@keep-network/tbtc-v2 0.1.1-dev.40 → 0.1.1-dev.41

package/contracts/bridge/Bridge.sol

@@ -30,7 +30,7 @@ import "./Redeem.sol";
 import "./BitcoinTx.sol";
 import "./EcdsaLib.sol";
 import "./Wallets.sol";
-import "./Frauds.sol";
+import "./Fraud.sol";
 import "./MovingFunds.sol";
 
 import "../bank/Bank.sol";
@@ -65,7 +65,7 @@ contract Bridge is Ownable, EcdsaWalletOwner {
     using Sweep for BridgeState.Storage;
     using Redeem for BridgeState.Storage;
     using MovingFunds for BridgeState.Storage;
-    using Frauds for Frauds.Data;
+    using Fraud for BridgeState.Storage;
     using Wallets for Wallets.Data;
 
     using BTCUtils for bytes;
@@ -74,10 +74,6 @@ contract Bridge is Ownable, EcdsaWalletOwner {
 
     BridgeState.Storage internal self;
 
-    /// @notice Contains parameters related to frauds and the collection of all
-    ///         submitted fraud challenges.
-    Frauds.Data internal frauds;
-
     /// @notice State related with wallets.
     Wallets.Data internal wallets;
 
@@ -208,12 +204,10 @@ contract Bridge is Ownable, EcdsaWalletOwner {
         self.redemptionTxMaxFee = 10000; // 10000 satoshi
         self.redemptionTimeout = 172800; // 48 hours
         self.movingFundsTxMaxTotalFee = 10000; // 10000 satoshi
-
-        // TODO: Revisit initial values.
-        frauds.setSlashingAmount(10000 * 1e18); // 10000 T
-        frauds.setNotifierRewardMultiplier(100); // 100%
-        frauds.setChallengeDefeatTimeout(7 days);
-        frauds.setChallengeDepositAmount(2 ether);
+        self.fraudSlashingAmount = 10000 * 1e18; // 10000 T
+        self.fraudNotifierRewardMultiplier = 100; // 100%
+        self.fraudChallengeDefeatTimeout = 7 days;
+        self.fraudChallengeDepositAmount = 2 ether;
 
         // TODO: Revisit initial values.
         wallets.init(_ecdsaWalletRegistry);
@@ -503,28 +497,7 @@ contract Bridge is Ownable, EcdsaWalletOwner {
         bytes32 sighash,
         BitcoinTx.RSVSignature calldata signature
     ) external payable {
-        bytes memory compressedWalletPublicKey = EcdsaLib.compressPublicKey(
-            walletPublicKey.slice32(0),
-            walletPublicKey.slice32(32)
-        );
-        bytes20 walletPubKeyHash = compressedWalletPublicKey.hash160View();
-
-        Wallets.Wallet storage wallet = wallets.registeredWallets[
-            walletPubKeyHash
-        ];
-
-        require(
-            wallet.state == Wallets.WalletState.Live ||
-                wallet.state == Wallets.WalletState.MovingFunds,
-            "Wallet is neither in Live nor MovingFunds state"
-        );
-
-        frauds.submitChallenge(
-            walletPublicKey,
-            walletPubKeyHash,
-            sighash,
-            signature
-        );
+        self.submitFraudChallenge(wallets, walletPublicKey, sighash, signature);
     }
 
     /// @notice Allows to defeat a pending fraud challenge against a wallet if
@@ -560,19 +533,7 @@ contract Bridge is Ownable, EcdsaWalletOwner {
         bytes calldata preimage,
         bool witness
     ) external {
-        uint256 utxoKey = frauds.unwrapChallenge(
-            walletPublicKey,
-            preimage,
-            witness
-        );
-
-        // Check that the UTXO key identifies a correctly spent UTXO.
-        require(
-            self.deposits[utxoKey].sweptAt > 0 || self.spentMainUTXOs[utxoKey],
-            "Spent UTXO not found among correctly spent UTXOs"
-        );
-
-        frauds.defeatChallenge(walletPublicKey, preimage, self.treasury);
+        self.defeatFraudChallenge(walletPublicKey, preimage, witness);
     }
 
