@devtion/backend 0.0.0-c749be4 → 0.0.0-e22d20d

package/dist/src/functions/index.js

@@ -1,6 +1,6 @@
 /**
  * @module @p0tion/backend
- * @version 1.1.0
+ * @version 1.2.4
  * @file MPC Phase 2 backend for Firebase services management
  * @copyright Ethereum Foundation 2022
  * @license MIT
@@ -27,10 +27,13 @@ var path = require('path');
 var os = require('os');
 var clientSsm = require('@aws-sdk/client-ssm');
 var clientEc2 = require('@aws-sdk/client-ec2');
+var ethers = require('ethers');
 var functionsV1 = require('firebase-functions/v1');
 var functionsV2 = require('firebase-functions/v2');
 var timerNode = require('timer-node');
 var snarkjs = require('snarkjs');
+var apiSdk = require('@bandada/api-sdk');
+var auth = require('firebase-admin/auth');
 
 function _interopNamespaceDefault(e) {
     var n = Object.create(null);
@@ -72,7 +75,7 @@ var LogLevel;
  * @notice the set of Firebase Functions status codes. The codes are the same at the
  * ones exposed by {@link https://github.com/grpc/grpc/blob/master/doc/statuscodes.md | gRPC}.
  * @param errorCode <FunctionsErrorCode> - the set of possible error codes.
- * @param message <string> - the error messge.
+ * @param message <string> - the error message.
  * @param [details] <string> - the details of the error (optional).
  * @returns <HttpsError>
  */
@@ -164,6 +167,8 @@ const COMMON_ERRORS = {
     CM_INVALID_COMMAND_EXECUTION: makeError("unknown", "There was an error while executing the command on the VM", "Please, contact the coordinator if the error persists.")
 };
 
+dotenv.config();
+let provider;
 /**
  * Return a configured and connected instance of the AWS S3 client.
  * @dev this method check and utilize the environment variables to configure the connection
@@ -186,6 +191,36 @@ const getS3Client = async () => {
         region: process.env.AWS_REGION
     });
 };
+/**
+ * Returns a Prvider, connected via a configured JSON URL or else
+ * the ethers.js default provider, using configured API keys.
+ * @returns <ethers.providers.Provider> An Eth node provider
+ */
+const setEthProvider = () => {
+    if (provider)
+        return provider;
+    console.log(`setting new provider`);
+    // Use JSON URL if defined
+    // if ((hardhat as any).ethers) {
+    //     console.log(`using hardhat.ethers provider`)
+    //     provider = (hardhat as any).ethers.provider
+    // } else
+    if (process.env.ETH_PROVIDER_JSON_URL) {
+        console.log(`JSON URL provider at ${process.env.ETH_PROVIDER_JSON_URL}`);
+        provider = new ethers.providers.JsonRpcProvider({
+            url: process.env.ETH_PROVIDER_JSON_URL,
+            skipFetchSetup: true
+        });
+    }
+    else {
+        // Otherwise, connect the default provider with ALchemy, Infura, or both
+        provider = ethers.providers.getDefaultProvider("homestead", {
+            alchemy: process.env.ETH_PROVIDER_ALCHEMY_API_KEY,
+            infura: process.env.ETH_PROVIDER_INFURA_API_KEY
+        });
+    }
+    return provider;
+};
 
 dotenv.config();
 /**
@@ -524,7 +559,7 @@ dotenv.config();
 const registerAuthUser = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .auth.user()
     .onCreate(async (user) => {
@@ -556,7 +591,7 @@ const registerAuthUser = functions__namespace
         email === process.env.CUSTOM_CLAIMS_COORDINATOR_EMAIL_ADDRESS_OR_DOMAIN)) {
         const auth = admin.auth();
         // if provider == github.com let's use our functions to check the user's reputation
-        if (user.providerData[0].providerId === "github.com") {
+        if (user.providerData.length > 0 && user.providerData[0].providerId === "github.com") {
             const vars = getGitHubVariables();
             // this return true or false
             try {
@@ -588,7 +623,7 @@ const registerAuthUser = functions__namespace
         encodedDisplayName,
         // Metadata.
         creationTime,
-        lastSignInTime,
+        lastSignInTime: lastSignInTime || creationTime,
         // Optional.
         email: email || "",
         emailVerified: emailVerified || false,
@@ -611,7 +646,7 @@ const registerAuthUser = functions__namespace
 const processSignUpWithCustomClaims = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .auth.user()
     .onCreate(async (user) => {
@@ -652,7 +687,7 @@ dotenv.config();
 const startCeremony = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .pubsub.schedule(`every 30 minutes`)
     .onRun(async () => {
@@ -674,7 +709,7 @@ const startCeremony = functions__namespace
 const stopCeremony = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .pubsub.schedule(`every 30 minutes`)
     .onRun(async () => {
@@ -696,7 +731,7 @@ const stopCeremony = functions__namespace
 const setupCeremony = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     // Check if the user has the coordinator claim.
@@ -821,7 +856,7 @@ const initEmptyWaitingQueueForCircuit = functions__namespace
 const finalizeCeremony = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || !context.auth.token.coordinator)
@@ -842,7 +877,7 @@ const finalizeCeremony = functions__namespace
     // Get ceremony circuits.
     const circuits = await getCeremonyCircuits(ceremonyId);
     // Get final contribution for each circuit.
-    // nb. the `getFinalContributionDocument` checks the existance of the final contribution document (if not present, throws).
+    // nb. the `getFinalContributionDocument` checks the existence of the final contribution document (if not present, throws).
     // Therefore, we just need to call the method without taking any data to verify the pre-condition of having already computed
     // the final contributions for each ceremony circuit.
     for await (const circuit of circuits)
@@ -897,7 +932,7 @@ dotenv.config();
 const checkParticipantForCeremony = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -1001,7 +1036,7 @@ const checkParticipantForCeremony = functions__namespace
 const progressToNextCircuitForContribution = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -1048,7 +1083,7 @@ const progressToNextCircuitForContribution = functions__namespace
 const progressToNextContributionStep = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -1099,7 +1134,7 @@ const progressToNextContributionStep = functions__namespace
 const permanentlyStoreCurrentContributionTimeAndHash = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -1141,7 +1176,7 @@ const permanentlyStoreCurrentContributionTimeAndHash = functions__namespace
 const temporaryStoreCurrentContributionMultiPartUploadId = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -1179,7 +1214,7 @@ const temporaryStoreCurrentContributionMultiPartUploadId = functions__namespace
 const temporaryStoreCurrentContributionUploadedChunkData = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -1221,7 +1256,7 @@ const temporaryStoreCurrentContributionUploadedChunkData = functions__namespace
 const checkAndPrepareCoordinatorForFinalization = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || !context.auth.token.coordinator)
@@ -1461,7 +1496,7 @@ const waitForVMCommandExecution = (ssm, vmInstanceId, commandId) => new Promise(
 const coordinateCeremonyParticipant = functionsV1__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .firestore.document(`${actions.commonTerms.collections.ceremonies.name}/{ceremonyId}/${actions.commonTerms.collections.participants.name}/{participantId}`)
     .onUpdate(async (participantChanges) => {
@@ -1561,296 +1596,301 @@ const checkIfVMRunning = async (ec2, vmInstanceId, attempts = 5) => {
  * 2) Send all updates atomically to the Firestore database.
