privacycash 1.0.14 → 1.0.16

package/README.md

@@ -1,6 +1,11 @@
 ## Privacy Cash SDK
 This is the SDK for Privacy Cash. It has been audited by Zigtur (https://x.com/zigtur).
 
+### Disclaimer
+This SDK powers Privacy Cash's frontend, assuming the single wallet use case. If you use it or published npm library from this repo, please fully test and beware of the inherent software risks or potential bugs.
+
+THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
 ### Usage
 This SDK provides APIs for developers to interact with Privacy Cash relayers easily. Developers can easily deposit/withdraw/query balances in Privacy Cash solana program.
 

package/dist/deposit.js

@@ -1,7 +1,7 @@
 import { PublicKey, TransactionInstruction, SystemProgram, ComputeBudgetProgram, VersionedTransaction, TransactionMessage, LAMPORTS_PER_SOL } from '@solana/web3.js';
 import BN from 'bn.js';
 import { Utxo } from './models/utxo.js';
-import { fetchMerkleProof, findCommitmentPDAs, findNullifierPDAs, getExtDataHash, getProgramAccounts, queryRemoteTreeState, findCrossCheckNullifierPDAs } from './utils/utils.js';
+import { fetchMerkleProof, findNullifierPDAs, getExtDataHash, getProgramAccounts, queryRemoteTreeState, findCrossCheckNullifierPDAs } from './utils/utils.js';
 import { prove, parseProofToBytesArray, parseToBytesArray } from './utils/prover.js';
 import { MerkleTree } from './utils/merkle_tree.js';
 import { serializeProofAndExtData } from './utils/encryption.js';
@@ -279,7 +279,6 @@ export async function deposit({ lightWasm, storage, keyBasePath, publicKey, conn
     // Find PDAs for nullifiers and commitments
     const { nullifier0PDA, nullifier1PDA } = findNullifierPDAs(proofToSubmit);
     const { nullifier2PDA, nullifier3PDA } = findCrossCheckNullifierPDAs(proofToSubmit);
-    const { commitment0PDA, commitment1PDA } = findCommitmentPDAs(proofToSubmit);
     // Address Lookup Table for transaction size optimization
     logger.debug('Setting up Address Lookup Table...');
     const ALT_ADDRESS = new PublicKey('72bpRay17JKp4k8H87p7ieU9C6aRDy5yCqwvtpTN2wuU');
@@ -298,8 +297,6 @@ export async function deposit({ lightWasm, storage, keyBasePath, publicKey, conn
             { pubkey: nullifier1PDA, isSigner: false, isWritable: true },
             { pubkey: nullifier2PDA, isSigner: false, isWritable: false },
             { pubkey: nullifier3PDA, isSigner: false, isWritable: false },
-            { pubkey: commitment0PDA, isSigner: false, isWritable: true },
-            { pubkey: commitment1PDA, isSigner: false, isWritable: true },
             { pubkey: treeTokenAccount, isSigner: false, isWritable: true },
             { pubkey: globalConfigAccount, isSigner: false, isWritable: false },
             // recipient - just a placeholder, not actually used for deposits. using an ALT address to save bytes

