WalletRegistry

WalletRegistry

authorization

struct EcdsaAuthorization.Data authorization

dkg

struct EcdsaDkg.Data dkg

wallets

struct Wallets.Data wallets

_maliciousDkgResultSlashingAmount

uint96 _maliciousDkgResultSlashingAmount

Slashing amount for submitting a malicious DKG result. Every DKG result submitted can be challenged for the time of dkg.resultChallengePeriodLength. If the DKG result submitted is challenged and proven to be malicious, the operator who submitted the malicious result is slashed for _maliciousDkgResultSlashingAmount.

_maliciousDkgResultNotificationRewardMultiplier

uint256 _maliciousDkgResultNotificationRewardMultiplier

Percentage of the staking contract malicious behavior notification reward which will be transferred to the notifier reporting about a malicious DKG result. Notifiers are rewarded from a notifiers treasury pool. For example, if notification reward is 1000 and the value of the multiplier is 5, the notifier will receive: 5% of 1000 = 50 per each operator affected.

_sortitionPoolRewardsBanDuration

uint256 _sortitionPoolRewardsBanDuration

Duration of the sortition pool rewards ban imposed on operators who missed their turn for DKG result submission or who failed a heartbeat.

_dkgResultSubmissionGas

uint256 _dkgResultSubmissionGas

Calculated max gas cost for submitting a DKG result. This will be refunded as part of the DKG approval process. It is in the submitter's interest to not skip his priority turn on the approval, otherwise the refund of the DKG submission will be refunded to another group member that will call the DKG approve function.

_dkgResultApprovalGasOffset

uint256 _dkgResultApprovalGasOffset

Gas that is meant to balance the DKG result approval's overall cost. It can be updated by the governance based on the current market conditions.

_notifyOperatorInactivityGasOffset

uint256 _notifyOperatorInactivityGasOffset

Gas that is meant to balance the notification of an operator inactivity. It can be updated by the governance based on the current market conditions.

_notifySeedTimeoutGasOffset

uint256 _notifySeedTimeoutGasOffset

Gas that is meant to balance the notification of a seed for DKG delivery timeout. It can be updated by the governance based on the current market conditions.

_notifyDkgTimeoutNegativeGasOffset

uint256 _notifyDkgTimeoutNegativeGasOffset

Gas that is meant to balance the notification of a DKG protocol execution timeout. It can be updated by the governance based on the current market conditions.

The value is subtracted for the refundable gas calculation, as the DKG timeout notification transaction recovers some gas when cleaning up the storage.

inactivityClaimNonce

mapping(bytes32 => uint256) inactivityClaimNonce

Stores current operator inactivity claim nonce for the given wallet signing group. Each claim is made with a unique nonce which protects against claim replay.

walletOwner

contract IWalletOwner walletOwner

sortitionPool

contract SortitionPool sortitionPool

staking

contract IStaking staking

randomBeacon

contract IRandomBeacon randomBeacon

DkgStarted

event DkgStarted(uint256 seed)

DkgResultSubmitted

event DkgResultSubmitted(bytes32 resultHash, uint256 seed, struct EcdsaDkg.Result result)

DkgTimedOut

event DkgTimedOut()

DkgResultApproved

event DkgResultApproved(bytes32 resultHash, address approver)

DkgResultChallenged

event DkgResultChallenged(bytes32 resultHash, address challenger, string reason)

DkgStateLocked

event DkgStateLocked()

DkgSeedTimedOut

event DkgSeedTimedOut()

WalletCreated

event WalletCreated(bytes32 walletID, bytes32 dkgResultHash)

WalletClosed

event WalletClosed(bytes32 walletID)

DkgMaliciousResultSlashed

event DkgMaliciousResultSlashed(bytes32 resultHash, uint256 slashingAmount, address maliciousSubmitter)

DkgMaliciousResultSlashingFailed

event DkgMaliciousResultSlashingFailed(bytes32 resultHash, uint256 slashingAmount, address maliciousSubmitter)

AuthorizationParametersUpdated

event AuthorizationParametersUpdated(uint96 minimumAuthorization, uint64 authorizationDecreaseDelay, uint64 authorizationDecreaseChangePeriod)

RewardParametersUpdated

event RewardParametersUpdated(uint256 maliciousDkgResultNotificationRewardMultiplier, uint256 sortitionPoolRewardsBanDuration)

SlashingParametersUpdated

event SlashingParametersUpdated(uint256 maliciousDkgResultSlashingAmount)

