365 lines
11 KiB
Solidity
365 lines
11 KiB
Solidity
pragma solidity ^0.4.21;
|
|
|
|
import "./Identity.sol";
|
|
import "../token/ERC20Token.sol";
|
|
|
|
/**
|
|
* @title IdentityGasRelay
|
|
* @author Ricardo Guilherme Schmidt (Status Research & Development GmbH)
|
|
* @notice enables economic abstraction for Identity
|
|
*/
|
|
contract IdentityGasRelay is Identity {
|
|
|
|
bytes4 public constant CALL_PREFIX = bytes4(keccak256("callGasRelay(address,uint256,bytes32,uint256,uint256,address)"));
|
|
bytes4 public constant APPROVEANDCALL_PREFIX = bytes4(keccak256("approveAndCallGasRelay(address,address,uint256,bytes32,uint256,uint256)"));
|
|
|
|
event ExecutedGasRelayed(bytes32 signHash, bool success);
|
|
|
|
/**
|
|
* @notice include ethereum signed callHash in return of gas proportional amount multiplied by `_gasPrice` of `_gasToken`
|
|
* allows identity of being controlled without requiring ether in key balace
|
|
* @param _to destination of call
|
|
* @param _value call value (ether)
|
|
* @param _data call data
|
|
* @param _nonce current identity nonce
|
|
* @param _gasPrice price in SNT paid back to msg.sender for each gas unit used
|
|
* @param _gasLimit minimal gasLimit required to execute this call
|
|
* @param _gasToken token being used for paying `msg.sender`
|
|
* @param _messageSignatures rsv concatenated ethereum signed message signatures required
|
|
*/
|
|
function callGasRelayed(
|
|
address _to,
|
|
uint256 _value,
|
|
bytes _data,
|
|
uint _nonce,
|
|
uint _gasPrice,
|
|
uint _gasLimit,
|
|
address _gasToken,
|
|
bytes _messageSignatures
|
|
)
|
|
external
|
|
{
|
|
uint startGas = gasleft();
|
|
require(startGas >= _gasLimit);
|
|
//verify transaction parameters
|
|
require(_nonce == nonce);
|
|
;
|
|
// calculates signHash
|
|
bytes32 signHash = getSignHash(
|
|
callGasRelayHash(
|
|
_to,
|
|
_value,
|
|
keccak256(_data),
|
|
_nonce,
|
|
_gasPrice,
|
|
_gasLimit,
|
|
_gasToken
|
|
)
|
|
);
|
|
|
|
//verify if signatures are valid and came from correct actors;
|
|
verifySignatures(
|
|
_to == address(this) ? MANAGEMENT_KEY : ACTION_KEY,
|
|
signHash,
|
|
_messageSignatures
|
|
);
|
|
|
|
//executes transaction
|
|
nonce++;
|
|
bool success = _to.call.value(_value)(_data);
|
|
emit ExecutedGasRelayed(
|
|
signHash,
|
|
success
|
|
);
|
|
|
|
//refund gas used using contract held ERC20 tokens or ETH
|
|
if (_gasPrice > 0) {
|
|
uint256 _amount = 21000 + (startGas - gasleft());
|
|
_amount = _amount * _gasPrice;
|
|
if (_gasToken == address(0)) {
|
|
address(msg.sender).transfer(_amount);
|
|
} else {
|
|
ERC20Token(_gasToken).transfer(msg.sender, _amount);
|
|
}
|
|
}
|
|
}
|
|
|
|
/**
|
|
* @notice include ethereum signed approve ERC20 and call hash
|
|
* (`ERC20Token(baseToken).approve(_to, _value)` + `_to.call(_data)`).
|
|
* in return of gas proportional amount multiplied by `_gasPrice` of `_gasToken`
|
|
* fixes race condition in double transaction for ERC20.
|
|
* @param _baseToken token approved for `_to`
|
|
* @param _to destination of call
|
|
* @param _value call value (ether)
|
|
* @param _data call data
|
|
* @param _nonce current identity nonce
|
|
* @param _gasPrice price in SNT paid back to msg.sender for each gas unit used
|
|
* @param _gasLimit minimal gasLimit required to execute this call
|
|
* @param _gasToken token being used for paying `msg.sender`
|
|
* @param _messageSignatures rsv concatenated ethereum signed message signatures required
|
|
*/
|
|
function approveAndCallGasRelayed(
|
|
address _baseToken,
|
|
address _to,
|
|
uint256 _value,
|
|
bytes _data,
|
|
uint _nonce,
|
|
uint _gasPrice,
|
|
uint _gasLimit,
|
|
address _gasToken,
|
|
bytes _messageSignatures
|
|
)
|
|
external
|
|
{
|
|
uint startGas = gasleft();
|
|
require(startGas >= _gasLimit);
|
|
//verify transaction parameters
|
|
require(_nonce == nonce);
|
|
require(_baseToken != address(0)); //_baseToken should be something!
