feat(trading-proto-upgrade): PoC

[artemii235]

Implemented EtomicSwapV2 contract containing functions needed to support Trading Protocol Upgrade V2.

[shamardy]

Only one comment at this stage to understand the proposed workflow better :)

[laruh]

I suppose we can remove merge script from package.json, as we dont use sol-merge lib bcz its unnecessary.
And change "clean": "rm -rf merge" to "clean": "npx hardhat clean".

https://github.com/KomodoPlatform/etomic-swap/blob/trading-proto-upgrade-v2-poc/package.json#L8-L9

[laruh]

@shamardy in dm with @artemii235 we discussed that I will add nft swap V2 methods in trading proto upgrade V2 branch.
But I see that PR is already open, will it be easier for you to review nft V2 methods in separate PR or its ok if I add nft swaps V2 implementation in trading proto V2 branch?

[laruh]

could you please change your tests ordering according current order in dev?

[laruh]

same for contract methods

[artemii235]

@shamardy @laruh
I had to do quite big refactoring to move new functionality to a separate smart contract. It's needed because we have hit contract size limit introduced in EIP-170. Could you review the PR again, please?

[laruh]

Thanks a lot for moving V2 ops to the new smart contract! Its better.

I have the first brief notes

[laruh]

more notes

[artemii235]

@laruh All notes are fixed, please review one more time 🙂

[laruh]

Thanks for the fixes!
@artemii235 I suggest to add additional layers of security.

First is to use SafeERC20 wrapper for ERC20
Reference: https://forum.openzeppelin.com/t/making-sure-i-understand-how-safeerc20-works/2940

SafeERC20 addresses the inconsistencies and safety concerns when interacting with ERC20 tokens that do not strictly adhere to the standard's expected return values. It wraps ERC20 operations to ensure that failures are handled correctly, preventing tokens from being permanently locked in contracts due to non-standard compliant return values. This utility is particularly valuable when dealing with a wide range of ERC20 tokens, including those that may not return a boolean value on success or failure, as expected per the ERC20 standard.
The forum discussions (link above) around SafeERC20 clarify its role in safely interacting with ERC20 tokens, ensuring that operations like transfers and approvals are executed as intended without risking the loss of tokens.

Second is to add ReentrancyGuard impl to EtomicSwapV2 and apply nonReentrant to erc20MakerPayment and erc20TakerPayment functions.
Ref:
https://docs.openzeppelin.com/contracts/5.x/api/utils#ReentrancyGuard
https://spin.atomicobject.com/reentrancy-guard-smart-contracts/
https://ethereum.stackexchange.com/questions/149283/when-should-i-use-reentrancyguard-in-a-smart-contract

The use of ReentrancyGuard is advocated to prevent reentrancy attacks, which are a critical vulnerability in smart contracts, especially those handling external calls that could be exploited to drain contract funds. ReentrancyGuard provides a straightforward and effective mechanism to prevent such attacks by using a simple state variable to block reentrant calls.
To sum up, ReentrancyGuard is an additional layer for CEI Pattern to prevent reentrancy attack.

So you will have this:

import "@openzeppelin/contracts/utils/ReentrancyGuard.sol";
import "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";

contract EtomicSwapV2 is ReentrancyGuard {
    using SafeERC20 for IERC20;

    function erc20MakerPayment(
        bytes32 id,
        uint256 amount,
        address tokenAddress,
        address taker,
        bytes20 takerSecretHash,
        bytes20 makerSecretHash,
        uint32 paymentLockTime
    ) external nonReentrant {
    // code
    }
    
    function erc20TakerPayment(
        bytes32 id,
        uint256 amount,
        uint256 dexFee,
        address tokenAddress,
        address receiver,
        bytes20 takerSecretHash,
        bytes20 makerSecretHash,
        uint32 immediateRefundLockTime,
        uint32 paymentLockTime
    ) external nonReentrant {
    // code
    }

[laruh]

non blocking notes

[laruh]

Could you create etomicSwapRunners in this test please

[laruh]

Here too, use etomicSwap runners for 0 and 1 account, please

[laruh]

I have questions about Taker / Maker methods and their taker / maker secret params.

