Transaction Hash:
Block:
21942921 at Feb-28-2025 06:01:47 AM +UTC
Transaction Fee:
0.000261578207270504 ETH
$0.59
Gas Used:
119,762 Gas / 2.184150292 Gwei
Emitted Events:
| 320 |
ERC20Peg.Withdraw( 0x3f6cef07ca3a485cc18a4956a406d46cf8228d7d, tokenType=0x00000000...000000000, amount=2000000000000000 )
|
Account State Difference:
| Address | Before | After | State Difference | ||
|---|---|---|---|---|---|
|
0x1f9090aa...8e676c326
Miner
| 4.806852164732892177 Eth | 4.806907063862796883 Eth | 0.000054899129904706 | ||
| 0x3F6cEf07...Cf8228d7d | 0.007687422340151223 Eth | 0.009687422340151223 Eth | 0.002 | ||
| 0x76BAc85e...26C4c6E32 | 42.263915379478914384 Eth | 42.261915379478914384 Eth | 0.002 | ||
| 0x7F2e7E7c...4c598816F |
5.100484738306292021 Eth
Nonce: 726
|
5.099223160099021517 Eth
Nonce: 727
| 0.001261578207270504 | ||
| 0xf7997B93...ce7a53930 | 0.007 Eth | 0.008 Eth | 0.001 |
Execution Trace
ETH 0.001
ERC20Peg.withdraw( )
ETH 0.001
CENNZnetBridge.verifyMessage( )-
Null: 0x000...001.155cd343( ) -
Null: 0x000...001.155cd343( ) -
Null: 0x000...001.155cd343( ) -
Null: 0x000...001.155cd343( )
-
- ETH 0.002
0x3f6cef07ca3a485cc18a4956a406d46cf8228d7d.CALL( )
withdraw[ERC20Peg (ln:51)]
encode[ERC20Peg (ln:53)]verifyMessage[ERC20Peg (ln:54)]call[ERC20Peg (ln:56)]safeTransfer[ERC20Peg (ln:59)]_callOptionalReturn[SafeERC20 (ln:529)]functionCall[SafeERC20 (ln:590)]decode[SafeERC20 (ln:593)]
encodeWithSelector[SafeERC20 (ln:529)]
Withdraw[ERC20Peg (ln:61)]
File 1 of 2: ERC20Peg
File 2 of 2: CENNZnetBridge
// SPDX-License-Identifier: Apache-2.0
pragma solidity ^0.8.0;
import "./CENNZnetBridge.sol";
import "@openzeppelin/contracts/access/Ownable.sol";
import "@openzeppelin/contracts/utils/math/SafeMath.sol";
import "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
// Provides an Eth/ERC20/GA CENNZnet peg
// - depositing: lock Eth/ERC20 tokens to redeem CENNZnet "generic asset" 1:1
// - withdrawing: burn or lock GAs to redeem Eth/ERC20 tokens 1:1
contract ERC20Peg is Ownable {
using SafeMath for uint256;
// whether the peg is accepting deposits
bool public depositsActive;
// whether CENNZ deposists are on
bool public cennzDepositsActive;
// whether the peg is accepting withdrawals
bool public withdrawalsActive;
// CENNZnet bridge contract address
CENNZnetBridge public bridge;
// Reserved address for native Eth deposits/withdraw
address constant public ETH_RESERVED_TOKEN_ADDRESS = address(0);
// CENNZ ERC20 contract address
address constant public CENNZ_TOKEN_ADDRESS = 0x1122B6a0E00DCe0563082b6e2953f3A943855c1F;
constructor(address _bridge) {
bridge = CENNZnetBridge(_bridge);
}
event Endow(uint256 amount);
event Deposit(address indexed, address tokenType, uint256 amount, bytes32 cennznetAddress);
event Withdraw(address indexed, address tokenType, uint256 amount);
// Deposit amount of tokenType the pegged version of the token will be claim-able on CENNZnet.
