BM-277: Commit prover address to assessor journal (github#99)

Co-authored-by: Victor Graf <[email protected]>

Author: capossele

contracts/src/IProofMarket.sol

@@ -88,8 +88,10 @@ struct AssessorJournal {
     // Root of the Merkle tree committing to the set of proven claims.
     // In the case of a batch of size one, this may simply be a claim digest.
     bytes32 root;
-    // EIP712 domain separator
+    // EIP712 domain separator.
     bytes32 eip712DomainSeparator;
+    // The address of the prover that produced the assessor receipt.
+    address prover;
 }
 
 interface IProofMarket {
@@ -161,20 +163,27 @@ interface IProofMarket {
         bytes calldata proverSignature
     ) external;
 
-    /// Fulfill a locked request by delivering the proof for the application.
-    /// Upon proof verification, the prover will be paid.
-    function fulfill(Fulfillment calldata fill, bytes calldata assessorSeal) external;
-
-    /// Fulfills a batch of locked requests
-    function fulfillBatch(Fulfillment[] calldata fills, bytes calldata assessorSeal) external;
-
-    /// Optional path to combine submitting a new merkle root to the set-verifier and then calling fulfillBatch
-    /// Useful to reduce the transaction count for fulfillments
+    /// @notice Fulfill a locked request by delivering the proof for the application.
+    /// Upon proof verification, the prover that locked the request will be paid.
+    /// @param fill The fulfillment information, including the journal and seal.
+    /// @param assessorSeal The seal from the Assessor guest, which is verified to confirm the
+    /// request's requirements are met.
+    /// @param prover The address of the prover that produced the fulfillment.
+    /// Note that this can differ from the address of the prover that locked the
+    /// request. When they differ, the locked-in prover is the one that received payment.
+    function fulfill(Fulfillment calldata fill, bytes calldata assessorSeal, address prover) external;
+
+    /// @notice Fulfills a batch of locked requests. See IProofMarket.fulfill for more information.
+    function fulfillBatch(Fulfillment[] calldata fills, bytes calldata assessorSeal, address prover) external;
+
+    /// @notice Combined function to submit a new merkle root to the set-verifier and call fulfillBatch.
+    /// @dev Useful to reduce the transaction count for fulfillments
     function submitRootAndFulfillBatch(
         bytes32 root,
         bytes calldata seal,
         Fulfillment[] calldata fills,
-        bytes calldata assessorSeal
+        bytes calldata assessorSeal,
+        address prover
     ) external;
 
     /// When a prover fails to fulfill a request by the deadline, this method can be used to burn

contracts/src/ProofMarket.sol

@@ -242,7 +242,7 @@ contract ProofMarket is IProofMarket, EIP712 {
     }
 
     // TODO(victor): Add a path that allows a prover to fuilfill a request without first sending a lock-in.
-    function fulfill(Fulfillment calldata fill, bytes calldata assessorSeal) external {
+    function fulfill(Fulfillment calldata fill, bytes calldata assessorSeal, address prover) external {
         // Verify the application guest proof. We need to verify it here, even though the market
         // guest already verified that the prover has knowledge of a verifying receipt, because
         // we need to make sure the _delivered_ seal is valid.
@@ -256,7 +256,12 @@ contract ProofMarket is IProofMarket, EIP712 {
         ids[0] = fill.id;
         bytes32 assessorJournalDigest = sha256(
             abi.encode(
-                AssessorJournal({requestIds: ids, root: claimDigest, eip712DomainSeparator: _domainSeparatorV4()})
+                AssessorJournal({
+                    requestIds: ids,
+                    root: claimDigest,
+                    eip712DomainSeparator: _domainSeparatorV4(),
+                    prover: prover
+                })
             )
         );
         // Verification of the assessor seal does not need to comply with FULFILL_MAX_GAS_FOR_VERIFY.
@@ -267,7 +272,7 @@ contract ProofMarket is IProofMarket, EIP712 {
         emit RequestFulfilled(fill.id, fill.journal, fill.seal);
     }
 
