Add spending limit rules

narval-xyz · Jan 15, 2024 · d83d2db · d83d2db
1 parent e4dc5a7
commit d83d2db
Show file tree

Hide file tree

Showing 7 changed files with 228 additions and 83 deletions.
diff --git a/apps/authz/src/app/opa/rego/input.json b/apps/authz/src/app/opa/rego/input.json
@@ -1,56 +1,107 @@
 {
   "action": "signTransaction",
-  "principal": {"uid": "test-foo-uid"},
-  "resource": {"uid": "eip155:eoa:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"},
+  "principal": { "uid": "test-foo-uid" },
+  "resource": { "uid": "eip155:eoa:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e" },
   "request": {
-      "type": "eip1559",
-      "chain_id": 137,
-      "max_fee_per_gas": "20000000000",
-      "max_priority_fee_per_gas": "3000000000",
-      "gas": "21000",
-      "nonce": 1,
-      "from": "0xddcf208f219a6e6af072f2cfdc615b2c1805f98e",
-      "to": "0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3"
+    "type": "eip1559",
+    "chain_id": 137,
+    "max_fee_per_gas": "20000000000",
+    "max_priority_fee_per_gas": "3000000000",
+    "gas": "21000",
+    "nonce": 1,
+    "from": "0xddcf208f219a6e6af072f2cfdc615b2c1805f98e",
+    "to": "0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3"
   },
   "intent": {
-      "type": "transferToken",
-      "from": {
-          "uid": "eip155:eoa:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e",
-          "address": "0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"
-      },
-      "to": {
-          "uid": "eip155:137:0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3",
-          "chain_id": 137,
-          "address": "0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3"
-      },
-      "amount": "1000000000000000000",
-      "token": {
-          "uid": "eip155:137/erc20:0x2791bca1f2de4661ed88a30c99a7a9449aa84174",
-          "address": "0x2791bca1f2de4661ed88a30c99a7a9449aa84174",
-          "chainId": 137,
-          "classification": "internal"
-      }
+    "type": "transferToken",
+    "from": {
+      "uid": "eip155:eoa:0xddcf208f219a6e6af072f2cfdc615b2c1805f98e",
+      "address": "0xddcf208f219a6e6af072f2cfdc615b2c1805f98e"
+    },
+    "to": {
+      "uid": "eip155:137:0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3",
+      "chain_id": 137,
+      "address": "0xa45e21e9370ba031c5e1f47dedca74a7ce2ed7a3"
+    },
+    "amount": "1000000000000000000",
+    "token": {
+      "uid": "eip155:137/erc20:0x2791bca1f2de4661ed88a30c99a7a9449aa84174",
+      "address": "0x2791bca1f2de4661ed88a30c99a7a9449aa84174",
+      "chainId": 137,
+      "classification": "internal"
+    }
   },
   "signatures": [
+    {
+      "signer": "test-bob-uid",
+      "hash": "0x894ee391f2fb86469042159c46084add956d1d1f997bb4c43d9c8d2a52970a615b790c416077ec5d199ede5ae0fc925859c80c52c5c74328e25d9e9d5195e3981c"
+    },
+    {
+      "signer": "test-alice-uid",
+      "hash": "0x894ee391f2fb86469042159c46084add956d1d1f997bb4c43d9c8d2a52970a615b790c416077ec5d199ede5ae0fc925859c80c52c5c74328e25d9e9d5195e3981c"
+    },
+    {
+      "signer": "test-foo-uid",
+      "hash": "0x894ee391f2fb86469042159c46084add956d1d1f997bb4c43d9c8d2a52970a615b790c416077ec5d199ede5ae0fc925859c80c52c5c74328e25d9e9d5195e3981c"
+    },
+    {
+      "signer": "0xaaa8ee1cbaa1856f4550c6fc24abb16c5c9b2a43",
+      "hash": "0x894ee391f2fb86469042159c46084add956d1d1f997bb4c43d9c8d2a52970a615b790c416077ec5d199ede5ae0fc925859c80c52c5c74328e25d9e9d5195e3981c"
+    },
+    {
+      "signer": "test-bar-uid",
+      "hash": "0x894ee391f2fb86469042159c46084add956d1d1f997bb4c43d9c8d2a52970a615b790c416077ec5d199ede5ae0fc925859c80c52c5c74328e25d9e9d5195e3981c"
+    }
+  ],
+  "tokens": {
+    "eip155:137/erc20:0x2791bca1f2de4661ed88a30c99a7a9449aa84174": {
+      "uid": "eip155:137/erc20:0x2791bca1f2de4661ed88a30c99a7a9449aa84174",
+      "address": "0x2791bca1f2de4661ed88a30c99a7a9449aa84174",
+      "symbol": "USDC",
+      "chain_id": 137,
+      "decimals": 6
+    }
+  },
+  "spendings": {
+    "source": "narval-spendings-feed",
+    "signature": "some-random-signature",
+    "data": [
       {
-          "signer": "test-bob-uid",
-          "hash": "0x894ee391f2fb86469042159c46084add956d1d1f997bb4c43d9c8d2a52970a615b790c416077ec5d199ede5ae0fc925859c80c52c5c74328e25d9e9d5195e3981c"
-      },
-      {
-          "signer": "test-alice-uid",
-          "hash": "0x894ee391f2fb86469042159c46084add956d1d1f997bb4c43d9c8d2a52970a615b790c416077ec5d199ede5ae0fc925859c80c52c5c74328e25d9e9d5195e3981c"
+        "amount": "3000",
+        "smallest_unit": "3000000000",
+        "token": "eip155:137/erc20:0x2791bca1f2de4661ed88a30c99a7a9449aa84174",
+        "rates": { "USD": "0.99" },
+        "timestamp": 1705332968316,
+        "chain_id": 137,
+        "initiated_by": "0xaaa8ee1cbaa1856f4550c6fc24abb16c5c9b2a43"
       },
       {
-          "signer": "test-foo-uid",
-          "hash": "0x894ee391f2fb86469042159c46084add956d1d1f997bb4c43d9c8d2a52970a615b790c416077ec5d199ede5ae0fc925859c80c52c5c74328e25d9e9d5195e3981c"
+        "amount": "3000",
+        "smallest_unit": "3000000000",
+        "token": "eip155:137/erc20:0x2791bca1f2de4661ed88a30c99a7a9449aa84174",
+        "rates": { "USD": "0.99" },
+        "timestamp": 1705332971916,
+        "chain_id": 137,
+        "initiated_by": "0xaaa8ee1cbaa1856f4550c6fc24abb16c5c9b2a43"
       },
       {
-          "signer": "0xaaa8ee1cbaa1856f4550c6fc24abb16c5c9b2a43",
-          "hash": "0x894ee391f2fb86469042159c46084add956d1d1f997bb4c43d9c8d2a52970a615b790c416077ec5d199ede5ae0fc925859c80c52c5c74328e25d9e9d5195e3981c"
+        "amount": "1500",
+        "smallest_unit": "1500000000",
+        "token": "eip155:137/erc20:0x2791bca1f2de4661ed88a30c99a7a9449aa84174",
+        "rates": { "USD": "0.99" },
+        "timestamp": 1705332975516,
+        "chain_id": 137,
+        "initiated_by": "0xaaa8ee1cbaa1856f4550c6fc24abb16c5c9b2a43"
       },
       {
-        "signer": "test-bar-uid",
-        "hash": "0x894ee391f2fb86469042159c46084add956d1d1f997bb4c43d9c8d2a52970a615b790c416077ec5d199ede5ae0fc925859c80c52c5c74328e25d9e9d5195e3981c"
-    }
-  ]
+        "amount": "1500",
+        "smallest_unit": "1500000000",
+        "token": "eip155:137/erc20:0x2791bca1f2de4661ed88a30c99a7a9449aa84174",
+        "rates": { "USD": "0.99" },
+        "timestamp": 1705332935916,
+        "chain_id": 137,
+        "initiated_by": "0xaaa8ee1cbaa1856f4550c6fc24abb16c5c9b2a43"
+      }
+    ]
+  }
 }
diff --git a/apps/authz/src/app/opa/rego/lib/criteria/accumulation.rego b/apps/authz/src/app/opa/rego/lib/criteria/accumulation.rego
@@ -0,0 +1,13 @@
+package main
+
+import future.keywords.in
+
+get_spending_amount(tokens, start) = result {
+	result := sum([usd_amount |
+		transfer := input.spendings.data[_]
+		transfer.initiated_by == principal.uid
+		transfer.timestamp >= start
+		transfer.token in tokens
+		usd_amount := to_number(transfer.smallest_unit) * to_number(transfer.rates.USD)
+	])
+}
diff --git a/apps/authz/src/app/opa/rego/lib/criteria/transfer_token.rego b/apps/authz/src/app/opa/rego/lib/criteria/transfer_token.rego
@@ -2,28 +2,24 @@ package main
 
