flare-foundation
diff --git a/‎coston/IAssetManager.sol‎
Lines changed: 20 additions & 7 deletions b/‎coston/IAssetManager.sol‎
Lines changed: 20 additions & 7 deletions
diff --git a/‎coston/IAssetManagerController.sol‎
Lines changed: 3 additions & 0 deletions b/‎coston/IAssetManagerController.sol‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎coston/IAssetManagerEvents.sol‎
Lines changed: 10 additions & 0 deletions b/‎coston/IAssetManagerEvents.sol‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎coston2/IAssetManager.sol‎
Lines changed: 20 additions & 7 deletions b/‎coston2/IAssetManager.sol‎
Lines changed: 20 additions & 7 deletions
diff --git a/‎coston2/IAssetManagerController.sol‎
Lines changed: 3 additions & 0 deletions b/‎coston2/IAssetManagerController.sol‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎coston2/IAssetManagerEvents.sol‎
Lines changed: 10 additions & 0 deletions b/‎coston2/IAssetManagerEvents.sol‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎coston2/ICustomInstructionsFacet.sol‎
Lines changed: 92 additions & 0 deletions b/‎coston2/ICustomInstructionsFacet.sol‎
Lines changed: 92 additions & 0 deletions
diff --git a/‎coston2/IInstructionsFacet.sol‎
Lines changed: 18 additions & 0 deletions b/‎coston2/IInstructionsFacet.sol‎
Lines changed: 18 additions & 0 deletions
diff --git a/‎coston2/IMasterAccountController.sol‎
Lines changed: 3 additions & 1 deletion b/‎coston2/IMasterAccountController.sol‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎coston2/IPersonalAccount.sol‎
Lines changed: 18 additions & 0 deletions b/‎coston2/IPersonalAccount.sol‎
Lines changed: 18 additions & 0 deletions
@@ -130,6 +130,12 @@ interface IAssetManager is
      * to prevent current block being too outdated, which gives too short time for
      * minting or redemption payment.
      * NOTE: anybody can call.
+     * NOTE: the block/timestamp will only be updated if it is strictly higher than the current value.
+     * For mintings and redemptions we also add the duration from the last update (on this chain) to compensate
+     * for the time that passed since the last update. This mechanism can be abused by providing old block proof
+     * as fresh, which will distort the compensation accounting. Due to monotonicity such an attack will only work
+     * if there was no block update for some time. Therefore it is enough to have at least one honest
+     * current block updater regularly providing updates to avoid this issue.
      * @param _proof proof that a block with given number and timestamp exists
      */
     function updateCurrentBlock(
@@ -280,17 +286,18 @@ interface IAssetManager is
     ) external returns (uint256 _withdrawalAllowedAt);
 
     /**
-     * The agent is going to redeem `_valueWei` collateral pool tokens in the agent vault.
-     * This has to be announced and the agent must then wait `withdrawalWaitMinSeconds` time.
-     * After that time, the agent can call `redeemCollateralPoolTokens(_valueNATWei)` on the agent vault.
+     * Agent is going to withdraw `_valuePoolTokenWei` of pool tokens from the agent vault
+     * and redeem them for NAT from the collateral pool.
+     * This has to be announced and the agent must then wait `withdrawalWaitMinSeconds`.
+     * After that time, the agent can call redeemCollateralPoolTokens(_valuePoolTokenWei) on agent vault.
      * NOTE: may only be called by the agent vault owner.
      * @param _agentVault agent vault address
-     * @param _valueNATWei the amount to be withdrawn
+     * @param _valuePoolTokenWei the amount to be withdrawn
      * @return _redemptionAllowedAt the timestamp when the redemption can be made
      */
     function announceAgentPoolTokenRedemption(
         address _agentVault,
-        uint256 _valueNATWei
+        uint256 _valuePoolTokenWei
     ) external returns (uint256 _redemptionAllowedAt);
 
     ////////////////////////////////////////////////////////////////////////////////////
@@ -350,7 +357,7 @@ interface IAssetManager is
     // Agent information
 
