ERC20: enable a subnet's supply to be determined by an ERC20 token in the parent.

scripts/deploy-gateway.template.ts

@@ -1,8 +1,8 @@
 /* global ethers */
-/* eslint prefer-const: "off" */
 
-import hre, { ethers } from 'hardhat'
+/* eslint prefer-const: "off" */
 import { deployContractWithDeployer, getTransactionFees } from './util'
+import hre, { ethers } from 'hardhat'
 
 const { getSelectors, FacetCutAction } = require('./js/diamond.js')
 

scripts/deploy-libraries.ts

@@ -1,8 +1,8 @@
 /* global ethers */
-/* eslint prefer-const: "off" */
 
-import hre, { ethers } from 'hardhat'
+/* eslint prefer-const: "off" */
 import { deployContractWithDeployer, getTransactionFees } from './util'
+import hre, { ethers } from 'hardhat'
 
 export async function deploy() {
     await hre.run('compile')

src/SubnetActorDiamond.sol

@@ -10,16 +10,19 @@ import {IERC165} from "./interfaces/IERC165.sol";
 import {GatewayCannotBeZero, NotGateway, InvalidSubmissionPeriod, InvalidCollateral, InvalidMajorityPercentage, InvalidPowerScale} from "./errors/IPCErrors.sol";
 import {BATCH_PERIOD, MAX_MSGS_PER_BATCH} from "./structs/CrossNet.sol";
 import {LibDiamond} from "./lib/LibDiamond.sol";
-import {SubnetID, PermissionMode} from "./structs/Subnet.sol";
+import {PermissionMode, SubnetID, SupplyKind, SupplySource} from "./structs/Subnet.sol";
 import {SubnetIDHelper} from "./lib/SubnetIDHelper.sol";
 import {LibStaking} from "./lib/LibStaking.sol";
+import {IERC20} from "openzeppelin-contracts/token/ERC20/IERC20.sol";
+import {SupplySourceHelper} from "./lib/SupplySourceHelper.sol";
 
 error FunctionNotFound(bytes4 _functionSelector);
 
 contract SubnetActorDiamond {
     SubnetActorStorage internal s;
 
     using SubnetIDHelper for SubnetID;
+    using SupplySourceHelper for SupplySource;
 
     struct ConstructorParams {
         SubnetID parentId;
@@ -33,6 +36,7 @@ contract SubnetActorDiamond {
         uint256 minCrossMsgFee;
         int8 powerScale;
         PermissionMode permissionMode;
+        SupplySource supplySource;
     }
 
     constructor(IDiamond.FacetCut[] memory _diamondCut, ConstructorParams memory params) {
@@ -53,6 +57,8 @@ contract SubnetActorDiamond {
             revert InvalidPowerScale();
         }
 
+        params.supplySource.validate();
+
         LibDiamond.setContractOwner(msg.sender);
         LibDiamond.diamondCut({_diamondCut: _diamondCut, _init: address(0), _calldata: new bytes(0)});
 
@@ -91,6 +97,8 @@ contract SubnetActorDiamond {
         // The startConfiguration number is also 1 to match with nextConfigurationNumber, indicating we have
         // empty validator change logs
         s.changeSet.startConfigurationNumber = LibStaking.INITIAL_CONFIGURATION_NUMBER;
+        // Set the supply strategy.
+        s.supplySource = params.supplySource;
     }
 
     function _fallback() internal {

src/gateway/GatewayManagerFacet.sol

@@ -2,23 +2,29 @@
 pragma solidity 0.8.19;
 
