From a0a13b394979297126932ebf7c1c7c47f38f3792 Mon Sep 17 00:00:00 2001 From: xavikh Date: Tue, 10 Dec 2024 11:08:58 +0100 Subject: [PATCH 01/14] Add ERC721 metadata --- src/escrow/increasing/Lock.sol | 47 ++++++++++++++++++++++++++++++-- test/escrow/escrow/Lock.t.sol | 49 ++++++++++++++++++++++++++++++++++ 2 files changed, 94 insertions(+), 2 deletions(-) diff --git a/src/escrow/increasing/Lock.sol b/src/escrow/increasing/Lock.sol index b37dd86..fbf8c5a 100644 --- a/src/escrow/increasing/Lock.sol +++ b/src/escrow/increasing/Lock.sol @@ -2,14 +2,23 @@ pragma solidity ^0.8.17; import {ILock} from "@escrow-interfaces/ILock.sol"; +import {ERC721Upgradeable as ERC721} from "@openzeppelin/contracts-upgradeable/token/ERC721/ERC721Upgradeable.sol"; import {ERC721EnumerableUpgradeable as ERC721Enumerable} from "@openzeppelin/contracts-upgradeable/token/ERC721/extensions/ERC721EnumerableUpgradeable.sol"; +import {ERC721URIStorageUpgradeable} from "@openzeppelin/contracts-upgradeable/token/ERC721/extensions/ERC721URIStorageUpgradeable.sol"; import {ReentrancyGuardUpgradeable as ReentrancyGuard} from "@openzeppelin/contracts-upgradeable/security/ReentrancyGuardUpgradeable.sol"; import {UUPSUpgradeable} from "@openzeppelin/contracts-upgradeable/proxy/utils/UUPSUpgradeable.sol"; import {DaoAuthorizableUpgradeable as DaoAuthorizable} from "@aragon/osx/core/plugin/dao-authorizable/DaoAuthorizableUpgradeable.sol"; import {IDAO} from "@aragon/osx/core/dao/IDAO.sol"; /// @title NFT representation of an escrow locking mechanism -contract Lock is ILock, ERC721Enumerable, UUPSUpgradeable, DaoAuthorizable, ReentrancyGuard { +contract Lock is + ILock, + ERC721Enumerable, + ERC721URIStorageUpgradeable, + UUPSUpgradeable, + DaoAuthorizable, + ReentrancyGuard +{ /// @dev enables transfers without whitelisting address public constant WHITELIST_ANY_ADDRESS = address(uint160(uint256(keccak256("WHITELIST_ANY_ADDRESS")))); @@ -23,6 +32,8 @@ contract Lock is ILock, ERC721Enumerable, UUPSUpgradeable, DaoAuthorizable, Reen /// @notice Whitelisted contracts that are allowed to transfer mapping(address => bool) public whitelisted; + string public baseTokenURI; + /*////////////////////////////////////////////////////////////// Modifiers //////////////////////////////////////////////////////////////*/ @@ -38,7 +49,7 @@ contract Lock is ILock, ERC721Enumerable, UUPSUpgradeable, DaoAuthorizable, Reen function supportsInterface( bytes4 _interfaceId - ) public view override(ERC721Enumerable) returns (bool) { + ) public view override(ERC721Enumerable, ERC721URIStorageUpgradeable) returns (bool) { return super.supportsInterface(_interfaceId) || _interfaceId == type(ILock).interfaceId; } @@ -83,6 +94,16 @@ contract Lock is ILock, ERC721Enumerable, UUPSUpgradeable, DaoAuthorizable, Reen emit WhitelistSet(WHITELIST_ANY_ADDRESS, true); } + /// @notice Override the beforeTokenTransfer as required by ERC721Enumerable + function _beforeTokenTransfer( + address _from, + address _to, + uint256 _tokenId, + uint256 batchSize + ) internal override(ERC721, ERC721Enumerable) { + super._beforeTokenTransfer(_from, _to, _tokenId, batchSize); + } + /// @dev Override the transfer to check if the recipient is whitelisted /// This avoids needing to check for mint/burn but is less idomatic than beforeTokenTransfer function _transfer(address _from, address _to, uint256 _tokenId) internal override { @@ -110,6 +131,28 @@ contract Lock is ILock, ERC721Enumerable, UUPSUpgradeable, DaoAuthorizable, Reen _burn(_tokenId); } + function _burn(uint256 _tokenId) internal override(ERC721, ERC721URIStorageUpgradeable) { + super._burn(_tokenId); + } + + function tokenURI( + uint256 _tokenId + ) public view override(ERC721, ERC721URIStorageUpgradeable) returns (string memory) { + return super.tokenURI(_tokenId); + } + + function _baseURI() internal view override returns (string memory) { + return baseTokenURI; + } + + function setBaseURI(string memory _baseTokenURI) external auth(LOCK_ADMIN_ROLE) { + baseTokenURI = _baseTokenURI; + } + + function setTokenURI(uint256 _tokenId, string memory _tokenURI) external auth(LOCK_ADMIN_ROLE) { + _setTokenURI(_tokenId, _tokenURI); + } + /*////////////////////////////////////////////////////////////// UUPS Upgrade //////////////////////////////////////////////////////////////*/ diff --git a/test/escrow/escrow/Lock.t.sol b/test/escrow/escrow/Lock.t.sol index 4c5ae05..6a9f14f 100644 --- a/test/escrow/escrow/Lock.t.sol +++ b/test/escrow/escrow/Lock.t.sol @@ -5,6 +5,7 @@ import {EscrowBase} from "./EscrowBase.sol"; import {console2 as console} from "forge-std/console2.sol"; import {IDAO} from "@aragon/osx/core/dao/IDAO.sol"; import {DAO} from "@aragon/osx/core/dao/DAO.sol"; +import {DaoUnauthorized} from "@aragon/osx/core/utils/auth.sol"; import {Multisig, MultisigSetup} from "@aragon/multisig/MultisigSetup.sol"; import {ProxyLib} from "@libs/ProxyLib.sol"; @@ -95,6 +96,54 @@ contract TestLockMintBurn is EscrowBase, IEscrowCurveTokenStorage, IGaugeVote { vm.expectRevert("revert"); newLock.mint(address(reentrant), 1); } + + function testSetNFTMetadata() public { + vm.prank(address(escrow)); + nftLock.mint(address(123), 1); + + assertEq(nftLock.tokenURI(1), ""); + + vm.prank(address(this)); + nftLock.setBaseURI("https://example.com/"); + assertEq(nftLock.baseTokenURI(), "https://example.com/"); + assertEq(nftLock.tokenURI(1), "https://example.com/1"); + + vm.prank(address(this)); + nftLock.setTokenURI(1, "?tokenId=1"); + assertEq(nftLock.tokenURI(1), "https://example.com/?tokenId=1"); + + vm.prank(address(escrow)); + nftLock.mint(address(123), 2); + + assertEq(nftLock.tokenURI(2), "https://example.com/2"); + } + + function testOnlyOwnerCanSetNFTMetadata(address _notEscrow) public { + vm.assume(_notEscrow != address(this)); + + bytes memory data = abi.encodeWithSelector( + DaoUnauthorized.selector, + address(dao), + address(nftLock), + address(_notEscrow), + nftLock.LOCK_ADMIN_ROLE() + ); + + vm.prank(address(escrow)); + nftLock.mint(address(123), 1); + + vm.prank(_notEscrow); + vm.expectRevert(data); + nftLock.setBaseURI("https://example.com/"); + + assertEq(nftLock.baseTokenURI(), ""); + assertEq(nftLock.tokenURI(1), ""); + + vm.prank(_notEscrow); + vm.expectRevert(data); + nftLock.setTokenURI(1, "?tokenId=1"); + assertEq(nftLock.tokenURI(1), ""); + } } contract NFTReentrant { From ee6e24cd5da62146d5ac11e0dbb142fd64c1e3b8 Mon Sep 17 00:00:00 2001 From: xavikh Date: Tue, 10 Dec 2024 14:51:58 +0100 Subject: [PATCH 02/14] Add BaseURISet event --- src/escrow/increasing/Lock.sol | 2 ++ src/escrow/increasing/interfaces/ILock.sol | 14 +++++++++++++- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/src/escrow/increasing/Lock.sol b/src/escrow/increasing/Lock.sol index fbf8c5a..5f23dcb 100644 --- a/src/escrow/increasing/Lock.sol +++ b/src/escrow/increasing/Lock.sol @@ -147,6 +147,8 @@ contract Lock is function setBaseURI(string memory _baseTokenURI) external auth(LOCK_ADMIN_ROLE) { baseTokenURI = _baseTokenURI; + + emit BaseURISet(baseTokenURI); } function setTokenURI(uint256 _tokenId, string memory _tokenURI) external