  */
 const verifycontribution = functionsV2__namespace.https.onCall({ memory: "16GiB", timeoutSeconds: 3600, region: "europe-west1" }, async (request) => {
-    if (!request.auth || (!request.auth.token.participant && !request.auth.token.coordinator))
-        logAndThrowError(SPECIFIC_ERRORS.SE_AUTH_NO_CURRENT_AUTH_USER);
-    if (!request.data.ceremonyId ||
-        !request.data.circuitId ||
-        !request.data.contributorOrCoordinatorIdentifier ||
-        !request.data.bucketName)
-        logAndThrowError(COMMON_ERRORS.CM_MISSING_OR_WRONG_INPUT_DATA);
-    if (!process.env.CUSTOM_CONTRIBUTION_VERIFICATION_SOFTWARE_NAME ||
-        !process.env.CUSTOM_CONTRIBUTION_VERIFICATION_SOFTWARE_VERSION ||
-        !process.env.CUSTOM_CONTRIBUTION_VERIFICATION_SOFTWARE_COMMIT_HASH)
-        logAndThrowError(COMMON_ERRORS.CM_WRONG_CONFIGURATION);
-    // Step (0).
-    // Prepare and start timer.
-    const verifyContributionTimer = new timerNode.Timer({ label: actions.commonTerms.cloudFunctionsNames.verifyContribution });
-    verifyContributionTimer.start();
-    // Get DB.
-    const firestore = admin.firestore();
-    // Prepare batch of txs.
-    const batch = firestore.batch();
-    // Extract data.
-    const { ceremonyId, circuitId, contributorOrCoordinatorIdentifier, bucketName } = request.data;
-    const userId = request.auth?.uid;
-    // Look for the ceremony, circuit and participant document.
-    const ceremonyDoc = await getDocumentById(actions.commonTerms.collections.ceremonies.name, ceremonyId);
-    const circuitDoc = await getDocumentById(actions.getCircuitsCollectionPath(ceremonyId), circuitId);
-    const participantDoc = await getDocumentById(actions.getParticipantsCollectionPath(ceremonyId), userId);
-    if (!ceremonyDoc.data() || !circuitDoc.data() || !participantDoc.data())
-        logAndThrowError(COMMON_ERRORS.CM_INEXISTENT_DOCUMENT_DATA);
-    // Extract documents data.
-    const { state } = ceremonyDoc.data();
-    const { status, contributions, verificationStartedAt, contributionStartedAt } = participantDoc.data();
-    const { waitingQueue, prefix, avgTimings, verification, files } = circuitDoc.data();
-    const { completedContributions, failedContributions } = waitingQueue;
-    const { contributionComputation: avgContributionComputationTime, fullContribution: avgFullContributionTime, verifyCloudFunction: avgVerifyCloudFunctionTime } = avgTimings;
-    const { cfOrVm, vm } = verification;
-    // we might not have it if the circuit is not using VM.
-    let vmInstanceId = "";
-    if (vm)
-        vmInstanceId = vm.vmInstanceId;
-    // Define pre-conditions.
-    const isFinalizing = state === "CLOSED" /* CeremonyState.CLOSED */ && request.auth && request.auth.token.coordinator; // true only when the coordinator verifies the final contributions.
-    const isContributing = status === "CONTRIBUTING" /* ParticipantStatus.CONTRIBUTING */;
-    const isUsingVM = cfOrVm === "VM" /* CircuitContributionVerificationMechanism.VM */ && !!vmInstanceId;
-    // Prepare state.
-    let isContributionValid = false;
-    let verifyCloudFunctionExecutionTime = 0; // time spent while executing the verify contribution cloud function.
-    let verifyCloudFunctionTime = 0; // time spent while executing the core business logic of this cloud function.
-    let fullContributionTime = 0; // time spent while doing non-verification contributions tasks (download, compute, upload).
-    let contributionComputationTime = 0; // time spent while computing the contribution.
-    let lastZkeyBlake2bHash = ""; // the Blake2B hash of the last zKey.
-    let verificationTranscriptTemporaryLocalPath = ""; // the local temporary path for the verification transcript.
-    let transcriptBlake2bHash = ""; // the Blake2B hash of the verification transcript.
-    let commandId = ""; // the unique identifier of the VM command.
-    // Derive necessary data.
-    const lastZkeyIndex = actions.formatZkeyIndex(completedContributions + 1);
-    const verificationTranscriptCompleteFilename = `${prefix}_${isFinalizing
-        ? `${contributorOrCoordinatorIdentifier}_${actions.finalContributionIndex}_verification_transcript.log`
-        : `${lastZkeyIndex}_${contributorOrCoordinatorIdentifier}_verification_transcript.log`}`;
-    const lastZkeyFilename = `${prefix}_${isFinalizing ? actions.finalContributionIndex : lastZkeyIndex}.zkey`;
-    // Prepare state for VM verification (if needed).
-    const ec2 = await createEC2Client();
-    const ssm = await createSSMClient();
-    // Step (1.A.1).
-    // Get storage paths.
-    const verificationTranscriptStoragePathAndFilename = actions.getTranscriptStorageFilePath(prefix, verificationTranscriptCompleteFilename);
-    // the zKey storage path is required to be sent to the VM api
-    const lastZkeyStoragePath = actions.getZkeyStorageFilePath(prefix, `${prefix}_${isFinalizing ? actions.finalContributionIndex : lastZkeyIndex}.zkey`);
-    const verificationTaskTimer = new timerNode.Timer({ label: `${ceremonyId}-${circuitId}-${participantDoc.id}` });
-    const completeVerification = async () => {
-        // Stop verification task timer.
-        printLog("Completing verification", LogLevel.DEBUG);
-        verificationTaskTimer.stop();
-        verifyCloudFunctionExecutionTime = verificationTaskTimer.ms();
-        if (isUsingVM) {
-            // Create temporary path.
-            verificationTranscriptTemporaryLocalPath = createTemporaryLocalPath(`${circuitId}_${participantDoc.id}.log`);
-            await sleep(1000); // wait 1s for file creation.
-            // Download from bucket.
-            // nb. the transcript MUST be uploaded from the VM by verification commands.
-            await downloadArtifactFromS3Bucket(bucketName, verificationTranscriptStoragePathAndFilename, verificationTranscriptTemporaryLocalPath);
-            // Read the verification trascript and validate data by checking for core info ("ZKey Ok!").
-            const content = fs.readFileSync(verificationTranscriptTemporaryLocalPath, "utf-8");
-            if (content.includes("ZKey Ok!"))
-                isContributionValid = true;
-            // If the contribution is valid, then format and store the trascript.
