@keep-network/tbtc-v2 0.1.1-dev.66 → 0.1.1-dev.69

package/contracts/bridge/Bridge.sol

@@ -19,6 +19,11 @@ import "@keep-network/random-beacon/contracts/Governable.sol";
 
 import {IWalletOwner as EcdsaWalletOwner} from "@keep-network/ecdsa/contracts/api/IWalletOwner.sol";
 
+// TODO: We used RC version of @openzeppelin/contracts-upgradeable to use `reinitializer`
+// in upgrades. We should revisit this part before mainnet deployment and use
+// a final release package if it's ready.
+import "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";
+
 import "./IRelay.sol";
 import "./BridgeState.sol";
 import "./Deposit.sol";
@@ -54,10 +59,9 @@ import "../bank/Bank.sol";
 ///      functionalities in this contract is: deposit, sweep, redemption,
 ///      moving funds, wallet lifecycle, frauds, parameters.
 ///
-/// TODO: Revisit all events and look which parameters should be indexed.
 /// TODO: Align the convention around `param` and `dev` endings. They should
 ///       not have a punctuation mark.
-contract Bridge is Governable, EcdsaWalletOwner {
+contract Bridge is Governable, EcdsaWalletOwner, Initializable {
     using BridgeState for BridgeState.Storage;
     using Deposit for BridgeState.Storage;
     using DepositSweep for BridgeState.Storage;
@@ -71,10 +75,10 @@ contract Bridge is Governable, EcdsaWalletOwner {
     event DepositRevealed(
         bytes32 fundingTxHash,
         uint32 fundingOutputIndex,
-        address depositor,
+        address indexed depositor,
         uint64 amount,
         bytes8 blindingFactor,
-        bytes20 walletPubKeyHash,
+        bytes20 indexed walletPubKeyHash,
         bytes20 refundPubKeyHash,
         bytes4 refundLocktime,
         address vault
@@ -83,21 +87,21 @@ contract Bridge is Governable, EcdsaWalletOwner {
     event DepositsSwept(bytes20 walletPubKeyHash, bytes32 sweepTxHash);
 
     event RedemptionRequested(
-        bytes20 walletPubKeyHash,
+        bytes20 indexed walletPubKeyHash,
         bytes redeemerOutputScript,
-        address redeemer,
+        address indexed redeemer,
         uint64 requestedAmount,
         uint64 treasuryFee,
         uint64 txMaxFee
     );
 
     event RedemptionsCompleted(
-        bytes20 walletPubKeyHash,
+        bytes20 indexed walletPubKeyHash,
         bytes32 redemptionTxHash
     );
 
     event RedemptionTimedOut(
-        bytes20 walletPubKeyHash,
+        bytes20 indexed walletPubKeyHash,
         bytes redeemerOutputScript
     );
 
@@ -107,26 +111,29 @@ contract Bridge is Governable, EcdsaWalletOwner {
     );
 
     event MovingFundsCommitmentSubmitted(
-        bytes20 walletPubKeyHash,
+        bytes20 indexed walletPubKeyHash,
         bytes20[] targetWallets,
         address submitter
     );
 
-    event MovingFundsTimeoutReset(bytes20 walletPubKeyHash);
+    event MovingFundsTimeoutReset(bytes20 indexed walletPubKeyHash);
 
     event MovingFundsCompleted(
-        bytes20 walletPubKeyHash,
+        bytes20 indexed walletPubKeyHash,
         bytes32 movingFundsTxHash
     );
 
-    event MovingFundsTimedOut(bytes20 walletPubKeyHash);
+    event MovingFundsTimedOut(bytes20 indexed walletPubKeyHash);
 
-    event MovingFundsBelowDustReported(bytes20 walletPubKeyHash);
+    event MovingFundsBelowDustReported(bytes20 indexed walletPubKeyHash);
 
