staking: enforce funds collected from allowed asset holder

In a previous state channel implementation the AssetHolder was a multisig created for the purpose of funding each channel, as the multisig address was determined by the indexer-gateway relationship it needed to be passed in the allocate call and we needed to keep track of it in each allocation.

In the newer implementation the AssetHolder will be shared (using ledger channels) across multiple channels, collateral is sent to the AssetHolder to keep an open tab to play multiple games, when a game finishes the adjudicator contract will end up unlocking funds from the AssetHolder and transferring it to the Staking contract according to the game played. The game played will carry the information about the destination address for collected funds, this is our allocationID.

Implements:

- Remove assetHolder parameter from all allocate() calls
- Remove assetHolder state variable from Allocation
- Add a function to set a new AssetHolder address as allowed
- Verify in collect() function that the caller is any of the allowed AssetHolders

Author: abarmat

cli/commands/contracts/staking.ts

@@ -34,7 +34,6 @@ export const allocate = async (cli: CLIEnvironment, cliArgs: CLIArgs): Promise<v
   const subgraphDeploymentID = cliArgs.subgraphDeploymentID
   const amount = parseGRT(cliArgs.amount)
   const allocationID = cliArgs.allocationID
-  const assetHolder = cliArgs.assetHolder
   const metadata = cliArgs.metadata
   const staking = cli.contracts.Staking
 
@@ -43,7 +42,7 @@ export const allocate = async (cli: CLIEnvironment, cliArgs: CLIArgs): Promise<v
     cli.wallet,
     staking,
     'allocate',
-    ...[subgraphDeploymentID, amount, allocationID, assetHolder, metadata],
+    ...[subgraphDeploymentID, amount, allocationID, metadata],
   )
 }
 
@@ -197,12 +196,6 @@ export const stakingCommand = {
               requiresArg: true,
               demandOption: true,
             })
-            .option('assetHolder', {
-              description: 'Address of the contract that hold channel funds',
-              type: 'string',
-              requiresArg: true,
-              demandOption: true,
-            })
             .option('metadata', {
               description: 'IPFS hash of the metadata for the allocation',
               type: 'string',

contracts/staking/IStaking.sol

@@ -27,7 +27,6 @@ interface IStaking {
         uint256 closedAtEpoch; // Epoch when it was closed
         uint256 collectedFees; // Collected fees for the allocation
         uint256 effectiveAllocation; // Effective allocation when closed
-        address assetHolder; // Authorized caller address of the collect() function
         uint256 accRewardsPerAllocatedToken; // Snapshot used for reward calc
     }
 
@@ -83,6 +82,8 @@ interface IStaking {
 
     function setSlasher(address _slasher, bool _allowed) external;
 
+    function setAssetHolder(address _assetHolder, bool _allowed) external;
+
     // -- Operation --
 
     function setOperator(address _operator, bool _allowed) external;
@@ -118,7 +119,6 @@ interface IStaking {
         bytes32 _subgraphDeploymentID,
         uint256 _tokens,
         address _allocationID,
-        address _assetHolder,
         bytes32 _metadata
     ) external;
 
@@ -127,7 +127,6 @@ interface IStaking {
         bytes32 _subgraphDeploymentID,
         uint256 _tokens,
         address _allocationID,
-        address _assetHolder,
         bytes32 _metadata
     ) external;
 
@@ -140,7 +139,6 @@ interface IStaking {
         bytes32 _subgraphDeploymentID,
         uint256 _tokens,
         address _allocationID,
-        address _assetHolder,
         bytes32 _metadata
     ) external;
 

contracts/staking/Staking.sol

@@ -101,8 +101,7 @@ contract Staking is StakingV1Storage, GraphUpgradeable, IStaking {
         uint256 epoch,
         uint256 tokens,
         address allocationID,
-        bytes32 metadata,
-        address assetHolder
+        bytes32 metadata
     );
 
     /**
@@ -156,9 +155,15 @@ contract Staking is StakingV1Storage, GraphUpgradeable, IStaking {
     );
 
     /**
-     * @dev Emitted when `caller` set `slasher` address as `enabled` to slash stakes.
+     * @dev Emitted when `caller` set `slasher` address as `allowed` to slash stakes.
      */
-    event SlasherUpdate(address indexed caller, address indexed slasher, bool enabled);
+    event SlasherUpdate(address indexed caller, address indexed slasher, bool allowed);
+
+    /**
+     * @dev Emitted when `caller` set `assetHolder` address as `allowed` to send funds
+     * to staking contract.
+     */
+    event AssetHolderUpdate(address indexed caller, address indexed assetHolder, bool allowed);
 
     /**
      * @dev Emitted when `indexer` set `operator` access.
@@ -363,10 +368,22 @@ contract Staking is StakingV1Storage, GraphUpgradeable, IStaking {
      * @param _allowed True if slasher is allowed
      */
     function setSlasher(address _slasher, bool _allowed) external override onlyGovernor {
+        require(_slasher != address(0), "!slasher");
         slashers[_slasher] = _allowed;
         emit SlasherUpdate(msg.sender, _slasher, _allowed);
     }
 
