fix: validate dips pricing (#675)

* fix: validate dips pricing

* fix: expose dips price on config file

* fix(dips): allow specifying additional networks in config

* fix(dips): re-add the manifest network check

* fix: quotes in config key

* fix(dips): reject the agreement on certain error conditions

---------

Co-authored-by: Pablo Carranza Velez <[email protected]>

Author: mangas

Cargo.lock

@@ -4,7 +4,7 @@ members = [
     "crates/attestation",
     "crates/config",
     "crates/dips",
-    "crates/indexer-receipt", 
+    "crates/indexer-receipt",
     "crates/monitor",
     "crates/query",
     "crates/service",
@@ -82,6 +82,7 @@ tonic-build = "0.12.3"
 serde_yaml = "0.9.21"
 bon = "3.3"
 test-log = { version = "0.2.12", features = ["trace"] }
+graph-networks-registry = "0.6.1"
 
 [patch.crates-io.tap_core]
 git = "https://github.com/semiotic-ai/timeline-aggregation-protocol"

Cargo.toml

@@ -159,3 +159,12 @@ max_receipts_per_request = 10000
 host = "0.0.0.0"
 port = "7601"
 allowed_payers = ["0x3333333333333333333333333333333333333333"]
+
+price_per_entity = "1000"
+
+[dips.price_per_epoch]
+mainnet = "100"
+hardhat = "100"
+
+[dips.additional_networks]
+"eip155:1337" = "hardhat"

crates/config/maximal-config-example.toml

@@ -63,4 +63,3 @@ receipts_verifier_address = "0x2222222222222222222222222222222222222222"
 # Key-Value of all senders and their aggregator endpoints
 0xdeadbeefcafebabedeadbeefcafebabedeadbeef = "https://example.com/aggregate-receipts"
 0x0123456789abcdef0123456789abcdef01234567 = "https://other.example.com/aggregate-receipts"
-

crates/config/minimal-config-example.toml

@@ -2,7 +2,7 @@
 // SPDX-License-Identifier: Apache-2.0
 
 use std::{
-    collections::{HashMap, HashSet},
+    collections::{BTreeMap, HashMap, HashSet},
     env,
     net::{Ipv4Addr, SocketAddr, SocketAddrV4},
     path::PathBuf,
@@ -20,7 +20,10 @@ use regex::Regex;
 use serde::Deserialize;
 use serde_repr::Deserialize_repr;
 use serde_with::{serde_as, DurationSecondsWithFrac};
-use thegraph_core::{alloy::primitives::Address, DeploymentId};
+use thegraph_core::{
+    alloy::primitives::{Address, U256},
+    DeploymentId,
+};
 use url::Url;
 
 use crate::NonZeroGRT;
@@ -396,6 +399,10 @@ pub struct DipsConfig {
     pub host: String,
     pub port: String,
     pub allowed_payers: Vec<Address>,
+
+    pub price_per_entity: U256,
+    pub price_per_epoch: BTreeMap<String, U256>,
+    pub additional_networks: HashMap<String, String>,
 }
 
 impl Default for DipsConfig {
@@ -404,6 +411,9 @@ impl Default for DipsConfig {
             host: "0.0.0.0".to_string(),
             port: "7601".to_string(),
             allowed_payers: vec![],
+            price_per_entity: U256::from(100),
+            price_per_epoch: BTreeMap::new(),
+            additional_networks: HashMap::new(),
         }
     }
 }
@@ -437,11 +447,16 @@ pub struct RavRequestConfig {
 
