fix: prevent ZK proof replay in ZkAuditVerifier#8
Closed
murd3r17 wants to merge 109 commits into
Closed
Conversation
…oofs and marketplace UI enhancements
- Replace 'Discover Verified AI Agents' with 'Before You Hire an AI Agent, Know Exactly What You're Getting' - Update badge from 'Trusted Agent Infrastructure' to 'Trusted Agent Marketplace' - Rewrite subtitle from feature list to value proposition - Replace empty-state registry message with market-first narrative - Add Buyers / Developers / Auditors role guidance cards - Update nav tagline to 'Verify Before You Buy' - Add meta description to index.html - Add CSS for marketplace-hero__roles and marketplace-hero__role
- Replace MPL-2.0 with GNU Affero General Public License v3.0 (AGPL-3.0) - Update README.md: AGPL badge, commercial license notice, official platform teaser - Update README_CN.md: same changes in Simplified Chinese - Add CLA.md: Contributor License Agreement enabling dual-license commercialization
- Remove redundant _CN variant files (CONTRIBUTING_CN, SECURITY_CN, CODE_OF_CONDUCT_CN) - Add 'About the Author & Collaboration' section to README.md and README_CN.md - Highlight student background and open call for collaborators in Web3/AI Agent/ZK/TEE/Audit
…, and access history - SearchFilterBar: add Task Type (DeFi/Chatbot/DevOps/Data/Automation) and Price Range filters - SearchFilterBar: add Sort Order dropdown (score, reputation, popular, price, freshness) - LeaderboardSection: new component with 4 tabs (Top Scored / Best Reputation / Most Popular / Recently Audited) - AccessHistoryCard: new component showing on-chain rental/purchase transaction history - useAccessHistory: new hook to fetch access records from MarketplaceClient - marketplaceClient: add getAccessRecords() method - HomePage: wire up all new filters, sort, and leaderboard - AgentDetailPage: integrate AccessHistoryCard below audit history - styles.css: add CSS for sort-select, leaderboard, and access-history components - All changes verified: tsc zero errors, vite build successful
- Rewrite README.md with badge strip, Mermaid architecture diagram and value-first narrative - Add README_CN.md (Simplified Chinese version) - Add LICENSE (Mozilla Public License 2.0) - Add CONTRIBUTING.md / CONTRIBUTING_CN.md - Add SECURITY.md / SECURITY_CN.md - Add CODE_OF_CONDUCT.md / CODE_OF_CONDUCT_CN.md (Contributor Covenant 2.1)
…date mascot image (remove blue bg, beige inner)
…opo story, fix Mermaid syntax
…two-sided platform
… of the two-sided platform" This reverts commit c1a3131.
…eport - Add 'Platform Walkthrough & Live Demo' section walking buyers through the marketplace homepage, agent profile, 6-dimensional radar chart, scene suitability, trust guarantee flow, TEE attestation, audit history and on-chain gated reviews, with 8 live screenshots. - Add 'Benchmark Audit Report — Mainstream LLM Agents' section grouping the live agents into three categories (Tier-1 general-purpose models, Agent-native & vertical models, failure cases) and reporting their audit verdicts under the same pipeline. - Synchronize the same content into README_CN.md. - Add docs/screenshots/ assets (8 PNGs).
- Update popo-mascot.png: remove the ping-pong table/net/legs from the mascot illustration; keep only Popo (the ping-pong ball with the verification shield) on a soft halo background. Also sync the same asset to frontend/public/popo-mascot.png so the marketplace uses the new artwork everywhere. - README.md / README_CN.md: replace 'sits atop a table tennis table' wording, and add a 'Where you'll meet Popo on the platform' table documenting Popo's three real touchpoints in the marketplace (NavHeader brand mark, first-visit welcome toast, EmptyState illustration with popo-float animation), so the mascot section reflects the actual product.
…e racket emoji in author section - Revert popo-mascot.png (top of README) and frontend/public/popo-mascot.png back to the original artwork (Popo on a ping-pong table). The previous table-removal change was made by mistake. - Add docs/popo-icon.png — the cleaned ball-only Popo — as a small inline asset. - Replace the trailing ping-pong-racket emoji (🏓) in the 'About the Author & Meet Popo' section heading of README.md and README_CN.md with this small Popo icon, so the section now ends with the actual mascot rather than an unrelated emoji.
…reference Removes the three-row touchpoint table (NavHeader / first-visit toast / EmptyState) and the trailing 'trust signal' line from the 'About the Author & Meet Popo' section in both README.md and README_CN.md. The section is now back to its original single-paragraph mascot story.
…sion logs - sandbox: add LLM-backed test agent (llmAgent.ts, Dockerfile.llm), update cdkConfig and testAgent server - contracts: update env examples for edge deployments - infra: add run-llm-ab-test.sh script, update Dockerfile and e2e scripts - docs: update agent-integration-guide, verification-methods, and status docs - security: remove regression-20260416-175024 directory (contained sensitive env/key data) - frontend: no changes (preserved as-is)
Add global _usedProofHashes dedup to block re-submission of the same Groth16 proof across verifyAuditScore and verifyFingerprint. Split the Groth16 internal call helpers for 8- and 3-input verifiers, fix NatSpec, and add MockGroth16Verifier plus regression tests (Fixes ZhangJinHaHaHa#4). Co-authored-by: Cursor <cursoragent@cursor.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
_usedProofHashesmapping to prevent Groth16 proof replay inverifyAuditScoreandverifyFingerprintFixes #4
Test plan
npm run test:zk(4 tests passing)AI assistance
Used Cursor AI to analyze issue #4, implement the fix, and write regression tests.