Description:
Multi-signature wallet contract requiring multiple confirmations for transaction execution.
Blockchain: Ethereum
Source Code: View Code On The Blockchain
Solidity Source Code:
{{
"language": "Solidity",
"sources": {
"lib/yieldnest-flex-strategy/src/AccountingToken.sol": {
"content": "// SPDX-License-Identifier: BSD-3-Clause
pragma solidity ^0.8.28;
import { IERC20, IERC20Metadata } from "@openzeppelin/contracts/token/ERC20/ERC20.sol";
import { Initializable } from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";
import { ERC20Upgradeable } from "@openzeppelin/contracts-upgradeable/token/ERC20/ERC20Upgradeable.sol";
import { AccessControlUpgradeable } from "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol";
import { IAccountingModule } from "./AccountingModule.sol";
interface IAccountingToken is IERC20, IERC20Metadata {
function burnFrom(address burnAddress, uint256 burnAmount) external;
function mintTo(address mintAddress, uint256 mintAmount) external;
function TRACKED_ASSET() external view returns (address);
}
/**
* @notice Storage struct for AccountingToken
*/
struct AccountingTokenStorage {
address accountingModule;
}
/**
* Accounting token that keeps track of baseAsset amount transferred to safe.
*/
contract AccountingToken is Initializable, ERC20Upgradeable, AccessControlUpgradeable {
error Unauthorized();
error NotAllowed();
error ZeroAddress();
error AccountingTokenMismatch();
error BaseAssetMismatch();
event AccountingModuleUpdated(address newValue, address oldValue);
address public immutable TRACKED_ASSET;
/// @notice Storage slot for AccountingToken data
bytes32 private constant ACCOUNTING_TOKEN_STORAGE_SLOT = keccak256("yieldnest.storage.accountingToken");
/// @custom:oz-upgrades-unsafe-allow constructor
constructor(address trackedAsset) {
_disableInitializers();
TRACKED_ASSET = trackedAsset;
}
/**
* @notice Get the storage struct
*/
function _getAccountingTokenStorage() internal pure returns (AccountingTokenStorage storage s) {
bytes32 slot = ACCOUNTING_TOKEN_STORAGE_SLOT;
assembly {
s.slot := slot
}
}
/**
* @param admin The address of the admin.
* @param name_ The name of the accountingToken.
* @param symbol_ The symbol of accountingToken.
*/
function initialize(address admin, string memory name_, string memory symbol_) external virtual initializer {
if (admin == address(0)) revert ZeroAddress();
__ERC20_init(name_, symbol_);
__AccessControl_init();
_grantRole(DEFAULT_ADMIN_ROLE, admin);
}
modifier onlyAccounting() {
if (msg.sender != _getAccountingTokenStorage().accountingModule) revert Unauthorized();
_;
}
/**
* @dev See {IERC20Metadata-decimals}.
*/
function decimals() public view virtual override returns (uint8) {
return IERC20Metadata(TRACKED_ASSET).decimals();
}
/**
* @notice burn `burnAmount` from `burnAddress`
* @param burnAddress address to burn from
* @param burnAmount amount to burn
*/
function burnFrom(address burnAddress, uint256 burnAmount) external onlyAccounting {
_burn(burnAddress, burnAmount);
}
/**
* @notice mints `mintAmount` to `mintAddress`
* @param mintAddress address to mint to
* @param mintAmount amount to mint
*/
function mintTo(address mintAddress, uint256 mintAmount) external onlyAccounting {
_mint(mintAddress, mintAmount);
}
/**
* @dev should not ordinarily be transferred
*/
function transferFrom(address, address, uint256) public virtual override returns (bool) {
revert NotAllowed();
}
/**
* @dev should not ordinarily be transferred
*/
function transfer(address, uint256) public virtual override returns (bool) {
revert NotAllowed();
}
/**
* Update accounting module address
* @param accountingModule_ new accounting module address
*/
function setAccountingModule(address accountingModule_) external onlyRole(DEFAULT_ADMIN_ROLE) {
if (accountingModule_ == address(0)) revert ZeroAddress();
AccountingTokenStorage storage s = _getAccountingTokenStorage();
emit AccountingModuleUpdated(accountingModule_, s.accountingModule);
if (address(IAccountingModule(accountingModule_).accountingToken()) != address(this)) {
revert AccountingTokenMismatch();
}
if (IAccountingModule(accountingModule_).baseAsset() != TRACKED_ASSET) {
revert BaseAssetMismatch();
}
s.accountingModule = accountingModule_;
}
/// VIEWS ///
function accountingModule() public view returns (address) {
return _getAccountingTokenStorage().accountingModule;
}
}
"
},
"lib/yieldnest-flex-strategy/lib/yieldnest-vault/lib/openzeppelin-contracts/contracts/token/ERC20/ERC20.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/ERC20.sol)
pragma solidity ^0.8.20;
import {IERC20} from "./IERC20.sol";
import {IERC20Metadata} from "./extensions/IERC20Metadata.sol";
import {Context} from "../../utils/Context.sol";
import {IERC20Errors} from "../../interfaces/draft-IERC6093.sol";
/**
* @dev Implementation of the {IERC20} interface.
*
* This implementation is agnostic to the way tokens are created. This means
* that a supply mechanism has to be added in a derived contract using {_mint}.
*
* TIP: For a detailed writeup see our guide
* https://forum.openzeppelin.com/t/how-to-implement-erc20-supply-mechanisms/226[How
* to implement supply mechanisms].
*
* The default value of {decimals} is 18. To change this, you should override
* this function so it returns a different value.
*
* We have followed general OpenZeppelin Contracts guidelines: functions revert
* instead returning `false` on failure. This behavior is nonetheless
* conventional and does not conflict with the expectations of ERC20
* applications.
*
* Additionally, an {Approval} event is emitted on calls to {transferFrom}.
* This allows applications to reconstruct the allowance for all accounts just
* by listening to said events. Other implementations of the EIP may not emit
* these events, as it isn't required by the specification.
*/
abstract contract ERC20 is Context, IERC20, IERC20Metadata, IERC20Errors {
mapping(address account => uint256) private _balances;
mapping(address account => mapping(address spender => uint256)) private _allowances;
uint256 private _totalSupply;
string private _name;
string private _symbol;
/**
* @dev Sets the values for {name} and {symbol}.
*
* All two of these values are immutable: they can only be set once during
* construction.
*/
constructor(string memory name_, string memory symbol_) {
_name = name_;
_symbol = symbol_;
}
/**
* @dev Returns the name of the token.
*/
function name() public view virtual returns (string memory) {
return _name;
}
/**
* @dev Returns the symbol of the token, usually a shorter version of the
* name.
*/
function symbol() public view virtual returns (string memory) {
return _symbol;
}
/**
* @dev Returns the number of decimals used to get its user representation.
