Merge pull request #21 from openfort-xyz/feat/fallback_prover

wip

Author: Haypierre

README.md

@@ -1,20 +1,13 @@
 # Openfort Ecosystem Abstraction
 
 ## Overview
-Ecosystems are parent entities for groups of apps operating across different blockchains or standalone layer 2 networks. Openfort [**ecosystem wallets**](https://www.openfort.xyz/docs/guides/ecosystem) enable seamless interoperability between applications, allowing ecosystems to design their ideal, unified wallet experience. The next evolution is consolidating user liquidity across apps, providing a single, unified balance instantly spendable across the ecosystem. This vision will be powered by Openfort's chain abstraction implementation based on [MagicSpend++](https://ethresear.ch/t/magicspend-spend-now-debit-later/19678/9) hosted in this repository.
+Ecosystems are parent entities for groups of apps operating across different blockchains or standalone layer 2 networks. Openfort [**ecosystem wallets**](https://www.openfort.xyz/docs/guides/ecosystem) enable seamless interoperability between applications, allowing ecosystems to design their ideal, unified wallet experience. The next evolution is consolidating user liquidity across apps, providing a single, unified balance instantly spendable across the ecosystem. This vision will be powered by Openfort's chain abstraction implementation of [MagicSpend++](https://ethresear.ch/t/magicspend-spend-now-debit-later/19678/9) hosted in this repository.
 
 With this setup, ecosystems can deploy tailor-made 4337 chain abstraction infrastructure.
 They become Liquidity Providers (LPs) for their users, sharing with them the value that would otherwise have been captured by solvers/fillers.
 They own their users' experience from the wallet to the chain.
 
 
-You will find *at least* the following contracts:
-
-* Chain Abstraction Paymaster
-* Time-locked Vault
-* Vault Manager
-* Invoice Manager
-
 ## System Architecture
 
 ![architecture](./assets/archi.jpg)
@@ -23,69 +16,59 @@ You will find *at least* the following contracts:
 
 ![paymasterAndData](./assets/paymasterAndData.png)
 
-## System Components & assumptions
+## System Components
 
 ### Time-locked Vault
-- Define locking period
-- Deploy on any chain
-- Define any ERC20 / native asset (each asset must have a correspondence in dollars)
-- Define the yield strategy
-
-_Note:_ "locking" can be simplified into a **SEND** transaction from an EOA to the Smart Contract Account. A backend watcher service could listen for `received` events and automatically lock the funds (i.e., transfer them to the time-locked vault). This approach would require users to sign a session key for the watcher service.
-
-
-### Chain Abstraction Paymaster
-
-The Paymaster fronts the funds on the destination chain for the user if they _HAVE_ enough locked balance (checked by Openfort Backend).
-The Paymaster contract will then be reimbursed on the source chain(s). Ni1o: user has 100@A, 50@B, and spends 130@C
+- Tokenized Vaults with a single underlying EIP-20 token
+- *not* [4626](https://eips.ethereum.org/EIPS/eip-4626) compliant (does *not* implement EIP-20 to represent shares)
+- only the VaultManager can interact with the Vault
+- Define locking period when initialiaing the vault
+- Deploy on any supported source chains
+- Can be yield-bearing (e.g deposit to Aaver or Morpho)
 
-* Set/update the Paymaster owner address (ecosystem *MUST* own the Paymaster).
-* Fund/withdraw Paymaster balance (Openfort crafts the transaction, but the ecosystem owner _MUST_ sign it).
-* Ragequit > withdraw all funds from all Paymasters
-* Receive webhook alerts when the Paymaster balance falls below a certain threshold to enable rebalancing.
+_Note:_ "locking" can be simplified into a **SEND** transaction from an EOA to the Smart Contract Account. A backend watcher listens for `received` events and automatically lock the funds (i.e., transfer them to the time-locked vault). This approach requires users to sign a session key for the watcher service.
 
