ligo/src/test/contracts/multisig-v2.ligo

// storage type
type threshold_t is nat
type max_proposal_t is nat
type max_message_size_t is nat
type state_hash_t is bytes
type addr_set_t is set(address)
type message_store_t is map(bytes,addr_set_t)
type counter_store_t is map(address,nat)

type storage_t is record
  state_hash : state_hash_t ;
  threshold : threshold_t ;
  max_proposal : max_proposal_t ;
  max_message_size : max_message_size_t ;
  auth : addr_set_t ;
  message_store : message_store_t ;
  counter_store : counter_store_t ;
end

// I/O types
type message_t is (bytes -> list(operation))
type send_pt is message_t
type withdraw_pt is message_t
type default_pt is unit

type contract_return_t is (list(operation) * storage_t)

type entry_point_t is
| Send of send_pt
| Withdraw of withdraw_pt
| Default of default_pt


function send (const param : send_pt; const s : storage_t) : contract_return_t is block {

  // check sender against the authorized addresses
  if not set_mem(sender,s.auth) then failwith("Unauthorized address") else skip ;

  // check message size against the stored limit
  var message : message_t := param ;
  const packed_msg : bytes = bytes_pack(message) ;
  if size(packed_msg) > s.max_message_size then failwith("Message size exceed maximum limit")
  else skip ;

  // compute the new set of addresses associated with the message and update counters
  var new_store : addr_set_t := set_empty ;
  case map_get(packed_msg, s.message_store) of
  | Some(voters) -> block { // the message is already stored
    // increment the counter only if the sender isn't already associated with the message
    if set_mem(sender,voters) then skip
    else s.counter_store[sender] := get_force(sender,s.counter_store) + 1n ;

    new_store := set_add(sender,voters)
  } 
  | None -> block { // the message has never been received before
    s.counter_store[sender] := get_force(sender,s.counter_store) + 1n ;
    new_store := set [sender];
  }
  end ;

  // check sender counters against the maximum number of proposal
  var sender_proposal_counter : nat := get_force(sender,s.counter_store) ;
  if sender_proposal_counter > s.max_proposal then failwith("Maximum number of proposal reached")
  else skip ;

  // check the threshold
  var ret_ops : list(operation) := (nil : list(operation)) ;
  if size(new_store) >= s.threshold then block {
    remove packed_msg from map s.message_store ;
    ret_ops := message(s.state_hash) ;
    // update the state hash
    s.state_hash := sha_256 ( bytes_concat (s.state_hash , packed_msg) ) ;
    // reset the counter
    s.counter_store[sender] := abs (sender_proposal_counter - 1n) ;
  } else
    s.message_store[packed_msg] := new_store
  
} with ( ret_ops , s)

function withdraw (const param : withdraw_pt; const s : storage_t) : contract_return_t is block {

  var message : message_t := param ;
  const packed_msg : bytes = bytes_pack(message) ;

  case map_get(packed_msg, s.message_store) of
  | Some(voters) -> block { // the message is stored
    const new_set : addr_set_t = set_remove(sender,voters) ;

    // decrement the counter only if the sender was already associated with the message
    if size(voters) =/= size(new_set) then
      s.counter_store[sender] := abs (get_force(sender,s.counter_store) - 1n)
    else skip ;

    // if the message is left without any associated addresses, remove the corresponding message_store field
    if size(new_set) = 0n then remove packed_msg from map s.message_store
    else s.message_store[packed_msg] := new_set
  }
  | None -> skip end // the message isn't stored, ignore

} with ( (nil: list(operation)) , s)

function default (const p : default_pt; const s : storage_t) : contract_return_t is
  ((nil: list(operation)) , s)

function main(const param : entry_point_t; const s : storage_t) : contract_return_t is 
  case param of
  // propagate message p if the number authorized addresses having
  // voted for the same message p equals the threshold
  | Send     (p) -> send(p,s)
  // withraw vote for message p
  | Withdraw (p) -> withdraw(p,s)
  // use this entry-point to transfer tez to the contract
  | Default  (p) -> default(p,s)
end
mulisig contract v2 and test 2019-11-21 22:42:15 +04:00			`// storage type`
			`type threshold_t is nat`
multisigv2 more robust to spam Set limits to the number of approvals and message sizes 2019-11-26 13:37:25 +04:00			`type max_proposal_t is nat`
			`type max_message_size_t is nat`
multisigv2 with less user uncertainty 2019-11-26 14:51:49 +04:00			`type state_hash_t is bytes`
mulisig contract v2 and test 2019-11-21 22:42:15 +04:00			`type addr_set_t is set(address)`
multisigv2 more robust to spam Set limits to the number of approvals and message sizes 2019-11-26 13:37:25 +04:00			`type message_store_t is map(bytes,addr_set_t)`
			`type counter_store_t is map(address,nat)`
mulisig contract v2 and test 2019-11-21 22:42:15 +04:00
			`type storage_t is record`
multisigv2 with less user uncertainty 2019-11-26 14:51:49 +04:00			`state_hash : state_hash_t ;`
mulisig contract v2 and test 2019-11-21 22:42:15 +04:00			`threshold : threshold_t ;`
multisigv2 more robust to spam Set limits to the number of approvals and message sizes 2019-11-26 13:37:25 +04:00			`max_proposal : max_proposal_t ;`
			`max_message_size : max_message_size_t ;`
mulisig contract v2 and test 2019-11-21 22:42:15 +04:00			`auth : addr_set_t ;`
			`message_store : message_store_t ;`
multisigv2 more robust to spam Set limits to the number of approvals and message sizes 2019-11-26 13:37:25 +04:00			`counter_store : counter_store_t ;`
mulisig contract v2 and test 2019-11-21 22:42:15 +04:00			`end`

