2bHash: string = "" // the Blake2B hash of the verification transcript.
+            let commandId: string = "" // the unique identifier of the VM command.
+            // Derive necessary data.
+            const lastZkeyIndex = formatZkeyIndex(completedContributions + 1)
+            const verificationTranscriptCompleteFilename = `${prefix}_${
+                isFinalizing
+                    ? `${contributorOrCoordinatorIdentifier}_${finalContributionIndex}_verification_transcript.log`
+                    : `${lastZkeyIndex}_${contributorOrCoordinatorIdentifier}_verification_transcript.log`
+            }`
+            const lastZkeyFilename = `${prefix}_${isFinalizing ? finalContributionIndex : lastZkeyIndex}.zkey`
+            // Prepare state for VM verification (if needed).
+            const ec2 = await createEC2Client()
+            const ssm = await createSSMClient()
+            // Step (1.A.1).
+            // Get storage paths.
+            const verificationTranscriptStoragePathAndFilename = getTranscriptStorageFilePath(
+                prefix,
+                verificationTranscriptCompleteFilename
+            )
+            // the zKey storage path is required to be sent to the VM api
+            const lastZkeyStoragePath = getZkeyStorageFilePath(
+                prefix,
+                `${prefix}_${isFinalizing ? finalContributionIndex : lastZkeyIndex}.zkey`
+            )
-        // Extract data.
-        const { ceremonyId, circuitId, contributorOrCoordinatorIdentifier, bucketName } = request.data
-        const userId = request.auth?.uid
+            const verificationTaskTimer = new Timer({ label: `${ceremonyId}-${circuitId}-${participantDoc.id}` })
-        // Look for the ceremony, circuit and participant document.
-        const ceremonyDoc = await getDocumentById(commonTerms.collections.ceremonies.name, ceremonyId)
-        const circuitDoc = await getDocumentById(getCircuitsCollectionPath(ceremonyId), circuitId)
-        const participantDoc = await getDocumentById(getParticipantsCollectionPath(ceremonyId), userId!)
+            const dumpLog = async (path: string): Promise<void> => {
+                printLog(`transcript >>>>>>`, LogLevel.DEBUG)
+                try {
+                    const data = await fs.promises.readFile(path, "utf8")
+                    printLog(data, LogLevel.DEBUG)
+                } catch (readError: any) {
+                    printLog(readError, LogLevel.ERROR)
+                }
+            }
-        if (!ceremonyDoc.data() || !circuitDoc.data() || !participantDoc.data())
-            logAndThrowError(COMMON_ERRORS.CM_INEXISTENT_DOCUMENT_DATA)
+            const completeVerification = async () => {
+                // Stop verification task timer.
+                printLog("Completing verification", LogLevel.DEBUG)
+                verificationTaskTimer.stop()
+                verifyCloudFunctionExecutionTime = verificationTaskTimer.ms()
-        // Extract documents data.
-        const { state } = ceremonyDoc.data()!
-        const { status, contributions, verificationStartedAt, contributionStartedAt } = participantDoc.data()!
-        const { waitingQueue, prefix, avgTimings, verification, files } = circuitDoc.data()!
-        const { completedContributions, failedContributions } = waitingQueue
-        const {
-            contributionComputation: avgContributionComputationTime,
-            fullContribution: avgFullContributionTime,
-            verifyCloudFunction: avgVerifyCloudFunctionTime
-        } = avgTimings
-        const { cfOrVm, vm } = verification
-        // we might not have it if the circuit is not using VM.
-        let vmInstanceId: string = ""
-        if (vm) vmInstanceId = vm.vmInstanceId
+                if (isUsingVM) {
+                    // Create temporary path.
+                    verificationTranscriptTemporaryLocalPath = createTemporaryLocalPath(
+                        `${circuitId}_${participantDoc.id}.log`
+                    )
-        // Define pre-conditions.
-        const isFinalizing = state === CeremonyState.CLOSED && request.auth && request.auth.token.coordinator // true only when the coordinator verifies the final contributions.
-        const isContributing = status === ParticipantStatus.CONTRIBUTING
-        const isUsingVM = cfOrVm === CircuitContributionVerificationMechanism.VM && !!vmInstanceId
-        // Prepare state.
-        let isContributionValid = false
-        let verifyCloudFunctionExecutionTime = 0 // time spent while executing the verify contribution cloud function.
-        let verifyCloudFunctionTime = 0 // time spent while executing the core business logic of this cloud function.