-### Trust assumptions
+### Vault Manager
+- Manage Vaults
+- Manage withdrawals and deposits
 
-* The system relies on cross-L2 execution proofs enabled by [Polymer](https://docs.polymerlabs.org/docs/build/examples/chain_abstraction/), eliminating the need for Users to trust Openfort or the Ecosystem. To recover funds locked in source chain vaults on behalf of the ecosystem, Openfort must prove the execution of the userOp on the remote chain. There is no refund on source chain without the corresponding remote chain execution proof. The InvoiceManager track invoices onchain to prevent double-refund.
-* Openfort does not have custody of funds in the Ecosystem Paymaster because the userOp is co-signed within a secure enclave, following predefined policies set by the ecosystem.
+### Invoice Manager
+- Settlement of invoices
+- Prevent double-repayment of invoices with state proof verification
+- authorize paymasters and paymaster verifiers
 
+### Chain Abstraction Paymaster (CABPaymaster)
 
-### Onchain deployments
+The CABPaymaster fronts funds on the destination chain for the user if they _HAVE_ enough locked balance (checked by Openfort Backend).
 
-One time action by Openfort: Deploy Vaults, VaultManager and InvoiceManager.
+The Paymaster contract will get repaid on the source chain(s). Ni1o: user has 100@A, 50@B, and spends 130@C
 
-->> LP as a Service: Deploy the Chain Abstraction Paymaster *on each* blockchain supported by the ecosystem.
+- Set/update the Paymaster owner address (ecosystem *MUST* own the Paymaster)
+- Fund/withdraw Paymaster balance (Openfort crafts the transaction, but the ecosystem owner _MUST_ sign it)
+- Ragequit > owner withdraw all funds from all Paymasters with one signature
 
+Paymaster Owner can subscribe to webhook alerts when the Paymaster balance falls below a certain threshold, before automatic rebalancing is implemented.
 
-# Local Development
+### Paymaster Verifiers
+- Permissionless verification of remote event (InvoiceCreated) or storage proof (invoices mapping in the invoiceManager)
+- Permissionless verification of invoice
 
+As part of chain abstraction activation, an account registers a Paymaster Verifier, which is subsequently called by the InvoiceManager before processing repayments.
 
-Launch tests:
-```
-forge test
-```
+One of the system’s key strengths is its modular approach to proof verification. We envision a future where state proofs play a crucial role in Ethereum interoperability, with more proof providers emerging. Our design allows for seamless integration of new proof verification strategies, giving advanced users the flexibility to choose the one that best suits their use case.
 
-Deploy local node:
-```
-anvil
-```
+## Trust assumptions
 
-Deploy two mock ERC20:
+* The system relies on cross-L2 execution proofs enabled by [Polymer](https://docs.polymerlabs.org/docs/build/examples/chain_abstraction/), eliminating the need for Users to trust Openfort or the Ecosystem. To recover funds locked in source chain vaults on behalf of the ecosystem, Openfort must prove the execution of the userOp on the remote chain. There is no refund on source chain without the corresponding remote chain execution proof. The InvoiceManager tracks invoices onchain to prevent double-refund.
+* The system supports [Hashi](https://crosschain-alliance.gitbook.io/hashi/introduction/what-is-hashi) as a fallback proving mechanism if Polymer or Openfort cease operations. Liquidity providers (LPs) can generate a proof for their fronted funds by running a [Hashi RPC API locally](https://github.com/gnosis/hashi/tree/main/packages/rpc#getting-started) and submit it to `fallbackRepay` along with the invoice. This enables refunds using only public data, without relying on any third party. Note that the fallback proving strategy might evolve in the future but will always remain permissionless.
+* Openfort does not have custody of funds in the Ecosystem Paymaster because the userOp is co-signed within a secure enclave executing predefined policies set by the ecosystem. At any time, the ecosystem can disable a signer to immediately block any new userOp from being sent.
 
-```
-forge create src/mocks/MockERC20.sol:MockERC20 --private-key=0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80
-forge create src/mocks/MockERC20.sol:MockERC20 --private-key=0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80
-```
+## Deployments
 
+- One InvoiceManager owned by Openfort
+- One VaultManager onwed by Openfort
+- One CABPaymaster per Ecosystem and Owned by the Ecosystem
+- All Vaults are owned by Openfort
+- All Paymaster Verifiers
 