+    /**
+     * @dev Set an address as allowed asset holder.
+     * @param _assetHolder Address of allowed source for state channel funds
+     * @param _allowed True if asset holder is allowed
+     */
+    function setAssetHolder(address _assetHolder, bool _allowed) external override onlyGovernor {
+        require(_assetHolder != address(0), "!assetHolder");
+        assetHolders[_assetHolder] = _allowed;
+        emit AssetHolderUpdate(msg.sender, _assetHolder, _allowed);
+    }
+
     /**
      * @dev Get the GRT token used by the contract.
      * @return GRT token contract address
@@ -680,24 +697,15 @@ contract Staking is StakingV1Storage, GraphUpgradeable, IStaking {
      * @param _subgraphDeploymentID ID of the SubgraphDeployment where tokens will be allocated
      * @param _tokens Amount of tokens to allocate
      * @param _allocationID The allocation identifier
-     * @param _assetHolder Authorized sender address of collected funds
      * @param _metadata IPFS hash for additional information about the allocation
      */
     function allocate(
         bytes32 _subgraphDeploymentID,
         uint256 _tokens,
         address _allocationID,
-        address _assetHolder,
         bytes32 _metadata
     ) external override notPaused {
-        _allocate(
-            msg.sender,
-            _subgraphDeploymentID,
-            _tokens,
-            _allocationID,
-            _assetHolder,
-            _metadata
-        );
+        _allocate(msg.sender, _subgraphDeploymentID, _tokens, _allocationID, _metadata);
     }
 
     /**
@@ -706,18 +714,16 @@ contract Staking is StakingV1Storage, GraphUpgradeable, IStaking {
      * @param _subgraphDeploymentID ID of the SubgraphDeployment where tokens will be allocated
      * @param _tokens Amount of tokens to allocate
      * @param _allocationID The allocation identifier
-     * @param _assetHolder Authorized sender address of collected funds
      * @param _metadata IPFS hash for additional information about the allocation
      */
     function allocateFrom(
         address _indexer,
         bytes32 _subgraphDeploymentID,
         uint256 _tokens,
         address _allocationID,
-        address _assetHolder,
         bytes32 _metadata
     ) external override notPaused {
-        _allocate(_indexer, _subgraphDeploymentID, _tokens, _allocationID, _assetHolder, _metadata);
+        _allocate(_indexer, _subgraphDeploymentID, _tokens, _allocationID, _metadata);
     }
 
     /**
@@ -741,7 +747,6 @@ contract Staking is StakingV1Storage, GraphUpgradeable, IStaking {
      * @param _subgraphDeploymentID ID of the SubgraphDeployment where tokens will be allocated
      * @param _tokens Amount of tokens to allocate
      * @param _allocationID The allocation identifier
-     * @param _assetHolder Authorized sender address of collected funds
      * @param _metadata IPFS hash for additional information about the allocation
      */
     function closeAndAllocate(
@@ -751,11 +756,10 @@ contract Staking is StakingV1Storage, GraphUpgradeable, IStaking {
         bytes32 _subgraphDeploymentID,
         uint256 _tokens,
         address _allocationID,
-        address _assetHolder,
         bytes32 _metadata
     ) external override notPaused {
         _closeAllocation(_closingAllocationID, _poi);
-        _allocate(_indexer, _subgraphDeploymentID, _tokens, _allocationID, _assetHolder, _metadata);
+        _allocate(_indexer, _subgraphDeploymentID, _tokens, _allocationID, _metadata);
     }
 
     /**
@@ -767,13 +771,8 @@ contract Staking is StakingV1Storage, GraphUpgradeable, IStaking {
         // Allocation identifier validation
         require(_allocationID != address(0), "Invalid allocation");
 
-        // NOTE: commented out for easier test of state-channel integrations
-        // NOTE: this validation might be removed in the future if no harm to the
-        // NOTE: economic incentive structure is done by an external caller use
-        // NOTE: of this function
-        // The contract caller must be an asset holder registered during allocate()
-        // Allocation memory alloc = allocations[_allocationID];
-        // require(alloc.assetHolder == msg.sender, "caller is not authorized");
+        // The contract caller must be an authorized asset holder
+        require(assetHolders[msg.sender] == true, "!assetHolder");
 
         // Transfer tokens to collect from the authorized sender
         require(graphToken().transferFrom(msg.sender, address(this), _tokens), "!transfer");
@@ -816,7 +815,6 @@ contract Staking is StakingV1Storage, GraphUpgradeable, IStaking {
         alloc.closedAtEpoch = 0;
         alloc.collectedFees = 0;
         alloc.effectiveAllocation = 0;
-        alloc.assetHolder = address(0); // This avoid collect() to be called
 