DkgParametersUpdated

event DkgParametersUpdated(uint256 seedTimeout, uint256 resultChallengePeriodLength, uint256 resultChallengeExtraGas, uint256 resultSubmissionTimeout, uint256 resultSubmitterPrecedencePeriodLength)

GasParametersUpdated

event GasParametersUpdated(uint256 dkgResultSubmissionGas, uint256 dkgResultApprovalGasOffset, uint256 notifyOperatorInactivityGasOffset, uint256 notifySeedTimeoutGasOffset, uint256 notifyDkgTimeoutNegativeGasOffset)

RandomBeaconUpgraded

event RandomBeaconUpgraded(address randomBeacon)

WalletOwnerUpdated

event WalletOwnerUpdated(address walletOwner)

OperatorRegistered

event OperatorRegistered(address stakingProvider, address operator)

AuthorizationIncreased

event AuthorizationIncreased(address stakingProvider, address operator, uint96 fromAmount, uint96 toAmount)

AuthorizationDecreaseRequested

event AuthorizationDecreaseRequested(address stakingProvider, address operator, uint96 fromAmount, uint96 toAmount, uint64 decreasingAt)

AuthorizationDecreaseApproved

event AuthorizationDecreaseApproved(address stakingProvider)

InvoluntaryAuthorizationDecreaseFailed

event InvoluntaryAuthorizationDecreaseFailed(address stakingProvider, address operator, uint96 fromAmount, uint96 toAmount)

OperatorJoinedSortitionPool

event OperatorJoinedSortitionPool(address stakingProvider, address operator)

OperatorStatusUpdated

event OperatorStatusUpdated(address stakingProvider, address operator)

InactivityClaimed

event InactivityClaimed(bytes32 walletID, uint256 nonce, address notifier)

onlyStakingContract

modifier onlyStakingContract()

onlyWalletOwner

modifier onlyWalletOwner()

Reverts if called not by the Wallet Owner.

onlyReimbursableAdmin

modifier onlyReimbursableAdmin()

constructor

constructor(contract SortitionPool _sortitionPool, contract IStaking _staking) public

Used to initialize immutable variables only, use initialize function for upgradable contract initialization on deployment.

initialize

function initialize(contract EcdsaDkgValidator _ecdsaDkgValidator, contract IRandomBeacon _randomBeacon, contract ReimbursementPool _reimbursementPool) external

Initializes upgradable contract on deployment.

withdrawRewards

function withdrawRewards(address stakingProvider) external

Withdraws application rewards for the given staking provider. Rewards are withdrawn to the staking provider's beneficiary address set in the staking contract. Reverts if staking provider has not registered the operator address.

Emits RewardsWithdrawn event.

withdrawIneligibleRewards

function withdrawIneligibleRewards(address recipient) external

Withdraws rewards belonging to operators marked as ineligible for sortition pool rewards.

Can be called only by the contract guvnor, which should be the wallet registry governance contract.

Parameters

registerOperator

function registerOperator(address operator) external

Used by staking provider to set operator address that will operate ECDSA node. The given staking provider can set operator address only one time. The operator address can not be changed and must be unique. Reverts if the operator is already set for the staking provider or if the operator address is already in use. Reverts if there is a pending authorization decrease for the staking provider.

joinSortitionPool

function joinSortitionPool() external

Lets the operator join the sortition pool. The operator address must be known - before calling this function, it has to be appointed by the staking provider by calling registerOperator. Also, the operator must have the minimum authorization required by ECDSA. Function reverts if there is no minimum stake authorized or if the operator is not known. If there was an authorization decrease requested, it is activated by starting the authorization decrease delay.

updateOperatorStatus

function updateOperatorStatus(address operator) external

Updates status of the operator in the sortition pool. If there was an authorization decrease requested, it is activated by starting the authorization decrease delay. Function reverts if the operator is not known.

authorizationIncreased

function authorizationIncreased(address stakingProvider, uint96 fromAmount, uint96 toAmount) external

Used by T staking contract to inform the application that the authorized stake amount for the given staking provider increased.

Reverts if the authorization amount is below the minimum.

The function is not updating the sortition pool. Sortition pool state needs to be updated by the operator with a call to joinSortitionPool or updateOperatorStatus.

Can only be called by T staking contract.

authorizationDecreaseRequested

function authorizationDecreaseRequested(address stakingProvider, uint96 fromAmount, uint96 toAmount) external

Used by T staking contract to inform the application that the authorization decrease for the given staking provider has been requested.

