From 2f409a5aafd61062317c6bdb241bf975e37aa39e Mon Sep 17 00:00:00 2001
From: 0xKitsune <77890308+0xKitsune@users.noreply.github.com>
Date: Thu, 7 Sep 2023 09:29:00 -0400
Subject: [PATCH] NM Audit Fixes (#118)

* fix: removed unused constant EMPTY_LEAF

* fix: add natspec for validateArrayIsInReducedForm

* fix: updated natspec to reflect functions that can only be called by the identity operator

* fix: added check to ensure that oldIdentities and newIdenties are the same length

* fix: removed redundant identity length check
---
 src/WorldIDIdentityManagerImplV1.sol | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/src/WorldIDIdentityManagerImplV1.sol b/src/WorldIDIdentityManagerImplV1.sol
index f02fa8d..4bd1e3b 100644
--- a/src/WorldIDIdentityManagerImplV1.sol
+++ b/src/WorldIDIdentityManagerImplV1.sol
@@ -71,10 +71,6 @@ contract WorldIDIdentityManagerImplV1 is WorldIDImpl, IWorldID {
     ///      group.
     uint256 internal rootHistoryExpiry;
 
-    /// @notice Represents the initial leaf in an empty merkle tree.
-    /// @dev Prevents the empty leaf from being inserted into the root history.
-    uint256 internal constant EMPTY_LEAF = uint256(0);
-
     /// @notice The `r` for the finite field `Fr` under which arithmetic is done on the proof input.
     /// @dev Used internally to ensure that the proof input is scaled to within the field `Fr`.
     uint256 internal constant SNARK_SCALAR_FIELD =
@@ -333,7 +329,7 @@ contract WorldIDIdentityManagerImplV1 is WorldIDImpl, IWorldID {
     ///////////////////////////////////////////////////////////////////////////////
 
     /// @notice Registers identities into the WorldID system.
-    /// @dev Can only be called by the owner.
+    /// @dev Can only be called by the identity operator.
     /// @dev Registration is performed off-chain and verified on-chain via the `insertionProof`.
     ///      This saves gas and time over inserting identities one at a time.
     ///
@@ -440,7 +436,7 @@ contract WorldIDIdentityManagerImplV1 is WorldIDImpl, IWorldID {
     }
 
     /// @notice Updates identities in the WorldID system.
-    /// @dev Can only be called by the owner.
+    /// @dev Can only be called by the identity operator.
     /// @dev The update is performed off-chain and verified on-chain via the `updateProof`. This
     ///      saves gas and time over removing identities one at a time.
     /// @dev This function can perform arbitrary identity alterations and does not require any
@@ -845,6 +841,8 @@ contract WorldIDIdentityManagerImplV1 is WorldIDImpl, IWorldID {
         }
     }
 
+    /// @notice Validates that an array of identity commitments is within bounds of the SNARK_SCALAR_FIELD
+    /// @param identityCommitments The array of identity commitments to be validated.
     function validateArrayIsInReducedForm(uint256[] calldata identityCommitments)
         internal
         view