graphprotocol
diff --git a/‎IndexingPaymentsTodo.md
+1 b/‎IndexingPaymentsTodo.md
+1
diff --git a/‎packages/horizon/contracts/interfaces/IRecurringCollector.sol
+47-6 b/‎packages/horizon/contracts/interfaces/IRecurringCollector.sol
+47-6
diff --git a/‎packages/horizon/contracts/payments/collectors/RecurringCollector.sol
+90-5 b/‎packages/horizon/contracts/payments/collectors/RecurringCollector.sol
+90-5
diff --git a/‎packages/subgraph-service/contracts/Decoder.sol
+42-9 b/‎packages/subgraph-service/contracts/Decoder.sol
+42-9
@@ -23,3 +23,4 @@
 * DONE: ~~Make `agreementId` unique globally so that we don't need the full tuple (`payer`+`indexer`+`agreementId`) as key?~~
 * DONE: ~~Maybe IRecurringCollector.cancel(address payer, address serviceProvider, bytes16 agreementId) should only take in agreementId?~~
 * DONE: ~~Unify to one error in Decoder.sol~~
+* Missing events for accept, cancel, upgrade RCAs.
@@ -49,6 +49,35 @@ interface IRecurringCollector is IAuthorizable, IPaymentsCollector {
         bytes metadata;
     }
 
+    /// @notice A representation of a signed Recurring Collection Agreement Upgrade (RCAU)
+    struct SignedRCAU {
+        // The RCAU
+        RecurringCollectionAgreementUpgrade rcau;
+        // Signature - 65 bytes: r (32 Bytes) || s (32 Bytes) || v (1 Byte)
+        bytes signature;
+    }
+
+    struct RecurringCollectionAgreementUpgrade {
+        // The agreement ID of the RCA
+        bytes16 agreementId;
+        // The deadline for accepting the RCA
+        uint256 acceptDeadline;
+        // The duration of the agreement in seconds
+        uint256 duration;
+        // The maximum amount of tokens that can be collected in the first collection
+        // on top of the amount allowed for subsequent collections
+        uint256 maxInitialTokens;
+        // The maximum amount of tokens that can be collected per second
+        // except for the first collection
+        uint256 maxOngoingTokensPerSecond;
+        // The minimum amount of seconds that must pass between collections
+        uint32 minSecondsPerCollection;
+        // The maximum amount of seconds that can pass between collections
+        uint32 maxSecondsPerCollection;
+        // Arbitrary metadata to extend functionality if a data service requires it
+        bytes metadata;
+    }
+
     /// @notice The data for an agreement
     struct AgreementData {
         // The address of the data service
@@ -73,8 +102,6 @@ interface IRecurringCollector is IAuthorizable, IPaymentsCollector {
         uint32 minSecondsPerCollection;
         // The maximum amount of seconds that can pass between collections
         uint32 maxSecondsPerCollection;
-        // The agreement ID of the previous agreement
-        bytes16 updatedFromAgreementId;
     }
 
     /// @notice The params for collecting an agreement
@@ -117,9 +144,9 @@ interface IRecurringCollector is IAuthorizable, IPaymentsCollector {
     error RecurringCollectorAgreementAcceptanceElapsed(uint256 elapsedAt);
 
     /**
-     * Thrown when the RCA signer is invalid
+     * Thrown when the signer is invalid
      */
-    error RecurringCollectorInvalidRCASigner();
+    error RecurringCollectorInvalidSigner();
 
     /**
      * Thrown when the payment type is not IndexingFee
@@ -194,7 +221,7 @@ interface IRecurringCollector is IAuthorizable, IPaymentsCollector {
      * @dev Accept an indexing agreement.
      * @param signedRCA The signed Recurring Collection Agreement which is to be accepted.
      */
-    function accept(SignedRCA memory signedRCA) external;
+    function accept(SignedRCA calldata signedRCA) external;
 
     /**
      * @dev Cancel an indexing agreement.
@@ -205,7 +232,7 @@ interface IRecurringCollector is IAuthorizable, IPaymentsCollector {
     /**
      * @dev Upgrade an indexing agreement.
      */
-    function upgrade() external;
+    function upgrade(SignedRCAU calldata signedRCAU) external;
 
