Description:
Multi-signature wallet contract requiring multiple confirmations for transaction execution.
Blockchain: Ethereum
Source Code: View Code On The Blockchain
Solidity Source Code:
{{
"language": "Solidity",
"sources": {
"lib/yieldnest-flex-strategy/src/AccountingModule.sol": {
"content": "// SPDX-License-Identifier: BSD-3-Clause
pragma solidity ^0.8.28;
import { IERC20 } from "@openzeppelin/contracts/token/ERC20/IERC20.sol";
import { SafeERC20 } from "@openzeppelin/contracts/token/ERC20/utils/SafeERC20.sol";
import { IAccountingToken } from "./AccountingToken.sol";
import { IVault } from "@yieldnest-vault/interface/IVault.sol";
import { Initializable } from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";
import { AccessControlUpgradeable } from "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol";
import { IERC4626 } from "@openzeppelin/contracts/interfaces/IERC4626.sol";
interface IAccountingModule {
struct StrategySnapshot {
uint256 timestamp;
uint256 pricePerShare;
uint256 totalSupply;
uint256 totalAssets;
}
event LowerBoundUpdated(uint256 newValue, uint256 oldValue);
event TargetApyUpdated(uint256 newValue, uint256 oldValue);
event CooldownSecondsUpdated(uint16 newValue, uint16 oldValue);
event SafeUpdated(address newValue, address oldValue);
error ZeroAddress();
error TooEarly();
error NotStrategy();
error AccountingLimitsExceeded(uint256 aprSinceLastSnapshot, uint256 targetApr);
error LossLimitsExceeded(uint256 amount, uint256 lowerBoundAmount);
error InvariantViolation();
error TvlTooLow();
error CurrentTimestampBeforePreviousTimestamp();
error SnapshotIndexOutOfBounds(uint256 index);
function deposit(uint256 amount) external;
function withdraw(uint256 amount, address recipient) external;
function processRewards(uint256 amount) external;
function processRewards(uint256 amount, uint256 snapshotIndex) external;
function processLosses(uint256 amount) external;
function setCooldownSeconds(uint16 cooldownSeconds) external;
function baseAsset() external view returns (address);
function strategy() external view returns (address);
function DIVISOR() external view returns (uint256);
function YEAR() external view returns (uint256);
function accountingToken() external view returns (IAccountingToken);
function safe() external view returns (address);
function nextUpdateWindow() external view returns (uint64);
function targetApy() external view returns (uint256);
function lowerBound() external view returns (uint256);
function cooldownSeconds() external view returns (uint16);
function SAFE_MANAGER_ROLE() external view returns (bytes32);
function REWARDS_PROCESSOR_ROLE() external view returns (bytes32);
function LOSS_PROCESSOR_ROLE() external view returns (bytes32);
function calculateApr(
uint256 previousPricePerShare,
uint256 previousTimestamp,
uint256 currentPricePerShare,
uint256 currentTimestamp
)
external
view
returns (uint256 apr);
function snapshotsLength() external view returns (uint256);
function snapshots(uint256 index) external view returns (StrategySnapshot memory);
function lastSnapshot() external view returns (StrategySnapshot memory);
}
/**
* @notice Storage struct for AccountingModule
*/
struct AccountingModuleStorage {
IAccountingToken accountingToken;
address safe;
address baseAsset;
address strategy;
uint64 nextUpdateWindow;
uint16 cooldownSeconds;
uint256 targetApy; // in bips;
uint256 lowerBound; // in bips; % of tvl
uint256 minRewardableAssets;
IAccountingModule.StrategySnapshot[] _snapshots;
}
/**
* Module to configure strategy params,
* and mint/burn IOU tokens to represent value accrual/loss.
*/
contract AccountingModule is IAccountingModule, Initializable, AccessControlUpgradeable {
using SafeERC20 for IERC20;
/// @notice Role for safe manager permissions
bytes32 public constant SAFE_MANAGER_ROLE = keccak256("SAFE_MANAGER_ROLE");
/// @notice Role for processing rewards/losses
bytes32 public constant REWARDS_PROCESSOR_ROLE = keccak256("REWARDS_PROCESSOR_ROLE");
bytes32 public constant LOSS_PROCESSOR_ROLE = keccak256("LOSS_PROCESSOR_ROLE");
uint256 public constant YEAR = 365.25 days;
uint256 public constant DIVISOR = 1e18;
uint256 public constant MAX_LOWER_BOUND = DIVISOR / 2;
/// @notice Storage slot for AccountingModule data
bytes32 private constant ACCOUNTING_MODULE_STORAGE_SLOT = keccak256("yieldnest.storage.accountingModule");
/// @custom:oz-upgrades-unsafe-allow constructor
constructor() {
_disableInitializers();
}
/**
* @notice Get the storage struct
*/
function _getAccountingModuleStorage() internal pure returns (AccountingModuleStorage storage s) {
bytes32 slot = ACCOUNTING_MODULE_STORAGE_SLOT;
assembly {
s.slot := slot
}
}
/**
* /**
* @notice Initializes the vault.
* @param strategy_ The strategy address.
* @param admin The address of the admin.
* @param safe_ The safe associated with the module.
* @param accountingToken_ The accountingToken associated with the module.
* @param targetApy_ The target APY of the strategy.
* @param lowerBound_ The lower bound of losses of the strategy(as % of TVL).
* @param minRewardableAssets_ The minimum rewardable assets.
* @param cooldownSeconds_ The cooldown period in seconds.
