WalletRegistry
WalletRegistry
authorization
dkg
wallets
_maliciousDkgResultSlashingAmount
Slashing amount for submitting a malicious DKG result. Every DKG result submitted can be challenged for the time of dkg.resultChallengePeriodLength
. If the DKG result submitted is challenged and proven to be malicious, the operator who submitted the malicious result is slashed for _maliciousDkgResultSlashingAmount
.
_maliciousDkgResultNotificationRewardMultiplier
Percentage of the staking contract malicious behavior notification reward which will be transferred to the notifier reporting about a malicious DKG result. Notifiers are rewarded from a notifiers treasury pool. For example, if notification reward is 1000 and the value of the multiplier is 5, the notifier will receive: 5% of 1000 = 50 per each operator affected.
_sortitionPoolRewardsBanDuration
Duration of the sortition pool rewards ban imposed on operators who missed their turn for DKG result submission or who failed a heartbeat.
_dkgResultSubmissionGas
Calculated max gas cost for submitting a DKG result. This will be refunded as part of the DKG approval process. It is in the submitter's interest to not skip his priority turn on the approval, otherwise the refund of the DKG submission will be refunded to another group member that will call the DKG approve function.
_dkgResultApprovalGasOffset
Gas that is meant to balance the DKG result approval's overall cost. It can be updated by the governance based on the current market conditions.
_notifyOperatorInactivityGasOffset
Gas that is meant to balance the notification of an operator inactivity. It can be updated by the governance based on the current market conditions.
_notifySeedTimeoutGasOffset
Gas that is meant to balance the notification of a seed for DKG delivery timeout. It can be updated by the governance based on the current market conditions.
_notifyDkgTimeoutNegativeGasOffset
Gas that is meant to balance the notification of a DKG protocol execution timeout. It can be updated by the governance based on the current market conditions.
The value is subtracted for the refundable gas calculation, as the DKG timeout notification transaction recovers some gas when cleaning up the storage.
inactivityClaimNonce
Stores current operator inactivity claim nonce for the given wallet signing group. Each claim is made with a unique nonce which protects against claim replay.
walletOwner
sortitionPool
staking
randomBeacon
DkgStarted
DkgResultSubmitted
DkgTimedOut
DkgResultApproved
DkgResultChallenged
DkgStateLocked
DkgSeedTimedOut
WalletCreated
WalletClosed
DkgMaliciousResultSlashed
DkgMaliciousResultSlashingFailed
AuthorizationParametersUpdated
RewardParametersUpdated
SlashingParametersUpdated
DkgParametersUpdated
GasParametersUpdated
RandomBeaconUpgraded
WalletOwnerUpdated
OperatorRegistered
AuthorizationIncreased
AuthorizationDecreaseRequested
AuthorizationDecreaseApproved
InvoluntaryAuthorizationDecreaseFailed
OperatorJoinedSortitionPool
OperatorStatusUpdated
InactivityClaimed
onlyStakingContract
onlyWalletOwner
Reverts if called not by the Wallet Owner.
onlyReimbursableAdmin
constructor
Used to initialize immutable variables only, use initialize
function for upgradable contract initialization on deployment.
initialize
Initializes upgradable contract on deployment.
withdrawRewards
Withdraws application rewards for the given staking provider. Rewards are withdrawn to the staking provider's beneficiary address set in the staking contract. Reverts if staking provider has not registered the operator address.
Emits RewardsWithdrawn
event.
withdrawIneligibleRewards
Withdraws rewards belonging to operators marked as ineligible for sortition pool rewards.
Can be called only by the contract guvnor, which should be the wallet registry governance contract.
