-
validatePeginStatusandvalidatePegoutStatus→validatePegStatus(inIStreamManager)- Old signatures:
function validatePeginStatus(bytes32 _acceptPeginTxid, PegStatus _expectedStatus) external view returns (StreamPosition memory)function validatePegoutStatus(bytes32 _acceptPeginTxid, PegStatus _expectedStatus) external view returns (StreamPosition memory, uint128 committeeId, uint8 pegoutConfirmations)
- New signatures (overloaded):
function validatePegStatus(bytes32 _acceptPeginTxid, PegStatus _expectedStatus) external view returns (StreamPosition memory, uint128 committeeId, uint8 pegoutConfirmations)— validates a single expected statusfunction validatePegStatus(bytes32 _acceptPeginTxid, PegStatus _statusA, PegStatus _statusB) external view returns (StreamPosition memory, uint128 committeeId, uint8 pegoutConfirmations)— validates that the current status matches either of two acceptable statuses
- Impact: Both old functions are removed. Callers of
validatePeginStatusmust switch to the single-argument overload ofvalidatePegStatusand handle the two additional return values (committeeId,pegoutConfirmations). Callers ofvalidatePegoutStatusmust switch to the same single-argument overload.
- Old signatures:
-
getPartialSignaturesreturn type changed (inISignatureManager)- Old signature:
function getPartialSignatures(bytes32 _txid) external view returns (SignatureData[] memory, uint8 missingSignatures, uint8 missingNonces, uint128 committeeId) - New signature:
function getPartialSignatures(bytes32 _txid) external view returns (SignatureData[] memory, uint8 missingNonces, uint128 committeeId) - Change:
missingSignaturesreturn value removed. - Impact: Callers must update destructuring to remove the
missingSignaturesposition.
- Old signature:
validatePeginStatus(inIStreamManager) — replaced byvalidatePegStatus(see above).validatePegoutStatus(inIStreamManager) — replaced byvalidatePegStatus(see above)._isInputNotRevealed(inChallengeManager) — was apublic purehelper; removed along with its OP_RETURN output validation logic.
InvalidInputNotRevealedOutput(inIChallengeManager) — removed; OP_RETURN output is no longer required onINPUT_NOT_REVEALED_TX.InvalidRevealedOutput(inIChallengeManager) — removed; the corresponding OP_RETURN-based check is gone.UserTakeAlreadySigned(inIOperatorTakeManager) — removed;triggerOperatorTakecan now be called even when all committee signatures are present (see Workflow Changes below).
UserTakeNotCancelled(bytes32 acceptPeginTxid)(inIOperatorTakeManager) — thrown when the operator tries to callregisterAdvanceFundsbefore cancelling the user take flow (i.e.,cancelUserTakeTxBlockNumberis still zero).
-
INPUT_NOT_REVEALED_TXoutput structure changed- Old: First output was an OP_RETURN (unspendable, empty data); speedup outputs followed at indices
1..N. - New: OP_RETURN output removed. Speedup outputs are now at indices
0..N-1(one per committee member). - Impact: The expected output count is now exactly
committeeMembers.length(previously1 + committeeMembers.length). Integrations that construct or validateINPUT_NOT_REVEALED_TXmust remove the OP_RETURN output and re-index the speedup outputs.
- Old: First output was an OP_RETURN (unspendable, empty data); speedup outputs followed at indices
-
ADVANCE_FUNDS_TXOP_RETURN script format changed- Old script:
OP_RETURN <pegout_id_32_bytes>(push opcode omitted — invalid OP_RETURN format) - New script:
OP_RETURN OP_PUSHBYTES_32 <pegout_id_32_bytes>(valid standard OP_RETURN format) - Impact: Integrations that construct or parse the OP_RETURN output of
ADVANCE_FUNDS_TXmust include theOP_PUSHBYTES_32(0x20) byte before the 32-byte pegout ID. The raw script is now[0x6a, 0x20, <32 bytes>]instead of[0x6a, <32 bytes>].
- Old script:
-
triggerOperatorTakeno longer blocked when all signatures are present- Previously, calling
triggerOperatorTakewhile the peg-out was inUSER_TAKEstatus and all committee signatures were collected reverted withUserTakeAlreadySigned. - Now,
triggerOperatorTakecan be called once the user take timeout has expired regardless of whether all signatures are present. This handles the edge case where signatures were collected but theUSER_TAKE_TXwas never submitted on-chain.
- Previously, calling
-
registerUserTakenow acceptsOP_SELECTEDstatus- Previously,
registerUserTakeonly accepted peg-outs inUSER_TAKEstatus. - Now it also accepts
OP_SELECTEDstatus, allowing a committee member to register a valid user take Bitcoin transaction even after the operator take flow has been triggered.
- Previously,
-
registerAdvanceFundsrequires user take to be explicitly cancelled first- The previous check (
cancelUserTakeTxBlockNumber < blockNumber) allowed advancing funds without a cancellation record ifcancelUserTakeTxBlockNumberwas 0 (default). - Now, if
cancelUserTakeTxBlockNumber == 0, the call reverts withUserTakeNotCancelled. The operator must callregisterCancelUserTakebeforeregisterAdvanceFunds. - Impact: Any integration that called
registerAdvanceFundswithout first registering a cancel user take transaction must be updated to include theregisterCancelUserTakestep.
- The previous check (
- OperatorTakeManager introduced – split from PegoutManager
- Reason: PegoutManager's operator-take flow is now a separate deployable contract for cleaner separation of concerns.
- Change:
registerAdvanceFunds,registerReimbursementKickoff,registerOperatorTake,registerOperatorWon, andtriggerOperatorTakewere moved fromPegoutManagerto the newOperatorTakeManagercontract. - Impact: Callers of those functions must now target
OperatorTakeManager. Deployment must includeOperatorTakeManager. AccessManager now exposesrevertIfNotChallengeManagerandsetOperatorTakeManagerto wire the new contract into the permission model.
-
depositAggregatedKey→depositAggregatedKeys(inICommitteeRegistry)- Old signature:
function depositAggregatedKey(uint128 _committeeId, bytes memory _aggregatedKey) external - New signature:
function depositAggregatedKeys(uint128 _committeeId, bytes memory _takeAggregatedKey, bytes memory _disputeAggregatedKey) external - Impact: Members must now supply both the take aggregated key and the dispute aggregated key in a single call.
- Old signature:
-
isMemberInCommittee→validateMemberInCommittee(inICommitteeRegistry)- Old signature:
function isMemberInCommittee(uint128 _committeeId, address _memberAddress) external view returns (bool) - New signature:
function validateMemberInCommittee(uint128 _committeeId, address _memberAddress) external view - Change: Function no longer returns a boolean; it reverts if the member is not in the committee.
- Impact: Callers that checked the return value must now use a try/catch or restructure to expect revert-on-failure semantics.
- Old signature:
-
getCommitteeDisputeKeysreturn type changed (inICommitteeRegistry)- Old signature:
function getCommitteeDisputeKeys(uint128 _committeeId) external view returns (bytes32[] memory) - New signature:
function getCommitteeDisputeKeys(uint128 _committeeId) external view returns (CompactPubKey[] memory) - Impact: Callers must update to handle
CompactPubKeystructs (bytes1 parity,bytes32 xOnly) instead of rawbytes32values.
- Old signature:
-
getOperatorDisputeDatareturn type extended (inICommitteeRegistry)- Old return:
(address operatorAddress, bytes32 disputePubKey) - New return:
(address operatorAddress, CompactPubKey memory disputePubKey, CompactPubKey memory takePubKey) - Impact: Callers must handle the additional
takePubKeyreturn value and the change frombytes32toCompactPubKey.
- Old return:
-
getMemberTakePubKeyreturn type changed (inIMemberRegistry)- Old signature:
function getMemberTakePubKey(address _address) external view returns (bytes32) - New signature:
function getMemberTakePubKey(address _address) external view returns (CompactPubKey memory) - Impact: Update callers to use
CompactPubKeystruct.