*/
function initialize(
address strategy_,
address admin,
address safe_,
IAccountingToken accountingToken_,
uint256 targetApy_,
uint256 lowerBound_,
uint256 minRewardableAssets_,
uint16 cooldownSeconds_
)
external
virtual
initializer
{
__AccessControl_init();
if (admin == address(0)) revert ZeroAddress();
_grantRole(DEFAULT_ADMIN_ROLE, admin);
AccountingModuleStorage storage s = _getAccountingModuleStorage();
if (address(accountingToken_) == address(0)) revert ZeroAddress();
s.accountingToken = accountingToken_;
s.minRewardableAssets = minRewardableAssets_;
if (strategy_ == address(0)) revert ZeroAddress();
s.strategy = strategy_;
s.baseAsset = IERC4626(strategy_).asset();
_setSafeAddress(safe_);
_setTargetApy(targetApy_);
_setLowerBound(lowerBound_);
_setCooldownSeconds(cooldownSeconds_);
createStrategySnapshot();
}
modifier checkAndResetCooldown() {
AccountingModuleStorage storage s = _getAccountingModuleStorage();
if (block.timestamp < s.nextUpdateWindow) revert TooEarly();
s.nextUpdateWindow = (uint64(block.timestamp) + s.cooldownSeconds);
_;
}
modifier onlyStrategy() {
AccountingModuleStorage storage s = _getAccountingModuleStorage();
if (msg.sender != s.strategy) revert NotStrategy();
_;
}
/// DEPOSIT/WITHDRAW ///
/**
* @notice Proxies deposit of base assets from caller to associated SAFE,
* and mints an equiv amount of accounting tokens
* @param amount amount to deposit
*/
function deposit(uint256 amount) external onlyStrategy {
AccountingModuleStorage storage s = _getAccountingModuleStorage();
IERC20(s.baseAsset).safeTransferFrom(s.strategy, s.safe, amount);
s.accountingToken.mintTo(s.strategy, amount);
}
/**
* @notice Proxies withdraw of base assets from associated SAFE to caller,
* and burns an equiv amount of accounting tokens
* @param amount amount to deposit
* @param recipient address to receive the base assets
*/
function withdraw(uint256 amount, address recipient) external onlyStrategy {
AccountingModuleStorage storage s = _getAccountingModuleStorage();
s.accountingToken.burnFrom(s.strategy, amount);
IERC20(s.baseAsset).safeTransferFrom(s.safe, recipient, amount);
}
/// REWARDS ///
/**
* @notice Process rewards by minting accounting tokens
* @param amount profits to mint
*/
function processRewards(uint256 amount) external onlyRole(REWARDS_PROCESSOR_ROLE) checkAndResetCooldown {
AccountingModuleStorage storage s = _getAccountingModuleStorage();
_processRewards(amount, s._snapshots.length - 1);
}
/**
* @notice Process rewards by minting accounting tokens with specific snapshot index
* @param amount profits to mint
* @param snapshotIndex index of the snapshot to compare against
*/
function processRewards(
uint256 amount,
uint256 snapshotIndex
)
external
onlyRole(REWARDS_PROCESSOR_ROLE)
checkAndResetCooldown
{
_processRewards(amount, snapshotIndex);
}
/**
* @notice Internal function to process rewards with snapshot validation
* @param amount profits to mint
* @param snapshotIndex index of the snapshot to compare against
*
* @dev This function validates rewards by comparing current PPS against a historical snapshot.
* Using a past snapshot (rather than the most recent) helps prevent APR manipulation
* by smoothing out reward distribution over time.
*
*
* Example with daily processRewards calls:
*
* Day 0: PPS = 100 [snapshot 0]
* Day 1: PPS = 101 [snapshot 1]
* Day 2: PPS = 102 [snapshot 2]
* Day 3: PPS = 107 [snapshot 3] ← Big jump due to delayed rewards
*
* If we only compared Day 2→3 (102→107):
* Daily return: 4.9% → ~720% APR (exceeds cap)
*
* Instead, compare Day 0→3 (100→107):
* Daily return: ~2.3% → ~240% APR (within sustainable range)
*
* This approach provides flexibility by allowing irregular reward distributions
* while still enforcing APR limits. By comparing against historical snapshots,
* the system can accommodate delayed or lump-sum rewards without triggering
* false positives, while maintaining protection against actual APR manipulation.
*/
function _processRewards(uint256 amount, uint256 snapshotIndex) internal {
AccountingModuleStorage storage s = _getAccountingModuleStorage();
// check if snapshot index is valid
if (snapshotIndex >= s._snapshots.length) revert SnapshotIndexOutOfBounds(snapshotIndex);
uint256 totalSupply = s.accountingToken.totalSupply();
if (totalSupply < s.minRewardableAssets) revert TvlTooLow();
IVault strategyVault = IVault(s.strategy);
s.accountingToken.mintTo(s.strategy, amount);
strategyVault.processAccounting();
// check if apr is within acceptable bounds
StrategySnapshot memory previousSnapshot = s._snapshots[snapshotIndex];
uint256 currentPricePerShare = createStrategySnapshot().pricePerShare;
// Check if APR is within acceptable bounds
uint256 aprSinceLastSnapshot = calculateApr(
previousSnapshot.pricePerShare, previousSnapshot.timestamp, currentPricePerShare, block.timestamp
);
if (aprSinceLastSnapshot > s.targetApy) revert AccountingLimitsExceeded(aprSinceLastSnapshot, s.targetApy);
}
function createStrategySnapshot() internal returns (StrategySnapshot memory) {
AccountingModuleStorage storage s = _getAccountingModuleStorage();
IVault strategyVault = IVault(s.strategy);
// Take snapshot of current state
uint256 currentPricePerShare = strategyVault.convertToAssets(10 ** strategyVault.decimals());
StrategySnapshot memory snapshot = StrategySnapshot({
timestamp: block.timestamp,
pricePerShare: currentPricePerShare,
totalSupply: strategyVault.totalSupply(),
totalAssets: strategyVault.totalAssets()
});
s._snapshots.push(snapshot);
return snapshot;
}
/**
* @notice Calculate APR based on price per share changes over time
* @param previousPricePerShare The price per share at the start of the period
* @param previousTimestamp The timestamp at the start of the period
* @param currentPricePerShare The price per share at the end of the period
* @param currentTimestamp The timestamp at the end of the period
* @return apr The calculated APR in basis points
*/
function calculateApr(
uint256 previousPricePerShare,
uint256 previousTimestamp,
uint256 currentPricePerShare,
uint256 currentTimestamp
)
public
pure
returns (uint256 apr)
{
/*
ppsStart - Price per share at the start of the period
ppsEnd - Price per share at the end of the period
t - Time period in years*
Formula: (ppsEnd - ppsStart) / (ppsStart * t)
*/
// Ensure timestamps are ordered (current should be after previous)
if (currentTimestamp <= previousTimestamp) revert CurrentTimestampBeforePreviousTimestamp();
// Prevent division by zero
if (previousPricePerShare == 0) revert InvariantViolation();
return (currentPricePerShare - previousPricePerShare) * YEAR * DIVISOR / previousPricePerShare
/ (currentTimestamp - previousTimestamp);
}
/// LOSS ///
/**
* @notice Process losses by burning accounting tokens
* @param amount losses to burn
*/
function processLosses(uint256 amount) external onlyRole(LOSS_PROCESSOR_ROLE) checkAndResetCooldown {
AccountingModuleStorage storage s = _getAccountingModuleStorage();
uint256 totalSupply = s.accountingToken.totalSupply();
if (totalSupply < 10 ** s.accountingToken.decimals()) revert TvlTooLow();
// check bound on losses
if (amount > totalSupply * s.lowerBound / DIVISOR) {
revert LossLimitsExceeded(amount, totalSupply * s.lowerBound / DIVISOR);
}
s.accountingToken.burnFrom(s.strategy, amount);
IVault(s.strategy).processAccounting();
createStrategySnapshot();
}
/// ADMIN ///
/**
* @notice Set target APY to determine upper bound. e.g. 1000 = 10% APY