     /// @notice Notifies about defeat timeout for the given fraud challenge.
@@ -602,35 +563,7 @@ contract Bridge is Ownable, EcdsaWalletOwner {
         bytes calldata walletPublicKey,
         bytes32 sighash
     ) external {
-        frauds.notifyChallengeDefeatTimeout(walletPublicKey, sighash);
-    }
-
-    /// @notice Returns parameters used by the `Frauds` library.
-    /// @return slashingAmount Value of the slashing amount
-    /// @return notifierRewardMultiplier Value of the notifier reward multiplier
-    /// @return challengeDefeatTimeout Value of the challenge defeat timeout
-    /// @return challengeDepositAmount Value of the challenge deposit amount
-    function getFraudParameters()
-        external
-        view
-        returns (
-            uint256 slashingAmount,
-            uint256 notifierRewardMultiplier,
-            uint256 challengeDefeatTimeout,
-            uint256 challengeDepositAmount
-        )
-    {
-        slashingAmount = frauds.slashingAmount;
-        notifierRewardMultiplier = frauds.notifierRewardMultiplier;
-        challengeDefeatTimeout = frauds.challengeDefeatTimeout;
-        challengeDepositAmount = frauds.challengeDepositAmount;
-
-        return (
-            slashingAmount,
-            notifierRewardMultiplier,
-            challengeDefeatTimeout,
-            challengeDepositAmount
-        );
+        self.notifyFraudChallengeDefeatTimeout(walletPublicKey, sighash);
     }
 
     /// @notice Returns the fraud challenge identified by the given key built
@@ -638,9 +571,9 @@ contract Bridge is Ownable, EcdsaWalletOwner {
     function fraudChallenges(uint256 challengeKey)
         external
         view
-        returns (Frauds.FraudChallenge memory)
+        returns (Fraud.FraudChallenge memory)
     {
-        return frauds.challenges[challengeKey];
+        return self.fraudChallenges[challengeKey];
     }
 
     /// @notice Requests redemption of the given amount from the specified
@@ -953,6 +886,32 @@ contract Bridge is Ownable, EcdsaWalletOwner {
         movingFundsTxMaxTotalFee = self.movingFundsTxMaxTotalFee;
     }
 
+    /// @notice Returns the current values of Bridge fraud parameters.
+    /// @return fraudSlashingAmount The amount slashed from each wallet member
+    ///         for committing a fraud.
+    /// @return fraudNotifierRewardMultiplier The percentage of the notifier
+    ///         reward from the staking contract the notifier of a fraud
+    ///         receives. The value is in the range [0, 100].
+    /// @return fraudChallengeDefeatTimeout The amount of time the wallet has to
+    ///         defeat a fraud challenge.
+    /// @return fraudChallengeDepositAmount The amount of ETH in wei the party
+    ///         challenging the wallet for fraud needs to deposit.
+    function fraudParameters()
+        external
+        view
+        returns (
+            uint256 fraudSlashingAmount,
+            uint256 fraudNotifierRewardMultiplier,
+            uint256 fraudChallengeDefeatTimeout,
+            uint256 fraudChallengeDepositAmount
+        )
+    {
+        fraudSlashingAmount = self.fraudSlashingAmount;
+        fraudNotifierRewardMultiplier = self.fraudNotifierRewardMultiplier;
+        fraudChallengeDefeatTimeout = self.fraudChallengeDefeatTimeout;
+        fraudChallengeDepositAmount = self.fraudChallengeDepositAmount;
+    }
+
     /// @notice Indicates if the vault with the given address is trusted or not.
     ///         Depositors can route their revealed deposits only to trusted
     ///         vaults and have trusted vaults notified about new deposits as

package/contracts/bridge/BridgeState.sol

@@ -18,137 +18,142 @@ pragma solidity ^0.8.9;
 import "./IRelay.sol";
 import "./Deposit.sol";
 import "./Redeem.sol";
+import "./Fraud.sol";
 
 import "../bank/Bank.sol";
 
