智能合约:PredictionMarket.sol
现在让我们部署 CRE workflow 将要与之交互的智能合约。
工作原理
我们的预测市场支持四个关键操作:
┌─────────────────────────────────────────────────────────────────────────┐
│ 预测市场全流程 │
├─────────────────────────────────────────────────────────────────────────┤
│ │
│ 1. 创建市场 │
│ 每个人都可以创建一个 Yes/No 两个选项的市场 │
│ 例子: "Will Argentina win the 2022 World Cup?" │
│ │
│ 2. 预测 │
│ 用户通过质押 ETH 选择 Yes 或者 No │
│ → 资金回去 Yes 或者 No 的池子 │
│ │
│ 3. 申请结算 │
│ 任何人都可以申请结算 │
│ → Emits SettlementRequested 事件 │
│ → CRE Log Trigger 监控到 event │
│ → CRE 询问 Deepseek AI 市场答案。 │
│ → CRE 将结果写入 onReport() 函数 │
│ │
│ 4. 收回资金。 │
│ 赢家可以输家池子中获取自己对应的份额 │
│ → 你质押的数量 * (池子总质押量 / 赢家池子质押数量) │
│ │
└─────────────────────────────────────────────────────────────────────────┘
构建 CRE 兼容合约
为了让智能合约能够接收来自 CRE 的数据,它必须实现 IReceiver 接口。该接口定义了一个 onReport() 函数,由 Chainlink KeystoneForwarder 合约调用以传递已验证的数据。
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import {IERC165} from "@openzeppelin/contracts/utils/introspection/IERC165.sol";
/// @title IReceiver - receives keystone reports
/// @notice Implementations must support the IReceiver interface through ERC165.
interface IReceiver is IERC165 {
/// @notice Handles incoming keystone reports.
/// @dev If this function call reverts, it can be retried with a higher gas
/// limit. The receiver is responsible for discarding stale reports.
/// @param metadata Report's metadata.
/// @param report Workflow report.
function onReport(bytes calldata metadata, bytes calldata report) external;
}
虽然你可以手动实现 IReceiver,我们建议使用 ReceiverTemplate——一个抽象合约,可处理 ERC165 支持、metadata 解码和安全检查(forwarder 验证)等样板代码,让你把精力放在 _processReport() 中的业务逻辑上。
用于模拟的
MockKeystoneForwarder合约在 Ethereum Sepolia 上的地址见:https://sepolia.etherscan.io/address/0x15fc6ae953e024d975e77382eeec56a9101f9f88#code
CRE 将数据投递到你的合约的方式如下:
- CRE 不会直接调用你的合约——它会把已签名的 report 提交给 Chainlink
KeystoneForwarder合约 - Forwarder 验证签名——确保 report 来自受信任的 DON
- Forwarder 调用
onReport()——把已验证的数据投递到你的合约 - 你进行解码和处理——从 report 字节中提取数据
这种两步模式(workflow → forwarder → 你的合约)确保所有数据在进入你的合约之前都经过密码学验证。
合约代码
// SPDX-License-Identifier: MIT
pragma solidity 0.8.24;
import {ReceiverTemplate} from "./interfaces/ReceiverTemplate.sol";
/// @title PredictionMarket
/// @notice A simplified prediction market for CRE bootcamp.
