pezsnowbridge-outbound-queue-primitives 0.2.0

Snowbridge Outbound Queue Primitives
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386

// SPDX-License-Identifier: Apache-2.0
// SPDX-FileCopyrightText: 2023 Snowfork <hello@snowfork.com>
//! # Outbound V1 primitives

use crate::{OperatingMode, SendError, SendMessageFeeProvider};
use codec::{Decode, DecodeWithMemTracking, Encode};
use ethabi::Token;
use pezsnowbridge_core::{pricing::UD60x18, ChannelId};
use pezsp_arithmetic::traits::{BaseArithmetic, Unsigned};
use pezsp_core::{RuntimeDebug, H160, H256, U256};
use pezsp_std::{borrow::ToOwned, vec, vec::Vec};
use scale_info::TypeInfo;

/// Enqueued outbound messages need to be versioned to prevent data corruption
/// or loss after forkless runtime upgrades
#[derive(Encode, Decode, TypeInfo, Clone, RuntimeDebug)]
#[cfg_attr(feature = "std", derive(PartialEq))]
pub enum VersionedQueuedMessage {
	V1(QueuedMessage),
}

impl TryFrom<VersionedQueuedMessage> for QueuedMessage {
	type Error = ();
	fn try_from(x: VersionedQueuedMessage) -> Result<Self, Self::Error> {
		use VersionedQueuedMessage::*;
		match x {
			V1(x) => Ok(x),
		}
	}
}

impl<T: Into<QueuedMessage>> From<T> for VersionedQueuedMessage {
	fn from(x: T) -> Self {
		VersionedQueuedMessage::V1(x.into())
	}
}

/// A message which can be accepted by implementations of `/[`SendMessage`\]`
#[derive(Encode, Decode, TypeInfo, Clone, RuntimeDebug)]
#[cfg_attr(feature = "std", derive(PartialEq))]
pub struct Message {
	/// ID for this message. One will be automatically generated if not provided.
	///
	/// When this message is created from an XCM message, the ID should be extracted
	/// from the `SetTopic` instruction.
	///
	/// The ID plays no role in bridge consensus, and is purely meant for message tracing.
	pub id: Option<H256>,
	/// The message channel ID
	pub channel_id: ChannelId,
	/// The stable ID for a receiving gateway contract
	pub command: Command,
}

/// A command which is executable by the Gateway contract on Ethereum
#[derive(Clone, Encode, Decode, RuntimeDebug, TypeInfo)]
#[cfg_attr(feature = "std", derive(PartialEq))]
pub enum Command {
	/// Execute a sub-command within an agent for a consensus system in Pezkuwi
	/// DEPRECATED in favour of `UnlockNativeToken`. We still have to keep it around in
	/// case buffered and uncommitted messages are using this variant.
	AgentExecute {
		/// The ID of the agent
		agent_id: H256,
		/// The sub-command to be executed
		command: AgentExecuteCommand,
	},
	/// Upgrade the Gateway contract
	Upgrade {
		/// Address of the new implementation contract
		impl_address: H160,
		/// Codehash of the implementation contract
		impl_code_hash: H256,
		/// Optionally invoke an initializer in the implementation contract
		initializer: Option<Initializer>,
	},
	/// Set the global operating mode of the Gateway contract
	SetOperatingMode {
		/// The new operating mode
		mode: OperatingMode,
	},
	/// Set token fees of the Gateway contract
	SetTokenTransferFees {
		/// The fee(HEZ) for the cost of creating asset on AssetHub
		create_asset_xcm: u128,
		/// The fee(HEZ) for the cost of sending asset on AssetHub
		transfer_asset_xcm: u128,
		/// The fee(Ether) for register token to discourage spamming
		register_token: U256,
	},
	/// Set pricing parameters
	SetPricingParameters {
		// ETH/HEZ exchange rate
		exchange_rate: UD60x18,
		// Cost of delivering a message from Ethereum to BridgeHub, in TYR/KSM/HEZ
		delivery_cost: u128,
		// Fee multiplier
		multiplier: UD60x18,
	},
	/// Transfer ERC20 tokens
	UnlockNativeToken {
		/// ID of the agent
		agent_id: H256,
		/// Address of the ERC20 token
		token: H160,
		/// The recipient of the tokens
		recipient: H160,
		/// The amount of tokens to transfer
		amount: u128,
	},
	/// Register foreign token from Pezkuwi
	RegisterForeignToken {
		/// ID for the token
		token_id: H256,
		/// Name of the token
		name: Vec<u8>,
		/// Short symbol for the token
		symbol: Vec<u8>,
		/// Number of decimal places
		decimals: u8,
	},
	/// Mint foreign token from Pezkuwi
	MintForeignToken {
		/// ID for the token
		token_id: H256,
		/// The recipient of the newly minted tokens
		recipient: H160,
		/// The amount of tokens to mint
		amount: u128,
	},
}

impl Command {
	/// Compute the enum variant index
	pub fn index(&self) -> u8 {
		match self {
			Command::AgentExecute { .. } => 0,
			Command::Upgrade { .. } => 1,
			Command::SetOperatingMode { .. } => 5,
			Command::SetTokenTransferFees { .. } => 7,
			Command::SetPricingParameters { .. } => 8,
			Command::UnlockNativeToken { .. } => 9,
			Command::RegisterForeignToken { .. } => 10,
			Command::MintForeignToken { .. } => 11,
		}
	}

