Generalized Proofs

src/contracts/interfaces/IEigenPod.sol

@@ -94,7 +94,6 @@ interface IEigenPod {
     /// @notice Emitted when ETH that was previously received via the `receive` fallback is withdrawn
     event NonBeaconChainETHWithdrawn(address indexed recipient, uint256 amountWithdrawn);
 
-
     /// @notice The max amount of eth, in gwei, that can be restaked per validator
     function MAX_RESTAKED_BALANCE_GWEI_PER_VALIDATOR() external view returns (uint64);
 
@@ -215,4 +214,9 @@ interface IEigenPod {
 
     /// @notice called by owner of a pod to remove any ERC20s deposited in the pod
     function recoverTokens(IERC20[] memory tokenList, uint256[] memory amountsToWithdraw, address recipient) external;
+
+    function fulfillPartialWithdrawalProofRequest(
+        IEigenPodManager.WithdrawalCallbackInfo calldata withdrawalCallbackInfo,
+        address feeRecipient
+    ) external;
 }

src/contracts/interfaces/IEigenPodManager.sol

@@ -29,6 +29,9 @@ interface IEigenPodManager is IPausable {
     /// @notice Emitted when `maxPods` value is updated from `previousValue` to `newValue`
     event MaxPodsUpdated(uint256 previousValue, uint256 newValue);
 
+    /// @notice Emitted when a new proof fulfiller is added
+    event ProofServiceUpdated(address indexed proofService);
+
     /// @notice Emitted when a withdrawal of beacon chain ETH is completed
     event BeaconChainETHWithdrawalCompleted(
         address indexed podOwner,
@@ -39,6 +42,24 @@ interface IEigenPodManager is IPausable {
         bytes32 withdrawalRoot
     );
 
+    //info for each withdrawal called back by proof service
+    struct WithdrawalCallbackInfo {
+        address podOwner;
+        uint64 startTimestamp;
+        uint64 endTimestamp;
+        uint256 provenPartialWithdrawalSumWei;
+        uint256 fee;
+    }
+
+
+    struct ProofService {
+        address caller;
+        // whether or not the proof fulfiller has been added
+        uint256 maxFee;
+        // the commission rate of the proof fulfiller
+        address feeRecipient;
+    }
+
     /**
      * @notice Creates an EigenPod for the sender.
      * @dev Function will revert if the `msg.sender` already has an EigenPod.
@@ -143,4 +164,11 @@ interface IEigenPodManager is IPausable {
      * @dev Reverts if `shares` is not a whole Gwei amount
      */
     function withdrawSharesAsTokens(address podOwner, address destination, uint256 shares) external;
+
+
+    /// @notice Returns the status of the proof switch
+    function partialWithdrawalProofSwitch() external view returns (bool);
+
+    function updateProofService(address fulfiller, uint256 feeBips, address feeRecipient) external; 
+
 }

src/contracts/pods/EigenPod.sol

@@ -20,6 +20,9 @@
 
 import "./EigenPodPausingConstants.sol";
 
+
+import "forge-std/Test.sol";
+
 /**
  * @title The implementation contract used for restaking beacon chain ETH on EigenLayer
  * @author Layr Labs, Inc.
@@ -35,7 +38,7 @@
  * @dev Note that all beacon chain balances are stored as gwei within the beacon chain datastructures. We choose
  *   to account balances in terms of gwei in the EigenPod contract and convert to wei when making calls to other contracts
  */
-contract EigenPod is IEigenPod, Initializable, ReentrancyGuardUpgradeable, EigenPodPausingConstants {
+contract EigenPod is IEigenPod, Initializable, ReentrancyGuardUpgradeable, EigenPodPausingConstants, Test {
     using BytesLib for bytes;
     using SafeERC20 for IERC20;
     using BeaconChainProofs for *;
@@ -94,6 +97,9 @@
      /// @notice This variable tracks the total amount of partial withdrawals claimed via merkle proofs prior to a switch to ZK proofs for claiming partial withdrawals
     uint64 public sumOfPartialWithdrawalsClaimedGwei;
 
