feat(bridge): add withdrawal indexer task

Author: krsnapaudel

backend/Cargo.lock

@@ -19,17 +19,25 @@
     status-network = { path = "crates/network" }
     status-utils   = { path = "crates/utils" }
 
+    # alpen pinned to the rev that strata-bridge HEAD uses, so the transitive
+    # `strata-primitives`/`Buf32` matches our direct pin (no double-resolution).
+    # Both are deploy-current as of 2026-04-30.
+    alpen-reth-primitives = { git = "https://github.com/alpenlabs/alpen.git", rev = "565fafccf2fe181d2f93003f9135ceed126a01ad" }
     strata-bridge-rpc = { git = "https://github.com/alpenlabs/strata-bridge.git", features = [
       "client",
-    ], tag = "v0.2.0-rc3" }
-    strata-primitives = { git = "https://github.com/alpenlabs/alpen.git", tag = "v0.2.0-rc4" }
+    ], rev = "851a681200658a19d88493a70f3bed66e515a08b" }
+    strata-primitives = { git = "https://github.com/alpenlabs/alpen.git", rev = "565fafccf2fe181d2f93003f9135ceed126a01ad" }
+    strata-tasks      = { git = "https://github.com/alpenlabs/strata-common", tag = "v0.1.0-alpha-rc16" }
     typed-sled        = { git = "https://github.com/alpenlabs/typed-sled" }
 
     # External
+    anyhow = { version = "1" }
+    alloy-primitives = { version = "1.4.1", features = [ "serde" ] }
+    alloy-sol-types  = { version = "1.4.1" }
     axum = { version = "0.8" }
     bitcoin = { version = "0.32.8", features = [ "serde" ] }
     hex = { version = "0.4" }
-    jsonrpsee = { version = "0.24", features = [ "http-client" ] }
+    jsonrpsee = { version = "0.26", features = [ "http-client" ] }
     reqwest = { version = "0.13.3", features = [ "json" ] }
     serde = { version = "1", features = [ "derive" ] }
     serde_json = { version = "1.0", default-features = false, features = [

backend/Cargo.toml

@@ -7,20 +7,28 @@
   path = "src/lib.rs"
 
 [dependencies]
-  status-config.workspace     = true
-  status-utils.workspace      = true
-  strata-bridge-rpc.workspace = true
-  strata-primitives.workspace = true
-  typed-sled.workspace        = true
+  alpen-reth-primitives.workspace = true
+  anyhow.workspace                = true
+  status-config.workspace         = true
+  status-utils.workspace          = true
+  strata-bridge-rpc.workspace     = true
+  strata-primitives.workspace     = true
+  strata-tasks.workspace          = true
+  typed-sled.workspace            = true
 
-  axum.workspace       = true
-  bitcoin.workspace    = true
-  hex.workspace        = true
-  jsonrpsee.workspace  = true
-  reqwest.workspace    = true
-  serde.workspace      = true
-  serde_json.workspace = true
-  sled.workspace       = true
-  thiserror.workspace  = true
-  tokio.workspace      = true
-  tracing.workspace    = true
+  alloy-primitives.workspace = true
+  alloy-sol-types.workspace  = true
+  axum.workspace             = true
+  bitcoin.workspace          = true
+  hex.workspace              = true
+  jsonrpsee.workspace        = true
+  reqwest.workspace          = true
+  serde.workspace            = true
+  serde_json.workspace       = true
+  sled.workspace             = true
+  thiserror.workspace        = true
+  tokio.workspace            = true
+  tracing.workspace          = true
+
+[dev-dependencies]
+  toml.workspace = true

backend/crates/bridge/Cargo.toml

@@ -28,13 +28,6 @@ pub enum WithdrawalIndexConsistencyError {
 }
 
 #[derive(Debug, thiserror::Error)]
-#[cfg_attr(
-    not(test),
-    expect(
-        dead_code,
-        reason = "withdrawal indexer DB errors are constructed by follow-up indexer/pairing commits"
-    )
-)]
 pub enum DbError {
     #[error("create data dir {0:?}: {1}")]
     CreateDataDir(PathBuf, #[source] std::io::Error),

backend/crates/bridge/src/db/error.rs

@@ -15,7 +15,7 @@ use crate::db::{
     not(test),
     expect(
         dead_code,
-        reason = "consumed by the indexer task in a follow-up commit"
+        reason = "pairing methods are consumed by the pairing task in a follow-up commit"
     )
 )]
 pub(crate) trait WithdrawalIndexerDb: Send + Sync {

backend/crates/bridge/src/db/traits.rs

@@ -20,26 +20,12 @@ use super::schema::{
 /// because it can wrap typed-sled codec errors. Use the shared consistency
 /// error type as the transactional abort payload and wrap it in [`DbError`]
 /// after the transaction.
-#[cfg_attr(
-    not(test),
-    expect(
-        dead_code,
-        reason = "used by withdrawal indexer and pairing DB writes in follow-up commits"
-    )
-)]
 fn abort_tx<T>(
     err: WithdrawalIndexConsistencyError,
 ) -> sled::transaction::ConflictableTransactionResult<T, TSledError> {
     Err(TSledError::abort(err).into())
 }
 