     /**
-     * Get (a part of) the list of all agents.
+     * Get (a part of) the list of all active (not destroyed) agents.
      * The list must be retrieved in parts since retrieving the whole list can consume too much gas for one block.
      * @param _start first index to return from the available agent's list
      * @param _end end index (one above last) to return from the available agent's list
@@ -519,6 +526,9 @@ interface IAssetManager is
      * If the minter pays the underlying amount, minter obtains f-assets.
      * The collateral reservation fee is split between the agent and the collateral pool.
      * NOTE: the owner of the agent vault must be in the AgentOwnerRegistry.
+     * NOTE: if the underlying block isn't updated regularly, it can happen that there is not enough time for
+     * the underlying payment. Therefore minters have to verify the current underlying before minting and,
+     * if needed, update it by calling `updateCurrentBlock`.
      * @param _agentVault agent vault address
      * @param _lots the number of lots for which to reserve collateral
      * @param _maxMintingFeeBIPS maximum minting fee (BIPS) that can be charged by the agent - best is just to
@@ -662,6 +672,9 @@ interface IAssetManager is
      * of remaining lots.
      * Agent receives redemption request id and instructions for underlying payment in
      * RedemptionRequested event and has to pay `value - fee` and use the provided payment reference.
+     * NOTE: if the underlying block isn't updated regularly, it can happen that there is no time for underlying
+     * payment. Since the agents cannot know when the next redemption will happen, they should regularly update the
+     * underlying time by obtaining fresh proof of latest underlying block and calling `updateCurrentBlock`.
      * @param _lots number of lots to redeem
      * @param _redeemerUnderlyingAddressString the address to which the agent must transfer underlying amount
      * @param _executor the account that is allowed to execute redemption default (besides redeemer and agent)
@@ -831,7 +844,7 @@ interface IAssetManager is
      * among the first `maxRedeemedTickets` tickets.
      * To fix this, call this method. It converts small tickets to dust and when the dust exceeds one lot
      * adds it to the ticket.
-     * Since the method just cleans the redemption queue it can be called by anybody.
+     * NOTE: this method can be called by the governance or its executor.
      * @param _firstTicketId if nonzero, the ticket id of starting ticket; if zero, the starting ticket will
      *   be the redemption queue's first ticket id.
      *   When the method finishes, it emits RedemptionTicketsConsolidated event with the nextTicketId
 
@@ -4,6 +4,9 @@ pragma solidity >=0.7.6 <0.9;
 import {IAssetManager} from "./IAssetManager.sol";
 
 interface IAssetManagerController {
+    event AssetManagerAdded(address assetManager);
+    event AssetManagerRemoved(address assetManager);
+
     /**
      * Return the list of all asset managers managed by this controller.
      */
 
@@ -548,4 +548,14 @@ interface IAssetManagerEvents {
      * Emergency pause was canceled.
      */
     event EmergencyPauseCanceled();
+
+    /**
+     * Emergency pause total duration was reset by the governance.
+     */
+    event EmergencyPauseTotalDurationReset();
+
+    /**
+     * Minting was paused/unpaused by the governance.
+     */
+    event MintingPaused(bool paused);
 }
@@ -130,6 +130,12 @@ interface IAssetManager is
      * to prevent current block being too outdated, which gives too short time for
      * minting or redemption payment.
      * NOTE: anybody can call.
+     * NOTE: the block/timestamp will only be updated if it is strictly higher than the current value.
+     * For mintings and redemptions we also add the duration from the last update (on this chain) to compensate
+     * for the time that passed since the last update. This mechanism can be abused by providing old block proof
+     * as fresh, which will distort the compensation accounting. Due to monotonicity such an attack will only work
+     * if there was no block update for some time. Therefore it is enough to have at least one honest
+     * current block updater regularly providing updates to avoid this issue.
      * @param _proof proof that a block with given number and timestamp exists
      */
     function updateCurrentBlock(
@@ -280,17 +286,18 @@ interface IAssetManager is
     ) external returns (uint256 _withdrawalAllowedAt);
 
     /**
-     * The agent is going to redeem `_valueWei` collateral pool tokens in the agent vault.
-     * This has to be announced and the agent must then wait `withdrawalWaitMinSeconds` time.
-     * After that time, the agent can call `redeemCollateralPoolTokens(_valueNATWei)` on the agent vault.
+     * Agent is going to withdraw `_valuePoolTokenWei` of pool tokens from the agent vault
+     * and redeem them for NAT from the collateral pool.
+     * This has to be announced and the agent must then wait `withdrawalWaitMinSeconds`.
+     * After that time, the agent can call redeemCollateralPoolTokens(_valuePoolTokenWei) on agent vault.
      * NOTE: may only be called by the agent vault owner.
      * @param _agentVault agent vault address
-     * @param _valueNATWei the amount to be withdrawn
+     * @param _valuePoolTokenWei the amount to be withdrawn
      * @return _redemptionAllowedAt the timestamp when the redemption can be made
      */
     function announceAgentPoolTokenRedemption(
         address _agentVault,
-        uint256 _valueNATWei
+        uint256 _valuePoolTokenWei
     ) external returns (uint256 _redemptionAllowedAt);
 
     ////////////////////////////////////////////////////////////////////////////////////
@@ -350,7 +357,7 @@ interface IAssetManager is
     // Agent information
 