* For example, if `decimals` equals `2`, a balance of `505` tokens should
* be displayed to a user as `5.05` (`505 / 10 ** 2`).
*
* Tokens usually opt for a value of 18, imitating the relationship between
* Ether and Wei. This is the default value returned by this function, unless
* it's overridden.
*
* NOTE: This information is only used for _display_ purposes: it in
* no way affects any of the arithmetic of the contract, including
* {IERC20-balanceOf} and {IERC20-transfer}.
*/
function decimals() public view virtual returns (uint8) {
return 18;
}
/**
* @dev See {IERC20-totalSupply}.
*/
function totalSupply() public view virtual returns (uint256) {
return _totalSupply;
}
/**
* @dev See {IERC20-balanceOf}.
*/
function balanceOf(address account) public view virtual returns (uint256) {
return _balances[account];
}
/**
* @dev See {IERC20-transfer}.
*
* Requirements:
*
* - `to` cannot be the zero address.
* - the caller must have a balance of at least `value`.
*/
function transfer(address to, uint256 value) public virtual returns (bool) {
address owner = _msgSender();
_transfer(owner, to, value);
return true;
}
/**
* @dev See {IERC20-allowance}.
*/
function allowance(address owner, address spender) public view virtual returns (uint256) {
return _allowances[owner][spender];
}
/**
* @dev See {IERC20-approve}.
*
* NOTE: If `value` is the maximum `uint256`, the allowance is not updated on
* `transferFrom`. This is semantically equivalent to an infinite approval.
*
* Requirements:
*
* - `spender` cannot be the zero address.
*/
function approve(address spender, uint256 value) public virtual returns (bool) {
address owner = _msgSender();
_approve(owner, spender, value);
return true;
}
/**
* @dev See {IERC20-transferFrom}.
*
* Emits an {Approval} event indicating the updated allowance. This is not
* required by the EIP. See the note at the beginning of {ERC20}.
*
* NOTE: Does not update the allowance if the current allowance
* is the maximum `uint256`.
*
* Requirements:
*
* - `from` and `to` cannot be the zero address.
* - `from` must have a balance of at least `value`.
* - the caller must have allowance for ``from``'s tokens of at least
* `value`.
*/
function transferFrom(address from, address to, uint256 value) public virtual returns (bool) {
address spender = _msgSender();
_spendAllowance(from, spender, value);
_transfer(from, to, value);
return true;
}
/**
* @dev Moves a `value` amount of tokens from `from` to `to`.
*
* This internal function is equivalent to {transfer}, and can be used to
* e.g. implement automatic token fees, slashing mechanisms, etc.
*
* Emits a {Transfer} event.
*
* NOTE: This function is not virtual, {_update} should be overridden instead.
*/
function _transfer(address from, address to, uint256 value) internal {
if (from == address(0)) {
revert ERC20InvalidSender(address(0));
}
if (to == address(0)) {
revert ERC20InvalidReceiver(address(0));
}
_update(from, to, value);
}
/**
* @dev Transfers a `value` amount of tokens from `from` to `to`, or alternatively mints (or burns) if `from`
* (or `to`) is the zero address. All customizations to transfers, mints, and burns should be done by overriding
* this function.
*
* Emits a {Transfer} event.
*/
function _update(address from, address to, uint256 value) internal virtual {
if (from == address(0)) {
// Overflow check required: The rest of the code assumes that totalSupply never overflows
_totalSupply += value;
} else {
uint256 fromBalance = _balances[from];
if (fromBalance < value) {
revert ERC20InsufficientBalance(from, fromBalance, value);
}
unchecked {
// Overflow not possible: value <= fromBalance <= totalSupply.
_balances[from] = fromBalance - value;
}
}
if (to == address(0)) {
unchecked {
// Overflow not possible: value <= totalSupply or value <= fromBalance <= totalSupply.
_totalSupply -= value;
}
} else {
unchecked {
// Overflow not possible: balance + value is at most totalSupply, which we know fits into a uint256.
_balances[to] += value;
}
}
emit Transfer(from, to, value);
}
/**
* @dev Creates a `value` amount of tokens and assigns them to `account`, by transferring it from address(0).
* Relies on the `_update` mechanism
*
* Emits a {Transfer} event with `from` set to the zero address.
*
* NOTE: This function is not virtual, {_update} should be overridden instead.
*/
function _mint(address account, uint256 value) internal {
if (account == address(0)) {
revert ERC20InvalidReceiver(address(0));
}
_update(address(0), account, value);
}
/**
* @dev Destroys a `value` amount of tokens from `account`, lowering the total supply.
* Relies on the `_update` mechanism.
*
* Emits a {Transfer} event with `to` set to the zero address.
*
* NOTE: This function is not virtual, {_update} should be overridden instead
*/
function _burn(address account, uint256 value) internal {
if (account == address(0)) {
revert ERC20InvalidSender(address(0));
}
_update(account, address(0), value);
}
/**
* @dev Sets `value` as the allowance of `spender` over the `owner` s tokens.
*
* This internal function is equivalent to `approve`, and can be used to
* e.g. set automatic allowances for certain subsystems, etc.
*
* Emits an {Approval} event.
*
* Requirements:
*
* - `owner` cannot be the zero address.
* - `spender` cannot be the zero address.
*
* Overrides to this logic should be done to the variant with an additional `bool emitEvent` argument.
*/
function _approve(address owner, address spender, uint256 value) internal {
_approve(owner, spender, value, true);
}
/**
* @dev Variant of {_approve} with an optional flag to enable or disable the {Approval} event.
*
* By default (when calling {_approve}) the flag is set to true. On the other hand, approval changes made by
* `_spendAllowance` during the `transferFrom` operation set the flag to false. This saves gas by not emitting any
* `Approval` event during `transferFrom` operations.
*
* Anyone who wishes to continue emitting `Approval` events on the`transferFrom` operation can force the flag to
* true using the following override:
* ```
* function _approve(address owner, address spender, uint256 value, bool) internal virtual override {
* super._approve(owner, spender, value, true);
* }
* ```
*
* Requirements are the same as {_approve}.
*/
function _approve(address owner, address spender, uint256 value, bool emitEvent) internal virtual {
if (owner == address(0)) {
revert ERC20InvalidApprover(address(0));
}
if (spender == address(0)) {
revert ERC20InvalidSpender(address(0));
}
_allowances[owner][spender] = value;
if (emitEvent) {
emit Approval(owner, spender, value);
}
}
/**
* @dev Updates `owner` s allowance for `spender` based on spent `value`.
*
* Does not update the allowance value in case of infinite allowance.
* Revert if not enough allowance is available.
*
* Does not emit an {Approval} event.
