[protocol 3.6] Alternative fast withdrawal implementation (#1715)

* [protocol 3.6] Alternative fast withdrawal implementation

* [protocol 3.6] Feedback

* fix warning and rename file

* fix warning and rename file

* fix warning and rename file

* more

* more

* more

* more

* more

Co-authored-by: wangdong <[email protected]>
Co-authored-by: Daniel Wang <[email protected]>

Author: 3 people

packages/loopring_v3/circuit/Circuits/TransferCircuit.h

@@ -179,12 +179,7 @@ class TransferCircuit : public BaseTransactionCircuit
             validUntil.packed,
             NUM_BITS_TIMESTAMP,
             FMT(prefix, ".requireValidUntil")),
-          requireValidFee(
-            pb,
-            fee.packed,
-            maxFee.packed,
-            NUM_BITS_AMOUNT,
-            FMT(prefix, ".requireValidFee")),
+          requireValidFee(pb, fee.packed, maxFee.packed, NUM_BITS_AMOUNT, FMT(prefix, ".requireValidFee")),
           requireZeroWeightB(
             pb,
             isTransferTx.result(),

packages/loopring_v3/contracts/aux/agents/FastWithdrawalAgent.sol

@@ -11,24 +11,18 @@ import "../../lib/MathUint.sol";
 import "../../lib/ReentrancyGuard.sol";
 import "../../lib/SignatureUtil.sol";
 
-
-/// @title Fast withdrawal agent implementation. The fast withdrawal request reduces to
-///        a normal onchain withdrawal request after a specified time limit has exceeded.
+/// @title Fast withdrawal agent implementation. With the help of liquidity providers (LPs),
+///        exchange operators can convert any normal withdrawals into fast withdrawals.
 ///
 ///        Fast withdrawals are a way for the owner to provide instant withdrawals for
 ///        users with the help of a liquidity provider and conditional transfers.
 ///
 ///        A fast withdrawal requires the non-trustless cooperation of 2 parties:
 ///        - A liquidity provider which provides funds to users immediately onchain
 ///        - The operator which will make sure the user has sufficient funds offchain
-///          so that the liquidity provider can be paid back offchain using a conditional transfer.
-///          The operator also needs to process those conditional transfers so that the
-///          liquidity provider receives its funds back in its own account where it
-///          again has full custody over it.
-///
-///        However, there is a special case when the fast withdrawal reduces to a standard
-///        withdrawal and the fee is paid onchain. In this case the withdrawal can be
-///        done completely trustless, no cooperation with the owner is needed.
+///          so that the liquidity provider can be paid back.
+///          The operator also needs to process those withdrawals so that the
+///          liquidity provider receives its funds back.
 ///
 ///        We require the fast withdrawals to be executed by the liquidity provider (as msg.sender)
 ///        so that the liquidity provider can impose its own rules on how its funds are spent. This will
@@ -44,49 +38,44 @@ import "../../lib/SignatureUtil.sol";
 ///        authorize this contract as their agent.
 ///
 /// @author Brecht Devos - <[email protected]>
+/// @author Kongliang Zhong - <[email protected]>
+/// @author Daniel Wang - <[email protected]>
 contract FastWithdrawalAgent is ReentrancyGuard
 {
     using AddressUtil       for address;
     using AddressUtil       for address payable;
     using ERC20SafeTransfer for address;
     using MathUint          for uint;
-    using SignatureUtil     for bytes32;
 
-    struct FastWithdrawal
+    event Processed(
+        address exchange,
+        address from,
+        address to,
+        address token,
+        uint96  amount,
+        address provider,
+        bool    success
+    );
+
+    struct Withdrawal
     {
         address exchange;
         address from;                   // The owner of the account
-        address to;                     // The address that will receive the tokens withdrawn
+        address to;                     // The `to` address of the withdrawal
         address token;
         uint96  amount;
-        address feeToken;
-        uint96  fee;
-        uint32  nonce;
-        uint32  validUntil;
-
-        bytes   signature;
-    }
-
-    // EIP712
-    bytes32 constant public FASTWITHDRAWAL_TYPEHASH = keccak256(
-        "FastWithdrawal(address exchange,address from,address to,address token,uint96 amount,address feeToken,uint96 fee,uint32 nonce,uint32 validUntil)"
-    );
-    bytes32 public DOMAIN_SEPARATOR;
-
-    constructor()
-    {
-        DOMAIN_SEPARATOR = EIP712.hash(EIP712.Domain("FastWithdrawalAgent", "1.0", address(this)));
+        uint32  storageID;
     }
 
     // This method needs to be called by any liquidity provider
-    function executeFastWithdrawals(FastWithdrawal[] memory fastWithdrawals)
+    function executeFastWithdrawals(Withdrawal[] calldata withdrawals)
         public
         nonReentrant
         payable
     {
         // Do all fast withdrawals
-        for (uint i = 0; i < fastWithdrawals.length; i++) {
-            executeFastWithdrawal(fastWithdrawals[i]);
+        for (uint i = 0; i < withdrawals.length; i++) {
+            executeInternal(withdrawals[i]);
         }
         // Return any ETH left into this contract
         // (can happen when more ETH is sent than needed for the fast withdrawals)
@@ -95,68 +84,51 @@ contract FastWithdrawalAgent is ReentrancyGuard
 