- Old signature:
-
getChallengeTempInfo→getChallengeInfo(inIChallengeManager)- Old signature:
function getChallengeTempInfo(bytes32 _acceptPeginTxid) external view returns (ChallengeTempInfo memory) - New signature:
function getChallengeInfo(bytes32 _acceptPeginTxid) external view returns (ChallengeInfo memory) - Change: Function and struct renamed.
- Impact: Update callers to use
getChallengeInfoand the renamedChallengeInfostruct.
- Old signature:
-
getPegoutTempInfo→getPegoutStartInfo(inIPegoutManager)- Old signature:
function getPegoutTempInfo(bytes32 _acceptPeginTxid) external view returns (PegoutTempInfo memory) - New signature:
function getPegoutStartInfo(bytes32 _acceptPeginTxid) external view returns (PegoutStartInfo memory) - Change: Function and struct renamed.
PegoutStartInfocontains onlyuserPubKey,createdAt, andpegoutTxid(leaner than the oldPegoutTempInfo). - Impact: Update callers; access operator-take specific data via
IOperatorTakeManager.getOperatorTakeInfo().
- Old signature:
-
advanceSlotparameters changed (inIStreamManager)- Old signature:
function advanceSlot(uint64 _streamId, uint64 _packetNumber, uint64 _slotId) external - New signature:
function advanceSlot(bytes32 _acceptPeginTxid) external - Impact: Callers must pass the
acceptPeginTxidinstead of explicit stream/packet/slot IDs.
- Old signature:
-
getEnablerOutputP2TRScriptPubparameter type changed (inIBitcoinManager)- Old signature:
function getEnablerOutputP2TRScriptPub(bytes memory _committeePubKey, bytes32[] memory _disputeKeys) external view returns (bytes memory) - New signature:
function getEnablerOutputP2TRScriptPub(bytes memory _committeeTakePubKey, CompactPubKey[] memory _disputeKeys) external view returns (bytes memory) - Impact: Update callers to pass
CompactPubKey[]for dispute keys and rename the first parameter semantically.
- Old signature:
-
validatePegoutMemberOutputparameter type changed (inIBitcoinManager)- Old signature:
function validatePegoutMemberOutput(BtcTxOut calldata _pegoutOutput, bytes32 _memberPubKey) external pure - New signature:
function validatePegoutMemberOutput(BtcTxOut calldata _pegoutOutput, CompactPubKey calldata _memberPubKey) external pure - Impact: Update callers to pass
CompactPubKey.
- Old signature:
-
triggerOperatorTakeparameter changed (inIOperatorTakeManager, previouslyIPegoutManager)- Old signature:
function triggerOperatorTake(bytes32 _pegoutTxid) external - New signature:
function triggerOperatorTake(bytes32 _acceptPeginTxid) external - Change: Parameter semantics changed from
pegoutTxidtoacceptPeginTxid. Function also moved toIOperatorTakeManager. - Impact: Update callers with the correct txid and target the new contract.
- Old signature:
setUserTakeTimeout,setOperatorTakeTimeout(inIPegoutManager) – Removed; replaced bysetTakeTimeout(uint64 _streamId, TakeTimeout memory _timeout)inIOperatorTakeManagerwhich sets timeouts per-stream.userTakeTimeout,operatorTakeTimeout(inIPegoutManager) – Removed; usetakeTimeouts(uint256 streamId)inIOperatorTakeManager.getAcceptPeginTxid(inIPegoutManager) – Removed.getPegoutTxid(inIPegoutManager) – Removed.getCommitteePubKey(inIStreamManager) – Removed; usegetCommitteeTakePubKeyorgetCommitteeDisputePubKeyinICommitteeRegistry.registerAdvanceFunds,registerReimbursementKickoff,registerOperatorTake,registerOperatorWon,triggerOperatorTake(inIPegoutManager) – Moved toIOperatorTakeManager.
-
demoteOperatorToWatchtower(inICommitteeRegistry)- Signature:
function demoteOperatorToWatchtower(uint128 _committeeId, address _memberAddress) external - Description: Owner-only function that demotes an operator to watchtower role within a committee. This is the first step toward a future slashing implementation.
- Signature:
-
getCommitteeTakePubKey,getCommitteeDisputePubKey(inICommitteeRegistry)- Signatures:
function getCommitteeTakePubKey(uint128 _committeeId) external view returns (bytes memory);function getCommitteeDisputePubKey(uint128 _committeeId) external view returns (bytes memory) - Description: Returns the aggregated take or dispute public key for a committee.
- Signatures:
-
getCommitteeMembersLength(inICommitteeRegistry)- Signature:
function getCommitteeMembersLength(uint128 _committeeId) external view returns (uint256)
- Signature:
-
getMemberDisputePubKey(inIMemberRegistry)- Signature:
function getMemberDisputePubKey(address _address) external view returns (CompactPubKey memory) - Description: Returns the dispute public key for a registered member.
- Signature:
-
registerInputNotRevealed(inIChallengeManager)- Signature:
function registerInputNotRevealed(bytes32 _acceptPeginTxid, BtcTxSPVProof calldata _inputNotRevealed) external - Description: Registers proof that the operator did not reveal the input within the required window.
- Signature:
-
registerStopOperatorWon(inIChallengeManager)- Signature:
function registerStopOperatorWon(bytes32 _acceptPeginTxid, BtcTxSPVProof calldata _stopOperatorWon) external - Description: Registers a stop-operator-won transaction to halt an invalid operator-won claim.
- Signature:
-
Pegout queue (in
IPegoutManager) —enqueuePegout,dequeuePegout,tryProcessEnqueuedPegout,getPegoutQueueLength- Background: Previously,
requestPegoutreverted if a peg-out was already in process for the stream. Users had to retry off-chain until the slot freed up. - Change: Users can now call
enqueuePegoutto place their request in a per-stream queue while a peg-out is in process. Once the current peg-out completes, the next request is automatically promoted viatryProcessEnqueuedPegout(callable by anyone) or manually viadequeuePegout. - Signatures:
function enqueuePegout(bytes memory _userPubKey) external payable— joins the queue; sends RBTC with the call.function dequeuePegout(uint64 _streamId) external— removes and refunds the first queued request (called by the queued user to cancel).function tryProcessEnqueuedPegout(uint64 _streamId) external— promotes the next queued request if the stream is free.function getPegoutQueueLength(uint64 _streamId) external view returns (uint64)— returns the current queue depth.
- Impact: Integrations that previously looped or retried
requestPegoutshould switch toenqueuePegout. UIs should surface queue position viagetPegoutQueueLength.
- Background: Previously,
-
setTakeTimeout(inIOperatorTakeManager)- Signature:
function setTakeTimeout(uint64 _streamId, TakeTimeout memory _timeout) external - Description: Sets per-stream user-take and operator-take timeouts (replaces the old global
setUserTakeTimeout/setOperatorTakeTimeout).
- Signature:
-
takeTimeouts(inIOperatorTakeManager)- Signature:
function takeTimeouts(uint256 streamId) external view returns (uint256 userTake, uint256 operatorTake)
- Signature:
-
getOperatorTakeInfo(inIOperatorTakeManager)- Signature:
function getOperatorTakeInfo(bytes32 _acceptPeginTxid) external view returns (OperatorTakeInfo memory)
- Signature:
-
getCancelUserTakeTxBlockNumber(inIOperatorTakeManager)- Signature:
function getCancelUserTakeTxBlockNumber(bytes32 _acceptPeginTxid) external view returns (int256 blockNumber)
- Signature:
-
registerCancelUserTake(inIOperatorTakeManager)- Signature:
function registerCancelUserTake(BtcTxSPVProof calldata _cancelUserTakeSPVProof) external - Description: Registers a cancel-user-take transaction.
- Signature:
-
getMissingOperatorTakeHashes(inIOperatorTakeManager)- Signature:
function getMissingOperatorTakeHashes(bytes32 _acceptPeginTxid) external view returns (uint8)
- Signature:
-
setRejectPeginConfirmations(inIStreamManager)- Signature:
function setRejectPeginConfirmations(uint64 _streamId, uint8 _confirmations) external - Description: Sets the confirmation count required for reject-pegin and user-reimbursement transactions (must be ≤
peginConfirmations).