     /**
      * @dev Computes the hash of a RecurringCollectionAgreement (RCA).
@@ -214,10 +241,24 @@ interface IRecurringCollector is IAuthorizable, IPaymentsCollector {
      */
     function encodeRCA(RecurringCollectionAgreement calldata rca) external view returns (bytes32);
 
+    /**
+     * @dev Computes the hash of a RecurringCollectionAgreementUpgrade (RCAU).
+     * @param rcau The RCAU for which to compute the hash.
+     * @return The hash of the RCAU.
+     */
+    function encodeRCAU(RecurringCollectionAgreementUpgrade calldata rcau) external view returns (bytes32);
+
     /**
      * @dev Recovers the signer address of a signed RecurringCollectionAgreement (RCA).
      * @param signedRCA The SignedRCA containing the RCA and its signature.
      * @return The address of the signer.
      */
     function recoverRCASigner(SignedRCA calldata signedRCA) external view returns (address);
+
+    /**
+     * @dev Recovers the signer address of a signed RecurringCollectionAgreementUpgrade (RCAU).
+     * @param signedRCAU The SignedRCAU containing the RCAU and its signature.
+     * @return The address of the signer.
+     */
+    function recoverRCAUSigner(SignedRCAU calldata signedRCAU) external view returns (address);
 }
@@ -26,6 +26,12 @@ contract RecurringCollector is EIP712, GraphDirectory, Authorizable, IRecurringC
             "RecurringCollectionAgreement(bytes16 agreementId,uint256 acceptDeadline,uint256 duration,address payer,address dataService,address serviceProvider,uint256 maxInitialTokens,uint256 maxOngoingTokensPerSecond,uint32 minSecondsPerCollection,uint32 maxSecondsPerCollection,bytes metadata)"
         );
 
+    /// @notice The EIP712 typehash for the RecurringCollectionAgreementUpgrade struct
+    bytes32 public constant EIP712_RCAU_TYPEHASH =
+        keccak256(
+            "RecurringCollectionAgreementUpgrade(bytes16 agreementId,uint256 acceptDeadline,uint256 duration,uint256 maxInitialTokens,uint256 maxOngoingTokensPerSecond,uint32 minSecondsPerCollection,uint32 maxSecondsPerCollection,bytes metadata)"
+        );
+
     /// @notice Sentinel value to indicate an agreement has been canceled
     uint256 public constant CANCELED = type(uint256).max;
 
@@ -68,7 +74,7 @@ contract RecurringCollector is EIP712, GraphDirectory, Authorizable, IRecurringC
      * See {IRecurringCollector.accept}.
      * @dev Caller must be the data service the RCA was issued to.
      */
-    function accept(SignedRCA memory signedRCA) external {
+    function accept(SignedRCA calldata signedRCA) external {
         require(
             msg.sender == signedRCA.rca.dataService,
             RecurringCollectorCallerNotDataService(msg.sender, signedRCA.rca.dataService)
@@ -116,10 +122,31 @@ contract RecurringCollector is EIP712, GraphDirectory, Authorizable, IRecurringC
     /**
      * @notice Upgrade an indexing agreement.
      * See {IRecurringCollector.upgrade}.
-     * @dev Caller must be the data service the RCA was issued to.
+     * @dev Caller must be the data service for the agreement.
      */
-    function upgrade() external {
-        // FIX-ME: implement me
+    function upgrade(SignedRCAU calldata signedRCAU) external {
+        require(
+            signedRCAU.rcau.acceptDeadline >= block.timestamp,
+            RecurringCollectorAgreementAcceptanceElapsed(signedRCAU.rcau.acceptDeadline)
+        );
+
+        AgreementData storage agreement = _getForUpdateAgreement(signedRCAU.rcau.agreementId);
+        require(agreement.acceptedAt > 0, RecurringCollectorAgreementNeverAccepted(signedRCAU.rcau.agreementId));
+        require(
+            agreement.dataService == msg.sender,
+            RecurringCollectorDataServiceNotAuthorized(signedRCAU.rcau.agreementId, msg.sender)
+        );
+
+        // check that the voucher is signed by the payer (or proxy)
+        _requireAuthorizedRCAUSigner(signedRCAU, agreement.payer);
+
+        // upgrade the agreement
+        // FIX-ME: These need to be validated to something that makes sense for the contract
+        agreement.duration = signedRCAU.rcau.duration;
+        agreement.maxInitialTokens = signedRCAU.rcau.maxInitialTokens;
+        agreement.maxOngoingTokensPerSecond = signedRCAU.rcau.maxOngoingTokensPerSecond;
+        agreement.minSecondsPerCollection = signedRCAU.rcau.minSecondsPerCollection;
+        agreement.maxSecondsPerCollection = signedRCAU.rcau.maxSecondsPerCollection;
     }
 
