Generalized Proofs

package.json

@@ -29,7 +29,6 @@
     "fs": "^0.0.1-security",
     "hardhat": "^2.12.4",
     "hardhat-preprocessor": "^0.1.5",
-    "husky": "^8.0.3",
     "ts-node": "^10.9.1",
     "typescript": "^4.9.4",
     "yargs": "^17.7.2"

src/contracts/interfaces/IEigenPod.sol

@@ -49,6 +49,15 @@ interface IEigenPod {
         int256 sharesDeltaGwei;
     }
 
+    struct VerifiedPartialWithdrawalBatch{
+        // amount being proven for withdrawal
+        uint64 provenPartialWithdrawalSumGwei;
+        // the latest timestamp proven until
+        uint64 mostRecentWithdrawalTimestamp;
+        // upper bound of the withdrawal period
+        uint64 endTimestamp;
+    }
+
 
     enum PARTIAL_WITHDRAWAL_CLAIM_STATUS {
         REDEEMED,
@@ -94,7 +103,6 @@ interface IEigenPod {
     /// @notice Emitted when ETH that was previously received via the `receive` fallback is withdrawn
     event NonBeaconChainETHWithdrawn(address indexed recipient, uint256 amountWithdrawn);
 
-
     /// @notice The max amount of eth, in gwei, that can be restaked per validator
     function MAX_RESTAKED_BALANCE_GWEI_PER_VALIDATOR() external view returns (uint64);
 
@@ -220,4 +228,10 @@ interface IEigenPod {
 
     /// @notice called by owner of a pod to remove any ERC20s deposited in the pod
     function recoverTokens(IERC20[] memory tokenList, uint256[] memory amountsToWithdraw, address recipient) external;
+
+    function fulfillPartialWithdrawalProofRequest(
+        IEigenPod.VerifiedPartialWithdrawalBatch calldata verifiedPartialWithdrawalBatch,
+        uint64 feeGwei,
+        address feeRecipient
+    ) external;
 }

src/contracts/interfaces/IEigenPodManager.sol

@@ -29,6 +29,12 @@ interface IEigenPodManager is IPausable {
     /// @notice Emitted when `maxPods` value is updated from `previousValue` to `newValue`
     event MaxPodsUpdated(uint256 previousValue, uint256 newValue);
 
+    /// @notice Emitted when a new proof fulfiller is added
+    event ProofServiceUpdated(ProofService proofService);
+
+    /// @notice emitted when the partial withdrawal proof switch is turned on
+    event ProofServiceEnabled();
+
     /// @notice Emitted when a withdrawal of beacon chain ETH is completed
     event BeaconChainETHWithdrawalCompleted(
         address indexed podOwner,
@@ -39,6 +45,51 @@ interface IEigenPodManager is IPausable {
         bytes32 withdrawalRoot
     );
 
+    //info for each withdrawal called back by proof service
+    struct WithdrawalCallbackInfo {
+        // oracle timestamp
+        uint64 oracleTimestamp;
+        // prover fee for each pod being proven for
+        uint64[] feesGwei;
+        /// @notice SNARK proof acting as the cryptographic seal over the execution results.
+        bytes seal;
+        /// @notice Digest of the zkVM SystemState after execution.
+        /// @dev The relay does not additionally check any property of this digest, but needs the
+        /// digest in order to reconstruct the ReceiptMetadata hash to which the proof is linked.
+        bytes32 postStateDigest;
+        //journal generated by offchain proof
+        Journal journal;
+        // imageID generated by offchain proof
+        bytes32 imageId;
+    }
+
+    struct Journal {
+        // amount being proven for withdrawal
+        uint64[] provenPartialWithdrawalSumsGwei;
+        // computed blockRoot
+        bytes32 blockRoot;
+        // the address of the pod being proven for
+        address[] podAddresses;
+        // the address of the pod owner
+        address[] podOwners;
+        // the latest timestamp proven until
+        uint64[] mostRecentWithdrawalTimestamps;
+        // upper bound of the withdrawal period
+        uint64[] endTimestamps;
+        // user signed fee
+        uint64[] maxFeesGwei;
+        //request nonce
+        uint64 nonce;
+    }
+
+    struct ProofService {
+        address caller;
+        // fee recipient address of the proof service
+        address feeRecipient;
+        //address of the groth-16 verifier contract
+        address verifier;
+    }
+
     /**
      * @notice Creates an EigenPod for the sender.
      * @dev Function will revert if the `msg.sender` already has an EigenPod.
@@ -143,4 +194,20 @@ interface IEigenPodManager is IPausable {
      * @dev Reverts if `shares` is not a whole Gwei amount
      */
     function withdrawSharesAsTokens(address podOwner, address destination, uint256 shares) external;
+
+
+    /// @notice Returns the status of the proof service
+    function proofServiceEnabled() external view returns (bool);
+
+    /// @notice turns on offchain proof service
+    function enableProofService() external;
+
+    /// @notice updates the proof service caller
+    function updateProofService(ProofService calldata newProofService) external;
+
+    /// @notice callback for proof service
+    function proofServiceCallback(
+        WithdrawalCallbackInfo calldata callbackInfo
+    ) external;
+
 }

