Notification implementation

Author: gretzke

Diff for: docs/autogen/src/SUMMARY.md

@@ -33,6 +33,7 @@
           - [INotifier](src/interfaces/UVN/L1/StakingMiddleware/INotifier.sol/interface.INotifier.md)
           - [IOperatorManager](src/interfaces/UVN/L1/StakingMiddleware/IOperatorManager.sol/interface.IOperatorManager.md)
           - [IProtocolRewardDistributor](src/interfaces/UVN/L1/StakingMiddleware/IProtocolRewardDistributor.sol/interface.IProtocolRewardDistributor.md)
+          - [IService](src/interfaces/UVN/L1/StakingMiddleware/IService.sol/interface.IService.md)
           - [ISlashingManager](src/interfaces/UVN/L1/StakingMiddleware/ISlashingManager.sol/interface.ISlashingManager.md)
           - [IStakeManager](src/interfaces/UVN/L1/StakingMiddleware/IStakeManager.sol/interface.IStakeManager.md)
           - [IStakingMiddlewareParams](src/interfaces/UVN/L1/StakingMiddleware/IStakingMiddlewareParams.sol/interface.IStakingMiddlewareParams.md)

Diff for: docs/autogen/src/src/UVN/L1/StakingMiddleware/Notifier.sol/abstract.Notifier.md

@@ -1,5 +1,5 @@
 # Notifier
-[Git Source](https://github.com/Uniswap/unichain-contracts/blob/8c1be1ff6fd1da269c202b06cfb4eb0e104f04ef/src/UVN/L1/StakingMiddleware/Notifier.sol)
+[Git Source](https://github.com/Uniswap/unichain-contracts/blob/237a1154da63599fba331d8b41ad18f6d70fe59c/src/UVN/L1/StakingMiddleware/Notifier.sol)
 
 **Inherits:**
 [SlashingManager](/src/UVN/L1/StakingMiddleware/SlashingManager.sol/abstract.SlashingManager.md), ERC721, [INotifier](/src/interfaces/UVN/L1/StakingMiddleware/INotifier.sol/interface.INotifier.md)
@@ -8,6 +8,13 @@ This contract allows operators to mint ERC721 tokens to deposit into service con
 
 
 ## State Variables
+### MIN_GAS
+
+```solidity
+uint256 private constant MIN_GAS = 500_000;
+```
+
+
 ### _uris
 
 ```solidity
@@ -23,6 +30,41 @@ mapping(address operator => string uri) private _uris;
 constructor(string memory name_, string memory symbol_) ERC721(name_, symbol_) OperatorManager(name_);
 ```
 
+### _afterStake
+
+
+```solidity
+function _afterStake(address delegator, uint96 amount) internal virtual override;
+```
+
+### _afterUnstake
+
+
+```solidity
+function _afterUnstake(address delegator, uint96 amount) internal virtual override;
+```
+
+### _afterOperatorSelection
+
+
+```solidity
+function _afterOperatorSelection(address delegator, address operator) internal virtual override;
+```
+
+### _afterOperatorUndelegationAnnouncement
+
+
+```solidity
+function _afterOperatorUndelegationAnnouncement(address delegator) internal virtual override;
+```
+
+### _afterSlash
+
+
+```solidity
+function _afterSlash(address operator, uint256 remainingPercentage) internal virtual override;
+```
+
 ### mint
 
