Fix smart contracts not verifying proofs

run-ci-tests.sh

@@ -8,6 +8,7 @@ case $TEST_TYPE in
   ./run src/examples/simple_zkapp.ts --bundle
   ./run src/examples/zkapps/reducer/reducer_composite.ts --bundle
   ./run src/examples/zkapps/composability.ts --bundle
+  ./run src/tests/fake-proof.ts
   ;;
 
 "Voting integration tests")

src/lib/circuit_value.ts

@@ -17,6 +17,7 @@ import type {
 import { Provable } from './provable.js';
 import { assert } from './errors.js';
 import { inCheckedComputation } from './provable-context.js';
+import { Proof } from './proof_system.js';
 
 // external API
 export {
@@ -597,10 +598,13 @@ function cloneCircuitValue<T>(obj: T): T {
     ) as any as T;
   if (ArrayBuffer.isView(obj)) return new (obj.constructor as any)(obj);
 
-  // o1js primitives aren't cloned
+  // o1js primitives and proofs aren't cloned
   if (isPrimitive(obj)) {
     return obj;
   }
+  if (obj instanceof Proof) {
+    return obj;
+  }
 
   // cloning strategy that works for plain objects AND classes whose constructor only assigns properties
   let propertyDescriptors: Record<string, PropertyDescriptor> = {};

src/lib/zkapp.ts

@@ -22,7 +22,6 @@ import {
   FlexibleProvablePure,
   InferProvable,
   provable,
-  Struct,
   toConstant,
 } from './circuit_value.js';
 import { Provable, getBlindingValue, memoizationContext } from './provable.js';
@@ -196,7 +195,8 @@ function wrapMethod(
             let id = memoizationContext.enter({ ...context, blindingValue });
             let result: unknown;
             try {
-              result = method.apply(this, actualArgs.map(cloneCircuitValue));
+              let clonedArgs = actualArgs.map(cloneCircuitValue);
+              result = method.apply(this, clonedArgs);
             } finally {
               memoizationContext.leave(id);
             }

src/tests/fake-proof.ts

@@ -0,0 +1,97 @@
+import {
+  Mina,
+  PrivateKey,
+  SmartContract,
+  UInt64,
+  method,
+  ZkProgram,
+  verify,
+} from 'o1js';
+import assert from 'assert';
+
+const RealProgram = ZkProgram({
+  name: 'real',
+  methods: {
+    make: {
+      privateInputs: [UInt64],
+      method(value: UInt64) {
+        let expected = UInt64.from(34);
+        value.assertEquals(expected);
+      },
+    },
+  },
+});
+
+const FakeProgram = ZkProgram({
+  name: 'fake',
+  methods: {
+    make: { privateInputs: [UInt64], method(_: UInt64) {} },
+  },
+});
+
+class RealProof extends ZkProgram.Proof(RealProgram) {}
+
+const RecursiveProgram = ZkProgram({
+  name: 'broken',
+  methods: {
+    verifyReal: {
+      privateInputs: [RealProof],
+      method(proof: RealProof) {
+        proof.verify();
+      },
+    },
+  },
+});
+
+class RecursiveContract extends SmartContract {
+  @method verifyReal(proof: RealProof) {
+    proof.verify();
+  }
+}
+
+Mina.setActiveInstance(Mina.LocalBlockchain());
+let publicKey = PrivateKey.random().toPublicKey();
+let zkApp = new RecursiveContract(publicKey);
+
+await RealProgram.compile();
+await FakeProgram.compile();
+let { verificationKey: contractVk } = await RecursiveContract.compile();
+let { verificationKey: programVk } = await RecursiveProgram.compile();
+
+// proof that should be rejected
+const fakeProof = await FakeProgram.make(UInt64.from(99999));
+const dummyProof = await RealProof.dummy(undefined, undefined, 0);
+
+for (let proof of [fakeProof, dummyProof]) {
+  // zkprogram rejects proof
+  await assert.rejects(async () => {
+    const brokenProof = await RecursiveProgram.verifyReal(proof);
+    assert(await verify(brokenProof, programVk.data));
+  }, 'recursive program rejects fake proof');
+
+  // contract rejects proof
+  await assert.rejects(async () => {
+    let tx = await Mina.transaction(() => zkApp.verifyReal(proof));
+    await tx.prove();
+  }, 'recursive contract rejects fake proof');
+}
+
+// proof that should be accepted
+const realProof = await RealProgram.make(UInt64.from(34));
+
+// zkprogram accepts proof
+const brokenProof = await RecursiveProgram.verifyReal(realProof);
+assert(
+  await verify(brokenProof, programVk.data),
+  'recursive program accepts real proof'
+);
+
+// contract rejects proof
+let tx = await Mina.transaction(() => zkApp.verifyReal(realProof));
+let [contractProof] = await tx.prove();
+assert(
+  await verify(contractProof!, contractVk.data),
+  'recursive contract accepts real proof'
+);
+
+console.log('fake proof test passed 🎉');