token: erc20 permit (#213)

* token: add permit function to allow for meta-transactions

Author: abarmat

contracts/GraphToken.sol

@@ -11,9 +11,24 @@ import "@openzeppelin/contracts/token/ERC20/ERC20Burnable.sol";
  * @dev This is the implementation of the ERC20 Graph Token.
  */
 contract GraphToken is Governed, ERC20, ERC20Burnable {
+    // -- EIP712 --
+    // https://github.com/ethereum/EIPs/blob/master/EIPS/eip-712.md#definition-of-domainseparator
+
+    bytes32 private constant DOMAIN_TYPE_HASH = keccak256(
+        "EIP712Domain(string name,string version,uint256 chainId,address verifyingContract,bytes32 salt)"
+    );
+    bytes32 private constant DOMAIN_NAME_HASH = keccak256("Graph Token");
+    bytes32 private constant DOMAIN_VERSION_HASH = keccak256("0");
+    bytes32 private constant DOMAIN_SALT = 0x51f3d585afe6dfeb2af01bba0889a36c1db03beec88c6a4d0c53817069026afa; // Randomly generated salt
+    bytes32 private constant PERMIT_TYPEHASH = keccak256(
+        "Permit(address owner,address spender,uint256 nonce,uint256 expiry,bool allowed)"
+    );
+
     // -- State --
 
+    bytes32 private DOMAIN_SEPARATOR;
     mapping(address => bool) private _minters;
+    mapping(address => uint256) public nonces;
 
     // -- Events --
 
@@ -26,7 +41,7 @@ contract GraphToken is Governed, ERC20, ERC20Burnable {
     }
 
     /**
-     * @dev Graph Token Contract Constructor
+     * @dev Graph Token Contract Constructor.
      * @param _governor Owner address of this contract
      * @param _initialSupply Initial supply of GRT
      */
@@ -37,35 +52,86 @@ contract GraphToken is Governed, ERC20, ERC20Burnable {
     {
         // The Governor has the initial supply of tokens
         _mint(_governor, _initialSupply);
+
         // The Governor is the default minter
         _addMinter(_governor);
+
+        // EIP-712 domain separator
+        DOMAIN_SEPARATOR = keccak256(
+            abi.encode(
+                DOMAIN_TYPE_HASH,
+                DOMAIN_NAME_HASH,
+                DOMAIN_VERSION_HASH,
+                _getChainID(),
+                address(this),
+                DOMAIN_SALT
+            )
+        );
+    }
+
+    /**
+     * @dev Approve token allowance by validating a message signed by the holder.
+     * This function will approve MAX_UINT256 tokens to be spent.
+     * @param _owner Address of the token holder
+     * @param _spender Address of the approved spender
+     * @param _nonce Sequence number to avoid permit reuse
+     * @param _expiry Expiration time of the signed permit
+     * @param _allowed Whether to approve or dissaprove the spender
+     * @param _v Signature version
+     * @param _r Signature r value
+     * @param _s Signature s value
+     */
+    function permit(
+        address _owner,
+        address _spender,
+        uint256 _nonce,
+        uint256 _expiry,
+        bool _allowed,
+        uint8 _v,
+        bytes32 _r,
+        bytes32 _s
+    ) external {
+        bytes32 digest = keccak256(
+            abi.encodePacked(
+                "\x19\x01",
+                DOMAIN_SEPARATOR,
+                keccak256(abi.encode(PERMIT_TYPEHASH, _owner, _spender, _nonce, _expiry, _allowed))
+            )
+        );
+
+        require(_owner == ecrecover(digest, _v, _r, _s), "GRT: invalid permit");
+        require(_expiry == 0 || block.timestamp <= _expiry, "GRT: permit expired");
+        require(_nonce == nonces[_owner]++, "GRT: invalid nonce");
+
+        uint256 allowance = _allowed ? uint256(-1) : 0;
+        _approve(_owner, _spender, allowance);
     }
 
     /**
-     * @dev Add a new minter
+     * @dev Add a new minter.
      * @param _account Address of the minter
      */
     function addMinter(address _account) external onlyGovernor {
         _addMinter(_account);
     }
 
     /**
-     * @dev Remove a minter
+     * @dev Remove a minter.
      * @param _account Address of the minter
      */
     function removeMinter(address _account) external onlyGovernor {
         _removeMinter(_account);
     }
 
     /**
-     * @dev Renounce to be a minter
+     * @dev Renounce to be a minter.
      */
     function renounceMinter() external {
         _removeMinter(msg.sender);
     }
 
