OG-767: Allow withdrawing abandoned funds from the RelayHub as a dev fee (opengsn#788)

Co-authored-by: Alex Forshtat <[email protected]>

Author: shahafn

.idea/dictionaries/alexf.xml

@@ -69,9 +69,10 @@ interface DeployOptions {
   stakeManagerAddress?: string
   deployTestToken?: boolean
   stakingTokenAddress?: string
-  minimumTokenStake: number| IntString
+  minimumTokenStake: number | IntString
   penalizerAddress?: string
   burnAddress?: string
+  devAddress?: string
   verbose?: boolean
   skipConfirmation?: boolean
   relayHubConfiguration: RelayHubConfiguration
@@ -507,7 +508,7 @@ export class CommandsLogic {
       arguments: []
     }, deployOptions.relayRegistryAddress, { ...options }, deployOptions.skipConfirmation)
     const sInstance = await this.getContractInstance(StakeManager, {
-      arguments: [defaultEnvironment.maxUnstakeDelay, deployOptions.burnAddress]
+      arguments: [defaultEnvironment.maxUnstakeDelay, defaultEnvironment.abandonmentDelay, defaultEnvironment.escheatmentDelay, deployOptions.burnAddress, deployOptions.devAddress]
     }, deployOptions.stakeManagerAddress, { ...options }, deployOptions.skipConfirmation)
     const pInstance = await this.getContractInstance(Penalizer, {
       arguments: [

packages/cli/src/CommandsLogic.ts

@@ -53,6 +53,7 @@ class GsnTestEnvironmentClass {
     const deploymentResult = await commandsLogic.deployGsnContracts({
       from,
       burnAddress: constants.BURN_ADDRESS,
+      devAddress: constants.BURN_ADDRESS,
       minimumTokenStake: 1,
       gasPrice: 1e9.toString(),
       gasLimit: 5000000,

packages/cli/src/GsnTestEnvironment.ts

@@ -9,6 +9,8 @@ export interface Environment {
   readonly penalizerConfiguration: PenalizerConfiguration
   readonly paymasterConfiguration: PaymasterConfiguration
   readonly maxUnstakeDelay: number
+  readonly abandonmentDelay: number
+  readonly escheatmentDelay: number
   readonly gtxdatanonzero: number
   readonly gtxdatazero: number
   readonly dataOnChainHandlingGasCostPerByte: number
@@ -28,7 +30,7 @@ const defaultPenalizerConfiguration: PenalizerConfiguration = {
 }
 
 const defaultRelayHubConfiguration: RelayHubConfiguration = {
-  gasOverhead: 57501,
+  gasOverhead: 57435,
   postOverhead: 19169,
   gasReserve: 100000,
   maxWorkerCount: 10,
@@ -55,6 +57,8 @@ const ethereumMainnet: Environment = {
   penalizerConfiguration: defaultPenalizerConfiguration,
   paymasterConfiguration: defaultPaymasterConfiguration,
   maxUnstakeDelay: defaultStakeManagerMaxUnstakeDelay,
+  abandonmentDelay: 31536000, // 1 year
+  escheatmentDelay: 2629746, // 1 month
   mintxgascost: 21000,
   gtxdatanonzero: 16,
   gtxdatazero: 4,
@@ -69,6 +73,8 @@ const ganacheLocal: Environment = {
   penalizerConfiguration: defaultPenalizerConfiguration,
   paymasterConfiguration: defaultPaymasterConfiguration,
   maxUnstakeDelay: defaultStakeManagerMaxUnstakeDelay,
+  abandonmentDelay: 1000,
+  escheatmentDelay: 500,
   mintxgascost: 21000,
   gtxdatanonzero: 16,
   gtxdatazero: 4,
@@ -97,6 +103,8 @@ const arbitrum: Environment = {
   mintxgascost: 700000,
   gtxdatanonzero: 2024,
   gtxdatazero: 506,
+  abandonmentDelay: 31536000, // 1 year
+  escheatmentDelay: 2629746, // 1 month
   // there is currently a hard-coded to be 2 at arbitrum:eth.go:43 (commit: 12483cfa17a29e7d68c354c456ebc371b05a6ea2)
   // setting factor to 0.6 instead of 0.5 to allow the transaction to pass in case of moderate gas price increase
   // note that excess will be collected by the Relay Server as an extra profit

packages/common/src/Environments.ts

@@ -12,6 +12,7 @@ import "hardhat/console.sol";
 // #endif
 
 import "./utils/MinLibBytes.sol";
+import "@openzeppelin/contracts/utils/Address.sol";
 import "@openzeppelin/contracts/utils/introspection/ERC165.sol";
 import "@openzeppelin/contracts/utils/introspection/ERC165Checker.sol";
 import "@openzeppelin/contracts/utils/math/SafeMath.sol";
@@ -37,6 +38,7 @@ import "./interfaces/IStakeManager.sol";
 contract RelayHub is IRelayHub, Ownable, ERC165 {
     using ERC165Checker for address;
     using SafeMath for uint256;
+    using Address for address;
 
     address private constant DRY_RUN_ADDRESS = 0x0000000000000000000000000000000000000000;
 