-        let fullContributionTime = 0 // time spent while doing non-verification contributions tasks (download, compute, upload).
-        let contributionComputationTime = 0 // time spent while computing the contribution.
-        let lastZkeyBlake2bHash: string = "" // the Blake2B hash of the last zKey.
-        let verificationTranscriptTemporaryLocalPath: string = "" // the local temporary path for the verification transcript.
-        let transcriptBlake2bHash: string = "" // the Blake2B hash of the verification transcript.
-        let commandId: string = "" // the unique identifier of the VM command.
-        // Derive necessary data.
-        const lastZkeyIndex = formatZkeyIndex(completedContributions + 1)
-        const verificationTranscriptCompleteFilename = `${prefix}_${
-            isFinalizing
-                ? `${contributorOrCoordinatorIdentifier}_${finalContributionIndex}_verification_transcript.log`
-                : `${lastZkeyIndex}_${contributorOrCoordinatorIdentifier}_verification_transcript.log`
-        }`
-        const lastZkeyFilename = `${prefix}_${isFinalizing ? finalContributionIndex : lastZkeyIndex}.zkey`
-        // Prepare state for VM verification (if needed).
-        const ec2 = await createEC2Client()
-        const ssm = await createSSMClient()
-        // Step (1.A.1).
-        // Get storage paths.
-        const verificationTranscriptStoragePathAndFilename = getTranscriptStorageFilePath(
-            prefix,
-            verificationTranscriptCompleteFilename
-        )
-        // the zKey storage path is required to be sent to the VM api
-        const lastZkeyStoragePath = getZkeyStorageFilePath(
-            prefix,
-            `${prefix}_${isFinalizing ? finalContributionIndex : lastZkeyIndex}.zkey`
-        )
+                    await sleep(1000) // wait 1s for file creation.
-        const verificationTaskTimer = new Timer({ label: `${ceremonyId}-${circuitId}-${participantDoc.id}` })
+                    // Download from bucket.
+                    // nb. the transcript MUST be uploaded from the VM by verification commands.
+                    await downloadArtifactFromS3Bucket(
+                        bucketName,
+                        verificationTranscriptStoragePathAndFilename,
+                        verificationTranscriptTemporaryLocalPath
+                    )
-        const completeVerification = async () => {
-            // Stop verification task timer.
-            printLog("Completing verification", LogLevel.DEBUG)
-            verificationTaskTimer.stop()
-            verifyCloudFunctionExecutionTime = verificationTaskTimer.ms()
+                    // Read the verification trascript and validate data by checking for core info ("ZKey Ok!").
+                    const content = fs.readFileSync(verificationTranscriptTemporaryLocalPath, "utf-8")
-            if (isUsingVM) {
-                // Create temporary path.
-                verificationTranscriptTemporaryLocalPath = createTemporaryLocalPath(
-                    `${circuitId}_${participantDoc.id}.log`
-                )
+                    if (content.includes("ZKey Ok!")) isContributionValid = true
-                await sleep(1000) // wait 1s for file creation.
+                    // If the contribution is valid, then format and store the trascript.
+                    if (isContributionValid) {
+                        // eslint-disable-next-line no-control-regex
+                        const updated = content.replace(/\x1b[[0-9;]*m/g, "")
-                // Download from bucket.
-                // nb. the transcript MUST be uploaded from the VM by verification commands.
-                await downloadArtifactFromS3Bucket(
-                    bucketName,
-                    verificationTranscriptStoragePathAndFilename,
-                    verificationTranscriptTemporaryLocalPath
-                )
+                        fs.writeFileSync(verificationTranscriptTemporaryLocalPath, updated)
+                    }
+                }
-                // Read the verification trascript and validate data by checking for core info ("ZKey Ok!").
-                const content = fs.readFileSync(verificationTranscriptTemporaryLocalPath, "utf-8")
+                printLog(`The contribution has been verified - Result ${isContributionValid}`, LogLevel.DEBUG)
-                if (content.includes("ZKey Ok!")) isContributionValid = true
+                // Create a new contribution document.
+                const contributionDoc = await firestore
+                    .collection(getContributionsCollectionPath(ceremonyId, circuitId))
+                    .doc()
+                    .get()
-                // If the contribution is valid, then format and store the trascript.