     /**
-     * @dev Mint new tokens
+     * @dev Mint new tokens.
      * @param _to Address to send the newly minted tokens
      * @param _amount Amount of tokens to mint
      */
@@ -74,7 +140,7 @@ contract GraphToken is Governed, ERC20, ERC20Burnable {
     }
 
     /**
-     * @dev Return if the `_account` is a minter or not
+     * @dev Return if the `_account` is a minter or not.
      * @param _account Address to check
      * @return True if the `_account` is minter
      */
@@ -83,7 +149,7 @@ contract GraphToken is Governed, ERC20, ERC20Burnable {
     }
 
     /**
-     * @dev Add a new minter
+     * @dev Add a new minter.
      * @param _account Address of the minter
      */
     function _addMinter(address _account) internal {
@@ -92,11 +158,23 @@ contract GraphToken is Governed, ERC20, ERC20Burnable {
     }
 
     /**
-     * @dev Remove a minter
+     * @dev Remove a minter.
      * @param _account Address of the minter
      */
     function _removeMinter(address _account) internal {
         _minters[_account] = false;
         emit MinterRemoved(_account);
     }
+
+    /**
+     * @dev Get the running network chain ID.
+     * @return The chain ID
+     */
+    function _getChainID() private pure returns (uint256) {
+        uint256 id;
+        assembly {
+            id := chainid()
+        }
+        return id;
+    }
 }

test/graphToken.test.ts

@@ -1,44 +1,192 @@
 import { expect } from 'chai'
 import { AddressZero } from 'ethers/constants'
+import { BigNumber, Arrayish, HDNode, SigningKey, keccak256, Signature } from 'ethers/utils'
+import { eip712 } from '@graphprotocol/common-ts/dist/attestations'
 
 import { GraphToken } from '../build/typechain/contracts/GraphToken'
 
 import * as deployment from './lib/deployment'
-import { provider, toGRT } from './lib/testHelpers'
+import { getChainID, provider, toBN, toGRT } from './lib/testHelpers'
+
+const MAX_UINT256 = toBN('2')
+  .pow('256')
+  .sub(1)
+
+const PERMIT_TYPE_HASH = eip712.typeHash(
+  'Permit(address owner,address spender,uint256 nonce,uint256 expiry,bool allowed)',
+)
+const SALT = '0x51f3d585afe6dfeb2af01bba0889a36c1db03beec88c6a4d0c53817069026afa'
+
+interface Permit {
+  owner: string
+  spender: string
+  nonce: BigNumber
+  expiry: BigNumber
+  allowed: boolean
+}
+
+function hashEncodePermit(permit: Permit) {
+  return eip712.hashStruct(
+    PERMIT_TYPE_HASH,
+    ['address', 'address', 'uint256', 'uint256', 'bool'],
+    [permit.owner, permit.spender, permit.nonce, permit.expiry, permit.allowed],
+  )
+}
+
+function signPermit(
+  signer: Arrayish | HDNode.HDNode,
+  chainId: number,
+  contractAddress: string,
+  permit: Permit,
+): Signature {
+  const domainSeparator = eip712.domainSeparator({
+    name: 'Graph Token',
+    version: '0',
+    chainId,
+    verifyingContract: contractAddress,
+    salt: SALT,
+  })
+  const hashEncodedPermit = hashEncodePermit(permit)
+  const message = eip712.encode(domainSeparator, hashEncodedPermit)
+  const messageHash = keccak256(message)
+  const signingKey = new SigningKey(signer)
+  return signingKey.signDigest(messageHash)
+}
 
 describe('GraphToken', () => {
-  const [me, governor] = provider().getWallets()
+  const [me, other, governor] = provider().getWallets()
 