         // -- Effects --
 
@@ -877,15 +875,13 @@ contract Staking is StakingV1Storage, GraphUpgradeable, IStaking {
      * @param _subgraphDeploymentID ID of the SubgraphDeployment where tokens will be allocated
      * @param _tokens Amount of tokens to allocate
      * @param _allocationID The allocationID will work to identify collected funds related to this allocation
-     * @param _assetHolder Authorized sender address of collected funds
      * @param _metadata Metadata related to the allocation
      */
     function _allocate(
         address _indexer,
         bytes32 _subgraphDeploymentID,
         uint256 _tokens,
         address _allocationID,
-        address _assetHolder,
         bytes32 _metadata
     ) internal {
         require(_onlyAuth(_indexer), "!auth");
@@ -918,7 +914,6 @@ contract Staking is StakingV1Storage, GraphUpgradeable, IStaking {
             0, // closedAtEpoch
             0, // Initialize collected fees
             0, // Initialize effective allocation
-            _assetHolder, // Source address for allocation collected funds
             _updateRewards(_subgraphDeploymentID) // Initialize accumulated rewards per stake allocated
         );
         allocations[_allocationID] = alloc;
@@ -938,8 +933,7 @@ contract Staking is StakingV1Storage, GraphUpgradeable, IStaking {
             alloc.createdAtEpoch,
             alloc.tokens,
             _allocationID,
-            _metadata,
-            _assetHolder
+            _metadata
         );
     }
 

contracts/staking/StakingStorage.sol

@@ -67,4 +67,9 @@ contract StakingV1Storage is Managed {
 
     // Operator auth : indexer => operator
     mapping(address => mapping(address => bool)) public operatorAuth;
+
+    // -- Asset Holders --
+
+    // Allowed AssetHolders: assetHolder => is allowed
+    mapping(address => bool) public assetHolders;
 }

test/disputes/poi.test.ts

@@ -20,13 +20,11 @@ import {
 const { keccak256 } = utils
 
 describe('DisputeManager:POI', async () => {
-  let me: Account
   let other: Account
   let governor: Account
   let arbitrator: Account
   let indexer: Account
   let fisherman: Account
-  let indexer2: Account
   let assetHolder: Account
 
   let fixture: NetworkFixture
@@ -67,27 +65,12 @@ describe('DisputeManager:POI', async () => {
       await staking.connect(indexerWallet.signer).stake(indexerTokens)
       await staking
         .connect(indexerWallet.signer)
-        .allocate(
-          subgraphDeploymentID,
-          indexerAllocatedTokens,
-          indexerAllocationID,
-          assetHolder.address,
-          metadata,
-        )
+        .allocate(subgraphDeploymentID, indexerAllocatedTokens, indexerAllocationID, metadata)
     }
   }
 
   before(async function () {
-    ;[
-      me,
-      other,
-      governor,
-      arbitrator,
-      indexer,
-      fisherman,
-      indexer2,
-      assetHolder,
-    ] = await getAccounts()
+    ;[other, governor, arbitrator, indexer, fisherman, assetHolder] = await getAccounts()
 
     fixture = new NetworkFixture()
     ;({ disputeManager, epochManager, grt, staking } = await fixture.load(
@@ -99,6 +82,9 @@ describe('DisputeManager:POI', async () => {
     // Give some funds to the fisherman
     await grt.connect(governor.signer).mint(fisherman.address, fishermanTokens)
     await grt.connect(fisherman.signer).approve(disputeManager.address, fishermanTokens)
+
+    // Allow the asset holder
+    await staking.connect(governor.signer).setAssetHolder(assetHolder.address, true)
   })
 
   beforeEach(async function () {
@@ -141,13 +127,7 @@ describe('DisputeManager:POI', async () => {
       await staking.connect(indexer.signer).stake(indexerTokens)
       const tx1 = await staking
         .connect(indexer.signer)
-        .allocate(
-          subgraphDeploymentID,
-          indexerAllocatedTokens,
-          allocationID,
-          assetHolder.address,
-          metadata,
-        )
+        .allocate(subgraphDeploymentID, indexerAllocatedTokens, allocationID, metadata)
       const receipt1 = await tx1.wait()
       const event1 = staking.interface.parseLog(receipt1.logs[0]).args
       await advanceToNextEpoch(epochManager) // wait the required one epoch to close allocation

test/disputes/query.test.ts

@@ -133,7 +133,6 @@ describe('DisputeManager:Query', async () => {
           dispute.receipt.subgraphDeploymentID,
           indexerAllocatedTokens,
           indexerAllocationID,
-          assetHolder.address,
           metadata,
         )
     }
@@ -162,6 +161,9 @@ describe('DisputeManager:Query', async () => {
     await grt.connect(governor.signer).mint(fisherman.address, fishermanTokens)
     await grt.connect(fisherman.signer).approve(disputeManager.address, fishermanTokens)
 
+    // Allow the asset holder
+    await staking.connect(governor.signer).setAssetHolder(assetHolder.address, true)
+
     // Create an attestation
     const attestation = await buildAttestation(receipt, indexer1ChannelKey.privKey)
 
@@ -217,7 +219,6 @@ describe('DisputeManager:Query', async () => {
           dispute.receipt.subgraphDeploymentID,
           indexerAllocatedTokens,
           indexer1ChannelKey.address,
-          assetHolder.address,
           metadata,
         )
       const receipt1 = await tx1.wait()