 import {GatewayActorModifiers} from "../lib/LibGatewayActorStorage.sol";
+import {SubnetActorGetterFacet} from "../subnet/SubnetActorGetterFacet.sol";
 import {BURNT_FUNDS_ACTOR} from "../constants/Constants.sol";
 import {CrossMsg} from "../structs/CrossNet.sol";
 import {Status} from "../enums/Status.sol";
 import {FvmAddress} from "../structs/FvmAddress.sol";
-import {SubnetID, Subnet} from "../structs/Subnet.sol";
+import {SubnetID, Subnet, SupplySource} from "../structs/Subnet.sol";
+import {Membership, SupplyKind} from "../structs/Subnet.sol";
 import {AlreadyRegisteredSubnet, CannotReleaseZero, MethodNotAllowed, NotEnoughFunds, NotEnoughFundsToRelease, NotEnoughCollateral, NotEmptySubnetCircSupply, NotRegisteredSubnet, InvalidCrossMsgValue} from "../errors/IPCErrors.sol";
 import {LibGateway} from "../lib/LibGateway.sol";
 import {SubnetIDHelper} from "../lib/SubnetIDHelper.sol";
 import {CrossMsgHelper} from "../lib/CrossMsgHelper.sol";
 import {FilAddress} from "fevmate/utils/FilAddress.sol";
 import {ReentrancyGuard} from "../lib/LibReentrancyGuard.sol";
+import {IERC20} from "openzeppelin-contracts/token/ERC20/IERC20.sol";
+import {Address} from "openzeppelin-contracts/utils/Address.sol";
+import {SupplySourceHelper} from "../lib/SupplySourceHelper.sol";
 
 string constant ERR_CHILD_SUBNET_NOT_ALLOWED = "Subnet does not allow child subnets";
 
 contract GatewayManagerFacet is GatewayActorModifiers, ReentrancyGuard {
     using FilAddress for address payable;
     using SubnetIDHelper for SubnetID;
+    using SupplySourceHelper for SupplySource;
 
     /// @notice register a subnet in the gateway. It is called by a subnet when it reaches the threshold stake
     /// @dev The subnet can optionally pass a genesis circulating supply that would be pre-allocated in the
@@ -145,19 +151,53 @@ contract GatewayManagerFacet is GatewayActorModifiers, ReentrancyGuard {
             // prevent spamming if there's no value to fund.
             revert InvalidCrossMsgValue();
         }
+        // slither-disable-next-line unused-return
+        (bool registered, ) = LibGateway.getSubnet(subnetId);
+        if (!registered) {
+            revert NotRegisteredSubnet();
+        }
+
+        // Validate that the supply strategy is native.
+        SupplySource memory supplySource = SubnetActorGetterFacet(subnetId.getActor()).supplySource();
+        supplySource.expect(SupplyKind.Native);
+
         CrossMsg memory crossMsg = CrossMsgHelper.createFundMsg({
             subnet: subnetId,
             signer: msg.sender,
             to: to,
             value: msg.value,
-            fee: 0 // injecting funds into a subnet should is free
+            fee: 0 // injecting funds into a subnet is free
         });
 
         // commit top-down message.
         LibGateway.commitTopDownMsg(crossMsg);
     }
 
-    /// @notice release() burns the received value and releases them from this subnet onto the parent by committing a bottom-up message.
+    function fundWithToken(SubnetID calldata subnetId, FvmAddress calldata to, uint256 amount) external nonReentrant {
+        // Check that the supply strategy is ERC20.
+        // There is no need to check whether the subnet exists. If it doesn't exist, the call to getter will revert.
+        // LibGateway.commitTopDownMsg will also revert if the subnet doesn't exist.
+        SupplySource memory supplySource = SubnetActorGetterFacet(subnetId.getActor()).supplySource();
+        supplySource.expect(SupplyKind.ERC20);
+
+        // Lock the specified amount into custody.
+        supplySource.lock({value: amount});
+
+        // Create the top-down message to mint the supply in the subnet.
+        CrossMsg memory crossMsg = CrossMsgHelper.createFundMsg({
+            subnet: subnetId,
+            signer: msg.sender,
+            to: to,
+            value: amount,
+            fee: 0 // injecting funds into a subnet is free
+        });
+
+        // Commit top-down message.
+        LibGateway.commitTopDownMsg(crossMsg);
+    }
+
+    /// @notice release() burns the received value locally in subnet and commits a bottom-up message to release the assets in the parent.
+    ///         The local supply of a subnet is always the native coin, so this method doesn't have to deal with tokens.
     ///
     /// @param to: the address to which to credit funds in the parent subnet.
     function release(FvmAddress calldata to) external payable {