Parameters
recipient
address
Recipient of withdrawn rewards.
registerOperator
Used by staking provider to set operator address that will operate ECDSA node. The given staking provider can set operator address only one time. The operator address can not be changed and must be unique. Reverts if the operator is already set for the staking provider or if the operator address is already in use. Reverts if there is a pending authorization decrease for the staking provider.
joinSortitionPool
Lets the operator join the sortition pool. The operator address must be known - before calling this function, it has to be appointed by the staking provider by calling registerOperator
. Also, the operator must have the minimum authorization required by ECDSA. Function reverts if there is no minimum stake authorized or if the operator is not known. If there was an authorization decrease requested, it is activated by starting the authorization decrease delay.
updateOperatorStatus
Updates status of the operator in the sortition pool. If there was an authorization decrease requested, it is activated by starting the authorization decrease delay. Function reverts if the operator is not known.
authorizationIncreased
Used by T staking contract to inform the application that the authorized stake amount for the given staking provider increased.
Reverts if the authorization amount is below the minimum.
The function is not updating the sortition pool. Sortition pool state needs to be updated by the operator with a call to joinSortitionPool
or updateOperatorStatus
.
Can only be called by T staking contract.
authorizationDecreaseRequested
Used by T staking contract to inform the application that the authorization decrease for the given staking provider has been requested.
Reverts if the amount after deauthorization would be non-zero and lower than the minimum authorization.
If the operator is not known (registerOperator
was not called) it lets to approveAuthorizationDecrease
immediatelly. If the operator is known (registerOperator
was called), the operator needs to update state of the sortition pool with a call to joinSortitionPool
or updateOperatorStatus
. After the sortition pool state is in sync, authorization decrease delay starts.
After authorization decrease delay passes, authorization decrease request needs to be approved with a call to approveAuthorizationDecrease
function.
If there is a pending authorization decrease request, it is overwritten.
Can only be called by T staking contract.
approveAuthorizationDecrease
Approves the previously registered authorization decrease request. Reverts if authorization decrease delay has not passed yet or if the authorization decrease was not requested for the given staking provider.
involuntaryAuthorizationDecrease
Used by T staking contract to inform the application the authorization has been decreased for the given staking provider involuntarily, as a result of slashing.
If the operator is not known (registerOperator
was not called) the function does nothing. The operator was never in a sortition pool so there is nothing to update.
If the operator is known, sortition pool is unlocked, and the operator is in the sortition pool, the sortition pool state is updated. If the sortition pool is locked, update needs to be postponed. Every other staker is incentivized to call updateOperatorStatus
for the problematic operator to increase their own rewards in the pool.
upgradeRandomBeacon
Updates address of the Random Beacon.
Can be called only by the contract guvnor, which should be the wallet registry governance contract. The caller is responsible for validating parameters.
Parameters
_randomBeacon
contract IRandomBeacon
Random Beacon address.
updateWalletOwner
Updates the wallet owner.
Can be called only by the contract guvnor, which should be the wallet registry governance contract. The caller is responsible for validating parameters. The wallet owner has to implement IWalletOwner
interface.
Parameters
_walletOwner
contract IWalletOwner
New wallet owner address.
updateAuthorizationParameters
Updates the values of authorization parameters.
Can be called only by the contract guvnor, which should be the wallet registry governance contract. The caller is responsible for validating parameters.
Parameters
_minimumAuthorization
uint96
New minimum authorization amount.
_authorizationDecreaseDelay
uint64
New authorization decrease delay in seconds.
_authorizationDecreaseChangePeriod
uint64
New authorization decrease change period in seconds.
updateDkgParameters
Updates the values of DKG parameters.
Can be called only by the contract guvnor, which should be the wallet registry governance contract. The caller is responsible for validating parameters.
Parameters
_seedTimeout
uint256
New seed timeout.
_resultChallengePeriodLength
uint256
New DKG result challenge period length.
_resultChallengeExtraGas
uint256
New extra gas value required to be left at the end of the DKG result challenge transaction.
_resultSubmissionTimeout
uint256
New DKG result submission timeout.
_submitterPrecedencePeriodLength
uint256
New submitter precedence period length.
updateRewardParameters
Updates the values of reward parameters.
Can be called only by the contract guvnor, which should be the wallet registry governance contract. The caller is responsible for validating parameters.
Parameters
maliciousDkgResultNotificationRewardMultiplier
uint256
New value of the DKG malicious result notification reward multiplier.
sortitionPoolRewardsBanDuration
uint256
New sortition pool rewards ban duration in seconds.
updateSlashingParameters
Updates the values of slashing parameters.