// tokenType '0' is reserved for native Eth
function deposit(address tokenType, uint256 amount, bytes32 cennznetAddress) payable external {
require(depositsActive, "deposits paused");
require(cennznetAddress != bytes32(0), "invalid CENNZnet address");
if (tokenType == ETH_RESERVED_TOKEN_ADDRESS) {
require(msg.value == amount, "incorrect deposit amount");
} else {
// CENNZ deposits will require a vote to activate
if (tokenType == CENNZ_TOKEN_ADDRESS) {
require(cennzDepositsActive, "cennz deposits paused");
}
SafeERC20.safeTransferFrom(IERC20(tokenType), msg.sender, address(this), amount);
}
emit Deposit(msg.sender, tokenType, amount, cennznetAddress);
}
// Withdraw tokens from this contract
// tokenType '0' is reserved for native Eth
// Requires signatures from a threshold of current CENNZnet validators
// v,r,s are sparse arrays expected to align w public key in 'validators'
// i.e. v[i], r[i], s[i] matches the i-th validator[i]
function withdraw(address tokenType, uint256 amount, address recipient, CENNZnetEventProof calldata proof) payable external {
require(withdrawalsActive, "withdrawals paused");
bytes memory message = abi.encode(tokenType, amount, recipient, proof.validatorSetId, proof.eventId);
bridge.verifyMessage{ value: msg.value }(message, proof);
if (tokenType == ETH_RESERVED_TOKEN_ADDRESS) {
(bool sent, ) = recipient.call{value: amount}("");
require(sent, "Failed to send Ether");
} else {
SafeERC20.safeTransfer(IERC20(tokenType), recipient, amount);
}
emit Withdraw(recipient, tokenType, amount);
}
function endow() external onlyOwner payable {
require(msg.value > 0, "must endow nonzero");
emit Endow(msg.value);
}
function activateCENNZDeposits() external onlyOwner {
cennzDepositsActive = true;
}
function activateDeposits() external onlyOwner {
depositsActive = true;
}
function pauseDeposits() external onlyOwner {
depositsActive = false;
}
function activateWithdrawals() external onlyOwner {
withdrawalsActive = true;
}
function pauseWithdrawals() external onlyOwner {
withdrawalsActive = false;
}
}
// SPDX-License-Identifier: Apache-2.0
pragma solidity ^0.8.0;
import "@openzeppelin/contracts/utils/math/Math.sol";
import "@openzeppelin/contracts/access/Ownable.sol";
// Proof of a witnessed event by CENNZnet validators
struct CENNZnetEventProof {
// The Id (nonce) of the event
uint256 eventId;
// The validator set Id which witnessed the event
uint32 validatorSetId;
// v,r,s are sparse arrays expected to align w public key in 'validators'
// i.e. v[i], r[i], s[i] matches the i-th validator[i]
// v part of validator signatures
uint8[] v;
// r part of validator signatures
bytes32[] r;
// s part of validator signatures
bytes32[] s;
// The validator addresses
address[] validators;
}
// Provides methods for verifying messages from the CENNZnet validator set
contract CENNZnetBridge is Ownable {
// map from validator set nonce to keccak256 digest of validator ECDSA addresses (i.e bridge session keys)
// these should be encoded in sorted order matching `pallet_session::Module<T>::validators()` to create the digest
// signatures from a threshold of these addresses are considered approved by the CENNZnet protocol
mapping(uint => bytes32) public validatorSetDigests;
// Nonce for validator set changes
uint32 public activeValidatorSetId;
// Message nonces.
// CENNZnet will only validate one message per nonce.
// Claiming out of order is ok.
mapping(uint => bool) public eventIds;
// Fee for CENNZnet message verification
// Offsets bridge upkeep costs i.e updating the validator set
uint public verificationFee = 1e15;
// Acceptance threshold in %
uint public thresholdPercent = 60;
// Number of eras before a bridge message will be considered expired
uint public proofTTL = 3;
// Whether the bridge is active or not
bool public active = true;
// Max reward paid out to successful caller of `setValidator`
uint public maxRewardPayout = 1e18;
event SetValidators(bytes32 validatorSetDigest, uint reward, uint32 validatorSetId);
// Verify a message was authorised by CENNZnet validators.
// Callable by anyone.
// Caller must provide `verificationFee`.
// Requires signatures from a threshold CENNZnet validators at proof.validatorSetId.
// Requires proof is not older than `proofTTL` eras
// Halts on failure
//
// Parameters:
// - message: the unhashed message data packed wide w validatorSetId & eventId e.g. `abi.encode(arg0, arg2, validatorSetId, eventId);`
// - proof: Signed witness material generated by CENNZnet proving 'message'
function verifyMessage(bytes calldata message, CENNZnetEventProof calldata proof) payable external {
require(active, "bridge inactive");
uint256 eventId = proof.eventId;
require(!eventIds[eventId], "eventId replayed");
require(msg.value >= verificationFee || msg.sender == address(this), "must supply verification fee");
uint32 validatorSetId = proof.validatorSetId;
require(validatorSetId <= activeValidatorSetId, "future validator set");
require(activeValidatorSetId - validatorSetId <= proofTTL, "expired proof");
address[] memory _validators = proof.validators;
// audit item #1
require(_validators.length > 0, "invalid validator set");
require(keccak256(abi.encode(_validators)) == validatorSetDigests[validatorSetId], "unexpected validator digest");
bytes32 digest = keccak256(message);
uint acceptanceTreshold = (_validators.length * thresholdPercent / 100);
uint witnessCount;
bytes32 ommited;
for (uint i; i < _validators.length; i++) {
// check signature omitted == bytes32(0)
if(proof.r[i] != ommited) {
// check signature
require(_validators[i] == ecrecover(digest, proof.v[i], proof.r[i], proof.s[i]), "signature invalid");
witnessCount += 1;
// have we got proven consensus?
