Merge pull request #286 from euler-xyz/development

Development

Author: kasperpawlowski

.gitmodules

@@ -34,3 +34,6 @@
 [submodule "lib/solidity-bytes-utils"]
 	path = lib/solidity-bytes-utils
 	url = https://github.com/GNSPS/solidity-bytes-utils
+[submodule "lib/euler-swap"]
+	path = lib/euler-swap
+	url = https://github.com/euler-xyz/euler-swap

docs/governor-access-control-emergency-factory.md

@@ -133,4 +133,8 @@ This factory builds upon the selector-based access control system described in t
 
 The `GovernorAccessControlEmergencyFactory` provides a streamlined way to deploy a complete governance system with timelocks and emergency response capabilities. This approach balances the need for careful governance with the ability to respond rapidly to emergencies, making it well-suited for managing risk parameters of the EVK vaults.
 
-By enforcing time delays through timelocks, the system prioritizes user protection, giving vault users the transparency and time needed to assess and respond to governance changes. At the same time, the dual timelock architecture provides both operational flexibility and security guarantees, while the standardized factory deployment makes it easier to implement consistent monitoring across all governance instances, enhancing the security of the entire ecosystem.
+By enforcing time delays through timelocks, the system prioritizes user protection, giving vault users the transparency and time needed to assess and respond to governance changes. At the same time, the dual timelock architecture provides both operational flexibility and security guarantees, while the standardized factory deployment makes it easier to implement consistent monitoring across all governance instances, enhancing the security of the entire ecosystem.
+
+## Governor Contracts Suite
+
+![Governor Contracts Suite](./governor_contracts_suite.png)

docs/governor_contracts_suite.png

@@ -2,7 +2,7 @@
 
 ## Overview
 
-The `HookTargetAccessControlKeyring` is a specialized hook target contract that combines selector-based access control with keyring credential verification. This contract enables vault operators to restrict access to critical vault operations, ensuring only authorized users with valid credentials can perform operations on vaults.
+The `HookTargetAccessControlKeyring` is a specialized hook target contract that combines selector-based access control with Keyring credential verification. This contract enables vault operators to restrict access to critical vault operations, ensuring only authorized users with valid credentials can perform operations on vaults.
 
 ## Purpose
 
@@ -30,23 +30,29 @@ The contract implements a sophisticated authentication workflow through the `_au
 
 1. **Initial Role Check**:
    - First, check if the caller has either the `WILD_CARD` role or a specific role for the current function selector
-   - If yes, bypass the keyring credential check entirely
+   - If yes, bypass the Keyring credential check entirely
 
 2. **Caller Credential Check**:
    - Determine the EVC owner of the calling account
    - If no owner is registered, assume the caller itself is the owner
-   - Verify the owner has valid credentials according to the specified policy ID
+   - If the owner lacks valid Keyring credential according to the policy ID:
+     - Check if they have the `PRIVILEGED_ACCOUNT_ROLE` AND they don't share a common owner with the account being operated on
+     - If neither credential exists nor the privileged role condition is met, revert with `NotAuthorized`
 
 3. **Account Credential Check**:
    - Only performed if the account being operated on has a different EVC owner than the caller
    - Determine the EVC owner of the account being operated on
    - If no owner is registered, assume the account itself is the owner
-   - Verify this owner also has valid credentials according to the policy ID
+   - If the owner lacks valid Keyring credential according to the policy ID:
+     - Check if they have the `PRIVILEGED_ACCOUNT_ROLE`
+     - If neither credential nor privileged role exists, revert with `NotAuthorized`
 
-4. **Optimization**:
-   - If the caller and the account being operated on share the same EVC owner, only one credential check is performed
+4. **Privileged Account Restrictions**:
+   - When a user tries to operate on an account that shares the same EVC owner, they cannot use their privileged status to bypass credential checks
+   - This means that privileged accounts must have valid credentials to perform operations on their own accounts
+   - However, privileged accounts can bypass credential checks when operating on accounts that belong to a different EVC owner
 
-This mechanism ensures that both the entity initiating the operation and the entity being affected by it (if different) have proper authorization.
+This mechanism ensures that both the entity initiating the operation and the entity being affected by it (if different) have proper authorization, while maintaining strict controls on privileged account usage.
 
