feat: wip

Author: rkolpakov

contracts/0.4.24/Lido.sol

@@ -782,6 +782,16 @@ contract Lido is Versioned, StETHPermit, AragonApp {
      */
     function setRedeemsBuffer(address _buffer) external {
         _auth(BUFFER_RESERVE_MANAGER_ROLE);
+
+        address oldBuffer = REDEEMS_BUFFER_POSITION.getStorageAddress();
+        if (oldBuffer != address(0)) {
+            uint256 oldRedeemedEther = IRedeemsBuffer(oldBuffer).getRedeemedEther();
+            IRedeemsBuffer(oldBuffer).withdrawUnredeemed();
+            if (oldRedeemedEther > 0) {
+                _setBufferedEther(_getBufferedEther().sub(oldRedeemedEther));
+            }
+        }
+
         REDEEMS_BUFFER_POSITION.setStorageAddress(_buffer);
         emit RedeemsBufferSet(_buffer);
     }

contracts/0.8.9/RedeemsBuffer.sol contracts/0.8.25/RedeemsBuffer.solcontracts/0.8.9/RedeemsBuffer.sol renamed to contracts/0.8.25/RedeemsBuffer.sol

@@ -1,15 +1,16 @@
-// SPDX-FileCopyrightText: 2024 Lido <info@lido.fi>
+// SPDX-FileCopyrightText: 2025 Lido <info@lido.fi>
 // SPDX-License-Identifier: GPL-3.0
 
-/* See contracts/COMPILERS.md */
-pragma solidity 0.8.9;
+pragma solidity 0.8.25;
 
-import {IERC20} from "@openzeppelin/contracts-v4.4/token/ERC20/IERC20.sol";
-import {AccessControlEnumerable} from "./utils/access/AccessControlEnumerable.sol";
-import {PausableUntil} from "./utils/PausableUntil.sol";
-import {Versioned} from "./utils/Versioned.sol";
-import {IBurner} from "../common/interfaces/IBurner.sol";
-import {ILidoLocator} from "../common/interfaces/ILidoLocator.sol";
+import {IERC20} from "@openzeppelin/contracts-v5.2/token/ERC20/IERC20.sol";
+import {AccessControlEnumerable} from "@openzeppelin/contracts-v5.2/access/extensions/AccessControlEnumerable.sol";
+
+import {PausableUntil} from "contracts/common/utils/PausableUntil.sol";
+import {ILidoLocator} from "contracts/common/interfaces/ILidoLocator.sol";
+import {IHashConsensus} from "contracts/common/interfaces/IHashConsensus.sol";
+
+import {RefSlotCache} from "./vaults/lib/RefSlotCache.sol";
 
 interface ILidoForRedeemsBuffer {
     function getSharesByPooledEth(uint256 _pooledEthAmount) external view returns (uint256);
@@ -22,6 +23,10 @@ interface ILidoForRedeemsBuffer {
     function receiveFromRedeemsBuffer() external payable;
 }
 
+interface IBurnerForRedeemsBuffer {
+    function requestBurnShares(address _from, uint256 _sharesAmountToBurn) external;
+}
+
 interface IWithdrawalQueueForRedeemsBuffer {
     function isBunkerModeActive() external view returns (bool);
     function isPaused() external view returns (bool);
@@ -31,26 +36,27 @@ interface IWithdrawalQueueForRedeemsBuffer {
  * @title RedeemsBuffer
  * @notice Holds reserve ETH for stETH-to-ETH redemptions.
  *
- *   On each oracle report, Lido funds the vault via `fundReserve()` to match the
- *   reserve target, or pulls excess back via `withdrawUnredeemed()`. Between reports,
- *   REDEEMER_ROLE holders invoke `redeem()` to exchange stETH for ETH. The stETH
- *   shares are held locally and flushed to the Burner during the next oracle report,
- *   where they are burned outside the rebase limiter (rate-neutral).
+ *   Uses RefSlotCache to snapshot redeem counters at frame boundaries,
+ *   so Accounting reads the same values that the oracle daemon sees at refSlot.
  *
  *   Gate Seal compatible via PausableUntil.
  */
-contract RedeemsBuffer is PausableUntil, AccessControlEnumerable, Versioned {
+contract RedeemsBuffer is PausableUntil, AccessControlEnumerable {
+    using RefSlotCache for RefSlotCache.Uint104WithCache;
+
     bytes32 public constant PAUSE_ROLE = keccak256("RedeemsBuffer.PauseRole");
     bytes32 public constant RESUME_ROLE = keccak256("RedeemsBuffer.ResumeRole");
     bytes32 public constant REDEEMER_ROLE = keccak256("RedeemsBuffer.RedeemerRole");
 