+    try {
+        if (!request.auth || (!request.auth.token.participant && !request.auth.token.coordinator))
+            logAndThrowError(SPECIFIC_ERRORS.SE_AUTH_NO_CURRENT_AUTH_USER);
+        if (!request.data.ceremonyId ||
+            !request.data.circuitId ||
+            !request.data.contributorOrCoordinatorIdentifier ||
+            !request.data.bucketName)
+            logAndThrowError(COMMON_ERRORS.CM_MISSING_OR_WRONG_INPUT_DATA);
+        if (!process.env.CUSTOM_CONTRIBUTION_VERIFICATION_SOFTWARE_NAME ||
+            !process.env.CUSTOM_CONTRIBUTION_VERIFICATION_SOFTWARE_VERSION ||
+            !process.env.CUSTOM_CONTRIBUTION_VERIFICATION_SOFTWARE_COMMIT_HASH)
+            logAndThrowError(COMMON_ERRORS.CM_WRONG_CONFIGURATION);
+        // Step (0).
+        // Prepare and start timer.
+        const verifyContributionTimer = new timerNode.Timer({ label: actions.commonTerms.cloudFunctionsNames.verifyContribution });
+        verifyContributionTimer.start();
+        // Get DB.
+        const firestore = admin.firestore();
+        // Prepare batch of txs.
+        const batch = firestore.batch();
+        // Extract data.
+        const { ceremonyId, circuitId, contributorOrCoordinatorIdentifier, bucketName } = request.data;
+        const userId = request.auth?.uid;
+        // Look for the ceremony, circuit and participant document.
+        const ceremonyDoc = await getDocumentById(actions.commonTerms.collections.ceremonies.name, ceremonyId);
+        const circuitDoc = await getDocumentById(actions.getCircuitsCollectionPath(ceremonyId), circuitId);
+        const participantDoc = await getDocumentById(actions.getParticipantsCollectionPath(ceremonyId), userId);
+        if (!ceremonyDoc.data() || !circuitDoc.data() || !participantDoc.data())
+            logAndThrowError(COMMON_ERRORS.CM_INEXISTENT_DOCUMENT_DATA);
+        // Extract documents data.
+        const { state } = ceremonyDoc.data();
+        const { status, contributions, verificationStartedAt, contributionStartedAt } = participantDoc.data();
+        const { waitingQueue, prefix, avgTimings, verification, files } = circuitDoc.data();
+        const { completedContributions, failedContributions } = waitingQueue;
+        const { contributionComputation: avgContributionComputationTime, fullContribution: avgFullContributionTime, verifyCloudFunction: avgVerifyCloudFunctionTime } = avgTimings;
+        const { cfOrVm, vm } = verification;
+        // we might not have it if the circuit is not using VM.
+        let vmInstanceId = "";
+        if (vm)
+            vmInstanceId = vm.vmInstanceId;
+        // Define pre-conditions.
+        const isFinalizing = state === "CLOSED" /* CeremonyState.CLOSED */ && request.auth && request.auth.token.coordinator; // true only when the coordinator verifies the final contributions.
+        const isContributing = status === "CONTRIBUTING" /* ParticipantStatus.CONTRIBUTING */;
+        const isUsingVM = cfOrVm === "VM" /* CircuitContributionVerificationMechanism.VM */ && !!vmInstanceId;
+        // Prepare state.
+        let isContributionValid = false;
+        let verifyCloudFunctionExecutionTime = 0; // time spent while executing the verify contribution cloud function.
+        let verifyCloudFunctionTime = 0; // time spent while executing the core business logic of this cloud function.
+        let fullContributionTime = 0; // time spent while doing non-verification contributions tasks (download, compute, upload).
+        let contributionComputationTime = 0; // time spent while computing the contribution.
+        let lastZkeyBlake2bHash = ""; // the Blake2B hash of the last zKey.
+        let verificationTranscriptTemporaryLocalPath = ""; // the local temporary path for the verification transcript.
+        let transcriptBlake2bHash = ""; // the Blake2B hash of the verification transcript.
+        let commandId = ""; // the unique identifier of the VM command.
+        // Derive necessary data.
+        const lastZkeyIndex = actions.formatZkeyIndex(completedContributions + 1);
+        const verificationTranscriptCompleteFilename = `${prefix}_${isFinalizing
+            ? `${contributorOrCoordinatorIdentifier}_${actions.finalContributionIndex}_verification_transcript.log`
+            : `${lastZkeyIndex}_${contributorOrCoordinatorIdentifier}_verification_transcript.log`}`;
+        const lastZkeyFilename = `${prefix}_${isFinalizing ? actions.finalContributionIndex : lastZkeyIndex}.zkey`;
+        // Prepare state for VM verification (if needed).
+        const ec2 = await createEC2Client();
+        const ssm = await createSSMClient();
+        // Step (1.A.1).
+        // Get storage paths.
+        const verificationTranscriptStoragePathAndFilename = actions.getTranscriptStorageFilePath(prefix, verificationTranscriptCompleteFilename);
+        // the zKey storage path is required to be sent to the VM api
+        const lastZkeyStoragePath = actions.getZkeyStorageFilePath(prefix, `${prefix}_${isFinalizing ? actions.finalContributionIndex : lastZkeyIndex}.zkey`);
+        const verificationTaskTimer = new timerNode.Timer({ label: `${ceremonyId}-${circuitId}-${participantDoc.id}` });
+        const completeVerification = async () => {
+            // Stop verification task timer.
+            printLog("Completing verification", LogLevel.DEBUG);
+            verificationTaskTimer.stop();
+            verifyCloudFunctionExecutionTime = verificationTaskTimer.ms();
+            if (isUsingVM) {
+                // Create temporary path.
+                verificationTranscriptTemporaryLocalPath = createTemporaryLocalPath(`${circuitId}_${participantDoc.id}.log`);
+                await sleep(1000); // wait 1s for file creation.
+                // Download from bucket.
+                // nb. the transcript MUST be uploaded from the VM by verification commands.
+                await downloadArtifactFromS3Bucket(bucketName, verificationTranscriptStoragePathAndFilename, verificationTranscriptTemporaryLocalPath);
+                // Read the verification trascript and validate data by checking for core info ("ZKey Ok!").
+                const content = fs.readFileSync(verificationTranscriptTemporaryLocalPath, "utf-8");
+                if (content.includes("ZKey Ok!"))
+                    isContributionValid = true;
+                // If the contribution is valid, then format and store the trascript.
+                if (isContributionValid) {
+                    // eslint-disable-next-line no-control-regex
+                    const updated = content.replace(/\x1b[[0-9;]*m/g, "");
+                    fs.writeFileSync(verificationTranscriptTemporaryLocalPath, updated);
+                }
+            }
+            printLog(`The contribution has been verified - Result ${isContributionValid}`, LogLevel.DEBUG);
+            // Create a new contribution document.
