@keep-network/tbtc-v2 0.1.1-dev.10 → 0.1.1-dev.102

package/contracts/hardhat-dependency-compiler/.hardhat-dependency-compiler

@@ -0,0 +1 @@
+directory approved for write access by hardhat-dependency-compiler

package/contracts/hardhat-dependency-compiler/@keep-network/ecdsa/contracts/WalletRegistry.sol

@@ -0,0 +1,3 @@
+// SPDX-License-Identifier: UNLICENSED
+pragma solidity >0.0.0;
+import '@keep-network/ecdsa/contracts/WalletRegistry.sol';

package/contracts/hardhat-dependency-compiler/@openzeppelin/contracts/proxy/transparent/ProxyAdmin.sol

@@ -0,0 +1,3 @@
+// SPDX-License-Identifier: UNLICENSED
+pragma solidity >0.0.0;
+import '@openzeppelin/contracts/proxy/transparent/ProxyAdmin.sol';

package/contracts/hardhat-dependency-compiler/@openzeppelin/contracts/proxy/transparent/TransparentUpgradeableProxy.sol

@@ -0,0 +1,3 @@
+// SPDX-License-Identifier: UNLICENSED
+pragma solidity >0.0.0;
+import '@openzeppelin/contracts/proxy/transparent/TransparentUpgradeableProxy.sol';