     /**
@@ -129,13 +156,27 @@ contract RecurringCollector is EIP712, GraphDirectory, Authorizable, IRecurringC
         return _recoverRCASigner(signedRCA);
     }
 
+    /**
+     * @notice See {IRecurringCollector.recoverRCAUSigner}
+     */
+    function recoverRCAUSigner(SignedRCAU calldata signedRCAU) external view returns (address) {
+        return _recoverRCAUSigner(signedRCAU);
+    }
+
     /**
      * @notice See {IRecurringCollector.encodeRCA}
      */
     function encodeRCA(RecurringCollectionAgreement calldata rca) external view returns (bytes32) {
         return _encodeRCA(rca);
     }
 
+    /**
+     * @notice See {IRecurringCollector.encodeRCAU}
+     */
+    function encodeRCAU(RecurringCollectionAgreementUpgrade calldata rcau) external view returns (bytes32) {
+        return _encodeRCAU(rcau);
+    }
+
     /**
      * @notice Decodes the collect data.
      */
@@ -235,6 +276,14 @@ contract RecurringCollector is EIP712, GraphDirectory, Authorizable, IRecurringC
         return ECDSA.recover(messageHash, _signedRCA.signature);
     }
 
+    /**
+     * @notice See {IRecurringCollector.recoverRCAUSigner}
+     */
+    function _recoverRCAUSigner(SignedRCAU memory _signedRCAU) private view returns (address) {
+        bytes32 messageHash = _encodeRCAU(_signedRCAU.rcau);
+        return ECDSA.recover(messageHash, _signedRCAU.signature);
+    }
+
     /**
      * @notice See {IRecurringCollector.encodeRCA}
      */
@@ -260,13 +309,49 @@ contract RecurringCollector is EIP712, GraphDirectory, Authorizable, IRecurringC
             );
     }
 
+    /**
+     * @notice See {IRecurringCollector.encodeRCAU}
+     */
+    function _encodeRCAU(RecurringCollectionAgreementUpgrade memory _rcau) private view returns (bytes32) {
+        return
+            _hashTypedDataV4(
+                keccak256(
+                    abi.encode(
+                        EIP712_RCAU_TYPEHASH,
+                        _rcau.agreementId,
+                        _rcau.acceptDeadline,
+                        _rcau.duration,
+                        _rcau.maxInitialTokens,
+                        _rcau.maxOngoingTokensPerSecond,
+                        _rcau.minSecondsPerCollection,
+                        _rcau.maxSecondsPerCollection,
+                        keccak256(_rcau.metadata)
+                    )
+                )
+            );
+    }
+
     /**
      * @notice Requires that the signer for the RCA is authorized
      * by the payer of the RCA.
      */
     function _requireAuthorizedRCASigner(SignedRCA memory _signedRCA) private view returns (address) {
         address signer = _recoverRCASigner(_signedRCA);
-        require(_isAuthorized(_signedRCA.rca.payer, signer), RecurringCollectorInvalidRCASigner());
+        require(_isAuthorized(_signedRCA.rca.payer, signer), RecurringCollectorInvalidSigner());
+
+        return signer;
+    }
+
+    /**
+     * @notice Requires that the signer for the RCAU is authorized
+     * by the payer.
+     */
+    function _requireAuthorizedRCAUSigner(
+        SignedRCAU memory _signedRCAU,
+        address _payer
+    ) private view returns (address) {
+        address signer = _recoverRCAUSigner(_signedRCAU);
+        require(_isAuthorized(_payer, signer), RecurringCollectorInvalidSigner());
 