-    event MovedFundsSwept(bytes20 walletPubKeyHash, bytes32 sweepTxHash);
+    event MovedFundsSwept(
+        bytes20 indexed walletPubKeyHash,
+        bytes32 sweepTxHash
+    );
 
     event MovedFundsSweepTimedOut(
-        bytes20 walletPubKeyHash,
+        bytes20 indexed walletPubKeyHash,
         bytes32 movingFundsTxHash,
         uint32 movingFundsTxOutputIndex
     );
@@ -154,17 +161,20 @@ contract Bridge is Governable, EcdsaWalletOwner {
     );
 
     event FraudChallengeSubmitted(
-        bytes20 walletPubKeyHash,
+        bytes20 indexed walletPubKeyHash,
         bytes32 sighash,
         uint8 v,
         bytes32 r,
         bytes32 s
     );
 
-    event FraudChallengeDefeated(bytes20 walletPubKeyHash, bytes32 sighash);
+    event FraudChallengeDefeated(
+        bytes20 indexed walletPubKeyHash,
+        bytes32 sighash
+    );
 
     event FraudChallengeDefeatTimedOut(
-        bytes20 walletPubKeyHash,
+        bytes20 indexed walletPubKeyHash,
         bytes32 sighash
     );
 
@@ -214,13 +224,22 @@ contract Bridge is Governable, EcdsaWalletOwner {
         uint256 fraudNotifierRewardMultiplier
     );
 
-    constructor(
+    /// @dev Initializes upgradable contract on deployment.
+    /// @param _bank Address of the Bank the Bridge belongs to
+    /// @param _relay Address of the Bitcoin relay providing the current Bitcoin
+    ///        network difficulty
+    /// @param _treasury Address where the deposit and redemption treasury fees
+    ///        will be sent to
+    /// @param _ecdsaWalletRegistry Address of the ECDSA Wallet Registry contract
+    /// @param _txProofDifficultyFactor The number of confirmations on the Bitcoin
+    ///        chain required to successfully evaluate an SPV proof
+    function initialize(
         address _bank,
         address _relay,
         address _treasury,
         address _ecdsaWalletRegistry,
         uint256 _txProofDifficultyFactor
-    ) {
+    ) external initializer {
         require(_bank != address(0), "Bank address cannot be zero");
         self.bank = Bank(_bank);
 

package/contracts/bridge/BridgeState.sol

@@ -256,6 +256,14 @@ library BridgeState {
         // HASH160 over the compressed ECDSA public key) to the basic wallet
         // information like state and pending redemptions value.
         mapping(bytes20 => Wallets.Wallet) registeredWallets;
+        // Reserved storage space in case we need to add more variables.
+        // The convention from OpenZeppelin suggests the storage space should
+        // add up to 50 slots. Here we want to have more slots as there are
+        // planned upgrades of the Bridge contract. If more entires are added to
+        // the struct in the upcoming versions we need to reduce the array size.
+        // See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
+        // slither-disable-next-line unused-state
+        uint256[50] __gap;
     }
 
     event DepositParametersUpdated(

package/contracts/bridge/Deposit.sol

@@ -74,6 +74,8 @@ library Deposit {
         // Address of the Bank vault to which the deposit is routed to.
         // Optional, can be 0x0. The vault must be trusted by the Bridge.
         address vault;
+        // This struct doesn't contain `__gap` property as the structure is not
+        // stored, it is used as a function's calldata argument.
     }
 
     /// @notice Represents tBTC deposit request data.
@@ -93,15 +95,18 @@ library Deposit {
         // time when the deposit was swept on the Bitcoin chain but actually
         // the time when the sweep proof was delivered to the Ethereum chain.
         uint32 sweptAt;
+        // This struct doesn't contain `__gap` property as the structure is stored
+        // in a mapping, mappings store values in different slots and they are
+        // not contiguous with other values.
     }
 
     event DepositRevealed(
         bytes32 fundingTxHash,
         uint32 fundingOutputIndex,
-        address depositor,
+        address indexed depositor,
         uint64 amount,
         bytes8 blindingFactor,
-        bytes20 walletPubKeyHash,
+        bytes20 indexed walletPubKeyHash,
         bytes20 refundPubKeyHash,
         bytes4 refundLocktime,
         address vault

package/contracts/bridge/DepositSweep.sol

@@ -60,6 +60,8 @@ library DepositSweep {
         // with the same `vault` parameter. It is an optional parameter.
         // Set to zero address if deposits are not routed to a vault.
         address vault;
+        // This struct doesn't contain `__gap` property as the structure is not
+        // stored, it is used as a function's memory argument.
     }
 
