Today, when a user submits a proof for their private tx, they include the tree roots they used for the L1-to-L2, private data, and contract trees. However, there’s nothing that requires that these tree roots are contemporary with each other: the proof could use a very recent private data tree with a very old contract tree, or the other way around.

Can this be exploited in any way? I understand that no, because these trees are only used for proving that something is present (and not the other way around), so using an older root will at most prevent a proof from using a certain value or contract. Am I missing anything?

48 Likes

I have forgotten which post it was, but there was a post talking about using one historic tree where we the leafs become a tuple with values of the other historic roots, to make it more efficient to do the historic inclusion proofs.

You can also use it for proving that something is not in the tree at some specific point in time, e.g., this nullifier was not in the set at X. Note that this is NOT used in consuming data, so it is mainly useful to convey to some application that this thing did not happen in X. You could use it for airdrops as an example where you prove that you deposited at some point X and that your funds where not removed before Y

65 Likes