+                // Step (1.A.4).
                 if (isContributionValid) {
-                    // eslint-disable-next-line no-control-regex
-                    const updated = content.replace(/\x1b[[0-9;]*m/g, "")
-                    fs.writeFileSync(verificationTranscriptTemporaryLocalPath, updated)
-                }
-            }
-            printLog(`The contribution has been verified - Result ${isContributionValid}`, LogLevel.DEBUG)
-            // Create a new contribution document.
-            const contributionDoc = await firestore
-                .collection(getContributionsCollectionPath(ceremonyId, circuitId))
-                .doc()
-                .get()
+                    // Sleep ~3 seconds to wait for verification transcription.
+                    await sleep(3000)
+                    // Step (1.A.4.A.1).
+                    if (isUsingVM) {
+                        // Retrieve the contribution hash from the command output.
+                        lastZkeyBlake2bHash = await retrieveCommandOutput(ssm, vmInstanceId, commandId)
+                        const hashRegex = /[a-fA-F0-9]{64}/
+                        const match = lastZkeyBlake2bHash.match(hashRegex)!
+                        lastZkeyBlake2bHash = match.at(0)!
+                        // re upload the formatted verification transcript
+                        await uploadFileToBucket(
+                            bucketName,
+                            verificationTranscriptStoragePathAndFilename,
+                            verificationTranscriptTemporaryLocalPath,
+                            true
+                        )
+                    } else {
+                        // Upload verification transcript.
+                        /// nb. do not use multi-part upload here due to small file size.
+                        await uploadFileToBucket(
+                            bucketName,
+                            verificationTranscriptStoragePathAndFilename,
+                            verificationTranscriptTemporaryLocalPath,
+                            true
+                        )
+                    }
-            // Step (1.A.4).
-            if (isContributionValid) {
-                // Sleep ~3 seconds to wait for verification transcription.
-                await sleep(3000)
+                    // Compute verification transcript hash.
+                    transcriptBlake2bHash = await blake512FromPath(verificationTranscriptTemporaryLocalPath)
-                // Step (1.A.4.A.1).
-                if (isUsingVM) {
-                    // Retrieve the contribution hash from the command output.
-                    lastZkeyBlake2bHash = await retrieveCommandOutput(ssm, vmInstanceId, commandId)
+                    // Free resources by unlinking transcript temporary file.
+                    fs.unlinkSync(verificationTranscriptTemporaryLocalPath)
-                    const hashRegex = /[a-fA-F0-9]{64}/
-                    const match = lastZkeyBlake2bHash.match(hashRegex)!
+                    // Filter participant contributions to find the data related to the one verified.
+                    const participantContributions = contributions.filter(
+                        (contribution: Contribution) =>
+                            !!contribution.hash && !!contribution.computationTime && !contribution.doc
+                    )
-                    lastZkeyBlake2bHash = match.at(0)!
+                    /// @dev (there must be only one contribution with an empty 'doc' field).
+                    if (participantContributions.length !== 1)
+                        logAndThrowError(SPECIFIC_ERRORS.SE_VERIFICATION_NO_PARTICIPANT_CONTRIBUTION_DATA)
+                    // Get contribution computation time.
+                    contributionComputationTime = contributions.at(0).computationTime
+                    // Step (1.A.4.A.2).
+                    batch.create(contributionDoc.ref, {
+                        participantId: participantDoc.id,
+                        contributionComputationTime,
+                        verificationComputationTime: verifyCloudFunctionExecutionTime,
+                        zkeyIndex: isFinalizing ? finalContributionIndex : lastZkeyIndex,
+                        files: {
+                            transcriptFilename: verificationTranscriptCompleteFilename,
+                            lastZkeyFilename,
+                            transcriptStoragePath: verificationTranscriptStoragePathAndFilename,
+                            lastZkeyStoragePath,
+                            transcriptBlake2bHash,
+                            lastZkeyBlake2bHash
+                        },
+                        verificationSoftware: {
+                            name: String(process.env.CUSTOM_CONTRIBUTION_VERIFICATION_SOFTWARE_NAME),
+                            version: String(process.env.CUSTOM_CONTRIBUTION_VERIFICATION_SOFTWARE_VERSION),
+                            commitHash: String(process.env.CUSTOM_CONTRIBUTION_VERIFICATION_SOFTWARE_COMMIT_HASH)
+                        },
+                        valid: isContributionValid,
+                        lastUpdated: getCurrentServerTimestampInMillis()
+                    })
-                    // re upload the formatted verification transcript
-                    await uploadFileToBucket(
-                        bucketName,
-                        verificationTranscriptStoragePathAndFilename,
-                        verificationTranscriptTemporaryLocalPath,
-                        true
-                    )
+                    verifyContributionTimer.stop()
+                    verifyCloudFunctionTime = verifyContributionTimer.ms()
                 } else {
-                    // Upload verification transcript.