package/dist/getUtxos.js

@@ -73,7 +73,7 @@ export async function getUtxos({ publicKey, connection, encryptionService, stora
                     if (!fetched.hasMore) {
                         break;
                     }
-                    await sleep(100);
+                    await sleep(20);
                 }
             }
             catch (e) {
@@ -254,78 +254,6 @@ export function getBalanceFromUtxos(utxos) {
     // const remainderLamports = totalBalance.mod(LAMPORTS_PER_SOL);
     return { lamports: totalBalance.toNumber() };
 }
-async function decrypt_output(encryptedOutput, encryptionService, utxoKeypair, lightWasm, connection) {
-    let res = { status: 'unDecrypted' };
-    try {
-        if (!encryptedOutput) {
-            return { status: 'skipped' };
-        }
-        // Try to decrypt the UTXO
-        res.utxo = await encryptionService.decryptUtxo(encryptedOutput, lightWasm);
-        // If we got here, decryption succeeded, so this UTXO belongs to the user
-        res.status = 'decrypted';
-        // Get the real index from the on-chain commitment account
-        try {
-            if (!res.utxo) {
-                throw new Error('res.utxo undefined');
-            }
-            const commitment = await res.utxo.getCommitment();
-            // Convert decimal commitment string to byte array (same format as in proofs)
-            const commitmentBytes = Array.from(leInt2Buff(unstringifyBigInts(commitment), 32)).reverse();
-            // Derive the commitment PDA (could be either commitment0 or commitment1)
-            // We'll try both seeds since we don't know which one it is
-            let commitmentAccount = null;
-            let realIndex = null;
-            // Try commitment0 seed
-            try {
-                const [commitment0PDA] = PublicKey.findProgramAddressSync([Buffer.from("commitment0"), Buffer.from(commitmentBytes)], PROGRAM_ID);
-                const account0Info = await connection.getAccountInfo(commitment0PDA);
-                if (account0Info) {
-                    // Parse the index from the account data according to CommitmentAccount structure:
-                    // 0-8: Anchor discriminator
-                    // 8-40: commitment (32 bytes)  
-                    // 40-44: encrypted_output length (4 bytes)
-                    // 44-44+len: encrypted_output data
-                    // 44+len-52+len: index (8 bytes)
-                    const encryptedOutputLength = account0Info.data.readUInt32LE(40);
-                    const indexOffset = 44 + encryptedOutputLength;
-                    const indexBytes = account0Info.data.slice(indexOffset, indexOffset + 8);
-                    realIndex = new BN(indexBytes, 'le').toNumber();
-                }
-            }
-            catch (e) {
-                // Try commitment1 seed if commitment0 fails
-                try {
-                    const [commitment1PDA] = PublicKey.findProgramAddressSync([Buffer.from("commitment1"), Buffer.from(commitmentBytes)], PROGRAM_ID);
-                    const account1Info = await connection.getAccountInfo(commitment1PDA);
-                    if (account1Info) {
-                        // Parse the index from the account data according to CommitmentAccount structure
-                        const encryptedOutputLength = account1Info.data.readUInt32LE(40);
-                        const indexOffset = 44 + encryptedOutputLength;
-                        const indexBytes = account1Info.data.slice(indexOffset, indexOffset + 8);
-                        realIndex = new BN(indexBytes, 'le').toNumber();
-                        logger.debug(`Found commitment1 account with index: ${realIndex}`);
-                    }
-                }
-                catch (e2) {
-                    logger.debug(`Could not find commitment account for ${commitment}, using encrypted index: ${res.utxo.index}`);
-                }
-            }
-            // Update the UTXO with the real index if we found it
-            if (realIndex !== null) {
-                const oldIndex = res.utxo.index;
-                res.utxo.index = realIndex;
-            }
-        }
-        catch (error) {
-            logger.debug(`Failed to get real index for UTXO: ${error.message}`);
-        }
-    }
-    catch (error) {
-        // this UTXO doesn't belong to the user
-    }
-    return res;
-}
 async function decrypt_outputs(encryptedOutputs, encryptionService, utxoKeypair, lightWasm) {
     let results = [];
     // decript all UTXO

package/dist/utils/constants.d.ts

@@ -4,7 +4,7 @@ export declare const FIELD_SIZE: BN;
 export declare const PROGRAM_ID: PublicKey;
 export declare const DEPLOYER_ID: PublicKey;
 export declare const FEE_RECIPIENT: PublicKey;
-export declare const FETCH_UTXOS_GROUP_SIZE = 4000;
+export declare const FETCH_UTXOS_GROUP_SIZE = 10000;
 export declare const TRANSACT_IX_DISCRIMINATOR: Buffer<ArrayBuffer>;
 export declare const MERKLE_TREE_DEPTH = 26;
 export declare const ALT_ADDRESS: PublicKey;

