verify that the index is reserved when sending multiple msgs within the same tx

Author: vezenovm

noir-projects/aztec-nr/aztec/src/messages/delivery/constrained_delivery.nr

@@ -70,6 +70,13 @@ pub fn calculate_secret_and_index(
         let secret: Field = context
             .call_private_function(registry, selector, [sender.to_field(), recipient.to_field()])
             .get_preimage();
+
+        // Reserve index 0 for the freshly bootstrapped secret so the PXE seeds its per-secret counter, mirroring
+        // the `Some` branch. Without this, a later constrained message under the same secret restarts at index 0
+        // and collides on `(secret, 0)`.
+        // Safety: this only advances a PXE-side counter; the returned index is constrained to 0 below.
+        let index = unsafe { get_next_constrained_index(secret) };
+        assert(index == 0, "freshly bootstrapped secret must start at index 0");
         (secret, 0)
     } else {
         let secret = maybe_secret.unwrap_unchecked();

noir-projects/noir-contracts/contracts/test/constrained_delivery_test_contract/src/main.nr

@@ -6,7 +6,9 @@ mod test;
 #[aztec]
 pub contract ConstrainedDeliveryTest {
     use aztec::{
-        macros::functions::external, messages::delivery::constrained_delivery::calculate_secret_and_index,
+        macros::functions::external,
+        messages::delivery::constrained_delivery::calculate_secret_and_index,
+        oracle::notes::get_next_constrained_index,
         protocol::address::AztecAddress,
     };
 
@@ -15,4 +17,21 @@ pub contract ConstrainedDeliveryTest {
     fn calculate_and_return(registry: AztecAddress, sender: AztecAddress, recipient: AztecAddress) -> (Field, u32) {
         calculate_secret_and_index(self.context, registry, sender, recipient)
     }
+
+    /// Resolves a secret via the helper, then asks the PXE for the next index of that same secret.
+    ///
+    /// Models a sender emitting a second constrained message under a freshly resolved handshake within one tx.
+    /// The returned `(secret, first_index, second_index)` lets a test assert that the second index advances past
+    /// the first rather than resetting, which would collide on `(secret, first_index)`.
+    #[external("private")]
+    fn resolve_then_next_index(
+        registry: AztecAddress,
+        sender: AztecAddress,
+        recipient: AztecAddress,
+    ) -> (Field, u32, u32) {
+        let (secret, first_index) = calculate_secret_and_index(self.context, registry, sender, recipient);
+        // Safety: test-only observation of the index the PXE hands out next for this secret.
+        let second_index = unsafe { get_next_constrained_index(secret) };
+        (secret, first_index, second_index)
+    }
 }

noir-projects/noir-contracts/contracts/test/constrained_delivery_test_contract/src/test.nr

@@ -67,6 +67,26 @@ unconstrained fn handshake_returns_fresh_secret_at_index_zero() {
     assert_eq(second_index, 0);
 }
 
+// Bootstrap must seed the per-secret index counter, so a second message emitted under the freshly
+// bootstrapped handshake within the same tx advances to index 1 instead of resetting to 0 (which would
+// collide on `(secret, 0)`). This mirrors the `Some(secret)` branch, which seeds the counter via the same
+// oracle call.
+#[test]
+unconstrained fn bootstrap_seeds_index_counter_for_same_tx_reuse() {
+    let (env, registry_address, test_address, sender, recipient) = setup();
+    let test_contract = ConstrainedDeliveryTest::at(test_address);
+
+    let (secret, first_index, second_index) = env.call_private_opts(
+        sender,
+        helper_options(registry_address),
+        test_contract.resolve_then_next_index(registry_address, sender, recipient),
+    );
+
+    assert(secret != 0, "bootstrap should return a non-zero secret");
+    assert_eq(first_index, 0);
+    assert_eq(second_index, 1);
+}
+
 // Existing-handshake path: when a handshake already exists, the helper takes the `Some(secret)` branch and
 // (at index 0) calls `validate_handshake`, which completes here because the secret matches the stored note.
 #[test]