@agoric/fast-usdc 0.1.1-other-dev-3eb1a1d.0 → 0.2.0-u18.0

package/src/exos/advancer.js

@@ -1,25 +1,28 @@
-import { AmountMath, AmountShape } from '@agoric/ertp';
+import { decodeAddressHook } from '@agoric/cosmic-proto/address-hooks.js';
+import { AmountMath } from '@agoric/ertp';
 import { assertAllDefined, makeTracer } from '@agoric/internal';
-import { ChainAddressShape } from '@agoric/orchestration';
+import { AnyNatAmountShape, ChainAddressShape } from '@agoric/orchestration';
 import { pickFacet } from '@agoric/vat-data';
 import { VowShape } from '@agoric/vow';
-import { q } from '@endo/errors';
 import { E } from '@endo/far';
-import { M } from '@endo/patterns';
-import { CctpTxEvidenceShape, EudParamShape } from '../type-guards.js';
-import { addressTools } from '../utils/address.js';
+import { M, mustMatch } from '@endo/patterns';
+import { Fail, q } from '@endo/errors';
+import {
+  AddressHookShape,
+  EvmHashShape,
+  EvidenceWithRiskShape,
+} from '../type-guards.js';
 import { makeFeeTools } from '../utils/fees.js';
 
-const { isGTE } = AmountMath;
-
 /**
  * @import {HostInterface} from '@agoric/async-flow';
+ * @import {TypedPattern} from '@agoric/internal'
  * @import {NatAmount} from '@agoric/ertp';
  * @import {ChainAddress, ChainHub, Denom, OrchestrationAccount} from '@agoric/orchestration';
  * @import {ZoeTools} from '@agoric/orchestration/src/utils/zoe-tools.js';
  * @import {VowTools} from '@agoric/vow';
  * @import {Zone} from '@agoric/zone';
- * @import {CctpTxEvidence, FeeConfig, LogFn} from '../types.js';
+ * @import {CctpTxEvidence, AddressHook, EvmHash, FeeConfig, LogFn, NobleAddress, EvidenceWithRisk} from '../types.js';
  * @import {StatusManager} from './status-manager.js';
  * @import {LiquidityPoolKit} from './liquidity-pool.js';
  */
@@ -37,36 +40,47 @@ const { isGTE } = AmountMath;
  * }} AdvancerKitPowers
  */
 
+/** @type {TypedPattern<AdvancerVowCtx>} */
+const AdvancerVowCtxShape = M.splitRecord(
+  {
+    fullAmount: AnyNatAmountShape,
+    advanceAmount: AnyNatAmountShape,
+    destination: ChainAddressShape,
+    forwardingAddress: M.string(),
+    txHash: EvmHashShape,
+  },
+  { tmpSeat: M.remotable() },
+);
+
 /** type guards internal to the AdvancerKit */
 const AdvancerKitI = harden({
   advancer: M.interface('AdvancerI', {
-    handleTransactionEvent: M.callWhen(CctpTxEvidenceShape).returns(),
+    handleTransactionEvent: M.callWhen(EvidenceWithRiskShape).returns(),
+    setIntermediateRecipient: M.call(ChainAddressShape).returns(),
   }),
   depositHandler: M.interface('DepositHandlerI', {
-    onFulfilled: M.call(M.undefined(), {
-      amount: AmountShape,
-      destination: ChainAddressShape,
-      tmpSeat: M.remotable(),
-    }).returns(VowShape),
-    onRejected: M.call(M.error(), {
-      amount: AmountShape,
-      destination: ChainAddressShape,
-      tmpSeat: M.remotable(),
-    }).returns(),
+    onFulfilled: M.call(M.undefined(), AdvancerVowCtxShape).returns(VowShape),
+    onRejected: M.call(M.error(), AdvancerVowCtxShape).returns(),
   }),
   transferHandler: M.interface('TransferHandlerI', {
     // TODO confirm undefined, and not bigint (sequence)
-    onFulfilled: M.call(M.undefined(), {
-      amount: AmountShape,
-      destination: ChainAddressShape,
-    }).returns(M.undefined()),
-    onRejected: M.call(M.error(), {
-      amount: AmountShape,
-      destination: ChainAddressShape,
-    }).returns(M.undefined()),
+    onFulfilled: M.call(M.undefined(), AdvancerVowCtxShape).returns(
+      M.undefined(),
+    ),
+    onRejected: M.call(M.error(), AdvancerVowCtxShape).returns(M.undefined()),
   }),
 });
 
