eyblockchain / timber Goto Github PK

I think, hash chain could do the same with cheaper gas cost.

I've a new proposal https://github.com/chiro-hiro/chainlink, please have look

🚨 The automated release from the master branch failed. 🚨

I recommend you give this issue a high priority, so other packages depending on you could benefit from your bug fixes and new features.

You can find below the list of errors reported by semantic-release. Each one of them has to be resolved in order to automatically publish your package. I’m sure you can resolve this 💪.

Errors are usually caused by a misconfiguration or an authentication problem. With each error reported below you will find explanation and guidance to help you to resolve it.

Once all the errors are resolved, semantic-release will release your package the next time you push a commit to the master branch. You can also manually restart the failed CI job that runs semantic-release.

If you are not sure how to resolve this, here is some links that can help you:

• Usage documentation
• Frequently Asked Questions
• Support channels

If those don’t help, or if this issue is reporting something you think isn’t right, you can always ask the humans behind semantic-release.

No npm token specified.

An npm token must be created and set in the NPM_TOKEN environment variable on your CI environment.

Please make sure to create an npm token and to set it in the NPM_TOKEN environment variable on your CI environment. The token must allow to publish to the registry https://registry.npmjs.org/.

Good luck with your project ✨

Your semantic-release bot 📦🚀

  if (contractName === 'MerkleTreeControllerMiMC') {
    contractName =
      process.env.CURVE === 'BLS12_377'
        ? 'MerkleTreeControllerMiMC_BLS12'
        : 'MerkleTreeControllerMiMC_BN254';
  }

in src/routes/merkle-tree.routes.js.

This code is too specific to be in the src code, as it appears to only exist to allow tests to work.

Workflows appear to be failing, and packages are still getting pushed to dockerhub instead of being published as GitHub packages. @LijuJoseJJ please could you take a look? :)

When commitment hash is greater than the prime of the field, the root calculated is different from the one provided by the sibling path. At application level, this can be handled by ensuring the commitment hash is never greater than prime of the field, by picking a salt that will ensure this. This should not be considered as a permanent solution. This should be rectified in timber which is the source.

At the moment, all routes are open.

Some open routes pose could result in a user's DB being corrupted. No private info would be leaked (because Timber doesn't hold any private info). But apps which make use of Timber's DB might fail to be able to 'spend' commitments if a DB is corrupted. They'd then need to re-download the entire merkle tree again (by having Timber filter the blockchain again).

How could the DB be corrupted? E.g. a user could accidentally push leaves directly to the DB by calling the PUSH /leaves route.

New 'configuration' options (which allow users to close certain endpoints) should be added.

If you leave it too long before updating, (e.g. 500,000 leaves), and then call update, JS returns a stack too deep error.

We can break the updating into small 'chunks' of leaves, so as to avoid this error.

There is a basic Winston logger file in src/middleware/logger.js, but console.log is being used throughout, causing overly verbose logging.

Use logger throughout (carefully choosing the logging type: info, error, warn, debug, verbose, http, silly, etc.

Log level should be set through a process.env variable.

Note: there's a Mongoose logging setting in logger.js. Keep it, but have it reflect the log level env variable setting.

Add environment variable UNIQUE_LEAVES. If this is true, we know the leaf values will be unique, and so we can add indexing to these values (in Mongoose)

zkp-utils are being standardised into an npm library.
Use these once it's ready.