diff --git a/token/program-2022/src/extension/confidential_transfer/ciphertext_extraction.rs b/token/program-2022/src/extension/confidential_transfer/ciphertext_extraction.rs index 33574d0ab21..f7d6cdac354 100644 --- a/token/program-2022/src/extension/confidential_transfer/ciphertext_extraction.rs +++ b/token/program-2022/src/extension/confidential_transfer/ciphertext_extraction.rs @@ -209,7 +209,7 @@ impl From for TransferProofContextInfo { impl TransferProofContextInfo { /// Create a transfer proof context information needed to process a [Transfer] instruction from /// split proof contexts after verifying their consistency. - pub fn new( + pub fn verify_and_generate( equality_proof_context: &CiphertextCommitmentEqualityProofContext, ciphertext_validity_proof_context: &BatchedGroupedCiphertext2HandlesValidityProofContext, range_proof_context: &BatchedRangeProofContext, @@ -371,7 +371,7 @@ impl From for TransferWithFeeProofContextInfo { impl TransferWithFeeProofContextInfo { /// Create a transfer proof context information needed to process a [Transfer] instruction from /// split proof contexts after verifying their consistency. - pub fn new( + pub fn verify_and_generate( equality_proof_context: &CiphertextCommitmentEqualityProofContext, transfer_amount_ciphertext_validity_proof_context: &BatchedGroupedCiphertext2HandlesValidityProofContext, fee_sigma_proof_context: &FeeSigmaProofContext, diff --git a/token/program-2022/src/extension/confidential_transfer/verify_proof.rs b/token/program-2022/src/extension/confidential_transfer/verify_proof.rs index e4109baa7ca..782fe7d17f1 100644 --- a/token/program-2022/src/extension/confidential_transfer/verify_proof.rs +++ b/token/program-2022/src/extension/confidential_transfer/verify_proof.rs @@ -173,7 +173,10 @@ pub fn verify_transfer_proof( let range_proof_context = verify_transfer_range_proof(range_proof_context_state_account_info)?; - let transfer_proof_context = TransferProofContextInfo::new( + // The `TransferProofContextInfo` constructor verifies the consistency of the + // individual proof context and generates a `TransferWithFeeProofInfo` struct that is used + // to process the rest of the token-2022 logic. + let transfer_proof_context = TransferProofContextInfo::verify_and_generate( &equality_proof_context, &ciphertext_validity_proof_context, &range_proof_context, @@ -338,7 +341,12 @@ pub fn verify_transfer_with_fee_proof( let range_proof_context = verify_transfer_with_fee_range_proof(range_proof_context_state_account_info)?; - let transfer_with_fee_proof_context = TransferWithFeeProofContextInfo::new( + // The `TransferWithFeeProofContextInfo` constructor verifies the consistency of the + // individual proof context and generates a `TransferWithFeeProofInfo` struct that is used + // to process the rest of the token-2022 logic. The consistency check includes verifying + // whether the fee-related zkps were generated with respect to the correct fee parameter + // that is stored in the mint extension. + let transfer_with_fee_proof_context = TransferWithFeeProofContextInfo::verify_and_generate( &equality_proof_context, &transfer_amount_ciphertext_validity_proof_context, &fee_sigma_proof_context, @@ -460,6 +468,8 @@ pub fn verify_transfer_with_fee_proof( .maximum_fee .into(); + // check consistency of the transfer fee parameters in the mint extension with what were + // used to generate the zkp if u16::from(fee_parameters.transfer_fee_basis_points) != proof_tranfer_fee_basis_points || u64::from(fee_parameters.maximum_fee) != proof_maximum_fee { @@ -481,6 +491,8 @@ pub fn verify_transfer_with_fee_proof( proof_context.fee_parameters.fee_rate_basis_points.into(); let proof_maximum_fee: u64 = proof_context.fee_parameters.maximum_fee.into(); + // check consistency of the transfer fee parameters in the mint extension with what were + // used to generate the zkp if u16::from(fee_parameters.transfer_fee_basis_points) != proof_tranfer_fee_basis_points || u64::from(fee_parameters.maximum_fee) != proof_maximum_fee {