- Signature:
-
validatePeginStatus,validatePegoutStatus(inIStreamManager)- Signatures:
function validatePeginStatus(bytes32 _acceptPeginTxid, PegStatus _expectedStatus) external view;function validatePegoutStatus(bytes32 _acceptPeginTxid, PegStatus _expectedStatus) external view
- Signatures:
-
getFilledSlotsCount(inIStreamManager)- Signature:
function getFilledSlotsCount(uint64 _streamId) external view returns (uint64)
- Signature:
-
revertIfNotChallengeManager(inIAccessManager)- Signature:
function revertIfNotChallengeManager(address _caller) external view
- Signature:
-
setOperatorTakeManager(inIPauseManager)- Signature:
function setOperatorTakeManager(address _operatorTakeManager) external - Description: Wires OperatorTakeManager into the AccessManager/PauseManager system (address can only be set once).
- Signature:
-
New
CompactPubKeystruct (inIMemberRegistry)- Definition:
struct CompactPubKey { bytes1 parity; bytes32 xOnly; } - Impact: Replaces raw
bytes32public key values throughout the interfaces (dispute keys, take keys, member pub keys). All callers working with public keys must use this struct.
- Definition:
-
ChallengeTempInfo→ChallengeInfo(inIChallengeManager) – Struct renamed. -
PegoutTempInfo→PegoutStartInfo(inIPegoutManager) – Struct renamed and slimmed; operator-take fields moved toOperatorTakeInfoinIOperatorTakeManager. -
New
OperatorTakeInfostruct (inIOperatorTakeManager)- Stores operator take state:
operatorTakeUpdatedAt,operatorTakeAddress,operatorTakePubKey,operatorDisputePubKey,pegoutId,advanceFundsBlockNumber,reimbursementKickoffTxid.
- Stores operator take state:
-
New
TakeTimeoutstruct (inIOperatorTakeManager)- Definition:
struct TakeTimeout { uint256 userTake; uint256 operatorTake; } - Impact: Replaces the previous global timeout state variables with per-stream configuration.
- Definition:
-
New
PegoutRequeststruct (inIPegoutManager)- Definition:
struct PegoutRequest { bytes userPubKey; address userAddress; }
- Definition:
-
Structs moved from
ICommitteeRegistrytoIMemberRegistry:Balance,ApplicationData,ECDSAPublicKey,RSAPublicKey,MemberRegistrationKeys,MemberKeys,Member.- Impact: Update imports; use
IMemberRegistryto reference these types.
- Impact: Update imports; use
-
MemberInfoDeposited(inICommitteeRegistry)- Old signature:
event MemberInfoDeposited(uint128 indexed committeeId, address indexed member, bytes aggregatedKey) - New signature:
event MemberInfoDeposited(uint128 indexed committeeId, address indexed member, bytes aggregatedTakeKey, bytes aggregatedDisputeKey) - Impact: Event listeners must handle the two key fields.
- Old signature:
-
AdvanceFundsRegistered,ReimbursementKickoffRegistered(moved fromIPegoutManagertoIOperatorTakeManager)- Impact: Event listeners must subscribe to
OperatorTakeManagerinstead ofPegoutManager.
- Impact: Event listeners must subscribe to
UserTakeTimeoutUpdated,OperatorTakeTimeoutUpdated(inIPegoutManager) – Replaced byTakeTimeoutUpdatedinIOperatorTakeManager.
-
OperatorDemotedToWatchtower(inICommitteeRegistry)- Signature:
event OperatorDemotedToWatchtower(uint128 indexed committeeId, address indexed memberAddress)
- Signature:
-
InputNotRevealedRegistered,StopOperatorWonRegistered(inIChallengeManager) -
PegoutEnqueued(inIPegoutManager)- Signature:
event PegoutEnqueued(uint64 indexed streamId, bytes userPubKey, address userAddress)
- Signature:
-
CancelUserTakeRegistered(inIOperatorTakeManager)- Signature:
event CancelUserTakeRegistered(bytes32 indexed acceptPeginTxid)
- Signature:
-
TakeTimeoutUpdated(inIOperatorTakeManager)- Signature:
event TakeTimeoutUpdated(uint64 indexed streamId, TakeTimeout newTimeout)
- Signature:
-
RejectPeginConfirmationsUpdated(inIStreamManager)- Signature:
event RejectPeginConfirmationsUpdated(uint64 _streamId, uint8 _confirmations)
- Signature:
-
PublicKeyMismatch→PublicKeyMismatchECDSA(inIMemberRegistry)- Old:
error PublicKeyMismatch(PublicKeyType keyType, bytes32 currentPubKey, bytes32 newPubKey) - New:
error PublicKeyMismatchECDSA(PublicKeyType keyType, CompactPubKey registeredPubKey, CompactPubKey submittedPubKey)
- Old:
-
New
PublicKeyMismatchRSA(inIMemberRegistry)- Signature:
error PublicKeyMismatchRSA(bytes32 registeredKeyHash, bytes32 submittedKeyHash)
- Signature:
InvalidPublicKeyLength(inIBitcoinManager) – Removed.
- IAccessManager:
CallerIsNotChallengeManager(address _caller). - ICommitteeRegistry:
InvalidSameAggregatedKeys,CommitteeIsNotActive(uint128 committeeId),MemberIsNotOperatorInCommittee(uint128 committeeId, address memberAddress),DemotionViolatesMinOperators(uint128 committeeId, uint256 currentOperators, uint256 minOperators). - IChallengeManager:
RevealTxidNotMatch,InvalidInputNotRevealedInputCount,InvalidInputNotRevealedOutputCount,InvalidInputNotRevealedOutput,InvalidRevealedOutput,InvalidRevealedOutputCount,NoChallengeRegistered,InvalidStopOperatorWonTxid,InvalidStopOperatorWonInputCount. - IOperatorTakeManager:
WrongUserAmount,OperatorTakeAddressNotMatch,OperatorTakeDataNotFound,InvalidTimeoutsLength,InvalidTimeout,UserTakeTimeoutNotExpired,UserTakeAlreadySigned,OperatorTakeTimeoutNotExpired,AdvanceFundsBeforeCancelUserTake,CancelUserTakeAlreadyRegistered. - IStreamManager:
InvalidRejectPeginConfirmations(uint8 confirmations),RejectPeginConfirmationsExceedsPegin(uint8 rejectPeginConfirmations, uint8 peginConfirmations),PeginConfirmationsLowerThanRejectPegin(uint8 peginConfirmations, uint8 rejectPeginConfirmations).
- OperatorTakeManager / IOperatorTakeManager – New contract and interface for operator-take flow (advance funds, kickoff, operator take, operator won). Inherits
PegManagerBase.
- Operator-take functions now on OperatorTakeManager – All calls to
registerAdvanceFunds,registerReimbursementKickoff,registerOperatorTake,registerOperatorWon, andtriggerOperatorTakemust be directed toOperatorTakeManagerinstead ofPegoutManager. - Per-stream timeouts – User-take and operator-take timeouts are now configured per-stream via
OperatorTakeManager.setTakeTimeout(streamId, TakeTimeout)instead of global setters onPegoutManager. - Pegout queueing –
requestPegoutno longer reverts when a stream is busy. Subsequent requests must usePegoutManager.enqueuePegout()to join the per-stream queue. Once the active peg-out completes, the next request is automatically promoted; anyone can also trigger promotion by callingtryProcessEnqueuedPegout. Integrations must handle the queued state and surface queue position to users. - rejectPeginConfirmations –
StreamManagernow tracks a separate confirmation count for reject-pegin and user-reimbursement transactions, configurable viasetRejectPeginConfirmations. This must be ≤peginConfirmations.
setBaseEvent– duplicate guard is per block, not lifetime- Reason: The previous check (
bridge.getBaseEvent().length > 0) blocked any new base event after one was set, even across different peg-outs/blocks. Now a new base event can be set in a later block, overriding the previous one. Only multiple calls in the same block must be prevented. - Change:
RbtcBridge.setBaseEventno longer readsbridge.getBaseEvent(). It reverts withBaseEventAlreadySetonly iflatestBaseEventBlock == block.number. A newuint256 public latestBaseEventBlockrecords the block of the last successful call. - Impact:
- Integrations that assumed “base event can only be set once ever” must update to the new behavior:
setBaseEventcan only be set once per block, but it can be called again in a later block, and the new call overwrites the previous value set. - Two
setBaseEventcalls in the same block still revert withBaseEventAlreadySeton the second.