     /// @notice Represents an outcome of the sweep Bitcoin transaction
@@ -86,6 +88,8 @@ library DepositSweep {
         // UTXO doesn't exist) or less by one (main UTXO exists and is pointed
         // by one of the inputs).
         uint256[] treasuryFees;
+        // This struct doesn't contain `__gap` property as the structure is not
+        // stored, it is used as a function's memory argument.
     }
 
     event DepositsSwept(bytes20 walletPubKeyHash, bytes32 sweepTxHash);

package/contracts/bridge/Fraud.sol

@@ -68,20 +68,26 @@ library Fraud {
         uint32 reportedAt;
         // The flag indicating whether the challenge has been resolved.
         bool resolved;
+        // This struct doesn't contain `__gap` property as the structure is stored
+        // in a mapping, mappings store values in different slots and they are
+        // not contiguous with other values.
     }
 
     event FraudChallengeSubmitted(
-        bytes20 walletPubKeyHash,
+        bytes20 indexed walletPubKeyHash,
         bytes32 sighash,
         uint8 v,
         bytes32 r,
         bytes32 s
     );
 
-    event FraudChallengeDefeated(bytes20 walletPubKeyHash, bytes32 sighash);
+    event FraudChallengeDefeated(
+        bytes20 indexed walletPubKeyHash,
+        bytes32 sighash
+    );
 
     event FraudChallengeDefeatTimedOut(
-        bytes20 walletPubKeyHash,
+        bytes20 indexed walletPubKeyHash,
         // Sighash calculated as a Bitcoin's hash256 (double sha2) of:
         // - a preimage of a transaction spending UTXO according to the protocol
         //   rules OR

package/contracts/bridge/MovingFunds.sol

@@ -56,6 +56,8 @@ library MovingFunds {
         // during the processing. The validation is usually done as part
         // of the `BitcoinTx.validateProof` call that checks the SPV proof.
         bytes movingFundsTxOutputVector;
+        // This struct doesn't contain `__gap` property as the structure is not
+        // stored, it is used as a function's memory argument.
     }
 
     /// @notice Represents moved funds sweep request state.
@@ -85,29 +87,35 @@ library MovingFunds {
         uint32 createdAt;
         // The current state of the request.
         MovedFundsSweepRequestState state;
+        // This struct doesn't contain `__gap` property as the structure is stored
+        // in a mapping, mappings store values in different slots and they are
+        // not contiguous with other values.
     }
 
     event MovingFundsCommitmentSubmitted(
-        bytes20 walletPubKeyHash,
+        bytes20 indexed walletPubKeyHash,
         bytes20[] targetWallets,
         address submitter
     );
 
-    event MovingFundsTimeoutReset(bytes20 walletPubKeyHash);
+    event MovingFundsTimeoutReset(bytes20 indexed walletPubKeyHash);
 
     event MovingFundsCompleted(
-        bytes20 walletPubKeyHash,
+        bytes20 indexed walletPubKeyHash,
         bytes32 movingFundsTxHash
     );
 
-    event MovingFundsTimedOut(bytes20 walletPubKeyHash);
+    event MovingFundsTimedOut(bytes20 indexed walletPubKeyHash);
 
-    event MovingFundsBelowDustReported(bytes20 walletPubKeyHash);
+    event MovingFundsBelowDustReported(bytes20 indexed walletPubKeyHash);
 
