@bloxchain/contracts 1.0.0-alpha → 1.0.0-alpha.10

package/core/research/p2p-blox/P2PBlox.sol

@@ -0,0 +1,266 @@
+// SPDX-License-Identifier: MPL-2.0
+pragma solidity 0.8.33;
+
+// OpenZeppelin
+import "@openzeppelin/contracts-upgradeable/utils/ReentrancyGuardUpgradeable.sol";
+import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
+import "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
+
+// Core
+import "../../security/SecureOwnable.sol";
+import "../../access/RuntimeRBAC.sol";
+import "../../execution/GuardController.sol";
+import "../../base/BaseStateMachine.sol";
+import "../../lib/utils/SharedValidation.sol";
+import "./lib/definitions/P2PBloxDefinitions.sol";
+
+/**
+ * @title P2PBlox
+ * @dev Peer-to-peer token swap blox: two parties agree on a direct transfer where
+ *      the first entity sends token A and the second entity sends token B.
+ *      Each side submits a request (offer / counter-offer); a dedicated P2P_APPROVER_ROLE
+ *      then approves or rejects the swap before execution.
+ *
+ * Flow:
+ * 1. Party A calls requestOffer(tokenA, amountA, tokenB, amountB) — "I send token A, I want token B".
+ * 2. Party B calls requestCounterOffer(offerId, tokenB, amountB, tokenA, amountA) — must match the offer.
+ * 3. A wallet with P2P_APPROVER_ROLE calls approveSwap(offerId) to execute both transfers, or
+ *    rejectSwap(offerId) to reject the swap.
+ *
+ * Both parties must have approved this contract for their respective tokens before approveSwap.
+ * Uses SafeERC20 and CEI pattern; protected by ReentrancyGuard where state changes and external calls occur.
+ *
+ * @custom:security-contact security@particlecrypto.com
+ */
+contract P2PBlox is GuardController, RuntimeRBAC, SecureOwnable {
+    using SafeERC20 for IERC20;
+
+    /// @dev Swap lifecycle status
+    enum SwapStatus {
+        PENDING,   // Offer created, no counter yet
+        MATCHED,   // Counter-offer submitted, awaiting approver
+        EXECUTING, // Transfers in progress (internal; prevents reentrancy)
+        EXECUTED,  // Swap approved and transfers completed
+        REJECTED,  // Swap rejected by approver
+        CANCELLED  // Offer cancelled (reserved for future use)
+    }
+
+    /// @dev Single offer/counter pair: party A gives (tokenA, amountA), party B gives (tokenB, amountB)
+    struct P2PSwap {
+        address partyA;
+        address tokenA;
+        uint256 amountA;
+        address tokenB;
+        uint256 amountB;
+        address partyB;      // Set when counter-offer is submitted
+        SwapStatus status;
+    }
+
+    /// @dev Next offer ID (1-based)
+    uint256 private _nextOfferId;
+
+    /// @dev offerId => P2PSwap
+    mapping(uint256 => P2PSwap) private _swaps;
+
+    /// @dev Emitted when party A creates an offer
+    event OfferCreated(
+        uint256 indexed offerId,
+        address indexed partyA,
+        address tokenA,
+        uint256 amountA,
+        address tokenB,
+        uint256 amountB
+    );
+
+    /// @dev Emitted when party B submits a counter-offer matching the offer
+    event CounterOfferCreated(
+        uint256 indexed offerId,
+        address indexed partyB
+    );
+
+    /// @dev Emitted when the approver executes the swap
+    event SwapApproved(uint256 indexed offerId);
+
+    /// @dev Emitted when the approver rejects the swap
+    event SwapRejected(uint256 indexed offerId);
+
+    error InvalidOffer(uint256 offerId);
+    error OfferNotPending(uint256 offerId);
+    error OfferNotMatched(uint256 offerId);
+    error CounterOfferMismatch();
+    error InvalidParties();
+    error OnlyApprover();
+    error ZeroAmount();
+
+    /// @custom:oz-upgrades-unsafe-allow constructor
+    constructor() {
+        _disableInitializers();
+    }
+
+    /**
+     * @notice Initializes P2PBlox and creates the P2P_APPROVER_ROLE.
+     * Assign approver wallets via RuntimeRBAC roleConfigBatch (ADD_WALLET for P2P_APPROVER_ROLE) after deployment.
