For phase 0 contracts, please refer to here.
Non-custodial seed node staking in Zilliqa as described in ZIP-11 makes use of four contracts written in Scilla. This repository is the central portal that collates together the contracts, documentations around them, unit tests, and scripts to deploy and run the contracts on the network.
In the sections below, we describe in detail: 1) the purpose of each contract, 2) their structure and specifications, 3) running unit tests for the contracts.
- Overview
- SSNList Contract Specification
- SSNListProxy Contract Specification
- gZILToken Contract Specification
- Multi-signature Wallet Contract Specification
The table below summarizes the purpose of the four contracts that ZIP-11 will broadly use:
Contract Name | File and Location | Description |
---|---|---|
SSNList | ssnlist.scilla |
The main contract that keeps track of Staked Seed Nodes aka SSNs, the delegators, the amount staked by a delegator with an SSN, and available rewards, etc. |
SSNListProxy | proxy.scilla |
A proxy contract that sits on top of the SSNList contract. Any call to the SSNList contract must come from SSNListProxy . This contract facilitates upgradeability of the SSNList contract in case a bug is found. |
Wallet | multisig_wallet.scilla |
A multisig wallet contract tailored to work with the SSNListproxy contract. Certain transitions in the SSNListProxy contract can only be invoked when k-out-of-n users have agreed to do so. This logic is handled using the Wallet contract. |
gZILToken | gzil.scilla |
A ZRC-2 compliant fungible token contract. gZIL tokens represent governance tokens. They are issued alongside staking rewards whenever a delegator withdraws her staking rewards. |
The SSNList
contract is the main contract that is central to the entire staking
infrastructure.
The table below describes the roles and privileges that this contract defines:
Role | Description & Privileges |
---|---|
ssn |
A registered SSN that provides the seed node service and gets rewarded for the service. An SSN can only be registered by the admin . |
verifier |
An entity that checks the health of SSNs and rewards them accordingly for their service. |
admin |
The administrator of the contract. admin is a multisig wallet contract (i.e., an instance of Wallet ). |
initiator |
The user who calls the SSNListProxy that in turns call the SSNList contract. |
delegator |
A token holder who wishes to delegate her tokens to an SSN for staking. The delegator earns a portion of the reward that the SSN receives. |
The contract defines and uses several custom ADTs that we describe below:
- SSN Data Type:
type Ssn =
| Ssn of Bool Uint128 Uint128 String String String Uint128 Uint128 Uint128 ByStr20
(* Each SSN has the following fields: *)
(* ActiveStatus : Bool *)
(* Represents whether the SSN has the minimum stake amount and therefore ready to participate in staking and receive rewards. *)
(* StakeAmount : Uint128 *)
(* Total stake that can be used for reward calculation. *)
(* StakeRewards : Uint128 *)
(* (Unwithdrawn) Reward accumulated so far across all cycles. It only includes the reward that the SSN can distribute to its delegators. It does not include SSN's own commission. *)
(* Name : String *)
(* A human-readable name for this SSN. *)
(* URLRaw : String *)
(* Represents "ip:port" of the SSN serving raw API requests. *)
(* URLApi : String *)
(* Representing URL exposed by SSN serving public API requests. *)
(* BufferedDeposit : Uint128 *)
(* Stake deposit that cannot be counted as a part of reward calculation for the ongoing reward cycle. But, to be considered for the next one. *)
(* Commission : Uint128 *)
(* Percentage of incoming rewards that the SSN takes. Represented as an integer. If the commission is 10.5%, then it is multiplied by 10^7 and then resulting integer is set as commission. The assumption is that the percentage is up to 7 decimal places. *)
(* CommissionRewards : Uint128 *)
(* Number of ZILs earned as commission by the SSN. *)
(* ReceivingAddress : ByStr20 *)
(* Address to be used to receive commission. *)
- SSNRewardShare Data Type:
type SsnRewardShare =
| SsnRewardShare of ByStr20 Uint128
(* SSNRewardShare has the following fields: *)
(* SSNAddress : ByStr20 *)
(* Address of the SSN. *)
(* RewardShare : Uint128 *)
(* This is the integer representation of the reward assigned by the verifier to this SSN for this cycle. *)
It's floor(NumberOfDSEpochsInCurrentCycle * 110,000 * VerificationPassed) *)
- SsnStakeRewardShare Data Type:
type SsnStakeRewardShare =
| SsnStakeRewardShare of ByStr20 Uint128 Uint128
(* SSNAddress : ByStr20 *)
(* Address of the SSN. *)
(* CycleReward : Uint128 *)
(* Integer representation of reward assigned by the verifier to this SSN for this cycle. *)
(* TotalStakeAmount : Uint128 *)
(* Total stake amount at a specific cycle. *)
- SSNCycleInfo Data Type:
type SSNCycleInfo =
| SSNCycleInfo of Uint128 Uint128
(* Each SSNCycleInfo has the following fields: *)
(* TotalStakeDuringTheCycle : Uint128 *)
(* Represents the amount staked during this cycle for the given SSN. *)
(* TotalRewardEarnedDuringTheCycle : Uint128 *)
(* Represents the total reward earned during this cycle for the given SSN. *)
- Error Data Type:
type Error =
| ContractFrozenFailure (* Contract is paused *)
| VerifierValidationFailed (* Initiator is not verifier *)
| AdminValidationFailed (* Initiator is not admin *)
| ProxyValidationFailed (* Caller is not proxy *)
| DelegDoesNotExistAtSSN (* Delegator does not exist at the given SSN *)
| DelegHasBufferedDeposit (* Delegator has some buffered deposit. *)
| ChangeCommError (* Commission could not be changed *)
| SSNNotExist (* SSN does not exist *)
| SSNAlreadyExist (* SSN already exists *)
| DelegHasUnwithdrawnRewards (* Delegator has unwithdrawn Rewards *)
| DelegHasNoSufficientAmt (* Delegator does not have sufficient amount to withdraw *)
| SSNNoComm (* SSN has no commission left to withdraw *)
| DelegStakeNotEnough (* Delegator's stake is not above minimum *)
| ExceedMaxChangeRate (* SSN is trying to modify the commission rate by over 1% *)
| ExceedMaxCommRate (* SSN is trying to set the commission rate greater than the allowed max *)
| InvalidTotalAmt (* Error when the total stake amount is being decreased by an illegal amount *)
| VerifierNotSet (* Verifier's address is not set in the field *)
| VerifierRecvAddrNotSet (* Verifier's reward address address is not set in the field *)
| ReDelegInvalidSSNAddr (* Delegator cannot redelegate to same SSN address *)
The table below lists the parameters that are defined at the contract deployment time and hence cannot be changed later on.