 ## Hooked Operations
 
@@ -76,7 +82,7 @@ The contract implements a fallback function that provides a catch-all authentica
 When a hooked operation is called that doesn't match any of the explicitly defined functions, the fallback function:
 - Authenticates only the caller using the `_authenticateCaller` function
 - Applies the same role-based access control rules (WILD_CARD and selector-specific roles)
-- Does not perform keyring credential checks on any additional accounts
+- Does not perform Keyring credential checks on any additional accounts
 
 ## Usage Patterns
 
@@ -100,7 +106,15 @@ To use this hook target:
 A vault operator could use this hook target to create a vault cluster where:
 - Only users with valid credentials can perform operations on the vaults
 - Specific addresses (like chosen liquidators) are whitelisted to bypass credential checks
+- The Swapper and SwapVerifier contracts are granted the PRIVILEGED_ACCOUNT_ROLE to enable asset withdrawals for swaps while preventing self-deposits
 
 To achieve the above, the following operations should be hooked: `OP_DEPOSIT`, `OP_MINT`, `OP_WITHDRAW`, `OP_REDEEM`, `OP_SKIM`, `OP_BORROW`, `OP_REPAY`, `OP_REPAY_WITH_SHARES`, `OP_PULL_DEBT`, `OP_LIQUIDATE` and `OP_FLASHLOAN`.
 
-The liquidators should be granted the `WILD_CARD` role so that they can liquidate and close the position without needing to obtain a Keyring credential.
+The liquidators should be granted the `WILD_CARD` role so that they can liquidate and close the position without needing to obtain a Keyring credential.
+
+The Swapper and the SwapVerifier contracts should be granted the `PRIVILEGED_ACCOUNT_ROLE` to enable them to:
+- Receive the assets withdrawn from user accounts for swapping
+- Deposit/skim swapped assets back into user accounts
+- Repay debt on behalf of users
+
+However, the Swapper cannot deposit assets into its own account since the `_authenticateCallerAndAccount` function prevents privileged accounts from performing operations on accounts that share their EVC owner. This means that while the Swapper can operate on user accounts (which have different EVC owners), it must have valid credentials to perform operations on its own account.

docs/hook-target-access-control-keyring.md

@@ -25,12 +25,8 @@ number_underscore = "preserve"
 override_spacing = true
 wrap_comments = true
 ignore = [
-    "script/production/mainnet/clusters/PrimeCluster.s.sol",
-    "script/production/mainnet/clusters/YieldCluster.s.sol",
-    "script/production/mainnet/clusters/RepoCluster.s.sol",
-    "script/production/base/clusters/BaseCluster.s.sol",
-    "script/production/swell/clusters/SwellCluster.s.sol",
-    "script/production/swell/clusters/SwellETHCluster.s.sol"
+    "script/production/*/*",
+    "script/production/*/*/*"
 ]
 
 [profile.default.fuzz]

foundry.toml

@@ -13,6 +13,10 @@ lib/layerzero-devtools/packages/oapp-evm-upgradeable/contracts:@openzeppelin/con
 @layerzerolabs/lz-evm-oapp-v2/=lib/layerzero-v2/packages/layerzero-v2/evm/oapp
 openzeppelin-contracts/=lib/openzeppelin-contracts/contracts/
 openzeppelin-contracts-upgradeable/=lib/openzeppelin-contracts-upgradeable/contracts/
+lib/fee-flow/src:solmate/=lib/fee-flow/lib/solmate/src
+lib/fee-flow/utils:solmate/=lib/fee-flow/lib/solmate/utils
+lib/fee-flow/tokens:solmate/=lib/fee-flow/lib/solmate/tokens
+lib/euler-swap:solmate/=lib/euler-swap/lib/euler-vault-kit/lib/permit2/lib/solmate
 ethereum-vault-connector/=lib/ethereum-vault-connector/src/
 evc/=lib/ethereum-vault-connector/src/
 evk/=lib/euler-vault-kit/src/

lib/euler-swap

@@ -0,0 +1,34 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+
+pragma solidity ^0.8.0;
+
+import {ScriptUtils} from "./utils/ScriptUtils.s.sol";
+
+contract EulerSwapImplementation is ScriptUtils {
+    function run() public broadcast returns (address implementation) {
+        string memory inputScriptFileName = "22_EulerSwapImplementation_input.json";
+        string memory outputScriptFileName = "22_EulerSwapImplementation_output.json";
+        string memory json = getScriptFile(inputScriptFileName);
+        address evc = vm.parseJsonAddress(json, ".evc");
+        address poolManager = vm.parseJsonAddress(json, ".poolManager");
+
+        implementation = execute(evc, poolManager);
+
+        string memory object;
+        object = vm.serializeAddress("implementation", "eulerSwapImplementation", implementation);
+
+        vm.writeJson(object, string.concat(vm.projectRoot(), "/script/", outputScriptFileName));
+    }
+
+    function deploy(address evc, address poolManager) public broadcast returns (address implementation) {
+        implementation = execute(evc, poolManager);
+    }
+
+    function execute(address evc, address poolManager) public returns (address implementation) {
+        bytes memory bytecode =
+            abi.encodePacked(vm.getCode("out-euler-swap/EulerSwap.sol/EulerSwap.json"), abi.encode(evc, poolManager));
+        assembly {
+            implementation := create(0, add(bytecode, 0x20), mload(bytecode))
+        }
+    }
+}

