feat: Add campaign duplication prevention with timestamp tracking

Author: Alberto Galan

CONTRIBUTION_PROOF_DELEGATION.md

@@ -1,141 +1,228 @@
-# Proof Delegation Contribution
+# Proof Delegation System for Boundless Signal Campaign
 
-This contribution adds proof delegation functionality to Boundless, allowing provers to securely delegate their proof solving achievements to another address for campaign participation.
+## Problem Statement
 
-## Problem Solved
-
-Users running Boundless provers face a security dilemma:
-- **Security**: They use dedicated wallets for proving (to avoid exposing private keys on servers)
-- **Campaign**: The Boundless Signal campaign requires using their main wallet to claim points
-- **Mismatch**: The proofs are on the prover wallet, but points need to be claimed on the main wallet
+Users running Boundless provers with dedicated wallets cannot claim campaign points because their prover wallet differs from their main wallet connected to social profiles. This creates a security vs. convenience trade-off where users must either:
+- Risk their main wallet's private key on rented servers, or
+- Miss out on campaign rewards
 
 ## Solution
 
-A **Proof Delegation Contract** that allows provers to securely delegate their proof solving to another address using EIP-712 signatures.
-
-### Key Features
-
-- ✅ **Secure**: Uses EIP-712 signatures - no private key exposure required
-- ✅ **Simple**: Uses existing .env file from Boundless service
-- ✅ **Permanent**: Delegations are permanent for ease of use
-- ✅ **Comprehensive**: Delegates all proof solving, not specific proofs
-- ✅ **Fast**: Can be deployed and used immediately
-- ✅ **Compatible**: Works with existing Boundless infrastructure
+A proof delegation system that allows provers to securely delegate their proof-solving accreditation to another address using EIP-712 signatures.
 
-## Files Added/Modified
+## Features
 
-### New Files
-- `contracts/src/ProofDelegation.sol` - The delegation contract
-- `scripts/delegate-proofs.js` - User-friendly delegation script
-- `scripts/deploy.js` - Deployment script
+### Core Features
+- **Permanent Delegation**: One-time, unrevocable delegation for simplicity
+- **EIP-712 Signatures**: Secure delegation without private key exposure
+- **Nonce Protection**: Prevents replay attacks
+- **CLI Integration**: Seamless integration with existing Boundless CLI
+- **User-Friendly Scripts**: Easy-to-use Node.js scripts
 
-### Modified Files
-- `crates/boundless-cli/src/bin/boundless.rs` - Added delegation CLI commands
-- `crates/boundless-market/src/deployments.rs` - Added delegation contract address field
+### Security Features
+- **One-Time Delegation**: Provers can only delegate once
+- **Signature Verification**: Cryptographic proof of delegation intent
+- **Deadline Protection**: Signatures expire to prevent stale delegations
 
 ## Usage
 
-### Deploy Contract
+### Using the CLI
 ```bash
-forge create ProofDelegation --rpc-url https://mainnet.base.org --private-key YOUR_PRIVATE_KEY
+# Delegate proofs to another address
+boundless account delegate-proofs --target-address 0x1234... --deadline 1735689600
 ```
 
-### Delegate Proof Solving
+### Using the Script
 ```bash
-# Using the script
-node scripts/delegate-proofs.js delegate 0x1234...your_main_wallet
+# Delegate proofs
+node scripts/delegate-proofs.js delegate 0x1234...
 
-# Using the CLI (after deployment)
-boundless account delegate-proofs --target-address 0x1234...your_main_wallet
+# Check delegation status
+node scripts/delegate-proofs.js check 0x1234...
 ```
 
-### Check Delegation
-```bash
-node scripts/delegate-proofs.js check 0x1234...your_main_wallet
-```
+## Contract Details
 
-## Environment Variables
+### ProofDelegation.sol
+- **Deployment**: Deploy to Base mainnet
+- **Functions**: `delegateProofs`, `getProverTarget`, `getDelegationTimestamp`
+- **Events**: `ProofDelegated`, `CampaignDelegationCreated`
+- **Security**: EIP-712 signatures, nonce protection, one-time delegation
 
