f - allow for zero collections

Author: matiasedgeandnode

IndexingPaymentsTodo.md

@@ -1,26 +1,30 @@
 # Still pending
 
-* Double-check it supports paying per byte instead of per entity and eventually a subgraph-gas metric. DONE: ~~Built-in upgrade path to indexing agreements v2~~
-* Update Arbitration Charter to support disputing Indexing Fees. DONE: ~~Support `DisputeManager`~~
+* Arbitration Charter: Update to support disputing IndexingFee.
 * Economics
   * If service wants to collect more than collector allows. Collector limits but doesn't tell the service?
-  * Support for agreements that end up in `RecurringCollectorCollectionTooLate` or ways to avoid getting to that state.
-  * Should we deal with zero entities declared as a special case?
   * Since an allocation is required for collecting, do we want to expect that the allocation is not stale? Do we want to add code to collect rewards as part of the collection of fees? Make sure allocation is more than one epoch old if we attempt this.
-  * Reject Zero POIs?
   * What happens if the escrow doesn't have enough funds? Since you can't collect that means you lose out forever?
-  * Don't pay for entities on initial collection?
+  * Don't pay for entities on initial collection? Where did we land in terms of payment terms?
   * Should we set a different param for initial collection time max? Some subgraphs take a lot to catch up.
   * How do we solve for the case where an indexer has reached their max expected payout for the initial sync but haven't reached the current epoch (thus their POI is incorrect)?
 * Double check cancelation policy. Who can cancel when? Right now is either party at any time.
 * Expose a function that indexers can use to calculate the tokens to be collected and other collection params?
 * Support a way for gateway to shop an agreement around? Deadline + dedup key? So only one agreement with the dedupe key can be accepted?
-* Maybe check that the epoch the indexer is sending is the one the transaction will be run in?
-* Check upgrade conditions. Support indexing agreement upgadeability, so that there is a mechanism to adjust the rates without having to cancel and start over.
 * If an indexer closes an allocation, what should happen to the accepeted agreement?
 * test_SubgraphService_CollectIndexingFee_Integration fails with PaymentsEscrowInconsistentCollection
 * Reduce the number of errors declared and returned
+* Missing events for accept, cancel, upgrade RCAs.
+* Switch `duration` for `endsAt`?
+
+# Done
+
+* DONE: ~~Support `DisputeManager`~~
+* DONE: ~~Check upgrade conditions. Support indexing agreement upgradability, so that there is a mechanism to adjust the rates without having to cancel and start over.~~
+* DONE: ~~Maybe check that the epoch the indexer is sending is the one the transaction will be run in?~~
+* DONE: ~~Should we deal with zero entities declared as a special case?~~
+* DONE: ~~Support for agreements that end up in `RecurringCollectorCollectionTooLate` or ways to avoid getting to that state.~~
 * DONE: ~~Make `agreementId` unique globally so that we don't need the full tuple (`payer`+`indexer`+`agreementId`) as key?~~
 * DONE: ~~Maybe IRecurringCollector.cancel(address payer, address serviceProvider, bytes16 agreementId) should only take in agreementId?~~
 * DONE: ~~Unify to one error in Decoder.sol~~
-* Missing events for accept, cancel, upgrade RCAs.
+* DONE: ~~Built-in upgrade path to indexing agreements v2~~

packages/horizon/contracts/interfaces/IRecurringCollector.sol

@@ -125,6 +125,7 @@ interface IRecurringCollector is IAuthorizable, IPaymentsCollector {
         address indexed dataService,
         address indexed payer,
         address indexed serviceProvider,
+        bytes16 agreementId,
         bytes32 collectionId,
         uint256 tokens,
         uint256 dataServiceCut
@@ -192,6 +193,12 @@ interface IRecurringCollector is IAuthorizable, IPaymentsCollector {
      */
     error RecurringCollectorAgreementInvalid(bytes16 agreementId, uint256 acceptedAt);
 
