Multi-whitelisted operators [audited]

.env.example

@@ -7,6 +7,7 @@ MAINNET_OWNER_PRIVATE_KEY=
 GAS_PRICE=
 GAS=
 ETHERSCAN_KEY=
+INFURA_KEY=
 MINIMUM_BLOCKS_BEFORE_LIQUIDATION=100800
 MINIMUM_LIQUIDATION_COLLATERAL=200000000
 OPERATOR_MAX_FEE_INCREASE=3

.github/workflows/code-coverage.yaml

@@ -1,18 +1,17 @@
 name: Solidity code coverage
 
-on:
-  push:
+on: [push]
 
 jobs:
   ci:
     runs-on: ubuntu-latest
-
+    name: Solidity code coverage
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v1
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v3
         with:
-          node-version: '16.x'
+          node-version: '20.x'
       - run: npm ci
         env:
           GH_TOKEN: ${{ secrets.github_token }}
-      - run: NO_GAS_ENFORCE=1 npx hardhat coverage
+      - run: SOLIDITY_COVERAGE=true NO_GAS_ENFORCE=1 npx hardhat coverage

.github/workflows/linter.yaml

@@ -6,11 +6,12 @@ on:
 jobs:
   ci:
     runs-on: ubuntu-latest
+    name: Solidity linter
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v1
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v3
         with:
-          node-version: '16.x'
+          node-version: '20.x'
       - run: npm ci
         env:
           GH_TOKEN: ${{ secrets.github_token }}

.github/workflows/publish.yaml

@@ -8,11 +8,11 @@ jobs:
   publish:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
       - name: Use Node.js
-        uses: actions/setup-node@v2
+        uses: actions/setup-node@v3
         with:
-          node-version: '16'
+          node-version: '20'
           registry-url: 'https://registry.npmjs.org'
 
       - name: Install dependencies

.github/workflows/slither.yml → .github/workflows/slither.yaml

@@ -5,12 +5,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Run Slither
         uses: crytic/[email protected]
         id: slither
         with:
-          node-version: 18
+          node-version: 20
           fail-on: high
-          slither-args: --exclude controlled-delegatecall,incorrect-return
+          slither-args: --exclude controlled-delegatecall,incorrect-return

.github/workflows/tests-forked.yaml

@@ -0,0 +1,18 @@
+name: Run tests
+
+on: [push]
+
+jobs:
+  ci:
+    runs-on: ubuntu-latest
+    name: Hardhat unit test (forked network)
+    env: # Set environment variables for all steps in this job
+      GH_TOKEN: ${{ secrets.github_token }}
+      FORK_TESTING_ENABLED: true
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v3
+        with:
+          node-version: '20.x'
+      - run: npm ci
+      - run: npx hardhat test test-forked/*.ts

.github/workflows/tests.yaml

@@ -1,17 +1,16 @@
 name: Run tests
 
-on:
-  push:
+on: [push]
 
 jobs:
   ci:
     runs-on: ubuntu-latest
-
+    name: Hardhat unit test
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v1
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v3
         with:
-          node-version: '16.x'
+          node-version: '20.x'
       - run: npm ci
         env:
           GH_TOKEN: ${{ secrets.github_token }}

.gitignore

@@ -1,14 +1,19 @@
 node_modules
 .env
-.env.prod
-.env.stage
-abis
-cache
-coverage
-coverage.json
-artifacts
-typechain-types/
-.openzeppelin/*.json
+
+# Hardhat files
+/cache
+/artifacts
+
+# TypeChain files
+/typechain
+/typechain-types
+
+# solidity-coverage files
+/coverage
+/coverage.json
+
 .DS_Store
 .history
 .dccache
+abis

.prettierrc

@@ -11,4 +11,4 @@
       }
     }
   ]
-}
+}

.solcover.js

@@ -0,0 +1,3 @@
+module.exports = {
+    skipFiles: ['test','deprecated','token','upgrades']
+  };

README.md

@@ -1,6 +1,7 @@
-# SSV Network Smart Contracts
 
-### Intro | [Architecture](./docs/architecture.md) | [Setup](./docs/setup.md) | [Tasks](./docs/tasks.md) | [Local development](./docs/local-dev.md) | [Roles](./docs/roles.md) | [Publish](./docs/publish.md)
+# SSV Network Smart Contracts
+
+### Intro | [Architecture](./docs/architecture.md) | [Setup](./docs/setup.md) | [Tasks](./docs/tasks.md) | [Local development](./docs/local-dev.md) | [Roles](./docs/roles.md) | [Publish](./docs/publish.md) | [Operator owners](./docs/operators.md)
 
