@ocap/tx-protocols 1.28.8 → 1.29.0

package/lib/protocols/token-factory/mint.js

@@ -1,385 +0,0 @@
-const { CustomError: Error } = require('@ocap/util/lib/error');
-const { Joi, schemas } = require('@arcblock/validator');
-const { BN, fromUnitToToken } = require('@ocap/util');
-const { Runner, pipes } = require('@ocap/tx-pipeline');
-const { account, tokenFactory, token } = require('@ocap/state');
-const pick = require('lodash/pick');
-
-const EnsureTxGas = require('../../pipes/ensure-gas');
-const EnsureTxCost = require('../../pipes/ensure-cost');
-const CalcReserve = require('./pipes/calc-reserve');
-const { applyTokenChange, applyTokenUpdates } = require('../../util');
-
-const runner = new Runner();
-
-const schema = Joi.object({
-  tokenFactory: Joi.DID().prefix().role('ROLE_TOKEN_FACTORY').required(),
-  receiver: schemas.tokenHolder.required(),
-  amount: Joi.BN().greater(0).required(),
-  data: Joi.any().optional().allow(null),
-  inputsList: schemas.multiInput.optional(),
-}).options({ stripUnknown: true, noDefaults: false });
-
-// verify itx
-runner.use(({ itx }, next) => {
-  const { error } = schema.validate(itx);
-  if (error) {
-    return next(new Error('INVALID_TX', `Invalid itx: ${error.message}`));
-  }
-  return next();
-});
-
-// ensure token factory state
-runner.use(
-  pipes.ExtractState({
-    from: 'itx.tokenFactory',
-    to: 'tokenFactoryState',
-    status: 'INVALID_TOKEN_FACTORY',
-    table: 'tokenFactory',
-  })
-);
-
-// ensure token state
-runner.use(
-  pipes.ExtractState({
-    from: 'tokenFactoryState.tokenAddress',
-    to: 'tokenState',
-    status: 'INVALID_TOKEN',
-    table: 'token',
-  })
-);
-
-runner.use(
-  pipes.VerifyTxInput({
-    fieldKey: 'itx.inputs',
-    inputsKey: 'inputs',
-    sendersKey: 'senders',
-    tokensKey: 'tokens',
-    assetsKey: null,
-  }),
-  { shouldSkip: ({ tokenFactoryState }) => !tokenFactoryState.curve }
-);
-
-// verify itx size: set hard limit here because more inputs leads to longer tx execute time
-runner.use(pipes.VerifyListSize({ listKey: ['inputs', 'senders', 'tokens', 'assets'] }), {
-  shouldSkip: ({ tokenFactoryState }) => !tokenFactoryState.curve,
-});
-
-// verify multi sig
-runner.use(pipes.VerifyMultiSigV2({ signersKey: 'senders' }), {
-  shouldSkip: ({ tokenFactoryState }) => !tokenFactoryState.curve,
-});
-
-// verify inputs token
-runner.use(
-  (context, next) => {
-    const { tokenFactoryState, inputs } = context;
-
-    const isAccepted = inputs.every(
-      (input) =>
-        input.tokensList.length &&
-        input.tokensList.every((x) => x.address === tokenFactoryState.reserveAddress) &&
-        !input.assetsList.length
-    );
-
-    if (!isAccepted) {
-      return next(new Error('INVALID_TX', `Inputs only accept ${tokenFactoryState.reserveAddress}`));
-    }
-
-    return next();
-  },
-  { shouldSkip: ({ tokenFactoryState }) => !tokenFactoryState.curve }
-);
-
-// ensure sender
-runner.use(pipes.ExtractState({ from: 'tx.from', to: 'senderState', status: 'OK', table: 'account' }));
-runner.use(
-  pipes.ExtractState({ from: 'senders', to: 'signerStates', status: 'INVALID_SIGNER_STATE', table: 'account' }),
-  { shouldSkip: ({ tokenFactoryState }) => !tokenFactoryState.curve }
-);
-runner.use(
-  pipes.VerifyAccountMigration({ signerKey: 'signerStates', stateKey: 'senderState', addressKey: 'tx.from' }),
-  { shouldSkip: ({ tokenFactoryState }) => !tokenFactoryState.curve }
-);
-
-// ensure receiver
-runner.use(pipes.ExtractState({ from: 'itx.receiver', to: 'receiverState', status: 'OK', table: 'account' }));
-runner.use(pipes.VerifyAccountMigration({ stateKey: 'receiverState', addressKey: 'itx.receiver' }));
-
-// verify blocked
-runner.use(pipes.VerifyBlocked({ stateKeys: ['signerStates', 'receiverState'] }));
-
-// ensure owner
-runner.use(
-  pipes.ExtractState({
-    from: 'tokenFactoryState.owner',
-    to: 'ownerState',
-    status: 'INVALID_OWNER_STATE',
-    table: 'account',
-  })
-);
-
-// verify minters restriction
-runner.use(
-  pipes.verifyTokenAccess({
-    statesKey: 'tokenState',
-    listFieldKey: 'minters',
