DAO Contract Source Code

Fd8kfCuqU8BoFFp6GcXv5pC8XXRkBK7gUPQX5XDz7iXj
proof/exec.zk
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
k = 11;
field = "pallas";

constant "Exec" {
    EcFixedPointShort VALUE_COMMIT_VALUE,
    EcFixedPoint VALUE_COMMIT_RANDOM,
    EcFixedPointBase NULLIFIER_K,
}

witness "Exec" {
    # Proposal parameters
    Base proposal_auth_calls_commit,
    Base proposal_creation_blockwindow,
    Base proposal_duration_blockwindows,
    Base proposal_user_data,
    Base proposal_blind,

    # DAO parameters
    Base dao_proposer_limit,
    Base dao_quorum,
    Base dao_early_exec_quorum,
    Base dao_approval_ratio_quot,
    Base dao_approval_ratio_base,
    Base dao_gov_token_id,
    Base dao_notes_public_x,
    Base dao_notes_public_y,
    Base dao_proposer_public_x,
    Base dao_proposer_public_y,
    Base dao_proposals_public_x,
    Base dao_proposals_public_y,
    Base dao_votes_public_x,
    Base dao_votes_public_y,
    Base dao_exec_secret,
    Base dao_early_exec_public_x,
    Base dao_early_exec_public_y,
    Base dao_bulla_blind,

    # Votes
    Base yes_vote_value,
    Base all_vote_value,
    Scalar yes_vote_blind,
    Scalar all_vote_blind,

    # Check whether the proposal has expired or not
    Base current_blockwindow,

    # Signature secret
    Base signature_secret,
}

circuit "Exec" {
    # Derive DAO executor public key
    dao_exec_public = ec_mul_base(dao_exec_secret, NULLIFIER_K);
    dao_exec_public_x = ec_get_x(dao_exec_public);
    dao_exec_public_y = ec_get_y(dao_exec_public);

    dao_bulla = poseidon_hash(
        dao_proposer_limit,
        dao_quorum,
        dao_early_exec_quorum,
        dao_approval_ratio_quot,
        dao_approval_ratio_base,
        dao_gov_token_id,
        dao_notes_public_x,
        dao_notes_public_y,
        dao_proposer_public_x,
        dao_proposer_public_y,
        dao_proposals_public_x,
        dao_proposals_public_y,
        dao_votes_public_x,
        dao_votes_public_y,
        dao_exec_public_x,
        dao_exec_public_y,
        dao_early_exec_public_x,
        dao_early_exec_public_y,
        dao_bulla_blind,
    );

    # Proposal bulla being valid means DAO bulla is also valid because
    # dao-propose-main.zk already checks that when we first create the
    # proposal - so it is redundant to check DAO bulla exists here.
    proposal_bulla = poseidon_hash(
        proposal_auth_calls_commit,
        proposal_creation_blockwindow,
        proposal_duration_blockwindows,
        proposal_user_data,
        dao_bulla,
        proposal_blind,
    );
    constrain_instance(proposal_bulla);
    constrain_instance(proposal_auth_calls_commit);

    # Enforce that the proposal has expired
    one = witness_base(1);
    end_time = base_add(proposal_creation_blockwindow, proposal_duration_blockwindows);
    current_blockwindow_1 = base_add(current_blockwindow, one);
    less_than_strict(end_time, current_blockwindow_1);
    constrain_instance(current_blockwindow);

    # Create Pedersen commitments for win_votes and total_votes, and
    # constrain the commitments' coordinates.
    yes_vote_value_c = ec_mul_short(yes_vote_value, VALUE_COMMIT_VALUE);
    yes_vote_blind_c = ec_mul(yes_vote_blind, VALUE_COMMIT_RANDOM);
    yes_vote_commit = ec_add(yes_vote_value_c, yes_vote_blind_c);
    constrain_instance(ec_get_x(yes_vote_commit));
    constrain_instance(ec_get_y(yes_vote_commit));

    all_vote_value_c = ec_mul_short(all_vote_value, VALUE_COMMIT_VALUE);
    all_vote_blind_c = ec_mul(all_vote_blind, VALUE_COMMIT_RANDOM);
    all_vote_commit = ec_add(all_vote_value_c, all_vote_blind_c);
    constrain_instance(ec_get_x(all_vote_commit));
    constrain_instance(ec_get_y(all_vote_commit));

    # Check that dao_quorum is less than or equal to all_vote_value
    all_vote_value_1 = base_add(all_vote_value, one);
    less_than_strict(dao_quorum, all_vote_value_1);

    # approval_ratio_quot / approval_ratio_base <= yes_vote / all_vote
    #
    # The above is also equivalent to this:
    #
    # all_vote * approval_ratio_quot <= yes_vote * approval_ratio_base
    lhs = base_mul(all_vote_value, dao_approval_ratio_quot);
    rhs = base_mul(yes_vote_value, dao_approval_ratio_base);
    rhs_1 = base_add(rhs, one);
    less_than_strict(lhs, rhs_1);

    # Derive a public key for the signature and constrain its coordinates
    signature_public = ec_mul_base(signature_secret, NULLIFIER_K);
    constrain_instance(ec_get_x(signature_public));
    constrain_instance(ec_get_y(signature_public));
}