Description:
Multi-signature wallet contract requiring multiple confirmations for transaction execution.
Blockchain: Ethereum
Source Code: View Code On The Blockchain
Solidity Source Code:
{{
"language": "Solidity",
"sources": {
"contracts/FigmentEth2DepositorV1.sol": {
"content": "// SPDX-License-Identifier: MIT
pragma solidity ^0.8.28;
import "@openzeppelin/contracts/access/Ownable2Step.sol";
import "@openzeppelin/contracts/utils/Pausable.sol";
import "../contracts/interfaces/IDepositContract.sol";
/**
* @title FigmentEth2DepositorV1
* @notice Batch Ethereum 2.0 validator deposit contract with variable amounts
* @dev Allows creating multiple validators in a single transaction with custom stake amounts
* @dev Supports deposits between 1 ETH and 2048 ETH per validator
* @dev Maximum 500 validators per transaction for gas efficiency
* @author Figment
*/
contract FigmentEth2DepositorV1 is Pausable, Ownable2Step {
/**
* @dev Custom errors for better gas efficiency and debugging
*/
error NodesAmountZero();
error NodesAmountTooLarge(uint256 provided, uint256 maximum);
error AmountTooLow(uint256 provided, uint256 minimum);
error AmountTooHigh(uint256 provided, uint256 maximum);
error EthAmountMismatch(uint256 provided, uint256 expected);
error InvalidValidatorData(uint256 index, string field);
error ZeroAddress();
error DirectEthTransferNotAllowed();
error WithdrawalCredentialsLengthMismatch(uint256 provided, uint256 expected);
error SignaturesLengthMismatch(uint256 provided, uint256 expected);
error DepositDataRootsLengthMismatch(uint256 provided, uint256 expected);
error AmountsLengthMismatch(uint256 provided, uint256 expected);
error OwnershipCannotBeRenounced();
/**
* @dev Eth2 Deposit Contract address.
*/
IDepositContract public immutable depositContract;
/**
* @dev Maximum amount of nodes per transaction.
*
* Analysis shows 250 validators is conservative and safe:
* - Gas usage: ~5.3M gas (well under 15-20M practical limits)
* - Transaction size: ~60KB (well under 128KB network limit)
* - Theoretical maximums: ~544 validators (size) or ~709+ validators (gas)
*
* We set the limit as 500 to be safe. That's a max of 1,024,000 ETH in one txn.
*/
uint256 public constant NODES_MAX_AMOUNT = 500;
uint256 public constant PUBKEY_LENGTH = 48;
uint256 public constant CREDENTIALS_LENGTH = 32;
uint256 public constant SIGNATURE_LENGTH = 96;
/**
* @dev Gwei to wei conversion factor.
*/
uint256 public constant GWEI_TO_WEI = 1 gwei; // 1e9
/**
* @dev Minimum collateral in gwei
*/
uint256 public constant MIN_COLLATERAL_GWEI = 1_000_000_000; // 1 ETH in gwei
/**
* @dev Maximum collateral in gwei based on Ethereum protocol limits.
* No validator can accept a deposit greater than 2048 ETH.
*/
uint256 public constant MAX_COLLATERAL_GWEI = 2_048_000_000_000; // 2048 ETH in gwei
/**
* @dev Setting Eth2 Smart Contract address during construction.
*/
constructor(address depositContract_) Ownable(msg.sender) {
if (depositContract_ == address(0)) {
revert ZeroAddress();
}
depositContract = IDepositContract(depositContract_);
}
/**
* @dev This contract will not accept direct ETH transactions.
