Refactor PufferProtocol to keep <24KB

mainnet-contracts/script/DeployPuffer.s.sol

@@ -30,6 +30,7 @@ import { RewardsCoordinatorMock } from "../test/mocks/RewardsCoordinatorMock.sol
 import { EigenAllocationManagerMock } from "../test/mocks/EigenAllocationManagerMock.sol";
 import { RestakingOperatorController } from "../src/RestakingOperatorController.sol";
 import { RestakingOperatorController } from "../src/RestakingOperatorController.sol";
+import { PufferProtocolLogic } from "../src/PufferProtocolLogic.sol";
 /**
  * @title DeployPuffer
  * @author Puffer Finance
@@ -181,8 +182,21 @@ contract DeployPuffer is BaseScript {
             address(moduleManager), abi.encodeCall(moduleManager.initialize, (address(accessManager)))
         );
 
+        PufferProtocolLogic pufferProtocolLogic = new PufferProtocolLogic({
+            pufferVault: PufferVaultV5(payable(pufferVault)),
+            validatorTicket: ValidatorTicket(address(validatorTicketProxy)),
+            guardianModule: GuardianModule(payable(guardiansDeployment.guardianModule)),
+            moduleManager: address(moduleManagerProxy),
+            oracle: IPufferOracleV2(oracle),
+            beaconDepositContract: getStakingContract(),
+            pufferRevenueDistributor: payable(revenueDepositor)
+        });
+
         // Initialize the Pool
-        pufferProtocol.initialize({ accessManager: address(accessManager) });
+        pufferProtocol.initialize({
+            accessManager: address(accessManager),
+            pufferProtocolLogic: address(pufferProtocolLogic)
+        });
 
         vm.label(address(accessManager), "AccessManager");
         vm.label(address(operationsCoordinator), "OperationsCoordinator");

mainnet-contracts/src/GuardianModule.sol

@@ -217,12 +217,22 @@ contract GuardianModule is AccessManaged, IGuardianModule {
     /**
      * @inheritdoc IGuardianModule
      */
-    function validateWithdrawalRequest(bytes[] calldata eoaSignatures, bytes32 messageHash) external view {
+    function validateWithdrawalRequest(
+        address node,
+        bytes memory pubKey,
+        uint256 gweiAmount,
+        uint256 nonce,
+        uint256 deadline,
+        bytes[] calldata guardianEOASignatures
+    ) external view {
         // Recreate the message hash
-        bytes32 signedMessageHash = LibGuardianMessages._getAnyHashedMessage(messageHash);
+        bytes32 signedMessageHash =
+            LibGuardianMessages._getWithdrawalRequestMessage(node, pubKey, gweiAmount, nonce, deadline);
 
-        bool validSignatures =
-            validateGuardiansEOASignatures({ eoaSignatures: eoaSignatures, signedMessageHash: signedMessageHash });
+        bool validSignatures = validateGuardiansEOASignatures({
+            eoaSignatures: guardianEOASignatures,
+            signedMessageHash: signedMessageHash
+        });
 
         if (!validSignatures) {
             revert Unauthorized();
@@ -232,12 +242,21 @@ contract GuardianModule is AccessManaged, IGuardianModule {
     /**
      * @inheritdoc IGuardianModule
      */
-    function validateTotalEpochsValidated(bytes[] calldata eoaSignatures, bytes32 messageHash) external view {
+    function validateTotalEpochsValidated(
+        address node,
+        uint256 totalEpochsValidated,
+        uint256 nonce,
+        uint256 deadline,
+        bytes[] calldata guardianEOASignatures
+    ) external view {
         // Recreate the message hash
-        bytes32 signedMessageHash = LibGuardianMessages._getAnyHashedMessage(messageHash);
+        bytes32 signedMessageHash =
+            LibGuardianMessages._getTotalEpochsValidatedMessage(node, totalEpochsValidated, nonce, deadline);
 
-        bool validSignatures =
-            validateGuardiansEOASignatures({ eoaSignatures: eoaSignatures, signedMessageHash: signedMessageHash });
+        bool validSignatures = validateGuardiansEOASignatures({
+            eoaSignatures: guardianEOASignatures,
+            signedMessageHash: signedMessageHash
+        });
 
         if (!validSignatures) {
             revert Unauthorized();

mainnet-contracts/src/LibGuardianMessages.sol

@@ -88,12 +88,39 @@ library LibGuardianMessages {
     }
 
     /**
-     * @notice Returns the message to be signed for any message
-     * @param hashedMessage is the hashed message to be signed
+     * @notice Returns the message to be signed for the total epochs validated
+     * @param node is the node operator address
+     * @param totalEpochsValidated is the total epochs validated
+     * @param nonce is the nonce for the node and the function selector
+     * @param deadline is the deadline of the signature
      * @return the message to be signed
      */
-    function _getAnyHashedMessage(bytes32 hashedMessage) internal pure returns (bytes32) {
-        return hashedMessage.toEthSignedMessageHash();
+    function _getTotalEpochsValidatedMessage(
+        address node,
+        uint256 totalEpochsValidated,
+        uint256 nonce,
+        uint256 deadline
+    ) internal pure returns (bytes32) {
+        return keccak256(abi.encode(node, totalEpochsValidated, nonce, deadline)).toEthSignedMessageHash();
+    }
+
+    /**
+     * @notice Returns the message to be signed for the withdrawal request
+     * @param node is the node operator address
+     * @param pubKey is the public key
+     * @param gweiAmount is the amount in gwei
+     * @param nonce is the nonce for the node and the function selector
+     * @param deadline is the deadline of the signature
+     * @return the message to be signed
+     */
+    function _getWithdrawalRequestMessage(
+        address node,
+        bytes memory pubKey,
+        uint256 gweiAmount,
+        uint256 nonce,
+        uint256 deadline
+    ) internal pure returns (bytes32) {
+        return keccak256(abi.encode(node, pubKey, gweiAmount, nonce, deadline)).toEthSignedMessageHash();
     }
 }
 /* solhint-disable func-named-parameters */

mainnet-contracts/src/ProtocolSignatureNonces.sol

@@ -78,23 +78,4 @@ abstract contract ProtocolSignatureNonces {
             return $._nonces[selector][owner]++;
         }
     }
-
-    /**
-     * @dev Same as {_useNonce} but checking that `nonce` is the next valid for `owner`.
-     * @param selector The function selector that determines the nonce space
-     * @param owner The address whose nonce to validate and consume
-     * @param nonce The expected nonce value
-     *
-     * @dev This function validates that the provided nonce matches the expected
-     * current nonce before consuming it. This prevents replay attacks and
-     * ensures proper signature ordering.
-     *
-     * @dev Reverts with InvalidAccountNonce if the nonce doesn't match.
-     */
-    function _useCheckedNonce(bytes32 selector, address owner, uint256 nonce) internal virtual {
-        uint256 current = _useNonce(selector, owner);
-        if (nonce != current) {
-            revert InvalidAccountNonce(selector, owner, current);
-        }
-    }
 }