+    /// @notice This variable tracks the timestamp at which the last partial withdrawal was proven via ZK proofs
+    uint64 public withdrawalProvenUntilTimestamp;
+
     modifier onlyEigenPodManager() {
         require(msg.sender == address(eigenPodManager), "EigenPod.onlyEigenPodManager: not eigenPodManager");
         _;
@@ -124,6 +130,11 @@
         _;
     }
 
+    modifier partialWithdrawalProofSwitchOff() {
+        require(!eigenPodManager.partialWithdrawalProofSwitch(), "EigenPod.partialWithdrawalProofSwitchOff: partial withdrawal proof switch is on");
+        _;
+    }
+
     /**
      * @notice Based on 'Pausable' code, but uses the storage of the EigenPodManager instead of this contract. This construction
      * is necessary for enabling pausing all EigenPods at the same time (due to EigenPods being Beacon Proxies).
@@ -311,7 +322,6 @@
                 (validatorFieldsProofs.length == validatorFields.length),
             "EigenPod.verifyWithdrawalCredentials: validatorIndices and proofs must be same length"
         );
-
         /**
          * Withdrawal credential proof should not be "stale" (older than VERIFY_BALANCE_UPDATE_WINDOW_SECONDS) as we are doing a balance check here
          * The validator container persists as the state evolves and even after the validator exits. So we can use a more "fresh" credential proof within
@@ -428,6 +438,36 @@
         _sendETH(recipient, amountWei);
     }
 
+
+    /*******************************************************************************
+                    EXTERNAL FUNCTIONS CALLABLE BY PERMISSIONED SERVICES
+    *******************************************************************************/
+
+    function fulfillPartialWithdrawalProofRequest(
+        IEigenPodManager.WithdrawalCallbackInfo calldata withdrawalCallbackInfo,
+        address feeRecipient
+    ) external onlyEigenPodManager  {
+        //TODO: figure if we wanna do the first proof from genesis time or not
+        if(withdrawalProvenUntilTimestamp == 0){
+            withdrawalProvenUntilTimestamp = GENESIS_TIME;
+        }
+        uint256 provenPartialWithdrawalSumWei = withdrawalCallbackInfo.provenPartialWithdrawalSumWei;
+
+        require(withdrawalCallbackInfo.startTimestamp < withdrawalCallbackInfo.endTimestamp, "EigenPod.fulfillPartialWithdrawalProofRequest: startTimestamp must precede endTimestamp");
+        require(withdrawalCallbackInfo.startTimestamp == withdrawalProvenUntilTimestamp, "EigenPod.fulfillPartialWithdrawalProofRequest: startTimestamp must match withdrawalProvenUntilTimestamp");
+        provenPartialWithdrawalSumWei -= withdrawalCallbackInfo.fee;
+        //send proof service their fee
+        AddressUpgradeable.sendValue(payable(feeRecipient), withdrawalCallbackInfo.fee);
+
+        //subtract an partial withdrawals that may have been claimed via merkle proofs
+        if(provenPartialWithdrawalSumWei > sumOfPartialWithdrawalsClaimedGwei * GWEI_TO_WEI) {
+            provenPartialWithdrawalSumWei -= sumOfPartialWithdrawalsClaimedGwei * GWEI_TO_WEI;
+            _sendETH_AsDelayedWithdrawal(podOwner, provenPartialWithdrawalSumWei);
+        } 
+
+        withdrawalProvenUntilTimestamp = withdrawalCallbackInfo.endTimestamp;
+    }
+
     /*******************************************************************************
                                 INTERNAL FUNCTIONS
     *******************************************************************************/
@@ -720,7 +760,7 @@
         uint64 withdrawalTimestamp,
         address recipient,
         uint64 partialWithdrawalAmountGwei
-    ) internal returns (VerifiedWithdrawal memory) {
+    ) internal partialWithdrawalProofSwitchOff returns (VerifiedWithdrawal memory) {
         emit PartialWithdrawalRedeemed(
             validatorIndex,
             withdrawalTimestamp,
@@ -786,7 +826,6 @@
         return _validatorPubkeyHashToInfo[pubkeyHash].status;
     }
 
-
     /**
      * @dev This empty reserved space is put in place to allow future versions to add new
      * variables without shifting down storage in the inheritance chain.