[laruh]

Q1: Why in refundMakerPaymentTimelock function we use bytes20 takerSecretHash parameter, but in refundMakerPaymentSecret we provide bytes32 takerSecret (not hash)?

Q2: and actually both refundMakerPaymentSecret and refundTakerPaymentSecret utilize bytes32 takerSecret. why we dont use makerSecret in refund methods?

[artemii235]

takerSecret and makerSecret are generated by Taker and Maker, respectively. takerSecret is used for immediate refund path, while makerSecret is used for spending path.

If timelock refund path is used, it typically means that taker didn't reveal his secret. So, takerSecretHash is used just to calculate paymentHash in the function.

[artemii235]

@laruh Could you please leave your notes in a single review? I don't really see a reason to create 3 review iterations in a day when it could be easily one.

[artemii235]

@laruh
I will read more about SafeERC20 and likely add it to the contract.

As per ReentrancyGuard, our implementation already follows CEI pattern: it changes state and emits events before transferring ETH/calling other contracts. Making function nonReentrant also increases gas used by ~2500, so I don't think it is really needed.

[shamardy]

Thank you for the changes! Next review iteration where I have some notes/questions that might optimize the gas used by the contract a bit, I guess there can be other places for optimizations that I missed.

[shamardy]

Should we start using sha256 only to reduce gas consumption. We already support sha256 secret hash in the defi framework.
P.S. we should start taking gas reduction into consideration before deploying the new contract ref. KomodoPlatform/komodo-defi-framework#1857 (comment) . Also, if this issue KomodoPlatform/komodo-defi-framework#1857 can be solved without additional gas cost it would be good to do it in v2 contract since we couldn't do it for backward compatibility issues before.

[artemii235]

Good note, I will test a case without additional ripemd160 call and post results here later.

[artemii235]

So, with ripemd160, spendMakerPayment gas usage is 50697 (ERC-20), with 32 bytes secret hash (sha256-only): 49271. It comes with ~200 gas increase of erc20MakerPayment, but overall it should be beneficial. I pushed the changes.

[shamardy]

do we really need to make zero address part of eth payment hash? I guess if removed we would need to duplicate a lot of functions, e.g. 2 spendMakerPayment functions, one for erc20 and one for eth.

[artemii235]

Yeah, having this address(0) allows using a single spend/refund function. So, if we remove it, we will have more boilerplate code with questionable benefit, IMHO 🙂

[laruh]

@shamardy @laruh I had to do quite big refactoring to move new functionality to a separate smart contract. It's needed because we have hit contract size limit introduced in EIP-170. Could you review the PR again, please?

Hmmm I realized that adding nft swap V2 methods in EtomicSwapV2 can lead to the same issue.

[artemii235]

@laruh Yeah, I propose to create a separate EtomicSwapNFT contract as workaround 🙂

[laruh]

Next review iteration

[artemii235]

@laruh @shamardy I've fixed all review notes 🙂

Please note that SafeERC20 usage increases gas consumption:

1. erc20MakerPayment uses 92233 gas (~1200 increase).
2. spendMakerPayment uses 50418 gas (Also ~1200 increase).

[laruh]

Q: you removed takerSecret from event MakerPaymentRefundedSecret, but left it in event TakerPaymentRefundedSecret. Is it in purpose? or you just missed it?

[shamardy]

Related #6 (comment), we only need it for taker refund so that the maker can use it to refund their payment.

[laruh]

LGTM!

[shamardy]

Last review from my side! Just some nits and one question/suggestion!

[artemii235]

@shamardy Review notes are fixed 🙂

[shamardy]

🔥

[shamardy]

It's ironic that after adding this change I can see that there is no actual need for timelock refund if TakerPaymentState is PaymentSent since refund using taker secret can work anytime when TakerPaymentState is PaymentSent, this at least adds a mitigation in case the taker loses their secret due to any problem which was one of the reasons we added timelocked refund for the funding transaction when designing the protocol IIRC. Just a note and not a change request :)