     ILidoLocator public immutable LOCATOR;
     ILidoForRedeemsBuffer public immutable LIDO;
-    IBurner public immutable BURNER;
+    IBurnerForRedeemsBuffer public immutable BURNER;
     IWithdrawalQueueForRedeemsBuffer public immutable WITHDRAWAL_QUEUE;
+    IHashConsensus public immutable HASH_CONSENSUS;
 
     uint256 private _reserveBalance;
-    uint256 private _redeemedEther;
+    RefSlotCache.Uint104WithCache private _redeemedEther;
+    RefSlotCache.Uint104WithCache private _redeemedShares;
 
     event Redeemed(
         address indexed caller,
@@ -68,31 +74,26 @@ contract RedeemsBuffer is PausableUntil, AccessControlEnumerable, Versioned {
     error WQPaused();
     error InsufficientReserve(uint256 requested, uint256 available);
     error NotLido();
-    error InsufficientBalance(uint256 requested, uint256 available);
     error ETHTransferFailed(address recipient, uint256 amount);
     error StETHRecoveryNotAllowed();
     error DirectETHTransferNotAllowed();
 
-    constructor(address _locator)
-        Versioned()
-    {
+    constructor(address _locator, address _hashConsensus) {
         LOCATOR = ILidoLocator(_locator);
         LIDO = ILidoForRedeemsBuffer(LOCATOR.lido());
-        BURNER = IBurner(LOCATOR.burner());
+        BURNER = IBurnerForRedeemsBuffer(LOCATOR.burner());
         WITHDRAWAL_QUEUE = IWithdrawalQueueForRedeemsBuffer(LOCATOR.withdrawalQueue());
+        HASH_CONSENSUS = IHashConsensus(_hashConsensus);
     }
 
-    /// @notice Initializes the contract. Called once after proxy deployment.
     function initialize(address _admin) external {
-        _initializeContractVersionTo(1);
+        if (_admin == address(0)) revert ZeroRecipient();
         LIDO.approve(address(BURNER), type(uint256).max);
         _grantRole(DEFAULT_ADMIN_ROLE, _admin);
     }
 
     /**
      * @notice Redeem stETH for ETH from the reserve.
-     *         Checks against tracked reserve balance (not address(this).balance)
-     *         to prevent force-sent ETH from being redeemable.
      * @param _stETHAmount Amount of stETH to redeem
      * @param _ethRecipient Address to receive ETH
      */
@@ -106,30 +107,47 @@ contract RedeemsBuffer is PausableUntil, AccessControlEnumerable, Versioned {
         uint256 sharesAmount = LIDO.getSharesByPooledEth(_stETHAmount);
         uint256 etherAmount = LIDO.getPooledEthByShares(sharesAmount);
 
-        uint256 available = _reserveBalance - _redeemedEther;
+        uint256 available = _reserveBalance - _redeemedEther.value;
         if (etherAmount > available) {
             revert InsufficientReserve(etherAmount, available);
         }
 
         LIDO.transferSharesFrom(msg.sender, address(this), sharesAmount);
-        BURNER.requestBurnSharesForRedeem(address(this), sharesAmount);
-        _redeemedEther += etherAmount;
+        BURNER.requestBurnShares(address(this), sharesAmount);
+
+        // RefSlotCache auto-snapshots: on first increment in a new frame,
+        // caches the pre-increment value as the refSlot snapshot.
+        _redeemedEther = _redeemedEther.withValueIncrease(HASH_CONSENSUS, uint104(etherAmount));
+        _redeemedShares = _redeemedShares.withValueIncrease(HASH_CONSENSUS, uint104(sharesAmount));
 