*/
receive() external payable {
revert DirectEthTransferNotAllowed();
}
/**
* @notice Create multiple Ethereum 2.0 validator deposits with custom amounts
* @dev Batch deposit function for multiple validators with variable amounts
* @param pubkeys Array of BLS12-381 public keys (48 bytes each) - uniquely identifies each validator
* @param withdrawal_credentials Array of withdrawal credentials (32 bytes each) - where rewards will be sent
* @param signatures Array of BLS12-381 signatures (96 bytes each) - proves ownership of validator keys
* @param deposit_data_roots Array of SSZ deposit data roots (32 bytes each) - integrity checksums
* @param amounts_gwei Array of deposit amounts in gwei - must be between 1 ETH and 2048 ETH per validator
* @dev msg.value must equal the sum of all amounts_gwei converted to wei
* @dev Each validator will be created on Ethereum 2.0 with the specified amount
* @dev Funds will be locked until Ethereum 2.0 withdrawals are enabled
*/
function deposit(
bytes[] calldata pubkeys,
bytes[] calldata withdrawal_credentials,
bytes[] calldata signatures,
bytes32[] calldata deposit_data_roots,
uint256[] calldata amounts_gwei
) external payable whenNotPaused {
uint256 nodesAmount = pubkeys.length;
if (nodesAmount == 0) {
revert NodesAmountZero();
}
if (nodesAmount > NODES_MAX_AMOUNT) {
revert NodesAmountTooLarge(nodesAmount, NODES_MAX_AMOUNT);
}
if (withdrawal_credentials.length != nodesAmount) {
revert WithdrawalCredentialsLengthMismatch(withdrawal_credentials.length, nodesAmount);
}
if (signatures.length != nodesAmount) {
revert SignaturesLengthMismatch(signatures.length, nodesAmount);
}
if (deposit_data_roots.length != nodesAmount) {
revert DepositDataRootsLengthMismatch(deposit_data_roots.length, nodesAmount);
}
if (amounts_gwei.length != nodesAmount) {
revert AmountsLengthMismatch(amounts_gwei.length, nodesAmount);
}
// Note: totalAmount overflow is mathematically impossible within practical limits:
// Max per validator: 2048 ETH (~2e21 wei) × Max validators: 250 = ~5e23 wei << uint256.max (~1e77)
uint256 totalAmount;
unchecked {
for (uint256 i; i < nodesAmount; ++i) {
uint256 amountGwei = amounts_gwei[i];
// Validate amounts first (most likely to fail fast)
if (amountGwei < MIN_COLLATERAL_GWEI) {
revert AmountTooLow(amountGwei, MIN_COLLATERAL_GWEI);
}
if (amountGwei > MAX_COLLATERAL_GWEI) {
revert AmountTooHigh(amountGwei, MAX_COLLATERAL_GWEI);
}
// Validate data lengths
if (pubkeys[i].length != PUBKEY_LENGTH) {
revert InvalidValidatorData(i, "pubkey");
}
if (withdrawal_credentials[i].length != CREDENTIALS_LENGTH) {
revert InvalidValidatorData(i, "withdrawal_credentials");
}
if (signatures[i].length != SIGNATURE_LENGTH) {
revert InvalidValidatorData(i, "signature");
}
// Calculate total (overflow impossible with reasonable validator counts)
totalAmount += amountGwei * GWEI_TO_WEI;
}
}
if (msg.value != totalAmount) {
revert EthAmountMismatch(msg.value, totalAmount);
}
// Gas optimization: Deposit loop with unchecked arithmetic where safe
// Cache deposit contract to avoid repeated SLOAD
IDepositContract cachedDepositContract = depositContract;
unchecked {
for (uint256 i; i < nodesAmount; ++i) {
// Safe due to MAX_COLLATERAL_GWEI validation above
uint256 amountWei = amounts_gwei[i] * GWEI_TO_WEI;
cachedDepositContract.deposit{value: amountWei}(
pubkeys[i], withdrawal_credentials[i], signatures[i], deposit_data_roots[i]
);
}
}
emit BatchDepositEvent(msg.sender, nodesAmount, totalAmount);
}
/**
* @dev Triggers stopped state.
*
* Requirements:
*
* - The contract must not be paused.
*/
function pause() external onlyOwner {
_pause();
}
/**
* @dev Returns to normal state.
*
* Requirements:
*
* - The contract must be paused.
*/
function unpause() external onlyOwner {
_unpause();
}
/**
* @dev Fully disable ownership renouncement.
*
*/
function renounceOwnership() public pure override {
revert OwnershipCannotBeRenounced();
}
/**
* @notice Emitted when a batch deposit is successfully completed
* @param from Address that initiated the deposit transaction
* @param nodesAmount Number of validators created in this transaction
* @param totalAmount Total ETH amount staked across all validators (in wei)
*/
event BatchDepositEvent(address from, uint256 nodesAmount, uint256 totalAmount);
}
"
},
"dependencies/openzeppelin-contracts/contracts/access/Ownable2Step.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.1.0) (access/Ownable2Step.sol)
pragma solidity ^0.8.20;
import {Ownable} from "./Ownable.sol";
/**
* @dev Contract module which provides access control mechanism, where
* there is an account (an owner) that can be granted exclusive access to
* specific functions.
*
* This extension of the {Ownable} contract includes a two-step mechanism to transfer
* ownership, where the new owner must call {acceptOwnership} in order to replace the
* old one. This can help prevent common mistakes, such as transfers of ownership to
* incorrect accounts, or to contracts that are unable to interact with the
* permission system.
*
* The initial owner is specified at deployment time in the constructor for `Ownable`. This
* can later be changed with {transferOwnership} and {acceptOwnership}.
