Recoverable app funds

[guidanoli]

📚 Specification

Draft on HackMD
Final Spec on Notion

📈 Subtasks

Based on the specification, we list all contracts-related tasks below.
The tasks are ordered in such a way that is easier to implement them.

• Add withdrawer interface to codebase
• Add withdrawal configuration structure to codebase
• Add withdrawal configuration parameter to app deployment entrypoints
• Add withdrawal configuration parameter to app deployment event
• Add withdrawal configuration getters to app interface
• Add withdrawal configuration validation to app constructor
• Add permissioned foreclosing function and boolean getter to app interface
• Add is-foreclosed check on the input box contract
• Add is-foreclosed check on consensus contracts
• Add outputs-root-in-machine-proof parameter to claim-submission function
• Add last-finalized-machine-Merkle-root getter to consensus interface
• Add account validity proof structure to codebase
• Add withdrawal-related definitions to app interface

⛓️‍💥 Breaking changes

It is important to justify why this issue targets contracts v3.
We made our best effort to not introduce breaking changes, but some are inavoidable.
These breaking changes should be part of a v2-to-v3 migration guide later.

• Add withdrawal config parameter to app deployment functions and events
• Add outputs-root-in-machine-proof parameter to claim-submission function

🧪 Tests

Based on the expected behavior of the new entrypoints and parameters,
here are some test cases that should validate their correct implementation.

• Deploy app with address zero as guardian
• Deploy app with address zero as withdrawer
• Deploy app with all-zeroes account drive config
• Deploy app with fuzzed withdrawal config and test getters and event
• Attempt to deploy app with account drive outside memory bounds
• Make guardian foreclose app and test is-foreclosed getter
• Attempt to foreclose app as non-guardian
• Attempt to send an input to a foreclosed app
• Attempt to send an input to a non-deployed app
• Attempt to send an input to a malfunctioning app (ill-formed return data)
• Attempt to send an input to a reverting app (is-foreclosed check reverts)
• Attempt to deposit Ether into a foreclosed app
• Attempt to deposit ERC-20 tokens into a foreclosed app
• Attempt to deposit ERC-721 tokens into a foreclosed app
• Attempt to deposit ERC-1155 tokens into a foreclosed app
• Attempt to submit a claim regarding a foreclosed app
• Attempt to submit a claim regarding a non-deployed app
• Attempt to submit a claim regarding a malfunctioning app (ill-formed return data)
• Attempt to submit a claim regarding a reverting app (is-foreclosed check reverts)
• Submit claim with fuzzed outputs-root-in-machine proof and test getter
• Attempt to submit claim with proof of invalid length
• Ensure initial withdrawal count is zero
• Ensure no withdrawals were executed initially
• Withdraw funds with fuzzed account validity proofs and test events/getters
• Attempt to withdraw funds with out-of-bounds account index
• Attempt to withdraw funds with invalid account-root siblings array length
• Attempt to withdraw funds with invalid proof (machine Merkle root mismatch)
• Attempt to withdraw funds with no machine Merkle root finalized
• Attempt to withdraw funds of some account twice