contract PredictionMarket is ReceiverTemplate {
error MarketDoesNotExist();
error MarketAlreadySettled();
error MarketNotSettled();
error AlreadyPredicted();
error InvalidAmount();
error NothingToClaim();
error AlreadyClaimed();
error TransferFailed();
event MarketCreated(uint256 indexed marketId, string question, address creator);
event PredictionMade(uint256 indexed marketId, address indexed predictor, Prediction prediction, uint256 amount);
event SettlementRequested(uint256 indexed marketId, string question);
event MarketSettled(uint256 indexed marketId, Prediction outcome, uint16 confidence);
event WinningsClaimed(uint256 indexed marketId, address indexed claimer, uint256 amount);
enum Prediction {
Yes,
No
}
struct Market {
address creator;
uint48 createdAt;
uint48 settledAt;
bool settled;
uint16 confidence;
Prediction outcome;
uint256 totalYesPool;
uint256 totalNoPool;
string question;
}
struct UserPrediction {
uint256 amount;
Prediction prediction;
bool claimed;
}
uint256 internal nextMarketId;
mapping(uint256 marketId => Market market) internal markets;
mapping(uint256 marketId => mapping(address user => UserPrediction)) internal predictions;
/// @notice Constructor sets the Chainlink Forwarder address for security
/// @param _forwarderAddress The address of the Chainlink KeystoneForwarder contract
/// @dev For Sepolia testnet, use: 0x15fc6ae953e024d975e77382eeec56a9101f9f88
constructor(address _forwarderAddress) ReceiverTemplate(_forwarderAddress) {}
// ================================================================
// │ Create market │
// ================================================================
/// @notice Create a new prediction market.
/// @param question The question for the market.
/// @return marketId The ID of the newly created market.
function createMarket(string memory question) public returns (uint256 marketId) {
marketId = nextMarketId++;
markets[marketId] = Market({
creator: msg.sender,
createdAt: uint48(block.timestamp),
settledAt: 0,
settled: false,
confidence: 0,
outcome: Prediction.Yes,
totalYesPool: 0,
totalNoPool: 0,
question: question
});
emit MarketCreated(marketId, question, msg.sender);
}
// ================================================================
// │ Predict │
// ================================================================
/// @notice Make a prediction on a market.
/// @param marketId The ID of the market.
/// @param prediction The prediction (Yes or No).
function predict(uint256 marketId, Prediction prediction) external payable {
Market memory m = markets[marketId];
if (m.creator == address(0)) revert MarketDoesNotExist();
if (m.settled) revert MarketAlreadySettled();
if (msg.value == 0) revert InvalidAmount();
UserPrediction memory userPred = predictions[marketId][msg.sender];
if (userPred.amount != 0) revert AlreadyPredicted();
predictions[marketId][msg.sender] = UserPrediction({
amount: msg.value,
prediction: prediction,
claimed: false
});
if (prediction == Prediction.Yes) {
markets[marketId].totalYesPool += msg.value;
} else {
markets[marketId].totalNoPool += msg.value;
}
emit PredictionMade(marketId, msg.sender, prediction, msg.value);
}
// ================================================================
// │ Request settlement │
// ================================================================
/// @notice Request settlement for a market.
/// @dev Emits SettlementRequested event for CRE Log Trigger.
/// @param marketId The ID of the market to settle.
function requestSettlement(uint256 marketId) external {
Market memory m = markets[marketId];
if (m.creator == address(0)) revert MarketDoesNotExist();
if (m.settled) revert MarketAlreadySettled();
emit SettlementRequested(marketId, m.question);
}
// ================================================================
// │ Market settlement by CRE │
// ================================================================
/// @notice Settles a market from a CRE report with AI-determined outcome.
/// @dev Called via onReport → _processReport when prefix byte is 0x01.
/// @param report ABI-encoded (uint256 marketId, Prediction outcome, uint16 confidence)
function _settleMarket(bytes calldata report) internal {
(uint256 marketId, Prediction outcome, uint16 confidence) = abi.decode(
report,
(uint256, Prediction, uint16)
);
Market memory m = markets[marketId];
if (m.creator == address(0)) revert MarketDoesNotExist();
if (m.settled) revert MarketAlreadySettled();
markets[marketId].settled = true;
markets[marketId].confidence = confidence;
markets[marketId].settledAt = uint48(block.timestamp);
markets[marketId].outcome = outcome;
emit MarketSettled(marketId, outcome, confidence);
}
// ================================================================
// │ CRE Entry Point │
// ================================================================
/// @inheritdoc ReceiverTemplate
/// @dev Routes to either market creation or settlement based on prefix byte.