 #[cfg(test)]
 mod tests {
-    use std::{collections::HashSet, env, fs, path::PathBuf, str::FromStr};
+    use std::{
+        collections::{BTreeMap, HashMap, HashSet},
+        env, fs,
+        path::PathBuf,
+        str::FromStr,
+    };
 
     use figment::value::Uncased;
     use sealed_test::prelude::*;
-    use thegraph_core::alloy::primitives::{address, Address, FixedBytes};
+    use thegraph_core::alloy::primitives::{address, Address, FixedBytes, U256};
     use tracing_test::traced_test;
 
     use super::{DatabaseConfig, SHARED_PREFIX};
@@ -470,6 +485,15 @@ mod tests {
             allowed_payers: vec![Address(
                 FixedBytes::<20>::from_str("0x3333333333333333333333333333333333333333").unwrap(),
             )],
+            price_per_entity: U256::from(1000),
+            price_per_epoch: BTreeMap::from_iter(vec![
+                ("mainnet".to_string(), U256::from(100)),
+                ("hardhat".to_string(), U256::from(100)),
+            ]),
+            additional_networks: HashMap::from([(
+                "eip155:1337".to_string(),
+                "hardhat".to_string(),
+            )]),
             ..Default::default()
         });
 

crates/config/src/config.rs

@@ -18,18 +18,23 @@ uuid.workspace = true
 tokio.workspace = true
 indexer-monitor = { path = "../monitor" }
 tracing.workspace = true
+graph-networks-registry.workspace = true
 
 bytes = { version = "1.10.0", optional = true }
 derivative = "2.2.0"
 
 futures = "0.3"
 http = "0.2"
 prost = { workspace = true, optional = true }
-ipfs-api-backend-hyper = { version = "0.6.0", features = ["with-send-sync", "with-hyper-tls"] }
+ipfs-api-backend-hyper = { version = "0.6.0", features = [
+    "with-send-sync",
+    "with-hyper-tls",
+] }
 serde_yaml.workspace = true
 serde.workspace = true
 sqlx = { workspace = true, optional = true }
 tonic = { workspace = true, optional = true }
+serde_json.workspace = true
 
 [dev-dependencies]
 rand = "0.9.0"

crates/dips/Cargo.toml

@@ -6,7 +6,9 @@ use std::{str::FromStr, sync::Arc};
 use server::DipsServerContext;
 use thegraph_core::alloy::{
     core::primitives::Address,
-    primitives::{b256, ChainId, PrimitiveSignature as Signature, Uint, B256},
+    primitives::{
+        b256, ruint::aliases::U256, ChainId, PrimitiveSignature as Signature, Uint, B256,
+    },
     signers::SignerSync,
     sol,
     sol_types::{eip712_domain, Eip712Domain, SolStruct, SolValue},
@@ -18,6 +20,8 @@ pub mod ipfs;
 pub mod price;
 #[cfg(feature = "rpc")]
 pub mod proto;
+#[cfg(test)]
+mod registry;
 #[cfg(feature = "rpc")]
 pub mod server;
 pub mod signers;
@@ -145,8 +149,12 @@ pub enum DipsError {
     InvalidSubgraphManifest(String),
     #[error("chainId {0} is not supported")]
     UnsupportedChainId(String),
-    #[error("price per block is below configured price for chain {0}, minimum: {1}, offered: {2}")]
-    PricePerBlockTooLow(String, u64, String),
+    #[error("price per epoch is below configured price for chain {0}, minimum: {1}, offered: {2}")]
+    PricePerEpochTooLow(String, U256, String),
+    #[error(
+        "price per entity is below configured price for chain {0}, minimum: {1}, offered: {2}"
+    )]
+    PricePerEntityTooLow(String, U256, String),
     // cancellation
     #[error("cancelled_by is expected to match the signer")]
     UnexpectedSigner,
@@ -304,6 +312,8 @@ pub async fn validate_and_create_agreement(
         ipfs_fetcher,
         price_calculator,
         signer_validator,
+        registry,
+        additional_networks,
     } = ctx.as_ref();
     let decoded_voucher = SignedIndexingAgreementVoucher::abi_decode(voucher.as_ref(), true)
         .map_err(|e| DipsError::AbiDecoding(e.to_string()))?;
@@ -316,12 +326,23 @@ pub async fn validate_and_create_agreement(
     decoded_voucher.validate(signer_validator, domain, expected_payee, allowed_payers)?;
 