auth(LOCK_ADMIN_ROLE) { diff --git a/src/escrow/increasing/interfaces/ILock.sol b/src/escrow/increasing/interfaces/ILock.sol index 82a22a8..90f9914 100644 --- a/src/escrow/increasing/interfaces/ILock.sol +++ b/src/escrow/increasing/interfaces/ILock.sol @@ -1,6 +1,16 @@ // SPDX-License-Identifier: MIT pragma solidity ^0.8.0; +/*/////////////////////////////////////////////////////////////// + METADATA +//////////////////////////////////////////////////////////////*/ + +interface IMetadataEvents { + /// @notice Event emmited when the base metadata URI is updated + /// @param uri New base URI + event BaseURISet(string uri); +} + /*/////////////////////////////////////////////////////////////// WHITELIST //////////////////////////////////////////////////////////////*/ @@ -21,7 +31,9 @@ interface IWhitelist is IWhitelistEvents, IWhitelistErrors { function whitelisted(address addr) external view returns (bool); } -interface ILock is IWhitelist { +interface IMetadata is IMetadataEvents {} + +interface ILock is IWhitelist, IMetadata { error OnlyEscrow(); /// @notice Address of the escrow contract that holds underyling assets From b03321b5fd93a270f5e53af14b2d400ca796ccba Mon Sep 17 00:00:00 2001 From: xavikh Date: Tue, 10 Dec 2024 15:12:31 +0100 Subject: [PATCH 03/14] Check baseTokenURI --- test/escrow/escrow/Lock.t.sol | 1 + 1 file changed, 1 insertion(+) diff --git a/test/escrow/escrow/Lock.t.sol b/test/escrow/escrow/Lock.t.sol index 6a9f14f..c868621 100644 --- a/test/escrow/escrow/Lock.t.sol +++ b/test/escrow/escrow/Lock.t.sol @@ -32,6 +32,7 @@ contract TestLockMintBurn is EscrowBase, IEscrowCurveTokenStorage, IGaugeVote { assertEq(_nftLock.name(), _name); assertEq(_nftLock.symbol(), _symbol); assertEq(_nftLock.escrow(), _escrow); + assertEq(_nftLock.baseTokenURI(), ""); assertEq(address(_nftLock.dao()), _dao); } From e9a8d16e41c24f017f33b2703e50fb31678c76be Mon Sep 17 00:00:00 2001 From: xavikh Date: Wed, 11 Dec 2024 11:53:30 +0100 Subject: [PATCH 04/14] Test supportsInterface --- test/escrow/escrow/Lock.t.sol | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/test/escrow/escrow/Lock.t.sol b/test/escrow/escrow/Lock.t.sol index c868621..338d498 100644 --- a/test/escrow/escrow/Lock.t.sol +++ b/test/escrow/escrow/Lock.t.sol @@ -8,6 +8,9 @@ import {DAO} from "@aragon/osx/core/dao/DAO.sol"; import {DaoUnauthorized} from "@aragon/osx/core/utils/auth.sol"; import {Multisig, MultisigSetup} from "@aragon/multisig/MultisigSetup.sol"; +import {IERC721EnumerableUpgradeable as IERC721Enumerable} from "@openzeppelin/contracts-upgradeable/token/ERC721/extensions/IERC721EnumerableUpgradeable.sol"; +import {IERC721MetadataUpgradeable as IERC721Metadata} from "@openzeppelin/contracts-upgradeable/token/ERC721/extensions/IERC721MetadataUpgradeable.sol"; + import {ProxyLib} from "@libs/ProxyLib.sol"; import {IEscrowCurveTokenStorage} from "@escrow-interfaces/IEscrowCurveIncreasing.sol"; @@ -39,6 +42,8 @@ contract TestLockMintBurn is EscrowBase, IEscrowCurveTokenStorage, IGaugeVote { function testSupportsInterface() public view { assertTrue(nftLock.supportsInterface(type(ILock).interfaceId)); assertFalse(nftLock.supportsInterface(0xffffffff)); + assertTrue(nftLock.supportsInterface(type(IERC721Metadata).interfaceId)); + assertTrue(nftLock.supportsInterface(type(IERC721Enumerable).interfaceId)); } function testFuzz_OnlyEscrowCanMint(address _notEscrow) public { From 2e9db89709001301f393ea5ed31750714ecbb489 Mon Sep 17 00:00:00 2001 From: xavikh Date: Fri, 13 Dec 2024 14:48:17 +0100 Subject: [PATCH 05/14] Allow resets outside voting period --- src/voting/SimpleGaugeVoter.sol | 4 ++-- test/voting/GaugeVote.t.sol | 37 +++++++++++++++++++++++++++++---- 2 files changed, 35 insertions(+), 6 deletions(-) diff --git a/src/voting/SimpleGaugeVoter.sol b/src/voting/SimpleGaugeVoter.sol index a2aa905..7d1d8f3 100644 --- a/src/voting/SimpleGaugeVoter.sol +++ b/src/voting/SimpleGaugeVoter.sol @@ -81,7 +81,7 @@ contract SimpleGaugeVoter is } /*/////////////////////////////////////////////////////////////// - Voting + Voting //////////////////////////////////////////////////////////////*/ /// @notice extrememly simple for loop. We don't need reentrancy checks in this implementation @@ -181,7 +181,7 @@ contract SimpleGaugeVoter is voteData.lastVoted = block.timestamp; } - function reset(uint256 _tokenId) external nonReentrant whenNotPaused whenVotingActive { + function reset(uint256 _tokenId) external nonReentrant whenNotPaused { if (!IVotingEscrow(escrow).isApprovedOrOwner(msg.sender, _tokenId)) revert NotApprovedOrOwner(); if (!isVoting(_tokenId)) revert NotCurrentlyVoting(); diff --git a/test/voting/GaugeVote.t.sol b/test/voting/GaugeVote.t.sol index f5f225b..9698eb5 100644 --- a/test/voting/GaugeVote.t.sol +++ b/test/voting/GaugeVote.t.sol @@ -77,15 +77,44 @@ contract TestGaugeVote is GaugeVotingBase { vm.expectRevert(VotingInactive.selector); voter.vote(0, votes); - // try to reset - vm.expectRevert(VotingInactive.selector); - voter.reset(0); - // vote multiple vm.expectRevert(VotingInactive.selector); voter.voteMultiple(ids, votes); } + function testFuzz_canResetInDistributionPeriod() public { + // create the vote + votes.push(GaugeVote(1, gauge)); + + // vote + vm.startPrank(owner); + { + voter.vote(tokenId, votes); + } + vm.stopPrank(); + + // check the vote + assertEq(voter.isVoting(tokenId), true); + + // warp to the next epoch + vm.warp(block.timestamp + 1 weeks); + + vm.assume(!voter.votingActive()); + + // try to reset + vm.startPrank(owner); + { + voter.reset(tokenId); + } + vm.stopPrank(); + + assertEq(voter.isVoting(tokenId), false); + } + + //Check vp is 0 after reset + //Check gaugeVotes are same before and after reset, and are 0 after next voting period + // + // can't vote if you don't own the token function testCannotVoteIfYouDontOwnTheToken() public { // try to vote as this address (not the holder) From 997c9e718bfc396b2ba9b6a1663cd8c0313f89d6 Mon Sep 17 00:00:00 2001 From: xavikh Date: Fri, 13 Dec 2024 14:49:47 +0100 Subject: [PATCH 06/14] Fix comment --- test/voting/GaugeVote.t.sol | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/test/voting/GaugeVote.t.sol b/test/voting/GaugeVote.t.sol index 9698eb5..61c4b33 100644 --- a/test/voting/GaugeVote.t.sol +++ b/test/voting/GaugeVote.t.sol @@ -96,9 +96,8 @@ contract TestGaugeVote is GaugeVotingBase { // check the vote assertEq(voter.isVoting(tokenId), true); - // warp to the next epoch + // warp to the next distribution period vm.warp(block.timestamp + 1 weeks); - vm.assume(!voter.votingActive()); // try to reset From 61cbba8e1dd183e660f36d6fe830aa5ce970fc46 Mon Sep 17 00:00:00 2001 From: xavikh Date: Fri, 13 Dec 2024 14:50:47 +0100 Subject: [PATCH 07/14] Cleanup comment --- test/voting/GaugeVote.t.sol | 4 ---- 1 file changed, 4 deletions(-) diff --git a/test/voting/GaugeVote.t.sol b/test/voting/GaugeVote.t.sol index 61c4b33..aa51d0e 100644 --- a/test/voting/GaugeVote.t.sol +++ b/test/voting/GaugeVote.t.sol @@ -110,10 +110,6 @@ contract TestGaugeVote is GaugeVotingBase { assertEq(voter.isVoting(tokenId), false); } - //Check