feat: Payer interface

[fbac]

What's in this interface
Core funcionality:

• Payer's account lifecycle.
• Deposits management, 2-steps withdraw, donations.
• Settlements.

Security:

• Pausability.
• Role based access.

Observability functions.

Summary by CodeRabbit

• New Features
  • Introduced a comprehensive system for managing fund deposits, withdrawals, and usage tracking, enhancing secure financial operations.
  • Enhanced transparency with detailed event logging for deposits, withdrawals, and usage settlements.
  • Added administrative controls to manage thresholds and operational settings, ensuring smooth and secure interactions.
  • New structures and functions for managing payer accounts, including registration, balance management, and withdrawal processes.
  • Implemented error handling for various operational scenarios to improve user experience.

[coderabbitai]

Walkthrough

This pull request introduces a new Solidity interface, IPayer, which defines the architecture for managing USDC deposits, withdrawals, and usage settlements. The interface includes multiple data structures for payer data and withdrawal requests, events for logging state changes, custom errors for exception handling, and a comprehensive suite of functions covering registration, balance management, withdrawal processing, usage settlement (both individual and batch), and various administrative tasks.

Changes

File

Change Summary

contracts/src/.../IPayer.sol

- Interface & Structs: Added IPayer interface with structs Payer, Withdrawal. - Events: Introduced events for payer registration, deactivation, deletion, deposit, donation, withdrawal requests, cancellations, finalizations, usage settlements, fee transfers, and administrative updates. - Errors: Defined custom errors for unauthorized access, insufficient amounts, invalid addresses, and withdrawal issues. - Functions: Added methods for payer account management (registration, deposit, donation, deactivation, deletion), withdrawal process (request, cancel, finalize), usage settlement (individual and batch), and various getters for state and statistics, including administrative controls (pause/unpause, contract parameter updates).

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant IPayer
    User->>IPayer: register(amount)
    User->>IPayer: deposit(amount)
    User->>IPayer: requestWithdrawal(amount)
    Note over IPayer: Validate request, emit WithdrawalRequest event
    User->>IPayer: cancelWithdrawal() or finalizeWithdrawal()
    Note over IPayer: Emit WithdrawalCancelled or WithdrawalFinalized event

Loading

sequenceDiagram
    participant NodeOperator
    participant IPayer
    NodeOperator->>IPayer: settleUsage(fees, payer, nodeId, timestamp)
    Note over IPayer: Validate usage data and emit UsageSettled event
    NodeOperator->>IPayer: settleUsageBatch(payers, fees, timestamp, nodeId)
    Note over IPayer: Process batch settlement and emit BatchUsageSettled event

Loading

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (3)

contracts/src/interfaces/IPayer.sol (3)

197-205: Consider clarifying deposit edge cases.

The deposit(uint256 amount) function docs do not indicate whether depositing below the minimum required amount is disallowed. Adding clarifications about such scenarios can prevent user confusion.

---

327-373: Validate usage settlement ordering and potential conflicts.

Since partial or backdated settlement is allowed, ensure that out-of-order usage reports do not generate negative or stale fee calculations. Documenting how conflicting timestamps or repeated reports are handled could prevent misuse.

---

573-584: Enforce robust access control for pause/unpause operations.

The interface allows pausing/unpausing the contract, but the exact role-based restrictions are unspecified. Adopting or referencing a well-reviewed approach (e.g., OpenZeppelin's Pausable) can strengthen security and clarity.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c8dc2a5 and f6f2f17.

📒 Files selected for processing (1)

• contracts/src/interfaces/IPayer.sol (1 hunks)

🧰 Additional context used

🪛 GitHub Actions: Solidity

contracts/src/interfaces/IPayer.sol

[warning] 2-2: Version constraint ^0.8.0 contains known severe issues. Refer to the documentation for details.

⏰ Context from checks skipped due to timeout of 90000ms (2)

• GitHub Check: Build pre-baked anvil-xmtpd
• GitHub Check: Push Docker Images to GitHub Packages (xmtpd)

🔇 Additional comments (2)

contracts/src/interfaces/IPayer.sol (2)

4-7: Documentation is well-structured.

Your use of NatSpec comments for the interface is commendable and provides clear guidance for integrators.

---

188-196: Clarify repeated registrations.

The register(uint256 amount) function does not specify what happens if the caller is already registered. Consider documenting or enforcing a one-time registration rule, e.g., by adding an error condition or clarifying in comments.

[neekolas]

Can you add a little more context around how batch commitments work

[fbac]

So this is an idea aiming to make the protocol auditable from end to end. Completely optional, as we rely on trusted NOPs and the PayerReport attestation process.

We'd submit a PayerReport to the Treasury contract. After being accepted, Treasury calls payer.settleUsageBatch([]payers, []fees) which in turn creates a BatchCommitment storing hash(payers, fees, timestamp), subtract all the funds, etc.
The hash could be used to verify the settlement was processed correctly and noone tampered with the amounts/payers.

[neekolas]

I see. So it's basically a "receipt" that the settlement was done.

[neekolas]

Do we also want an offset to go with the limit?

[fbac]

Good catch, we could paginate the response with an offset. Adding it.

[neekolas]

What would the commitmentHash typically be set to?

[fbac]

This is a typo, thanks for catching it. The commitmentHash should be calculated by the settleUsage itself and not passed as param (security risk).

As mentioned before, the hash can be hash(payer, fee, nodeId, timestamp/block), any combination that gives us unique hashes and be used for verification. It's optional given our current design and we can live without it.