-    accountKeys: ['senderState'],
-    errorMessage: 'Account {address} is not allowed to mint token {tokenAddress}',
-  })
-);
-
-// calculate reserve amount
-runner.use(
-  CalcReserve({
-    tokenFactoryKey: 'tokenFactoryState',
-    tokenStateKey: 'tokenState',
-    reserveKey: 'reserveAmount',
-    amountKey: 'itx.amount',
-  }),
-  { shouldSkip: ({ tokenFactoryState }) => !tokenFactoryState.curve }
-);
-
-// verify max supply
-runner.use((context, next) => {
-  const { tokenState, itx } = context;
-
-  if (tokenState.maxTotalSupply) {
-    const availableSupply = new BN(tokenState.maxTotalSupply).sub(new BN(tokenState.totalSupply));
-
-    if (new BN(itx.amount).gt(availableSupply)) {
-      return next(
-        new Error(
-          'INVALID_TOKEN',
-          `Maximum mintable tokens are ${fromUnitToToken(availableSupply, tokenState.decimal)} ${tokenState.symbol}`
-        )
-      );
-    }
-  }
-
-  next();
-});
-
-// verify slippage
-runner.use(
-  (context, next) => {
-    const { reserveAmount, reserveFee, inputs, tokenFactoryState } = context;
-
-    const maxReserve = inputs.reduce((total, input) => {
-      const reserveToken = input.tokensList.find((x) => x.address === tokenFactoryState.reserveAddress);
-      if (reserveToken) {
-        return total.add(new BN(reserveToken.value));
-      }
-      return total;
-    }, new BN(0));
-
-    const actual = new BN(reserveAmount).add(new BN(reserveFee || '0'));
-    if (actual.gt(maxReserve)) {
-      return next(
-        new Error(
-          'SLIPPAGE_EXCEEDED',
-          `Mint token failed due to price movement. Expected maximum: ${fromUnitToToken(maxReserve)}, actual: ${fromUnitToToken(actual)}. Try increasing your inputs.`
-        )
-      );
-    }
-
-    next();
-  },
-  { shouldSkip: ({ tokenFactoryState }) => !tokenFactoryState.curve }
-);
-
-// verify balance
-runner.use(pipes.ExtractState({ from: 'tokens', to: 'tokenStates', status: 'INVALID_TOKEN', table: 'token' }));
-runner.use(pipes.VerifyTokenBalance({ ownerKey: 'signerStates', conditionKey: 'inputs' }), {
-  shouldSkip: ({ tokenFactoryState }) => !tokenFactoryState.curve,
-});
-
-// Ensure tx fee and gas
-runner.use(
-  EnsureTxGas((context) => {
-    const result = { create: 0, update: 2, payment: 0 };
-
-    if (context.senderState) {
-      result.update += 1;
-    } else {
-      result.create += 1;
-    }
-
-    if (context.receiverState) {
-      result.update += 1;
-    } else {
-      result.create += 1;
-    }
-
-    if (context.reserveFee) {
-      result.update += 1; // owner
-    }
-
-    if (context.signerStates) {
-      result.update += context.signerStates.length;
-    }
-
-    return result;
-  })
-);
-runner.use(EnsureTxCost({ attachSenderChanges: true }));
-
-// Save context snapshot before updating states
-runner.use(pipes.TakeStateSnapshot());
-
-// update statedb: transfer tokens to new owner
-runner.use(
-  async (context, next) => {
-    const {
-      tx,
-      senderState,
-      receiverState,
-      ownerState,
-      statedb,
-      senderChange,
-      updateVaults,
-      tokenFactoryState,
-      tokenState,
-      reserveAmount,
-      reserveFee,
-      itx,
-    } = context;
-    const { amount, receiver } = itx;
-    const { reserveAddress, tokenAddress } = tokenFactoryState;
-
-    // signerStates and inputs are not exist in context for credit token
-    const signerStates = tokenFactoryState.curve ? context.signerStates : [];
-    const inputs = tokenFactoryState.curve ? context.inputs : [];
-
-    const totalReserveCost = new BN(reserveAmount || '0').add(new BN(reserveFee || '0'));
-    let currentReserveCost = new BN('0');
-
-    const accountUpdates = {};
-    const inputChanges = [];
-
-    // update signer costs
-    inputs.forEach(({ owner, tokensList }) => {
-      const reserveTokenChange = tokensList.find((item) => item.address === reserveAddress);
-      let reserveValue = new BN(reserveTokenChange.value);
-
-      // The inputs represent the estimated maximum cost from the frontend.
-      // If the actual cost is less than the maximum cost, we need to adjust the deduction correctly.
