o1-labs · mitschabaude · Jan 18, 2023 · May 4, 2022 · Oct 20, 2022 · Oct 20, 2022
diff --git a/src/examples/zkapps/dex/arbitrary_token_interaction.ts b/src/examples/zkapps/dex/arbitrary_token_interaction.ts
diff --git a/src/examples/zkapps/dex/dex.ts b/src/examples/zkapps/dex/dex.ts
@@ -269,6 +269,7 @@ class TokenContract extends SmartContract {
       ...Permissions.default(),
       send: Permissions.proof(),
       receive: Permissions.proof(),
+      access: Permissions.proofOrSignature(),
     });
   }
   @method init() {

diff --git a/src/examples/zkapps/dex/erc20.ts b/src/examples/zkapps/dex/erc20.ts
@@ -109,6 +109,7 @@ class TrivialCoin extends SmartContract implements Erc20 {
       ...Permissions.default(),
       setVerificationKey: Permissions.impossible(),
       setPermissions: Permissions.impossible(),
+      access: Permissions.proofOrSignature(),
     });
   }
 

diff --git a/src/examples/zkapps/token_with_proofs.ts b/src/examples/zkapps/token_with_proofs.ts
@@ -24,6 +24,7 @@ class TokenContract extends SmartContract {
     this.setPermissions({
       ...Permissions.default(),
       send: Permissions.proof(),
+      access: Permissions.proofOrSignature(),
     });
     this.balance.addInPlace(UInt64.fromNumber(initialBalance));
   }
@@ -180,7 +181,6 @@ tx = await Local.transaction(feePayer, () => {
 });
 console.log('authorize send (proof)');
 await tx.prove();
-console.log('send (proof)');
 await tx.send();
 
 console.log(
@@ -202,7 +202,6 @@ tx = await Local.transaction(feePayer, () => {
 });
 console.log('authorize send (proof)');
 await tx.prove();
-console.log('send (proof)');
 await tx.send();
 
 console.log(

diff --git a/src/lib/account_update.ts b/src/lib/account_update.ts
@@ -222,6 +222,13 @@ interface Permissions extends Permissions_ {
   // TODO: doccomments
   incrementNonce: Permission;
   setVotingFor: Permission;
+
+  /**
+   * Permission to control the ability to include _any_ account update for this account in a transaction. Note that this is more restrictive than
+   * all other permissions combined. For normal accounts it can safely be set to `none`, but for token contracts this has to be more restrictive, to
+   * prevent unauthorized token interactions -- for example, it could be `proofOrSignature`.
+   */
+  access: Permission;
 }
 let Permissions = {
   ...Permission,
@@ -249,6 +256,7 @@ let Permissions = {
     setTokenSymbol: Permission.signature(),
     incrementNonce: Permissions.signature(),
     setVotingFor: Permission.signature(),
+    access: Permission.none(),
   }),
 
   initial: (): Permissions => ({
@@ -263,6 +271,7 @@ let Permissions = {
     setTokenSymbol: Permission.signature(),
     incrementNonce: Permissions.signature(),
     setVotingFor: Permission.signature(),
+    access: Permission.none(),
   }),
 
   fromString: (permission: AuthRequired): Permission => {
@@ -284,19 +293,11 @@ let Permissions = {
     }
   },
 
-  fromJSON: (permissions: {
-    editState: AuthRequired;
-    send: AuthRequired;
-    receive: AuthRequired;
-    setDelegate: AuthRequired;
-    setPermissions: AuthRequired;
-    setVerificationKey: AuthRequired;
-    setZkappUri: AuthRequired;
-    editSequenceState: AuthRequired;
-    setTokenSymbol: AuthRequired;
-    incrementNonce: AuthRequired;
-    setVotingFor: AuthRequired;
-  }): Permissions => {
+  fromJSON: (
+    permissions: NonNullable<
+      Types.Json.AccountUpdate['body']['update']['permissions']
+    >
+  ): Permissions => {
     return Object.fromEntries(
       Object.entries(permissions).map(([k, v]) => [
         k,

diff --git a/src/lib/fetch.ts b/src/lib/fetch.ts
@@ -1,12 +1,7 @@
 import 'isomorphic-fetch';
 import { Bool, Field, Ledger } from '../snarky.js';
 import { UInt32, UInt64 } from './int.js';
-import {
-  TokenId,
-  Permission,
-  Permissions,
-  ZkappStateLength,
-} from './account_update.js';
+import { TokenId, Permissions, ZkappStateLength } from './account_update.js';
 import { PublicKey } from './signature.js';
 import { NetworkValue } from './precondition.js';
 import { Types } from '../snarky/types.js';
@@ -127,19 +122,9 @@ type FetchedAccount = {
   zkappState: string[] | null;
   receiptChainHash?: string;
   balance: { total: string };
-  permissions?: {
-    editState: AuthRequired;
-    send: AuthRequired;
-    receive: AuthRequired;
-    setDelegate: AuthRequired;
-    setPermissions: AuthRequired;
-    setVerificationKey: AuthRequired;
-    setZkappUri: AuthRequired;
-    editSequenceState: AuthRequired;
-    setTokenSymbol: AuthRequired;
-    incrementNonce: AuthRequired;
-    setVotingFor: AuthRequired;
-  };
+  permissions?: NonNullable<
+    Types.Json.AccountUpdate['body']['update']['permissions']
+  >;
   delegateAccount?: { publicKey: string };
   sequenceEvents?: string[] | null;
   verificationKey?: { verificationKey: string };

diff --git a/src/lib/token.test.ts b/src/lib/token.test.ts
@@ -27,6 +27,7 @@ class TokenContract extends SmartContract {
     this.setPermissions({
       ...Permissions.default(),
       editState: Permissions.proofOrSignature(),
+      access: Permissions.proofOrSignature(),
     });
   }
 