Name | Type | Description |
---|---|---|
init_admin |
ByStr20 |
The initial admin of the contract. |
init_proxy_address |
ByStr20 |
The initial address of the SSNListProxy contract. |
init_gzil_address |
ByStr20 |
Address of the gZILToken contract. |
The table below presents the mutable fields of the contract and their initial values.
Name | Type | Initial Value | Description |
---|---|---|---|
ssnlist |
Map ByStr20 Ssn |
Emp ByStr20 Ssn |
Mapping between SSN addresses and the corresponding Ssn information. |
comm_for_ssn |
Map ByStr20 (Map Uint32 Uint128) |
Emp ByStr20 (Map Uint32 Uint128) |
Map (SSNAddress -> Map (RewardCycleNum -> Commission)) This Map is not used for computing commission fee for an SSN. Its purpose is to act as a placeholder to prevent SSN operators from changing their commission rate multiple times within one reward cycle. |
deposit_amt_deleg |
Map ByStr20 (Map ByStr20 Uint128) |
Emp ByStr20 (Map ByStr20 Uint128) |
Map (DelegatorAddress -> Map (SSNAddress -> AmoutDelegated)) |
ssn_deleg_amt |
Map ByStr20 (Map ByStr20 Uint128) |
Emp ByStr20 (Map ByStr20 Uint128) |
Map (SSNAddress -> Map (DelegatorAddress -> AmountDelegated)) This map does not affect any of the contract operation. It is introduced so that wallet developers can easily query the deposit amount given by a delegator. |
buff_deposit_deleg |
Map ByStr20 (Map ByStr20 (Map Uint32 Uint128)) |
Emp ByStr20 (Map ByStr20 (Map Uint32 Uint128)) |
Map (DelegatorAddress -> Map (SSNAddress -> Map (RewardCycleNum -> BufferedStakeAmount))) |
direct_deposit_deleg |
Map ByStr20 (Map ByStr20 (Map Uint32 Uint128)) |
Emp ByStr20 (Map ByStr20 (Map Uint32 Uint128)) |
Map (DelegatorAddress -> Map (SSNAddress -> Map (RewardCycleNum -> UnBufferedStakeAmount))) |
last_withdraw_cycle_deleg |
Map ByStr20 (Map ByStr20 Uint32)) |
Emp ByStr20 (Map ByStr20 Uint32)) |
Map (DelegatorAddress -> Map (SSNAddress -> RewardCycleWhenLastWithdrawn)) . For a new delegator that has never deposited any stake for this SSN, this field will store the reward cycle number during which the delegator successfully deposited its stake. |
last_buf_deposit_cycle_deleg |
Map ByStr20 (Map ByStr20 Uint32)) |
Emp ByStr20 (Map ByStr20 Uint32)) |
Map (DelegatorAddress -> Map (SSNAddress -> RewardCycleWhenLastDeposited)) |
stake_ssn_per_cycle |
Map ByStr20 (Map Uint32 SSNCycleInfo)) |
Emp ByStr20 (Map Uint32 SSNCycleInfo)) |
Map (SSNAddress -> Map (RewardCycleNum -> SSNCycleInfo)) . Note that this data type contains information that corresponds to the end of the cycle when the verifier has distributed the reward. It could therefore be different from the information stored in ssnlist particularly its stake field which gets updated in the middle of a cycle. |
withdrawal_pending |
Map ByStr20 (Map BNum Uint128) |
Emp ByStr20 (Map BNum Uint128) |
Map (DelegatorAddress -> (BlockNumberWhenRewardWithdrawalRequested -> Amount )) |
bnum_req |
Uint128 |
Uin128 24000 |
Bonding period in terms of number of blocks. Set to be equivalent to 14 days. |
verifier |
Option ByStr20 |
None {ByStr20} |
The address of the verifier . |
verifier_receiving_addr |
Option ByStr20 |
None {ByStr20} |
The address to receive verifier's rewards. |
minstake |
Uint128 |
Uin128 10000000000000000000 |
Minimum stake required to activate an SSN (1 mil ZIL expressed in Qa , where 1 ZIL = 10^12 Qa ). |
mindelegstake |
Uint128 |
Uin128 10000000000000 |
Minimum stake for a delegator (10 ZIL expressed in Qa where 1 ZIL = 10^12 Qa). |
contractadmin |
ByStr20 |
init_admin |
Address of the administrator of this contract. |
proxyaddr |
ByStr20 |
init_proxy_address |
Address of the proxy contract. |
gziladdr |
ByStr20 |
init_gzil_address |
Address of the gzil contract. |
lastrewardcycle |
Uint32 |
Uint32 1 |
The block number when the last reward was distributed. |
paused |
ByStr20 |
True |
A flag to record the paused status of the contract. Certain transitions in the contract cannot be invoked when the contract is paused. |
maxcommchangerate |
Uint128 |
Uint128 1 |
The maximum rate change that an SSN is allowed to make across cycles. Set to 1%. |
maxcommrate |
Uint128 |
Uint128 1000000000 |
The maximum commission rate that an SSN can charge. Set to 100% but represented as an integer multiplied by 10^7. This prevents SSN from setting commission beyond 100%. |
totalstakeamount |
Uint128 |
Uint128 0 |
The total amount (in Qa ) that is currently staked in the contract. It only corresponds to the stake with active SSNs that is unbuffered and therefore can be taken into account for reward calculation. |
Note that each of the transitions in the SSNList
contract takes initiator
as a parameter which as explained above is the caller that calls the SSNListProxy
contract which in turn calls the SSNList
contract.
