@keep-network/tbtc-v2 0.1.1-dev.95 → 0.1.1-dev.98

package/contracts/bridge/Redemption.sol

@@ -42,34 +42,11 @@ library OutboundTx {
     ///        before it is passed here.
     /// @param mainUtxo Data of the wallet's main UTXO, as currently known on
     ///        the Ethereum chain.
-    /// @param walletPubKeyHash 20-byte public key hash (computed using Bitcoin
-    //         HASH160 over the compressed ECDSA public key) of the wallet which
-    ///        performed the outbound transaction.
     function processWalletOutboundTxInput(
         BridgeState.Storage storage self,
         bytes memory walletOutboundTxInputVector,
-        BitcoinTx.UTXO calldata mainUtxo,
-        bytes20 walletPubKeyHash
+        BitcoinTx.UTXO calldata mainUtxo
     ) internal {
-        // Assert that main UTXO for passed wallet exists in storage.
-        bytes32 mainUtxoHash = self
-            .registeredWallets[walletPubKeyHash]
-            .mainUtxoHash;
-        require(mainUtxoHash != bytes32(0), "No main UTXO for given wallet");
-
-        // Assert that passed main UTXO parameter is the same as in storage and
-        // can be used for further processing.
-        require(
-            keccak256(
-                abi.encodePacked(
-                    mainUtxo.txHash,
-                    mainUtxo.txOutputIndex,
-                    mainUtxo.txOutputValue
-                )
-            ) == mainUtxoHash,
-            "Invalid main UTXO data"
-        );
-
         // Assert that the single outbound transaction input actually
         // refers to the wallet's main UTXO.
         (
@@ -447,16 +424,14 @@ library Redemption {
         );
 
         // Validate if redeemer output script is a correct standard type
-        // (P2PKH, P2WPKH, P2SH or P2WSH). This is done by building a stub
-        // output with 0 as value and using `BTCUtils.extractHash` on it. Such
-        // a function extracts the payload properly only from standard outputs
-        // so if it succeeds, we have a guarantee the redeemer output script
-        // is proper. Worth to note `extractHash` ignores the value at all
-        // so this is why we can use 0 safely. This way of validation is the
-        // same as in tBTC v1.
-        bytes memory redeemerOutputScriptPayload = abi
-            .encodePacked(bytes8(0), redeemerOutputScript)
-            .extractHash();
+        // (P2PKH, P2WPKH, P2SH or P2WSH). This is done by using
+        // `BTCUtils.extractHashAt` on it. Such a function extracts the payload
+        // properly only from standard outputs so if it succeeds, we have a
+        // guarantee the redeemer output script is proper. The underlying way
+        // of validation is the same as in tBTC v1.
+        bytes memory redeemerOutputScriptPayload = redeemerOutputScript
+            .extractHashAt(0, redeemerOutputScript.length);
+
         require(
             redeemerOutputScriptPayload.length > 0,
             "Redeemer output script must be a standard type"
@@ -464,8 +439,8 @@ library Redemption {
         // Check if the redeemer output script payload does not point to the
         // wallet public key hash.
         require(
-            keccak256(abi.encodePacked(walletPubKeyHash)) !=
-                keccak256(redeemerOutputScriptPayload),
+            redeemerOutputScriptPayload.length != 20 ||
+                walletPubKeyHash != redeemerOutputScriptPayload.slice20(0),
             "Redeemer output script must not point to the wallet PKH"
         );
 
@@ -478,8 +453,9 @@ library Redemption {
         // and redeemer output script pair. That means there can be only one
         // request asking for redemption from the given wallet to the given
         // BTC script at the same time.
-        uint256 redemptionKey = uint256(
-            keccak256(abi.encodePacked(walletPubKeyHash, redeemerOutputScript))
+        uint256 redemptionKey = getRedemptionKey(
+            walletPubKeyHash,
+            redeemerOutputScript
         );
 
         // Check if given redemption key is not used by a pending redemption.
@@ -520,6 +496,7 @@ library Redemption {
             uint32(block.timestamp)
         );
 
+        // slither-disable-next-line reentrancy-events
         emit RedemptionRequested(
             walletPubKeyHash,
             redeemerOutputScript,
@@ -583,6 +560,9 @@ library Redemption {
         BitcoinTx.UTXO calldata mainUtxo,
         bytes20 walletPubKeyHash
     ) external {
+        // Wallet state validation is performed in the `resolveRedeemingWallet`
+        // function.
+
         // The actual transaction proof is performed here. After that point, we
         // can assume the transaction happened on Bitcoin chain and has
         // a sufficient number of confirmations as determined by
@@ -592,24 +572,18 @@ library Redemption {
             redemptionProof
         );
 