*/
function _spendAllowance(address owner, address spender, uint256 value) internal virtual {
uint256 currentAllowance = allowance(owner, spender);
if (currentAllowance != type(uint256).max) {
if (currentAllowance < value) {
revert ERC20InsufficientAllowance(spender, currentAllowance, value);
}
unchecked {
_approve(owner, spender, currentAllowance - value, false);
}
}
}
}
"
},
"lib/yieldnest-flex-strategy/lib/yieldnest-vault/lib/openzeppelin-contracts-upgradeable/contracts/proxy/utils/Initializable.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (proxy/utils/Initializable.sol)
pragma solidity ^0.8.20;
/**
* @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed
* behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an
* external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer
* function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.
*
* The initialization functions use a version number. Once a version number is used, it is consumed and cannot be
* reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in
* case an upgrade adds a module that needs to be initialized.
*
* For example:
*
* [.hljs-theme-light.nopadding]
* ```solidity
* contract MyToken is ERC20Upgradeable {
* function initialize() initializer public {
* __ERC20_init("MyToken", "MTK");
* }
* }
*
* contract MyTokenV2 is MyToken, ERC20PermitUpgradeable {
* function initializeV2() reinitializer(2) public {
* __ERC20Permit_init("MyToken");
* }
* }
* ```
*
* TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as
* possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.
*
* CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure
* that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.
*
* [CAUTION]
* ====
* Avoid leaving a contract uninitialized.
*
* An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation
* contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke
* the {_disableInitializers} function in the constructor to automatically lock it when it is deployed:
*
* [.hljs-theme-light.nopadding]
* ```
* /// @custom:oz-upgrades-unsafe-allow constructor
* constructor() {
* _disableInitializers();
* }
* ```
* ====
*/
abstract contract Initializable {
/**
* @dev Storage of the initializable contract.
*
* It's implemented on a custom ERC-7201 namespace to reduce the risk of storage collisions
* when using with upgradeable contracts.
*
* @custom:storage-location erc7201:openzeppelin.storage.Initializable
*/
struct InitializableStorage {
/**
* @dev Indicates that the contract has been initialized.
*/
uint64 _initialized;
/**
* @dev Indicates that the contract is in the process of being initialized.
*/
bool _initializing;
}
// keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.Initializable")) - 1)) & ~bytes32(uint256(0xff))
bytes32 private constant INITIALIZABLE_STORAGE = 0xf0c57e16840df040f15088dc2f81fe391c3923bec73e23a9662efc9c229c6a00;
/**
* @dev The contract is already initialized.
*/
error InvalidInitialization();
/**
* @dev The contract is not initializing.
*/
error NotInitializing();
/**
* @dev Triggered when the contract has been initialized or reinitialized.
*/
event Initialized(uint64 version);
/**
* @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope,
* `onlyInitializing` functions can be used to initialize parent contracts.
*
* Similar to `reinitializer(1)`, except that in the context of a constructor an `initializer` may be invoked any
* number of times. This behavior in the constructor can be useful during testing and is not expected to be used in
* production.
*
* Emits an {Initialized} event.
*/
modifier initializer() {
// solhint-disable-next-line var-name-mixedcase
InitializableStorage storage $ = _getInitializableStorage();
// Cache values to avoid duplicated sloads
bool isTopLevelCall = !$._initializing;
uint64 initialized = $._initialized;
// Allowed calls:
// - initialSetup: the contract is not in the initializing state and no previous version was
// initialized
// - construction: the contract is initialized at version 1 (no reininitialization) and the
// current contract is just being deployed
bool initialSetup = initialized == 0 && isTopLevelCall;
bool construction = initialized == 1 && address(this).code.length == 0;
if (!initialSetup && !construction) {
revert InvalidInitialization();
}
$._initialized = 1;
if (isTopLevelCall) {
$._initializing = true;
}
_;
if (isTopLevelCall) {
$._initializing = false;
emit Initialized(1);
}
}
/**
* @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the
* contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be
* used to initialize parent contracts.
*
* A reinitializer may be used after the original initialization step. This is essential to configure modules that
* are added through upgrades and that require initialization.
*
* When `version` is 1, this modifier is similar to `initializer`, except that functions marked with `reinitializer`
* cannot be nested. If one is invoked in the context of another, execution will revert.
*
* Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in
* a contract, executing them in the right order is up to the developer or operator.
*
* WARNING: Setting the version to 2**64 - 1 will prevent any future reinitialization.
*
* Emits an {Initialized} event.
*/
modifier reinitializer(uint64 version) {
// solhint-disable-next-line var-name-mixedcase
InitializableStorage storage $ = _getInitializableStorage();
if ($._initializing || $._initialized >= version) {
revert InvalidInitialization();
}
$._initialized = version;
$._initializing = true;
_;
$._initializing = false;
emit Initialized(version);
}
/**
* @dev Modifier to protect an initialization function so that it can only be invoked by functions with the
* {initializer} and {reinitializer} modifiers, directly or indirectly.
*/
modifier onlyInitializing() {
_checkInitializing();
_;
}
/**
* @dev Reverts if the contract is not in an initializing state. See {onlyInitializing}.
*/
function _checkInitializing() internal view virtual {
if (!_isInitializing()) {
revert NotInitializing();
}
}
/**
* @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call.
* Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized
* to any version. It is recommended to use this to lock implementation contracts that are designed to be called
* through proxies.
*
* Emits an {Initialized} event the first time it is successfully executed.
*/
function _disableInitializers() internal virtual {
// solhint-disable-next-line var-name-mixedcase
InitializableStorage storage $ = _getInitializableStorage();
if ($._initializing) {
revert InvalidInitialization();
}
if ($._initialized != type(uint64).max) {
$._initialized = type(uint64).max;
emit Initialized(type(uint64).max);
}
}
/**
* @dev Returns the highest version that has been initialized. See {reinitializer}.
*/
function _getInitializedVersion() internal view returns (uint64) {
return _getInitializableStorage()._initialized;
}
/**
* @dev Returns `true` if the contract is currently initializing. See {onlyInitializing}.
*/
function _isInitializing() internal view returns (bool) {
return _getInitializableStorage()._initializing;
}
/**
* @dev Returns a pointer to the storage namespace.
*/
// solhint-disable-next-line var-name-mixedcase
function _getInitializableStorage() private pure returns (InitializableStorage storage $) {
assembly {
$.slot := INITIALIZABLE_STORAGE
}
}
}
"
},
"lib/yieldnest-flex-strategy/lib/yieldnest-vault/lib/openzeppelin-contracts-upgradeable/contracts/token/ERC20/ERC20Upgradeable.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/ERC20.sol)
pragma solidity ^0.8.20;
import {IERC20} from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import {IERC20Metadata} from "@openzeppelin/contracts/token/ERC20/extensions/IERC20Metadata.sol";
import {ContextUpgradeable} from "../../utils/ContextUpgradeable.sol";
import {IERC20Errors} from "@openzeppelin/contracts/interfaces/draft-IERC6093.sol";
import {Initializable} from "../../proxy/utils/Initializable.sol";
/**
* @dev Implementation of the {IERC20} interface.
