feat(BAPP-793): Add TBA discount validator

src/L2/discounts/TBADiscountValidator.sol

@@ -0,0 +1,59 @@
+//SPDX-License-Identifier: MIT
+pragma solidity ^0.8.23;
+
+import {ECDSA} from "solady/utils/ECDSA.sol";
+
+import {IDiscountValidator} from "src/L2/interface/IDiscountValidator.sol";
+
+/// @title Discount Validator for: TBA
+///
+/// @notice Implements a signature-based discount validation.
+///
+/// @author Coinbase (https://github.com/base-org/usernames)
+contract TBADiscountValidator is IDiscountValidator {
+    /// @notice Thrown when setting a critical address to the zero-address.
+    error NoZeroAddress();
+
+    /// @dev The sybil resistance service signer.
+    address immutable signer;
+
+    /// @notice Thrown when the signature expiry date < block.timestamp.
+    error SignatureExpired();
+
+    /// @notice constructor
+    ///
+    /// @param signer_ The off-chain signer of the Coinbase sybil resistance service.
+    constructor(address signer_) {
+        if (signer_ == address(0)) revert NoZeroAddress();
+        signer = signer_;
+    }
+
+    /// @notice Required implementation for compatibility with IDiscountValidator.
+    ///
+    /// @dev The data must be encoded as `abi.encode(keccak256(deviceId), expiry, signature_bytes)`.
+    ///
+    /// @param validationData opaque bytes for performing the validation.
+    ///
+    /// @return `true` if the validation data provided is determined to be valid for the specified claimer, else `false`.
+    function isValidDiscountRegistration(address claimer, bytes calldata validationData) external view returns (bool) {
+        (bytes32 deviceId, uint64 expiry, bytes memory sig) = abi.decode(validationData, (bytes32, uint64, bytes));
+        if (expiry < block.timestamp) revert SignatureExpired();
+
+        address returnedSigner = ECDSA.recover(_makeSignatureHash(claimer, deviceId, expiry), sig);
+        return returnedSigner == signer;
+    }
+
+    /// @notice  Generates a hash for signing/verifying.
+    ///
+    /// @dev The message hash should be dervied by: `keccak256(abi.encode(0x1900, validatorAddress, claimerAddress, deviceId, expiry))`.
+    ///     Compliant with EIP-191 for `Data for intended validator`: https://eips.ethereum.org/EIPS/eip-191#version-0x00 .
+    ///
+    /// @param claimer Address of the coupon claimer.
+    /// @param deviceId The keccak256 hash of the device ID.
+    /// @param expires The date of the signature expiry.
+    ///
+    /// @return The EIP-191 compliant signature hash.
+    function _makeSignatureHash(address claimer, bytes32 deviceId, uint64 expires) internal view returns (bytes32) {
+        return keccak256(abi.encodePacked(hex"1900", address(this), claimer, deviceId, expires));
+    }
+}

test/discounts/TBADiscountValidator/IsValidDiscountRegistration.t.sol

@@ -0,0 +1,30 @@
+//SPDX-License-Identifier: MIT
+pragma solidity ^0.8.23;
+
+import {TBADiscountValidator} from "src/L2/discounts/TBADiscountValidator.sol";
+import {TBADiscountValidatorBase} from "./TBADiscountValidatorBase.t.sol";
+
+contract IsValidDiscountRegistration is TBADiscountValidatorBase {
+    function test_reverts_whenTheSignatureIsExpired() public {
+        bytes memory validationData = _getDefaultValidationData();
+        (, bytes32 _deviceId, bytes memory sig) = abi.decode(validationData, (uint64, bytes32, bytes));
+        bytes memory expiredSignatureData = abi.encode((block.timestamp - 1), _deviceId, sig);
+
+        vm.expectRevert(abi.encodeWithSelector(TBADiscountValidator.SignatureExpired.selector));
+        validator.isValidDiscountRegistration(user, expiredSignatureData);
+    }
+
+    function test_returnsFalse_whenTheExpectedSignerMismatches(uint256 pk) public view {
+        vm.assume(pk != signerPk && pk != 0 && pk < type(uint128).max);
+        bytes32 digest = _makeSignatureHash(user, deviceId, expires);
+        (uint8 v, bytes32 r, bytes32 s) = vm.sign(pk, digest);
+        bytes memory sig = abi.encodePacked(r, s, v);
+        bytes memory badSignerValidationData = abi.encode(deviceId, expires, sig);
+
+        assertFalse(validator.isValidDiscountRegistration(user, badSignerValidationData));
+    }
+
+    function test_returnsTrue_whenEverythingIsHappy() public {
+        assertTrue(validator.isValidDiscountRegistration(user, _getDefaultValidationData()));
+    }
+}

test/discounts/TBADiscountValidator/TBADiscountValidatorBase.t.sol

@@ -0,0 +1,35 @@
+//SPDX-License-Identifier: MIT
+pragma solidity ^0.8.23;
+
+import {Test} from "forge-std/Test.sol";
+import {TBADiscountValidator} from "src/L2/discounts/TBADiscountValidator.sol";
+
+contract TBADiscountValidatorBase is Test {
+    TBADiscountValidator validator;
+
+    address public user = makeAddr("user");
+    address public signer;
+    uint256 public signerPk;
+    bytes32 deviceId;
+
+    uint64 time = 1717200000;
+    uint64 expires = 1893456000;
+
+    function setUp() public {
+        vm.warp(time);
+        (signer, signerPk) = makeAddrAndKey("signer");
+        deviceId = keccak256("device");
+        validator = new TBADiscountValidator(signer);
+    }
+
+    function _getDefaultValidationData() internal virtual returns (bytes memory) {
+        bytes32 digest = _makeSignatureHash(user, deviceId, expires);
+        (uint8 v, bytes32 r, bytes32 s) = vm.sign(signerPk, digest);
+        bytes memory sig = abi.encodePacked(r, s, v);
+        return abi.encode(deviceId, expires, sig);
+    }
+
+    function _makeSignatureHash(address claimer, bytes32 deviceId_, uint64 expires_) internal view returns (bytes32) {
+        return keccak256(abi.encodePacked(hex"1900", address(validator), claimer, deviceId_, expires_));
+    }
+}