 library BridgeState {
+    // TODO: Make parameters governable
     struct Storage {
-        /// @notice The number of confirmations on the Bitcoin chain required to
-        ///         successfully evaluate an SPV proof.
+        // The number of confirmations on the Bitcoin chain required to
+        // successfully evaluate an SPV proof.
         uint256 txProofDifficultyFactor;
-        /// TODO: Revisit whether it should be governable or not.
-        /// @notice Address of the Bank this Bridge belongs to.
+        // Address of the Bank this Bridge belongs to.
         Bank bank;
-        /// TODO: Make it governable.
-        /// @notice Bitcoin relay providing the current Bitcoin network
-        ///         difficulty.
+        // Bitcoin relay providing the current Bitcoin network difficulty.
         IRelay relay;
-        /// TODO: Revisit whether it should be governable or not.
-        /// @notice Address where the deposit and redemption treasury fees will
-        ///         be sent to. Treasury takes part in the operators rewarding
-        ///         process.
+        // Address where the deposit and redemption treasury fees will be sent
+        // to. Treasury takes part in the operators rewarding process.
         address treasury;
-        /// TODO: Make it governable.
-        /// @notice The minimal amount that can be requested to deposit.
-        ///         Value of this parameter must take into account the value of
-        ///         `depositTreasuryFeeDivisor` and `depositTxMaxFee`
-        ///         parameters in order to make requests that can incur the
-        ///         treasury and transaction fee and still satisfy the depositor.
+        // The minimal amount that can be requested to deposit.
+        // Value of this parameter must take into account the value of
+        // `depositTreasuryFeeDivisor` and `depositTxMaxFee` parameters in order
+        // to make requests that can incur the treasury and transaction fee and
+        // still satisfy the depositor.
         uint64 depositDustThreshold;
-        /// TODO: Make it governable.
-        /// @notice Divisor used to compute the treasury fee taken from each
-        ///         deposit and transferred to the treasury upon sweep proof
-        ///         submission. That fee is computed as follows:
-        ///         `treasuryFee = depositedAmount / depositTreasuryFeeDivisor`
-        ///         For example, if the treasury fee needs to be 2% of each deposit,
-        ///         the `depositTreasuryFeeDivisor` should be set to `50`
-        ///         because `1/50 = 0.02 = 2%`.
+        // Divisor used to compute the treasury fee taken from each deposit and
+        // transferred to the treasury upon sweep proof submission. That fee is
+        // computed as follows:
+        // `treasuryFee = depositedAmount / depositTreasuryFeeDivisor`
+        // For example, if the treasury fee needs to be 2% of each deposit,
+        // the `depositTreasuryFeeDivisor` should be set to `50` because
+        // `1/50 = 0.02 = 2%`.
         uint64 depositTreasuryFeeDivisor;
-        /// TODO: Make it governable.
-        /// @notice Maximum amount of BTC transaction fee that can be incurred by
-        ///         each swept deposit being part of the given sweep
-        ///         transaction. If the maximum BTC transaction fee is exceeded,
-        ///         such transaction is considered a fraud.
-        /// @dev This is a per-deposit input max fee for the sweep transaction.
+        // Maximum amount of BTC transaction fee that can be incurred by each
+        // swept deposit being part of the given sweep transaction. If the
+        // maximum BTC transaction fee is exceeded, such transaction is
+        // considered a fraud.
+        //
+        // This is a per-deposit input max fee for the sweep transaction.
         uint64 depositTxMaxFee;
-        /// @notice Collection of all revealed deposits indexed by
-        ///         keccak256(fundingTxHash | fundingOutputIndex).
-        ///         The fundingTxHash is bytes32 (ordered as in Bitcoin internally)
-        ///         and fundingOutputIndex an uint32. This mapping may contain valid
-        ///         and invalid deposits and the wallet is responsible for
-        ///         validating them before attempting to execute a sweep.
+        // Collection of all revealed deposits indexed by
+        // `keccak256(fundingTxHash | fundingOutputIndex)`.
+        // The `fundingTxHash` is `bytes32` (ordered as in Bitcoin internally)
+        // and `fundingOutputIndex` an `uint32`. This mapping may contain valid
+        // and invalid deposits and the wallet is responsible for validating
+        // them before attempting to execute a sweep.
         mapping(uint256 => Deposit.DepositRequest) deposits;
-        /// @notice Indicates if the vault with the given address is trusted or not.
-        ///         Depositors can route their revealed deposits only to trusted
-        ///         vaults and have trusted vaults notified about new deposits as
-        ///         soon as these deposits get swept. Vaults not trusted by the
-        ///         Bridge can still be used by Bank balance owners on their own
-        ///         responsibility - anyone can approve their Bank balance to any
