feat: adjust withdrawal credentials proving window (#553)

Author: wadealexc

README.md

@@ -148,7 +148,7 @@ The current mainnet deployment is our M2 release. You can view the deployed cont
 
 | Name | Proxy | Implementation | Notes |
 | -------- | -------- | -------- | -------- | 
-| [`EigenPod (beacon)`](https://github.com/Layr-Labs/eigenlayer-contracts/blob/4b15d68b7e16b5965bad398496bfce57f5a47e1b/src/contracts/pods/EigenPod.sol) | [`0x5a2a4F2F3C18f09179B6703e63D9eDD165909073`](https://etherscan.io/address/0x5a2a4F2F3C18f09179B6703e63D9eDD165909073) | [`0x8ba4...a255`](https://etherscan.io/address/0x8ba40da60f0827d027f029acee62609f0527a255) | - Beacon: [`BeaconProxy`](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/v4.7.1/contracts/proxy/beacon/BeaconProxy.sol) <br />- Pods: [`UpgradeableBeacon`](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/v4.7.1/contracts/proxy/beacon/UpgradeableBeacon.sol) |
+| [`EigenPod (beacon)`](https://github.com/Layr-Labs/eigenlayer-contracts/blob/v0.2.5-mainnet-m2-minor-eigenpod-upgrade/src/contracts/pods/EigenPod.sol) | [`0x5a2a4F2F3C18f09179B6703e63D9eDD165909073`](https://etherscan.io/address/0x5a2a4F2F3C18f09179B6703e63D9eDD165909073) | [`0x2814...ffcc`](https://etherscan.io/address/0x28144c53ba98b4e909df5bc7ca33eaf0404cffcc) | - Beacon: [`BeaconProxy`](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/v4.7.1/contracts/proxy/beacon/BeaconProxy.sol) <br />- Pods: [`UpgradeableBeacon`](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/v4.7.1/contracts/proxy/beacon/UpgradeableBeacon.sol) |
 | [`DelayedWithdrawalRouter`](https://github.com/Layr-Labs/eigenlayer-contracts/blob/4b15d68b7e16b5965bad398496bfce57f5a47e1b/src/contracts/pods/DelayedWithdrawalRouter.sol) | [`0x7Fe7E9CC0F274d2435AD5d56D5fa73E47F6A23D8`](https://etherscan.io/address/0x7Fe7E9CC0F274d2435AD5d56D5fa73E47F6A23D8) | [`0x4bb6...4226`](https://etherscan.io/address/0x4bb6731b02314d40abbffbc4540f508874014226) | Proxy: [`[email protected]`](https://github.com/OpenZeppelin/openzeppelin-contracts/blob/v4.7.1/contracts/proxy/transparent/TransparentUpgradeableProxy.sol) |
 | [`EigenLayerBeaconOracle`](https://github.com/succinctlabs/eigenlayer-beacon-oracle/blob/main/contracts/src/EigenLayerBeaconOracle.sol) | - | [`0x3439...5442`](https://etherscan.io/address/0x343907185b71adf0eba9567538314396aa985442) | Provided by [Succinct](https://succinct.xyz/) |
 

docs/core/EigenPodManager.md

@@ -159,7 +159,6 @@ function verifyWithdrawalCredentials(
     external
     onlyEigenPodOwner
     onlyWhenNotPaused(PAUSED_EIGENPODS_VERIFY_CREDENTIALS)
-    proofIsForValidTimestamp(oracleTimestamp)
     hasEnabledRestaking
 ```
 
@@ -194,7 +193,7 @@ For each validator the Pod Owner wants to verify, the Pod Owner must supply:
 * Pod MUST have enabled restaking
 * All input array lengths MUST be equal
 * `oracleTimestamp`:
-    * MUST be greater than the `mostRecentWithdrawalTimestamp`
+    * MUST be greater than or equal to the timestamp of the first slot in the epoch following `mostRecentWithdrawalTimestamp`
     * MUST be no more than `VERIFY_BALANCE_UPDATE_WINDOW_SECONDS` (~4.5 hrs) old
     * MUST be queryable via `EigenPodManager.getBlockRootAtTimestamp` (fails if `stateRoot == 0`)
 * `BeaconChainProofs.verifyStateRootAgainstLatestBlockRoot` MUST verify the provided `beaconStateRoot` against the oracle-provided `latestBlockRoot`

pkg/bindings/EigenPod/binding.go

@@ -11,7 +11,7 @@
     "eigenLayerPauserReg": "0x0c431C66F4dE941d089625E5B423D00707977060",
     "eigenLayerProxyAdmin": "0x8b9566AdA63B64d1E1dcF1418b43fd1433b72444",