Reverts if the amount after deauthorization would be non-zero and lower than the minimum authorization.

If the operator is not known (registerOperator was not called) it lets to approveAuthorizationDecrease immediatelly. If the operator is known (registerOperator was called), the operator needs to update state of the sortition pool with a call to joinSortitionPool or updateOperatorStatus. After the sortition pool state is in sync, authorization decrease delay starts.

After authorization decrease delay passes, authorization decrease request needs to be approved with a call to approveAuthorizationDecrease function.

If there is a pending authorization decrease request, it is overwritten.

Can only be called by T staking contract.

approveAuthorizationDecrease

function approveAuthorizationDecrease(address stakingProvider) external

Approves the previously registered authorization decrease request. Reverts if authorization decrease delay has not passed yet or if the authorization decrease was not requested for the given staking provider.

involuntaryAuthorizationDecrease

function involuntaryAuthorizationDecrease(address stakingProvider, uint96 fromAmount, uint96 toAmount) external

Used by T staking contract to inform the application the authorization has been decreased for the given staking provider involuntarily, as a result of slashing.

If the operator is not known (registerOperator was not called) the function does nothing. The operator was never in a sortition pool so there is nothing to update.

If the operator is known, sortition pool is unlocked, and the operator is in the sortition pool, the sortition pool state is updated. If the sortition pool is locked, update needs to be postponed. Every other staker is incentivized to call updateOperatorStatus for the problematic operator to increase their own rewards in the pool.

upgradeRandomBeacon

function upgradeRandomBeacon(contract IRandomBeacon _randomBeacon) external

Updates address of the Random Beacon.

Can be called only by the contract guvnor, which should be the wallet registry governance contract. The caller is responsible for validating parameters.

Parameters

updateWalletOwner

function updateWalletOwner(contract IWalletOwner _walletOwner) external

Updates the wallet owner.

Can be called only by the contract guvnor, which should be the wallet registry governance contract. The caller is responsible for validating parameters. The wallet owner has to implement IWalletOwner interface.

Parameters

updateAuthorizationParameters

function updateAuthorizationParameters(uint96 _minimumAuthorization, uint64 _authorizationDecreaseDelay, uint64 _authorizationDecreaseChangePeriod) external

Updates the values of authorization parameters.

Can be called only by the contract guvnor, which should be the wallet registry governance contract. The caller is responsible for validating parameters.

Parameters

updateDkgParameters

function updateDkgParameters(uint256 _seedTimeout, uint256 _resultChallengePeriodLength, uint256 _resultChallengeExtraGas, uint256 _resultSubmissionTimeout, uint256 _submitterPrecedencePeriodLength) external

Updates the values of DKG parameters.

Can be called only by the contract guvnor, which should be the wallet registry governance contract. The caller is responsible for validating parameters.

Parameters

updateRewardParameters

function updateRewardParameters(uint256 maliciousDkgResultNotificationRewardMultiplier, uint256 sortitionPoolRewardsBanDuration) external

Updates the values of reward parameters.

Can be called only by the contract guvnor, which should be the wallet registry governance contract. The caller is responsible for validating parameters.

Parameters

updateSlashingParameters

function updateSlashingParameters(uint96 maliciousDkgResultSlashingAmount) external

Updates the values of slashing parameters.

Can be called only by the contract guvnor, which should be the wallet registry governance contract. The caller is responsible for validating parameters.

Parameters

updateGasParameters

function updateGasParameters(uint256 dkgResultSubmissionGas, uint256 dkgResultApprovalGasOffset, uint256 notifyOperatorInactivityGasOffset, uint256 notifySeedTimeoutGasOffset, uint256 notifyDkgTimeoutNegativeGasOffset) external

Updates the values of gas-related parameters.

Can be called only by the contract guvnor, which should be the wallet registry governance contract. The caller is responsible for validating parameters.

Parameters

requestNewWallet

function requestNewWallet() external

Requests a new wallet creation.

Can be called only by the owner of wallets. It locks the DKG and request a new relay entry. It expects that the DKG process will be started once a new relay entry gets generated.

closeWallet

function closeWallet(bytes32 walletID) external

Closes an existing wallet. Reverts if wallet with the given ID does not exist or if it has already been closed.

Only a Wallet Owner can call this function.

Parameters

__beaconCallback

function __beaconCallback(uint256 relayEntry, uint256) external

A callback that is executed once a new relay entry gets generated. It starts the DKG process.

Can be called only by the random beacon contract.