* @param targetApyInBips in bips
* @dev hard max of 100% targetApy
*/
function setTargetApy(uint256 targetApyInBips) external onlyRole(SAFE_MANAGER_ROLE) {
_setTargetApy(targetApyInBips);
}
/**
* @notice Set lower bound as a function of tvl for losses. e.g. 1000 = 10% of tvl
* @param _lowerBound in bips, as a function of % of tvl
* @dev hard max of 50% of tvl
*/
function setLowerBound(uint256 _lowerBound) external onlyRole(SAFE_MANAGER_ROLE) {
_setLowerBound(_lowerBound);
}
/**
* @notice Set cooldown in seconds between every processing of rewards/losses
* @param cooldownSeconds_ new cooldown seconds
*/
function setCooldownSeconds(uint16 cooldownSeconds_) external onlyRole(SAFE_MANAGER_ROLE) {
_setCooldownSeconds(cooldownSeconds_);
}
/**
* @notice Set a new safe address
* @param newSafe new safe address
*/
function setSafeAddress(address newSafe) external virtual onlyRole(SAFE_MANAGER_ROLE) {
_setSafeAddress(newSafe);
}
/// ADMIN INTERNAL SETTERS ///
function _setTargetApy(uint256 targetApyInBips) internal {
AccountingModuleStorage storage s = _getAccountingModuleStorage();
if (targetApyInBips > 10 * DIVISOR) revert InvariantViolation();
emit TargetApyUpdated(targetApyInBips, s.targetApy);
s.targetApy = targetApyInBips;
}
function _setLowerBound(uint256 _lowerBound) internal {
AccountingModuleStorage storage s = _getAccountingModuleStorage();
if (_lowerBound > MAX_LOWER_BOUND) revert InvariantViolation();
emit LowerBoundUpdated(_lowerBound, s.lowerBound);
s.lowerBound = _lowerBound;
}
function _setCooldownSeconds(uint16 cooldownSeconds_) internal {
AccountingModuleStorage storage s = _getAccountingModuleStorage();
emit CooldownSecondsUpdated(cooldownSeconds_, s.cooldownSeconds);
s.cooldownSeconds = cooldownSeconds_;
}
function _setSafeAddress(address newSafe) internal {
AccountingModuleStorage storage s = _getAccountingModuleStorage();
if (newSafe == address(0)) revert ZeroAddress();
emit SafeUpdated(newSafe, s.safe);
s.safe = newSafe;
}
/// VIEWS ///
function baseAsset() external view returns (address) {
return _getAccountingModuleStorage().baseAsset;
}
function strategy() external view returns (address) {
return _getAccountingModuleStorage().strategy;
}
function accountingToken() external view returns (IAccountingToken) {
return _getAccountingModuleStorage().accountingToken;
}
function cooldownSeconds() external view returns (uint16) {
return _getAccountingModuleStorage().cooldownSeconds;
}
function lowerBound() external view returns (uint256) {
return _getAccountingModuleStorage().lowerBound;
}
function nextUpdateWindow() external view returns (uint64) {
return _getAccountingModuleStorage().nextUpdateWindow;
}
function safe() external view returns (address) {
return _getAccountingModuleStorage().safe;
}
function targetApy() external view returns (uint256) {
return _getAccountingModuleStorage().targetApy;
}
function snapshotsLength() external view returns (uint256) {
return _getAccountingModuleStorage()._snapshots.length;
}
function snapshots(uint256 index) external view returns (StrategySnapshot memory) {
return _getAccountingModuleStorage()._snapshots[index];
}
function lastSnapshot() external view returns (StrategySnapshot memory) {
AccountingModuleStorage storage s = _getAccountingModuleStorage();
return s._snapshots[s._snapshots.length - 1];
}
}
"
},
"lib/yieldnest-flex-strategy/lib/yieldnest-vault/lib/openzeppelin-contracts/contracts/token/ERC20/IERC20.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/IERC20.sol)
pragma solidity ^0.8.20;
/**
* @dev Interface of the ERC20 standard as defined in the EIP.
*/
interface IERC20 {
/**
* @dev Emitted when `value` tokens are moved from one account (`from`) to
* another (`to`).
*
* Note that `value` may be zero.
*/
event Transfer(address indexed from, address indexed to, uint256 value);
/**
* @dev Emitted when the allowance of a `spender` for an `owner` is set by
* a call to {approve}. `value` is the new allowance.
*/
event Approval(address indexed owner, address indexed spender, uint256 value);
/**
* @dev Returns the value of tokens in existence.
*/
function totalSupply() external view returns (uint256);
/**
* @dev Returns the value of tokens owned by `account`.
*/
function balanceOf(address account) external view returns (uint256);
/**
* @dev Moves a `value` amount of tokens from the caller's account to `to`.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transfer(address to, uint256 value) external returns (bool);
/**
* @dev Returns the remaining number of tokens that `spender` will be
* allowed to spend on behalf of `owner` through {transferFrom}. This is
* zero by default.
*
* This value changes when {approve} or {transferFrom} are called.
*/
function allowance(address owner, address spender) external view returns (uint256);
/**
* @dev Sets a `value` amount of tokens as the allowance of `spender` over the
* caller's tokens.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* IMPORTANT: Beware that changing an allowance with this method brings the risk
* that someone may use both the old and the new allowance by unfortunate
* transaction ordering. One possible solution to mitigate this race
* condition is to first reduce the spender's allowance to 0 and set the
* desired value afterwards:
* https://github.com/ethereum/EIPs/issues/20#issuecomment-263524729
*
* Emits an {Approval} event.
*/
function approve(address spender, uint256 value) external returns (bool);
/**
* @dev Moves a `value` amount of tokens from `from` to `to` using the
* allowance mechanism. `value` is then deducted from the caller's
* allowance.
*
* Returns a boolean value indicating whether the operation succeeded.
*
* Emits a {Transfer} event.
*/
function transferFrom(address from, address to, uint256 value) external returns (bool);
}
"
},
"lib/yieldnest-flex-strategy/lib/yieldnest-vault/lib/openzeppelin-contracts/contracts/token/ERC20/utils/SafeERC20.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (token/ERC20/utils/SafeERC20.sol)
pragma solidity ^0.8.20;
import {IERC20} from "../IERC20.sol";
import {IERC20Permit} from "../extensions/IERC20Permit.sol";
import {Address} from "../../../utils/Address.sol";
/**
* @title SafeERC20
* @dev Wrappers around ERC20 operations that throw on failure (when the token
* contract returns false). Tokens that return no value (and instead revert or
* throw on failure) are also supported, non-reverting calls are assumed to be
* successful.
* To use this library you can add a `using SafeERC20 for IERC20;` statement to your contract,
* which allows you to call the safe operations as `token.safeTransfer(...)`, etc.
*/
library SafeERC20 {
using Address for address;
/**
* @dev An operation with an ERC20 token failed.
*/
error SafeERC20FailedOperation(address token);
/**
* @dev Indicates a failed `decreaseAllowance` request.
*/
error SafeERC20FailedDecreaseAllowance(address spender, uint256 currentAllowance, uint256 requestedDecrease);
/**
* @dev Transfer `value` amount of `token` from the calling contract to `to`. If `token` returns no value,
* non-reverting calls are assumed to be successful.
*/
function safeTransfer(IERC20 token, address to, uint256 value) internal {
_callOptionalReturn(token, abi.encodeCall(token.transfer, (to, value)));
}
/**
* @dev Transfer `value` amount of `token` from `from` to `to`, spending the approval given by `from` to the
* calling contract. If `token` returns no value, non-reverting calls are assumed to be successful.
