Added validation of moving funds proposal #757
Conversation
|
Solidity API documentation preview available in the artifacts of the https://github.com/keep-network/tbtc-v2/actions/runs/7193826152 check. |
tomaszslabon
force-pushed
the
update-proposal-validator
branch
from
ab82b17
to
3f23cc8
Compare
|
Solidity API documentation preview available in the artifacts of the https://github.com/keep-network/tbtc-v2/actions/runs/7194743765 check. |
tomaszslabon
force-pushed
the
update-proposal-validator
branch
from
3f23cc8
to
84f14df
Compare
|
Solidity API documentation preview available in the artifacts of the https://github.com/keep-network/tbtc-v2/actions/runs/7194802143 check. |
tomaszslabon
force-pushed
the
update-proposal-validator
branch
from
84f14df
to
e9ba726
Compare
|
Solidity API documentation preview available in the artifacts of the https://github.com/keep-network/tbtc-v2/actions/runs/7194942620 check. |
tomaszslabon
force-pushed
the
update-proposal-validator
branch
from
e9ba726
to
be99094
Compare
|
Solidity API documentation preview available in the artifacts of the https://github.com/keep-network/tbtc-v2/actions/runs/7195153227 check. |
tomaszslabon
force-pushed
the
update-proposal-validator
branch
from
be99094
to
f24e86f
Compare
|
Solidity API documentation preview available in the artifacts of the https://github.com/keep-network/tbtc-v2/actions/runs/7195290897 check. |
tomaszslabon
force-pushed
the
update-proposal-validator
branch
from
f24e86f
to
a07064c
Compare
|
Solidity API documentation preview available in the artifacts of the https://github.com/keep-network/tbtc-v2/actions/runs/7198643157 check. |
tomaszslabon
force-pushed
the
update-proposal-validator
branch
from
a07064c
to
ed761fd
Compare
|
Solidity API documentation preview available in the artifacts of the https://github.com/keep-network/tbtc-v2/actions/runs/7198688491 check. |
tomaszslabon
force-pushed
the
update-proposal-validator
branch
from
ed761fd
to
ff7cfc4
Compare
|
Solidity API documentation preview available in the artifacts of the https://github.com/keep-network/tbtc-v2/actions/runs/7208309734 check. |
tomaszslabon
force-pushed
the
update-proposal-validator
branch
from
ff7cfc4
to
5a021e8
Compare
|
Solidity API documentation preview available in the artifacts of the https://github.com/keep-network/tbtc-v2/actions/runs/7209811020 check. |
|
Solidity API documentation preview available in the artifacts of the https://github.com/keep-network/tbtc-v2/actions/runs/7210208652 check. |
tomaszslabon
force-pushed
the
update-proposal-validator
branch
from
dfc9e16
to
3a28bc5
Compare
|
Solidity API documentation preview available in the artifacts of the https://github.com/keep-network/tbtc-v2/actions/runs/7211457982 check. |
tomaszslabon
force-pushed
the
update-proposal-validator
branch
from
3a28bc5
to
6b58e86
Compare
|
Solidity API documentation preview available in the artifacts of the https://github.com/keep-network/tbtc-v2/actions/runs/7213310007 check. |
| /// zero, | ||
| /// - The proposed moving funds transaction fee must not exceed the | ||
| /// maximum total fee allowed for moving funds. | ||
| function validateMovingFundsProposal( |
There was a problem hiding this comment.
This function can be simplified as we can leverage the fact that on-chain commitment submission is also a kind of validation. Looks like it is enough that validateMovingFundsProposal makes sure that:
- The source wallet's state is
MovingFunds - The source wallet's commitment hash is submitted
- The target wallets from the
proposalmatch the submitted commitment hash (same wallets and same order) - The proposed fee is greater than zero
- The proposed fee does not exceed the maximum fee
In that model, the coordination leader responsible for generating a moving funds proposal can do the following:
- Gather all data necessary to assemble a moving funds proposal
- Submit the commitment (or check if it is already submitted). Before doing that, the leader can make sure the commitment can be submitted using a non-mutating call. This can avoid burning gas if the wallet's state does not allow for commitment submission.