         (bool success,) = _ethRecipient.call{value: etherAmount}("");
         if (!success) revert ETHTransferFailed(_ethRecipient, etherAmount);
 
         emit Redeemed(msg.sender, _ethRecipient, _stETHAmount, sharesAmount, etherAmount);
     }
 
-    /// @notice ETH sent to redeemers since the last report.
+    // ── Report interface ─────────────────────────────────────────────────
+
+    /// @notice Redeemed ether as of the current refSlot (for Accounting).
+    function getRedeemedEtherForReport() external view returns (uint256) {
+        return _redeemedEther.getValueForLastRefSlot(HASH_CONSENSUS);
+    }
+
+    /// @notice Redeemed shares as of the current refSlot (for Accounting).
+    function getRedeemedSharesForReport() external view returns (uint256) {
+        return _redeemedShares.getValueForLastRefSlot(HASH_CONSENSUS);
+    }
+
+    /// @notice Current total redeemed ether (including post-refSlot).
     function getRedeemedEther() external view returns (uint256) {
-        return _redeemedEther;
+        return _redeemedEther.value;
+    }
+
+    /// @notice Current total redeemed shares (including post-refSlot).
+    function getRedeemedShares() external view returns (uint256) {
+        return _redeemedShares.value;
     }
 
-    /**
-     * @notice Accept ETH from Lido and update tracked reserve balance.
-     *         Called by Lido during report to fund the reserve.
-     */
     function fundReserve() external payable {
         if (msg.sender != address(LIDO)) revert NotLido();
         _reserveBalance += msg.value;
@@ -138,30 +156,25 @@ contract RedeemsBuffer is PausableUntil, AccessControlEnumerable, Versioned {
 
     /**
      * @notice Returns unredeemed ETH to Lido and resets counters.
-     *         Called by Lido during collectRewardsAndProcessWithdrawals, before the standard flow.
-     *         Sends back `_reserveBalance - _redeemedEther` (unredeemed portion).
-     *         Resets both `_reserveBalance` and `_redeemedEther` to 0.
      */
     function withdrawUnredeemed() external {
         if (msg.sender != address(LIDO)) revert NotLido();
-        uint256 amount = _reserveBalance - _redeemedEther;
+        uint256 amount = _reserveBalance - _redeemedEther.value;
         _reserveBalance = 0;
-        _redeemedEther = 0;
+        _redeemedEther = RefSlotCache.Uint104WithCache(0, 0, 0);
+        _redeemedShares = RefSlotCache.Uint104WithCache(0, 0, 0);
         if (amount > 0) {
             LIDO.receiveFromRedeemsBuffer{value: amount}();
         }
     }
 
     // ── Recovery ─────────────────────────────────────────────────────────
 
-    /// @notice Recover accidentally sent ERC20 tokens (except stETH).
     function recoverERC20(address _token, uint256 _amount) external onlyRole(DEFAULT_ADMIN_ROLE) {
         if (_token == address(LIDO)) revert StETHRecoveryNotAllowed();
         IERC20(_token).transfer(msg.sender, _amount);
     }
 
-    /// @notice Recover accidentally sent stETH shares.
-    ///         No pending shares on the buffer — all are forwarded to Burner during redeem().
     function recoverStETHShares() external onlyRole(DEFAULT_ADMIN_ROLE) {
         uint256 shares = LIDO.sharesOf(address(this));
         if (shares > 0) {
@@ -183,7 +196,6 @@ contract RedeemsBuffer is PausableUntil, AccessControlEnumerable, Versioned {
         _resume();
     }
 
