f - allow collection on gateway cancelation

Plus major refactor of testing harness

Author: matiasedgeandnode

IndexingPaymentsTodo.md

@@ -1,7 +1,6 @@
 # Still pending
 
 * Arbitration Charter: Update to support disputing IndexingFee.
-* Double check cancelation policy. Who can cancel when? Right now is either party at any time. If gateway cancels allow collection till that point.
 * Expose a function that indexers can use to calculate the tokens to be collected and other collection params?
 * test_SubgraphService_CollectIndexingFee_Integration fails with PaymentsEscrowInconsistentCollection
 * Switch timestamps to uint64.
@@ -15,6 +14,7 @@
 
 # Done
 
+* DONE: ~~Double check cancelation policy. Who can cancel when? Right now is either party at any time. Answer: If gateway cancels allow collection till that point.~~
 * DONE: ~~If an indexer closes an allocation, what should happen to the accepeted agreement? Answer: Look into canceling agreement as part of stop service.~~
 * DONE: ~~Switch `duration` for `endsAt`? Answer: Do it.~~
 * DONE: ~~Support a way for gateway to shop an agreement around? Deadline + dedup key? So only one agreement with the dedupe key can be accepted? Answer: No. Agreements will be "signaled" as approved or rejected on the API call that sends the agreement. We'll trust (and verify) that that's the case.~~

packages/horizon/contracts/interfaces/IRecurringCollector.sol

@@ -13,6 +13,18 @@ import { IAuthorizable } from "./IAuthorizable.sol";
  * recurrent payments.
  */
 interface IRecurringCollector is IAuthorizable, IPaymentsCollector {
+    enum AgreementState {
+        NotAccepted,
+        Accepted,
+        CanceledByServiceProvider,
+        CanceledByPayer
+    }
+
+    enum CancelAgreementBy {
+        ServiceProvider,
+        Payer
+    }
+
     /// @notice A representation of a signed Recurring Collection Agreement (RCA)
     struct SignedRCA {
         // The RCA
@@ -102,6 +114,10 @@ interface IRecurringCollector is IAuthorizable, IPaymentsCollector {
         uint32 minSecondsPerCollection;
         // The maximum amount of seconds that can pass between collections
         uint32 maxSecondsPerCollection;
+        // The timestamp when the agreement was canceled
+        uint256 canceledAt;
+        // The state of the agreement
+        AgreementState state;
     }
 
     /// @notice The params for collecting an agreement
@@ -152,7 +168,8 @@ interface IRecurringCollector is IAuthorizable, IPaymentsCollector {
         address indexed payer,
         address indexed serviceProvider,
         bytes16 agreementId,
-        uint256 canceledAt
+        uint256 canceledAt,
+        address canceledBy
     );
 
     /**
@@ -240,22 +257,11 @@ interface IRecurringCollector is IAuthorizable, IPaymentsCollector {
     error RecurringCollectorInvalidCollectData(bytes invalidData);
 
     /**
-     * Thrown when calling accept() for an already accepted agreement
-     * @param agreementId The agreement ID
-     */
-    error RecurringCollectorAgreementAlreadyAccepted(bytes16 agreementId);
-
-    /**
-     * Thrown when interacting with an agreement that was never accepted
-     * @param agreementId The agreement ID
-     */
-    error RecurringCollectorAgreementNeverAccepted(bytes16 agreementId);
-
-    /**
-     * Thrown when interacting with an agreement that was canceled
+     * Thrown when interacting with an agreement that has an incorrect state
      * @param agreementId The agreement ID
+     * @param incorrectState The incorrect state
      */
-    error RecurringCollectorAgreementCanceled(bytes16 agreementId);
+    error RecurringCollectorAgreementIncorrectState(bytes16 agreementId, AgreementState incorrectState);
 
     /**
      * Thrown when accepting or upgrading an agreement with invalid parameters
@@ -294,8 +300,9 @@ interface IRecurringCollector is IAuthorizable, IPaymentsCollector {
     /**
      * @dev Cancel an indexing agreement.
      * @param agreementId The agreement's ID.
+     * @param by The party that is canceling the agreement.
      */
-    function cancel(bytes16 agreementId) external;
+    function cancel(bytes16 agreementId, CancelAgreementBy by) external;
 