/// - No prefix → Create market (Day 1)
/// - Prefix 0x01 → Settle market (Day 2)
function _processReport(bytes calldata report) internal override {
if (report.length > 0 && report[0] == 0x01) {
_settleMarket(report[1:]);
} else {
string memory question = abi.decode(report, (string));
createMarket(question);
}
}
// ================================================================
// │ Claim winnings │
// ================================================================
/// @notice Claim winnings after market settlement.
/// @param marketId The ID of the market.
function claim(uint256 marketId) external {
Market memory m = markets[marketId];
if (m.creator == address(0)) revert MarketDoesNotExist();
if (!m.settled) revert MarketNotSettled();
UserPrediction memory userPred = predictions[marketId][msg.sender];
if (userPred.amount == 0) revert NothingToClaim();
if (userPred.claimed) revert AlreadyClaimed();
if (userPred.prediction != m.outcome) revert NothingToClaim();
predictions[marketId][msg.sender].claimed = true;
uint256 totalPool = m.totalYesPool + m.totalNoPool;
uint256 winningPool = m.outcome == Prediction.Yes ? m.totalYesPool : m.totalNoPool;
uint256 payout = (userPred.amount * totalPool) / winningPool;
(bool success,) = msg.sender.call{value: payout}("");
if (!success) revert TransferFailed();
emit WinningsClaimed(marketId, msg.sender, payout);
}
// ================================================================
// │ Getters │
// ================================================================
/// @notice Get market details.
/// @param marketId The ID of the market.
function getMarket(uint256 marketId) external view returns (Market memory) {
return markets[marketId];
}
/// @notice Get user's prediction for a market.
/// @param marketId The ID of the market.
/// @param user The user's address.
function getPrediction(uint256 marketId, address user) external view returns (UserPrediction memory) {
return predictions[marketId][user];
}
}
关键 CRE 集成点
1. SettlementRequested 事件
event SettlementRequested(uint256 indexed marketId, string question);
该事件是 CRELog Trigger监听的对象。一旦被触发,CRE 会自动运行结算 workflow。
2. onReport 函数
ReceiverTemplate 基类会自动处理 onReport(),包括安全检查,确保只有受信任的 Chainlink KeystoneForwarder 可以调用。你的合约只需实现 _processReport() 来处理解码后的 report 数据。
CRE 通过 KeystoneForwarder 调用 onReport() 以投递结算结果。report 中包含经 ABI 编码的 (marketId, outcome, confidence)。
设置 Foundry 项目
我们将为智能合约创建一个新的 Foundry 项目。在 prediction-market 目录下执行:
# Create a new Foundry project
forge init contracts
你会看到:
Initializing forge project...
Installing dependencies...
Installed forge-std
创建合约文件
- 创建 interface 目录:
cd contracts
mkdir -p src/interfaces
- 安装 OpenZeppelin Contracts(ReceiverTemplate 需要):
forge install OpenZeppelin/openzeppelin-contracts
- 创建 interface 文件:
创建 src/interfaces/IReceiver.sol:
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import {IERC165} from "@openzeppelin/contracts/utils/introspection/IERC165.sol";
interface IReceiver is IERC165 {
function onReport(bytes calldata metadata, bytes calldata report) external;
}
创建 src/interfaces/ReceiverTemplate.sol:
ReceiverTemplate 提供 forwarder 地址校验、可选的 workflow 校验、ERC165 支持以及 metadata 解码工具。请复制完整实现:
// SPDX-License-Identifier: MIT
pragma solidity ^0.8.0;
import {IERC165} from "@openzeppelin/contracts/utils/introspection/IERC165.sol";
import {IReceiver} from "./IReceiver.sol";
import {Ownable} from "@openzeppelin/contracts/access/Ownable.sol";
/// @title ReceiverTemplate - Abstract receiver with optional permission controls
/// @notice Provides flexible, updatable security checks for receiving workflow reports
/// @dev The forwarder address is required at construction time for security.