src/gateway/GatewayMessengerFacet.sol

@@ -5,20 +5,22 @@ import {GatewayActorModifiers} from "../lib/LibGatewayActorStorage.sol";
 import {BURNT_FUNDS_ACTOR} from "../constants/Constants.sol";
 import {CrossMsg, StorableMsg} from "../structs/CrossNet.sol";
 import {IPCMsgType} from "../enums/IPCMsgType.sol";
-import {SubnetID} from "../structs/Subnet.sol";
+import {SubnetID, SupplyKind} from "../structs/Subnet.sol";
 import {InvalidCrossMsgFromSubnet, InvalidCrossMsgDstSubnet, CannotSendCrossMsgToItself, InvalidCrossMsgValue, MethodNotAllowed} from "../errors/IPCErrors.sol";
 import {SubnetIDHelper} from "../lib/SubnetIDHelper.sol";
 import {LibGateway} from "../lib/LibGateway.sol";
 import {StorableMsgHelper} from "../lib/StorableMsgHelper.sol";
 import {FilAddress} from "fevmate/utils/FilAddress.sol";
+import {SupplySourceHelper} from "../lib/SupplySourceHelper.sol";
 
 string constant ERR_GENERAL_CROSS_MSG_DISABLED = "Support for general-purpose cross-net messages is disabled";
-string constant ERR_MULTILEVEL_CROSS_MSG_DISABLED = "Support for general-purpose cross-net messages is disabled";
+string constant ERR_MULTILEVEL_CROSS_MSG_DISABLED = "Support for multi-level cross-net messages is disabled";
 
 contract GatewayMessengerFacet is GatewayActorModifiers {
     using FilAddress for address payable;
     using SubnetIDHelper for SubnetID;
     using StorableMsgHelper for StorableMsg;
+    using SupplySourceHelper for address;
 
     /**
      * @dev sends a general-purpose cross-message from the local subnet to the destination subnet.
@@ -98,27 +100,44 @@ contract GatewayMessengerFacet is GatewayActorModifiers {
         SubnetID memory from = crossMessage.message.from.subnetId;
         IPCMsgType applyType = crossMessage.message.applyType(s.networkName);
 
-        // slither-disable-next-line uninitialized-local
-        bool shouldCommitBottomUp;
+        // Are we the LCA? (Lowest Common Ancestor)
+        bool isLCA = to.commonParent(from).equals(s.networkName);
 
+        // Even if multi-level messaging is enabled, we reject the xnet message
+        // as soon as we learn that one of the networks involved use an ERC20 supply source.
+        // This will block propagation on the first step, or the last step.
+        //
+        // TODO IPC does not implement fault handling yet, so if the message fails
+        //  to propagate, the user won't be able to reclaim funds. That's one of the
+        //  reasons xnet messages are disabled by default.
+
+        bool reject = false;
         if (applyType == IPCMsgType.BottomUp) {
-            shouldCommitBottomUp = !to.commonParent(from).equals(s.networkName);
+            // We're traversing up, so if we're the first hop, we reject if the subnet was ERC20.
+            // If we're not the first hop, a child propagated this to us, they made a mistake and
+            // and we don't have enough info to evaluate.
+            reject = from.getParentSubnet().equals(s.networkName) && from.getActor().hasSupplyOfKind(SupplyKind.ERC20);
+        } else if (applyType == IPCMsgType.TopDown) {
+            // We're traversing down.
+            // Check the next subnet (which can may be the destination subnet).
+            reject = to.down(s.networkName).getActor().hasSupplyOfKind(SupplyKind.ERC20);
         }
-
-        if (shouldCommitBottomUp) {
-            LibGateway.commitBottomUpMsg(crossMessage);
-
-            // gas-opt: original check: value > 0
-            return (shouldBurn = crossMessage.message.value != 0);
+        if (reject) {
+            revert MethodNotAllowed("propagation not suppported for subnets with ERC20 supply");
         }
 
-        if (applyType == IPCMsgType.TopDown) {
+        // If the directionality is top-down, or if we're inverting the direction
+        // because we're the LCA, commit a top-down message.
+        if (applyType == IPCMsgType.TopDown || isLCA) {
             ++s.appliedTopDownNonce;
+            LibGateway.commitTopDownMsg(crossMessage);
+            return (shouldBurn = false);
         }
 
