feat: circuit test pass, but incorrect rounding

anchor/programs/darklake/Cargo.toml

@@ -22,4 +22,4 @@ anchor-spl = "0.30.1"
 groth16-solana = "0.0.3"
 solana-program = "2.0.1"
 mpl-token-metadata = "4.1.2"
-spl-math = "0.3"
+spl-math = { version = "0.3", features = ["no-entrypoint"] }

anchor/programs/darklake/src/constants/verifying_key.rs

@@ -1,18 +1,18 @@
 use groth16_solana::groth16::Groth16Verifyingkey;
 
 pub const VERIFYINGKEY: Groth16Verifyingkey =  Groth16Verifyingkey {
-	nr_pubinputs: 5,
+	nr_pubinputs: 8,
 
 	vk_alpha_g1: [
-		39,173,3,22,55,111,32,141,9,85,21,8,48,39,24,59,235,141,243,74,21,130,185,94,209,174,60,77,125,154,106,44,
-		14,192,150,8,92,51,136,180,189,92,162,145,148,0,17,146,117,62,177,169,88,152,4,181,201,18,176,120,95,229,105,154,
+		33,190,193,128,200,187,115,0,148,236,193,115,244,53,212,91,192,103,89,218,137,18,203,240,248,154,157,92,69,172,123,96,
+		47,81,245,254,170,174,67,14,118,179,186,6,182,108,177,181,243,129,153,205,80,168,236,61,204,142,253,107,67,188,249,191,
 	],
 
 	vk_beta_g2: [
-		8,137,88,168,140,170,115,83,207,230,34,118,172,25,29,107,150,221,65,207,169,246,42,246,119,221,91,248,181,18,149,184,
-		36,85,82,195,72,81,198,58,35,53,247,176,67,128,41,168,62,78,146,65,115,79,32,188,44,27,79,74,86,173,84,77,
-		19,102,102,239,208,205,239,54,66,186,87,147,1,147,86,39,229,76,45,231,102,137,233,137,98,173,199,124,30,63,76,148,
-		42,106,120,138,62,124,42,148,84,17,86,92,112,213,148,39,16,48,126,195,166,255,179,32,0,170,149,99,17,147,249,73,
+		16,57,249,232,210,207,221,88,126,6,148,205,84,13,39,81,97,12,198,156,102,15,158,61,70,2,37,68,177,209,215,207,
+		20,38,208,122,51,25,254,153,32,32,150,183,46,14,14,61,141,81,110,26,87,150,6,232,31,193,60,205,203,108,177,123,
+		31,168,149,175,112,55,105,43,161,0,106,78,14,246,192,173,91,147,186,48,194,175,102,113,20,96,107,114,59,75,37,79,
+		24,132,57,195,94,100,178,58,226,27,80,253,184,54,54,134,51,231,253,180,202,16,150,187,9,168,53,144,168,143,158,149,
 	],
 
 	vk_gamme_g2: [
@@ -23,32 +23,44 @@ pub const VERIFYINGKEY: Groth16Verifyingkey =  Groth16Verifyingkey {
 	],
 
 	vk_delta_g2: [
-		20,82,32,24,191,48,7,155,2,116,206,219,22,227,161,110,174,1,186,62,32,229,184,192,112,41,46,152,120,201,111,52,
-		19,170,107,51,66,113,23,179,171,188,220,184,250,211,249,214,191,66,251,175,193,141,108,34,252,48,53,241,194,179,141,190,
-		13,64,244,20,180,145,51,198,177,4,98,247,147,103,98,231,188,74,168,254,187,203,89,17,5,101,24,141,98,23,163,50,
-		16,114,187,153,115,69,54,226,122,54,234,114,69,91,99,159,85,54,207,35,202,119,143,181,91,165,24,227,4,77,144,112,
+		31,28,254,198,255,36,70,3,139,254,99,151,4,37,142,81,118,171,213,94,254,204,103,132,31,223,207,189,123,68,102,204,
+		24,38,31,223,163,118,170,133,66,171,156,59,231,83,51,141,224,246,28,166,182,98,101,55,139,16,220,183,25,127,64,78,
+		21,232,227,11,124,108,159,16,130,202,228,81,252,205,108,156,49,188,143,8,110,187,169,59,192,105,191,147,98,125,225,51,
+		13,249,253,182,243,186,141,179,169,30,121,55,48,176,197,197,219,27,163,22,163,164,134,132,178,76,66,184,35,3,148,37,
 	],
 
