mirror of
https://github.com/serai-dex/serai.git
synced 2024-10-30 00:47:43 +00:00
0f0db14f05
* Clean up Ethereum * Consistent contract address for deployed contracts * Flesh out Router a bit * Add a Deployer for DoS-less deployment * Implement Router-finding * Use CREATE2 helper present in ethers * Move from CREATE2 to CREATE Bit more streamlined for our use case. * Document ethereum-serai * Tidy tests a bit * Test updateSeraiKey * Use encodePacked for updateSeraiKey * Take in the block hash to read state during * Add a Sandbox contract to the Ethereum integration * Add retrieval of transfers from Ethereum * Add inInstruction function to the Router * Augment our handling of InInstructions events with a check the transfer event also exists * Have the Deployer error upon failed deployments * Add --via-ir * Make get_transaction test-only We only used it to get transactions to confirm the resolution of Eventualities. Eventualities need to be modularized. By introducing the dedicated confirm_completion function, we remove the need for a non-test get_transaction AND begin this modularization (by no longer explicitly grabbing a transaction to check with). * Modularize Eventuality Almost fully-deprecates the Transaction trait for Completion. Replaces Transaction ID with Claim. * Modularize the Scheduler behind a trait * Add an extremely basic account Scheduler * Add nonce uses, key rotation to the account scheduler * Only report the account Scheduler empty after transferring keys Also ban payments to the branch/change/forward addresses. * Make fns reliant on state test-only * Start of an Ethereum integration for the processor * Add a session to the Router to prevent updateSeraiKey replaying This would only happen if an old key was rotated to again, which would require n-of-n collusion (already ridiculous and a valid fault attributable event). It just clarifies the formal arguments. * Add a RouterCommand + SignMachine for producing it to coins/ethereum * Ethereum which compiles * Have branch/change/forward return an option Also defines a UtxoNetwork extension trait for MAX_INPUTS. * Make external_address exclusively a test fn * Move the "account" scheduler to "smart contract" * Remove ABI artifact * Move refund/forward Plan creation into the Processor We create forward Plans in the scan path, and need to know their exact fees in the scan path. This requires adding a somewhat wonky shim_forward_plan method so we can obtain a Plan equivalent to the actual forward Plan for fee reasons, yet don't expect it to be the actual forward Plan (which may be distinct if the Plan pulls from the global state, such as with a nonce). Also properly types a Scheduler addendum such that the SC scheduler isn't cramming the nonce to use into the N::Output type. * Flesh out the Ethereum integration more * Two commits ago, into the **Scheduler, not Processor * Remove misc TODOs in SC Scheduler * Add constructor to RouterCommandMachine * RouterCommand read, pairing with the prior added write * Further add serialization methods * Have the Router's key included with the InInstruction This does not use the key at the time of the event. This uses the key at the end of the block for the event. Its much simpler than getting the full event streams for each, checking when they interlace. This does not read the state. Every block, this makes a request for every single key update and simply chooses the last one. This allows pruning state, only keeping the event tree. Ideally, we'd also introduce a cache to reduce the cost of the filter (small in events yielded, long in blocks searched). Since Serai doesn't have any forwarding TXs, nor Branches, nor change, all of our Plans should solely have payments out, and there's no expectation of a Plan being made under one key broken by it being received by another key. * Add read/write to InInstruction * Abstract the ABI for Call/OutInstruction in ethereum-serai * Fill out signable_transaction for Ethereum * Move ethereum-serai to alloy Resolves #331. * Use the opaque sol macro instead of generated files * Move the processor over to the