- Integrations that assumed “base event can only be set once ever” must update to the new behavior:
- Reason: The previous check (
RbtcBridge- Added:
latestBaseEventBlock(uint256).
- Added:
- OP_RETURN Pegout ID script now uses OP_PUSHBYTES_32
- Reason: Bitcoin script pub key has OP_PUSHBYTES_32 opcode after OP_RETURN to push the pegout id (bytes32) to the stack.
- Change:
BtcScriptParser.getPegoutIdScriptnow encodes the pegoutId OP_RETURN output asOP_RETURN OP_PUSHBYTES_32 <32‑byte pegoutId>instead ofOP_RETURN <pegoutId>without an explicit push opcode. - Impact: Any integration that was constructing the pegoutId output without
OP_PUSHBYTES_32must update their Bitcoin transaction builder; scripts missing the0x20push opcode will now fail validation.
-
PegoutManager split – ChallengeManager introduced
- Reason: PegoutManager reached 24 kB contract size limit.
- Change:
registerChallengeandregisterInputRevealedwere moved fromPegoutManagerto a new contractChallengeManager. - Impact: Callers must invoke
ChallengeManager.registerChallengeandChallengeManager.registerInputRevealedinstead ofPegoutManager. Deployment and initialization must include the newChallengeManagercontract.
-
AccessControl replaced by AccessManager
- Old: Access control logic was embedded in multiple contracts via
AccessControl(abstract). - New: A dedicated authorization contract
AccessManagerreplacesAccessControl.AccessManagerinherits fromPauseManagerand is used as the single authority for permissions and pausing. - Impact: Deployment scripts and initializers must deploy and pass
AccessManagerinstead of distributing multiple addresses. Contracts now take a singleIAccessManager(orAccessManager) address for permission checks. The interfacesIAccessControland contractAccessControlwere removed.
- Old: Access control logic was embedded in multiple contracts via
reAddCommitteeMembers→reAddCandidateToStream(inIMemberRegistry)- Old signature:
function reAddCommitteeMembers(Committee memory _discardedCommittee) external - New signature:
function reAddCandidateToStream(StreamDenomination _denomination, CommitteeMember memory _member) external - Changes: Function renamed; takes a single stream denomination and one
CommitteeMemberinstead of a fullCommittee. Must be called per member. - Impact: Callers must loop over committee members and call
reAddCandidateToStreamfor each with the stream denomination.
- Old signature:
-
getOperatorDisputeKeys(inICommitteeRegistry)- Old signature:
function getOperatorDisputeKeys(uint128 _committeeId) external view returns (bytes32[] memory) - Change: Removed; enabler outputs now use all committee members’ dispute keys, not only operators.
- Replacement: Use
getCommitteeDisputeKeys(uint128 _committeeId)which returns dispute keys for all committee members. - Impact: Callers that relied on operator-only dispute keys must switch to
getCommitteeDisputeKeysand, if needed, filter by operator role off-chain or accept the full committee key set.
- Old signature:
-
setPeginManager(inIBitcoinManager) – Removed; PeginManager is no longer set on BitcoinManager. -
setPeginManager,setPegoutManager,setStreamManager(inICommitteeRegistry) – Removed; use AccessManager and deployment flow instead. -
setCommitteeRegistry,setStreamManager,setBridge(inIMemberRegistry) – Removed; set during initialization or via upgrade. -
setPeginManager,setPegoutManager(inIRbtcBridge) – Removed; RbtcBridge now receivesIAccessManagerat init and no longer has these setters.
-
registerOperatorWon(inIPegoutManager)- Signature:
function registerOperatorWon(BtcTxSPVProof memory _pegoutTxSPVProof) external - Description: Registers the operator-won transaction when the operator wins a challenge; marks the slot as paid. Call when peg status is
OPERATOR_TAKE. Must be called afterregisterOperatorTakewhen the operator wins. - Impact: Integrations implementing the operator-take flow must call this to complete the operator-won path.
- Signature:
-
getAcceptPeginTxid(inIPegoutManager)- Signature:
function getAcceptPeginTxid(bytes32 _pegoutTxid) external view returns (bytes32) - Description: Returns the accept peg-in transaction id for a given peg-out transaction id.
- Impact: Use for reverse lookup from pegout txid to accept pegin txid.
- Signature:
-
getChallengeInfo(inIChallengeManager)- Signature:
function getChallengeInfo(bytes32 _acceptPeginTxid) external view returns (ChallengeInfo memory) - Description: Returns challenge information (challengeTxid, revealTxid) for a given accept peg-in txid.
- Impact: Query challenge state when integrating with ChallengeManager.
- Signature:
-
isWhitelisted,whitelistAddress,whitelistAddresses,unwhitelistAddress,unwhitelistAddresses(inICommitteeRegistry)- Description: Whitelist management; addresses must be whitelisted before they can apply to a stream.
setWhitelistersets the role allowed to whitelist/unwhitelist. - Impact: Operators must whitelist candidate addresses; update apply-to-stream flow to respect whitelist.
- Description: Whitelist management; addresses must be whitelisted before they can apply to a stream.
-
isMemberInCommittee(inICommitteeRegistry)- Signature:
function isMemberInCommittee(uint128 _committeeId, address _memberAddress) external view returns (bool) - Description: Returns whether an address is a member of a given committee.
- Impact: Use for membership checks without iterating committee members.
- Signature:
-
setWhitelister(inICommitteeRegistry)- Signature:
function setWhitelister(address _newWhitelister) external - Description: Sets the whitelister address (owner only).
- Impact: Configure who can call whitelist/unwhitelist.
- Signature:
-
getNextPegoutSlotLocation,hasPegoutInProcess(inIStreamManager)- Signatures:
function getNextPegoutSlotLocation(uint64 _streamId) external view returns (SlotLocation memory);function hasPegoutInProcess(uint64 _streamId) external view returns (bool) - Description: Get the next slot that would be used for pegout, and whether a pegout is already in progress for the stream.
- Impact: Replace use of
pegoutPacketPointer/pegoutSlotPointerwith these APIs.
- Signatures:
-
getEnablerScriptPubKey(inIStreamManager)- Signature:
function getEnablerScriptPubKey(uint64 _streamId, uint64 _packetNumber) external view returns (bytes memory) - Description: Returns the enabler script public key for a packet (enabler script is stored at packet level).
- Impact: Use when building accept-pegin or validating enabler output; pass to
validateRequestPeginEnablerOutputas expected script.
- Signature:
-
setTimelockSettings(inIStreamManager)- Signature:
function setTimelockSettings(uint64 _streamId, TimelockSettings memory _timelockSettings) external - Description: Sets timelock settings for a stream (owner only).
- Impact: Configure timelock per stream after init if needed.
- Signature:
-
isMember(inIMemberRegistry)- Signature:
function isMember(address _address) external view returns (bool) - Description: Returns whether an address has ever been a member.
- Impact: Use for membership checks.
- Signature:
-
bridge,getBestBlockHash,verifyTxConfirmations,getTxBlockNumberAndVerifyConfirmations(inIRbtcBridge)- Description: RbtcBridge now exposes bridge getter, Bitcoin best block hash, and SPV verification helpers. ProofValidator logic moved into RbtcBridge.
- Impact: Call these for bridge interaction and proof verification.