+            const contributionDoc = await firestore
+                .collection(actions.getContributionsCollectionPath(ceremonyId, circuitId))
+                .doc()
+                .get();
+            // Step (1.A.4).
             if (isContributionValid) {
-                // eslint-disable-next-line no-control-regex
-                const updated = content.replace(/\x1b[[0-9;]*m/g, "");
-                fs.writeFileSync(verificationTranscriptTemporaryLocalPath, updated);
+                // Sleep ~3 seconds to wait for verification transcription.
+                await sleep(3000);
+                // Step (1.A.4.A.1).
+                if (isUsingVM) {
+                    // Retrieve the contribution hash from the command output.
+                    lastZkeyBlake2bHash = await actions.retrieveCommandOutput(ssm, vmInstanceId, commandId);
+                    const hashRegex = /[a-fA-F0-9]{64}/;
+                    const match = lastZkeyBlake2bHash.match(hashRegex);
+                    lastZkeyBlake2bHash = match.at(0);
+                    // re upload the formatted verification transcript
+                    await uploadFileToBucket(bucketName, verificationTranscriptStoragePathAndFilename, verificationTranscriptTemporaryLocalPath, true);
+                }
+                else {
+                    // Upload verification transcript.
+                    /// nb. do not use multi-part upload here due to small file size.
+                    await uploadFileToBucket(bucketName, verificationTranscriptStoragePathAndFilename, verificationTranscriptTemporaryLocalPath, true);
+                }
+                // Compute verification transcript hash.
+                transcriptBlake2bHash = await actions.blake512FromPath(verificationTranscriptTemporaryLocalPath);
+                // Free resources by unlinking transcript temporary file.
+                fs.unlinkSync(verificationTranscriptTemporaryLocalPath);
+                // Filter participant contributions to find the data related to the one verified.
+                const participantContributions = contributions.filter((contribution) => !!contribution.hash && !!contribution.computationTime && !contribution.doc);
+                /// @dev (there must be only one contribution with an empty 'doc' field).
+                if (participantContributions.length !== 1)
+                    logAndThrowError(SPECIFIC_ERRORS.SE_VERIFICATION_NO_PARTICIPANT_CONTRIBUTION_DATA);
+                // Get contribution computation time.
+                contributionComputationTime = contributions.at(0).computationTime;
+                // Step (1.A.4.A.2).
+                batch.create(contributionDoc.ref, {
+                    participantId: participantDoc.id,
+                    contributionComputationTime,
+                    verificationComputationTime: verifyCloudFunctionExecutionTime,
+                    zkeyIndex: isFinalizing ? actions.finalContributionIndex : lastZkeyIndex,
+                    files: {
+                        transcriptFilename: verificationTranscriptCompleteFilename,
+                        lastZkeyFilename,
+                        transcriptStoragePath: verificationTranscriptStoragePathAndFilename,
+                        lastZkeyStoragePath,
+                        transcriptBlake2bHash,
+                        lastZkeyBlake2bHash
+                    },
+                    verificationSoftware: {
+                        name: String(process.env.CUSTOM_CONTRIBUTION_VERIFICATION_SOFTWARE_NAME),
+                        version: String(process.env.CUSTOM_CONTRIBUTION_VERIFICATION_SOFTWARE_VERSION),
+                        commitHash: String(process.env.CUSTOM_CONTRIBUTION_VERIFICATION_SOFTWARE_COMMIT_HASH)
+                    },
+                    valid: isContributionValid,
+                    lastUpdated: getCurrentServerTimestampInMillis()
+                });
+                verifyContributionTimer.stop();
+                verifyCloudFunctionTime = verifyContributionTimer.ms();
             }
-        }
-        printLog(`The contribution has been verified - Result ${isContributionValid}`, LogLevel.DEBUG);
-        // Create a new contribution document.
-        const contributionDoc = await firestore
-            .collection(actions.getContributionsCollectionPath(ceremonyId, circuitId))
-            .doc()
-            .get();
-        // Step (1.A.4).
-        if (isContributionValid) {
-            // Sleep ~3 seconds to wait for verification transcription.
-            await sleep(3000);
-            // Step (1.A.4.A.1).
+            else {
+                // Step (1.A.4.B).
+                // Free-up storage by deleting invalid contribution.
+                await deleteObject(bucketName, lastZkeyStoragePath);
+                // Step (1.A.4.B.1).
+                batch.create(contributionDoc.ref, {
+                    participantId: participantDoc.id,
+                    verificationComputationTime: verifyCloudFunctionExecutionTime,
+                    zkeyIndex: isFinalizing ? actions.finalContributionIndex : lastZkeyIndex,
+                    verificationSoftware: {
+                        name: String(process.env.CUSTOM_CONTRIBUTION_VERIFICATION_SOFTWARE_NAME),
+                        version: String(process.env.CUSTOM_CONTRIBUTION_VERIFICATION_SOFTWARE_VERSION),
+                        commitHash: String(process.env.CUSTOM_CONTRIBUTION_VERIFICATION_SOFTWARE_COMMIT_HASH)
+                    },
+                    valid: isContributionValid,
+                    lastUpdated: getCurrentServerTimestampInMillis()
+                });
+            }
+            // Stop VM instance
             if (isUsingVM) {
-                // Retrieve the contribution hash from the command output.
-                lastZkeyBlake2bHash = await actions.retrieveCommandOutput(ssm, vmInstanceId, commandId);
-                const hashRegex = /[a-fA-F0-9]{64}/;
-                const match = lastZkeyBlake2bHash.match(hashRegex);
-                lastZkeyBlake2bHash = match.at(0);
-                // re upload the formatted verification transcript
-                await uploadFileToBucket(bucketName, verificationTranscriptStoragePathAndFilename, verificationTranscriptTemporaryLocalPath, true);
+                // using try and catch as the VM stopping function can throw
+                // however we want to continue without stopping as the
+                // verification was valid, and inform the coordinator
+                try {
+                    await actions.stopEC2Instance(ec2, vmInstanceId);
+                }
+                catch (error) {
+                    printLog(`Error while stopping VM instance ${vmInstanceId} - Error ${error}`, LogLevel.WARN);
+                }
             }
-            else {
-                // Upload verification transcript.
-                /// nb. do not use multi-part upload here due to small file size.
-                await uploadFileToBucket(bucketName, verificationTranscriptStoragePathAndFilename, verificationTranscriptTemporaryLocalPath, true);
+            // Step (1.A.4.C)
+            if (!isFinalizing) {
+                // Step (1.A.4.C.1)
+                // Compute new average contribution/verification time.
+                fullContributionTime = Number(verificationStartedAt) - Number(contributionStartedAt);
+                const newAvgContributionComputationTime = avgContributionComputationTime > 0
+                    ? (avgContributionComputationTime + contributionComputationTime) / 2
+                    : contributionComputationTime;
+                const newAvgFullContributionTime = avgFullContributionTime > 0
+                    ? (avgFullContributionTime + fullContributionTime) / 2
+                    : fullContributionTime;
+                const newAvgVerifyCloudFunctionTime = avgVerifyCloudFunctionTime > 0
+                    ? (avgVerifyCloudFunctionTime + verifyCloudFunctionTime) / 2
+                    : verifyCloudFunctionTime;
+                // Prepare tx to update circuit average contribution/verification time.