|
|
require(_to != address(this)); //no management with approveAndCall
|
|
|
|
// calculates signHash
|
|
bytes32 signHash = getSignHash(
|
|
approveAndCallGasRelayHash(
|
|
_baseToken,
|
|
_to,
|
|
_value,
|
|
keccak256(_data),
|
|
_nonce,
|
|
_gasPrice,
|
|
_gasLimit,
|
|
_gasToken
|
|
)
|
|
);
|
|
|
|
//verify if signatures are valid and came from correct actors;
|
|
verifySignatures(
|
|
ACTION_KEY, //no management with approveAndCall
|
|
signHash,
|
|
_messageSignatures
|
|
);
|
|
|
|
approveAndCall(
|
|
signHash,
|
|
_baseToken,
|
|
_to,
|
|
_value,
|
|
_data
|
|
);
|
|
|
|
//refund gas used using contract held ERC20 tokens or ETH
|
|
if (_gasPrice > 0) {
|
|
uint256 _amount = 21000 + (startGas - gasleft());
|
|
_amount = _amount * _gasPrice;
|
|
if (_gasToken == address(0)) {
|
|
address(msg.sender).transfer(_amount);
|
|
} else {
|
|
ERC20Token(_gasToken).transfer(msg.sender, _amount);
|
|
}
|
|
}
|
|
|
|
}
|
|
|
|
/**
|
|
* @notice reverts if signatures are not valid for the signed hash and required key type.
|
|
* @param _requiredKey key required to call, if _to from payload is the identity itself, is `MANAGEMENT_KEY`, else `ACTION_KEY`
|
|
* @param _signHash ethereum signable callGasRelayHash message provided for the payload
|
|
* @param _messageSignatures ethereum signed `_signHash` messages
|
|
* @return true case valid
|
|
*/
|
|
function verifySignatures(
|
|
uint256 _requiredKey,
|
|
bytes32 _signHash,
|
|
bytes _messageSignatures
|
|
)
|
|
public
|
|
view
|
|
returns(bool)
|
|
{
|
|
uint _amountSignatures = _messageSignatures.length / 72;
|
|
require(_amountSignatures == minimumApprovalsByKeyPurpose[_requiredKey]);
|
|
bytes32 _lastKey = 0;
|
|
for (uint256 i = 0; i < _amountSignatures; i++) {
|
|
bytes32 _currentKey = recoverKey(
|
|
_signHash,
|
|
_messageSignatures,
|
|
i
|
|
);
|
|
require(_currentKey > _lastKey); //assert keys are different
|
|
require(isKeyPurpose(_currentKey, _requiredKey));
|
|
_lastKey = _currentKey;
|
|
}
|
|
return true;
|
|
}
|
|
|
|
|
|
/**
|
|
* @notice get callHash
|
|
* @param _to destination of call
|
|
* @param _value call value (ether)
|
|
* @param _dataHash call data hash
|
|
* @param _nonce current identity nonce
|
|
* @param _gasPrice price in SNT paid back to msg.sender for each gas unit used
|
|
* @param _gasLimit minimal gasLimit required to execute this call
|
|
* @param _gasToken token being used for paying `msg.sender`
|
|
* @return callGasRelayHash the hash to be signed by wallet
|
|
*/
|
|
function callGasRelayHash(
|
|
address _to,
|
|
uint256 _value,
|
|
bytes32 _dataHash,
|
|
uint _nonce,
|
|
uint256 _gasPrice,
|
|
uint256 _gasLimit,
|
|
address _gasToken
|
|
)
|
|
public
|
|
view
|
|
returns (bytes32 _callGasRelayHash)
|
|
{
|
|
_callGasRelayHash = keccak256(
|
|
address(this),
|
|
CALL_PREFIX,
|
|
_to,
|
|
_value,
|
|
_dataHash,
|
|
_nonce,
|
|
_gasPrice,
|
|
_gasLimit,
|
|
_gasToken
|
|
);
|
|
}
|
|
|
|
|
|
/**
|
|
* @notice get callHash
|
|
* @param _to destination of call
|
|
* @param _value call value (ether)