*
* This implementation is agnostic to the way tokens are created. This means
* that a supply mechanism has to be added in a derived contract using {_mint}.
*
* TIP: For a detailed writeup see our guide
* https://forum.openzeppelin.com/t/how-to-implement-erc20-supply-mechanisms/226[How
* to implement supply mechanisms].
*
* The default value of {decimals} is 18. To change this, you should override
* this function so it returns a different value.
*
* We have followed general OpenZeppelin Contracts guidelines: functions revert
* instead returning `false` on failure. This behavior is nonetheless
* conventional and does not conflict with the expectations of ERC20
* applications.
*
* Additionally, an {Approval} event is emitted on calls to {transferFrom}.
* This allows applications to reconstruct the allowance for all accounts just
* by listening to said events. Other implementations of the EIP may not emit
* these events, as it isn't required by the specification.
*/
abstract contract ERC20Upgradeable is Initializable, ContextUpgradeable, IERC20, IERC20Metadata, IERC20Errors {
/// @custom:storage-location erc7201:openzeppelin.storage.ERC20
struct ERC20Storage {
mapping(address account => uint256) _balances;
mapping(address account => mapping(address spender => uint256)) _allowances;
uint256 _totalSupply;
string _name;
string _symbol;
}
// keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.ERC20")) - 1)) & ~bytes32(uint256(0xff))
bytes32 private constant ERC20StorageLocation = 0x52c63247e1f47db19d5ce0460030c497f067ca4cebf71ba98eeadabe20bace00;
function _getERC20Storage() private pure returns (ERC20Storage storage $) {
assembly {
$.slot := ERC20StorageLocation
}
}
/**
* @dev Sets the values for {name} and {symbol}.
*
* All two of these values are immutable: they can only be set once during
* construction.
*/
function __ERC20_init(string memory name_, string memory symbol_) internal onlyInitializing {
__ERC20_init_unchained(name_, symbol_);
}
function __ERC20_init_unchained(string memory name_, string memory symbol_) internal onlyInitializing {
ERC20Storage storage $ = _getERC20Storage();
$._name = name_;
$._symbol = symbol_;
}
/**
* @dev Returns the name of the token.
*/
function name() public view virtual returns (string memory) {
ERC20Storage storage $ = _getERC20Storage();
return $._name;
}
/**
* @dev Returns the symbol of the token, usually a shorter version of the
* name.
*/
function symbol() public view virtual returns (string memory) {
ERC20Storage storage $ = _getERC20Storage();
return $._symbol;
}
/**
* @dev Returns the number of decimals used to get its user representation.
* For example, if `decimals` equals `2`, a balance of `505` tokens should
* be displayed to a user as `5.05` (`505 / 10 ** 2`).
*
* Tokens usually opt for a value of 18, imitating the relationship between
* Ether and Wei. This is the default value returned by this function, unless
* it's overridden.
*
* NOTE: This information is only used for _display_ purposes: it in
* no way affects any of the arithmetic of the contract, including
* {IERC20-balanceOf} and {IERC20-transfer}.
*/
function decimals() public view virtual returns (uint8) {
return 18;
}
/**
* @dev See {IERC20-totalSupply}.
*/
function totalSupply() public view virtual returns (uint256) {
ERC20Storage storage $ = _getERC20Storage();
return $._totalSupply;
}
/**
* @dev See {IERC20-balanceOf}.
*/
function balanceOf(address account) public view virtual returns (uint256) {
ERC20Storage storage $ = _getERC20Storage();
return $._balances[account];
}
/**
* @dev See {IERC20-transfer}.
*
* Requirements:
*
* - `to` cannot be the zero address.
* - the caller must have a balance of at least `value`.
*/
function transfer(address to, uint256 value) public virtual returns (bool) {
address owner = _msgSender();
_transfer(owner, to, value);
return true;
}
/**
* @dev See {IERC20-allowance}.
*/
function allowance(address owner, address spender) public view virtual returns (uint256) {
ERC20Storage storage $ = _getERC20Storage();
return $._allowances[owner][spender];
}
/**
* @dev See {IERC20-approve}.
*
* NOTE: If `value` is the maximum `uint256`, the allowance is not updated on
* `transferFrom`. This is semantically equivalent to an infinite approval.
*
* Requirements:
*
* - `spender` cannot be the zero address.
*/
function approve(address spender, uint256 value) public virtual returns (bool) {
address owner = _msgSender();
_approve(owner, spender, value);
return true;
}
/**
* @dev See {IERC20-transferFrom}.
*
* Emits an {Approval} event indicating the updated allowance. This is not
* required by the EIP. See the note at the beginning of {ERC20}.
*
* NOTE: Does not update the allowance if the current allowance
* is the maximum `uint256`.
*
* Requirements:
*
* - `from` and `to` cannot be the zero address.
* - `from` must have a balance of at least `value`.
* - the caller must have allowance for ``from``'s tokens of at least
* `value`.
*/
function transferFrom(address from, address to, uint256 value) public virtual returns (bool) {
address spender = _msgSender();
_spendAllowance(from, spender, value);
_transfer(from, to, value);
return true;
}
/**
* @dev Moves a `value` amount of tokens from `from` to `to`.
*
* This internal function is equivalent to {transfer}, and can be used to
* e.g. implement automatic token fees, slashing mechanisms, etc.
*
* Emits a {Transfer} event.
*
* NOTE: This function is not virtual, {_update} should be overridden instead.
*/
function _transfer(address from, address to, uint256 value) internal {
if (from == address(0)) {
revert ERC20InvalidSender(address(0));
}
if (to == address(0)) {
revert ERC20InvalidReceiver(address(0));
}
_update(from, to, value);
}
/**
* @dev Transfers a `value` amount of tokens from `from` to `to`, or alternatively mints (or burns) if `from`
* (or `to`) is the zero address. All customizations to transfers, mints, and burns should be done by overriding
* this function.
*
* Emits a {Transfer} event.
*/
function _update(address from, address to, uint256 value) internal virtual {
ERC20Storage storage $ = _getERC20Storage();
if (from == address(0)) {
// Overflow check required: The rest of the code assumes that totalSupply never overflows
$._totalSupply += value;
} else {
uint256 fromBalance = $._balances[from];
if (fromBalance < value) {
revert ERC20InsufficientBalance(from, fromBalance, value);
}
unchecked {
// Overflow not possible: value <= fromBalance <= totalSupply.
$._balances[from] = fromBalance - value;
}
}
if (to == address(0)) {
unchecked {
// Overflow not possible: value <= totalSupply or value <= fromBalance <= totalSupply.
