hyperledger-labs · jimthematrix · Sep 26, 2024 · Sep 26, 2024 · Sep 26, 2024 · Sep 26, 2024
diff --git a/solidity/contracts/lib/zeto_common.sol b/solidity/contracts/lib/zeto_common.sol
@@ -43,9 +43,17 @@ abstract contract ZetoCommon is OwnableUpgradeable {
     // should be called by escrow contracts that will use uploaded proofs
     // to execute transactions, in order to prevent the proof from being used
     // by parties other than the escrow contract
-    function lockProof(Commonlib.Proof calldata proof) public {
+    function lockProof(
+        Commonlib.Proof calldata proof,
+        address delegate
+    ) public {
         bytes32 proofHash = Commonlib.getProofHash(proof);
-        lockedProofs[proofHash] = msg.sender;
+        require(
+            lockedProofs[proofHash] == address(0) ||
+                lockedProofs[proofHash] == msg.sender,
+            "Proof already locked by another party"
+        );
+        lockedProofs[proofHash] = delegate;
     }
 
     function sortInputsAndOutputs(

diff --git a/solidity/contracts/zkDvP.sol b/solidity/contracts/zkDvP.sol
@@ -206,8 +206,10 @@ contract zkDvP {
         bytes32 proofHash = getProofHash(proof);
         if (trade.paymentProofHash == proofHash) {
             trade.paymentProof = proof;
+            paymentToken.lockProof(proof, address(this));
         } else if (trade.assetProofHash == proofHash) {
             trade.assetProof = proof;
+            assetToken.lockProof(proof, address(this));
         } else {
             revert("Invalid proof");
         }

diff --git a/solidity/test/zkDvP.ts b/solidity/test/zkDvP.ts
@@ -219,6 +219,18 @@ describe("DvP flows between fungible and non-fungible tokens based on Zeto with
       await expect(zkDvP.connect(Bob.signer).acceptTrade(tradeId, [0, 0], [0, 0], mockProofHash, 0, 0, mockProofHash)).rejectedWith("Payment inputs must be provided to accept the trade");
       await expect(zkDvP.connect(Bob.signer).acceptTrade(tradeId, [utxo3.hash, utxo4.hash], [0, 0], mockProofHash, 0, 0, mockProofHash)).rejectedWith("Payment outputs must be provided to accept the trade");
     });
+
+    it("test proof locking", async function () {
+      const circuit1 = await loadCircuit('anon');
+      const { provingKeyFile: provingKey1 } = loadProvingKeys('anon');
+      const utxo1 = newUTXO(100, Alice);
+      const proof = await zetoAnonTests.prepareProof(circuit1, provingKey1, Alice, [utxo1, ZERO_UTXO], [utxo1, ZERO_UTXO], [Alice, {}]);
+
+      await expect(zkPayment.connect(Alice.signer).lockProof(proof.encodedProof, await Alice.signer.getAddress())).fulfilled;
+      await expect(zkPayment.connect(Bob.signer).lockProof(proof.encodedProof, await Bob.signer.getAddress())).rejectedWith("Proof already locked by another party");
+      await expect(zkPayment.connect(Alice.signer).lockProof(proof.encodedProof, await Bob.signer.getAddress())).fulfilled;
+      await expect(zkPayment.connect(Bob.signer).lockProof(proof.encodedProof, "0x0000000000000000000000000000000000000000")).fulfilled;
+    });
   });
 
 }).timeout(600000);