			`// I/O types`
multisigv2 with less user uncertainty 2019-11-26 14:51:49 +04:00			`type message_t is (bytes -> list(operation))`
mulisig contract v2 and test 2019-11-21 22:42:15 +04:00			`type send_pt is message_t`
multisigv2 more robust to spam Set limits to the number of approvals and message sizes 2019-11-26 13:37:25 +04:00			`type withdraw_pt is message_t`
multisigv2 default entry point 2019-11-26 15:14:42 +04:00			`type default_pt is unit`
mulisig contract v2 and test 2019-11-21 22:42:15 +04:00
			`type contract_return_t is (list(operation) * storage_t)`

			`type entry_point_t is`
			`\| Send of send_pt`
multisigv2 more robust to spam Set limits to the number of approvals and message sizes 2019-11-26 13:37:25 +04:00			`\| Withdraw of withdraw_pt`
multisigv2 default entry point 2019-11-26 15:14:42 +04:00			`\| Default of default_pt`
mulisig contract v2 and test 2019-11-21 22:42:15 +04:00
multisig v2 comments 2019-11-26 16:59:00 +04:00
mulisig contract v2 and test 2019-11-21 22:42:15 +04:00			`function send (const param : send_pt; const s : storage_t) : contract_return_t is block {`
some review request 2019-11-22 19:02:53 +04:00
multisig v2 comments 2019-11-26 16:59:00 +04:00			`// check sender against the authorized addresses`
some review request 2019-11-22 19:02:53 +04:00			`if not set_mem(sender,s.auth) then failwith("Unauthorized address") else skip ;`
mulisig contract v2 and test 2019-11-21 22:42:15 +04:00
multisig v2 comments 2019-11-26 16:59:00 +04:00			`// check message size against the stored limit`
			`var message : message_t := param ;`
multisigv2 more robust to spam Set limits to the number of approvals and message sizes 2019-11-26 13:37:25 +04:00			`const packed_msg : bytes = bytes_pack(message) ;`
			`if size(packed_msg) > s.max_message_size then failwith("Message size exceed maximum limit")`
			`else skip ;`

multisig v2 comments 2019-11-26 16:59:00 +04:00			`// compute the new set of addresses associated with the message and update counters`
			`var new_store : addr_set_t := set_empty ;`
multisigv2 more robust to spam Set limits to the number of approvals and message sizes 2019-11-26 13:37:25 +04:00			`case map_get(packed_msg, s.message_store) of`
multisig v2 comments 2019-11-26 16:59:00 +04:00			`\| Some(voters) -> block { // the message is already stored`
			`// increment the counter only if the sender isn't already associated with the message`
multisigv2 more robust to spam Set limits to the number of approvals and message sizes 2019-11-26 13:37:25 +04:00			`if set_mem(sender,voters) then skip`
			`else s.counter_store[sender] := get_force(sender,s.counter_store) + 1n ;`
multisig v2 comments 2019-11-26 16:59:00 +04:00
multisigv2 more robust to spam Set limits to the number of approvals and message sizes 2019-11-26 13:37:25 +04:00			`new_store := set_add(sender,voters)`
multisig v2 comments 2019-11-26 16:59:00 +04:00			`}`
			`\| None -> block { // the message has never been received before`
multisigv2 more robust to spam Set limits to the number of approvals and message sizes 2019-11-26 13:37:25 +04:00			`s.counter_store[sender] := get_force(sender,s.counter_store) + 1n ;`
			`new_store := set [sender];`
			`}`
			`end ;`

