@ocap/tx-protocols 1.6.3 → 1.6.10

package/lib/protocols/rollup/leave.js

@@ -0,0 +1,127 @@
+/* eslint-disable indent */
+const MerkleTree = require('@ocap/merkle-tree');
+const Error = require('@ocap/util/lib/error');
+const Joi = require('@arcblock/validator');
+const { Runner, pipes } = require('@ocap/tx-pipeline');
+const { account, rollup, stake, evidence } = require('@ocap/state');
+const { toStakeAddress } = require('@arcblock/did-util');
+
+// eslint-disable-next-line global-require
+const debug = require('debug')(`${require('../../../package.json').name}:leave-rollup`);
+
+const VerifySigners = require('./pipes/verify-signers');
+const VerifyEvidence = require('./pipes/verify-evidence');
+const VerifyPaused = require('./pipes/verify-paused');
+
+const runner = new Runner();
+
+// 1. verify itx
+const schema = Joi.object({
+  rollup: Joi.DID().role('ROLE_ROLLUP').required(),
+  evidence: Joi.object({
+    hash: Joi.string().regex(Joi.patterns.txHash).required(),
+  }).required(),
+  signaturesList: Joi.schemas.multiSig.min(1).required(),
+  data: Joi.any().optional(),
+}).options({ stripUnknown: true, noDefaults: false });
+runner.use(({ itx }, next) => {
+  const { error } = schema.validate(itx);
+  return next(error ? new Error('INVALID_TX', `Invalid itx: ${error.message}`) : null);
+});
+
+// 2. verify rollup
+runner.use(pipes.ExtractState({ from: 'itx.rollup', to: 'rollupState', status: 'INVALID_ROLLUP', table: 'rollup' }));
+runner.use(VerifyPaused());
+
+// 3. verify evidence signers, signatures, state
+runner.use((context, next) => {
+  context.validatorsHash = MerkleTree.getListHash([context.tx.from]);
+  return next();
+});
+runner.use(VerifySigners({ signersKey: 'itx.signaturesList', allowSender: false, allowShrink: true }));
+runner.use(
+  VerifyEvidence({ evidenceKey: 'validatorsHash', signaturesKey: 'itx.signaturesList', verifyMethod: 'ethVerify' })
+);
+runner.use(pipes.ExtractState({ from: 'itx.evidence.hash', to: 'evidenceState', status: 'OK', table: 'evidence' }));
+runner.use(({ evidenceState }, next) => {
+  if (evidenceState) return next(new Error('INVALID_TX', 'Leave evidence already seen on this chain'));
+  return next();
+});
+
+// 4. verify tx signers and signatures
+runner.use(VerifySigners({ signersKey: 'tx.signaturesList', allowSender: false, allowShrink: true }));
+runner.use(pipes.VerifyMultiSigV2({ signersKey: 'signers' }));
+
+// 5. verify validator
+runner.use((context, next) => {
+  const { tx, rollupState } = context;
+  if (rollupState.seedValidators.some((x) => x.address === tx.from)) {
+    return next(new Error('INVALID_TX', `Address ${tx.from} can not leave since it's seed validator`));
+  }
+
+  if (rollupState.validators.some((x) => x.address === tx.from) === false) {
+    return next(new Error('INVALID_TX', `Address ${tx.from} not exist in validator whitelist`));
+  }
+
+  return next();
+});
+
+// 6. verify staking: get address, extract state
+runner.use((context, next) => {
+  const { tx, itx } = context;
+  context.stakeAddress = toStakeAddress(tx.from, itx.rollup);
+  return next();
+});
+runner.use(
+  pipes.ExtractState({ from: 'stakeAddress', to: 'stakeState', status: 'INVALID_STAKE_STATE', table: 'stake' })
+);
+
+// 7. verify sender state
+runner.use(
+  pipes.ExtractState({ from: 'tx.from', to: 'senderState', status: 'INVALID_SENDER_STATE', table: 'account' })
+);
+runner.use(
+  pipes.ExtractState({ from: 'signers', to: 'signerStates', status: 'INVALID_SIGNER_STATE', table: 'account' })
+);
+runner.use(pipes.VerifyAccountMigration({ signerKey: 'signerStates', senderKey: 'senderState' }));
+
+// 8. update state
+runner.use(
+  async (context, next) => {
+    const { tx, itx, rollupState, statedb, senderState, stakeState, stakeAddress } = context;
+    const newValidators = rollupState.validators.filter((x) => x.address !== tx.from);
+
+    const [newSenderState, newRollupState, newStakeState, evidenceState] = await Promise.all([
+      statedb.account.update(senderState.address, account.update(senderState, { nonce: tx.nonce }, context), context),
+
+      // persist new validators list
+      statedb.rollup.update(
+        rollupState.address,
+        rollup.update(rollupState, { validators: newValidators }, context),
+        context
+      ),
+
+      // unlock the stake from the validator
+      statedb.stake.update(stakeAddress, stake.update(stakeState, { revocable: true }, context), context),
+
+      // Create evidence state
+      statedb.evidence.create(
+        itx.evidence.hash,
+        evidence.create({ hash: itx.evidence.hash, data: 'rollup-leave' }, context),
+        context
+      ),
+    ]);
+
+    context.senderState = newSenderState;
+    context.rollupState = newRollupState;
+    context.stakeState = newStakeState;
+    context.evidenceState = evidenceState;
+
+    debug('leave-rollup', newValidators);
+
+    next();
+  },
+  { persistError: true }
+);
+
+module.exports = runner;