package/dist/utils/constants.js

@@ -4,7 +4,7 @@ export const FIELD_SIZE = new BN('2188824287183927522224640574525727508854836440
 export const PROGRAM_ID = new PublicKey('9fhQBbumKEFuXtMBDw8AaQyAjCorLGJQiS3skWZdQyQD');
 export const DEPLOYER_ID = new PublicKey('AWexibGxNFKTa1b5R5MN4PJr9HWnWRwf8EW9g8cLx3dM');
 export const FEE_RECIPIENT = new PublicKey('AWexibGxNFKTa1b5R5MN4PJr9HWnWRwf8EW9g8cLx3dM');
-export const FETCH_UTXOS_GROUP_SIZE = 4000;
+export const FETCH_UTXOS_GROUP_SIZE = 10_000;
 export const TRANSACT_IX_DISCRIMINATOR = Buffer.from([217, 149, 130, 143, 221, 52, 252, 119]);
 export const MERKLE_TREE_DEPTH = 26;
 export const ALT_ADDRESS = new PublicKey('72bpRay17JKp4k8H87p7ieU9C6aRDy5yCqwvtpTN2wuU');

package/dist/utils/utils.d.ts

@@ -48,10 +48,6 @@ export declare function findNullifierPDAs(proof: any): {
     nullifier0PDA: PublicKey;
     nullifier1PDA: PublicKey;
 };
-export declare function findCommitmentPDAs(proof: any): {
-    commitment0PDA: PublicKey;
-    commitment1PDA: PublicKey;
-};
 export declare function queryRemoteTreeState(): Promise<{
     root: string;
     nextIndex: number;

package/dist/utils/utils.js

@@ -113,12 +113,6 @@ export function findNullifierPDAs(proof) {
     const [nullifier1PDA] = PublicKey.findProgramAddressSync([Buffer.from("nullifier1"), Buffer.from(proof.inputNullifiers[1])], PROGRAM_ID);
     return { nullifier0PDA, nullifier1PDA };
 }
-// Find commitment PDAs for the given proof
-export function findCommitmentPDAs(proof) {
-    const [commitment0PDA] = PublicKey.findProgramAddressSync([Buffer.from("commitment0"), Buffer.from(proof.outputCommitments[0])], PROGRAM_ID);
-    const [commitment1PDA] = PublicKey.findProgramAddressSync([Buffer.from("commitment1"), Buffer.from(proof.outputCommitments[1])], PROGRAM_ID);
-    return { commitment0PDA, commitment1PDA };
-}
 // Function to query remote tree state from indexer API
 export async function queryRemoteTreeState() {
     try {

package/dist/withdraw.js

@@ -6,7 +6,7 @@ import { Utxo } from './models/utxo.js';
 import { parseProofToBytesArray, parseToBytesArray, prove } from './utils/prover.js';
 import { ALT_ADDRESS, DEPLOYER_ID, FEE_RECIPIENT, FIELD_SIZE, INDEXER_API_URL, MERKLE_TREE_DEPTH } from './utils/constants.js';
 import { serializeProofAndExtData } from './utils/encryption.js';
-import { fetchMerkleProof, findCommitmentPDAs, findNullifierPDAs, getExtDataHash, getProgramAccounts, queryRemoteTreeState, findCrossCheckNullifierPDAs } from './utils/utils.js';
+import { fetchMerkleProof, findNullifierPDAs, getExtDataHash, getProgramAccounts, queryRemoteTreeState, findCrossCheckNullifierPDAs } from './utils/utils.js';
 import { getUtxos } from './getUtxos.js';
 import { logger } from './utils/logger.js';
 import { getConfig } from './config.js';
@@ -221,7 +221,6 @@ export async function withdraw({ recipient, lightWasm, storage, publicKey, conne
     // Find PDAs for nullifiers and commitments
     const { nullifier0PDA, nullifier1PDA } = findNullifierPDAs(proofToSubmit);
     const { nullifier2PDA, nullifier3PDA } = findCrossCheckNullifierPDAs(proofToSubmit);
-    const { commitment0PDA, commitment1PDA } = findCommitmentPDAs(proofToSubmit);
     // Serialize the proof and extData
     const serializedProof = serializeProofAndExtData(proofToSubmit, extData);
     logger.debug(`Total instruction data size: ${serializedProof.length} bytes`);
@@ -233,8 +232,6 @@ export async function withdraw({ recipient, lightWasm, storage, publicKey, conne
         nullifier1PDA: nullifier1PDA.toString(),
         nullifier2PDA: nullifier2PDA.toString(),
         nullifier3PDA: nullifier3PDA.toString(),
-        commitment0PDA: commitment0PDA.toString(),
-        commitment1PDA: commitment1PDA.toString(),
         treeTokenAccount: treeTokenAccount.toString(),
         globalConfigAccount: globalConfigAccount.toString(),
         recipient: recipient.toString(),