 This repository contains the Solidity smart contracts for the SSV Network. The SSV Network is a decentralized network for the operation of Ethereum validators. It allows for secure, scalable, and decentralized staking on the Ethereum blockchain. The key elements of this system are represented through several Ethereum smart contracts, all of which are outlined below.
 

contracts/SSVNetwork.sol

@@ -1,13 +1,16 @@
 // SPDX-License-Identifier: GPL-3.0-or-later
-pragma solidity 0.8.18;
+pragma solidity 0.8.24;
 
 import "./interfaces/ISSVNetwork.sol";
 
 import "./interfaces/ISSVClusters.sol";
 import "./interfaces/ISSVOperators.sol";
+import "./interfaces/ISSVOperatorsWhitelist.sol";
 import "./interfaces/ISSVDAO.sol";
 import "./interfaces/ISSVViews.sol";
 
+import "./interfaces/external/ISSVWhitelistingContract.sol";
+
 import "./libraries/Types.sol";
 import "./libraries/CoreLib.sol";
 import "./libraries/SSVStorage.sol";
@@ -26,6 +29,7 @@ contract SSVNetwork is
     Ownable2StepUpgradeable,
     ISSVNetwork,
     ISSVOperators,
+    ISSVOperatorsWhitelist,
     ISSVClusters,
     ISSVDAO,
     SSVProxy
@@ -126,7 +130,40 @@ contract SSVNetwork is
     }
 
     function setOperatorWhitelist(uint64 operatorId, address whitelisted) external override {
-        _delegate(SSVStorage.load().ssvContracts[SSVModules.SSV_OPERATORS]);
+        _delegate(SSVStorage.load().ssvContracts[SSVModules.SSV_OPERATORS_WHITELIST]);
+    }
+
+    function setOperatorMultipleWhitelists(
+        uint64[] calldata operatorIds,
+        address[] calldata whitelistAddresses
+    ) external override {
+        _delegate(SSVStorage.load().ssvContracts[SSVModules.SSV_OPERATORS_WHITELIST]);
+    }
+
+    function removeOperatorMultipleWhitelists(
+        uint64[] calldata operatorIds,
+        address[] calldata whitelistAddresses
+    ) external override {
+        _delegate(SSVStorage.load().ssvContracts[SSVModules.SSV_OPERATORS_WHITELIST]);
+    }
+
+    function setOperatorsWhitelistingContract(
+        uint64[] calldata operatorIds,
+        ISSVWhitelistingContract whitelistingContract
+    ) external override {
+        _delegate(SSVStorage.load().ssvContracts[SSVModules.SSV_OPERATORS_WHITELIST]);
+    }
+
+    function setOperatorsPrivateUnchecked(uint64[] calldata operatorIds) external override {
+        _delegate(SSVStorage.load().ssvContracts[SSVModules.SSV_OPERATORS_WHITELIST]);
+    }
+
+    function setOperatorsPublicUnchecked(uint64[] calldata operatorIds) external {
+        _delegate(SSVStorage.load().ssvContracts[SSVModules.SSV_OPERATORS_WHITELIST]);
+    }
+
+    function removeOperatorsWhitelistingContract(uint64[] calldata operatorIds) external override {
+        _delegate(SSVStorage.load().ssvContracts[SSVModules.SSV_OPERATORS_WHITELIST]);
     }
 
     function declareOperatorFee(uint64 operatorId, uint256 fee) external override {

contracts/SSVNetworkViews.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: GPL-3.0-or-later
-pragma solidity 0.8.18;
+pragma solidity 0.8.24;
 
 import "./interfaces/ISSVViews.sol";
 import "./libraries/Types.sol";
@@ -61,6 +61,16 @@ contract SSVNetworkViews is UUPSUpgradeable, Ownable2StepUpgradeable, ISSVViews
         return ssvNetwork.getOperatorById(operatorId);
     }
 