remappings.txt

@@ -0,0 +1,51 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+
+pragma solidity ^0.8.0;
+
+import {ScriptUtils} from "./utils/ScriptUtils.s.sol";
+
+contract EulerSwapFactory is ScriptUtils {
+    function run() public broadcast returns (address eulerSwapFactory) {
+        string memory inputScriptFileName = "23_EulerSwapFactory_input.json";
+        string memory outputScriptFileName = "23_EulerSwapFactory_output.json";
+        string memory json = getScriptFile(inputScriptFileName);
+        address evc = vm.parseJsonAddress(json, ".evc");
+        address eVaultFactory = vm.parseJsonAddress(json, ".eVaultFactory");
+        address eulerSwapImplementation = vm.parseJsonAddress(json, ".eulerSwapImplementation");
+        address feeOwner = vm.parseJsonAddress(json, ".feeOwner");
+        address feeReceipientSetter = vm.parseJsonAddress(json, ".feeReceipientSetter");
+
+        eulerSwapFactory = execute(evc, eVaultFactory, eulerSwapImplementation, feeOwner, feeReceipientSetter);
+
+        string memory object;
+        object = vm.serializeAddress("factory", "eulerSwapFactory", eulerSwapFactory);
+
+        vm.writeJson(object, string.concat(vm.projectRoot(), "/script/", outputScriptFileName));
+    }
+
+    function deploy(
+        address evc,
+        address eVaultFactory,
+        address eulerSwapImplementation,
+        address feeOwner,
+        address feeReceipientSetter
+    ) public broadcast returns (address eulerSwapFactory) {
+        eulerSwapFactory = execute(evc, eVaultFactory, eulerSwapImplementation, feeOwner, feeReceipientSetter);
+    }
+
+    function execute(
+        address evc,
+        address eVaultFactory,
+        address eulerSwapImplementation,
+        address feeOwner,
+        address feeReceipientSetter
+    ) public returns (address eulerSwapFactory) {
+        bytes memory bytecode = abi.encodePacked(
+            vm.getCode("out-euler-swap/EulerSwapFactory.sol/EulerSwapFactory.json"),
+            abi.encode(evc, eVaultFactory, eulerSwapImplementation, feeOwner, feeReceipientSetter)
+        );
+        assembly {
+            eulerSwapFactory := create(0, add(bytecode, 0x20), mload(bytecode))
+        }
+    }
+}

script/22_EulerSwapImplementation.s.sol

@@ -36,6 +36,8 @@ import {OFTAdapterUpgradeableDeployer, MintBurnOFTAdapterDeployer} from "./14_OF
 import {EdgeFactoryDeployer} from "./15_EdgeFactory.s.sol";
 import {EulerEarnImplementation, IntegrationsParams} from "./20_EulerEarnImplementation.s.sol";
 import {EulerEarnFactory} from "./21_EulerEarnFactory.s.sol";
+import {EulerSwapImplementation} from "./22_EulerSwapImplementation.s.sol";
+import {EulerSwapFactory} from "./23_EulerSwapFactory.s.sol";
 import {FactoryGovernor} from "./../src/Governor/FactoryGovernor.sol";
 import {
     IGovernorAccessControlEmergencyFactory,
@@ -82,6 +84,10 @@ contract CoreAndPeriphery is BatchBuilder, SafeMultisendBuilder {
         address uniswapV3Router;
         uint256 feeFlowInitPrice;
         bool deployOFT;
+        bool deployEulerSwapV1;
+        address uniswapPoolManager;
+        address eulerSwapFeeOwner;
+        address eulerSwapFeeRecipientSetter;
     }
 
     struct AdaptiveCurveIRMParams {
@@ -172,7 +178,11 @@ contract CoreAndPeriphery is BatchBuilder, SafeMultisendBuilder {
             uniswapV2Router: vm.parseJsonAddress(json, ".uniswapV2Router"),
             uniswapV3Router: vm.parseJsonAddress(json, ".uniswapV3Router"),
             feeFlowInitPrice: vm.parseJsonUint(json, ".feeFlowInitPrice"),
-            deployOFT: vm.parseJsonBool(json, ".deployOFT")
+            deployOFT: vm.parseJsonBool(json, ".deployOFT"),
+            deployEulerSwapV1: vm.parseJsonBool(json, ".deployEulerSwapV1"),
+            uniswapPoolManager: vm.parseJsonAddress(json, ".uniswapPoolManager"),
+            eulerSwapFeeOwner: vm.parseJsonAddress(json, ".eulerSwapFeeOwner"),
+            eulerSwapFeeRecipientSetter: vm.parseJsonAddress(json, ".eulerSwapFeeRecipientSetter")
         });
 