$._totalSupply -= value;
}
} else {
unchecked {
// Overflow not possible: balance + value is at most totalSupply, which we know fits into a uint256.
$._balances[to] += value;
}
}
emit Transfer(from, to, value);
}
/**
* @dev Creates a `value` amount of tokens and assigns them to `account`, by transferring it from address(0).
* Relies on the `_update` mechanism
*
* Emits a {Transfer} event with `from` set to the zero address.
*
* NOTE: This function is not virtual, {_update} should be overridden instead.
*/
function _mint(address account, uint256 value) internal {
if (account == address(0)) {
revert ERC20InvalidReceiver(address(0));
}
_update(address(0), account, value);
}
/**
* @dev Destroys a `value` amount of tokens from `account`, lowering the total supply.
* Relies on the `_update` mechanism.
*
* Emits a {Transfer} event with `to` set to the zero address.
*
* NOTE: This function is not virtual, {_update} should be overridden instead
*/
function _burn(address account, uint256 value) internal {
if (account == address(0)) {
revert ERC20InvalidSender(address(0));
}
_update(account, address(0), value);
}
/**
* @dev Sets `value` as the allowance of `spender` over the `owner` s tokens.
*
* This internal function is equivalent to `approve`, and can be used to
* e.g. set automatic allowances for certain subsystems, etc.
*
* Emits an {Approval} event.
*
* Requirements:
*
* - `owner` cannot be the zero address.
* - `spender` cannot be the zero address.
*
* Overrides to this logic should be done to the variant with an additional `bool emitEvent` argument.
*/
function _approve(address owner, address spender, uint256 value) internal {
_approve(owner, spender, value, true);
}
/**
* @dev Variant of {_approve} with an optional flag to enable or disable the {Approval} event.
*
* By default (when calling {_approve}) the flag is set to true. On the other hand, approval changes made by
* `_spendAllowance` during the `transferFrom` operation set the flag to false. This saves gas by not emitting any
* `Approval` event during `transferFrom` operations.
*
* Anyone who wishes to continue emitting `Approval` events on the`transferFrom` operation can force the flag to
* true using the following override:
* ```
* function _approve(address owner, address spender, uint256 value, bool) internal virtual override {
* super._approve(owner, spender, value, true);
* }
* ```
*
* Requirements are the same as {_approve}.
*/
function _approve(address owner, address spender, uint256 value, bool emitEvent) internal virtual {
ERC20Storage storage $ = _getERC20Storage();
if (owner == address(0)) {
revert ERC20InvalidApprover(address(0));
}
if (spender == address(0)) {
revert ERC20InvalidSpender(address(0));
}
$._allowances[owner][spender] = value;
if (emitEvent) {
emit Approval(owner, spender, value);
}
}
/**
* @dev Updates `owner` s allowance for `spender` based on spent `value`.
*
* Does not update the allowance value in case of infinite allowance.
* Revert if not enough allowance is available.
*
* Does not emit an {Approval} event.
*/
function _spendAllowance(address owner, address spender, uint256 value) internal virtual {
uint256 currentAllowance = allowance(owner, spender);
if (currentAllowance != type(uint256).max) {
if (currentAllowance < value) {
revert ERC20InsufficientAllowance(spender, currentAllowance, value);
}
unchecked {
_approve(owner, spender, currentAllowance - value, false);
}
}
}
}
"
},
"lib/yieldnest-flex-strategy/lib/yieldnest-vault/lib/openzeppelin-contracts-upgradeable/contracts/access/AccessControlUpgradeable.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (access/AccessControl.sol)
pragma solidity ^0.8.20;
import {IAccessControl} from "@openzeppelin/contracts/access/IAccessControl.sol";
import {ContextUpgradeable} from "../utils/ContextUpgradeable.sol";
import {ERC165Upgradeable} from "../utils/introspection/ERC165Upgradeable.sol";
import {Initializable} from "../proxy/utils/Initializable.sol";
/**
* @dev Contract module that allows children to implement role-based access
* control mechanisms. This is a lightweight version that doesn't allow enumerating role
* members except through off-chain means by accessing the contract event logs. Some
* applications may benefit from on-chain enumerability, for those cases see
* {AccessControlEnumerable}.
*
* Roles are referred to by their `bytes32` identifier. These should be exposed
* in the external API and be unique. The best way to achieve this is by
* using `public constant` hash digests:
*
* ```solidity
* bytes32 public constant MY_ROLE = keccak256("MY_ROLE");
* ```
*
* Roles can be used to represent a set of permissions. To restrict access to a
* function call, use {hasRole}:
*
* ```solidity
* function foo() public {
* require(hasRole(MY_ROLE, msg.sender));
* ...
* }
* ```
*
* Roles can be granted and revoked dynamically via the {grantRole} and
* {revokeRole} functions. Each role has an associated admin role, and only
* accounts that have a role's admin role can call {grantRole} and {revokeRole}.
*
* By default, the admin role for all roles is `DEFAULT_ADMIN_ROLE`, which means
* that only accounts with this role will be able to grant or revoke other
* roles. More complex role relationships can be created by using
* {_setRoleAdmin}.
*
* WARNING: The `DEFAULT_ADMIN_ROLE` is also its own admin: it has permission to
* grant and revoke this role. Extra precautions should be taken to secure
* accounts that have been granted it. We recommend using {AccessControlDefaultAdminRules}
* to enforce additional security measures for this role.
*/
abstract contract AccessControlUpgradeable is Initializable, ContextUpgradeable, IAccessControl, ERC165Upgradeable {
struct RoleData {
mapping(address account => bool) hasRole;
bytes32 adminRole;
}
bytes32 public constant DEFAULT_ADMIN_ROLE = 0x00;
/// @custom:storage-location erc7201:openzeppelin.storage.AccessControl
struct AccessControlStorage {
mapping(bytes32 role => RoleData) _roles;
}
// keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.AccessControl")) - 1)) & ~bytes32(uint256(0xff))
bytes32 private constant AccessControlStorageLocation = 0x02dd7bc7dec4dceedda775e58dd541e08a116c6c53815c0bd028192f7b626800;
function _getAccessControlStorage() private pure returns (AccessControlStorage storage $) {
assembly {
$.slot := AccessControlStorageLocation
}
}
/**
* @dev Modifier that checks that an account has a specific role. Reverts
* with an {AccessControlUnauthorizedAccount} error including the required role.
*/
modifier onlyRole(bytes32 role) {
_checkRole(role);
_;
}
function __AccessControl_init() internal onlyInitializing {
}
function __AccessControl_init_unchained() internal onlyInitializing {
}
/**
* @dev See {IERC165-supportsInterface}.
*/
function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
return interfaceId == type(IAccessControl).interfaceId || super.supportsInterface(interfaceId);
}
/**
* @dev Returns `true` if `account` has been granted `role`.