Note: No transition in the
SSNList
contract can be invoked directly. Any call to theSSNList
contract must come from theSSNListProxy
contract.
All the transitions in the contract can be categorized into four categories:
- Housekeeping Transitions: Meant to facilitate basic admin-related tasks.
- Delegator Transitions: The transitions that the delegators will invoke as a part of the SSN operation.
- SSN Transitions: The transitions that the SSNs will invoke as a part of the SSN operation.
- Verifier Transitions: The transitions that the verifier will invoke as a part of the SSN operation.
Each of these category of transitions are presented in further detail below.
Name | Params | Description | Callable when paused? | Callable when not paused? |
---|---|---|---|---|
Pause |
initiator : ByStr20 |
Pause the contract temporarily to stop any critical transition from being invoked. initiator must be the current contractadmin of the contract. |
✔️ | ✔️ |
Unpause |
initiator : ByStr20 |
Un-pause the contract to re-allow the invocation of all transitions. initiator must be the current contractadmin of the contract. |
✔️ | ✔️ |
UpdateAdmin |
admin : ByStr20, initiator : ByStr20 |
Set a new stagingcontractadmin by admin . initiator must be the current contractadmin of the contract. |
✔️ | ✔️ |
ClaimAdmin |
initiator : ByStr20 |
Claim to be new contract admin . initiator must be the current stagingcontractadmin of the contract. |
✔️ | ✔️ |
UpdateVerifier |
verif : ByStr20, initiator : ByStr20 |
Replace the current verifier by verif . initiator must be the current contractadmin of the contract. |
✔️ | ✔️ |
UpdateVerifierRewardAddr |
addr : ByStr20, initiator : ByStr20 |
Replace the current reward receiving address verifier_receiving_addr for the verifier by addr . Since the verifier is currently run by Zilliqa Research, its receiving address is currently updated by the admin not the verifier itself. initiator must be the current contractadmin of the contract. |
✔️ | ✔️ |
UpdateStakingParameters |
min_stake: ByStr20, min_deleg_stake : Uint128, max_comm_change_rate : Uint128, initiator : ByStr20 |
Replace the current values of the fields minstake , mindelegstake , and maxcommchangerate to the input values. initiator must be the current contractadmin of the contract. |
✔️ | ✔️ |
ChangeBNumReq |
input_bnum_req : Uint128, initiator : ByStr20 |
Replace the current value of the field bnum_req . initiator must be the current contractadmin of the contract. |
✔️ | ✔️ |
UpdateGzilAddr |
gzil_addr : ByStr20, initiator : ByStr20 |
Replace the gZIL token contract (gziladdr ) by the input values. initiator must be the current contractadmin of the contract. |
✔️ | ✔️ |
AddSSN |
ssnaddr : ByStr20, name : String, urlraw : String, urlapi : String, comm : Uint128, initiator : ByStr20 |
Add a new SSN to the list of available SSNs with the input values. The transition will create a value of type Ssn using the input values and add it to the ssnlist map. Since, this SSN is new, the status field in Ssn type will be False . Similarly, the fields stake_amt , rewards , buff_deposit , comm_rewards in the ssn type will be set to 0. The transition will emit a success event to signal the addition of the new SSN. The event will emit the address of the new SSN. initiator must be the current contractadmin of the contract. |
✔️ | ✔️ |
UpdateSSN |
ssnaddr : ByStr20, new_name : String, new_urlraw : String, new_urlapi : String, initiator : ByStr20 |
Update name , urlraw and urlapi of a given SSN. initiator must be the current contractadmin of the contract. |
✔️ | ✔️ |
Name | Params | Description | Callable when paused? | Callable when not paused? |
---|---|---|---|---|
DelegateStake |
ssnaddr : ByStr20, initiator : ByStr20 |
To delegate the stake to an SSN. initiator is the address of the delegator. The stake being delegated is captured in the implicit field _amount . In case of failure to accept the stake, an exception will be thrown and the transaction will be reverted. This stake will be buffered if the SSN is already active else it will be added to the stake pool of the SSN. This transition must update the following fields accordingly: ssnlist (with the updated buffered stake or unbuffered stake), deposit_amt_deleg and ssn_deleg_amt (with the amount deposited by the delegator), buff_deposit_deleg (with the amount deposited in case the SSN was active), direct_deposit_deleg (with the amount deposited in case the SSN was inactive), last_withdraw_cycle_deleg (to record the reward cycle number when the deposit was made for first-time delegators) and last_buf_deposit_cycle_deleg (to record the reward cycle number in case the SSN was active and the stake ended up as buffered deposit). The transition should throw an error in case the amount being delegated is less than mindelegstake . |
❌ | ✔️ |
WithdrawStakeRewards |
ssnaddr : ByStr20, initiator : ByStr20 |
To withdraw stake rewards from a given SSN. initiator is the address of the delegator. Reward to be given to a delegator can be computed on-the-fly proportional to its unbuffered stake in each cycle. I.e., if the delegator's unbuffered stake at this SSN in a given cycle is d and the total unbuffered stake across all SSNs is D, and the total reward available for all SSNs is R, then the reward earned by this delegator for the cycle will be (R * d)/D . When a delegator calls this transition, the reward is computed for all cycles i such that lastWithdrawnCycle < i <= lastrewardcycle . The transition also mints gZILs and assigns them to the delegator's address. For every ZIL earned as reward, the delegator will earn 0.001 gZIL. |
❌ | ✔️ |
WithdrawStakeAmt |
ssnaddr : ByStr20, amt : Uint128, initiator : ByStr20 |
