@keep-network/tbtc-v2 0.1.1-dev.56 → 0.1.1-dev.59

package/contracts/bridge/BridgeState.sol

@@ -110,6 +110,17 @@ library BridgeState {
         // if per single redemption. `movedFundsSweepTxMaxTotalFee` is a total
         // fee for the entire transaction.
         uint64 movedFundsSweepTxMaxTotalFee;
+        // Time after which the moved funds sweep process can be reported as
+        // timed out. It is counted from the moment when the recipient wallet
+        // was requested to sweep the received funds. Value in seconds.
+        uint32 movedFundsSweepTimeout;
+        // The amount of stake slashed from each member of a wallet for a moved
+        // funds sweep timeout.
+        uint96 movedFundsSweepTimeoutSlashingAmount;
+        // The percentage of the notifier reward from the staking contract
+        // the notifier of a moved funds sweep timeout receives. The value is
+        // in the range [0, 100].
+        uint256 movedFundsSweepTimeoutNotifierRewardMultiplier;
         // Collection of all moved funds sweep requests indexed by
         // `keccak256(movingFundsTxHash | movingFundsOutputIndex)`.
         // The `movingFundsTxHash` is `bytes32` (ordered as in Bitcoin
@@ -263,7 +274,10 @@ library BridgeState {
         uint32 movingFundsTimeout,
         uint96 movingFundsTimeoutSlashingAmount,
         uint256 movingFundsTimeoutNotifierRewardMultiplier,
-        uint64 movedFundsSweepTxMaxTotalFee
+        uint64 movedFundsSweepTxMaxTotalFee,
+        uint32 movedFundsSweepTimeout,
+        uint96 movedFundsSweepTimeoutSlashingAmount,
+        uint256 movedFundsSweepTimeoutNotifierRewardMultiplier
     );
 
     event WalletParametersUpdated(
@@ -466,6 +480,19 @@ library BridgeState {
     ///        of the total BTC transaction fee that is acceptable in a single
     ///        moved funds sweep transaction. This is a _total_ max fee for the
     ///        entire moved funds sweep transaction.
+    /// @param _movedFundsSweepTimeout New value of the moved funds sweep
+    ///        timeout in seconds. It is the time after which the moved funds
+    ///        sweep process can be reported as timed out. It is counted from
+    ///        the moment when the wallet was requested to sweep the received
+    ///        funds.
+    /// @param _movedFundsSweepTimeoutSlashingAmount New value of the moved
+    ///        funds sweep timeout slashing amount in T, it is the amount
+    ///        slashed from each wallet member for moved funds sweep timeout
+    /// @param _movedFundsSweepTimeoutNotifierRewardMultiplier New value of
+    ///        the moved funds sweep timeout notifier reward multiplier as
+    ///        percentage, it determines the percentage of the notifier reward
+    ///        from the staking contact the notifier of a moved funds sweep
+    ///        timeout receives. The value must be in the range [0, 100]
     /// @dev Requirements:
     ///      - Moving funds transaction max total fee must be greater than zero
     ///      - Moving funds dust threshold must be greater than zero
@@ -473,6 +500,9 @@ library BridgeState {
     ///      - Moving funds timeout notifier reward multiplier must be in the
     ///        range [0, 100]
     ///      - Moved funds sweep transaction max total fee must be greater than zero
+    ///      - Moved funds sweep timeout must be greater than zero
+    ///      - Moved funds sweep timeout notifier reward multiplier must be in the
+    ///        range [0, 100]
     function updateMovingFundsParameters(
         Storage storage self,
         uint64 _movingFundsTxMaxTotalFee,
@@ -480,7 +510,10 @@ library BridgeState {
         uint32 _movingFundsTimeout,
         uint96 _movingFundsTimeoutSlashingAmount,
         uint256 _movingFundsTimeoutNotifierRewardMultiplier,
-        uint64 _movedFundsSweepTxMaxTotalFee
+        uint64 _movedFundsSweepTxMaxTotalFee,
+        uint32 _movedFundsSweepTimeout,
+        uint96 _movedFundsSweepTimeoutSlashingAmount,
+        uint256 _movedFundsSweepTimeoutNotifierRewardMultiplier
     ) internal {
         require(
             _movingFundsTxMaxTotalFee > 0,
@@ -507,6 +540,16 @@ library BridgeState {
             "Moved funds sweep transaction max total fee must be greater than zero"
         );
 