+/**
+ * @typedef {{
+ *  fullAmount: NatAmount;
+ *  advanceAmount: NatAmount;
+ *  destination: ChainAddress;
+ *  forwardingAddress: NobleAddress;
+ *  txHash: EvmHash;
+ * }} AdvancerVowCtx
+ */
+
 /**
  * @param {Zone} zone
  * @param {AdvancerKitPowers} caps
@@ -82,7 +96,7 @@ export const prepareAdvancerKit = (
     usdc,
     vowTools: { watch, when },
     zcf,
-  } = /** @type {AdvancerKitPowers} */ ({}),
+  },
 ) => {
   assertAllDefined({
     chainHub,
@@ -100,11 +114,19 @@ export const prepareAdvancerKit = (
     AdvancerKitI,
     /**
      * @param {{
+     *   notifyFacet: import('./settler.js').SettlerKit['notify'];
      *   borrowerFacet: LiquidityPoolKit['borrower'];
      *   poolAccount: HostInterface<OrchestrationAccount<{chainId: 'agoric'}>>;
+     *   settlementAddress: ChainAddress;
+     *   intermediateRecipient?: ChainAddress;
      * }} config
      */
-    config => harden(config),
+    config =>
+      harden({
+        ...config,
+        // make sure the state record has this property, perhaps with an undefined value
+        intermediateRecipient: config.intermediateRecipient,
+      }),
     {
       advancer: {
         /**
@@ -115,129 +137,153 @@ export const prepareAdvancerKit = (
          * `StatusManager` - so we don't need to concern ourselves with
          * preserving the vow chain for callers.
          *
-         * @param {CctpTxEvidence} evidence
+         * @param {EvidenceWithRisk} evidenceWithRisk
          */
-        async handleTransactionEvent(evidence) {
+        async handleTransactionEvent({ evidence, risk }) {
           await null;
           try {
-            const { borrowerFacet, poolAccount } = this.state;
-            const { recipientAddress } = evidence.aux;
-            const { EUD } = addressTools.getQueryParams(
-              recipientAddress,
-              EudParamShape,
-            );
-
-            // this will throw if the bech32 prefix is not found, but is handled by the catch
-            const destination = chainHub.makeChainAddress(EUD);
-            const requestedAmount = toAmount(evidence.tx.amount);
-            const advanceAmount = feeTools.calculateAdvance(requestedAmount);
-
-            // TODO: consider skipping and using `borrow()`s internal balance check
-            const poolBalance = borrowerFacet.getBalance();
-            if (!isGTE(poolBalance, requestedAmount)) {
-              log(
-                `Insufficient pool funds`,
-                `Requested ${q(advanceAmount)} but only have ${q(poolBalance)}`,
-              );
-              statusManager.observe(evidence);
+            if (statusManager.hasBeenObserved(evidence)) {
+              log('txHash already seen:', evidence.txHash);
               return;
             }
 
-            try {
-              // Mark as Advanced since `transferV` initiates the advance.
-              // Will throw if we've already .skipped or .advanced this evidence.
-              statusManager.advance(evidence);
-            } catch (e) {
-              // Only anticipated error is `assertNotSeen`, so intercept the
-              // catch so we don't call .skip which also performs this check
-              log('Advancer error:', q(e).toString());
+            if (risk.risksIdentified?.length) {
+              log('risks identified, skipping advance');
+              statusManager.skipAdvance(evidence, risk.risksIdentified);
               return;
             }
 