*/
function safeTransferFrom(IERC20 token, address from, address to, uint256 value) internal {
_callOptionalReturn(token, abi.encodeCall(token.transferFrom, (from, to, value)));
}
/**
* @dev Increase the calling contract's allowance toward `spender` by `value`. If `token` returns no value,
* non-reverting calls are assumed to be successful.
*/
function safeIncreaseAllowance(IERC20 token, address spender, uint256 value) internal {
uint256 oldAllowance = token.allowance(address(this), spender);
forceApprove(token, spender, oldAllowance + value);
}
/**
* @dev Decrease the calling contract's allowance toward `spender` by `requestedDecrease`. If `token` returns no
* value, non-reverting calls are assumed to be successful.
*/
function safeDecreaseAllowance(IERC20 token, address spender, uint256 requestedDecrease) internal {
unchecked {
uint256 currentAllowance = token.allowance(address(this), spender);
if (currentAllowance < requestedDecrease) {
revert SafeERC20FailedDecreaseAllowance(spender, currentAllowance, requestedDecrease);
}
forceApprove(token, spender, currentAllowance - requestedDecrease);
}
}
/**
* @dev Set the calling contract's allowance toward `spender` to `value`. If `token` returns no value,
* non-reverting calls are assumed to be successful. Meant to be used with tokens that require the approval
* to be set to zero before setting it to a non-zero value, such as USDT.
*/
function forceApprove(IERC20 token, address spender, uint256 value) internal {
bytes memory approvalCall = abi.encodeCall(token.approve, (spender, value));
if (!_callOptionalReturnBool(token, approvalCall)) {
_callOptionalReturn(token, abi.encodeCall(token.approve, (spender, 0)));
_callOptionalReturn(token, approvalCall);
}
}
/**
* @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
* on the return value: the return value is optional (but if data is returned, it must not be false).
* @param token The token targeted by the call.
* @param data The call data (encoded using abi.encode or one of its variants).
*/
function _callOptionalReturn(IERC20 token, bytes memory data) private {
// We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since
// we're implementing it ourselves. We use {Address-functionCall} to perform this call, which verifies that
// the target address contains contract code and also asserts for success in the low-level call.
bytes memory returndata = address(token).functionCall(data);
if (returndata.length != 0 && !abi.decode(returndata, (bool))) {
revert SafeERC20FailedOperation(address(token));
}
}
/**
* @dev Imitates a Solidity high-level call (i.e. a regular function call to a contract), relaxing the requirement
* on the return value: the return value is optional (but if data is returned, it must not be false).
* @param token The token targeted by the call.
* @param data The call data (encoded using abi.encode or one of its variants).
*
* This is a variant of {_callOptionalReturn} that silents catches all reverts and returns a bool instead.
*/
function _callOptionalReturnBool(IERC20 token, bytes memory data) private returns (bool) {
// We need to perform a low level call here, to bypass Solidity's return data size checking mechanism, since
// we're implementing it ourselves. We cannot use {Address-functionCall} here since this should return false
// and not revert is the subcall reverts.
(bool success, bytes memory returndata) = address(token).call(data);
return success && (returndata.length == 0 || abi.decode(returndata, (bool))) && address(token).code.length > 0;
}
}
"
},
"lib/yieldnest-flex-strategy/src/AccountingToken.sol": {
"content": "// SPDX-License-Identifier: BSD-3-Clause
pragma solidity ^0.8.28;
import { IERC20, IERC20Metadata } from "@openzeppelin/contracts/token/ERC20/ERC20.sol";
import { Initializable } from "@openzeppelin/contracts-upgradeable/proxy/utils/Initializable.sol";
import { ERC20Upgradeable } from "@openzeppelin/contracts-upgradeable/token/ERC20/ERC20Upgradeable.sol";
import { AccessControlUpgradeable } from "@openzeppelin/contracts-upgradeable/access/AccessControlUpgradeable.sol";
import { IAccountingModule } from "./AccountingModule.sol";
interface IAccountingToken is IERC20, IERC20Metadata {
function burnFrom(address burnAddress, uint256 burnAmount) external;
function mintTo(address mintAddress, uint256 mintAmount) external;
function TRACKED_ASSET() external view returns (address);
}
/**
* @notice Storage struct for AccountingToken
*/
struct AccountingTokenStorage {
address accountingModule;
}
/**
* Accounting token that keeps track of baseAsset amount transferred to safe.
*/
contract AccountingToken is Initializable, ERC20Upgradeable, AccessControlUpgradeable {
error Unauthorized();
error NotAllowed();
error ZeroAddress();
error AccountingTokenMismatch();
error BaseAssetMismatch();
event AccountingModuleUpdated(address newValue, address oldValue);
address public immutable TRACKED_ASSET;
/// @notice Storage slot for AccountingToken data
bytes32 private constant ACCOUNTING_TOKEN_STORAGE_SLOT = keccak256("yieldnest.storage.accountingToken");
/// @custom:oz-upgrades-unsafe-allow constructor
constructor(address trackedAsset) {
_disableInitializers();
TRACKED_ASSET = trackedAsset;
}
/**
* @notice Get the storage struct
*/
function _getAccountingTokenStorage() internal pure returns (AccountingTokenStorage storage s) {
bytes32 slot = ACCOUNTING_TOKEN_STORAGE_SLOT;
assembly {
s.slot := slot
}
}
/**
* @param admin The address of the admin.
* @param name_ The name of the accountingToken.
* @param symbol_ The symbol of accountingToken.
*/
function initialize(address admin, string memory name_, string memory symbol_) external virtual initializer {
if (admin == address(0)) revert ZeroAddress();
__ERC20_init(name_, symbol_);
__AccessControl_init();
_grantRole(DEFAULT_ADMIN_ROLE, admin);
}
modifier onlyAccounting() {
if (msg.sender != _getAccountingTokenStorage().accountingModule) revert Unauthorized();
_;
}
/**
* @dev See {IERC20Metadata-decimals}.
*/
function decimals() public view virtual override returns (uint8) {
return IERC20Metadata(TRACKED_ASSET).decimals();
}
/**
* @notice burn `burnAmount` from `burnAddress`
* @param burnAddress address to burn from
* @param burnAmount amount to burn
*/
function burnFrom(address burnAddress, uint256 burnAmount) external onlyAccounting {
_burn(burnAddress, burnAmount);
}
/**
* @notice mints `mintAmount` to `mintAddress`
* @param mintAddress address to mint to
* @param mintAmount amount to mint
*/
function mintTo(address mintAddress, uint256 mintAmount) external onlyAccounting {
_mint(mintAddress, mintAmount);
}
/**
* @dev should not ordinarily be transferred
*/
function transferFrom(address, address, uint256) public virtual override returns (bool) {
revert NotAllowed();
}
/**
* @dev should not ordinarily be transferred
*/
function transfer(address, uint256) public virtual override returns (bool) {
revert NotAllowed();
}
/**
* Update accounting module address
* @param accountingModule_ new accounting module address
*/
function setAccountingModule(address accountingModule_) external onlyRole(DEFAULT_ADMIN_ROLE) {
if (accountingModule_ == address(0)) revert ZeroAddress();
AccountingTokenStorage storage s = _getAccountingTokenStorage();
emit AccountingModuleUpdated(accountingModule_, s.accountingModule);
if (address(IAccountingModule(accountingModule_).accountingToken()) != address(this)) {
revert AccountingTokenMismatch();
}
if (IAccountingModule(accountingModule_).baseAsset() != TRACKED_ASSET) {
revert BaseAssetMismatch();
}
s.accountingModule = accountingModule_;
}
/// VIEWS ///
function accountingModule() public view returns (address) {
return _getAccountingTokenStorage().accountingModule;
}
}
"
},
"lib/yieldnest-flex-strategy/lib/yieldnest-vault/src/interface/IVault.sol": {
"content": "// SPDX-License-Identifier: BSD-3-Clause
pragma solidity ^0.8.24;
import {IERC4626} from "src/Common.sol";
import {IValidator} from "src/interface/IValidator.sol";
interface IVault is IERC4626 {
struct VaultStorage {
uint256 totalAssets;
address provider;
address buffer;
bool paused;
uint8 decimals;
bool countNativeAsset;
bool alwaysComputeTotalAssets;
/// @notice The index of the default asset.
