feat: pectra compatibility (#1053)

Updates checkpoint proof system to be Pectra compatible. The breaking
change to EigenPods is the `BeaconState` container increasing to have 37
fields, which results in the tree height to be > 5.

We need to solve for the following cases:

- Prevent deneb proofs from being submitted to pectra blocks
- Ensure that the PECTRA_FORK_TIMESTAMP is the first timestamp at or
after the pectra hard fork for which there is a non missed slot

To do this, here is the upgrade process:

1. Pause checkpoint starting & credential proofs
2. Upgrade after fork is hit
3. Run script to detect the first timestamp at or after the pectra hard
fork for which there is a non missed slot
4. Set pectra fork timestamp to the first timestamp at which there is a
pectra block header
5. Unpause

- Updated balance container and validator container proofs to pass in a
proof timestamp & pectra fork timestamp to check against which tree
height to use for the beacon state
- Modify storing variables in memory to handle stack too deep errors
- Note that since the 4788 oracle returns the PARENT beacon block root,
our check against the pectra fork timestamp returns the previous tree
length for proofs that are <= `pectraForkTimestamp`

- Post pectra, we can upgrade the EigenPod to deprecate the fork
timestamp case handling once all in progress pre-Pectra checkpoints have
been completed

- [x] Unit Tests
- [x] Integration Tests simulating upgrade
- [x] Mekong Deployment
- [x] Update Integration Test User to use validators >32 ETH

Author: ypatil12

src/contracts/interfaces/IEigenPod.sol

@@ -67,6 +67,8 @@ interface IEigenPodErrors {
     error MsgValueNot32ETH();
     /// @dev Thrown when provided `beaconTimestamp` is too far in the past.
     error BeaconTimestampTooFarInPast();
+    /// @dev Thrown when the pectraForkTimestamp returned from the EigenPodManager is zero
+    error ForkTimestampZero();
 }
 
 interface IEigenPodTypes {
@@ -146,6 +148,7 @@ interface IEigenPod is IEigenPodErrors, IEigenPodEvents, ISemVerMixin {
     ) external;
 
     /// @notice Called by EigenPodManager when the owner wants to create another ETH validator.
+    /// @dev This function only supports staking to a 0x01 validator. For compounding validators, please interact directly with the deposit contract.
     function stake(bytes calldata pubkey, bytes calldata signature, bytes32 depositDataRoot) external payable;
 
     /**

src/contracts/interfaces/IEigenPodManager.sol

@@ -26,6 +26,8 @@ interface IEigenPodManagerErrors {
     /// @dev Thrown when the pods shares are negative and a beacon chain balance update is attempted.
     /// The podOwner should complete legacy withdrawal first.
     error LegacyWithdrawalsNotCompleted();
+    /// @dev Thrown when caller is not the proof timestamp setter
+    error OnlyProofTimestampSetter();
 }
 
 interface IEigenPodManagerEvents {
@@ -58,6 +60,12 @@ interface IEigenPodManagerEvents {
 
     /// @notice Emitted when an operator is slashed and shares to be burned are increased
     event BurnableETHSharesIncreased(uint256 shares);
+
+    /// @notice Emitted when the Pectra fork timestamp is updated
+    event PectraForkTimestampSet(uint64 newPectraForkTimestamp);
+
+    /// @notice Emitted when the proof timestamp setter is updated
+    event ProofTimestampSetterSet(address newProofTimestampSetter);
 }
 
 interface IEigenPodManagerTypes {
@@ -122,6 +130,16 @@ interface IEigenPodManager is
         int256 balanceDeltaWei
     ) external;
 
+    /// @notice Sets the address that can set proof timestamps
+    function setProofTimestampSetter(
+        address newProofTimestampSetter
+    ) external;
+
+    /// @notice Sets the Pectra fork timestamp, only callable by `proofTimestampSetter`
+    function setPectraForkTimestamp(
+        uint64 timestamp
+    ) external;
+
     /// @notice Returns the address of the `podOwner`'s EigenPod if it has been deployed.
     function ownerToPod(
         address podOwner
@@ -171,4 +189,8 @@ interface IEigenPodManager is
 