-            const { zcfSeat: tmpSeat } = zcf.makeEmptySeatKit();
-            const amountKWR = harden({ USDC: advanceAmount });
-            try {
-              borrowerFacet.borrow(tmpSeat, amountKWR);
-            } catch (e) {
-              // We do not expect this to fail since there are no turn boundaries
-              // between .getBalance() and .borrow().
-              // We catch to report outside of the normal error flow since this is
-              // not expected.
-              log('🚨 advance borrow failed', q(e).toString());
+            const { borrowerFacet, poolAccount, settlementAddress } =
+              this.state;
+            const { recipientAddress } = evidence.aux;
+            const decoded = decodeAddressHook(recipientAddress);
+            mustMatch(decoded, AddressHookShape);
+            if (decoded.baseAddress !== settlementAddress.value) {
+              throw Fail`⚠️ baseAddress of address hook ${q(decoded.baseAddress)} does not match the expected address ${q(settlementAddress.value)}`;
             }
+            const { EUD } = /** @type {AddressHook['query']} */ (decoded.query);
+            log(`decoded EUD: ${EUD}`);
+            // throws if the bech32 prefix is not found
+            const destination = chainHub.makeChainAddress(EUD);
+
+            const fullAmount = toAmount(evidence.tx.amount);
+            // throws if requested does not exceed fees
+            const advanceAmount = feeTools.calculateAdvance(fullAmount);
+
+            const { zcfSeat: tmpSeat } = zcf.makeEmptySeatKit();
+            // throws if the pool has insufficient funds
+            borrowerFacet.borrow(tmpSeat, advanceAmount);
+
+            // this cannot throw since `.isSeen()` is called in the same turn
+            statusManager.advance(evidence);
 
             const depositV = localTransfer(
               tmpSeat,
               // @ts-expect-error LocalAccountMethods vs OrchestrationAccount
               poolAccount,
-              amountKWR,
+              harden({ USDC: advanceAmount }),
             );
             void watch(depositV, this.facets.depositHandler, {
-              amount: advanceAmount,
+              advanceAmount,
               destination,
+              forwardingAddress: evidence.tx.forwardingAddress,
+              fullAmount,
               tmpSeat,
+              txHash: evidence.txHash,
             });
-          } catch (e) {
-            log('Advancer error:', q(e).toString());
+          } catch (error) {
+            log('Advancer error:', error);
             statusManager.observe(evidence);
           }
         },
+        /** @param {ChainAddress} intermediateRecipient */
+        setIntermediateRecipient(intermediateRecipient) {
+          this.state.intermediateRecipient = intermediateRecipient;
+        },
       },
       depositHandler: {
         /**
          * @param {undefined} result
-         * @param {{ amount: Amount<'nat'>; destination: ChainAddress; tmpSeat: ZCFSeat }} ctx
+         * @param {AdvancerVowCtx & { tmpSeat: ZCFSeat }} ctx
          */
-        onFulfilled(result, { amount, destination }) {
-          const { poolAccount } = this.state;
-          const transferV = E(poolAccount).transfer(destination, {
-            denom: usdc.denom,
-            value: amount.value,
-          });
+        onFulfilled(result, ctx) {
+          const { poolAccount, intermediateRecipient } = this.state;
+          const { destination, advanceAmount, ...detail } = ctx;
+          const transferV = E(poolAccount).transfer(
+            destination,
+            { denom: usdc.denom, value: advanceAmount.value },
+            { forwardOpts: { intermediateRecipient } },
+          );
           return watch(transferV, this.facets.transferHandler, {
             destination,
-            amount,
+            advanceAmount,
+            ...detail,
           });
         },
         /**
+         * We do not expect this to be a common failure. it should only occur
+         * if USDC is not registered in vbank or the tmpSeat has less than
+         * `advanceAmount`.
+         *
+         * If we do hit this path, we return funds to the Liquidity Pool and
+         * notify of Advancing failure.
+         *
          * @param {Error} error
-         * @param {{ amount: Amount<'nat'>; destination: ChainAddress; tmpSeat: ZCFSeat }} ctx
+         * @param {AdvancerVowCtx & { tmpSeat: ZCFSeat }} ctx
          */
-        onRejected(error, { tmpSeat }) {
-          // TODO return seat allocation from ctx to LP?
-          log('🚨 advance deposit failed', q(error).toString());
-          // TODO #10510 (comprehensive error testing) determine
-          // course of action here
+        onRejected(error, { tmpSeat, advanceAmount, ...restCtx }) {
           log(
-            'TODO live payment on seat to return to LP',
-            q(tmpSeat).toString(),
+            '⚠️ deposit to localOrchAccount failed, attempting to return payment to LP',
+            error,
           );
+          try {
+            const { borrowerFacet, notifyFacet } = this.state;
+            notifyFacet.notifyAdvancingResult(restCtx, false);
+            borrowerFacet.returnToPool(tmpSeat, advanceAmount);
+          } catch (e) {
+            log('🚨 deposit to localOrchAccount failure recovery failed', e);
+          }
         },
       },
       transferHandler: {
         /**
-         * @param {undefined} result TODO confirm this is not a bigint (sequence)
-         * @param {{ destination: ChainAddress; amount: NatAmount; }} ctx
+         * @param {unknown} result TODO confirm this is not a bigint (sequence)
+         * @param {AdvancerVowCtx} ctx
          */
-        onFulfilled(result, { destination, amount }) {
-          // TODO vstorage update? We don't currently have a status for
-          // Advanced + transferV settled
-          log(
-            'Advance transfer fulfilled',
-            q({ amount, destination, result }).toString(),
-          );
+        onFulfilled(result, ctx) {
+          const { notifyFacet } = this.state;
+          const { advanceAmount, destination, ...detail } = ctx;
+          log('Advance transfer fulfilled', {
+            advanceAmount,
+            destination,
+            result,
+          });
+          // During development, due to a bug, this call threw.
+          // The failure was silent (no diagnostics) due to:
+          //  - #10576 Vows do not report unhandled rejections
+          // For now, the advancer kit relies on consistency between
+          // notifyFacet, statusManager, and callers of handleTransactionEvent().
+          // TODO: revisit #10576 during #10510
+          notifyFacet.notifyAdvancingResult({ destination, ...detail }, true);
         },
-        onRejected(error) {
-          // TODO #10510 (comprehensive error testing) determine
-          // course of action here. This might fail due to timeout.
-          log('Advance transfer rejected', q(error).toString());
+        /**
+         * @param {Error} error
+         * @param {AdvancerVowCtx} ctx
+         */
+        onRejected(error, ctx) {
+          const { notifyFacet } = this.state;
+          log('Advance transfer rejected', error);
+          notifyFacet.notifyAdvancingResult(ctx, false);
         },
       },
     },
     {
       stateShape: harden({
+        notifyFacet: M.remotable(),
         borrowerFacet: M.remotable(),
         poolAccount: M.remotable(),
+        intermediateRecipient: M.opt(ChainAddressShape),
+        settlementAddress: M.opt(ChainAddressShape),
       }),
     },
   );