if(witnessCount >= acceptanceTreshold) {
break;
}
}
}
require(witnessCount >= acceptanceTreshold, "not enough signatures");
eventIds[eventId] = true;
}
// Update the known CENNZnet validator set
//
// Requires signatures from a threshold of current CENNZnet validators
// v,r,s are sparse arrays expected to align w addresses / public key in 'validators'
// i.e. v[i], r[i], s[i] matches the i-th validator[i]
function setValidators(
address[] calldata newValidators,
uint32 newValidatorSetId,
CENNZnetEventProof calldata proof
) external payable {
require(newValidators.length > 0, "empty validator set");
require(newValidatorSetId > activeValidatorSetId , "validator set id replayed");
bytes memory message = abi.encode(newValidators, newValidatorSetId, proof.validatorSetId, proof.eventId);
this.verifyMessage(message, proof);
// update set digest and active id
bytes32 validatorSetDigest = keccak256(abi.encode(newValidators));
validatorSetDigests[newValidatorSetId] = validatorSetDigest;
activeValidatorSetId = newValidatorSetId;
// return accumulated fees to the sender as a reward, capped at `maxRewardPayout`
uint reward = Math.min(address(this).balance, maxRewardPayout);
(bool sent, ) = msg.sender.call{value: reward}("");
require(sent, "Failed to send Ether");
emit SetValidators(validatorSetDigest, reward, newValidatorSetId);
}
// Admin functions
// force set the active CENNZnet validator set
function forceActiveValidatorSet(address[] calldata _validators, uint32 validatorSetId) external onlyOwner {
require(_validators.length > 0, "empty validator set");
require(validatorSetId >= activeValidatorSetId, "set is historic");
validatorSetDigests[validatorSetId] = keccak256(abi.encode(_validators));
activeValidatorSetId = validatorSetId;
}
// Force set a historic CENNZnet validator set
// Sets older than proofTTL are not modifiable (since they cannot produce valid proofs any longer)
function forceHistoricValidatorSet(address[] calldata _validators, uint32 validatorSetId) external onlyOwner {
require(_validators.length > 0, "empty validator set");
require(validatorSetId + proofTTL > activeValidatorSetId, "set is inactive");
validatorSetDigests[validatorSetId] = keccak256(abi.encode(_validators));
}
// Set the TTL for historic validator set proofs
function setProofTTL(uint newTTL) external onlyOwner {
proofTTL = newTTL;
}
// Set the max reward payout for `setValidator` incentive
function setMaxRewardPayout(uint newMaxRewardPayout) external onlyOwner {
maxRewardPayout = newMaxRewardPayout;
}
// Set the fee for verify messages
function setVerificationFee(uint newFee) external onlyOwner {
verificationFee = newFee;
}
// Set the threshold % required for proof verification
function setThreshold(uint newThresholdPercent) external onlyOwner {
require(newThresholdPercent <= 100, "percent must be <= 100");
thresholdPercent = newThresholdPercent;
}
// Activate/deactivate the bridge
function setActive(bool active_) external onlyOwner {
active = active_;
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (access/Ownable.sol)
pragma solidity ^0.8.0;
import "../utils/Context.sol";
/**
* @dev Contract module which provides a basic access control mechanism, where
* there is an account (an owner) that can be granted exclusive access to
* specific functions.
*
* By default, the owner account will be the one that deploys the contract. This
* can later be changed with {transferOwnership}.
*
* This module is used through inheritance. It will make available the modifier
* `onlyOwner`, which can be applied to your functions to restrict their use to
* the owner.
*/
abstract contract Ownable is Context {
address private _owner;
event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
/**
* @dev Initializes the contract setting the deployer as the initial owner.
*/
constructor() {
_transferOwnership(_msgSender());
}
/**
* @dev Returns the address of the current owner.
*/
function owner() public view virtual returns (address) {
return _owner;
}
/**
* @dev Throws if called by any account other than the owner.
*/
modifier onlyOwner() {
require(owner() == _msgSender(), "Ownable: caller is not the owner");
_;
}
/**
* @dev Leaves the contract without owner. It will not be possible to call
* `onlyOwner` functions anymore. Can only be called by the current owner.
*
* NOTE: Renouncing ownership will leave the contract without an owner,
* thereby removing any functionality that is only available to the owner.
*/
function renounceOwnership() public virtual onlyOwner {
_transferOwnership(address(0));
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Can only be called by the current owner.
*/
function transferOwnership(address newOwner) public virtual onlyOwner {
require(newOwner != address(0), "Ownable: new owner is the zero address");
_transferOwnership(newOwner);
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Internal function without access restriction.
*/
function _transferOwnership(address newOwner) internal virtual {
address oldOwner = _owner;
_owner = newOwner;
emit OwnershipTransferred(oldOwner, newOwner);
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/math/SafeMath.sol)
pragma solidity ^0.8.0;
// CAUTION
// This version of SafeMath should only be used with Solidity 0.8 or later,
// because it relies on the compiler's built in overflow checks.
/**
* @dev Wrappers over Solidity's arithmetic operations.
*
* NOTE: `SafeMath` is generally not needed starting with Solidity 0.8, since the compiler
* now has built in overflow checking.
*/
library SafeMath {
/**
* @dev Returns the addition of two unsigned integers, with an overflow flag.
*
* _Available since v3.4._
*/
function tryAdd(uint256 a, uint256 b) internal pure returns (bool, uint256) {
unchecked {
uint256 c = a + b;
if (c < a) return (false, 0);
return (true, c);
}
}
/**
* @dev Returns the substraction of two unsigned integers, with an overflow flag.
*
* _Available since v3.4._
*/
function trySub(uint256 a, uint256 b) internal pure returns (bool, uint256) {
unchecked {
if (b > a) return (false, 0);
return (true, a - b);
}
}
/**
* @dev Returns the multiplication of two unsigned integers, with an overflow flag.
