Summary
Emergency withdrawal allows users to reclaim funds if their notes expire from the root history. It is not privacy-preserving and should only be used as a last resort.
Purpose
Notes are only spendable while their Merkle root is in the history buffer. If a user holds a note too long and the root drops out, standard withdrawals fail. Emergency withdrawal provides a path to recover those funds directly.
Security considerations
- Root expiration. The note's root must be older than
ROOT_HISTORYentries and no longer stored. Valid roots are rejected. - Proof bypass prevention. Allowed only when the proof-based path is proven unusable. It cannot be abused to avoid generating proofs for valid notes.
- Privacy loss. Because funds return to the original depositor, the deposit and withdrawal become trivially linkable.
Process
1. Verify depositor
The transaction signer must match the depositor field stored alongside the note.
2. Check expiration
The program confirms that the note's root is older than history limits.
3. Create deterministic nullifier
A nullifier is generated deterministically (e.g. using Keccak256) to prevent double use.
4. Transfer funds
The pool sends the note's amount directly to the original depositor address.