Hi friends, We are thrilled to announce our D3CAF Protocol V1 for developer beta testing, coupled with a bounty to encourage issue reporting. ## Introduction D3CAF, short for "D3 Contract Address Foundry", is a smart contract service by D3Serve Labs designed to bolster the trustworthiness of developers' contracts. It achieves this by calculating the `salt` in [CREATE2](https://ethereum.org/en/developers/docs/evm/opcodes/) to foundry a contract address with more zeroes. This strategy raises the barrier for potential fraudsters attempting to deceive contract users. ## Background The number of smart contracts is on the rise as more DEX applications are deployed. ![](https://hackmd.io/_uploads/B1MmsCKFn.png) With more addresses, the risk of misidentification becomes significantly higher. ![](https://hackmd.io/_uploads/S1XUjRFY2.png) There are more and more scams and phising for address: ![Example of Phishing](https://hackmd.io/_uploads/rkP55UcDp.png) ([Etherescan Link](https://etherscan.io/address/0xa7bf48749d2e4aa29e3209879956b9baa9e90570#tokentxns)) The contract address of EVM is determined by its deployment method. Two instructions that deploy contracts exist: [`CREATE`](https://www.evm.codes/#f0?fork=shanghai) and [`CREATE2`](https://www.evm.codes/#f5?fork=shanghai). In particular, `CREATE2` enables developers to deterministically compute the address before executing the deployment transaction. ``` addr = hash(0xff ++ sender ++ salt ++ hash(bytecode))[12:] ``` In this equation, `salt` can be set arbitrarily, and `hash` refers to the `keccak256` function. For any cryptographically secure hash function, changing `salt` can effectively pseudo-randomize the output `addr`. When we randomize the `salt`, there's a 50% chance of the first bit being zero. Similarly, there's a 50% chance of the second bit being zero, and so on for each bit, each considered independent. Consequently, each time we manipulate `salt`, the odds of obtaining the first 16 bits (2 bytes) as zeros stand at $1/{2^{16}}$. So, if we try this $2^{16}$ times, we anticipate one instance where the first 2 bytes of the address are all zeros, denoted as `0x00 00`. More leading zeros imply more attempts at randomizing the output to achieve these zeros. This strategy is demonstrated in the [ENS deployment](https://docs.ens.domains/ens-deployments) which established its root registry at the address `0x00000000000C2E074eC69A0dFb2997BA6C7d2e1e`. As observed, there are `00 00 00 00 00 0` equating to $5.5bytes = 44 bits$. This suggests that the team deploying ENS made approximately $2^{44}$, or around $10^{13}$ attempts. Other noteworthy implementations of this approach include: 1. The Eth2.0 deposit contract: [`0x00000000219ab540356cbb839cbe05303d7705fa`](https://etherscan.io/address/0x00000000219ab540356cbb839cbe05303d7705fa#code) 2. Uniswap's Permit2: [`0x000000000022d473030f116ddee9f6b43ac78ba3`](https://docs.uniswap.org/contracts/v3/reference/deployments), indicating roughly `2^40 ~= 10^12` attempts. 3. The Blur.io NFT marketplace: [`0x0000000000A39bb272e79075ade125fd351887Ac`](https://etherscan.io/address/0x0000000000a39bb272e79075ade125fd351887ac) 4. OpenSea: [`0x00000000000000adc04c56bf30ac9d3c0aaf14dc`](https://etherscan.io/address/0x00000000000000adc04c56bf30ac9d3c0aaf14dc) ## The D3CAF Service The D3CAF service provides a mechanism for developers aiming to deploy a smart contract with a lower address to enlist help from others in calculating `salt` for them ("contract address foundrying"). Incentives are offered to reward these helpers, thereby potentially creating a market for this service. Here is a breakdown of our V1 service functionality: <!-- TODO: Insert a diagram of the Requester-Worker protocol --> ### Registering a Request The service begins with a `D3CAFRequest` being registered in our `D3CAFServiceV1` using this data structure: <pre> struct D3CAFRequest { address factory; // The address of the factory. bytes32 bytecodeHash; // The hash of the bytecode. uint256 expireAt; // After this block, the request is considered expired and reward can be claimed. bytes32 initSalt; // Initial salt RewardType rewardType; // The type of reward. uint256 rewardAmount; // The reward amount for the request. For Ethers the unit will be `wei`. address rewardToken; // The reward token address. For ETH, this is Zero. Non-Zeros are reserved for ERC20 and future extensions. address payable refundReceiver; // The address of the refund receiver. } </pre> The service request will be registered via `registerCreate2Request`. The information will be checked in this function, the reward will be locked in the `D3CAFService` contract, and an event `OnRegisterD3CAFRequest` will be emitted for any interested parties to monitor new requests. ### Registering a Response Once the service request is registered and before it expires, the service request is up for grabs for anyone who calculates the smallest contract. If a worker calculates a new `salt` that yields a better result than the current `bestSalt`, they can optionally