Z-Imburse Docs: ZImburseRegistry Escrow Contract Registration Integrity

# Z-Imburse Docs: ZImburseRegistry Escrow Contract Registration Integrity Aztec does not yet provide the ability for contracts to deploy other contracts. This means that we cannot guarantee the integrity of an escrow contract or its parameters during deployment of the escrow contract. To rectify this, we include an escrow registration function: ```rust #[private] fn register_escrow(escrow_contract: AztecAddress); ``` From a security standpoint, there are two objectives: 1. Guarantee an asserted contract is a valid instance of a `ZImburseEscrow` contract 2. Guarantee the contract points to the correct escrow registry and payment token ## Escrow Contract Instance Integrity We can ensure that `escrow_contract` is the address of a `ZImburseEscrow` contract by recomputing the address. We can use `aztec::oracle::get_contract_instance` to get everything we need to recompute a contract address. However, as an oracle call, this is untrusted and the PXE could supply anything it wants. This is why the constructor supplies `escrow_contract_id` - by supplying the ID from storage, the computed address will only match `escrow_contract` if it is a valid instance of `ZImburseEscrow`. We additionally call `context.historical_header.prove_contract_initialization(escrow_contract)` to guarantee the contract exists on the network. Without including this call, we could actually set up the initializer function of `ZImburseEscrow` to call the escrow registry and register itself atomically in the same transaction. However, the historical header will not include the contract and not recognize its existence in the same block. Actually as I write this there is a logical solution here? If the only way to call register_escrow is from a valid instance of an escrow contract, then we could omit checking if it is deployed because it must be deployed to call this function... THIS WILL BE CHANGED ## Escrow Contract Parameters Integrity Escrow contracts also supply a function `get_registration_params()` which simply returns the `Definition` for the escrow contract. This returns the `admin` of the escrow, the `registry` that DKIM keys will be checked against, and the `usdc` payment token that reimbursements will be paid out. Simply, the following checks are performed: 1. The escrow's `admin` is `context.msg_sender()`, so that only an escrow admin can register their own escrow 2. The escrow's `registry` is `context.this_address()`, so that the escrow points back to the registry 3. The escrow's `usdc` is the same as the registry's `usdc`