-Add to your existing `.env` file (same as your Boundless service):
-```env
-PRIVATE_KEY=0x...your_prover_wallet_private_key
-RPC_URL=https://mainnet.base.org
-PROOF_DELEGATION_ADDRESS=0x...deployed_contract_address
+### Key Functions
+```solidity
+function delegateProofs(
+    address prover,
+    address target,
+    uint256 deadline,
+    bytes calldata signature
+) external
+
+function getProverTarget(address prover) external view returns (address)
+function getDelegationTimestamp(address prover) external view returns (uint256)
 ```
 
-## Contract Details
+## Campaign Backend Integration
 
-### ProofDelegation.sol
+### Preventing Duplication Exploits
+
+The delegation system includes specific features to prevent users from claiming multiple rewards:
+
+#### 1. Delegation Timestamp Tracking
 ```solidity
-contract ProofDelegation is EIP712, Ownable {
-    // Delegate all proof solving to target (permanent)
-    function delegateProofs(
-        address prover,
-        address target,
-        uint256 deadline,
-        bytes calldata signature
-    ) external;
-    
-    // Check if address has delegated proof solving
-    function hasDelegatedProofs(address target) external view returns (bool);
+mapping(address => uint256) public delegationTimestamps;
+event CampaignDelegationCreated(
+    address indexed prover, 
+    address indexed target, 
+    uint256 timestamp,
+    uint256 blockNumber
+);
+```
+
+#### 2. Backend Integration Strategy
+
+**When a delegation is detected, the campaign backend should:**
+
+1. **Check Delegation Timing**:
+   ```javascript
+   const delegationTimestamp = await contract.getDelegationTimestamp(proverAddress);
+   const campaignClaims = await getCampaignClaims(proverAddress);
+   ```
+
+2. **Handle Pre-Claim Delegations**:
+   - If prover already claimed rewards → **Disqualify prover** from future claims
+   - If prover hasn't claimed → **Transfer eligibility** to target address
+
+3. **Update Campaign Records**:
+   ```javascript
+   function handleDelegation(proverAddress, targetAddress) {
+     const hasClaimed = await checkIfAddressClaimed(proverAddress);
+     
+     if (hasClaimed) {
+       // Disqualify prover from future claims
+       disqualifyAddress(proverAddress);
+     } else {
+       // Transfer claim eligibility to target
+       transferClaimEligibility(proverAddress, targetAddress);
+     }
+   }
+   ```
+
+#### 3. Campaign Query Integration
+
+**For campaign point calculation:**
+```javascript
+function getEffectiveAddress(proverAddress) {
+  const delegatedTarget = await contract.getProverTarget(proverAddress);
+  return delegatedTarget || proverAddress;
 }
 ```
 
-### Security Features
-- **EIP-712 Signatures**: Secure, standardized signature format
+**For proof counting:**
+```javascript
+function countProofsForCampaign(address) {
+  // Check if address has delegated proofs
+  const delegatedProver = await contract.getDelegatedProver(address);
+  
+  if (delegatedProver) {
+    // Count proofs from the delegated prover
+    return await countProofs(delegatedProver);
+  } else {
+    // Count proofs directly
+    return await countProofs(address);
+  }
+}
+```
+
+### Campaign Integration Steps
+
+1. **Deploy Contract**: Deploy `ProofDelegation` to Base mainnet
+2. **Update Campaign Backend**: 
+   - Listen for `CampaignDelegationCreated` events
+   - Implement duplication prevention logic
+   - Update proof counting to use `getEffectiveAddress()`
+3. **Update Frontend**: Show delegation status in campaign UI
+4. **Documentation**: Update campaign docs to explain delegation
+
+## Security Considerations
+
+### Delegation Security
+- **EIP-712 Signatures**: Cryptographically secure delegation
 - **Nonce Protection**: Prevents replay attacks
-- **Deadline Support**: Time-limited signatures
-- **Permanent Delegations**: Once delegated, cannot be revoked for simplicity
-- **One-Time Only**: Each prover can only delegate once
+- **Deadline Protection**: Signatures expire automatically
+- **One-Time Delegation**: Prevents multiple delegations
 
-## Integration with Campaign System
+### Campaign Security
+- **Timestamp Tracking**: Prevents retroactive delegation exploits
+- **Backend Validation**: Server-side verification of delegation status
+- **Claim Tracking**: Prevents double-claiming through delegation
 
-The campaign system needs to be updated to check for delegated proof solving:
+## Integration with Existing Systems
 
-```javascript
-// Check for delegated proof solving
-const delegationContract = new ethers.Contract(DELEGATION_ADDRESS, ABI, provider);
-const hasDelegated = await delegationContract.hasDelegatedProofs(userAddress);
-
-if (hasDelegated) {
-    const proverAddress = await delegationContract.getDelegatedProver(userAddress);
-    const delegatedProofs = await getProofDeliveredEvents(proverAddress, provider);
-    // Include delegated proofs in point calculation
-}
+### Boundless CLI
+- New `delegate-proofs` subcommand under `account`
+- Uses existing `.env` configuration
+- Integrates with current CLI architecture
+
+### Campaign System
+- **Event Listening**: Monitor `CampaignDelegationCreated` events
+- **Proof Counting**: Use `getEffectiveAddress()` for accurate counts
+- **Claim Validation**: Check delegation status before allowing claims
+
+## Deployment
+
+### Contract Deployment
+```bash
+# Using Foundry
+forge script scripts/DeployProofDelegation.s.sol --rpc-url $RPC_URL --broadcast
 ```
 