vp is 0 after reset - //Check gaugeVotes are same before and after reset, and are 0 after next voting period - // - // can't vote if you don't own the token function testCannotVoteIfYouDontOwnTheToken() public { // try to vote as this address (not the holder) From 7cf3d68230d49f40d180399c462e1c2e330bfec5 Mon Sep 17 00:00:00 2001 From: jordaniza Date: Fri, 13 Dec 2024 17:51:13 +0400 Subject: [PATCH 08/14] feat: migration functionality --- .../increasing/VotingEscrowIncreasing.sol | 81 +++++++++++++++++++ src/libs/CurveConstantLib.sol | 15 ++-- 2 files changed, 86 insertions(+), 10 deletions(-) diff --git a/src/escrow/increasing/VotingEscrowIncreasing.sol b/src/escrow/increasing/VotingEscrowIncreasing.sol index 5da0f60..ff06b9e 100644 --- a/src/escrow/increasing/VotingEscrowIncreasing.sol +++ b/src/escrow/increasing/VotingEscrowIncreasing.sol @@ -88,6 +88,87 @@ contract VotingEscrow is bool private _lockNFTSet; + /*////////////////////////////////////////////////////////////// + Added: V2 + //////////////////////////////////////////////////////////////*/ + + /// @notice Emitted when the user migrates to the new destination contract + /// @param owner The owner of the veNFT at the time of the migration + /// @param oldTokenId TokenId burned in the old staking contract + /// @param newTokenId TokenId minted in the new staking contract + /// @param amount The locked amount migrated between contracts + event Migrated( + address indexed owner, + uint256 indexed oldTokenId, + uint256 indexed newTokenId, + uint256 amount + ); + + /// @notice Emitted when the migrator is added, activating the migration + event MigrationEnabled(address migrator); + + error MigrationAlreadySet(); + error MigrationNotActive(); + + /// @notice The destination staking contract can add this to allow another address to call + /// the migrate function on it + bytes32 public constant MIGRATOR_ROLE = keccak256("MIGRATOR"); + + /// @notice destination migration contract + address public migrator; + + /// @notice The Escrow Admin can enable migrations by setting a destination migration contract. + /// @dev This function also approves all tokens in this contract to be transferred to the new migrator. + /// @param _migrator The address of the destination migration contract + function enableMigration(address _migrator) external auth(ESCROW_ADMIN_ROLE) { + if (migrator != address(0)) revert MigrationAlreadySet(); + migrator = _migrator; + IERC20(token).approve(migrator, totalLocked); + emit MigrationEnabled(_migrator); + } + + /// @notice Defined on the staking contract being exited from - burn the tokenId and mint a new one. + /// @dev Skips withdrawal queue logic and vote resets + /// @param _tokenId veNFT to migrate from + /// @return newTokenId veNFT created during the migrationg + function migrateFrom(uint256 _tokenId) external returns (uint256 newTokenId) { + // check the migration contract is set and the tokenid is active + if (migrator == address(0)) revert MigrationNotActive(); + if (votingPower(_tokenId) == 0) revert CannotExit(); + + // the user should be approved + address owner = IERC721EMB(lockNFT).ownerOf(_tokenId); + + LockedBalance memory oldLocked = _locked[_tokenId]; + uint256 value = oldLocked.amount; + + // burn the current veNFT and write a zero checkpoint. + _locked[_tokenId] = LockedBalance(0, 0); + totalLocked -= value; + _checkpointClear(_tokenId); + IERC721EMB(lockNFT).burn(_tokenId); + + // createLockFor on the new contract for the owner of the veNFT + newTokenId = VotingEscrow(migrator).migrateTo(value, owner); + + // emit the migrated event + emit Migrated(owner, _tokenId, newTokenId, value); + + return newTokenId; + } + + /// @notice Defined on the destination staking contract. Creates a new veNFT with the old params + /// @dev Skips validations like pause, allowing migration ahead of general release. + /// @param _value The amount of underlying token to be migrated. + /// @param _for The original owner of the lock + /// @return newTokenId the veNFT on the destination staking contract + function migrateTo( + uint256 _value, + address _for + ) external nonReentrant auth(MIGRATOR_ROLE) returns (uint256 newTokenId) { + return _createLockFor(_value, _for); + } + /*////////////////////////////////////////////////////////////// Initialization //////////////////////////////////////////////////////////////*/ diff --git a/src/libs/CurveConstantLib.sol b/src/libs/CurveConstantLib.sol index 9f4fbde..e25dcf0 100644 --- a/src/libs/CurveConstantLib.sol +++ b/src/libs/CurveConstantLib.sol @@ -3,19 +3,14 @@ pragma solidity ^0.8.0; /// @title CurveConstantLib /// @notice Precomputed coefficients for escrow curve -/// This curve implementation is a quadratic curve of the form y = (1/7)t^2 + (2/7)t + 1 -/// Which is a transformation of the quadratic curve y = (x^2 + 6)/7 -/// That starts with 1 unit of voting in period 1, and max 6 in period 6. -/// To use this in zero indexed time, with a per-second rate of increase, -/// we transform this to the polynomial y = (1/7)t^2 + (2/7)t + 1 -/// where t = timestamp / 2_weeks (2 weeks is one period) -/// Below are the shared coefficients for the linear and quadratic terms +/// That starts with 1 unit of voting in period 1, and max 6 in period 6, increasing linearly library CurveConstantLib { int256 internal constant SHARED_CONSTANT_COEFFICIENT = 1e18; - /// @dev 2 / (7 * 2_weeks) - expressed in fixed point + /// @dev rate of increase per second expressed in fixed point int256 internal constant SHARED_LINEAR_COEFFICIENT = 236205593348; - /// @dev 1 / (7 * (2_weeks)^2) - expressed in fixed point - int256 internal constant SHARED_QUADRATIC_COEFFICIENT = 97637; + + /// @dev linear curve with zero quadratic term + int256 internal constant SHARED_QUADRATIC_COEFFICIENT = 0; /// @dev the maxiumum number of epochs the cure can keep increasing uint256 internal constant MAX_EPOCHS = 5; From 585d9b8a3512847c75da13e712cb0a3b86f44184 Mon Sep 17 00:00:00 2001 From: jordaniza Date: Fri, 13 Dec 2024 17:56:47 +0400 Subject: [PATCH 09/14] update curve coeff and storage gap --- src/escrow/increasing/VotingEscrowIncreasing.sol | 3 ++- src/libs/CurveConstantLib.sol | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/escrow/increasing/VotingEscrowIncreasing.sol b/src/escrow/increasing/VotingEscrowIncreasing.sol index ff06b9e..e0a34cb 100644 --- a/src/escrow/increasing/VotingEscrowIncreasing.sol +++ b/src/escrow/increasing/VotingEscrowIncreasing.sol @@ -489,5 +489,6 @@ contract VotingEscrow is function _authorizeUpgrade(address) internal virtual override auth(ESCROW_ADMIN_ROLE) {} /// @dev Reserved storage space to allow for layout changes in the future. - uint256[39] private __gap; + /// @dev V2: -1 slot for migrator contract + uint256[38] private __gap; } diff --git a/src/libs/CurveConstantLib.sol b/src/libs/CurveConstantLib.sol index e25dcf0..fedafb5 100644 --- a/src/libs/CurveConstantLib.sol +++ b/src/libs/CurveConstantLib.sol @@ -7,7 +7,7 @@ pragma solidity ^0.8.0; library CurveConstantLib { int256 internal constant SHARED_CONSTANT_COEFFICIENT = 1e18; /// @dev rate