+                const updatedCircuitDoc = await getDocumentById(actions.getCircuitsCollectionPath(ceremonyId), circuitId);
+                const { waitingQueue: updatedWaitingQueue } = updatedCircuitDoc.data();
+                /// @dev this must happen only for valid contributions.
+                batch.update(circuitDoc.ref, {
+                    avgTimings: {
+                        contributionComputation: isContributionValid
+                            ? newAvgContributionComputationTime
+                            : avgContributionComputationTime,
+                        fullContribution: isContributionValid ? newAvgFullContributionTime : avgFullContributionTime,
+                        verifyCloudFunction: isContributionValid
+                            ? newAvgVerifyCloudFunctionTime
+                            : avgVerifyCloudFunctionTime
+                    },
+                    waitingQueue: {
+                        ...updatedWaitingQueue,
+                        completedContributions: isContributionValid
+                            ? completedContributions + 1
+                            : completedContributions,
+                        failedContributions: isContributionValid ? failedContributions : failedContributions + 1
+                    },
+                    lastUpdated: getCurrentServerTimestampInMillis()
+                });
             }
-            // Compute verification transcript hash.
-            transcriptBlake2bHash = await actions.blake512FromPath(verificationTranscriptTemporaryLocalPath);
-            // Free resources by unlinking transcript temporary file.
-            fs.unlinkSync(verificationTranscriptTemporaryLocalPath);
-            // Filter participant contributions to find the data related to the one verified.
-            const participantContributions = contributions.filter((contribution) => !!contribution.hash && !!contribution.computationTime && !contribution.doc);
-            /// @dev (there must be only one contribution with an empty 'doc' field).
-            if (participantContributions.length !== 1)
-                logAndThrowError(SPECIFIC_ERRORS.SE_VERIFICATION_NO_PARTICIPANT_CONTRIBUTION_DATA);
-            // Get contribution computation time.
-            contributionComputationTime = contributions.at(0).computationTime;
-            // Step (1.A.4.A.2).
-            batch.create(contributionDoc.ref, {
-                participantId: participantDoc.id,
-                contributionComputationTime,
-                verificationComputationTime: verifyCloudFunctionExecutionTime,
-                zkeyIndex: isFinalizing ? actions.finalContributionIndex : lastZkeyIndex,
-                files: {
-                    transcriptFilename: verificationTranscriptCompleteFilename,
-                    lastZkeyFilename,
-                    transcriptStoragePath: verificationTranscriptStoragePathAndFilename,
-                    lastZkeyStoragePath,
-                    transcriptBlake2bHash,
-                    lastZkeyBlake2bHash
-                },
-                verificationSoftware: {
-                    name: String(process.env.CUSTOM_CONTRIBUTION_VERIFICATION_SOFTWARE_NAME),
-                    version: String(process.env.CUSTOM_CONTRIBUTION_VERIFICATION_SOFTWARE_VERSION),
-                    commitHash: String(process.env.CUSTOM_CONTRIBUTION_VERIFICATION_SOFTWARE_COMMIT_HASH)
-                },
-                valid: isContributionValid,
-                lastUpdated: getCurrentServerTimestampInMillis()
-            });
-            verifyContributionTimer.stop();
-            verifyCloudFunctionTime = verifyContributionTimer.ms();
-        }
-        else {
-            // Step (1.A.4.B).
-            // Free-up storage by deleting invalid contribution.
-            await deleteObject(bucketName, lastZkeyStoragePath);
-            // Step (1.A.4.B.1).
-            batch.create(contributionDoc.ref, {
-                participantId: participantDoc.id,
-                verificationComputationTime: verifyCloudFunctionExecutionTime,
-                zkeyIndex: isFinalizing ? actions.finalContributionIndex : lastZkeyIndex,
-                verificationSoftware: {
-                    name: String(process.env.CUSTOM_CONTRIBUTION_VERIFICATION_SOFTWARE_NAME),
-                    version: String(process.env.CUSTOM_CONTRIBUTION_VERIFICATION_SOFTWARE_VERSION),
-                    commitHash: String(process.env.CUSTOM_CONTRIBUTION_VERIFICATION_SOFTWARE_COMMIT_HASH)
-                },
-                valid: isContributionValid,
-                lastUpdated: getCurrentServerTimestampInMillis()
-            });
-        }
-        // Stop VM instance
-        if (isUsingVM) {
-            // using try and catch as the VM stopping function can throw
-            // however we want to continue without stopping as the
-            // verification was valid, and inform the coordinator
+            // Step (2).
+            await batch.commit();
+            printLog(`The contribution #${isFinalizing ? actions.finalContributionIndex : lastZkeyIndex} of circuit ${circuitId} (ceremony ${ceremonyId}) has been verified as ${isContributionValid ? "valid" : "invalid"} for the participant ${participantDoc.id}`, LogLevel.DEBUG);
+        };
+        // Step (1).
+        if (isContributing || isFinalizing) {
+            // Prepare timer.
+            verificationTaskTimer.start();
+            // Step (1.A.3.0).
+            if (isUsingVM) {
+                printLog(`Starting the VM mechanism`, LogLevel.DEBUG);
+                // Prepare for VM execution.
+                let isVMRunning = false; // true when the VM is up, otherwise false.
+                // Step (1.A.3.1).
+                await actions.startEC2Instance(ec2, vmInstanceId);
+                await sleep(60000); // nb. wait for VM startup (1 mins + retry).
+                // Check if the startup is running.
+                isVMRunning = await checkIfVMRunning(ec2, vmInstanceId);
+                printLog(`VM running: ${isVMRunning}`, LogLevel.DEBUG);
+                // Step (1.A.3.2).
+                // Prepare.
+                const verificationCommand = actions.vmContributionVerificationCommand(bucketName, lastZkeyStoragePath, verificationTranscriptStoragePathAndFilename);
+                // Run.
+                commandId = await actions.runCommandUsingSSM(ssm, vmInstanceId, verificationCommand);
+                printLog(`Starting the execution of command ${commandId}`, LogLevel.DEBUG);
+                // Step (1.A.3.3).
+                return waitForVMCommandExecution(ssm, vmInstanceId, commandId)
+                    .then(async () => {
+                    // Command execution successfully completed.
+                    printLog(`Command ${commandId} execution has been successfully completed`, LogLevel.DEBUG);
+                    await completeVerification();
+                })
+                    .catch((error) => {
+                    // Command execution aborted.
+                    printLog(`Command ${commandId} execution has been aborted - Error ${error}`, LogLevel.DEBUG);
+                    logAndThrowError(COMMON_ERRORS.CM_INVALID_COMMAND_EXECUTION);
+                });
+            }
+            // CF approach.