 Allows an operator to mint a new token to deposit into service contracts
@@ -66,11 +108,31 @@ function transferFrom(address, address, uint256) public pure override;
 function safeTransferFrom(address from, address to, uint256 tokenId, bytes memory data) public override;
 ```
 
-### _isContract
+### _reportOperatorStakeUpdate
+
+*reports the new operator stake to the service contract, triggered by a balance change through a delegator action*
+
+*if requireSuccess is true, the function will revert if the call to the service contract fails*
+
+*if requireSuccess is false, the function will not revert if the call to the service contract fails, this ensures that a delegator cannot be bricked by a malicious operator, they should always be able to undelegate from the operator to withdraw their stake. To ensure an honest undelegation can be processed by the recipient of the call, a minimum amount of gas is enforced.*
+
+
+```solidity
+function _reportOperatorStakeUpdate(address delegator, bool requireSuccess) internal;
+```
+
+### _reportOperatorSlash
+
+
+```solidity
+function _reportOperatorSlash(address operator, uint256 remainingPercentage) internal;
+```
+
+### _isServiceContract
 
 
 ```solidity
-function _isContract(address account) private view returns (bool);
+function _isServiceContract(address account) private view returns (bool);
 ```
 
 ### _toTokenId

Diff for: docs/autogen/src/src/UVN/L1/StakingMiddleware/SlashingManager.sol/abstract.SlashingManager.md

@@ -1,5 +1,5 @@
 # SlashingManager
-[Git Source](https://github.com/Uniswap/unichain-contracts/blob/3cf601aa04842b039a5cf3b59e8450ff86ee0a21/src/UVN/L1/StakingMiddleware/SlashingManager.sol)
+[Git Source](https://github.com/Uniswap/unichain-contracts/blob/237a1154da63599fba331d8b41ad18f6d70fe59c/src/UVN/L1/StakingMiddleware/SlashingManager.sol)
 
 **Inherits:**
 [DelegatorAccessControl](/src/UVN/L1/StakingMiddleware/DelegatorAccessControl.sol/abstract.DelegatorAccessControl.md), [ISlashingManager](/src/interfaces/UVN/L1/StakingMiddleware/ISlashingManager.sol/interface.ISlashingManager.md)
@@ -244,7 +244,7 @@ function SLASHER_ROLE() public pure returns (bytes32);
 
 
 ```solidity
-function _afterSlash(address operator, uint96 remainingPercentage) internal virtual;
+function _afterSlash(address operator, uint256 remainingPercentage) internal virtual;
 ```
 
 ## Structs

Diff for: docs/autogen/src/src/interfaces/UVN/L1/StakingMiddleware/INotifier.sol/interface.INotifier.md

@@ -1,5 +1,5 @@
 # INotifier
-[Git Source](https://github.com/Uniswap/unichain-contracts/blob/8c1be1ff6fd1da269c202b06cfb4eb0e104f04ef/src/interfaces/UVN/L1/StakingMiddleware/INotifier.sol)
+[Git Source](https://github.com/Uniswap/unichain-contracts/blob/237a1154da63599fba331d8b41ad18f6d70fe59c/src/interfaces/UVN/L1/StakingMiddleware/INotifier.sol)
 
 **Inherits:**
 [ISlashingManager](/src/interfaces/UVN/L1/StakingMiddleware/ISlashingManager.sol/interface.ISlashingManager.md)
@@ -60,3 +60,19 @@ thrown when the recipient of a safe transfer is not the operator or a contract
 error InvalidRecipient();
 ```
 
+### WrappedError
+ERC-7751 error wrapping reverts by service contracts
+
+
+```solidity
+error WrappedError(address target, bytes4 selector, bytes reason, bytes details);
+```
+
+### NotificationFailed
+details for wrapped error when a notification fails
+
+
+```solidity
+error NotificationFailed();
+```
+

Diff for: docs/autogen/src/src/interfaces/UVN/L1/StakingMiddleware/IService.sol/interface.IService.md