package/lib/protocols/rollup/migrate-contract.js

@@ -0,0 +1,53 @@
+const Error = require('@ocap/util/lib/error');
+const Joi = require('@arcblock/validator');
+const { Runner, pipes } = require('@ocap/tx-pipeline');
+const { account, rollup } = require('@ocap/state');
+
+const VerifySigners = require('./pipes/verify-signers');
+const EnsureValidator = require('./pipes/ensure-validator');
+
+const runner = new Runner();
+
+// 1. verify itx
+const schema = Joi.object({
+  rollup: Joi.DID().role('ROLE_ROLLUP').required(),
+  to: Joi.DID().wallet('ethereum').required(),
+  data: Joi.any().optional(),
+}).options({ stripUnknown: true, noDefaults: false });
+runner.use(({ itx }, next) => {
+  const { error } = schema.validate(itx);
+  return next(error ? new Error('INVALID_TX', `Invalid itx: ${error.message}`) : null);
+});
+
+// 2. verify rollup
+runner.use(pipes.ExtractState({ from: 'itx.rollup', to: 'rollupState', status: 'INVALID_ROLLUP', table: 'rollup' }));
+runner.use(EnsureValidator(true));
+
+// 3. verify tx signers and signatures
+runner.use(VerifySigners({ signersKey: 'tx.signaturesList', allowSender: true }));
+runner.use(pipes.VerifyMultiSigV2({ signersKey: 'signers' }));
+
+// 4. verify sender and signer states
+runner.use(pipes.ExtractState({ from: 'tx.from', to: 'senderState', status: 'INVALID_SENDER_STATE', table: 'account' })); // prettier-ignore
+runner.use(pipes.ExtractState({ from: 'signers', to: 'signerStates', status: 'INVALID_SIGNER_STATE', table: 'account' })); // prettier-ignore
+runner.use(pipes.VerifyAccountMigration({ signerKey: 'signerStates', senderKey: 'senderState' }));
+
+// 5. update rollup state
+runner.use(
+  async (context, next) => {
+    const { tx, itx, rollupState, statedb, senderState } = context;
+
+    const [newSenderState, newRollupState] = await Promise.all([
+      statedb.account.update(senderState.address, account.update(senderState, { nonce: tx.nonce }, context), context),
+      statedb.rollup.update(itx.rollup, rollup.migrate(rollupState, itx.to, context), context),
+    ]);
+
+    context.senderState = newSenderState;
+    context.rollupState = newRollupState;
+
+    next();
+  },
+  { persistError: true }
+);
+
+module.exports = runner;