-      if (currentReserveCost.add(reserveValue).gt(totalReserveCost)) {
-        reserveTokenChange.value = totalReserveCost.sub(currentReserveCost).toString();
-        reserveValue = new BN(reserveTokenChange.value);
-      }
-      currentReserveCost = currentReserveCost.add(reserveValue);
-
-      accountUpdates[owner] = applyTokenUpdates(
-        [reserveTokenChange],
-        signerStates.find((s) => s.address === owner),
-        'sub'
-      );
-
-      inputChanges.push({
-        address: owner,
-        token: reserveAddress,
-        delta: reserveValue.neg().toString(),
-      });
-    });
-
-    // Ensure the sender exists in accountUpdates, because even if there is no balance change, we need to update his nonce
-    if (!accountUpdates[tx.from]) {
-      accountUpdates[tx.from] = senderState || {};
-    }
-
-    // update owner
-    if (reserveFee && new BN(reserveFee).gt(0)) {
-      accountUpdates[ownerState.address] = applyTokenChange(accountUpdates[ownerState.address] || ownerState, {
-        address: ownerState.address,
-        token: reserveAddress,
-        delta: reserveFee,
-      });
-    }
-
-    // update receiver
-    accountUpdates[receiver] = applyTokenChange(
-      accountUpdates[receiver] || receiverState || { address: receiver, tokens: {} },
-      {
-        address: receiver,
-        token: tokenAddress,
-        delta: amount,
-      }
-    );
-
-    // update sender
-    if (senderChange) {
-      accountUpdates[senderChange.address] = applyTokenChange(
-        accountUpdates[senderChange.address] || senderState,
-        senderChange
-      );
-    }
-
-    const [newAccountStates, newTokenFactoryState, newTokenState] = await Promise.all([
-      // update accounts
-      Promise.all(
-        Object.entries(accountUpdates).map(([address, updates]) => {
-          // We can use updateOrCreate here because the owner and signer have already been validated to exist earlier,
-          // the sender and receiver are allowed to be created in the transaction.
-          const state = [senderState, receiverState, ownerState, ...signerStates].find((x) => x?.address === address);
-
-          const actualUpdates = state ? pick(updates, ['tokens']) : { ...updates, address };
-
-          // Should only update nonce and pk for sender
-          if (address === tx.from) {
-            actualUpdates.pk = tx.pk;
-            actualUpdates.nonce = tx.nonce;
-          }
-
-          return statedb.account.updateOrCreate(state, account.updateOrCreate(state, actualUpdates, context), context);
-        })
-      ),
-
-      // Update token factory state
-      statedb.tokenFactory.update(
-        tokenFactoryState.address,
-        tokenFactory.update(
-          tokenFactoryState,
-          {
-            currentSupply: new BN(tokenFactoryState.currentSupply).add(new BN(amount)).toString(),
-            reserveBalance: new BN(tokenFactoryState.reserveBalance).add(new BN(reserveAmount || '0')).toString(),
-          },
-          context
-        ),
-        context
-      ),
-
-      statedb.token.update(
-        tokenAddress,
-        token.update(
-          tokenState,
-          {
-            totalSupply: new BN(tokenState.totalSupply).add(new BN(amount)).toString(),
-          },
-          context
-        ),
-        context
-      ),
-    ]);
-
-    context.senderState = newAccountStates.find((x) => x.address === tx.from);
-    context.receiverState = newAccountStates.find((x) => x.address === receiver);
-    // owner maybe not updated
-    context.ownerState = newAccountStates.find((x) => x.address === ownerState.address) || ownerState;
-    context.signerStates = newAccountStates.filter((x) => signerStates.find((s) => s.address === x.address));
-    context.tokenFactoryState = newTokenFactoryState;
-    context.tokenState = newTokenState;
-
-    // save this for receipt generation
-    context.inputChanges = inputChanges;
-
-    await updateVaults();
-
-    next();
-  },
-  { persistError: true }
-);
-
-runner.use(pipes.VerifyStateDiff());
-
-module.exports = runner;