+    /**
+     * Thrown when accepting or upgrading an agreement with invalid params
+     * @param agreementId The agreement ID
+     */
+    error RecurringCollectorAgreementInvalidParams(bytes16 agreementId);
+
     /**
      * Thrown when calling collect() on an elapsed agreement
      * @param agreementId The agreement ID

packages/horizon/contracts/payments/collectors/RecurringCollector.sol

@@ -96,12 +96,12 @@ contract RecurringCollector is EIP712, GraphDirectory, Authorizable, IRecurringC
         agreement.dataService = signedRCA.rca.dataService;
         agreement.payer = signedRCA.rca.payer;
         agreement.serviceProvider = signedRCA.rca.serviceProvider;
-        // FIX-ME: These need to be validated to something that makes sense for the contract
         agreement.duration = signedRCA.rca.duration;
         agreement.maxInitialTokens = signedRCA.rca.maxInitialTokens;
         agreement.maxOngoingTokensPerSecond = signedRCA.rca.maxOngoingTokensPerSecond;
         agreement.minSecondsPerCollection = signedRCA.rca.minSecondsPerCollection;
         agreement.maxSecondsPerCollection = signedRCA.rca.maxSecondsPerCollection;
+        _requireValidAgreement(agreement, signedRCA.rca.agreementId);
     }
 
     /**
@@ -141,12 +141,12 @@ contract RecurringCollector is EIP712, GraphDirectory, Authorizable, IRecurringC
         _requireAuthorizedRCAUSigner(signedRCAU, agreement.payer);
 
         // upgrade the agreement
-        // FIX-ME: These need to be validated to something that makes sense for the contract
         agreement.duration = signedRCAU.rcau.duration;
         agreement.maxInitialTokens = signedRCAU.rcau.maxInitialTokens;
         agreement.maxOngoingTokensPerSecond = signedRCAU.rcau.maxOngoingTokensPerSecond;
         agreement.minSecondsPerCollection = signedRCAU.rcau.minSecondsPerCollection;
         agreement.maxSecondsPerCollection = signedRCAU.rcau.maxSecondsPerCollection;
+        _requireValidAgreement(agreement, signedRCAU.rcau.agreementId);
     }
 
     /**
@@ -211,17 +211,21 @@ contract RecurringCollector is EIP712, GraphDirectory, Authorizable, IRecurringC
             RecurringCollectorDataServiceNotAuthorized(_params.agreementId, msg.sender)
         );
 
-        _requireValidCollect(agreement, _params.agreementId, _params.tokens);
-        agreement.lastCollectionAt = block.timestamp;
+        _requireCollectableAgreement(agreement, _params.agreementId);
 
-        _graphPaymentsEscrow().collect(
-            IGraphPayments.PaymentTypes.IndexingFee,
-            agreement.payer,
-            agreement.serviceProvider,
-            _params.tokens,
-            agreement.dataService,
-            _params.dataServiceCut
-        );
+        if (_params.tokens != 0) {
+            _requireValidCollect(agreement, _params.agreementId, _params.tokens);
+
+            _graphPaymentsEscrow().collect(
+                IGraphPayments.PaymentTypes.IndexingFee,
+                agreement.payer,
+                agreement.serviceProvider,
+                _params.tokens,
+                agreement.dataService,
+                _params.dataServiceCut
+            );
+        }
+        agreement.lastCollectionAt = block.timestamp;
 
         emit PaymentCollected(
             IGraphPayments.PaymentTypes.IndexingFee,
@@ -236,6 +240,7 @@ contract RecurringCollector is EIP712, GraphDirectory, Authorizable, IRecurringC
             agreement.dataService,
             agreement.payer,
             agreement.serviceProvider,
+            _params.agreementId,
             _params.collectionId,
             _params.tokens,
             _params.dataServiceCut
@@ -244,10 +249,32 @@ contract RecurringCollector is EIP712, GraphDirectory, Authorizable, IRecurringC
         return _params.tokens;
     }
 