-    event MovedFundsSwept(bytes20 walletPubKeyHash, bytes32 sweepTxHash);
+    event MovedFundsSwept(
+        bytes20 indexed walletPubKeyHash,
+        bytes32 sweepTxHash
+    );
 
     event MovedFundsSweepTimedOut(
-        bytes20 walletPubKeyHash,
+        bytes20 indexed walletPubKeyHash,
         bytes32 movingFundsTxHash,
         uint32 movingFundsTxOutputIndex
     );

package/contracts/bridge/Redemption.sol

@@ -169,6 +169,9 @@ library Redemption {
         uint64 txMaxFee;
         // UNIX timestamp the request was created at.
         uint32 requestedAt;
+        // This struct doesn't contain `__gap` property as the structure is stored
+        // in a mapping, mappings store values in different slots and they are
+        // not contiguous with other values.
     }
 
     /// @notice Represents an outcome of the redemption Bitcoin transaction
@@ -187,6 +190,8 @@ library Redemption {
         uint32 changeIndex;
         // Value in satoshi of the change output.
         uint64 changeValue;
+        // This struct doesn't contain `__gap` property as the structure is not
+        // stored, it is used as a function's memory argument.
     }
 
     /// @notice Represents temporary information needed during the processing of
@@ -203,24 +208,26 @@ library Redemption {
         bytes32 walletP2PKHScriptKeccak;
         // P2WPKH script for the wallet. Needed to determine the change output.
         bytes32 walletP2WPKHScriptKeccak;
+        // This struct doesn't contain `__gap` property as the structure is not
+        // stored, it is used as a function's memory argument.
     }
 
     event RedemptionRequested(
-        bytes20 walletPubKeyHash,
+        bytes20 indexed walletPubKeyHash,
         bytes redeemerOutputScript,
-        address redeemer,
+        address indexed redeemer,
         uint64 requestedAmount,
         uint64 treasuryFee,
         uint64 txMaxFee
     );
 
     event RedemptionsCompleted(
-        bytes20 walletPubKeyHash,
+        bytes20 indexed walletPubKeyHash,
         bytes32 redemptionTxHash
     );
 
     event RedemptionTimedOut(
-        bytes20 walletPubKeyHash,
+        bytes20 indexed walletPubKeyHash,
         bytes redeemerOutputScript
     );
 

package/contracts/bridge/Wallets.sol

@@ -86,6 +86,9 @@ library Wallets {
         // is built by applying the keccak256 hash over the list of 20-byte
         // public key hashes of the target wallets.
         bytes32 movingFundsTargetWalletsCommitmentHash;
+        // This struct doesn't contain `__gap` property as the structure is stored
+        // in a mapping, mappings store values in different slots and they are
+        // not contiguous with other values.
     }
 
     event NewWalletRequested();

package/contracts/hardhat-dependency-compiler/.hardhat-dependency-compiler

@@ -0,0 +1 @@
+directory approved for write access by hardhat-dependency-compiler

package/contracts/hardhat-dependency-compiler/@openzeppelin/contracts/proxy/transparent/ProxyAdmin.sol

@@ -0,0 +1,3 @@
+// SPDX-License-Identifier: UNLICENSED
+pragma solidity >0.0.0;
+import '@openzeppelin/contracts/proxy/transparent/ProxyAdmin.sol';

package/contracts/hardhat-dependency-compiler/@openzeppelin/contracts/proxy/transparent/TransparentUpgradeableProxy.sol

@@ -0,0 +1,3 @@
+// SPDX-License-Identifier: UNLICENSED
+pragma solidity >0.0.0;
+import '@openzeppelin/contracts/proxy/transparent/TransparentUpgradeableProxy.sol';