src/contracts/pods/EigenPodManager.sol

@@ -44,6 +44,16 @@ contract EigenPodManager is
         _;
     }
 
+    modifier onlyProofService() {
+        require(msg.sender == proofService.caller, "EigenPod.onlyProofService: not a permissioned fulfiller");
+        _;
+    }
+
+    modifier partialWithdrawalProofSwitchOn() {
+        require(partialWithdrawalProofSwitch, "EigenPod.partialWithdrawalProofSwitchOn: partial withdrawal proof switch is off");
+        _;
+    }
+
     constructor(
         IETHPOSDeposit _ethPOS,
         IBeacon _eigenPodBeacon,
@@ -215,6 +225,33 @@ contract EigenPodManager is
         ownerToPod[podOwner].withdrawRestakedBeaconChainETH(destination, shares);
     }
 
+    function proofServiceCallback(
+        WithdrawalCallbackInfo[] calldata callbackInfo
+    ) external onlyProofService partialWithdrawalProofSwitchOn {
+        for(uint256 i = 0; i < callbackInfo.length; i++) {
+            require(callbackInfo[i].fee <= proofService.maxFee, "EigenPod.fulfillPartialWithdrawalProofRequest: fee must be less than or equal to maxFee");
+            IEigenPod pod = ownerToPod[callbackInfo[i].podOwner];
+            pod.fulfillPartialWithdrawalProofRequest(callbackInfo[i], proofService.feeRecipient);
+        }
+    }
+
+    function flipPartialWithdrawalProofSwitch() external onlyOwner {
+        if(partialWithdrawalProofSwitch) {
+            partialWithdrawalProofSwitch = false;
+        } else {
+            partialWithdrawalProofSwitch = true;
+        }
+    }
+
+    function updateProofService(address caller, uint256 maxFee, address feeRecipient) external onlyOwner {
+        proofService = ProofService({
+            caller: caller,
+            maxFee: maxFee,
+            feeRecipient: feeRecipient
+        });
+        emit ProofServiceUpdated(proofService.caller);
+    }
+
     /**
      * Sets the maximum number of pods that can be deployed
      * @param newMaxPods The new maximum number of pods that can be deployed

src/contracts/pods/EigenPodManagerStorage.sol

@@ -64,6 +64,12 @@ abstract contract EigenPodManagerStorage is IEigenPodManager {
      */
     mapping(address => int256) public podOwnerShares;
 
+    /// @notice This is the offchain proving service
+    ProofService public proofService;
+
+    /// @notice Switch to turn off partial withdrawal merkle proofs and turn on offchain proofs as a service
+    bool public partialWithdrawalProofSwitch;
+
     constructor(
         IETHPOSDeposit _ethPOS,
         IBeacon _eigenPodBeacon,
@@ -83,5 +89,5 @@ abstract contract EigenPodManagerStorage is IEigenPodManager {
      * variables without shifting down storage in the inheritance chain.
      * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
      */
-    uint256[45] private __gap;
+    uint256[43] private __gap;
 }

src/test/mocks/EigenPodManagerMock.sol

@@ -77,4 +77,8 @@ contract EigenPodManagerMock is IEigenPodManager, Test {
     function numPods() external view returns (uint256) {}
 
     function maxPods() external view returns (uint256) {}
+
+    function partialWithdrawalProofSwitch() external view returns (bool){}
+
+    function updateProofService(address fulfiller, uint256 feeBips, address feeRecipient) external{}
 }

src/test/mocks/EigenPodMock.sol

@@ -87,4 +87,11 @@ contract EigenPodMock is IEigenPod, Test {
 
     /// @notice called by owner of a pod to remove any ERC20s deposited in the pod
     function recoverTokens(IERC20[] memory tokenList, uint256[] memory amountsToWithdraw, address recipient) external {}
+
+    function updateProofService(address fulfiller, uint256 feeBips, address feeRecipient) external{}
+
+    function fulfillPartialWithdrawalProofRequest(
+        IEigenPodManager.WithdrawalCallbackInfo calldata withdrawalCallbackInfo,
+        address feeRecipient
+    ) external {}
 }