     // -- Internal --
 
-    function executeFastWithdrawal(FastWithdrawal memory fastWithdrawal)
+    function executeInternal(Withdrawal calldata withdrawal)
         internal
     {
+        require(
+            withdrawal.exchange != address(0) &&
+            withdrawal.from != address(0) &&
+            withdrawal.to != address(0) &&
+            withdrawal.amount != 0,
+            "INVALID_WITHDRAWAL"
+        );
+
         // The liquidity provider always authorizes the fast withdrawal by being the direct caller
         address payable liquidityProvider = msg.sender;
 
-        if (fastWithdrawal.signature.length > 0) {
-            // Compute the hash
-            bytes32 hash = EIP712.hashPacked(
-                DOMAIN_SEPARATOR,
-                keccak256(
-                    abi.encodePacked(
-                        FASTWITHDRAWAL_TYPEHASH,
-                        fastWithdrawal.exchange,
-                        fastWithdrawal.from,
-                        fastWithdrawal.to,
-                        fastWithdrawal.token,
-                        fastWithdrawal.amount,
-                        fastWithdrawal.feeToken,
-                        fastWithdrawal.fee,
-                        fastWithdrawal.nonce,
-                        fastWithdrawal.validUntil
-                    )
-                )
-            );
-
-            // Check the signature
-            require(hash.verifySignature(fastWithdrawal.from, fastWithdrawal.signature), "INVALID_SIGNATURE");
-
-            // Check the time limit
-            require(block.timestamp <= fastWithdrawal.validUntil, "TX_EXPIRED");
-
-            // Approve the offchain transfer from the account that's withdrawing back to the liquidity provider
-            IExchangeV3(fastWithdrawal.exchange).approveOffchainTransfer(
-                fastWithdrawal.from,
+        bool success;
+        // Override the destination address of a withdrawal to the address of the liquidity provider
+        try IExchangeV3(withdrawal.exchange).setWithdrawalRecipient(
+            withdrawal.from,
+            withdrawal.to,
+            withdrawal.token,
+            withdrawal.amount,
+            withdrawal.storageID,
+            liquidityProvider
+        ) {
+            // Transfer the tokens immediately to the requested address
+            // using funds from the liquidity provider (`msg.sender`).
+            transfer(
                 liquidityProvider,
-                fastWithdrawal.token,
-                fastWithdrawal.amount,
-                fastWithdrawal.feeToken,
-                fastWithdrawal.fee,
-                fastWithdrawal.validUntil,
-                fastWithdrawal.nonce
-            );
-        } else {
-            // Override the destination address of a withdrawal to the address of the liquidity provider
-            IExchangeV3(fastWithdrawal.exchange).setWithdrawalRecipient(
-                fastWithdrawal.from,
-                fastWithdrawal.to,
-                fastWithdrawal.token,
-                fastWithdrawal.amount,
-                fastWithdrawal.nonce,
-                liquidityProvider
+                withdrawal.to,
+                withdrawal.token,
+                withdrawal.amount
             );
+            success = true;
+        } catch {
+            success = false;
         }
 
-        // Transfer the tokens immediately to the requested address
-        // using funds from the liquidity provider (`msg.sender`).
-        transfer(
+        emit Processed(
+            withdrawal.exchange,
+            withdrawal.from,
+            withdrawal.to,
+            withdrawal.token,
+            withdrawal.amount,
             liquidityProvider,
-            fastWithdrawal.to,
-            fastWithdrawal.token,
-            fastWithdrawal.amount
+            success
         );
     }
 

packages/loopring_v3/contracts/aux/fast-withdrawal/FastWithdrawalLiquidityProvider.sol