-    function fulfillBatch(Fulfillment[] calldata fills, bytes calldata assessorSeal) public {
+    function fulfillBatch(Fulfillment[] calldata fills, bytes calldata assessorSeal, address prover) public {
         // TODO(victor): Figure out how much the memory here is costing. If it's significant, we can do some tricks to reduce memory pressure.
         bytes32[] memory claimDigests = new bytes32[](fills.length);
         uint192[] memory ids = new uint192[](fills.length);
@@ -281,7 +286,14 @@ contract ProofMarket is IProofMarket, EIP712 {
         // Verify the assessor, which ensures the application proof fulfills a valid request with the given ID.
         // NOTE: Signature checks and recursive verification happen inside the assessor.
         bytes32 assessorJournalDigest = sha256(
-            abi.encode(AssessorJournal({requestIds: ids, root: batchRoot, eip712DomainSeparator: _domainSeparatorV4()}))
+            abi.encode(
+                AssessorJournal({
+                    requestIds: ids,
+                    root: batchRoot,
+                    eip712DomainSeparator: _domainSeparatorV4(),
+                    prover: prover
+                })
+            )
         );
         // Verification of the assessor seal does not need to comply with FULFILL_MAX_GAS_FOR_VERIFY.
         VERIFIER.verify(assessorSeal, ASSESSOR_ID, assessorJournalDigest);
@@ -368,11 +380,12 @@ contract ProofMarket is IProofMarket, EIP712 {
         bytes32 root,
         bytes calldata seal,
         Fulfillment[] calldata fills,
-        bytes calldata assessorSeal
+        bytes calldata assessorSeal,
+        address prover
     ) external {
         IRiscZeroSetVerifier setVerifier = IRiscZeroSetVerifier(address(VERIFIER));
         setVerifier.submitMerkleRoot(root, seal);
-        fulfillBatch(fills, assessorSeal);
+        fulfillBatch(fills, assessorSeal, prover);
     }
 }
 

contracts/test/ProofMarket.t.sol

@@ -148,20 +148,21 @@ contract ProofMarketTest is Test {
         );
     }
 
-    function fulfillRequest(ProvingRequest memory request, bytes memory journal)
+    function fulfillRequest(ProvingRequest memory request, bytes memory journal, address prover)
         internal
         returns (Fulfillment memory, bytes memory assessorSeal)
     {
         ProvingRequest[] memory requests = new ProvingRequest[](1);
         requests[0] = request;
         bytes[] memory journals = new bytes[](1);
         journals[0] = journal;
-        (Fulfillment[] memory fills, bytes memory seal) = fulfillRequestBatch(requests, journals);
+        (Fulfillment[] memory fills, bytes memory seal) = fulfillRequestBatch(requests, journals, prover);
         return (fills[0], seal);
     }
 
-    function createFills(ProvingRequest[] memory requests, bytes[] memory journals)
+    function createFills(ProvingRequest[] memory requests, bytes[] memory journals, address prover)
         internal
+        view
         returns (Fulfillment[] memory fills, bytes memory assessorSeal, bytes32 root)
     {
         // initialize the fullfillments; one for each request;
@@ -179,7 +180,7 @@ contract ProofMarketTest is Test {
 
         // compute the assessor claim
         ReceiptClaim memory assessorClaim =
-            TestUtils.mockAssessor(fills, ASSESSOR_IMAGE_ID, proofMarket.eip712DomainSeparator());
+            TestUtils.mockAssessor(fills, ASSESSOR_IMAGE_ID, proofMarket.eip712DomainSeparator(), prover);
         // compute the batchRoot of the batch Merkle Tree (without the assessor)
         (bytes32 batchRoot, bytes32[][] memory tree) = TestUtils.mockSetBuilder(fills);
 
@@ -193,12 +194,12 @@ contract ProofMarketTest is Test {
         return (fills, assessorSeal, root);
     }
 
