d-bis/smom-dbis-138
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
smom-dbis-138/docs/treasury/EXPORT_STATE_MACHINE.md
defiQUG 5efe36b1e0 chore: sync submodule state (parent ref update) 
Made-with: Cursor
2026-03-02 12:14:09 -08:00

2.5 KiB
Raw Permalink Blame History

Export State Machine (exportToMainnet)

Purpose: Precise state machine for the export path from Chain 138 to Ethereum Mainnet, including failure handling and queued intents while CCIP is not live.

States

State Description
DISABLED exportsEnabled == false; no CCIP send allowed.
IDLE Ready; caps OK; may accept exportToMainnet() call.
PENDING_CAP_CHECK Validating per-tx, daily, and hourly caps.
PENDING_CCIP_SEND Calling CCIPWETH9Bridge.sendCrossChain.
QUEUED Intent recorded; CCIP not live or simulation mode.
FAILED Revert or recorded failure; cooldown applies.
COMPLETED Export message accepted by CCIP.

Diagram

stateDiagram-v2
  direction LR
  DISABLED: exportsEnabled = false
  IDLE: Ready, caps OK
  PENDING_CAP_CHECK: Check per-tx/daily/hourly
  PENDING_CCIP_SEND: Call CCIPWETH9Bridge
  QUEUED: Intent recorded, CCIP not live
  FAILED: Revert / record failure
  COMPLETED: Export sent

  [*] --> DISABLED
  DISABLED --> IDLE: exportsEnabled = true
  IDLE --> PENDING_CAP_CHECK: exportToMainnet() called
  PENDING_CAP_CHECK --> FAILED: Caps exceeded
  PENDING_CAP_CHECK --> PENDING_CCIP_SEND: Caps OK
  PENDING_CCIP_SEND --> QUEUED: CCIP not live / simulation
  PENDING_CCIP_SEND --> FAILED: Send revert
  PENDING_CCIP_SEND --> COMPLETED: Message accepted
  QUEUED --> PENDING_CCIP_SEND: Retry when live
  FAILED --> IDLE: After cooldown / admin reset
  COMPLETED --> IDLE: Reset counters as needed

Failure handling

  • On revert from CCIP or CCIPWETH9Bridge: transition to FAILED.
  • Optional persistent intent (amount, recipient) for retry when CCIP is live.
  • Cooldown (e.g. cooldownBlocks) before next attempt from FAILED → IDLE.
  • Admin may reset FAILED state after investigation.

Queued intents

  • While exportsEnabled == false, bot or executor may record "intent to export X WETH9" on-chain (e.g. single slot or small queue) or off-chain.
  • When exportsEnabled is set true, process queue (or sweep in next daily run).
  • Implemented: StrategyExecutor138 provides a single-slot intent queue:
    • recordExportIntent(token, amount) — callable by KEEPER when exportsEnabled == false; stores one pending intent (overwrites any previous).
    • processPendingIntent(deadline) — callable by KEEPER when exportsEnabled == true; executes the pending intent (same path as exportToMainnet) and clears the slot.
Reference in New Issue View Git Blame Copy Permalink