/// Additional permission fields can be configured using setter functions.
abstract contract ReceiverTemplate is IReceiver, Ownable {
// Required permission field at deployment, configurable after
address private s_forwarderAddress; // If set, only this address can call onReport
// Optional permission fields (all default to zero = disabled)
address private s_expectedAuthor; // If set, only reports from this workflow owner are accepted
bytes10 private s_expectedWorkflowName; // Only validated when s_expectedAuthor is also set
bytes32 private s_expectedWorkflowId; // If set, only reports from this specific workflow ID are accepted
// Hex character lookup table for bytes-to-hex conversion
bytes private constant HEX_CHARS = "0123456789abcdef";
// Custom errors
error InvalidForwarderAddress();
error InvalidSender(address sender, address expected);
error InvalidAuthor(address received, address expected);
error InvalidWorkflowName(bytes10 received, bytes10 expected);
error InvalidWorkflowId(bytes32 received, bytes32 expected);
error WorkflowNameRequiresAuthorValidation();
// Events
event ForwarderAddressUpdated(address indexed previousForwarder, address indexed newForwarder);
event ExpectedAuthorUpdated(address indexed previousAuthor, address indexed newAuthor);
event ExpectedWorkflowNameUpdated(bytes10 indexed previousName, bytes10 indexed newName);
event ExpectedWorkflowIdUpdated(bytes32 indexed previousId, bytes32 indexed newId);
event SecurityWarning(string message);
/// @notice Constructor sets msg.sender as the owner and configures the forwarder address
/// @param _forwarderAddress The address of the Chainlink Forwarder contract (cannot be address(0))
/// @dev The forwarder address is required for security - it ensures only verified reports are processed
constructor(
address _forwarderAddress
) Ownable(msg.sender) {
if (_forwarderAddress == address(0)) {
revert InvalidForwarderAddress();
}
s_forwarderAddress = _forwarderAddress;
emit ForwarderAddressUpdated(address(0), _forwarderAddress);
}
/// @notice Returns the configured forwarder address
/// @return The forwarder address (address(0) if disabled)
function getForwarderAddress() external view returns (address) {
return s_forwarderAddress;
}
/// @notice Returns the expected workflow author address
/// @return The expected author address (address(0) if not set)
function getExpectedAuthor() external view returns (address) {
return s_expectedAuthor;
}
/// @notice Returns the expected workflow name
/// @return The expected workflow name (bytes10(0) if not set)
function getExpectedWorkflowName() external view returns (bytes10) {
return s_expectedWorkflowName;
}
/// @notice Returns the expected workflow ID
/// @return The expected workflow ID (bytes32(0) if not set)
function getExpectedWorkflowId() external view returns (bytes32) {
return s_expectedWorkflowId;
}
/// @inheritdoc IReceiver
/// @dev Performs optional validation checks based on which permission fields are set
function onReport(
bytes calldata metadata,
bytes calldata report
) external override {
// Security Check 1: Verify caller is the trusted Chainlink Forwarder (if configured)
if (s_forwarderAddress != address(0) && msg.sender != s_forwarderAddress) {
revert InvalidSender(msg.sender, s_forwarderAddress);
}
// Security Checks 2-4: Verify workflow identity - ID, owner, and/or name (if any are configured)
if (s_expectedWorkflowId != bytes32(0) || s_expectedAuthor != address(0) || s_expectedWorkflowName != bytes10(0)) {
(bytes32 workflowId, bytes10 workflowName, address workflowOwner) = _decodeMetadata(metadata);
if (s_expectedWorkflowId != bytes32(0) && workflowId != s_expectedWorkflowId) {
revert InvalidWorkflowId(workflowId, s_expectedWorkflowId);
}
if (s_expectedAuthor != address(0) && workflowOwner != s_expectedAuthor) {
revert InvalidAuthor(workflowOwner, s_expectedAuthor);
}
// ================================================================
// WORKFLOW NAME VALIDATION - REQUIRES AUTHOR VALIDATION
// ================================================================
// Do not rely on workflow name validation alone. Workflow names are unique
// per owner, but not across owners.
// Furthermore, workflow names use 40-bit truncation (bytes10), making collisions possible.
// Therefore, workflow name validation REQUIRES author (workflow owner) validation.
// The code enforces this dependency at runtime.