Can be called only by the contract guvnor, which should be the wallet registry governance contract. The caller is responsible for validating parameters.
Parameters
maliciousDkgResultSlashingAmount
uint96
New malicious DKG result slashing amount.
updateGasParameters
Updates the values of gas-related parameters.
Can be called only by the contract guvnor, which should be the wallet registry governance contract. The caller is responsible for validating parameters.
Parameters
dkgResultSubmissionGas
uint256
New DKG result submission gas.
dkgResultApprovalGasOffset
uint256
New DKG result approval gas offset.
notifyOperatorInactivityGasOffset
uint256
New operator inactivity notification gas offset.
notifySeedTimeoutGasOffset
uint256
New seed for DKG delivery timeout notification gas offset.
notifyDkgTimeoutNegativeGasOffset
uint256
New DKG timeout notification gas offset.
requestNewWallet
Requests a new wallet creation.
Can be called only by the owner of wallets. It locks the DKG and request a new relay entry. It expects that the DKG process will be started once a new relay entry gets generated.
closeWallet
Closes an existing wallet. Reverts if wallet with the given ID does not exist or if it has already been closed.
Only a Wallet Owner can call this function.
Parameters
walletID
bytes32
ID of the wallet.
__beaconCallback
A callback that is executed once a new relay entry gets generated. It starts the DKG process.
Can be called only by the random beacon contract.
Parameters
relayEntry
uint256
Relay entry.
uint256
submitDkgResult
Submits result of DKG protocol. The DKG result consists of result submitting member index, calculated group public key, bytes array of misbehaved members, concatenation of signatures from group members, indices of members corresponding to each signature and the list of group members. The result is registered optimistically and waits for an approval. The result can be challenged when it is believed to be incorrect. The challenge verifies the registered result i.a. it checks if members list corresponds to the expected set of members determined by the sortition pool.
The message to be signed by each member is keccak256 hash of the chain ID, calculated group public key, misbehaved members indices and DKG start block. The calculated hash should be prefixed with \x19Ethereum signed message:
before signing, so the message to sign is: \x19Ethereum signed message:\n${keccak256(chainID,groupPubKey,misbehavedIndices,startBlock)}
Parameters
dkgResult
struct EcdsaDkg.Result
DKG result.
approveDkgResult
Approves DKG result. Can be called when the challenge period for the submitted result is finished. Considers the submitted result as valid, bans misbehaved group members from the sortition pool rewards, and completes the group creation by activating the candidate group. For the first resultSubmissionTimeout
blocks after the end of the challenge period can be called only by the DKG result submitter. After that time, can be called by anyone. A new wallet based on the DKG result details.
Parameters
dkgResult
struct EcdsaDkg.Result
Result to approve. Must match the submitted result stored during submitDkgResult
.
notifySeedTimeout
Notifies about seed for DKG delivery timeout. It is expected that a seed is delivered by the Random Beacon as a relay entry in a callback function.
notifyDkgTimeout
Notifies about DKG timeout.
challengeDkgResult
Challenges DKG result. If the submitted result is proved to be invalid it reverts the DKG back to the result submission phase.
Due to EIP-150 1/64 of the gas is not forwarded to the call, and will be kept to execute the remaining operations in the function after the call inside the try-catch. To eliminate a class of attacks related to the gas limit manipulation, this function requires an extra amount of gas to be left at the end of the execution.
