implement Router.sol and associated functions (#92)

* start Router contract * use calldata for function args * var name changes * start testing router contract * test with and without abi.encode * cleanup * why tf isn't tests/utils working * cleanup tests * remove unused files * wip * fix router contract and tests, add set/update public keys funcs * impl some Froms * make execute non-reentrant * cleanup * update Router to use ReentrancyGuard * update contract to use errors, use bitfield in Executed event, minor other fixes * wip * fix build issues from merge, tests ok * Router.sol cleanup * cleanup, uncomment stuff * bump ethers.rs version to latest * make contract functions take generic middleware * update build script to assert no compiler errors * hardcode pubkey parity into contract, update tests * Polish coins/ethereum in various ways --------- Co-authored-by: Luke Parker <lukeparker5132@gmail.com>
2025-12-09 12:49:23 +00:00 · 2024-03-24 09:00:54 -04:00
parent 3d855c75be
commit 63521f6a96
20 changed files with 690 additions and 348 deletions
--- a/coins/ethereum/contracts/Router.sol
+++ b/coins/ethereum/contracts/Router.sol
@@ -0,0 +1,90 @@
+// SPDX-License-Identifier: AGPLv3
+pragma solidity ^0.8.0;
+
+import "./Schnorr.sol";
+
+contract Router is Schnorr {
+  // Contract initializer
+  // TODO: Replace with a MuSig of the genesis validators
+  address public initializer;
+
+  // Nonce is incremented for each batch of transactions executed
+  uint256 public nonce;
+
+  // fixed parity for the public keys used in this contract
+  uint8 constant public KEY_PARITY = 27;
+
+  // current public key's x-coordinate
+  // note: this key must always use the fixed parity defined above
+  bytes32 public seraiKey;
+
+  struct OutInstruction {
+    address to;
+    uint256 value;
+    bytes data;
+  }
+
+  struct Signature {
+    bytes32 c;
+    bytes32 s;
+  }
+
+  // success is a uint256 representing a bitfield of transaction successes
+  event Executed(uint256 nonce, bytes32 batch, uint256 success);
+
+  // error types
+  error NotInitializer();
+  error AlreadyInitialized();
+  error InvalidKey();
+  error TooManyTransactions();
+
+  constructor() {
+    initializer = msg.sender;
+  }
+
+  // initSeraiKey can be called by the contract initializer to set the first
+  // public key, only if the public key has yet to be set.
+  function initSeraiKey(bytes32 _seraiKey) external {
+    if (msg.sender != initializer) revert NotInitializer();
+    if (seraiKey != 0) revert AlreadyInitialized();
+    if (_seraiKey == bytes32(0)) revert InvalidKey();
+    seraiKey = _seraiKey;
+  }
+
+  // updateSeraiKey validates the given Schnorr signature against the current public key,
+  // and if successful, updates the contract's public key to the given one.
+  function updateSeraiKey(
+    bytes32 _seraiKey,
+    Signature memory sig
+  ) public {
+    if (_seraiKey == bytes32(0)) revert InvalidKey();
+    bytes32 message = keccak256(abi.encodePacked("updateSeraiKey", _seraiKey));
+    if (!verify(KEY_PARITY, seraiKey, message, sig.c, sig.s)) revert InvalidSignature();
+    seraiKey = _seraiKey;
+  }
+
+  // execute accepts a list of transactions to execute as well as a Schnorr signature.
+  // if signature verification passes, the given transactions are executed.
+  // if signature verification fails, this function will revert.
+  function execute(
+    OutInstruction[] calldata transactions,
+    Signature memory sig
+  ) public {
+    if (transactions.length > 256) revert TooManyTransactions();
+
+    bytes32 message = keccak256(abi.encode("execute", nonce, transactions));
+    // This prevents re-entrancy from causing double spends yet does allow
+    // out-of-order execution via re-entrancy
+    nonce++;
+    if (!verify(KEY_PARITY, seraiKey, message, sig.c, sig.s)) revert InvalidSignature();
+
+    uint256 successes;
+    for(uint256 i = 0; i < transactions.length; i++) {
+      (bool success, ) = transactions[i].to.call{value: transactions[i].value, gas: 200_000}(transactions[i].data);
+      assembly {
+        successes := or(successes, shl(i, success))
+      }
+    }
+    emit Executed(nonce, message, successes);
+  }
+}
--- a/coins/ethereum/contracts/Schnorr.sol
+++ b/coins/ethereum/contracts/Schnorr.sol
@@ -1,4 +1,4 @@
-//SPDX-License-Identifier: AGPLv3
+// SPDX-License-Identifier: AGPLv3
 pragma solidity ^0.8.0;

 // see https://github.com/noot/schnorr-verify for implementation details
@@ -7,29 +7,32 @@ contract Schnorr {
  uint256 constant public Q =
    0xFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFEBAAEDCE6AF48A03BBFD25E8CD0364141;

+  error InvalidSOrA();
+  error InvalidSignature();
+
  // parity := public key y-coord parity (27 or 28)
  // px := public key x-coord
-  // message := 32-byte message
+  // message := 32-byte hash of the message
+  // c := schnorr signature challenge
  // s := schnorr signature
-  // e := schnorr signature challenge
  function verify(
    uint8 parity,
    bytes32 px,
    bytes32 message,
-    bytes32 s,
-    bytes32 e
+    bytes32 c,
+    bytes32 s
  ) public view returns (bool) {
    // ecrecover = (m, v, r, s);
-    bytes32 sp = bytes32(Q - mulmod(uint256(s), uint256(px), Q));
-    bytes32 ep = bytes32(Q - mulmod(uint256(e), uint256(px), Q));
+    bytes32 sa = bytes32(Q - mulmod(uint256(s), uint256(px), Q));
+    bytes32 ca = bytes32(Q - mulmod(uint256(c), uint256(px), Q));

-    require(sp != 0);
+    if (sa == 0) revert InvalidSOrA();
    // the ecrecover precompile implementation checks that the `r` and `s`
-    // inputs are non-zero (in this case, `px` and `ep`), thus we don't need to
-    // check if they're zero.will make me 
-    address R = ecrecover(sp, parity, px, ep);
-    require(R != address(0), "ecrecover failed");
-    return e == keccak256(
+    // inputs are non-zero (in this case, `px` and `ca`), thus we don't need to
+    // check if they're zero.
+    address R = ecrecover(sa, parity, px, ca);
+    if (R == address(0)) revert InvalidSignature();
+    return c == keccak256(
      abi.encodePacked(R, uint8(parity), px, block.chainid, message)
    );
  }