multisig v2 comments 2019-11-26 16:59:00 +04:00			`// check sender counters against the maximum number of proposal`
multisigv2 more robust to spam Set limits to the number of approvals and message sizes 2019-11-26 13:37:25 +04:00			`var sender_proposal_counter : nat := get_force(sender,s.counter_store) ;`
			`if sender_proposal_counter > s.max_proposal then failwith("Maximum number of proposal reached")`
			`else skip ;`
some review request 2019-11-22 19:02:53 +04:00
multisig v2 comments 2019-11-26 16:59:00 +04:00			`// check the threshold`
			`var ret_ops : list(operation) := (nil : list(operation)) ;`
some review request 2019-11-22 19:02:53 +04:00			`if size(new_store) >= s.threshold then block {`
			`remove packed_msg from map s.message_store ;`
multisigv2 with less user uncertainty 2019-11-26 14:51:49 +04:00			`ret_ops := message(s.state_hash) ;`
multisig v2 comments 2019-11-26 16:59:00 +04:00			`// update the state hash`
multisigv2 with less user uncertainty 2019-11-26 14:51:49 +04:00			`s.state_hash := sha_256 ( bytes_concat (s.state_hash , packed_msg) ) ;`
multisig v2 comments 2019-11-26 16:59:00 +04:00			`// reset the counter`
multisigv2 more robust to spam Set limits to the number of approvals and message sizes 2019-11-26 13:37:25 +04:00			`s.counter_store[sender] := abs (sender_proposal_counter - 1n) ;`
some review request 2019-11-22 19:02:53 +04:00			`} else`
			`s.message_store[packed_msg] := new_store`
multisigv2 more robust to spam Set limits to the number of approvals and message sizes 2019-11-26 13:37:25 +04:00
mulisig contract v2 and test 2019-11-21 22:42:15 +04:00			`} with ( ret_ops , s)`

multisigv2 more robust to spam Set limits to the number of approvals and message sizes 2019-11-26 13:37:25 +04:00			`function withdraw (const param : withdraw_pt; const s : storage_t) : contract_return_t is block {`

			`var message : message_t := param ;`
			`const packed_msg : bytes = bytes_pack(message) ;`

			`case map_get(packed_msg, s.message_store) of`
multisig v2 comments 2019-11-26 16:59:00 +04:00			`\| Some(voters) -> block { // the message is stored`
multisigv2 more robust to spam Set limits to the number of approvals and message sizes 2019-11-26 13:37:25 +04:00			`const new_set : addr_set_t = set_remove(sender,voters) ;`

multisig v2 comments 2019-11-26 16:59:00 +04:00			`// decrement the counter only if the sender was already associated with the message`
multisigv2 more robust to spam Set limits to the number of approvals and message sizes 2019-11-26 13:37:25 +04:00			`if size(voters) =/= size(new_set) then`
			`s.counter_store[sender] := abs (get_force(sender,s.counter_store) - 1n)`
			`else skip ;`

multisig v2 comments 2019-11-26 16:59:00 +04:00			`// if the message is left without any associated addresses, remove the corresponding message_store field`
multisigv2 more robust to spam Set limits to the number of approvals and message sizes 2019-11-26 13:37:25 +04:00			`if size(new_set) = 0n then remove packed_msg from map s.message_store`
			`else s.message_store[packed_msg] := new_set`
			`}`
multisig v2 comments 2019-11-26 16:59:00 +04:00			`\| None -> skip end // the message isn't stored, ignore`
multisigv2 more robust to spam Set limits to the number of approvals and message sizes 2019-11-26 13:37:25 +04:00
			`} with ( (nil: list(operation)) , s)`

multisigv2 default entry point 2019-11-26 15:14:42 +04:00			`function default (const p : default_pt; const s : storage_t) : contract_return_t is`
			`((nil: list(operation)) , s)`

mulisig contract v2 and test 2019-11-21 22:42:15 +04:00			`function main(const param : entry_point_t; const s : storage_t) : contract_return_t is`
			`case param of`
multisig v2 comments 2019-11-26 16:59:00 +04:00			`// propagate message p if the number authorized addresses having`
			`// voted for the same message p equals the threshold`
multisigv2 default entry point 2019-11-26 15:14:42 +04:00			`\| Send (p) -> send(p,s)`
multisig v2 comments 2019-11-26 16:59:00 +04:00			`// withraw vote for message p`
multisigv2 more robust to spam Set limits to the number of approvals and message sizes 2019-11-26 13:37:25 +04:00			`\| Withdraw (p) -> withdraw(p,s)`
multisig v2 comments 2019-11-26 16:59:00 +04:00			`// use this entry-point to transfer tez to the contract`
multisigv2 default entry point 2019-11-26 15:14:42 +04:00			`\| Default (p) -> default(p,s)`
mulisig contract v2 and test 2019-11-21 22:42:15 +04:00			`end`