@keep-network/tbtc-v2 0.1.1-dev.64 → 0.1.1-dev.67

package/contracts/bridge/BridgeState.sol

@@ -88,7 +88,9 @@ library BridgeState {
         // the moving funds process. Moving funds wallets having their BTC
         // balance below that value can begin closing immediately as
         // transferring such a low value may not be possible due to
-        // BTC network fees.
+        // BTC network fees. The value of this parameter must always be lower
+        // than `redemptionDustThreshold` in order to prevent redemption requests
+        // with values lower or equal to `movingFundsDustThreshold`.
         uint64 movingFundsDustThreshold;
         // Time after which the moving funds process can be reported as
         // timed out. It is counted from the moment when the wallet
@@ -133,6 +135,9 @@ library BridgeState {
         // `redemptionTreasuryFeeDivisor` and `redemptionTxMaxFee`
         // parameters in order to make requests that can incur the
         // treasury and transaction fee and still satisfy the redeemer.
+        // Additionally, the value of this parameter must always be greater
+        // than `movingFundsDustThreshold` in order to prevent redemption
+        // requests with values lower or equal to `movingFundsDustThreshold`.
         uint64 redemptionDustThreshold;
         // Divisor used to compute the treasury fee taken from each
         // redemption request and transferred to the treasury upon
@@ -251,6 +256,14 @@ library BridgeState {
         // HASH160 over the compressed ECDSA public key) to the basic wallet
         // information like state and pending redemptions value.
         mapping(bytes20 => Wallets.Wallet) registeredWallets;
+        // Reserved storage space in case we need to add more variables.
+        // The convention from OpenZeppelin suggests the storage space should
+        // add up to 50 slots. Here we want to have more slots as there are
+        // planned upgrades of the Bridge contract. If more entires are added to
+        // the struc in the upcoming versions we need to reduce the array size.
+        // See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
+        // slither-disable-next-line unused-state
+        uint256[50] __gap;
     }
 
     event DepositParametersUpdated(
@@ -392,7 +405,8 @@ library BridgeState {
     ///        staking contact the notifier of a redemption timeout receives.
     ///        The value must be in the range [0, 100]
     /// @dev Requirements:
-    ///      - Redemption dust threshold must be greater than zero
+    ///      - Redemption dust threshold must be greater than moving funds dust
+    ///        threshold
     ///      - Redemption treasury fee divisor must be greater than zero
     ///      - Redemption transaction max fee must be greater than zero
     ///      - Redemption timeout must be greater than zero
@@ -408,8 +422,8 @@ library BridgeState {
         uint256 _redemptionTimeoutNotifierRewardMultiplier
     ) internal {
         require(
-            _redemptionDustThreshold > 0,
-            "Redemption dust threshold must be greater than zero"
+            _redemptionDustThreshold > self.movingFundsDustThreshold,
+            "Redemption dust threshold must be greater than moving funds dust threshold"
         );
 
         require(
@@ -495,7 +509,8 @@ library BridgeState {
     ///        timeout receives. The value must be in the range [0, 100]
     /// @dev Requirements:
     ///      - Moving funds transaction max total fee must be greater than zero
-    ///      - Moving funds dust threshold must be greater than zero
+    ///      - Moving funds dust threshold must be greater than zero and lower
+    ///        than the redemption dust threshold
     ///      - Moving funds timeout must be greater than zero
     ///      - Moving funds timeout notifier reward multiplier must be in the
     ///        range [0, 100]
@@ -521,8 +536,9 @@ library BridgeState {
         );
 
         require(
-            _movingFundsDustThreshold > 0,
-            "Moving funds dust threshold must be greater than zero"
+            _movingFundsDustThreshold > 0 &&
+                _movingFundsDustThreshold < self.redemptionDustThreshold,
+            "Moving funds dust threshold must be greater than zero and lower than redemption dust threshold"
         );
 
         require(

package/contracts/bridge/Deposit.sol

@@ -74,6 +74,8 @@ library Deposit {
         // Address of the Bank vault to which the deposit is routed to.
         // Optional, can be 0x0. The vault must be trusted by the Bridge.
         address vault;
+        // This struct doesn't contain `__gap` property as the structure is not
+        // stored, it is used as a function's calldata argument.
     }
 