*
* This module is used through inheritance. It will make available all functions
* from parent (Ownable).
*/
abstract contract Ownable2Step is Ownable {
address private _pendingOwner;
event OwnershipTransferStarted(address indexed previousOwner, address indexed newOwner);
/**
* @dev Returns the address of the pending owner.
*/
function pendingOwner() public view virtual returns (address) {
return _pendingOwner;
}
/**
* @dev Starts the ownership transfer of the contract to a new account. Replaces the pending transfer if there is one.
* Can only be called by the current owner.
*
* Setting `newOwner` to the zero address is allowed; this can be used to cancel an initiated ownership transfer.
*/
function transferOwnership(address newOwner) public virtual override onlyOwner {
_pendingOwner = newOwner;
emit OwnershipTransferStarted(owner(), newOwner);
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`) and deletes any pending owner.
* Internal function without access restriction.
*/
function _transferOwnership(address newOwner) internal virtual override {
delete _pendingOwner;
super._transferOwnership(newOwner);
}
/**
* @dev The new owner accepts the ownership transfer.
*/
function acceptOwnership() public virtual {
address sender = _msgSender();
if (pendingOwner() != sender) {
revert OwnableUnauthorizedAccount(sender);
}
_transferOwnership(sender);
}
}
"
},
"dependencies/openzeppelin-contracts/contracts/utils/Pausable.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.3.0) (utils/Pausable.sol)
pragma solidity ^0.8.20;
import {Context} from "../utils/Context.sol";
/**
* @dev Contract module which allows children to implement an emergency stop
* mechanism that can be triggered by an authorized account.
*
* This module is used through inheritance. It will make available the
* modifiers `whenNotPaused` and `whenPaused`, which can be applied to
* the functions of your contract. Note that they will not be pausable by
* simply including this module, only once the modifiers are put in place.
*/
abstract contract Pausable is Context {
bool private _paused;
/**
* @dev Emitted when the pause is triggered by `account`.
*/
event Paused(address account);
/**
* @dev Emitted when the pause is lifted by `account`.
*/
event Unpaused(address account);
/**
* @dev The operation failed because the contract is paused.
*/
error EnforcedPause();
/**
* @dev The operation failed because the contract is not paused.
*/
error ExpectedPause();
/**
* @dev Modifier to make a function callable only when the contract is not paused.
*
* Requirements:
*
* - The contract must not be paused.
*/
modifier whenNotPaused() {
_requireNotPaused();
_;
}
/**
* @dev Modifier to make a function callable only when the contract is paused.
*
* Requirements:
*
* - The contract must be paused.
*/
modifier whenPaused() {
_requirePaused();
_;
}
/**
* @dev Returns true if the contract is paused, and false otherwise.
*/
function paused() public view virtual returns (bool) {
return _paused;
}
/**
* @dev Throws if the contract is paused.
*/
function _requireNotPaused() internal view virtual {
if (paused()) {
revert EnforcedPause();
}
}
/**
* @dev Throws if the contract is not paused.
*/
function _requirePaused() internal view virtual {
if (!paused()) {
revert ExpectedPause();
}
}
/**
* @dev Triggers stopped state.
*
* Requirements:
*
* - The contract must not be paused.
*/
function _pause() internal virtual whenNotPaused {
_paused = true;
emit Paused(_msgSender());
}
/**
* @dev Returns to normal state.
*
* Requirements:
*
* - The contract must be paused.
*/
function _unpause() internal virtual whenPaused {
_paused = false;
emit Unpaused(_msgSender());
}
}
"
},
"contracts/interfaces/IDepositContract.sol": {
"content": "// SPDX-License-Identifier: CC0-1.0
pragma solidity ^0.8.28;
// This interface is designed to be compatible with the Vyper version.
/// @notice This is the Ethereum 2.0 deposit contract interface.
/// For more information see https://github.com/ethereum/consensus-specs/tree/master/solidity_deposit_contract
interface IDepositContract {
/// @notice A processed deposit event.
event DepositEvent(
bytes pubkey,
bytes withdrawal_credentials,
bytes amount,
bytes signature,
bytes index
);
/// @notice Submit a Phase 0 DepositData object.
/// @param pubkey A BLS12-381 public key (48 bytes).
/// @param withdrawal_credentials Commitment to a public key for withdrawals (32 bytes).
/// @param signature A BLS12-381 signature (96 bytes).
/// @param deposit_data_root The SHA-256 hash of the SSZ-encoded DepositData object.
/// Used as a protection against malformed input.
function deposit(
bytes calldata pubkey,
bytes calldata withdrawal_credentials,
bytes calldata signature,
bytes32 deposit_data_root
) external payable;
/// @notice Query the current deposit root hash.