@@ -0,0 +1,45 @@
+# IService
+[Git Source](https://github.com/Uniswap/unichain-contracts/blob/237a1154da63599fba331d8b41ad18f6d70fe59c/src/interfaces/UVN/L1/StakingMiddleware/IService.sol)
+
+**Inherits:**
+IERC165
+
+This interface is used by contracts that operators deposit their ERC-721 tokens into to operate for. It must implement the following functions in order to be notified of changes to operator's and delegator's stake.
+
+
+## Functions
+### reportOperatorStake
+
+This function is called when a delegator's stake changes.
+
+
+```solidity
+function reportOperatorStake(address operator, uint96 newBalance, address delegator, uint96 newDelegatorStake)
+    external;
+```
+**Parameters**
+
+|Name|Type|Description|
+|----|----|-----------|
+|`operator`|`address`|The address of the operator.|
+|`newBalance`|`uint96`|The new balance of the operator.|
+|`delegator`|`address`|The address of the delegator.|
+|`newDelegatorStake`|`uint96`|The new stake of the delegator.|
+
+
+### reportOperatorSlash
+
+This function is called when an operator is slashed.
+
+
+```solidity
+function reportOperatorSlash(address operator, uint256 remainingPercentage) external;
+```
+**Parameters**
+
+|Name|Type|Description|
+|----|----|-----------|
+|`operator`|`address`|The address of the operator.|
+|`remainingPercentage`|`uint256`|The remaining percentage of the operator's stake.|
+
+

Diff for: docs/autogen/src/src/interfaces/UVN/L1/StakingMiddleware/README.md

@@ -6,6 +6,7 @@
 - [INotifier](INotifier.sol/interface.INotifier.md)
 - [IOperatorManager](IOperatorManager.sol/interface.IOperatorManager.md)
 - [IProtocolRewardDistributor](IProtocolRewardDistributor.sol/interface.IProtocolRewardDistributor.md)
+- [IService](IService.sol/interface.IService.md)
 - [ISlashingManager](ISlashingManager.sol/interface.ISlashingManager.md)
 - [IStakeManager](IStakeManager.sol/interface.IStakeManager.md)
 - [IStakingMiddlewareParams](IStakingMiddlewareParams.sol/interface.IStakingMiddlewareParams.md)

Diff for: src/UVN/L1/StakingMiddleware/Notifier.sol

@@ -2,7 +2,7 @@
 pragma solidity ^0.8.0;
 
 import {INotifier} from '../../../interfaces/UVN/L1/StakingMiddleware/INotifier.sol';
-
+import {IService} from '../../../interfaces/UVN/L1/StakingMiddleware/IService.sol';
 import {OperatorManager} from './OperatorManager.sol';
 import {SlashingManager} from './SlashingManager.sol';
 import {AccessControl} from '@openzeppelin/contracts/access/AccessControl.sol';
@@ -11,14 +11,41 @@ import {ERC721} from '@openzeppelin/contracts/token/ERC721/ERC721.sol';
 /// @title Notifier - Base contract for the Notifier
 /// @notice This contract allows operators to mint ERC721 tokens to deposit into service contracts they want to operate for. Whenever a delegator modifies their stake or the operator is slashed, the current owner of the token is notified (e.g., service contract). This allows the operator to participate in network upgrades by depositing their token into a new service contract. Additionally, it allows service contracts to implement arbitrary logic on deposits by requiring data to be sent alongside the token, implement their own migration logic, etc. Additionally, the operator can set a URI for their token where they can expose an endpoint to provide more information about themselves.
 abstract contract Notifier is SlashingManager, ERC721, INotifier {
+    uint256 private constant MIN_GAS = 500_000;
+
     mapping(address operator => string uri) private _uris;
 
     constructor(string memory name_, string memory symbol_) ERC721(name_, symbol_) OperatorManager(name_) {}
 