-Deploy Chain Abstraction Setup including Invoice Manager, two tokenized vaults, Vault Manager and Paymaster:
-```
-PK_DEPLOYER=0x59c6995e998f97a5a0044966f0945389dc9e86dae88c7a8412f4603b6b78690d
-CROSS_L2_PROVER=0xBA3647D0749Cb37CD92Cc98e6185A77a8DCBFC62
-OWNER=0x70997970C51812dc3A010C7d01b50e0d17dc79C8
-WITHDRAW_LOCK_BLOCK=100
-VERIFYING_SIGNER=0xf39Fd6e51aad88F6F4ce6aB8827279cffFb92266
-VERSION_SALT=0x6660000000000000000000000000000000000000000000000000000000000000
-ENTRY_POINT_ADDRESS=0x5FF137D4b0FDCD49DcA30c7CF57E578a026d2789
-forge script script/deployChainAbstractionSetup.s.sol:DeployChainAbstractionSetup "[0xusdc, 0xusdt]" --sig "run(address[])" --rpc-url=127.0.0.1:854
-```
+Check latest deployment of the [demo cli](demo/constants.ts).

contracts/core/InvoiceManager.sol

@@ -42,6 +42,8 @@ import {IVaultManager} from "../interfaces/IVaultManager.sol";
 contract InvoiceManager is UUPSUpgradeable, OwnableUpgradeable, ReentrancyGuardUpgradeable, IInvoiceManager {
     IVaultManager public vaultManager;
 
+    IPaymasterVerifier public fallbackPaymasterVerifier;
+
     /// @notice Settlememt storage location used as the base for the invoices mapping following EIP-7201.
     // keccak256(abi.encode(uint256(keccak256(bytes("Dialy"))) - 1)) & ~bytes32(uint256(0xff))
     bytes32 private constant SETTLEMENT_STORAGE_LOCATION = 0x1574f0d0c24265911bc4961cda61aadd6e06faacad4bf42a2f89fb53fed1c800;
@@ -62,17 +64,22 @@ contract InvoiceManager is UUPSUpgradeable, OwnableUpgradeable, ReentrancyGuardU
         _disableInitializers();
     }
 
-    function initialize(address initialOwner, IVaultManager _vaultManager) public virtual initializer {
+    function initialize(address initialOwner, IVaultManager _vaultManager, IPaymasterVerifier _fallbackPaymasterVerifier)
+        public
+        virtual
+        initializer
+    {
         __Ownable_init(initialOwner);
         __ReentrancyGuard_init();
 
         vaultManager = _vaultManager;
+        fallbackPaymasterVerifier = _fallbackPaymasterVerifier;
     }
 
     function _authorizeUpgrade(address) internal override onlyOwner {}
 
     modifier onlyPaymaster(address account) {
-        require(cabPaymasters[account].paymaster == msg.sender, "InvoiceManager: caller is not the paymaster");
+        require(cabPaymasters[account].paymaster == msg.sender, "InvoiceManager: unauthorized paymaster");
         _;
     }
 
@@ -119,14 +126,23 @@ contract InvoiceManager is UUPSUpgradeable, OwnableUpgradeable, ReentrancyGuardU
         require(!isInvoiceRepaid[invoiceId], "InvoiceManager: invoice already repaid");
 
         bool isVerified = paymasterVerifier.verifyInvoice(invoiceId, invoice, proof);
-
         if (!isVerified) revert("InvoiceManager: invalid invoice");
-        (IVault[] memory vaults, uint256[] memory amounts) = _getRepayToken(invoice);
 
-        isInvoiceRepaid[invoiceId] = true;
-        vaultManager.withdrawSponsorToken(invoice.account, vaults, amounts, invoice.paymaster);
+        _repay(invoiceId, invoice);
+    }
 
-        emit InvoiceRepaid(invoiceId, invoice.account, invoice.paymaster);
+    /// @inheritdoc IInvoiceManager
+    function fallbackRepay(bytes32 invoiceId, InvoiceWithRepayTokens calldata invoice, bytes calldata proof)
+        external
+        override
+        nonReentrant
+    {
+        require(!isInvoiceRepaid[invoiceId], "InvoiceManager: invoice already repaid");
+
+        bool isVerified = fallbackPaymasterVerifier.verifyInvoice(invoiceId, invoice, proof);
+        if (!isVerified) revert("InvoiceManager: invalid invoice");
+
+        _repay(invoiceId, invoice);
     }
 