     /**
      * @dev Upgrade an indexing agreement.

packages/horizon/contracts/payments/collectors/RecurringCollector.sol

@@ -33,9 +33,6 @@ contract RecurringCollector is EIP712, GraphDirectory, Authorizable, IRecurringC
             "RecurringCollectionAgreementUpgrade(bytes16 agreementId,uint256 deadline,uint256 endsAt,uint256 maxInitialTokens,uint256 maxOngoingTokensPerSecond,uint32 minSecondsPerCollection,uint32 maxSecondsPerCollection,bytes metadata)"
         );
 
-    /// @notice Sentinel value to indicate an agreement has been canceled
-    uint256 public constant CANCELED = type(uint256).max;
-
     /// @notice Tracks agreements
     mapping(bytes16 agreementId => AgreementData data) public agreements;
 
@@ -91,10 +88,14 @@ contract RecurringCollector is EIP712, GraphDirectory, Authorizable, IRecurringC
 
         AgreementData storage agreement = _getForUpdateAgreement(signedRCA.rca.agreementId);
         // check that the agreement is not already accepted
-        require(agreement.acceptedAt == 0, RecurringCollectorAgreementAlreadyAccepted(signedRCA.rca.agreementId));
+        require(
+            agreement.state == AgreementState.NotAccepted,
+            RecurringCollectorAgreementIncorrectState(signedRCA.rca.agreementId, agreement.state)
+        );
 
         // accept the agreement
         agreement.acceptedAt = block.timestamp;
+        agreement.state = AgreementState.Accepted;
         agreement.dataService = signedRCA.rca.dataService;
         agreement.payer = signedRCA.rca.payer;
         agreement.serviceProvider = signedRCA.rca.serviceProvider;
@@ -124,21 +125,35 @@ contract RecurringCollector is EIP712, GraphDirectory, Authorizable, IRecurringC
      * See {IRecurringCollector.cancel}.
      * @dev Caller must be the data service for the agreement.
      */
-    function cancel(bytes16 agreementId) external {
+    function cancel(bytes16 agreementId, CancelAgreementBy by) external {
         AgreementData storage agreement = _getForUpdateAgreement(agreementId);
-        require(agreement.acceptedAt > 0, RecurringCollectorAgreementNeverAccepted(agreementId));
+        require(
+            agreement.state == AgreementState.Accepted,
+            RecurringCollectorAgreementIncorrectState(agreementId, agreement.state)
+        );
         require(
             agreement.dataService == msg.sender,
             RecurringCollectorDataServiceNotAuthorized(agreementId, msg.sender)
         );
-        agreement.acceptedAt = CANCELED;
+        agreement.canceledAt = block.timestamp;
+        address canceledBy;
+        if (by == CancelAgreementBy.Payer) {
+            agreement.state = AgreementState.CanceledByPayer;
+            canceledBy = agreement.payer;
+        } else if (by == CancelAgreementBy.ServiceProvider) {
+            agreement.state = AgreementState.CanceledByServiceProvider;
+            canceledBy = agreement.serviceProvider;
+        } else {
+            revert("invalid CancelAgreementBy");
+        }
 
         emit AgreementCanceled(
             agreement.dataService,
             agreement.payer,
             agreement.serviceProvider,
             agreementId,
-            block.timestamp
+            block.timestamp,
+            canceledBy
         );
     }
 
@@ -154,7 +169,10 @@ contract RecurringCollector is EIP712, GraphDirectory, Authorizable, IRecurringC
         );
 