*/
function hasRole(bytes32 role, address account) public view virtual returns (bool) {
AccessControlStorage storage $ = _getAccessControlStorage();
return $._roles[role].hasRole[account];
}
/**
* @dev Reverts with an {AccessControlUnauthorizedAccount} error if `_msgSender()`
* is missing `role`. Overriding this function changes the behavior of the {onlyRole} modifier.
*/
function _checkRole(bytes32 role) internal view virtual {
_checkRole(role, _msgSender());
}
/**
* @dev Reverts with an {AccessControlUnauthorizedAccount} error if `account`
* is missing `role`.
*/
function _checkRole(bytes32 role, address account) internal view virtual {
if (!hasRole(role, account)) {
revert AccessControlUnauthorizedAccount(account, role);
}
}
/**
* @dev Returns the admin role that controls `role`. See {grantRole} and
* {revokeRole}.
*
* To change a role's admin, use {_setRoleAdmin}.
*/
function getRoleAdmin(bytes32 role) public view virtual returns (bytes32) {
AccessControlStorage storage $ = _getAccessControlStorage();
return $._roles[role].adminRole;
}
/**
* @dev Grants `role` to `account`.
*
* If `account` had not been already granted `role`, emits a {RoleGranted}
* event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*
* May emit a {RoleGranted} event.
*/
function grantRole(bytes32 role, address account) public virtual onlyRole(getRoleAdmin(role)) {
_grantRole(role, account);
}
/**
* @dev Revokes `role` from `account`.
*
* If `account` had been granted `role`, emits a {RoleRevoked} event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*
* May emit a {RoleRevoked} event.
*/
function revokeRole(bytes32 role, address account) public virtual onlyRole(getRoleAdmin(role)) {
_revokeRole(role, account);
}
/**
* @dev Revokes `role` from the calling account.
*
* Roles are often managed via {grantRole} and {revokeRole}: this function's
* purpose is to provide a mechanism for accounts to lose their privileges
* if they are compromised (such as when a trusted device is misplaced).
*
* If the calling account had been revoked `role`, emits a {RoleRevoked}
* event.
*
* Requirements:
*
* - the caller must be `callerConfirmation`.
*
* May emit a {RoleRevoked} event.
*/
function renounceRole(bytes32 role, address callerConfirmation) public virtual {
if (callerConfirmation != _msgSender()) {
revert AccessControlBadConfirmation();
}
_revokeRole(role, callerConfirmation);
}
/**
* @dev Sets `adminRole` as ``role``'s admin role.
*
* Emits a {RoleAdminChanged} event.
*/
function _setRoleAdmin(bytes32 role, bytes32 adminRole) internal virtual {
AccessControlStorage storage $ = _getAccessControlStorage();
bytes32 previousAdminRole = getRoleAdmin(role);
$._roles[role].adminRole = adminRole;
emit RoleAdminChanged(role, previousAdminRole, adminRole);
}
/**
* @dev Attempts to grant `role` to `account` and returns a boolean indicating if `role` was granted.
*
* Internal function without access restriction.
*
* May emit a {RoleGranted} event.
*/
function _grantRole(bytes32 role, address account) internal virtual returns (bool) {
AccessControlStorage storage $ = _getAccessControlStorage();
if (!hasRole(role, account)) {
$._roles[role].hasRole[account] = true;
emit RoleGranted(role, account, _msgSender());
return true;
} else {
return false;
}
}
/**
* @dev Attempts to revoke `role` to `account` and returns a boolean indicating if `role` was revoked.
*
* Internal function without access restriction.
*
* May emit a {RoleRevoked} event.
*/
function _revokeRole(bytes32 role, address account) internal virtual returns (bool) {
AccessControlStorage storage $ = _getAccessControlStorage();
if (hasRole(role, account)) {
$._roles[role].hasRole[account] = false;
emit RoleRevoked(role, account, _msgSender());
return true;
} else {
return false;
}
}
}
"
},
"lib/yieldnest-flex-strategy/src/AccountingModule.sol": {
"content": "// SPDX-License-Identifier: BSD-3-Clause
pragma solidity ^0.8.28;
import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import { SafeERC20 } from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
import { IAccountingToken } from "./AccountingToken.sol";
import { IVault } from "@yieldnest-vault/interface/IVault.sol";
import { Initializable } from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";
import { AccessControlUpgradeable } from "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol";
import { IERC4626 } from "@openzeppelin/contracts/interfaces/IERC4626.sol";
interface IAccountingModule {
struct StrategySnapshot {
uint256 timestamp;
uint256 pricePerShare;
uint256 totalSupply;
uint256 totalAssets;
}
event LowerBoundUpdated(uint256 newValue, uint256 oldValue);
event TargetApyUpdated(uint256 newValue, uint256 oldValue);
event CooldownSecondsUpdated(uint16 newValue, uint16 oldValue);
event SafeUpdated(address newValue, address oldValue);
error ZeroAddress();
error TooEarly();
error NotStrategy();
error AccountingLimitsExceeded(uint256 aprSinceLastSnapshot, uint256 targetApr);
error LossLimitsExceeded(uint256 amount, uint256 lowerBoundAmount);
error InvariantViolation();
error TvlTooLow();
error CurrentTimestampBeforePreviousTimestamp();
error SnapshotIndexOutOfBounds(uint256 index);
function deposit(uint256 amount) external;
function withdraw(uint256 amount, address recipient) external;
function processRewards(uint256 amount) external;
function processRewards(uint256 amount, uint256 snapshotIndex) external;
function processLosses(uint256 amount) external;
function setCooldownSeconds(uint16 cooldownSeconds) external;
function baseAsset() external view returns (address);
function strategy() external view returns (address);
function DIVISOR() external view returns (uint256);
function YEAR() external view returns (uint256);
function accountingToken() external view returns (IAccountingToken);
function safe() external view returns (address);
function nextUpdateWindow() external view returns (uint64);
function targetApy() external view returns (uint256);
function lowerBound() external view returns (uint256);
function cooldownSeconds() external view returns (uint16);
function SAFE_MANAGER_ROLE() external view returns (bytes32);
function REWARDS_PROCESSOR_ROLE() external view returns (bytes32);
function LOSS_PROCESSOR_ROLE() external view returns (bytes32);
function calculateApr(
uint256 previousPricePerShare,
uint256 previousTimestamp,
uint256 currentPricePerShare,
uint256 currentTimestamp
)
external
view
returns (uint256 apr);
function snapshotsLength() external view returns (uint256);
function snapshots(uint256 index) external view returns (StrategySnapshot memory);
function lastSnapshot() external view returns (StrategySnapshot memory);
}
/**
* @notice Storage struct for AccountingModule
*/
struct AccountingModuleStorage {
IAccountingToken accountingToken;
address safe;
address baseAsset;
address strategy;
uint64 nextUpdateWindow;
uint16 cooldownSeconds;
uint256 targetApy; // in bips;
uint256 lowerBound; // in bips; % of tvl
uint256 minRewardableAssets;
IAccountingModule.StrategySnapshot[] _snapshots;
}
/**
* Module to configure strategy params,
* and mint/burn IOU tokens to represent value accrual/loss.