-
IPauseManager setters (in
IPauseManager):setCommitteeRegistry,setPeginManager,setPegoutManager,setChallengeManager,setMemberRegistry,setRbtcBridge- Description: Configure pausable contract addresses after deployment (no
initialize). Each setter is owner-only; address can only be set once (reverts withAlreadySetif already non-zero). - Impact: Deployment must use these setters instead of a single initialize to wire PauseManager/AccessManager.
- Description: Configure pausable contract addresses after deployment (no
Slot(inIStreamManager)- Removed:
enablerScriptPubKey(bytes). Enabler script is now stored at packet level.
- Removed:
Packet(inIStreamManager)- Added:
enablerScriptPubKey(bytes),finishedSlots(uint64).
- Added:
Stream(inIStreamManager)- Removed:
pegoutPacketPointer,pegoutSlotPointer. Peg-out slot selection uses new APIs (getNextPegoutSlotLocation,hasPegoutInProcess,lockSlot).
- Removed:
PegoutTempInfo(inIPegoutManager)- Added:
operatorTakePubKey(bytes32) aftertakeOperatorAddress.
- Added:
PegoutRequested(inIPegoutManager)- Old: Last parameter
bytes32 pegoutIdpresent. - New:
pegoutIdparameter removed.
- Old: Last parameter
AdvanceFundsRegistered(inIPegoutManager)- New: Added final parameter
bytes32 operatorTakePubKey.
- New: Added final parameter
ReimbursementKickoffRegistered(inIPegoutManager)- Old:
(bytes32 indexed txid, bytes32 indexed acceptPeginTxid, uint128 committeeId, StreamPosition streamInfo). - New: Added
bytes32 indexed pegoutIdandbytes32 operatorTakePubKey; parameter order and indexing changed.
- Old:
OperatorTakeTriggered(inIPegoutManager)- Change: First parameter
pegoutTxidis nowindexed.
- Change: First parameter
PeginManagerUpdated(inIBitcoinManager).StreamManagerUpdated,PeginManagerUpdated,PegoutManagerUpdated(inICommitteeRegistry).MemberRegistryUpdated(inICommitteeRegistry).CommitteeRegistryUpdated(inIMemberRegistry).PacketClosed(inIPegoutManager) – Emitted now byIStreamManager(see Events - New).CommitteeRegistryUpdated(inIStreamManager).
WhitelisterUpdated,AddressWhitelisted,AddressUnwhitelisted(inICommitteeRegistry).PacketClosed(inIStreamManager) – Emitted when a packet is fully completed or closed.PauserUpdated(inIPausable).BaseEventSet(inIRbtcBridge).
ReimbursementKickoffTxidNotMatch(inIPegoutManager)- Old:
error ReimbursementKickoffTxidNotMatch(bytes32 expected, bytes32 actual) - New:
error ReimbursementKickoffTxidNotMatch(bytes32 actual, bytes32 expected)(parameter order swapped).
- Old:
OperatorTakeTxidNotMatch(inIPegoutManager)- Old:
error OperatorTakeTxidNotMatch(bytes32 expected, bytes32 actual) - New:
error OperatorTakeTxidNotMatch(bytes32 actual, bytes32 expected)(parameter order swapped).
- Old:
CommitteeRegistryAddressZero→InvalidZeroAddress(inISignatureManager).ZeroAddress→InvalidZeroAddress(inIPauseManager).StreamAlreadyInitialized(inIStreamManager)- Old:
error StreamAlreadyInitialized(uint256 streamId) - New:
error StreamsAlreadyInitialized()(no parameters).
- Old:
InvalidStreamSettingsLength(inIStreamManager)- Old:
error InvalidStreamSettingsLength(uint256 streamSettingsLength) - New:
error InvalidStreamSettingsLength(uint256 actualLength, uint256 expectedLength)(two parameters).
- Old:
UnauthorizedAccount,InvalidZeroAddress(inIBitcoinManager).InvalidZeroAddress,MemberRegistryAddressZero(inICommitteeRegistry).InvalidZeroAddress(inIMemberRegistry).NoPacketAvailable(inIStreamManager).InvalidAcceptPeginTxid(inIStreamManager).BridgeAddressZero,PeginManagerAddressZero,PegoutManagerAddressZero(inIRbtcBridge).
- IChallengeManager:
ReimbursementKickoffTxidNotMatch,ChallengeTxidNotMatch,InvalidChallengeInputCount,InvalidRevealedInputCount. - ICommitteeRegistry:
NonWhitelistedAddress,UnauthorizedWhitelister,InvalidMaxMembers. - IPauseManager:
InvalidZeroAddress,AlreadySet. - IPausable:
InvalidZeroAddress,UnauthorizedPauser. - IPegoutManager:
InputRevealedTxidNotMatch,OperatorWonTxidNotMatch,InvalidKickoffInputCount,InvalidSlotId. - IRbtcBridge:
BridgeBtcInexistantBlockHash,BridgeBtcBlockNotInBestChain,BridgeBtcInconsistentBlock,BridgeBtcBlockTooOld,BridgeBtcTxInvalidMerkleBranch,NotEnoughConfirmations,BaseEventAlreadySet,BaseEventTooLong,BaseEventEmpty.
- ChallengeManager / IChallengeManager – New contract and interface for challenge and input-reveal registration (see Contract Restructuring above).
- AccessManager / IAccessManager – New contract and interface replacing AccessControl; inherits from PauseManager and centralizes permission checks.
- IPegBase – New base interface for peg-related contracts (PeginManager, PegoutManager, ChallengeManager); includes
StreamManagerUpdatedevent and errorsPeginNotRequested,InvalidPegStatus.
- AccessControl / IAccessControl – Replaced by
AccessManager/IAccessManager. - ProofValidator – Logic moved into
RbtcBridge; standalone contract and tests removed.