[neekolas]

It does seem like we want to somehow guarantee uniqueness of the report, so I'm in favour. But yes, let's have the smart contract handle the hashing.

[neekolas]

I like that idea

[coderabbitai]

Actionable comments posted: 0

♻️ Duplicate comments (1)

contracts/src/interfaces/IPayer.sol (1)

8-8: 🛠️ Refactor suggestion

Replace EIP-1283 references with EIP-2200 for accuracy.

Prior comments and learnings indicate EIP-1283 was superseded by EIP-2200, which introduced changes to gas accounting, reentrancy checks, and refunds. Consider updating these references in the docstrings and function descriptions to reflect EIP-2200 instead.

Also applies to: 323-323, 342-342, 409-409, 435-435

🧹 Nitpick comments (1)

contracts/src/interfaces/IPayer.sol (1)

511-521: Consider returning the total count of debtors for better pagination.

Your pagination strategy (offset, limit) is good, but it might be more ergonomic to return a totalCount alongside the current paginated list. This helps callers implement UI pagination without requiring a second call to derive the total number of debtors.

function getPayersInDebt(uint256 offset, uint256 limit)
    external
    view
    returns (
        address[] memory debtors,
        uint256[] memory debtAmounts
+       // , uint256 totalCount  <-- Possibly add this
    );

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 9045282 and fb5ba3e.

📒 Files selected for processing (1)

• contracts/src/interfaces/IPayer.sol (1 hunks)

🧰 Additional context used

🧠 Learnings (1)

contracts/src/interfaces/IPayer.sol (1)

Learnt from: neekolas
PR: xmtp/xmtpd#558
File: contracts/src/interfaces/IPayer.sol:2-2
Timestamp: 2025-02-26T20:01:33.924Z
Learning: All Solidity files in the xmtp/xmtpd repository should use `pragma solidity 0.8.28;` (exact version) for consistency.

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: Build pre-baked anvil-xmtpd

🔇 Additional comments (2)

contracts/src/interfaces/IPayer.sol (2)

2-2: Great job aligning with the repository's versioning guidelines!

Using pragma solidity 0.8.28; matches the project's standard for Solidity versioning.

---

1-601: Overall interface design is well-structured and comprehensive.

Aside from the references to EIP-1283, there are no major issues. This interface covers account lifecycle, usage settlement, withdrawals, and includes robust event logging. Excellent work!

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

contracts/src/interfaces/IPayer.sol (1)

9-437: Consider splitting this interface into smaller interfaces for better maintainability.

The IPayer interface defines a large set of functionalities (registration, deposits, withdrawals, settlements, administrative tasks, etc.). Splitting it into dedicated interfaces can simplify implementations, reduce complexity, and align closely with the SOLID principles.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fb5ba3e and 400c5ab.

📒 Files selected for processing (1)

• contracts/src/interfaces/IPayer.sol (1 hunks)

🧰 Additional context used

🧠 Learnings (1)

contracts/src/interfaces/IPayer.sol (1)

Learnt from: neekolas
PR: xmtp/xmtpd#558
File: contracts/src/interfaces/IPayer.sol:2-2
Timestamp: 2025-02-26T20:01:33.924Z
Learning: All Solidity files in the xmtp/xmtpd repository should use `pragma solidity 0.8.28;` (exact version) for consistency.

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: Build pre-baked anvil-xmtpd

🔇 Additional comments (1)

contracts/src/interfaces/IPayer.sol (1)

2-2: Locking compiler to 0.8.28 is consistent with the codebase.

Thank you for aligning with the established Solidity version in this repository.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (3)

contracts/src/interfaces/IPayer.sol (3)

266-292: Good reference to EIP-2200 optimizations.

Ensure there are no lingering references to EIP-1283 in any related documentation or code comments, to keep everything consistent with the chosen EIP-2200 gas model.

---

356-369: Consider exposing offset-limit pagination in other relevant listing functions.

Your offset-limit approach for retrieving payers in debt is great for large data sets. If you foresee the need to paginate other enumerations (e.g., a list of all payers), providing similar offset-limit methods can improve scalability.

---

9-429: Consider splitting this interface to adhere to single responsibility principles.

The interface covers registration, deposits, withdrawals, usage settlement, observability, and admin tasks. If it grows further, separating it into smaller interfaces (e.g., IPayerRegistration, IPayerWithdrawals, IPayerSettlement) can improve maintainability and clarity.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 93491b2 and 9a1b840.

📒 Files selected for processing (1)

• contracts/src/interfaces/IPayer.sol (1 hunks)

🧰 Additional context used

🧠 Learnings (1)

contracts/src/interfaces/IPayer.sol (1)

Learnt from: neekolas
PR: xmtp/xmtpd#558
File: contracts/src/interfaces/IPayer.sol:2-2
Timestamp: 2025-02-26T20:01:33.924Z
Learning: All Solidity files in the xmtp/xmtpd repository should use `pragma solidity 0.8.28;` (exact version) for consistency.

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: Build pre-baked anvil-xmtpd

🔇 Additional comments (2)

contracts/src/interfaces/IPayer.sol (2)

2-2: Great job pinning the Solidity version to 0.8.28.

This matches the project-wide requirement for using an exact version of 0.8.28.

---

409-422: Verify access restriction for pause/unpause operations.

While this is just an interface, confirm in the implementation that these functions can only be called by authorized roles (e.g., owner/admin). Otherwise, a malicious actor could disrupt or restart the contract arbitrarily.