NM Audit Fixes (#118)

* fix: removed unused constant EMPTY_LEAF * fix: add natspec for validateArrayIsInReducedForm * fix: updated natspec to reflect functions that can only be called by the identity operator * fix: added check to ensure that oldIdentities and newIdenties are the same length * fix: removed redundant identity length check
worldcoin · Sep 7, 2023 · 2f409a5 · 2f409a5
1 parent 7e8101d
commit 2f409a5
Showing 1 changed file with 4 additions and 6 deletions.
diff --git a/src/WorldIDIdentityManagerImplV1.sol b/src/WorldIDIdentityManagerImplV1.sol
@@ -71,10 +71,6 @@ contract WorldIDIdentityManagerImplV1 is WorldIDImpl, IWorldID {
     ///      group.
     uint256 internal rootHistoryExpiry;
 
-    /// @notice Represents the initial leaf in an empty merkle tree.
-    /// @dev Prevents the empty leaf from being inserted into the root history.
-    uint256 internal constant EMPTY_LEAF = uint256(0);
-
     /// @notice The `r` for the finite field `Fr` under which arithmetic is done on the proof input.
     /// @dev Used internally to ensure that the proof input is scaled to within the field `Fr`.
     uint256 internal constant SNARK_SCALAR_FIELD =
@@ -333,7 +329,7 @@ contract WorldIDIdentityManagerImplV1 is WorldIDImpl, IWorldID {
     ///////////////////////////////////////////////////////////////////////////////
 
     /// @notice Registers identities into the WorldID system.
-    /// @dev Can only be called by the owner.
+    /// @dev Can only be called by the identity operator.
     /// @dev Registration is performed off-chain and verified on-chain via the `insertionProof`.
     ///      This saves gas and time over inserting identities one at a time.
     ///
@@ -440,7 +436,7 @@ contract WorldIDIdentityManagerImplV1 is WorldIDImpl, IWorldID {
     }
 
     /// @notice Updates identities in the WorldID system.
-    /// @dev Can only be called by the owner.
+    /// @dev Can only be called by the identity operator.
     /// @dev The update is performed off-chain and verified on-chain via the `updateProof`. This
     ///      saves gas and time over removing identities one at a time.
     /// @dev This function can perform arbitrary identity alterations and does not require any
@@ -845,6 +841,8 @@ contract WorldIDIdentityManagerImplV1 is WorldIDImpl, IWorldID {
         }
     }
 
+    /// @notice Validates that an array of identity commitments is within bounds of the SNARK_SCALAR_FIELD
+    /// @param identityCommitments The array of identity commitments to be validated.
     function validateArrayIsInReducedForm(uint256[] calldata identityCommitments)
         internal
         view