-                    /// nb. do not use multi-part upload here due to small file size.
-                    await uploadFileToBucket(
-                        bucketName,
-                        verificationTranscriptStoragePathAndFilename,
-                        verificationTranscriptTemporaryLocalPath,
-                        true
-                    )
+                    // Step (1.A.4.B).
+                    // Free-up storage by deleting invalid contribution.
+                    await deleteObject(bucketName, lastZkeyStoragePath)
+                    // Step (1.A.4.B.1).
+                    batch.create(contributionDoc.ref, {
+                        participantId: participantDoc.id,
+                        verificationComputationTime: verifyCloudFunctionExecutionTime,
+                        zkeyIndex: isFinalizing ? finalContributionIndex : lastZkeyIndex,
+                        verificationSoftware: {
+                            name: String(process.env.CUSTOM_CONTRIBUTION_VERIFICATION_SOFTWARE_NAME),
+                            version: String(process.env.CUSTOM_CONTRIBUTION_VERIFICATION_SOFTWARE_VERSION),
+                            commitHash: String(process.env.CUSTOM_CONTRIBUTION_VERIFICATION_SOFTWARE_COMMIT_HASH)
+                        },
+                        valid: isContributionValid,
+                        lastUpdated: getCurrentServerTimestampInMillis()
+                    })
                 }
-                // Compute verification transcript hash.
-                transcriptBlake2bHash = await blake512FromPath(verificationTranscriptTemporaryLocalPath)
+                // Stop VM instance
+                if (isUsingVM) {
+                    // using try and catch as the VM stopping function can throw
+                    // however we want to continue without stopping as the
+                    // verification was valid, and inform the coordinator
+                    try {
+                        await stopEC2Instance(ec2, vmInstanceId)
+                    } catch (error: any) {
+                        printLog(`Error while stopping VM instance ${vmInstanceId} - Error ${error}`, LogLevel.WARN)
+                    }
+                }
+                // Step (1.A.4.C)
+                if (!isFinalizing) {
+                    // Step (1.A.4.C.1)
+                    // Compute new average contribution/verification time.
+                    fullContributionTime = Number(verificationStartedAt) - Number(contributionStartedAt)
+                    const newAvgContributionComputationTime =
+                        avgContributionComputationTime > 0
+                            ? (avgContributionComputationTime + contributionComputationTime) / 2
+                            : contributionComputationTime
+                    const newAvgFullContributionTime =
+                        avgFullContributionTime > 0
+                            ? (avgFullContributionTime + fullContributionTime) / 2
+                            : fullContributionTime
+                    const newAvgVerifyCloudFunctionTime =
+                        avgVerifyCloudFunctionTime > 0
+                            ? (avgVerifyCloudFunctionTime + verifyCloudFunctionTime) / 2
+                            : verifyCloudFunctionTime
+                    // Prepare tx to update circuit average contribution/verification time.
+                    const updatedCircuitDoc = await getDocumentById(getCircuitsCollectionPath(ceremonyId), circuitId)
+                    const { waitingQueue: updatedWaitingQueue } = updatedCircuitDoc.data()!
+                    /// @dev this must happen only for valid contributions.
+                    batch.update(circuitDoc.ref, {
+                        avgTimings: {
+                            contributionComputation: isContributionValid
+                                ? newAvgContributionComputationTime
+                                : avgContributionComputationTime,
+                            fullContribution: isContributionValid
+                                ? newAvgFullContributionTime
+                                : avgFullContributionTime,
+                            verifyCloudFunction: isContributionValid
+                                ? newAvgVerifyCloudFunctionTime
+                                : avgVerifyCloudFunctionTime
+                        },
+                        waitingQueue: {
+                            ...updatedWaitingQueue,
+                            completedContributions: isContributionValid
+                                ? completedContributions + 1
+                                : completedContributions,
+                            failedContributions: isContributionValid ? failedContributions : failedContributions + 1
+                        },
+                        lastUpdated: getCurrentServerTimestampInMillis()
+                    })
+                }
-                // Free resources by unlinking transcript temporary file.
