feat(release): redistribution #1355

0xClandestine · 2025-05-06T15:53:19Z

Motivation:

Update core contracts to support redistribution.

Modifications:

We add a new contract, SlashingWithdrawalRouter, which handles the redistribution withdrawal queue.

AllocationManager:

Inherit Deprecated_OwnableUpgradeable
Add a createRedistributableOperatorSet function, which creates an operatorSet with a 1-time settable redistributionRecipient. Normal operator sets have a redistributionRecipient of the default Burna address
slashOperator now aggregates all magnitudes and then make a single call to the DelegationManager for a slash
New view functions for introspection:
-- getRedistributionRecipient: gets the redistributionRecipient of an operatorSet. Non-redistributing operatorSets will return the defaultBurnAddress
-- isRedistributingOperatorSet: whether an operatorSet is redistributable
-- getSlashCount: the number of slashes an operatorSet has done
-- isOperatorRedistributable: whether an operator is registered to a redistributable operatorSet

DelegationManager:

Update internal method of slashOperator to take in slashId and operatorSet.

ShareManager (SM, EPM):

IncreaseBurnableShares function is updated to take in an operatorSet, slashId

StrategyBase:

Return amountOut upon withdrawal. This enables programmatic handling of redistributed funds

SemVerMixin:

Update to only return the first character for majorVersion

General Size Modifications:

The AllocationManager and DelegationManager inherit from Deprecated_OwnableUpgradeable, which saves ~400B from both of these contracts.
The DelegationManager and AllocationManager use internal methods to conserve space. We likely can get rid of these modifications due to the Deprecated_OwnableUpgradeable handling the majority of these

Result:

After your change, what will change.

src/contracts/interfaces/IStrategyManager.sol

script/releases/v1.4.1-slashing/1-deployContracts.s.sol

src/contracts/core/AllocationManager.sol

src/contracts/core/DelegationManager.sol

src/contracts/interfaces/IAllocationManager.sol

src/contracts/interfaces/IStrategyManager.sol

src/contracts/core/StrategyManager.sol

src/contracts/core/SlashingWithdrawalRouter.sol

src/contracts/core/DelegationManager.sol

src/test/mocks/MockERC20.sol

src/contracts/mixins/Deprecated_OwnableUpgradeable.sol

wadealexc

Before I forget, we need some stuff ASAP (before audit at the very least):

Update interface docs for ALM.slashOperator to reflect any functional changes as well as the new return values
Update contract docs for ALM/DM/SM/etc
- New/updated methods in ALM
- Updated method in DM
- New/updated methods in SM
Create contract docs for SlashingWithdrawalRouter or any other new contracts

src/contracts/strategies/StrategyBase.sol

src/test/integration/IntegrationBase.t.sol

src/test/integration/IntegrationChecks.t.sol

src/contracts/core/AllocationManager.sol

src/contracts/core/DelegationManager.sol

src/contracts/core/SlashEscrowFactory.sol

src/contracts/core/DelegationManager.sol

**Motivation:** Slashing was deployed with using a `v` prefix, thus we're simply going to drop the prefix moving forward. **Modifications:** Prefix removed, and tests updated. **Result:** SemVerMixin no longer requires a `v` prefix.

**Motivation:** Current implementation is broken by rebase tokens. **Modifications:** - Rename SWR -> `SlashEscrowFactory`. - Add factory logic that deploys clones unique to their slash ID. **Result:** Funds will now be stored in clone contracts unique to their slash ID.

@non-fungible-nelson

**Motivation:** We want to resolve any review issues that arise. **Modifications:** - Use larger of strategy or global delay: @non-fungible-nelson - Fix storage overrides noted from `Deprecated_OwnableUpgradeable` @wadealexc - Use `EnumerableSet` instead of `EnumerableSetUpgradaeable` since it doesn't contain storage - Add missing event in `initialize()`. - Prevent `address(0)` during `createRedistributableOperatorSets` for event sanitation. - Improve check legibility @wadealexc **Result:** Current review concerns have been addressed.