-
addOperatorTakeTxid→addOperatorTakeTxids(inISignatureManager)- Old signature:
function addOperatorTakeTxid(bytes32 _acceptPeginTxid, bytes32 _takeTxid) external - New signature:
function addOperatorTakeTxids(bytes32 _acceptPeginTxid, bytes32 _takeTxid, bytes32 _wonTxid) external - Changes:
- Function name changed (singular to plural)
- Added required parameter
_wonTxid(bytes32) for the OperatorWon transaction id - Impact: All callers must update to use the new function name and provide the
_wonTxidparameter
- Old signature:
-
getOperatorTakeDatareturn type changed (inISignatureManager)- Old signature:
function getOperatorTakeData(bytes32 _acceptPeginTxid) external view returns (OperatorTakeData[] memory) - Old struct:
struct OperatorTakeData { bytes32 txid; address memberAddress; } - New struct:
struct OperatorTakeData { bytes32 takeTxid; bytes32 wonTxid; address memberAddress; } - Changes:
- The
OperatorTakeDatastruct now includes bothtakeTxidandwonTxidfields instead of a singletxidfield - Impact: Callers expecting the old struct format need to be updated to handle both transaction IDs
- The
- Old signature:
-
StreamManager.initializeparameters changed (inIStreamManager)- Old signature:
function initialize(address _initialOwner, address _peginManager, address _pegoutManager, ICommitteeRegistry _committeeRegistry, uint64[] memory _denominations, StreamManagerSettings memory _settings) - New signature:
function initialize(address _initialOwner, address _peginManager, address _pegoutManager, ICommitteeRegistry _committeeRegistry, StreamManagerSettings memory _settings, StreamSettings[] memory _streamSettings) - Changes:
- Replaced
uint64[] memory _denominationsparameter withStreamSettings[] memory _streamSettings StreamSettingsincludes denomination, peginConfirmations, pegoutConfirmations, and timelockSettings- Impact: All deployment scripts and initialization code must be updated to use the new
StreamSettings[]format
- Replaced
- Old signature:
-
RequestPeginTempInfostruct fields added (inIPeginManager)-
Old struct:
struct RequestPeginTempInfo { address rskDestinationAddress; bytes32 btcReimbursementPubKey; bytes32 acceptPeginSignatureHash; }
-
New struct:
struct RequestPeginTempInfo { address rskDestinationAddress; bytes32 btcReimbursementPubKey; bytes32 acceptPeginSignatureHash; int256 btcBlockNumber; bytes32 userReimbursementTxid; bytes32 rejectPeginTxid; }
-
Changes:
- Added
btcBlockNumberfield - Added
userReimbursementTxidfield - Added
rejectPeginTxidfield - Impact: Code accessing this struct needs to handle the new fields
- Added
-
-
requestPeginBitcoin transaction structure changed- Old structure: Had 2 outputs (P2TR taptree output and OP_RETURN metadata output)
- New structure: Now has 3 outputs - added an enabler output (output index 2) containing dispute keys
- Changes:
- Added enabler output at index 2 with amount
ENABLER_AMOUNT(540 satoshis) - Enabler output contains a Taproot script with committee dispute keys in the merkle tree
- The enabler output is validated via
validateRequestPeginEnablerOutputfunction
- Added enabler output at index 2 with amount
- Impact:
- SPV proofs submitted to
requestPeginmust now include the enabler output - Bitcoin transactions created for request pegin must include this third output
- Validation will fail if the enabler output is missing, has incorrect amount, or incorrect scriptPubKey
- SPV proofs submitted to
-
acceptPeginBitcoin transaction structure changed- Old structure: Had 1 input (consuming request pegin taptree UTXO) and 2 outputs (P2TR taptree output and speed-up output)
- New structure: Now has 2 inputs and 3 outputs
- Changes:
- Added enabler input at index 1 that consumes the request pegin enabler UTXO (output index 2 from request pegin)
- Added enabler output at index 1 with amount
ENABLER_AMOUNT(540 satoshis) containing operator dispute keys only - The main taptree output amount is reduced by
ENABLER_AMOUNTto account for the enabler output - Both inputs (taptree and enabler) must be included in the signature hash calculation
- Impact:
- SPV proofs submitted to
acceptPeginmust now include both inputs (taptree and enabler) - SPV proofs must include the enabler output in the transaction outputs
- Bitcoin transactions created for accept pegin must consume both UTXOs from request pegin
- Validation will fail if the enabler input/output is missing or incorrect
- The
getAcceptPeginSignatureHashfunction now requiresPrevoutData[]array with both prevouts (taptree + enabler)
- SPV proofs submitted to
-
registerAdvanceFunds(inIPegoutManager)- Signature:
function registerAdvanceFunds(bytes32 acceptPeginTxid, BtcTxSPVProof calldata _advanceFunds) external - Description: Registers the advance funds transaction submitted by the operator
- Note: Must be called before
registerOperatorTakewhen an operator is selected
- Signature:
-
registerReimbursementKickoff(inIPegoutManager)- Signature:
function registerReimbursementKickoff(bytes32 acceptPeginTxid, BtcTxSPVProof calldata _kickoffSPV) external - Description: Registers the reimbursement kickoff transaction submitted by the operator
- Note: Must be called after
registerAdvanceFundsand beforeregisterOperatorTake
- Signature:
-
userReimbursement(inIPeginManager)- Signature:
function userReimbursement(BtcTxSPVProof calldata _userReimbursementTxSPVProof, uint32 _reimbursementPeginVin) external - Description: Registers a user reimbursement transaction from Bitcoin
- Note: Sets slot state to BLOCKED
- Signature:
-
rejectPegin(inIPeginManager)- Signature:
function rejectPegin(BtcTxSPVProof memory _rejectPeginTxSPVProof) external - Description: Registers a reject peg-in transaction from Bitcoin
- Note: Sets slot state to BLOCKED
- Signature:
-
setTimelockSettings(inIStreamManager)- Signature:
function setTimelockSettings(uint64 _streamId, TimelockSettings memory _timelockSettings) external - Description: Sets the timelock settings for a stream
- Access: Only callable by the owner
- Signature:
PegStatusenum values added (inIPegCommonTypes)- Old enum values:
NOT_REGISTERED,REGISTERED,ACCEPTED,USER_TAKE,OPERATOR_TAKE,OPERATOR_WON,COMPLETED,LENGTH - New enum values: Added
OP_SELECTED,ADVANCED,KICKOFF,CHALLENGE,REVEALED,BLOCKED - Changes:
OP_SELECTED: Operator has been selected for advancing the slotADVANCED: Slot is being advanced by an operator to the userKICKOFF: Operator has presented reimbursement kickoff proof for the slotCHALLENGE: Slot is under challenge after kickoff presentationREVEALED: Operator slot id secret has been revealed to initiate a challengeBLOCKED: Pegin is blocked due to timeout or refund proof
- Impact: Code checking or handling
PegStatusvalues needs to account for the new states
- Old enum values:
-
registerOperatorTakeworkflow changed (inIPegoutManager)- Old workflow: Could call
registerOperatorTakedirectly when peg status wasOPERATOR_TAKE - New workflow: Before calling
registerOperatorTake, must first call:registerAdvanceFunds(sets status toADVANCED)registerReimbursementKickoff(sets status toKICKOFF)
- Impact: All integrations using operator take functionality must update their workflow
- Old workflow: Could call
-
Pegin rejection and user reimbursement workflow added (in
IPeginManager)- New capability: After
requestPeginand beforeacceptPegin, the following actions are now possible:- Reject pegin: Committee can call
rejectPeginto register a reject peg-in transaction, which sets the slot status toBLOCKED - User reimbursement: User can call
userReimbursementto register a user reimbursement transaction, which also sets the slot status toBLOCKED
- Reject pegin: Committee can call
- Impact: Integrations must handle the new
BLOCKEDstatus and account for these new workflow paths that can occur between request and accept pegin phases
- New capability: After
-
AdvanceFundsRegistered(inIPegoutManager)- Signature:
event AdvanceFundsRegistered(bytes32 indexed blockHash, bytes32 indexed txid, bytes32 indexed acceptPeginTxid, bytes32 pegoutId, uint128 committeeId, StreamPosition streamInfo) - Description: Emitted when advance funds are successfully registered
- Emitted by:
registerAdvanceFundsfunction
- Signature:
-
ReimbursementKickoffRegistered(inIPegoutManager)- Signature:
event ReimbursementKickoffRegistered(bytes32 indexed txid, bytes32 indexed acceptPeginTxid, uint128 committeeId, StreamPosition streamInfo) - Description: Emitted when the reimbursement kickoff transaction is successfully registered
- Emitted by:
registerReimbursementKickofffunction
- Signature:
-