-    function fulfillRequestBatch(ProvingRequest[] memory requests, bytes[] memory journals)
+    function fulfillRequestBatch(ProvingRequest[] memory requests, bytes[] memory journals, address prover)
         internal
         returns (Fulfillment[] memory fills, bytes memory assessorSeal)
     {
         bytes32 root;
-        (fills, assessorSeal, root) = createFills(requests, journals);
+        (fills, assessorSeal, root) = createFills(requests, journals, prover);
         // submit the root to the set verifier
         publishRoot(root);
         return (fills, assessorSeal);
@@ -428,8 +429,8 @@ contract ProofMarketTest is Test {
 
         vm.startPrank(PROVER_WALLET.addr);
         proofMarket.lockin(request, clientSignature);
-        (Fulfillment memory fill, bytes memory assessorSeal) = fulfillRequest(request, APP_JOURNAL);
-        proofMarket.fulfill(fill, assessorSeal);
+        (Fulfillment memory fill, bytes memory assessorSeal) = fulfillRequest(request, APP_JOURNAL, PROVER_WALLET.addr);
+        proofMarket.fulfill(fill, assessorSeal, PROVER_WALLET.addr);
         // console2.log("fulfill - Gas used:", vm.gasUsed());
         vm.stopPrank();
 
@@ -473,8 +474,8 @@ contract ProofMarketTest is Test {
 
         // Note that this does not come from any particular address.
         proofMarket.lockinWithSig(request, clientSignature, proverSignature);
-        (Fulfillment memory fill, bytes memory assessorSeal) = fulfillRequest(request, APP_JOURNAL);
-        proofMarket.fulfill(fill, assessorSeal);
+        (Fulfillment memory fill, bytes memory assessorSeal) = fulfillRequest(request, APP_JOURNAL, PROVER_WALLET.addr);
+        proofMarket.fulfill(fill, assessorSeal, PROVER_WALLET.addr);
 
         // Check that the proof was submitted
         assertTrue(proofMarket.requestIsFulfilled(fill.id), "Request should have fulfilled status");
@@ -523,9 +524,9 @@ contract ProofMarketTest is Test {
             }
         }
 
-        (Fulfillment[] memory fills, bytes memory assessorSeal) = fulfillRequestBatch(requests, journals);
-
-        proofMarket.fulfillBatch(fills, assessorSeal);
+        (Fulfillment[] memory fills, bytes memory assessorSeal) =
+            fulfillRequestBatch(requests, journals, PROVER_WALLET.addr);
+        proofMarket.fulfillBatch(fills, assessorSeal, PROVER_WALLET.addr);
 
         for (uint256 i = 0; i < fills.length; i++) {
             // Check that the proof was submitted
@@ -539,18 +540,68 @@ contract ProofMarketTest is Test {
         checkProofMarketBalance();
     }
 
+    // Test that when the prover that produces the assessor receipt and the one that locked the
+    // request are different, the one that locked the request gets paid.
+    function testFulfillDistinctProvers() public {
+        Vm.Wallet memory client = createClient(1);
+
+        ProvingRequest memory request = defaultRequest(client.addr, 3);
+
+        bytes memory clientSignature = signRequest(client, request);
+        bytes memory proverSignature = signRequest(PROVER_WALLET, request);
+
+        uint256 balanceBefore = proofMarket.balanceOf(PROVER_WALLET.addr);
+        console2.log("Prover balance before:", balanceBefore);
+
+        // Note that this does not come from any particular address.
+        proofMarket.lockinWithSig(request, clientSignature, proverSignature);
+        // address(3) is just a standin for some other address.
+        address mockOtherProverAddr = address(uint160(3));
+        (Fulfillment memory fill, bytes memory assessorSeal) = fulfillRequest(request, APP_JOURNAL, mockOtherProverAddr);
+        proofMarket.fulfill(fill, assessorSeal, mockOtherProverAddr);
+
+        // Check that the proof was submitted
+        assertTrue(proofMarket.requestIsFulfilled(fill.id), "Request should have fulfilled status");
+
+        uint256 balanceAfter = proofMarket.balanceOf(PROVER_WALLET.addr);
+        console2.log("Prover balance after:", balanceAfter);
+        assertEq(balanceBefore + 1 ether, balanceAfter);
+
+        checkProofMarketBalance();
+    }
+
+    function testFulfillFulfillProverAddrDoesNotMatchAssessorReceipt() public {
+        Vm.Wallet memory client = createClient(1);
+
+        ProvingRequest memory request = defaultRequest(client.addr, 3);
+
+        bytes memory clientSignature = signRequest(client, request);
+        bytes memory proverSignature = signRequest(PROVER_WALLET, request);
+
+        uint256 balanceBefore = proofMarket.balanceOf(PROVER_WALLET.addr);
+        console2.log("Prover balance before:", balanceBefore);
+
+        // Note that this does not come from any particular address.
+        proofMarket.lockinWithSig(request, clientSignature, proverSignature);
+        // address(3) is just a standin for some other address.
+        address mockOtherProverAddr = address(uint160(3));
+        (Fulfillment memory fill, bytes memory assessorSeal) = fulfillRequest(request, APP_JOURNAL, PROVER_WALLET.addr);
+
+        vm.expectRevert();
+        proofMarket.fulfill(fill, assessorSeal, mockOtherProverAddr);
+    }
+
     function testFulfillAlreadyFulfilled() public {
         // Submit request and fulfill it
         Vm.Wallet memory client = createClient(1);
         ProvingRequest memory request = defaultRequest(client.addr, 1);
         testFulfill();
 