// ================================================================
if (s_expectedWorkflowName != bytes10(0)) {
// Author must be configured if workflow name is used
if (s_expectedAuthor == address(0)) {
revert WorkflowNameRequiresAuthorValidation();
}
// Validate workflow name matches (author already validated above)
if (workflowName != s_expectedWorkflowName) {
revert InvalidWorkflowName(workflowName, s_expectedWorkflowName);
}
}
}
_processReport(report);
}
/// @notice Updates the forwarder address that is allowed to call onReport
/// @param _forwarder The new forwarder address
/// @dev WARNING: Setting to address(0) disables forwarder validation.
/// This makes your contract INSECURE - anyone can call onReport() with arbitrary data.
/// Only use address(0) if you fully understand the security implications.
function setForwarderAddress(
address _forwarder
) external onlyOwner {
address previousForwarder = s_forwarderAddress;
// Emit warning if disabling forwarder check
if (_forwarder == address(0)) {
emit SecurityWarning("Forwarder address set to zero - contract is now INSECURE");
}
s_forwarderAddress = _forwarder;
emit ForwarderAddressUpdated(previousForwarder, _forwarder);
}
/// @notice Updates the expected workflow owner address
/// @param _author The new expected author address (use address(0) to disable this check)
function setExpectedAuthor(
address _author
) external onlyOwner {
address previousAuthor = s_expectedAuthor;
s_expectedAuthor = _author;
emit ExpectedAuthorUpdated(previousAuthor, _author);
}
/// @notice Updates the expected workflow name from a plaintext string
/// @param _name The workflow name as a string (use empty string "" to disable this check)
/// @dev IMPORTANT: Workflow name validation REQUIRES author validation to be enabled.
/// The workflow name uses only 40-bit truncation, making collision attacks feasible
/// when used alone. However, since workflow names are unique per owner, validating
/// both the name AND the author address provides adequate security.
/// You must call setExpectedAuthor() before or after calling this function.
/// The name is hashed using SHA256 and truncated to bytes10.
function setExpectedWorkflowName(
string calldata _name
) external onlyOwner {
bytes10 previousName = s_expectedWorkflowName;
if (bytes(_name).length == 0) {
s_expectedWorkflowName = bytes10(0);
emit ExpectedWorkflowNameUpdated(previousName, bytes10(0));
return;
}
// Convert workflow name to bytes10:
// SHA256 hash → hex encode → take first 10 chars → hex encode those chars
bytes32 hash = sha256(bytes(_name));
bytes memory hexString = _bytesToHexString(abi.encodePacked(hash));
bytes memory first10 = new bytes(10);
for (uint256 i = 0; i < 10; i++) {
first10[i] = hexString[i];
}
s_expectedWorkflowName = bytes10(first10);
emit ExpectedWorkflowNameUpdated(previousName, s_expectedWorkflowName);
}
/// @notice Updates the expected workflow ID
/// @param _id The new expected workflow ID (use bytes32(0) to disable this check)
function setExpectedWorkflowId(
bytes32 _id
) external onlyOwner {
bytes32 previousId = s_expectedWorkflowId;
s_expectedWorkflowId = _id;
emit ExpectedWorkflowIdUpdated(previousId, _id);
}
/// @notice Helper function to convert bytes to hex string
/// @param data The bytes to convert
/// @return The hex string representation
function _bytesToHexString(
bytes memory data
) private pure returns (bytes memory) {
bytes memory hexString = new bytes(data.length * 2);
for (uint256 i = 0; i < data.length; i++) {
hexString[i * 2] = HEX_CHARS[uint8(data[i] >> 4)];