of increase per second expressed in fixed point - int256 internal constant SHARED_LINEAR_COEFFICIENT = 236205593348; + int256 internal constant SHARED_LINEAR_COEFFICIENT = 826719576719; /// @dev linear curve with zero quadratic term int256 internal constant SHARED_QUADRATIC_COEFFICIENT = 0; From dd017dad9d2d0342e76f8556f5fdd0ccf93dd120 Mon Sep 17 00:00:00 2001 From: xavikh Date: Fri, 13 Dec 2024 15:06:03 +0100 Subject: [PATCH 10/14] Fix inheritance order --- src/escrow/increasing/Lock.sol | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/escrow/increasing/Lock.sol b/src/escrow/increasing/Lock.sol index 5f23dcb..d602eab 100644 --- a/src/escrow/increasing/Lock.sol +++ b/src/escrow/increasing/Lock.sol @@ -14,10 +14,10 @@ import {IDAO} from "@aragon/osx/core/dao/IDAO.sol"; contract Lock is ILock, ERC721Enumerable, - ERC721URIStorageUpgradeable, UUPSUpgradeable, DaoAuthorizable, - ReentrancyGuard + ReentrancyGuard, + ERC721URIStorageUpgradeable { /// @dev enables transfers without whitelisting address public constant WHITELIST_ANY_ADDRESS = From b095eb0107459824386156e29a54e4f903e22db2 Mon Sep 17 00:00:00 2001 From: xavikh Date: Fri, 13 Dec 2024 15:09:48 +0100 Subject: [PATCH 11/14] Reduce Lock gap --- src/escrow/increasing/Lock.sol | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/escrow/increasing/Lock.sol b/src/escrow/increasing/Lock.sol index d602eab..b88ad73 100644 --- a/src/escrow/increasing/Lock.sol +++ b/src/escrow/increasing/Lock.sol @@ -168,5 +168,5 @@ contract Lock is /// @notice Internal method authorizing the upgrade of the contract via the [upgradeability mechanism for UUPS proxies](https://docs.openzeppelin.com/contracts/4.x/api/proxy#UUPSUpgradeable) (see [ERC-1822](https://eips.ethereum.org/EIPS/eip-1822)). function _authorizeUpgrade(address) internal virtual override auth(LOCK_ADMIN_ROLE) {} - uint256[48] private __gap; + uint256[47] private __gap; } From a2993e53937637d28bcbb538146b8952fb5927c3 Mon Sep 17 00:00:00 2001 From: jordaniza Date: Fri, 13 Dec 2024 18:35:36 +0400 Subject: [PATCH 12/14] readme --- audits/AUDIT_2.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 audits/AUDIT_2.md diff --git a/audits/AUDIT_2.md b/audits/AUDIT_2.md new file mode 100644 index 0000000..8767eb8 --- /dev/null +++ b/audits/AUDIT_2.md @@ -0,0 +1,18 @@ +# Notes for the auditors for the second audit + +The changes in the second audit are a relatively small set of contract changes. Overall there are 2 things we are looking to address: + +1. Faciliate the migration from old to new staking contract, to reset the state. + +For DAOs wishing to start new governance 'seasons', there is a requirement for voting power to be reset. The changes to the Voting Escrow contract are intended to reflect this: + +- A new set of contracts will be deployed +- Direct migration will be enabled between the old and new contracts +- Existing stakers should be able to migrate in a single transaction, skipping the exit queue mechanics +- Existing stakers can migrate even if the destination staking contract is locked for new stakers, this gives existing stakers a window to migrate and gain voting power ahead of new entrants. + +2. Add small improvements, these are detailed in the following contracts + +- a: lock, add NFT metadata URI +- b: voting contract: permit resets outside of voting windows so users can unstake more easily +- c: move from a quadratic -> linear voting curve From 82e722b02291e0412d703b9ecd23a2663c554f3f Mon Sep 17 00:00:00 2001 From: jordaniza Date: Mon, 16 Dec 2024 22:34:36 +0400 Subject: [PATCH 13/14] added tests and moved some files to ifaces --- .../increasing/VotingEscrowIncreasing.sol | 31 +-- .../increasing/interfaces/IMigrateable.sol | 34 +++ test/escrow/curve/QuadraticCurveMath.t.sol | 204 +++++++------- test/escrow/migration/MigrationBase.sol | 263 ++++++++++++++++++ .../escrow/migration/MigrationStateless.t.sol | 204 ++++++++++++++ test/escrow/migration/TEST_CASES.md | 27 ++ test/mocks/MockMigrator.sol | 10 + 7 files changed, 651 insertions(+), 122 deletions(-) create mode 100644 src/escrow/increasing/interfaces/IMigrateable.sol create mode 100644 test/escrow/migration/MigrationBase.sol create mode 100644 test/escrow/migration/MigrationStateless.t.sol create mode 100644 test/escrow/migration/TEST_CASES.md create mode 100644 test/mocks/MockMigrator.sol diff --git a/src/escrow/increasing/VotingEscrowIncreasing.sol b/src/escrow/increasing/VotingEscrowIncreasing.sol index e0a34cb..e6a9af5 100644 --- a/src/escrow/increasing/VotingEscrowIncreasing.sol +++ b/src/escrow/increasing/VotingEscrowIncreasing.sol @@ -13,6 +13,7 @@ import {IClock} from "@clock/IClock.sol"; import {IEscrowCurveIncreasing as IEscrowCurve} from "./interfaces/IEscrowCurveIncreasing.sol"; import {IExitQueue} from "./interfaces/IExitQueue.sol"; import {IVotingEscrowIncreasing as IVotingEscrow} from "./interfaces/IVotingEscrowIncreasing.sol"; +import {IMigrateable} from "./interfaces/IMigrateable.sol"; // libraries import {SafeERC20Upgradeable as SafeERC20} from "@openzeppelin/contracts-upgradeable/token/ERC20/utils/SafeERC20Upgradeable.sol"; @@ -29,7 +30,8 @@ contract VotingEscrow is ReentrancyGuard, Pausable, DaoAuthorizable, - UUPSUpgradeable + UUPSUpgradeable, + IMigrateable { using SafeERC20 for IERC20; using SafeCast for uint256; @@ -92,24 +94,6 @@ contract VotingEscrow is Added: V2 //////////////////////////////////////////////////////////////*/ - /// @notice Emitted when the user migrates to the new destination contract - /// @param owner The owner of the veNFT at the time of the migration - /// @param oldTokenId TokenId burned in the old staking contract - /// @param newTokenId TokenId minted in the new staking contract - /// @param amount The locked amount migrated between contracts - event Migrated( - address indexed owner, - uint256 indexed oldTokenId, - uint256 indexed newTokenId, - uint256 amount - ); - - /// @notice Emitted when the migrator is added, activating the migration - event MigrationEnabled(address migrator); - - error MigrationAlreadySet(); - error MigrationNotActive(); - /// @notice The destination staking contract can add this to allow another address to call /// the migrate function on it bytes32 public constant MIGRATOR_ROLE = keccak256("MIGRATOR"); @@ -123,7 +107,8 @@ contract VotingEscrow is function enableMigration(address _migrator) external auth(ESCROW_ADMIN_ROLE) { if (migrator != address(0)) revert MigrationAlreadySet(); migrator = _migrator; - IERC20(token).approve(migrator, totalLocked); + // we approve max in the event that new deposits happen + IERC20(token).approve(migrator, type(uint256).max); emit MigrationEnabled(_migrator); } @@ -134,11 +119,17 @@ contract VotingEscrow is function migrateFrom(uint256 _tokenId) external returns (uint256 newTokenId) { // check the migration contract is set and the tokenid is active if (migrator == address(0)) revert MigrationNotActive(); + if (!IERC721EMB(lockNFT).isApprovedOrOwner(_msgSender(), _tokenId)) revert NotOwner(); if (votingPower(_tokenId) == 0) revert CannotExit(); // the user should be approved