-                fs.unlinkSync(verificationTranscriptTemporaryLocalPath)
+                // Step (2).
+                await batch.commit()
-                // Filter participant contributions to find the data related to the one verified.
-                const participantContributions = contributions.filter(
-                    (contribution: Contribution) =>
-                        !!contribution.hash && !!contribution.computationTime && !contribution.doc
+                printLog(
+                    `The contribution #${
+                        isFinalizing ? finalContributionIndex : lastZkeyIndex
+                    } of circuit ${circuitId} (ceremony ${ceremonyId}) has been verified as ${
+                        isContributionValid ? "valid" : "invalid"
+                    } for the participant ${participantDoc.id}`,
+                    LogLevel.INFO
                 )
-                /// @dev (there must be only one contribution with an empty 'doc' field).
-                if (participantContributions.length !== 1)
-                    logAndThrowError(SPECIFIC_ERRORS.SE_VERIFICATION_NO_PARTICIPANT_CONTRIBUTION_DATA)
-                // Get contribution computation time.
-                contributionComputationTime = contributions.at(0).computationTime
-                // Step (1.A.4.A.2).
-                batch.create(contributionDoc.ref, {
-                    participantId: participantDoc.id,
-                    contributionComputationTime,
-                    verificationComputationTime: verifyCloudFunctionExecutionTime,
-                    zkeyIndex: isFinalizing ? finalContributionIndex : lastZkeyIndex,
-                    files: {
-                        transcriptFilename: verificationTranscriptCompleteFilename,
-                        lastZkeyFilename,
-                        transcriptStoragePath: verificationTranscriptStoragePathAndFilename,
-                        lastZkeyStoragePath,
-                        transcriptBlake2bHash,
-                        lastZkeyBlake2bHash
-                    },
-                    verificationSoftware: {
-                        name: String(process.env.CUSTOM_CONTRIBUTION_VERIFICATION_SOFTWARE_NAME),
-                        version: String(process.env.CUSTOM_CONTRIBUTION_VERIFICATION_SOFTWARE_VERSION),
-                        commitHash: String(process.env.CUSTOM_CONTRIBUTION_VERIFICATION_SOFTWARE_COMMIT_HASH)
-                    },
-                    valid: isContributionValid,
-                    lastUpdated: getCurrentServerTimestampInMillis()
-                })
-                verifyContributionTimer.stop()
-                verifyCloudFunctionTime = verifyContributionTimer.ms()
-            } else {
-                // Step (1.A.4.B).
-                // Free-up storage by deleting invalid contribution.
-                await deleteObject(bucketName, lastZkeyStoragePath)
-                // Step (1.A.4.B.1).
-                batch.create(contributionDoc.ref, {
-                    participantId: participantDoc.id,
-                    verificationComputationTime: verifyCloudFunctionExecutionTime,
-                    zkeyIndex: isFinalizing ? finalContributionIndex : lastZkeyIndex,
-                    verificationSoftware: {
-                        name: String(process.env.CUSTOM_CONTRIBUTION_VERIFICATION_SOFTWARE_NAME),
-                        version: String(process.env.CUSTOM_CONTRIBUTION_VERIFICATION_SOFTWARE_VERSION),
-                        commitHash: String(process.env.CUSTOM_CONTRIBUTION_VERIFICATION_SOFTWARE_COMMIT_HASH)
-                    },
-                    valid: isContributionValid,
-                    lastUpdated: getCurrentServerTimestampInMillis()
-                })
             }
-            // Stop VM instance
-            if (isUsingVM) {
-                // using try and catch as the VM stopping function can throw
-                // however we want to continue without stopping as the
-                // verification was valid, and inform the coordinator
-                try {
-                    await stopEC2Instance(ec2, vmInstanceId)
-                } catch (error: any) {
-                    printLog(`Error while stopping VM instance ${vmInstanceId} - Error ${error}`, LogLevel.WARN)
-                }
-            }
-            // Step (1.A.4.C)
-            if (!isFinalizing) {
-                // Step (1.A.4.C.1)
-                // Compute new average contribution/verification time.