+            printLog(`CF mechanism`, LogLevel.DEBUG);
+            const potStoragePath = actions.getPotStorageFilePath(files.potFilename);
+            const firstZkeyStoragePath = actions.getZkeyStorageFilePath(prefix, `${prefix}_${actions.genesisZkeyIndex}.zkey`);
+            // Prepare temporary file paths.
+            // (nb. these are needed to download the necessary artifacts for verification from AWS S3).
+            verificationTranscriptTemporaryLocalPath = createTemporaryLocalPath(verificationTranscriptCompleteFilename);
+            const potTempFilePath = createTemporaryLocalPath(`${circuitId}_${participantDoc.id}.pot`);
+            const firstZkeyTempFilePath = createTemporaryLocalPath(`${circuitId}_${participantDoc.id}_genesis.zkey`);
+            const lastZkeyTempFilePath = createTemporaryLocalPath(`${circuitId}_${participantDoc.id}_last.zkey`);
+            // Create and populate transcript.
+            const transcriptLogger = actions.createCustomLoggerForFile(verificationTranscriptTemporaryLocalPath);
+            transcriptLogger.info(`${isFinalizing ? `Final verification` : `Verification`} transcript for ${prefix} circuit Phase 2 contribution.\n${isFinalizing ? `Coordinator ` : `Contributor # ${Number(lastZkeyIndex)}`} (${contributorOrCoordinatorIdentifier})\n`);
+            // Step (1.A.2).
+            await downloadArtifactFromS3Bucket(bucketName, potStoragePath, potTempFilePath);
+            await downloadArtifactFromS3Bucket(bucketName, firstZkeyStoragePath, firstZkeyTempFilePath);
+            await downloadArtifactFromS3Bucket(bucketName, lastZkeyStoragePath, lastZkeyTempFilePath);
+            // Step (1.A.4).
+            isContributionValid = await snarkjs.zKey.verifyFromInit(firstZkeyTempFilePath, potTempFilePath, lastZkeyTempFilePath, transcriptLogger);
+            // Compute contribution hash.
+            lastZkeyBlake2bHash = await actions.blake512FromPath(lastZkeyTempFilePath);
+            // Free resources by unlinking temporary folders.
+            // Do not free-up verification transcript path here.
             try {
-                await actions.stopEC2Instance(ec2, vmInstanceId);
+                fs.unlinkSync(potTempFilePath);
+                fs.unlinkSync(firstZkeyTempFilePath);
+                fs.unlinkSync(lastZkeyTempFilePath);
             }
             catch (error) {
-                printLog(`Error while stopping VM instance ${vmInstanceId} - Error ${error}`, LogLevel.WARN);
+                printLog(`Error while unlinking temporary files - Error ${error}`, LogLevel.WARN);
             }
+            await completeVerification();
         }
-        // Step (1.A.4.C)
-        if (!isFinalizing) {
-            // Step (1.A.4.C.1)
-            // Compute new average contribution/verification time.
-            fullContributionTime = Number(verificationStartedAt) - Number(contributionStartedAt);
-            const newAvgContributionComputationTime = avgContributionComputationTime > 0
-                ? (avgContributionComputationTime + contributionComputationTime) / 2
-                : contributionComputationTime;
-            const newAvgFullContributionTime = avgFullContributionTime > 0
-                ? (avgFullContributionTime + fullContributionTime) / 2
-                : fullContributionTime;
-            const newAvgVerifyCloudFunctionTime = avgVerifyCloudFunctionTime > 0
-                ? (avgVerifyCloudFunctionTime + verifyCloudFunctionTime) / 2
-                : verifyCloudFunctionTime;
-            // Prepare tx to update circuit average contribution/verification time.
-            const updatedCircuitDoc = await getDocumentById(actions.getCircuitsCollectionPath(ceremonyId), circuitId);
-            const { waitingQueue: updatedWaitingQueue } = updatedCircuitDoc.data();
-            /// @dev this must happen only for valid contributions.
-            batch.update(circuitDoc.ref, {
-                avgTimings: {
-                    contributionComputation: isContributionValid
-                        ? newAvgContributionComputationTime
-                        : avgContributionComputationTime,
-                    fullContribution: isContributionValid ? newAvgFullContributionTime : avgFullContributionTime,
-                    verifyCloudFunction: isContributionValid
-                        ? newAvgVerifyCloudFunctionTime
-                        : avgVerifyCloudFunctionTime
-                },
-                waitingQueue: {
-                    ...updatedWaitingQueue,
-                    completedContributions: isContributionValid
-                        ? completedContributions + 1
-                        : completedContributions,
-                    failedContributions: isContributionValid ? failedContributions : failedContributions + 1
-                },
-                lastUpdated: getCurrentServerTimestampInMillis()
-            });
-        }
-        // Step (2).
-        await batch.commit();
-        printLog(`The contribution #${isFinalizing ? actions.finalContributionIndex : lastZkeyIndex} of circuit ${circuitId} (ceremony ${ceremonyId}) has been verified as ${isContributionValid ? "valid" : "invalid"} for the participant ${participantDoc.id}`, LogLevel.DEBUG);
-    };
-    // Step (1).
-    if (isContributing || isFinalizing) {
-        // Prepare timer.
-        verificationTaskTimer.start();
-        // Step (1.A.3.0).
-        if (isUsingVM) {
-            printLog(`Starting the VM mechanism`, LogLevel.DEBUG);
-            // Prepare for VM execution.
-            let isVMRunning = false; // true when the VM is up, otherwise false.
-            // Step (1.A.3.1).
-            await actions.startEC2Instance(ec2, vmInstanceId);
-            await sleep(60000); // nb. wait for VM startup (1 mins + retry).
-            // Check if the startup is running.
-            isVMRunning = await checkIfVMRunning(ec2, vmInstanceId);
-            printLog(`VM running: ${isVMRunning}`, LogLevel.DEBUG);
-            // Step (1.A.3.2).
-            // Prepare.
-            const verificationCommand = actions.vmContributionVerificationCommand(bucketName, lastZkeyStoragePath, verificationTranscriptStoragePathAndFilename);
-            // Run.
-            commandId = await actions.runCommandUsingSSM(ssm, vmInstanceId, verificationCommand);
-            printLog(`Starting the execution of command ${commandId}`, LogLevel.DEBUG);
-            // Step (1.A.3.3).
-            return waitForVMCommandExecution(ssm, vmInstanceId, commandId)
-                .then(async () => {
-                // Command execution successfully completed.
-                printLog(`Command ${commandId} execution has been successfully completed`, LogLevel.DEBUG);
-                await completeVerification();
-            })
-                .catch((error) => {
-                // Command execution aborted.
-                printLog(`Command ${commandId} execution has been aborted - Error ${error}`, LogLevel.DEBUG);
-                logAndThrowError(COMMON_ERRORS.CM_INVALID_COMMAND_EXECUTION);
-            });
-        }
-        // CF approach.
-        printLog(`CF mechanism`, LogLevel.DEBUG);
-        const potStoragePath = actions.getPotStorageFilePath(files.potFilename);
-        const firstZkeyStoragePath = actions.getZkeyStorageFilePath(prefix, `${prefix}_${actions.genesisZkeyIndex}.zkey`);
-        // Prepare temporary file paths.