package/lib/protocols/rollup/migrate-token.js

@@ -0,0 +1,66 @@
+const Error = require('@ocap/util/lib/error');
+const Joi = require('@arcblock/validator');
+const { Runner, pipes } = require('@ocap/tx-pipeline');
+const { account } = require('@ocap/state');
+
+const VerifySigners = require('./pipes/verify-signers');
+const EnsureValidator = require('./pipes/ensure-validator');
+
+const runner = new Runner();
+
+// 1. verify itx
+const schema = Joi.object({
+  rollup: Joi.DID().role('ROLE_ROLLUP').required(),
+  from: Joi.DID().wallet('ethereum').required(),
+  to: Joi.DID().wallet('ethereum').required(),
+  token: Joi.object({
+    address: Joi.DID().wallet('ethereum').required(),
+    value: Joi.BN().positive().required(),
+  }),
+  data: Joi.any().optional(),
+}).options({ stripUnknown: true, noDefaults: false });
+runner.use(({ itx }, next) => {
+  const { error } = schema.validate(itx);
+  return next(error ? new Error('INVALID_TX', `Invalid itx: ${error.message}`) : null);
+});
+
+// 2. verify rollup
+runner.use(pipes.ExtractState({ from: 'itx.rollup', to: 'rollupState', status: 'INVALID_ROLLUP', table: 'rollup' }));
+runner.use(EnsureValidator(true));
+runner.use(({ itx, rollupState }, next) => {
+  if (rollupState.migrateHistory.includes(itx.from) === false) {
+    return next(new Error('INVALID_MIGRATE_ATTEMPT', 'itx.from must exist in rollup migrate history'));
+  }
+  if (itx.to !== rollupState.contractAddress) {
+    return next(new Error('INVALID_MIGRATE_ATTEMPT', 'itx.to must equal to latest rollup contract address'));
+  }
+
+  return next();
+});
+
+// 3. verify tx signers and signatures
+runner.use(VerifySigners({ signersKey: 'tx.signaturesList', allowSender: true }));
+runner.use(pipes.VerifyMultiSigV2({ signersKey: 'signers' }));
+
+// 4. verify sender and signer states
+runner.use(pipes.ExtractState({ from: 'tx.from', to: 'senderState', status: 'INVALID_SENDER_STATE', table: 'account' })); // prettier-ignore
+runner.use(pipes.ExtractState({ from: 'signers', to: 'signerStates', status: 'INVALID_SIGNER_STATE', table: 'account' })); // prettier-ignore
+runner.use(pipes.VerifyAccountMigration({ signerKey: 'signerStates', senderKey: 'senderState' }));
+
+// 5. update state
+runner.use(
+  async (context, next) => {
+    const { tx, statedb, senderState } = context;
+
+    const [newSenderState] = await Promise.all([
+      statedb.account.update(senderState.address, account.update(senderState, { nonce: tx.nonce }, context), context),
+    ]);
+
+    context.senderState = newSenderState;
+
+    next();
+  },
+  { persistError: true }
+);
+
+module.exports = runner;