+        require(
+            _movedFundsSweepTimeout > 0,
+            "Moved funds sweep timeout must be greater than zero"
+        );
+
+        require(
+            _movedFundsSweepTimeoutNotifierRewardMultiplier <= 100,
+            "Moved funds sweep timeout notifier reward multiplier must be in the range [0, 100]"
+        );
+
         self.movingFundsTxMaxTotalFee = _movingFundsTxMaxTotalFee;
         self.movingFundsDustThreshold = _movingFundsDustThreshold;
         self.movingFundsTimeout = _movingFundsTimeout;
@@ -515,6 +558,11 @@ library BridgeState {
         self
             .movingFundsTimeoutNotifierRewardMultiplier = _movingFundsTimeoutNotifierRewardMultiplier;
         self.movedFundsSweepTxMaxTotalFee = _movedFundsSweepTxMaxTotalFee;
+        self.movedFundsSweepTimeout = _movedFundsSweepTimeout;
+        self
+            .movedFundsSweepTimeoutSlashingAmount = _movedFundsSweepTimeoutSlashingAmount;
+        self
+            .movedFundsSweepTimeoutNotifierRewardMultiplier = _movedFundsSweepTimeoutNotifierRewardMultiplier;
 
         emit MovingFundsParametersUpdated(
             _movingFundsTxMaxTotalFee,
@@ -522,7 +570,10 @@ library BridgeState {
             _movingFundsTimeout,
             _movingFundsTimeoutSlashingAmount,
             _movingFundsTimeoutNotifierRewardMultiplier,
-            _movedFundsSweepTxMaxTotalFee
+            _movedFundsSweepTxMaxTotalFee,
+            _movedFundsSweepTimeout,
+            _movedFundsSweepTimeoutSlashingAmount,
+            _movedFundsSweepTimeoutNotifierRewardMultiplier
         );
     }
 

package/contracts/bridge/Fraud.sol

@@ -22,6 +22,7 @@ import {CheckBitcoinSigs} from "@keep-network/bitcoin-spv-sol/contracts/CheckBit
 import "./BitcoinTx.sol";
 import "./EcdsaLib.sol";
 import "./BridgeState.sol";
+import "./MovingFunds.sol";
 import "./Wallets.sol";
 
 /// @title Bridge fraud
@@ -226,7 +227,10 @@ library Fraud {
 
         // Check that the UTXO key identifies a correctly spent UTXO.
         require(
-            self.deposits[utxoKey].sweptAt > 0 || self.spentMainUTXOs[utxoKey],
+            self.deposits[utxoKey].sweptAt > 0 ||
+                self.spentMainUTXOs[utxoKey] ||
+                self.movedFundsSweepRequests[utxoKey].state ==
+                MovingFunds.MovedFundsSweepRequestState.Processed,
             "Spent UTXO not found among correctly spent UTXOs"
         );
 

package/contracts/bridge/MovingFunds.sol

@@ -58,6 +58,19 @@ library MovingFunds {
         bytes movingFundsTxOutputVector;
     }
 
+    /// @notice Represents moved funds sweep request state.
+    enum MovedFundsSweepRequestState {
+        /// @dev The request is unknown to the Bridge.
+        Unknown,
+        /// @dev Request is pending and can become either processed or timed out.
+        Pending,
+        /// @dev Request was processed by the target wallet.
+        Processed,
+        /// @dev Request was not processed in the given time window and
+        ///      the timeout was reported.
+        TimedOut
+    }
+
     /// @notice Represents a moved funds sweep request. The request is
     ///         registered in `submitMovingFundsProof` where we know funds
     ///         have been moved to the target wallet and the only step left is
@@ -70,8 +83,8 @@ library MovingFunds {
         uint64 value;
         // UNIX timestamp the request was created at.
         uint32 createdAt;
-        // UNIX timestamp the funds were swept at.
-        uint32 sweptAt;
+        // The current state of the request.
+        MovedFundsSweepRequestState state;
     }
 
     event MovingFundsCommitmentSubmitted(
@@ -91,6 +104,12 @@ library MovingFunds {
 
     event MovedFundsSwept(bytes20 walletPubKeyHash, bytes32 sweepTxHash);
 