     /// @inheritdoc IInvoiceManager
@@ -192,4 +208,13 @@ contract InvoiceManager is UUPSUpgradeable, OwnableUpgradeable, ReentrancyGuardU
             $.slot := SETTLEMENT_STORAGE_LOCATION
         }
     }
+
+    function _repay(bytes32 invoiceId, InvoiceWithRepayTokens calldata invoice) internal {
+        (IVault[] memory vaults, uint256[] memory amounts) = _getRepayToken(invoice);
+
+        isInvoiceRepaid[invoiceId] = true;
+        vaultManager.withdrawSponsorToken(invoice.account, vaults, amounts, invoice.paymaster);
+
+        emit InvoiceRepaid(invoiceId, invoice.account, invoice.paymaster);
+    }
 }

contracts/interfaces/IInvoiceManager.sol

@@ -96,13 +96,21 @@ interface IInvoiceManager {
     function createInvoice(uint256 nonce, address paymaster, bytes32 invoiceId) external;
 
     /**
-     * @notice Repay the invoice.
+     * @notice Verify proof and repay the invoice.
      * @param invoiceId The ID of the invoice.
      * @param invoice The invoice to repay.
      * @param proof The proof of the repayment.
      */
     function repay(bytes32 invoiceId, InvoiceWithRepayTokens calldata invoice, bytes calldata proof) external;
 
+    /**
+     * @notice Verify proof with the fallback verifier and repay the invoice.
+     * @param invoiceId The ID of the invoice.
+     * @param invoice The invoice to repay.
+     * @param proof The proof of the repayment.
+     */
+    function fallbackRepay(bytes32 invoiceId, InvoiceWithRepayTokens calldata invoice, bytes calldata proof) external;
+
     /**
      * @notice Withdraw the locked tokens to the account.
      * @param account The address of the account.

contracts/libraries/LibTokens.sol

@@ -61,6 +61,7 @@ library LibTokens {
     }
 
     function frontToken(address token, address recipient, uint256 amount) internal {
+        //require(store.supported[token], "TokenManager: token not supported");
         // NOTE: use forceApprove to support tokens that require the approval
         // to be set to zero before setting it to a non-zero value, such as USDT.
         token == NATIVE_TOKEN ? _transferNative(recipient, amount) : IERC20(token).forceApprove(recipient, amount);

contracts/mocks/MockInvoiceManager.sol

@@ -40,6 +40,10 @@ contract MockInvoiceManager is IMockInvoiceManager {
         revert("Not implemented");
     }
 
+    function fallbackRepay(bytes32, InvoiceWithRepayTokens calldata, bytes calldata) external {
+        revert("Not implemented");
+    }
+
     function withdrawToAccount(address, IVault[] calldata, uint256[] calldata) external {
         revert("Not implemented");
     }

contracts/paymasters/CABPaymaster.sol

@@ -149,9 +149,11 @@ contract CABPaymaster is BasePaymaster, Initializable {
             parseSponsorTokenData(sponsorTokenData);
         for (uint8 i = 0; i < sponsorTokenLength;) {
             address token = sponsorTokens[i].token;
+
             if (token != LibTokens.NATIVE_TOKEN) {
                 require(IERC20(token).approve(sponsorTokens[i].spender, 0), "CABPaymaster: Reset approval failed");
             }
+
             unchecked {
                 ++i;
             }

script/deployChainAbstractionSetup.s.sol

@@ -6,6 +6,8 @@ import {IVaultManager} from "../contracts/interfaces/IVaultManager.sol";
 import {Script, console} from "forge-std/Script.sol";
 
 import {InvoiceManager} from "../contracts/core/InvoiceManager.sol";
+import {IPaymasterVerifier} from "../contracts/interfaces/IPaymasterVerifier.sol";
+
 import {CABPaymaster} from "../contracts/paymasters/CABPaymaster.sol";
 import {CABPaymasterFactory} from "../contracts/paymasters/CABPaymasterFactory.sol";
 import {UpgradeableOpenfortProxy} from "../contracts/proxy/UpgradeableOpenfortProxy.sol";
@@ -58,7 +60,9 @@ contract DeployChainAbstractionSetup is
         );
 
         console.log("VaultManager Address", address(vaultManager));
-        invoiceManager.initialize(owner, IVaultManager(address(vaultManager)));
+
+        IPaymasterVerifier hashiPaymasterVerifier = deployHashiPaymasterVerifier(address(invoiceManager), owner, versionSalt);
+        invoiceManager.initialize(owner, IVaultManager(address(vaultManager)), hashiPaymasterVerifier);
 
         for (uint256 i = 0; i < tokens.length; i++) {
             address token = tokens[i];
@@ -85,7 +89,6 @@ contract DeployChainAbstractionSetup is
         console.log("Paymaster Address", address(paymaster));
 
         deployPolymerPaymasterVerifier(address(invoiceManager), owner, versionSalt);
-        deployHashiPaymasterVerifier(address(invoiceManager), owner, versionSalt);
 
         vm.stopBroadcast();
     }

script/deployHashiPaymasterVerifier.s.sol

@@ -8,9 +8,13 @@ import {Script, console} from "forge-std/Script.sol";
 contract DeployHashiPaymasterVerifier is Script {
     address internal shoyuBashi = vm.envAddress("SHOYU_BASHI");
 