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "privacycash",
-  "version": "1.0.14",
+  "version": "1.0.16",
   "description": "",
   "main": "dist/index.js",
   "repository": "https://github.com/Privacy-Cash/privacy-cash-sdk",

package/src/deposit.ts

@@ -1,7 +1,7 @@
 import { Connection, Keypair, PublicKey, TransactionInstruction, SystemProgram, ComputeBudgetProgram, VersionedTransaction, TransactionMessage, LAMPORTS_PER_SOL } from '@solana/web3.js';
 import BN from 'bn.js';
 import { Utxo } from './models/utxo.js';
-import { fetchMerkleProof, findCommitmentPDAs, findNullifierPDAs, getExtDataHash, getProgramAccounts, queryRemoteTreeState, findCrossCheckNullifierPDAs } from './utils/utils.js';
+import { fetchMerkleProof, findNullifierPDAs, getExtDataHash, getProgramAccounts, queryRemoteTreeState, findCrossCheckNullifierPDAs } from './utils/utils.js';
 import { prove, parseProofToBytesArray, parseToBytesArray } from './utils/prover.js';
 import * as hasher from '@lightprotocol/hasher.rs';
 import { MerkleTree } from './utils/merkle_tree.js';
@@ -344,7 +344,6 @@ export async function deposit({ lightWasm, storage, keyBasePath, publicKey, conn
     // Find PDAs for nullifiers and commitments
     const { nullifier0PDA, nullifier1PDA } = findNullifierPDAs(proofToSubmit);
     const { nullifier2PDA, nullifier3PDA } = findCrossCheckNullifierPDAs(proofToSubmit);
-    const { commitment0PDA, commitment1PDA } = findCommitmentPDAs(proofToSubmit);
 
     // Address Lookup Table for transaction size optimization
     logger.debug('Setting up Address Lookup Table...');
@@ -368,8 +367,6 @@ export async function deposit({ lightWasm, storage, keyBasePath, publicKey, conn
             { pubkey: nullifier1PDA, isSigner: false, isWritable: true },
             { pubkey: nullifier2PDA, isSigner: false, isWritable: false },
             { pubkey: nullifier3PDA, isSigner: false, isWritable: false },
-            { pubkey: commitment0PDA, isSigner: false, isWritable: true },
-            { pubkey: commitment1PDA, isSigner: false, isWritable: true },
             { pubkey: treeTokenAccount, isSigner: false, isWritable: true },
             { pubkey: globalConfigAccount, isSigner: false, isWritable: false },
             // recipient - just a placeholder, not actually used for deposits. using an ALT address to save bytes

package/src/getUtxos.ts

@@ -103,7 +103,7 @@ export async function getUtxos({ publicKey, connection, encryptionService, stora
                     if (!fetched.hasMore) {
                         break
                     }
-                    await sleep(100)
+                    await sleep(20)
                 }
             } catch (e: any) {
                 throw e
@@ -335,99 +335,6 @@ export function getBalanceFromUtxos(utxos: Utxo[]) {
 