+        Wallets.Wallet storage wallet = resolveRedeemingWallet(
+            self,
+            walletPubKeyHash,
+            mainUtxo
+        );
+
         // Process the redemption transaction input. Specifically, check if it
         // refers to the expected wallet's main UTXO.
         OutboundTx.processWalletOutboundTxInput(
             self,
             redemptionTx.inputVector,
-            mainUtxo,
-            walletPubKeyHash
-        );
-
-        Wallets.Wallet storage wallet = self.registeredWallets[
-            walletPubKeyHash
-        ];
-
-        Wallets.WalletState walletState = wallet.state;
-        require(
-            walletState == Wallets.WalletState.Live ||
-                walletState == Wallets.WalletState.MovingFunds,
-            "Wallet must be in Live or MovingFunds state"
+            mainUtxo
         );
 
         // Process redemption transaction outputs to extract some info required
@@ -645,6 +619,50 @@ library Redemption {
         self.bank.transferBalance(self.treasury, outputsInfo.totalTreasuryFee);
     }
 
+    /// @notice Resolves redeeming wallet based on the provided wallet public
+    ///         key hash. Validates the wallet state and current main UTXO, as
+    ///         currently known on the Ethereum chain.
+    /// @param walletPubKeyHash public key hash of the wallet proving the sweep
+    ///        Bitcoin transaction.
+    /// @param mainUtxo Data of the wallet's main UTXO, as currently known on
+    ///        the Ethereum chain.
+    /// @return wallet Data of the sweeping wallet.
+    /// @dev Requirements:
+    ///     - Sweeping wallet must be either in Live or MovingFunds state,
+    ///     - Main UTXO of the redeeming wallet must exists in the storage,
+    ///     - The passed `mainUTXO` parameter must be equal to the stored one.
+    function resolveRedeemingWallet(
+        BridgeState.Storage storage self,
+        bytes20 walletPubKeyHash,
+        BitcoinTx.UTXO calldata mainUtxo
+    ) internal view returns (Wallets.Wallet storage wallet) {
+        wallet = self.registeredWallets[walletPubKeyHash];
+
+        // Assert that main UTXO for passed wallet exists in storage.
+        bytes32 mainUtxoHash = wallet.mainUtxoHash;
+        require(mainUtxoHash != bytes32(0), "No main UTXO for given wallet");
+
+        // Assert that passed main UTXO parameter is the same as in storage and
+        // can be used for further processing.
+        require(
+            keccak256(
+                abi.encodePacked(
+                    mainUtxo.txHash,
+                    mainUtxo.txOutputIndex,
+                    mainUtxo.txOutputValue
+                )
+            ) == mainUtxoHash,
+            "Invalid main UTXO data"
+        );
+
+        Wallets.WalletState walletState = wallet.state;
+        require(
+            walletState == Wallets.WalletState.Live ||
+                walletState == Wallets.WalletState.MovingFunds,
+            "Wallet must be in Live or MovingFunds state"
+        );
+    }
+
     /// @notice Processes the Bitcoin redemption transaction output vector.
     ///         It extracts each output and tries to identify it as a pending
     ///         redemption request, reported timed out request, or change.
@@ -656,7 +674,7 @@ library Redemption {
     ///        must be validated using e.g. `BTCUtils.validateVout` function
     ///        before it is passed here.
     /// @param walletPubKeyHash 20-byte public key hash (computed using Bitcoin
-    //         HASH160 over the compressed ECDSA public key) of the wallet which
+    ///        HASH160 over the compressed ECDSA public key) of the wallet which
     ///        performed the redemption transaction.
     /// @return info Outcomes of the processing.
     function processRedemptionTxOutputs(
@@ -704,7 +722,7 @@ library Redemption {
         // which matches the P2PKH structure as per:
         // https://en.bitcoin.it/wiki/Transaction#Pay-to-PubkeyHash
         bytes32 walletP2PKHScriptKeccak = keccak256(
-            abi.encodePacked(hex"1976a914", walletPubKeyHash, hex"88ac")
+            abi.encodePacked(BitcoinTx.makeP2PKHScript(walletPubKeyHash))
         );
         // The P2WPKH script has the byte format: <0x160014> <20-byte PKH>.
         // According to https://en.bitcoin.it/wiki/Script#Opcodes this translates to:
@@ -714,7 +732,7 @@ library Redemption {
         // which matches the P2WPKH structure as per:
         // https://github.com/bitcoin/bips/blob/master/bip-0141.mediawiki#P2WPKH
         bytes32 walletP2WPKHScriptKeccak = keccak256(
-            abi.encodePacked(hex"160014", walletPubKeyHash)
+            abi.encodePacked(BitcoinTx.makeP2WPKHScript(walletPubKeyHash))
         );
 