         AgreementData storage agreement = _getForUpdateAgreement(signedRCAU.rcau.agreementId);
-        require(agreement.acceptedAt > 0, RecurringCollectorAgreementNeverAccepted(signedRCAU.rcau.agreementId));
+        require(
+            agreement.state == AgreementState.Accepted,
+            RecurringCollectorAgreementIncorrectState(signedRCAU.rcau.agreementId, agreement.state)
+        );
         require(
             agreement.dataService == msg.sender,
             RecurringCollectorDataServiceNotAuthorized(signedRCAU.rcau.agreementId, msg.sender)
@@ -238,13 +256,20 @@ contract RecurringCollector is EIP712, GraphDirectory, Authorizable, IRecurringC
      */
     function _collect(CollectParams memory _params) private returns (uint256) {
         AgreementData storage agreement = _getForUpdateAgreement(_params.agreementId);
-        require(agreement.acceptedAt > 0, RecurringCollectorAgreementNeverAccepted(_params.agreementId));
+        require(
+            agreement.state == AgreementState.Accepted || agreement.state == AgreementState.CanceledByPayer,
+            RecurringCollectorAgreementIncorrectState(_params.agreementId, agreement.state)
+        );
+
         require(
             msg.sender == agreement.dataService,
             RecurringCollectorDataServiceNotAuthorized(_params.agreementId, msg.sender)
         );
 
-        _requireCollectableAgreement(agreement, _params.agreementId);
+        require(
+            agreement.endsAt >= block.timestamp,
+            RecurringCollectorAgreementElapsed(_params.agreementId, agreement.endsAt)
+        );
 
         uint256 tokensToCollect = 0;
         if (_params.tokens != 0) {
@@ -311,15 +336,6 @@ contract RecurringCollector is EIP712, GraphDirectory, Authorizable, IRecurringC
         );
     }
 
-    function _requireCollectableAgreement(AgreementData memory _agreement, bytes16 _agreementId) private view {
-        require(_agreement.acceptedAt != CANCELED, RecurringCollectorAgreementCanceled(_agreementId));
-
-        require(
-            _agreement.endsAt >= block.timestamp,
-            RecurringCollectorAgreementElapsed(_agreementId, _agreement.endsAt)
-        );
-    }
-
     /**
      * @notice Requires that the collection params are valid.
      */
@@ -328,7 +344,9 @@ contract RecurringCollector is EIP712, GraphDirectory, Authorizable, IRecurringC
         bytes16 _agreementId,
         uint256 _tokens
     ) private view returns (uint256) {
-        uint256 collectionSeconds = block.timestamp;
+        uint256 collectionSeconds = _agreement.state == AgreementState.CanceledByPayer
+            ? _agreement.canceledAt
+            : block.timestamp;
         collectionSeconds -= _agreementCollectionStartAt(_agreement);
         require(
             collectionSeconds >= _agreement.minSecondsPerCollection,

packages/horizon/test/payments/recurring-collector/RecurringCollectorHelper.t.sol

