Root history + expiry, to fix mempool invalidations

[m1guelpf]

Is your feature request related to a problem? Please describe. Adding a new member to a Semaphore group changes the root, invalidating any currently-generated proofs. This makes it so that a transaction submitted with a valid proof can become invalid if another transaction modifying a group is submitted first.

Describe the solution you'd like Root history kind of solves this (by accepting the root as well as the proof, and ensuring the root was part of the group at some point), but pretty much gets rid of the ability to remove members from a project (since they can always generate a proof against a root where they were still in the group).

You can reduce this problem by making roots expire after a certain time, making sure that transactions with a valid proof stuck in the mempool still succeed, but that a member cannot submit proofs days/hours after being removed from a group.

I'd be interested in contributing code for this, either to the core or as an optional template, if the Semaphore team is interested in it.

Additional context Basic root history was removed recently (https://github.com/appliedzkp/semaphore/pull/95), but I couldn't find any discussion or info as to why.

[cedoor]

Hi @m1guelpf.

The main reason why that mapping was removed is that not all clients would use that mapping, and since the base contracts need to contain only minimal code, delegating the management of any root history to the clients seemed the best solution. SemaphoreVoting.sol does not have that problem for example, because groups cannot be changed when users create their proofs, and having a unused mapping makes the client contract more expensive. On the other hand, SemaphoreWhistleblowing.sol could have that problem actually, and the publishLeak method should handle it.

Can it make sense for you?

Your solution for the removed members issue is interesting. Curious to see it in a template or in the SemaphoreWhistleblowing.sol extension contract maybe.