         if (
@@ -253,6 +263,7 @@ contract CoreAndPeriphery is BatchBuilder, SafeMultisendBuilder {
             coreAddresses.eulerEarnFactory = deployer.deploy(coreAddresses.eulerEarnImplementation);
         } else {
             console.log("- EulerEarn factory already deployed. Skipping...");
+            if (vm.isDir("out-euler-earn")) vm.removeDir("out-euler-earn", true);
         }
 
         if (governorAddresses.eVaultFactoryGovernor == address(0)) {
@@ -796,11 +807,11 @@ contract CoreAndPeriphery is BatchBuilder, SafeMultisendBuilder {
                 adminTimelockControllerParams, wildcardTimelockControllerParams, governorAccessControlEmergencyGuardians
             );
 
-            governorAddresses.capRiskSteward = CapRiskStewardFactory(peripheryAddresses.capRiskStewardFactory).deploy(
-                governorAddresses.accessControlEmergencyGovernor,
-                peripheryAddresses.kinkIRMFactory,
-                multisigAddresses.DAO
-            );
+            //governorAddresses.capRiskSteward = CapRiskStewardFactory(peripheryAddresses.capRiskStewardFactory).deploy(
+            //    governorAddresses.accessControlEmergencyGovernor,
+            //    peripheryAddresses.kinkIRMFactory,
+            //    multisigAddresses.DAO
+            //);
 
             stopBroadcast();
         } else {
@@ -993,6 +1004,34 @@ contract CoreAndPeriphery is BatchBuilder, SafeMultisendBuilder {
             console.log("- Adaptive Curve IRM factory or IRM registry not deployed. Skipping...");
         }
 
+        if (
+            eulerSwapAddresses.eulerSwapV1Implementation == address(0)
+                && eulerSwapAddresses.eulerSwapV1Factory == address(0)
+        ) {
+            if (input.deployEulerSwapV1) {
+                {
+                    console.log("+ Deploying EulerSwap V1 implementation...");
+                    EulerSwapImplementation deployer = new EulerSwapImplementation();
+                    eulerSwapAddresses.eulerSwapV1Implementation =
+                        deployer.deploy(coreAddresses.evc, input.uniswapPoolManager);
+                }
+                {
+                    console.log("+ Deploying EulerSwap V1 factory...");
+                    EulerSwapFactory deployer = new EulerSwapFactory();
+                    eulerSwapAddresses.eulerSwapV1Factory = deployer.deploy(
+                        coreAddresses.evc,
+                        coreAddresses.eVaultFactory,
+                        eulerSwapAddresses.eulerSwapV1Implementation,
+                        input.eulerSwapFeeOwner,
+                        input.eulerSwapFeeRecipientSetter
+                    );
+                }
+            } else {
+                console.log("- EulerSwap v1 not deployed. Skipping...");
+                if (vm.isDir("out-euler-swap")) vm.removeDir("out-euler-swap", true);
+            }
+        }
+
         executeBatch();
 
         if (multisendItemExists()) {
@@ -1015,6 +1054,9 @@ contract CoreAndPeriphery is BatchBuilder, SafeMultisendBuilder {
         vm.writeJson(serializeGovernorAddresses(governorAddresses), getScriptFilePath("GovernorAddresses_output.json"));
         vm.writeJson(serializeTokenAddresses(tokenAddresses), getScriptFilePath("TokenAddresses_output.json"));
         vm.writeJson(serializeLensAddresses(lensAddresses), getScriptFilePath("LensAddresses_output.json"));
+        vm.writeJson(
+            serializeEulerSwapAddresses(eulerSwapAddresses), getScriptFilePath("EulerSwapAddresses_output.json")
+        );
         vm.writeJson(serializeBridgeAddresses(bridgeAddresses), getScriptFilePath("BridgeAddresses_output.json"));
         vm.writeJson(serializeBridgeConfigCache(), getScriptFilePath("BridgeConfigCache_output.json"));
 
@@ -1042,6 +1084,10 @@ contract CoreAndPeriphery is BatchBuilder, SafeMultisendBuilder {
             vm.writeJson(
                 serializeLensAddresses(lensAddresses), getAddressesFilePath("LensAddresses.json", block.chainid)
             );
+            vm.writeJson(
+                serializeEulerSwapAddresses(eulerSwapAddresses),
+                getAddressesFilePath("EulerSwapAddresses.json", block.chainid)
+            );
             vm.writeJson(
                 serializeBridgeAddresses(bridgeAddresses), getAddressesFilePath("BridgeAddresses.json", block.chainid)
             );