-    function deployHashiPaymasterVerifier(address _invoiceManager, address _owner, bytes32 _versionSalt) public {
+    function deployHashiPaymasterVerifier(address _invoiceManager, address _owner, bytes32 _versionSalt)
+        public
+        returns (HashiPaymasterVerifier)
+    {
         HashiPaymasterVerifier hashiPaymasterVerifier =
             new HashiPaymasterVerifier{salt: _versionSalt}(IInvoiceManager(_invoiceManager), shoyuBashi, _owner);
         console.log("HashiPaymasterVerifier deployed at ", address(hashiPaymasterVerifier));
+        return hashiPaymasterVerifier;
     }
 }

test/CABPaymater.t.sol

@@ -33,7 +33,7 @@ import {IPaymaster} from "account-abstraction/interfaces/IPaymaster.sol";
 import {MockInvoiceManager} from "../contracts/mocks/MockInvoiceManager.sol";
 
 import {stdJson} from "forge-std/StdJson.sol";
-import {Test} from "forge-std/Test.sol";
+import {Test, console} from "forge-std/Test.sol";
 
 contract CABPaymasterTest is Test {
     using stdJson for string;
@@ -104,12 +104,11 @@ contract CABPaymasterTest is Test {
             )
         );
 
-        invoiceManager.initialize(owner, IVaultManager(address(vaultManager)));
-
         // NOTE: testing with mocked crossL2ProverV1 (real is deprecated)
         // gas report will not reflect the real cost of proving with polymerV1
         crossL2ProverV1 = ICrossL2Prover(address(new MockCrossL2Prover(address(invoiceManager))));
         // NOTE: testing with real crossL2ProverV2
+        // https://docs.polymerlabs.org/docs/build/start
         crossL2ProverV2 = ICrossL2ProverV2(0xcDa03d74DEc5B24071D1799899B2e0653C24e5Fa);
 
         // Initialize the supportedTokens array
@@ -122,14 +121,19 @@ contract CABPaymasterTest is Test {
 
         mockERC20.mint(address(paymaster), PAYMASTER_BASE_MOCK_ERC20_BALANCE);
 
-        assertEq(address(invoiceManager.vaultManager()), address(vaultManager));
         assertEq(address(vaultManager.invoiceManager()), address(invoiceManager));
 
         vm.startPrank(rekt);
 
         polymerPaymasterVerifierV1 = new PolymerPaymasterVerifierV1(invoiceManager, crossL2ProverV1, owner);
         polymerPaymasterVerifierV2 = new PolymerPaymasterVerifierV2(IInvoiceManager(REAL_INVOICE_MANAGER), crossL2ProverV2, owner);
 
+        invoiceManager.initialize(
+            owner, IVaultManager(address(vaultManager)), IPaymasterVerifier(address(polymerPaymasterVerifierV2))
+        );
+
+        assertEq(address(invoiceManager.vaultManager()), address(vaultManager));
+
         invoiceManager.registerPaymaster(
             address(paymaster), IPaymasterVerifier(address(polymerPaymasterVerifierV1)), block.timestamp + 100000
         );
@@ -341,8 +345,6 @@ contract CABPaymasterTest is Test {
         bytes32 expectedInvoiceId =
             invoiceManager.getInvoiceId(rekt, address(paymaster), userOp.nonce, BASE_SEPOLIA_CHAIN_ID, repayTokensBytes);
 
-        // don't know why comparison of paymaster address fails
-        // even though it's the same address
         vm.expectEmit(true, true, true, false);
         emit IInvoiceManager.InvoiceCreated(expectedInvoiceId, rekt, address(paymaster));
         paymaster.postOp(IPaymaster.PostOpMode.opSucceeded, context, 1222, 42);