Parameters
dkgResult
struct EcdsaDkg.Result
Result to challenge. Must match the submitted result stored during submitDkgResult
.
notifyOperatorInactivity
Notifies about operators who are inactive. Using this function, a majority of the wallet signing group can decide about punishing specific group members who constantly fail doing their job. If the provided claim is proved to be valid and signed by sufficient number of group members, operators of members deemed as inactive are banned from sortition pool rewards for the duration specified by sortitionPoolRewardsBanDuration
parameter. The function allows to signal about single operators being inactive as well as to signal wallet-wide heartbeat failures that are propagated to the wallet owner who should begin the procedure of moving responsibilities to another wallet given that the wallet who failed the heartbeat may soon be not able to function and provide new signatures. The sender of the claim must be one of the claim signers. This function can be called only for registered wallets
Parameters
claim
struct EcdsaInactivity.Claim
Operator inactivity claim.
nonce
uint256
Current inactivity claim nonce for the given wallet signing group. Must be the same as the stored one.
groupMembers
uint32[]
Identifiers of the wallet signing group members.
seize
Allows the wallet owner to add all signing group members of the wallet with the given ID to the slashing queue of the staking . contract. The notifier will receive reward per each group member from the staking contract notifiers treasury. The reward is scaled by the rewardMultiplier
provided as a parameter.
Requirements:
The expression
keccak256(abi.encode(walletMembersIDs))
must be exactly the same as the hash stored undermembersIdsHash
for the givenwalletID
. Those IDs are not directly stored in the contract for gas efficiency purposes but they can be read from appropriateDkgResultSubmitted
andDkgResultApproved
events.rewardMultiplier
must be between [0, 100].This function does revert if staking contract call reverts. The calling code needs to handle the potential revert.
Parameters
amount
uint96
Amount of tokens to seize from each signing group member.
rewardMultiplier
uint256
Fraction of the staking contract notifiers reward the notifier should receive; should be between [0, 100].
notifier
address
Address of the misbehavior notifier.
walletID
bytes32
ID of the wallet.
walletMembersIDs
uint32[]
Identifiers of the wallet signing group members.
isDkgResultValid
Checks if DKG result is valid for the current DKG.
Parameters
result
struct EcdsaDkg.Result
DKG result.
Return Values
[0]
bool
True if the result is valid. If the result is invalid it returns false and an error message.
[1]
string
getWalletCreationState
Check current wallet creation state.
isWalletMember
Checks whether the given operator is a member of the given wallet signing group.
Requirements:
The
operator
parameter must be an actual sortition pool operator.The expression
keccak256(abi.encode(walletMembersIDs))
must be exactly the same as the hash stored undermembersIdsHash
for the givenwalletID
. Those IDs are not directly stored in the contract for gas efficiency purposes but they can be read from appropriateDkgResultSubmitted
andDkgResultApproved
events.The
walletMemberIndex
must be in range [1, walletMembersIDs.length]
Parameters
walletID
bytes32
ID of the wallet.
walletMembersIDs
uint32[]
Identifiers of the wallet signing group members.
operator
address
Address of the checked operator.
walletMemberIndex
uint256
Position of the operator in the wallet signing group members list.
Return Values
[0]
bool
True - if the operator is a member of the given wallet signing group. False - otherwise.
hasSeedTimedOut
Checks if awaiting seed timed out.
Return Values
[0]
bool
True if awaiting seed timed out, false otherwise.
hasDkgTimedOut
Checks if DKG timed out. The DKG timeout period includes time required for off-chain protocol execution and time for the result publication for all group members. After this time result cannot be submitted and DKG can be notified about the timeout.
Return Values
[0]
bool
True if DKG timed out, false otherwise.
getWallet
getWalletPublicKey
Gets public key of a wallet with a given wallet ID. The public key is returned in an uncompressed format as a 64-byte concatenation of X and Y coordinates.
Parameters
walletID
bytes32
ID of the wallet.
Return Values
[0]
bytes
Uncompressed public key of the wallet.
isWalletRegistered
Checks if a wallet with the given ID is registered.
Parameters
walletID
bytes32
Wallet's ID.