/// @return The deposit root hash.
function get_deposit_root() external view returns (bytes32);
/// @notice Query the current deposit count.
/// @return The deposit count encoded as a little endian 64-bit number.
function get_deposit_count() external view returns (bytes memory);
}
"
},
"dependencies/openzeppelin-contracts/contracts/access/Ownable.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (access/Ownable.sol)
pragma solidity ^0.8.20;
import {Context} from "../utils/Context.sol";
/**
* @dev Contract module which provides a basic access control mechanism, where
* there is an account (an owner) that can be granted exclusive access to
* specific functions.
*
* The initial owner is set to the address provided by the deployer. This can
* later be changed with {transferOwnership}.
*
* This module is used through inheritance. It will make available the modifier
* `onlyOwner`, which can be applied to your functions to restrict their use to
* the owner.
*/
abstract contract Ownable is Context {
address private _owner;
/**
* @dev The caller account is not authorized to perform an operation.
*/
error OwnableUnauthorizedAccount(address account);
/**
* @dev The owner is not a valid owner account. (eg. `address(0)`)
*/
error OwnableInvalidOwner(address owner);
event OwnershipTransferred(address indexed previousOwner, address indexed newOwner);
/**
* @dev Initializes the contract setting the address provided by the deployer as the initial owner.
*/
constructor(address initialOwner) {
if (initialOwner == address(0)) {
revert OwnableInvalidOwner(address(0));
}
_transferOwnership(initialOwner);
}
/**
* @dev Throws if called by any account other than the owner.
*/
modifier onlyOwner() {
_checkOwner();
_;
}
/**
* @dev Returns the address of the current owner.
*/
function owner() public view virtual returns (address) {
return _owner;
}
/**
* @dev Throws if the sender is not the owner.
*/
function _checkOwner() internal view virtual {
if (owner() != _msgSender()) {
revert OwnableUnauthorizedAccount(_msgSender());
}
}
/**
* @dev Leaves the contract without owner. It will not be possible to call
* `onlyOwner` functions. Can only be called by the current owner.
*
* NOTE: Renouncing ownership will leave the contract without an owner,
* thereby disabling any functionality that is only available to the owner.
*/
function renounceOwnership() public virtual onlyOwner {
_transferOwnership(address(0));
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Can only be called by the current owner.
*/
function transferOwnership(address newOwner) public virtual onlyOwner {
if (newOwner == address(0)) {
revert OwnableInvalidOwner(address(0));
}
_transferOwnership(newOwner);
}
/**
* @dev Transfers ownership of the contract to a new account (`newOwner`).
* Internal function without access restriction.
*/
function _transferOwnership(address newOwner) internal virtual {
address oldOwner = _owner;
_owner = newOwner;
emit OwnershipTransferred(oldOwner, newOwner);
}
}
"
},
"dependencies/openzeppelin-contracts/contracts/utils/Context.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.1) (utils/Context.sol)
pragma solidity ^0.8.20;
/**
* @dev Provides information about the current execution context, including the
* sender of the transaction and its data. While these are generally available
* via msg.sender and msg.data, they should not be accessed in such a direct
* manner, since when dealing with meta-transactions the account sending and
* paying for execution may not be the actual sender (as far as an application
* is concerned).
*
* This contract is only required for intermediate, library-like contracts.
*/
abstract contract Context {
function _msgSender() internal view virtual returns (address) {
return msg.sender;
}
function _msgData() internal view virtual returns (bytes calldata) {
return msg.data;
}
function _contextSuffixLength() internal view virtual returns (uint256) {
return 0;
}
}
"
}
},
"settings": {
"remappings": [
"forge-std/=dependencies/forge-std/",
"@openzeppelin/contracts/=dependencies/openzeppelin-contracts/contracts/",
"erc4626-tests/=dependencies/openzeppelin-contracts/lib/erc4626-tests/",
"halmos-cheatcodes/=dependencies/openzeppelin-contracts/lib/halmos-cheatcodes/src/",
"openzeppelin-contracts/=dependencies/openzeppelin-contracts/"
],
"optimizer": {
"enabled": true,
"runs": 200
},
"metadata": {
"useLiteralContent": false,
"bytecodeHash": "ipfs",
"appendCBOR": true
},
"outputSelection": {
"*": {
"*": [
"evm.bytecode",
"evm.deployedBytecode",
"devdoc",
"userdoc",
"metadata",
"abi"
]
}
},
"evmVersion": "cancun",
"viaIR": true
}
}}Submitted on: 2025-10-15 15:19:17
Comments
Log in to comment.
No comments yet.