package/src/exos/liquidity-pool.js

@@ -1,4 +1,4 @@
-import { AmountMath, AmountShape } from '@agoric/ertp';
+import { AmountMath } from '@agoric/ertp';
 import {
   makeRecorderTopic,
   TopicsRecordShape,
@@ -28,7 +28,7 @@ import {
  * @import {PoolStats} from '../types.js';
  */
 
-const { add, isEqual, makeEmpty } = AmountMath;
+const { add, isEqual, isGTE, makeEmpty } = AmountMath;
 
 /** @param {Brand} brand */
 const makeDust = brand => AmountMath.make(brand, 1n);
@@ -84,11 +84,8 @@ export const prepareLiquidityPoolKit = (zone, zcf, USDC, tools) => {
     'Liquidity Pool',
     {
       borrower: M.interface('borrower', {
-        getBalance: M.call().returns(AmountShape),
-        borrow: M.call(
-          SeatShape,
-          harden({ USDC: makeNatAmountShape(USDC, 1n) }),
-        ).returns(),
+        borrow: M.call(SeatShape, makeNatAmountShape(USDC, 1n)).returns(),
+        returnToPool: M.call(SeatShape, makeNatAmountShape(USDC, 1n)).returns(),
       }),
       repayer: M.interface('repayer', {
         repay: M.call(
@@ -152,38 +149,50 @@ export const prepareLiquidityPoolKit = (zone, zcf, USDC, tools) => {
     },
     {
       borrower: {
-        getBalance() {
-          const { poolSeat } = this.state;
-          return poolSeat.getAmountAllocated('USDC', USDC);
-        },
         /**
          * @param {ZCFSeat} toSeat
-         * @param {{ USDC: Amount<'nat'>}} amountKWR
+         * @param {Amount<'nat'>} amount
          */
-        borrow(toSeat, amountKWR) {
+        borrow(toSeat, amount) {
           const { encumberedBalance, poolSeat, poolStats } = this.state;
 