To withdraw stake amount from a given SSN. initiator is the address of the delegator. No stake amount can be withdrawn if the delegator has unwithdrawn reward or buffered deposit. If the amount withdrawn is less than or equal to the stake deposited, then the withdrawal request is accepted and the field withdrawal_pending is updated accordingly. A delegator may request multiple withdrawals in the same cycle. Once this transition is called, the delegator enters into an unbonding period of 24,000 blocks. Only at the expiry of the unbonding period, the delegator can claim the funds via CompleteWithdrawal transition. During the unbonding period, the delegator will not earn any reward. |
❌ | ✔️ |
CompleteWithdrawal |
initiator : ByStr20 |
This is to be called after the delegator has called WithdrawStakeAmt . initiator is the address of the delegator. The transition processing all the pending withdrawals as recorded in withdrawal_pending . Only those pending requests for which the bonding period has expired will be processed. Upon success, all the funds get transferred from the contract to the initiator . |
❌ | ✔️ |
ReDelegateStake |
ssnaddr: ByStr20, to_ssn: ByStr20, amount: Uint128, initiator: ByStr20 |
To re-delagate the stake from a SSN to another SSN. initiator is the address of the delegator. ssnaddr is the original SSN, to_ssn is the new SSN the delegator wants to delegate to. The re-delegate amount is specificed by amount . |
❌ | ✔️ |
Name | Params | Description | Callable when paused? | Callable when not paused? |
---|---|---|---|---|
UpdateComm |
new_rate : Uint128, initiator : ByStr20 |
To update the commission rate. initiator is the SSN operator. An operator cannot update twice in the same cycle. The new_rate must also be less that the field maxcommrate and the change in the rate compared from the old one must be less than or equal to maxcommchangerate . |
❌ | ✔️ |
WithdrawComm |
initiator : ByStr20 |
To withdraw the commission earned. initiator is the SSN operator. On success, the contract transfer the commission to the receiving address. |
❌ | ✔️ |
UpdateReceivingAddr |
new_addr : ByStr20, initiator : ByStr20 |
To update the commission receiving address for the SSN. initiator is the address of the SSN. |
❌ | ✔️ |
Name | Params | Description | Callable when paused? | Callable when not paused? |
---|---|---|---|---|
AssignStakeReward |
ssnreward_list : List SsnRewardShare, available_reward : Uint128, initiator : ByStr20 |
To assign reward to each SSN for this cycle. ssnreward_list contains the reward factor for each SSN. In more precise terms, it contains the value (floor((NumberOfDSEpochsInCurrentCycle x 110,000 x VerificationPassed))) . This input is then multiplied by (floor(TotalStakeAtSSN / TotalStakeAcrossAllSSNs)) to compute the reward earned by each SSN. initiator is the verifier. The available_reward contains the rewards for all SSN as well as verifier. Post this call, any buffered deposit with any SSN must be converted to unbuffered stake deposit. The commission earned by the SSNs must also get updated. |
❌ | ✔️ |
Name | Params | Description | Callable when paused? | Callable when not paused? |
---|---|---|---|---|
AddSSNAfterUpgrade |
ssnaddr: ByStr20, stake_amt: Uint128, rewards: Uint128, name: String, urlraw: String, urlapi: String, buff_deposit: Uint128, comm: Uint128, comm_rewards: Uint128, rec_addr: ByStr20, initiator: ByStr20 |
To add a new SSN to the contract. initiator must be the current contractadmin of the contract. |
✔️ | ✔️ |
UpdateDeleg |
ssnaddr: ByStr20, deleg : ByStr20, stake_amt: Uint128, initiator: ByStr20 |
To add or remove a delegator for an SSN. initiator must be the current contractadmin of the contract. |
✔️ | ✔️ |
PopulateStakeSSNPerCycle |
ssn_addr: ByStr20, cycle: Uint32, totalAmt: Uint128, rewards: Uint128, initiator: ByStr20 |
To populate stake_ssn_per_cycle map. initiator must be the current contractadmin of the contract. |
✔️ | ❌ |
PopulateLastWithdrawCycleForDeleg |
deleg_addr: ByStr20, ssn_addr: ByStr20, cycle: Uint32, initiator: ByStr20 |
To populate last_withdraw_cycle_deleg map. initiator must be the current contractadmin of the contract. |
✔️ | ❌ |
PopulateLastBufDepositCycleDeleg |
deleg_addr: ByStr20, ssn_addr: ByStr20, cycle: Uint32, initiator: ByStr20 |
To populate last_buf_deposit_cycle_deleg map. initiator must be the current contractadmin of the contract. |
✔️ | ❌ |
PopulateBuffDeposit |
deleg_addr: ByStr20, ssn_addr: ByStr20, cycle: Uint32, amt: Uint128, initiator: ByStr20 |
To populate buff_deposit_deleg map. initiator must be the current contractadmin of the contract. |
✔️ | ❌ |
PopulateDepositAmtDeleg |
deleg_addr: ByStr20, ssn_addr: ByStr20, amt: Uint128, initiator: ByStr20 |
To populate deposit_amt_deleg and ssn_deleg_amt map. initiator must be the current contractadmin of the contract. |
✔️ | ❌ |
PopulateDelegStakePerCycle |
deleg_addr: ByStr20, ssn_addr: ByStr20, cycle: Uint32, amt: Uint128, initiator: ByStr20 |
To populate deleg_stake_per_cycle map. initiator must be the current contractadmin of the contract. |
✔️ | ❌ |
PopulateLastRewardCycle |
cycle: Uint32, initiator: ByStr20 |
To populate lastrewardcycle . initiator must be the current contractadmin of the contract. |
✔️ | ❌ |
PopulateDirectDeposit |
deleg_addr: ByStr20, ssn_addr: ByStr20, cycle: Uint32, amt: Uint128, initiator: ByStr20 |
To populate direct_deposit_deleg map. initiator must be the current contractadmin of the contract. |
✔️ | ❌ |
PopulateCommForSSN |
ssn_addr: ByStr20, cycle: Uint32, comm: Uint128, initiator: ByStr20 |
To populate comm_for_ssn map. initiator must be the current contractadmin of the contract. |
✔️ | ❌ |
PopulateTotalStakeAmt |
amt: Uint128, initiator: ByStr20 |
To populate totalstakeamount field. initiator must be the current contractadmin of the contract. |
✔️ | ❌ |
Name | Params | Description | Callable when paused? | Callable when not paused? |
---|---|---|---|---|
AddFunds |
initiator : ByStr20 |
To add funds to the contract. Anyone should be able to add funds to the contract. | ✔️ | ✔️ |
SSNListProxy
contract is a relay contract that redirects calls to it to the SSNList
contract.