+    function _afterStake(address delegator, uint96 amount) internal virtual override {
+        super._afterStake(delegator, amount);
+        _reportOperatorStakeUpdate(delegator, true);
+    }
+
+    function _afterUnstake(address delegator, uint96 amount) internal virtual override {
+        super._afterUnstake(delegator, amount);
+        _reportOperatorStakeUpdate(delegator, true);
+    }
+
+    function _afterOperatorSelection(address delegator, address operator) internal virtual override {
+        super._afterOperatorSelection(delegator, operator);
+        _reportOperatorStakeUpdate(delegator, true);
+    }
+
+    function _afterOperatorUndelegationAnnouncement(address delegator) internal virtual override {
+        super._afterOperatorUndelegationAnnouncement(delegator);
+        _reportOperatorStakeUpdate(delegator, false);
+    }
+
+    function _afterSlash(address operator, uint256 remainingPercentage) internal virtual override {
+        super._afterSlash(operator, remainingPercentage);
+        _reportOperatorSlash(operator, remainingPercentage);
+    }
+
     /// @inheritdoc INotifier
     function mint() external {
         uint256 tokenId = _toTokenId(msg.sender);
-        if (ownerOf(tokenId) != address(0)) revert AlreadyMinted();
+        if (_ownerOf(tokenId) != address(0)) revert AlreadyMinted();
         _mint(msg.sender, tokenId);
     }
 
@@ -42,17 +69,49 @@ abstract contract Notifier is SlashingManager, ERC721, INotifier {
 
     /// @dev only allow transfers to contracts and the operator
     function safeTransferFrom(address from, address to, uint256 tokenId, bytes memory data) public override {
-        if (to != _toAddress(tokenId) && !_isContract(to)) revert InvalidRecipient();
+        if (to != _toAddress(tokenId) && !_isServiceContract(to)) revert InvalidRecipient();
         super.safeTransferFrom(from, to, tokenId, data);
     }
 
-    function _isContract(address account) private view returns (bool) {
+    /// @dev reports the new operator stake to the service contract, triggered by a balance change through a delegator action
+    /// @dev if requireSuccess is true, the function will revert if the call to the service contract fails
+    /// @dev if requireSuccess is false, the function will not revert if the call to the service contract fails, this ensures that a delegator cannot be bricked by a malicious operator, they should always be able to undelegate from the operator to withdraw their stake. To ensure an honest undelegation can be processed by the recipient of the call, a minimum amount of gas is enforced.
+    function _reportOperatorStakeUpdate(address delegator, bool requireSuccess) internal {
+        address operator = delegates(delegator);
+        if (operator == address(0)) return;
+        // this reverts if the operator token is not minted
+        address operatorHolder = _requireOwned(_toTokenId(operator));
+        if (operatorHolder != operator) {
+            uint256 minGas = requireSuccess ? gasleft() * 63 / 64 : MIN_GAS;
+            try IService(operatorHolder).reportOperatorStake{gas: minGas}(
+                operator, uint96(getVotes(operator)), delegator, _delegatorStake(delegator)
+            ) {} catch (bytes memory reason) {
+                if (!requireSuccess) return;
+                revert WrappedError(
+                    operatorHolder,
+                    IService.reportOperatorStake.selector,
+                    reason,
+                    abi.encodePacked(INotifier.NotificationFailed.selector)
+                );
+            }
+        }
+    }
+
+    function _reportOperatorSlash(address operator, uint256 remainingPercentage) internal {
+        address operatorHolder = _ownerOf(_toTokenId(operator));
+        if (operator != address(0) && operatorHolder != address(0) && operatorHolder != operator) {
+            try IService(operatorHolder).reportOperatorSlash{gas: MIN_GAS}(operator, remainingPercentage) {} catch {}
+        }
+    }
+
+    function _isServiceContract(address account) private view returns (bool) {
         uint32 size;
         assembly {
             size := extcodesize(account)
         }
         // take into account 7702 accounts
-        return size != 0 && size != 23;
+        if (size == 0 || size == 23) return false;
+        return IService(account).supportsInterface(type(IService).interfaceId);
     }
 
     function _toTokenId(address owner) private pure returns (uint256) {

Diff for: src/UVN/L1/StakingMiddleware/SlashingManager.sol

@@ -184,7 +184,7 @@ abstract contract SlashingManager is DelegatorAccessControl, ISlashingManager {
         });
         _slashingInstances[operator].push(instance);
         super._slashOperatorVotes(operator, remainingPercentage);
-        _afterSlash(operator, uint96(remainingPercentage));
+        _afterSlash(operator, remainingPercentage);
     }
 
     /// @dev Overrides the `delegatorStake` function in `StakeManager` to reflect correct stake for a delegator accounting for slashing
@@ -279,5 +279,5 @@ abstract contract SlashingManager is DelegatorAccessControl, ISlashingManager {
         return keccak256('SLASHER_ROLE');
     }
 
-    function _afterSlash(address operator, uint96 remainingPercentage) internal virtual {}
+    function _afterSlash(address operator, uint256 remainingPercentage) internal virtual {}
 }

Diff for: src/interfaces/UVN/L1/StakingMiddleware/INotifier.sol

@@ -11,11 +11,19 @@ interface INotifier is ISlashingManager {
 
     /// @notice Thrown when a token is already minted
     error AlreadyMinted();
+
     /// @notice thrown when the `transferFrom` function is called
     error UnsafeTransfer();
+
     /// @notice thrown when the recipient of a safe transfer is not the operator or a contract
     error InvalidRecipient();
 
+    /// @notice ERC-7751 error wrapping reverts by service contracts
+    error WrappedError(address target, bytes4 selector, bytes reason, bytes details);
+
+    /// @notice details for wrapped error when a notification fails
+    error NotificationFailed();
+
     /// @notice Allows an operator to mint a new token to deposit into service contracts
     function mint() external;
 

Diff for: src/interfaces/UVN/L1/StakingMiddleware/IService.sol

@@ -0,0 +1,21 @@
+// SPDX-License-Identifier: MIT
+pragma solidity ^0.8.0;
+
+import {IERC165} from '@openzeppelin/contracts/utils/introspection/IERC165.sol';
+
+/// @title IService
+/// @notice This interface is used by contracts that operators deposit their ERC-721 tokens into to operate for. It must implement the following functions in order to be notified of changes to operator's and delegator's stake.
+interface IService is IERC165 {
+    /// @notice This function is called when a delegator's stake changes.
+    /// @param operator The address of the operator.
+    /// @param newBalance The new balance of the operator.
+    /// @param delegator The address of the delegator.
+    /// @param newDelegatorStake The new stake of the delegator.
+    function reportOperatorStake(address operator, uint96 newBalance, address delegator, uint96 newDelegatorStake)
+        external;
+
+    /// @notice This function is called when an operator is slashed.
+    /// @param operator The address of the operator.
+    /// @param remainingPercentage The remaining percentage of the operator's stake.
+    function reportOperatorSlash(address operator, uint256 remainingPercentage) external;
+}

Diff for: test/UVN/L1/StakingMiddleware.slashing.t.sol

@@ -48,6 +48,8 @@ contract StakingMiddlewareSlashingTest is Test {
         deposit(address(this), 1000);
         stakingMiddleware.depositIntoUniStaker(address(this));
         vm.prank(operator);
+        stakingMiddleware.mint();
+        vm.prank(operator);
         stakingMiddleware.setDelegationStatus(true);
         stakingMiddleware.delegate(operator);
         assertEq(stakingMiddleware.delegatorStake(address(this)), 1000, 'delegator stake does not match');

Diff for: test/UVN/L1/StakingMiddleware.t.sol

@@ -25,6 +25,8 @@ contract StakingMiddlewareTest is Test {
         stakeToken.approve(address(stakingMiddleware), 1000);
         stakingMiddleware.stake(1000);
         vm.prank(operator);
+        stakingMiddleware.mint();
+        vm.prank(operator);
         stakingMiddleware.setDelegationStatus(true);
         stakingMiddleware.delegate(operator);
         assertEq(stakingMiddleware.delegatorStake(address(this)), 1000);