 import future.keywords.in
 
-transfer_token_type := input.intent.type
+transfer_token_type = input.intent.type
 
-transfer_token_amount := input.intent.amount
+transfer_token_amount = to_number(input.intent.amount)
 
-transfer_token_address := result {
+transfer_token_address = input.intent.native.address
+
+transfer_token_address = input.intent.token.address
+
+transfer_token_address = result {
 	not input.intent.native.address
 	result := input.intent.native
 }
 
-transfer_token_address := result {
-	result := input.intent.native.address
-}
-
-transfer_token_address := result {
+transfer_token_address = result {
 	not input.intent.token.address
 	result := input.intent.token
 }
 
-transfer_token_address := result {
-	result := input.intent.token.address
-}
-
 check_transfer_token_type(values) {
 	values == wildcard
 }
@@ -46,30 +42,30 @@ check_transfer_token_operation(operation) {
 
 check_transfer_token_operation(operation) {
 	operation.operator == "eq"
-	to_number(operation.value) == to_number(transfer_token_amount)
+	to_number(operation.value) == transfer_token_amount
 }
 
 check_transfer_token_operation(operation) {
 	operation.operator == "neq"
-	to_number(operation.value) != to_number(transfer_token_amount)
+	to_number(operation.value) != transfer_token_amount
 }
 
 check_transfer_token_operation(operation) {
 	operation.operator == "gt"
-	to_number(operation.value) < to_number(transfer_token_amount)
+	to_number(operation.value) < transfer_token_amount
 }
 
 check_transfer_token_operation(operation) {
 	operation.operator == "lt"
-	to_number(operation.value) > to_number(transfer_token_amount)
+	to_number(operation.value) > transfer_token_amount
 }
 
 check_transfer_token_operation(operation) {
 	operation.operator == "gte"
-	to_number(operation.value) <= to_number(transfer_token_amount)
+	to_number(operation.value) <= transfer_token_amount
 }
 
 check_transfer_token_operation(operation) {
 	operation.operator == "lte"
-	to_number(operation.value) >= to_number(transfer_token_amount)
+	to_number(operation.value) >= transfer_token_amount
 }