The table below describes the roles and privileges that this contract defines:
Role | Description & Privileges |
---|---|
init_admin |
The initial admin of the contract which is usually the creator of the contract. init_admin is also the initial value of admin. |
admin |
Current admin of the contract initialized to init_admin . Certain critical actions can only be performed by the admin , e.g., changing the current implementation of the SSNList contract. |
initiator |
The user who calls the SSNListProxy contract that in turn calls the SSNList contract. |
The table below lists the parameters that are defined at the contract deployment time and hence cannot be changed later on.
Name | Type | Description |
---|---|---|
init_implementation |
ByStr20 |
The address of the SSNList contract. |
init_admin |
ByStr20 |
The address of the admin. |
The table below presents the mutable fields of the contract and their initial values.
Name | Type | Initial Value | Description |
---|---|---|---|
implementation |
ByStr20 |
init_implementation |
Address of the current implementation of the SSNList contract. |
admin |
ByStr20 |
init_owner |
Current admin of the contract. |
All the transitions in the contract can be categorized into two categories:
- Housekeeping Transitions meant to facilitate basic admin related tasks.
- Relay Transitions to redirect calls to the
SSNList
contract.
Name | Params | Description |
---|---|---|
UpgradeTo |
newImplementation : ByStr20 |
Change the current implementation address of the SSNList contract. admin can invoke this transition |
ChangeProxyAdmin |
newAdmin : ByStr20 |
Change the current stagingadmin of the contract. admin can invoke this transition. |
ClaimProxyAdmin |
`` | Change the current admin of the contract. stagingadmin can invoke this transition. |
These transitions are meant to redirect calls to the corresponding SSNList
contract. While redirecting, the contract prepares the initiator
value that
is the address of the caller of the SSNListProxy
contract. The signature of
transitions in the two contracts is exactly the same expect the added last
parameter initiator
for the SSNList
contract.
Transition signature in the SSNListProxy contract |
Target transition in the SSNList contract |
---|---|
Pause() |
Pause(initiator : ByStr20) |
UnPause() |
UnPause(initiator : ByStr20) |
UpdateAdmin(new_admin: ByStr20) |
UpdateAdmin(admin: ByStr20, initiator : ByStr20) |
ClaimAdmin() |
ClaimAdmin(initiator : ByStr20) |
UpdateVerifier(verif : ByStr20) |
UpdateVerifier (verif : ByStr20, initiator: ByStr20) |
UpdateVerifierRewardAddr(addr: ByStr20) |
UpdateVerifierRewardAddr(addr: ByStr20, initiator : ByStr20) |
UpdateStakingParameters(min_stake: Uint128, min_deleg_stake: Uint128, max_comm_change_rate: Uint128) |
UpdateStakingParameters(min_stake: Uint128, min_deleg_stake: Uint128, max_comm_change_rate: Uint128, initiator : ByStr20) |
ChangeBNumReq(input_bnum_req: Uint128) |
ChangeBNumReq(input_bnum_req: Uint128, initiator : ByStr20) |
UpdateGzilAddr(gzil_addr: ByStr20) |
UpdateGzilAddr(gzil_addr: ByStr20, initiator : ByStr20) |
AddSSN(ssnaddr: ByStr20, name: String, urlraw: String, urlapi: String, comm: Uint128) |
AddSSN(ssnaddr: ByStr20, name: String, urlraw: String, urlapi: String, comm: Uint128, initiator : ByStr20) |
UpdateSSN(ssnaddr: ByStr20, new_name: String, new_urlraw: String, new_urlapi: String) |
UpdateSSN(ssnaddr: ByStr20, new_name: String, new_urlraw: String, new_urlapi: String, initiator : ByStr20) |
UpdateComm(new_rate: Uint128) |
UpdateComm(new_rate: Uint128, initiator : ByStr20) |
WithdrawComm() |
WithdrawComm(initiator : ByStr20) |
UpdateReceivingAddr(new_addr: ByStr20) |
UpdateReceivingAddr(new_addr: ByStr20, initiator : ByStr20) |
DelegateStake(ssnaddr: ByStr20) |
DelegateStake(ssnaddr: ByStr20, initiator : ByStr20) |
WithdrawStakeRewards(ssnaddr: ByStr20) |
WithdrawStakeRewards(ssnaddr: ByStr20, initiator : ByStr20) |
WithdrawStakeAmt(ssnaddr: ByStr20, amt: Uint128) |
WithdrawStakeAmt(ssnaddr: ByStr20, amt: Uint128, initiator : ByStr20) |
CompleteWithdrawal() |
CompleteWithdrawal(initiator : ByStr20) |
ReDelegateStake(ssnaddr : ByStr20, to_ssn : ByStr20, amount : Uint128) |
ReDelegateStake(ssnaddr : ByStr20, to_ssn : ByStr20, amount : Uint128, initiator : ByStr20) |
AssignStakeReward(ssnreward_list: List SsnRewardShare) |
AssignStakeReward(ssnreward_list: List SsnRewardShare, initiator : ByStr20) |
AddFunds() |
AddFunds(initiator : ByStr20) |
AddSSNAfterUpgrade(ssnaddr: ByStr20, stake_amt: Uint128, rewards: Uint128, name: String, urlraw: String, urlapi: String, buff_deposit: Uint128, comm: Uint128, comm_rewards: Uint128, rec_addr: ByStr20) |