+     * @param initialOwner Initial owner
+     * @param broadcaster Broadcaster address
+     * @param recovery Recovery address
+     * @param timeLockPeriodSec Time-lock period in seconds
+     * @param eventForwarder Event forwarder address
+     */
+    function initialize(
+        address initialOwner,
+        address broadcaster,
+        address recovery,
+        uint256 timeLockPeriodSec,
+        address eventForwarder
+    ) public virtual override(GuardController, RuntimeRBAC, SecureOwnable) initializer {
+        GuardController.initialize(initialOwner, broadcaster, recovery, timeLockPeriodSec, eventForwarder);
+        RuntimeRBAC.initialize(initialOwner, broadcaster, recovery, timeLockPeriodSec, eventForwarder);
+        SecureOwnable.initialize(initialOwner, broadcaster, recovery, timeLockPeriodSec, eventForwarder);
+
+        // Create dedicated approver role (non-protected; assign wallets via RuntimeRBAC roleConfigBatch)
+        _createRole("P2P_APPROVER_ROLE", P2PBloxDefinitions.P2P_APPROVER_MAX_WALLETS, false);
+
+        _nextOfferId = 1;
+    }
+
+    /**
+     * @notice Party A creates an offer: "I send token A (amount A), I want token B (amount B)".
+     * @param tokenA Token address party A will send
+     * @param amountA Amount of token A
+     * @param tokenB Token address party A wants to receive
+     * @param amountB Amount of token B
+     * @return offerId The created offer ID
+     */
+    function requestOffer(
+        address tokenA,
+        uint256 amountA,
+        address tokenB,
+        uint256 amountB
+    ) external nonReentrant returns (uint256 offerId) {
+        SharedValidation.validateNotZeroAddress(tokenA);
+        SharedValidation.validateNotZeroAddress(tokenB);
+        if (amountA == 0 || amountB == 0) revert ZeroAmount();
+
+        offerId = _nextOfferId++;
+        unchecked {
+            _nextOfferId = _nextOfferId;
+        }
+
+        _swaps[offerId] = P2PSwap({
+            partyA: msg.sender,
+            tokenA: tokenA,
+            amountA: amountA,
+            tokenB: tokenB,
+            amountB: amountB,
+            partyB: address(0),
+            status: SwapStatus.PENDING
+        });
+
+        emit OfferCreated(offerId, msg.sender, tokenA, amountA, tokenB, amountB);
+        return offerId;
+    }
+
+    /**
+     * @notice Party B submits a counter-offer that must match the existing offer (token/amounts).
+     * @param offerId The offer to match
+     * @param tokenB Token address party B will send (must equal offer.tokenB)
+     * @param amountB Amount party B will send (must equal offer.amountB)
+     * @param tokenA Token address party B wants to receive (must equal offer.tokenA)
+     * @param amountA Amount party B wants (must equal offer.amountA)
+     */
+    function requestCounterOffer(
+        uint256 offerId,
+        address tokenB,
+        uint256 amountB,
+        address tokenA,
+        uint256 amountA
+    ) external nonReentrant {
+        P2PSwap storage swap = _swaps[offerId];
+        if (swap.partyA == address(0)) revert InvalidOffer(offerId);
+        if (swap.status != SwapStatus.PENDING) revert OfferNotPending(offerId);
+        if (msg.sender == swap.partyA) revert InvalidParties();
+
+        if (
+            tokenA != swap.tokenA || amountA != swap.amountA ||
+            tokenB != swap.tokenB || amountB != swap.amountB
+        ) revert CounterOfferMismatch();
+
+        swap.partyB = msg.sender;
+        swap.status = SwapStatus.MATCHED;
+
+        emit CounterOfferCreated(offerId, msg.sender);
+    }
+
+    /**
+     * @notice Executes the swap: transfers token A from party A to party B and token B from party B to party A.
+     * Callable only by P2P_APPROVER_ROLE. Both parties must have approved this contract for their tokens.