	/// ABI-encode the Command.
	pub fn abi_encode(&self) -> Vec<u8> {
		match self {
			Command::AgentExecute { agent_id, command } => ethabi::encode(&[Token::Tuple(vec![
				Token::FixedBytes(agent_id.as_bytes().to_owned()),
				Token::Bytes(command.abi_encode()),
			])]),
			Command::Upgrade { impl_address, impl_code_hash, initializer, .. } => {
				ethabi::encode(&[Token::Tuple(vec![
					Token::Address(*impl_address),
					Token::FixedBytes(impl_code_hash.as_bytes().to_owned()),
					initializer.clone().map_or(Token::Bytes(vec![]), |i| Token::Bytes(i.params)),
				])])
			},
			Command::SetOperatingMode { mode } => {
				ethabi::encode(&[Token::Tuple(vec![Token::Uint(U256::from((*mode) as u64))])])
			},
			Command::SetTokenTransferFees {
				create_asset_xcm,
				transfer_asset_xcm,
				register_token,
			} => ethabi::encode(&[Token::Tuple(vec![
				Token::Uint(U256::from(*create_asset_xcm)),
				Token::Uint(U256::from(*transfer_asset_xcm)),
				Token::Uint(*register_token),
			])]),
			Command::SetPricingParameters { exchange_rate, delivery_cost, multiplier } => {
				ethabi::encode(&[Token::Tuple(vec![
					Token::Uint(exchange_rate.clone().into_inner()),
					Token::Uint(U256::from(*delivery_cost)),
					Token::Uint(multiplier.clone().into_inner()),
				])])
			},
			Command::UnlockNativeToken { agent_id, token, recipient, amount } => {
				ethabi::encode(&[Token::Tuple(vec![
					Token::FixedBytes(agent_id.as_bytes().to_owned()),
					Token::Address(*token),
					Token::Address(*recipient),
					Token::Uint(U256::from(*amount)),
				])])
			},
			Command::RegisterForeignToken { token_id, name, symbol, decimals } => {
				ethabi::encode(&[Token::Tuple(vec![
					Token::FixedBytes(token_id.as_bytes().to_owned()),
					Token::String(name.to_owned()),
					Token::String(symbol.to_owned()),
					Token::Uint(U256::from(*decimals)),
				])])
			},
			Command::MintForeignToken { token_id, recipient, amount } => {
				ethabi::encode(&[Token::Tuple(vec![
					Token::FixedBytes(token_id.as_bytes().to_owned()),
					Token::Address(*recipient),
					Token::Uint(U256::from(*amount)),
				])])
			},
		}
	}
}

/// Representation of a call to the initializer of an implementation contract.
/// The initializer has the following ABI signature: `initialize(bytes)`.
#[derive(Clone, Encode, Decode, DecodeWithMemTracking, PartialEq, RuntimeDebug, TypeInfo)]
pub struct Initializer {
	/// ABI-encoded params of type `bytes` to pass to the initializer
	pub params: Vec<u8>,
	/// The initializer is allowed to consume this much gas at most.
	pub maximum_required_gas: u64,
}

/// A Sub-command executable within an agent
#[derive(Clone, Encode, Decode, RuntimeDebug, TypeInfo)]
#[cfg_attr(feature = "std", derive(PartialEq))]
pub enum AgentExecuteCommand {
	/// Transfer ERC20 tokens
	TransferToken {
		/// Address of the ERC20 token
		token: H160,
		/// The recipient of the tokens
		recipient: H160,
		/// The amount of tokens to transfer
		amount: u128,
	},
}

impl AgentExecuteCommand {
	fn index(&self) -> u8 {
		match self {
			AgentExecuteCommand::TransferToken { .. } => 0,
		}
	}

	/// ABI-encode the sub-command
	pub fn abi_encode(&self) -> Vec<u8> {
		match self {
			AgentExecuteCommand::TransferToken { token, recipient, amount } => ethabi::encode(&[
				Token::Uint(self.index().into()),
				Token::Bytes(ethabi::encode(&[
					Token::Address(*token),
					Token::Address(*recipient),
					Token::Uint(U256::from(*amount)),
				])),
			]),
		}
	}
}