-    /// @notice Reject direct ETH transfers. Use fundReserve() instead.
     receive() external payable {
         revert DirectETHTransferNotAllowed();
     }

contracts/0.8.9/Accounting.sol

@@ -17,7 +17,9 @@ import {WithdrawalQueue} from "./WithdrawalQueue.sol";
 
 interface IRedeemsBuffer {
     function getRedeemedEther() external view returns (uint256);
-    function withdrawUnredeemed() external;
+    function getRedeemedShares() external view returns (uint256);
+    function getRedeemedEtherForReport() external view returns (uint256);
+    function getRedeemedSharesForReport() external view returns (uint256);
 }
 
 interface IStakingRouter {
@@ -64,6 +66,8 @@ contract Accounting {
         uint256 externalShares;
         uint256 externalEther;
         uint256 badDebtToInternalize;
+        uint256 redeemedEther;
+        uint256 redeemedShares;
     }
 
     /// @notice precalculated values that is used to change the state of the protocol during the report
@@ -99,10 +103,6 @@ contract Accounting {
         uint256 postTotalShares;
         /// @notice amount of ether under the protocol after the report is applied
         uint256 postTotalPooledEther;
-        /// @notice number of redeem shares to burn (outside the rebase limiter, rate-neutral)
-        uint256 redeemSharesToBurn;
-        /// @notice amount of ether redeemed since last report (from RedeemsBuffer)
-        uint256 redeemedEther;
     }
 
     /// @notice precalculated numbers of shares that should be minted as fee to NO
@@ -150,10 +150,6 @@ contract Accounting {
         Contracts memory contracts = _loadOracleReportContracts();
         if (msg.sender != contracts.accountingOracle) revert NotAuthorized("handleOracleReport", msg.sender);
 
-        // Vault redemption counters are read on-chain during _simulateOracleReport.
-        // redeemedEther is subtracted from the smoothenTokenRebase base,
-        // and redeemedShares are added outside the rebase limiter.
-
         PreReportState memory pre = _snapshotPreReportState(contracts, false);
         CalculatedValues memory update = _simulateOracleReport(contracts, pre, _report);
         _applyOracleReportContext(contracts, _report, pre, update);
@@ -174,6 +170,8 @@ contract Accounting {
         } else {
             pre.badDebtToInternalize =  _contracts.vaultHub.badDebtToInternalizeForLastRefSlot();
         }
+
+        (pre.redeemedShares, pre.redeemedEther) = _getRedeemedCounters(isSimulation);
     }
 
     /// @dev calculates all the state changes that is required to apply the report
@@ -194,46 +192,39 @@ contract Accounting {
         // Principal CL balance is sum of previous balances and new deposits
         update.principalClBalance = _pre.clValidatorsBalance + _pre.clPendingBalance + _pre.depositedBalance;
 
-        // Read redemption counters from buffer (on-chain, includes all redemptions)
-        (uint256 redeemedShares, uint256 redeemedEther) = _getRedeemedCounters();
-        update.redeemedEther = redeemedEther;
-
         // Limit the rebase to avoid oracle frontrunning.
         // The base is reduced by redeemed ether AND shares so the limiter sees
         // a rate-neutral pre-state (as if the redeem never happened).
-        // Without the shares adjustment the pre-share-rate fed to the limiter
-        // would be artificially low, shrinking the shares-burn budget.
+        // sharesRequestedToBurn from oracle includes redeem shares (nonCover on Burner) —
+        // subtract them so the limiter only governs cover + regular nonCover.
         (
             update.withdrawalsVaultTransfer,
             update.elRewardsVaultTransfer,
             update.sharesToBurnForWithdrawals,
-            update.totalSharesToBurn // shares to burn from Burner balance (WQ + cover)
+            update.totalSharesToBurn
         ) = _contracts.oracleReportSanityChecker.smoothenTokenRebase(
-            _pre.totalPooledEther - _pre.externalEther - redeemedEther,
-            _pre.totalShares - _pre.externalShares - redeemedShares,
+            _pre.totalPooledEther - _pre.externalEther - _pre.redeemedEther,
+            _pre.totalShares - _pre.externalShares - _pre.redeemedShares,
             update.principalClBalance,
             _report.clValidatorsBalance + _report.clPendingBalance,
             _report.withdrawalVaultBalance,
             _report.elRewardsVaultBalance,
-            _report.sharesRequestedToBurn,
+            _report.sharesRequestedToBurn - _pre.redeemedShares,
             update.etherToFinalizeWQ,
             update.sharesToFinalizeWQ
         );
 