     /// @notice Returns the accumulated amount of beacon chain ETH Strategy shares
     function burnableETHShares() external view returns (uint256);
+
+    /// @notice Returns the timestamp of the Pectra hard fork
+    /// @dev Specifically, this returns the timestamp of the first non-missed slot at or after the Pectra hard fork
+    function pectraForkTimestamp() external view returns (uint64);
 }

src/contracts/libraries/BeaconChainProofs.sol

@@ -28,7 +28,8 @@ library BeaconChainProofs {
     /// |                                             HEIGHT: VALIDATOR_TREE_HEIGHT
     /// individual validators
     uint256 internal constant BEACON_BLOCK_HEADER_TREE_HEIGHT = 3;
-    uint256 internal constant BEACON_STATE_TREE_HEIGHT = 5;
+    uint256 internal constant DENEB_BEACON_STATE_TREE_HEIGHT = 5;
+    uint256 internal constant PECTRA_BEACON_STATE_TREE_HEIGHT = 6;
     uint256 internal constant BALANCE_TREE_HEIGHT = 38;
     uint256 internal constant VALIDATOR_TREE_HEIGHT = 40;
 
@@ -71,6 +72,12 @@ library BeaconChainProofs {
     uint64 internal constant FAR_FUTURE_EPOCH = type(uint64).max;
     bytes8 internal constant UINT64_MASK = 0xffffffffffffffff;
 
+    /// @notice The beacon chain version to validate against
+    enum ProofVersion {
+        DENEB,
+        PECTRA
+    }
+
     /// @notice Contains a beacon state root and a merkle proof verifying its inclusion under a beacon block root
     struct StateRootProof {
         bytes32 beaconStateRoot;
@@ -134,17 +141,20 @@ library BeaconChainProofs {
     /// @param validatorFieldsProof a merkle proof of inclusion of `validatorFields` under `beaconStateRoot`
     /// @param validatorIndex the validator's unique index
     function verifyValidatorFields(
+        ProofVersion proofVersion,
         bytes32 beaconStateRoot,
         bytes32[] calldata validatorFields,
         bytes calldata validatorFieldsProof,
         uint40 validatorIndex
     ) internal view {
         require(validatorFields.length == VALIDATOR_FIELDS_LENGTH, InvalidValidatorFieldsLength());
 
+        uint256 beaconStateTreeHeight = getBeaconStateTreeHeight(proofVersion);
+
         /// Note: the reason we use `VALIDATOR_TREE_HEIGHT + 1` here is because the merklization process for
         /// this container includes hashing the root of the validator tree with the length of the validator list
         require(
-            validatorFieldsProof.length == 32 * ((VALIDATOR_TREE_HEIGHT + 1) + BEACON_STATE_TREE_HEIGHT),
+            validatorFieldsProof.length == 32 * ((VALIDATOR_TREE_HEIGHT + 1) + beaconStateTreeHeight),
             InvalidProofLength()
         );
 
@@ -185,10 +195,15 @@ library BeaconChainProofs {
     /// against the same balance container root.
     /// @param beaconBlockRoot merkle root of the beacon block
     /// @param proof a beacon balance container root and merkle proof of its inclusion under `beaconBlockRoot`
-    function verifyBalanceContainer(bytes32 beaconBlockRoot, BalanceContainerProof calldata proof) internal view {
+    function verifyBalanceContainer(
+        ProofVersion proofVersion,
+        bytes32 beaconBlockRoot,
+        BalanceContainerProof calldata proof
+    ) internal view {
+        uint256 beaconStateTreeHeight = getBeaconStateTreeHeight(proofVersion);
+
         require(
-            proof.proof.length == 32 * (BEACON_BLOCK_HEADER_TREE_HEIGHT + BEACON_STATE_TREE_HEIGHT),
-            InvalidProofLength()
+            proof.proof.length == 32 * (BEACON_BLOCK_HEADER_TREE_HEIGHT + beaconStateTreeHeight), InvalidProofLength()
         );
 
