Merge pull request #66 from GenerationSoftware/main

Vault V2

Author: trmid

package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "@generationsoftware/pt-v5-vault",
-  "version": "1.0.0",
+  "version": "2.0.0",
   "description": "PoolTogether V5 Vault contracts",
   "author": {
     "name": "G9 Software Inc.",
@@ -24,8 +24,8 @@
   },
   "devDependencies": {
     "husky": "8.0.3",
-    "lint-staged": "14.0.1",
-    "prettier": "3.0.3",
+    "lint-staged": "15.0.0",
+    "prettier": "2.8.8",
     "prettier-plugin-solidity": "1.1.3",
     "solhint": "3.6.2",
     "solhint-plugin-prettier": "0.0.5"

package.json

@@ -16,7 +16,7 @@ import { IClaimable } from "pt-v5-claimable-interface/interfaces/IClaimable.sol"
 import { VaultHooks } from "./interfaces/IVaultHooks.sol";
 
 /**
- * @title  PoolTogether V5 Vault
+ * @title  PoolTogether V5 Vault (Version 2)
  * @author PoolTogether Inc. & G9 Software Inc.
  * @notice Vault extends the ERC4626 standard and is the entry point for users interacting with a V5 pool.
  *         Users deposit an underlying asset (i.e. USDC) in this contract and receive in exchange an ERC20 token
@@ -25,7 +25,7 @@ import { VaultHooks } from "./interfaces/IVaultHooks.sol";
  *         This yield is sold for prize tokens (i.e. POOL) via the Liquidator and captured by the PrizePool to be awarded to depositors.
  * @dev    Balances are stored in the TwabController contract.
  */
-contract Vault is IERC4626, ERC20Permit, ILiquidationSource, IClaimable, Ownable {
+contract VaultV2 is IERC4626, ERC20Permit, ILiquidationSource, IClaimable, Ownable {
   using Math for uint256;
   using SafeCast for uint256;
   using SafeERC20 for IERC20;
@@ -301,6 +301,23 @@ contract Vault is IERC4626, ERC20Permit, ILiquidationSource, IClaimable, Ownable
   /// @notice Emitted when a prize is claimed for the zero address.
   error ClaimRecipientZeroAddress();
 
+  /**
+   * @notice Emitted when the caller of a permit function is not the owner of the assets being permitted.
+   * @param caller The address of the caller
+   * @param owner The address of the owner
+   */
+  error PermitCallerNotOwner(address caller, address owner);
+
+  /**
+   * @notice Emitted when a permit call on the underlying asset failed to set the spending allowance.
+   * @dev This is likely thrown when the underlying asset does not support permit, but has a fallback function.
+   * @param owner The owner of the assets
+   * @param spender The spender of the assets
+   * @param amount The amount of assets permitted
+   * @param allowance The allowance after the permit was called
+   */
+  error PermitAllowanceNotSet(address owner, address spender, uint256 amount, uint256 allowance);
+
   /* ============ Modifiers ============ */
 
   /// @notice Modifier reverting if the Vault is under-collateralized.
@@ -528,7 +545,17 @@ contract Vault is IERC4626, ERC20Permit, ILiquidationSource, IClaimable, Ownable
     bytes32 _r,
     bytes32 _s
   ) external returns (uint256) {
-    _permit(IERC20Permit(address(_asset)), _owner, address(this), _assets, _deadline, _v, _r, _s);
+    if (_owner != msg.sender) {
+      revert PermitCallerNotOwner(msg.sender, _owner);
+    }
+
+    IERC20Permit(address(_asset)).permit(_owner, address(this), _assets, _deadline, _v, _r, _s);
+
+    uint256 _allowance = _asset.allowance(_owner, address(this));
+    if (_allowance != _assets) {
+      revert PermitAllowanceNotSet(_owner, address(this), _assets, _allowance);
+    }
+
     return _depositAssets(_assets, _owner, _owner, false);
   }
 
@@ -670,8 +697,7 @@ contract Vault is IERC4626, ERC20Permit, ILiquidationSource, IClaimable, Ownable
 
     _onlyVaultCollateralized(_depositedAssets, _withdrawableAssets);
 