package/contracts/maintainer/MaintainerProxy.sol

@@ -0,0 +1,512 @@
+// SPDX-License-Identifier: MIT
+
+// ██████████████     ▐████▌     ██████████████
+// ██████████████     ▐████▌     ██████████████
+//               ▐████▌    ▐████▌
+//               ▐████▌    ▐████▌
+// ██████████████     ▐████▌     ██████████████
+// ██████████████     ▐████▌     ██████████████
+//               ▐████▌    ▐████▌
+//               ▐████▌    ▐████▌
+//               ▐████▌    ▐████▌
+//               ▐████▌    ▐████▌
+//               ▐████▌    ▐████▌
+//               ▐████▌    ▐████▌
+
+pragma solidity ^0.8.9;
+
+import "@openzeppelin/contracts/access/Ownable.sol";
+import "@keep-network/random-beacon/contracts/Reimbursable.sol";
+import "@keep-network/random-beacon/contracts/ReimbursementPool.sol";
+
+import "../bridge/BitcoinTx.sol";
+import "../bridge/Bridge.sol";
+
+/// @title Maintainer Proxy
+/// @notice Maintainers are the willing off-chain clients approved by the governance.
+///         Maintainers proxy calls to the Bridge contract via 'MaintainerProxy'
+///         and are refunded for the spent gas from the Reimbursement Pool.
+///         Only the authorized maintainers can call 'MaintainerProxy' functions.
+contract MaintainerProxy is Ownable, Reimbursable {
+    Bridge public bridge;
+
+    /// @notice Authorized maintainers that can interact with the set of functions
+    ///         for maintainers only. Authorization can be granted and removed by
+    ///         the governance.
+    /// @dev    'Key' is the address of the maintainer. 'Value' represents an index+1
+    ///         in the 'maintainers' array. 1 was added so the maintainer index can
+    ///         never be 0 which is a reserved index for a non-existent maintainer
+    ///         in this map.
+    mapping(address => uint256) public isAuthorized;
+
+    /// @notice This list of maintainers keeps the order of which maintainer should
+    ///         be submitting a next transaction. It does not enforce the order
+    ///         but only tracks who should be next in line.
+    address[] public maintainers;
+
+    /// @notice Gas that is meant to balance the submission of deposit sweep proof
+    ///         overall cost. Can be updated by the governance based on the current
+    ///         market conditions.
+    uint256 public submitDepositSweepProofGasOffset;
+
+    /// @notice Gas that is meant to balance the submission of redemption proof
+    ///         overall cost. Can be updated by the governance based on the current
+    ///         market conditions.
+    uint256 public submitRedemptionProofGasOffset;
+
+    /// @notice Gas that is meant to balance the submission of moving funds commitment
+    ///         overall cost. Can be updated by the governance based on the current
+    ///         market conditions.
+    uint256 public submitMovingFundsCommitmentGasOffset;
+
+    /// @notice Gas that is meant to balance the reset of moving funds timeout
+    ///         overall cost. Can be updated by the governance based on the current
+    ///         market conditions.
+    uint256 public resetMovingFundsTimeoutGasOffset;
+
+    /// @notice Gas that is meant to balance the submission of moving funds proof
+    ///         overall cost. Can be updated by the governance based on the current
+    ///         market conditions.
+    uint256 public submitMovingFundsProofGasOffset;
+
+    /// @notice Gas that is meant to balance the notification of moving funds below
+    ///         dust overall cost. Can be updated by the governance based on the
+    ///         current market conditions.
+    uint256 public notifyMovingFundsBelowDustGasOffset;
+
+    /// @notice Gas that is meant to balance the submission of moved funds sweep
+    ///         proof overall cost. Can be updated by the governance based on the
+    ///         current market conditions.
+    uint256 public submitMovedFundsSweepProofGasOffset;
+
+    /// @notice Gas that is meant to balance the request of a new wallet overall
+    ///         cost. Can be updated by the governance based on the current
+    ///         market conditions.
+    uint256 public requestNewWalletGasOffset;
+
+    /// @notice Gas that is meant to balance the notification of closeable wallet
+    ///         overall cost. Can be updated by the governance based on the current