 // Decrypt single output to Utxo
 type DecryptRes = { status: 'decrypted' | 'skipped' | 'unDecrypted', utxo?: Utxo, encryptedOutput?: string }
-async function decrypt_output(
-    encryptedOutput: string,
-    encryptionService: EncryptionService,
-    utxoKeypair: UtxoKeypair,
-    lightWasm: any,
-    connection: Connection
-): Promise<DecryptRes> {
-    let res: DecryptRes = { status: 'unDecrypted' }
-    try {
-        if (!encryptedOutput) {
-            return { status: 'skipped' }
-        }
-
-        // Try to decrypt the UTXO
-        res.utxo = await encryptionService.decryptUtxo(
-            encryptedOutput,
-            lightWasm
-        );
-
-        // If we got here, decryption succeeded, so this UTXO belongs to the user
-        res.status = 'decrypted'
-
-        // Get the real index from the on-chain commitment account
-        try {
-            if (!res.utxo) {
-                throw new Error('res.utxo undefined')
-            }
-            const commitment = await res.utxo.getCommitment();
-            // Convert decimal commitment string to byte array (same format as in proofs)
-            const commitmentBytes = Array.from(
-                leInt2Buff(unstringifyBigInts(commitment), 32)
-            ).reverse() as number[];
-
-            // Derive the commitment PDA (could be either commitment0 or commitment1)
-            // We'll try both seeds since we don't know which one it is
-            let commitmentAccount = null;
-            let realIndex = null;
-            // Try commitment0 seed
-            try {
-                const [commitment0PDA] = PublicKey.findProgramAddressSync(
-                    [Buffer.from("commitment0"), Buffer.from(commitmentBytes)],
-                    PROGRAM_ID
-                );
-
-                const account0Info = await connection.getAccountInfo(commitment0PDA);
-                if (account0Info) {
-                    // Parse the index from the account data according to CommitmentAccount structure:
-                    // 0-8: Anchor discriminator
-                    // 8-40: commitment (32 bytes)  
-                    // 40-44: encrypted_output length (4 bytes)
-                    // 44-44+len: encrypted_output data
-                    // 44+len-52+len: index (8 bytes)
-                    const encryptedOutputLength = account0Info.data.readUInt32LE(40);
-                    const indexOffset = 44 + encryptedOutputLength;
-                    const indexBytes = account0Info.data.slice(indexOffset, indexOffset + 8);
-                    realIndex = new BN(indexBytes, 'le').toNumber();
-                }
-            } catch (e) {
-                // Try commitment1 seed if commitment0 fails
-                try {
-                    const [commitment1PDA] = PublicKey.findProgramAddressSync(
-                        [Buffer.from("commitment1"), Buffer.from(commitmentBytes)],
-                        PROGRAM_ID
-                    );
-
-                    const account1Info = await connection.getAccountInfo(commitment1PDA);
-                    if (account1Info) {
-                        // Parse the index from the account data according to CommitmentAccount structure
-                        const encryptedOutputLength = account1Info.data.readUInt32LE(40);
-                        const indexOffset = 44 + encryptedOutputLength;
-                        const indexBytes = account1Info.data.slice(indexOffset, indexOffset + 8);
-                        realIndex = new BN(indexBytes, 'le').toNumber();
-                        logger.debug(`Found commitment1 account with index: ${realIndex}`);
-                    }
-                } catch (e2) {
-                    logger.debug(`Could not find commitment account for ${commitment}, using encrypted index: ${res.utxo.index}`);
-                }
-            }
-
-            // Update the UTXO with the real index if we found it
-            if (realIndex !== null) {
-                const oldIndex = res.utxo.index;
-                res.utxo.index = realIndex;
-            }
-
-        } catch (error: any) {
-            logger.debug(`Failed to get real index for UTXO: ${error.message}`);
-        }
-    } catch (error: any) {
-        // this UTXO doesn't belong to the user
-    }
-    return res
-}
 
 async function decrypt_outputs(
     encryptedOutputs: string[],

package/src/utils/constants.ts

@@ -9,7 +9,7 @@ export const DEPLOYER_ID = new PublicKey('AWexibGxNFKTa1b5R5MN4PJr9HWnWRwf8EW9g8
 
 export const FEE_RECIPIENT = new PublicKey('AWexibGxNFKTa1b5R5MN4PJr9HWnWRwf8EW9g8cLx3dM')
 