**Motivation:** Storage checker didn't have ALM added. Also we needed to fix the deprecated ownable mixing. **Modifications:** Fix mixing to inherit from `ContextUpgradeable`. Add ALM to storage-diff.json. **Result:** Correct storage checks. --------- Co-authored-by: Yash Patil <[email protected]>

**Motivation:** We want to use internal getters wherever possible for style. **Modifications:** - Use `getRedistributionRecipient` in `isOperatorRedistributable` - Update `isOperatorRedistributable` to get all allocated/registered sets and then check if slashable and redistributable set for each - More comprehensive unit tests **Result:** Cleaner code + tests passing

…ove poc code (#1397) **Motivation:** Burn shares naming is confusing, since shares are burnOrRedistributable **Modifications:** - For the new withdrawal path, call it `burnOrRedistributable`, so `burnOrRedistributableSharesIncreased` or `burnOrRedistributableSharesDecreased` - Bring back `burnableSharesDecreased` event for the legacy burn path - Rename `_operatorSetBurnableShares` to `_burnOrRedistributableShares` - Fix the storage gap, since `_burnOrRedistributableShares` is a mapping pointing to an enumerable map, not an enumerable map - Remove POC withdrawal queue code from the DM **Result:** Cleaner Redistribution code

**Motivation:** We have several code size optimizations in the DM/ALM. These are not needed anymore with the ownable deprecation. We can add in future upgrade if we want. **Modifications:** Remove all internal `_check` and modifiers. Make `slashOperatorShares` in the DM return to the original non-arrayified method. **Result:** Smaller code diff for redistribution.

**Motivation:** We want to ensure we have full coverage unit tests for `SlashEscrowFactory` and `SlashEscrow` in preparation for audits. **Modifications:** - Adds checks for all view methods. **Result:** Brings coverage up to 100% for all branches/fns/etc.

**Motivation:** We want to minimize the diff between slashing. **Modifications:** Revert calldata/memory types in DM. **Result:** Smaller diff

**Motivation:** Currently, there's a bug in the `SM` where if you loop through the burnable shares queue, you may not clear all due to swap and pop of an Enumerable Map. Furthermore, we also are constrained by a token transfer taking too much gas and blocking transfer out of funds. **Modifications:** - Iterate backwards on `decreaseBurnOrRedistributableShares ` - Overloaded `decreaseBurnableShares` with a version to pass in an index. This function will escrow a single share (called by above too). Now, we do not need a max strategy per opSet requirement - Unit tests for both `increaseBurnOrRedistributableShares` and `decreaseBurnOrRedistributableShares` - Added the following introspection: -- `getBurnOrRedistributableShares(operatorSet, slashId) returns (Strategy[] Strats, uint256[] shares) -- `getBurnOrRedistributableShares(operatorSet, slashId, strategy) returns (shares) -- `getBurnOrRedistributableCount(operaotrSet, slashed) returns (count)` **Result:** Correct code with unit tests

**Motivation:** The escrow delay currently always you to complete escrows for a portion of strategies if there exists a strategy with a larger delay. This makes our codebase more complex. We also want to have a view function for offchain cronjob that needs to be called only once. **Modifications:** - Update `releaseEscrow` to obey the maximum delay across all strategies for a slash - Add a `getBurnOrRedistributionDelay` view function - Add a convenience view function `getPendingEscrows` for offchain burn job. This returns all pending operatorSets, and their associated redistribution status, slashIds, and completeBlocks - Standardize `uint32` for delay everywhere - Make `deploySlashEscrow` a public function **Result:** Simpler & correct code.

**Motivation:** We use `burnOrRedistributable` everywhere. Let's just use escrow instead. Much simpler. **Modifications:** `burnOrRedistributable -> escrow`. **Result:** Better readability. --------- Co-authored-by: clandestine.eth <[email protected]>

**Motivation:** For clarity, let's deploy the `SlashEscrow` in `initiateEscrow`. **Modifications:** 1. In `initiateEscrow `, deploy the `SlashEscrow` if it hasn't been deployed 2. Also add the startBlock, opSet to pending, and slashId to pending in this if block **Result:** No more counterfactual. Less redundant updates for multiple strategies in a slashID.

**Motivation:** With the addition of non-arrified versions of `decreaseBurnableShares` and `releaseSlashEscrow` we want to avoid the use of `EnumerableSet.at()` as it reverts when attempting to retrieve indices that do not exist (> length). **Modifications:** - Use `EnumerableSet.tryGet` and `EnumerableSet.keys` instead which does not revert (but simply does nothing) if the index doesn't exist. - Rename `decreaseBurnOrRedistributableShares` -> `clearBurnOrRedistributableShares` to better reflect the functions purpose. **Result:** Protocol guarantees are maintained, and better naming.

**Motivation:** Minor nits. **Modifications:** - Add `slashOperator` return value natspec. - Remove `pause/unpauseRedistribution` codesize optimization. **Result:** Cleaner and shorter diff for audit.