+    ///         market conditions.
+    uint256 public notifyWalletCloseableGasOffset;
+
+    /// @notice Gas that is meant to balance the notification of wallet closing
+    ///         period elapsed overall cost. Can be updated by the governance
+    ///         based on the current market conditions.
+    uint256 public notifyWalletClosingPeriodElapsedGasOffset;
+
+    /// @notice Gas that is meant to balance the defeat fraud challenge
+    ///         overall cost. Can be updated by the governance based on the current
+    ///         market conditions.
+    uint256 public defeatFraudChallengeGasOffset;
+
+    /// @notice Gas that is meant to balance the defeat fraud challenge with heartbeat
+    ///         overall cost. Can be updated by the governance based on the current
+    ///         market conditions.
+    uint256 public defeatFraudChallengeWithHeartbeatGasOffset;
+
+    event MaintainerAuthorized(address indexed maintainer);
+
+    event MaintainerUnauthorized(address indexed maintainer);
+
+    event BridgeUpdated(address newBridge);
+
+    event GasOffsetParametersUpdated(
+        uint256 submitDepositSweepProofGasOffset,
+        uint256 submitRedemptionProofGasOffset,
+        uint256 submitMovingFundsCommitmentGasOffset,
+        uint256 resetMovingFundsTimeoutGasOffset,
+        uint256 submitMovingFundsProofGasOffset,
+        uint256 notifyMovingFundsBelowDustGasOffset,
+        uint256 submitMovedFundsSweepProofGasOffset,
+        uint256 requestNewWalletGasOffset,
+        uint256 notifyWalletCloseableGasOffset,
+        uint256 notifyWalletClosingPeriodElapsedGasOffset,
+        uint256 defeatFraudChallengeGasOffset,
+        uint256 defeatFraudChallengeWithHeartbeatGasOffset
+    );
+
+    modifier onlyMaintainer() {
+        require(isAuthorized[msg.sender] != 0, "Caller is not authorized");
+        _;
+    }
+
+    modifier onlyReimbursableAdmin() override {
+        require(owner() == msg.sender, "Caller is not the owner");
+        _;
+    }
+
+    constructor(Bridge _bridge, ReimbursementPool _reimbursementPool) {
+        bridge = _bridge;
+        reimbursementPool = _reimbursementPool;
+        submitDepositSweepProofGasOffset = 27000;
+        submitRedemptionProofGasOffset = 9750;
+        submitMovingFundsCommitmentGasOffset = 8000;
+        resetMovingFundsTimeoutGasOffset = 1000;
+        submitMovingFundsProofGasOffset = 15000;
+        notifyMovingFundsBelowDustGasOffset = 3500;
+        submitMovedFundsSweepProofGasOffset = 22000;
+        requestNewWalletGasOffset = 3500;
+        notifyWalletCloseableGasOffset = 4000;
+        notifyWalletClosingPeriodElapsedGasOffset = 3000;
+        defeatFraudChallengeGasOffset = 10000;
+        defeatFraudChallengeWithHeartbeatGasOffset = 5000;
+    }
+
+    /// @notice Wraps `Bridge.submitDepositSweepProof` call and reimburses the
+    ///         caller's transaction cost.
+    /// @dev See `Bridge.submitDepositSweepProof` function documentation.
+    function submitDepositSweepProof(
+        BitcoinTx.Info calldata sweepTx,
+        BitcoinTx.Proof calldata sweepProof,
+        BitcoinTx.UTXO calldata mainUtxo,
+        address vault
+    ) external onlyMaintainer {
+        uint256 gasStart = gasleft();
+
+        bridge.submitDepositSweepProof(sweepTx, sweepProof, mainUtxo, vault);
+
+        reimbursementPool.refund(
+            (gasStart - gasleft()) + submitDepositSweepProofGasOffset,
+            msg.sender
+        );
+    }
+
+    /// @notice Wraps `Bridge.submitRedemptionProof` call and reimburses the
+    ///         caller's transaction cost.
+    /// @dev See `Bridge.submitRedemptionProof` function documentation.
+    function submitRedemptionProof(
+        BitcoinTx.Info calldata redemptionTx,
+        BitcoinTx.Proof calldata redemptionProof,
+        BitcoinTx.UTXO calldata mainUtxo,
+        bytes20 walletPubKeyHash
+    ) external onlyMaintainer {
+        uint256 gasStart = gasleft();
+
+        bridge.submitRedemptionProof(
+            redemptionTx,
+            redemptionProof,
+            mainUtxo,
+            walletPubKeyHash
+        );
+
+        reimbursementPool.refund(
+            (gasStart - gasleft()) + submitRedemptionProofGasOffset,
+            msg.sender
+        );
+    }
+
+    /// @notice Wraps `Bridge.submitMovingFundsCommitment` call and reimburses the