package/deploy/00_resolve_wallet_registry.ts

@@ -0,0 +1,83 @@
+import { HardhatRuntimeEnvironment } from "hardhat/types"
+
+import { DeployFunction } from "hardhat-deploy/types"
+
+import deploySortitionPool from "@keep-network/ecdsa/export/deploy/01_deploy_sortition_pool"
+import deployReimbursementPool from "@keep-network/ecdsa/export/deploy/02_deploy_reimbursement_pool"
+import deployDkgValidator from "@keep-network/ecdsa/export/deploy/03_deploy_dkg_validator"
+
+const func: DeployFunction = async function (hre: HardhatRuntimeEnvironment) {
+  const { getNamedAccounts, deployments, helpers } = hre
+  const { log } = deployments
+  const { deployer } = await getNamedAccounts()
+
+  const WalletRegistry = await deployments.getOrNull("WalletRegistry")
+
+  if (WalletRegistry && helpers.address.isValid(WalletRegistry.address)) {
+    log(`using external WalletRegistry at ${WalletRegistry.address}`)
+  } else if (hre.network.name !== "hardhat") {
+    throw new Error("deployed WalletRegistry contract not found")
+  } else {
+    // FIXME: This is a workaround deployment. We expect that the `WalletRegistry`
+    // contract deployment will be imported from `@keep-network/ecdsa` deployment
+    // scripts. But due to some bug or incompatibility of the plugins we use
+    // the deployment fails. We need to investigate it further nad get working
+    // properly.
+    // https://github.com/keep-network/tbtc-v2/issues/267
+    log("deploying WalletRegistry")
+
+    await deploySortitionPool(hre)
+    await deployReimbursementPool(hre)
+    await deployDkgValidator(hre)
+
+    const SortitionPool = await deployments.get("SortitionPool")
+    const TokenStaking = await deployments.get("TokenStaking")
+    const ReimbursementPool = await deployments.get("ReimbursementPool")
+    const EcdsaDkgValidator = await deployments.get("EcdsaDkgValidator")
+
+    // TODO: RandomBeaconStub contract should be replaced by actual implementation of
+    // RandomBeacon contract, once @keep-network/random-beacon hardhat deployments
+    // scripts are implemented.
+    log("deploying RandomBeaconStub contract instead of RandomBeacon")
+    const RandomBeacon = await deployments.deploy("RandomBeaconStub", {
+      from: deployer,
+      log: true,
+    })
+
+    const EcdsaInactivity = await deployments.deploy("EcdsaInactivity", {
+      from: deployer,
+      log: true,
+    })
+
+    // Use `deployments.deploy` instead of `helpers.upgrades.deployProxy` as
+    // to workaround problem with a hardhat-gas-reporter problem described in
+    // https://github.com/keep-network/keep-core/pull/2970.
+    await deployments.deploy("WalletRegistry", {
+      from: deployer,
+      args: [SortitionPool.address, TokenStaking.address],
+      libraries: {
+        EcdsaInactivity: EcdsaInactivity.address,
+      },
+      proxy: {
+        proxyContract: "TransparentUpgradeableProxy",
+        viaAdminContract: "DefaultProxyAdmin",
+        owner: deployer,
+        execute: {
+          init: {
+            methodName: "initialize",
+            args: [
+              EcdsaDkgValidator.address,
+              RandomBeacon.address,
+              ReimbursementPool.address,
+            ],
+          },
+        },
+      },
+      log: true,
+    })
+  }
+}
+
+export default func
+
+func.tags = ["WalletRegistry"]

package/deploy/05_deploy_bridge.ts

@@ -2,7 +2,7 @@ import { HardhatRuntimeEnvironment } from "hardhat/types"
 import { DeployFunction } from "hardhat-deploy/types"
 
 const func: DeployFunction = async function (hre: HardhatRuntimeEnvironment) {
-  const { deployments, getNamedAccounts } = hre
+  const { ethers, helpers, deployments, getNamedAccounts } = hre
   const { deploy } = deployments
   const { deployer, treasury } = await getNamedAccounts()
 
@@ -31,32 +31,41 @@ const func: DeployFunction = async function (hre: HardhatRuntimeEnvironment) {
     log: true,
   })
 