+    function getWhitelistedOperators(
+        uint64[] calldata operatorIds,
+        address whitelistedAddress
+    ) external view override returns (uint64[] memory whitelistedOperatorIds) {
+        return ssvNetwork.getWhitelistedOperators(operatorIds, whitelistedAddress);
+    }
+    function isWhitelistingContract(address contractAddress) external view returns (bool) {
+        return ssvNetwork.isWhitelistingContract(contractAddress);
+    }
+
     /***********************************/
     /* Cluster External View Functions */
     /***********************************/

contracts/SSVProxy.sol

@@ -1,10 +1,9 @@
 // SPDX-License-Identifier: GPL-3.0-or-later
-pragma solidity 0.8.18;
+pragma solidity 0.8.24;
 
 import {SSVModules, SSVStorage, StorageData} from "./libraries/SSVStorage.sol";
 
 abstract contract SSVProxy {
-
     function _delegate(address implementation) internal {
         assembly {
             // Copy msg.data. We take full control of memory in this inline assembly

contracts/interfaces/ISSVClusters.sol

@@ -1,7 +1,7 @@
 // SPDX-License-Identifier: GPL-3.0-or-later
-pragma solidity 0.8.18;
+pragma solidity 0.8.24;
 
-import "./ISSVNetworkCore.sol";
+import {ISSVNetworkCore} from "./ISSVNetworkCore.sol";
 
 interface ISSVClusters is ISSVNetworkCore {
     /// @notice Registers a new validator on the SSV Network

contracts/interfaces/ISSVDAO.sol

@@ -1,7 +1,7 @@
 // SPDX-License-Identifier: GPL-3.0-or-later
-pragma solidity 0.8.18;
+pragma solidity 0.8.24;
 
-import "./ISSVNetworkCore.sol";
+import {ISSVNetworkCore} from "./ISSVNetworkCore.sol";
 
 interface ISSVDAO is ISSVNetworkCore {
     /// @notice Updates the network fee

contracts/interfaces/ISSVNetwork.sol

@@ -1,11 +1,11 @@
 // SPDX-License-Identifier: GPL-3.0-or-later
-pragma solidity 0.8.18;
+pragma solidity 0.8.24;
 
-import "./ISSVNetworkCore.sol";
-import "./ISSVOperators.sol";
-import "./ISSVClusters.sol";
-import "./ISSVDAO.sol";
-import "./ISSVViews.sol";
+import {ISSVNetworkCore} from "./ISSVNetworkCore.sol";
+import {ISSVOperators} from "./ISSVOperators.sol";
+import {ISSVClusters} from "./ISSVClusters.sol";
+import {ISSVDAO} from "./ISSVDAO.sol";
+import {ISSVViews} from "./ISSVViews.sol";
 
 import {SSVModules} from "../libraries/SSVStorage.sol";
 

contracts/interfaces/ISSVNetworkCore.sol

@@ -1,5 +1,5 @@
 // SPDX-License-Identifier: GPL-3.0-or-later
-pragma solidity 0.8.18;
+pragma solidity 0.8.24;
 
 interface ISSVNetworkCore {
     /***********/
@@ -24,7 +24,7 @@ interface ISSVNetworkCore {
         uint64 fee;
         /// @dev The address of the operator's owner
         address owner;
-        /// @dev Whitelisted flag for this operator
+        /// @dev private flag for this operator
         bool whitelisted;
         /// @dev The state snapshot of the operator
         Snapshot snapshot;
@@ -59,7 +59,7 @@ interface ISSVNetworkCore {
     /**********/
 
     error CallerNotOwner(); // 0x5cd83192
-    error CallerNotWhitelisted(); // 0x8c6e5d71
+    error CallerNotWhitelisted(uint64 operatorId); // 0x60d86593
     error FeeTooLow(); // 0x732f9413
     error FeeExceedsIncreaseLimit(); // 0x958065d9
     error NoFeeDeclared(); // 0x1d226c30
@@ -90,6 +90,11 @@ interface ISSVNetworkCore {
     error IncorrectValidatorStateWithData(bytes publicKey); // 0x89307938
     error ValidatorAlreadyExistsWithData(bytes publicKey); // 0x388e7999
     error EmptyPublicKeysList(); // df83e679
+    error InvalidContractAddress(); // 0xa710429d
+    error AddressIsWhitelistingContract(address contractAddress); // 0x71cadba7
+    error InvalidWhitelistingContract(address contractAddress); // 0x886e6a03
+    error InvalidWhitelistAddressesLength(); // 0xcbb362dc
+    error ZeroAddressNotAllowed(); // 0x8579befe
 
     // legacy errors
     error ValidatorAlreadyExists(); // 0x8d09a73e