New staking mechanics

[hysz]

Description

This PR introduces a new mechanism for managing stake and tracking rewards. It is more flexible than the original implementation, allowing for a better user experience.

Note - Skip the Typescript in this review. There is a separate PR (#2126) that updates client-side code and adds tests. It will be merged into this PR before merging into 3.0.

Design Principles

1. Freshly minted stake is active.
2. Delegating, un-delegating and re-delegating stake comes into effect next epoch.
3. Users can freely adjust the distribution of their stake for the next epoch.
4. Stake can be withdrawn after it is inactive for one epoch.

Stake State Algorithm

There are three states that stake can exist in: Active, Inactive or Delegated. Each state has three fields:

1. How much stake is currently in this state (cur)
2. How much stake is in this state next epoch (next)
3. The last time this state was stored
   1. This allows us to compute the correct values at any given epoch without user intervention

Inactive stake includes a Withdrawable field (W) that reflects how much stake can be withdrawn at any given time.

Example

Reward Tracking Mechanics

Reward Vault vs Eth Vault

The reward vault tracks the balance of each pool: how much belongs to the operator and how much is to be split between the delegators. ETH is deposited into this vault when an epoch is finalized.

The ETH Vault stores balances on a per-address basis. Value is moved from the reward vault to the ETH vault when a delegator changes their stake in a given pool.

Testing instructions

Checklist:

• Prefix PR title with [WIP] if necessary.
• Add tests to cover changes as needed.
• Update documentation as needed.
• Add new entries to the relevant CHANGELOG.jsons.

[jalextowle]

The logic seems solid for the most part. Really nice work on the redesigned logic, and all things considered, you got this out quickly!

I had some nits and comments, which I think should be addressed before merging this PR.

[jalextowle]

What needs to be updated here? Can this "TODO" be removed?

[jalextowle]

Is this used anywhere else? I like the fact that we're naming this boolean, but I think a comment in the call to recordDepositFor would be sufficient and it would save us from needing to use another stack slot. Alternatively, I think it could make sense to start making use of Solidity's block scoping features to make sure that the stack stays clean.

Ex.

uint256 poolPortion;
{
    bool rewardForOperatorOnly = activePools[i].delegatedStake == 0; // This will get dropped after being used.
    (, poolPortion) = rewardVault.recordDepositFor(activePools[i].poolId, reward, rewardForOperatorOnly);
}

The reason I call this out is that I think that reducing the number of stack variables in the top of a function's scope can be a boon to code maintenance since it reduces the likelihood that adding a stack variable will push the function over the stack limit.

[hysz]

Ah I actually thought that Solidity would stop managing stack variables once they were finished being used without needing an explicit scope ~ just verified this is not the case. I'm cool with inlining.

[jalextowle]

It turns out that 10 ** 18 will not be inlined by the Solidity compiler. I've verified this by debugging a transaction through the Remix debugger that uses this constant. With this in mind:

Nit: Use 10 ** 18 for readability.

[jalextowle]

Nit: Can you update this comment? It isn't immediately clear to me what the difference between this "Rebate Vault" and the below "Rebate Vault", aside from the fact that I assume that this vault stores ETH.

[jalextowle]

Nit: Update to 2019 :)

[jalextowle]

I understand why this is being made private, but it may be wise to leave this as internal for the purposes of unit testing. Thoughts?

[hysz]

Yeah, I think you're right. For unit testing these will have to be made internal =\

[jalextowle]

Is there a reason not to use Rich Errors in this contract?

[abandeali1]

This function doesn't do much other than call _zrxVault.depositFrom(owner, amount). I'd be in favor of removing it completely.

[jalextowle]

Nit:

Suggested change

	Copyright 2018 ZeroEx Intl.
	Copyright 2019 ZeroEx Intl.

[jalextowle]

Nice!

[jalextowle]

Nit: Same as above re testing

[hysz]

(see above)

[abandeali1]

I'm probably about 1/4 - 1/3 through this review but won't be able to get to the rest tonight. Will add the rest tomorrow morning!

[abandeali1]

This is a pretty long line. We can break it down into multiple lines, which would also make it easier to inline the rewardForOperatorOnly calculation with a comment to the right.

[abandeali1]

Nit: spell out mapping from Pool Id to Epoch to Reward Ratio

[abandeali1]

The diagrams will live in the spec ideally.