-#[cfg_attr(
-    not(test),
-    expect(
-        dead_code,
-        reason = "used by withdrawal indexer and pairing DB writes in follow-up commits"
-    )
-)]
 fn map_tx_result<T>(result: sled::transaction::TransactionResult<T, TSledError>) -> DbResult<T> {
     match result {
         Ok(value) => Ok(value),
@@ -70,16 +56,16 @@ pub(crate) struct WithdrawalIndexerDbSled {
     requests: SledTree<WithdrawalRequestSchema>,
     event_index: SledTree<WithdrawalEventIndexSchema>,
     assignments: SledTree<WithdrawalAssignmentSchema>,
+    #[cfg_attr(
+        not(test),
+        expect(
+            dead_code,
+            reason = "consumed by the pairing task in a follow-up commit"
+        )
+    )]
     seq_by_deposit_idx: SledTree<WithdrawalSeqByDepositIdxSchema>,
 }
 
-#[cfg_attr(
-    not(test),
-    expect(
-        dead_code,
-        reason = "wired in by the indexer task in a follow-up commit"
-    )
-)]
 impl WithdrawalIndexerDbSled {
     /// Open the indexer database under `{datadir}/withdrawal_index`. Creates
     /// intermediate directories if they don't exist; sled itself only creates

backend/crates/bridge/src/db/withdrawal_index/db.rs

@@ -2,6 +2,8 @@ mod cache;
 mod db;
 mod status;
 mod types;
+mod withdrawal_indexer;
 
 pub use status::{bridge_monitoring_task, get_bridge_status};
 pub use types::{BridgeMonitoringContext, BridgeStatus};
+pub use withdrawal_indexer::task::run_withdrawal_indexer;