@@ -59,4 +59,79 @@ contract RecurringCollectorHelper is AuthorizableHelper, Bounder {
         rca.deadline = boundTimestampMin(rca.deadline, block.timestamp);
         return rca;
     }
+
+    function sensibleRCA(
+        IRecurringCollector.RecurringCollectionAgreement memory rca
+    ) public view returns (IRecurringCollector.RecurringCollectionAgreement memory) {
+        vm.assume(rca.agreementId != bytes16(0));
+        vm.assume(rca.dataService != address(0));
+        vm.assume(rca.payer != address(0));
+        vm.assume(rca.serviceProvider != address(0));
+
+        rca.minSecondsPerCollection = _sensibleMinSecondsPerCollection(rca.minSecondsPerCollection);
+        rca.maxSecondsPerCollection = _sensibleMaxSecondsPerCollection(
+            rca.maxSecondsPerCollection,
+            rca.minSecondsPerCollection
+        );
+
+        rca.deadline = _sensibleDeadline(rca.deadline);
+        rca.endsAt = _sensibleEndsAt(rca.endsAt, rca.maxSecondsPerCollection);
+
+        rca.maxInitialTokens = _sensibleMaxInitialTokens(rca.maxInitialTokens);
+        rca.maxOngoingTokensPerSecond = _sensibleMaxOngoingTokensPerSecond(rca.maxOngoingTokensPerSecond);
+
+        return rca;
+    }
+
+    function sensibleRCAU(
+        IRecurringCollector.RecurringCollectionAgreementUpgrade memory rcau
+    ) public view returns (IRecurringCollector.RecurringCollectionAgreementUpgrade memory) {
+        rcau.minSecondsPerCollection = _sensibleMinSecondsPerCollection(rcau.minSecondsPerCollection);
+        rcau.maxSecondsPerCollection = _sensibleMaxSecondsPerCollection(
+            rcau.maxSecondsPerCollection,
+            rcau.minSecondsPerCollection
+        );
+
+        rcau.deadline = _sensibleDeadline(rcau.deadline);
+        rcau.endsAt = _sensibleEndsAt(rcau.endsAt, rcau.maxSecondsPerCollection);
+        rcau.maxInitialTokens = _sensibleMaxInitialTokens(rcau.maxInitialTokens);
+        rcau.maxOngoingTokensPerSecond = _sensibleMaxOngoingTokensPerSecond(rcau.maxOngoingTokensPerSecond);
+
+        return rcau;
+    }
+
+    function _sensibleDeadline(uint256 _seed) internal view returns (uint256) {
+        return bound(_seed, block.timestamp + 1, block.timestamp + 7200); // between now and 2h
+    }
+
+    function _sensibleEndsAt(uint256 _seed, uint32 _maxSecondsPerCollection) internal view returns (uint256) {
+        return
+            bound(
+                _seed,
+                block.timestamp + (10 * uint256(_maxSecondsPerCollection)),
+                block.timestamp + (1_000_000 * uint256(_maxSecondsPerCollection))
+            ); // between 10 and 1M max collections
+    }
+
+    function _sensibleMaxInitialTokens(uint256 _seed) internal pure returns (uint256) {
+        return bound(_seed, 0, 1e18 * 100_000_000); // between 0 and 100M tokens
+    }
+
+    function _sensibleMaxOngoingTokensPerSecond(uint256 _seed) internal pure returns (uint256) {
+        return bound(_seed, 1, 1e18); // between 1 and 1e18 tokens per second
+    }
+
+    function _sensibleMinSecondsPerCollection(uint32 _seed) internal pure returns (uint32) {
+        return uint32(bound(_seed, 10 * 60, 24 * 60 * 60)); // between 10 min and 24h
+    }
+
+    function _sensibleMaxSecondsPerCollection(
+        uint32 _seed,
+        uint32 _minSecondsPerCollection
+    ) internal pure returns (uint32) {
+        return
+            uint32(
+                bound(_seed, _minSecondsPerCollection + 7200, 60 * 60 * 24 * 30) // between minSecondsPerCollection + 2h and 30 days
+            );
+    }
 }

packages/horizon/test/payments/recurring-collector/accept.t.sol

@@ -37,8 +37,9 @@ contract RecurringCollectorAcceptTest is RecurringCollectorSharedTest {
         (IRecurringCollector.SignedRCA memory accepted, ) = _sensibleAuthorizeAndAccept(fuzzyTestAccept);
 
         bytes memory expectedErr = abi.encodeWithSelector(
-            IRecurringCollector.RecurringCollectorAgreementAlreadyAccepted.selector,
-            accepted.rca.agreementId
+            IRecurringCollector.RecurringCollectorAgreementIncorrectState.selector,
+            accepted.rca.agreementId,
+            IRecurringCollector.AgreementState.Accepted
         );
         vm.expectRevert(expectedErr);
         vm.prank(accepted.rca.dataService);

packages/horizon/test/payments/recurring-collector/cancel.t.sol

@@ -12,25 +12,28 @@ contract RecurringCollectorCancelTest is RecurringCollectorSharedTest {
 