Parameters

submitDkgResult

function submitDkgResult(struct EcdsaDkg.Result dkgResult) external

Submits result of DKG protocol. The DKG result consists of result submitting member index, calculated group public key, bytes array of misbehaved members, concatenation of signatures from group members, indices of members corresponding to each signature and the list of group members. The result is registered optimistically and waits for an approval. The result can be challenged when it is believed to be incorrect. The challenge verifies the registered result i.a. it checks if members list corresponds to the expected set of members determined by the sortition pool.

The message to be signed by each member is keccak256 hash of the chain ID, calculated group public key, misbehaved members indices and DKG start block. The calculated hash should be prefixed with \x19Ethereum signed message: before signing, so the message to sign is: \x19Ethereum signed message:\n${keccak256(chainID,groupPubKey,misbehavedIndices,startBlock)}

Parameters

approveDkgResult

function approveDkgResult(struct EcdsaDkg.Result dkgResult) external

Approves DKG result. Can be called when the challenge period for the submitted result is finished. Considers the submitted result as valid, bans misbehaved group members from the sortition pool rewards, and completes the group creation by activating the candidate group. For the first resultSubmissionTimeout blocks after the end of the challenge period can be called only by the DKG result submitter. After that time, can be called by anyone. A new wallet based on the DKG result details.

Parameters

notifySeedTimeout

function notifySeedTimeout() external

Notifies about seed for DKG delivery timeout. It is expected that a seed is delivered by the Random Beacon as a relay entry in a callback function.

notifyDkgTimeout

function notifyDkgTimeout() external

Notifies about DKG timeout.

challengeDkgResult

function challengeDkgResult(struct EcdsaDkg.Result dkgResult) external

Challenges DKG result. If the submitted result is proved to be invalid it reverts the DKG back to the result submission phase.

Due to EIP-150 1/64 of the gas is not forwarded to the call, and will be kept to execute the remaining operations in the function after the call inside the try-catch. To eliminate a class of attacks related to the gas limit manipulation, this function requires an extra amount of gas to be left at the end of the execution.

Parameters

notifyOperatorInactivity

function notifyOperatorInactivity(struct EcdsaInactivity.Claim claim, uint256 nonce, uint32[] groupMembers) external

Notifies about operators who are inactive. Using this function, a majority of the wallet signing group can decide about punishing specific group members who constantly fail doing their job. If the provided claim is proved to be valid and signed by sufficient number of group members, operators of members deemed as inactive are banned from sortition pool rewards for the duration specified by sortitionPoolRewardsBanDuration parameter. The function allows to signal about single operators being inactive as well as to signal wallet-wide heartbeat failures that are propagated to the wallet owner who should begin the procedure of moving responsibilities to another wallet given that the wallet who failed the heartbeat may soon be not able to function and provide new signatures. The sender of the claim must be one of the claim signers. This function can be called only for registered wallets

Parameters

seize

function seize(uint96 amount, uint256 rewardMultiplier, address notifier, bytes32 walletID, uint32[] walletMembersIDs) external

Allows the wallet owner to add all signing group members of the wallet with the given ID to the slashing queue of the staking . contract. The notifier will receive reward per each group member from the staking contract notifiers treasury. The reward is scaled by the rewardMultiplier provided as a parameter.

Requirements:

• The expression keccak256(abi.encode(walletMembersIDs)) must be exactly the same as the hash stored under membersIdsHash for the given walletID. Those IDs are not directly stored in the contract for gas efficiency purposes but they can be read from appropriate DkgResultSubmitted and DkgResultApproved events.

• rewardMultiplier must be between [0, 100].

• This function does revert if staking contract call reverts. The calling code needs to handle the potential revert.

Parameters

isDkgResultValid

function isDkgResultValid(struct EcdsaDkg.Result result) external view returns (bool, string)

Checks if DKG result is valid for the current DKG.

Parameters

Return Values

getWalletCreationState

function getWalletCreationState() external view returns (enum EcdsaDkg.State)

Check current wallet creation state.

isWalletMember

function isWalletMember(bytes32 walletID, uint32[] walletMembersIDs, address operator, uint256 walletMemberIndex) external view returns (bool)

Checks whether the given operator is a member of the given wallet signing group.

Requirements:

• The operator parameter must be an actual sortition pool operator.

• The expression keccak256(abi.encode(walletMembersIDs)) must be exactly the same as the hash stored under membersIdsHash for the given walletID. Those IDs are not directly stored in the contract for gas efficiency purposes but they can be read from appropriate DkgResultSubmitted and DkgResultApproved events.