[abandeali1]

Rich revert?

[abandeali1]

These are already inherited by MixinStorage (I suspect you are using a script to generate these).

[hysz]

Yeah, to remove any ambiguities during linearization it will print out the full ancestral tree. Ugly, but it works. I'll create a task to remove frivolous imports for readability to see if we can make this a bit prettier. In the meantime I'll cleanup the ones in this PR.

[hysz]

FWIW this is an example demonstrating why explicitly inheriting the ancestral tree works:

Ex:
contract A {}
contract B {}
contract C {}
contract D is A, B {}

Suppose now that there is a contract E that will inherit from B{} and D{}
The following follows "most base-like" to "most-derived":
contract E is B, D {}
However, it unfolds to: B{}, A{}, B{}, D{}, E{} - which is wrong because B{} appears both before and after A{}.
The correct contract inheritance for E{} should be:
contract E is A{}, B{}, D{}

So, even though contract E{} does not directly depend on A{} - it still must be included in the dependency list.

[abandeali1]

We can use newOperatorBalance.downcastToUint96 here

[abandeali1]

Nit: _balances

[hysz]

Note: we chatted offline. This will be done in a separate PR.

[abandeali1]

All of these are unnecessary exccept IEthVault and MixinVaultCore

[abandeali1]

A lot of these functions are exactly the same as in the ZrxVault. Maybe the repeat functions should live in MixinVaultCore?

[abandeali1]

This can be removed.

[abandeali1]

All of these rich reverts should end with Error.

[abandeali1]

Didn't we want newly minted stake to only become active at the next epoch as well? Otherwise one can stake before the very end of an epoch and dilute rewards for everyone else.

[hysz]

Note: we chatted about this offline, but basically this won't dilute rewards because the stake isn't delegated.

[abandeali1]

This probably happens elsewhere too if I had to guess. We might want to do a search for owner usage throughout the staking contracts.

[abandeali1]

I personally like Status > State here. I feel like State implies storage to some degree (also consistent with other enums).

[hysz]

Hmm yeah I like that better too. Although a "status machine" doesn't quite have the same ring as a "state machine" 🌝

[abandeali1]

This could probably just be StakeInfo

[abandeali1]

Hoping we can remove this check too if _ethVault is set in the constructor.

[abandeali1]

I don't think this is used anywhere.

[abandeali1]

Do we still need this file at all?

[hysz]

It's removed by #2109

[abandeali1]

Nit: all of these variables should be prefixed with _. Probably cleaner to do this in another PR.

[hysz]

Agreed, I've created a task for this.

[abandeali1]

These checks should probably be reversed, since we don't need currentEpoch == 0 to be checked after epoch 0.

[hysz]

Very good eye! I agree!

[jalextowle]

Nice, this comment makes up for the variable IMHO 👍

[jalextowle]

Nit: I don't think this line should be here.

[hysz]

Interesting, yeah I think you're right. Seems to be 50/50 whether we have a newline here or not lol.

[jalextowle]

Suggested change

	// cache the current withdrawal amoiunt, which may change if we're moving out of the inactive status.
	// cache the current withdrawal amount, which may change if we're moving out of the inactive status.

[jalextowle]

A lot of these functions have been made private. We should make them internal for unit testing.

[hysz]

Note: we chatted about this offline. These will be set to internal on as needed, unless a better alternative arises in the meantime.

[jalextowle]

Would it make more sense for addFractions to return a fraction? It seems like we create a Fraction object a significant amount of the time after calling this.

[hysz]

Mm idk, since this is a general util library I'd prefer to not force a struct on future users. We actually only convert it to the Fraction struct in this fn for storage.

[coveralls]

Coverage remained the same at 75.804% when pulling fc7f2e7 on feature/staking/NewMechanicsSolidityOnly-Squashed into 88e5635 on 3.0.

[abandeali1]

Nice, some awesome readability improvements in here!

[jalextowle]

Nice work bud! You definitely deserve a Chimay after this one 👍

Just a couple of comments, but they are not merge-blocking.

[jalextowle]

We might as well use amount here since msg.value was cached there, right? This said, CALLVALUE is typically actually cheaper than using a stack variable (it's a Gbase opcode), so I'd be in favor of just using msg.value for both uses and removing amount entirely, unless there is a readability concern.

[jalextowle]

Nice reentrancy protection 👍