     /**
-     * Get (a part of) the list of all agents.
+     * Get (a part of) the list of all active (not destroyed) agents.
      * The list must be retrieved in parts since retrieving the whole list can consume too much gas for one block.
      * @param _start first index to return from the available agent's list
      * @param _end end index (one above last) to return from the available agent's list
@@ -519,6 +526,9 @@ interface IAssetManager is
      * If the minter pays the underlying amount, minter obtains f-assets.
      * The collateral reservation fee is split between the agent and the collateral pool.
      * NOTE: the owner of the agent vault must be in the AgentOwnerRegistry.
+     * NOTE: if the underlying block isn't updated regularly, it can happen that there is not enough time for
+     * the underlying payment. Therefore minters have to verify the current underlying before minting and,
+     * if needed, update it by calling `updateCurrentBlock`.
      * @param _agentVault agent vault address
      * @param _lots the number of lots for which to reserve collateral
      * @param _maxMintingFeeBIPS maximum minting fee (BIPS) that can be charged by the agent - best is just to
@@ -662,6 +672,9 @@ interface IAssetManager is
      * of remaining lots.
      * Agent receives redemption request id and instructions for underlying payment in
      * RedemptionRequested event and has to pay `value - fee` and use the provided payment reference.
+     * NOTE: if the underlying block isn't updated regularly, it can happen that there is no time for underlying
+     * payment. Since the agents cannot know when the next redemption will happen, they should regularly update the
+     * underlying time by obtaining fresh proof of latest underlying block and calling `updateCurrentBlock`.
      * @param _lots number of lots to redeem
      * @param _redeemerUnderlyingAddressString the address to which the agent must transfer underlying amount
      * @param _executor the account that is allowed to execute redemption default (besides redeemer and agent)
@@ -831,7 +844,7 @@ interface IAssetManager is
      * among the first `maxRedeemedTickets` tickets.
      * To fix this, call this method. It converts small tickets to dust and when the dust exceeds one lot
      * adds it to the ticket.
-     * Since the method just cleans the redemption queue it can be called by anybody.
+     * NOTE: this method can be called by the governance or its executor.
      * @param _firstTicketId if nonzero, the ticket id of starting ticket; if zero, the starting ticket will
      *   be the redemption queue's first ticket id.
      *   When the method finishes, it emits RedemptionTicketsConsolidated event with the nextTicketId
 
@@ -4,6 +4,9 @@ pragma solidity >=0.7.6 <0.9;
 import {IAssetManager} from "./IAssetManager.sol";
 
 interface IAssetManagerController {
+    event AssetManagerAdded(address assetManager);
+    event AssetManagerRemoved(address assetManager);
+
     /**
      * Return the list of all asset managers managed by this controller.
      */
 
@@ -548,4 +548,14 @@ interface IAssetManagerEvents {
      * Emergency pause was canceled.
      */
     event EmergencyPauseCanceled();
+
+    /**
+     * Emergency pause total duration was reset by the governance.
+     */
+    event EmergencyPauseTotalDurationReset();
+
+    /**
+     * Minting was paused/unpaused by the governance.
+     */
+    event MintingPaused(bool paused);
 }
@@ -0,0 +1,92 @@
+// SPDX-License-Identifier: MIT
+pragma solidity >=0.8.4 <0.9;
+
+/**
+ * @title ICustomInstructionsFacet
+ * @notice Interface for the CustomInstructionsFacet contract.
+ */
+interface ICustomInstructionsFacet {
+    /// @notice Struct containing custom call information
+    struct CustomCall {
+        /// @notice Target contract address
+        address targetContract;
+        /// @notice value (in wei) to send with the call
+        uint256 value;
+        /// @notice Call data
+        bytes data;
+    }
+
+    /**
+     * @notice Emitted when a custom instruction is registered.
+     * @param customInstructionHash The hash representing the registered instructions.
+     */
+    event CustomInstructionRegistered(bytes32 indexed customInstructionHash);
+
+    /**
+     * @notice Emitted when a custom instruction is already registered.
+     * @param customInstructionHash The hash representing the already registered instructions.
+     */
+    event CustomInstructionAlreadyRegistered(
+        bytes32 indexed customInstructionHash
+    );
+
+    /**
+     * @notice Reverts if the custom instruction is empty (zero custom calls).
+     */
+    error EmptyCustomInstruction();
+
+    /**
+     * @notice Reverts if the target address of a custom call is zero.
+     */
+    error TargetAddressZero();
+
+    /**
+     * @notice Reverts if the target address of a custom call is not a contract.
+     * @param target The target address.
+     */
+    error TargetNotAContract(address target);
+
+    /**
+     * @notice Register custom instruction and return the call hash.
+     * @param _customInstruction Custom instruction (array of custom calls) to register.
+     * @return _customInstructionHash The hash representing the registered custom instruction.
+     */
+    function registerCustomInstruction(
+        CustomCall[] memory _customInstruction
+    ) external returns (bytes32 _customInstructionHash);
+
+    /**
+     * @notice Get a custom instruction for a given call hash.
+     * @param _customInstructionHash The hash representing the custom instruction.
+     * @return _customInstruction Custom instruction (array of custom calls) for the hash.
+     */
+    function getCustomInstruction(
+        bytes32 _customInstructionHash
+    ) external view returns (CustomCall[] memory _customInstruction);
+    /**
+     * @notice Get paginated custom instruction hashes.
+     * @param _start The starting index.
+     * @param _end The ending index.
+     * @return _customInstructionHashes Array of custom instruction hashes for the requested page.
+     * @return _totalLength The total number of custom instruction hashes.
+     */
+    function getCustomInstructionHashes(
+        uint256 _start,
+        uint256 _end
+    )
+        external
+        view
+        returns (
+            bytes32[] memory _customInstructionHashes,
+            uint256 _totalLength
+        );
+
+    /**
+     * @notice Encode a custom instruction to get its call hash.
+     * @param _customInstruction Custom instruction (array of custom calls) to encode.
+     * @return _customInstructionHash The hash representing the custom instruction.
+     */
+    function encodeCustomInstruction(
+        CustomCall[] memory _customInstruction
+    ) external pure returns (bytes32 _customInstructionHash);
+}
@@ -2,6 +2,7 @@
 pragma solidity >=0.8.4 <0.9;
 