 	vk_ic: &[
 		[
-			20,117,178,144,199,86,40,28,139,72,149,150,221,34,220,185,112,196,247,204,36,86,0,111,2,39,252,64,163,136,158,72,
-			14,116,172,32,18,129,193,47,179,128,153,220,86,97,240,34,171,181,104,5,72,194,175,108,20,184,146,61,171,238,127,250,
+			0,201,105,144,46,237,134,254,151,252,147,99,8,239,46,231,197,208,12,145,124,11,137,187,48,19,203,92,66,161,214,158,
+			13,116,78,81,90,163,6,239,23,210,100,230,232,28,69,100,195,20,177,253,7,104,14,26,221,57,216,189,29,132,51,16,
 		],
 		[
-			32,83,181,76,227,121,250,47,99,98,192,148,197,165,111,76,36,158,155,160,246,115,203,238,253,254,139,250,176,51,162,229,
-			26,203,227,24,200,114,78,250,92,69,180,67,48,84,214,122,58,41,134,87,194,168,123,165,103,228,149,242,190,208,204,40,
+			29,87,131,46,151,194,225,189,88,189,188,66,122,230,239,67,5,33,187,101,10,163,61,108,59,240,215,3,15,62,85,143,
+			19,245,132,221,53,113,49,139,186,215,54,248,66,111,203,159,51,41,17,159,153,156,80,205,187,54,186,108,143,132,224,214,
 		],
 		[
-			42,185,115,152,171,110,26,235,67,184,206,136,164,59,136,168,243,217,252,214,161,247,124,225,28,54,89,216,180,178,156,212,
-			37,219,158,110,208,228,240,100,139,45,98,39,5,120,91,68,178,248,209,142,68,44,161,99,67,228,197,219,137,238,36,106,
+			2,153,136,80,117,0,12,101,237,68,116,34,12,131,44,154,106,68,189,20,235,173,115,138,235,109,34,61,37,130,117,220,
+			9,55,92,106,90,245,73,175,244,240,4,111,107,185,26,24,98,28,66,108,238,208,15,11,145,227,114,101,58,59,29,98,
 		],
 		[
-			10,61,208,60,178,139,175,144,164,251,164,51,41,242,227,193,62,91,83,250,34,163,155,251,97,92,68,187,170,230,204,186,
-			15,74,29,129,199,37,101,163,127,57,111,6,135,106,61,37,67,103,196,228,27,134,237,126,248,183,26,110,106,124,86,132,
+			14,174,28,206,145,39,15,255,247,254,220,92,84,128,200,145,18,5,234,16,22,72,168,125,79,228,20,151,136,110,225,35,
+			7,49,27,195,130,225,102,194,10,29,34,153,246,197,238,247,204,241,205,57,226,231,148,30,97,169,192,146,187,145,71,31,
 		],
 		[
-			22,163,116,25,68,151,95,1,98,83,99,172,107,98,128,76,213,51,155,160,104,61,216,3,114,144,56,172,146,235,85,124,
-			19,251,92,184,124,129,6,66,241,98,69,167,26,12,193,77,162,141,144,139,106,118,227,121,247,220,23,4,243,133,14,113,
+			7,26,46,103,23,155,19,104,101,215,223,85,33,191,147,156,211,254,130,199,43,226,204,52,9,184,13,219,186,227,193,26,
+			28,218,13,233,15,205,156,223,24,50,126,67,149,205,65,117,63,184,14,140,108,227,163,30,71,218,67,197,143,139,86,216,
+		],
+		[
+			22,175,37,80,164,62,30,157,95,197,207,56,13,208,175,235,176,56,0,213,43,20,52,13,79,218,212,243,107,55,132,251,
+			33,91,92,174,91,154,172,88,74,214,45,92,35,172,54,16,55,252,130,50,247,192,96,244,185,166,79,100,166,215,187,102,
+		],
+		[
+			30,36,95,199,226,183,77,27,226,211,38,164,198,228,149,83,113,151,102,73,0,60,122,240,176,118,112,153,216,150,168,235,
+			30,26,97,98,103,4,102,95,45,221,191,252,119,189,13,127,220,53,40,66,173,149,73,252,234,66,136,10,234,183,33,170,
+		],
+		[
+			2,102,211,153,2,118,43,100,121,159,76,88,181,14,121,51,120,116,83,227,223,246,57,231,161,179,61,71,126,26,12,35,
+			36,245,35,100,176,184,162,144,223,237,127,55,142,250,46,64,149,171,147,29,79,196,46,251,163,229,55,180,208,59,148,91,
 		],
 	]
 };

anchor/programs/darklake/src/instructions/confidential_swap.rs

@@ -73,6 +73,8 @@ pub fn map_zero_to_none(x: u128) -> Option<u128> {
 /// This is guaranteed to work for all values such that:
 ///  - 1 <= swap_source_amount * swap_destination_amount <= u128::MAX
 ///  - 1 <= source_amount <= u64::MAX
+/// dev: invariant is increased due to ceil_div
+/// dev: because of ceil_div the destination_amount_swapped is rounded down
 pub fn swap(
     source_amount: u128,
     swap_source_amount: u128,
@@ -96,13 +98,14 @@ pub fn swap(
 