-    uint256 _availableYield = _withdrawableAssets -
-      _convertToAssets(_depositedAssets, _depositedAssets, _withdrawableAssets, Math.Rounding.Down);
+    uint256 _availableYield = _withdrawableAssets - _depositedAssets;
 
     if (_shares > _availableYield) revert YieldFeeGTAvailableYield(_shares, _availableYield);
     if (_shares > _yieldFeeShares) revert YieldFeeGTAvailableShares(_shares, _yieldFeeShares);
@@ -1073,38 +1099,6 @@ contract Vault is IERC4626, ERC20Permit, ILiquidationSource, IClaimable, Ownable
       _collateralAssets == 0 ? 0 : _shares.mulDiv(_collateralAssets, _depositedAssets, _rounding);
   }
 
-  /**
-   * @notice Convert Vault shares to YieldVault shares.
-   * @param _shares Vault shares to convert
-   * @param _depositedAssets Assets deposited into the YieldVault
-   * @param _withdrawableAssets Assets withdrawable from the YieldVault
-   * @param _maxRedeemableYVShares Maximum amount of shares that can be redeemed from the YieldVault
-   * @param _rounding Rounding mode (i.e. down or up)
-   * @return uint256 YieldVault shares
-   */
-  function _convertSharesToYVShares(
-    uint256 _shares,
-    uint256 _depositedAssets,
-    uint256 _withdrawableAssets,
-    uint256 _maxRedeemableYVShares,
-    Math.Rounding _rounding
-  ) internal view returns (uint256) {
-    if (_shares == 0) {
-      return _shares;
-    }
-
-    if (_depositedAssets == 0) {
-      return _yieldVault.convertToShares(_shares);
-    }
-
-    uint256 _redeemableShares = _isVaultCollateralized(_depositedAssets, _withdrawableAssets)
-      ? _depositedAssets // shares are backed 1:1 by assets, no need to convert to YieldVault shares
-      : _maxRedeemableYVShares;
-
-    return
-      _redeemableShares == 0 ? 0 : _shares.mulDiv(_redeemableShares, _depositedAssets, _rounding);
-  }
-
   /* ============ Max / Preview Functions ============ */
 
   /**
@@ -1317,11 +1311,9 @@ contract Vault is IERC4626, ERC20Permit, ILiquidationSource, IClaimable, Ownable
     uint256 _yieldVaultShares;
 
     if (!_vaultCollateralized) {
-      _yieldVaultShares = _convertSharesToYVShares(
-        _shares,
-        _totalSupply(),
-        _totalAssets(),
+      _yieldVaultShares = _shares.mulDiv(
         _yieldVault.maxRedeem(address(this)),
+        _totalSupply(),
         Math.Rounding.Down
       );
     }
@@ -1349,32 +1341,6 @@ contract Vault is IERC4626, ERC20Permit, ILiquidationSource, IClaimable, Ownable
     return _assets;
   }
 
-  /* ============ Permit Functions ============ */
-
-  /**
-   * @notice Approve `_spender` to spend `_assets` of `_owner`'s `_permitAsset` via signature.
-   * @param _permitAsset Address of the asset to approve
-   * @param _owner Address of the owner of the asset
-   * @param _spender Address of the spender of the asset
-   * @param _assets Amount of assets to approve
-   * @param _deadline Timestamp after which the approval is no longer valid
-   * @param _v V part of the secp256k1 signature
-   * @param _r R part of the secp256k1 signature
-   * @param _s S part of the secp256k1 signature
-   */
-  function _permit(
-    IERC20Permit _permitAsset,
-    address _owner,
-    address _spender,
-    uint256 _assets,
-    uint256 _deadline,
-    uint8 _v,
-    bytes32 _r,
-    bytes32 _s
-  ) internal {
-    _permitAsset.permit(_owner, _spender, _assets, _deadline, _v, _r, _s);
-  }
-
   /* ============ State Functions ============ */
 
   /**

src/Vault.sol

@@ -5,22 +5,22 @@ import { IERC20, IERC4626 } from "openzeppelin/token/ERC20/extensions/ERC4626.so
 
 import { PrizePool } from "pt-v5-prize-pool/PrizePool.sol";
 
-import { Vault } from "./Vault.sol";
+import { VaultV2 as Vault } from "./Vault.sol";
 
 /**
- * @title  PoolTogether V5 Vault Factory
+ * @title  PoolTogether V5 Vault Factory (Version 2)
  * @author PoolTogether Inc. & G9 Software Inc.
  * @notice Factory contract for deploying new vaults using a standard underlying ERC4626 yield vault.
  */
-contract VaultFactory {
+contract VaultFactoryV2 {
   /* ============ Events ============ */
 