• The walletMemberIndex must be in range [1, walletMembersIDs.length]

Parameters

Return Values

hasSeedTimedOut

function hasSeedTimedOut() external view returns (bool)

Checks if awaiting seed timed out.

Return Values

hasDkgTimedOut

function hasDkgTimedOut() external view returns (bool)

Checks if DKG timed out. The DKG timeout period includes time required for off-chain protocol execution and time for the result publication for all group members. After this time result cannot be submitted and DKG can be notified about the timeout.

Return Values

getWallet

function getWallet(bytes32 walletID) external view returns (struct Wallets.Wallet)

getWalletPublicKey

function getWalletPublicKey(bytes32 walletID) external view returns (bytes)

Gets public key of a wallet with a given wallet ID. The public key is returned in an uncompressed format as a 64-byte concatenation of X and Y coordinates.

Parameters

Return Values

isWalletRegistered

function isWalletRegistered(bytes32 walletID) external view returns (bool)

Checks if a wallet with the given ID is registered.

Parameters

Return Values

minimumAuthorization

function minimumAuthorization() external view returns (uint96)

The minimum authorization amount required so that operator can participate in ECDSA Wallet operations.

eligibleStake

function eligibleStake(address stakingProvider) external view returns (uint96)

Returns the current value of the staking provider's eligible stake. Eligible stake is defined as the currently authorized stake minus the pending authorization decrease. Eligible stake is what is used for operator's weight in the sortition pool. If the authorized stake minus the pending authorization decrease is below the minimum authorization, eligible stake is 0.

availableRewards

function availableRewards(address stakingProvider) external view returns (uint96)

Returns the amount of rewards available for withdrawal for the given staking provider. Reverts if staking provider has not registered the operator address.

pendingAuthorizationDecrease

function pendingAuthorizationDecrease(address stakingProvider) external view returns (uint96)

Returns the amount of stake that is pending authorization decrease for the given staking provider. If no authorization decrease has been requested, returns zero.

remainingAuthorizationDecreaseDelay

function remainingAuthorizationDecreaseDelay(address stakingProvider) external view returns (uint64)

Returns the remaining time in seconds that needs to pass before the requested authorization decrease can be approved. If the sortition pool state was not updated yet by the operator after requesting the authorization decrease, returns type(uint64).max.

stakingProviderToOperator

function stakingProviderToOperator(address stakingProvider) public view returns (address)

Returns operator registered for the given staking provider.

operatorToStakingProvider

function operatorToStakingProvider(address operator) public view returns (address)

Returns staking provider of the given operator.

isOperatorUpToDate

function isOperatorUpToDate(address operator) external view returns (bool)

Checks if the operator's authorized stake is in sync with operator's weight in the sortition pool. If the operator is not in the sortition pool and their authorized stake is non-zero, function returns false.

isOperatorInPool

function isOperatorInPool(address operator) external view returns (bool)

Returns true if the given operator is in the sortition pool. Otherwise, returns false.

selectGroup

function selectGroup() external view returns (uint32[])

Selects a new group of operators. Can only be called when DKG is in progress and the pool is locked. At least one operator has to be registered in the pool, otherwise the function fails reverting the transaction.

Return Values

dkgParameters

function dkgParameters() external view returns (struct EcdsaDkg.Parameters)

Retrieves dkg parameters that were set in DKG library.

authorizationParameters

function authorizationParameters() external view returns (uint96 minimumAuthorization, uint64 authorizationDecreaseDelay, uint64 authorizationDecreaseChangePeriod)

Returns authorization-related parameters.

The minimum authorization is also returned by minimumAuthorization() function, as a requirement of IApplication interface.

Return Values

rewardParameters

function rewardParameters() external view returns (uint256 maliciousDkgResultNotificationRewardMultiplier, uint256 sortitionPoolRewardsBanDuration)

Retrieves reward-related parameters.

Return Values

slashingParameters

function slashingParameters() external view returns (uint96 maliciousDkgResultSlashingAmount)

Retrieves slashing-related parameters.

Return Values

gasParameters

function gasParameters() external view returns (uint256 dkgResultSubmissionGas, uint256 dkgResultApprovalGasOffset, uint256 notifyOperatorInactivityGasOffset, uint256 notifySeedTimeoutGasOffset, uint256 notifyDkgTimeoutNegativeGasOffset)

Retrieves gas-related parameters.

Return Values