     /* solhint-disable graph/func-name-mixedcase */
 
-    function test_Cancel(FuzzyTestAccept calldata fuzzyTestAccept) public {
+    function test_Cancel(FuzzyTestAccept calldata fuzzyTestAccept, uint8 unboundedCanceler) public {
         _sensibleAuthorizeAndAccept(fuzzyTestAccept);
-        _cancel(fuzzyTestAccept.rca);
+        _cancel(fuzzyTestAccept.rca, _fuzzyCancelAgreementBy(unboundedCanceler));
     }
 
     function test_Cancel_Revert_WhenNotAccepted(
-        IRecurringCollector.RecurringCollectionAgreement memory fuzzyRCA
+        IRecurringCollector.RecurringCollectionAgreement memory fuzzyRCA,
+        uint8 unboundedCanceler
     ) public {
         bytes memory expectedErr = abi.encodeWithSelector(
-            IRecurringCollector.RecurringCollectorAgreementNeverAccepted.selector,
-            fuzzyRCA.agreementId
+            IRecurringCollector.RecurringCollectorAgreementIncorrectState.selector,
+            fuzzyRCA.agreementId,
+            IRecurringCollector.AgreementState.NotAccepted
         );
         vm.expectRevert(expectedErr);
         vm.prank(fuzzyRCA.dataService);
-        _recurringCollector.cancel(fuzzyRCA.agreementId);
+        _recurringCollector.cancel(fuzzyRCA.agreementId, _fuzzyCancelAgreementBy(unboundedCanceler));
     }
 
     function test_Cancel_Revert_WhenNotDataService(
         FuzzyTestAccept calldata fuzzyTestAccept,
+        uint8 unboundedCanceler,
         address notDataService
     ) public {
         vm.assume(fuzzyTestAccept.rca.dataService != notDataService);
@@ -44,7 +47,7 @@ contract RecurringCollectorCancelTest is RecurringCollectorSharedTest {
         );
         vm.expectRevert(expectedErr);
         vm.prank(notDataService);
-        _recurringCollector.cancel(fuzzyTestAccept.rca.agreementId);
+        _recurringCollector.cancel(fuzzyTestAccept.rca.agreementId, _fuzzyCancelAgreementBy(unboundedCanceler));
     }
     /* solhint-enable graph/func-name-mixedcase */
 }

packages/horizon/test/payments/recurring-collector/collect.t.sol

@@ -72,17 +72,18 @@ contract RecurringCollectorCollectTest is RecurringCollectorSharedTest {
         bytes memory data = _generateCollectData(fuzzy.collectParams);
 
         bytes memory expectedErr = abi.encodeWithSelector(
-            IRecurringCollector.RecurringCollectorAgreementNeverAccepted.selector,
-            fuzzy.collectParams.agreementId
+            IRecurringCollector.RecurringCollectorAgreementIncorrectState.selector,
+            fuzzy.collectParams.agreementId,
+            IRecurringCollector.AgreementState.NotAccepted
         );
         vm.expectRevert(expectedErr);
         vm.prank(dataService);
         _recurringCollector.collect(IGraphPayments.PaymentTypes.IndexingFee, data);
     }
 
-    function test_Collect_Revert_WhenCanceledAgreement(FuzzyTestCollect calldata fuzzy) public {
+    function test_Collect_Revert_WhenCanceledAgreementByServiceProvider(FuzzyTestCollect calldata fuzzy) public {
         (IRecurringCollector.SignedRCA memory accepted, ) = _sensibleAuthorizeAndAccept(fuzzy.fuzzyTestAccept);
-        _cancel(accepted.rca);
+        _cancel(accepted.rca, IRecurringCollector.CancelAgreementBy.ServiceProvider);
         IRecurringCollector.CollectParams memory collectData = fuzzy.collectParams;
         collectData.tokens = bound(collectData.tokens, 1, type(uint256).max);
         IRecurringCollector.CollectParams memory collectParams = _generateCollectParams(
@@ -94,8 +95,9 @@ contract RecurringCollectorCollectTest is RecurringCollectorSharedTest {
         bytes memory data = _generateCollectData(collectParams);
 
         bytes memory expectedErr = abi.encodeWithSelector(
-            IRecurringCollector.RecurringCollectorAgreementCanceled.selector,
-            collectParams.agreementId
+            IRecurringCollector.RecurringCollectorAgreementIncorrectState.selector,
+            collectParams.agreementId,
+            IRecurringCollector.AgreementState.CanceledByServiceProvider
         );
         vm.expectRevert(expectedErr);
         vm.prank(accepted.rca.dataService);