     "eigenPodBeacon": "0x5a2a4F2F3C18f09179B6703e63D9eDD165909073",
-    "eigenPodImplementation": "0x5c86e9609fbBc1B754D0FD5a4963Fdf0F5b99dA7",
+    "eigenPodImplementation": "0x28144C53bA98B4e909Df5bC7cA33eAf0404cFfcc",
     "eigenPodManager": "0x91E677b07F7AF907ec9a428aafA9fc14a0d3A338",
     "eigenPodManagerImplementation": "0xEB86a5c40FdE917E6feC440aBbCDc80E3862e111",
     "emptyContract": "0x1f96861fEFa1065a5A96F20Deb6D8DC3ff48F7f9",

pkg/bindings/EigenPod/tmp.bin

@@ -0,0 +1,168 @@
+// SPDX-License-Identifier: BUSL-1.1
+pragma solidity ^0.8.12;
+
+import "@openzeppelin/contracts/token/ERC20/presets/ERC20PresetFixedSupply.sol";
+import "@openzeppelin/contracts/proxy/transparent/ProxyAdmin.sol";
+import "@openzeppelin/contracts/proxy/transparent/TransparentUpgradeableProxy.sol";
+import "@openzeppelin/contracts/proxy/beacon/UpgradeableBeacon.sol";
+
+import "../../../src/contracts/interfaces/IETHPOSDeposit.sol";
+import "../../../src/contracts/interfaces/IBeaconChainOracle.sol";
+
+import "../../../src/contracts/core/StrategyManager.sol";
+import "../../../src/contracts/core/Slasher.sol";
+import "../../../src/contracts/core/DelegationManager.sol";
+
+import "../../../src/contracts/pods/EigenPod.sol";
+import "../../../src/contracts/pods/EigenPodManager.sol";
+import "../../../src/contracts/pods/DelayedWithdrawalRouter.sol";
+
+import "../../../src/contracts/permissions/PauserRegistry.sol";
+
+import "forge-std/Script.sol";
+import "forge-std/Test.sol";
+
+// # To load the variables in the .env file
+// source .env
+
+// # To deploy and verify our contract
+// forge script script/deploy/mainnet/EigenPod_Minor_Upgrade_Deploy.s.sol:EigenPod_Minor_Upgrade_Deploy --rpc-url $RPC_URL  --private-key $PRIVATE_KEY --broadcast -vvvv
+contract EigenPod_Minor_Upgrade_Deploy is Script, Test {
+    Vm cheats = Vm(HEVM_ADDRESS);
+
+    string public m2DeploymentOutputPath;
+    string public freshOutputPath;
+
+    // EigenLayer core contracts
+    ISlasher public slasher;
+    IDelegationManager public delegation;
+    DelegationManager public delegationImplementation;
+    IStrategyManager public strategyManager;
+    StrategyManager public strategyManagerImplementation;
+    IEigenPodManager public eigenPodManager;
+    EigenPodManager public eigenPodManagerImplementation;
+    IDelayedWithdrawalRouter public delayedWithdrawalRouter;
+    IBeacon public eigenPodBeacon;
+    EigenPod public eigenPodImplementation;
+
+    // Eigenlayer Proxy Admin
+    ProxyAdmin public eigenLayerProxyAdmin;
+
+    // BeaconChain deposit contract & beacon chain oracle
+    IETHPOSDeposit public ethPOS;
+    address public beaconChainOracle;
+
+    // RPC url to fork from for pre-upgrade state change tests
+    string public rpcUrl;
+
+    uint64 public genesisTimeBefore;
+    uint64 public maxRestakedBalanceBefore;
+
+    function run() external {
+        // Read and log the chain ID
+        uint256 chainId = block.chainid;
+        emit log_named_uint("You are deploying on ChainID", chainId);
+
+        // Update deployment path addresses if on mainnet
+        if (chainId == 1) {
+            m2DeploymentOutputPath = "script/output/mainnet/M2_mainnet_upgrade.output.json";
+            freshOutputPath = "script/output/mainnet/eigenpod_minor_upgrade_deploy.json";
+            rpcUrl = "RPC_MAINNET";
+        } else {
+            revert("Chain not supported");
+        }
+
+        // Read json data
+        string memory deployment_data = vm.readFile(m2DeploymentOutputPath);
+        slasher = Slasher(stdJson.readAddress(deployment_data, ".addresses.slasher"));