backend/crates/bridge/src/lib.rs

@@ -0,0 +1,205 @@
+//! Withdrawal-intent log decoding.
+
+use alloy_sol_types::SolEvent;
+use alpen_reth_primitives::WithdrawalIntentEvent;
+use strata_primitives::buf::Buf32;
+
+use crate::db::types::DbWithdrawalRequest;
+
+use super::{rpc::RpcLog, BRIDGEOUT_PRECOMPILE_ADDRESS, FIXED_WITHDRAWAL_SATS};
+
+/// Hard correctness bound on sub-units per `WithdrawalIntentEvent`, set by
+/// `DbWithdrawalRequest::sub_idx: u32`: any value above this can't be stored
+/// without overflowing the cast. A tighter operational ceiling would need a
+/// protocol-defined constant or operator-tunable config — neither alpen nor
+/// strata-bridge expose one, so we don't invent one dashboard-side.
+const MAX_SUB_UNITS_PER_LOG: u64 = u32::MAX as u64;
+
+#[derive(Debug, thiserror::Error)]
+pub(crate) enum DecodeError {
+    #[error("unexpected log address (expected {expected}, got {actual})")]
+    UnexpectedAddress {
+        expected: alloy_primitives::Address,
+        actual: alloy_primitives::Address,
+    },
+
+    #[error("unexpected log topic[0] {0:?}")]
+    UnexpectedSignature(alloy_primitives::B256),
+
+    #[error("alloy decode: {0}")]
+    AbiDecode(#[from] alloy_sol_types::Error),
+
+    #[error(
+        "withdrawal amount {0} sats is not a positive multiple of {} sats",
+        FIXED_WITHDRAWAL_SATS
+    )]
+    AmountNotMultiple(u64),
+
+    #[error("withdrawal amount {amount} sats expands to more than {max_sub_units} sub-units")]
+    AmountTooLarge { amount: u64, max_sub_units: u64 },
+}
+
+/// Decode `log` into N rows, where N = `amount / FIXED_WITHDRAWAL_SATS`.
+///
+/// Each row carries the same `(tx_hash, log_index)` and a distinct
+/// `sub_idx ∈ 0..N`. Returns an error if the log doesn't belong to the
+/// bridgeout precompile, the topic doesn't match the event signature, or the
+/// amount isn't a positive exact multiple of the denomination.
+pub(crate) fn decode(log: &RpcLog) -> Result<Vec<DbWithdrawalRequest>, DecodeError> {
+    if log.address != BRIDGEOUT_PRECOMPILE_ADDRESS {
+        return Err(DecodeError::UnexpectedAddress {
+            expected: BRIDGEOUT_PRECOMPILE_ADDRESS,
+            actual: log.address,
+        });
+    }
+    match log.topics.first() {
+        Some(t0) if *t0 == WithdrawalIntentEvent::SIGNATURE_HASH => {}
+        Some(t0) => return Err(DecodeError::UnexpectedSignature(*t0)),
+        None => {
+            return Err(DecodeError::UnexpectedSignature(
+                alloy_primitives::B256::ZERO,
+            ))
+        }
+    }
+
+    let evt = WithdrawalIntentEvent::decode_raw_log(log.topics.iter().copied(), &log.data)?;
+
+    if evt.amount == 0 || evt.amount % FIXED_WITHDRAWAL_SATS != 0 {
+        return Err(DecodeError::AmountNotMultiple(evt.amount));
+    }
+    let n = evt.amount / FIXED_WITHDRAWAL_SATS;
+    if n > MAX_SUB_UNITS_PER_LOG {
+        return Err(DecodeError::AmountTooLarge {
+            amount: evt.amount,
+            max_sub_units: MAX_SUB_UNITS_PER_LOG,
+        });
+    }
+
+    let tx_hash = Buf32(log.transaction_hash.0);
+    let destination = evt.destination.to_vec();
+    let block_number = log.block_number;
+    let log_index = log.log_index;
+    let selected_operator = evt.selectedOperator;
+
+    let mut out = Vec::with_capacity(n as usize);
+    for sub_idx in 0..n {
+        out.push(DbWithdrawalRequest {
+            tx_hash,
+            log_index,
+            sub_idx: sub_idx as u32,
+            amount_sats: FIXED_WITHDRAWAL_SATS,
+            destination: destination.clone(),
+            selected_operator,
+            block_number,
+        });
+    }
+    Ok(out)
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use alloy_primitives::{Bytes, LogData, B256};
+
+    fn make_log(
+        amount_sats: u64,
+        selected_operator: u32,
+        address: alloy_primitives::Address,
+    ) -> RpcLog {
+        let evt = WithdrawalIntentEvent {
+            amount: amount_sats,
+            selectedOperator: selected_operator,
+            destination: Bytes::from(vec![0xAB; 22]),
+        };
+        let data = LogData::from(&evt);
+        RpcLog {
+            address,
+            topics: data.topics().to_vec(),
+            data: data.data.to_vec(),
+            block_number: 1234,
+            transaction_hash: B256::repeat_byte(0x77),
+            log_index: 5,
+        }
+    }
+
+    #[test]
+    fn expands_into_sub_units() {
+        let log = make_log(3 * FIXED_WITHDRAWAL_SATS, 2, BRIDGEOUT_PRECOMPILE_ADDRESS);
+        let rows = decode(&log).expect("decode");
+        assert_eq!(rows.len(), 3);
+        for (i, row) in rows.iter().enumerate() {
+            assert_eq!(row.sub_idx, i as u32);
+            assert_eq!(row.tx_hash.0, [0x77; 32]);
+            assert_eq!(row.log_index, 5);
+            assert_eq!(row.amount_sats, FIXED_WITHDRAWAL_SATS);
+            assert_eq!(row.selected_operator, 2);
+            assert_eq!(row.destination, vec![0xAB; 22]);
+            assert_eq!(row.block_number, 1234);
+        }
+    }
+
+    #[test]
+    fn single_sub_unit_for_one_denom() {
+        let log = make_log(
+            FIXED_WITHDRAWAL_SATS,
+            u32::MAX,
+            BRIDGEOUT_PRECOMPILE_ADDRESS,
+        );
+        let rows = decode(&log).expect("decode");
+        assert_eq!(rows.len(), 1);
+        assert_eq!(rows[0].selected_operator, u32::MAX);
+    }
+
+    #[test]
+    fn rejects_non_multiple_amount() {
+        let log = make_log(FIXED_WITHDRAWAL_SATS + 1, 0, BRIDGEOUT_PRECOMPILE_ADDRESS);
+        assert!(matches!(
+            decode(&log),
+            Err(DecodeError::AmountNotMultiple(..))
+        ));
+    }
+
+    #[test]
+    fn rejects_zero_amount() {
+        let log = make_log(0, 0, BRIDGEOUT_PRECOMPILE_ADDRESS);
+        assert!(matches!(
+            decode(&log),
+            Err(DecodeError::AmountNotMultiple(..))
+        ));
+    }
+
+    #[test]
+    fn rejects_amount_exceeding_sub_idx_capacity() {
+        // n = u32::MAX + 1 → would overflow `sub_idx: u32`. Decoder must
+        // reject before allocating.
+        let log = make_log(
+            (MAX_SUB_UNITS_PER_LOG + 1) * FIXED_WITHDRAWAL_SATS,
+            0,
+            BRIDGEOUT_PRECOMPILE_ADDRESS,
+        );
+        assert!(matches!(
+            decode(&log),
+            Err(DecodeError::AmountTooLarge { .. })
+        ));
+    }
+
+    #[test]
+    fn rejects_wrong_address() {
+        let other = alloy_primitives::address!("0000000000000000000000000000000000000099");
+        let log = make_log(FIXED_WITHDRAWAL_SATS, 0, other);
+        assert!(matches!(
+            decode(&log),
+            Err(DecodeError::UnexpectedAddress { .. })
+        ));
+    }
+
+    #[test]
+    fn rejects_wrong_topic() {
+        let mut log = make_log(FIXED_WITHDRAWAL_SATS, 0, BRIDGEOUT_PRECOMPILE_ADDRESS);
+        log.topics[0] = B256::ZERO;
+        assert!(matches!(
+            decode(&log),
+            Err(DecodeError::UnexpectedSignature(..))
+        ));
+    }
+}