   /**
    * @notice Emitted when a new Vault has been deployed by this factory.
    * @param vault Address of the vault that was deployed
    * @param vaultFactory Address of the VaultFactory that deployed `vault`
    */
-  event NewFactoryVault(Vault indexed vault, VaultFactory indexed vaultFactory);
+  event NewFactoryVault(Vault indexed vault, VaultFactoryV2 indexed vaultFactory);
 
   /* ============ Variables ============ */
 
@@ -31,7 +31,7 @@ contract VaultFactory {
    * @notice Mapping to verify if a Vault has been deployed via this factory.
    * @dev Vault address => boolean
    */
-  mapping(Vault => bool) public deployedVaults;
+  mapping(address => bool) public deployedVaults;
 
   /**
    * @notice Mapping to store deployer nonces for CREATE2
@@ -80,9 +80,9 @@ contract VaultFactory {
     );
 
     allVaults.push(_vault);
-    deployedVaults[_vault] = true;
+    deployedVaults[address(_vault)] = true;
 
-    emit NewFactoryVault(_vault, VaultFactory(address(this)));
+    emit NewFactoryVault(_vault, VaultFactoryV2(address(this)));
 
     return address(_vault);
   }

src/VaultFactory.sol

@@ -21,6 +21,8 @@ interface IVaultHooks {
    * @param winner The user who won the prize and for whom this hook is attached
    * @param tier The tier of the prize
    * @param prizeIndex The index of the prize in the tier
+   * @param fee The fee portion of the prize that will be allocated to the claimer
+   * @param feeRecipient The recipient of the claim fee
    * @return address The address of the recipient of the prize
    */
   function beforeClaimPrize(

src/interfaces/IVaultHooks.sol

@@ -0,0 +1,12 @@
+// SPDX-License-Identifier: GPL-3.0
+pragma solidity ^0.8.19;
+
+import { ERC20Mock } from "openzeppelin/mocks/ERC20Mock.sol";
+
+contract ERC20PermitFallbackMock is ERC20Mock {
+  constructor() ERC20Mock() {}
+
+  fallback() external payable {
+    // catch-all for functions that don't exist, like permit
+  }
+}

test/contracts/mock/ERC20PermitFallbackMock.sol

@@ -10,7 +10,7 @@ import { Strings } from "openzeppelin/utils/Strings.sol";
 import { PrizePool } from "pt-v5-prize-pool/PrizePool.sol";
 import { TwabController } from "pt-v5-twab-controller/TwabController.sol";
 
-import { Vault } from "../../src/Vault.sol";
+import { VaultV2 as Vault } from "../../src/Vault.sol";
 
 import { LiquidationPairMock } from "../contracts/mock/LiquidationPairMock.sol";
 import { LiquidationRouterMock } from "../contracts/mock/LiquidationRouterMock.sol";

test/fuzz/Vault.t.sol

@@ -5,7 +5,7 @@ import { BrokenToken } from "brokentoken/BrokenToken.sol";
 import { IERC4626 } from "openzeppelin/token/ERC20/extensions/ERC4626.sol";
 
 import { IERC20, UnitBaseSetup } from "../../utils/UnitBaseSetup.t.sol";
-import "../../../src/Vault.sol";
+import { VaultV2 as Vault } from "../../../src/Vault.sol";
 
 contract VaultDepositTest is UnitBaseSetup, BrokenToken {
   /* ============ Events ============ */
@@ -147,7 +147,7 @@ contract VaultDepositTest is UnitBaseSetup, BrokenToken {
     vm.stopPrank();
   }
 
-  function testDepositWithPermitByThirdParty() external {
+  function testDepositWithPermitByThirdParty_CallerNotOwner() external {
     vm.startPrank(alice);
 
     uint256 _amount = 1000e18;
@@ -163,22 +163,11 @@ contract VaultDepositTest is UnitBaseSetup, BrokenToken {
 
     vm.stopPrank();
 
-    vm.expectEmit();
-    emit Transfer(address(0), alice, _amount);
-
-    vm.expectEmit();
-    emit Deposit(alice, alice, _amount, _amount);
+    vm.expectRevert(
+      abi.encodeWithSelector(Vault.PermitCallerNotOwner.selector, address(this), alice)
+    );
 