@@ -0,0 +1,170 @@
+// SPDX-License-Identifier: Apache-2.0
+// Copyright 2017 Loopring Technology Limited.
+pragma solidity ^0.7.0;
+pragma experimental ABIEncoderV2;
+
+import "../agents/FastWithdrawalAgent.sol";
+import "../../lib/OwnerManagable.sol";
+import "../../lib/EIP712.sol";
+import "../../lib/ERC20.sol";
+import "../../lib/ERC20SafeTransfer.sol";
+import "../../lib/MathUint.sol";
+import "../../lib/ReentrancyGuard.sol";
+import "../../lib/SignatureUtil.sol";
+
+
+/// @title Basic contract storing funds for a liquidity provider.
+/// @author Brecht Devos - <[email protected]>
+contract FastWithdrawalLiquidityProvider is ReentrancyGuard, OwnerManagable
+{
+    using AddressUtil       for address;
+    using AddressUtil       for address payable;
+    using ERC20SafeTransfer for address;
+    using MathUint          for uint;
+    using SignatureUtil     for bytes32;
+
+    struct FastWithdrawalApproval
+    {
+        address exchange;
+        address from;
+        address to;
+        address token;
+        uint96  amount;
+        uint32  storageID;
+        uint64  validUntil; // most significant 32 bits as block height, least significant 32 bits as block time
+        address signer;
+        bytes   signature;  // signer's signature
+    }
+
+    bytes32 constant public FASTWITHDRAWAL_APPROVAL_TYPEHASH = keccak256(
+        "FastWithdrawalApproval(address exchange,address from,address to,address token,uint96 amount,uint32 storageID,uint64 validUntil)"
+    );
+
+    bytes32 public DOMAIN_SEPARATOR;
+
+    FastWithdrawalAgent public agent;
+
+    constructor(FastWithdrawalAgent _agent)
+    {
+        agent = _agent;
+        DOMAIN_SEPARATOR = EIP712.hash(EIP712.Domain("FastWithdrawalLiquidityProvider", "1.0", address(this)));
+    }
+
+    // Execute the fast withdrawals.
+    // Full approvals are posted onchain so they can be used by anyone to speed up the
+    // withdrawal by calling , but the approvals are not validated when done by the
+    // owner or one of the managers.
+    function execute(FastWithdrawalApproval[] calldata approvals)
+        external
+        nonReentrant
+    {
+        // Prepare the data and validate the approvals when necessary
+        FastWithdrawalAgent.Withdrawal[] memory withdrawals =
+            new FastWithdrawalAgent.Withdrawal[](approvals.length);
+
+        bool skipApprovalCheck = isManager(msg.sender);
+        for (uint i = 0; i < approvals.length; i++) {
+            require(skipApprovalCheck || isApprovalValid(approvals[i]), "PROHIBITED");
+            withdrawals[i] = translate(approvals[i]);
+        }
+
+        // Calculate how much ETH we need to send to the agent contract.
+        // We could also send the full ETH balance each time, but that'll need
+        // an additional transfer to send funds back, which may actually be more efficient.
+        uint value = 0;
+        for (uint i = 0; i < withdrawals.length; i++) {
+            if (withdrawals[i].token == address(0)) {
+                value = value.add(withdrawals[i].amount);
+            }
+        }
+        // Execute all the fast withdrawals
+        agent.executeFastWithdrawals{value: value}(withdrawals);
+    }
+
+    // Allows the LP to transfer funds back out of this contract.
+    function drain(
+        address to,
+        address token,
+        uint    amount
+        )
+        external
+        nonReentrant
+        onlyOwner
+    {
+        if (token == address(0)) {
+            to.sendETHAndVerify(amount, gasleft()); // ETH
+        } else {
+            token.safeTransferAndVerify(to, amount);  // ERC20 token
+        }
+    }
+
+    // Allows the LP to enable the necessary ERC20 approvals
+    function approve(
+        address token,
+        address spender,
+        uint    amount
+        )
+        external
+        nonReentrant
+        onlyOwner
+    {
+        require(ERC20(token).approve(spender, amount), "APPROVAL_FAILED");
+    }
+
+    function isApprovalValid(
+        FastWithdrawalApproval calldata approval
+        )
+        internal
+        view
+        returns (bool)
+    {
+        // Compute the hash
+        bytes32 hash = EIP712.hashPacked(
+            DOMAIN_SEPARATOR,
+            keccak256(
+                abi.encodePacked(
+                    FASTWITHDRAWAL_APPROVAL_TYPEHASH,
+                    approval.exchange,
+                    approval.from,
+                    approval.to,
+                    approval.token,
+                    approval.amount,
+                    approval.storageID,
+                    approval.validUntil
+                )
+            )
+        );
+
+        return hash.verifySignature(approval.signer, approval.signature) &&
+            checkValidUntil(approval.validUntil) &&
+            isManager(approval.signer);
+    }
+
+    receive() payable external {}
+
+    // -- Internal --
+
+    function checkValidUntil(uint64 validUntil)
+        internal
+        view
+        returns (bool)
+    {
+        return (validUntil & 0xFFFFFFFF) >= block.timestamp ||
+            (validUntil >> 32) >= block.number;
+    }
+
+    function translate(FastWithdrawalApproval calldata approval)
+        internal
+        pure
+        returns (FastWithdrawalAgent.Withdrawal memory)
+    {
+        return FastWithdrawalAgent.Withdrawal({
+            exchange: approval.exchange,
+            from: approval.from,
+            to: approval.to,
+            token: approval.token,
+            amount: approval.amount,
+            storageID: approval.storageID
+        });
+    }
+}

packages/loopring_v3/contracts/core/impl/DefaultDepositContract.sol

@@ -38,7 +38,7 @@ contract DefaultDepositContract is IDepositContract, Claimable
     modifier ifNotZero(uint amount)
     {
         if (amount == 0) return;
-        else { _; }
+        else  _;
     }
 
     event CheckBalance(