package/lib/protocols/token-factory/pipes/calc-reserve.js

@@ -1,37 +0,0 @@
-const { CustomError: Error } = require('@ocap/util/lib/error');
-const get = require('lodash/get');
-const set = require('lodash/set');
-const { calcCost, calcFee } = require('@ocap/util/lib/curve');
-
-module.exports =
-  ({
-    tokenFactoryKey = 'tokenFactoryState',
-    tokenStateKey = 'tokenState',
-    reserveKey = 'reserveAmount',
-    feeKey = 'reserveFee',
-    amountKey = 'itx.amount',
-    direction = 'mint',
-  } = {}) =>
-  (context, next) => {
-    const tokenFactoryState = get(context, tokenFactoryKey);
-    const tokenState = get(context, tokenStateKey);
-    const amount = get(context, amountKey);
-
-    if (!tokenFactoryState) {
-      return next(new Error('INVALID_TOKEN_FACTORY', 'Token factory state not found'));
-    }
-    if (!tokenState) {
-      return next(new Error('INVALID_TOKEN', 'Token state not found'));
-    }
-
-    const { curve, currentSupply, feeRate } = tokenFactoryState;
-    const { decimal } = tokenState;
-
-    const reserveAmount = calcCost({ amount, decimal, currentSupply, direction, curve });
-    set(context, reserveKey, reserveAmount?.toString());
-
-    const reserveFee = calcFee({ reserveAmount, feeRate });
-    set(context, feeKey, reserveFee?.toString());
-
-    return next();
-  };

package/lib/protocols/token-factory/pipes/verify-icon.js

@@ -1,27 +0,0 @@
-const get = require('lodash/get');
-const set = require('lodash/set');
-const { CustomError: Error } = require('@ocap/util/lib/error');
-const { isSvgFile, sanitizeSvg } = require('@blocklet/xss');
-
-module.exports =
-  ({ iconKey = 'itx.token.icon', size = 16 * 1024 } = {}) =>
-  (context, next) => {
-    const icon = get(context, iconKey);
-
-    if (!icon) return next();
-
-    if (!isSvgFile(icon)) {
-      return next(new Error('INVALID_ICON', 'Token Icon is not a valid SVG file'));
-    }
-
-    const buffer = Buffer.from(icon, 'utf8');
-    if (buffer.length > size) {
-      return next(new Error('INVALID_ICON', `Token Icon must be less than ${Math.floor(size / 1024)}k`));
-    }
-
-    const sanitizedIcon = sanitizeSvg(icon, { preserveCase: true });
-
-    set(context, iconKey, sanitizedIcon);
-
-    return next();
-  };