           // Validate amount is available in pool
           const post = borrowCalc(
-            amountKWR.USDC,
+            amount,
             poolSeat.getAmountAllocated('USDC', USDC),
             encumberedBalance,
             poolStats,
           );
 
           // COMMIT POINT
-          try {
-            zcf.atomicRearrange(harden([[poolSeat, toSeat, amountKWR]]));
-          } catch (cause) {
-            const reason = Error('🚨 cannot commit borrow', { cause });
-            console.error(reason.message, cause);
-            zcf.shutdownWithFailure(reason);
-          }
+          // UNTIL #10684: ability to terminate an incarnation w/o terminating the contract
+          zcf.atomicRearrange(harden([[poolSeat, toSeat, { USDC: amount }]]));
 
           Object.assign(this.state, post);
           this.facets.external.publishPoolMetrics();
         },
-        // TODO method to repay failed `LOA.deposit()`
+        /**
+         * If something fails during advance, return funds to the pool.
+         *
+         * @param {ZCFSeat} borrowSeat
+         * @param {Amount<'nat'>} amount
+         */
+        returnToPool(borrowSeat, amount) {
+          const { zcfSeat: repaySeat } = zcf.makeEmptySeatKit();
+          const returnAmounts = harden({
+            Principal: amount,
+            PoolFee: makeEmpty(USDC),
+            ContractFee: makeEmpty(USDC),
+          });
+          const borrowSeatAllocation = borrowSeat.getCurrentAllocation();
+          isGTE(borrowSeatAllocation.USDC, amount) ||
+            Fail`⚠️ borrowSeatAllocation ${q(borrowSeatAllocation)} less than amountKWR ${q(amount)}`;
+          // arrange payments in a format repay is expecting
+          zcf.atomicRearrange(
+            harden([[borrowSeat, repaySeat, { USDC: amount }, returnAmounts]]),
+          );
+          return this.facets.repayer.repay(repaySeat, returnAmounts);
+        },
       },
       repayer: {
         /**
@@ -213,23 +222,18 @@ export const prepareLiquidityPoolKit = (zone, zcf, USDC, tools) => {
           const { ContractFee, ...rest } = amounts;
 
           // COMMIT POINT
-          try {
-            zcf.atomicRearrange(
-              harden([
-                [
-                  fromSeat,
-                  poolSeat,
-                  rest,
-                  { USDC: add(amounts.PoolFee, amounts.Principal) },
-                ],
-                [fromSeat, feeSeat, { ContractFee }, { USDC: ContractFee }],
-              ]),
-            );
-          } catch (cause) {
-            const reason = Error('🚨 cannot commit repay', { cause });
-            console.error(reason.message, cause);
-            zcf.shutdownWithFailure(reason);
-          }
+          // UNTIL #10684: ability to terminate an incarnation w/o terminating the contract
+          zcf.atomicRearrange(
+            harden([
+              [
+                fromSeat,
+                poolSeat,
+                rest,
+                { USDC: add(amounts.PoolFee, amounts.Principal) },
+              ],
+              [fromSeat, feeSeat, { ContractFee }, { USDC: ContractFee }],
+            ]),
+          );
 
           Object.assign(this.state, post);
           this.facets.external.publishPoolMetrics();
@@ -264,9 +268,8 @@ export const prepareLiquidityPoolKit = (zone, zcf, USDC, tools) => {
           const post = depositCalc(shareWorth, proposal);
 
           // COMMIT POINT
-
+          const mint = shareMint.mintGains(post.payouts);
           try {
-            const mint = shareMint.mintGains(post.payouts);
             this.state.shareWorth = post.shareWorth;
             zcf.atomicRearrange(
               harden([
@@ -276,12 +279,12 @@ export const prepareLiquidityPoolKit = (zone, zcf, USDC, tools) => {
                 [mint, lp, post.payouts],
               ]),
             );
+          } catch (cause) {
+            // UNTIL #10684: ability to terminate an incarnation w/o terminating the contract
+            throw new Error('🚨 cannot commit deposit', { cause });
+          } finally {
             lp.exit();
             mint.exit();
-          } catch (cause) {
-            const reason = Error('🚨 cannot commit deposit', { cause });
-            console.error(reason.message, cause);
-            zcf.shutdownWithFailure(reason);
           }
           external.publishPoolMetrics();
         },
@@ -301,7 +304,6 @@ export const prepareLiquidityPoolKit = (zone, zcf, USDC, tools) => {
           const post = withdrawCalc(shareWorth, proposal);
 