-        LibGateway.commitTopDownMsg(crossMessage);
-
-        return (shouldBurn = false);
+        // Else, commit a bottom up message.
+        LibGateway.commitBottomUpMsg(crossMessage);
+        // gas-opt: original check: value > 0
+        return (shouldBurn = crossMessage.message.value != 0);
     }
 
     /**

src/gateway/GatewayRouterFacet.sol

@@ -10,7 +10,7 @@ import {Status} from "../enums/Status.sol";
 import {IPCMsgType} from "../enums/IPCMsgType.sol";
 import {SubnetID, Subnet, Validator, ValidatorInfo, ValidatorSet} from "../structs/Subnet.sol";
 import {IPCMsgType} from "../enums/IPCMsgType.sol";
-import {Membership} from "../structs/Subnet.sol";
+import {Membership, SupplySource} from "../structs/Subnet.sol";
 import {BatchNotCreated, InvalidBatchEpoch, BatchAlreadyExists, NotEnoughSubnetCircSupply, InvalidCheckpointEpoch} from "../errors/IPCErrors.sol";
 import {InvalidBatchSource, NotEnoughBalance, MaxMsgsPerBatchExceeded, BatchWithNoMessages, InvalidCheckpointSource, InvalidCrossMsgNonce, InvalidCrossMsgDstSubnet, CheckpointAlreadyExists} from "../errors/IPCErrors.sol";
 import {NotRegisteredSubnet, SubnetNotActive, SubnetNotFound, InvalidSubnet, CheckpointNotCreated} from "../errors/IPCErrors.sol";
@@ -23,6 +23,8 @@ import {FilAddress} from "fevmate/utils/FilAddress.sol";
 import {StakingChangeRequest, ParentValidatorsTracker} from "../structs/Subnet.sol";
 import {LibValidatorTracking, LibValidatorSet} from "../lib/LibStaking.sol";
 import {Address} from "openzeppelin-contracts/utils/Address.sol";
+import {SubnetActorGetterFacet} from "../subnet/SubnetActorGetterFacet.sol";
+import {SupplySourceHelper} from "../lib/SupplySourceHelper.sol";
 
 contract GatewayRouterFacet is GatewayActorModifiers {
     using FilAddress for address;
@@ -31,6 +33,7 @@ contract GatewayRouterFacet is GatewayActorModifiers {
     using StorableMsgHelper for StorableMsg;
     using LibValidatorTracking for ParentValidatorsTracker;
     using LibValidatorSet for ValidatorSet;
+    using SupplySourceHelper for SupplySource;
 
     /// @notice submit a verified checkpoint in the gateway to trigger side-effects.
     /// @dev this method is called by the corresponding subnet actor.
@@ -107,6 +110,7 @@ contract GatewayRouterFacet is GatewayActorModifiers {
         _applyMessages(subnet.id, batch.msgs);
 
         if (s.crossMsgRelayerRewards) {
+            // reward relayers in the subnet for committing the previous checkpoint
             // slither-disable-next-line unused-return
             Address.functionCallWithValue({
                 target: msg.sender,
@@ -169,68 +173,71 @@ contract GatewayRouterFacet is GatewayActorModifiers {
         return configurationNumber;
     }
 
-    /// @notice apply cross messages
+    /// @notice Applies top-down crossnet messages locally. This is invoked by IPC nodes when drawing messages from
+    ///         their parent subnet for local execution. That's why the sender is restricted to the system sender,
+    ///         because this method is implicitly invoked by the node during block production.
     function applyCrossMessages(CrossMsg[] calldata crossMsgs) external systemActorOnly {
-        _applyMessages(SubnetID(0, new address[](0)), crossMsgs);
+        _applyMessages(s.networkName.getParentSubnet(), crossMsgs);
     }
 