*
* _Available since v3.4._
*/
function tryMul(uint256 a, uint256 b) internal pure returns (bool, uint256) {
unchecked {
// Gas optimization: this is cheaper than requiring 'a' not being zero, but the
// benefit is lost if 'b' is also tested.
// See: https://github.com/OpenZeppelin/openzeppelin-contracts/pull/522
if (a == 0) return (true, 0);
uint256 c = a * b;
if (c / a != b) return (false, 0);
return (true, c);
}
}
/**
* @dev Returns the division of two unsigned integers, with a division by zero flag.
*
* _Available since v3.4._
*/
function tryDiv(uint256 a, uint256 b) internal pure returns (bool, uint256) {
unchecked {
if (b == 0) return (false, 0);
return (true, a / b);
}
}
/**
* @dev Returns the remainder of dividing two unsigned integers, with a division by zero flag.
*
* _Available since v3.4._
*/
function tryMod(uint256 a, uint256 b) internal pure returns (bool, uint256) {
unchecked {
if (b == 0) return (false, 0);
return (true, a % b);
}
}
/**
* @dev Returns the addition of two unsigned integers, reverting on
* overflow.
*
* Counterpart to Solidity's `+` operator.
*
* Requirements:
*
* - Addition cannot overflow.
*/
function add(uint256 a, uint256 b) internal pure returns (uint256) {
return a + b;
}
/**
* @dev Returns the subtraction of two unsigned integers, reverting on
* overflow (when the result is negative).
*
* Counterpart to Solidity's `-` operator.
*
* Requirements:
*
* - Subtraction cannot overflow.
*/
function sub(uint256 a, uint256 b) internal pure returns (uint256) {
return a - b;
}
/**
* @dev Returns the multiplication of two unsigned integers, reverting on
* overflow.
*
* Counterpart to Solidity's `*` operator.
*
* Requirements:
*
* - Multiplication cannot overflow.
*/
function mul(uint256 a, uint256 b) internal pure returns (uint256) {
return a * b;
}
/**
* @dev Returns the integer division of two unsigned integers, reverting on
* division by zero. The result is rounded towards zero.
*
* Counterpart to Solidity's `/` operator.
*
* Requirements:
*
* - The divisor cannot be zero.
*/
function div(uint256 a, uint256 b) internal pure returns (uint256) {
return a / b;
}
/**
* @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),
* reverting when dividing by zero.
*
* Counterpart to Solidity's `%` operator. This function uses a `revert`
* opcode (which leaves remaining gas untouched) while Solidity uses an
* invalid opcode to revert (consuming all remaining gas).
*
* Requirements:
*
* - The divisor cannot be zero.
*/
function mod(uint256 a, uint256 b) internal pure returns (uint256) {
return a % b;
}
/**
* @dev Returns the subtraction of two unsigned integers, reverting with custom message on
* overflow (when the result is negative).
*
* CAUTION: This function is deprecated because it requires allocating memory for the error
* message unnecessarily. For custom revert reasons use {trySub}.
*
* Counterpart to Solidity's `-` operator.
*
* Requirements:
*
* - Subtraction cannot overflow.
*/
function sub(
uint256 a,
uint256 b,
string memory errorMessage
) internal pure returns (uint256) {
unchecked {
require(b <= a, errorMessage);
return a - b;
}
}
/**
* @dev Returns the integer division of two unsigned integers, reverting with custom message on
* division by zero. The result is rounded towards zero.
*
* Counterpart to Solidity's `/` operator. Note: this function uses a
* `revert` opcode (which leaves remaining gas untouched) while Solidity
* uses an invalid opcode to revert (consuming all remaining gas).
*
* Requirements:
*
* - The divisor cannot be zero.
*/
function div(
uint256 a,
uint256 b,
string memory errorMessage
) internal pure returns (uint256) {
unchecked {
require(b > 0, errorMessage);
return a / b;
}
}
/**
* @dev Returns the remainder of dividing two unsigned integers. (unsigned integer modulo),
* reverting with custom message when dividing by zero.
*
* CAUTION: This function is deprecated because it requires allocating memory for the error
* message unnecessarily. For custom revert reasons use {tryMod}.
*
* Counterpart to Solidity's `%` operator. This function uses a `revert`
* opcode (which leaves remaining gas untouched) while Solidity uses an
* invalid opcode to revert (consuming all remaining gas).
*
* Requirements:
*
* - The divisor cannot be zero.
*/
function mod(
uint256 a,
uint256 b,
string memory errorMessage
) internal pure returns (uint256) {
unchecked {
require(b > 0, errorMessage);
return a % b;
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (token/ERC20/utils/SafeERC20.sol)
pragma solidity ^0.8.0;
import "../IERC20.sol";
import "../../../utils/Address.sol";
/**
* @title SafeERC20
* @dev Wrappers around ERC20 operations that throw on failure (when the token
* contract returns false). Tokens that return no value (and instead revert or
* throw on failure) are also supported, non-reverting calls are assumed to be
* successful.
* To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,
* which allows you to call the safe operations as `token.safeTransfer(...)`, etc.