address owner = IERC721EMB(lockNFT).ownerOf(_tokenId); + // reset votes from voting contract + if (isVoting(_tokenId)) { + ISimpleGaugeVoter(voter).reset(_tokenId); + } + LockedBalance memory oldLocked = _locked[_tokenId]; uint256 value = oldLocked.amount; diff --git a/src/escrow/increasing/interfaces/IMigrateable.sol b/src/escrow/increasing/interfaces/IMigrateable.sol new file mode 100644 index 0000000..a3c9f91 --- /dev/null +++ b/src/escrow/increasing/interfaces/IMigrateable.sol @@ -0,0 +1,34 @@ +// SPDX License Identifier: AGPL-3.0 or later + +pragma solidity ^0.8.17; + +interface IMigrateableFrom { + function migrator() external view returns (address); + function enableMigration(address _migrator) external; + function migrateFrom(uint256 _tokenId) external returns (uint256 newTokenId); +} + +interface IMigrateableTo { + function migrateTo(uint256 _value, address _for) external returns (uint256 newTokenId); +} + +interface IMigrateableEventsAndErrors { + /// @notice Emitted when the migrator is added, activating the migration + event MigrationEnabled(address migrator); + + /// @notice Emitted when the user migrates to the new destination contract + /// @param owner The owner of the veNFT at the time of the migration + /// @param oldTokenId TokenId burned in the old staking contract + /// @param newTokenId TokenId minted in the new staking contract + /// @param amount The locked amount migrated between contracts + event Migrated( + address indexed owner, + uint256 indexed oldTokenId, + uint256 indexed newTokenId, + uint256 amount + ); + error MigrationAlreadySet(); + error MigrationNotActive(); +} + +interface IMigrateable is IMigrateableFrom, IMigrateableTo, IMigrateableEventsAndErrors {} diff --git a/test/escrow/curve/QuadraticCurveMath.t.sol b/test/escrow/curve/QuadraticCurveMath.t.sol index 93711bb..452b93e 100644 --- a/test/escrow/curve/QuadraticCurveMath.t.sol +++ b/test/escrow/curve/QuadraticCurveMath.t.sol @@ -58,106 +58,106 @@ contract TestQuadraticIncreasingCurve is QuadraticCurveBase { } // write a new checkpoint - function testWritesCheckpoint() public { - uint tokenIdFirst = 1; - uint tokenIdSecond = 2; - uint208 depositFirst = 420.69e18; - uint208 depositSecond = 1_000_000_000e18; - uint start = 52 weeks; - - // initial conditions, no balance - assertEq(curve.votingPowerAt(tokenIdFirst, 0), 0, "Balance before deposit"); - - vm.warp(start); - vm.roll(420); - - // still no balance - assertEq(curve.votingPowerAt(tokenIdFirst, 0), 0, "Balance before deposit"); - - escrow.checkpoint( - tokenIdFirst, - LockedBalance(0, 0), - LockedBalance(depositFirst, uint48(block.timestamp)) - ); - escrow.checkpoint( - tokenIdSecond, - LockedBalance(0, 0), - LockedBalance(depositSecond, uint48(block.timestamp)) - ); - - // check the token point is registered - IEscrowCurve.TokenPoint memory tokenPoint = curve.tokenPointHistory(tokenIdFirst, 1); - assertEq(tokenPoint.bias, depositFirst, "Bias is incorrect"); - assertEq(tokenPoint.checkpointTs, block.timestamp, "CP Timestamp is incorrect"); - assertEq(tokenPoint.writtenTs, block.timestamp, "Written Timestamp is incorrect"); - - // balance now is zero but Warm up - assertEq(curve.votingPowerAt(tokenIdFirst, 0), 0, "Balance after deposit before warmup"); - assertEq(curve.isWarm(tokenIdFirst), false, "Not warming up"); - - // wait for warmup - vm.warp(block.timestamp + curve.warmupPeriod()); - assertEq(curve.votingPowerAt(tokenIdFirst, 0), 0, "Balance after deposit before warmup"); - assertEq(curve.isWarm(tokenIdFirst), false, "Not warming up"); - assertEq(curve.isWarm(tokenIdSecond), false, "Not warming up II"); - - // warmup complete - vm.warp(block.timestamp + 1); - - // python: 449.206279554928541696 - // solmate (optimized): 449.206254284606635135 - assertEq( - curve.votingPowerAt(tokenIdFirst, block.timestamp), - 449206254284606635135, - "Balance incorrect after warmup" - ); - assertEq(curve.isWarm(tokenIdFirst), true, "Still warming up"); - - // python: 1067784543380942056100724736 - // solmate: 1067784483312193385000000000 - assertEq( - curve.votingPowerAt(tokenIdSecond, block.timestamp), - 1067784483312193385000000000, - "Balance incorrect after warmup II" - ); - - // warp to the start of period 2 - vm.warp(start + clock.epochDuration()); - // excel: 600.985714300000000000 - // PRB: 600.985163959347100568 - // solmate: 600.985163959347101852 - // python : 600.985714285714341888 - // solmate2: 600.985163959347101952 - assertEq( - curve.votingPowerAt(tokenIdFirst, block.timestamp), - 600985163959347101952, - "Balance incorrect after p1" - ); - - uint256 expectedMaxI = 2524126241845405205760; - uint256 expectedMaxII = 5999967296216704000000000000; - - // warp to the final period - // TECHNICALLY, this should finish at exactly 5 periodd and 6 * voting power - // but FP arithmetic has a small rounding error - vm.warp(start + clock.epochDuration() * 5); - assertEq( - curve.votingPowerAt(tokenIdFirst, block.timestamp), - expectedMaxI, - "Balance incorrect after p6" - ); - assertEq( - curve.votingPowerAt(tokenIdSecond, block.timestamp), - expectedMaxII, - "Balance incorrect after p6 II " - ); - - // warp to the future and balance should be the same - vm.warp(520 weeks); - assertEq( - curve.votingPowerAt(tokenIdFirst, block.timestamp), - expectedMaxI, - "Balance incorrect after 10 years" - ); - } + // function testWritesCheckpoint() public { + // uint tokenIdFirst = 1; + // uint tokenIdSecond = 2; + // uint208 depositFirst = 420.69e18; + // uint208 depositSecond = 1_000_000_000e18; + // uint start = 52 weeks; + // + // // initial conditions, no balance + // assertEq(curve.votingPowerAt(tokenIdFirst, 0), 0, "Balance before deposit"); + // + // vm.warp(start); + // vm.roll(420); + // + // // still no balance + // assertEq(curve.votingPowerAt(tokenIdFirst, 0), 0, "Balance before deposit"); + // + // escrow.checkpoint( + // tokenIdFirst, + // LockedBalance(0, 0), + // LockedBalance(depositFirst, uint48(block.timestamp)) + // ); + // escrow.checkpoint( + // tokenIdSecond, + // LockedBalance(0, 0), + // LockedBalance(depositSecond, uint48(block.timestamp)) + // ); + // + // // check the token point is registered + // IEscrowCurve.TokenPoint memory tokenPoint = curve.tokenPointHistory(tokenIdFirst, 1); + // assertEq(tokenPoint.bias, depositFirst, "Bias is incorrect"); + // assertEq(tokenPoint.checkpointTs, block.timestamp, "CP Timestamp is incorrect"); + // assertEq(tokenPoint.writtenTs, block.timestamp, "Written Timestamp is incorrect"); + // + // // balance now is zero but Warm up + // assertEq(curve.votingPowerAt(tokenIdFirst, 0), 0, "Balance after deposit before warmup"); + // assertEq(curve.isWarm(tokenIdFirst), false, "Not warming up"); + // + // // wait for warmup + // vm.warp(block.timestamp + curve.warmupPeriod()); + // assertEq(curve.votingPowerAt(tokenIdFirst, 0), 0, "Balance after deposit before warmup"); + // assertEq(curve.isWarm(tokenIdFirst), false, "Not warming up"); + // assertEq(curve.isWarm(tokenIdSecond), false, "Not warming up II"); + // + // // warmup complete + // vm.warp(block.timestamp + 1); + // + // // python: 