     _depositWithPermit(vault, _amount, alice, _v, _r, _s);
-
-    assertEq(vault.balanceOf(alice), _amount);
-
-    assertEq(twabController.balanceOf(address(vault), alice), _amount);
-    assertEq(twabController.delegateBalanceOf(address(vault), alice), _amount);
-
-    assertEq(underlyingAsset.balanceOf(address(yieldVault)), _amount);
-    assertEq(yieldVault.balanceOf(address(vault)), _amount);
-    assertEq(yieldVault.totalSupply(), _amount);
   }
 
   /* ============ Deposit - Errors ============ */

test/unit/Vault/Deposit.t.sol

@@ -2,7 +2,7 @@
 pragma solidity ^0.8.19;
 
 import { UnitBrokenTokenBaseSetup } from "../../utils/UnitBrokenTokenBaseSetup.t.sol";
-import "../../../src/Vault.sol";
+import { VaultV2 as Vault } from "../../../src/Vault.sol";
 
 contract VaultDepositBrokenTokenTest is UnitBrokenTokenBaseSetup {
   /* ============ Events ============ */

test/unit/Vault/DepositBrokenToken.t.sol

@@ -0,0 +1,90 @@
+// SPDX-License-Identifier: GPL-3.0
+pragma solidity ^0.8.19;
+
+import { IERC4626 } from "openzeppelin/token/ERC20/extensions/ERC4626.sol";
+
+import { IERC20, UnitBaseSetup } from "../../utils/UnitBaseSetup.t.sol";
+import { VaultV2 as Vault } from "../../../src/Vault.sol";
+
+import { ERC20PermitFallbackMock } from "../../contracts/mock/ERC20PermitFallbackMock.sol";
+import { ERC20PermitMock } from "../../contracts/mock/ERC20PermitMock.sol";
+
+contract VaultDepositTest is UnitBaseSetup {
+  /* ============ Events ============ */
+  event Deposit(address indexed sender, address indexed owner, uint256 assets, uint256 shares);
+
+  event Sponsor(address indexed caller, uint256 assets, uint256 shares);
+
+  event Sweep(address indexed caller, uint256 assets);
+
+  event Transfer(address indexed from, address indexed to, uint256 value);
+
+  function setUpUnderlyingAsset() public override returns (ERC20PermitMock) {
+    return ERC20PermitMock(address(new ERC20PermitFallbackMock()));
+  }
+
+  /* ============ Tests ============ */
+
+  function testDepositWithoutPermit_AllowanceNotSet() external {
+    vm.startPrank(alice);
+
+    uint256 _amount = 1000e18;
+    underlyingAsset.mint(alice, _amount);
+
+    underlyingAsset.approve(address(vault), _amount * 2);
+
+    vm.expectRevert(
+      abi.encodeWithSelector(
+        Vault.PermitAllowanceNotSet.selector,
+        alice,
+        address(vault),
+        _amount,
+        _amount * 2
+      )
+    );
+
+    uint8 _v = 0;
+    bytes32 _r = bytes32(0);
+    bytes32 _s = bytes32(0);
+    vault.depositWithPermit(_amount, alice, block.timestamp, _v, _r, _s);
+
+    vm.stopPrank();
+  }
+
+  function testForceDepositWithoutPermitByThirdParty() external {
+    vm.startPrank(alice);
+
+    uint256 _amount = 1000e18;
+    underlyingAsset.mint(alice, _amount);
+
+    underlyingAsset.approve(address(vault), _amount);
+
+    vm.stopPrank();
+
+    vm.expectRevert(
+      abi.encodeWithSelector(Vault.PermitCallerNotOwner.selector, address(this), alice)
+    );
+
+    uint8 _v = 0;
+    bytes32 _r = bytes32(0);
+    bytes32 _s = bytes32(0);
+    vault.depositWithPermit(_amount, alice, block.timestamp, _v, _r, _s);
+  }
+
+  function testFailPermitSign() external {
+    vm.startPrank(alice);
+
+    uint256 _amount = 1000e18;
+    underlyingAsset.mint(alice, _amount);
+
+    (uint8 _v, bytes32 _r, bytes32 _s) = _signPermit(
+      underlyingAsset,
+      vault,
+      _amount,
+      alice,
+      alicePrivateKey
+    );
+
+    vm.stopPrank();
+  }
+}