/// The default asset is vault.asset(), used for deposit, withdraw, redeem, mint as default.
/// If defaultAssetIndex is 0, the vault will use the base asset as default asset.
uint256 defaultAssetIndex;
}
struct AssetParams {
uint256 index;
bool active;
uint8 decimals;
}
struct AssetUpdateFields {
bool active;
}
struct AssetStorage {
mapping(address => AssetParams) assets;
address[] list;
}
struct FeeStorage {
/// @notice The base withdrawal fee in basis points (1e8 = 100%)
uint64 baseWithdrawalFee;
}
enum ParamType {
UINT256,
ADDRESS
}
struct ParamRule {
ParamType paramType;
bool isArray;
address[] allowList;
}
struct FunctionRule {
bool isActive;
ParamRule[] paramRules;
IValidator validator;
}
struct ProcessorStorage {
uint256 lastProcessed;
uint256 lastAccounting;
mapping(address => mapping(bytes4 => FunctionRule)) rules;
}
error Paused();
error Unpaused();
error ZeroAddress();
error ZeroAmount();
error ZeroRate();
error InvalidString();
error InvalidArray();
error ExceededMaxDeposit(address sender, uint256 amount, uint256 maxAssets);
error DefaultAsset();
error AssetNotEmpty(address);
error InvalidAsset(address);
error InvalidTarget(address);
error InvalidDecimals();
error InvalidFunction(address target, bytes4 funcSig);
error DuplicateAsset(address asset);
error ExceededMaxWithdraw(address, uint256, uint256);
error ExceededMaxRedeem(address, uint256, uint256);
error ProcessFailed(bytes, bytes);
error ProcessInvalid(bytes);
error ProviderNotSet();
error BufferNotSet();
error DepositFailed();
error AssetNotActive();
error ExceedsMaxBasisPoints(uint256 value);
error InvalidNativeAssetDecimals(uint256 decimals);
error InvalidAssetDecimals(uint256 decimals);
error InvalidDefaultAssetIndex(uint256 index);
error BaseAsset();
event DepositAsset(
address indexed sender,
address indexed receiver,
address indexed asset,
uint256 assets,
uint256 baseAssets,
uint256 shares
);
event SetProvider(address indexed provider);
event SetBuffer(address indexed buffer);
event SetAlwaysComputeTotalAssets(bool alwaysComputeTotalAssets);
event NewAsset(address indexed asset, uint256 decimals, uint256 index);
event ProcessSuccess(address[] targets, uint256[] values, bytes[] data);
event Pause(bool paused);
event SetProcessorRule(address indexed target, bytes4, FunctionRule);
event NativeDeposit(uint256 amount);
event ProcessAccounting(uint256 timestamp, uint256 totalAssets);
event UpdateAsset(uint256 indexed index, address indexed asset, AssetUpdateFields fields);
event DeleteAsset(uint256 indexed index, address indexed asset);
event SetBaseWithdrawalFee(uint64 oldFee, uint64 newFee);
// 4626-MAX
function getAssets() external view returns (address[] memory list);
function getAsset(address asset_) external view returns (AssetParams memory);
function getProcessorRule(address contractAddress, bytes4 funcSig) external view returns (FunctionRule memory);
function previewDepositAsset(address assetAddress, uint256 assets) external view returns (uint256);
function depositAsset(address assetAddress, uint256 amount, address receiver) external returns (uint256);
function provider() external view returns (address);
function buffer() external view returns (address);
function totalBaseAssets() external view returns (uint256);
// ADMIN
function setProvider(address provider) external;
function setBuffer(address buffer) external;
function setProcessorRule(address target, bytes4 functionSig, FunctionRule memory rule) external;
function setProcessorRules(address[] memory targets, bytes4[] memory functionSigs, FunctionRule[] memory rules)
external;
function addAsset(address asset_, bool active_) external;
function pause() external;
function unpause() external;
function processAccounting() external;
function processor(address[] calldata targets, uint256[] calldata values, bytes[] calldata data)
external
returns (bytes[] memory);
// FEES
function _feeOnRaw(uint256 assets) external view returns (uint256);
function _feeOnTotal(uint256 assets) external view returns (uint256);
}
"
},
"lib/yieldnest-flex-strategy/lib/yieldnest-vault/lib/openzeppelin-contracts-upgradeable/contracts/proxy/utils/Initializable.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (proxy/utils/Initializable.sol)
pragma solidity ^0.8.20;
/**
* @dev This is a base contract to aid in writing upgradeable contracts, or any kind of contract that will be deployed
* behind a proxy. Since proxied contracts do not make use of a constructor, it's common to move constructor logic to an
* external initializer function, usually called `initialize`. It then becomes necessary to protect this initializer
* function so it can only be called once. The {initializer} modifier provided by this contract will have this effect.
*
* The initialization functions use a version number. Once a version number is used, it is consumed and cannot be
* reused. This mechanism prevents re-execution of each "step" but allows the creation of new initialization steps in
* case an upgrade adds a module that needs to be initialized.
*
* For example:
*
* [.hljs-theme-light.nopadding]
* ```solidity
* contract MyToken is ERC20Upgradeable {
* function initialize() initializer public {
* __ERC20_init("MyToken", "MTK");
* }
* }
*
* contract MyTokenV2 is MyToken, ERC20PermitUpgradeable {
* function initializeV2() reinitializer(2) public {
* __ERC20Permit_init("MyToken");
* }
* }
* ```
*
* TIP: To avoid leaving the proxy in an uninitialized state, the initializer function should be called as early as
* possible by providing the encoded function call as the `_data` argument to {ERC1967Proxy-constructor}.
*
* CAUTION: When used with inheritance, manual care must be taken to not invoke a parent initializer twice, or to ensure
* that all initializers are idempotent. This is not verified automatically as constructors are by Solidity.
*
* [CAUTION]
* ====
* Avoid leaving a contract uninitialized.