*/
library SafeERC20 {
using Address for address;
function safeTransfer(
IERC20 token,
address to,
uint256 value
) internal {
_callOptionalReturn(token, abi.encodeWithSelector(token.transfer.selector, to, value));
}
function safeTransferFrom(
IERC20 token,
address from,
address to,
uint256 value
) internal {
_callOptionalReturn(token, abi.encodeWithSelector(token.transferFrom.selector, from, to, value));
}
/**
* @dev Deprecated. This function has issues similar to the ones found in
* {IERC20-approve}, and its usage is discouraged.
*
* Whenever possible, use {safeIncreaseAllowance} and
* {safeDecreaseAllowance} instead.
*/
function safeApprove(
IERC20 token,
address spender,
uint256 value
) internal {
// safeApprove should only be called when setting an initial allowance,
// or when resetting it to zero. To increase and decrease it, use
// 'safeIncreaseAllowance' and 'safeDecreaseAllowance'
require(
(value == 0) || (token.allowance(address(this), spender) == 0),
"SafeERC20: approve from non-zero to non-zero allowance"
);
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, value));
}
function safeIncreaseAllowance(
IERC20 token,
address spender,
uint256 value
) internal {
uint256 newAllowance = token.allowance(address(this), spender) + value;
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));
}
function safeDecreaseAllowance(
IERC20 token,
address spender,
uint256 value
) internal {
unchecked {
uint256 oldAllowance = token.allowance(address(this), spender);
require(oldAllowance >= value, "SafeERC20: decreased allowance below zero");
uint256 newAllowance = oldAllowance - value;
_callOptionalReturn(token, abi.encodeWithSelector(token.approve.selector, spender, newAllowance));
}
}
/**
* @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
* on the return value: the return value is optional (but if data is returned, it must not be false).
* @param token The token targeted by the call.
* @param data The call data (encoded using abi.encode or one of its variants).
*/
function _callOptionalReturn(IERC20 token, bytes memory data) private {
// We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since
// we're implementing it ourselves. We use {Address.functionCall} to perform this call, which verifies that
// the target address contains contract code and also asserts for success in the low-level call.
bytes memory returndata = address(token).functionCall(data, "SafeERC20: low-level call failed");
if (returndata.length > 0) {
// Return data is optional
require(abi.decode(returndata, (bool)), "SafeERC20: ERC20 operation did not succeed");
}
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/math/Math.sol)
pragma solidity ^0.8.0;
/**
* @dev Standard math utilities missing in the Solidity language.
*/
library Math {
/**
* @dev Returns the largest of two numbers.
*/
function max(uint256 a, uint256 b) internal pure returns (uint256) {
return a >= b ? a : b;
}
/**
* @dev Returns the smallest of two numbers.
*/
function min(uint256 a, uint256 b) internal pure returns (uint256) {
return a < b ? a : b;
}
/**
* @dev Returns the average of two numbers. The result is rounded towards
* zero.
*/
function average(uint256 a, uint256 b) internal pure returns (uint256) {
// (a + b) / 2 can overflow.
return (a & b) + (a ^ b) / 2;
}
/**
* @dev Returns the ceiling of the division of two numbers.
*
* This differs from standard division with `/` in that it rounds up instead
* of rounding down.
*/
function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {
// (a + b - 1) / b can overflow on addition, so we distribute.
return a / b + (a % b == 0 ? 0 : 1);
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/Context.sol)
pragma solidity ^0.8.0;
/**
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/
abstract contract Context {
function _msgSender() internal view virtual returns (address) {
return msg.sender;
}
function _msgData() internal view virtual returns (bytes calldata) {
return msg.data;
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (token/ERC20/IERC20.sol)
pragma solidity ^0.8.0;
/**
* @dev Interface of the ERC20 standard as defined in the EIP.
*/
interface IERC20 {
/**
* @dev Returns the amount of tokens in existence.
*/
function totalSupply() external view returns (uint256);
/**
* @dev Returns the amount of tokens owned by `account`.
*/
function balanceOf(address account) external view returns (uint256);
/**
* @dev Moves `amount` tokens from the caller's account to `recipient`.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transfer(address recipient, uint256 amount) external returns (bool);
/**
* @dev Returns the remaining number of tokens that `spender` will be
* allowed to spend on behalf of `owner` through {transferFrom}. This is
* zero by default.
*
* This value changes when {approve} or {transferFrom} are called.
*/
function allowance(address owner, address spender) external view returns (uint256);
/**
* @dev Sets `amount` as the allowance of `spender` over the caller's tokens.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* IMPORTANT: Beware that changing an allowance with this method brings the risk
* that someone may use both the old and the new allowance by unfortunate
* transaction ordering. One possible solution to mitigate this race
* condition is to first reduce the spender's allowance to 0 and set the
* desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
*
* Emits an {Approval} event.
*/
function approve(address spender, uint256 amount) external returns (bool);
/**
* @dev Moves `amount` tokens from `sender` to `recipient` using the
* allowance mechanism. `amount` is then deducted from the caller's
* allowance.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transferFrom(
address sender,
address recipient,
uint256 amount
) external returns (bool);
/**
* @dev Emitted when `value` tokens are moved from one account (`from`) to
* another (`to`).
