Create a function create_world_id() that interacts with the World ID contract

[Dprof-in-tech]

This function should interact with the World ID contract to create an id for a given user.
Study how World ID works and integrate it in the function.
Write test for this function and ensure all scenarios and edge cases are covered

[BrunoAmbricca]

I would like to work on this issue

[ShantelPeters]

I'd like to handle this task.

[KoxyG]

Hi i am koxy, a blockchain developer. I would work on this by first studying how World ID works and then create a function that interacts with the World ID contract to create an id for a given user. I will make sure i with test that will cover different scenerios.

[emmanueldindu]

Can I be assigned to this?

[olisaagbafor]

May I pick this up?

[Jagadeeshftw]

I’d like to resolve this.

[FrankiePower]

I am Super Franky, a software developer with 3+ years of experience, and I have worked with frontend technologies like React, NextJS, JavaScript/TypeScript. I'm a recent graduate of Web3bridge Africa, the foremost and premier blockchain developer community.I am very familiar with smart contracts, and have built dapps. I have made contributions to many open-source projects, and I look forward to contributing to this one.

ET: 12 hours

[emarc99]

Can I try solving this issue?

[1nonlypiece]

I'd like to take this issue.

[FadhilMulinya]

I'd love to give this a go.

[Dprof-in-tech]

@FadhilMulinya good day chief, whats the progress on this issue?

[FadhilMulinya]

@FadhilMulinya good day chief, whats the progress on this issue?

Hello still checkin on this siir :) i am checking how world id works ... we are good

[Dprof-in-tech]

That’s alright. If you need any help, do send me a dm on telegram

…

On Wed, Dec 18, 2024 at 11:02 AM FADHIL ***@***.***> wrote: @FadhilMulinya <https://github.com/FadhilMulinya> good day chief, whats the progress on this issue? Hello still checkin on this siir :) i am checking how world id works ... we are good — Reply to this email directly, view it on GitHub <#1 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/A3W3TPMQLULWSVVYILI5ESD2GFB45AVCNFSM6AAAAABTPVT6LSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKNJQHA4TMMRTGQ> . You are receiving this because you authored the thread.Message ID: ***@***.***>

[Idrhas]

Mind if I take this issue?

[devJaja]

Can I take care of this issue?

[Victordeleusse]

Let me handle this issue!

[TobieTom]

Could I take over this issue? I am relatively new and eager to add on to my current experience

[mnusurov]

I’d love to work on this task.

[mnusurov]

@Dprof-in-tech

Subject: Clarification on World ID Identity Registration in the Smart Contract

After reviewing your code and the documentation for World ID smart contracts, I’ve come to the conclusion that it is not possible to register a World ID identity directly from your smart contract. This is because the relevant method:

function registerIdentities(
    uint256[8] calldata insertionProof,
    uint256 preRoot,
    uint32 startIndex,
    uint256[] calldata identityCommitments,
    uint256 postRoot
) public virtual onlyProxy onlyInitialized onlyIdentityOperator { ... }

is restricted by the onlyIdentityOperator modifier:

modifier onlyIdentityOperator() {
    if (msg.sender != _identityOperator) {
        revert Unauthorized(msg.sender);
    }
    _;
}

This means that the method can only be called from an authorized identity operator address.

Additionally, I noticed that the interface IWorldID in your code includes a declaration for the method:

function verifyIdentity(address user) external view returns (bool);

However, this method does not exist in the current World ID smart contracts available in their repository: https://github.com/worldcoin/world-id-contracts.

Given this, I would like to clarify the task requirements. Is the goal to ensure, within specific methods, that a user has a valid World ID identity? If so, according to their documentation, this should be achieved using the following method:

/// @notice Verifies a WorldID zero knowledge proof.
/// @dev Note that a double-signaling check is not included here, and should be carried out by the caller.
/// @dev It is highly recommended that the implementation is restricted to `view` if possible.
///
/// @param root The root of the Merkle tree
/// @param signalHash A keccak256 hash of the Semaphore signal
/// @param nullifierHash The nullifier hash
/// @param externalNullifierHash A keccak256 hash of the external nullifier
/// @param proof The zero-knowledge proof
///
/// @custom:reverts string If the `proof` is invalid.
function verifyProof(
    uint256 root,
    uint256 signalHash,
    uint256 nullifierHash,
    uint256 externalNullifierHash,
    uint256[8] calldata proof
) external view;

All parameters required for calling this function can be obtained through their SDK on your frontend and then sent to the corresponding method in your smart contract. To prevent reuse of the same proof, it is recommended to store used nullifiers in a mapping on-chain, as suggested in their documentation: https://docs.worldcoin.org/world-id/reference/contracts.

Could you confirm if this approach aligns with your requirements, or provide further clarification on how you would like World ID integration to be handled?