-        ///         address.
+        // Indicates if the vault with the given address is trusted or not.
+        // Depositors can route their revealed deposits only to trusted vaults
+        // and have trusted vaults notified about new deposits as soon as these
+        // deposits get swept. Vaults not trusted by the Bridge can still be
+        // used by Bank balance owners on their own responsibility - anyone can
+        // approve their Bank balance to any address.
         mapping(address => bool) isVaultTrusted;
-        /// TODO: Make it governable.
-        /// @notice Maximum amount of the total BTC transaction fee that is
-        ///         acceptable in a single moving funds transaction.
-        /// @dev This is a TOTAL max fee for the moving funds transaction. Note
-        ///      that `depositTxMaxFee` is per single deposit and `redemptionTxMaxFee`
-        ///      if per single redemption. `movingFundsTxMaxTotalFee` is a total
-        ///      fee for the entire transaction.
+        // Maximum amount of the total BTC transaction fee that is acceptable in
+        // a single moving funds transaction.
+        //
+        // This is a TOTAL max fee for the moving funds transaction. Note
+        // that `depositTxMaxFee` is per single deposit and `redemptionTxMaxFee`
+        // if per single redemption. `movingFundsTxMaxTotalFee` is a total
+        // fee for the entire transaction.
         uint64 movingFundsTxMaxTotalFee;
-        /// TODO: Make it governable.
-        /// @notice The minimal amount that can be requested for redemption.
-        ///         Value of this parameter must take into account the value of
-        ///         `redemptionTreasuryFeeDivisor` and `redemptionTxMaxFee`
-        ///         parameters in order to make requests that can incur the
-        ///         treasury and transaction fee and still satisfy the redeemer.
+        // The minimal amount that can be requested for redemption.
+        // Value of this parameter must take into account the value of
+        // `redemptionTreasuryFeeDivisor` and `redemptionTxMaxFee`
+        // parameters in order to make requests that can incur the
+        // treasury and transaction fee and still satisfy the redeemer.
         uint64 redemptionDustThreshold;
-        /// TODO: Make it governable.
-        /// @notice Divisor used to compute the treasury fee taken from each
-        ///         redemption request and transferred to the treasury upon
-        ///         successful request finalization. That fee is computed as follows:
-        ///         `treasuryFee = requestedAmount / redemptionTreasuryFeeDivisor`
-        ///         For example, if the treasury fee needs to be 2% of each
-        ///         redemption request, the `redemptionTreasuryFeeDivisor` should
-        ///         be set to `50` because `1/50 = 0.02 = 2%`.
+        // Divisor used to compute the treasury fee taken from each
+        // redemption request and transferred to the treasury upon
+        // successful request finalization. That fee is computed as follows:
+        // `treasuryFee = requestedAmount / redemptionTreasuryFeeDivisor`
+        // For example, if the treasury fee needs to be 2% of each
+        // redemption request, the `redemptionTreasuryFeeDivisor` should
+        // be set to `50` because `1/50 = 0.02 = 2%`.
         uint64 redemptionTreasuryFeeDivisor;
-        /// TODO: Make it governable.
-        /// @notice Maximum amount of BTC transaction fee that can be incurred by
-        ///         each redemption request being part of the given redemption
-        ///         transaction. If the maximum BTC transaction fee is exceeded, such
-        ///         transaction is considered a fraud.
-        /// @dev This is a per-redemption output max fee for the redemption transaction.
+        // Maximum amount of BTC transaction fee that can be incurred by
+        // each redemption request being part of the given redemption
+        // transaction. If the maximum BTC transaction fee is exceeded, such
+        // transaction is considered a fraud.
+        //
+        // This is a per-redemption output max fee for the redemption
+        // transaction.
         uint64 redemptionTxMaxFee;
-        /// TODO: Make it governable.
-        /// @notice Time after which the redemption request can be reported as
-        ///         timed out. It is counted from the moment when the redemption
-        ///         request was created via `requestRedemption` call. Reported
-        ///         timed out requests are cancelled and locked TBTC is returned
-        ///         to the redeemer in full amount.
+        // Time after which the redemption request can be reported as
+        // timed out. It is counted from the moment when the redemption
+        // request was created via `requestRedemption` call. Reported
+        // timed out requests are cancelled and locked TBTC is returned
+        // to the redeemer in full amount.
         uint256 redemptionTimeout;
-        /// @notice Collection of all pending redemption requests indexed by
-        ///         redemption key built as
-        ///         keccak256(walletPubKeyHash | redeemerOutputScript). The
-        ///         walletPubKeyHash is the 20-byte wallet's public key hash