           // COMMIT POINT
-
           try {
             this.state.shareWorth = post.shareWorth;
             zcf.atomicRearrange(
@@ -313,12 +315,12 @@ export const prepareLiquidityPoolKit = (zone, zcf, USDC, tools) => {
               ]),
             );
             shareMint.burnLosses(proposal.give, burn);
+          } catch (cause) {
+            // UNTIL #10684: ability to terminate an incarnation w/o terminating the contract
+            throw new Error('🚨 cannot commit withdraw', { cause });
+          } finally {
             lp.exit();
             burn.exit();
-          } catch (cause) {
-            const reason = Error('🚨 cannot commit withdraw', { cause });
-            console.error(reason.message, cause);
-            zcf.shutdownWithFailure(reason);
           }
           external.publishPoolMetrics();
         },

package/src/exos/operator-kit.js

@@ -1,18 +1,18 @@
 import { makeTracer } from '@agoric/internal';
 import { Fail } from '@endo/errors';
 import { M } from '@endo/patterns';
-import { CctpTxEvidenceShape } from '../type-guards.js';
+import { CctpTxEvidenceShape, RiskAssessmentShape } from '../type-guards.js';
 
 const trace = makeTracer('TxOperator');
 
 /**
  * @import {Zone} from '@agoric/zone';
- * @import {CctpTxEvidence} from '../types.js';
+ * @import {CctpTxEvidence, RiskAssessment} from '../types.js';
  */
 
 /**
  * @typedef {object} OperatorPowers
- * @property {(evidence: CctpTxEvidence, operatorKit: OperatorKit) => void} submitEvidence
+ * @property {(evidence: CctpTxEvidence, riskAssessment: RiskAssessment, operatorId: string) => void} attest
  */
 
 /**
@@ -31,11 +31,15 @@ const OperatorKitI = {
   }),
 
   invitationMakers: M.interface('InvitationMakers', {
-    SubmitEvidence: M.call(CctpTxEvidenceShape).returns(M.promise()),
+    SubmitEvidence: M.call(CctpTxEvidenceShape)
+      .optional(RiskAssessmentShape)
+      .returns(M.promise()),
   }),
 
   operator: M.interface('Operator', {
-    submitEvidence: M.call(CctpTxEvidenceShape).returns(M.promise()),
+    submitEvidence: M.call(CctpTxEvidenceShape)
+      .optional(RiskAssessmentShape)
+      .returns(),
     getStatus: M.call().returns(M.record()),
   }),
 };
@@ -81,13 +85,14 @@ export const prepareOperatorKit = (zone, staticPowers) =>
          * fluxAggregator contract used for price oracles.
          *
          * @param {CctpTxEvidence} evidence
+         * @param {RiskAssessment} [riskAssessment]
          * @returns {Promise<Invitation>}
          */
-        async SubmitEvidence(evidence) {
+        async SubmitEvidence(evidence, riskAssessment) {
           const { operator } = this.facets;
           // TODO(bootstrap integration): cause this call to throw and confirm that it
           // shows up in the the smart-wallet UpdateRecord `error` property
-          await operator.submitEvidence(evidence);
+          operator.submitEvidence(evidence, riskAssessment);
           return staticPowers.makeInertInvitation(
             'evidence was pushed in the invitation maker call',
           );
@@ -98,12 +103,13 @@ export const prepareOperatorKit = (zone, staticPowers) =>
          * submit evidence from this operator
          *
          * @param {CctpTxEvidence} evidence
+         * @param {RiskAssessment} [riskAssessment]
+         * @returns {void}
          */
-        async submitEvidence(evidence) {
+        submitEvidence(evidence, riskAssessment = {}) {
           const { state } = this;
           !state.disabled || Fail`submitEvidence for disabled operator`;
-          const result = state.powers.submitEvidence(evidence, this.facets);
-          return result;
+          state.powers.attest(evidence, riskAssessment, state.operatorId);
         },
         /** @returns {OperatorStatus} */
         getStatus() {