Resolve issues with verifyDeposit and verifyBalances

[naddison36]

Changes

• verifyDeposit:
  • checks that the validator of the first pending deposit is not exiting. It does this using a second proof to the validator's withdrawable epoch. This proof can be after the first pending deposit proof so deposits to new validators have had time to be registered on the beacon chain.
  • checks if the strategy's validator is exiting. If it is, it records the withdrawable epoch in the deposit data.
• verifyBalances:
  • Verifies validators before deposits so exited validators can have their state set to EXITED
  • If a deposit is to an exiting validator, it checks the withdrawable epoch has not been reached
  • will revert if there is a deposit to an exiting validator that is on or after the withdrawable epoch and the validator has not yet withdrawn

Code Change Checklist

To be completed before internal review begins:

• The contract code is complete
• Executable deployment file
• Fork tests that test after the deployment file runs
• Unit tests *if needed
• The owner has done a full checklist review of the code + tests

Internal review:

• Two approvals by internal reviewers

Deploy checklist

Two reviewers complete the following checklist:

- [ ] All deployed contracts are listed in the deploy PR's description
- [ ] Deployed contract's verified code (and all dependencies) match the code in master
- [ ] Contract constructors have correct arguments
- [ ] The transactions that interacted with the newly deployed contract match the deploy script.
- [ ] Governance proposal matches the deploy script
- [ ] Smoke tests pass after fork test execution of the governance proposal

[github-actions]

	Warnings
⚠️	👀 This PR needs at least 2 reviewers

Generated by 🚫 dangerJS against 92beddd

[sparrowDom]

if we verify Index here do we have a need for a separate verifyValidator function?

[sparrowDom]

This function could promote a validator from STAKED to VERIFIED and add an entry to verifiedValidators

[sparrowDom]

Left a few comments. Great job on these changes aside from 2 issues I think they are solid

[sparrowDom]

nit: maybe name this DepositValidatorProofData

[sparrowDom]

nit: maybe name this FirstPendingDepositProofData

[sparrowDom]

🔴 I think this should be validatorBlockRoot instead of depositBlockRoot

[sparrowDom]

super nit: maybe DepositToValidatorExiting

[sparrowDom]

comment nit: maybe add this is most likely to validator being slashed

[sparrowDom]

nit comment addition:
... validator is fully exited. The ETH deposited to an exiting validator remains in the beaconState.pendingDeposits as part of the beacon chain's deposits_to_postpone array inside which the deposit remains as long as the validator has not fully exited from the beacon chain. Once the validator has fully exited the postponed deposit is credited back to the strategy contract.

[sparrowDom]

A thought: what if we remove the validatorVerificationBlockTimestamp and just calculate it as: balancesMem.timestamp + SLOT_DURATION. This would impose an extra limitation to verifyBalances where 3 slots in succession are required to produce a block instead of 2.

[sparrowDom]

🔴 in StakeEth the depositData.withdrawableEpoch is set to FAR_FUTURE_EPOCH. This means if verify deposit has not been called yet on a withdrawable validator the verificationEpoch < depositData.withdrawableEpoch check will always be true and make this whole require pass.

I think this require should look like this:

require(
  firstPendingDeposit.slot < depositData.slot ||
      (
         verificationEpoch < depositData.withdrawableEpoch &&
         depositData.withdrawableEpoch != FAR_FUTURE_EPOCH
       ) ||
      validatorState[depositData.pubKeyHash] ==
          VALIDATOR_STATE.EXITED,
      "Deposit likely processed"
  );