Make it possible to not have an init method, so the zkApp private key holder can't reset the state

[es92]

At the moment, all zkApps are given an init method, which the holder of the private key can call to reset state.

It should be possible to create a zkApp where the private key holder can't reset the state.

Would advocate for removing the init method, instead performing initialization inside deploy, to have fewer special functions for developers to learn how to use

[mitschabaude]

This is a misunderstanding - the init method doesn't change anything about the permissions, which solely determine whether the private key owner can reset the state. By default, the permissions for setting state are proof, which means that the zkApp owner can't call init. However, also by default, the zkApp owner has the option to change back permissions, and reset the state.

If there were no init method, then a transaction similar to the following would be sufficient to reset the state:

Mina.transaction(() => {
  // reset permissions
  let update = AccountUpdate.create(zkappAddress);
  update.account.permissions.set({ editState: Permissions.signature() });
  update.requireSignature();

  // reset state and change permission back
  let update2 = AccountUpdate.create(zkappAddress);
  update2.account.appState.map(state => state.set(Field(0)));
  update2.account.permissions.set({ editState: Permissions.proof() });
  update2.requireSignature();
})

The init method is nothing more than the line which wipes out the state. So, with an init method, the owner could do the same transaction with init() by slightly changing the code above (but they don't have to):

  // reset state and change permission back
- let update2 = AccountUpdate.create(zkappAddress);
- update2.account.appState.map(state => state.set(Field(0)));
+ let zkapp = new MyContract(zkappAddress);
+ zkapp.init();
+ update2 = zkapp.self;
  update2.account.permissions.set({ editState: Permissions.proof() });
  update2.requireSignature();

[bkase]

Closing since this is a misunderstanding -- feel free to open more issues if you find other issues

[es92]

I guess I was seeing the init method as a way that a zkApp creator could reset state, but it sounds like maybe not? (was reading original RFC; no because its not an @method right?)

Want to confirm, if one wanted to make a zkApp where the creator couldn't reset the state, sounds like that is separate in that case? @mitschabaude

[mitschabaude]

Want to confirm, if one wanted to make a zkApp where the creator couldn't reset the state, sounds like that is separate in that case? @mitschabaude

To make the creator unable to reset state for good, he needs to remove his ability to change the permissions -- there's a permission for that: setPermissions: Permissions.impossible()

That, plus editState: Permissions.proof(), and only the smart contract code can ever determine how state is set.

[es92]

Thanks, super helpful. Could one then have setPermissions: Permissions.proof()? (and have a smart contract method that changes permissions?)

[mitschabaude]

Thanks, super helpful. Could one then have setPermissions: Permissions.proof()? (and have a smart contract method that changes permissions?)

Yes, you can have that!