+    ///         caller's transaction cost.
+    /// @dev See `Bridge.submitMovingFundsCommitment` function documentation.
+    function submitMovingFundsCommitment(
+        bytes20 walletPubKeyHash,
+        BitcoinTx.UTXO calldata walletMainUtxo,
+        uint32[] calldata walletMembersIDs,
+        uint256 walletMemberIndex,
+        bytes20[] calldata targetWallets
+    ) external {
+        uint256 gasStart = gasleft();
+
+        bridge.submitMovingFundsCommitment(
+            walletPubKeyHash,
+            walletMainUtxo,
+            walletMembersIDs,
+            walletMemberIndex,
+            targetWallets
+        );
+
+        reimbursementPool.refund(
+            (gasStart - gasleft()) + submitMovingFundsCommitmentGasOffset,
+            msg.sender
+        );
+    }
+
+    /// @notice Wraps `Bridge.resetMovingFundsTimeout` call and reimburses the
+    ///         caller's transaction cost.
+    /// @dev See `Bridge.resetMovingFundsTimeout` function documentation.
+    function resetMovingFundsTimeout(bytes20 walletPubKeyHash) external {
+        uint256 gasStart = gasleft();
+
+        bridge.resetMovingFundsTimeout(walletPubKeyHash);
+
+        reimbursementPool.refund(
+            (gasStart - gasleft()) + resetMovingFundsTimeoutGasOffset,
+            msg.sender
+        );
+    }
+
+    /// @notice Wraps `Bridge.submitMovingFundsProof` call and reimburses the
+    ///         caller's transaction cost.
+    /// @dev See `Bridge.submitMovingFundsProof` function documentation.
+    function submitMovingFundsProof(
+        BitcoinTx.Info calldata movingFundsTx,
+        BitcoinTx.Proof calldata movingFundsProof,
+        BitcoinTx.UTXO calldata mainUtxo,
+        bytes20 walletPubKeyHash
+    ) external onlyMaintainer {
+        uint256 gasStart = gasleft();
+
+        bridge.submitMovingFundsProof(
+            movingFundsTx,
+            movingFundsProof,
+            mainUtxo,
+            walletPubKeyHash
+        );
+
+        reimbursementPool.refund(
+            (gasStart - gasleft()) + submitMovingFundsProofGasOffset,
+            msg.sender
+        );
+    }
+
+    /// @notice Wraps `Bridge.notifyMovingFundsBelowDust` call and reimburses the
+    ///         caller's transaction cost.
+    /// @dev See `Bridge.notifyMovingFundsBelowDust` function documentation.
+    function notifyMovingFundsBelowDust(
+        bytes20 walletPubKeyHash,
+        BitcoinTx.UTXO calldata mainUtxo
+    ) external onlyMaintainer {
+        uint256 gasStart = gasleft();
+
+        bridge.notifyMovingFundsBelowDust(walletPubKeyHash, mainUtxo);
+
+        reimbursementPool.refund(
+            (gasStart - gasleft()) + notifyMovingFundsBelowDustGasOffset,
+            msg.sender
+        );
+    }
+
+    /// @notice Wraps `Bridge.submitMovedFundsSweepProof` call and reimburses the
+    ///         caller's transaction cost.
+    /// @dev See `Bridge.submitMovedFundsSweepProof` function documentation.
+    function submitMovedFundsSweepProof(
+        BitcoinTx.Info calldata sweepTx,
+        BitcoinTx.Proof calldata sweepProof,
+        BitcoinTx.UTXO calldata mainUtxo
+    ) external onlyMaintainer {
+        uint256 gasStart = gasleft();
+
+        bridge.submitMovedFundsSweepProof(sweepTx, sweepProof, mainUtxo);
+
+        reimbursementPool.refund(
+            (gasStart - gasleft()) + submitMovedFundsSweepProofGasOffset,
+            msg.sender
+        );
+    }
+
+    /// @notice Wraps `Bridge.requestNewWallet` call and reimburses the
+    ///         caller's transaction cost.
+    /// @dev See `Bridge.requestNewWallet` function documentation.
+    function requestNewWallet(BitcoinTx.UTXO calldata activeWalletMainUtxo)
+        external
+        onlyMaintainer
+    {
+        uint256 gasStart = gasleft();
+
+        bridge.requestNewWallet(activeWalletMainUtxo);
+
+        reimbursementPool.refund(
+            (gasStart - gasleft()) + requestNewWalletGasOffset,
+            msg.sender
+        );
+    }
+
+    /// @notice Wraps `Bridge.notifyWalletCloseable` call and reimburses the
+    ///         caller's transaction cost.
+    /// @dev See `Bridge.notifyWalletCloseable` function documentation.
+    function notifyWalletCloseable(
+        bytes20 walletPubKeyHash,
+        BitcoinTx.UTXO calldata walletMainUtxo
+    ) external onlyMaintainer {