         return
@@ -733,7 +751,7 @@ library Redemption {
 
     /// @notice Processes all outputs from the redemption transaction. Tries to
     ///         identify output as a change output, pending redemption request
-    //          or reported redemption. Reverts if one of the outputs cannot be
+    ///         or reported redemption. Reverts if one of the outputs cannot be
     ///         recognized properly. Marks each request as processed by removing
     ///         them from `pendingRedemptions` mapping.
     /// @param redemptionTxOutputVector Bitcoin redemption transaction output
@@ -741,7 +759,7 @@ library Redemption {
     ///        must be validated using e.g. `BTCUtils.validateVout` function
     ///        before it is passed here.
     /// @param walletPubKeyHash 20-byte public key hash (computed using Bitcoin
-    //         HASH160 over the compressed ECDSA public key) of the wallet which
+    ///        HASH160 over the compressed ECDSA public key) of the wallet which
     ///        performed the redemption transaction.
     /// @param processInfo RedemptionTxOutputsProcessingInfo identifying output
     ///        starting index, the number of outputs and possible wallet change
@@ -765,24 +783,33 @@ library Redemption {
             //       https://github.com/keep-network/tbtc-v2/issues/257
             uint256 outputLength = redemptionTxOutputVector
                 .determineOutputLengthAt(processInfo.outputStartingIndex);
-            bytes memory output = redemptionTxOutputVector.slice(
-                processInfo.outputStartingIndex,
-                outputLength
-            );
 
             // Extract the value from given output.
-            uint64 outputValue = output.extractValue();
+            uint64 outputValue = redemptionTxOutputVector.extractValueAt(
+                processInfo.outputStartingIndex
+            );
+
+            uint256 scriptLength = outputLength - 8;
+
             // The output consists of an 8-byte value and a variable length
-            // script. To extract that script we slice the output starting from
+            // script. To hash that script we slice the output starting from
             // 9th byte until the end.
-            bytes memory outputScript = output.slice(8, output.length - 8);
+
+            uint256 outputScriptStart = processInfo.outputStartingIndex + 8;
+
+            bytes32 outputScriptHash;
+            /* solhint-disable-next-line no-inline-assembly */
+            assembly {
+                outputScriptHash := keccak256(
+                    add(redemptionTxOutputVector, add(outputScriptStart, 32)),
+                    scriptLength
+                )
+            }
 
             if (
                 resultInfo.changeValue == 0 &&
-                (keccak256(outputScript) ==
-                    processInfo.walletP2PKHScriptKeccak ||
-                    keccak256(outputScript) ==
-                    processInfo.walletP2WPKHScriptKeccak) &&
+                (outputScriptHash == processInfo.walletP2PKHScriptKeccak ||
+                    outputScriptHash == processInfo.walletP2WPKHScriptKeccak) &&
                 outputValue > 0
             ) {
                 // If we entered here, that means the change output with a
@@ -797,8 +824,7 @@ library Redemption {
                     uint64 treasuryFee
                 ) = processNonChangeRedemptionTxOutput(
                         self,
-                        walletPubKeyHash,
-                        outputScript,
+                        _getRedemptionKey(walletPubKeyHash, outputScriptHash),
                         outputValue
                     );
                 resultInfo.totalBurnableValue += burnableValue;
@@ -829,10 +855,7 @@ library Redemption {
     ///         requested and reported timed-out redemption.
     ///         This function also marks each pending request as processed by
     ///         removing them from `pendingRedemptions` mapping.
-    /// @param walletPubKeyHash 20-byte public key hash (computed using Bitcoin
-    //         HASH160 over the compressed ECDSA public key) of the wallet which
-    ///        performed the redemption transaction.
-    /// @param outputScript Non-change output script to be processed.
+    /// @param redemptionKey Redemption key of the output being processed.
     /// @param outputValue Value of the output being processed.
     /// @return burnableValue The value burnable as a result of processing this
     ///         single redemption output. This value needs to be summed up with
@@ -846,17 +869,9 @@ library Redemption {
     ///         redemption request.
     function processNonChangeRedemptionTxOutput(
         BridgeState.Storage storage self,
-        bytes20 walletPubKeyHash,
-        bytes memory outputScript,
+        uint256 redemptionKey,
         uint64 outputValue
     ) internal returns (uint64 burnableValue, uint64 treasuryFee) {
-        // This function should be called only if the given output is
-        // supposed to represent a redemption. Build the redemption key
-        // to perform that check.
-        uint256 redemptionKey = uint256(
-            keccak256(abi.encodePacked(walletPubKeyHash, outputScript))
-        );
-
         if (self.pendingRedemptions[redemptionKey].requestedAt != 0) {
             // If we entered here, that means the output was identified
             // as a pending redemption request.
@@ -956,8 +971,10 @@ library Redemption {
         uint32[] calldata walletMembersIDs,
         bytes calldata redeemerOutputScript
     ) external {
-        uint256 redemptionKey = uint256(
-            keccak256(abi.encodePacked(walletPubKeyHash, redeemerOutputScript))
+        // Wallet state is validated in `notifyWalletRedemptionTimeout`.
+        uint256 redemptionKey = getRedemptionKey(
+            walletPubKeyHash,
+            redeemerOutputScript
         );
         Redemption.RedemptionRequest memory request = self.pendingRedemptions[
             redemptionKey
@@ -978,44 +995,62 @@ library Redemption {
             request.requestedAmount -
             request.treasuryFee;
 
