From d3a1b905e4ba4ee4d5093a42eba7802dd3f0fbeb Mon Sep 17 00:00:00 2001
From: Hyunggyu Jang <murasakipurplez5@gmail.com>
Date: Mon, 24 Apr 2023 08:53:14 +0900
Subject: [PATCH] At least add nonce to prevent it

---
 08-custom-tokens/src/BasicTokenContract.ts       | 7 ++++++-
 08-custom-tokens/src/WhitelistedTokenContract.ts | 7 ++++++-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/08-custom-tokens/src/BasicTokenContract.ts b/08-custom-tokens/src/BasicTokenContract.ts
index 84e9117..415c0e9 100644
--- a/08-custom-tokens/src/BasicTokenContract.ts
+++ b/08-custom-tokens/src/BasicTokenContract.ts
@@ -8,12 +8,14 @@ import {
   UInt64,
   PublicKey,
   Signature,
+  UInt32,
 } from 'snarkyjs';
 
 const tokenSymbol = 'MYTKN';
 
 export class BasicTokenContract extends SmartContract {
   @state(UInt64) totalAmountInCirculation = State<UInt64>();
+  @state(UInt32) mintNonce = State<UInt32>();
 
   deploy(args: DeployArgs) {
     super.deploy(args);
@@ -44,11 +46,13 @@ export class BasicTokenContract extends SmartContract {
     this.totalAmountInCirculation.assertEquals(totalAmountInCirculation);
 
     let newTotalAmountInCirculation = totalAmountInCirculation.add(amount);
+    let nonce = this.mintNonce.get();
+    this.mintNonce.assertEquals(nonce);
 
     adminSignature
       .verify(
         this.address,
-        amount.toFields().concat(receiverAddress.toFields())
+        amount.toFields().concat(...receiverAddress.toFields(), ...nonce.toFields())
       )
       .assertTrue();
 
@@ -57,6 +61,7 @@ export class BasicTokenContract extends SmartContract {
       amount,
     });
 
+    this.mintNonce.set(nonce.add(1));
     this.totalAmountInCirculation.set(newTotalAmountInCirculation);
   }
 
diff --git a/08-custom-tokens/src/WhitelistedTokenContract.ts b/08-custom-tokens/src/WhitelistedTokenContract.ts
index bb8cb5c..53faf63 100644
--- a/08-custom-tokens/src/WhitelistedTokenContract.ts
+++ b/08-custom-tokens/src/WhitelistedTokenContract.ts
@@ -11,6 +11,7 @@ import {
   Signature,
   Poseidon,
   MerkleWitness,
+  UInt32,
 } from 'snarkyjs';
 
 class MerkleWitness20 extends MerkleWitness(20) {}
@@ -19,6 +20,7 @@ const tokenSymbol = 'MYTKN';
 
 export class WhitelistedTokenContract extends SmartContract {
   @state(UInt64) totalAmountInCirculation = State<UInt64>();
+  @state(UInt32) mintNonce = State<UInt32>();
   @state(Field) whitelistTreeRoot = State<Field>();
 
   deploy(args: DeployArgs) {
@@ -54,11 +56,13 @@ export class WhitelistedTokenContract extends SmartContract {
     this.totalAmountInCirculation.assertEquals(totalAmountInCirculation);
 
     let newTotalAmountInCirculation = totalAmountInCirculation.add(amount);
+    let nonce = this.mintNonce.get();
+    this.mintNonce.assertEquals(nonce);
 
     adminSignature
       .verify(
         this.address,
-        amount.toFields().concat(receiverAddress.toFields())
+        amount.toFields().concat(...receiverAddress.toFields(), ...nonce.toFields())
       )
       .assertTrue();
 
@@ -67,6 +71,7 @@ export class WhitelistedTokenContract extends SmartContract {
       amount,
     });
 
+    this.mintNonce.set(nonce.add(1));
     this.totalAmountInCirculation.set(newTotalAmountInCirculation);
   }