Fix Cantina audit issues (#3)

* Start to fix audit feedback

* Add interface

* Fix test

* Cleanup

* Inherit from ICFG

Author: hieronx

script/CFG.s.sol

@@ -25,7 +25,7 @@ contract CFGScript is Script, CreateXScript {
 
         // Setup
         cfg.mint(mintDestination, initialMint);
-        // cfg.deny(address(this)); // TODO
+        cfg.deny(address(this));
 
         vm.stopBroadcast();
     }

src/CFG.sol

@@ -2,9 +2,10 @@
 pragma solidity 0.8.28;
 
 import {DelegationToken} from "src/DelegationToken.sol";
+import {ICFG} from "src/interfaces/ICFG.sol";
 
 /// @title  Centrifuge Token
-contract CFG is DelegationToken {
+contract CFG is DelegationToken, ICFG {
     constructor(address ward) DelegationToken(18) {
         file("name", "Centrifuge");
         file("symbol", "CFG");
@@ -18,10 +19,11 @@ contract CFG is DelegationToken {
 
         unchecked {
             // We don't need overflow checks b/c require(balance >= value) and balance <= totalSupply
-            _setBalance(msg.sender, _balanceOf(msg.sender) - value);
-            totalSupply = totalSupply - value;
+            _setBalance(msg.sender, balance - value);
+            totalSupply -= value;
         }
 
+        _moveDelegateVotes(delegatee[msg.sender], address(0), value);
         emit Transfer(msg.sender, address(0), value);
     }
 }

src/DelegationToken.sol

@@ -2,6 +2,7 @@
 pragma solidity 0.8.28;
 
 import {ERC20} from "protocol-v3/misc/ERC20.sol";
+import {IERC20} from "protocol-v3/misc/interfaces/IERC20.sol";
 import {IDelegationToken, Delegation, Signature} from "src/interfaces/IDelegationToken.sol";
 
 /// @title  Delegation Token
@@ -14,7 +15,7 @@ import {IDelegationToken, Delegation, Signature} from "src/interfaces/IDelegatio
 ///
 ///         By default, token balance does not account for voting power. This makes transfers cheaper. Whether
 ///         an account has to self-delegate to vote depends on the voting contract implementation.
-/// @author Modified from https://github.com/morpho-org/morpho-token-upgradeable
+/// @author Modified from https://github.com/morpho-org/morpho-token
 contract DelegationToken is ERC20, IDelegationToken {
     bytes32 public constant DELEGATION_TYPEHASH =
         keccak256("Delegation(address delegatee,uint256 nonce,uint256 expiry)");
@@ -42,6 +43,7 @@ contract DelegationToken is ERC20, IDelegationToken {
             abi.encodePacked("\x19\x01", DOMAIN_SEPARATOR(), keccak256(abi.encode(DELEGATION_TYPEHASH, delegation)))
         );
         address delegator = ecrecover(digest, signature.v, signature.r, signature.s);
+        require(delegator != address(0), InvalidSignature());
         require(delegation.nonce == delegationNonce[delegator]++, InvalidDelegationNonce());
 
         _delegate(delegator, delegation.delegatee);
@@ -57,13 +59,17 @@ contract DelegationToken is ERC20, IDelegationToken {
     }
 
     /// @dev Moves voting power when tokens are transferred.
-    function transfer(address to, uint256 value) public override(ERC20) returns (bool success) {
+    function transfer(address to, uint256 value) public override(ERC20, IERC20) returns (bool success) {
         success = super.transfer(to, value);
         _moveDelegateVotes(delegatee[msg.sender], delegatee[to], value);
     }
 
     /// @dev Moves voting power when tokens are transferred.
-    function transferFrom(address from, address to, uint256 value) public override(ERC20) returns (bool success) {
+    function transferFrom(address from, address to, uint256 value)
+        public
+        override(ERC20, IERC20)
+        returns (bool success)
+    {
         success = super.transferFrom(from, to, value);
         _moveDelegateVotes(delegatee[from], delegatee[to], value);
     }

src/interfaces/ICFG.sol

@@ -0,0 +1,9 @@
+// SPDX-License-Identifier: GPL-2.0-or-later
+pragma solidity 0.8.28;
+
+import {IDelegationToken} from "src/interfaces/IDelegationToken.sol";
+
+interface ICFG is IDelegationToken {
+    /// @notice Burns sender's tokens.
+    function burn(uint256 value) external;
+}

src/interfaces/IDelegationToken.sol

@@ -1,6 +1,8 @@
 // SPDX-License-Identifier: GPL-2.0-or-later
 pragma solidity 0.8.28;
 
