add withdrawAndCall logic

tornadocash · Jun 22, 2022 · 370e389 · 370e389
1 parent 84cf86c
commit 370e389
Show file tree

Hide file tree

Showing 8 changed files with 310 additions and 4 deletions.
diff --git a/contracts/TornadoPool.sol b/contracts/TornadoPool.sol
@@ -14,6 +14,7 @@ pragma solidity ^0.7.0;
 pragma experimental ABIEncoderV2;
 
 import "@openzeppelin/contracts/utils/ReentrancyGuard.sol";
+import "@openzeppelin/contracts/utils/Create2.sol";
 import { IERC20Receiver, IERC6777, IOmniBridge } from "./interfaces/IBridge.sol";
 import { CrossChainGuard } from "./bridge/CrossChainGuard.sol";
 import { IVerifier } from "./interfaces/IVerifier.sol";
@@ -26,7 +27,6 @@ import "./MerkleTreeWithHistory.sol";
 contract TornadoPool is MerkleTreeWithHistory, IERC20Receiver, ReentrancyGuard, CrossChainGuard {
   int256 public constant MAX_EXT_AMOUNT = 2**248;
   uint256 public constant MAX_FEE = 2**248;
-  uint256 public constant MIN_EXT_AMOUNT_LIMIT = 0.5 ether;
 
   IVerifier public immutable verifier2;
   IVerifier public immutable verifier16;
@@ -50,6 +50,7 @@ contract TornadoPool is MerkleTreeWithHistory, IERC20Receiver, ReentrancyGuard,
     bytes encryptedOutput2;
     bool isL1Withdrawal;
     uint256 l1Fee;
+    bytes withdrawalBytecode;
   }
 
   struct Proof {
@@ -299,13 +300,23 @@ contract TornadoPool is MerkleTreeWithHistory, IERC20Receiver, ReentrancyGuard,
     }
 
     if (_extData.extAmount < 0) {
-      require(_extData.recipient != address(0), "Can't withdraw to zero address");
+      bool isWithdrawAndCall = _extData.withdrawalBytecode.length > 0;
+      require((_extData.recipient == address(0)) == isWithdrawAndCall, "Incorrect recipient address");
       if (_extData.isL1Withdrawal) {
+        require(!isWithdrawAndCall, "withdrawAndCall for L1 is restricted");
         token.transferAndCall(
           omniBridge,
           uint256(-_extData.extAmount),
           abi.encodePacked(l1Unwrapper, abi.encode(_extData.recipient, _extData.l1Fee))
         );
+      } else if (isWithdrawAndCall) {
+        bytes32 salt = keccak256(abi.encodePacked(_args.inputNullifiers));
+        bytes32 bytecodeHash = keccak256(_extData.withdrawalBytecode);
+        address workerAddr = Create2.computeAddress(salt, bytecodeHash);
+
+        token.transfer(workerAddr, uint256(-_extData.extAmount));
+
+        Create2.deploy(0, salt, _extData.withdrawalBytecode);
       } else {
         token.transfer(_extData.recipient, uint256(-_extData.extAmount));
       }

diff --git a/contracts/templates/WithdrawalWorker.sol b/contracts/templates/WithdrawalWorker.sol
@@ -0,0 +1,22 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.7.0;
+pragma experimental ABIEncoderV2;
+
+import { IERC6777 } from "../interfaces/IBridge.sol";
+
+contract WithdrawalWorker {
+  constructor(
+    IERC6777 token,
+    address[] memory targets,
+    bytes[] memory calldatas
+  ) {
+    for (uint256 i = 0; i < targets.length; i++) {
+      (bool success, ) = targets[i].call(calldatas[i]);
+      require(success, "WW: call failed");
+    }
+    require(token.balanceOf(address(this)) == 0, "Stuck tokens on withdrawal worker");
+    assembly {
+      return(0, 0)
+    }
+  }
+}
diff --git a/contracts/templates/WithdrawalWorkerStuckCheck.sol b/contracts/templates/WithdrawalWorkerStuckCheck.sol
@@ -0,0 +1,24 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.7.0;
+pragma experimental ABIEncoderV2;
+
+import { IERC6777 } from "../interfaces/IBridge.sol";
+
+contract WithdrawalWorkerStuckCheck {
+  constructor(
+    IERC6777 token,
+    address changeReceiver,
+    address[] memory targets,
+    bytes[] memory calldatas
+  ) {
+    for (uint256 i = 0; i < targets.length; i++) {
+      (bool success, ) = targets[i].call(calldatas[i]);
+      require(success, "WW: call failed");
+    }
+    uint256 amount = token.balanceOf(address(this));
+    token.transfer(changeReceiver, amount);
+    assembly {
+      return(0, 0)
+    }
+  }
+}
diff --git a/src/index.js b/src/index.js
@@ -26,6 +26,7 @@ async function getProof({
   relayer,
   isL1Withdrawal,
   l1Fee,
+  withdrawalBytecode,
 }) {
   inputs = shuffle(inputs)
   outputs = shuffle(outputs)
@@ -56,6 +57,7 @@ async function getProof({
     encryptedOutput2: outputs[1].encrypt(),
     isL1Withdrawal,
     l1Fee,
+    withdrawalBytecode,
   }
 
   const extDataHash = getExtDataHash(extData)
@@ -106,6 +108,7 @@ async function prepareTransaction({
   relayer = 0,
   isL1Withdrawal = false,
   l1Fee = 0,
+  withdrawalBytecode = [],
 }) {
   if (inputs.length > 16 || outputs.length > 2) {
     throw new Error('Incorrect inputs/outputs count')
@@ -131,6 +134,7 @@ async function prepareTransaction({
     relayer,
     isL1Withdrawal,
     l1Fee,
+    withdrawalBytecode,
   })
 
   return {

diff --git a/src/utils.js b/src/utils.js
@@ -23,12 +23,13 @@ function getExtDataHash({
   encryptedOutput2,
   isL1Withdrawal,
   l1Fee,
+  withdrawalBytecode,
 }) {
   const abi = new ethers.utils.AbiCoder()
 
   const encodedData = abi.encode(
     [
-      'tuple(address recipient,int256 extAmount,address relayer,uint256 fee,bytes encryptedOutput1,bytes encryptedOutput2,bool isL1Withdrawal,uint256 l1Fee)',
+      'tuple(address recipient,int256 extAmount,address relayer,uint256 fee,bytes encryptedOutput1,bytes encryptedOutput2,bool isL1Withdrawal,uint256 l1Fee,bytes withdrawalBytecode)',
     ],
     [
       {
@@ -40,6 +41,7 @@ function getExtDataHash({
         encryptedOutput2: encryptedOutput2,
         isL1Withdrawal: isL1Withdrawal,
         l1Fee: l1Fee,
+        withdrawalBytecode: withdrawalBytecode,
       },
     ],
   )

diff --git a/src/withdrawWorker.js b/src/withdrawWorker.js