*
* Note that `value` may be zero.
*/
event Transfer(address indexed from, address indexed to, uint256 value);
/**
* @dev Emitted when the allowance of a `spender` for an `owner` is set by
* a call to {approve}. `value` is the new allowance.
*/
event Approval(address indexed owner, address indexed spender, uint256 value);
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/Address.sol)
pragma solidity ^0.8.0;
/**
* @dev Collection of functions related to the address type
*/
library Address {
/**
* @dev Returns true if `account` is a contract.
*
* [IMPORTANT]
* ====
* It is unsafe to assume that an address for which this function returns
* false is an externally-owned account (EOA) and not a contract.
*
* Among others, `isContract` will return false for the following
* types of addresses:
*
* - an externally-owned account
* - a contract in construction
* - an address where a contract will be created
* - an address where a contract lived, but was destroyed
* ====
*/
function isContract(address account) internal view returns (bool) {
// This method relies on extcodesize, which returns 0 for contracts in
// construction, since the code is only stored at the end of the
// constructor execution.
uint256 size;
assembly {
size := extcodesize(account)
}
return size > 0;
}
/**
* @dev Replacement for Solidity's `transfer`: sends `amount` wei to
* `recipient`, forwarding all available gas and reverting on errors.
*
* https://eips.ethereum.org/EIPS/eip-1884[EIP1884] increases the gas cost
* of certain opcodes, possibly making contracts go over the 2300 gas limit
* imposed by `transfer`, making them unable to receive funds via
* `transfer`. {sendValue} removes this limitation.
*
* https://diligence.consensys.net/posts/2019/09/stop-using-soliditys-transfer-now/[Learn more].
*
* IMPORTANT: because control is transferred to `recipient`, care must be
* taken to not create reentrancy vulnerabilities. Consider using
* {ReentrancyGuard} or the
* https://solidity.readthedocs.io/en/v0.5.11/security-considerations.html#use-the-checks-effects-interactions-pattern[checks-effects-interactions pattern].
*/
function sendValue(address payable recipient, uint256 amount) internal {
require(address(this).balance >= amount, "Address: insufficient balance");
(bool success, ) = recipient.call{value: amount}("");
require(success, "Address: unable to send value, recipient may have reverted");
}
/**
* @dev Performs a Solidity function call using a low level `call`. A
* plain `call` is an unsafe replacement for a function call: use this
* function instead.
*
* If `target` reverts with a revert reason, it is bubbled up by this
* function (like regular Solidity function calls).
*
* Returns the raw returned data. To convert to the expected return value,
* use https://solidity.readthedocs.io/en/latest/units-and-global-variables.html?highlight=abi.decode#abi-encoding-and-decoding-functions[`abi.decode`].
*
* Requirements:
*
* - `target` must be a contract.
* - calling `target` with `data` must not revert.
*
* _Available since v3.1._
*/
function functionCall(address target, bytes memory data) internal returns (bytes memory) {
return functionCall(target, data, "Address: low-level call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`], but with
* `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
return functionCallWithValue(target, data, 0, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but also transferring `value` wei to `target`.
*
* Requirements:
*
* - the calling contract must have an ETH balance of at least `value`.
* - the called Solidity function must be `payable`.
*
* _Available since v3.1._
*/
function functionCallWithValue(
address target,
bytes memory data,
uint256 value
) internal returns (bytes memory) {
return functionCallWithValue(target, data, value, "Address: low-level call with value failed");
}
/**
* @dev Same as {xref-Address-functionCallWithValue-address-bytes-uint256-}[`functionCallWithValue`], but
* with `errorMessage` as a fallback revert reason when `target` reverts.
*
* _Available since v3.1._
*/
function functionCallWithValue(
address target,
bytes memory data,
uint256 value,
string memory errorMessage
) internal returns (bytes memory) {
require(address(this).balance >= value, "Address: insufficient balance for call");
require(isContract(target), "Address: call to non-contract");
(bool success, bytes memory returndata) = target.call{value: value}(data);
return verifyCallResult(success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(address target, bytes memory data) internal view returns (bytes memory) {
return functionStaticCall(target, data, "Address: low-level static call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a static call.
*
* _Available since v3.3._
*/
function functionStaticCall(
address target,
bytes memory data,
string memory errorMessage
) internal view returns (bytes memory) {
require(isContract(target), "Address: static call to non-contract");
(bool success, bytes memory returndata) = target.staticcall(data);
return verifyCallResult(success, returndata, errorMessage);
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(address target, bytes memory data) internal returns (bytes memory) {
return functionDelegateCall(target, data, "Address: low-level delegate call failed");
}
/**
* @dev Same as {xref-Address-functionCall-address-bytes-string-}[`functionCall`],
* but performing a delegate call.
*
* _Available since v3.4._
*/
function functionDelegateCall(
address target,
bytes memory data,
string memory errorMessage
) internal returns (bytes memory) {
require(isContract(target), "Address: delegate call to non-contract");
(bool success, bytes memory returndata) = target.delegatecall(data);
return verifyCallResult(success, returndata, errorMessage);
}
/**
* @dev Tool to verifies that a low level call was successful, and revert if it wasn't, either by bubbling the
* revert reason using the provided one.