     /// @notice Represents tBTC deposit request data.
@@ -93,6 +95,9 @@ library Deposit {
         // time when the deposit was swept on the Bitcoin chain but actually
         // the time when the sweep proof was delivered to the Ethereum chain.
         uint32 sweptAt;
+        // This struct doesn't contain `__gap` property as the structure is stored
+        // in a mapping, mappings store values in different slots and they are
+        // not contiguous with other values.
     }
 
     event DepositRevealed(

package/contracts/bridge/DepositSweep.sol

@@ -60,6 +60,8 @@ library DepositSweep {
         // with the same `vault` parameter. It is an optional parameter.
         // Set to zero address if deposits are not routed to a vault.
         address vault;
+        // This struct doesn't contain `__gap` property as the structure is not
+        // stored, it is used as a function's memory argument.
     }
 
     /// @notice Represents an outcome of the sweep Bitcoin transaction
@@ -86,6 +88,8 @@ library DepositSweep {
         // UTXO doesn't exist) or less by one (main UTXO exists and is pointed
         // by one of the inputs).
         uint256[] treasuryFees;
+        // This struct doesn't contain `__gap` property as the structure is not
+        // stored, it is used as a function's memory argument.
     }
 
     event DepositsSwept(bytes20 walletPubKeyHash, bytes32 sweepTxHash);

package/contracts/bridge/Fraud.sol

@@ -68,6 +68,9 @@ library Fraud {
         uint32 reportedAt;
         // The flag indicating whether the challenge has been resolved.
         bool resolved;
+        // This struct doesn't contain `__gap` property as the structure is stored
+        // in a mapping, mappings store values in different slots and they are
+        // not contiguous with other values.
     }
 
     event FraudChallengeSubmitted(

package/contracts/bridge/MovingFunds.sol

@@ -56,6 +56,8 @@ library MovingFunds {
         // during the processing. The validation is usually done as part
         // of the `BitcoinTx.validateProof` call that checks the SPV proof.
         bytes movingFundsTxOutputVector;
+        // This struct doesn't contain `__gap` property as the structure is not
+        // stored, it is used as a function's memory argument.
     }
 
     /// @notice Represents moved funds sweep request state.
@@ -85,6 +87,9 @@ library MovingFunds {
         uint32 createdAt;
         // The current state of the request.
         MovedFundsSweepRequestState state;
+        // This struct doesn't contain `__gap` property as the structure is stored
+        // in a mapping, mappings store values in different slots and they are
+        // not contiguous with other values.
     }
 
     event MovingFundsCommitmentSubmitted(
@@ -93,6 +98,8 @@ library MovingFunds {
         address submitter
     );
 
+    event MovingFundsTimeoutReset(bytes20 walletPubKeyHash);
+
     event MovingFundsCompleted(
         bytes20 walletPubKeyHash,
         bytes32 movingFundsTxHash
@@ -206,10 +213,8 @@ library MovingFunds {
 
         // This requirement fails only when `liveWalletsCount` is zero. In
         // that case, the system cannot accept the commitment and must provide
-        // new wallets first.
-        //
-        // TODO: Expose separate function to reset the moving funds timeout
-        //       if no Live wallets exist in the system.
+        // new wallets first. However, the wallet supposed to submit the
+        // commitment can keep resetting the moving funds timeout until then.
         require(expectedTargetWalletsCount > 0, "No target wallets available");
 