+        delegation = DelegationManager(stdJson.readAddress(deployment_data, ".addresses.delegationManager"));
+        strategyManager = DelegationManager(address(delegation)).strategyManager();
+        eigenPodManager = strategyManager.eigenPodManager();
+        eigenPodBeacon = eigenPodManager.eigenPodBeacon();
+        ethPOS = eigenPodManager.ethPOS();
+
+        eigenLayerProxyAdmin = ProxyAdmin(stdJson.readAddress(deployment_data, ".addresses.eigenLayerProxyAdmin"));
+
+        genesisTimeBefore = EigenPod(payable(eigenPodBeacon.implementation())).GENESIS_TIME();
+        maxRestakedBalanceBefore = EigenPod(payable(eigenPodBeacon.implementation())).MAX_RESTAKED_BALANCE_GWEI_PER_VALIDATOR();
+        delayedWithdrawalRouter = EigenPod(payable(eigenPodBeacon.implementation())).delayedWithdrawalRouter();
+
+        // Begin deployment
+        vm.startBroadcast();
+
+        // Deploy new implmementation contracts
+        eigenPodImplementation = new EigenPod({
+            _ethPOS: ethPOS,
+            _delayedWithdrawalRouter: delayedWithdrawalRouter,
+            _eigenPodManager: eigenPodManager,
+            _MAX_RESTAKED_BALANCE_GWEI_PER_VALIDATOR: maxRestakedBalanceBefore,
+            _GENESIS_TIME: genesisTimeBefore
+        });
+
+        vm.stopBroadcast();
+
+        // Write json data out
+        string memory parent_object = "parent object";
+        string memory deployed_addresses = "addresses";
+
+        // Add chain info
+        string memory chain_info = "chainInfo";
+        vm.serializeUint(chain_info, "deploymentBlock", block.number);
+        string memory chain_info_output = vm.serializeUint(chain_info, "chainId", chainId);
+
+        // Serialize new implementation addresses
+        string memory deployed_addresses_output = vm.serializeAddress(
+            deployed_addresses,
+            "eigenPodImplementation",
+            address(eigenPodImplementation)
+        );
+
+        // Save addresses
+        vm.serializeString(parent_object, deployed_addresses, deployed_addresses_output);
+        string memory finalJson = vm.serializeString(parent_object, chain_info, chain_info_output);
+
+        // Write output to file
+        vm.writeJson(finalJson, freshOutputPath);
+
+        // Perform post-upgrade tests
+        simulatePerformingUpgrade();
+        checkUpgradeCorrectness();
+    }
+
+    function simulatePerformingUpgrade() public {
+        // Upgrade beacon
+        cheats.prank(UpgradeableBeacon(address(eigenPodBeacon)).owner());
+        UpgradeableBeacon(address(eigenPodBeacon)).upgradeTo(address(eigenPodImplementation));
+    }
+
+    function checkUpgradeCorrectness() public view {
+        _verifyEigenPodCorrectness();
+    }
+
+    function _verifyEigenPodCorrectness() public view {
+        // Check that state is correct
+        require(eigenPodBeacon.implementation() == address(eigenPodImplementation),
+            "implementation set incorrectly");
+        require(eigenPodImplementation.delayedWithdrawalRouter() == delayedWithdrawalRouter,
+            "delayedWithdrawalRouter set incorrectly");
+        require(eigenPodImplementation.ethPOS() == ethPOS,
+            "ethPOS set incorrectly");
+        require(eigenPodImplementation.eigenPodManager() == eigenPodManager,
+            "eigenPodManager set incorrectly");
+        // check that values are unchanged
+        require(eigenPodImplementation.MAX_RESTAKED_BALANCE_GWEI_PER_VALIDATOR() == maxRestakedBalanceBefore,
+            "MAX_RESTAKED_BALANCE_GWEI_PER_VALIDATOR set incorrectly");