*
* An uninitialized contract can be taken over by an attacker. This applies to both a proxy and its implementation
* contract, which may impact the proxy. To prevent the implementation contract from being used, you should invoke
* the {_disableInitializers} function in the constructor to automatically lock it when it is deployed:
*
* [.hljs-theme-light.nopadding]
* ```
* /// @custom:oz-upgrades-unsafe-allow constructor
* constructor() {
* _disableInitializers();
* }
* ```
* ====
*/
abstract contract Initializable {
/**
* @dev Storage of the initializable contract.
*
* It's implemented on a custom ERC-7201 namespace to reduce the risk of storage collisions
* when using with upgradeable contracts.
*
* @custom:storage-location erc7201:openzeppelin.storage.Initializable
*/
struct InitializableStorage {
/**
* @dev Indicates that the contract has been initialized.
*/
uint64 _initialized;
/**
* @dev Indicates that the contract is in the process of being initialized.
*/
bool _initializing;
}
// keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.Initializable")) - 1)) & ~bytes32(uint256(0xff))
bytes32 private constant INITIALIZABLE_STORAGE = 0xf0c57e16840df040f15088dc2f81fe391c3923bec73e23a9662efc9c229c6a00;
/**
* @dev The contract is already initialized.
*/
error InvalidInitialization();
/**
* @dev The contract is not initializing.
*/
error NotInitializing();
/**
* @dev Triggered when the contract has been initialized or reinitialized.
*/
event Initialized(uint64 version);
/**
* @dev A modifier that defines a protected initializer function that can be invoked at most once. In its scope,
* `onlyInitializing` functions can be used to initialize parent contracts.
*
* Similar to `reinitializer(1)`, except that in the context of a constructor an `initializer` may be invoked any
* number of times. This behavior in the constructor can be useful during testing and is not expected to be used in
* production.
*
* Emits an {Initialized} event.
*/
modifier initializer() {
// solhint-disable-next-line var-name-mixedcase
InitializableStorage storage $ = _getInitializableStorage();
// Cache values to avoid duplicated sloads
bool isTopLevelCall = !$._initializing;
uint64 initialized = $._initialized;
// Allowed calls:
// - initialSetup: the contract is not in the initializing state and no previous version was
// initialized
// - construction: the contract is initialized at version 1 (no reininitialization) and the
// current contract is just being deployed
bool initialSetup = initialized == 0 && isTopLevelCall;
bool construction = initialized == 1 && address(this).code.length == 0;
if (!initialSetup && !construction) {
revert InvalidInitialization();
}
$._initialized = 1;
if (isTopLevelCall) {
$._initializing = true;
}
_;
if (isTopLevelCall) {
$._initializing = false;
emit Initialized(1);
}
}
/**
* @dev A modifier that defines a protected reinitializer function that can be invoked at most once, and only if the
* contract hasn't been initialized to a greater version before. In its scope, `onlyInitializing` functions can be
* used to initialize parent contracts.
*
* A reinitializer may be used after the original initialization step. This is essential to configure modules that
* are added through upgrades and that require initialization.
*
* When `version` is 1, this modifier is similar to `initializer`, except that functions marked with `reinitializer`
* cannot be nested. If one is invoked in the context of another, execution will revert.
*
* Note that versions can jump in increments greater than 1; this implies that if multiple reinitializers coexist in
* a contract, executing them in the right order is up to the developer or operator.
*
* WARNING: Setting the version to 2**64 - 1 will prevent any future reinitialization.
*
* Emits an {Initialized} event.
*/
modifier reinitializer(uint64 version) {
// solhint-disable-next-line var-name-mixedcase
InitializableStorage storage $ = _getInitializableStorage();
if ($._initializing || $._initialized >= version) {
revert InvalidInitialization();
}
$._initialized = version;
$._initializing = true;
_;
$._initializing = false;
emit Initialized(version);
}
/**
* @dev Modifier to protect an initialization function so that it can only be invoked by functions with the
* {initializer} and {reinitializer} modifiers, directly or indirectly.
*/
modifier onlyInitializing() {
_checkInitializing();
_;
}
/**
* @dev Reverts if the contract is not in an initializing state. See {onlyInitializing}.
*/
function _checkInitializing() internal view virtual {
if (!_isInitializing()) {
revert NotInitializing();
}
}
/**
* @dev Locks the contract, preventing any future reinitialization. This cannot be part of an initializer call.
* Calling this in the constructor of a contract will prevent that contract from being initialized or reinitialized
* to any version. It is recommended to use this to lock implementation contracts that are designed to be called
* through proxies.
*
* Emits an {Initialized} event the first time it is successfully executed.
*/
function _disableInitializers() internal virtual {
// solhint-disable-next-line var-name-mixedcase
InitializableStorage storage $ = _getInitializableStorage();
if ($._initializing) {
revert InvalidInitialization();
}
if ($._initialized != type(uint64).max) {
$._initialized = type(uint64).max;
emit Initialized(type(uint64).max);
}
}
/**
* @dev Returns the highest version that has been initialized. See {reinitializer}.
*/
function _getInitializedVersion() internal view returns (uint64) {
return _getInitializableStorage()._initialized;
}
/**
* @dev Returns `true` if the contract is currently initializing. See {onlyInitializing}.
*/
function _isInitializing() internal view returns (bool) {
return _getInitializableStorage()._initializing;
}
/**
* @dev Returns a pointer to the storage namespace.
*/
// solhint-disable-next-line var-name-mixedcase
function _getInitializableStorage() private pure returns (InitializableStorage storage $) {
assembly {
$.slot := INITIALIZABLE_STORAGE
}
}
}
"
},
"lib/yieldnest-flex-strategy/lib/yieldnest-vault/lib/openzeppelin-contracts-upgradeable/contracts/access/AccessControlUpgradeable.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (access/AccessControl.sol)
pragma solidity ^0.8.20;
import {IAccessControl} from "@openzeppelin/contracts/access/IAccessControl.sol";
import {ContextUpgradeable} from "../utils/ContextUpgradeable.sol";
import {ERC165Upgradeable} from "../utils/introspection/ERC165Upgradeable.sol";
import {Initializable} from "../proxy/utils/Initializable.sol";
/**
* @dev Contract module that allows children to implement role-based access
* control mechanisms. This is a lightweight version that doesn't allow enumerating role
* members except through off-chain means by accessing the contract event logs. Some
* applications may benefit from on-chain enumerability, for those cases see
* {AccessControlEnumerable}.
*
* Roles are referred to by their `bytes32` identifier. These should be exposed
* in the external API and be unique. The best way to achieve this is by
* using `public constant` hash digests:
*
* ```solidity
* bytes32 public constant MY_ROLE = keccak256("MY_ROLE");
* ```
*
* Roles can be used to represent a set of permissions. To restrict access to a
* function call, use {hasRole}:
*
* ```solidity
* function foo() public {
* require(hasRole(MY_ROLE, msg.sender));
* ...
* }
* ```
*
* Roles can be granted and revoked dynamically via the {grantRole} and
* {revokeRole} functions. Each role has an associated admin role, and only
* accounts that have a role's admin role can call {grantRole} and {revokeRole}.