now-alloy-based ethereum-serai * Use the ecrecover provided by alloy * Have the SC use nonce for rotation, not session (an independent nonce which wasn't synchronized) * Always use the latest keys for SC scheduled plans * get_eventuality_completions for Ethereum * Finish fleshing out the processor Ethereum integration as needed for serai-processor tests This doesn't not support any actual deployments, not even the ones simulated by serai-processor-docker-tests. * Add alloy-simple-request-transport to the GH workflows * cargo update * Clarify a few comments and make one check more robust * Use a string for 27.0 in .github * Remove optional from no-longer-optional dependencies in processor * Add alloy to git deny exception * Fix no longer optional specification in processor's binaries feature * Use a version of foundry from 2024 * Correct fetching Bitcoin TXs in the processor docker tests * Update rustls to resolve RUSTSEC warnings * Use the monthly nightly foundry, not the deleted daily nightly
222 lines
6.5 KiB
Solidity
222 lines
6.5 KiB
Solidity
// SPDX-License-Identifier: AGPLv3
|
|
pragma solidity ^0.8.0;
|
|
|
|
import "./IERC20.sol";
|
|
|
|
import "./Schnorr.sol";
|
|
import "./Sandbox.sol";
|
|
|
|
contract Router {
|
|
// Nonce is incremented for each batch of transactions executed/key update
|
|
uint256 public nonce;
|
|
|
|
// Current public key's x-coordinate
|
|
// This key must always have the parity defined within the Schnorr contract
|
|
bytes32 public seraiKey;
|
|
|
|
struct OutInstruction {
|
|
address to;
|
|
Call[] calls;
|
|
|
|
uint256 value;
|
|
}
|
|
|
|
struct Signature {
|
|
bytes32 c;
|
|
bytes32 s;
|
|
}
|
|
|
|
event SeraiKeyUpdated(
|
|
uint256 indexed nonce,
|
|
bytes32 indexed key,
|
|
Signature signature
|
|
);
|
|
event InInstruction(
|
|
address indexed from,
|
|
address indexed coin,
|
|
uint256 amount,
|
|
bytes instruction
|
|
);
|
|
// success is a uint256 representing a bitfield of transaction successes
|
|
event Executed(
|
|
uint256 indexed nonce,
|
|
bytes32 indexed batch,
|
|
uint256 success,
|
|
Signature signature
|
|
);
|
|
|
|
// error types
|
|
error InvalidKey();
|
|
error InvalidSignature();
|
|
error InvalidAmount();
|
|
error FailedTransfer();
|
|
error TooManyTransactions();
|
|
|
|
modifier _updateSeraiKeyAtEndOfFn(
|
|
uint256 _nonce,
|
|
bytes32 key,
|
|
Signature memory sig
|
|
) {
|
|
if (
|
|
(key == bytes32(0)) ||
|
|
((bytes32(uint256(key) % Schnorr.Q)) != key)
|
|
) {
|
|
revert InvalidKey();
|
|
}
|
|
|
|
_;
|
|
|
|
seraiKey = key;
|
|
emit SeraiKeyUpdated(_nonce, key, sig);
|
|
}
|
|
|
|
constructor(bytes32 _seraiKey) _updateSeraiKeyAtEndOfFn(
|
|
0,
|
|
_seraiKey,
|
|
Signature({ c: bytes32(0), s: bytes32(0) })
|
|
) {
|
|
nonce = 1;
|
|
}
|
|
|
|
// updateSeraiKey validates the given Schnorr signature against the current
|
|
// public key, and if successful, updates the contract's public key to the
|
|
// given one.
|
|
function updateSeraiKey(
|
|
bytes32 _seraiKey,
|
|
Signature calldata sig
|
|
) external _updateSeraiKeyAtEndOfFn(nonce, _seraiKey, sig) {
|
|
bytes memory message =
|
|
abi.encodePacked("updateSeraiKey", block.chainid, nonce, _seraiKey);
|
|
nonce++;
|
|
|
|
if (!Schnorr.verify(seraiKey, message, sig.c, sig.s)) {
|
|
revert InvalidSignature();
|
|
}
|
|
}
|
|
|
|
function inInstruction(
|
|
address coin,
|
|
uint256 amount,
|
|
bytes memory instruction
|
|
) external payable {
|
|
if (coin == address(0)) {
|
|
if (amount != msg.value) {
|
|
revert InvalidAmount();
|
|
}
|
|
} else {
|
|
(bool success, bytes memory res) =
|
|
address(coin).call(
|
|
abi.encodeWithSelector(
|
|
IERC20.transferFrom.selector,
|
|
msg.sender,
|
|
address(this),
|
|
amount
|
|
)
|
|
);
|
|
|
|
// Require there was nothing returned, which is done by some non-standard
|
|
// tokens, or that the ERC20 contract did in fact return true
|
|
bool nonStandardResOrTrue =
|
|
(res.length == 0) || abi.decode(res, (bool));
|
|
if (!(success && nonStandardResOrTrue)) {
|
|
revert FailedTransfer();
|
|
}
|
|
}
|
|
|
|
/*
|
|
Due to fee-on-transfer tokens, emitting the amount directly is frowned upon.