/// Message which is awaiting processing in the MessageQueue pezpallet
#[derive(Clone, Encode, Decode, RuntimeDebug, TypeInfo)]
#[cfg_attr(feature = "std", derive(PartialEq))]
pub struct QueuedMessage {
	/// Message ID
	pub id: H256,
	/// Channel ID
	pub channel_id: ChannelId,
	/// Command to execute in the Gateway contract
	pub command: Command,
}

#[derive(Clone, Encode, Decode, RuntimeDebug, TypeInfo)]
#[cfg_attr(feature = "std", derive(PartialEq))]
/// Fee for delivering message
pub struct Fee<Balance>
where
	Balance: BaseArithmetic + Unsigned + Copy,
{
	/// Fee to cover cost of processing the message locally
	pub local: Balance,
	/// Fee to cover cost processing the message remotely
	pub remote: Balance,
}

impl<Balance> Fee<Balance>
where
	Balance: BaseArithmetic + Unsigned + Copy,
{
	pub fn total(&self) -> Balance {
		self.local.saturating_add(self.remote)
	}
}

impl<Balance> From<(Balance, Balance)> for Fee<Balance>
where
	Balance: BaseArithmetic + Unsigned + Copy,
{
	fn from((local, remote): (Balance, Balance)) -> Self {
		Self { local, remote }
	}
}

/// A trait for sending messages to Ethereum
pub trait SendMessage: SendMessageFeeProvider {
	type Ticket: Clone + Encode + Decode;

	/// Validate an outbound message and return a tuple:
	/// 1. Ticket for submitting the message
	/// 2. Delivery fee
	fn validate(
		message: &Message,
	) -> Result<(Self::Ticket, Fee<<Self as SendMessageFeeProvider>::Balance>), SendError>;

	/// Submit the message ticket for eventual delivery to Ethereum
	fn deliver(ticket: Self::Ticket) -> Result<H256, SendError>;
}

pub trait Ticket: Encode + Decode + Clone {
	fn message_id(&self) -> H256;
}

pub trait GasMeter {
	/// All the gas used for submitting a message to Ethereum, minus the cost of dispatching
	/// the command within the message
	const MAXIMUM_BASE_GAS: u64;

	/// Total gas consumed at most, including verification & dispatch
	fn maximum_gas_used_at_most(command: &Command) -> u64 {
		Self::MAXIMUM_BASE_GAS + Self::maximum_dispatch_gas_used_at_most(command)
	}

	/// Measures the maximum amount of gas a command payload will require to *dispatch*, NOT
	/// including validation & verification.
	fn maximum_dispatch_gas_used_at_most(command: &Command) -> u64;
}

/// A meter that assigns a constant amount of gas for the execution of a command
///
/// The gas figures are extracted from this report:
/// > forge test --match-path test/Gateway.t.sol --gas-report
///
/// A healthy buffer is added on top of these figures to account for:
/// * The EIP-150 63/64 rule
/// * Future EVM upgrades that may increase gas cost
pub struct ConstantGasMeter;

impl GasMeter for ConstantGasMeter {
	// The base transaction cost, which includes:
	// 21_000 transaction cost, roughly worst case 64_000 for calldata, and 100_000
	// for message verification
	const MAXIMUM_BASE_GAS: u64 = 185_000;

	fn maximum_dispatch_gas_used_at_most(command: &Command) -> u64 {
		match command {
			Command::SetOperatingMode { .. } => 40_000,
			Command::AgentExecute { command, .. } => match command {
				// Execute IERC20.transferFrom
				//
				// Worst-case assumptions are important:
				// * No gas refund for clearing storage slot of source account in ERC20 contract
				// * Assume dest account in ERC20 contract does not yet have a storage slot
				// * ERC20.transferFrom possibly does other business logic besides updating balances
				AgentExecuteCommand::TransferToken { .. } => 200_000,
			},
			Command::Upgrade { initializer, .. } => {
				let initializer_max_gas = match *initializer {
					Some(Initializer { maximum_required_gas, .. }) => maximum_required_gas,
					None => 0,
				};
				// total maximum gas must also include the gas used for updating the proxy before
				// the the initializer is called.
				50_000 + initializer_max_gas
			},
			Command::SetTokenTransferFees { .. } => 60_000,
			Command::SetPricingParameters { .. } => 60_000,
			Command::UnlockNativeToken { .. } => 200_000,
			Command::RegisterForeignToken { .. } => 1_200_000,
			Command::MintForeignToken { .. } => 100_000,
		}
	}
}

impl GasMeter for () {
	const MAXIMUM_BASE_GAS: u64 = 1;

	fn maximum_dispatch_gas_used_at_most(_: &Command) -> u64 {
		1
	}
}

pub const ETHER_DECIMALS: u8 = 18;