-    /**
-     * @notice Requires that the agreement is valid for collection.
-     */
-    function _requireValidCollect(AgreementData memory _agreement, bytes16 _agreementId, uint256 _tokens) private view {
+    function _requireValidAgreement(AgreementData memory _agreement, bytes16 _agreementId) private view {
+        require(
+            _agreement.dataService != address(0) &&
+                _agreement.payer != address(0) &&
+                _agreement.serviceProvider != address(0),
+            RecurringCollectorAgreementInvalidParams(_agreementId)
+        );
+
+        // Agreement needs to end in the future
+        require(_agreementEndsAt(_agreement) > block.timestamp, RecurringCollectorAgreementInvalidParams(_agreementId));
+
+        // Collection window needs to be at least 2 hours
+        require(
+            _agreement.maxSecondsPerCollection > _agreement.minSecondsPerCollection &&
+                (_agreement.maxSecondsPerCollection - _agreement.minSecondsPerCollection >= 7200),
+            RecurringCollectorAgreementInvalidParams(_agreementId)
+        );
+
+        // Agreement needs to last at least one min collection window
+        require(
+            _agreement.duration >= _agreement.minSecondsPerCollection + 7200,
+            RecurringCollectorAgreementInvalidParams(_agreementId)
+        );
+    }
+
+    function _requireCollectableAgreement(AgreementData memory _agreement, bytes16 _agreementId) private view {
         require(
             _agreement.acceptedAt > 0 && _agreement.acceptedAt != CANCELED,
             RecurringCollectorAgreementInvalid(_agreementId, _agreement.acceptedAt)
@@ -257,9 +284,14 @@ contract RecurringCollector is EIP712, GraphDirectory, Authorizable, IRecurringC
             ? _agreement.acceptedAt + _agreement.duration
             : type(uint256).max;
         require(agreementEnd >= block.timestamp, RecurringCollectorAgreementElapsed(_agreementId, agreementEnd));
+    }
 
+    /**
+     * @notice Requires that the collection params are valid.
+     */
+    function _requireValidCollect(AgreementData memory _agreement, bytes16 _agreementId, uint256 _tokens) private view {
         uint256 collectionSeconds = block.timestamp;
-        collectionSeconds -= _agreement.lastCollectionAt > 0 ? _agreement.lastCollectionAt : _agreement.acceptedAt;
+        collectionSeconds -= _agreementCollectionStartAt(_agreement);
         require(
             collectionSeconds >= _agreement.minSecondsPerCollection,
             RecurringCollectorCollectionTooSoon(_agreementId, collectionSeconds, _agreement.minSecondsPerCollection)
@@ -376,4 +408,15 @@ contract RecurringCollector is EIP712, GraphDirectory, Authorizable, IRecurringC
     function _getAgreement(bytes16 _agreementId) private view returns (AgreementData memory) {
         return agreements[_agreementId];
     }
+
+    function _agreementCollectionStartAt(AgreementData memory _agreement) private pure returns (uint256) {
+        return _agreement.lastCollectionAt > 0 ? _agreement.lastCollectionAt : _agreement.acceptedAt;
+    }
+
+    function _agreementEndsAt(AgreementData memory _agreement) private pure returns (uint256) {
+        return
+            _agreement.duration < type(uint256).max - _agreement.acceptedAt
+                ? _agreement.acceptedAt + _agreement.duration
+                : type(uint256).max;
+    }
 }

packages/horizon/test/payments/recurring-collector/collect.t.sol

@@ -53,6 +53,7 @@ contract RecurringCollectorCollectTest is RecurringCollectorSharedTest {
         address notDataService
     ) public {
         vm.assume(rca.dataService != notDataService);
+        rca = _sensibleRCA(rca);
         params.agreementId = rca.agreementId;
         bytes memory data = _generateCollectData(params);
 
@@ -85,9 +86,11 @@ contract RecurringCollectorCollectTest is RecurringCollectorSharedTest {
         TestCollectParams memory testCollectParams,
         uint256 unboundedKey
     ) public {
-        IRecurringCollector.CollectParams memory fuzzyParams = testCollectParams.collectData;
+        rca = _sensibleRCA(rca);
         _authorizeAndAccept(rca, boundKey(unboundedKey));
         _cancel(rca);
+        IRecurringCollector.CollectParams memory fuzzyParams = testCollectParams.collectData;
+        fuzzyParams.tokens = bound(fuzzyParams.tokens, 1, type(uint256).max);
         IRecurringCollector.CollectParams memory collectParams = _generateCollectParams(
             rca,
             fuzzyParams.collectionId,
@@ -162,6 +165,7 @@ contract RecurringCollectorCollectTest is RecurringCollectorSharedTest {
 
         uint256 collectionSeconds = boundSkipCeil(unboundedSkip, rca.minSecondsPerCollection - 1);
         skip(collectionSeconds);
+        fuzzyParams.tokens = bound(fuzzyParams.tokens, 1, type(uint256).max);
         IRecurringCollector.CollectParams memory collectParams = _generateCollectParams(
             rca,
             fuzzyParams.collectionId,
@@ -207,6 +211,7 @@ contract RecurringCollectorCollectTest is RecurringCollectorSharedTest {
         uint256 collectionSeconds = boundSkip(unboundedSkip, rca.maxSecondsPerCollection + 1, durationLeft);
         skip(collectionSeconds);
 