|
|
* @param _dataHash call data hash
|
|
* @param _nonce current identity nonce
|
|
* @param _gasPrice price in SNT paid back to msg.sender for each gas unit used
|
|
* @param _gasLimit minimal gasLimit required to execute this call
|
|
* @param _gasToken token being used for paying `msg.sender`
|
|
* @return callGasRelayHash the hash to be signed by wallet
|
|
*/
|
|
function approveAndCallGasRelayHash(
|
|
address _baseToken,
|
|
address _to,
|
|
uint256 _value,
|
|
bytes32 _dataHash,
|
|
uint _nonce,
|
|
uint256 _gasPrice,
|
|
uint256 _gasLimit,
|
|
address _gasToken
|
|
)
|
|
public
|
|
view
|
|
returns (bytes32 _callGasRelayHash)
|
|
{
|
|
_callGasRelayHash = keccak256(
|
|
address(this),
|
|
APPROVEANDCALL_PREFIX,
|
|
_baseToken,
|
|
_to,
|
|
_value,
|
|
_dataHash,
|
|
_nonce,
|
|
_gasPrice,
|
|
_gasLimit,
|
|
_gasToken
|
|
);
|
|
}
|
|
|
|
/**
|
|
* @notice Hash a hash with `"\x19Ethereum Signed Message:\n32"`
|
|
* @param _hash Sign to hash.
|
|
* @return signHash Hash ethereum wallet signs.
|
|
*/
|
|
function getSignHash(
|
|
bytes32 _hash
|
|
)
|
|
pure
|
|
public
|
|
returns(bytes32 signHash)
|
|
{
|
|
signHash = keccak256("\x19Ethereum Signed Message:\n32", _hash);
|
|
}
|
|
|
|
/**
|
|
* @notice recovers address who signed the message
|
|
* @param _signHash operation ethereum signed message hash
|
|
* @param _messageSignature message `_signHash` signature
|
|
* @param _pos which signature to read
|
|
*/
|
|
function recoverKey (
|
|
bytes32 _signHash,
|
|
bytes _messageSignature,
|
|
uint256 _pos
|
|
)
|
|
pure
|
|
public
|
|
returns(bytes32)
|
|
{
|
|
uint8 v;
|
|
bytes32 r;
|
|
bytes32 s;
|
|
(v,r,s) = signatureSplit(_messageSignature, _pos);
|
|
return bytes32(
|
|
ecrecover(
|
|
_signHash,
|
|
v,
|
|
r,
|
|
s
|
|
)
|
|
);
|
|
}
|
|
|
|
/**
|
|
* @dev divides bytes signature into `uint8 v, bytes32 r, bytes32 s`
|
|
* @param _pos which signature to read
|
|
* @param _signatures concatenated vrs signatures
|
|
*/
|
|
function signatureSplit(bytes _signatures, uint256 _pos)
|
|
pure
|
|
public
|
|
returns (uint8 v, bytes32 r, bytes32 s)
|
|
{
|
|
uint pos = _pos + 1;
|
|
// The signature format is a compact form of:
|
|
// {bytes32 r}{bytes32 s}{uint8 v}
|
|
// Compact means, uint8 is not padded to 32 bytes.
|
|
assembly {
|
|
r := mload(add(_signatures, mul(32,pos)))
|
|
s := mload(add(_signatures, mul(64,pos)))
|
|
// Here we are loading the last 32 bytes, including 31 bytes
|
|
// of 's'. There is no 'mload8' to do this.
|
|
//
|
|
// 'byte' is not working due to the Solidity parser, so lets
|
|
// use the second best option, 'and'
|
|
v := and(mload(add(_signatures, mul(65,pos))), 0xff)
|
|
}
|
|
|
|
require(v == 27 || v == 28);
|
|
}
|
|
|
|
function approveAndCall(
|
|
bytes32 _signHash,
|
|
address _token,
|
|
address _to,
|
|
uint256 _value,
|
|
bytes _data
|
|
)
|
|
private
|
|
{
|
|
//executes transaction
|
|
nonce++;
|
|
ERC20Token(_token).approve(_to, _value);
|
|
emit ExecutedGasRelayed(
|
|
_signHash,
|
|
_to.call(_data)
|
|
);
|
|
|
|
}
|
|
|
|
} |