-        (Fulfillment memory fill, bytes memory assessorSeal) = fulfillRequest(request, APP_JOURNAL);
+        (Fulfillment memory fill, bytes memory assessorSeal) = fulfillRequest(request, APP_JOURNAL, PROVER_WALLET.addr);
         // Attempt to fulfill a request already fulfilled
         // should revert with "RequestIsFulfilled({requestId: request.id})"
         vm.expectRevert(abi.encodeWithSelector(IProofMarket.RequestIsFulfilled.selector, request.id));
-        vm.prank(PROVER_WALLET.addr);
-        proofMarket.fulfill(fill, assessorSeal);
+        proofMarket.fulfill(fill, assessorSeal, PROVER_WALLET.addr);
 
         checkProofMarketBalance();
     }
@@ -559,13 +610,12 @@ contract ProofMarketTest is Test {
         // Attempt to prove a non-existent request
         Vm.Wallet memory client = createClient(1);
         ProvingRequest memory request = defaultRequest(client.addr, 1);
-        (Fulfillment memory fill, bytes memory assessorSeal) = fulfillRequest(request, APP_JOURNAL);
+        (Fulfillment memory fill, bytes memory assessorSeal) = fulfillRequest(request, APP_JOURNAL, PROVER_WALLET.addr);
 
         // Attempt to fulfill a request not lockeed
         // should revert with "RequestIsNotLocked({requestId: request.id})"
         vm.expectRevert(abi.encodeWithSelector(IProofMarket.RequestIsNotLocked.selector, request.id));
-        vm.prank(PROVER_WALLET.addr);
-        proofMarket.fulfill(fill, assessorSeal);
+        proofMarket.fulfill(fill, assessorSeal, PROVER_WALLET.addr);
 
         checkProofMarketBalance();
     }
@@ -585,7 +635,7 @@ contract ProofMarketTest is Test {
 
         vm.startPrank(PROVER_WALLET.addr);
         proofMarket.lockin(request, clientSignature);
-        (Fulfillment memory fill, bytes memory assessorSeal) = fulfillRequest(request, APP_JOURNAL);
+        (Fulfillment memory fill, bytes memory assessorSeal) = fulfillRequest(request, APP_JOURNAL, PROVER_WALLET.addr);
 
         vm.roll(2);
 
@@ -594,7 +644,7 @@ contract ProofMarketTest is Test {
         vm.expectRevert(
             abi.encodeWithSelector(IProofMarket.RequestIsExpired.selector, request.id, request.offer.deadline())
         );
-        proofMarket.fulfill(fill, assessorSeal);
+        proofMarket.fulfill(fill, assessorSeal, PROVER_WALLET.addr);
         vm.stopPrank();
 
         checkProofMarketBalance();
@@ -709,10 +759,11 @@ contract ProofMarketTest is Test {
 
     function benchFulfillBatch(uint256 batchSize) public {
         (ProvingRequest[] memory requests, bytes[] memory journals) = newBatch(batchSize);
-        (Fulfillment[] memory fills, bytes memory assessorSeal) = fulfillRequestBatch(requests, journals);
+        (Fulfillment[] memory fills, bytes memory assessorSeal) =
+            fulfillRequestBatch(requests, journals, PROVER_WALLET.addr);
 