+    event MovedFundsSweepTimedOut(
+        bytes20 walletPubKeyHash,
+        bytes32 movingFundsTxHash,
+        uint32 movingFundsTxOutputIndex
+    );
+
     /// @notice Submits the moving funds target wallets commitment.
     ///         Once all requirements are met, that function registers the
     ///         target wallets commitment and opens the way for moving funds
@@ -107,6 +126,7 @@ library MovingFunds {
     /// @dev Requirements:
     ///      - The source wallet must be in the MovingFunds state
     ///      - The source wallet must not have pending redemption requests
+    ///      - The source wallet must not have pending moved funds sweep requests
     ///      - The source wallet must not have submitted its commitment already
     ///      - The expression `keccak256(abi.encode(walletMembersIDs))` must
     ///        be exactly the same as the hash stored under `membersIdsHash`
@@ -152,6 +172,11 @@ library MovingFunds {
             "Source wallet must handle all pending redemptions first"
         );
 
+        require(
+            wallet.pendingMovedFundsSweepRequestsCount == 0,
+            "Source wallet must handle all pending moved funds sweep requests first"
+        );
+
         require(
             wallet.movingFundsTargetWalletsCommitmentHash == bytes32(0),
             "Target wallets commitment already submitted"
@@ -414,8 +439,13 @@ library MovingFunds {
                 outputsValues[outputIndex],
                 /* solhint-disable-next-line not-rely-on-time */
                 uint32(block.timestamp),
-                0
+                MovedFundsSweepRequestState.Pending
             );
+            // We added a new moved funds sweep request for the target wallet
+            // so we must increment their request counter.
+            self
+                .registeredWallets[targetWalletPubKeyHash]
+                .pendingMovedFundsSweepRequestsCount++;
 
             // Make the `outputStartingIndex` pointing to the next output by
             // increasing it by current output's length.
@@ -560,7 +590,7 @@ library MovingFunds {
     ///        correspond to appropriate Bitcoin transaction fields to produce
     ///        a provable transaction hash.
     ///      - The `sweepTx` should represent a Bitcoin transaction with
-    ///        the first input pointing to a wallet's sweep request and,
+    ///        the first input pointing to a wallet's sweep Pending request and,
     ///        optionally, the second input pointing to the wallet's main UTXO,
     ///        if the sweeping wallet has a main UTXO set. There should be only
     ///        one output locking funds on the sweeping wallet 20-byte public
@@ -723,8 +753,8 @@ library MovingFunds {
     /// @notice Processes the Bitcoin moved funds sweep transaction input vector.
     ///         It extracts the first input and tries to match it with one of
     ///         the moved funds sweep requests targeting the sweeping wallet.
-    ///         If the sweep request is found and not yet processed, this
-    ///         function marks it as processed. If the sweeping wallet has a
+    ///         If the sweep request is an existing Pending request, this
+    ///         function marks it as Processed. If the sweeping wallet has a
     ///         main UTXO, this function extracts the second input, makes sure
     ///         it refers to the wallet main UTXO, and marks that main UTXO as
     ///         correctly spent.
@@ -741,9 +771,8 @@ library MovingFunds {
     ///      - The input vector must consist of one mandatory and one optional
     ///        input.
     ///      - The mandatory input must be the first input in the vector
-    ///      - The mandatory input must point to a known moved funds sweep
-    ///        request that is not processed yet and is targeted to the sweeping
-    ///        wallet
+    ///      - The mandatory input must point to a Pending moved funds sweep
+    ///        request that is targeted to the sweeping wallet
     ///      - The optional output must be the second input in the vector
     ///      - The optional input is required if the sweeping wallet has a
     ///        main UTXO (i.e. the `mainUtxo` is not zeroed). In that case,
@@ -817,10 +846,10 @@ library MovingFunds {
                 )
             ];
 
-        // The sweep request must exist, must be not processed yet, and must
-        // belong to the sweeping wallet.
-        require(sweepRequest.createdAt != 0, "Sweep request does not exist");
-        require(sweepRequest.sweptAt == 0, "Sweep request already processed");
+        require(
+            sweepRequest.state == MovedFundsSweepRequestState.Pending,
+            "Sweep request must be in Pending state"
+        );
         // We must check if the wallet extracted from the moved funds sweep
         // transaction output is truly the owner of the sweep request connected
         // with the swept UTXO. This is needed to prevent a case when a wallet
@@ -833,13 +862,12 @@ library MovingFunds {
         // If the validation passed, the sweep request must be marked as
         // processed and its value should be counted into the total inputs
         // value sum.
-        /* solhint-disable-next-line not-rely-on-time */
-        sweepRequest.sweptAt = uint32(block.timestamp);
+        sweepRequest.state = MovedFundsSweepRequestState.Processed;
         inputsTotalValue += sweepRequest.value;
 
