feat: add escape hatch to trusted gateways

Signed-off-by: Gustavo Inacio <[email protected]>

crates/config/maximal-config-example.toml

@@ -124,6 +124,11 @@ max_receipt_value_grt = "0.001" # 0.001 GRT. We use strings to prevent rounding
 # max_amount_willing_to_lose_grt = "0.1"
 max_amount_willing_to_lose_grt = 20
 
+# List of Gateways that are allowed to spend up to `max_amount_willing_to_lose_grt`
+# over the escrow balance
+trusted_gateways = ["0xdeadbeefcafebabedeadbeefcafebabedeadbeef"]
+
+
 # Receipts query timeout
 sender_timeout_secs = 30
 

crates/config/src/config.rs

@@ -2,7 +2,7 @@
 // SPDX-License-Identifier: Apache-2.0
 
 use std::{
-    collections::HashMap,
+    collections::{HashMap, HashSet},
     env,
     net::{Ipv4Addr, SocketAddr, SocketAddrV4},
     path::PathBuf,
@@ -382,6 +382,10 @@ pub struct TapConfig {
     pub sender_timeout_secs: Duration,
 
     pub sender_aggregator_endpoints: HashMap<Address, Url>,
+
+    /// gateways that are allowed to spend up to
+    /// `max_amount_willing_to_lose_grt` over the escrow balance
+    pub trusted_gateways: HashSet<Address>,
 }
 
 #[derive(Debug, Deserialize)]

crates/tap-agent/src/agent/sender_account.rs

@@ -317,6 +317,10 @@ pub struct State {
     // reset in case of a successful response
     backoff_info: BackoffInfo,
 
+    /// Allows the gateway to go over escrow balance
+    /// limited to `max_amount_willing_to_lose_grt`
+    trusted_gateway: bool,
+
     // Config forwarded to [SenderAllocation]
     config: &'static SenderAccountConfig,
 }
@@ -343,6 +347,9 @@ pub struct SenderAccountConfig {
     ///
     /// This is reached if the database is too slow
     pub tap_sender_timeout: Duration,
+    /// Gateways that are allowed to spend up to
+    /// `max_amount_willing_to_lose_grt` over the escrow balance
+    pub trusted_gateways: HashSet<Address>,
 }
 
 impl SenderAccountConfig {
@@ -357,6 +364,7 @@ impl SenderAccountConfig {
             trigger_value: config.tap.get_trigger_value(),
             rav_request_timeout: config.tap.rav_request.request_timeout_secs,
             tap_sender_timeout: config.tap.sender_timeout_secs,
+            trusted_gateways: config.tap.trusted_gateways.clone(),
         }
     }
 }
@@ -531,9 +539,16 @@ impl State {
     fn deny_condition_reached(&self) -> bool {
         let pending_ravs = self.rav_tracker.get_total_fee();
         let unaggregated_fees = self.sender_fee_tracker.get_total_fee();
-        let pending_fees_over_balance =
-            U256::from(pending_ravs + unaggregated_fees) >= self.sender_balance;
         let max_amount_willing_to_lose = self.config.max_amount_willing_to_lose_grt;
+
+        // if it's a trusted gateway, allow to spend up to max_amount_willing_to_lose
+        let balance = if self.trusted_gateway {
+            self.sender_balance + U256::from(max_amount_willing_to_lose)
+        } else {
+            self.sender_balance
+        };
+
+        let pending_fees_over_balance = U256::from(pending_ravs + unaggregated_fees) >= balance;
         let invalid_receipt_fees = self.invalid_receipts_tracker.get_total_fee();
         let total_fee_over_max_value =
             unaggregated_fees + invalid_receipt_fees >= max_amount_willing_to_lose;
@@ -841,6 +856,7 @@ impl Actor for SenderAccount {
             aggregator_v1,
             aggregator_v2,
             backoff_info: BackoffInfo::default(),
+            trusted_gateway: config.trusted_gateways.contains(&sender_id),
             config,
         };
 

crates/tap-agent/src/test.rs

@@ -93,6 +93,7 @@ pub fn get_sender_account_config() -> &'static SenderAccountConfig {
         indexer_address: INDEXER.1,
         escrow_polling_interval: ESCROW_POLLING_INTERVAL,
         tap_sender_timeout: Duration::from_secs(63),
+        trusted_gateways: HashSet::new(),
     }))
 }
 
@@ -122,6 +123,7 @@ pub async fn create_sender_account(
         indexer_address: INDEXER.1,
         escrow_polling_interval: Duration::default(),
         tap_sender_timeout: TAP_SENDER_TIMEOUT,
+        trusted_gateways: HashSet::new(),
     }));
 
     let network_subgraph = Box::leak(Box::new(