-        require(
-            wallet.state == Wallets.WalletState.Live ||
-                wallet.state == Wallets.WalletState.MovingFunds ||
-                wallet.state == Wallets.WalletState.Terminated,
-            "Wallet must be in Live, MovingFunds or Terminated state"
-        );
-
         // It is worth noting that there is no need to check if
         // `timedOutRedemption` mapping already contains the given redemption
         // key. There is no possibility to re-use a key of a reported timed-out
         // redemption because the wallet responsible for causing the timeout is
         // moved to a state that prevents it to receive new redemption requests.
 
+        // Propagate timeout consequences to the wallet
+        self.notifyWalletRedemptionTimeout(walletPubKeyHash, walletMembersIDs);
+
         // Move the redemption from pending redemptions to timed-out redemptions
         self.timedOutRedemptions[redemptionKey] = request;
         delete self.pendingRedemptions[redemptionKey];
 
-        if (
-            wallet.state == Wallets.WalletState.Live ||
-            wallet.state == Wallets.WalletState.MovingFunds
-        ) {
-            // Slash the wallet operators and reward the notifier
-            self.ecdsaWalletRegistry.seize(
-                self.redemptionTimeoutSlashingAmount,
-                self.redemptionTimeoutNotifierRewardMultiplier,
-                msg.sender,
-                wallet.ecdsaWalletID,
-                walletMembersIDs
-            );
-
-            // Propagate timeout consequences to the wallet
-            self.notifyWalletTimedOutRedemption(walletPubKeyHash);
-        }
-
         // slither-disable-next-line reentrancy-events
         emit RedemptionTimedOut(walletPubKeyHash, redeemerOutputScript);
 
         // Return the requested amount of tokens to the redeemer
         self.bank.transferBalance(request.redeemer, request.requestedAmount);
     }
+
+    /// @notice Calculate redemption key without allocations.
+    /// @param walletPubKeyHash the pubkey hash of the wallet.
+    /// @param script the output script of the redemption.
+    /// @return The key = keccak256(keccak256(script), walletPubKeyHash).
+    function getRedemptionKey(bytes20 walletPubKeyHash, bytes memory script)
+        internal
+        pure
+        returns (uint256)
+    {
+        bytes32 scriptHash = keccak256(script);
+        uint256 key;
+        /* solhint-disable-next-line no-inline-assembly */
+        assembly {
+            mstore(0, scriptHash)
+            mstore(32, walletPubKeyHash)
+            key := keccak256(0, 52)
+        }
+        return key;
+    }
+
+    /// @notice Finish calculating redemption key without allocations.
+    /// @param walletPubKeyHash the pubkey hash of the wallet.
+    /// @param scriptHash the output script hash of the redemption.
+    /// @return The key = keccak256(scriptHash, walletPubKeyHash).
+    function _getRedemptionKey(bytes20 walletPubKeyHash, bytes32 scriptHash)
+        internal
+        pure
+        returns (uint256)
+    {
+        uint256 key;
+        /* solhint-disable-next-line no-inline-assembly */
+        assembly {
+            mstore(0, scriptHash)
+            mstore(32, walletPubKeyHash)
+            key := keccak256(0, 52)
+        }
+        return key;
+    }
 }