-        // Redeem shares are burned via a separate commit (outside the rebase limiter, rate-neutral)
-        update.redeemSharesToBurn = redeemedShares;
-
         uint256 postInternalSharesBeforeFees = _pre.totalShares -
             _pre.externalShares - // internal shares before
             update.totalSharesToBurn - // shares to be burned (WQ + cover)
-            update.redeemSharesToBurn; // redeem shares burned separately
+            _pre.redeemedShares; // redeem shares burned separately (outside limiter)
 
         update.postInternalEther =
             _pre.totalPooledEther - _pre.externalEther
             + _report.clValidatorsBalance + _report.clPendingBalance + update.withdrawalsVaultTransfer - update.principalClBalance
             + update.elRewardsVaultTransfer
             - update.etherToFinalizeWQ
-            - redeemedEther;
+            - _pre.redeemedEther;
 
         // Pre-calculate total amount of protocol fees as the amount of shares that will be minted to pay it
         (update.sharesToMintAsFees, update.feeDistribution) = _calculateProtocolFees(
@@ -392,15 +383,13 @@ contract Accounting {
             LIDO.internalizeExternalBadDebt(_pre.badDebtToInternalize);
         }
 
-        // Burn all redeem shares (rate-neutral, outside limiter)
-        // Shares are already on Burner — sent during each redeem() call
-        if (_update.redeemSharesToBurn > 0) {
-            _contracts.burner.commitRedeemSharesToBurn();
-        }
-
-        // Burn limiter-constrained cover/nonCover shares
-        if (_update.totalSharesToBurn > 0) {
-            _contracts.burner.commitSharesToBurn(_update.totalSharesToBurn);
+        // Burn shares: limiter-constrained cover/nonCover + all settled redeem shares.
+        // Redeem shares sit on Burner as nonCover — burned together in one call.
+        {
+            uint256 totalBurn = _update.totalSharesToBurn + _pre.redeemedShares;
+            if (totalBurn > 0) {
+                _contracts.burner.commitSharesToBurn(totalBurn);
+            }
         }
 
         // collectRewardsAndProcessWithdrawals handles ETH round-trip internally:
@@ -414,7 +403,7 @@ contract Accounting {
             lastWithdrawalRequestToFinalize,
             _report.simulatedShareRate,
             _update.etherToFinalizeWQ,
-            _update.redeemedEther
+            _pre.redeemedEther
         );
 
         if (_update.sharesToMintAsFees > 0) {
@@ -444,14 +433,21 @@ contract Accounting {
         );
     }
 
-    /// @dev Reads redemption counters. Shares from Burner redeem track, ether from buffer.
+    /// @dev Reads redemption counters from RedeemsBuffer.
+    ///      Simulation (daemon at refSlot): reads raw current values.
+    ///      Execution (delivery): reads RefSlotCache snapshots (excludes post-refSlot redeems).
     ///      Returns (0, 0) if no buffer configured.
-    function _getRedeemedCounters() internal view returns (uint256 redeemedShares, uint256 redeemedEther) {
+    function _getRedeemedCounters(bool _isSimulation) internal view returns (uint256 redeemedShares, uint256 redeemedEther) {
         address buffer = LIDO.getRedeemsBuffer();
         if (buffer == address(0)) return (0, 0);
 
-        redeemedShares = IBurner(LIDO_LOCATOR.burner()).getRedeemSharesRequestedToBurn();
-        redeemedEther = IRedeemsBuffer(buffer).getRedeemedEther();
+        if (_isSimulation) {
+            redeemedShares = IRedeemsBuffer(buffer).getRedeemedShares();
+            redeemedEther = IRedeemsBuffer(buffer).getRedeemedEther();
+        } else {
+            redeemedShares = IRedeemsBuffer(buffer).getRedeemedSharesForReport();
+            redeemedEther = IRedeemsBuffer(buffer).getRedeemedEtherForReport();
+        }
     }
 
     /// @dev checks the provided oracle data internally and against the sanity checker contract