UserReimbursementRegistered(inIPeginManager)- Signature:
event UserReimbursementRegistered(bytes32 indexed userReimbursementTxid, bytes32 indexed requestPeginTxid, StreamPosition streamInfo) - Description: Emitted when a user reimbursement is successfully registered
- Emitted by:
userReimbursementfunction
- Signature:
-
RejectPeginRegistered(inIPeginManager)- Signature:
event RejectPeginRegistered(bytes32 indexed rejectPeginTxid, bytes32 indexed requestPeginTxid, StreamPosition streamInfo) - Description: Emitted when a reject peg-in is successfully registered
- Emitted by:
rejectPeginfunction
- Signature:
-
TimelockSettingsUpdated(inIStreamManager)- Signature:
event TimelockSettingsUpdated(uint64 _streamId, TimelockSettings _timelockSettings) - Description: Emitted when the timelock settings are updated for a stream
- Emitted by:
setTimelockSettingsfunction
- Signature:
OperatorTakeTxidAdded→OperatorTakeTxidsAdded(inISignatureManager)- Old signature:
event OperatorTakeTxidAdded(bytes32 acceptPeginTxid, address memberAddress, bytes32 hash) - New signature:
event OperatorTakeTxidsAdded(bytes32 acceptPeginTxid, address memberAddress, bytes32 takeTxid, bytes32 wonTxid) - Changes:
- Event name changed (singular to plural)
- Parameter
hashreplaced with two parameters:takeTxidandwonTxid - Now includes both OperatorTake and OperatorWon transaction IDs
- Impact: Event listeners filtering or parsing this event need to update to handle the new event name and parameters
- Old signature:
-
InvalidUserReimbursementTx(inIPeginManager)- Signature:
error InvalidUserReimbursementTx(bytes32 userReimbursementTxid) - Description: Thrown when the user reimbursement transaction id is the same as the accept peg-in txid
- Signature:
-
InvalidRejectPeginTxid(inIPeginManager)- Signature:
error InvalidRejectPeginTxid(bytes32 rejectPeginTxid) - Description: Thrown when the reject peg-in transaction id is the same as the accept peg-in txid
- Signature:
-
UserReimbursementBeforeTimelock(inIPeginManager)- Signature:
error UserReimbursementBeforeTimelock(int256 blocksElapsedSinceRequestPegin, uint256 timelockBlocks) - Description: Thrown when the user reimbursement transaction is mined before the timelock period
- Signature:
-
ReimbursementKickoffBeforeAdvanceFunds(inIPegoutManager)- Signature:
error ReimbursementKickoffBeforeAdvanceFunds(int256 advanceFundsBlockNumber, int256 reimbursementKickoffBlockNumber) - Description: Thrown when the reimbursement kickoff transaction is mined before the advance funds transaction
- Signature:
-
ReimbursementKickoffTxidNotMatch(inIPegoutManager)- Signature:
error ReimbursementKickoffTxidNotMatch(bytes32 expected, bytes32 actual) - Description: Thrown when the reimbursement kickoff txid does not match the expected value
- Signature:
shell/script/operator-take/add-operator-take-txid.sh- Updated to useaddOperatorTakeTxidsand depositoperatorWonTxidscript/operator-take/add-every-operator-take-txid.sh- Updated to useaddOperatorTakeTxidsand depositoperatorWonTxid
shell/script/operator-take/add-every-operator-take-tx-hash.sh- Unused script removed
-
getOperatorTakeAddress→getOperatorDisputeData(inICommitteeRegistry)- Old signature:
function getOperatorTakeAddress(uint128 committeeId, SignatureData[] calldata signatureData) external returns (address operatorAddress, bytes32 takePubKey) - New signature:
function getOperatorDisputeData(uint128 committeeId, SignatureData[] calldata signatureData) external returns (address operatorAddress, bytes32 disputePubKey) - Changes:
- Function name changed
- Return value renamed from
takePubKeytodisputePubKey - Impact: All callers must update to use the new function name and handle the renamed return value
- Old signature:
-
getMemberComPubKeyreturn type changed (inIMemberRegistry)- Old signature:
function getMemberComPubKey(address _address) external view returns (RSAPublicKey memory) - New signature:
function getMemberComPubKey(address _address) external view returns (bytes32) - Changes:
- Now returns the communication key hash (
bytes32) instead of the fullRSAPublicKeystruct - Impact: Callers expecting the full RSA public key struct need to be updated
- Now returns the communication key hash (
- Old signature:
-
removeCandidatesAndUpdateBalance→stakePreStakedCandidatesBalance(inIMemberRegistry)- Old signature:
function removeCandidatesAndUpdateBalance(...) - New signature:
function stakePreStakedCandidatesBalance(CommitteeMember[] memory _members, StreamDenomination _denomination, uint64 _packetNumber) external - Changes:
- Function name changed
- Impact: All callers must update to use the new function name
- Old signature:
-
requestPeginparameter renamed (inIPeginManager)- Old signature:
function requestPegin(BtcTxSPVProof calldata _peginRequestTxSPVProof) external - New signature:
function requestPegin(BtcTxSPVProof calldata _requestPeginTxSPVProof) external - Changes:
- Parameter name changed from
_peginRequestTxSPVProofto_requestPeginTxSPVProof - Impact: Event listeners and documentation should use the new parameter name
- Parameter name changed from
- Old signature:
-
reAddCommitteeMembers(inIMemberRegistry)- Signature:
function reAddCommitteeMembers(Committee memory _discardedCommittee) external - Description: Re-adds members from a discarded committee
- Signature:
-
setBridge(inIMemberRegistry)- Signature:
function setBridge(IBridge _bridge) external - Description: Sets the bridge contract address
- Signature:
-
getPacketSlotsLength(inIStreamManager)- Signature:
function getPacketSlotsLength(uint64 _streamId, uint64 _packetNumber) external view returns (uint64) - Description: Gets the number of slots in a packet
- Signature:
BridgeUpdated(inIMemberRegistry)- Signature:
event BridgeUpdated(address indexed newBridge) - Description: Emitted when the bridge address is updated
- Signature:
-
InvalidZeroEDCSAPublicKey→InvalidEDCSAPublicKey(inIMemberRegistry)- Old signature:
error InvalidZeroEDCSAPublicKey(PublicKeyType keyType, bytes32 publicKeyX, bytes32 publicKeyY) - New signature:
error InvalidEDCSAPublicKey(PublicKeyType keyType, bytes32 publicKeyX, bytes32 publicKeyY) - Changes: Error name changed (removed "Zero" from name)
- Impact: Error handling code needs to update error name
- Old signature:
-
InvalidZeroRSAPublicKey→InvalidZeroRSAPublicKeyHash(inIMemberRegistry)- Old signature:
error InvalidZeroRSAPublicKey(PublicKeyType keyType) - New signature:
error InvalidZeroRSAPublicKeyHash(PublicKeyType keyType) - Changes: Error renamed to reflect that it validates RSA key hash, not the full key
- Impact: Error handling code needs to update error name
- Old signature:
BridgeExceededLockingCap(inIPeginManager)- Signature:
error BridgeExceededLockingCap(uint256 value, uint256 lockingCap) - Description: Thrown when the input amount exceeds the locking cap of the pow-peg bridge
- Signature:
- PegManager contract split: The
PegManagercontract has been split into two separate contracts:PeginManager: Handles all peg-in operations (Bitcoin to Rootstock)PegoutManager: Handles all peg-out operations (Rootstock to Bitcoin)- Impact: All integrations using
PegManagermust be updated to use the appropriate new contract
-
getTemporaryPeginAddress→getRequestPeginData(inPeginManager)- Old signature:
function getTemporaryPeginAddress(address _rootstockDepositAddress, uint64 _value, bytes32 _btcReimbursementPubKey) external returns (string memory temporaryPeginAddress) - New signature:
function getRequestPeginData(address _rootstockDepositAddress, uint64 _value, bytes32 _btcReimbursementPubKey) external view returns (string memory temporaryPeginAddress, uint64 packetNumber, bytes32[] memory memberDisputeKeys, uint64 availableSlots) - Changes:
- Function name changed
- Now returns additional values:
packetNumber,memberDisputeKeys, andavailableSlots - Changed from
externaltoexternal view
- Old signature:
-
getStreamPosition→getStreamPositionByRequestPegin(inPeginManager)- Old signature:
function getStreamPosition(bytes32 btcTxid) external view returns (StreamPosition memory) - New signature:
function getStreamPositionByRequestPegin(bytes32 requestPeginTxid) external view returns (StreamPosition memory) - Changes:
- Function name changed
- IMPORTANT: Parameter semantics changed - old function accepted
acceptPeginTxid, new function acceptsrequestPeginTxid(the request peg-in transaction ID, not the accept peg-in transaction ID) - Moved from
PegManagertoPeginManager
- Note: To get stream position by
acceptPeginTxid, useStreamManager.getStreamPosition(bytes32 _acceptPeginTxid)directly