-        // TODO: Decrease the sweep request count for the sweeping wallet.
-        //       That will be handled in the PR that will block moving
-        //       funds commitments for wallets with pending sweep requests.
+        self
+            .registeredWallets[walletPubKeyHash]
+            .pendingMovedFundsSweepRequestsCount--;
 
         // If the main UTXO for the sweeping wallet exists, it must be processed.
         if (mainUtxo.txHash != bytes32(0)) {
@@ -914,4 +942,93 @@ library MovingFunds {
 
         return (outpointTxHash, outpointIndex, inputLength);
     }
+
+    /// @notice Notifies about a timed out moved funds sweep process. If the
+    ///         wallet is not terminated yet, that function terminates
+    ///         the wallet and slashes signing group members as a result.
+    ///         Marks the given sweep request as TimedOut.
+    /// @param movingFundsTxHash 32-byte hash of the moving funds transaction
+    ///        that caused the sweep request to be created
+    /// @param movingFundsTxOutputIndex Index of the moving funds transaction
+    ///        output that is subject of the sweep request.
+    /// @param walletMembersIDs Identifiers of the wallet signing group members
+    /// @dev Requirements:
+    ///      - The moved funds sweep request must be in the Pending state
+    ///      - The moved funds sweep timeout must be actually exceeded
+    ///      - The wallet must be either in the Live or MovingFunds or
+    ///        Terminated state
+    ///      - The expression `keccak256(abi.encode(walletMembersIDs))` must
+    ///        be exactly the same as the hash stored under `membersIdsHash`
+    ///        for the given `walletID`. Those IDs are not directly stored
+    ///        in the contract for gas efficiency purposes but they can be
+    ///        read from appropriate `DkgResultSubmitted` and `DkgResultApproved`
+    ///        events of the `WalletRegistry` contract
+    function notifyMovedFundsSweepTimeout(
+        BridgeState.Storage storage self,
+        bytes32 movingFundsTxHash,
+        uint32 movingFundsTxOutputIndex,
+        uint32[] calldata walletMembersIDs
+    ) external {
+        MovedFundsSweepRequest storage sweepRequest = self
+            .movedFundsSweepRequests[
+                uint256(
+                    keccak256(
+                        abi.encodePacked(
+                            movingFundsTxHash,
+                            movingFundsTxOutputIndex
+                        )
+                    )
+                )
+            ];
+
+        require(
+            sweepRequest.state == MovedFundsSweepRequestState.Pending,
+            "Sweep request must be in Pending state"
+        );
+
+        require(
+            /* solhint-disable-next-line not-rely-on-time */
+            block.timestamp >
+                sweepRequest.createdAt + self.movedFundsSweepTimeout,
+            "Sweep request has not timed out yet"
+        );
+
+        bytes20 walletPubKeyHash = sweepRequest.walletPubKeyHash;
+        Wallets.Wallet storage wallet = self.registeredWallets[
+            walletPubKeyHash
+        ];
+        Wallets.WalletState walletState = wallet.state;
+
+        require(
+            walletState == Wallets.WalletState.Live ||
+                walletState == Wallets.WalletState.MovingFunds ||
+                walletState == Wallets.WalletState.Terminated,
+            "ECDSA wallet must be in Live or MovingFunds or Terminated state"
+        );
+
+        sweepRequest.state = MovedFundsSweepRequestState.TimedOut;
+        wallet.pendingMovedFundsSweepRequestsCount--;
+
+        if (
+            walletState == Wallets.WalletState.Live ||
+            walletState == Wallets.WalletState.MovingFunds
+        ) {
+            self.terminateWallet(walletPubKeyHash);
+
+            self.ecdsaWalletRegistry.seize(
+                self.movedFundsSweepTimeoutSlashingAmount,
+                self.movedFundsSweepTimeoutNotifierRewardMultiplier,
+                msg.sender,
+                wallet.ecdsaWalletID,
+                walletMembersIDs
+            );
+        }
+
+        // slither-disable-next-line reentrancy-events
+        emit MovedFundsSweepTimedOut(
+            walletPubKeyHash,
+            movingFundsTxHash,
+            movingFundsTxOutputIndex
+        );
+    }
 }

package/contracts/bridge/Wallets.sol

@@ -78,6 +78,8 @@ library Wallets {
         // UNIX timestamp indicating the moment the wallet's closing period
         // started.
         uint32 closingStartedAt;
+        // Total count of pending moved funds sweep requests targeting this wallet.
+        uint32 pendingMovedFundsSweepRequestsCount;
         // Current state of the wallet.
         WalletState state;
         // Moving funds target wallet commitment submitted by the wallet. It