package/lib/protocols/rollup/pause.js

@@ -0,0 +1,52 @@
+const Error = require('@ocap/util/lib/error');
+const Joi = require('@arcblock/validator');
+const { Runner, pipes } = require('@ocap/tx-pipeline');
+const { account, rollup } = require('@ocap/state');
+
+const VerifySigners = require('./pipes/verify-signers');
+const EnsureValidator = require('./pipes/ensure-validator');
+
+const runner = new Runner();
+
+// 1. verify itx
+const schema = Joi.object({
+  rollup: Joi.DID().role('ROLE_ROLLUP').required(),
+  data: Joi.any().optional(),
+}).options({ stripUnknown: true, noDefaults: false });
+runner.use(({ itx }, next) => {
+  const { error } = schema.validate(itx);
+  return next(error ? new Error('INVALID_TX', `Invalid itx: ${error.message}`) : null);
+});
+
+// 2. verify rollup
+runner.use(pipes.ExtractState({ from: 'itx.rollup', to: 'rollupState', status: 'INVALID_ROLLUP', table: 'rollup' }));
+runner.use(EnsureValidator(true));
+
+// 3. verify tx signers and signatures
+runner.use(VerifySigners({ signersKey: 'tx.signaturesList', allowSender: true }));
+runner.use(pipes.VerifyMultiSigV2({ signersKey: 'signers' }));
+
+// 4. verify sender and signer states
+runner.use(pipes.ExtractState({ from: 'tx.from', to: 'senderState', status: 'INVALID_SENDER_STATE', table: 'account' })); // prettier-ignore
+runner.use(pipes.ExtractState({ from: 'signers', to: 'signerStates', status: 'INVALID_SIGNER_STATE', table: 'account' })); // prettier-ignore
+runner.use(pipes.VerifyAccountMigration({ signerKey: 'signerStates', senderKey: 'senderState' }));
+
+// 5. update rollup state
+runner.use(
+  async (context, next) => {
+    const { tx, itx, rollupState, statedb, senderState } = context;
+
+    const [newSenderState, newRollupState] = await Promise.all([
+      statedb.account.update(senderState.address, account.update(senderState, { nonce: tx.nonce }, context), context),
+      statedb.rollup.update(itx.rollup, rollup.pause(rollupState, context), context),
+    ]);
+
+    context.senderState = newSenderState;
+    context.rollupState = newRollupState;
+
+    next();
+  },
+  { persistError: true }
+);
+
+module.exports = runner;

package/lib/protocols/rollup/pipes/ensure-service-fee.js

@@ -0,0 +1,37 @@
+const Error = require('@ocap/util/lib/error');
+const { fromTokenToUnit, BN } = require('@ocap/util');
+
+const { applyTokenUpdates } = require('../../../util');
+
+module.exports = async (context, next) => {
+  const { config, statedb, txType, senderState } = context;
+  const txFee = config.transaction.txFee[txType];
+  const vaultState = await statedb.account.get(config.vaults.txFee, context);
+
+  if (!txFee) {
+    context.senderUpdates = {};
+    context.vaultUpdates = {};
+    context.vaultState = vaultState;
+    context.updatedAccounts = [];
+    return next();
+  }
+
+  const expected = fromTokenToUnit(txFee, config.token.decimal);
+  const actual = new BN(senderState.tokens[config.token.address] || 0);
+  if (actual.lt(expected)) {
+    return next(new Error('INSUFFICIENT_FUND', `Insufficient fund to pay for tx fee, expected ${txFee}`));
+  }
+
+  const tokenChange = { address: config.token.address, value: expected.toString(10) };
+
+  context.senderUpdates = applyTokenUpdates([tokenChange], senderState, 'sub');
+  context.vaultUpdates = applyTokenUpdates([tokenChange], vaultState, 'add');
+  context.vaultState = vaultState;
+
+  context.updatedAccounts = [
+    { address: senderState.address, token: config.token.address, delta: `-${tokenChange.value}`, action: 'fee' },
+    { address: vaultState.address, token: config.token.address, delta: tokenChange.value, action: 'fee' },
+  ];
+
+  return next();
+};

package/lib/protocols/rollup/pipes/ensure-validator.js

@@ -0,0 +1,10 @@
+module.exports = (isSeed) => async (context, next) => {
+  const { rollupState, tx } = context;
+
+  const validators = isSeed ? rollupState.seedValidators : rollupState.validators;
+  if (validators.some((x) => x.address === tx.from) === false) {
+    return next(new Error('INVALID_TX', 'Tx sender is not an expected validator'));
+  }
+
+  return next();
+};