- Old signature:
-
setStreamManager- Removed fromPegManager- Old signature:
function setStreamManager(IStreamManager _streamManager) external - Impact: Stream manager must be set during initialization or via upgrade
- Old signature:
-
setSignatureManager- Removed fromPegManager- Old signature:
function setSignatureManager(ISignatureManager _signatureManager) external - Impact: Signature manager must be set during initialization or via upgrade
- Old signature:
-
setMemberRegistry- Removed fromPegManager- Old signature:
function setMemberRegistry(IMemberRegistry _memberRegistry) external - Impact: Member registry is now accessed through
CommitteeRegistry
- Old signature:
-
RbtcBridge.mintRbtc- New function- Signature:
function mintRbtc(address payable _to, uint256 _amount) external - Description: Mints RBTC from the PowPeg bridge and sends it to the specified address
- Access: Only callable by
peginManager
- Signature:
-
RbtcBridge.burnRbtc- New function- Signature:
function burnRbtc() external payable - Description: Burns RBTC back to the PowPeg bridge
- Access: Only callable by
pegoutManager
- Signature:
-
RbtcBridge.getUnionBridgeLockingCap- New function- Signature:
function getUnionBridgeLockingCap() external view returns (uint256) - Description: Gets the locking cap of the Union Bridge for RBTC minting operations
- Signature:
-
PeginManager.getRequestPeginData- New function (replacesgetTemporaryPeginAddress)- Signature:
function getRequestPeginData(address _rootstockDepositAddress, uint64 _value, bytes32 _btcReimbursementPubKey) external view returns (string memory temporaryPeginAddress, uint64 packetNumber, bytes32[] memory memberDisputeKeys, uint64 availableSlots) - Description: Generates request peg-in data including temporary Bitcoin address and member dispute keys
- Signature:
-
PeginManager.getStreamPositionByRequestPegin- New function (replacesgetStreamPosition)- Signature:
function getStreamPositionByRequestPegin(bytes32 requestPeginTxid) external view returns (StreamPosition memory) - Description: Retrieves the stream position information for a given request peg-in transaction id
- Signature:
-
PeginAcceptedevent parameter name changed- Old:
peginRequestTxid(3rd indexed parameter) - New:
requestPeginTxid(3rd indexed parameter) - Impact: Event listeners filtering by this parameter need to update
- Old:
-
PegoutRegisteredevent structure changed- Old signature:
event PegoutRegistered(bytes32 indexed blockHash, bytes32 indexed txid, bytes32 indexed acceptPeginTxid, uint128 committeeId, uint64 streamId, uint64 packetNumber, uint64 slotId) - New signature:
event PegoutRegistered(bytes32 indexed blockHash, bytes32 indexed txid, bytes32 indexed acceptPeginTxid, uint128 committeeId, StreamPosition streamInfo) - Changes:
- Replaced individual
streamId,packetNumber,slotIdparameters withStreamPosition streamInfostruct - Impact: Event listeners parsing this event need to update to extract values from the struct
- Replaced individual
- Old signature:
-
StreamManagerUpdated- Removed- Old signature:
event StreamManagerUpdated(IStreamManager _streamManager) - Impact: No longer emitted since
setStreamManagerfunction was removed
- Old signature:
-
SignatureManagerUpdated- Removed- Old signature:
event SignatureManagerUpdated(ISignatureManager _signatureManager) - Impact: No longer emitted since
setSignatureManagerfunction was removed
- Old signature:
-
RbtcBridge.RbtcMinted- New event- Signature:
event RbtcMinted(address indexed to, uint256 amount) - Description: Emitted when RBTC is minted and sent to a user
- Signature:
-
RbtcBridge.RbtcBurned- New event- Signature:
event RbtcBurned(uint256 amount) - Description: Emitted when RBTC is burned back to the PowPeg bridge
- Signature:
BridgeExceededLockingCap- Moved toIPeginManager- Old location:
IPegManager - New location:
IPeginManager - Signature unchanged:
error BridgeExceededLockingCap(uint256 value, uint256 lockingCap) - Impact: Error handling code needs to import from the new interface
- Old location:
-
SignatureManagerAddressZero- Removed- Old signature:
error SignatureManagerAddressZero() - Impact: No longer used since
setSignatureManagerwas removed
- Old signature:
-
StreamManagerAddressZero- Removed- Old signature:
error StreamManagerAddressZero() - Impact: No longer used since
setStreamManagerwas removed
- Old signature:
-
MemberRegistryAddressZero- Removed- Old signature:
error MemberRegistryAddressZero() - Impact: No longer used since
setMemberRegistrywas removed
- Old signature:
-
RbtcBridge.UnauthorizedCaller- New error- Signature:
error UnauthorizedCaller(address caller) - Description: Thrown when an unauthorized address attempts to call a restricted function
- Signature:
-
RbtcBridge.FailedToSendRBTC- New error- Signature:
error FailedToSendRBTC(address to, uint256 amount) - Description: Thrown when RBTC transfer to recipient fails
- Signature:
-
RbtcBridge.BridgeUnauthorizedCaller- New error- Signature:
error BridgeUnauthorizedCaller() - Description: Thrown when the PowPeg bridge rejects the request due to unauthorized caller
- Signature:
-
RbtcBridge.BridgeExceededLockingCap- New error- Signature:
error BridgeExceededLockingCap(uint256 amount) - Description: Thrown when the requested amount exceeds the PowPeg bridge locking cap
- Signature:
-
RbtcBridge.BridgeTransfersDisabled- New error- Signature:
error BridgeTransfersDisabled() - Description: Thrown when RBTC transfers are currently disabled in the PowPeg bridge
- Signature:
-
RbtcBridge.BridgeReleaseInvalidValue- New error- Signature:
error BridgeReleaseInvalidValue(uint256 amount) - Description: Thrown when the burn amount exceeds the previously minted amount
- Signature:
-
RbtcBridge.BridgeBtcUnknownError- New error- Signature:
error BridgeBtcUnknownError(int256 errorCode) - Description: Thrown when the PowPeg bridge returns an unknown error code
- Signature:
-
RbtcBridge.BridgeAddressZero- New error- Signature:
error BridgeAddressZero() - Description: Thrown when the bridge address is set to zero during initialization
- Signature:
-
RbtcBridge.PeginManagerAddressZero- New error- Signature:
error PeginManagerAddressZero() - Description: Thrown when the peginManager address is set to zero during initialization
- Signature:
-
RbtcBridge.PegoutManagerAddressZero- New error- Signature:
error PegoutManagerAddressZero() - Description: Thrown when the pegoutManager address is set to zero during initialization
- Signature:
-
IPeginManager.BridgeExceededLockingCap- New error (moved from IPegManager)- Signature:
error BridgeExceededLockingCap(uint256 value, uint256 lockingCap) - Description: Thrown when the input amount exceeds the locking cap of the pow-peg bridge
- Signature:
-
New Contracts:
RbtcBridge: Intermediary contract that acts as the single authorized address for RBTC minting/burning with the RSK PowPeg BridgePauseManager: Contract for managing pause functionality across the systemMusig2: Contract for MuSig2 signature aggregationPegManagerBase: Base contract containing shared functionality forPeginManagerandPegoutManager
-
New Interfaces:
IRbtcBridge: Interface for the RbtcBridge contractIPeginManager: Interface for peg-in operationsIPegoutManager: Interface for peg-out operationsIPegManagerBase: Base interface for peg managersIPegCommonTypes: Common types shared between peg managersIPausable: Interface for pausable contractsIPauseManager: Interface for pause managementIMusig2: Interface for MuSig2 operations
- Architecture: Split
PegManagerintoPeginManagerandPegoutManagerfor better separation of concerns - RBTC Minting/Burning: Now handled through the
RbtcBridgecontract to comply with RSKIP-502 requirements - Initialization:
PeginManagerandPegoutManagernow requireIRbtcBridgeparameter during initialization
- Update contract references: Replace all
PegManagerreferences with eitherPeginManagerorPegoutManagerdepending on the operation - Update function calls:
- Replace
getTemporaryPeginAddresswithgetRequestPeginDataand handle additional return values - Replace
getStreamPositionwithgetStreamPositionByRequestPegin
- Replace
- Update event listeners:
- Update
PeginAcceptedlisteners to userequestPeginTxidinstead ofpeginRequestTxid - Update
PegoutRegisteredlisteners to extract values fromStreamPositionstruct
- Update
- Deploy RbtcBridge: Deploy and configure the new
RbtcBridgecontract before deployingPeginManagerandPegoutManager - Update error handling: Import
BridgeExceededLockingCapfromIPeginManagerinstead ofIPegManager