+        uint256 gasStart = gasleft();
+
+        bridge.notifyWalletCloseable(walletPubKeyHash, walletMainUtxo);
+
+        reimbursementPool.refund(
+            (gasStart - gasleft()) + notifyWalletCloseableGasOffset,
+            msg.sender
+        );
+    }
+
+    /// @notice Wraps `Bridge.notifyWalletClosingPeriodElapsed` call and reimburses
+    ///         the caller's transaction cost.
+    /// @dev See `Bridge.notifyWalletClosingPeriodElapsed` function documentation.
+    function notifyWalletClosingPeriodElapsed(bytes20 walletPubKeyHash)
+        external
+        onlyMaintainer
+    {
+        uint256 gasStart = gasleft();
+
+        bridge.notifyWalletClosingPeriodElapsed(walletPubKeyHash);
+
+        reimbursementPool.refund(
+            (gasStart - gasleft()) + notifyWalletClosingPeriodElapsedGasOffset,
+            msg.sender
+        );
+    }
+
+    /// @notice Wraps `Bridge.defeatFraudChallenge` call and reimburses the
+    ///         caller's transaction cost.
+    /// @dev See `Bridge.defeatFraudChallenge` function documentation.
+    function defeatFraudChallenge(
+        bytes calldata walletPublicKey,
+        bytes calldata preimage,
+        bool witness
+    ) external {
+        uint256 gasStart = gasleft();
+
+        bridge.defeatFraudChallenge(walletPublicKey, preimage, witness);
+
+        reimbursementPool.refund(
+            (gasStart - gasleft()) + defeatFraudChallengeGasOffset,
+            msg.sender
+        );
+    }
+
+    /// @notice Wraps `Bridge.defeatFraudChallengeWithHeartbeat` call and
+    ///         reimburses the caller's transaction cost.
+    /// @dev See `Bridge.defeatFraudChallengeWithHeartbeat` function documentation.
+    function defeatFraudChallengeWithHeartbeat(
+        bytes calldata walletPublicKey,
+        bytes calldata heartbeatMessage
+    ) external {
+        uint256 gasStart = gasleft();
+
+        bridge.defeatFraudChallengeWithHeartbeat(
+            walletPublicKey,
+            heartbeatMessage
+        );
+
+        reimbursementPool.refund(
+            (gasStart - gasleft()) + defeatFraudChallengeWithHeartbeatGasOffset,
+            msg.sender
+        );
+    }
+
+    /// @notice Authorize a maintainer that can interact with this reimbursement pool.
+    ///         Can be authorized by the owner only.
+    /// @param maintainer Maintainer to authorize.
+    function authorize(address maintainer) external onlyOwner {
+        maintainers.push(maintainer);
+        isAuthorized[maintainer] = maintainers.length;
+
+        emit MaintainerAuthorized(maintainer);
+    }
+
+    /// @notice Unauthorize a maintainer that was previously authorized to interact
+    ///         with the Maintainer Proxy contract. Can be unauthorized by the
+    ///         owner only.
+    /// @dev    The last maintainer is swapped with the one to be unauthorized.
+    ///         The unauthorized maintainer is then removed from the list. An index
+    ///         of the last maintainer is changed with the removed maintainer.
+    ///         Ex.
+    ///         'maintainers' list: [0x1, 0x2, 0x3, 0x4, 0x5]
+    ///         'isAuthorized' map: [0x1 -> 1, 0x2 -> 2, 0x3 -> 3, 0x4 -> 4, 0x5 -> 5]
+    ///         unauthorize: 0x3
+    ///         new 'maintainers' list: [0x1, 0x2, 0x5, 0x4]
+    ///         new 'isAuthorized' map: [0x1 -> 1, 0x2 -> 2, 0x4 -> 4, 0x5 -> 3]
+    /// @param maintainerToUnauthorize Maintainer to unauthorize.
+    function unauthorize(address maintainerToUnauthorize) external onlyOwner {
+        uint256 maintainerIdToUnauthorize = isAuthorized[
+            maintainerToUnauthorize
+        ];
+
+        require(maintainerIdToUnauthorize != 0, "No maintainer to unauthorize");
+
+        address lastMaintainerAddress = maintainers[maintainers.length - 1];
+
+        maintainers[maintainerIdToUnauthorize - 1] = lastMaintainerAddress;
+        maintainers.pop();
+
+        isAuthorized[lastMaintainerAddress] = maintainerIdToUnauthorize;
+
+        delete isAuthorized[maintainerToUnauthorize];
+
+        emit MaintainerUnauthorized(maintainerToUnauthorize);
+    }
+
+    /// @notice Allows the Governance to upgrade the Bridge address.
+    /// @dev The function does not implement any governance delay and does not
+    ///      check the status of the Bridge. The Governance implementation needs