*
* _Available since v4.3._
*/
function verifyCallResult(
bool success,
bytes memory returndata,
string memory errorMessage
) internal pure returns (bytes memory) {
if (success) {
return returndata;
} else {
// Look for revert reason and bubble it up if present
if (returndata.length > 0) {
// The easiest way to bubble the revert reason is using memory via assembly
assembly {
let returndata_size := mload(returndata)
revert(add(32, returndata), returndata_size)
}
} else {
revert(errorMessage);
}
}
}
}
File 2 of 2: CENNZnetBridge
// SPDX-License-Identifier: Apache-2.0
pragma solidity ^0.8.0;
import "@openzeppelin/contracts/utils/math/Math.sol";
import "@openzeppelin/contracts/access/Ownable.sol";
// Proof of a witnessed event by CENNZnet validators
struct CENNZnetEventProof {
// The Id (nonce) of the event
uint256 eventId;
// The validator set Id which witnessed the event
uint32 validatorSetId;
// v,r,s are sparse arrays expected to align w public key in 'validators'
// i.e. v[i], r[i], s[i] matches the i-th validator[i]
// v part of validator signatures
uint8[] v;
// r part of validator signatures
bytes32[] r;
// s part of validator signatures
bytes32[] s;
// The validator addresses
address[] validators;
}
// Provides methods for verifying messages from the CENNZnet validator set
contract CENNZnetBridge is Ownable {
// map from validator set nonce to keccak256 digest of validator ECDSA addresses (i.e bridge session keys)
// these should be encoded in sorted order matching `pallet_session::Module<T>::validators()` to create the digest
// signatures from a threshold of these addresses are considered approved by the CENNZnet protocol
mapping(uint => bytes32) public validatorSetDigests;
// Nonce for validator set changes
uint32 public activeValidatorSetId;
// Message nonces.
// CENNZnet will only validate one message per nonce.
// Claiming out of order is ok.
mapping(uint => bool) public eventIds;
// Fee for CENNZnet message verification
// Offsets bridge upkeep costs i.e updating the validator set
uint public verificationFee = 1e15;
// Acceptance threshold in %
uint public thresholdPercent = 60;
// Number of eras before a bridge message will be considered expired
uint public proofTTL = 3;
// Whether the bridge is active or not
bool public active = true;
// Max reward paid out to successful caller of `setValidator`
uint public maxRewardPayout = 1e18;
event SetValidators(bytes32 validatorSetDigest, uint reward, uint32 validatorSetId);
// Verify a message was authorised by CENNZnet validators.
// Callable by anyone.
// Caller must provide `verificationFee`.
// Requires signatures from a threshold CENNZnet validators at proof.validatorSetId.
// Requires proof is not older than `proofTTL` eras
// Halts on failure
//
// Parameters:
// - message: the unhashed message data packed wide w validatorSetId & eventId e.g. `abi.encode(arg0, arg2, validatorSetId, eventId);`
// - proof: Signed witness material generated by CENNZnet proving 'message'
function verifyMessage(bytes calldata message, CENNZnetEventProof calldata proof) payable external {
require(active, "bridge inactive");
uint256 eventId = proof.eventId;
require(!eventIds[eventId], "eventId replayed");
require(msg.value >= verificationFee || msg.sender == address(this), "must supply verification fee");
uint32 validatorSetId = proof.validatorSetId;
require(validatorSetId <= activeValidatorSetId, "future validator set");
require(activeValidatorSetId - validatorSetId <= proofTTL, "expired proof");
address[] memory _validators = proof.validators;
// audit item #1
require(_validators.length > 0, "invalid validator set");
require(keccak256(abi.encode(_validators)) == validatorSetDigests[validatorSetId], "unexpected validator digest");
bytes32 digest = keccak256(message);
uint acceptanceTreshold = (_validators.length * thresholdPercent / 100);
uint witnessCount;
bytes32 ommited;
for (uint i; i < _validators.length; i++) {
// check signature omitted == bytes32(0)
if(proof.r[i] != ommited) {
// check signature
require(_validators[i] == ecrecover(digest, proof.v[i], proof.r[i], proof.s[i]), "signature invalid");
witnessCount += 1;
// have we got proven consensus?