[Dprof-in-tech]

Please give me a couple of hours . I’ll get back to you. I’m currently busy with something else

…

On Fri, Feb 7, 2025 at 3:55 PM Marat Nusurov ***@***.***> wrote: @Dprof-in-tech <https://github.com/Dprof-in-tech> *Subject*: Clarification on World ID Identity Registration in the Smart Contract After reviewing your code and the documentation for World ID smart contracts, I’ve come to the conclusion that it is not possible to register a World ID identity directly from your smart contract. This is because the relevant method: function registerIdentities( uint256[8] calldata insertionProof, uint256 preRoot, uint32 startIndex, uint256[] calldata identityCommitments, uint256 postRoot ) public virtual onlyProxy onlyInitialized onlyIdentityOperator { ... } is restricted by the onlyIdentityOperator modifier: modifier onlyIdentityOperator() { if (msg.sender != _identityOperator) { revert Unauthorized(msg.sender); } _; } This means that the method can only be called from an authorized identity operator address. Additionally, I noticed that the interface IWorldID in your code includes a declaration for the method: function verifyIdentity(address user) external view returns (bool); However, this method does not exist in the current World ID smart contracts available in their repository: https://github.com/worldcoin/world-id-contracts. Given this, I would like to clarify the task requirements. Is the goal to ensure, within specific methods, that a user has a valid World ID identity? If so, according to their documentation, this should be achieved using the following method: /// @notice Verifies a WorldID zero knowledge proof./// @dev Note that a double-signaling check is not included here, and should be carried out by the caller./// @dev It is highly recommended that the implementation is restricted to `view` if possible.////// @param root The root of the Merkle tree/// @param signalHash A keccak256 hash of the Semaphore signal/// @param nullifierHash The nullifier hash/// @param externalNullifierHash A keccak256 hash of the external nullifier/// @param proof The zero-knowledge proof////// @Custom:reverts string If the `proof` is invalid.function verifyProof( uint256 root, uint256 signalHash, uint256 nullifierHash, uint256 externalNullifierHash, uint256[8] calldata proof ) external view; All parameters required for calling this function can be obtained through their SDK on your frontend and then sent to the corresponding method in your smart contract. To prevent reuse of the same proof, it is recommended to store used nullifiers in a mapping on-chain, as suggested in their documentation: https://docs.worldcoin.org/world-id/reference/contracts. Could you confirm if this approach aligns with your requirements, or provide further clarification on how you would like World ID integration to be handled? — Reply to this email directly, view it on GitHub <#1 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/A3W3TPKGA7NOVY5AOSNDKE32OTCOZAVCNFSM6AAAAABTPVT6LSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDMNBTGE3DMMBSG4> . You are receiving this because you were mentioned.Message ID: ***@***.***>

[mnusurov]

Hey @Dprof-in-tech did you have any chance to look into this?

[Dprof-in-tech]

Hey @Dprof-in-tech did you have any chance to look into this?

Hey chief, thank you for your patience. So i was able to take a look at this and i believe the World ID verification is already being done on the frontend, there is no use for this function , given that its also not possible to implement it because of the protected identity provider address.

we can either take the approach of verifying the user's world ID again on the contract (as you suggested) or we can forego this entirely. which do you suggest right now?

[mnusurov]

Hey,
I think this depends on your goals. From what I understand, you want certain methods to be callable only by World ID-verified users (like transfer() using the onlyVerified() modifier).
If that's the case, I believe the modifier needs to be modified to call the verifyProof() method on the World ID contract. In this scenario, the frontend would need to make the appropriate SDK method call that returns the required parameters for verifyProof(), which would then be passed to your contract's methods. I can handle the smart contract part – let me know if this approach works for you.

Hey @Dprof-in-tech did you have any chance to look into this?

Hey chief, thank you for your patience. So i was able to take a look at this and i believe the World ID verification is already being done on the frontend, there is no use for this function , given that its also not possible to implement it because of the protected identity provider address.

we can either take the approach of verifying the user's world ID again on the contract (as you suggested) or we can forego this entirely. which do you suggest right now?

[Dprof-in-tech]

Yes please proceed with it

…

On Mon, Feb 10, 2025 at 10:23 AM Marat Nusurov ***@***.***> wrote: Hey, I think this depends on your goals. From what I understand, you want certain methods to be callable only by World ID-verified users (like transfer() <https://github.com/dewdrop-labs/transverse-contracts/blob/e66150dfff277456615e53449d9fa6446d010fe0/src/Wallet.sol#L47> using the onlyVerified() <https://github.com/dewdrop-labs/transverse-contracts/blob/e66150dfff277456615e53449d9fa6446d010fe0/src/Wallet.sol#L27C14-L27C26> modifier). If that's the case, I believe the modifier needs to be modified to call the verifyProof() method on the World ID contract. In this scenario, the frontend would need to make the appropriate SDK method call that returns the required parameters for verifyProof(), which would then be passed to your contract's methods. I can handle the smart contract part – let me know if this approach works for you. Hey @Dprof-in-tech <https://github.com/Dprof-in-tech> did you have any chance to look into this? Hey chief, thank you for your patience. So i was able to take a look at this and i believe the World ID verification is already being done on the frontend, there is no use for this function , given that its also not possible to implement it because of the protected identity provider address. we can either take the approach of verifying the user's world ID again on the contract (as you suggested) or we can forego this entirely. which do you suggest right now? — Reply to this email directly, view it on GitHub <#1 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/A3W3TPIUC6HGCQO7SLTWEST2PBVXRAVCNFSM6AAAAABTPVT6LSVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDMNBXGQYDANBUGE> . You are receiving this because you were mentioned.Message ID: ***@***.***>

[mnusurov]

Hey @Dprof-in-tech please review PR