         uint256 gasBefore = gasleft();
-        proofMarket.fulfillBatch(fills, assessorSeal);
+        proofMarket.fulfillBatch(fills, assessorSeal, PROVER_WALLET.addr);
         uint256 gasAfter = gasleft();
         // Calculate the gas used
         uint256 gasUsed = gasBefore - gasAfter;
@@ -761,11 +812,12 @@ contract ProofMarketTest is Test {
 
     function testsubmitRootAndFulfillBatch() public {
         (ProvingRequest[] memory requests, bytes[] memory journals) = newBatch(2);
-        (Fulfillment[] memory fills, bytes memory assessorSeal, bytes32 root) = createFills(requests, journals);
+        (Fulfillment[] memory fills, bytes memory assessorSeal, bytes32 root) =
+            createFills(requests, journals, PROVER_WALLET.addr);
 
         bytes memory seal =
             verifier.mockProve(SET_BUILDER_IMAGE_ID, sha256(abi.encodePacked(SET_BUILDER_IMAGE_ID, root))).seal;
-        proofMarket.submitRootAndFulfillBatch(root, seal, fills, assessorSeal);
+        proofMarket.submitRootAndFulfillBatch(root, seal, fills, assessorSeal, PROVER_WALLET.addr);
 
         for (uint256 j = 0; j < fills.length; j++) {
             assertTrue(proofMarket.requestIsFulfilled(fills[j].id), "Request should have fulfilled status");

contracts/test/TestUtils.sol

@@ -11,11 +11,12 @@ import "../src/ProofMarket.sol";
 library TestUtils {
     using ReceiptClaimLib for ReceiptClaim;
 
-    function mockAssessor(Fulfillment[] memory fills, bytes32 assessorImageId, bytes32 eip712DomainSeparator)
-        internal
-        pure
-        returns (ReceiptClaim memory)
-    {
+    function mockAssessor(
+        Fulfillment[] memory fills,
+        bytes32 assessorImageId,
+        bytes32 eip712DomainSeparator,
+        address prover
+    ) internal pure returns (ReceiptClaim memory) {
         bytes32[] memory claimDigests = new bytes32[](fills.length);
         uint192[] memory ids = new uint192[](fills.length);
         for (uint256 i = 0; i < fills.length; i++) {
@@ -24,8 +25,9 @@ library TestUtils {
         }
         bytes32 root = MerkleProofish.processTree(claimDigests);
 
-        bytes memory journal =
-            abi.encode(AssessorJournal({requestIds: ids, root: root, eip712DomainSeparator: eip712DomainSeparator}));
+        bytes memory journal = abi.encode(
+            AssessorJournal({requestIds: ids, root: root, eip712DomainSeparator: eip712DomainSeparator, prover: prover})
+        );
         return ReceiptClaimLib.ok(assessorImageId, sha256(journal));
     }
 

crates/assessor/src/lib.rs

@@ -2,7 +2,7 @@
 //
 // All rights reserved.
 
-use alloy_primitives::Signature;
+use alloy_primitives::{Address, Signature};
 use alloy_sol_types::{Eip712Domain, SolStruct};
 use anyhow::{bail, Result};
 use boundless_market::contracts::{EIP721DomainSaltless, ProvingRequest};
@@ -54,6 +54,8 @@ pub struct AssessorInput {
     // This smart contract address is used solely to construct the EIP-712 Domain
     // and complete signature checks on the requests.
     pub domain: EIP721DomainSaltless,
+    // The address of the prover.
+    pub prover_address: Address,
 }
 
 impl AssessorInput {
@@ -235,8 +237,11 @@ mod tests {
     }
 
     fn assessor(claims: Vec<Fulfillment>, assumption_receipt: Receipt) {
-        let assessor_input =
-            AssessorInput { domain: eip712_domain(Address::ZERO, 1), fills: claims };
+        let assessor_input = AssessorInput {
+            domain: eip712_domain(Address::ZERO, 1),
+            fills: claims,
+            prover_address: Address::ZERO,
+        };
         let env = ExecutorEnv::builder()
             .write_slice(&assessor_input.to_vec())
             .add_assumption(assumption_receipt)