-        // (nb. these are needed to download the necessary artifacts for verification from AWS S3).
-        verificationTranscriptTemporaryLocalPath = createTemporaryLocalPath(verificationTranscriptCompleteFilename);
-        const potTempFilePath = createTemporaryLocalPath(`${circuitId}_${participantDoc.id}.pot`);
-        const firstZkeyTempFilePath = createTemporaryLocalPath(`${circuitId}_${participantDoc.id}_genesis.zkey`);
-        const lastZkeyTempFilePath = createTemporaryLocalPath(`${circuitId}_${participantDoc.id}_last.zkey`);
-        // Create and populate transcript.
-        const transcriptLogger = actions.createCustomLoggerForFile(verificationTranscriptTemporaryLocalPath);
-        transcriptLogger.info(`${isFinalizing ? `Final verification` : `Verification`} transcript for ${prefix} circuit Phase 2 contribution.\n${isFinalizing ? `Coordinator ` : `Contributor # ${Number(lastZkeyIndex)}`} (${contributorOrCoordinatorIdentifier})\n`);
-        // Step (1.A.2).
-        await downloadArtifactFromS3Bucket(bucketName, potStoragePath, potTempFilePath);
-        await downloadArtifactFromS3Bucket(bucketName, firstZkeyStoragePath, firstZkeyTempFilePath);
-        await downloadArtifactFromS3Bucket(bucketName, lastZkeyStoragePath, lastZkeyTempFilePath);
-        // Step (1.A.4).
-        isContributionValid = await snarkjs.zKey.verifyFromInit(firstZkeyTempFilePath, potTempFilePath, lastZkeyTempFilePath, transcriptLogger);
-        // Compute contribution hash.
-        lastZkeyBlake2bHash = await actions.blake512FromPath(lastZkeyTempFilePath);
-        // Free resources by unlinking temporary folders.
-        // Do not free-up verification transcript path here.
-        try {
-            fs.unlinkSync(potTempFilePath);
-            fs.unlinkSync(firstZkeyTempFilePath);
-            fs.unlinkSync(lastZkeyTempFilePath);
-        }
-        catch (error) {
-            printLog(`Error while unlinking temporary files - Error ${error}`, LogLevel.WARN);
-        }
-        await completeVerification();
+    }
+    catch (error) {
+        logAndThrowError(makeError("unknown", error));
     }
 });
 /**
@@ -1861,7 +1901,7 @@ const verifycontribution = functionsV2__namespace.https.onCall({ memory: "16GiB"
 const refreshParticipantAfterContributionVerification = functionsV1__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .firestore.document(`/${actions.commonTerms.collections.ceremonies.name}/{ceremony}/${actions.commonTerms.collections.circuits.name}/{circuit}/${actions.commonTerms.collections.contributions.name}/{contributions}`)
     .onCreate(async (createdContribution) => {
@@ -1922,7 +1962,7 @@ const refreshParticipantAfterContributionVerification = functionsV1__namespace
 const finalizeCircuit = functionsV1__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || !context.auth.token.coordinator)
@@ -2066,7 +2106,7 @@ const checkIfBucketIsDedicatedToCeremony = async (bucketName) => {
 const createBucket = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     // Check if the user has the coordinator claim.
@@ -2156,7 +2196,7 @@ const createBucket = functions__namespace
 const checkIfObjectExist = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     // Check if the user has the coordinator claim.
@@ -2202,7 +2242,7 @@ const checkIfObjectExist = functions__namespace
 const generateGetObjectPreSignedUrl = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth)
@@ -2242,7 +2282,7 @@ const generateGetObjectPreSignedUrl = functions__namespace
 const startMultiPartUpload = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "2GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -2297,7 +2337,7 @@ const startMultiPartUpload = functions__namespace
 const generatePreSignedUrlsParts = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB",
+    memory: "1GB",
     timeoutSeconds: 300
 })
     .https.onCall(async (data, context) => {
@@ -2358,7 +2398,7 @@ const generatePreSignedUrlsParts = functions__namespace
 const completeMultiPartUpload = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "2GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -2407,6 +2447,216 @@ const completeMultiPartUpload = functions__namespace
     }
 });
 
+const VKEY_DATA = {
+    protocol: "groth16",
+    curve: "bn128",
+    nPublic: 3,
+    vk_alpha_1: [
+        "20491192805390485299153009773594534940189261866228447918068658471970481763042",
+        "9383485363053290200918347156157836566562967994039712273449902621266178545958",
+        "1"
+    ],
+    vk_beta_2: [
+        [
+            "6375614351688725206403948262868962793625744043794305715222011528459656738731",
+            "4252822878758300859123897981450591353533073413197771768651442665752259397132"
+        ],
+        [
+            "10505242626370262277552901082094356697409835680220590971873171140371331206856",
+            "21847035105528745403288232691147584728191162732299865338377159692350059136679"
+        ],
+        ["1", "0"]
+    ],
+    vk_gamma_2: [
+        [
+            "10857046999023057135944570762232829481370756359578518086990519993285655852781",
+            "11559732032986387107991004021392285783925812861821192530917403151452391805634"
+        ],
+        [
+            "8495653923123431417604973247489272438418190587263600148770280649306958101930",
+            "4082367875863433681332203403145435568316851327593401208105741076214120093531"
+        ],
+        ["1", "0"]
+    ],
+    vk_delta_2: [
+        [
+            "3697618915467790705869942236922063775466274665053173890632463796679068973252",
+            "14948341351907992175709156460547989243732741534604949238422596319735704165658"
+        ],
+        [
+            "3028459181652799888716942141752307629938889957960373621898607910203491239368",
+            "11380736494786911280692284374675752681598754560757720296073023058533044108340"
+        ],
+        ["1", "0"]
+    ],
+    vk_alphabeta_12: [
+        [
+            [
+                "2029413683389138792403550203267699914886160938906632433982220835551125967885",
+                "21072700047562757817161031222997517981543347628379360635925549008442030252106"
+            ],
+            [
+                "5940354580057074848093997050200682056184807770593307860589430076672439820312",
+                "12156638873931618554171829126792193045421052652279363021382169897324752428276"
+            ],
+            [
+                "7898200236362823042373859371574133993780991612861777490112507062703164551277",
+                "7074218545237549455313236346927434013100842096812539264420499035217050630853"
+            ]
+        ],
+        [
+            [
+                "7077479683546002997211712695946002074877511277312570035766170199895071832130",
+                "10093483419865920389913245021038182291233451549023025229112148274109565435465"
+            ],
+            [
+                "4595479056700221319381530156280926371456704509942304414423590385166031118820",
+                "19831328484489333784475432780421641293929726139240675179672856274388269393268"
+            ],
+            [
+                "11934129596455521040620786944827826205713621633706285934057045369193958244500",
+                "8037395052364110730298837004334506829870972346962140206007064471173334027475"