package/lib/protocols/rollup/pipes/verify-evidence.js

@@ -0,0 +1,37 @@
+const get = require('lodash/get');
+const Error = require('@ocap/util/lib/error');
+const { toHex } = require('@ocap/util');
+const { toTypeInfo } = require('@arcblock/did');
+const { fromPublicKey } = require('@ocap/wallet');
+
+module.exports = function CreateVerifyEvidencePipe({ evidenceKey, signaturesKey, verifyMethod = 'verify' }) {
+  if (['verify', 'ethVerify'].includes(verifyMethod) === false) {
+    throw new Error(`Invalid verify method: ${verifyMethod}, supported methods are: verify, ethVerify`);
+  }
+
+  return (context, next) => {
+    const evidence = get(context, evidenceKey);
+    const signatures = get(context, signaturesKey);
+
+    for (const sig of signatures) {
+      const { signer, pk, delegator, signature } = sig;
+
+      // if delegator is empty, pk and signer shall be a pair
+      // if delegator is not empty, pk and delegator shall be a pair
+      const address = delegator || signer;
+      const wallet = fromPublicKey(pk, toTypeInfo(address));
+
+      try {
+        if (wallet[verifyMethod](toHex(evidence), toHex(signature)) === false) {
+          return next(new Error('INVALID_SIGNATURE', `Signature for evidence from ${address} is not valid`));
+        }
+      } catch (err) {
+        return next(
+          new Error('INVALID_SIGNATURE', `Signature for evidence from ${address} verify failed: ${err.message}`)
+        );
+      }
+    }
+
+    return next();
+  };
+};

package/lib/protocols/rollup/pipes/verify-paused.js

@@ -0,0 +1,10 @@
+const { pipes } = require('@ocap/tx-pipeline');
+
+module.exports = () =>
+  pipes.VerifyInfo([
+    {
+      error: 'INVALID_TX',
+      message: 'The rollup is paused',
+      fn: (context) => context.rollupState.paused === false,
+    },
+  ]);

package/lib/protocols/rollup/pipes/verify-signers.js

@@ -0,0 +1,88 @@
+const get = require('lodash/get');
+const Error = require('@ocap/util/lib/error');
+
+module.exports = function CreateVerifySignersPipe({ signersKey, allowSender = true, allowShrink = false }) {
+  return (context, next) => {
+    const { tx, rollupState } = context;
+    // eslint-disable-next-line prefer-const
+    let { minSignerCount, maxSignerCount } = rollupState;
+
+    const signatures = get(context, signersKey);
+    const signerCount = signatures.length;
+
+    const seedValidators = rollupState.seedValidators.map((x) => x.address);
+    const validators = rollupState.validators.map((x) => x.address);
+
+    // ensure singer blacklist
+    if (!allowSender && signatures.some((x) => x.signer === tx.from)) {
+      return next(new Error('INVALID_SIGNATURE', `Invalid: ${signersKey}, sender not allowed to sign`));
+    }
+
+    // ensure signer count
+    // If we have a large validators pool, we expect at least minSignerCount signers
+    if (validators.length > minSignerCount) {
+      if (signerCount < minSignerCount) {
+        return next(
+          new Error(
+            'INVALID_SIGNATURE',
+            `Invalid: ${signersKey}, expect at least ${minSignerCount} signatures, got ${signerCount}`
+          )
+        );
+      }
+      if (signerCount > maxSignerCount) {
+        return next(
+          new Error(
+            'INVALID_SIGNATURE',
+            `Invalid: ${signersKey}, Expect at most ${maxSignerCount} signatures, got ${signerCount}`
+          )
+        );
+      }
+    } else {
+      // If we have a small validators pool, eg, the minSignerCount is 3, and we have only 2 validator,
+      // We expect all validators to sign before we have enough validators
+      // But on some occasions, we need to shrink the signer requirement, such as a validator want to leave a small validator pool.
+      let actualValidatorCount = validators.length;
+      if (!allowSender && allowShrink) {
+        actualValidatorCount -= 1;
+      }
+
+      const expectedSignerCount = Math.min(actualValidatorCount, minSignerCount);
+
+      if (signerCount < expectedSignerCount) {
+        return next(
+          new Error(
+            'INVALID_SIGNATURE',
+            `Invalid ${signersKey}, all validators are expected to sign because we have less than ${expectedSignerCount} validators`
+          )
+        );
+      }
+    }
+
+    // ensure seed validators exist
+    const signers = signatures.map((x) => x.signer);
+    const missingSigner = seedValidators.find((x) => signers.includes(x) === false);
+    if (missingSigner) {
+      return next(
+        new Error(
+          'INVALID_SIGNATURE',
+          `Invalid: ${signersKey}, missing signature from seed validator: ${missingSigner}`
+        )
+      );
+    }
+
+    // ensure signers exist in validators
+    const invalidSigner = signers.find((x) => validators.includes(x) === false);
+    if (invalidSigner) {
+      return next(
+        new Error(
+          'INVALID_SIGNATURE',
+          `Invalid: ${signersKey}, signer ${invalidSigner} does not exist in validator whitelist`
+        )
+      );
+    }
+
+    context.signers = signers;
+
+    return next();
+  };
+};