hexString[i * 2 + 1] = HEX_CHARS[uint8(data[i] & 0x0f)];
}
return hexString;
}
/// @notice Extracts all metadata fields from the onReport metadata parameter
/// @param metadata The metadata bytes encoded using abi.encodePacked(workflowId, workflowName, workflowOwner)
/// @return workflowId The unique identifier of the workflow (bytes32)
/// @return workflowName The name of the workflow (bytes10)
/// @return workflowOwner The owner address of the workflow
function _decodeMetadata(
bytes memory metadata
) internal pure returns (bytes32 workflowId, bytes10 workflowName, address workflowOwner) {
// Metadata structure (encoded using abi.encodePacked by the Forwarder):
// - First 32 bytes: length of the byte array (standard for dynamic bytes)
// - Offset 32, size 32: workflow_id (bytes32)
// - Offset 64, size 10: workflow_name (bytes10)
// - Offset 74, size 20: workflow_owner (address)
assembly {
workflowId := mload(add(metadata, 32))
workflowName := mload(add(metadata, 64))
workflowOwner := shr(mul(12, 8), mload(add(metadata, 74)))
}
return (workflowId, workflowName, workflowOwner);
}
/// @notice Abstract function to process the report data
/// @param report The report calldata containing your workflow's encoded data
/// @dev Implement this function with your contract's business logic
function _processReport(
bytes calldata report
) internal virtual;
/// @inheritdoc IERC165
function supportsInterface(
bytes4 interfaceId
) public pure virtual override returns (bool) {
return interfaceId == type(IReceiver).interfaceId || interfaceId == type(IERC165).interfaceId;
}
}
- 更新
foundry.toml,添加 OpenZeppelin remapping:
[profile.default]
src = "src"
out = "out"
libs = ["lib"]
remappings = [
"@openzeppelin/=lib/openzeppelin-contracts/"
]
- 创建
src/PredictionMarket.sol,内容使用上文展示的合约代码。
项目结构
完整的项目结构现在同时包含 CRE workflow 与 Foundry 合约:
prediction-market/
├── project.yaml # CRE project-wide settings
├── secrets.yaml # CRE secret variable mappings
├── my-workflow/ # CRE workflow directory
│ ├── workflow.yaml # Workflow-specific settings
│ ├── main.ts # Workflow entry point
│ ├── config.staging.json # Configuration for simulation
│ ├── package.json # Node.js dependencies
│ └── tsconfig.json # TypeScript configuration
└── contracts/ # Foundry project (newly created)
├── foundry.toml # Foundry configuration
├── script/ # Deployment scripts (we won't use these)
├── src/
│ ├── PredictionMarket.sol
│ └── interfaces/
│ ├── IReceiver.sol
│ └── ReceiverTemplate.sol
└── test/ # Tests (optional)
编译合约
forge build
你应该看到:
Compiler run successful!
部署合约
我们将使用之前创建的 .env 文件。加载环境变量并部署:
# From the contracts directory
# Load environment variables from .env file
source ../.env
# Deploy with the MockKeystoneForwarder address for Sepolia
forge create src/PredictionMarket.sol:PredictionMarket \
--rpc-url "https://ethereum-sepolia-rpc.publicnode.com" \
--private-key $CRE_ETH_PRIVATE_KEY \
--broadcast \
--constructor-args 0x15fc6ae953e024d975e77382eeec56a9101f9f88
说明:
source ../.env会从prediction-market目录(contracts的父目录)中的.env文件加载变量。
你会看到类似输出:
Deployer: 0x...
Deployed to: 0x... <-- Save this address!
Transaction hash: 0x...
部署之后
保存你的合约地址! 更新 CRE workflow 配置:
cd ../my-workflow
更新 config.staging.json:
{
"deepseekModel": "deepseek-chat",
"evms": [
{
"marketAddress": "0xYOUR_CONTRACT_ADDRESS_HERE",
"chainSelectorName": "ethereum-testnet-sepolia",
"gasLimit": "500000"
}
]
}
本示例将 gasLimit 设为 500000,因为对该场景足够;其他用例可能消耗更多 gas。
说明:我们将在后续章节通过 HTTP trigger workflow 创建市场。目前你只需要完成合约部署。
小结
你现在拥有:
- ✅ 已部署在 Sepolia 上的
PredictionMarket合约 - ✅ CRE 可以监听的
SettlementRequested事件 - ✅ CRE 可以用 AI 判定结果调用的
onReport函数 - ✅ 结算后的赢家领取逻辑