Prepare for upgraded logic
Signed-off-by: T-Hax <>
This commit is contained in:
parent
00cfc29fa0
commit
ed6efafabc
@ -4,7 +4,7 @@ module.exports = {
|
||||
governance: '0x5efda50f22d34F262c29268506C5Fa42cB56A1Ce',
|
||||
instanceRegistry: '0xB20c66C4DE72433F3cE747b58B86830c459CA911',
|
||||
router: '0xd90e2f925DA726b50C4Ed8D0Fb90Ad053324F31b',
|
||||
merkleTreeHeight: 20,
|
||||
merkleTreeHeight: 24,
|
||||
singletonFactory: '0xce0042B868300000d44A59004Da54A005ffdcf9f',
|
||||
singletonFactoryVerboseWrapper: '0xCEe71753C9820f063b38FDbE4cFDAf1d3D928A80',
|
||||
salt: '0x0000000000000000000000000000000000000000000000000000000047941987',
|
||||
|
@ -7,24 +7,6 @@ pragma abicoder v2;
|
||||
|
||||
import "../core/ERC20Tornado.sol";
|
||||
|
||||
/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ INTERFACES ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
|
||||
|
||||
interface ITornadoRouter {
|
||||
function relayerRegistry() external view returns (address);
|
||||
|
||||
function instanceRegistry() external view returns (address);
|
||||
}
|
||||
|
||||
interface IRelayerRegistry {
|
||||
function burn(address, address, address) external;
|
||||
}
|
||||
|
||||
interface IInstanceRegistry {
|
||||
function instanceData(address) external view returns (address, uint80, bool, bool);
|
||||
}
|
||||
|
||||
/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CONTRACT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
|
||||
|
||||
/**
|
||||
* @title ERC20TornadoCloneable
|
||||
* @author AlienTornadosaurusHex
|
||||
@ -99,56 +81,15 @@ contract ERC20TornadoCloneable is ERC20Tornado {
|
||||
router = _router;
|
||||
}
|
||||
|
||||
/**
|
||||
* @notice This function is a permissionless function which, if the infra is dead, immediately downgrades
|
||||
the address of the router to address(0), which makes the instance function as any of the older
|
||||
instances.
|
||||
* @dev We will disable the current infra and call this function once we deploy a new infrastructure
|
||||
system which will require the relayers to have a wallet-like smart contract, because then
|
||||
frontends will be able to build proofs for it, and as such there will be no need for this bullshit.
|
||||
*/
|
||||
function checkInfrastructureIsDead() public virtual {
|
||||
require(router != address(0), "infrastructure already dead");
|
||||
|
||||
try
|
||||
// Amount of gas forwarded specified so a potential hijacker can't break the system
|
||||
// by allowing this to not revert, but making it enough gas so router reverts
|
||||
IRelayerRegistry(ITornadoRouter(router).relayerRegistry()).burn{ gas: 100_000 }(
|
||||
msg.sender, // Such that it can't be hardcoded for which person
|
||||
address(0),
|
||||
address(this) // This will get passed in the withdraw function
|
||||
)
|
||||
{
|
||||
/* Do nothing since registry is ok */
|
||||
} catch {
|
||||
router = address(0);
|
||||
return;
|
||||
}
|
||||
|
||||
try
|
||||
// Amount of gas forwarded specified so a potential hijacker can't break the system
|
||||
// by allowing this to not revert, but making it enough gas so router reverts
|
||||
IInstanceRegistry(ITornadoRouter(router).instanceRegistry()).instanceData{ gas: 3_000 }(address(this))
|
||||
returns (address _token, uint80, bool _isERC20, bool _isEnabled) {
|
||||
if (IERC20(_token) != token || !_isERC20 || !_isEnabled) {
|
||||
router = address(0);
|
||||
}
|
||||
} catch {
|
||||
router = address(0);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @notice Alright so first of all, the contract is still permissionless with
|
||||
this function. If the `_relayer` field is set to address(0), transactions
|
||||
will still work (because of the router). This means, that what this blocks
|
||||
is relayers which are not registered from processing transactions, while
|
||||
manual user deposits and transactions still work. This is done because, the
|
||||
entire intention of the system was to make it economically (similarly to
|
||||
this function. Both normal users and relayers can withdraw from the contract
|
||||
because there is no checks with external contracts, and instead relayers are
|
||||
slashed because for any relayer assisted withdraw, some data is stored.
|
||||
For Governance relayers, slashing is done because, the entire point
|
||||
of the relayer registry system should be to make it economically (similar to
|
||||
proof of stake) sybil resistant, but the system has the issue that it can
|
||||
be avoided. So, this is a temporary fix for this until we don't make a full
|
||||
system upgrade after which will we disable this trash by disabling the infra
|
||||
and calling `checkInfrastructureIsDead()`.
|
||||
be avoided.
|
||||
* @param _recipient The recipient address of the withdraw.
|
||||
* @param _relayer The relayer address of the withdraw. Must be a registered
|
||||
relayer otherwise router reverts.
|
||||
@ -161,16 +102,7 @@ contract ERC20TornadoCloneable is ERC20Tornado {
|
||||
uint256 _fee,
|
||||
uint256 _refund
|
||||
) internal virtual override {
|
||||
// This is the part which we don't check if infra is down
|
||||
if (router != address(0)) {
|
||||
require(msg.sender == router, "if infrastructure not dead, router must be caller");
|
||||
}
|
||||
|
||||
// This check should make sure that a user doesn't doom his refund by chance
|
||||
if (_relayer == address(0)) {
|
||||
require(_fee == 0 && _refund == 0, "no fees and refunds if no relayer");
|
||||
}
|
||||
|
||||
require(msg.sender == router, "ERC20TornadoCloneable: onlyRouter");
|
||||
// Call the regular super version of the function
|
||||
super._processWithdraw(_recipient, _relayer, _fee, _refund);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user