Refactor backend following updated contracts

[sifnoc]

Update the backend API to reflect changes in the contracts.

Major changes include separating AddressOwnership from Snapshot, and introducing a new struct, Round, which is now included within Snapshot.

Modified gen_inclusion_verifier and gen_solvency_verifier scripts with using specific ptau file instead of using random.

[enricobottazzi]

For what I can tell, this operation of making sure that the input 'addresses` ... is not being performed now so the comment is misleading. BTW I agree that we shouldn't do that.

[alxkzmn]

Good point, that's why I also think that the address ownership should live inside the Round and Round should take care of it. (cc @sifnoc )

[enricobottazzi]

Why do you think so? One of the main ideas of this PR was to separate AddressOwnership from Round as these are separated phases

[alxkzmn]

I'm not sure if they'll be performed separately in the real-world implementation. E.g., CEX can add more addresses in between the proving rounds but in each round it has to check if all the addresses have the ownership proofs submitted, so it makes sense just to submit new addresses in the beginning of the round. BTW I agree that it's good to separate address ownership into its own trait.

[sifnoc]

Updated comment at ce908f0

Both perspectives are valid. However, from my understanding, the AddressOwnership operation isn't intrinsically tied to Round. As such, it might not be fitting to merge AddressOwnership directly into Round at this juncture.
That being said, there could be value in creating a new struct that encompasses both functionalities.
Perhaps something like SummaOperator or SummaController?
For a CEX operator, a consolidated interface for both Round and AddressOwnership would undoubtedly be beneficial.

[sifnoc]

I now understand your perspective. You're suggesting a Round structure similar to this:

pub struct Round<const LEVELS: usize, const N_ASSETS: usize, const N_BYTES: usize> {
    timestamp: u64,
    snapshot: Snapshot<LEVELS, N_ASSETS, N_BYTES>,
    address_ownership: AddressOwnership,
    signer: SummaSigner,
}

The following code segment, I see its alignment with your viewpoint on AddressOwnership:

summa-solvency/contracts/src/Summa.sol

Lines 107 to 110 in c4edbc6

	require(
	addressOwnershipProofs.length != 0,
	"The CEX has not submitted any address ownership proofs"
	);

However, regardless of the naming convention for Round, I believe there should be only one Signer.
If there are multiple signers, they might generate transactions with the same nonce.

[enricobottazzi]

I'm only talking about the encapsulation of AddressOwnership inside Round (Round holding an instance of AddressOwnership). As I imagine the future use of the system, CEX will not call any of Summa services from within CEX services, they will be called by the scheduler. If everything gets called with the same interval, it's all a "Round" of a proof of solvency.

My hypothesis is that Round and AddressOwnership are two very separate things and the Scheduler will only have to deal with Round. The soundness of this hypothesis depends on the frequency of address rotation performed by an Exchange. If they stick to the same address for long time, AddressOwnership is just called once and then just updated once in a while. On the contrary, if the switch addresses very frequently, it's likely that at every round a new proof of address ownership must be called.

I think we can stick to this now and challenge this hypothesis as soon as speak with customers. This will also inform the design of the Summa services.

[enricobottazzi]

However, regardless of the naming convention for Round, I believe there should be only one Signer.
If there are multiple signers, they might generate transactions with the same nonce.

Can elaborate on that @sifnoc ?

[sifnoc]

In the current implementation, both Round and AddressOwnership have an instance of Signer, each.
The default middleware in ethers-rs does not provide a shared nonce counter between signers.
As a result, both signers might query the node using get_transaction_count for the same Account.

This can lead to a high likelihood that both signers will generate transactions with the same nonce for submit_proof_of_solvency and submit_proof_of_address_ownership.

Consequently, one of these transactions may not be included in the block.

[alxkzmn]

Yes, the same Signer should be injected everywhere where needed.

[alxkzmn]

I think that the address ownership should be a part of the Round (similarly to Snapshot). While it's possible to submit it at any time before the proof, it's still enough to submit it in the beginning of a round. Most likely it wouldn't be called manually in the production implementation of Summa like you're calling it here. There should be some entity that controls it and Round seems to be a good candidate for that.

[sifnoc]

#152 (comment) partially addresses your suggestion for now.
A potential alternative could be the Scheduler you introduced in the Service-Based Backend Architecture
Let's discuss this further in the document.

[enricobottazzi]

Just had a single comment on a variable name. LGTM!

[enricobottazzi]

Can we rename it to SignatureRecord as the other is named AssetRecord ?

[sifnoc]

Updated at 31c3c59

[alxkzmn]

The error message is misleading, it should say something like "the number of assets doesn't match the expected"

[sifnoc]

Updated at 31c3c59

[alxkzmn]

I'm not talking about merging (similarly to how Snapshot can still live in a separate file and not inside the same file with Round). I'm only talking about the encapsulation of AddressOwnership inside Round (Round holding an instance of AddressOwnership). As I imagine the future use of the system, CEX will not call any of Summa services from within CEX services, they will be called by the scheduler. If everything gets called with the same interval, it's all a "Round" of a proof of solvency.