|
|
The amount instructed to transfer may not actually be the amount
|
|
transferred.
|
|
|
|
If we add nonReentrant to every single function which can effect the
|
|
balance, we can check the amount exactly matches. This prevents transfers of
|
|
less value than expected occurring, at least, not without an additional
|
|
transfer to top up the difference (which isn't routed through this contract
|
|
and accordingly isn't trying to artificially create events).
|
|
|
|
If we don't add nonReentrant, a transfer can be started, and then a new
|
|
transfer for the difference can follow it up (again and again until a
|
|
rounding error is reached). This contract would believe all transfers were
|
|
done in full, despite each only being done in part (except for the last
|
|
one).
|
|
|
|
Given fee-on-transfer tokens aren't intended to be supported, the only
|
|
token planned to be supported is Dai and it doesn't have any fee-on-transfer
|
|
logic, fee-on-transfer tokens aren't even able to be supported at this time,
|
|
we simply classify this entire class of tokens as non-standard
|
|
implementations which induce undefined behavior. It is the Serai network's
|
|
role not to add support for any non-standard implementations.
|
|
*/
|
|
emit InInstruction(msg.sender, coin, amount, instruction);
|
|
}
|
|
|
|
// execute accepts a list of transactions to execute as well as a signature.
|
|
// if signature verification passes, the given transactions are executed.
|
|
// if signature verification fails, this function will revert.
|
|
function execute(
|
|
OutInstruction[] calldata transactions,
|
|
Signature calldata sig
|
|
) external {
|
|
if (transactions.length > 256) {
|
|
revert TooManyTransactions();
|
|
}
|
|
|
|
bytes memory message =
|
|
abi.encode("execute", block.chainid, nonce, transactions);
|
|
uint256 executed_with_nonce = nonce;
|
|
// This prevents re-entrancy from causing double spends yet does allow
|
|
// out-of-order execution via re-entrancy
|
|
nonce++;
|
|
|
|
if (!Schnorr.verify(seraiKey, message, sig.c, sig.s)) {
|
|
revert InvalidSignature();
|
|
}
|
|
|
|
uint256 successes;
|
|
for (uint256 i = 0; i < transactions.length; i++) {
|
|
bool success;
|
|
|
|
// If there are no calls, send to `to` the value
|
|
if (transactions[i].calls.length == 0) {
|
|
(success, ) = transactions[i].to.call{
|
|
value: transactions[i].value,
|
|
gas: 5_000
|
|
}("");
|
|
} else {
|
|
// If there are calls, ignore `to`. Deploy a new Sandbox and proxy the
|
|
// calls through that
|
|
//
|
|
// We could use a single sandbox in order to reduce gas costs, yet that
|
|
// risks one person creating an approval that's hooked before another
|
|
// user's intended action executes, in order to drain their coins
|
|
//
|
|
// While technically, that would be a flaw in the sandboxed flow, this
|
|
// is robust and prevents such flaws from being possible
|
|
//
|
|
// We also don't want people to set state via the Sandbox and expect it
|
|
// future available when anyone else could set a distinct value
|
|
Sandbox sandbox = new Sandbox();
|
|
(success, ) = address(sandbox).call{
|
|
value: transactions[i].value,
|
|
// TODO: Have the Call specify the gas up front
|
|
gas: 350_000
|
|
}(
|
|
abi.encodeWithSelector(
|
|
Sandbox.sandbox.selector,
|
|
transactions[i].calls
|
|
)
|
|
);
|
|
}
|
|
|
|
assembly {
|
|
successes := or(successes, shl(i, success))
|
|
}
|
|
}
|
|
emit Executed(
|
|
executed_with_nonce,
|
|
keccak256(message),
|
|
successes,
|
|
sig
|
|
);
|
|
}
|
|
}
|