     let manifest = ipfs_fetcher.fetch(&metadata.subgraphDeploymentId).await?;
+
+    let network = match registry.get_network_by_id(&metadata.chainId) {
+        Some(network) => network.id.clone(),
+        None => match additional_networks.get(&metadata.chainId) {
+            Some(network) => network.clone(),
+            None => return Err(DipsError::UnsupportedChainId(metadata.chainId)),
+        },
+    };
+
     match manifest.network() {
-        Some(network_name) => {
-            tracing::debug!("Subgraph manifest network: {}", network_name);
-            // TODO: Check if the network is supported
-            // This will require a mapping of network names to chain IDs
-            // by querying the supported networks from the EBO subgraph
+        Some(manifest_network_name) => {
+            tracing::debug!("Subgraph manifest network: {}", manifest_network_name);
+            if manifest_network_name != network {
+                return Err(DipsError::InvalidSubgraphManifest(
+                    metadata.subgraphDeploymentId,
+                ));
+            }
         }
         None => {
             return Err(DipsError::InvalidSubgraphManifest(
@@ -330,19 +351,28 @@ pub async fn validate_and_create_agreement(
         }
     }
 
-    let offered_price = metadata.pricePerEntity;
+    let offered_epoch_price = metadata.basePricePerEpoch;
     match price_calculator.get_minimum_price(&metadata.chainId) {
-        Some(price) if offered_price.lt(&Uint::from(price)) => {
-            return Err(DipsError::PricePerBlockTooLow(
-                metadata.chainId,
+        Some(price) if offered_epoch_price.lt(&Uint::from(price)) => {
+            return Err(DipsError::PricePerEpochTooLow(
+                network,
                 price,
-                offered_price.to_string(),
+                offered_epoch_price.to_string(),
             ))
         }
         Some(_) => {}
         None => return Err(DipsError::UnsupportedChainId(metadata.chainId)),
     }
 
+    let offered_entity_price = metadata.pricePerEntity;
+    if offered_entity_price < price_calculator.entity_price() {
+        return Err(DipsError::PricePerEntityTooLow(
+            network,
+            price_calculator.entity_price(),
+            offered_entity_price.to_string(),
+        ));
+    }
+
     store
         .create_agreement(decoded_voucher.clone(), metadata)
         .await?;
@@ -754,7 +784,17 @@ mod test {
             subgraphDeploymentId: voucher_ctx.deployment_id.clone(),
         };
 
-        let low_price_voucher = voucher_ctx.test_voucher(metadata);
+        let low_entity_price_voucher = voucher_ctx.test_voucher(metadata);
+
+        let metadata = SubgraphIndexingVoucherMetadata {
+            basePricePerEpoch: U256::from(10_u64),
+            pricePerEntity: U256::from(10000_u64),
+            protocolNetwork: "eip155:42161".to_string(),
+            chainId: "mainnet".to_string(),
+            subgraphDeploymentId: voucher_ctx.deployment_id.clone(),
+        };
+
+        let low_epoch_price_voucher = voucher_ctx.test_voucher(metadata);
 
         let metadata = SubgraphIndexingVoucherMetadata {
             basePricePerEpoch: U256::from(10000_u64),
@@ -775,9 +815,14 @@ mod test {
             Err(DipsError::InvalidSubgraphManifest(
                 voucher_ctx.deployment_id.clone(),
             )),
-            Err(DipsError::PricePerBlockTooLow(
+            Err(DipsError::PricePerEntityTooLow(
+                "mainnet".to_string(),
+                U256::from(100),
+                "10".to_string(),
+            )),
+            Err(DipsError::PricePerEpochTooLow(
                 "mainnet".to_string(),
-                100,
+                U256::from(200),
                 "10".to_string(),
             )),
             Err(DipsError::SignerNotAuthorised(signer.address())),
@@ -790,7 +835,8 @@ mod test {
         ];
         let cases = vec![
             no_network_voucher,
-            low_price_voucher,
+            low_entity_price_voucher,
+            low_epoch_price_voucher,
             valid_voucher_invalid_signer,
             valid_voucher,
         ];