+        fuzzyParams.tokens = bound(fuzzyParams.tokens, 1, type(uint256).max);
         IRecurringCollector.CollectParams memory collectParams = _generateCollectParams(
             rca,
             fuzzyParams.collectionId,

packages/horizon/test/payments/recurring-collector/shared.t.sol

@@ -42,7 +42,7 @@ contract RecurringCollectorSharedTest is Test, Bounder {
     function _fuzzyAuthorizeAndAccept(
         FuzzyAcceptableRCA memory _fuzzyAcceptableRCA
     ) internal returns (IRecurringCollector.SignedRCA memory) {
-        vm.assume(_fuzzyAcceptableRCA.rca.payer != address(0));
+        _fuzzyAcceptableRCA.rca = _sensibleRCA(_fuzzyAcceptableRCA.rca);
         _fuzzyAcceptableRCA.rca = _recurringCollectorHelper.withOKAcceptDeadline(_fuzzyAcceptableRCA.rca);
         return _authorizeAndAcceptV2(_fuzzyAcceptableRCA.rca, boundKey(_fuzzyAcceptableRCA.unboundedSignerKey));
     }
@@ -108,6 +108,7 @@ contract RecurringCollectorSharedTest is Test, Bounder {
             _rca.dataService,
             _rca.payer,
             _rca.serviceProvider,
+            _rca.agreementId,
             _fuzzyParams.collectionId,
             _tokens,
             _fuzzyParams.dataServiceCut
@@ -136,9 +137,12 @@ contract RecurringCollectorSharedTest is Test, Bounder {
     function _sensibleRCA(
         IRecurringCollector.RecurringCollectionAgreement memory _rca
     ) internal pure returns (IRecurringCollector.RecurringCollectionAgreement memory) {
+        vm.assume(_rca.dataService != address(0));
+        vm.assume(_rca.payer != address(0));
+        vm.assume(_rca.serviceProvider != address(0));
         _rca.minSecondsPerCollection = uint32(bound(_rca.minSecondsPerCollection, 60, 60 * 60 * 24));
         _rca.maxSecondsPerCollection = uint32(
-            bound(_rca.maxSecondsPerCollection, _rca.minSecondsPerCollection * 2, 60 * 60 * 24 * 30)
+            bound(_rca.maxSecondsPerCollection, _rca.minSecondsPerCollection + 7200, 60 * 60 * 24 * 30)
         );
         _rca.duration = bound(_rca.duration, _rca.maxSecondsPerCollection * 10, type(uint256).max);
         _rca.maxInitialTokens = bound(_rca.maxInitialTokens, 0, 1e18 * 100_000_000);

packages/subgraph-service/contracts/Decoder.sol

@@ -37,8 +37,10 @@ contract Decoder {
      *
      * @param data The data to decode.
      */
-    function decodeCollectIndexingFeeDataV1(bytes memory data) external pure returns (uint256 entities, bytes32 poi) {
-        return abi.decode(data, (uint256, bytes32));
+    function decodeCollectIndexingFeeDataV1(
+        bytes memory data
+    ) external pure returns (uint256 entities, bytes32 poi, uint256 epoch) {
+        return abi.decode(data, (uint256, bytes32, uint256));
     }
 
     /**
@@ -81,9 +83,9 @@ contract Decoder {
         }
     }
 
-    function _decodeCollectIndexingFeeDataV1(bytes memory _data) internal view returns (uint256, bytes32) {
-        try this.decodeCollectIndexingFeeDataV1(_data) returns (uint256 entities, bytes32 poi) {
-            return (entities, poi);
+    function _decodeCollectIndexingFeeDataV1(bytes memory _data) internal view returns (uint256, bytes32, uint256) {
+        try this.decodeCollectIndexingFeeDataV1(_data) returns (uint256 entities, bytes32 poi, uint256 epoch) {
+            return (entities, poi, epoch);
         } catch {
             revert ISubgraphService.SubgraphServiceDecoderInvalidData("_decodeCollectIndexingFeeDataV1", _data);
         }