AddSSNAfterUpgrade(ssnaddr: ByStr20, stake_amt: Uint128, rewards: Uint128, name: String, urlraw: String, urlapi: String, buff_deposit: Uint128, comm: Uint128, comm_rewards: Uint128, rec_addr: ByStr20, initiator : ByStr20) |
AddSSNAfterUpgrade(ssnaddr: ByStr20, stake_amt: Uint128, rewards: Uint128, name: String, urlraw: String, urlapi: String, buff_deposit: Uint128, comm: Uint128, comm_rewards: Uint128, rec_addr: ByStr20) |
AddSSNAfterUpgrade(ssnaddr: ByStr20, stake_amt: Uint128, rewards: Uint128, name: String, urlraw: String, urlapi: String, buff_deposit: Uint128, comm: Uint128, comm_rewards: Uint128, rec_addr: ByStr20, initiator : ByStr20) |
UpdateDeleg(ssnaddr: ByStr20, deleg: ByStr20, stake_amt: Uint128) |
UpdateDeleg(ssnaddr: ByStr20, deleg: ByStr20, stake_amt: Uint128, initiator : ByStr20) |
PopulateStakeSSNPerCycle(ssn_addr: ByStr20, cycle: Uint32, totalAmt: Uint128, rewards: Uint128) |
PopulateStakeSSNPerCycle(ssn_addr: ByStr20, cycle: Uint32, totalAmt: Uint128, rewards: Uint128, initiator : ByStr20) |
PopulateLastWithdrawCycleForDeleg(deleg_addr: ByStr20, ssn_addr: ByStr20, cycle: Uint32) |
PopulateLastWithdrawCycleForDeleg(deleg_addr : ByStr20, ssn_addr: ByStr20, cycle: Uint32, initiator : ByStr20) |
PopulateLastBufDepositCycleDeleg(deleg_addr: ByStr20, ssn_addr: ByStr20, cycle: Uint32) |
PopulateLastBufDepositCycleDeleg(deleg_addr : ByStr20, ssn_addr: ByStr20, cycle: Uint32, initiator : ByStr20) |
PopulateBuffDeposit(deleg_addr: ByStr20, ssn_addr: ByStr20, cycle: Uint32, amt: Uint128) |
PopulateBuffDeposit(deleg_addr: ByStr20, ssn_addr: ByStr20, cycle: Uint32, amt: Uint128, initiator : ByStr20) |
PopulateDirectDeposit(deleg_addr: ByStr20, ssn_addr: ByStr20, cycle: Uint32, amt: Uint128) |
PopulateDirectDeposit(deleg_addr: ByStr20, ssn_addr: ByStr20, cycle: Uint32, amt: Uint128, initiator : ByStr20) |
PopulateDepositAmtDeleg(deleg_addr: ByStr20, ssn_addr: ByStr20, amt: Uint128) |
PopulateDepositAmtDeleg(deleg_addr: ByStr20, ssn_addr: ByStr20, amt: Uint128, initiator : ByStr20) |
PopulateDelegStakePerCycle(deleg_addr: ByStr20, ssn_addr: ByStr20, cycle: Uint32, amt: Uint128) |
PopulateDelegStakePerCycle(deleg_addr: ByStr20, ssn_addr: ByStr20, cycle: Uint32, amt: Uint128, initiator : ByStr20) |
PopulateLastRewardCycle(cycle: Uint32) |
PopulateLastRewardCycle(cycle: Uint32, initiator : ByStr20) |
PopulateCommForSSN(ssn_addr: ByStr20, cycle: Uint32, comm: Uint128) |
PopulateCommForSSN(ssn_addr: ByStr20, cycle: Uint32, comm: Uint128, initiator : ByStr20) |
PopulateTotalStakeAmt(amt: Uint128) |
PopulateTotalStakeAmt(amt: Uint128, initiator : ByStr20) |
DrainContractBalance(amt: Uint128) |
DrainContractBalance(amt: Uint128, initiator : ByStr20) |
Note: Any transition in
SSNList
contract that accepts money will have the corresponding transition inSSNListProxy
accept the amount and then pass it during the message call.
gZILToken
contract is a
ZRC-2
compliant token contract with a few minor modifications. The contract defines
two extra immutable variables init_minter
(of type ByStr20
) and end_block
(of type BNum
). The former is the initial minter of the contract allowed to
mint tokens, while the latter stores the block number until which minting is
allowed. It also introduces a mutable field minter
(of type ByStr20
)
initialized to init_minter
and a transition ChangeMinter(new_minter: ByStr20)
to update the address of the minter. Since gZILToken
won't require
buring, the Burn
transition from the ZRC-2 specification is removed.
The modified Mint
transition to be called by the minter
:
transition Mint(recipient: ByStr20, amount: Uint128)
current_block <- & BLOCKNUMBER;
is_minting_over = builtin blt end_block current_block;
match is_minting_over with
| True =>
| False =>
IsMinter;
AuthorizedMint recipient amount;
(* Prevent sending to a contract address that does not support transfers of token *)
msg_to_recipient = {_tag: "RecipientAcceptMint"; _recipient: recipient; _amount: zero;
minter: _sender; recipient: recipient; amount: amount};
msgs = one_msg msg_to_recipient;
send msgs
end
end
The ChangeMinter
transition to be called by the minter
:
transition ChangeMinter(new_minter: ByStr20, initiator: ByStr20)
IsOwner initiator;
minter := new_minter;
e = {_eventname: "ChangedMinter"; new_minter: new_minter};
event e
end
As tokens are rewarded when a delegator claims its staking rewards within the
SSNList
contract, the minter
of the gZILToken
contract will be the
address of the SSNList
contract.