         require(
@@ -252,6 +257,44 @@ library MovingFunds {
         );
     }
 
+    /// @notice Resets the moving funds timeout for the given wallet if the
+    ///         target wallet commitment cannot be submitted due to a lack
+    ///         of live wallets in the system.
+    /// @param walletPubKeyHash 20-byte public key hash of the moving funds wallet
+    /// @dev Requirements:
+    ///      - The wallet must be in the MovingFunds state
+    ///      - The target wallets commitment must not be already submitted for
+    ///        the given moving funds wallet
+    ///      - Live wallets count must be zero
+    function resetMovingFundsTimeout(
+        BridgeState.Storage storage self,
+        bytes20 walletPubKeyHash
+    ) external {
+        Wallets.Wallet storage wallet = self.registeredWallets[
+            walletPubKeyHash
+        ];
+
+        require(
+            wallet.state == Wallets.WalletState.MovingFunds,
+            "ECDSA wallet must be in MovingFunds state"
+        );
+
+        // If the moving funds wallet already submitted their target wallets
+        // commitment, there is no point to reset the timeout since the
+        // wallet can make the BTC transaction and submit the proof.
+        require(
+            wallet.movingFundsTargetWalletsCommitmentHash == bytes32(0),
+            "Target wallets commitment already submitted"
+        );
+
+        require(self.liveWalletsCount == 0, "Live wallets count must be zero");
+
+        /* solhint-disable-next-line not-rely-on-time */
+        wallet.movingFundsRequestedAt = uint32(block.timestamp);
+
+        emit MovingFundsTimeoutReset(walletPubKeyHash);
+    }
+
     /// @notice Used by the wallet to prove the BTC moving funds transaction
     ///         and to make the necessary state changes. Moving funds is only
     ///         accepted if it satisfies SPV proof.

package/contracts/bridge/Redemption.sol

@@ -169,6 +169,9 @@ library Redemption {
         uint64 txMaxFee;
         // UNIX timestamp the request was created at.
         uint32 requestedAt;
+        // This struct doesn't contain `__gap` property as the structure is stored
+        // in a mapping, mappings store values in different slots and they are
+        // not contiguous with other values.
     }
 
     /// @notice Represents an outcome of the redemption Bitcoin transaction
@@ -187,6 +190,8 @@ library Redemption {
         uint32 changeIndex;
         // Value in satoshi of the change output.
         uint64 changeValue;
+        // This struct doesn't contain `__gap` property as the structure is not
+        // stored, it is used as a function's memory argument.
     }
 
     /// @notice Represents temporary information needed during the processing of
@@ -203,6 +208,8 @@ library Redemption {
         bytes32 walletP2PKHScriptKeccak;
         // P2WPKH script for the wallet. Needed to determine the change output.
         bytes32 walletP2WPKHScriptKeccak;
+        // This struct doesn't contain `__gap` property as the structure is not
+        // stored, it is used as a function's memory argument.
     }
 
     event RedemptionRequested(
@@ -825,7 +832,6 @@ library Redemption {
             request.treasuryFee;
 
         require(
-            // TODO: Allow the wallets in `Closing` state when the state is added
             wallet.state == Wallets.WalletState.Live ||
                 wallet.state == Wallets.WalletState.MovingFunds ||
                 wallet.state == Wallets.WalletState.Terminated,

package/contracts/bridge/Wallets.sol

@@ -86,6 +86,9 @@ library Wallets {
         // is built by applying the keccak256 hash over the list of 20-byte
         // public key hashes of the target wallets.
         bytes32 movingFundsTargetWalletsCommitmentHash;
+        // This struct doesn't contain `__gap` property as the structure is stored
+        // in a mapping, mappings store values in different slots and they are
+        // not contiguous with other values.
     }
 
     event NewWalletRequested();

package/contracts/hardhat-dependency-compiler/.hardhat-dependency-compiler

@@ -0,0 +1 @@
+directory approved for write access by hardhat-dependency-compiler

package/contracts/hardhat-dependency-compiler/@openzeppelin/contracts/proxy/transparent/ProxyAdmin.sol

@@ -0,0 +1,3 @@
+// SPDX-License-Identifier: UNLICENSED
+pragma solidity >0.0.0;
+import '@openzeppelin/contracts/proxy/transparent/ProxyAdmin.sol';

package/contracts/hardhat-dependency-compiler/@openzeppelin/contracts/proxy/transparent/TransparentUpgradeableProxy.sol