 /// ---Public signals---
 ///
-/// inputAmount
-/// isSwapXtoY
-/// currentReserveX
-/// currentReserveY
-/// newBalanceX
-/// newBalanceY
-/// amountReceived
+/// newReserveX:    0
+/// newReserveY:    1
+/// amountReceived: 2
+/// inputAmount:    3
+/// isSwapXtoY:     4
+/// reserveX:       5
+/// reserveY:       6
+///
 impl<'info> ConfidentialSwap<'info> {
     pub fn confidential_swap(
         &mut self,
@@ -117,15 +120,15 @@ impl<'info> ConfidentialSwap<'info> {
         }
 
         let pool = &mut self.pool;
+
+        let reserve_x = u64::from_be_bytes(public_signals[5][24..].try_into().unwrap());
+        let reserve_y = u64::from_be_bytes(public_signals[6][24..].try_into().unwrap());
         msg!(
             "Pool reserves X: {} | Y: {}",
             pool.reserve_x,
             pool.reserve_y
         );
 
-        let reserve_x = u64::from_be_bytes(public_signals[2][24..].try_into().unwrap());
-        let reserve_y = u64::from_be_bytes(public_signals[3][24..].try_into().unwrap());
-
         msg!("Proof pool reserves X: {} | Y: {}", reserve_x, reserve_y);
 
         if pool.reserve_x != reserve_x || pool.reserve_y != reserve_y {
@@ -146,47 +149,79 @@ impl<'info> ConfidentialSwap<'info> {
             return Err(ErrorCode::InvalidProof.into());
         }
 
-        let input_amount = u64::from_be_bytes(public_signals[0][1..].try_into().unwrap());
-        let is_swap_x_to_y: bool =
-            u64::from_be_bytes(public_signals[1][1..].try_into().unwrap()) > 0;
-
+        let input_amount = u64::from_be_bytes(public_signals[3][24..].try_into().unwrap());
+
+        // Enough to check that it's not zero
+        let is_swap_x_to_y: bool = public_signals[4] != [0u8; 32];
+        msg!("Is X -> Y swap? - {}", is_swap_x_to_y);
+
         // Currently not re-checked since we check output amount
         // let new_balance_x = u64::from_be_bytes(public_signals[4][24..].try_into().unwrap());
         // let new_balance_y = u64::from_be_bytes(public_signals[5][24..].try_into().unwrap());
-        let amount_received = u64::from_be_bytes(public_signals[6][24..].try_into().unwrap());
+        let amount_received = u64::from_be_bytes(public_signals[2][24..].try_into().unwrap());
+
+        msg!(
+            "Proof input X: {} | output Y {}",
+            input_amount,
+            amount_received
+        );
 
         // Calculate the output amount using the constant product formula
-        let output_amount :SwapWithoutFeesResult = if is_swap_x_to_y {
+        let output_amount: SwapWithoutFeesResult = if is_swap_x_to_y {
             // Swap X to Y
-            swap(input_amount as u128, pool.reserve_x as u128, pool.reserve_y as u128)
-                .ok_or(ErrorCode::MathOverflow)?
+            swap(
+                input_amount as u128,
+                pool.reserve_x as u128,
+                pool.reserve_y as u128,
+            )
+            .ok_or(ErrorCode::MathOverflow)?
         } else {
             // Swap Y to X
-            swap(input_amount as u128, pool.reserve_y as u128, pool.reserve_x as u128)
-                .ok_or(ErrorCode::MathOverflow)?
+            swap(
+                input_amount as u128,
+                pool.reserve_y as u128,
+                pool.reserve_x as u128,
+            )
+            .ok_or(ErrorCode::MathOverflow)?
         };
 
+        msg!(
+            "Proof output: {} | pool output: {}",
+            amount_received,
+            (output_amount.destination_amount_swapped as u64)
+        );
+
         // Sanity check which should be true if the circuit is correct
         if (output_amount.destination_amount_swapped as u64) < amount_received {
             return Err(ErrorCode::PoolAmountOutputTooLow.into());
         }
 
         // Update pool reserves
-        let new_balance_x = if is_swap_x_to_y {
-            pool.reserve_x.checked_add(output_amount.source_amount_swapped as u64).unwrap()
+        pool.reserve_x = if is_swap_x_to_y {
+            pool.reserve_x
+                .checked_add(output_amount.source_amount_swapped as u64)
+                .unwrap()
         } else {
-            pool.reserve_x.checked_sub(output_amount.destination_amount_swapped as u64).unwrap()
+            pool.reserve_x
+                .checked_sub(output_amount.destination_amount_swapped as u64)
+                .unwrap()
         };
 
-        let new_balance_y = if is_swap_x_to_y {
-            pool.reserve_y.checked_sub(output_amount.destination_amount_swapped as u64).unwrap()
+        pool.reserve_y = if is_swap_x_to_y {
+            pool.reserve_y
+                .checked_sub(output_amount.destination_amount_swapped as u64)
+                .unwrap()
         } else {
-            pool.reserve_y.checked_add(output_amount.source_amount_swapped as u64).unwrap()
+            pool.reserve_y
+                .checked_add(output_amount.source_amount_swapped as u64)
+                .unwrap()
         };
 
-        pool.reserve_x = new_balance_x;
-        pool.reserve_y = new_balance_y;
-
+        msg!(
+            "Pool reserves after swap X: {} | Y: {}",
+            pool.reserve_x,
+            pool.reserve_y
+        );
 
         // Transfer tokens
         if is_swap_x_to_y {