+import {IERC20Metadata, IERC20Permit} from "protocol-v3/misc/interfaces/IERC20.sol";
+
 struct Delegation {
     address delegatee;
     uint256 nonce;
@@ -13,7 +15,7 @@ struct Signature {
     bytes32 s;
 }
 
-interface IDelegationToken {
+interface IDelegationToken is IERC20Metadata, IERC20Permit {
     /// @notice Emitted when an delegator changes their delegatee.
     event DelegateeChanged(address indexed delegator, address indexed oldDelegatee, address indexed newDelegatee);
 
@@ -26,6 +28,9 @@ interface IDelegationToken {
     /// @notice The delegation nonce used by the signer is not its current delegation nonce.
     error InvalidDelegationNonce();
 
+    /// @notice The signature was invalid.
+    error InvalidSignature();
+
     /// @notice Returns the delegatee that `account` has chosen.
     function delegatee(address account) external view returns (address);
 

test/CFG.t.sol

@@ -53,7 +53,7 @@ contract CFGTest is Test {
     }
 
     function testBurnSelf(address user, uint256 mintAmount, uint256 burnAmount) public {
-        vm.assume(user != address(this) && user != address(0));
+        vm.assume(user != address(this) && user != address(0) && user != address(token));
         burnAmount = bound(burnAmount, 0, mintAmount);
 
         assertEq(token.wards(user), 0);
@@ -72,6 +72,7 @@ contract CFGTest is Test {
         uint256 transferAmount,
         uint256 transferFromAmount,
         uint256 burnAmount,
+        uint256 burnPermissionlessAmount,
         address delegatee,
         address user2,
         address delegatee2
@@ -84,6 +85,7 @@ contract CFGTest is Test {
         transferAmount = bound(transferAmount, 0, mintAmount);
         transferFromAmount = bound(transferFromAmount, 0, mintAmount - transferAmount);
         burnAmount = bound(burnAmount, 0, mintAmount - transferAmount - transferFromAmount);
+        burnPermissionlessAmount = bound(burnPermissionlessAmount, 0, transferAmount + transferFromAmount);
 
         token.mint(address(this), mintAmount);
         assertEq(token.balanceOf(address(this)), mintAmount);
@@ -122,6 +124,14 @@ contract CFGTest is Test {
         assertEq(token.delegatee(user2), delegatee2);
         assertEq(token.delegatedVotingPower(delegatee), mintAmount - transferAmount - transferFromAmount - burnAmount);
         assertEq(token.delegatedVotingPower(delegatee2), transferAmount + transferFromAmount);
+
+        vm.prank(user2);
+        token.burn(burnPermissionlessAmount);
+
+        assertEq(token.delegatee(address(this)), delegatee);
+        assertEq(token.delegatee(user2), delegatee2);
+        assertEq(token.delegatedVotingPower(delegatee), mintAmount - transferAmount - transferFromAmount - burnAmount);
+        assertEq(token.delegatedVotingPower(delegatee2), transferAmount + transferFromAmount - burnPermissionlessAmount);
     }
 
     function testDelegateWithSig(address delegatee) public {
@@ -174,5 +184,20 @@ contract CFGTest is Test {
 
         vm.expectRevert(IDelegationToken.DelegatesExpiredSignature.selector);
         token.delegateWithSig(delegation, Signature(v, r, s));
+
+        // Cannot use invalid signature
+        delegation = Delegation(delegatee, token.delegationNonce(owner), block.timestamp);
+
+        (v, r, s) = vm.sign(
+            privateKey,
+            keccak256(
+                abi.encodePacked(
+                    "\x19\x02", token.DOMAIN_SEPARATOR(), keccak256(abi.encode(token.DELEGATION_TYPEHASH(), delegation))
+                )
+            )
+        );
+
+        vm.expectRevert(IDelegationToken.InvalidSignature.selector);
+        token.delegateWithSig(delegation, Signature(v, bytes32(""), bytes32("")));
     }
 }