**Motivation:** We want to ensure: 1. We don't need a max strategy in operatorSet count 2. Blacklisted ERC-20 tokens do not block the escrow release of _other_ tokens **Modifications:** 1. Added a `releaseEscrowByStrategy` functionality, which takes in an strategy & releases that specific strategy 2. Added helper methods that both `releaseEscrow` and `releaseEscrowByStrategy` use 3. Cleaned up some latent DM POC changes **Result:** Handling all edge cases :) --------- Co-authored-by: clandestine.eth <[email protected]>

**Motivation:** Small optimization found. **Modifications:** Checks whether a strategy has already been added via .set() return value rather than a separate .contains() check. **Result:** More optimal code.

**Motivation:** We want consistent style across the repo **Modifications:** 1. Use modifier to gate access control 2. Don't use burn solo anywhere 3. Don't use virtual functions if not needed **Result:** Cleaner code

@nadir-akhtar

**Motivation:** Redistribution nits from @nadir-akhtar **Modifications:** - Reduce diff - Style updates - Clearer comments **Result:** Cleaner code

**Motivation:** We want to update the smart contract docs for redistribution. **Modifications:** Updates docs for `AllocationManager`, `DelegationManager`, `StrategyManager`, `StrategyBase` and `EigenPodManager`. Also creates a new doc file for `SlashEscrow`. We also update interfaces and some functionality for clarity **Result:** Docs for redistribution. --------- Co-authored-by: clandestine.eth <[email protected]>

**Motivation:** We want integration test coverage for the redistribution relaese. **Modifications:** - Fixed view revert bug (see comment bellow). - Added timing tests (cannot release escrow before delay, can after) **Result:** Integration test coverage.

**Motivation:** We need to sanity test that slashes completed prior to redistribution can be burned after redistribution. **Modifications:** - Add redistribution upgrade test which tests: 1. A slash prior to redistribution can have its shares burned after the upgrade 2. A slash prior to redistribution can have its shares burned prior to upgrade & storage is cleared - Remove all User_m2/m1 functionality **Result:** Basic upgrade test.

**Motivation:** Add redistribution bindings. **Modifications:** Bindings **Result:** Up to date bindings

**Motivation:** Redistribution upgrade script. **Modifications:** **Deployment Process:** 1. `SlashingEscrowFactory` and `SlashEscrow` are two _new_ deployed contracts a. We deploy a new proxyAdmin to upgrade the `SlashingEscrowFactory`. The owner of this proxyAdmin is the community multisig 3. Upgrades the following contracts: a. DelegationManager b. AllocationManager c. Strategymanager d. EigenPodManager e. EigenStrategy f. StrategyBeacon g. StrategyBaseTVLLimits (pre-longtail strats) **Zeus Config Updates:** In Zeus config, we add a `GLOBAL_SLASH_DELAY` value. On all testnets (preprod, testnet, testnet-hoodi, tesnet-sepolia) this value is 5 blocks (1 min). On mainnet this value is 28,800 (4 days in blocks) Run `zeus env show <environment>` to double check. **Important Checks:** 1. Ensure the `_globalBurnOrRedistributionDelay` is properly set 2. Upgradability of the `SlashEscrowFactory` is controlled by a new `SlashEscrowProxyAdmin`. The owner of this contract is the `CommunityMultisig`. **Result:** Updated deploy scripts. --------- Co-authored-by: clandestine.eth <[email protected]> Co-authored-by: bowenli86 <[email protected]>

**Motivation:** Changelog for redistribution **Modifications:** Update `CHANGELOG-1.5.0.md` **Result:** Documented release notes. --------- Co-authored-by: clandestine.eth <[email protected]>

ypatil12

LGTM

All changes addresses via security review

0xClandestine changed the title ~~feat(draft): AllocationManager redistribution support (#1346)~~ feat: redistribution support May 6, 2025

0xClandestine force-pushed the release-dev/redistribution branch from 2145f11 to 5f342d7 Compare May 21, 2025 16:34

0xClandestine changed the title ~~feat: redistribution support~~ feat(release): redistribution May 21, 2025

0xClandestine added the ♻️ Redistribution label May 21, 2025

bowenli86 force-pushed the main branch from 71ee063 to 75b56e3 Compare May 21, 2025 17:00

non-fungible-nelson reviewed May 21, 2025

View reviewed changes

src/contracts/interfaces/IStrategyManager.sol Show resolved Hide resolved

Layr-Labs deleted a comment from non-fungible-nelson May 22, 2025

ypatil12 requested changes May 22, 2025

View reviewed changes

ypatil12 reviewed May 22, 2025

View reviewed changes

src/contracts/core/DelegationManager.sol Outdated Show resolved Hide resolved

0xClandestine commented May 22, 2025

View reviewed changes

src/test/mocks/MockERC20.sol Show resolved Hide resolved