if(witnessCount >= acceptanceTreshold) {
break;
}
}
}
require(witnessCount >= acceptanceTreshold, "not enough signatures");
eventIds[eventId] = true;
}
// Update the known CENNZnet validator set
//
// Requires signatures from a threshold of current CENNZnet validators
// v,r,s are sparse arrays expected to align w addresses / public key in 'validators'
// i.e. v[i], r[i], s[i] matches the i-th validator[i]
function setValidators(
address[] calldata newValidators,
uint32 newValidatorSetId,
CENNZnetEventProof calldata proof
) external payable {
require(newValidators.length > 0, "empty validator set");
require(newValidatorSetId > activeValidatorSetId , "validator set id replayed");
bytes memory message = abi.encode(newValidators, newValidatorSetId, proof.validatorSetId, proof.eventId);
this.verifyMessage(message, proof);
// update set digest and active id
bytes32 validatorSetDigest = keccak256(abi.encode(newValidators));
validatorSetDigests[newValidatorSetId] = validatorSetDigest;
activeValidatorSetId = newValidatorSetId;
// return accumulated fees to the sender as a reward, capped at `maxRewardPayout`
uint reward = Math.min(address(this).balance, maxRewardPayout);
(bool sent, ) = msg.sender.call{value: reward}("");
require(sent, "Failed to send Ether");
emit SetValidators(validatorSetDigest, reward, newValidatorSetId);
}
// Admin functions
// force set the active CENNZnet validator set
function forceActiveValidatorSet(address[] calldata _validators, uint32 validatorSetId) external onlyOwner {
require(_validators.length > 0, "empty validator set");
require(validatorSetId >= activeValidatorSetId, "set is historic");
validatorSetDigests[validatorSetId] = keccak256(abi.encode(_validators));
activeValidatorSetId = validatorSetId;
}
// Force set a historic CENNZnet validator set
// Sets older than proofTTL are not modifiable (since they cannot produce valid proofs any longer)
function forceHistoricValidatorSet(address[] calldata _validators, uint32 validatorSetId) external onlyOwner {
require(_validators.length > 0, "empty validator set");
require(validatorSetId + proofTTL > activeValidatorSetId, "set is inactive");
validatorSetDigests[validatorSetId] = keccak256(abi.encode(_validators));
}
// Set the TTL for historic validator set proofs
function setProofTTL(uint newTTL) external onlyOwner {
proofTTL = newTTL;
}
// Set the max reward payout for `setValidator` incentive
function setMaxRewardPayout(uint newMaxRewardPayout) external onlyOwner {
maxRewardPayout = newMaxRewardPayout;
}
// Set the fee for verify messages
function setVerificationFee(uint newFee) external onlyOwner {
verificationFee = newFee;
}
// Set the threshold % required for proof verification
function setThreshold(uint newThresholdPercent) external onlyOwner {
require(newThresholdPercent <= 100, "percent must be <= 100");
thresholdPercent = newThresholdPercent;
}
// Activate/deactivate the bridge
function setActive(bool active_) external onlyOwner {
active = active_;
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/math/Math.sol)
pragma solidity ^0.8.0;
/**
* @dev Standard math utilities missing in the Solidity language.
*/
library Math {
/**
* @dev Returns the largest of two numbers.
*/
function max(uint256 a, uint256 b) internal pure returns (uint256) {
return a >= b ? a : b;
}
/**
* @dev Returns the smallest of two numbers.
*/
function min(uint256 a, uint256 b) internal pure returns (uint256) {
return a < b ? a : b;
}
/**
* @dev Returns the average of two numbers. The result is rounded towards
* zero.
*/
function average(uint256 a, uint256 b) internal pure returns (uint256) {
// (a + b) / 2 can overflow.
return (a & b) + (a ^ b) / 2;
}
/**
* @dev Returns the ceiling of the division of two numbers.
*
* This differs from standard division with `/` in that it rounds up instead
* of rounding down.
*/
function ceilDiv(uint256 a, uint256 b) internal pure returns (uint256) {
// (a + b - 1) / b can overflow on addition, so we distribute.
return a / b + (a % b == 0 ? 0 : 1);
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (access/Ownable.sol)
pragma solidity ^0.8.0;
import "../utils/Context.sol";
/**
* @dev Contract module which provides a basic access control mechanism, where
* there is an account (an owner) that can be granted exclusive access to
* specific functions.
*
* By default, the owner account will be the one that deploys the contract. This
* can later be changed with {transferOwnership}.
*
* This module is used through inheritance. It will make available the modifier
* `onlyOwner`, which can be applied to your functions to restrict their use to
* the owner.
*/
abstract contract Ownable is Context {
address private _owner;
event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
/**
* @dev Initializes the contract setting the deployer as the initial owner.
*/
constructor() {
_transferOwnership(_msgSender());
}
/**
* @dev Returns the address of the current owner.
*/
function owner() public view virtual returns (address) {
return _owner;
}
/**
* @dev Throws if called by any account other than the owner.
*/
modifier onlyOwner() {
require(owner() == _msgSender(), "Ownable: caller is not the owner");
_;
}
/**
* @dev Leaves the contract without owner. It will not be possible to call
* `onlyOwner` functions anymore. Can only be called by the current owner.
*
* NOTE: Renouncing ownership will leave the contract without an owner,
* thereby removing any functionality that is only available to the owner.
*/
function renounceOwnership() public virtual onlyOwner {
_transferOwnership(address(0));
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Can only be called by the current owner.
*/
function transferOwnership(address newOwner) public virtual onlyOwner {
require(newOwner != address(0), "Ownable: new owner is the zero address");
_transferOwnership(newOwner);
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Internal function without access restriction.
*/
function _transferOwnership(address newOwner) internal virtual {
address oldOwner = _owner;
_owner = newOwner;
emit OwnershipTransferred(oldOwner, newOwner);
}
}
// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts v4.4.1 (utils/Context.sol)
pragma solidity ^0.8.0;
/**
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/
abstract contract Context {
function _msgSender() internal view virtual returns (address) {
return msg.sender;
}
function _msgData() internal view virtual returns (bytes calldata) {
return msg.data;
}
}