src/contracts/interfaces/IRiscZeroVerifier.sol

@@ -0,0 +1,88 @@
+// Copyright 2023 RISC Zero, Inc.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// SPDX-License-Identifier: Apache-2.0
+
+pragma solidity ^0.8.9;
+
+/// @notice Indicator for the overall system at the end of execution covered by this proof.
+enum SystemExitCode {
+    Halted,
+    Paused,
+    SystemSplit
+}
+
+/// @notice Combination of system and user exit codes.
+/// @dev If system exit code is SystemSplit, the user exit code must be zero.
+struct ExitCode {
+    SystemExitCode system;
+    uint8 user;
+}
+
+/// @notice Data associated with a receipt which is used for both input and
+/// output of global state.
+struct ReceiptMetadata {
+    /// Digest of the SystemState of a segment just before execution has begun.
+    bytes32 preStateDigest;
+    /// Digest of the SystemState of a segment just after execution has completed.
+    bytes32 postStateDigest;
+    /// The exit code for a segment
+    ExitCode exitCode;
+    /// A digest of the input, from the viewpoint of the guest.
+    bytes32 input;
+    /// A digest of the journal, from the viewpoint of the guest.
+    bytes32 output;
+}
+
+library ReceiptMetadataLib {
+    bytes32 constant TAG_DIGEST = sha256("risc0.ReceiptMeta");
+
+    function digest(ReceiptMetadata memory meta) internal pure returns (bytes32) {
+        return sha256(
+            abi.encodePacked(
+                TAG_DIGEST,
+                // down
+                meta.input,
+                meta.preStateDigest,
+                meta.postStateDigest,
+                meta.output,
+                // data
+                uint32(meta.exitCode.system) << 24,
+                uint32(meta.exitCode.user) << 24,
+                // down.length
+                uint16(4) << 8
+            )
+        );
+    }
+}
+
+struct Receipt {
+    bytes seal;
+    ReceiptMetadata meta;
+}
+
+interface IRiscZeroVerifier {
+    /// @notice verify that the given receipt is a valid Groth16 RISC Zero recursion receipt.
+    /// @return true if the receipt passes the verification checks.
+    function verify(Receipt calldata receipt) external view returns (bool);
+
+    /// @notice verifies that the given seal is a valid Groth16 RISC Zero proof of execution over the
+    ///     given image ID, post-state digest, and journal. Asserts that the input hash
+    //      is all-zeros (i.e. no committed input) and the exit code is (Halted, 0).
+    /// @return true if the receipt passes the verification checks.
+    function verify(bytes calldata seal, bytes32 imageId, bytes32 postStateDigest, bytes32 journalHash)
+        external
+        view
+        returns (bool);
+}

src/contracts/pods/EigenPod.sol

@@ -92,7 +92,7 @@
     uint256 public nonBeaconChainETHBalanceWei;
 
      /// @notice This variable tracks the total amount of partial withdrawals claimed via merkle proofs prior to a switch to ZK proofs for claiming partial withdrawals
-    uint64 public sumOfPartialWithdrawalsClaimedGwei;
+    uint64 public sumOfPartialWithdrawalsClaimedViaMerkleProvenGwei;
 
     modifier onlyEigenPodManager() {
         require(msg.sender == address(eigenPodManager), "EigenPod.onlyEigenPodManager: not eigenPodManager");
@@ -311,7 +311,6 @@
                 (validatorFieldsProofs.length == validatorFields.length),
             "EigenPod.verifyWithdrawalCredentials: validatorIndices and proofs must be same length"
         );
-
         /**
          * Withdrawal credential proof should not be "stale" (older than VERIFY_BALANCE_UPDATE_WINDOW_SECONDS) as we are doing a balance check here
          * The validator container persists as the state evolves and even after the validator exits. So we can use a more "fresh" credential proof within
@@ -428,6 +427,49 @@
         _sendETH(recipient, amountWei);
     }
 
