fix(mtcs): re-introduce light client check in enclave (#148)

apps/mtcs/enclave/src/mtcs_server.rs

@@ -17,7 +17,7 @@ use mtcs::{
 };
 use quartz_common::{
     contract::{msg::execute::attested::RawAttested, state::Config},
-    enclave::attestor::Attestor,
+    enclave::{attestor::Attestor, server::ProofOfPublication},
 };
 use serde::{Deserialize, Serialize};
 use tonic::{Request, Response, Result as TonicResult, Status};
@@ -64,10 +64,21 @@ where
         &self,
         request: Request<RunClearingRequest>,
     ) -> TonicResult<Response<RunClearingResponse>> {
-        let message: RunClearingMessage = {
+        // Light client check
+        let message: ProofOfPublication<RunClearingMessage> = {
             let message = request.into_inner().message;
             serde_json::from_str(&message).map_err(|e| Status::invalid_argument(e.to_string()))?
         };
+
+        let (proof_value, message) = message
+            .verify(self.config.light_client_opts())
+            .map_err(Status::failed_precondition)?;
+
+        let proof_value_matches_msg =
+            serde_json::to_string(&message.intents).is_ok_and(|s| s.as_bytes() == proof_value);
+        if !proof_value_matches_msg {
+            return Err(Status::failed_precondition("proof verification"));
+        }
         // TODO: ensure no duplicates somewhere else!
         let liquidity_sources: Vec<LiquiditySource> =
             message.liquidity_sources.into_iter().collect();