packages/subgraph-service/contracts/SubgraphService.sol

@@ -739,12 +739,24 @@ contract SubgraphService is
             agreement.version == IndexingAgreementVersion.V1,
             SubgraphServiceInvalidIndexingAgreementVersion(agreement.version)
         );
-        (uint256 entities, bytes32 poi) = _decodeCollectIndexingFeeDataV1(_data);
+        (uint256 entities, bytes32 poi, uint256 epoch) = _decodeCollectIndexingFeeDataV1(_data);
+        uint256 currentEpoch = _graphEpochManager().currentEpoch();
+        if (epoch != currentEpoch) {
+            revert SubgraphServiceInvalidEpoch(currentEpoch, epoch);
+        }
+
+        uint256 tokensToCollect;
+        if (entities == 0 && poi == bytes32(0)) {
+            tokensToCollect = 0;
+        } else {
+            tokensToCollect = _indexingAgreementTokensToCollect(_agreementId, agreement, entities);
+        }
+        agreement.lastCollectionAt = block.timestamp;
 
         uint256 tokensCollected = _indexingAgreementCollect(
             _agreementId,
             bytes32(uint256(uint160(agreement.allocationId))),
-            _indexingAgreementTokensToCollect(_agreementId, agreement, entities)
+            tokensToCollect
         );
 
         _releaseAndLockStake(agreement.indexer, tokensCollected);
@@ -755,7 +767,7 @@ contract SubgraphService is
             _agreementId,
             agreement.allocationId,
             allocation.subgraphDeploymentId,
-            _graphEpochManager().currentEpoch(),
+            currentEpoch,
             tokensCollected,
             entities,
             poi
@@ -809,21 +821,6 @@ contract SubgraphService is
         storedTerms.tokensPerEntityPerSecond = newTerms.tokensPerEntityPerSecond;
     }
 
-    function _indexingAgreementTokensToCollect(
-        bytes16 _agreementId,
-        IndexingAgreementData storage _agreement,
-        uint256 _entities
-    ) private returns (uint256) {
-        IndexingAgreementTermsV1 memory termsV1 = _getIndexingAgreementTermsV1(_agreementId);
-
-        uint256 collectionSeconds = block.timestamp;
-        collectionSeconds -= _agreement.lastCollectionAt > 0 ? _agreement.lastCollectionAt : _agreement.acceptedAt;
-        _agreement.lastCollectionAt = block.timestamp;
-
-        // FIX-ME: this is bad because it encourages indexers to collect at max seconds allowed to maximize collection.
-        return collectionSeconds * (termsV1.tokensPerSecond + termsV1.tokensPerEntityPerSecond * _entities);
-    }
-
     function _indexingAgreementCollect(
         bytes16 _agreementId,
         bytes32 _collectionId,
@@ -859,6 +856,20 @@ contract SubgraphService is
         _recurringCollector().cancel(_agreementId);
     }
 
+    function _indexingAgreementTokensToCollect(
+        bytes16 _agreementId,
+        IndexingAgreementData memory _agreement,
+        uint256 _entities
+    ) private view returns (uint256) {
+        IndexingAgreementTermsV1 memory termsV1 = _getIndexingAgreementTermsV1(_agreementId);
+
+        uint256 collectionSeconds = block.timestamp;
+        collectionSeconds -= _agreement.lastCollectionAt > 0 ? _agreement.lastCollectionAt : _agreement.acceptedAt;
+
+        // FIX-ME: this is bad because it encourages indexers to collect at max seconds allowed to maximize collection.
+        return collectionSeconds * (termsV1.tokensPerSecond + termsV1.tokensPerEntityPerSecond * _entities);
+    }
+
     function _getForUpdateIndexingAgreement(bytes16 _agreementId) private view returns (IndexingAgreementData storage) {
         return indexingAgreements[_agreementId];
     }

packages/subgraph-service/contracts/interfaces/ISubgraphService.sol

@@ -351,6 +351,13 @@ interface ISubgraphService is IDataServiceFees {
         uint256 tokensPerEntityPerSecond;
     }
 
+    /**
+     * @notice Thrown when collecting on an invalid epoch
+     * @param current The current epoch
+     * @param invalid The invalid epoch
+     */
+    error SubgraphServiceInvalidEpoch(uint256 current, uint256 invalid);
+
     /**
      * @notice Thrown when the data can't be decoded as expected
      * @param t The type of data that was expected