*/
contract AccountingModule is IAccountingModule, Initializable, AccessControlUpgradeable {
using SafeERC20 for IERC20;
/// @notice Role for safe manager permissions
bytes32 public constant SAFE_MANAGER_ROLE = keccak256("SAFE_MANAGER_ROLE");
/// @notice Role for processing rewards/losses
bytes32 public constant REWARDS_PROCESSOR_ROLE = keccak256("REWARDS_PROCESSOR_ROLE");
bytes32 public constant LOSS_PROCESSOR_ROLE = keccak256("LOSS_PROCESSOR_ROLE");
uint256 public constant YEAR = 365.25 days;
uint256 public constant DIVISOR = 1e18;
uint256 public constant MAX_LOWER_BOUND = DIVISOR / 2;
/// @notice Storage slot for AccountingModule data
bytes32 private constant ACCOUNTING_MODULE_STORAGE_SLOT = keccak256("yieldnest.storage.accountingModule");
/// @custom:oz-upgrades-unsafe-allow constructor
constructor() {
_disableInitializers();
}
/**
* @notice Get the storage struct
*/
function _getAccountingModuleStorage() internal pure returns (AccountingModuleStorage storage s) {
bytes32 slot = ACCOUNTING_MODULE_STORAGE_SLOT;
assembly {
s.slot := slot
}
}
/**
* /**
* @notice Initializes the vault.
* @param strategy_ The strategy address.
* @param admin The address of the admin.
* @param safe_ The safe associated with the module.
* @param accountingToken_ The accountingToken associated with the module.
* @param targetApy_ The target APY of the strategy.
* @param lowerBound_ The lower bound of losses of the strategy(as % of TVL).
* @param minRewardableAssets_ The minimum rewardable assets.
* @param cooldownSeconds_ The cooldown period in seconds.
*/
function initialize(
address strategy_,
address admin,
address safe_,
IAccountingToken accountingToken_,
uint256 targetApy_,
uint256 lowerBound_,
uint256 minRewardableAssets_,
uint16 cooldownSeconds_
)
external
virtual
initializer
{
__AccessControl_init();
if (admin == address(0)) revert ZeroAddress();
_grantRole(DEFAULT_ADMIN_ROLE, admin);
AccountingModuleStorage storage s = _getAccountingModuleStorage();
if (address(accountingToken_) == address(0)) revert ZeroAddress();
s.accountingToken = accountingToken_;
s.minRewardableAssets = minRewardableAssets_;
if (strategy_ == address(0)) revert ZeroAddress();
s.strategy = strategy_;
s.baseAsset = IERC4626(strategy_).asset();
_setSafeAddress(safe_);
_setTargetApy(targetApy_);
_setLowerBound(lowerBound_);
_setCooldownSeconds(cooldownSeconds_);
createStrategySnapshot();
}
modifier checkAndResetCooldown() {
AccountingModuleStorage storage s = _getAccountingModuleStorage();
if (block.timestamp < s.nextUpdateWindow) revert TooEarly();
s.nextUpdateWindow = (uint64(block.timestamp) + s.cooldownSeconds);
_;
}
modifier onlyStrategy() {
AccountingModuleStorage storage s = _getAccountingModuleStorage();
if (msg.sender != s.strategy) revert NotStrategy();
_;
}
/// DEPOSIT/WITHDRAW ///
/**
* @notice Proxies deposit of base assets from caller to associated SAFE,
* and mints an equiv amount of accounting tokens
* @param amount amount to deposit
*/
function deposit(uint256 amount) external onlyStrategy {
AccountingModuleStorage storage s = _getAccountingModuleStorage();
IERC20(s.baseAsset).safeTransferFrom(s.strategy, s.safe, amount);
s.accountingToken.mintTo(s.strategy, amount);
}
/**
* @notice Proxies withdraw of base assets from associated SAFE to caller,
* and burns an equiv amount of accounting tokens
* @param amount amount to deposit
* @param recipient address to receive the base assets
*/
function withdraw(uint256 amount, address recipient) external onlyStrategy {
AccountingModuleStorage storage s = _getAccountingModuleStorage();
s.accountingToken.burnFrom(s.strategy, amount);
IERC20(s.baseAsset).safeTransferFrom(s.safe, recipient, amount);
}
/// REWARDS ///
/**
* @notice Process rewards by minting accounting tokens
* @param amount profits to mint
*/
function processRewards(uint256 amount) external onlyRole(REWARDS_PROCESSOR_ROLE) checkAndResetCooldown {
AccountingModuleStorage storage s = _getAccountingModuleStorage();
_processRewards(amount, s._snapshots.length - 1);
}
/**
* @notice Process rewards by minting accounting tokens with specific snapshot index
* @param amount profits to mint
* @param snapshotIndex index of the snapshot to compare against
*/
function processRewards(
uint256 amount,
uint256 snapshotIndex
)
external
onlyRole(REWARDS_PROCESSOR_ROLE)
checkAndResetCooldown
{
_processRewards(amount, snapshotIndex);
}
/**
* @notice Internal function to process rewards with snapshot validation
* @param amount profits to mint
* @param snapshotIndex index of the snapshot to compare against
*
* @dev This function validates rewards by comparing current PPS against a historical snapshot.
* Using a past snapshot (rather than the most recent) helps prevent APR manipulation
* by smoothing out reward distribution over time.
*
*
* Example with daily processRewards calls:
*
* Day 0: PPS = 100 [snapshot 0]
* Day 1: PPS = 101 [snapshot 1]
* Day 2: PPS = 102 [snapshot 2]
* Day 3: PPS = 107 [snapshot 3] ← Big jump due to delayed rewards
*
* If we only compared Day 2→3 (102→107):
* Daily return: 4.9% → ~720% APR (exceeds cap)
*
* Instead, compare Day 0→3 (100→107):
* Daily return: ~2.3% → ~240% APR (within sustainable range)
*
* This approach provides flexibility by allowing irregular reward distributions
* while still enforcing APR limits. By comparing against historical snapshots,
* the system can accommodate delayed or lump-sum rewards without triggering
* false positives, while maintaining protection against actual APR manipulation.