         /// This proof combines two proofs, so its index accounts for the relative position of leaves in two trees:
@@ -197,7 +212,7 @@ library BeaconChainProofs {
         /// -- beaconStateRoot
         /// |                            HEIGHT: BEACON_STATE_TREE_HEIGHT
         /// ---- balancesContainerRoot
-        uint256 index = (STATE_ROOT_INDEX << (BEACON_STATE_TREE_HEIGHT)) | BALANCE_CONTAINER_INDEX;
+        uint256 index = (STATE_ROOT_INDEX << (beaconStateTreeHeight)) | BALANCE_CONTAINER_INDEX;
 
         require(
             Merkle.verifyInclusionSha256({
@@ -312,4 +327,12 @@ library BeaconChainProofs {
     ) internal pure returns (uint64) {
         return Endian.fromLittleEndianUint64(validatorFields[VALIDATOR_EXIT_EPOCH_INDEX]);
     }
+
+    /// @dev We check if the proofTimestamp is <= pectraForkTimestamp because a `proofTimestamp` at the `pectraForkTimestamp`
+    ///      is considered to be Pre-Pectra given the EIP-4788 oracle returns the parent block.
+    function getBeaconStateTreeHeight(
+        ProofVersion proofVersion
+    ) internal pure returns (uint256) {
+        return proofVersion == ProofVersion.DENEB ? DENEB_BEACON_STATE_TREE_HEIGHT : PECTRA_BEACON_STATE_TREE_HEIGHT;
+    }
 }

src/contracts/pods/EigenPod.sol

@@ -172,6 +172,7 @@ contract EigenPod is
 
         // Verify `balanceContainerProof` against `beaconBlockRoot`
         BeaconChainProofs.verifyBalanceContainer({
+            proofVersion: _getProofVersion(checkpointTimestamp),
             beaconBlockRoot: checkpoint.beaconBlockRoot,
             proof: balanceContainerProof
         });
@@ -267,6 +268,7 @@ contract EigenPod is
         for (uint256 i = 0; i < validatorIndices.length; i++) {
             // forgefmt: disable-next-item
             totalAmountToBeRestakedWei += _verifyWithdrawalCredentials(
+                beaconTimestamp,
                 stateRootProof.beaconStateRoot,
                 validatorIndices[i],
                 validatorFieldsProofs[i],
@@ -354,6 +356,7 @@ contract EigenPod is
 
         // Verify Validator container proof against `beaconStateRoot`
         BeaconChainProofs.verifyValidatorFields({
+            proofVersion: _getProofVersion(beaconTimestamp),
             beaconStateRoot: stateRootProof.beaconStateRoot,
             validatorFields: proof.validatorFields,
             validatorFieldsProof: proof.proof,
@@ -391,6 +394,7 @@ contract EigenPod is
     }
 
     /// @notice Called by EigenPodManager when the owner wants to create another ETH validator.
+    /// @dev This function only supports staking to a 0x01 validator. For compounding validators, please interact directly with the deposit contract.
     function stake(
         bytes calldata pubkey,
         bytes calldata signature,
@@ -432,6 +436,7 @@ contract EigenPod is
      * @param validatorFields are the fields of the "Validator Container", refer to consensus specs
      */
     function _verifyWithdrawalCredentials(
+        uint64 beaconTimestamp,
         bytes32 beaconStateRoot,
         uint40 validatorIndex,
         bytes calldata validatorFieldsProof,
@@ -486,7 +491,8 @@ contract EigenPod is
 
         // Ensure the validator's withdrawal credentials are pointed at this pod
         require(
-            validatorFields.getWithdrawalCredentials() == bytes32(_podWithdrawalCredentials()),
+            validatorFields.getWithdrawalCredentials() == bytes32(_podWithdrawalCredentials())
+                || validatorFields.getWithdrawalCredentials() == bytes32(_podCompoundingWithdrawalCredentials()),
             WithdrawalCredentialsNotForEigenPod()
         );
 
@@ -497,6 +503,7 @@ contract EigenPod is
 
         // Verify passed-in validatorFields against verified beaconStateRoot:
         BeaconChainProofs.verifyValidatorFields({
+            proofVersion: _getProofVersion(beaconTimestamp),
             beaconStateRoot: beaconStateRoot,
             validatorFields: validatorFields,
             validatorFieldsProof: validatorFieldsProof,
@@ -678,6 +685,10 @@ contract EigenPod is
         return abi.encodePacked(bytes1(uint8(1)), bytes11(0), address(this));
     }
 