 import {IPayment} from "./IPayment.sol";
+import {ICustomInstructionsFacet} from "./ICustomInstructionsFacet.sol";
 
 /**
  * @title IInstructionsFacet
@@ -172,6 +173,18 @@ interface IInstructionsFacet {
         uint256 amount
     );
 
+    /**
+     * @notice Emitted when a custom instruction is executed.
+     * @param personalAccount The personal account address.
+     * @param callHash The call hash of the custom instruction.
+     * @param customInstruction The custom instruction.
+     */
+    event CustomInstructionExecuted(
+        address indexed personalAccount,
+        bytes32 indexed callHash,
+        ICustomInstructionsFacet.CustomCall[] customInstruction
+    );
+
     /**
      * @notice Reverts if the payment amount is invalid.
      * @param requiredAmount The required payment amount.
@@ -234,6 +247,11 @@ interface IInstructionsFacet {
      */
     error InvalidMinter();
 
+    /**
+     * @notice Reverts if the provided custom instruction hash is invalid (not registered).
+     */
+    error InvalidCustomInstructionHash();
+
     /**
      * @notice Reserve collateral for minting operation.
      * @param _xrplAddress The XRPL address requesting the collateral reservation.
 
@@ -16,6 +16,7 @@ import {ISwapFacet} from "./ISwapFacet.sol";
 import {ITimelockFacet} from "./ITimelockFacet.sol";
 import {IVaultsFacet} from "./IVaultsFacet.sol";
 import {IXrplProviderWalletsFacet} from "./IXrplProviderWalletsFacet.sol";
+import {ICustomInstructionsFacet} from "./ICustomInstructionsFacet.sol";
 
 /**
  * @title IMasterAccountController
@@ -36,5 +37,6 @@ interface IMasterAccountController is
     ISwapFacet,
     ITimelockFacet,
     IVaultsFacet,
-    IXrplProviderWalletsFacet
+    IXrplProviderWalletsFacet,
+    ICustomInstructionsFacet
 {}
@@ -1,6 +1,8 @@
 // SPDX-License-Identifier: MIT
 pragma solidity >=0.8.4 <0.9;
 
+import {ICustomInstructionsFacet} from "./ICustomInstructionsFacet.sol";
+
 /**
  * @title IPersonalAccount
  * @notice Interface for PersonalAccount contract.
@@ -129,6 +131,14 @@ interface IPersonalAccount {
         uint256 amountOut
     );
 
+    /**
+     * @notice Emitted when a custom instruction is executed.
+     * @param customInstruction The custom instruction.
+     */
+    event CustomInstructionExecuted(
+        ICustomInstructionsFacet.CustomCall[] indexed customInstruction
+    );
+
     /**
      * @notice Reverts if the sent value is insufficient for collateral reservation.
      * @param collateralReservationFee The required collateral reservation fee.
@@ -175,6 +185,14 @@ interface IPersonalAccount {
      */
     error ApprovalFailed();
 
+    /**
+     * @notice Reverts if the custom call fails.
+     * @param customCall The custom call that failed.
+     */
+    error CustomInstructionCallFailed(
+        ICustomInstructionsFacet.CustomCall customCall
+    );
+
     /**
      * @notice Returns the XRPL owner address associated with this personal account.
      * @return The XRPL owner address