package/lib/protocols/token-factory/pipes/verify-ownership.js

@@ -1,93 +0,0 @@
-const get = require('lodash/get');
-const { CustomError: Error } = require('@ocap/util/lib/error');
-const { verifyUrl } = require('@ocap/util/lib/url');
-const { verify: verifyVC } = require('@arcblock/vc');
-
-const isTest = ['development', 'test'].includes(process.env.NODE_ENV) || !!process.env.CI;
-
-module.exports =
-  ({ tokenKey = 'itx.token' } = {}) =>
-  async (context, next) => {
-    const { symbol, address, website } = get(context, tokenKey) || {};
-
-    if (!website) return next();
-
-    try {
-      await verifyUrl(
-        website,
-        isTest
-          ? {
-              protocols: ['http:', 'https:'],
-              blockedHosts: [],
-              allowIp: true,
-            }
-          : {
-              checkDns: true,
-            }
-      );
-    } catch (error) {
-      return next(new Error('INVALID_WEBSITE', `Website ${website} must be a valid URL: ${error.message}`));
-    }
-
-    const {
-      tx: { from, delegator },
-      config: { chainId },
-    } = context;
-
-    const sender = delegator || from;
-
-    const { origin } = new URL(website);
-    const verificationUrl = `${origin}/.well-known/ocap/tokens.json`;
-
-    try {
-      const response = await fetch(verificationUrl, {
-        redirect: 'manual',
-      });
-
-      if (!response || !response.ok) {
-        context?.logger.info('Website verification failed', {
-          symbol,
-          website,
-          status: response?.status,
-          statusText: response?.statusText,
-        });
-        return next(new Error('INVALID_WEBSITE', `Website ${website} verification failed`));
-      }
-
-      const data = await response.json();
-
-      const valids = await Promise.all(
-        data
-          .filter(Boolean)
-          .filter((item) => {
-            if (item.type !== 'TokenIssueCredential') return false;
-            if (item.issuer.id !== sender) return false;
-
-            const { id, issued } = item.credentialSubject || {};
-            return (
-              id === sender &&
-              issued.address === address &&
-              issued.symbol === symbol &&
-              issued.chainId === chainId &&
-              issued.website === website
-            );
-          })
-          .map((item) => {
-            return verifyVC({
-              vc: item,
-              ownerDid: sender,
-              trustedIssuers: sender,
-            });
-          })
-      );
-
-      if (valids.some((valid) => valid)) {
-        return next();
-      }
-
-      context.logger?.warn('Website verification failed', { address, symbol, website, data });
-      return next(new Error('INVALID_WEBSITE', `Website ${website} verification failed`));
-    } catch (error) {
-      return next(new Error('INVALID_WEBSITE', `Website ${website} verification failed: ${error.message}`));
-    }
-  };

package/lib/protocols/token-factory/pipes/verify-url.js

@@ -1,32 +0,0 @@
-const get = require('lodash/get');
-const { CustomError: Error } = require('@ocap/util/lib/error');
-const { verifyUrl } = require('@ocap/util/lib/url');
-
-const isTest = ['development', 'test'].includes(process.env.NODE_ENV) || !!process.env.CI;
-
-module.exports =
-  ({ urlKeys = ['itx.token.website', 'itx.token.metadata.value.communityUrl'] } = {}) =>
-  async (context, next) => {
-    for (const key of urlKeys) {
-      const url = get(context, key);
-      if (!url) continue;
-
-      try {
-        await verifyUrl(
-          url,
-          isTest
-            ? {
-                protocols: ['http:', 'https:'],
-                blockedHosts: [],
-                allowIp: true,
-              }
-            : {}
-        );
-      } catch (error) {
-        const name = key.split('.').pop();
-        return next(new Error('INVALID_TX', `${name} is not valid: ${error.message}`));
-      }
-    }
-
-    return next();
-  };