@@ -0,0 +1,3 @@
+// SPDX-License-Identifier: UNLICENSED
+pragma solidity >0.0.0;
+import '@openzeppelin/contracts/proxy/transparent/TransparentUpgradeableProxy.sol';

package/deploy/00_resolve_wallet_registry.ts

@@ -0,0 +1,83 @@
+import { HardhatRuntimeEnvironment } from "hardhat/types"
+
+import { DeployFunction } from "hardhat-deploy/types"
+
+import deploySortitionPool from "@keep-network/ecdsa/export/deploy/01_deploy_sortition_pool"
+import deployReimbursementPool from "@keep-network/ecdsa/export/deploy/02_deploy_reimbursement_pool"
+import deployDkgValidator from "@keep-network/ecdsa/export/deploy/03_deploy_dkg_validator"
+
+const func: DeployFunction = async function (hre: HardhatRuntimeEnvironment) {
+  const { getNamedAccounts, deployments, helpers } = hre
+  const { log } = deployments
+  const { deployer } = await getNamedAccounts()
+
+  const WalletRegistry = await deployments.getOrNull("WalletRegistry")
+
+  if (WalletRegistry && helpers.address.isValid(WalletRegistry.address)) {
+    log(`using external WalletRegistry at ${WalletRegistry.address}`)
+  } else if (hre.network.name !== "hardhat") {
+    throw new Error("deployed WalletRegistry contract not found")
+  } else {
+    // FIXME: This is a workaround deployment. We expect that the `WalletRegistry`
+    // contract deployment will be imported from `@keep-network/ecdsa` deployment
+    // scripts. But due to some bug or incompatibility of the plugins we use
+    // the deployment fails. We need to investigate it further nad get working
+    // properly.
+    // https://github.com/keep-network/tbtc-v2/issues/267
+    log("deploying WalletRegistry")
+
+    await deploySortitionPool(hre)
+    await deployReimbursementPool(hre)
+    await deployDkgValidator(hre)
+
+    const SortitionPool = await deployments.get("SortitionPool")
+    const TokenStaking = await deployments.get("TokenStaking")
+    const ReimbursementPool = await deployments.get("ReimbursementPool")
+    const EcdsaDkgValidator = await deployments.get("EcdsaDkgValidator")
+
+    // TODO: RandomBeaconStub contract should be replaced by actual implementation of
+    // RandomBeacon contract, once @keep-network/random-beacon hardhat deployments
+    // scripts are implemented.
+    log("deploying RandomBeaconStub contract instead of RandomBeacon")
+    const RandomBeacon = await deployments.deploy("RandomBeaconStub", {
+      from: deployer,
+      log: true,
+    })
+
+    const EcdsaInactivity = await deployments.deploy("EcdsaInactivity", {
+      from: deployer,
+      log: true,
+    })
+
+    // Use `deployments.deploy` instead of `helpers.upgrades.deployProxy` as
+    // to workaround problem with a hardhat-gas-reporter problem described in
+    // https://github.com/keep-network/keep-core/pull/2970.
+    await deployments.deploy("WalletRegistry", {
+      from: deployer,
+      args: [SortitionPool.address, TokenStaking.address],
+      libraries: {
+        EcdsaInactivity: EcdsaInactivity.address,
+      },
+      proxy: {
+        proxyContract: "TransparentUpgradeableProxy",
+        viaAdminContract: "DefaultProxyAdmin",
+        owner: deployer,
+        execute: {
+          init: {
+            methodName: "initialize",
+            args: [
+              EcdsaDkgValidator.address,
+              RandomBeacon.address,
+              ReimbursementPool.address,
+            ],
+          },
+        },
+      },
+      log: true,
+    })
+  }
+}
+
+export default func
+
+func.tags = ["WalletRegistry"]

package/deploy/05_deploy_bridge.ts

@@ -2,7 +2,7 @@ import { HardhatRuntimeEnvironment } from "hardhat/types"
 import { DeployFunction } from "hardhat-deploy/types"
 
 const func: DeployFunction = async function (hre: HardhatRuntimeEnvironment) {
-  const { deployments, getNamedAccounts } = hre
+  const { ethers, helpers, deployments, getNamedAccounts } = hre
   const { deploy } = deployments
   const { deployer, treasury } = await getNamedAccounts()
 
@@ -31,32 +31,41 @@ const func: DeployFunction = async function (hre: HardhatRuntimeEnvironment) {
     log: true,
   })
 