+     * @param offerId The matched offer to execute
+     */
+    function approveSwap(uint256 offerId) external nonReentrant {
+        if (!hasRole(P2PBloxDefinitions.P2P_APPROVER_ROLE, msg.sender)) revert OnlyApprover();
+
+        P2PSwap storage swap = _swaps[offerId];
+        if (swap.partyA == address(0)) revert InvalidOffer(offerId);
+        if (swap.status != SwapStatus.MATCHED) revert OfferNotMatched(offerId);
+
+        // CEI: capture and update state before external calls
+        address partyA = swap.partyA;
+        address partyB = swap.partyB;
+        address tokenA = swap.tokenA;
+        address tokenB = swap.tokenB;
+        uint256 amountA = swap.amountA;
+        uint256 amountB = swap.amountB;
+
+        swap.status = SwapStatus.EXECUTING;
+
+        IERC20(tokenA).safeTransferFrom(partyA, partyB, amountA);
+        IERC20(tokenB).safeTransferFrom(partyB, partyA, amountB);
+
+        swap.status = SwapStatus.EXECUTED;
+        emit SwapApproved(offerId);
+    }
+
+    /**
+     * @notice Rejects a matched swap. Callable only by P2P_APPROVER_ROLE.
+     * @param offerId The matched offer to reject
+     */
+    function rejectSwap(uint256 offerId) external {
+        if (!hasRole(P2PBloxDefinitions.P2P_APPROVER_ROLE, msg.sender)) revert OnlyApprover();
+
+        P2PSwap storage swap = _swaps[offerId];
+        if (swap.partyA == address(0)) revert InvalidOffer(offerId);
+        if (swap.status != SwapStatus.MATCHED) revert OfferNotMatched(offerId);
+
+        swap.status = SwapStatus.REJECTED;
+        emit SwapRejected(offerId);
+    }
+
+    /**
+     * @notice Returns the full swap record for an offer ID.
+     * @param offerId The offer ID
+     */
+    function getSwap(uint256 offerId) external view returns (P2PSwap memory) {
+        return _swaps[offerId];
+    }
+
+    /**
+     * @notice Returns the next offer ID (for frontends).
+     */
+    function getNextOfferId() external view returns (uint256) {
+        return _nextOfferId;
+    }
+
+    function supportsInterface(bytes4 interfaceId)
+        public
+        view
+        virtual
+        override(GuardController, RuntimeRBAC, SecureOwnable)
+        returns (bool)
+    {
+        return GuardController.supportsInterface(interfaceId)
+            || RuntimeRBAC.supportsInterface(interfaceId)
+            || SecureOwnable.supportsInterface(interfaceId);
+    }
+
+    uint256[50] private __gap;
+}

package/core/research/p2p-blox/README.md

@@ -0,0 +1,85 @@
+# P2P Blox — Peer-to-Peer Token Swap
+
+P2PBlox is a research blox that lets two parties agree on a **direct token swap**: the first entity sends **token A** and the second entity sends **token B**. Each side submits a request (offer and counter-offer); a **dedicated approver role** then approves or rejects the swap before execution.
+
+## Design
+
+- **Dual request**: Party A creates an offer; Party B submits a counter-offer that must match (same tokens and amounts).
+- **Approver role**: Only wallets with `P2P_APPROVER_ROLE` can call `approveSwap` or `rejectSwap`.
+- **Execution**: On approval, the contract performs `transferFrom` for both legs (A→B for token A, B→A for token B). Both parties must have approved the P2PBlox contract for their respective tokens before approval.
+- **Stack**: P2PBlox extends GuardController, RuntimeRBAC, and SecureOwnable (same pattern as FactoryBlox). Swap lifecycle (offer / counter / approve / reject) is implemented in the blox; approver membership is managed via RuntimeRBAC.
+
+## Flow
+
+1. **Party A** — `requestOffer(tokenA, amountA, tokenB, amountB)`  
+   “I send `tokenA` amount `amountA`, I want `tokenB` amount `amountB`.”
+
+2. **Party B** — `requestCounterOffer(offerId, tokenB, amountB, tokenA, amountA)`  
+   Must match the offer: same `tokenA`/`amountA` and `tokenB`/`amountB`. Party B cannot be the same as Party A.
+
+3. **Approver** — either:
+   - `approveSwap(offerId)`  
+     Executes: `tokenA.transferFrom(partyA, partyB, amountA)` and `tokenB.transferFrom(partyB, partyA, amountB)`.
+   - `rejectSwap(offerId)`  
+     Marks the swap as rejected (no transfers).
+
+## State and Status
+
+- **PENDING** — Offer created, no counter-offer yet.
+- **MATCHED** — Counter-offer submitted; waiting for approver.
+- **EXECUTING** — Internal state during transfers (reentrancy guard).
+- **EXECUTED** — Swap completed.
+- **REJECTED** — Approver rejected the swap.
+- **CANCELLED** — Reserved for future use.