*
* By default, the admin role for all roles is `DEFAULT_ADMIN_ROLE`, which means
* that only accounts with this role will be able to grant or revoke other
* roles. More complex role relationships can be created by using
* {_setRoleAdmin}.
*
* WARNING: The `DEFAULT_ADMIN_ROLE` is also its own admin: it has permission to
* grant and revoke this role. Extra precautions should be taken to secure
* accounts that have been granted it. We recommend using {AccessControlDefaultAdminRules}
* to enforce additional security measures for this role.
*/
abstract contract AccessControlUpgradeable is Initializable, ContextUpgradeable, IAccessControl, ERC165Upgradeable {
struct RoleData {
mapping(address account => bool) hasRole;
bytes32 adminRole;
}
bytes32 public constant DEFAULT_ADMIN_ROLE = 0x00;
/// @custom:storage-location erc7201:openzeppelin.storage.AccessControl
struct AccessControlStorage {
mapping(bytes32 role => RoleData) _roles;
}
// keccak256(abi.encode(uint256(keccak256("openzeppelin.storage.AccessControl")) - 1)) & ~bytes32(uint256(0xff))
bytes32 private constant AccessControlStorageLocation = 0x02dd7bc7dec4dceedda775e58dd541e08a116c6c53815c0bd028192f7b626800;
function _getAccessControlStorage() private pure returns (AccessControlStorage storage $) {
assembly {
$.slot := AccessControlStorageLocation
}
}
/**
* @dev Modifier that checks that an account has a specific role. Reverts
* with an {AccessControlUnauthorizedAccount} error including the required role.
*/
modifier onlyRole(bytes32 role) {
_checkRole(role);
_;
}
function __AccessControl_init() internal onlyInitializing {
}
function __AccessControl_init_unchained() internal onlyInitializing {
}
/**
* @dev See {IERC165-supportsInterface}.
*/
function supportsInterface(bytes4 interfaceId) public view virtual override returns (bool) {
return interfaceId == type(IAccessControl).interfaceId || super.supportsInterface(interfaceId);
}
/**
* @dev Returns `true` if `account` has been granted `role`.
*/
function hasRole(bytes32 role, address account) public view virtual returns (bool) {
AccessControlStorage storage $ = _getAccessControlStorage();
return $._roles[role].hasRole[account];
}
/**
* @dev Reverts with an {AccessControlUnauthorizedAccount} error if `_msgSender()`
* is missing `role`. Overriding this function changes the behavior of the {onlyRole} modifier.
*/
function _checkRole(bytes32 role) internal view virtual {
_checkRole(role, _msgSender());
}
/**
* @dev Reverts with an {AccessControlUnauthorizedAccount} error if `account`
* is missing `role`.
*/
function _checkRole(bytes32 role, address account) internal view virtual {
if (!hasRole(role, account)) {
revert AccessControlUnauthorizedAccount(account, role);
}
}
/**
* @dev Returns the admin role that controls `role`. See {grantRole} and
* {revokeRole}.
*
* To change a role's admin, use {_setRoleAdmin}.
*/
function getRoleAdmin(bytes32 role) public view virtual returns (bytes32) {
AccessControlStorage storage $ = _getAccessControlStorage();
return $._roles[role].adminRole;
}
/**
* @dev Grants `role` to `account`.
*
* If `account` had not been already granted `role`, emits a {RoleGranted}
* event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*
* May emit a {RoleGranted} event.
*/
function grantRole(bytes32 role, address account) public virtual onlyRole(getRoleAdmin(role)) {
_grantRole(role, account);
}
/**
* @dev Revokes `role` from `account`.
*
* If `account` had been granted `role`, emits a {RoleRevoked} event.
*
* Requirements:
*
* - the caller must have ``role``'s admin role.
*
* May emit a {RoleRevoked} event.
*/
function revokeRole(bytes32 role, address account) public virtual onlyRole(getRoleAdmin(role)) {
_revokeRole(role, account);
}
/**
* @dev Revokes `role` from the calling account.
*
* Roles are often managed via {grantRole} and {revokeRole}: this function's
* purpose is to provide a mechanism for accounts to lose their privileges
* if they are compromised (such as when a trusted device is misplaced).
*
* If the calling account had been revoked `role`, emits a {RoleRevoked}
* event.
*
* Requirements:
*
* - the caller must be `callerConfirmation`.
*
* May emit a {RoleRevoked} event.
*/
function renounceRole(bytes32 role, address callerConfirmation) public virtual {
if (callerConfirmation != _msgSender()) {
revert AccessControlBadConfirmation();
}
_revokeRole(role, callerConfirmation);
}
/**
* @dev Sets `adminRole` as ``role``'s admin role.
*
* Emits a {RoleAdminChanged} event.
*/
function _setRoleAdmin(bytes32 role, bytes32 adminRole) internal virtual {
AccessControlStorage storage $ = _getAccessControlStorage();
bytes32 previousAdminRole = getRoleAdmin(role);
$._roles[role].adminRole = adminRole;
emit RoleAdminChanged(role, previousAdminRole, adminRole);
}
/**
* @dev Attempts to grant `role` to `account` and returns a boolean indicating if `role` was granted.
*
* Internal function without access restriction.
*
* May emit a {RoleGranted} event.
*/
function _grantRole(bytes32 role, address account) internal virtual returns (bool) {
AccessControlStorage storage $ = _getAccessControlStorage();
if (!hasRole(role, account)) {
$._roles[role].hasRole[account] = true;
emit RoleGranted(role, account, _msgSender());
return true;
} else {
return false;
}
}
/**
* @dev Attempts to revoke `role` to `account` and returns a boolean indicating if `role` was revoked.
*
* Internal function without access restriction.
*
* May emit a {RoleRevoked} event.
*/
function _revokeRole(bytes32 role, address account) internal virtual returns (bool) {
AccessControlStorage storage $ = _getAccessControlStorage();
if (hasRole(role, account)) {
$._roles[role].hasRole[account] = false;
emit RoleRevoked(role, account, _msgSender());
return true;
} else {
return false;
}
}
}
"
},
"lib/yieldnest-flex-strategy/lib/yieldnest-vault/lib/openzeppelin-contracts/contracts/interfaces/IERC4626.sol": {
"content": "// SPDX-License-Identifier: MIT
// OpenZeppelin Contracts (last updated v5.0.0) (interfaces/IERC4626.sol)
pragma solidity ^0.8.20;
import {IERC20} from "../token/ERC20/IERC20.sol";
import {IERC20Metadata} from "../token/ERC20/extensions/IERC20Metadata.sol";
/**
* @dev Interface of the ERC4626 "Tokenized Vault Standard", as defined in
* https://eips.ethereum.org/EIPS/eip-4626[ERC-4626].
*/
interface IERC4626 is IERC20, IERC20Metadata {
event Deposit(address indexed sender, address indexed owner, uint256 assets, uint256 shares);
event Withdraw(
address indexed sender,
address indexed receiver,
address indexed owner,
uint256 assets,
uint256 shares
);
/**
* @dev Returns the address of the underlying token used for the Vault for accounting, depositing, and withdrawing.