package/lib/protocols/rollup/resume.js

@@ -0,0 +1,52 @@
+const Error = require('@ocap/util/lib/error');
+const Joi = require('@arcblock/validator');
+const { Runner, pipes } = require('@ocap/tx-pipeline');
+const { account, rollup } = require('@ocap/state');
+
+const VerifySigners = require('./pipes/verify-signers');
+const EnsureValidator = require('./pipes/ensure-validator');
+
+const runner = new Runner();
+
+// 1. verify itx
+const schema = Joi.object({
+  rollup: Joi.DID().role('ROLE_ROLLUP').required(),
+  data: Joi.any().optional(),
+}).options({ stripUnknown: true, noDefaults: false });
+runner.use(({ itx }, next) => {
+  const { error } = schema.validate(itx);
+  return next(error ? new Error('INVALID_TX', `Invalid itx: ${error.message}`) : null);
+});
+
+// 2. verify rollup
+runner.use(pipes.ExtractState({ from: 'itx.rollup', to: 'rollupState', status: 'INVALID_ROLLUP', table: 'rollup' }));
+runner.use(EnsureValidator(true));
+
+// 3. verify tx signers and signatures
+runner.use(VerifySigners({ signersKey: 'tx.signaturesList', allowSender: true }));
+runner.use(pipes.VerifyMultiSigV2({ signersKey: 'signers' }));
+
+// 4. verify sender and signer states
+runner.use(pipes.ExtractState({ from: 'tx.from', to: 'senderState', status: 'INVALID_SENDER_STATE', table: 'account' })); // prettier-ignore
+runner.use(pipes.ExtractState({ from: 'signers', to: 'signerStates', status: 'INVALID_SIGNER_STATE', table: 'account' })); // prettier-ignore
+runner.use(pipes.VerifyAccountMigration({ signerKey: 'signerStates', senderKey: 'senderState' }));
+
+// 5. update rollup state
+runner.use(
+  async (context, next) => {
+    const { tx, itx, rollupState, statedb, senderState } = context;
+
+    const [newSenderState, newRollupState] = await Promise.all([
+      statedb.account.update(senderState.address, account.update(senderState, { nonce: tx.nonce }, context), context),
+      statedb.rollup.update(itx.rollup, rollup.resume(rollupState, context), context),
+    ]);
+
+    context.senderState = newSenderState;
+    context.rollupState = newRollupState;
+
+    next();
+  },
+  { persistError: true }
+);
+
+module.exports = runner;