Return Values
[0]
bool
True if wallet is registered, false otherwise.
minimumAuthorization
The minimum authorization amount required so that operator can participate in ECDSA Wallet operations.
eligibleStake
Returns the current value of the staking provider's eligible stake. Eligible stake is defined as the currently authorized stake minus the pending authorization decrease. Eligible stake is what is used for operator's weight in the sortition pool. If the authorized stake minus the pending authorization decrease is below the minimum authorization, eligible stake is 0.
availableRewards
Returns the amount of rewards available for withdrawal for the given staking provider. Reverts if staking provider has not registered the operator address.
pendingAuthorizationDecrease
Returns the amount of stake that is pending authorization decrease for the given staking provider. If no authorization decrease has been requested, returns zero.
remainingAuthorizationDecreaseDelay
Returns the remaining time in seconds that needs to pass before the requested authorization decrease can be approved. If the sortition pool state was not updated yet by the operator after requesting the authorization decrease, returns type(uint64).max
.
stakingProviderToOperator
Returns operator registered for the given staking provider.
operatorToStakingProvider
Returns staking provider of the given operator.
isOperatorUpToDate
Checks if the operator's authorized stake is in sync with operator's weight in the sortition pool. If the operator is not in the sortition pool and their authorized stake is non-zero, function returns false.
isOperatorInPool
Returns true if the given operator is in the sortition pool. Otherwise, returns false.
selectGroup
Selects a new group of operators. Can only be called when DKG is in progress and the pool is locked. At least one operator has to be registered in the pool, otherwise the function fails reverting the transaction.
Return Values
[0]
uint32[]
IDs of selected group members.
dkgParameters
Retrieves dkg parameters that were set in DKG library.
authorizationParameters
Returns authorization-related parameters.
The minimum authorization is also returned by minimumAuthorization()
function, as a requirement of IApplication
interface.
Return Values
minimumAuthorization
uint96
The minimum authorization amount required so that operator can participate in the random beacon. This amount is required to execute slashing for providing a malicious DKG result or when a relay entry times out.
authorizationDecreaseDelay
uint64
Delay in seconds that needs to pass between the time authorization decrease is requested and the time that request gets approved. Protects against free-riders earning rewards and not being active in the network.
authorizationDecreaseChangePeriod
uint64
Authorization decrease change period in seconds. It is the time, before authorization decrease delay end, during which the pending authorization decrease request can be overwritten. If set to 0, pending authorization decrease request can not be overwritten until the entire authorizationDecreaseDelay
ends. If set to value equal authorizationDecreaseDelay
, request can always be overwritten.
rewardParameters
Retrieves reward-related parameters.
Return Values
maliciousDkgResultNotificationRewardMultiplier
uint256
Percentage of the staking contract malicious behavior notification reward which will be transferred to the notifier reporting about a malicious DKG result. Notifiers are rewarded from a notifiers treasury pool. For example, if notification reward is 1000 and the value of the multiplier is 5, the notifier will receive: 5% of 1000 = 50 per each operator affected.
sortitionPoolRewardsBanDuration
uint256
Duration of the sortition pool rewards ban imposed on operators who missed their turn for DKG result submission or who failed a heartbeat.
slashingParameters
Retrieves slashing-related parameters.
Return Values
maliciousDkgResultSlashingAmount
uint96
Slashing amount for submitting a malicious DKG result. Every DKG result submitted can be challenged for the time of dkg.resultChallengePeriodLength
. If the DKG result submitted is challenged and proven to be malicious, the operator who submitted the malicious result is slashed for _maliciousDkgResultSlashingAmount
.
gasParameters
Retrieves gas-related parameters.
Return Values
dkgResultSubmissionGas
uint256
Calculated max gas cost for submitting a DKG result. This will be refunded as part of the DKG approval process. It is in the submitter's interest to not skip his priority turn on the approval, otherwise the refund of the DKG submission will be refunded to another group member that will call the DKG approve function.
dkgResultApprovalGasOffset
uint256
Gas that is meant to balance the DKG result approval's overall cost. It can be updated by the governance based on the current market conditions.
notifyOperatorInactivityGasOffset
uint256
Gas that is meant to balance the notification of an operator inactivity. It can be updated by the governance based on the current market conditions.
notifySeedTimeoutGasOffset
uint256
Gas that is meant to balance the notification of a seed for DKG delivery timeout. It can be updated by the governance based on the current market conditions.
notifyDkgTimeoutNegativeGasOffset
uint256
Gas that is meant to balance the notification of a DKG protocol execution timeout. It can be updated by the governance based on the current market conditions.
Last updated