feat: withdrawal credentials

[mkurayan]

Summary

This PR introduces an early-stage prototype for a potential implementation of EIP-7685: General Purpose Execution Layer Requests. Specifically, it implements EIP-7002: Execution Layer Triggerable Withdrawals within the Lido WithdrawalVault contract, which serves as the withdrawal credentials address for Lido validators.

Approach

The implementation follows the first approach outlined in the ADR for Withdrawal Credentials Contract. This approach was selected due to the following advantages:

• Clear and specific interfaces: Each request type has a dedicated, well-defined interface.
• Custom logic and parameter validation: Request methods can validate parameters and incorporate tailored logic as needed.
• Granularity and modularity: WithdrawalCredentials contracts, such as the existing Lido WithdrawalVault and future Vaults, can expose only the necessary subset of request handlers. This allows for unique permission models and specialized logic.

Implementation Details

In this iteration, the WithdrawalVault contract supports only full withdrawal requests. Partial withdrawals are not included because they are not part of the proposed Triggerable Withdrawal V1 implementation within the Lido protocol.

The following pseudo-code demonstrates the approach:

library TriggerableWithdrawals {
    // Address of the EIP-7002 pre-deployed contract.
    address constant WITHDRAWAL_REQUEST = 0x0c15...;

    function addFullWithdrawalRequests(
        bytes[] calldata pubkeys,
        uint256 totalWithdrawalFee
    ) internal {
        // Implementation omitted for brevity.
        // WITHDRAWAL_REQUEST.call{value: fee}(withdrawalRequests);
    }
    
    function addPartialWithdrawalRequests(
        bytes[] calldata pubkeys,
        uint64[] calldata amounts,
        uint256 totalWithdrawalFee
    ) internal {
        // Implementation omitted for brevity.
        // WITHDRAWAL_REQUEST.call{value: fee}(withdrawalRequests);
    }
}

contract WithdrawalVault {
    function addFullWithdrawalRequests(
        bytes[] calldata pubkeys
    ) external payable {
        if (msg.sender != address(VALIDATORS_EXIT_BUS)) {
            revert NotValidatorExitBus();
        }

        TriggerableWithdrawals.addFullWithdrawalRequests(pubkeys, msg.value);
    }
}

Key Considerations

The modular design of separate libraries for different withdrawal request types ensures that withdrawal credentials contracts can import and use only the minimal functionality required. For example:

• Contract A: Supports only full withdrawal requests.
• Contract B: Supports full withdrawals, partial withdrawals, and consolidation requests.

Notes

This PR is an initial prototype and is subject to further iterations based on feedback and evolving requirements.

[github-actions]

Hardhat Unit Tests Coverage Summary

Filename                                                       Stmts    Miss  Cover    Missing
-----------------------------------------------------------  -------  ------  -------  ---------
contracts/0.4.24/Lido.sol                                        212       0  100.00%
contracts/0.4.24/StETH.sol                                        72       0  100.00%
contracts/0.4.24/StETHPermit.sol                                  15       0  100.00%
contracts/0.4.24/lib/Packed64x4.sol                                5       0  100.00%
contracts/0.4.24/lib/SigningKeys.sol                              36       0  100.00%
contracts/0.4.24/lib/StakeLimitUtils.sol                          37       0  100.00%
contracts/0.4.24/nos/NodeOperatorsRegistry.sol                   512       0  100.00%
contracts/0.4.24/oracle/LegacyOracle.sol                          72       0  100.00%
contracts/0.4.24/utils/Pausable.sol                                9       0  100.00%
contracts/0.4.24/utils/Versioned.sol                               5       0  100.00%
contracts/0.6.12/WstETH.sol                                       17       0  100.00%
contracts/0.8.4/WithdrawalsManagerProxy.sol                       61       0  100.00%
contracts/0.8.9/BeaconChainDepositor.sol                          21       2  90.48%   48, 51
contracts/0.8.9/Burner.sol                                        71       0  100.00%
contracts/0.8.9/DepositSecurityModule.sol                        128       0  100.00%
contracts/0.8.9/EIP712StETH.sol                                   16       0  100.00%
contracts/0.8.9/LidoExecutionLayerRewardsVault.sol                16       0  100.00%
contracts/0.8.9/LidoLocator.sol                                   18       0  100.00%
contracts/0.8.9/OracleDaemonConfig.sol                            28       0  100.00%
contracts/0.8.9/StakingRouter.sol                                316       0  100.00%
contracts/0.8.9/WithdrawalQueue.sol                               88       0  100.00%
contracts/0.8.9/WithdrawalQueueBase.sol                          146       0  100.00%
contracts/0.8.9/WithdrawalQueueERC721.sol                         89       0  100.00%
contracts/0.8.9/WithdrawalVault.sol                               40       0  100.00%
contracts/0.8.9/lib/Math.sol                                       4       0  100.00%
contracts/0.8.9/lib/PositiveTokenRebaseLimiter.sol                22       0  100.00%
contracts/0.8.9/lib/UnstructuredRefStorage.sol                     2       0  100.00%
contracts/0.8.9/oracle/AccountingOracle.sol                      190       2  98.95%   189-190
contracts/0.8.9/oracle/BaseOracle.sol                             89       1  98.88%   397
contracts/0.8.9/oracle/HashConsensus.sol                         263       1  99.62%   1005
contracts/0.8.9/oracle/ValidatorsExitBusOracle.sol                91      91  0.00%    96-461
contracts/0.8.9/proxy/OssifiableProxy.sol                         17       0  100.00%
contracts/0.8.9/sanity_checks/OracleReportSanityChecker.sol      232       0  100.00%
contracts/0.8.9/utils/DummyEmptyContract.sol                       0       0  100.00%
contracts/0.8.9/utils/PausableUntil.sol                           31       0  100.00%
contracts/0.8.9/utils/Versioned.sol                               11       0  100.00%
contracts/0.8.9/utils/access/AccessControl.sol                    23       0  100.00%
contracts/0.8.9/utils/access/AccessControlEnumerable.sol           9       0  100.00%
contracts/testnets/sepolia/SepoliaDepositAdapter.sol              21      21  0.00%    49-100
TOTAL                                                           3035     118  96.11%

Diff against master

Filename                               Stmts    Miss  Cover
-----------------------------------  -------  ------  --------
contracts/0.8.9/WithdrawalVault.sol      +19       0  +100.00%
TOTAL                                    +19       0  +0.02%

Results for commit: 6cdc711

Minimum allowed coverage is 95%

♻️ This comment has been updated with latest results

[folkyatina]

Doesn't fee increase with each request?

[mkurayan]

No, the fee will not increase with each request. Inside the transaction, all requests will have the same fee.

EIP 7002 uses block-by-block behavior.

If block N processes X requests, then at the end of block N the number of withdrawal requests that the chain has processed relative to the “targeted” number increases by X - TARGET_WITHDRAWAL_REQUESTS_PER_BLOCK, and so the fee in block N+1 increases by a factor of e**((X - TARGET_WITHDRAWAL_REQUESTS_PER_BLOCK) / WITHDRAWAL_REQUEST_FEE_UPDATE_FRACTION).

[folkyatina]

Still see some potential for improvement

[tamtamchik]

Looks good! Minor comments about library placement, constant WITHDRAWAL_REQUEST (may be immutable), and some style fixes suggestions.

[tamtamchik]

Added some suggestions to errors naming, to prevent clashing