This contract has two main roles. First, it holds funds that can be paid out to arbitrary users, provided that enough people from a pre-defined set of owners have signed off on the payout.
Second, and more generally, it also represents a group of users that can invoke
a transition in another contract only if enough people in that group have
signed off on it. In the staking context, it represents the admin
in the
SSNList
contract. This provides added security for the privileged admin
role.
Any transaction request (whether transfer of payments or invocation of a foreign transition) must be added to the contract before signatures can be collected. Once enough signatures are collected, the recipient (in case of payments) and/or any of the owners (in the general case) can ask for the transaction to be executed.
If an owner changes his mind about a transaction, the signature can be revoked until the transaction is executed.
This wallet does not allow adding or removing owners, or changing the number of required signatures. To do any of those, perform the following steps:
- Deploy a new wallet with
owners
andrequired_signatures
set to the new values.MAKE SURE THAT THE NEW WALLET HAS BEEN SUCCESFULLY DEPLOYED WITH THE CORRECT PARAMETERS BEFORE CONTINUING!
- Invoke the
SubmitTransaction
transition on the old wallet with the following parameters:recipient
: Theaddress
of the new walletamount
: The_balance
of the old wallettag
:AddFunds
- Have (a sufficient number of) the owners of the old contract invoke the
SignTransaction
transition on the old wallet. The parametertransactionId
should be set to theId
of the transaction created in step 2. - Have one of the owners of the old contract invoke the
ExecuteTransaction
transition on the old contract. This will cause the entire balance of the old contract to be transferred to the new wallet. Note that no un-executed transactions will be transferred to the new wallet along with the funds.
WARNING: If a sufficient number of owners lose their private keys, or for any other reason are unable or unwilling to sign for new transactions, the funds in the wallet will be locked forever. It is therefore a good idea to set required_signatures to a value strictly less than the number of owners, so that the remaining owners can retrieve the funds should such a scenario occur.
If an owner loses his private key, the remaining owners should move the funds to a new wallet (using the workflow described above) to ensure that funds are not locked if another owner loses his private key. The owner who originally lost his private key can generate a new key, and the corresponding address be added to the new wallet, so that the same set of people own the new wallet.
The table below list the different roles defined in the contract.
Name | Description & Privileges |
---|---|
owners |
The users who own this contract. |
The table below lists the parameters that are defined at the contract deployment time and hence cannot be changed later on.
Name | Type | Description |
---|---|---|
owners_list |
List ByStr20 |
List of initial owners. |
required_signatures |
Uint32 |
Minimum amount of signatures to execute a transaction. |
The table below presents the mutable fields of the contract and their initial values.
Name | Type | Initial Value | Description |
---|---|---|---|
owners |
Map ByStr20 Bool |
owners_list |
Map of owners. |
transactionCount |
Uint32 |
0 |
The number of of transactions requests submitted so far. |
signatures |
Map Uint32 (Map ByStr20 Bool) |
Emp Uint32 (Map ByStr20 Bool) |
Collected signatures for transactions by transaction ID. |
signature_counts |
Map Uint32 Uint32 |
Emp Uint32 Uint32 |
Running count of collected signatures for transactions. |
transactions |
Map Uint32 Transaction |
Emp Uint32 Transaction |
Transactions that have been submitted but not exected yet. |
All the transitions in the contract can be categorized into three categories:
- Submit Transitions: Create transactions for future signoff.
- Action Transitions: Let owners sign, revoke or execute submitted transactions.
- The
_balance
field keeps the amount of funds held by the contract and can be freely read within the implementation.AddFunds transition
are used for adding native funds(ZIL) to the wallet from incoming messages by usingaccept
keyword.
The first transition is meant to submit request for transfer of native ZILs while the other are meant to submit a request to invoke transitions in the SSNListProxy
contract.