+    ///      to ensure all requirements for the upgrade are satisfied before
+    ///      executing this function.
+    function updateBridge(Bridge _bridge) external onlyOwner {
+        bridge = _bridge;
+
+        emit BridgeUpdated(address(_bridge));
+    }
+
+    /// @notice Updates the values of gas offset parameters.
+    /// @dev Can be called only by the contract owner. The caller is responsible
+    ///      for validating parameters.
+    /// @param newSubmitDepositSweepProofGasOffset New submit deposit sweep
+    ///        proof gas offset.
+    /// @param newSubmitRedemptionProofGasOffset New submit redemption proof gas
+    ///        offset.
+    /// @param newSubmitMovingFundsCommitmentGasOffset New submit moving funds
+    ///        commitment gas offset.
+    /// @param newResetMovingFundsTimeoutGasOffset New reset moving funds
+    ///        timeout gas offset.
+    /// @param newSubmitMovingFundsProofGasOffset New submit moving funds proof
+    ///        gas offset.
+    /// @param newNotifyMovingFundsBelowDustGasOffset New notify moving funds
+    ///        below dust gas offset.
+    /// @param newSubmitMovedFundsSweepProofGasOffset New submit moved funds
+    ///        sweep proof gas offset.
+    /// @param newRequestNewWalletGasOffset New request new wallet gas offset.
+    /// @param newNotifyWalletCloseableGasOffset New notify closeable wallet gas
+    ///        offset.
+    /// @param newNotifyWalletClosingPeriodElapsedGasOffset New notify wallet
+    ///        closing period elapsed gas offset.
+    /// @param newDefeatFraudChallengeGasOffset New defeat fraud challenge gas
+    ///        offset.
+    /// @param newDefeatFraudChallengeWithHeartbeatGasOffset New defeat fraud
+    ///        challenge with heartbeat gas offset.
+    function updateGasOffsetParameters(
+        uint256 newSubmitDepositSweepProofGasOffset,
+        uint256 newSubmitRedemptionProofGasOffset,
+        uint256 newSubmitMovingFundsCommitmentGasOffset,
+        uint256 newResetMovingFundsTimeoutGasOffset,
+        uint256 newSubmitMovingFundsProofGasOffset,
+        uint256 newNotifyMovingFundsBelowDustGasOffset,
+        uint256 newSubmitMovedFundsSweepProofGasOffset,
+        uint256 newRequestNewWalletGasOffset,
+        uint256 newNotifyWalletCloseableGasOffset,
+        uint256 newNotifyWalletClosingPeriodElapsedGasOffset,
+        uint256 newDefeatFraudChallengeGasOffset,
+        uint256 newDefeatFraudChallengeWithHeartbeatGasOffset
+    ) external onlyOwner {
+        submitDepositSweepProofGasOffset = newSubmitDepositSweepProofGasOffset;
+        submitRedemptionProofGasOffset = newSubmitRedemptionProofGasOffset;
+        submitMovingFundsCommitmentGasOffset = newSubmitMovingFundsCommitmentGasOffset;
+        resetMovingFundsTimeoutGasOffset = newResetMovingFundsTimeoutGasOffset;
+        submitMovingFundsProofGasOffset = newSubmitMovingFundsProofGasOffset;
+        notifyMovingFundsBelowDustGasOffset = newNotifyMovingFundsBelowDustGasOffset;
+        submitMovedFundsSweepProofGasOffset = newSubmitMovedFundsSweepProofGasOffset;
+        requestNewWalletGasOffset = newRequestNewWalletGasOffset;
+        notifyWalletCloseableGasOffset = newNotifyWalletCloseableGasOffset;
+        notifyWalletClosingPeriodElapsedGasOffset = newNotifyWalletClosingPeriodElapsedGasOffset;
+        defeatFraudChallengeGasOffset = newDefeatFraudChallengeGasOffset;
+        defeatFraudChallengeWithHeartbeatGasOffset = newDefeatFraudChallengeWithHeartbeatGasOffset;
+
+        emit GasOffsetParametersUpdated(
+            submitDepositSweepProofGasOffset,
+            submitRedemptionProofGasOffset,
+            submitMovingFundsCommitmentGasOffset,
+            resetMovingFundsTimeoutGasOffset,
+            submitMovingFundsProofGasOffset,
+            notifyMovingFundsBelowDustGasOffset,
+            submitMovedFundsSweepProofGasOffset,
+            requestNewWalletGasOffset,
+            notifyWalletCloseableGasOffset,
+            notifyWalletClosingPeriodElapsedGasOffset,
+            defeatFraudChallengeGasOffset,
+            defeatFraudChallengeWithHeartbeatGasOffset
+        );
+    }
+
+    /// @notice Gets an entire array of maintainer addresses.
+    function allMaintainers() external view returns (address[] memory) {
+        return maintainers;
+    }
+}