     /// @notice executes a cross message if its destination is the current network, otherwise adds it to the postbox to be propagated further
-    /// @param forwarder - the subnet that handles the cross message
+    /// @param arrivingFrom - the immediate subnet from which this message is arriving
     /// @param crossMsg - the cross message to be executed
-    function _applyMsg(SubnetID memory forwarder, CrossMsg memory crossMsg) internal {
+    function _applyMsg(SubnetID memory arrivingFrom, CrossMsg memory crossMsg) internal {
         if (crossMsg.message.to.subnetId.isEmpty()) {
             revert InvalidCrossMsgDstSubnet();
         }
-        if (crossMsg.message.method == METHOD_SEND) {
-            if (crossMsg.message.value > address(this).balance) {
-                revert NotEnoughBalance();
-            }
+
+        // If the crossnet destination is NOT the current network (network where the gateway is running),
+        // we add it to the postbox for further propagation.
+        if (!crossMsg.message.to.subnetId.equals(s.networkName)) {
+            bytes32 cid = crossMsg.toHash();
+            s.postbox[cid] = crossMsg;
+            return;
         }
 
+        // Now, let's find out the directionality of this message and act accordingly.
+        // slither-disable-next-line uninitialized-local
+        SupplySource memory supplySource;
         IPCMsgType applyType = crossMsg.message.applyType(s.networkName);
-
-        // If the cross-message destination is the current network.
-        if (crossMsg.message.to.subnetId.equals(s.networkName)) {
-            if (applyType == IPCMsgType.BottomUp) {
-                if (!forwarder.isEmpty()) {
-                    (bool registered, Subnet storage subnet) = LibGateway.getSubnet(forwarder);
-                    if (!registered) {
-                        revert NotRegisteredSubnet();
-                    }
-                    if (subnet.appliedBottomUpNonce != crossMsg.message.nonce) {
-                        revert InvalidCrossMsgNonce();
-                    }
-
-                    subnet.appliedBottomUpNonce += 1;
-                }
+        if (applyType == IPCMsgType.BottomUp) {
+            // Load the subnet this message is coming from. Ensure that it exists and that the nonce expectation is met.
+            (bool registered, Subnet storage subnet) = LibGateway.getSubnet(arrivingFrom);
+            if (!registered) {
+                revert NotRegisteredSubnet();
             }
-
-            if (applyType == IPCMsgType.TopDown) {
-                if (s.appliedTopDownNonce != crossMsg.message.nonce) {
-                    revert InvalidCrossMsgNonce();
-                }
-                s.appliedTopDownNonce += 1;
+            if (subnet.appliedBottomUpNonce != crossMsg.message.nonce) {
+                revert InvalidCrossMsgNonce();
             }
+            subnet.appliedBottomUpNonce += 1;
+
+            // The value carried in bottom-up messages needs to be treated according to the supply source
+            // configuration of the subnet.
+            supplySource = SubnetActorGetterFacet(subnet.id.getActor()).supplySource();
+        } else if (applyType == IPCMsgType.TopDown) {
+            // Note: there is no need to load the subnet, as a top-down application means that _we_ are the subnet.
+            if (s.appliedTopDownNonce != crossMsg.message.nonce) {
+                revert InvalidCrossMsgNonce();
+            }
+            s.appliedTopDownNonce += 1;
 
-            // slither-disable-next-line unused-return
-            crossMsg.execute();
-            return;
+            // The value carried in top-down messages locally maps to the native coin, so we pass over the
+            // native supply source.
+            supplySource = SupplySourceHelper.native();
         }
 
-        // when the destination is not the current network we add it to the postbox for further propagation
-        bytes32 cid = crossMsg.toHash();
-
-        s.postbox[cid] = crossMsg;
+        // slither-disable-next-line unused-return
+        crossMsg.execute(supplySource);
     }
 
     /// @notice applies a cross-net messages coming from some other subnet.
     /// The forwarder argument determines the previous subnet that submitted the checkpoint triggering the cross-net message execution.
-    /// @param forwarder - the subnet that handles the messages
+    /// @param arrivingFrom - the immediate subnet from which this message is arriving
     /// @param crossMsgs - the cross-net messages to apply
-    function _applyMessages(SubnetID memory forwarder, CrossMsg[] memory crossMsgs) internal {
+    function _applyMessages(SubnetID memory arrivingFrom, CrossMsg[] memory crossMsgs) internal {
         uint256 crossMsgsLength = crossMsgs.length;
         for (uint256 i; i < crossMsgsLength; ) {
-            _applyMsg(forwarder, crossMsgs[i]);
+            _applyMsg(arrivingFrom, crossMsgs[i]);
             unchecked {
                 ++i;
             }