+
+## Role: P2P_APPROVER_ROLE
+
+- Created at initialization (non-protected).
+- Max wallets defined in `P2PBloxDefinitions.P2P_APPROVER_MAX_WALLETS` (e.g. 5).
+- No wallets are assigned in `initialize`; assign approvers after deployment via RuntimeRBAC `roleConfigBatch` (e.g. `ADD_WALLET` for `P2P_APPROVER_ROLE`).
+
+## Security
+
+- **CEI**: State (including status) is updated before external `transferFrom` calls.
+- **Reentrancy**: `requestOffer`, `requestCounterOffer`, and `approveSwap` use `nonReentrant`.
+- **Inputs**: Zero address and zero amount checks; counter-offer must match offer; party B ≠ party A.
+- **Transfers**: SafeERC20 for both tokens.
+
+## API Summary
+
+| Function | Caller | Description |
+|----------|--------|-------------|
+| `requestOffer(tokenA, amountA, tokenB, amountB)` | Any | Create offer; returns `offerId`. |
+| `requestCounterOffer(offerId, tokenB, amountB, tokenA, amountA)` | Any (≠ party A) | Match offer; must match tokens/amounts. |
+| `approveSwap(offerId)` | P2P_APPROVER_ROLE | Execute both transfers. |
+| `rejectSwap(offerId)` | P2P_APPROVER_ROLE | Reject swap (no transfers). |
+| `getSwap(offerId)` | Any | Return full swap record. |
+| `getNextOfferId()` | Any | Next offer ID (for UIs). |
+
+## Events
+
+- `OfferCreated(offerId, partyA, tokenA, amountA, tokenB, amountB)`
+- `CounterOfferCreated(offerId, partyB)`
+- `SwapApproved(offerId)`
+- `SwapRejected(offerId)`
+
+## Files
+
+- `P2PBlox.sol` — Main contract (swap logic, role checks, SafeERC20, CEI).
+- `lib/definitions/P2PBloxDefinitions.sol` — Constants: `P2P_APPROVER_ROLE`, `P2P_APPROVER_MAX_WALLETS`, `P2P_SWAP_OPERATION`.
+
+## Deployment and Setup
+
+1. Deploy P2PBlox (e.g. via proxy/clone pattern used elsewhere in the protocol).
+2. Call `initialize(initialOwner, broadcaster, recovery, timeLockPeriodSec, eventForwarder)`.
+3. Assign at least one wallet to `P2P_APPROVER_ROLE` using RuntimeRBAC `roleConfigBatch` (CREATE_ROLE already done in `initialize`; use ADD_WALLET for the approver role hash from `P2PBloxDefinitions.P2P_APPROVER_ROLE`).
+
+## Custom Errors
+
+- `InvalidOffer(offerId)` — Offer does not exist.
+- `OfferNotPending(offerId)` — Offer not in PENDING (e.g. already matched).
+- `OfferNotMatched(offerId)` — Offer not in MATCHED (cannot approve/reject).
+- `CounterOfferMismatch()` — Counter-offer tokens/amounts do not match offer.
+- `InvalidParties()` — Counter-offer from same address as party A.
+- `OnlyApprover()` — Caller does not have `P2P_APPROVER_ROLE`.
+- `ZeroAmount()` — Either amount in an offer is zero.

package/core/research/p2p-blox/lib/definitions/P2PBloxDefinitions.sol

@@ -0,0 +1,19 @@
+// SPDX-License-Identifier: MPL-2.0
+pragma solidity 0.8.33;
+
+/**
+ * @title P2PBloxDefinitions
+ * @dev Constants and definitions for the P2P (peer-to-peer) swap blox.
+ * Defines the dedicated approver role and operation types used by P2PBlox.
+ * @custom:security-contact security@particlecrypto.com
+ */
+library P2PBloxDefinitions {
+    /// @dev Role hash for the dedicated swap approver (can approve or reject matched swaps)
+    bytes32 public constant P2P_APPROVER_ROLE = keccak256(bytes("P2P_APPROVER_ROLE"));
+
+    /// @dev Maximum number of wallets that can hold the P2P_APPROVER_ROLE
+    uint256 public constant P2P_APPROVER_MAX_WALLETS = 5;
+
+    /// @dev Operation type for P2P swap lifecycle (offer, counter, approve, reject)
+    bytes32 public constant P2P_SWAP_OPERATION = keccak256("P2P_SWAP_OPERATION");
+}