-                fullContributionTime = Number(verificationStartedAt) - Number(contributionStartedAt)
-                const newAvgContributionComputationTime =
-                    avgContributionComputationTime > 0
-                        ? (avgContributionComputationTime + contributionComputationTime) / 2
-                        : contributionComputationTime
-                const newAvgFullContributionTime =
-                    avgFullContributionTime > 0
-                        ? (avgFullContributionTime + fullContributionTime) / 2
-                        : fullContributionTime
-                const newAvgVerifyCloudFunctionTime =
-                    avgVerifyCloudFunctionTime > 0
-                        ? (avgVerifyCloudFunctionTime + verifyCloudFunctionTime) / 2
-                        : verifyCloudFunctionTime
-                // Prepare tx to update circuit average contribution/verification time.
-                const updatedCircuitDoc = await getDocumentById(getCircuitsCollectionPath(ceremonyId), circuitId)
-                const { waitingQueue: updatedWaitingQueue } = updatedCircuitDoc.data()!
-                /// @dev this must happen only for valid contributions.
-                batch.update(circuitDoc.ref, {
-                    avgTimings: {
-                        contributionComputation: isContributionValid
-                            ? newAvgContributionComputationTime
-                            : avgContributionComputationTime,
-                        fullContribution: isContributionValid ? newAvgFullContributionTime : avgFullContributionTime,
-                        verifyCloudFunction: isContributionValid
-                            ? newAvgVerifyCloudFunctionTime
-                            : avgVerifyCloudFunctionTime
-                    },
-                    waitingQueue: {
-                        ...updatedWaitingQueue,
-                        completedContributions: isContributionValid
-                            ? completedContributions + 1
-                            : completedContributions,
-                        failedContributions: isContributionValid ? failedContributions : failedContributions + 1
-                    },
-                    lastUpdated: getCurrentServerTimestampInMillis()
-                })
-            }
+            // Step (1).
+            if (isContributing || isFinalizing) {
+                // Prepare timer.
+                verificationTaskTimer.start()
-            // Step (2).
-            await batch.commit()
+                // Step (1.A.3.0).
+                if (isUsingVM) {
+                    printLog(`Starting the VM mechanism`, LogLevel.DEBUG)
-            printLog(
-                `The contribution #${
-                    isFinalizing ? finalContributionIndex : lastZkeyIndex
-                } of circuit ${circuitId} (ceremony ${ceremonyId}) has been verified as ${
-                    isContributionValid ? "valid" : "invalid"
-                } for the participant ${participantDoc.id}`,
-                LogLevel.DEBUG
-            )
-        }
+                    // Prepare for VM execution.
+                    let isVMRunning = false // true when the VM is up, otherwise false.
-        // Step (1).
-        if (isContributing || isFinalizing) {
-            // Prepare timer.
-            verificationTaskTimer.start()
+                    // Step (1.A.3.1).
+                    await startEC2Instance(ec2, vmInstanceId)
-            // Step (1.A.3.0).
-            if (isUsingVM) {
-                printLog(`Starting the VM mechanism`, LogLevel.DEBUG)
+                    await sleep(60000) // nb. wait for VM startup (1 mins + retry).
-                // Prepare for VM execution.
-                let isVMRunning = false // true when the VM is up, otherwise false.
+                    // Check if the startup is running.
+                    isVMRunning = await checkIfVMRunning(ec2, vmInstanceId)
-                // Step (1.A.3.1).
-                await startEC2Instance(ec2, vmInstanceId)
+                    printLog(`VM running: ${isVMRunning}`, LogLevel.DEBUG)
-                await sleep(60000) // nb. wait for VM startup (1 mins + retry).
+                    // Step (1.A.3.2).
+                    // Prepare.
+                    const verificationCommand = vmContributionVerificationCommand(
+                        bucketName,
+                        lastZkeyStoragePath,
+                        verificationTranscriptStoragePathAndFilename
+                    )
-                // Check if the startup is running.
-                isVMRunning = await checkIfVMRunning(ec2, vmInstanceId)
+                    // Run.
+                    commandId = await runCommandUsingSSM(ssm, vmInstanceId, verificationCommand)
-                printLog(`VM running: ${isVMRunning}`, LogLevel.DEBUG)
+                    printLog(`Starting the execution of command ${commandId}`, LogLevel.DEBUG)
-                // Step (1.A.3.2).
-                // Prepare.
-                const verificationCommand = vmContributionVerificationCommand(
-                    bucketName,
-                    lastZkeyStoragePath,
-                    verificationTranscriptStoragePathAndFilename
-                )
+                    // Step (1.A.3.3).
+                    return await waitForVMCommandExecution(ssm, vmInstanceId, commandId)
+                        .then(async () => {
+                            // Command execution successfully completed.