@@ -155,9 +157,11 @@ contract RelayHub is IRelayHub, Ownable, ERC165 {
     }
 
     /// @inheritdoc IRelayHub
-    function verifyCanRegister(address relayManager) external view override {
+    function onRelayServerRegistered(address relayManager) external override {
+        require(msg.sender == relayRegistrar, "caller is not relay registrar");
         verifyRelayManagerStaked(relayManager);
         require(workerCount[relayManager] > 0, "no relay workers");
+        stakeManager.updateRelayKeepaliveTime(relayManager);
     }
 
     /// @inheritdoc IRelayHub
@@ -588,6 +592,20 @@ contract RelayHub is IRelayHub, Ownable, ERC165 {
         stakeManager.penalizeRelayManager(relayManager, beneficiary, stakeInfo.stake);
     }
 
+    /// @inheritdoc IRelayHub
+    function isRelayEscheatable(address relayManager) public view override returns (bool){
+        return stakeManager.isRelayEscheatable(relayManager);
+    }
+
+    /// @inheritdoc IRelayHub
+    function escheatAbandonedRelayBalance(address relayManager) external override onlyOwner {
+        require(stakeManager.isRelayEscheatable(relayManager), "relay server not escheatable yet");
+        uint256 balance = balances[relayManager];
+        balances[relayManager] = 0;
+        balances[config.devAddress] = balances[config.devAddress].add(balance);
+        emit AbandonedRelayManagerBalanceEscheated(relayManager, balance);
+    }
+
     /// @inheritdoc IRelayHub
     function aggregateGasleft() public override virtual view returns (uint256){
         return gasleft();

packages/contracts/src/RelayHub.sol

@@ -8,7 +8,6 @@ import "@openzeppelin/contracts/utils/math/SafeMath.sol";
 import "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
 
 import "./interfaces/IStakeManager.sol";
-import "./interfaces/IRelayHub.sol";
 
 /**
  * @title The StakeManager implementation
@@ -25,6 +24,8 @@ contract StakeManager is IStakeManager, Ownable {
     string public override versionSM = "2.2.3+opengsn.stakemanager.istakemanager";
     uint256 internal immutable maxUnstakeDelay;
 
+    AbandonedRelayServerConfig internal abandonedRelayServerConfig;
+
     address internal burnAddress;
     uint256 internal immutable creationBlock;
 
@@ -48,6 +49,17 @@ contract StakeManager is IStakeManager, Ownable {
         return burnAddress;
     }
 
+    /// @inheritdoc IStakeManager
+    function setDevAddress(address _devAddress) public override onlyOwner {
+        abandonedRelayServerConfig.devAddress = _devAddress;
+        emit DevAddressSet(abandonedRelayServerConfig.devAddress);
+    }
+
+    /// @inheritdoc IStakeManager
+    function getAbandonedRelayServerConfig() external override view returns (AbandonedRelayServerConfig memory) {
+        return abandonedRelayServerConfig;
+    }
+
     /// @inheritdoc IStakeManager
     function getMaxUnstakeDelay() external override view returns (uint256) {
         return maxUnstakeDelay;
@@ -58,12 +70,18 @@ contract StakeManager is IStakeManager, Ownable {
 
     constructor(
         uint256 _maxUnstakeDelay,
-        address _burnAddress
+        uint256 _abandonmentDelay,
+        uint256 _escheatmentDelay,
+        address _burnAddress,
+        address _devAddress
     ) {
         require(_burnAddress != address(0), "transfers to address(0) may fail");
         setBurnAddress(_burnAddress);
+        setDevAddress(_devAddress);
         creationBlock = block.number;
         maxUnstakeDelay = _maxUnstakeDelay;
+        abandonedRelayServerConfig.abandonmentDelay = _abandonmentDelay;
+        abandonedRelayServerConfig.escheatmentDelay = _escheatmentDelay;
     }
 