+            ]
+        ]
+    ],
+    IC: [
+        [
+            "12951059800758687233303204819298121944551181861362200875212570257618182506154",
+            "5751958719396509176593242305268064754837298673622815112953832050159760501392",
+            "1"
+        ],
+        [
+            "9561588427935871983444704959674198910445823619407211599507208879011862515257",
+            "14576201570478094842467636169770180675293504492823217349086195663150934064643",
+            "1"
+        ],
+        [
+            "4811967233483727873912563574622036989372099129165459921963463310078093941559",
+            "1874883809855039536107616044787862082553628089593740724610117059083415551067",
+            "1"
+        ],
+        [
+            "12252730267779308452229639835051322390696643456253768618882001876621526827161",
+            "7899194018737016222260328309937800777948677569409898603827268776967707173231",
+            "1"
+        ]
+    ]
+};
+dotenv.config();
+const { BANDADA_API_URL, BANDADA_GROUP_ID } = process.env;
+const bandadaApi = new apiSdk.ApiSdk(BANDADA_API_URL);
+const bandadaValidateProof = functions__namespace
+    .region("europe-west1")
+    .runWith({
+    memory: "512MB"
+})
+    .https.onCall(async (data) => {
+    if (!BANDADA_GROUP_ID)
+        throw new Error("BANDADA_GROUP_ID is not defined in .env");
+    const { proof, publicSignals } = data;
+    const isCorrect = snarkjs.groth16.verify(VKEY_DATA, publicSignals, proof);
+    if (!isCorrect)
+        return {
+            valid: false,
+            message: "Invalid proof",
+            token: ""
+        };
+    const commitment = data.publicSignals[1];
+    const isMember = await bandadaApi.isGroupMember(BANDADA_GROUP_ID, commitment);
+    if (!isMember)
+        return {
+            valid: false,
+            message: "Not a member of the group",
+            token: ""
+        };
+    const auth$1 = auth.getAuth();
+    try {
+        await admin.auth().createUser({
+            uid: commitment
+        });
+    }
+    catch (error) {
+        // if user already exist then just pass
+        if (error.code !== "auth/uid-already-exists") {
+            throw new Error(error);
+        }
+    }
+    const token = await auth$1.createCustomToken(commitment);
+    return {
+        valid: true,
+        message: "Valid proof and group member",
+        token
+    };
+});
+
+dotenv.config();
+const checkNonceOfSIWEAddress = functions__namespace
+    .region("europe-west1")
+    .runWith({ memory: "1GB" })
+    .https.onCall(async (data) => {
+    try {
+        const { auth0Token } = data;
+        const result = (await fetch(`${process.env.AUTH0_APPLICATION_URL}/userinfo`, {
+            method: "GET",
+            headers: {
+                "content-type": "application/json",
+                authorization: `Bearer ${auth0Token}`
+            }
+        }).then((_res) => _res.json()));
+        if (!result.sub) {
+            return {
+                valid: false,
+                message: "No user detected. Please check device flow token"
+            };
+        }
+        const auth$1 = auth.getAuth();
+        // check nonce
+        const parts = result.sub.split("|");
+        const address = decodeURIComponent(parts[2]).split(":")[2];
+        const minimumNonce = Number(process.env.ETH_MINIMUM_NONCE);
+        const nonceBlockHeight = "latest"; // process.env.ETH_NONCE_BLOCK_HEIGHT
+        // look up nonce for address @block
+        let nonceOk = true;
+        if (minimumNonce > 0) {
+            const provider = setEthProvider();
+            console.log(`got provider - block # ${await provider.getBlockNumber()}`);
+            const nonce = await provider.getTransactionCount(address, nonceBlockHeight);
+            console.log(`nonce ${nonce}`);
+            nonceOk = nonce >= minimumNonce;
+        }
+        console.log(`checking nonce ${nonceOk}`);
+        if (!nonceOk) {
+            return {
+                valid: false,
+                message: "Eth address does not meet the nonce requirements"
+            };
+        }
+        try {
+            await admin.auth().createUser({
+                displayName: address,
+                uid: address
+            });
+        }
+        catch (error) {
+            // if user already exist then just pass
+            if (error.code !== "auth/uid-already-exists") {
+                throw new Error(error);
+            }
+        }
+        const token = await auth$1.createCustomToken(address);
+        return {
+            valid: true,
+            token
+        };
+    }
+    catch (error) {
+        return {
+            valid: false,
+            message: `Something went wrong ${error}`
+        };
+    }
+});
+
 dotenv.config();
 /**
  * Check and remove the current contributor if it doesn't complete the contribution on the specified amount of time.
@@ -2429,7 +2679,7 @@ dotenv.config();
 const checkAndRemoveBlockingContributor = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .pubsub.schedule("every 1 minutes")
     .onRun(async () => {
@@ -2498,7 +2748,8 @@ const checkAndRemoveBlockingContributor = functions__namespace
                             if (timeoutExpirationDateInMsForBlockingContributor < currentServerTimestamp &&
                                 (contributionStep === "DOWNLOADING" /* ParticipantContributionStep.DOWNLOADING */ ||
                                     contributionStep === "COMPUTING" /* ParticipantContributionStep.COMPUTING */ ||
-                                    contributionStep === "UPLOADING" /* ParticipantContributionStep.UPLOADING */))
+                                    contributionStep === "UPLOADING" /* ParticipantContributionStep.UPLOADING */ ||
+                                    contributionStep === "COMPLETED" /* ParticipantContributionStep.COMPLETED */))
                                 timeoutType = "BLOCKING_CONTRIBUTION" /* TimeoutType.BLOCKING_CONTRIBUTION */;
                             if (timeoutExpirationDateInMsForVerificationCloudFunction > 0 &&
                                 timeoutExpirationDateInMsForVerificationCloudFunction < currentServerTimestamp &&
@@ -2575,7 +2826,7 @@ const checkAndRemoveBlockingContributor = functions__namespace
 const resumeContributionAfterTimeoutExpiration = functions__namespace
     .region("europe-west1")
     .runWith({
-    memory: "512MB"
+    memory: "1GB"
 })
     .https.onCall(async (data, context) => {
     if (!context.auth || (!context.auth.token.participant && !context.auth.token.coordinator))
@@ -2608,9 +2859,11 @@ const resumeContributionAfterTimeoutExpiration = functions__namespace
 
 admin.initializeApp();
 
+exports.bandadaValidateProof = bandadaValidateProof;
 exports.checkAndPrepareCoordinatorForFinalization = checkAndPrepareCoordinatorForFinalization;
 exports.checkAndRemoveBlockingContributor = checkAndRemoveBlockingContributor;
 exports.checkIfObjectExist = checkIfObjectExist;
+exports.checkNonceOfSIWEAddress = checkNonceOfSIWEAddress;
 exports.checkParticipantForCeremony = checkParticipantForCeremony;
 exports.completeMultiPartUpload = completeMultiPartUpload;
 exports.coordinateCeremonyParticipant = coordinateCeremonyParticipant;