+                            printLog(`Command ${commandId} execution has been successfully completed`, LogLevel.DEBUG)
+                            await completeVerification()
+                        })
+                        .catch((error: any) => {
+                            // Command execution aborted.
+                            printLog(`Command ${commandId} execution has been aborted - Error ${error}`, LogLevel.WARN)
-                // Run.
-                commandId = await runCommandUsingSSM(ssm, vmInstanceId, verificationCommand)
+                            logAndThrowError(COMMON_ERRORS.CM_INVALID_COMMAND_EXECUTION)
+                        })
+                }
-                printLog(`Starting the execution of command ${commandId}`, LogLevel.DEBUG)
+                // CF approach.
+                printLog(`CF mechanism`, LogLevel.DEBUG)
-                // Step (1.A.3.3).
-                return waitForVMCommandExecution(ssm, vmInstanceId, commandId)
-                    .then(async () => {
-                        // Command execution successfully completed.
-                        printLog(`Command ${commandId} execution has been successfully completed`, LogLevel.DEBUG)
-                        await completeVerification()
-                    })
-                    .catch((error: any) => {
-                        // Command execution aborted.
-                        printLog(`Command ${commandId} execution has been aborted - Error ${error}`, LogLevel.DEBUG)
+                const potStoragePath = getPotStorageFilePath(files.potFilename)
+                const firstZkeyStoragePath = getZkeyStorageFilePath(prefix, `${prefix}_${genesisZkeyIndex}.zkey`)
+                printLog(`pot file: ${potStoragePath}`, LogLevel.DEBUG)
+                printLog(`zkey file: ${firstZkeyStoragePath}`, LogLevel.DEBUG)
+                // Prepare temporary file paths.
+                // (nb. these are needed to download the necessary artifacts for verification from AWS S3).
+                verificationTranscriptTemporaryLocalPath = createTemporaryLocalPath(
+                    verificationTranscriptCompleteFilename
+                )
+                const potTempFilePath = createTemporaryLocalPath(`${circuitId}_${participantDoc.id}.pot`)
+                const firstZkeyTempFilePath = createTemporaryLocalPath(`${circuitId}_${participantDoc.id}_genesis.zkey`)
+                const lastZkeyTempFilePath = createTemporaryLocalPath(`${circuitId}_${participantDoc.id}_last.zkey`)
+                printLog(`pot file: ${potTempFilePath}`, LogLevel.DEBUG)
+                printLog(`firstZkey file: ${firstZkeyTempFilePath}`, LogLevel.DEBUG)
+                printLog(`last zkey file: ${lastZkeyTempFilePath}`, LogLevel.DEBUG)
+                // Create and populate transcript.
+                const transcriptLogger = createCustomLoggerForFile(verificationTranscriptTemporaryLocalPath)
+                transcriptLogger.info(
+                    `${
+                        isFinalizing ? `Final verification` : `Verification`
+                    } transcript for ${prefix} circuit Phase 2 contribution.\n${
+                        isFinalizing ? `Coordinator ` : `Contributor # ${Number(lastZkeyIndex)}`
+                    } (${contributorOrCoordinatorIdentifier})\n`
+                )
-                        logAndThrowError(COMMON_ERRORS.CM_INVALID_COMMAND_EXECUTION)
-                    })
-            }
+                // Step (1.A.2).
+                await downloadArtifactFromS3Bucket(bucketName, potStoragePath, potTempFilePath)
+                await downloadArtifactFromS3Bucket(bucketName, firstZkeyStoragePath, firstZkeyTempFilePath)
+                await downloadArtifactFromS3Bucket(bucketName, lastZkeyStoragePath, lastZkeyTempFilePath)
+                // Step (1.A.4).
+                isContributionValid = await zKey.verifyFromInit(
+                    firstZkeyTempFilePath,
+                    potTempFilePath,
+                    lastZkeyTempFilePath,
+                    transcriptLogger
+                )
-            // CF approach.
-            printLog(`CF mechanism`, LogLevel.DEBUG)
-            const potStoragePath = getPotStorageFilePath(files.potFilename)
-            const firstZkeyStoragePath = getZkeyStorageFilePath(prefix, `${prefix}_${genesisZkeyIndex}.zkey`)
-            // Prepare temporary file paths.
-            // (nb. these are needed to download the necessary artifacts for verification from AWS S3).