-  const Bridge = await deploy("Bridge", {
-    contract:
+  const bridge = await helpers.upgrades.deployProxy("Bridge", {
+    contractName:
       deployments.getNetworkName() === "hardhat" ? "BridgeStub" : undefined,
-    from: deployer,
-    args: [
+    initializerArgs: [
       Bank.address,
       Relay.address,
       treasury,
       WalletRegistry.address,
       txProofDifficultyFactor,
     ],
-    libraries: {
-      Deposit: Deposit.address,
-      DepositSweep: DepositSweep.address,
-      Redemption: Redemption.address,
-      Wallets: Wallets.address,
-      Fraud: Fraud.address,
-      MovingFunds: MovingFunds.address,
+    factoryOpts: {
+      signer: await ethers.getSigner(deployer),
+      libraries: {
+        Deposit: Deposit.address,
+        DepositSweep: DepositSweep.address,
+        Redemption: Redemption.address,
+        Wallets: Wallets.address,
+        Fraud: Fraud.address,
+        MovingFunds: MovingFunds.address,
+      },
+    },
+    proxyOpts: {
+      kind: "transparent",
+      // Allow external libraries linking. We need to ensure manually that the
+      // external  libraries we link are upgrade safe, as the OpenZeppelin plugin
+      // doesn't perform such a validation yet.
+      // See: https://docs.openzeppelin.com/upgrades-plugins/1.x/faq#why-cant-i-use-external-libraries
+      unsafeAllow: ["external-library-linking"],
     },
-    log: true,
   })
 
   if (hre.network.tags.tenderly) {
     await hre.tenderly.verify({
       name: "Bridge",
-      address: Bridge.address,
+      address: bridge.address,
     })
   }
 }

package/deploy/09_transfer_proxy_admin_ownership.ts

@@ -0,0 +1,23 @@
+import type { HardhatRuntimeEnvironment } from "hardhat/types"
+import type { DeployFunction } from "hardhat-deploy/types"
+
+const func: DeployFunction = async (hre: HardhatRuntimeEnvironment) => {
+  const { ethers, getNamedAccounts, upgrades, deployments } = hre
+  const { esdm } = await getNamedAccounts()
+  const { deployer } = await ethers.getNamedSigners()
+
+  // TODO: Once a DAO is established we want to switch to ProxyAdminWithDeputy and
+  // use the DAO as the proxy admin owner and ESDM as the deputy. Until then we
+  // use governance as the owner of ProxyAdmin contract.
+  const newProxyAdminOwner = esdm
+
+  deployments.log(`transferring ProxyAdmin ownership to ${newProxyAdminOwner}`)
+
+  const proxyAdmin = await upgrades.admin.getInstance()
+  await proxyAdmin.connect(deployer).transferOwnership(newProxyAdminOwner)
+}
+
+export default func
+
+func.tags = ["TransferProxyAdminOwnership"]
+func.dependencies = ["Bridge"]

package/deploy/10_deploy_proxy_admin_with_deputy.ts

@@ -0,0 +1,33 @@
+import type { HardhatRuntimeEnvironment } from "hardhat/types"
+import type { DeployFunction } from "hardhat-deploy/types"
+
+const func: DeployFunction = async (hre: HardhatRuntimeEnvironment) => {
+  const { ethers, getNamedAccounts, upgrades, deployments } = hre
+  const { deployer, dao, esdm } = await getNamedAccounts()
+
+  const BridgeProxyAdminWithDeputy = await deployments.deploy(
+    "BridgeProxyAdminWithDeputy",
+    {
+      contract: "ProxyAdminWithDeputy",
+      from: deployer,
+      args: [dao, esdm],
+      log: true,
+    }
+  )
+
+  const Bridge = await deployments.get("Bridge")
+
+  const proxyAdmin = await upgrades.admin.getInstance()
+
+  await proxyAdmin
+    .connect(await ethers.getSigner(esdm))
+    .changeProxyAdmin(Bridge.address, BridgeProxyAdminWithDeputy.address)
+}
+
+export default func
+
+func.tags = ["BridgeProxyAdminWithDeputy"]
+func.dependencies = ["Bridge"]
+
+// TODO: For now we skip this script as DAO is not yet established.
+func.skip = async () => true