+    function _podCompoundingWithdrawalCredentials() internal view returns (bytes memory) {
+        return abi.encodePacked(bytes1(uint8(2)), bytes11(0), address(this));
+    }
+
     ///@notice Calculates the pubkey hash of a validator's pubkey as per SSZ spec
     function _calculateValidatorPubkeyHash(
         bytes memory validatorPubkey
@@ -744,4 +755,20 @@ contract EigenPod is
         require(success && result.length > 0, InvalidEIP4788Response());
         return abi.decode(result, (bytes32));
     }
+
+    /// @notice Returns the PROOF_TYPE depending on the `proofTimestamp` in relation to the fork timestamp.
+    function _getProofVersion(
+        uint64 proofTimestamp
+    ) internal view returns (BeaconChainProofs.ProofVersion) {
+        /// Get the timestamp of the Pectra fork, read from the `EigenPodManager`
+        /// This returns the timestamp of the first non-missed slot at or after the Pectra hard fork
+        uint64 forkTimestamp = eigenPodManager.pectraForkTimestamp();
+        require(forkTimestamp != 0, ForkTimestampZero());
+
+        /// We check if the proofTimestamp is <= pectraForkTimestamp because a `proofTimestamp` at the `pectraForkTimestamp`
+        /// is considered to be Pre-Pectra given the EIP-4788 oracle returns the parent block.
+        return proofTimestamp <= forkTimestamp
+            ? BeaconChainProofs.ProofVersion.DENEB
+            : BeaconChainProofs.ProofVersion.PECTRA;
+    }
 }

src/contracts/pods/EigenPodManager.sol

@@ -46,6 +46,11 @@ contract EigenPodManager is
         _;
     }
 
+    modifier onlyProofTimestampSetter() {
+        require(msg.sender == proofTimestampSetter, OnlyProofTimestampSetter());
+        _;
+    }
+
     constructor(
         IETHPOSDeposit _ethPOS,
         IBeacon _eigenPodBeacon,
@@ -231,6 +236,22 @@ contract EigenPodManager is
         emit BurnableETHSharesIncreased(addedSharesToBurn);
     }
 
+    /// @notice Sets the address that can set proof timestamps
+    function setProofTimestampSetter(
+        address newProofTimestampSetter
+    ) external onlyOwner {
+        proofTimestampSetter = newProofTimestampSetter;
+        emit ProofTimestampSetterSet(newProofTimestampSetter);
+    }
+
+    /// @notice Sets the pectra fork timestamp
+    function setPectraForkTimestamp(
+        uint64 timestamp
+    ) external onlyProofTimestampSetter {
+        pectraForkTimestamp = timestamp;
+        emit PectraForkTimestampSet(timestamp);
+    }
+
     // INTERNAL FUNCTIONS
 
     function _deployPod() internal returns (IEigenPod) {

src/contracts/pods/EigenPodManagerStorage.sol

@@ -91,6 +91,12 @@ abstract contract EigenPodManagerStorage is IEigenPodManager {
     /// @notice Returns the amount of `shares` that have been slashed on EigenLayer but not burned yet.
     uint256 public burnableETHShares;
 
+    /// @notice The address that can set proof timestamps
+    address public proofTimestampSetter;
+
+    /// @notice The timestamp of the Pectra proof
+    uint64 public pectraForkTimestamp;
+
     constructor(IETHPOSDeposit _ethPOS, IBeacon _eigenPodBeacon, IDelegationManager _delegationManager) {
         ethPOS = _ethPOS;
         eigenPodBeacon = _eigenPodBeacon;
@@ -102,5 +108,5 @@ abstract contract EigenPodManagerStorage is IEigenPodManager {
      * variables without shifting down storage in the inheritance chain.
      * See https://docs.openzeppelin.com/contracts/4.x/upgradeable#storage_gaps
      */
-    uint256[42] private __gap;
+    uint256[41] private __gap;
 }

src/test/harnesses/EigenPodHarness.sol

@@ -18,12 +18,13 @@ contract EigenPodHarness is EigenPod {
     }
 
     function verifyWithdrawalCredentials(
+        uint64 beaconTimestamp,
         bytes32 beaconStateRoot,
         uint40 validatorIndex,
         bytes calldata validatorFieldsProof,
         bytes32[] calldata validatorFields
     ) public returns (uint) {
-        return _verifyWithdrawalCredentials(beaconStateRoot, validatorIndex, validatorFieldsProof, validatorFields);
+        return _verifyWithdrawalCredentials(beaconTimestamp, beaconStateRoot, validatorIndex, validatorFieldsProof, validatorFields);
     }
 