     /// @inheritdoc IStakeManager
@@ -179,4 +197,42 @@ contract StakeManager is IStakeManager, Ownable {
         stakes[relayManager].token.safeTransfer(beneficiary, reward);
         emit StakePenalized(relayManager, beneficiary, stakes[relayManager].token, reward);
     }
+
+    /// @inheritdoc IStakeManager
+    function isRelayEscheatable(address relayManager) public view override returns (bool) {
+        IStakeManager.StakeInfo memory stakeInfo = stakes[relayManager];
+        return stakeInfo.abandonedTime != 0 && stakeInfo.abandonedTime + abandonedRelayServerConfig.escheatmentDelay < block.timestamp;
+    }
+
+    /// @inheritdoc IStakeManager
+    function markRelayAbandoned(address relayManager) external override onlyOwner {
+        StakeInfo storage info = stakes[relayManager];
+        require(info.stake > 0, "relay manager not staked");
+        require(info.abandonedTime == 0, "relay manager already abandoned");
+        require(info.keepaliveTime + abandonedRelayServerConfig.abandonmentDelay < block.timestamp, "relay manager was alive recently");
+        info.abandonedTime = block.timestamp;
+        emit RelayServerAbandoned(relayManager, info.abandonedTime);
+    }
+
+    /// @inheritdoc IStakeManager
+    function escheatAbandonedRelayStake(address relayManager) external override onlyOwner {
+        StakeInfo storage info = stakes[relayManager];
+        require(isRelayEscheatable(relayManager), "relay server not escheatable yet");
+        uint256 amount = info.stake;
+        info.stake = 0;
+        info.withdrawTime = 0;
+        info.token.safeTransfer(abandonedRelayServerConfig.devAddress, amount);
+        emit AbandonedRelayManagerStakeEscheated(relayManager, msg.sender, info.token, amount);
+    }
+
+    /// @inheritdoc IStakeManager
+    function updateRelayKeepaliveTime(address relayManager) external override {
+        StakeInfo storage info = stakes[relayManager];
+        bool isHubAuthorized = authorizedHubs[relayManager][msg.sender].removalTime == type(uint256).max;
+        bool isRelayOwner = info.owner == msg.sender;
+        require(isHubAuthorized || isRelayOwner, "must be called by owner or hub");
+        info.abandonedTime = 0;
+        info.keepaliveTime = block.timestamp;
+        emit RelayServerKeepalive(relayManager, info.keepaliveTime);
+    }
 }

packages/contracts/src/StakeManager.sol

@@ -39,7 +39,6 @@ interface IRelayHub is IERC165 {
         address devAddress;
         // 0 < fee < 100, as percentage of total charge from paymaster to relayer
         uint8 devFee;
-
     }
 
     /// @notice Emitted when a configuration of the `RelayHub` is changed
@@ -116,6 +115,16 @@ interface IRelayHub is IERC165 {
     /// @notice This event is emitted in case this `RelayHub` is deprecated and will stop serving transactions soon.
     event HubDeprecated(uint256 deprecationTime);
 
+    /**
+     * @notice This event is emitted in case a `relayManager` has been deemed "abandoned" for being
+     * unresponsive for a prolonged period of time.
+     * @notice This event means the entire balance of the relay has been transferred to the `devAddress`.
+     */
+    event AbandonedRelayManagerBalanceEscheated(
+        address indexed relayManager,
+        uint256 balance
+    );
+
     /**
      * Error codes that describe all possible failure reasons reported in the `TransactionRelayed` event `status` field.
      *  @param OK The transaction was successfully relayed and execution successful - never included in the event.
@@ -142,7 +151,10 @@ interface IRelayHub is IERC165 {
      */
     function addRelayWorkers(address[] calldata newRelayWorkers) external;
 
-    function verifyCanRegister(address relayManager) external;
+    /**
+     * @notice The `RelayRegistrar` callback to notify the `RelayHub` that this `relayManager` has updated registration.
+     */
+    function onRelayServerRegistered(address relayManager) external;
 
     // Balance management
 
@@ -228,6 +240,12 @@ interface IRelayHub is IERC165 {
      */
     function deprecateHub(uint256 _deprecationTime) external;
 
+    /**
+     * @notice
+     * @param relayManager
+     */
+    function escheatAbandonedRelayBalance(address relayManager) external;
+
     /**
      * @notice The fee is expressed as a base fee in wei plus percentage of the actual charge.
      * For example, a value '40' stands for a 40% fee, so the recipient will be charged for 1.4 times the spent amount.
@@ -289,6 +307,12 @@ interface IRelayHub is IERC165 {
      */
     function verifyRelayManagerStaked(address relayManager) external view;
 
+    /**
+     * @notice Uses `StakeManager` to check if the Relay Manager can be considered abandoned or not.
+     * Returns true if the stake's abandonment time is in the past including the escheatment delay, false otherwise.
+     */
+    function isRelayEscheatable(address relayManager) external view returns (bool);
+
     /// @return `true` if the `RelayHub` is deprecated, `false` it it is not deprecated and can serve transactions.
     function isDeprecated() external view returns (bool);
 

packages/contracts/src/interfaces/IRelayHub.sol

@@ -36,6 +36,7 @@ interface IRelayRegistrar is IERC165 {
      */
     event RelayServerRegistered(
         address indexed relayManager,
+        address indexed relayHub,
         uint256 baseRelayFee,
         uint256 pctRelayFee,
         bytes32[3] relayUrl