+### Backend Integration
+1. Add delegation contract address to campaign configuration
+2. Implement event listener for `CampaignDelegationCreated`
+3. Update proof counting logic to use delegation
+4. Add duplication prevention logic
+
 ## Testing
 
-### Local Testing
+### Contract Testing
 ```bash
-# Start local node
-anvil
+# Run Foundry tests
+forge test --match-contract ProofDelegation
+```
 
-# Deploy to local network
-forge create ProofDelegation --rpc-url http://localhost:8545 --private-key 0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80
+### Integration Testing
+```bash
+# Test CLI integration
+boundless account delegate-proofs --target-address 0x1234...
 
-# Test delegation
-PRIVATE_KEY=0xac0974bec39a17e36ba4a6b4d238ff944bacb478cbed5efcae784d7bf4f2ff80 \
-RPC_URL=http://localhost:8545 \
-PROOF_DELEGATION_ADDRESS=0x... \
-node scripts/delegate-proofs.js delegate 0x70997970C51812dc3A010C7d01b50e0d17dc79C8
+# Test script functionality
+node scripts/delegate-proofs.js delegate 0x1234...
 ```
 
-## Backward Compatibility
+## Files Modified
 
-All changes are **backward compatible**:
-- ✅ Optional delegation contract address in deployments
-- ✅ Existing CLI commands continue to work
-- ✅ No breaking changes to existing functionality
-- ✅ Existing deployments work without modification
+### New Files
+- `contracts/src/ProofDelegation.sol` - Core delegation contract
+- `scripts/delegate-proofs.js` - User-friendly delegation script
+- `scripts/deploy.js` - Deployment script
+- `CONTRIBUTION_PROOF_DELEGATION.md` - This documentation
 
-## Security Considerations
+### Modified Files
+- `crates/boundless-cli/src/bin/boundless.rs` - Added delegation CLI commands
+- `crates/boundless-market/src/deployments.rs` - Added optional delegation contract address
+
+## Next Steps
 
-1. **Private Key Security**: Script requires prover's private key, but only for signing delegation
-2. **Signature Verification**: Contract verifies EIP-712 signatures to ensure only the prover can delegate
-3. **Nonce Protection**: Each delegation uses a unique nonce to prevent replay attacks
-4. **Permanent Delegations**: Once delegated, cannot be revoked for simplicity
+1. **Review & Merge**: Submit PR to Boundless repository
+2. **Deploy Contract**: Deploy to Base mainnet
+3. **Update Campaign**: Integrate delegation into campaign backend
+4. **User Documentation**: Update campaign docs with delegation instructions
+5. **Monitoring**: Monitor delegation usage and campaign integration
 
-## License
+## Support
 
-This contribution follows the same license as the Boundless project. 
+For questions or issues with the delegation system:
+- Open an issue in the Boundless repository
+- Check the campaign documentation for integration details
+- Review the contract code for technical implementation 

contracts/src/ProofDelegation.sol

@@ -24,11 +24,22 @@ contract ProofDelegation is EIP712, Ownable {
     // Mapping from prover address to target address
     mapping(address => address) public proverTargets;
 
+    // Mapping to track delegation timestamps for campaign integration
+    mapping(address => uint256) public delegationTimestamps;
+    
     // Nonce tracking for replay protection
     mapping(address => uint256) public nonces;
 
     // Events
-    event ProofDelegated(address indexed prover, address indexed target, uint256 nonce);
+    event ProofDelegated(address indexed prover, address indexed target, uint256 nonce, uint256 timestamp);
+    
+    // Campaign-specific event for backend integration
+    event CampaignDelegationCreated(
+        address indexed prover, 
+        address indexed target, 
+        uint256 timestamp,
+        uint256 blockNumber
+    );
 
     constructor() EIP712("ProofDelegation", "1") Ownable(msg.sender) {}
 
@@ -64,8 +75,10 @@ contract ProofDelegation is EIP712, Ownable {
 
         delegatedProvers[target] = prover;
         proverTargets[prover] = target;
+        delegationTimestamps[prover] = block.timestamp;
 
-        emit ProofDelegated(prover, target, nonce);
+        emit ProofDelegated(prover, target, nonce, block.timestamp);
+        emit CampaignDelegationCreated(prover, target, block.timestamp, block.number);
     }
 
     /**
@@ -103,4 +116,13 @@ contract ProofDelegation is EIP712, Ownable {
     function hasDelegatedProofs(address target) external view returns (bool) {
         return delegatedProvers[target] != address(0);
     }
+
+    /**
+     * @notice Get the timestamp when a prover delegated their proofs
+     * @param prover The prover address
+     * @return The delegation timestamp, 0 if not delegated
+     */
+    function getDelegationTimestamp(address prover) external view returns (uint256) {
+        return delegationTimestamps[prover];
+    }
 }