Update zkapp fallback logic

src/lib/mina_base/permissions.ml

@@ -72,6 +72,12 @@ module Auth_required = struct
     | t ->
         t
 
+  let access_perm_fallback_to_signature_with_older_version = function
+    | Proof ->
+        Signature
+    | t ->
+        t
+
   (* permissions such that [check permission (Proof _)] is true *)
   let gen_for_proof_authorization : t Quickcheck.Generator.t =
     Quickcheck.Generator.of_list [ None; Either; Proof ]
@@ -294,11 +300,21 @@ module Auth_required = struct
          that the proof should verify. *)
       (result, `proof_must_verify (didn't_fail_yet &&& not signature_sufficient))
 
+    (* proof/either/impossible -> signature *)
     let verification_key_perm_fallback_to_signature_with_older_version
         ({ signature_sufficient; _ } as t : t) =
       if_
         Pickles.Impls.Step.Boolean.(not signature_sufficient)
         ~then_:(constant Signature) ~else_:t
+
+    (* proof/either -> signature *)
+    let access_perm_fallback_to_signature_with_older_version
+        ({ signature_sufficient; constant = signature_is_constant; _ } as t : t)
+        =
+      if_
+        Pickles.Impls.Step.Boolean.(
+          (not signature_sufficient) && not signature_is_constant)
+        ~then_:(constant Signature) ~else_:t
   end
 
   let typ =

src/lib/mina_base/permissions.mli

@@ -27,6 +27,8 @@ module Auth_required : sig
 
   val verification_key_perm_fallback_to_signature_with_older_version : t -> t
 
+  val access_perm_fallback_to_signature_with_older_version : t -> t
+
   module Checked : sig
     type t
 
@@ -44,6 +46,8 @@ module Auth_required : sig
       -> Boolean.var * [ `proof_must_verify of Boolean.var ]
 
     val verification_key_perm_fallback_to_signature_with_older_version : t -> t
+
+    val access_perm_fallback_to_signature_with_older_version : t -> t
   end
 
   val typ : (Checked.t, t) Typ.t

src/lib/transaction_logic/mina_transaction_logic.ml

@@ -1006,6 +1006,10 @@ module Make (L : Ledger_intf.S) :
       let verification_key_perm_fallback_to_signature_with_older_version =
         Permissions.Auth_required
         .verification_key_perm_fallback_to_signature_with_older_version
+
+      let access_perm_fallback_to_signature_with_older_version =
+        Permissions.Auth_required
+        .access_perm_fallback_to_signature_with_older_version
     end
 
     module Txn_version = struct

src/lib/transaction_logic/zkapp_command_logic.ml

@@ -549,7 +549,10 @@ module type Controller_intf = sig
 
   val check : proof_verifies:bool -> signature_verifies:bool -> t -> bool
 
+  (* This is used for fallbacking for Permissions.{set_verification_key, set_permissions}. *)
   val verification_key_perm_fallback_to_signature_with_older_version : t -> t
+
+  val access_perm_fallback_to_signature_with_older_version : t -> t
 end
 
 module type Txn_version_intf = sig
@@ -1546,11 +1549,23 @@ module Make (Inputs : Inputs_intf) = struct
        This must be done before updating zkApp fields!
     *)
     let a = Account.make_zkapp a in
+    let older_than_current_version =
+      Txn_version.older_than_current
+        (Account.Permissions.set_verification_key_txn_version a)
+    in
+    let auth_with_fallback_access original_auth =
+      Controller.if_ older_than_current_version
+        ~then_:
+          (Controller.access_perm_fallback_to_signature_with_older_version
+             original_auth )
+        ~else_:original_auth
+    in
     (* Check that the account can be accessed with the given authorization. *)
     let local_state =
       let has_permission =
-        Controller.check ~proof_verifies ~signature_verifies
-          (Account.Permissions.access a)
+        Account.Permissions.access a
+        |> auth_with_fallback_access
+        |> Controller.check ~proof_verifies ~signature_verifies
       in
       Local_state.add_check local_state Update_not_permitted_access
         has_permission
@@ -1609,26 +1624,25 @@ module Make (Inputs : Inputs_intf) = struct
       let a = Account.set_app_state app_state a in
       (a, local_state)
     in
+    (* Generic helper that deals with fallback when the permissions are set for
+       a old protocol version for setting vk/perm *)
+    let auth_with_fallback_set_vk_or_perm original_auth =
+      Controller.if_ older_than_current_version
+        ~then_:
+          (Controller
+           .verification_key_perm_fallback_to_signature_with_older_version
+             original_auth )
+        ~else_:original_auth
+    in
     (* Set verification key. *)
     let a, local_state =
       let verification_key =
         Account_update.Update.verification_key account_update
       in
-      let older_than_current_version =
-        Txn_version.older_than_current
-          (Account.Permissions.set_verification_key_txn_version a)
-      in
-      let original_auth = Account.Permissions.set_verification_key_auth a in
-      let auth =
-        Controller.if_ older_than_current_version
-          ~then_:
-            (Controller
-             .verification_key_perm_fallback_to_signature_with_older_version
-               original_auth )
-          ~else_:original_auth
-      in
       let has_permission =
-        Controller.check ~proof_verifies ~signature_verifies auth
+        Account.Permissions.set_verification_key_auth a
+        |> auth_with_fallback_set_vk_or_perm
+        |> Controller.check ~proof_verifies ~signature_verifies
       in
       let local_state =
         Local_state.add_check local_state Update_not_permitted_verification_key
@@ -1795,8 +1809,9 @@ module Make (Inputs : Inputs_intf) = struct
     let a, local_state =
       let permissions = Account_update.Update.permissions account_update in
       let has_permission =
-        Controller.check ~proof_verifies ~signature_verifies
-          (Account.Permissions.set_permissions a)
+        Account.Permissions.set_permissions a
+        |> auth_with_fallback_set_vk_or_perm
+        |> Controller.check ~proof_verifies ~signature_verifies
       in
       let local_state =
         Local_state.add_check local_state Update_not_permitted_permissions

src/lib/transaction_snark/transaction_snark.ml

@@ -1473,6 +1473,10 @@ module Make_str (A : Wire_types.Concrete) = struct
             let verification_key_perm_fallback_to_signature_with_older_version =
               Permissions.Auth_required.Checked
               .verification_key_perm_fallback_to_signature_with_older_version
+
+            let access_perm_fallback_to_signature_with_older_version =
+              Permissions.Auth_required.Checked
+              .access_perm_fallback_to_signature_with_older_version
           end
 
           module Txn_version = struct