+        require(eigenPodImplementation.GENESIS_TIME() == genesisTimeBefore,
+            "GENESIS_TIME set incorrectly");
+        // redundant checks on correct values
+        require(eigenPodImplementation.MAX_RESTAKED_BALANCE_GWEI_PER_VALIDATOR() == 32 gwei,
+            "MAX_RESTAKED_BALANCE_GWEI_PER_VALIDATOR set incorrectly");
+        require(eigenPodImplementation.GENESIS_TIME() == 1606824023,
+            "GENESIS_TIME set incorrectly");
+
+
+        require(address(EigenPod(payable(eigenPodBeacon.implementation())).delayedWithdrawalRouter())  == 0x7Fe7E9CC0F274d2435AD5d56D5fa73E47F6A23D8);
+        require(address(EigenPod(payable(eigenPodBeacon.implementation())).eigenPodManager())  == 0x91E677b07F7AF907ec9a428aafA9fc14a0d3A338);
+        require(address(EigenPod(payable(eigenPodBeacon.implementation())).ethPOS())  == 0x00000000219ab540356cBB839Cbe05303d7705Fa);
+    }
+}

script/configs/mainnet/Mainnet_current_deployment.config.json

@@ -0,0 +1,9 @@
+{
+  "addresses": {
+    "eigenPodImplementation": "0x28144C53bA98B4e909Df5bC7cA33eAf0404cFfcc"
+  },
+  "chainInfo": {
+    "chainId": 1,
+    "deploymentBlock": 19878127
+  }
+}

script/deploy/mainnet/EigenPod_Minor_Upgrade_Deploy.s.sol

@@ -304,17 +304,24 @@ contract EigenPod is IEigenPod, Initializable, ReentrancyGuardUpgradeable, Eigen
         external
         onlyEigenPodOwner
         onlyWhenNotPaused(PAUSED_EIGENPODS_VERIFY_CREDENTIALS)
-        // check that the provided `oracleTimestamp` is after the `mostRecentWithdrawalTimestamp`
-        proofIsForValidTimestamp(oracleTimestamp)
         // ensure that caller has previously enabled restaking by calling `activateRestaking()`
         hasEnabledRestaking
-    {
+    {        
         require(
             (validatorIndices.length == validatorFieldsProofs.length) &&
                 (validatorFieldsProofs.length == validatorFields.length),
             "EigenPod.verifyWithdrawalCredentials: validatorIndices and proofs must be same length"
         );
 
+        // `mostRecentWithdrawalTimestamp` will be 0 for any pods deployed after M2
+        // If this is non-zero, ensure `oracleTimestamp` is from the epoch AFTER `activateRestaking`
+        // was called.
+        require(
+            mostRecentWithdrawalTimestamp == 0 ||
+            oracleTimestamp >= _nextEpochStartTimestamp(_timestampToEpoch(mostRecentWithdrawalTimestamp)),
+            "EigenPod.verifyWithdrawalCredentials: proof must be in the epoch after activation"
+        );
+
         /**
          * Withdrawal credential proof should not be "stale" (older than VERIFY_BALANCE_UPDATE_WINDOW_SECONDS) as we are doing a balance check here
          * The validator container persists as the state evolves and even after the validator exits. So we can use a more "fresh" credential proof within
@@ -779,6 +786,14 @@ contract EigenPod is IEigenPod, Initializable, ReentrancyGuardUpgradeable, Eigen
         return (timestamp - GENESIS_TIME) / BeaconChainProofs.SECONDS_PER_EPOCH;
     }
 
+    /**
+     * @dev Given an epoch number, calculates the timestamp of the first slot in the following epoch
+     */
+    function _nextEpochStartTimestamp(uint64 epoch) internal view returns (uint64) {
+        return  
+            GENESIS_TIME + ((1 + epoch) * BeaconChainProofs.SECONDS_PER_EPOCH);
+    }
+
     /*******************************************************************************
                             VIEW FUNCTIONS
     *******************************************************************************/