-        ///         (computed using Bitcoin HASH160 over the compressed ECDSA
-        ///         public key) and redeemerOutputScript is a Bitcoin script
-        ///         (P2PKH, P2WPKH, P2SH or P2WSH) that will be used to lock
-        ///         redeemed BTC as requested by the redeemer. Requests are added
-        ///         to this mapping by the `requestRedemption` method (duplicates
-        ///         not allowed) and are removed by one of the following methods:
-        ///         - `submitRedemptionProof` in case the request was handled
-        ///           successfully
-        ///         - `notifyRedemptionTimeout` in case the request was reported
-        ///           to be timed out
+        // Collection of all pending redemption requests indexed by
+        // redemption key built as
+        // `keccak256(walletPubKeyHash | redeemerOutputScript)`.
+        // The `walletPubKeyHash` is the 20-byte wallet's public key hash
+        // (computed using Bitcoin HASH160 over the compressed ECDSA
+        // public key) and `redeemerOutputScript` is a Bitcoin script
+        // (P2PKH, P2WPKH, P2SH or P2WSH) that will be used to lock
+        // redeemed BTC as requested by the redeemer. Requests are added
+        // to this mapping by the `requestRedemption` method (duplicates
+        // not allowed) and are removed by one of the following methods:
+        // - `submitRedemptionProof` in case the request was handled
+        //    successfully
+        // - `notifyRedemptionTimeout` in case the request was reported
+        //    to be timed out
         mapping(uint256 => Redeem.RedemptionRequest) pendingRedemptions;
-        /// @notice Collection of all timed out redemptions requests indexed by
-        ///         redemption key built as
-        ///         keccak256(walletPubKeyHash | redeemerOutputScript). The
-        ///         walletPubKeyHash is the 20-byte wallet's public key hash
-        ///         (computed using Bitcoin HASH160 over the compressed ECDSA
-        ///         public key) and redeemerOutputScript is the Bitcoin script
-        ///         (P2PKH, P2WPKH, P2SH or P2WSH) that is involved in the timed
-        ///         out request. Timed out requests are stored in this mapping to
-        ///         avoid slashing the wallets multiple times for the same timeout.
-        ///         Only one method can add to this mapping:
-        ///         - `notifyRedemptionTimeout` which puts the redemption key
-        ///           to this mapping basing on a timed out request stored
-        ///           previously in `pendingRedemptions` mapping.
+        // Collection of all timed out redemptions requests indexed by
+        // redemption key built as
+        // `keccak256(walletPubKeyHash | redeemerOutputScript)`. The
+        // `walletPubKeyHash` is the 20-byte wallet's public key hash
+        // (computed using Bitcoin HASH160 over the compressed ECDSA
+        // public key) and `redeemerOutputScript` is the Bitcoin script
+        // (P2PKH, P2WPKH, P2SH or P2WSH) that is involved in the timed
+        // out request. Timed out requests are stored in this mapping to
+        // avoid slashing the wallets multiple times for the same timeout.
+        // Only one method can add to this mapping:
+        // - `notifyRedemptionTimeout` which puts the redemption key to this
+        //    mapping basing on a timed out request stored previously in
+        //    `pendingRedemptions` mapping.
         mapping(uint256 => Redeem.RedemptionRequest) timedOutRedemptions;
-        /// @notice Collection of main UTXOs that are honestly spent indexed by
-        ///         keccak256(fundingTxHash | fundingOutputIndex). The fundingTxHash
-        ///         is bytes32 (ordered as in Bitcoin internally) and
-        ///         fundingOutputIndex an uint32. A main UTXO is considered honestly
-        ///         spent if it was used as an input of a transaction that have been
-        ///         proven in the Bridge.
+        // The amount of stake slashed from each member of a wallet for a fraud.
+        uint256 fraudSlashingAmount;
+        // The percentage of the notifier reward from the staking contract
+        // the notifier of a fraud receives. The value is in the range [0, 100].
+        uint256 fraudNotifierRewardMultiplier;
+        // The amount of time the wallet has to defeat a fraud challenge.
+        uint256 fraudChallengeDefeatTimeout;
+        // The amount of ETH in wei the party challenging the wallet for fraud
+        // needs to deposit.
+        uint256 fraudChallengeDepositAmount;
+        // Collection of all submitted fraud challenges indexed by challenge
+        // key built as `keccak256(walletPublicKey|sighash)`.
+        mapping(uint256 => Fraud.FraudChallenge) fraudChallenges;
+        // Collection of main UTXOs that are honestly spent indexed by
+        // `keccak256(fundingTxHash | fundingOutputIndex)`. The `fundingTxHash`
+        // is `bytes32` (ordered as in Bitcoin internally) and
+        // `fundingOutputIndex` an `uint32`. A main UTXO is considered honestly
+        // spent if it was used as an input of a transaction that have been
+        // proven in the Bridge.
         mapping(uint256 => bool) spentMainUTXOs;
     }