submit the salt to be recorded on-chain by calling `registerResponse`, which includes the following information: <pre> /** * @dev Registers a response for a request. * @param requestId The request ID. * @param salt The salt value. */ function registerResponse(bytes32 requestId, bytes32 salt) external payable { ... } </pre> Here, `requestId` comes from the `OnRegisterD3CAFRequest` event emitted during request registration. `salt` is the salt used in `CREATE2`. The function will validate that `newAddress` was correctly generated from `salt` using the CREATE2's computeAddress formula. The `sender` will be retrieved from the request with `requestId`. #### Salt and Source Salt To avoid front-running for claiming reward, D3CAF requires the `salt` to be computed from `keccak256(abi.encodePacked(rewardReceiver, sourceSalt));` where the `rewardReceiver` is the address of receiver when rewards need to be claimed. A convinient method was also provided by the deployed contract [computeSalt](https://etherscan.io/address/0x13ad7efAfAcd463740222186f0f3DE6AD04B6787#readProxyContract#F3) It is important that such `salt` is computed from `sourceSalt` with this method to ensure the reward can be claimed. #### Permissionless Competition for Responses Once a response is registered, it becomes the current winner. Anyone can register new responses so long as their new salt satisfy the following two conditions: 1. The request has not expire yet. 2. The new salt results in a new address that is less or equal to 1/16 to the latest best calculated address, which means the new addres is at leaset **one more 0** in its heximal string representation. ### Claiming the Reward When the `expireAt` block numbrer is reached, the reward is ready to be claimed. To claim the reward, the claimant must submit their receiving address in the <pre> function claimReward( function claimReward( bytes32 requestId, address payable winner, bytes32 sourceSalt ) </pre> Here, the stored `salt` will be checked to ensure it equals <pre> bytes32 salt = computeSalt(winner, sourceSalt); </pre> Once the validation is complete, the request will be cleared and the reward transferred. ## Caveats, Limitations, and Future Work Version 1 serves as a proof of concept. There are many other functionalities we believe could enhance the service, such as: 1. Creating more complete and persistent incentives for participation, which might lead to tokenomics 2. Natively support collaboration and reward sharing via future versions of `salt` calculation. 3. Employ several methods to support different contract bytecodes to deploy for the same `bytecodeHash`. 4. Support other tokens as reward 5. Support deploy contract right from this protocol. ## Disclaimer The D3CAF Protocol V1 contracts has not been thoroughly audited, there might be critial bugs or fetal errors. We greatly appreciate bugs reports. See bug-bounty for more information. ## Deployment ### Ethereum Mainnet | Contract | Address | | -------- | -------- | | D3CAF | [`0x000000000000c826e64c795924eb735a892bd44b`](https://etherscan.io/address/0x000000000000c826e64c795924eb735a892bd44b#code) | | ImplV1 | [`0xcFbD663cf943ACE12646A0f92c53F5B21Db32833`](https://etherscan.io/address/0xcFbD663cf943ACE12646A0f92c53F5B21Db32833#code) | | ProxyAdmin | [`0x85Be40f281E31c5B01D5E172bbA472bb27C2b240`](https://etherscan.io/address/0x85Be40f281E31c5B01D5E172bbA472bb27C2b240#code) | ### Goerli Testnet | Contract | Address | | -------- | -------- | | D3CAF | [`0xd5e892d06b6933d93e74a4ac4ea9be84c99b2cd2`](https://goerli.etherscan.io/address/0xd5e892d06b6933d93e74a4ac4ea9be84c99b2cd2#code) | | ImplV1 | [`0xc509ac56d04545b83f2e6fea160760f3307dea42`](https://goerli.etherscan.io/address/0xc509ac56d04545b83f2e6fea160760f3307dea42#code) | | ProxyAdmin | [`0x26c9e4c75e740d9f771c0339dc48d893858add2a`](https://goerli.etherscan.io/address/0x26c9e4c75e740d9f771c0339dc48d893858add2a#code) | ## Bounty Program The D3Serve Labs also provide a bug bounty for the following reward for reporting bugs or security flaws. | Level | Bounty Reward | Explain | | ---------------------- | ------------------------------------ | -------- | | Kudo | 0.1ETH | Fixes are nice to have or minor improvements | | Essential | 0.3ETH | Bugs that are affecting usage or security but don't require urgent upgrade for fixing it. | | Critical | 1ETH | Bugs that requires an urgent upgrade | | Fatal | 20% of Fund Recovered | Bugs or security flaws that requires recovery of fund | ## Concluding Remarks The D3CAF Protocol was developed by D3Serve Labs Inc. The source code is publicly at [its Github repo](https://github.com/d3servelabs/d3caf), and [verified on Etherscan](https://etherscan.io/address/0xcFbD663cf943ACE12646A0f92c53F5B21Db32833#code). Please join our [Discord](https://discord.gg/EfVdm8YwDJ) for questions, feedback or contributions. We look forward to hear from you. Zainan Victor Zhou, founder & CEO of D3ServeLabs ## Reference - [0xdeadbeef: Tool used for computing vanity Safe addresses](https://github.com/nlordell/deadbeef) -