     function setValidatorStatus(bytes32 pkhash, VALIDATOR_STATUS status) public {

src/test/integration/IntegrationDeployer.t.sol

@@ -213,6 +213,12 @@ abstract contract IntegrationDeployer is ExistingDeploymentParser {
         cheats.roll(10_000);
         timeMachine = new TimeMachine();
         beaconChain = new BeaconChainMock(eigenPodManager, BEACON_GENESIS_TIME);
+
+        // Set the `pectraForkTimestamp` on the EigenPodManager. Use pectra state
+        cheats.startPrank(executorMultisig);
+        eigenPodManager.setProofTimestampSetter(executorMultisig);
+        eigenPodManager.setPectraForkTimestamp(BEACON_GENESIS_TIME); 
+        cheats.stopPrank();
     }
 
     /// Parse existing contracts from mainnet
@@ -256,7 +262,15 @@ abstract contract IntegrationDeployer is ExistingDeploymentParser {
 
         // Since we haven't done the slashing upgrade on mainnet yet, upgrade mainnet contracts
         // prior to test. `isUpgraded` is true by default, but is set to false in `UpgradeTest.t.sol`
-        if (isUpgraded) _upgradeMainnetContracts();
+        if (isUpgraded) {
+            _upgradeMainnetContracts();
+
+            // Set the `pectraForkTimestamp` on the EigenPodManager. Use pectra state
+            cheats.startPrank(executorMultisig);
+            eigenPodManager.setProofTimestampSetter(executorMultisig);
+            eigenPodManager.setPectraForkTimestamp(BEACON_GENESIS_TIME); 
+            cheats.stopPrank();
+        }
     }
 
     function _upgradeMainnetContracts() public virtual {
@@ -619,7 +633,8 @@ abstract contract IntegrationDeployer is ExistingDeploymentParser {
 
             if (strategy == BEACONCHAIN_ETH_STRAT) {
                 // Award the user with a random amount of ETH
-                // This guarantees a multiple of 32 ETH (at least 1, up to/incl 5)
+                // This guarantees a multiple of 32 ETH (at least 1, up to/incl 2080)
+                uint amount = 32 ether * _randUint({min: 1, max: 65});
                 balance = 32 ether * _randUint({min: 1, max: 5});
                 cheats.deal(address(user), balance);
             } else {

src/test/integration/UpgradeTest.t.sol

@@ -3,6 +3,7 @@ pragma solidity ^0.8.27;
 
 import "src/test/integration/IntegrationDeployer.t.sol";
 import "src/test/integration/IntegrationChecks.t.sol";
+import "src/test/integration/mocks/BeaconChainMock_Deneb.t.sol";
 
 abstract contract UpgradeTest is IntegrationCheckUtils {
     /// Only run upgrade tests on mainnet forks
@@ -12,6 +13,11 @@ abstract contract UpgradeTest is IntegrationCheckUtils {
         } else {
             isUpgraded = false;
             super.setUp();
+
+            // Use Deneb Beacon Chain Mock as Pectra state is not live on mainnet
+            beaconChain = BeaconChainMock(
+                new BeaconChainMock_DenebForkable(eigenPodManager, BEACON_GENESIS_TIME)
+            );
         }
     }
 
@@ -23,6 +29,7 @@ abstract contract UpgradeTest is IntegrationCheckUtils {
         emit log("_upgradeEigenLayerContracts: upgrading mainnet to slashing");
 
         _upgradeMainnetContracts();
+        _handlePectraFork();
 
         // Bump block.timestamp forward to allow verifyWC proofs for migrated pods
         emit log("advancing block time to start of next epoch:");
@@ -34,4 +41,18 @@ abstract contract UpgradeTest is IntegrationCheckUtils {
         isUpgraded = true;
         emit log("_upgradeEigenLayerContracts: slashing upgrade complete");
     }
+
+    // Set the fork timestamp sufficiently in the future to keep using Deneb proofs
+    // `Prooftra.t.sol` will handle the Deneb -> Pectra transition
+    function _handlePectraFork() internal {
+        // 1. Set proof timestamp setter to operations multisig
+        cheats.prank(eigenPodManager.owner());
+        eigenPodManager.setProofTimestampSetter(address(operationsMultisig));
+
+        // 2. Set Proof timestamp
+        cheats.prank(eigenPodManager.proofTimestampSetter());
+        eigenPodManager.setPectraForkTimestamp(
+            type(uint64).max
+        );
+    }
 }