-            verificationTranscriptTemporaryLocalPath = createTemporaryLocalPath(verificationTranscriptCompleteFilename)
-            const potTempFilePath = createTemporaryLocalPath(`${circuitId}_${participantDoc.id}.pot`)
-            const firstZkeyTempFilePath = createTemporaryLocalPath(`${circuitId}_${participantDoc.id}_genesis.zkey`)
-            const lastZkeyTempFilePath = createTemporaryLocalPath(`${circuitId}_${participantDoc.id}_last.zkey`)
-            // Create and populate transcript.
-            const transcriptLogger = createCustomLoggerForFile(verificationTranscriptTemporaryLocalPath)
-            transcriptLogger.info(
-                `${
-                    isFinalizing ? `Final verification` : `Verification`
-                } transcript for ${prefix} circuit Phase 2 contribution.\n${
-                    isFinalizing ? `Coordinator ` : `Contributor # ${Number(lastZkeyIndex)}`
-                } (${contributorOrCoordinatorIdentifier})\n`
-            )
+                await dumpLog(verificationTranscriptTemporaryLocalPath)
-            // Step (1.A.2).
-            await downloadArtifactFromS3Bucket(bucketName, potStoragePath, potTempFilePath)
-            await downloadArtifactFromS3Bucket(bucketName, firstZkeyStoragePath, firstZkeyTempFilePath)
-            await downloadArtifactFromS3Bucket(bucketName, lastZkeyStoragePath, lastZkeyTempFilePath)
-            // Step (1.A.4).
-            isContributionValid = await zKey.verifyFromInit(
-                firstZkeyTempFilePath,
-                potTempFilePath,
-                lastZkeyTempFilePath,
-                transcriptLogger
-            )
+                // Compute contribution hash.
+                lastZkeyBlake2bHash = await blake512FromPath(lastZkeyTempFilePath)
-            // Compute contribution hash.
-            lastZkeyBlake2bHash = await blake512FromPath(lastZkeyTempFilePath)
+                // Free resources by unlinking temporary folders.
+                // Do not free-up verification transcript path here.
+                try {
+                    fs.unlinkSync(potTempFilePath)
+                    fs.unlinkSync(firstZkeyTempFilePath)
+                    fs.unlinkSync(lastZkeyTempFilePath)
+                } catch (error: any) {
+                    printLog(`Error while unlinking temporary files - Error ${error}`, LogLevel.WARN)
+                }
-            // Free resources by unlinking temporary folders.
-            // Do not free-up verification transcript path here.
-            try {
-                fs.unlinkSync(potTempFilePath)
-                fs.unlinkSync(firstZkeyTempFilePath)
-                fs.unlinkSync(lastZkeyTempFilePath)
-            } catch (error: any) {
-                printLog(`Error while unlinking temporary files - Error ${error}`, LogLevel.WARN)
+                await completeVerification()
             }
-            await completeVerification()
+            return null
+        } catch (error: any) {
+            logAndThrowError(makeError("unknown", error))
+            return null
         }
     }
 )
@@ -884,7 +914,7 @@ export const verifycontribution = functionsV2.https.onCall(
 export const refreshParticipantAfterContributionVerification = functionsV1
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB"
     })
     .firestore.document(
         `/${commonTerms.collections.ceremonies.name}/{ceremony}/${commonTerms.collections.circuits.name}/{circuit}/${commonTerms.collections.contributions.name}/{contributions}`
@@ -954,8 +984,8 @@ export const refreshParticipantAfterContributionVerification = functionsV1
         await batch.commit()
         printLog(
-            `Participant ${participantId} refreshed after contribution ${createdContribution.id} - The participant was finalizing the ceremony ${isFinalizing}`,
-            LogLevel.DEBUG
+            `Participant ${participantId} refreshed after contribution ${createdContribution.id} - The participant was finalizing the ceremony? ${isFinalizing}`,
+            LogLevel.INFO
         )
     })
@@ -967,7 +997,7 @@ export const refreshParticipantAfterContributionVerification = functionsV1
 export const finalizeCircuit = functionsV1
     .region("europe-west1")
     .runWith({
-        memory: "512MB"
+        memory: "1GB"
     })
     .https.onCall(async (data: FinalizeCircuitData, context: functionsV1.https.CallableContext) => {
         if (!context.auth || !context.auth.token.coordinator) logAndThrowError(COMMON_ERRORS.CM_NOT_COORDINATOR_ROLE)