*
* - MUST be an ERC-20 token contract.
* - MUST NOT revert.
*/
function asset() external view returns (address assetTokenAddress);
/**
* @dev Returns the total amount of the underlying asset that is “managed” by Vault.
*
* - SHOULD include any compounding that occurs from yield.
* - MUST be inclusive of any fees that are charged against assets in the Vault.
* - MUST NOT revert.
*/
function totalAssets() external view returns (uint256 totalManagedAssets);
/**
* @dev Returns the amount of shares that the Vault would exchange for the amount of assets provided, in an ideal
* scenario where all the conditions are met.
*
* - MUST NOT be inclusive of any fees that are charged against assets in the Vault.
* - MUST NOT show any variations depending on the caller.
* - MUST NOT reflect slippage or other on-chain conditions, when performing the actual exchange.
* - MUST NOT revert.
*
* NOTE: This calculation MAY NOT reflect the “per-user” price-per-share, and instead should reflect the
* “average-user’s” price-per-share, meaning what the average user should expect to see when exchanging to and
* from.
*/
function convertToShares(uint256 assets) external view returns (uint256 shares);
/**
* @dev Returns the amount of assets that the Vault would exchange for the amount of shares provided, in an ideal
* scenario where all the conditions are met.
*
* - MUST NOT be inclusive of any fees that are charged against assets in the Vault.
* - MUST NOT show any variations depending on the caller.
* - MUST NOT reflect slippage or other on-chain conditions, when performing the actual exchange.
* - MUST NOT revert.
*
* NOTE: This calculation MAY NOT reflect the “per-user” price-per-share, and instead should reflect the
* “average-user’s” price-per-share, meaning what the average user should expect to see when exchanging to and
* from.
*/
function convertToAssets(uint256 shares) external view returns (uint256 assets);
/**
* @dev Returns the maximum amount of the underlying asset that can be deposited into the Vault for the receiver,
* through a deposit call.
*
* - MUST return a limited value if receiver is subject to some deposit limit.
* - MUST return 2 ** 256 - 1 if there is no limit on the maximum amount of assets that may be deposited.
* - MUST NOT revert.
*/
function maxDeposit(address receiver) external view returns (uint256 maxAssets);
/**
* @dev Allows an on-chain or off-chain user to simulate the effects of their deposit at the current block, given
* current on-chain conditions.
*
* - MUST return as close to and no more than the exact amount of Vault shares that would be minted in a deposit
* call in the same transaction. I.e. deposit should return the same or more shares as previewDeposit if called
* in the same transaction.
* - MUST NOT account for deposit limits like those returned from maxDeposit and should always act as though the
* deposit would be accepted, regardless if the user has enough tokens approved, etc.
* - MUST be inclusive of deposit fees. Integrators should be aware of the existence of deposit fees.
* - MUST NOT revert.
*
* NOTE: any unfavorable discrepancy between convertToShares and previewDeposit SHOULD be considered slippage in
* share price or some other type of condition, meaning the depositor will lose assets by depositing.
*/
function previewDeposit(uint256 assets) external view returns (uint256 shares);
/**
* @dev Mints shares Vault shares to receiver by depositing exactly amount of underlying tokens.
*
* - MUST emit the Deposit event.
* - MAY support an additional flow in which the underlying tokens are owned by the Vault contract before the
* deposit execution, and are accounted for during deposit.
* - MUST revert if all of assets cannot be deposited (due to deposit limit being reached, slippage, the user not
* approving enough underlying tokens to the Vault contract, etc).
*
* NOTE: most implementations will require pre-approval of the Vault with the Vault’s underlying asset token.
*/
function deposit(uint256 assets, address receiver) external returns (uint256 shares);
/**
* @dev Returns the maximum amount of the Vault shares that can be minted for the receiver, through a mint call.
* - MUST return a limited value if receiver is subject to some mint limit.
* - MUST return 2 ** 256 - 1 if there is no limit on the maximum amount of shares that may be minted.
* - MUST NOT revert.
*/
function maxMint(address receiver) external view returns (uint256 maxShares);
/**
* @dev Allows an on-chain or off-chain user to simulate the effects of their mint at the current block, given
* current on-chain conditions.
*
* - MUST return as close to and no fewer than the exact amount of assets that would be deposited in a mint call
* in the same transaction. I.e. mint should return the same or fewer assets as previewMint if called in the
* same transaction.
* - MUST NOT account for mint limits like those returned from maxMint and should always act as though the mint
* would be accepted, regardless if the user has enough tokens approved, etc.
* - MUST be inclusive of deposit fees. Integrators should be aware of the existence of deposit fees.
* - MUST NOT revert.
*
* NOTE: any unfavorable discrepancy between convertToAssets and previewMint SHOULD be considered slippage in
* share price or some other type of condition, meaning the depositor will lose assets by minting.
*/
function previewMint(uint256 shares) external view returns (uint256 assets);
/**
* @dev Mints exactly shares Vault shares to receiver by depositing amount of underlying tokens.
*
* - MUST emit the Deposit event.
* - MAY support an additional flow in which the underlying tokens are owned by the Vault contract before the mint
* execution, and are accounted for during mint.
* - MUST revert if all of shares cannot be minted (due to deposit limit being reached, slippage, the user not
* approving enough underlying tokens to the Vault contract, etc).
*
* NOTE: most implementations will require pre-approval of the Vault with the Vault’s underlying asset token.
*/
function mint(uint256 shares, address receiver) external returns (uint256 assets);
/**
* @dev Returns the maximum amount of the underlying asset that can be withdrawn from the owner balance in the
* Vault, through a withdraw call.
*
* - MUST return a limited value if owner is subject to some withdrawal limit or timelock.
* - MUST NOT revert.
*/
function maxWithdraw(address owner) external view returns (uint256 maxAssets);
/**
* @dev Allows an on-chain or off-chain user to simulate the effects of their withdrawal at the current block,
* given current on-chain conditions.
*
* - MUST return as close to and no fewer than the exact amount of Vault shares that would be burned in a withdraw
* call in the same transaction. I.e. withdraw should return the same or fewer shares as previewWithdraw if
* called
* in the same transaction.
* - MUST NOT account for withdrawal limits like those returned from maxWithdraw and should always act as though
* the withdrawal would be accepted, regardless if the user has enough shares, etc.
* - MUST be inclusive of withdrawal fees. Integrators should be aware of the existence of withdrawal fees.
* - MUST NOT revert.
*
* NOTE: any unfavorable discrepancy between convertToShares and previewWithdraw SHOULD be considered slippage in
* share price or some other type of condition, meaning the depositor will lose assets by depositing.
*/
function previewWithdraw(uint256 assets) external view returns (uint256 shares);
/**
* @dev Burns shares from owner and sends exactly assets of underlying tokens to receiver.
*
* - MUST emit the Withdraw event.
* - MAY support an additional flow in which the underlying tokens are owned by the Vault contract before the
Submitted on: 2025-09-18 12:00:38
Comments
Log in to comment.
No comments yet.