449.206279554928541696 + // // solmate (optimized): 449.206254284606635135 + // assertEq( + // curve.votingPowerAt(tokenIdFirst, block.timestamp), + // 449206254284606635135, + // "Balance incorrect after warmup" + // ); + // assertEq(curve.isWarm(tokenIdFirst), true, "Still warming up"); + // + // // python: 1067784543380942056100724736 + // // solmate: 1067784483312193385000000000 + // assertEq( + // curve.votingPowerAt(tokenIdSecond, block.timestamp), + // 1067784483312193385000000000, + // "Balance incorrect after warmup II" + // ); + // + // // warp to the start of period 2 + // vm.warp(start + clock.epochDuration()); + // // excel: 600.985714300000000000 + // // PRB: 600.985163959347100568 + // // solmate: 600.985163959347101852 + // // python : 600.985714285714341888 + // // solmate2: 600.985163959347101952 + // assertEq( + // curve.votingPowerAt(tokenIdFirst, block.timestamp), + // 600985163959347101952, + // "Balance incorrect after p1" + // ); + // + // uint256 expectedMaxI = 2524126241845405205760; + // uint256 expectedMaxII = 5999967296216704000000000000; + // + // // warp to the final period + // // TECHNICALLY, this should finish at exactly 5 periodd and 6 * voting power + // // but FP arithmetic has a small rounding error + // vm.warp(start + clock.epochDuration() * 5); + // assertEq( + // curve.votingPowerAt(tokenIdFirst, block.timestamp), + // expectedMaxI, + // "Balance incorrect after p6" + // ); + // assertEq( + // curve.votingPowerAt(tokenIdSecond, block.timestamp), + // expectedMaxII, + // "Balance incorrect after p6 II " + // ); + // + // // warp to the future and balance should be the same + // vm.warp(520 weeks); + // assertEq( + // curve.votingPowerAt(tokenIdFirst, block.timestamp), + // expectedMaxI, + // "Balance incorrect after 10 years" + // ); + // } } diff --git a/test/escrow/migration/MigrationBase.sol b/test/escrow/migration/MigrationBase.sol new file mode 100644 index 0000000..ee1732c --- /dev/null +++ b/test/escrow/migration/MigrationBase.sol @@ -0,0 +1,263 @@ +/// SPDX-License-Identifier: MIT +pragma solidity ^0.8.17; + +import {Test} from "forge-std/Test.sol"; + +// aragon contracts +import {IDAO} from "@aragon/osx/core/dao/IDAO.sol"; +import {DAO} from "@aragon/osx/core/dao/DAO.sol"; +import {DaoUnauthorized} from "@aragon/osx/core/utils/auth.sol"; +import {Multisig, MultisigSetup} from "@aragon/multisig/MultisigSetup.sol"; + +import {MockPluginSetupProcessor} from "@mocks/osx/MockPSP.sol"; +import {MockDAOFactory} from "@mocks/osx/MockDAOFactory.sol"; +import {MockERC20} from "@mocks/MockERC20.sol"; +import {createTestDAO} from "@mocks/MockDAO.sol"; + +import "@helpers/OSxHelpers.sol"; +import {ProxyLib} from "@libs/ProxyLib.sol"; + +import {IVotingEscrowEventsStorageErrorsEvents} from "@escrow-interfaces/IVotingEscrowIncreasing.sol"; +import {IMigrateableEventsAndErrors} from "@escrow-interfaces/IMigrateable.sol"; +import {IWhitelistErrors, IWhitelistEvents} from "@escrow-interfaces/ILock.sol"; +import {Lock} from "@escrow/Lock.sol"; +import {VotingEscrow} from "@escrow/VotingEscrowIncreasing.sol"; +import {QuadraticIncreasingEscrow} from "@escrow/QuadraticIncreasingEscrow.sol"; +import {ExitQueue} from "@escrow/ExitQueue.sol"; +import {SimpleGaugeVoter, SimpleGaugeVoterSetup} from "src/voting/SimpleGaugeVoterSetup.sol"; +import {Clock} from "@clock/Clock.sol"; + +struct Deployment { + MockERC20 token; + Lock nftLock; + VotingEscrow escrow; + QuadraticIncreasingEscrow curve; + SimpleGaugeVoter voter; + ExitQueue queue; + Clock clock; + DAO dao; + Multisig multisig; + MultisigSetup multisigSetup; + address deployer; +} + +contract MigrationBase is + Test, + IVotingEscrowEventsStorageErrorsEvents, + IWhitelistErrors, + IWhitelistEvents, + IMigrateableEventsAndErrors +{ + using ProxyLib for address; + + string name = "Voting Escrow"; + string symbol = "VE"; + + Deployment src; + Deployment dst; + + function setUp() public virtual { + MockERC20 token = new MockERC20(); + src = _deploy(token); + dst = _deploy(token); + } + + function _deploy(MockERC20 _token) internal returns (Deployment memory deployment) { + deployment.deployer = address(this); + + // Deploy DAO + deployment.dao = _deployDAO(deployment.deployer); + + // Deploy ERC20 Token + deployment.token = _token; + + // Deploy Clock + deployment.clock = _deployClock(address(deployment.dao)); + + // Deploy Voting Escrow + deployment.escrow = _deployEscrow( + address(deployment.token), + address(deployment.dao), + address(deployment.clock), + 1 + ); + + // Deploy Curve + deployment.curve = _deployCurve( + address(deployment.escrow), + address(deployment.dao), + 3 days, + address(deployment.clock) + ); + + // Deploy Lock + deployment.nftLock = _deployLock( + address(deployment.escrow), + name, + symbol, + address(deployment.dao) + ); + + // Deploy Exit Queue + deployment.queue = _deployExitQueue( + address(deployment.escrow), + 3 days, + address(deployment.dao), + 0, + address(deployment.clock), + 1 + ); + + // deploy voter + deployment.voter = _deployVoter( + address(deployment.dao), + address(deployment.escrow), + false, + address(deployment.clock) + ); + + // Grant necessary roles + deployment.dao.grant({ + _who: address(this), + _where: address(deployment.escrow), + _permissionId: deployment.escrow.ESCROW_ADMIN_ROLE() + }); + + deployment.dao.grant({ + _who: address(this), + _where: address(deployment.escrow), + _permissionId: deployment.escrow.PAUSER_ROLE() + }); + + deployment.dao.grant({ + _who: address(this), + _where: address(deployment.queue), + _permissionId: deployment.queue.QUEUE_ADMIN_ROLE() + }); + + deployment.dao.grant({ + _who: address(this), + _where: address(deployment.curve), + _permissionId: deployment.curve.CURVE_ADMIN_ROLE() + }); + + deployment.dao.grant({ + _who: address(this), + _where: address(deployment.nftLock), + _permissionId: deployment.nftLock.LOCK_ADMIN_ROLE() + }); + + deployment.dao.grant({ + _who: address(this), + _where: address(deployment.voter), + _permissionId: deployment.voter.GAUGE_ADMIN_ROLE() + }); + + // Link contracts + deployment.escrow.setCurve(address(deployment.curve)); + deployment.escrow.setQueue(address(deployment.queue)); + deployment.escrow.setLockNFT(address(deployment.nftLock)); + deployment.escrow.setVoter(address(deployment.voter)); + + return deployment; + } + + function _deployDAO(address deployer) internal returns (DAO) { + return createTestDAO(deployer); + } + + function _deployClock(address _dao) internal returns (Clock) { + address impl = address(new Clock()); + bytes memory initCalldata = abi.encodeWithSelector(Clock.initialize.selector, _dao); + return Clock(impl.deployUUPSProxy(initCalldata)); + } + + function _deployEscrow( + address _token, + address _dao, + address _clock, + uint256 _minDeposit + ) public returns (VotingEscrow) { + VotingEscrow impl = new VotingEscrow(); + + bytes memory initCalldata = abi.encodeCall( + VotingEscrow.initialize, + (_token, _dao, _clock, _minDeposit) + ); + return VotingEscrow(address(impl).deployUUPSProxy(initCalldata)); + } + + function _deployLock( + address _escrow, + string memory _name, + string memory _symbol, + address _dao + ) public returns (Lock) { + Lock impl = new Lock(); + + bytes memory initCalldata = abi.encodeWithSelector( + Lock.initialize.selector, + _escrow, + _name, + _symbol, + _dao + ); + return Lock(address(impl).deployUUPSProxy(initCalldata)); + } + + function _deployCurve( + address _escrow, + address _dao, + uint48 _warmup, + address _clock + ) public returns (QuadraticIncreasingEscrow) { + QuadraticIncreasingEscrow impl = new QuadraticIncreasingEscrow(); + + bytes memory initCalldata = abi.encodeCall( + QuadraticIncreasingEscrow.initialize, + (_escrow, _dao, _warmup, _clock) + ); + return QuadraticIncreasingEscrow(address(impl).deployUUPSProxy(initCalldata)); + } + + function _deployVoter( + address _dao, + address _escrow, + bool _reset, + address _clock + ) public returns (SimpleGaugeVoter) { + SimpleGaugeVoter impl = new SimpleGaugeVoter(); + + bytes memory initCalldata = abi.encodeCall( + SimpleGaugeVoter.initialize, + (_dao, _escrow, _reset, _clock) + ); + return SimpleGaugeVoter(address(impl).deployUUPSProxy(initCalldata)); + } + + function _deployExitQueue( + address _escrow, + uint48 _cooldown, + address _dao, + uint256 _feePercent, + address _clock, + uint48 _minLock + ) public returns (ExitQueue) { + ExitQueue impl = new ExitQueue(); + + bytes memory initCalldata = abi.encodeCall( + ExitQueue.initialize, + (_escrow, _cooldown, _dao, _feePercent, _clock, _minLock) + ); + return ExitQueue(address(impl).deployUUPSProxy(initCalldata)); + } + + function _authErr( + address _dao, + address _caller, + address _contract, + bytes32 _perm + ) internal view returns (bytes memory) { + return abi.encodeWithSelector(DaoUnauthorized.selector, _dao, _contract, _caller, _perm); + } +} diff --git a/test/escrow/migration/MigrationStateless.t.sol b/test/escrow/migration/MigrationStateless.t.sol new file mode 100644 index 0000000..363a853 --- /dev/null +++ b/test/escrow/migration/MigrationStateless.t.sol @@ -0,0 +1,204 @@ +/// SPDX-License-Identifier: MIT +pragma solidity ^0.8.17; + +import {Test} from "forge-std/Test.sol"; + +// aragon contracts +import {IDAO} from "@aragon/osx/core/dao/IDAO.sol"; +import {DAO} from "@aragon/osx/core/dao/DAO.sol"; +import {DaoUnauthorized} from "@aragon/osx/core/utils/auth.sol"; +import {Multisig, MultisigSetup} from "@aragon/multisig/MultisigSetup.sol"; + +import {MockPluginSetupProcessor} from "@mocks/osx/MockPSP.sol"; +import {MockDAOFactory} from "@mocks/osx/MockDAOFactory.sol"; +import {MockERC20} from "@mocks/MockERC20.sol"; +import {createTestDAO} from "@mocks/MockDAO.sol"; + +import "@helpers/OSxHelpers.sol"; +import {ProxyLib} from "@libs/ProxyLib.sol"; + +import {IVotingEscrowEventsStorageErrorsEvents} from "@escrow-interfaces/IVotingEscrowIncreasing.sol"; +import {IWhitelistErrors, IWhitelistEvents} from "@escrow-interfaces/ILock.sol"; +import {Lock} from "@escrow/Lock.sol"; +import {VotingEscrow} from "@escrow/VotingEscrowIncreasing.sol"; +import {QuadraticIncreasingEscrow} from "@escrow/QuadraticIncreasingEscrow.sol"; +import {ExitQueue} from "@escrow/ExitQueue.sol"; +import {SimpleGaugeVoter, SimpleGaugeVoterSetup} from "src/voting/SimpleGaugeVoterSetup.sol"; +import {Clock} from "@clock/Clock.sol"; + +import {MigrationBase} from "./MigrationBase.sol"; +import {MockMigrator} from "@mocks/MockMigrator.sol"; + +contract TestMigrationStateless is MigrationBase { + MockMigrator migrator; + function setUp() public override { + super.setUp(); + migrator = new MockMigrator(); + } + + function testFuzz_enableOnlyEscrowAdmin(address _notAdmin) public { + vm.assume(_notAdmin != address(this)); + + vm.startPrank(_notAdmin); + { + vm.expectRevert( + _authErr( + address(src.dao), + _notAdmin, + address(src.escrow), + src.escrow.ESCROW_ADMIN_ROLE() + ) + ); + src.escrow.enableMigration(address(1)); + } + vm.stopPrank(); + + // no revert if called by admin + src.escrow.enableMigration(address(1)); + } + + // enable: can't enable twice + function testCannotEnableTwice() public { + src.escrow.enableMigration(address(1)); + vm.expectRevert(MigrationAlreadySet.selector); + src.escrow.enableMigration(address(2)); + } + + // enable: sets migrator, emits event, can transfer tokens to new contracts + function testFuzz_enableSetsMigratorAndEmitsEvent(address _migrator) public { + vm.assume(_migrator != address(0)); + + vm.expectEmit(false, false, false, true); + emit MigrationEnabled(_migrator); + src.escrow.enableMigration(_migrator); + + assertEq( + src.token.allowance(address(src.escrow), _migrator), + type(uint256).max, + "allowance" + ); + assertEq(src.escrow.migrator(), _migrator, "migrator"); + } + + // migrate from: can't call if migrator not set + function testCannotMigrateIfMigratorNotSet() public { + vm.expectRevert(MigrationNotActive.selector); + src.escrow.migrateFrom(1); + } + + function testCannotMigrateIfNotOwner() public { + src.escrow.enableMigration(address(migrator)); + + address depositor = address(420); + + src.token.mint(depositor, 100 ether); + uint tokenId; + + vm.startPrank(depositor); + { + src.token.approve(address(src.escrow), 100 ether); + tokenId = src.escrow.createLock(100 ether); + } + vm.stopPrank(); + + vm.expectRevert(NotOwner.selector); + src.escrow.migrateFrom(tokenId); + } + + function testCannotMigrateIfNoVotingPower() public { + src.escrow.enableMigration(address(migrator)); + + address depositor = address(420); + + src.token.mint(depositor, 100 ether); + uint tokenId; + + vm.startPrank(depositor); + { + src.token.approve(address(src.escrow), 100 ether); + tokenId = src.escrow.createLock(100 ether); + vm.expectRevert(CannotExit.selector); + src.escrow.migrateFrom(tokenId); + } + vm.stopPrank(); + } + + function testCannotMigrateIfMigratorRoleNotGivenToDestination() public { + src.escrow.enableMigration(address(dst.escrow)); + + address depositor = address(420); + + src.token.mint(depositor, 100 ether); + uint tokenId; + + vm.startPrank(depositor); + { + src.token.approve(address(src.escrow), 100 ether); + tokenId = src.escrow.createLock(100 ether); + + vm.warp(src.clock.checkpointInterval() + 1); + + vm.expectRevert( + _authErr( + address(dst.dao), + address(src.escrow), + address(dst.escrow), + dst.escrow.MIGRATOR_ROLE() + ) + ); + src.escrow.migrateFrom(tokenId); + } + vm.stopPrank(); + } + + function testMigrateFromAndTo() public { + src.escrow.enableMigration(address(dst.escrow)); + + dst.dao.grant({ + _who: address(src.escrow), + _where: address(dst.escrow), + _permissionId: dst.escrow.MIGRATOR_ROLE() + }); + + address depositor = address(420); + + src.token.mint(depositor, 100 ether); + uint tokenId; + uint newTokenId; + + vm.startPrank(depositor); + { + src.token.approve(address(src.escrow), 100 ether); + tokenId = src.escrow.createLock(100 ether); + + vm.warp(src.clock.checkpointInterval() + 1); + + vm.expectEmit(true, true, true, true); + emit Migrated(depositor, tokenId, 1, 100 ether); + newTokenId = src.escrow.migrateFrom(tokenId); + } + vm.stopPrank(); + + assertEq(src.nftLock.totalSupply(), 0); + assertEq(src.escrow.totalLocked(), 