- Wait for the commitment transaction to be mined
- Call
validateMovingFundsProposalto make sure the proposal is actually valid and can be safely broadcasted - Return the proposal
On the other hand, coordination followers receiving a moving funds proposal should:
- Call
validateMovingFundsProposalto make sure the proposal is actually submitted and valid - Wait several blocks to confirm proposal validity (32 blocks?). This is needed to avoid corner cases where the commitment is submitted but not included in the canonical chain due to a reorg and another front-running transaction that affects commitment validity.
- Call
validateMovingFundsProposalagain to ensure the commitment has not been changed during the idleness period - Assemble, sign, and broadcast moving funds transaction on Bitcoin
There was a problem hiding this comment.
Done in 3f7d6b3.
There was a problem hiding this comment.
Leaving it open for future reference!
|
Solidity API documentation preview available in the artifacts of the https://github.com/keep-network/tbtc-v2/actions/runs/7262967420 check. |
tomaszslabon
force-pushed
the
update-proposal-validator
branch
2 times, most recently
from
7a889db
to
937fbc7
Compare
|
Solidity API documentation preview available in the artifacts of the https://github.com/keep-network/tbtc-v2/actions/runs/7263544294 check. |
|
Solidity API documentation preview available in the artifacts of the https://github.com/keep-network/tbtc-v2/actions/runs/7263559875 check. |
tomaszslabon
force-pushed
the
update-proposal-validator
branch
from
937fbc7
to
3f7d6b3
Compare
|
Solidity API documentation preview available in the artifacts of the https://github.com/keep-network/tbtc-v2/actions/runs/7263642167 check. |
| /// zero, | ||
| /// - The proposed moving funds transaction fee must not exceed the | ||
| /// maximum total fee allowed for moving funds. | ||
| function validateMovingFundsProposal(MovingFundsProposal calldata proposal) |
There was a problem hiding this comment.
I think there is an additional thing that should be checked in this function. Namely:
require(
walletBtcBalance >= movingFundsDustThreshold,
"Wallet BTC balance must be equal or above the moving funds dust threshold"
);
This is because there is the notifyMovingFundsBelowDust path for wallets whose balance is below the dust. If we don't check that here, the following may happen:
- The leader submits a commitment
- The leader creates a proposal
- The leader validates the proposal using
validateMovingFundsProposal - The leader broadcasts the proposal
- Followers receive the proposal and validate it using
validateMovingFundsProposal - Followers start the action that leads to a BTC moving funds transaction
- A third party calls
notifyMovingFundsBelowDustthat moves the wallet to theClosingstate - Submitting the SPV through
submitMovingFundsProofis no longer possible as the wallet must be in theMovingFundsstate - A third party accuses the wallet of committing fraud. The wallet cannot defeat the challenge as the SPV proof cannot be submitted so the main UTXO was spent illegally
The leader will not broadcast the proposal if we add the aforementioned require to validateMovingFundsProposal. It can still submit the commitment (because that happens before proposal validation, see #757 (comment)) but that's not a problem. On the other hand, if a leader broadcasts the proposal regardless, the followers will reject it due to this require.
Please verify my understanding. We can merge this PR to not block it and add this check in a follow-up if you find the above scenario correct.
There was a problem hiding this comment.
Done in db47dbb.
This check indeed seems to be necessary.
|
Solidity API documentation preview available in the artifacts of the https://github.com/keep-network/tbtc-v2/actions/runs/7290592585 check. |
Refs: keep-network/keep-core#3733 This PR is a follow-up to #757. The following checks were added: - source wallet must be positive, - source wallet BTC balance must be equal to or greater than the `movingFundsDustThreshold` parameter.
#Refs: keep-network/keep-core#3733. #Depends on: #757. This PR adds moved funds sweep proposal validation to the wallet proposal validator smart contract.
#Refs: keep-network/keep-core#3733.
This PR adds moving funds proposal validation to the wallet proposal validator smart contract.
The validation performs several checks: