wrap

mint to address with oracle approvals

unwrap

burn (called by user)

regoracle

register oracle

unregoracle

unregister oracle

regcust

register custodian

unregcust

unregister custodian

pause

pause wrap, unwrap or any built-in erc20 functions

unpause

unpause wrap, unwrap or any build-in erc20 functions

getOracle

Get oracle status by ethereum address

getCustodian

Get custodian status by ethereum address

getApproval

getApproval status by obtid

• If fewer than 3 oracles have approved a wrap, getApproval returns:

  • Number of approvals

  • Ethereum address where the wfio will be sent to

  • Amount

• Once 3 oracles have been approved, the approval is removed from the vector so returns zeros:

custodian_count

Keeps track of the number of custodians active in the oracle. Required for consensus math

oracle_count

Keeps track of the number of custodians active in the oracle. Required for consensus math

uoracmapv

Incrementer used to generate unique id for unregoracle approval mapping

roracmapv

Incrementer used to generate unique id for regoracle approval mapping

ucustmapv

Incrementer used to generate unique id for unregcust approval mapping

rcustmapv

Incrementer used to generate unique id for regcust approval mapping

upausmapv

Incrementer used to generate unique id for unpause approval mapping

pausemapv

Incrementer used to generate unique id for pause approval mapping

owner

Used to store contract owner (msg.sender) when deployed

oraclelist

A list of oracle addresses

wrapped

Event emitted when wrap has completed.
emit wrapped(account, amount, obtid);

unwrapped

Event emitted when user has unwrapped tokens.
emit unwrapped(fioaddress, amount);

custodian_registered

Event emitted when a custodian has been registered
event custodian_registered(address account, uint256 eid);

custodian_unregistered

Event emitted when a custodian has been unregistered
event custodian_unregistered(address account, uint256 eid);

oracle_registered

Event emitted when an oracle has been registered
event oracle_registered(address account, uint256 eid);

oracle_unregistered

Event emitted when an oracle has been unregistered
event oracle_unregistered(address account, uint256 eid);

Paused

Event emitted when the contract has been paused by custodians

Unpaused

Event emitted when the contract has been unpaused by custodians

Custodians
mapping (address=>custodian) custodians

custodian
- active

Keeps track of the custodians that registered another custodian and their activation

Oracles
mapping (address=>oracles) oracles

oracle
- active

Keeps track of the custodians that registered an oracle and the oracles activation count

Approvals
mapping (bytes => bool) approver;

pending
- approved
- account
- approvers

Keeps track of the approvals by obtid, the number of approvals, and the details of the approval
This table is also used for tracking pause/unpause, oracle and custodian registration approvals, the account and approvers state variables remain

onlyOracle

wrapunwrap

Only wFIO oracle may use this function

onlyCustodian

regoracle
unregoracle
regcust
unregcust

Only wFIO custodian may use this function

whenPaused

unpause

Built into erc20 pausable security contract. Keeps an action from being called when paused

whenNotPaused

pause
wrap
unwrap

Built into erc20 pausable security contract. Keeps an action from being called when unpaused

Max supply

Should we put in a max supply to prevent over-minting of wFIO? This would track the maximum number of wFIO that could be in circulation.

Not needed

Reason: if the ERC20 contract gets taken over an additional wFIO is minted, the most likely course of action will be to fork the contract and invalidate the bad transactions.

Max transaction size

Should we put a max transaction size limit on mint into the ERC20 contract.

Not needed

ERC20 contract key

What is the status of the key used to set the contract?

Key should only be used for spinning up the contract and should be burned.

“Pause” function for Custodians

What is the process for locking the wFIO contract if it gets compromised?

Adam: contract is pausable. Tracked in: https://fioprotocol.atlassian.net/browse/BD-2585

• Added note to: https://fioprotocol.atlassian.net/browse/WP-522

• Testing. Added note to: https://fioprotocol.atlassian.net/wiki/spaces/FD/pages/106594446

Oracle “Admin” functions

Do we need to enable the ability for Oracles to call various contract actions such as approve, transfer, mint, etc.

This can be performed in a couple of ways:
1 - The Oracles vote in who can execute the next essential action as follows:
Oracle 1 executes approval action (not to be confused with erc20 approve) to mint using FIO obtid xxxxxxxx
Oracle 2 executes approval action to transfer for the same FIO obtid to Alice

Oracle 3 executes approval action for transfer, but wrong recipient is provided. Trx goes to Alice defined by oracle 1 and 2

2 - The Oracles can sign the next transfer action as a multisig
This could be quite costly on the ethereum chain, but is possible to implement.
Example of multisig on ethereum

Pawel will create an Oracle/Custodian Wrapping Manual that includes use cases for how to respond to errors with wrap and unwrap.

Tracked in:

Custodian “Admin” functions

Are there contract actions that should be exposed to Custodian “admin” approval?

• Pause switch is an admin function.

• Use case: refunds. If someone calls unwrap to the wrong address and it gets lost. We may want to enable the ability for Custodians to call 2/3+1 approval for a “mint” refund.

  • This can already be done by the Oracles calling wrap to a specific Ethereum address.

Todo: Pawel will create an Oracle/Custodian Wrapping Manual that includes use cases for how to respond to errors with wrap and unwrap.

Tracked in:

Unwrap fee

Is there a fee for unwrap?

On unwrap, the user pays the gas fees.

ERC-20 contract key burn

Once we spin up the ERC-20 contract with multiple custodian keys, we will burn the contract key

account

Yes

string

Public address on ETH blockchain where wrapped FIO should be delivered.

amount

Yes

uint256

Amount of wFIO (in SUFs) to unwrap.

obtid

Yes

string

FIO chain transaction ID

Invalid amount

Transfer amount is not valid.

400

"Invalid amount"

Invalid public address

Recipient public address is not valid

400

"Invalid public address"

No authority

The signer is not a registered Oracle and does not have authority to call this function

403

"Only a wFIO Oracle may call this function"

Contract paused

Contract is paused (built-in)

400

"Pausable: paused"

amount

Yes

uint256

Amount of wFIO (in SUFs) to unwrap.

fio_address

Yes

String

The FIO Address where FIO Tokens should be delivered.

Invalid FIO address

Recipient public address is not valid

400

"Invalid FIO address"

Invalid amount

Transfer amount is not valid.

400

"Invalid amount"

Insufficient balance

Balance is less than amount + oracle fee + chain fee

400

"Insufficient balance"

No authority

The signer is not a registered Oracle and does not have authority to call this function

403

"Only a wFIO Oracle may call this function"

Contract paused

Contract is paused (built-in)

400

"Pausable: paused"

account

Yes

Ethereum public address

Ethereum address owned by the Oracle.

Invalid address

Ethereum address is not valid

400

"Invalid address"

No authority

The signer is not a registered Custodian and does not have authority to call this function

403

"Only a wFIO custodian may call this function"

Already registered

The Ethereum address is already registered as an Oracle

400

“Oracle is already registered”

account

Yes

Ethereum public address

Ethereum address owned by the Oracle.

Invalid oracle

Oracle is not registered

400

"Invalid oracle"

No authority

The signer is not a registered Custodian and does not have authority to call this function

403

"Only a wFIO custodian may call this function"

account

Yes

Ethereum public address

Ethereum address owned by the Custodian.

Invalid address

Ethereum address is not valid

400

"account"

Value sent in, e.g. "invalid account"

"Invalid address"

No authority

The signer is not a registered Custodian and does not have authority to call this function

403

"Only a wFIO custodian may call this function"

Already registered

The Ethereum address is already registered as an Custodian

400

"account"

“Custodian is already registered”

account

Yes

Ethereum public address

Ethereum address owned by the Custodian.

Invalid custodian

Custodian is not registered

400

"Invalid custodian"

Invalid address

Ethereum address is not valid

400

"Invalid address"

No authority

The signer is not a registered Custodian and does not have authority to call this function

403

"Only a wFIO custodian may call this function"

None

No

Contract paused

Contract is already paused (built-in)

400

"Pausable: paused"

Already approved

Custodian already called pause

400

“msg.sender has already approved this pause”

None

No

Contract unpaused

Contract is already unpaused (built-in)

400

"Pausable: unpaused"

Already approved

Custodian already called unpause

400

“msg.sender has already approved this unpause”