-export const FETCH_UTXOS_GROUP_SIZE = 4000
+export const FETCH_UTXOS_GROUP_SIZE = 10_000
 
 export const TRANSACT_IX_DISCRIMINATOR = Buffer.from([217, 149, 130, 143, 221, 52, 252, 119]);
 

package/src/utils/utils.ts

@@ -146,20 +146,6 @@ export function findNullifierPDAs(proof: any) {
   return { nullifier0PDA, nullifier1PDA };
 }
 
-// Find commitment PDAs for the given proof
-export function findCommitmentPDAs(proof: any) {
-  const [commitment0PDA] = PublicKey.findProgramAddressSync(
-    [Buffer.from("commitment0"), Buffer.from(proof.outputCommitments[0])],
-    PROGRAM_ID
-  );
-
-  const [commitment1PDA] = PublicKey.findProgramAddressSync(
-    [Buffer.from("commitment1"), Buffer.from(proof.outputCommitments[1])],
-    PROGRAM_ID
-  );
-  return { commitment0PDA, commitment1PDA };
-}
-
 // Function to query remote tree state from indexer API
 export async function queryRemoteTreeState(): Promise<{ root: string, nextIndex: number }> {
   try {

package/src/withdraw.ts

@@ -8,9 +8,9 @@ import { parseProofToBytesArray, parseToBytesArray, prove } from './utils/prover
 
 import { ALT_ADDRESS, DEPLOYER_ID, FEE_RECIPIENT, FIELD_SIZE, INDEXER_API_URL, MERKLE_TREE_DEPTH, PROGRAM_ID } from './utils/constants.js';
 import { EncryptionService, serializeProofAndExtData } from './utils/encryption.js';
-import { fetchMerkleProof, findCommitmentPDAs, findNullifierPDAs, getExtDataHash, getProgramAccounts, queryRemoteTreeState, findCrossCheckNullifierPDAs } from './utils/utils.js';
+import { fetchMerkleProof, findNullifierPDAs, getExtDataHash, getProgramAccounts, queryRemoteTreeState, findCrossCheckNullifierPDAs } from './utils/utils.js';
 
-import { getUtxos, isUtxoSpent } from './getUtxos.js';
+import { getUtxos } from './getUtxos.js';
 import { logger } from './utils/logger.js';
 import { getConfig } from './config.js';
 // Indexer API endpoint
@@ -278,7 +278,6 @@ export async function withdraw({ recipient, lightWasm, storage, publicKey, conne
     // Find PDAs for nullifiers and commitments
     const { nullifier0PDA, nullifier1PDA } = findNullifierPDAs(proofToSubmit);
     const { nullifier2PDA, nullifier3PDA } = findCrossCheckNullifierPDAs(proofToSubmit);
-    const { commitment0PDA, commitment1PDA } = findCommitmentPDAs(proofToSubmit);
 
     // Serialize the proof and extData
     const serializedProof = serializeProofAndExtData(proofToSubmit, extData);
@@ -292,8 +291,6 @@ export async function withdraw({ recipient, lightWasm, storage, publicKey, conne
         nullifier1PDA: nullifier1PDA.toString(),
         nullifier2PDA: nullifier2PDA.toString(),
         nullifier3PDA: nullifier3PDA.toString(),
-        commitment0PDA: commitment0PDA.toString(),
-        commitment1PDA: commitment1PDA.toString(),
         treeTokenAccount: treeTokenAccount.toString(),
         globalConfigAccount: globalConfigAccount.toString(),
         recipient: recipient.toString(),