package/contracts/token/TBTC.sol

@@ -1,6 +1,6 @@
 // SPDX-License-Identifier: MIT
 
-pragma solidity 0.8.4;
+pragma solidity ^0.8.9;
 
 import "@thesis/solidity-contracts/contracts/token/ERC20WithPermit.sol";
 import "@thesis/solidity-contracts/contracts/token/MisfundRecovery.sol";

package/contracts/vault/DonationVault.sol

@@ -0,0 +1,125 @@
+// SPDX-License-Identifier: MIT
+
+// ██████████████     ▐████▌     ██████████████
+// ██████████████     ▐████▌     ██████████████
+//               ▐████▌    ▐████▌
+//               ▐████▌    ▐████▌
+// ██████████████     ▐████▌     ██████████████
+// ██████████████     ▐████▌     ██████████████
+//               ▐████▌    ▐████▌
+//               ▐████▌    ▐████▌
+//               ▐████▌    ▐████▌
+//               ▐████▌    ▐████▌
+//               ▐████▌    ▐████▌
+//               ▐████▌    ▐████▌
+
+pragma solidity ^0.8.9;
+
+import "./IVault.sol";
+import "../bank/Bank.sol";
+
+/// @title BTC donation vault
+/// @notice Vault that allows making BTC donations to the system. Upon deposit,
+///         this vault does not increase depositors' balances and always
+///         decreases its own balance in the same transaction. The vault also
+///         allows making donations using existing Bank balances.
+///
+///         BEWARE: ALL BTC DEPOSITS TARGETING THIS VAULT ARE NOT REDEEMABLE
+///         AND THERE IS NO WAY TO RESTORE THE DONATED BALANCE.
+///         USE THIS VAULT ONLY WHEN YOU REALLY KNOW WHAT YOU ARE DOING!
+contract DonationVault is IVault {
+    Bank public bank;
+
+    event DonationReceived(address donor, uint256 donatedAmount);
+
+    modifier onlyBank() {
+        require(msg.sender == address(bank), "Caller is not the Bank");
+        _;
+    }
+
+    constructor(Bank _bank) {
+        require(
+            address(_bank) != address(0),
+            "Bank can not be the zero address"
+        );
+
+        bank = _bank;
+    }
+
+    /// @notice Transfers the given `amount` of the Bank balance from the
+    ///         caller to the Donation Vault and immediately decreases the
+    ///         vault's balance in the Bank by the transferred `amount`.
+    /// @param amount Amount of the Bank balance to donate.
+    /// @dev Requirements:
+    ///      - The caller's balance in the Bank must be greater than or equal
+    ///        to the `amount`,
+    ///      - Donation Vault must have an allowance for caller's balance in
+    ///        the Bank for at least `amount`.
+    function donate(uint256 amount) external {
+        address donor = msg.sender;
+
+        require(
+            bank.balanceOf(donor) >= amount,
+            "Amount exceeds balance in the bank"
+        );
+
+        emit DonationReceived(donor, amount);
+
+        bank.transferBalanceFrom(donor, address(this), amount);
+        bank.decreaseBalance(amount);
+    }
+
+    /// @notice Transfers the given `amount` of the Bank balance from the
+    ///         `owner` to the Donation Vault and immediately decreases the
+    ///         vault's balance in the Bank by the transferred `amount`.
+    /// @param owner Address of the Bank balance owner who approved their
+    ///        balance to be used by the vault.
+    /// @param amount The amount of the Bank balance approved by the owner
+    ///        to be used by the vault.
+    /// @dev Requirements:
+    ///      - Can only be called by the Bank via `approveBalanceAndCall`,
+    ///      - The `owner` balance in the Bank must be greater than or equal
+    ///        to the `amount`.
+    function receiveBalanceApproval(
+        address owner,
+        uint256 amount,
+        bytes memory
+    ) external override onlyBank {
+        require(
+            bank.balanceOf(owner) >= amount,
+            "Amount exceeds balance in the bank"
+        );
+
+        emit DonationReceived(owner, amount);
+
+        bank.transferBalanceFrom(owner, address(this), amount);
+        bank.decreaseBalance(amount);
+    }
+
+    /// @notice Ignores the deposited amounts and does not increase depositors'
+    ///         individual balances. The vault decreases its own tBTC balance
+    ///         in the Bank by the total deposited amount.
+    /// @param depositors Addresses of depositors whose deposits have been swept.
+    /// @param depositedAmounts Amounts deposited by individual depositors and
+    ///        swept.
+    /// @dev Requirements:
+    ///      - Can only be called by the Bank after the Bridge swept deposits
+    ///        and Bank increased balance for the vault,
+    ///      - The `depositors` array must not be empty,
+    ///      - The `depositors` array length must be equal to the
+    ///        `depositedAmounts` array length.
+    function receiveBalanceIncrease(
+        address[] calldata depositors,
+        uint256[] calldata depositedAmounts
+    ) external override onlyBank {
+        require(depositors.length != 0, "No depositors specified");
+
+        uint256 totalAmount = 0;
+        for (uint256 i = 0; i < depositors.length; i++) {
+            totalAmount += depositedAmounts[i];
+            emit DonationReceived(depositors[i], depositedAmounts[i]);
+        }
+
+        bank.decreaseBalance(totalAmount);
+    }
+}