package/lib/protocols/rollup/update.js

@@ -0,0 +1,98 @@
+const Error = require('@ocap/util/lib/error');
+const Joi = require('@arcblock/validator');
+const { Runner, pipes } = require('@ocap/tx-pipeline');
+const { account, rollup } = require('@ocap/state');
+
+// eslint-disable-next-line global-require
+const debug = require('debug')(`${require('../../../package.json').name}:update-rollup`);
+
+const VerifySigners = require('./pipes/verify-signers');
+
+const { decodeAnySafe } = require('../../util');
+
+const runner = new Runner();
+
+// 1. verify itx: client must use previous rollup state to construct this itx
+const schema = Joi.object({
+  rollup: Joi.DID().role('ROLE_ROLLUP').required(),
+
+  minStakeAmount: Joi.BN().greater(0).required(),
+  maxStakeAmount: Joi.BN().greater(Joi.ref('minStakeAmount')).required(),
+
+  minSignerCount: Joi.number().integer().required(),
+  maxSignerCount: Joi.number().integer().min(1).max(8).greater(Joi.ref('minSignerCount')).required(),
+
+  minBlockSize: Joi.number().integer().min(1).required(),
+  maxBlockSize: Joi.number().integer().min(1).max(10).greater(Joi.ref('minBlockSize')).required(),
+
+  minBlockInterval: Joi.number().integer().min(1).max(60 * 60).required(), // prettier-ignore
+  minBlockConfirmation: Joi.number().integer().min(1).max(100).required(),
+
+  minDepositAmount: Joi.BN().positive().required(),
+  maxDepositAmount: Joi.BN().greater(Joi.ref('minDepositAmount')).required(),
+  minWithdrawAmount: Joi.BN().positive().required(),
+  maxWithdrawAmount: Joi.BN().greater(Joi.ref('minWithdrawAmount')).required(),
+
+  depositFeeRate: Joi.number().integer().min(1).max(10000).required(),
+  withdrawFeeRate: Joi.number().integer().min(1).max(10000).required(),
+  publisherFeeShare: Joi.number().integer().min(1).max(10000).required(),
+  minDepositFee: Joi.BN().positive().required(),
+  maxDepositFee: Joi.BN().greater(Joi.ref('minDepositFee')).required(),
+  minWithdrawFee: Joi.BN().positive().required(),
+  maxWithdrawFee: Joi.BN().greater(Joi.ref('minWithdrawFee')).required(),
+
+  data: Joi.any().optional(),
+}).options({ stripUnknown: true, noDefaults: false });
+runner.use(({ itx }, next) => {
+  const { error } = schema.validate(itx);
+  return next(error ? new Error('INVALID_TX', `Invalid itx: ${error.message}`) : null);
+});
+
+runner.use(
+  pipes.VerifyInfo([
+    {
+      error: 'INVALID_TX',
+      message: 'Sum of itx.proposerFeeShare and itx.publisherFeeShare must be less than 10000',
+      fn: ({ itx }) => itx.proposerFeeShare + itx.publisherFeeShare < 10000,
+    },
+  ])
+);
+
+// 2. verify rollup
+runner.use(pipes.ExtractState({ from: 'itx.rollup', to: 'rollupState', status: 'INVALID_ROLLUP', table: 'rollup' }));
+
+// 3. verify tx signers and signatures
+runner.use(VerifySigners({ signersKey: 'tx.signaturesList', allowSender: true }));
+runner.use(pipes.VerifyMultiSigV2({ signersKey: 'signers' }));
+
+// 4. verify sender and signer states
+runner.use(
+  pipes.ExtractState({ from: 'tx.from', to: 'senderState', status: 'INVALID_SENDER_STATE', table: 'account' })
+);
+runner.use(
+  pipes.ExtractState({ from: 'signers', to: 'signerStates', status: 'INVALID_SIGNER_STATE', table: 'account' })
+);
+runner.use(pipes.VerifyAccountMigration({ signerKey: 'signerStates', senderKey: 'senderState' }));
+
+// 5. update rollup state
+runner.use(
+  async (context, next) => {
+    const { tx, itx, rollupState, statedb, senderState } = context;
+    const data = decodeAnySafe(itx.data);
+
+    const [newSenderState, newRollupState] = await Promise.all([
+      statedb.account.update(senderState.address, account.update(senderState, { nonce: tx.nonce }, context), context),
+      statedb.rollup.update(itx.rollup, rollup.update(rollupState, { ...itx, data }, context), context),
+    ]);
+
+    context.senderState = newSenderState;
+    context.rollupState = newRollupState;
+
+    debug('update-rollup', newRollupState);
+
+    next();
+  },
+  { persistError: true }
+);
+
+module.exports = runner;