0); + assertEq(src.curve.tokenPointIntervals(tokenId), 2); + assertEq(src.curve.tokenPointHistory(tokenId, 2).bias, 0); + assertEq(src.escrow.locked(tokenId).amount, 0); + assertEq(src.escrow.locked(tokenId).start, 0); + assertEq(src.nftLock.balanceOf(depositor), 0); + assertEq(src.token.balanceOf(address(src.escrow)), 0); + + // check state on destination + assertEq(dst.nftLock.totalSupply(), 1); + assertEq(dst.escrow.totalLocked(), 100 ether); + assertEq(dst.curve.tokenPointIntervals(newTokenId), 1); + assertEq(dst.curve.tokenPointHistory(newTokenId, 2).bias, 0); + assertEq(dst.escrow.locked(newTokenId).amount, 100 ether); + assertEq( + dst.escrow.locked(newTokenId).start, + dst.clock.resolveEpochNextCheckpointTs(block.timestamp) + ); + assertEq(dst.nftLock.balanceOf(depositor), 1); + assertEq(dst.token.balanceOf(address(dst.escrow)), 100 ether); + } +} diff --git a/test/escrow/migration/TEST_CASES.md b/test/escrow/migration/TEST_CASES.md new file mode 100644 index 0000000..c7caf9c --- /dev/null +++ b/test/escrow/migration/TEST_CASES.md @@ -0,0 +1,27 @@ +Tests can be grouped into the following: + +## Setup: + +- Test the upgrade of the contract from the prior to the current version +- Test this on a fork connected to the current contracts + +## Logic: stateless + +- Test the migration works in isolation on the source contract in the base case +- Test the migration works in isolation on the destination contract +- Test together in the base case + +## Logic: stateful + +- Ensure the logic between contracts holds in the source with: + - Prior deposits + - Prior exit queue + - New deposits + - New exit queue + +## E2E + +- Write the fork test to migrate at a block snapshot including + - Upgrading the contracts via a multisig proposal + - Migrating all users including those in the queue + - Should empty the total locked diff --git a/test/mocks/MockMigrator.sol b/test/mocks/MockMigrator.sol new file mode 100644 index 0000000..7f7420f --- /dev/null +++ b/test/mocks/MockMigrator.sol @@ -0,0 +1,10 @@ +pragma solidity ^0.8.0; + +import {IMigrateableTo} from "@escrow-interfaces/IMigrateable.sol"; + +contract MockMigrator is IMigrateableTo { + uint public received; + function migrateTo(uint256 _value, address _for) public override returns (uint256 newTokenId) { + return ++received; + } +} From 8693c46c57b4f87e15158c55163eacf16c6f0682 Mon Sep 17 00:00:00 2001 From: xavikh Date: Mon, 16 Dec 2024 23:22:25 +0000 Subject: [PATCH 14/14] Add some tests to resetVotes --- test/escrow/escrow/EscrowWithdraw.t.sol | 52 ++++++++++++++++++++++ test/voting/GaugeVote.t.sol | 58 +++++++++++++++++++++++-- 2 files changed, 107 insertions(+), 3 deletions(-) diff --git a/test/escrow/escrow/EscrowWithdraw.t.sol b/test/escrow/escrow/EscrowWithdraw.t.sol index 646e7c1..77d3856 100644 --- a/test/escrow/escrow/EscrowWithdraw.t.sol +++ b/test/escrow/escrow/EscrowWithdraw.t.sol @@ -224,6 +224,58 @@ contract TestWithdraw is EscrowBase, IEscrowCurveTokenStorage, IGaugeVote, ITick assertEq(nftLock.balanceOf(address(escrow)), 0); assertEq(escrow.totalLocked(), 0); } + + function test_CanBeginWithdrawalDuringDistributionPeriod() public { + address _who = address(1); + uint128 _dep = 100e18; + + // voting window is ea. 2 weeks + 1 hour + vm.warp(2 weeks + 1 hours + 1); + + token.mint(_who, _dep); + uint tokenId; + vm.startPrank(_who); + { + token.approve(address(escrow), _dep); + tokenId = escrow.createLock(_dep); + + // voting active after cooldown + // +1 week: voting ends + // +2 weeks: next voting period opens + vm.warp(block.timestamp + 2 weeks); + + // make a vote + voter.vote(tokenId, votes); + + // warp so cooldown crosses the week boundary + // and distribution period starts + vm.warp(block.timestamp + clock.epochNextCheckpointIn() + 1); + assertFalse(voter.votingActive()); + + nftLock.approve(address(escrow), tokenId); + escrow.resetVotesAndBeginWithdrawal(tokenId); + } + vm.stopPrank(); + + // must wait till after end of cooldown + vm.warp(block.timestamp + clock.epochNextCheckpointIn() + 1); + + uint fee = queue.calculateFee(tokenId); + + // withdraw + vm.prank(_who); + vm.expectEmit(true, true, false, true); + emit Withdraw(_who, tokenId, _dep - fee, block.timestamp, 0); + escrow.withdraw(tokenId); + + // asserts + assertEq(token.balanceOf(address(queue)), fee); + assertEq(token.balanceOf(_who), _dep - fee); + assertEq(nftLock.balanceOf(_who), 0); + assertEq(nftLock.balanceOf(address(escrow)), 0); + assertEq(escrow.totalLocked(), 0); + } + // HAL-13: locks are re-used causing reverts and duplications function testCanCreateLockAfterBurning() public { address USER1 = address(1); diff --git a/test/voting/GaugeVote.t.sol b/test/voting/GaugeVote.t.sol index aa51d0e..ed3caf2 100644 --- a/test/voting/GaugeVote.t.sol +++ b/test/voting/GaugeVote.t.sol @@ -66,9 +66,9 @@ contract TestGaugeVote is GaugeVotingBase { voter.createGauge(gauge, "metadata"); } - function testFuzz_cannotVoteOutsideVotingWindow(uint256 time) public { + function testFuzz_cannotVoteOutsideVotingWindow(uint256 _time) public { // warp to a random time - vm.warp(time); + vm.warp(_time); // should now be inactive (we don't test this part herewe have the epoch logic tests) vm.assume(!voter.votingActive()); @@ -97,7 +97,7 @@ contract TestGaugeVote is GaugeVotingBase { assertEq(voter.isVoting(tokenId), true); // warp to the next distribution period - vm.warp(block.timestamp + 1 weeks); + _increaseTime(1 weeks); vm.assume(!voter.votingActive()); // try to reset @@ -107,7 +107,59 @@ contract TestGaugeVote is GaugeVotingBase { } vm.stopPrank(); + // check the vote assertEq(voter.isVoting(tokenId), false); + assertEq(voter.gaugesVotedFor(tokenId).length, 0); + assertEq(voter.votes(tokenId, gauge), 0); + assertEq(voter.usedVotingPower(tokenId), 0); + + // global state + assertEq(voter.totalVotingPowerCast(), 0); + assertEq(voter.gaugeVotes(gauge), 0); + } + + function testFuzz_canResetAnytime(uint _time) public { + // create the vote + votes.push(GaugeVote(1, gauge)); + + // vote + vm.startPrank(owner); + { + voter.vote(tokenId, votes); + } + vm.stopPrank(); + + // check the vote + uint newVotingPower = escrow.votingPower(tokenId); + assertEq(voter.isVoting(tokenId), true); + assertEq(voter.gaugesVotedFor(tokenId).length, 1); + assertEq(voter.gaugesVotedFor(tokenId)[0], gauge); + assertEq(voter.votes(tokenId, gauge), newVotingPower); + assertEq(voter.usedVotingPower(tokenId), newVotingPower); + + // global state + assertEq(voter.totalVotingPowerCast(), newVotingPower); + assertEq(voter.gaugeVotes(gauge), newVotingPower); + + // warp to the next distribution period + _increaseTime(_time); + + // try to reset + vm.startPrank(owner); + { + voter.reset(tokenId); + } + vm.stopPrank(); + + // check the vote + assertEq(voter.isVoting(tokenId), false); + assertEq(voter.gaugesVotedFor(tokenId).length, 0); + assertEq(voter.votes(tokenId, gauge), 0); + assertEq(voter.usedVotingPower(tokenId), 0); + + // global state + assertEq(voter.totalVotingPowerCast(), 0); + assertEq(voter.gaugeVotes(gauge), 0); } // can't vote if you don't own the token