   let grt: GraphToken
 
+  async function permitOK(): Promise<Permit> {
+    const nonce = await grt.nonces(me.address)
+    return {
+      owner: me.address,
+      spender: other.address,
+      nonce: nonce,
+      expiry: toBN('0'),
+      allowed: true,
+    }
+  }
+
+  async function permitExpired(): Promise<Permit> {
+    const permit = await permitOK()
+    permit.expiry = toBN('1')
+    return permit
+  }
+
+  async function permitDeny(): Promise<Permit> {
+    const permit = await permitOK()
+    permit.allowed = false
+    return permit
+  }
+
+  async function createPermitTransaction(permit: Permit, signer: string) {
+    const chainID = (await getChainID()) as number
+    const signature: Signature = signPermit(signer, chainID, grt.address, permit)
+
+    return grt.permit(
+      permit.owner,
+      permit.spender,
+      permit.nonce,
+      permit.expiry,
+      permit.allowed,
+      signature.v,
+      signature.r,
+      signature.s,
+    )
+  }
+
   beforeEach(async function() {
     // Deploy graph token
     grt = await deployment.deployGRT(governor.address, me)
+
+    // Mint some tokens
+    const tokens = toGRT('100')
+    await grt.connect(governor).mint(me.address, tokens)
+  })
+
+  describe('permit', function() {
+    it('should permit max token allowance', async function() {
+      // Allow to transfer tokens
+      const permit = await permitOK()
+      const tx = createPermitTransaction(permit, me.privateKey)
+      await expect(tx)
+        .to.emit(grt, 'Approval')
+        .withArgs(permit.owner, permit.spender, MAX_UINT256)
+
+      // Allowance updated
+      const allowance = await grt.allowance(me.address, other.address)
+      expect(allowance).to.be.eq(MAX_UINT256)
+
+      // Transfer tokens should work
+      const tokens = toGRT('100')
+      await grt.connect(other).transferFrom(me.address, other.address, tokens)
+    })
+
+    it('reject use two permits with same nonce', async function() {
+      // Allow to transfer tokens
+      const permit = await permitOK()
+      await createPermitTransaction(permit, me.privateKey)
+
+      // Try to re-use the permit
+      const tx = createPermitTransaction(permit, me.privateKey)
+      await expect(tx).to.revertedWith('GRT: invalid nonce')
+    })
+
+    it('reject use expired permit', async function() {
+      const permit = await permitExpired()
+      const tx = createPermitTransaction(permit, me.privateKey)
+      await expect(tx).to.revertedWith('GRT: permit expired')
+    })
+
+    it('reject permit if holder address does not match', async function() {
+      const permit = await permitOK()
+      const tx = createPermitTransaction(permit, other.privateKey)
+      await expect(tx).to.revertedWith('GRT: invalid permit')
+    })
+
+    it('should deny transfer from if permit was denied', async function() {
+      // Allow to transfer tokens
+      const permit1 = await permitOK()
+      await createPermitTransaction(permit1, me.privateKey)
+
+      // Deny transfer tokens
+      const permit2 = await permitDeny()
+      await createPermitTransaction(permit2, me.privateKey)
+
+      // Allowance updated
+      const allowance = await grt.allowance(me.address, other.address)
+      expect(allowance).to.be.eq(toBN('0'))
+
+      // Try to transfer without permit should fail
+      const tokens = toGRT('100')
+      const tx = grt.connect(other).transferFrom(me.address, other.address, tokens)
+      await expect(tx).to.revertedWith('ERC20: transfer amount exceeds allowance')
+    })
   })
 
   describe('mint', function() {
-    context('> when is not minter', function() {
-      describe('addMinter()', function() {
-        it('reject add a new minter if not allowed', async function() {
-          const tx = grt.connect(me).addMinter(me.address)
-          await expect(tx).to.be.revertedWith('Only Governor can call')
-        })
+    describe('addMinter()', function() {
+      it('reject add a new minter if not allowed', async function() {
+        const tx = grt.connect(me).addMinter(me.address)
+        await expect(tx).to.be.revertedWith('Only Governor can call')
+      })
 
-        it('should add a new minter', async function() {
-          expect(await grt.isMinter(me.address)).to.be.eq(false)
-          const tx = grt.connect(governor).addMinter(me.address)
-          await expect(tx)
-            .to.emit(grt, 'MinterAdded')
-            .withArgs(me.address)
-          expect(await grt.isMinter(me.address)).to.be.eq(true)
-        })
+      it('should add a new minter', async function() {
+        expect(await grt.isMinter(me.address)).to.be.eq(false)
+        const tx = grt.connect(governor).addMinter(me.address)
+        await expect(tx)
+          .to.emit(grt, 'MinterAdded')
+          .withArgs(me.address)
+        expect(await grt.isMinter(me.address)).to.be.eq(true)
       })
+    })
 
-      describe('mint()', async function() {
-        it('reject mint if not minter', async function() {
-          const tx = grt.connect(me).mint(me.address, toGRT('100'))
-          await expect(tx).to.be.revertedWith('Only minter can call')
-        })
+    describe('mint()', async function() {
+      it('reject mint if not minter', async function() {
+        const tx = grt.connect(me).mint(me.address, toGRT('100'))
+        await expect(tx).to.be.revertedWith('Only minter can call')
       })
     })