Voting Contracts Security Assessment - Freedom Tool - Rarimo

PoseidonSMT

- It is using the SparseMerkleTree library from solarity.

- The __PoseidonSMT_init does call the setHashers which sets the hash for 2 and 3 elements to the poseidon implementation for that amount of elements.

- The internal _add function does hash the value given with poseidon (from registration the commitment_) and uses this as the key.

- Does expose some public functions such as getProof, getRoot and getNodeByKey for accessibility.

Registration

- During register the commitment_ is being used on the PoseidonSMT contract to generate a key using poseidon. Mathematically speaking, there is the possibility that two different commitment could lead to the same poseidon hash. However, data length on the commitment is the same as the poseidon hash entropy which reduces the probablity. Moreover, in the world case scenario were that collision would happen, SparseMerkleTree would revert with "the key already exists".

- _validateRegistrationParams does verify period and timestamp.

- getRegistrationStatus is a standard state getter based on registrationInfo information. COMMITMENT period is stated to be between commitmentStartTime and commitmentEndTime (the former inclusive).

Voting

- The init function does allow setting the candidates for the voting phase.

- getProposalStatus is a standard state getter based on votingInfo information. PENDING period is stated to be between votingStartTime and votingEndTime (the former inclusive).

- The vote function will verify the parameters using the ZK verifier. It will also make sure that the nullifiers is not present already, allowing only one vote per verifier nullifier. It will also count the candidates an total votes, verifying if the candidate exists as per the contract deployment specification.

VotingFactory

- _createPool does _deploy and then _register the deployed address.

- The _deploy should be checking for getPoolImplementation address different than 0 to prevent unhandled errors when calling the implementation on that address.

- Both registration and voting are using the same VotingRegistry to track pools. Which can be risky on type confusion (Using a type for a different deployment purpose).

- When registering with a salt, the code does combine the actual provided parameter salt and the sender address into a hash. This is the salt used to deploy the proxy contract with create2.

- _createPoolWithSalt will use the _deploy2 to instantiate the contract with empty data. It will then call the proxy with the initial data. There is no reason to separate both actions and does require the use of verifyCallResult to verify call result.

- The owner for uups upgradability is the same as the votingRegistry owner.

- The internal _register will call addProxyPool on the votingRegistry

VotingRegistry

- getPoolImplementation is used by teh factory to fetch the implementation address for a given type, including both registration and voting deployments.

- setNewImplementations is the setter, batchable.

- addProxyPool adds to the enumerable mappings the new pool address.

LightweightState

- changeSigner will verify a signature and change the signer.

- Will allow changing the source address for signature validation.

- signedTransitState will allow setting a new merkle root for the current state (`gist` and identities).

- verifyStatesMerkleData should probably verify that the computedRoot_ is the current root if we want to make sure the merkle tree is active.

ZKPQueriesStorage

- Will be storing QueryMTPValidator addresses.

- Does initialise the lightweightState address. Used on integration contracts.

- setZKPQuery will allow overriding previous _queriesInfo. The removeZKPQuery function will make sure to remove and clean the storage.

- getQueryHashRaw will calculate a hash given some parameters for the query.

- The contract getters should probably check if the queryId_ parameter exist or not.

QueryValidator

- setVerifier and setIdentitesStatesUpdateTime can only be called by the owner.

- verify will first call the verifier verifyProof to check the ZK proof.

- queryHash_ is verified with the parameter (both user controlled).

- The validation parameters, that were used for the ZK proof are compared with the statesMerkleData

- _checkGistRoot will verify that the validationParams_.gistRoot is stored under lightweightState.

- _verifyStatesMerkleData will verify that issuerId, issuerState and createdAtTimestamp do indeed verify the merkle proofs.

- If the computed root is not the current identitiesStatesRoot it will verify if the current identitiesStatesRoot timestamp has expired as per identitesStatesUpdateTime period (set on this contract). The root will be considered invalid then.

- _checkGistRoot used on the verify will make sure that merkle root is equal and none zero for the given proofs.

QueryMTPValidator

- Extends QueryValidator and adds some static getters to it.

BaseVerifier

- setZKPQueriesStorage and updateAllowedIssuers is only callable by the owner.

- _transitState will verify that the new timetamp is higher than previous. Also if the identity root does not exist. If it does exist, or timestamp is lower the code will not revert. proof is being used to verify the newIdentitiesStatesRoot.

RegisterVerifier

- Does extend BaseVerifier.

- The RegisterProofInfo struct does contain registrationContractAddress which is being used to verify the caller under onlyVoting modifier.

- The _verify will check for parameters being valid and fill the CircuitQuery data and compute the verification hash. The used data is the isAdult flag and the issuingAuthority and documentNullifier, which is enough to verify a unique identity.

- _validateRegistrationFields will verify that the proofs are appropriated for the actual queryValidator_ address.