fix(circuits): enforce use of stateIndex from message

[ctrlc03]

Description

Prevent passing unmatched state leaves to censor votes by the coordinator. Instead, ensure that the state leaf sent for each message, is the state leaf at position message.stateIndex within the stateTree. Also, force decryption on the TS message processing, to ensure that a malicious user might not send an invalid message which when decrypted by the circuit (using decryptWithoutCheck and thus possibily failing decryption) would result in a valid stateIndex, causing a DoS on the coordinator which would not be able to generate a proof.

Also, the padding messages are not anymore the last message sent (this.messages[this.messages.length - 1]), but actually an empty command with a state index 0 so that when processed in the circuit, it will have no effect.

cc @kcharbo3

Related issue(s)

re #1133

Confirmation

• I have read and understand MACI's contributor guidelines and code of conduct.
• I have read and understand MACI's GitHub processes.
• I have read and understand MACI's testing guide.

[netlify]

✅ Deploy Preview for maci-typedoc ready!

Name	Link
🔨 Latest commit	22e091d
🔍 Latest deploy log	https://app.netlify.com/sites/maci-typedoc/deploys/65d3203802d88d000864ec43
😎 Deploy Preview	https://deploy-preview-1170--maci-typedoc.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[samajammin]

Thanks @ctrlc03!

Also, the padding messages are not the last message sent, but actually the noting up my sleeve message with a state index 0 so that we can process it as null in the circuit.

Not sure what you mean hear, could you please clarify?

[ctrlc03]

Thanks @ctrlc03!

Also, the padding messages are not the last message sent, but actually the noting up my sleeve message with a state index 0 so that we can process it as null in the circuit.

Not sure what you mean hear, could you please clarify?

Have a look at core/ts/Poll.ts in genProcessMessagesPartialInputs, for some reason we were padding with the last message in the array (basically there might be one batch which needs to be padded to be full, which is the first one unless messages % batch size === 0). Now instead of sending the last message in the message array, which could have been a top up or a vote message (random based on whatever is sent last in a voting round), we just send a command with a state index of 0 so when processed by the circuit it'll just do nothing.

[0xmad]

@ctrlc03 thanks, just one minor comment.

[0xmad]

@ctrlc03 thanks!

[kcharbo3]

LGTM!