@@ -192,6 +193,20 @@ describe('Token', () => {
         expect(e).toBeDefined();
       });
     });
+
+    it('should reject tx if user bypasses the token contract by using an empty account update', async () => {
+      let tx = await Mina.transaction(feePayer, () => {
+        // pay fees for creating user's token X account
+        AccountUpdate.fundNewAccount(feePayer);
+        // 😈😈😈 mint tokens without authorization 😈😈😈
+        zkapp.experimental.token.mint({
+          address: tokenAccount1,
+          amount: UInt64.from(100_000),
+        });
+        AccountUpdate.attachToTransaction(zkapp.self);
+      });
+      await expect(tx.send()).rejects.toThrow(/Update_not_permitted_access/);
+    });
   });
 
   describe('Burn token', () => {

diff --git a/src/snarky.d.ts b/src/snarky.d.ts
@@ -1,3 +1,5 @@
+import type { Types } from './index.js';
+
 export {
   Field,
   Bool,
@@ -743,6 +745,7 @@ type UInt64_ = { value: Field };
 type PublicKey_ = { x: Field; isOdd: Bool };
 
 // this closely corresponds to Mina_base.Account.t
+// TODO: auto-generate from the OCaml type
 interface Account {
   publicKey: PublicKey_;
   balance: UInt64_;
@@ -760,19 +763,9 @@ interface Account {
     lastSequenceSlot: number;
     provedState: boolean;
   };
-  permissions: {
-    editState: AuthRequired;
-    send: AuthRequired;
-    receive: AuthRequired;
-    setDelegate: AuthRequired;
-    setPermissions: AuthRequired;
-    setVerificationKey: AuthRequired;
-    setZkappUri: AuthRequired;
-    editSequenceState: AuthRequired;
-    setTokenSymbol: AuthRequired;
-    incrementNonce: AuthRequired;
-    setVotingFor: AuthRequired;
-  };
+  permissions: NonNullable<
+    Types.Json.AccountUpdate['body']['update']['permissions']
+  >;
 }
 
 // TODO would be nice to document these, at least the parts that end up being used in the public API

diff --git a/src/snarky/gen/js-layout.ts b/src/snarky/gen/js-layout.ts
@@ -123,6 +123,7 @@ let jsLayout = {
                         docs: null,
                         keys: [
                           'editState',
+                          'access',
                           'send',
                           'receive',
                           'setDelegate',
@@ -136,6 +137,7 @@ let jsLayout = {
                         ],
                         entries: {
                           editState: { type: 'AuthRequired' },
+                          access: { type: 'AuthRequired' },
                           send: { type: 'AuthRequired' },
                           receive: { type: 'AuthRequired' },
                           setDelegate: { type: 'AuthRequired' },
@@ -149,6 +151,7 @@ let jsLayout = {
                         },
                         docEntries: {
                           editState: null,
+                          access: null,
                           send: null,
                           receive: null,
                           setDelegate: null,
@@ -822,6 +825,7 @@ let jsLayout = {
                   docs: null,
                   keys: [
                     'editState',
+                    'access',
                     'send',
                     'receive',
                     'setDelegate',
@@ -835,6 +839,7 @@ let jsLayout = {
                   ],
                   entries: {
                     editState: { type: 'AuthRequired' },
+                    access: { type: 'AuthRequired' },
                     send: { type: 'AuthRequired' },
                     receive: { type: 'AuthRequired' },
                     setDelegate: { type: 'AuthRequired' },
@@ -848,6 +853,7 @@ let jsLayout = {
                   },
                   docEntries: {
                     editState: null,
+                    access: null,
                     send: null,
                     receive: null,
                     setDelegate: null,

diff --git a/src/snarky/gen/transaction-json.ts b/src/snarky/gen/transaction-json.ts
@@ -38,6 +38,7 @@ type ZkappCommand = {
         } | null;
         permissions: {
           editState: AuthRequired;
+          access: AuthRequired;
           send: AuthRequired;
           receive: AuthRequired;
           setDelegate: AuthRequired;
@@ -171,6 +172,7 @@ type AccountUpdate = {
       } | null;
       permissions: {
         editState: AuthRequired;
+        access: AuthRequired;
         send: AuthRequired;
         receive: AuthRequired;
         setDelegate: AuthRequired;

diff --git a/src/snarky/gen/transaction.ts b/src/snarky/gen/transaction.ts
@@ -85,6 +85,7 @@ type ZkappCommand = {
           isSome: Bool;
           value: {
             editState: AuthRequired;
+            access: AuthRequired;
             send: AuthRequired;
             receive: AuthRequired;
             setDelegate: AuthRequired;
@@ -280,6 +281,7 @@ type AccountUpdate = {
         isSome: Bool;
         value: {
           editState: AuthRequired;
+          access: AuthRequired;
           send: AuthRequired;
           receive: AuthRequired;
           setDelegate: AuthRequired;