Name | Params | Description |
---|---|---|
SubmitNativeTransaction |
recipient : ByStr20, amount : Uint128, tag : String |
Submit a request for transfer of native tokens for future signoffs. |
SubmitCustomUpgradeToTransaction |
calleeContract : ByStr20, newImplementation : ByStr20 |
Submit a request to invoke the UpgradeTo transition in the SSNListProxy contract. |
SubmitCustomChangeProxyAdminTransaction |
calleeContract : ByStr20, newAdmin : ByStr20 |
Submit a request to invoke the ChangeProxyAdmin transition in the SSNListProxy contract. |
SubmitCustomClaimProxyAdminTransaction |
calleeContract : ByStr20 |
Submit a request to invoke the ClaimProxyAdmin transition in the SSNListProxy contract. |
SubmitCustomChangeMinterTransaction |
calleeContract : ByStr20, new_minter : ByStr20 |
Submit a request to invoke the ChangeMinter transition in the gZILToken contract. |
SubmitCustomPauseTransaction |
calleeContract : ByStr20 |
Submit a request to invoke the Pause transition in the SSNListProxy contract. |
SubmitCustomUnpauseTransaction |
calleeContract : ByStr20 |
Submit a request to invoke the UnPause transition in the SSNListProxy contract. |
SubmitCustomUpdateAdminTransaction |
calleeContract : ByStr20, admin : ByStr20 |
Submit a request to invoke the UpdateAdmin transition in the SSNListProxy contract. |
SubmitCustomClaimAdminTransaction |
`calleeContract : ByStr20 | Submit a request to invoke the ClaimAdmin transition in the SSNListProxy contract. |
SubmitCustomUpdateVerifierTransaction |
calleeContract : ByStr20, verif : ByStr20 |
Submit a request to invoke the UpdateVerifier transition in the SSNListProxy contract. |
SubmitCustomUpdateVerifierRewardAddrTransaction |
calleeContract : ByStr20, verif : ByStr20 |
Submit a request to invoke the UpdateVerifierRewardAddr transition in the SSNListProxy contract. |
SubmitCustomUpdateStakingParametersTransaction |
calleeContract : ByStr20, min_stake : Uint128, min_deleg_stake : Uint128, max_comm_change_rate : Uint128 |
Submit a request to invoke the UpdateStakingParameters transition in the SSNListProxy contract. |
SubmitCustomChangeBNumReqTransaction |
calleeContract : ByStr20, input_bnum_req : Uint128 |
Submit a request to invoke the ChangeBNumReq transition in the SSNListProxy contract. |
SubmitCustomUpdateGzilAddrTransaction |
calleeContract : ByStr20, gzil_addr: ByStr20 |
Submit a request to invoke the UpdateGzilAddr transition in the SSNListProxy contract. |
SubmitCustomAddSSNTransaction |
calleeContract : ByStr20, ssnaddr : ByStr20, stake_amount : Uint128, rewards : Uint128, urlraw : String, urlapi : String, buffered_deposit : Uint128 |
Submit a request to invoke the AddSSN transition in the SSNListProxy contract. |
SubmitCustomUpdateSSNTransaction |
calleeContract : ByStr20, ssnaddr : ByStr20, new_name : String, new_urlraw : String, new_urlapi : String |
Submit a request to invoke the UpdateSSN transition in the SSNListProxy contract. |
SubmitCustomAddSSNAfterUpgradeTransaction |
calleeContract: ByStr20, ssnaddr: ByStr20, stake_amt: Uint128, rewards: Uint128, name: String, urlraw: String, urlapi: String, buff_deposit: Uint128, comm: Uint128, comm_rewards: Uint128, rec_addr: ByStr20 |
Submit a request to invoke the AddSSNAfterUpgrade transition in the SSNListProxy contract. |
SubmitUpdateDelegTransaction |
calleeContract: ByStr20, ssnaddr: ByStr20, deleg: ByStr20, stake_amt: Uint128 |
Submit a request to invoke the UpdateDeleg transition in the SSNListProxy contract. |
SubmitPopulateStakeSSNPerCycleTransaction |
calleeContract : ByStr20, ssn_address : ByStr20, cycle : Uint32, totalAmt: Uint128, rewards: Uint128 |
Submit a request to invoke the PopulateStakeSSNPerCycle transition in the SSNListProxy contract. |
SubmitPopulateLastWithdrawCycleForDelegTransaction |
calleeContract : ByStr20, deleg_address : ByStr20, ssn_address : ByStr20, cycle : Uint32 |
Submit a request to invoke the PopulateLastWithdrawCycleForDeleg transition in the SSNListProxy contract. |
SubmitPopulateLastBufDepositCycleDelegTransaction |
calleeContract : ByStr20, deleg_address : ByStr20, ssn_address : ByStr20, cycle : Uint32 |
Submit a request to invoke the PopulateLastBufDepositCycleDeleg transition in the SSNListProxy contract. |
SubmitPopulateBufferedDepositTransaction |
calleeContract : ByStr20, deleg_address : ByStr20, ssn_address : ByStr20, cycle : Uint32, amount : Uint128 |
Submit a request to invoke the PopulateBufferedDeposit transition in the SSNListProxy contract. |
SubmitPopulateDirectDepositTransaction |
calleeContract : ByStr20, deleg_address : ByStr20, ssn_address : ByStr20, cycle : Uint32, amount : Uint128 |
Submit a request to invoke the PopulateDirectDeposit transition in the SSNListProxy contract. |
SubmitPopulateDepositAmtDelegTransaction |
calleeContract: ByStr20, deleg_addr: ByStr20, ssn_addr: ByStr20, amt: Uint128 |
Submit a request to invoke the PopulateDepositAmt transition in the SSNListProxy contract. |
SubmitPopulateDelegStakePerCycleTransaction |
calleeContract: ByStr20, deleg_addr: ByStr20, ssn_addr: ByStr20, cycle: Uint32, amt: Uint128 |
Submit a request to invoke the PopulateDelegStakePerCycle transition in the SSNListProxy contract. |
SubmitPopulateLastRewardCycleTransaction |
calleeContract: ByStr20, cycle: Uint32 |
Submit a request to invoke the PopulateLastRewardCycle transition in the SSNListProxy contract. |
SubmitPopulateCommForSSNTransaction |
calleeContract : ByStr20, ssn_address : ByStr20, cycle : Uint32, comm : Uint128 |
Submit a request to invoke the PopulateCommForSSN transition in the SSNListProxy contract. |
SubmitPopulateTotalStakeAmtTransaction |
calleeContract : ByStr20, amt : Uint128 |
Submit a request to invoke the PopulateTotalStakeAmt transition in the SSNListProxy contract. |
SubmitPopulatePendingWithdrawalTransaction |
calleeContract : ByStr20, ssn_addr : ByStr20, block_number : BNum, stake : Uint128 |
Submit a request to invoke the PopulatePendingWithdrawal transition in the SSNListProxy contract. |
SubmitCustomDrainContractBalanceTransaction |
calleeContract : ByStr20, amt : Uint128 |
Submit a request to invoke the DrainContractBalance transition in the SSNListProxy contract. |
Name | Params | Description |
---|---|---|
SignTransaction |
transactionId : Uint32 |
Sign off on an existing transaction. |
RevokeSignature |
transactionId : Uint32 |
Revoke signature of an existing transaction, if it has not yet been executed. |
ExecuteTransaction |
transactionId : Uint32 |
Execute signed-off transaction. |