         return signer;
     }
 
@@ -9,22 +9,45 @@ contract Decoder {
     }
 
     /**
-     * @notice Decodes the indexing agreement metadata.
+     * @notice Decodes the RCA metadata.
      *
-     * @param data The data to decode. See {ISubgraphService.RCAIndexingAgreementMetadata}
+     * @param data The data to decode. See {ISubgraphService.AcceptIndexingAgreementMetadata}
      * @return The decoded data
      */
     function decodeRCAMetadata(
         bytes calldata data
-    ) external pure returns (ISubgraphService.RCAIndexingAgreementMetadata memory) {
-        return abi.decode(data, (ISubgraphService.RCAIndexingAgreementMetadata));
+    ) external pure returns (ISubgraphService.AcceptIndexingAgreementMetadata memory) {
+        return abi.decode(data, (ISubgraphService.AcceptIndexingAgreementMetadata));
     }
 
+    /**
+     * @notice Decodes the RCAU metadata.
+     *
+     * @param data The data to decode. See {ISubgraphService.UpgradeIndexingAgreementMetadata}
+     * @return The decoded data
+     */
+    function decodeRCAUMetadata(
+        bytes calldata data
+    ) external pure returns (ISubgraphService.UpgradeIndexingAgreementMetadata memory) {
+        return abi.decode(data, (ISubgraphService.UpgradeIndexingAgreementMetadata));
+    }
+
+    /**
+     * @notice Decodes the collect data for indexing fees V1.
+     *
+     * @param data The data to decode.
+     */
     function decodeCollectIndexingFeeDataV1(bytes memory data) external pure returns (uint256 entities, bytes32 poi) {
         return abi.decode(data, (uint256, bytes32));
     }
 
-    function decodeAcceptIndexingAgreementTermsV1(
+    /**
+     * @notice Decodes the data for indexing agreement terms V1.
+     *
+     * @param data The data to decode. See {ISubgraphService.IndexingAgreementTermsV1}
+     * @return The decoded data
+     */
+    function decodeIndexingAgreementTermsV1(
         bytes memory data
     ) external pure returns (ISubgraphService.IndexingAgreementTermsV1 memory) {
         return abi.decode(data, (ISubgraphService.IndexingAgreementTermsV1));
@@ -40,14 +63,24 @@ contract Decoder {
 
     function _decodeRCAMetadata(
         bytes memory _data
-    ) internal view returns (ISubgraphService.RCAIndexingAgreementMetadata memory) {
-        try this.decodeRCAMetadata(_data) returns (ISubgraphService.RCAIndexingAgreementMetadata memory metadata) {
+    ) internal view returns (ISubgraphService.AcceptIndexingAgreementMetadata memory) {
+        try this.decodeRCAMetadata(_data) returns (ISubgraphService.AcceptIndexingAgreementMetadata memory metadata) {
             return metadata;
         } catch {
             revert ISubgraphService.SubgraphServiceDecoderInvalidData("_decodeRCAMetadata", _data);
         }
     }
 
+    function _decodeRCAUMetadata(
+        bytes memory _data
+    ) internal view returns (ISubgraphService.UpgradeIndexingAgreementMetadata memory) {
+        try this.decodeRCAUMetadata(_data) returns (ISubgraphService.UpgradeIndexingAgreementMetadata memory metadata) {
+            return metadata;
+        } catch {
+            revert ISubgraphService.SubgraphServiceDecoderInvalidData("_decodeRCAUMetadata", _data);
+        }
+    }
+
     function _decodeCollectIndexingFeeDataV1(bytes memory _data) internal view returns (uint256, bytes32) {
         try this.decodeCollectIndexingFeeDataV1(_data) returns (uint256 entities, bytes32 poi) {
             return (entities, poi);
@@ -56,10 +89,10 @@ contract Decoder {
         }
     }
 
-    function _decodeAcceptIndexingAgreementTermsV1(
+    function _decodeIndexingAgreementTermsV1(
         bytes memory _data
     ) internal view returns (ISubgraphService.IndexingAgreementTermsV1 memory) {
-        try this.decodeAcceptIndexingAgreementTermsV1(_data) returns (
+        try this.decodeIndexingAgreementTermsV1(_data) returns (
             ISubgraphService.IndexingAgreementTermsV1 memory terms
         ) {
             return terms;