*/
function _processRewards(uint256 amount, uint256 snapshotIndex) internal {
AccountingModuleStorage storage s = _getAccountingModuleStorage();
// check if snapshot index is valid
if (snapshotIndex >= s._snapshots.length) revert SnapshotIndexOutOfBounds(snapshotIndex);
uint256 totalSupply = s.accountingToken.totalSupply();
if (totalSupply < s.minRewardableAssets) revert TvlTooLow();
IVault strategyVault = IVault(s.strategy);
s.accountingToken.mintTo(s.strategy, amount);
strategyVault.processAccounting();
// check if apr is within acceptable bounds
StrategySnapshot memory previousSnapshot = s._snapshots[snapshotIndex];
uint256 currentPricePerShare = createStrategySnapshot().pricePerShare;
// Check if APR is within acceptable bounds
uint256 aprSinceLastSnapshot = calculateApr(
previousSnapshot.pricePerShare, previousSnapshot.timestamp, currentPricePerShare, block.timestamp
);
if (aprSinceLastSnapshot > s.targetApy) revert AccountingLimitsExceeded(aprSinceLastSnapshot, s.targetApy);
}
function createStrategySnapshot() internal returns (StrategySnapshot memory) {
AccountingModuleStorage storage s = _getAccountingModuleStorage();
IVault strategyVault = IVault(s.strategy);
// Take snapshot of current state
uint256 currentPricePerShare = strategyVault.convertToAssets(10 ** strategyVault.decimals());
StrategySnapshot memory snapshot = StrategySnapshot({
timestamp: block.timestamp,
pricePerShare: currentPricePerShare,
totalSupply: strategyVault.totalSupply(),
totalAssets: strategyVault.totalAssets()
});
s._snapshots.push(snapshot);
return snapshot;
}
/**
* @notice Calculate APR based on price per share changes over time
* @param previousPricePerShare The price per share at the start of the period
* @param previousTimestamp The timestamp at the start of the period
* @param currentPricePerShare The price per share at the end of the period
* @param currentTimestamp The timestamp at the end of the period
* @return apr The calculated APR in basis points
*/
function calculateApr(
uint256 previousPricePerShare,
uint256 previousTimestamp,
uint256 currentPricePerShare,
uint256 currentTimestamp
)
public
pure
returns (uint256 apr)
{
/*
ppsStart - Price per share at the start of the period
ppsEnd - Price per share at the end of the period
t - Time period in years*
Formula: (ppsEnd - ppsStart) / (ppsStart * t)
*/
// Ensure timestamps are ordered (current should be after previous)
if (currentTimestamp <= previousTimestamp) revert CurrentTimestampBeforePreviousTimestamp();
// Prevent division by zero
if (previousPricePerShare == 0) revert InvariantViolation();
return (currentPricePerShare - previousPricePerShare) * YEAR * DIVISOR / previousPricePerShare
/ (currentTimestamp - previousTimestamp);
}
/// LOSS ///
/**
* @notice Process losses by burning accounting tokens
* @param amount losses to burn
*/
function processLosses(uint256 amount) external onlyRole(LOSS_PROCESSOR_ROLE) checkAndResetCooldown {
AccountingModuleStorage storage s = _getAccountingModuleStorage();
uint256 totalSupply = s.accountingToken.totalSupply();
if (totalSupply < 10 ** s.accountingToken.decimals()) revert TvlTooLow();
// check bound on losses
if (amount > totalSupply * s.lowerBound / DIVISOR) {
revert LossLimitsExceeded(amount, totalSupply * s.lowerBound / DIVISOR);
}
s.accountingToken.burnFrom(s.strategy, amount);
IVault(s.strategy).processAccounting();
createStrategySnapshot();
}
/// ADMIN ///
/**
* @notice Set target APY to determine upper bound. e.g. 1000 = 10% APY
* @param targetApyInBips in bips
* @dev hard max of 100% targetApy
*/
function setTargetApy(uint256 targetApyInBips) external onlyRole(SAFE_MANAGER_ROLE) {
_setTargetApy(targetApyInBips);
}
/**
* @notice Set lower bound as a function of tvl for losses. e.g. 1000 = 10% of tvl
* @param _lowerBound in bips, as a function of % of tvl
* @dev hard max of 50% of tvl
*/
function setLowerBound(uint256 _lowerBound) external onlyRole(SAFE_MANAGER_ROLE) {
_setLowerBound(_lowerBound);
}
/**
* @notice Set cooldown in seconds between every processing of rewards/losses
* @param cooldownSeconds_ new cooldown seconds
*/
function setCooldownSeconds(uint16 cooldownSeconds_) external onlyRole(SAFE_MANAGER_ROLE) {
_setCooldownSeconds(cooldownSeconds_);
}
/**
* @notice Set a new safe address
* @param newSafe new safe address
*/
function setSafeAddress(address newSafe) external virtual onlyRole(SAFE_MANAGER_ROLE) {
_setSafeAddress(newSafe);
}
/// ADMIN INTERNAL SETTERS ///
function _setTargetApy(uint256 targetApyInBips) internal {
AccountingModuleStorage storage s = _getAccountingModuleStorage();
if (targetApyInBips > 10 * DIVISOR) revert InvariantViolation();
emit TargetApyUpdated(targetApyInBips, s.targetApy);
s.targetApy = targetApyInBips;
}
function _setLowerBound(uint256 _lowerBound) internal {
AccountingModuleStorage storage s = _getAccountingModuleStorage();
if (_lowerBound > MAX_LOWER_BOUND) revert InvariantViolation();
emit LowerBoundUpdated(_lowerBound, s.lowerBound);
s.lowerBound = _lowerBound;
}
function _setCooldownSeconds(uint16 cooldownSeconds_) internal {
AccountingModuleStorage storage s = _getAccountingModuleStorage();
emit CooldownSecondsUpdated(cooldownSeconds_, s.cooldownSeconds);
s.cooldownSeconds = cooldownSeconds_;
}
function _setSafeAddress(address newSafe) internal {
AccountingModuleStorage storage s = _getAccountingModuleStorage();
if (newSafe == address(0)) revert ZeroAddress();
emit SafeUpdated(newSafe, s.safe);
s.safe = newSafe;
}
/// VIEWS ///
function baseAsset() external view returns (address) {
return _getAccountingModuleStorage().baseAsset;
}
function strategy() external view returns (address) {
return _getAccountingModuleStorage().strategy;
}
function accountingToken() external view returns (IAccountingToken) {
return _getAccountingModuleStorage().accountingToken;
}
function cooldownSeconds() external view returns (uint16) {
return _getAccountingModuleStorage().cooldownSeconds;
}
function lowerBound() external view returns (uint256) {
return _getAccountingModuleStorage().lowerBound;
}
function nextUpdateWindow() external view returns (uint64) {
return _getAccountingModuleStorage().nextUpdateWindow;
}
function safe() external view returns (address) {
return _getAccountingModuleStorage().safe;
}
function targetApy() external view returns (uint256) {
return Submitted on: 2025-09-18 12:00:37
Comments
Log in to comment.
No comments yet.