+
+    /*******************************************************************************
+                    EXTERNAL FUNCTIONS CALLABLE BY PERMISSIONED SERVICES
+    *******************************************************************************/
+
+    /// @notice Called by the EigenPodManager to fulfill a partial withdrawal proof request
+    function fulfillPartialWithdrawalProofRequest(
+        IEigenPod.VerifiedPartialWithdrawalBatch calldata verifiedPartialWithdrawalBatch,
+        uint64 feeGwei,
+        address feeRecipient
+    ) external onlyEigenPodManager {
+
+        require(verifiedPartialWithdrawalBatch.mostRecentWithdrawalTimestamp == mostRecentWithdrawalTimestamp, "EigenPod.fulfillPartialWithdrawalProofRequest: proven mostRecentWithdrawalTimestamp must match mostRecentWithdrawalTimestamp in the EigenPod");
+        require(mostRecentWithdrawalTimestamp < verifiedPartialWithdrawalBatch.endTimestamp, "EigenPod.fulfillPartialWithdrawalProofRequest: mostRecentWithdrawalTimestamp must precede endTimestamp");
+
+        require(verifiedPartialWithdrawalBatch.provenPartialWithdrawalSumGwei >= feeGwei, "EigenPod.fulfillPartialWithdrawalProofRequest: provenPartialWithdrawalSumGwei must be greater than the fee");
+
+        //update mostRecentWithdrawalTimestamp to currently proven endTimestamp
+        mostRecentWithdrawalTimestamp = verifiedPartialWithdrawalBatch.endTimestamp;
+
+        uint64 provenPartialWithdrawalSumGwei = verifiedPartialWithdrawalBatch.provenPartialWithdrawalSumGwei;
+        // subtract an partial withdrawals that may have been claimed via merkle proofs
+        if(provenPartialWithdrawalSumGwei > sumOfPartialWithdrawalsClaimedViaMerkleProvenGwei){
+            if(sumOfPartialWithdrawalsClaimedViaMerkleProvenGwei > 0){
+                provenPartialWithdrawalSumGwei -= sumOfPartialWithdrawalsClaimedViaMerkleProvenGwei;
+                sumOfPartialWithdrawalsClaimedViaMerkleProvenGwei = 0;
+            }
+
+            //Once sumOfPartialWithdrawalsClaimedViaMerkleProvenGwei, we need to ensure that there is enough ETH in the pod to pay the fee
+            if(provenPartialWithdrawalSumGwei >= feeGwei){
+                provenPartialWithdrawalSumGwei -= feeGwei;
+                //send proof service their fee
+                AddressUpgradeable.sendValue(payable(feeRecipient), feeGwei);
+            }
+            if(provenPartialWithdrawalSumGwei > 0){
+                _sendETH_AsDelayedWithdrawal(podOwner, provenPartialWithdrawalSumGwei);
+            }
+
+        } else {
+            sumOfPartialWithdrawalsClaimedViaMerkleProvenGwei -= provenPartialWithdrawalSumGwei;
+        }
+    }
+
     /*******************************************************************************
                                 INTERNAL FUNCTIONS
     *******************************************************************************/
@@ -712,14 +754,18 @@
         address recipient,
         uint64 partialWithdrawalAmountGwei
     ) internal returns (VerifiedWithdrawal memory) {
+        require(
+            !eigenPodManager.proofServiceEnabled(),
+            "EigenPod._processPartialWithdrawal: partial withdrawal merkle proofs are disabled"
+        );
         emit PartialWithdrawalRedeemed(
             validatorIndex,
             withdrawalTimestamp,
             recipient,
             partialWithdrawalAmountGwei
         );
 
-        sumOfPartialWithdrawalsClaimedGwei += partialWithdrawalAmountGwei;
+        sumOfPartialWithdrawalsClaimedViaMerkleProvenGwei += partialWithdrawalAmountGwei;
 
         // For partial withdrawals, the withdrawal amount is immediately sent to the pod owner
         return
@@ -788,13 +834,15 @@
         return _validatorPubkeyHashToInfo[pubkeyHash].status;
     }
 
+
         /// @notice Returns the validator status for a given validatorPubkey
     function validatorStatus(bytes calldata validatorPubkey) external view returns (VALIDATOR_STATUS) {
         bytes32 validatorPubkeyHash = _calculateValidatorPubkeyHash(validatorPubkey);
         return _validatorPubkeyHashToInfo[validatorPubkeyHash].status;
     }
 
 
+
     /**
      * @dev This empty reserved space is put in place to allow future versions to add new
      * variables without shifting down storage in the inheritance chain.