-  const Bridge = await deploy("Bridge", {
-    contract:
+  const bridge = await helpers.upgrades.deployProxy("Bridge", {
+    contractName:
       deployments.getNetworkName() === "hardhat" ? "BridgeStub" : undefined,
-    from: deployer,
-    args: [
+    initializerArgs: [
       Bank.address,
       Relay.address,
       treasury,
       WalletRegistry.address,
       txProofDifficultyFactor,
     ],
-    libraries: {
-      Deposit: Deposit.address,
-      DepositSweep: DepositSweep.address,
-      Redemption: Redemption.address,
-      Wallets: Wallets.address,
-      Fraud: Fraud.address,
-      MovingFunds: MovingFunds.address,
+    factoryOpts: {
+      signer: await ethers.getSigner(deployer),
+      libraries: {
+        Deposit: Deposit.address,
+        DepositSweep: DepositSweep.address,
+        Redemption: Redemption.address,
+        Wallets: Wallets.address,
+        Fraud: Fraud.address,
+        MovingFunds: MovingFunds.address,
+      },
+    },
+    proxyOpts: {
+      kind: "transparent",
+      // Allow external libraries linking. We need to ensure manually that the
+      // external  libraries we link are upgrade safe, as the OpenZeppelin plugin
+      // doesn't perform such a validation yet.
+      // See: https://docs.openzeppelin.com/upgrades-plugins/1.x/faq#why-cant-i-use-external-libraries
+      unsafeAllow: ["external-library-linking"],
     },
-    log: true,
   })
 
   if (hre.network.tags.tenderly) {
     await hre.tenderly.verify({
       name: "Bridge",
-      address: Bridge.address,
+      address: bridge.address,
     })
   }
 }

package/deploy/09_transfer_proxy_admin_ownership.ts

@@ -0,0 +1,23 @@
+import type { HardhatRuntimeEnvironment } from "hardhat/types"
+import type { DeployFunction } from "hardhat-deploy/types"
+
+const func: DeployFunction = async (hre: HardhatRuntimeEnvironment) => {
+  const { ethers, getNamedAccounts, upgrades, deployments } = hre
+  const { esdm } = await getNamedAccounts()
+  const { deployer } = await ethers.getNamedSigners()
+
+  // TODO: Once a DAO is established we want to switch to ProxyAdminWithDeputy and
+  // use the DAO as the proxy admin owner and ESDM as the deputy. Until then we
+  // use governance as the owner of ProxyAdmin contract.
+  const newProxyAdminOwner = esdm
+
+  deployments.log(`transferring ProxyAdmin ownership to ${newProxyAdminOwner}`)
+
+  const proxyAdmin = await upgrades.admin.getInstance()
+  await proxyAdmin.connect(deployer).transferOwnership(newProxyAdminOwner)
+}
+
+export default func
+
+func.tags = ["TransferProxyAdminOwnership"]
+func.dependencies = ["Bridge"]

package/deploy/10_deploy_proxy_admin_with_deputy.ts

@@ -0,0 +1,33 @@
+import type { HardhatRuntimeEnvironment } from "hardhat/types"
+import type { DeployFunction } from "hardhat-deploy/types"
+
+const func: DeployFunction = async (hre: HardhatRuntimeEnvironment) => {
+  const { ethers, getNamedAccounts, upgrades, deployments } = hre
+  const { deployer, dao, esdm } = await getNamedAccounts()
+
+  const BridgeProxyAdminWithDeputy = await deployments.deploy(
+    "BridgeProxyAdminWithDeputy",
+    {
+      contract: "ProxyAdminWithDeputy",
+      from: deployer,
+      args: [dao, esdm],
+      log: true,
+    }
+  )
+
+  const Bridge = await deployments.get("Bridge")
+
+  const proxyAdmin = await upgrades.admin.getInstance()
+
+  await proxyAdmin
+    .connect(await ethers.getSigner(esdm))
+    .changeProxyAdmin(Bridge.address, BridgeProxyAdminWithDeputy.address)
+}
+
+export default func
+
+func.tags = ["BridgeProxyAdminWithDeputy"]
+func.dependencies = ["Bridge"]
+
+// TODO: For now we skip this script as DAO is not yet established.
+func.skip = async () => true